Archive for OIG
The Medicare Fraud Strike Force swept through 10 states and arrested 243 people—46 of them physicians, nurses, and other licensed medical professionals—for allegedly defrauding the government out of $712 million in false Medicare and Medicaid billings, federal officials announced June 18. In addition to targeting instances of false claims and kickbacks, the strike force also uncovered evidence of medical identity theft.
Among the defendants is Mariamma Viju of Garland, Texas, an RN and the co-owner and nursing director for Dallas Home Health, Inc. A federal indictment accuses Viju and a co-conspirator of stealing patient information from Dallas-area hospitals in order to then solicit those patients for her business, as well as submitting false Medicare and Medicaid claims, and paying out cash kickbacks to beneficiaries.
In total, the scheme netted Viju $2.5 million in fraudulently obtained payments between 2008 and 2013. She was arrested June 16 and charged with one count of conspiracy to commit healthcare fraud, five counts of healthcare fraud, and one count of wrongful disclosure of individually identifiable health information.
A recent audit revealed six security vulnerabilities within HHS’ Health Resources and Services Administration (HRSA), according to a report from the Office of the Inspector General (OIG).
The OIG conducted a review of HRSA security controls in effect in December 2013, and release the corresponding report in April 2015. In addition to reviewing and testing controls, the OIG interviewed HRSA’s security and IT professionals and reviewed policies and procedures, according to the report.
The OIG noted in its report that HRSA failed to:
- Effectively track and manage IT inventory
- Effectively implement and monitor patch management controls
- Effectively monitor the antivirus status of its assets
- Consistently review active directory user accounts as outlined in its policies
- Consistently apply encryption policies
- Develop policies and procedures to secure USB port control access
In an effort to prevent medical identity theft, new Medicare cards will not list the Social Security numbers of beneficiaries, according to an announcement from the Office of the Inspector General, Social Security Administration.
President Obama recently signed a bill instructing the Department of Health and Human Services (HHS) to issue new cards that do not display, code, or embed Social Security numbers. The new law also includes information about funding this costly endeavor along with instructions for HHS to update the cards within the next four years and distribute them within another four years, according to the announcement.
Senior citizens are advised to carry their Medicare cards at all times, but this leaves them vulnerable to medical identity theft as the cards currently list Social Security numbers, according to the announcement.
The Office of the Inspector General (OIG) recently released its fiscal year (FY) 2014 Work Plan, which addresses the HIPAA Privacy the Breach Notification Rules with a focus on PHI.
OIG will review and assess Office for Civil Rights (OCR) oversight of covered entities’ (CE) compliance with the HIPAA Privacy Rule. OIG will also determine the compliance of Medicare Part B CEs with certain privacy standards, according to the FY2014 Work Plan. OIG said it would review OCR investigation policies and assess OCR oversight to determine CE compliance with the Privacy Rule.
In addition, OIG will review OCR oversight of CEs’ compliance with the Breach Notification Rule. OIG will review OCR investigations of breaches reported by CEs and will determine Medicare Part B CE compliance with breach standards, according to the FY2014 Work Plan.
In the FY2013 Work Plan, OIG said it would focus on reviewing the following areas related to HIPAA:
- OCR policies for investigating the policies and plans for breach mitigation of Medicare Part B CEs
- OCR oversight of HIPAA Privacy Rule and Breach Notification Rule compliance
- CMS’ oversight of Medicaid compliance with the HIPAA Security Rule with especially where State Medicaid
- Management Information Systems and security controls over Web-based applications were concerned