OIG Compliance, Fraud & Abuse Laws

Key Takeaways

  • False Claims Act liability includes reckless disregard—not only intentional fraud—for unsupported codes.
  • OIG Work Plan targets high-risk DRGs, POA accuracy, and short-stay patterns.
  • Anti-Kickback Statute addresses remuneration inducing referrals; Stark addresses physician self-referral.
  • Hospital compliance programs require written policies, training, auditing, and corrective action.
  • Systematic POA=Y on hospital-acquired conditions is an audit and fraud risk pattern.
Last updated: July 2026

Quick Answer: OIG enforces False Claims Act liability for knowingly billing for services not provided or not supported. Stark and Anti-Kickback laws address improper physician financial relationships. Coders avoid upcoding, unbundling, and POA misrepresentation that trigger fraud investigations.

OIG Compliance, Fraud and Abuse Laws

The Compliance domain (~5% of CIC) covers OIG guidance, False Claims Act (FCA), Stark Law, Anti-Kickback Statute (AKS), and hospital Corporate Compliance Program elements. Inpatient coders are front-line defenders against fraud and abuse—assignment of codes that inflate payment without documentation is federal enforcement territory, not mere "billing error."

False Claims Act (FCA) Essentials

FCA prohibits submitting false or fraudulent claims to federal programs (Medicare, Medicaid). Violations include:

  • Upcoding — MS-DRG higher than documentation supports
  • Billing for services not rendered
  • Unbundling — separate billing for components that must be bundled
  • Phantom patients — rare in coding context but FCA scope

Intent: "Knowingly" includes reckless disregard of truth—not only deliberate fraud. Coders who ignore obvious documentation gaps risk organizational FCA exposure.

Qui tam relators (whistleblowers) sue on government's behalf; hospitals settle multi-million dollar cases tied to coding patterns.

OIG Role and Work Plan

Office of Inspector General (HHS-OIG) publishes annual Work Plan targeting hospital issues: high-risk DRGs, KWOS (kidney transplant), short stays, sepsis, malnutrition, POA accuracy. Coders should recognize OIG as investigator, not payer.

Stark Law (Physician Self-Referral)

Stark prohibits physicians from referring Designated Health Services (DHS) to entities with which they have financial relationships, unless an exception applies. Inpatient coding tie-in:

  • Improper physician ownership of hospital may taint admissions volume
  • Not daily coding—but compliance MC contrasts Stark vs AKS

Anti-Kickback Statute (AKS)

AKS criminalizes remuneration to induce Medicare/Medicaid referrals. Broader than Stark (all services, not only DHS). Safe harbors protect legitimate arrangements. Coding compliance link: kickbacks driving unnecessary admissions inflate volumes coded by staff.

Compliance Program Seven Elements (OIG Guidance)

Hospital compliance programs should include:

  1. Written policies and procedures
  2. Compliance officer and committee
  3. Education and training (coders annual)
  4. Communication lines for reporting concerns
  5. Enforcement through discipline
  6. Auditing and monitoring (coding audits)
  7. Corrective action for identified problems

CIC may ask which element addresses ongoing coding audits—#6.

Coding-Specific Fraud Patterns

PatternDescription
DRG creepSystematic MCC additions without clinical support
POA gamingPOA=Y on hospital-acquired conditions
Duplicate billingSame service on professional and facility inappropriately
Unbundling OR suppliesSeparate revenue lines violating NCCI
Diagnosis cloningCopying prior stay diagnoses without validation

Civil Monetary Penalties (CMP)

CMS may impose CMPs for violations including knowing assignment of incorrect codes when part of systematic scheme. Individual coder CMP less common than corporate settlement—but exam tests concepts.

Corporate Integrity Agreements (CIA)

Hospitals settling FCA cases enter CIA requiring external coding audits for years. Coders working under CIA face stricter query and validation workflows.

Whistleblower Protections

Employees reporting fraud have legal protections. Compliance programs encourage internal reporting before external qui tam.

Ethical Coder Responsibilities

  • Code only documented conditions
  • Assign POA from admission evidence
  • Refuse leading queries internally
  • Escalate pressure to upcode to compliance officer
  • Participate in education on OIG targets

CIC Scenario Examples

Stem: Manager suggests default POA=Y on all UTIs to protect DRG. Best action?

  • Report via compliance channel; POA must reflect documentation—pattern is fraud risk.

Stem: Which law addresses remuneration for referrals broadly?

  • Anti-Kickback Statute (Stark is self-referral specific).

Fraud vs Abuse vs Error

TermMeaning
ErrorMistake without intent pattern
AbuseInconsistent with sound practice, increases cost
FraudKnowingly misrepresenting for gain

OIG may pursue abusive patterns short of criminal fraud.

Audit Response

When internal audit finds systematic sepsis upcoding:

  • Corrective action plan, education, rebill, possible self-disclosure to OIG if material overpayment.

Coders implement remediation coding—not hide findings.

Relationship to Payment Domain

Fraudulent MCC addition affects MS-DRG weight—connecting compliance MC to payment reasoning. FCA damages include treble damages plus penalties per false claim.

Exam Traps

  • Believing only physicians face FCA liability—entities and individuals can
  • Confusing RAC audits (overpayment recovery) with criminal fraud—related but different processes
  • Thinking compliance is optional if "everyone does it"

Self-Disclosure and Repayment

When internal audits uncover systematic overcoding, compliance may recommend voluntary self-disclosure to OIG with repayment before government investigation—potentially reducing penalties. Coders participate by re-abstracting affected accounts and supplying corrected codes for rebill. Understanding self-disclosure conceptually helps when CIC asks the ethical response to discovering a DRG inflation pattern tied to a retired query template. Silence and continued billing amplify FCA exposure; transparency and correction align with compliance program element seven—corrective action and sustainable coding culture. Report pressure to upcode through official channels; the OIG treats systematic coding schemes as FCA matters even when staff claim they followed orders. Ethical coders document concerns in writing and refuse to assign codes that violate Official Guidelines regardless of any supervisor pressure to do otherwise.

Test Your Knowledge

Submitting Medicare claims for diagnoses not supported by documentation may violate:

A
B
C
D
Test Your Knowledge

Which law broadly prohibits remuneration to induce Medicare or Medicaid referrals?

A
B
C
D
Test Your Knowledge

A compliance program element that specifically includes ongoing coding audits maps to:

A
B
C
D