On Tuesday, May 26, 2020, OIG released its Strategic Plan for Oversight of COVID-19 Response and Recovery (the Strategic Plan). The Strategic Plan addresses the use and disbursement of the resources HHS has made available in response to COVID-19, which may become potential targets of abuse, fraud, waste, or other mismanagement. The stated mission is to “[p]rovide objective oversight to promote the economy, efficiency, effectiveness, and integrity of HHS programs, as well as the health and welfare of the people they serve.” The Strategic Plan also provides insights into how OIG intends to identify potential misuse and ensure that the relief funds are used as intended, as well as how it intends to use the lessons learned to promote efficiency after the public health emergency ends.

The Strategic Plan sets forth four goals that drive OIG’s strategic planning and mission execution, which are to: (1) protect people, (2) protect funds, (3) protect infrastructure and (4) promote effectiveness of HHS programs. The Strategic Plan provides objectives under each of those goals and practical steps OIG plans to take, many of which are focused on audits, evaluations and reviews, and making recommendations to HHS.

Goal 1: Protect People

In furtherance of its goal to protect people, HHS has set forth three objectives: assisting and supporting ongoing COVID-19 response efforts while maintaining independence; fighting fraud and scams; and assessing the impact of HHS programs on the health and safety of beneficiaries and the public.

For the first objective of assisting ongoing COVID-19 response efforts, OIG plans to “[i]ssue guidance on the application of OIG’s administrative fraud enforcement authorities to support providers delivering needed patient care during the public health emergency.” It also will conduct “rapid-cycle reviews of conditions affecting HHS beneficiaries or health care and human services providers to inform and support effective COVID-19 response efforts.” Finally, OIG plans to deploy law enforcement personnel as needed to protect HHS personnel and resources.

For the second objective of fighting fraud and scams, OIG plans to investigate suspected fraud in coordination with federal, state, local, and tribal law enforcement partners, prioritizing cases involving patient harm. The agency will also alert HHS, its beneficiaries, and the public to fraud schemes related to COVID-19, including testing and identity theft scams.

For the third objective of assessing the impacts of HHS programs, OIG plans to conduct audits and evaluations in health care settings as well as of HHS operations.

Goal 2: Protect Funds

The Strategic Plan’s first objective in its goal to protect HHS funds from fraud, waste, and abuse is to prevent, detect, and remedy such waste or misspending. To that end, OIG will conduct audits and evaluations of HHS’ system for awarding, disbursement, and use of funds. It will also audit fund recipients to assess whether they met use, reporting, and other requirements, recommending recovery of misspent funds where appropriate. OIG further plans to participate in and coordinate closely with the Pandemic Response Accountability Committee (PRAC) to prevent and detect any fraud, waste, abuse, or mismanagement.

The second objective is to fight fraud that diverts COVID-19 funding or exploits emergency flexibilities. OIG plans to identify and investigate suspected fraud, conduct audits and evaluations to identify program vulnerabilities and recommend safeguards, and alert HHS, enforcement partners and industry stakeholders to potential fraud risks or schemes.

Goal 3: Protect Infrastructure

The Strategic Plan points out the critical importance of the security of HHS information technology systems, infrastructure, and the personal information and data collected and maintained by various HHS programs. OIG’s objective here is to protect the security and integrity of IT systems and health technology. OIG plans to audit HHS’ capabilities for detecting IT vulnerabilities and incidents, mitigating threats, and restoring IT services. OIG will also audit whether known cybersecurity vulnerabilities related to networked medical devices, telehealth platforms, and other technologies being used have been mitigated. Finally, OIG will investigate cybersecurity threats to and attacks on HHS systems and provide technical assistance to HHS to support a secure and robust IT infrastructure.

Goal 4: Promote Effectiveness

OIG plans to highlight lessons learned from relevant historical work and new analyses to make recommendations to support HHS’ effective preparation for, and responses to, future emergencies. The Strategic Plan’s stated objectives here are to support the effectiveness of federal, state, and local COVID-19 response and recovery efforts, as well as to leverage successful practices and lessons learned to strengthen HHS programs for the future.

In supporting the effectiveness of the current response and recovery efforts, OIG plans to conduct audits and evaluations of such efforts and identify opportunities for increasing effectiveness. It will also conduct audits and evaluations to help ensure that recipients of the funding achieve program goals.

Looking further out for leveraging practices and lessons for the future, OIG plans to identify such successful practices and lessons learned now at various levels and make recommendations. The agency will review pandemic preparedness planning to identify how funding was spent, as well as the utility of preparedness plans and activities. OIG will also review recommendations for improvements. Finally, it plans to assess the impacts of COVID-19 emergency flexibilities to inform decisions after the current situation ends, such as impacts of expanded telehealth in Medicare during the emergency and implications for future policies.