Skip to main content
A person signing a contract in a dealership office

OIG Work Plan Updates & Compliance Implications: Q2 2026

See updates from the Office of Inspector General for the second quarter of 2026.

Our series on the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) Work Plan updates continues with a roundup of notable announcements from April through June 2026. Keep reading to learn more, including potential impacts and compliance considerations for healthcare organizations across the care continuum.

Medicare Payments for Clinical Diagnostic Laboratory Tests

Date of Work Plan Update: April 15, 2026

Medicare is the largest payor of laboratory tests in the United States. The Protecting Access to Medicare Act (PAMA) requires Medicare to set payment rates for lab tests based on what private insurance companies are paying in the market. As of 2018, the law requires the OIG to review and provide an analysis of the top 25 lab tests with the highest costs to Medicare.

The OIG analysis found that $8.4 billion was spent on clinical diagnostic laboratory tests in 2024. This was an overall increase of approximately 5% compared to the previous year. Other key takeaways from the analysis show a shift toward spending on genetic lab tests compared to nongenetic tests, such as metabolic and lipid panels, with genetic tests accounting for the highest expenditures to Medicare.

Potential Impacts

  • Increased scrutiny of laboratory tests identified in the top 25 tests from regulators and auditors as a result of the OIG analysis.
  • Changes in laboratory revenue due to adjustments in reimbursement amounts for certain laboratory tests.

Compliance Considerations

  • Verify that laboratory tests are coded and billed correctly to avoid overpayments, denials, or audit findings.
  • Monitor laboratory tests with high Medicare spending to identify unusual utilization patterns, medical necessity concerns, or potential fraud and abuse risks.
  • Have qualified professionals regularly conduct internal audits of charts and coding procedures to confirm that documentation supports services provided and identify potential error patterns.

NIH Grant Subrecipient Oversight

Date of Work Plan Update: April 15, 2026

The National Institutes of Health (NIH) provides billions of dollars in research grants each year to organizations that are considered “prime recipients.” These organizations may pass some of the funding to other organizations (“subrecipients”) to help perform the work under NIH grant funding.

Federal rules require the prime recipients to monitor and oversee their subrecipients to ensure the money is used properly and according to grant requirements. This evaluation will review whether organizations are properly overseeing their subrecipients with the goal of reducing fraud, waste, abuse, and misuse of NIH grant funds.

Potential Impacts

  • Increased oversight, monitoring activities, and documentation expectations across both prime recipients and subrecipients.
  • Expanded use of audits, reviews, and data tracking to assess financial and programmatic performance.
  • Elevated administrative demands, including the need for specialized compliance resources and systems.
  • Greater risk of audit findings, questioned costs, funding delays, or restrictions tied to weak oversight or documentation gaps.
  • Increased scrutiny of subrecipient activities, resulting in higher reporting burdens and oversight interactions.

Compliance Considerations

  • Maintain documented, risk-based monitoring frameworks covering subrecipient selection, oversight, and performance tracking.
  • Perform risk assessments and apply targeted monitoring activities such as financial reviews, site visits, and audit follow-up.
  • Implement internal controls to identify unsupported costs, conflicts of interest, improper allocations, and potential fraud or misuse.
  • Maintain complete, audit-ready documentation of expenditures, monitoring activities, and decision making across all entities.
  • Strengthen internal controls, financial management practices, and record-keeping at the subrecipient level to support compliance.
  • Align reporting, documentation, and corrective action processes between prime recipients and subrecipients.
  • Provide training, guidance, and timely issue resolution to address compliance gaps and support consistent application of requirements.

FDA Oversight & Risk Mitigation for Compounded GLP-1 Drugs

Date of Work Plan Update: April 15, 2026

During drug shortages between 2022 and 2025, the U.S. Food and Drug Administration (FDA) permitted compounding pharmacies to make copies of certain GLP-1 drugs (commonly used for diabetes and weight loss). Shortages of these drugs ended in early 2025, but some facilities continue to produce large amounts of compounded GLP-1 drugs, raising concerns about product quality, patient safety, and FDA oversight. The OIG will conduct a study to evaluate how effectively the FDA monitors and inspects these compounding facilities and how the agency uses data to identify and reduce risks to patients.

Potential Impacts

  • Increased regulatory scrutiny of compounding pharmacies and facilities producing GLP-1 drugs.
  • Health plans, providers, and pharmacies may experience increased operational and financial impacts if patients must transition from compounded products to FDA-approved medications.

