3.6 OIG Compliance & Provider Self-Disclosure

The OIG's Role

The Office of Inspector General (OIG) within the U.S. Department of Health and Human Services is the chief watchdog over Medicare and Medicaid integrity. For billers, the OIG sets the expectations for compliance — the systems a practice uses to prevent, detect, and correct billing fraud and abuse.

The Annual OIG Work Plan

The OIG publishes a Work Plan that it updates throughout the year. It lists the audits, evaluations, and investigations the OIG plans to conduct — for example, scrutiny of specific high-risk codes, telehealth billing, evaluation and management upcoding, or particular payer programs. The Work Plan is essentially a roadmap of where enforcement attention is heading, and compliance teams use it to focus internal audits on the same risk areas.

The Seven Elements of an Effective Compliance Program

The OIG's guidance describes seven core elements that an effective compliance program should contain:

1. Written policies, procedures, and standards of conduct that define expected behavior.
2. A designated compliance officer (and often a compliance committee) with authority and resources.
3. Effective training and education for staff on billing rules and compliance expectations.
4. Effective lines of communication, including a confidential way to report concerns (such as a hotline).
5. Internal monitoring and auditing to detect billing errors and risk areas.
6. Well-publicized disciplinary standards that enforce the rules consistently.
7. Prompt response to detected problems and corrective action to fix root causes and prevent recurrence.

A biller is most directly involved in elements 3, 5, and 7 — training, auditing claims, and correcting errors that audits uncover.

Exclusion Lists and the LEIE

The OIG maintains the List of Excluded Individuals and Entities (LEIE) — a database of people and organizations excluded from participation in federal health care programs because of fraud, patient abuse, or other disqualifying conduct.

• A provider may not bill federal programs for items or services furnished, ordered, or prescribed by an excluded person.
• Practices must screen employees, contractors, and vendors against the LEIE before hiring and on an ongoing basis (commonly monthly).
• Employing an excluded individual can itself trigger civil monetary penalties.

Provider Self-Disclosure Protocol (SDP)

When a practice discovers potential fraud — not just a simple overpayment — it can use the OIG's Self-Disclosure Protocol (SDP) to voluntarily report the conduct. Benefits of self-disclosure include:

• A lower multiplier on damages than the government typically seeks in litigation.
• A faster, more cooperative resolution.
• The OIG generally does not require a Corporate Integrity Agreement for matters resolved through the SDP.

Self-disclosure also demonstrates a functioning compliance program (elements 5 and 7 in action). Note that a simple, identified overpayment with no fraud question is normally returned through the Medicare contractor's overpayment-refund process, not the SDP.

Corporate Integrity Agreements (CIA)

A Corporate Integrity Agreement (CIA) is a negotiated agreement a provider enters with the OIG, usually as part of settling a fraud case (often an FCA settlement). In exchange for not being excluded, the provider accepts a multi-year set of obligations:

• Maintaining or enhancing the seven compliance elements.
• Independent review of claims by an outside organization.
• Regular reporting to the OIG.
• Typically a five-year term.

Think of the CIA as compliance under supervision: it is imposed after wrongdoing is settled, whereas the SDP is a voluntary path the provider chooses before enforcement reaches that point.