The OIG Workplan and Building Your Own Coding Compliance Program

Each year the Office of Inspector General (OIG) publishes their annual work plan for healthcare, which is a highly anticipated publication. The OIG Work Plan sets forth various projects including OIG audits and evaluations that are underway or planned to be addressed during the fiscal year. In addition, the OIG updates their workplan on a monthly basis, so their areas of focus can change or be revised, so it requires us to confirm that we check the OIG website each month. In fact, in the month of January 2021 there were several COVID related items additions made to the workplan. The workplan does cover many healthcare areas of the Health and Human Services (HHS) department, and the Centers for Medicare and Medicare Services (CMS). The workplan can be viewed at: Work Plan | Office of Inspector General | U.S. Department of Health and Human Services (

This workplan document is extremely valuable for us in Health Information Management (HIM) and Coding to review and learn from. HIM Coding professionals and leaders building a coding compliance program and/or an annual plan should take into consideration the OIG areas that are identified as risks and/or potential risks to help with building your own coding compliance program/plan. Keep in mind that this does not have to be done alone, consider having a staff representative from Coding, Revenue Cycle, Compliance and even Clinical Documentation Integrity (CDI) leadership participate in the process, ask your workplace peers and colleagues to participate. Let us now discuss some steps to take when building your Coding Compliance Program/Plan.

  1. A vital step to take is to conduct a close review of the OIG workplan document and through this review process highlight those areas or even specific language that is related to HIM, coding, or even related to payment errors in general, i.e., documentation issues.
    1. The review should include identifying the healthcare settings or areas that you work in and that effect or impact your organization and/or department. If you work or represent an acute care hospital ONLY, then you have a narrower focus, compared to a healthcare corporation that may provide services in many Hospitals, Rehab, Clinic, and provides SNF services, then you will be looking more broadly at the workplan.
  2. As you continue to use the OIG work plan, develop/create a list, even use a spreadsheet (Excel) to log those items or areas that you’ve high-lighted from the work plan. List them by healthcare setting: i.e., Hospital Inpatient, Hospital OP, Physician, SNF, etc. Using the spreadsheet being to insert columns and rows that display the risks and settings, as well as a level of risk (discussed later).
  3. Next, you will want to look over prior OIG work plans (last 3-4 years) and compare it to the current year (prior excel spreadsheet (grid) listing of the risk areas). Risk items do carry over and move into different components of the OIG work over-time. 
  4. Review other regulatory compliance related published reports, such as the CERT report, PEPPER, and RAC work plans and scope. Determine if there is/was any correlation to the OIG workplan targets. Using the spread sheet have columns to indicate OIG, CERT, PEPPER, RAC, RADV, and Other, in order to capture a full scope of regulatory scrutiny. Check (X) the particular column to indicate where the published target or risk area(s) came from. 
  5. Now look over your coding audit error type from the last year or last few audits as these should be incorporated that into your spreadsheet within a column. Insert a column for “internal audits” and “external audits” to capture this information.
    OIG chart
  6. Your work plan spreadsheet will need to rank or rate the level of “risk” for the area(s) that were identified abd hi-lighted. You might want to consider including a column to indicate if the risk area has been on a prior audit plan/schedule, and a column for “future audit”. are several ways to do this, but simply, do a 1 to 10 scoring, 10 being the most risk and needs immediate attention (within 30-40 days). Details on scoring or ranking the risk might include financial impact, public disgrace/reputation, volume/frequency, significant operational change, etc. Discuss the risks and the appropriate level with your team of peers and colleagues.
  7. Next, you will want to take the time to discuss the list within your department and with colleagues, comparing the risk items/areas to our own healthcare operations, and settings. Again, take a look at the OIG reports that have been regularly published, as these are often the results of the OIG work and are red flags (i.e., Malnutrition diagnosis, Post-Acute Care Transfers), which may not be in the actual 2021 work plan, but come from a prior work plan 3-4 years ago. When ranking the risk level, you will want a threshold that would require auditing and a level that will require education OR both.
  8. For your coding compliance program/plan, you will want to discuss and determine the resources needed. If the area of risk can be audited and educated on with internal staff alone or do we need to have external help. Is there a resource tool or handbook that needs to be purchased. I recommend and have found that having both internal and external help is the best model. This may or may not impact your budget and available funding, so work closely with your compliance and revenue cycle leadership. 

The OIG workplan for 2021 has indicated that telehealth, the two-midnight rule, Lab billing for COVID, and the inpatient COVID 20% add on payment (test positive are all risk areas that OIG will be focusing on. One final thought is to reach out to other HIM colleagues and peers outside your organization or workplan and share, as well as gathering information about their plans and processes. Time is ticking, so get working on building your program/plan now.

References: Work Plan | Office of Inspector General | U.S. Department of Health and Human Services (; DHHS Fiscal Year 2021 Justification of Estimates

Subscribe to our MRA Newsletter

Bringing peace of mind to healthcare since 1986

Share this post with your friends

You may be interested in...

AHIMA Approved

This program has been approved for continuing education unit(s) (CEUs) for use in fulfilling the continuing education requirements of the American Health Information Management Association (AHIMA). Granting of Approved CEUs from AHIMA does not constitute endorsement of the program content or its program provider.