Compliance Considerations for Providers & Pharmacies

  • Monitor FDA guidance, inspections, and enforcement actions related to GLP-1 compounding activities.

Medicare Compliance Audit of Home Health Claims With Institutional Admissions

Date of Work Plan Update: April 23, 2026

CMS updated how Medicare pays home health agencies (HHAs) under the Patient-Driven Groupings Model (PDGM) starting January 1, 2020. Under this model, HHAs receive higher reimbursements when a patient is admitted to home health services after staying in a hospital or other institutional facility, rather than coming directly from a community admission.

To track admissions, CMS created occurrence codes 61 and 62, which HHAs use to indicate a qualifying institutional stay occurred within 14 days before home health admission. However, prior audits found some HHAs incorrectly used these codes for patients who only had emergency room visits or observation stays, which do not qualify as inpatient institutional admissions. The OIG will review and examine HHA claims with these codes to identify the potential for improper payments.

Potential Impacts

  • HHAs may face increased audits and scrutiny related to the use of the new occurrence codes.
  • Organizations may be required to repay Medicare for improperly billed institutional admission claims.

Compliance Considerations for HHAs

  • Perform internal audits and implement regular monitoring for claims billed with occurrence codes 61 and 62 to confirm qualifying inpatient stays occurred.
  • Educate coding and billing staff regarding differences between inpatient admissions, observation stays, and emergency room visits.

CDC Public Health Infrastructure Grant Recipient Oversight

Date of Work Plan Update: April 23, 2026

The Centers for Disease Control and Prevention (CDC) created the Public Health Infrastructure Grant (PHIG) program to help state, local, Tribal, and territorial health departments strengthen public health systems, staffing, services, and infrastructure. Between fiscal years 2023 and 2025, the CDC distributed approximately $5 billion in funding to more than 100 jurisdictions and partner organizations. The OIG will conduct audits of selected grant recipients to determine whether PHIG funds were used properly and in accordance with federal grant requirements and award terms.

Potential Impacts

  • Expanded reporting and documentation requirements for PHIG-funded activities across recipients and subrecipients, including workforce, infrastructure, and service metrics.
  • Increased scrutiny on how expenditures align with approved public health objectives, particularly for staffing and system modernization.
  • Greater coordination needed among recipients, subrecipients, and partners to support consistent reporting and use of funds.
  • Higher risk of funding restrictions, reallocations, or questioned costs when spending lacks clear linkage to allowable activities or outcomes.
  • Added pressure to demonstrate measurable improvements in public health capacity tied to PHIG investments.

Compliance Considerations

  • Implement tracking approaches that link expenditures to program goals, activities, and outcomes across all entities involved.
  • Maintain audit-ready documentation connecting costs to approved budgets, workforce investments, and infrastructure efforts.
  • Perform periodic reviews of spending and performance data to identify gaps or inconsistencies across recipients and subrecipients.
  • Document allocation methodologies and key decisions, especially for shared or cross-cutting services.
  • Strengthen coordination between finance, program, and partner organizations to align financial and performance reporting.
  • Retain support for personnel, contracts, and system investments tied to PHIG objectives.
  • Apply clear protocols for identifying, escalating, and resolving compliance issues with appropriate documentation.

Deductible & Coinsurance Refunds for Adjusted & Canceled Medicare Parts A & B Claims

Date of Work Plan Update: May 6, 2026

Under Medicare, healthcare providers, physicians, and suppliers are responsible for collecting deductible and coinsurance amounts from patients or other paying entities. If claims are adjusted or denied, providers may be required to refund any overpayments or incorrectly collected amounts. The OIG will review and evaluate whether CMS properly monitors and tracks refunds related to Medicare Part A and Part B claims after claim adjustments or denials occur.

Potential Impacts

  • Increased scrutiny regarding refund processing and overpayment handling practices.
  • Potential need to enhance billing system controls to identify adjusted or denied claims requiring patient refunds.

Compliance Considerations

  • Healthcare organizations should conduct periodic compliance audits to verify compliance with Medicare refund requirements for Part A and Part B claims.
  • Billing and revenue cycle teams should routinely reconcile deductible and coinsurance collections against final claim determinations.
  • Healthcare organizations should establish and maintain a formal process for identifying, investigating, reporting, and returning or recouping overpayments to support compliance, reduce financial risk, and demonstrate effective oversight of billing practices.

