Meet Inspector General Christi A. Grimm: Never lose sight of the vital role compliance plays

Christi A. Grimm

Christi A. Grimm

Adam Turteltaub

Adam Turteltaub

Christi A. Grimm, Inspector General, U.S. Department of Health & Human Services

This interview with Christi A. Grimm was conducted in April 2022 by Adam Turteltaub (adam.turteltaub@corporatecompliance.org), Chief Engagement & Strategy Officer, SCCE & HCCA.

AT: Thank you for taking the time to speak with us. I know all of us in the healthcare compliance community truly appreciate the willingness of the Office of Inspector General (OIG) to engage with us. Let’s start with your background. While a lot of us have come to know you well at OIG during the 22 years you’ve worked there, can you share what led you to OIG in the first place, and to your appointment as Inspector General of the United States Department of Health & Human Services (HHS)?

CG: It is my pleasure to connect with HCCA and compliance professionals, who play an essential role in promoting integrity in the healthcare system. I look forward to continued productive dialogue with the association about empowering compliance professionals.

As I shared at the 2022 Compliance Institute, I was influenced at an early age by my grandfather, Albert Mackenson, who was the head of the Public Works Department in Edgewater, Colorado, where I grew up. Mack, as my grandfather was known, oversaw quite a bit. He ensured that the parking lots at City Hall were striped so people knew where to park. He helped residents understand city codes for raking leaves and garbage removal. He responded to unplanned incidents like broken water pipes. He made sure streets were salted before a snowstorm that could quickly turn into a blizzard. His focused and practical work allowed the town to run effectively and efficiently, and his work ultimately served to improve the lives of the people who lived there. That made a big impression on me and generally inspired me to enter public service. Academically, I have always been interested in health policy—how policy shapes healthcare and health outcomes—and the real-world implications for access to care, public health, patient safety, and healthcare financing.

These influences and interests shaped the trajectory of my public service career. They drew me to HHS and to a career focused on detecting and preventing fraud, waste, and abuse and on generally improving the efficiency and effectiveness of programs that touch the lives of all Americans.

I started by performing audits of Medicare contractors at the Health Care Financing Administration, which later became Centers for Medicare & Medicaid Services (CMS). I joined OIG as a program analyst in our Office of Evaluation and Inspections in New York, where I learned the craft of evaluation—careful analysis of factual data to gain a full picture of how HHS programs and operations are performing, and then constructing practical recommendations to address vulnerabilities.

During more than 20 years, and in a variety of positions at OIG, I became steeped in the disciplines central to the work of an inspector general. And I gained understanding of HHS’s more than 100 programs. I would like to think that having held multiple roles at HHS and OIG, I understand the everyday challenges of the people at OIG who conduct the oversight work and the challenges faced by those whose work we oversee. When the vacancy arose, I was prepared to serve and honored to be nominated and confirmed to lead an organization to which I am deeply committed and connected.

AT: What were some of the priorities when you first joined the OIG?

CG: OIG has always had a clear and compelling mission. I joined OIG after the passage of the Health Insurance Portability and Accountability Act (HIPAA), which infused OIG with fraud-combating resources and new enforcement authorities. Then-Inspector General June Gibbs Brown launched a national campaign to eliminate fraud and abuse from Medicare, Medicaid, and other HHS programs using new resources and authorities we gained from that legislation in close partnership with the Health Care Financing Administration, the Department of Justice, and other law enforcement agencies. A key component was encouraging voluntary compliance efforts by healthcare providers. We held meetings with provider groups, established general guidelines for good compliance practices, established the advisory opinion process, and began work on sector-specific guidance. We could not know then how these initial steps would snowball into the robust healthcare compliance activities of today.

AT: How have OIG’s priorities changed over time, and what drove these changes?

CG: Our mission has not changed, nor has our focus on aggressive fraud-fighting and oversight using the most modern tools and methods available. We remain wholeheartedly committed to compliance and fraud prevention. What has changed markedly are the types and scope of fraud schemes; the contents of our toolbox; the revolution in technology and science; and the size and complexity of Medicare, Medicaid, and other HHS programs. We must be smart, fast, and nimble to stay ahead of increasingly sophisticated fraud schemes. We use modern data analytics and artificial intelligence to identify potential fraud, outliers, and concerning trends. And we partner with other law enforcement and oversight agencies to share data and trends so we can more holistically detect and target fraud and inefficiency across government programs.

