News & Insights


October 31, 2022

Health Headlines – October 31, 2022

CMS Issues Revised Staff Vaccination Guidance – On October 26, 2022, CMS issued revised guidance on COVID-19 vaccination requirements for staff working for Medicare-certified and Medicaid-certified providers and suppliers.  While the revised guidance was issued in separate provider-specific attachments, the guidance generally allows for more flexible staff vaccination requirements and enforcement due to relatively low COVID-19 hospitalizations and deaths nationwide.

For long-term care and skilled nursing facility staff, CMS loosened the language around the 100% staff vaccination requirement, and CMS now defines noncompliance as staff vaccination rates under 100% of unexcepted staff whereas the guidance previously did not distinguish unexcepted staff from the vaccination requirement. The term “unexcepted staff” encompasses those who have been granted exemptions from the COVID-19 vaccine or those staff for whom the COVID-19 vaccination must be temporarily delayed, as recommended by the CDC. This updated definition of noncompliance for long-term care and skilled nursing facilities now brings the staff vaccination requirements in line with those of other types of facilities such as ambulatory surgery centers, hospitals, and hospice facilities.

In addition, the revised guidance also provides for a more relaxed enforcement scheme with the scope and severity of citations now influenced by good faith efforts made to correct noncompliance. The severity and scope levels range from Level 1 described as “no actual harm with potential for minimal harm” to the most severe level, Level 4, described as “immediate jeopardy, noncompliance resulting in serious harm or death” or “noncompliance resulting in a likelihood for serious harm or death.” The guidance allows for enforcement flexibility where there are good faith efforts made to correct noncompliance, and states that non-compliant facilities that have implemented a plan to achieve a 100% staff vaccination rate would not be subject to an enforcement action. On the other hand, the revised guidance states egregious noncompliance, described as more than 50% of staff being unvaccinated, should be cited at the harsher severity level 2 which represents “no actual harm with potential for more than minimal harm that is not immediate jeopardy”. 

CMS’s revised guidance memorandum replaces CMS memoranda QSO 22-07-ALL Revised, QSO 22-09-ALL Revised, and QSO 22-11-ALL Revised and consolidates the information into a single memorandum, QSO-23-02-ALL. The full revised CMS guidance memorandum can be found here.

Reporter, Jasmine Becerra, Atlanta, +1 404 572 3537,


OIG Recommends CMS Use OIG Hospital Compliance Audits to Enhance its Medicare Oversight – On October 26, 2022, OIG published a report summarizing the results of 12 OIG hospital compliance audits covering Medicare claims paid from 2016 through 2018. OIG recommends, among other things, that CMS follow up on overpayment recovery efforts and consider the results of OIG’s audits to improve CMS’s Medicare program oversight by focusing on high-risk error types.

Overview of OIG Hospital Compliance Audits

OIG performs hospital compliance audits as part of its work plan initiatives. These audits typically involve a review of 100 paid Medicare claims focused on high risk issues and the results are extrapolated. OIG’s October 26, 2022 report analyzes how CMS responded to findings included in 12 hospital compliance audits. These 12 hospital compliance audits involved a review of 1,290 inpatient and outpatient claims totaling $26,130,620 in Medicare payments. OIG alleged that there were 387 improperly paid claims (333 inpatient claims and 54 outpatient claims), totaling $5,313,876 in overpayments for the sampled claims.  Based on these results, OIG extrapolated the findings and estimated that the 12 hospitals were overpaid approximately $85,497,411.

OIG found that the most common error type for the improperly paid inpatient claims (200 of the 333 claims) involved incorrectly billed inpatient rehabilitation facility services.  Specifically, OIG found that the hospitals: incorrectly billed Medicare Part A for beneficiary stays that did not meet Medicare criteria for acute inpatient rehabilitation, did not comply with Medicare documentation requirements, and/or included incorrect case-mix groups resulting in incorrect payments to the hospitals.  OIG identified other errors involving incorrect inpatient admissions, incorrect DRG codes, and incorrect inpatient psychiatric facility emergency department adjustment codes. 

OIG also found that the most common error type for the improperly paid outpatient claims involved incorrect HCPCS codes that were not supported by the medical records and claims with the improper number of units billed. 

In connection with hospital compliance audits, OIG generally makes the following recommendations:

  1.  The hospital repay the alleged extrapolated overpayment for the audit period (typically a two year period);
  2. The hospital exercise reasonable diligence to identify, report, and return any overpayments in accordance with the 60-day overpayment rule outside of the audit period; and
  3. The hospital strengthen internal controls to ensure compliance with Medicare requirements. OIG’s report stated that in response to its recommendations, CMS failed to provide OIG with sufficient information to verify that some hospitals have repaid funds, implemented OIG’s recommendations to follow the 60-day rule, and strengthened internal controls.  The report also stated that CMS has not utilized the results from the 12 OIG audit reports in CMS’s internal control activities because CMS said that it does not have enough resources or staff to centrally track every issue or error identified in the reports. 

After the OIG completes the audit and issues the report, CMS then coordinates with the hospital regarding the OIG’s recommendations. For example, a CMS contractor will issue a demand letter for the alleged overpayment for the audit period. Providers have the ability to appeal OIG’s findings.

OIG’s Recommendations to CMS

OIG believes that CMS can take additional steps to enhance its oversight of Medicare compliance by leveraging OIG’s hospital compliance audits. Specifically, OIG made the following recommendations to CMS:

  1. Continue to follow up on the overpayment recovery recommendations.
  2. Improve tracking and responding on the status of claims identified in OIG’s reports through the appeals process. If CMS does not provide OIG with complete information regarding actions taken on overpayments and the status of appeals, OIG cannot verify that CMS has collected or is in the process of collecting overpayments.
  3. Direct the Medicare Administrative Contractors (MACs) to follow up with 8 of the 12 hospitals that have not responded to the recommendation to follow the 60-day overpayment rule or have not followed up at the conclusion of the Medicare appeals process.
  4. Revise its SOP to require MACs to both follow up with providers at the conclusion of the Medicare appeals process and provide additional detail to CMS regarding specific follow up actions taken.
  5. Consider the results of OIG’s audit and future hospital compliance audits in CMS’s risk assessment process.

CMS responded to OIG’s recommendations and concurred with OIG’s second, third, and fourth recommendations.  With regard to OIG’s first and fifth recommendations, CMS did not indicate express concurrence.  CMS noted that it has collected over 91% of the overpayments identified in the OIG hospital compliance audits.

The OIG Report is available here.

Reporter, Jason A. de Jesus, Los Angeles, +1 213 443 4343,