As required by law, the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) has released its Spring 2025 Semiannual Report to Congress, covering October 1, 2024, to March 31, 2025.

In the newly issued report, the OIG identified expected recoveries of approximately $3.51 billion through OIG investigations and $451 million through OIG audits for the relevant time period. It also issued 78 audit and evaluation reports, and closed 946 criminal, civil, and administrative investigations. The report also contains key data related to the number of criminal referrals to law enforcement agencies, the number of related criminal and civil actions, and the number of individuals and entities excluded from federally funded health care programs during this reporting period. At the state level, the OIG claims that Medicaid Fraud Control Units (MFCUs) recovered $1.4 billion in fiscal year 2024.

OIG’s Management and Performance Challenge Priorities

In previous publications, the OIG identified five management and performance challenge areas that would serve as a key focus for the agency in fulfilling its mission to enhance the health and well-being of Americans. This report highlights the work the OIG accomplished in addressing the following areas:

1. Public Health: For this reporting period, the OIG highlighted its efforts addressing the opioid epidemic and drug and medical device safety.
2. Financial Integrity: The OIG also spent resources evaluating improper payments by CMS, cost-effectiveness, and reducing drug spending.
3. Medicare and Medicaid: The OIG highlighted its efforts addressing program integrity and combating health care fraud within the Medicare and Medicaid programs during this reporting period.
4. Beneficiary Safety: The OIG also investigated several health care providers for abuse and neglect in fulfilling its efforts to address beneficiary safety, excluding several providers and assisting law enforcement to prosecute a pharmacy owner for predatory HIV medication schemes.
5. Data and Technology Security: During this reporting period, the OIG noted that several government groups lacked effective cybersecurity safeguards, including ineffective network monitoring, unauthorized software and application installations, undetected malware, and insufficient prevention of safeguarding sensitive data transmission.

Why Should I Care?

As compliance professionals, it is important to stay abreast of current government enforcement priorities and evaluations. These audits, reports, and enforcement actions published by the OIG and other agencies can help inform your organization’s leadership of potential risk areas lurking under the surface and that could use additional controls and monitoring. It is impossible to anticipate and evaluate every possible risk but understanding the priorities of federal and state regulators can assist in prioritizing your activities.

If you have questions about where to get started regarding your organization’s risk areas, please contact Adam Falcone at afalcone@feldesman.com or Natalie Lesnick at nlesnick@feldesman.com.