As guardians of the HHS funds, as well as beneficiary health and safety, our priorities shift based on the targets of federal spending and emerging threats and vulnerabilities. Examples of responsive shifts over time include ensuring sound stewardship of global funding to fight the AIDS epidemic, oversight of the HHS program that cares for unaccompanied children entering the United States, and the growth of cybersecurity threats. Most recently, it has been the pandemic. We have sharply focused on oversight of billions of dollars in pandemic spending. To date, we have issued 20 reports related to pandemic programs, and we have 70 reviews underway. With our law enforcement partners, we are also taking swift action to stop COVID-19–related fraud.

AT: What are your top priorities as the newly confirmed inspector general?

CG: At a macro level, it is a foundational priority that OIG be rigorously independent, objective, and credible. I want OIG to be people-focused, pragmatic, prepared, and transparent. And I want OIG to continue as a modern organization with a high-performing, diverse, and inclusive workforce that reflects the communities we serve.

I am committed to improving nursing homes as my top priority. Two decades of OIG oversight has documented multiple, entrenched problems. We’ve seen nursing home residents suffer greatly during the pandemic. It’s time for meaningful, sustainable change. With deep expertise in nursing home issues and powerful oversight tools, OIG can help spur change. We can shine light on very real obstacles facing nursing homes, such as severe staffing shortages, aging infrastructure, ineffective oversight, and fractured funding systems. Looking forward, I plan to redouble our nursing home oversight to understand and address what makes poorly performing nursing homes fail, how nursing homes can better deliver high-quality care and quality of life, and how entities responsible for frontline nursing home oversight—CMS and the states—can do a better job of detecting problems and fixing them quickly. We will be coordinating with CMS as it implements the president’s plan to improve safety and quality of care in nursing homes.

I am also keenly focused on ensuring that we have the resources and infrastructure needed to provide effective oversight of HHS’s $2.4 trillion in annual spending. Priorities include combating fraud, reducing improper payments, addressing the opioid epidemic, and addressing risks in managed care. I’ve asked our teams to focus on affordability of healthcare, health equity, and ensuring that promising modes of delivering care—such as telehealth—operate with appropriate safeguards. It’s a meaty list that we have the expertise and experience to tackle.

AT: What do you consider to be OIG’s most notable accomplishments during the past two years?

CG: I am incredibly proud of the way our workforce transitioned to a remote environment when the pandemic struck. We took a people-first, mission-second approach, recognizing that if our people felt safe and supported, they would be able to stay focused on our mission. And it paid off. We maintained focus on critical areas like the opioid epidemic and quickly launched a COVID-19 oversight strategic plan with ramped up oversight of pandemic programs and spending.

Picking most notable examples is like picking a favorite child, but let me offer several that come to mind. Working with our partners, we have aggressively thwarted COVID-19 fraud schemes. We also educated consumers and providers to protect themselves from these scams. In 2021, we and our partners conducted a major nationwide fraud takedown of schemes designed to exploit the COVID-19 pandemic. Allegations included misappropriation of Provider Relief Fund and fraudulent billing for COVID-19 and other testing. With so many urgent needs during a pandemic, we cannot tolerate diversion and misuse of funds intended to serve those needs.

We continue to make important strides using data analytics to reveal quality-of-care concerns, potential cost recoveries, and compliance opportunities. A terrific example is our evaluation that used innovative claims analysis to show how some Medicare Advantage companies may be leveraging chart reviews and health-risk assessments to disproportionately drive payments.[1] We have also used advanced data analytics to identify laboratories that steal from Medicare, pursuing a case against the owner and operator of two laboratories alleged to have submitted more than $88 million in fraudulent billing to Medicare, with $42 million of it related to the COVID-19 health emergency.[2]

We also saw important recommendations implemented—real impact for OIG’s work. For instance, in December 2020, Congress established new, intermediate remedies for poorly performing hospices,[3] implementing an OIG recommendation.[4] We conducted critical oversight to help strengthen HHS’s cybersecurity posture. And importantly, OIG work during this period reported tough challenges faced by hospitals and nursing facilities responding to COVID-19, helping give voice to affected providers and patients.

I could go on about accomplishments, but I know there are other questions.

AT: What are the biggest areas of progress that you have seen in compliance programs through your years at OIG? Where do you find compliance programs most commonly continuing to struggle?

