OIG Annual Work Plan Targets Drug Pricing, Data Protection Issues

Last week, the Department of Health and Human Services, Office of Inspector General (“OIG”) released its Fiscal Year 2016 (“FY2016”) Work Plan.  This work plan offers manufacturers and providers insight into OIG’s priorities for the coming year, many of which are consistent with issues that have been raised in False Claims Act lawsuits.  A number of OIG’s newly announced programs mirror current topics of intense debate in the healthcare industry, including pricing for brand name prescription drugs and controls over protected health information.

Below we provide an overview of several of OIG’s newly announced projects that carry potential ramifications in the enforcement context:

“High Cost” Branded Drugs in Medicare Part D: Noting that prices for the most commonly prescribed branded drugs increased by almost 13 percent in 2013, OIG will compare price increases for brand name drugs under Medicare Part D against the inflation rate.

Payments for Specialty Drugs: Reflecting concerns about the prices of specialty drugs, OIG will study how state Medicaid agencies calculate payment methodologies for these drugs and the variation in their reimbursement rates.

Analysis of Open Payments Data: OIG had previously started a review of the financial interests reported by manufacturers under the Open Payments program to determine whether the reported data were fully and accurately displayed on the CMS website. Now OIG intends to analyze the validity of the data submitted.

Protection of Electronic Protected Health Information (“ePHI”): OIG states that the Office of Civil Rights (“OCR”) has not implemented adequate controls in the past to ensure the protection of ePHI and plans to analyze the adequacy of OCR’s current oversight over the security of ePHI.

Review of Networked Medical Devices: Providers have increasingly leveraged networked medical devices (e.g., dialysis machines and medication dispensing systems) to transmit ePHI. As OIG notes, this uptake of networked medical devices has heightened the risk of data breaches. OIG plans to examine whether FDA’s oversight of hospitals’ networked medical devices is sufficient to effectively protect ePHI.