Audit of Oversight for For-Profit HHS Grant Recipients

Date of Work Plan Update: May 12, 2026

HHS is the largest grant-making agency in the federal government. A portion of its funding is distributed to for-profit, domestic recipients, which must comply with certain audit requirements, including submitting annual audit reports. A prior OIG audit of for-profit grant recipients identified gaps in annual audit report submissions and timely corrective action on audit findings.

HHS awarding agencies are responsible for ensuring compliance with these requirements, while the Office of the Assistant Secretary for Financial Resources (ASFR) is responsible for departmentwide oversight of audit compliance. The OIG will review to determine whether ASFR oversaw HHS awarding agencies’ compliance with federal audit regulations applicable to for-profit domestic grant recipients.

Potential Impacts

  • Increased oversight, audits, and documentation requests affecting both recipients and subrecipients, with heightened scrutiny on alignment between expenditures and PHIG objectives.
  • Greater coordination demands across recipients, subrecipients, and partners to produce consistent financial and performance reporting.
  • Elevated risk of questioned costs, funding adjustments, or corrective actions when expenditures lack clear connection to infrastructure, workforce, or service outcomes.
  • Additional pressure to demonstrate measurable, sustainable improvements in public health capacity tied to PHIG investments.

Compliance Considerations

  • Maintain clear documentation linking expenditures, program activities, and outcomes across both recipient and subrecipient levels.
  • Apply consistent tracking and reporting practices to support alignment between financial data and performance results.
  • Conduct periodic internal reviews of high-risk spending areas, e.g., personnel, contracts, IT investments, across all entities involved.
  • Document allocation methods, approvals, and decision making for shared or cross-cutting costs.
  • Strengthen communication and coordination between finance, program, and partner organizations to support audit readiness and timely issue resolution.

Medicaid Payments to Terminated Providers

Date of Work Plan Update: May 12, 2026

States are required to remove providers from Medicaid if they are found to be fraudulent or abusive. This includes providers who have been terminated by Medicare, another state Medicaid program, or a Children’s Health Insurance Program (CHIP). States are required to review data in the Data Exchange (DEX) system to identify any terminated or revoked providers. The OIG will review and evaluate whether providers listed in DEX as revoked or terminated by Medicaid were still included in Medicaid claims or encounters, as well as how much Medicaid paid for these claims or encounters.

Potential Impacts

  • State Medicaid agencies may need to strengthen provider enrollment and screening processes to prevent terminated providers from participating.

Compliance Considerations

  • State Medicaid agencies and health plans should regularly check provider status and implement controls to prevent payments to providers who have been revoked or terminated by Medicare, Medicaid, or CHIP.
  • State Medicaid agencies and health plans should implement policies and processes in the event that a provider is identified in DEX.
  • Payors should implement monitoring and auditing of claims data to identify any terminated or revoked providers.

Medicare Advantage Prior Authorizations for Post-Acute Care

Date of Work Plan Update: Modified May 15, 2026

As part of a three-project series first announced in 2024, the OIG plans to review Medicare Advantage Organizations (MAOs) to determine if they are improperly denying requests for post-acute care, including services such as care in long-term acute care hospitals, even if services meet Medicare coverage rules. The review will include an assessment of medical records to determine if denied requests were appealed, if appeals were overturned, and if the records show that care should have been approved.

Potential Impacts

  • MAOs may experience greater scrutiny of prior authorization decisions.
  • Organizations may experience financial impact based on reimbursements or uncompensated care risks for denials of medically necessary post-acute care.

Compliance Considerations

  • MA plans should review covered services under Medicare, including medically necessary post-acute care after a qualifying hospital stay, to ensure coverage rules are being applied accurately.
  • Organizations should implement an audit of their post-acute care denials to ensure denials are appropriate and comply with coverage rules.
  • Organizations should review and track their internal prior authorization processes and policies to identify patterns that may lead to improper denials.

How Forvis Mazars Can Help With Healthcare Compliance

Our healthcare compliance professionals have extensive experience helping providers, health plans, and other stakeholders navigate regulatory changes and compliance requirements. We will continue to monitor and provide quarterly updates on OIG Work Plan projects and their implications. If you would like assistance or have questions about how these updates may affect your organization, please reach out to our team.

Explore more resources:

Related FORsights

Like what you see?
Subscribe to receive tailored insights directly to your inbox.