CG: I applaud the compliance profession for its leadership in elevating the quality and effectiveness of compliance programs. During the past 20 years, compliance programs and compliance officers have become the norm. Programs have become more comprehensive to include things like risk assessments, measurement of program effectiveness, increased board and senior management–level oversight, more independent compliance departments, and compliance officers who are on par with other members of senior management. The steady use of the OIG’s Health Care Fraud Self-Disclosure Protocol indicates a clear awareness of compliance and the adoption of internal audit tools to aid providers in detecting potential fraud that can be disclosed to the government.

One ongoing challenge we’ve observed is embedding a culture of compliance across a healthcare organization so that business decisions are made with compliance principles in mind. Particularly when companies combine or make acquisitions, some operational divisions may require challenging structural and cultural changes. And with the stress placed on healthcare providers during the pandemic, allocating resources to compliance can be an issue. There is also a risk of complacency. Entities may feel a false sense of security if they are not continually testing the effectiveness of their policies, processes, and systems.

AT: What do you think have been some of the major influential factors, both inside and outside the government, promoting compliance for healthcare organizations?

CG: Several factors come to mind. OIG’s corporate integrity agreements (CIAs) and compliance resources have identified compliance best practices and served as resources for the industry. Enforcement when fraud occurs has certainly played a role in helping organizations understand risks they face from not devoting resources to proactive compliance measures. We have seen support in recent court decisions holding individual providers, officers, and board members accountable for compliance failures. And of course, HCCA has been influential in elevating compliance. Last and most certainly not the least, compliance professionals have worked diligently to foster compliance within their own organizations.

AT: OIG has been soliciting feedback on the resources it currently provides or could provide to improve compliance efforts. We were pleased to be invited by your office to host roundtables on this topic that were very candid and constructive. Can you share what you are currently considering?

CG: I want to thank HCCA members for spending their valuable time with us, for candid feedback, and for providing an invaluable view from the compliance front lines. I am excited about our modernization initiative. By enhancing the accessibility and usability of the OIG’s publicly available data and information, we can make program integrity and compliance easier across the healthcare industry. We are considering many takeaways from the roundtables and other feedback. Let me mention three examples.

First, we heard that compliance professionals value OIG’s publicly available resources and want more ways to use them to educate stakeholders. You would like more videos, podcasts, infographics, data toolkits, and frequently asked questions.

Second, you would like more ways to connect the dots and understand the latest compliance risks. You want more information about how an audit or CIA fits with other related work, as well as updated materials that reflect the evolution of healthcare and emerging risks.

Third, you would benefit from better, more searchable data and interactive tools that help put more of our information at your fingertips, faster.

We are still gathering and digesting critical feedback from a range of stakeholders as we develop next steps. Because we want to be transparent, we will post a list of modernization actions we plan to implement on our website.

AT: Where do you see the biggest opportunities for greater collaboration between industry and the OIG?

CG: The modernization initiative roundtables are a terrific example of how industry can help us understand the context in which it operates and in which we are conducting our oversight and guidance work. For our work to be pragmatic and have meaningful impact, we need the clearest possible understanding of the industry and the challenges it faces. So we will continue to seek opportunities to hear from industry and continue to participate in HCCA programs, which are incredibly valuable learning opportunities. More formally, I urge industry to take advantage of opportunities to provide feedback on regulations and requests for information. We read the comments closely, and there are many examples in final regulations of changes made based on what we learn.

AT: The recent changes to the Stark Law, Anti-Kickback Statute, and beneficiary inducement regulations, sometimes referred to as the Regulatory Sprint to Coordinated Care, which went into effect January 19, 2021,[5] were the result of an effort that began a long time ago. What was the role of the OIG in developing these important modifications to these fundamental compliance laws, and what is foreseeable for the future?

CG: Medicare and Medicaid continue to transition from volume-based payment to value-based and managed care models, and OIG’s work reflects this. The new regulations are designed to provide sufficient regulatory flexibility to implement beneficial models of care. Within HHS, OIG has responsibility for regulations related to the Anti-Kickback Statute and the beneficiary inducement Civil Monetary Penalties Law, and CMS has responsibility for the Physician Self-Referral Law, sometimes known as the Stark Law. Because of overlap in provider conduct covered by these statutes, we have long coordinated closely with CMS on regulations, with an eye toward consistency in approach where that makes sense. We also bring our enforcement and guidance experience to the table. For the new regulations, OIG and CMS coordinated to align terminology and guardrails wherever possible, mindful of reducing burdens on providers. It was not feasible to align the rules completely because of differences in statutory structures. Because these rules are still new, and with the intervening focus in the industry on pandemic response, it’s not clear yet what impact the regulations will have on the development of value-based care. We are hopeful they will provide pathways forward for beneficial healthcare arrangements and provide the right set of guardrails to prevent fraud and abuse. If that does not turn out to be the case or value-based arrangements evolve in a manner requiring different flexibilities, we will consider whether modifications are needed.

AT: What impacts are you seeing—given COVID-19 and all the changing regulations, temporary waivers, the worker shortage, as well as the financial and budgetary stress on healthcare systems affecting organizations’ focus and rigor—in demonstrating that effective compliance programs are in place?

CG: Compliance officers and departments play key roles in helping their organizations navigate compliance with regulations, temporary waivers, and other requirements in a rapidly changing environment. This can result in organizations having new or increased appreciation for the value of compliance officers. But this can also strain compliance resources and divert focus from other risk areas that continue during COVID-19. Our staff have been working closely with entities under CIAs to help them navigate the challenges of fulfilling their CIA obligations while also providing healthcare during the pandemic, sometimes with reduced staff and resources. We have observed that the virtual workplace during the pandemic has pushed organizations and their compliance officers to think creatively about how to accomplish compliance tasks, such as through training and by conducting audits.

AT: How do you see compliance evolving in the future? With the rise of environmental, social, and governance (ESG) factors, many see the scope and responsibilities of compliance expanding greatly.

CG: I expect compliance will evolve in tandem with changes in how healthcare is organized and delivered, and with changing responsibilities and risk profiles. It is possible that compliance’s umbrella will grow to incorporate ESG, at least for some organizations. For example, when HIPAA was enacted, some organizations parked responsibility for privacy with the compliance function, while others established separate offices. The rise of ESG presents opportunities and challenges for compliance, including competing priorities for compliance resources. From the perspective of compliance with federal healthcare program requirements, I would expect the scope, responsibilities, and areas of expertise for compliance to expand as programs incorporate more requirements related to things like equity and social drivers of health.

AT: Finally, any last words of advice for the healthcare compliance community?

CG: Never lose sight of the vital role compliance plays in fostering a stronger, more effective, more resilient healthcare system that delivers high-quality care to patients. Ensuring compliance with requirements is important—that’s a must-do. But the value proposition for compliance lies in the positive outcomes it propels for companies, patients, and the American public. OIG looks forward to continued partnership with HCCA and the compliance community to advance this shared mission.

AT: Thank you, Inspector General Grimm!

 
1 U.S. Department of Health & Human Services, Office of Inspector General, “Some Medicare Advantage Companies Leveraged Chart Reviews and Health Risk Assessments To Disproportionately Drive Payments,” OEI-03-17-00474, September 20, 2021, https://oig.hhs.gov/oei/reports/OEI-03-17-00474.asp.
2 U.S. Department of Justice, “DOJ Announces Coordinated Law Enforcement Action to Combat Health Care Fraud Related to COVID-19,” news release, May 26, 2021, https://www.justice.gov/opa/pr/doj-announces-coordinated-law-enforcement-action-combat-health-care-fraud-related-covid-19.
3 Consolidated Appropriations Act, 2021, Pub. L. No. 116-260 (2020).
4 Joanne M. Chiedi, Vulnerabilities in the Medicare Hospice Program Affect Quality Care and Program Integrity: An OIG Portfolio, OEI-02-16-00570, Office of Inspector General, U.S. Department of Health & Human Services, July 2018, https://oig.hhs.gov/oei/reports/oei-02-16-00570.pdf.
5 Medicare and State Health Care Programs: Fraud and Abuse; Revisions to Safe Harbors Under the Anti-Kickback Statute, and Civil Monetary Penalty Rules Regarding Beneficiary Inducements, 85 Fed. Reg. 77,684 (December 2, 2020) ; Medicare Program; Modernizing and Clarifying the Physician Self-Referral Regulations, 85 Fed. Reg. 77,492 (December 2, 2020) .
This publication is only available to members. To view all documents, please log in or become a member.
Become a Member Login

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings