Blog Post

OIG Investigation: The Audit Process and Report Findings Explained 

August 2025

Few things generate more concern among healthcare compliance leaders than an investigation by the U.S. Department of Health and Human Services Office of Inspector General (OIG). Most fear the process will be time-consuming and difficult, with the potential for fines, civil penalties, and even legal action. This concern often stems from a lack of familiarity with the organization’s investigative process.  

This article shines a light on the topic and helps you understand what to expect, without creating unnecessary fear. We provide a detailed overview of what the average OIG investigation entails, followed by a review of the expected outcomes and how to prepare for the process. 

OIG Investigation: The Basics 

What is an OIG Investigation? 

An OIG investigation is an official inquiry into the financial, ethical, and organizational practices of a healthcare organization. They are typically intended to uncover evidence of fraud, waste, and abuse, providing essential protection for patients, providers, and health plans against potential criminal activity.   

There are three basic types of OIG investigations: 

  1. Audits: The OIG’s Office of Audit Services (OAS) conducts independent audits of HHS programs and/or HHS grantees and contractors. These audits identify ways to improve HHS programs and services, providing essential accountability for government programs and ensuring government funds are spent properly. 
  2. Evaluations: The OIG’s Office of Evaluation and Inspections (OEI) conducts national evaluations of HHS programs from a broad, issue-based perspective. These evaluations produce practical recommendations to improve HHS program efficiency and effectiveness, primarily by addressing fraud, waste, and abuse. 
  3. Investigations: The OIG’s Office of Investigations (OI) conducts criminal, civil and administrative investigations of fraud and misconduct related to HHS programs, operations, and beneficiaries. 

How are OIG Investigations Launched? 

There are two common triggers for OIG investigations: 

  • Whistleblowers: An individual may make an anonymous complaint about malpractice or non-compliance within an organization that warrants a formal investigation. 
  • Agency Referrals: Organizations such as the Department of Justice (DOJ), Federal Bureau of Investigation (FBI), Unified Program Integrity Contractors (UPICs), or Medicare Administrative Contractors (MACs) often identify potential criminal activity in healthcare and hand the case over to the Office of Inspector General (OIG) for further investigation. 

What Does an OIG Investigation Involve? 

Every investigation differs depending on the specific organizational structure and the subject of inquiry. However, there are a few common procedures you should expect during an OIG investigation: 

  • Employee Interviews: Your employees may be asked to speak with OIG officials and offer testimony. Cooperation here is mandatory, and an investigation may require many witnesses to verify information or give investigators insight into internal processes. 
  • Documentation: Investigators may request access to detailed documentation related to the specific complaint. For example, you may need to provide documented evidence of diagnoses and treatments related to suspected billing fraud. 
  • Site Visits: The OIG may also send a team to inspect your facilities directly, helping to understand your operations and the processes that have led to the complaint. 

How Long Does an OIG Investigation Take? 

There is no fixed time limit or expected duration for an OIG investigation.1 The length of an investigation will generally be influenced by: 

  • Case Complexity: Some investigations involve a small handful of individuals, whereas others require numerous interviews and extensive data analysis. Complex cases will typically take longer to both conduct the investigation and produce official findings. 
  • Number of Agencies: The OIG often works in collaboration with the DOJ, CMS, or other government agencies. Involvement of more agencies typically creates greater complexity and leads to longer investigations. 
  • Subject Cooperation: Employees are generally obliged to accept requests to be interviewed, but that does not mean they are always forthcoming. Difficulty obtaining information or testimony will often extend an investigation. 

Three Types of Findings That Can Result From an OIG Investigation Audit Report 

The OIG has a mandate to identify and prevent malpractice and criminal activity within the healthcare industry, ranging from fraudulent billing to serious patient abuse or negligence. This goal can only be achieved by rigorously investigating potential risks or claims of non-compliance with key regulatory and legal requirements. There are three basic types of findings this mandate can produce: 

1. Criminal Findings 

OIG investigations frequently uncover criminal activity, leading to the filing of legal action against an individual or entity. The process will build a strong case against the defendant and accumulate evidence that can be used during criminal procedures. However, the OIG does not prosecute cases itself. Instead, it hands its findings over to the DOJ or appropriate prosecutorial authorities to enforce the case.  

Examples of criminal findings include: Falsifying records, identity theft for billing, and fraud rings – all of which can lead to severe penalties, including fines or imprisonment.  

2. Civil Findings 

An OIG investigation may also uncover evidence of wrongdoing at the civil level. Civil violations are cases where laws or regulatory requirements were broken, but not to the extent that they qualify as criminal offenses. These are often pursued under the False Claims Act or Civil Monetary Penalties Law. In fact, OIG investigations led to over $7 billion in expected fines and recoveries in 2024 alone.2 

Examples of civil findings include: False claims, payment fraud, and anti-kickback violations – all of which can lead to steep financial fines. 

3. Administrative Findings 

OIG investigations can identify violations that are best addressed at the administrative level. These are usually related to insufficient or flawed processes rather than individual malpractice or criminal activity. 

Examples of administrative findings include: A lack of compliance documentation, failure to report overpayments, and the employment of individuals who feature on exclusion lists – all of which can lead to enforced corrective action and exclusion from federal funding programs. 

What Happens After an OIG Investigation 

The outcome of an OIG investigation will vary depending on the agency’s findings, with the potential for exclusions, fines, or even referrals to the DOJ. There is also scope for post-investigation actions, such as the enforcement of: 

  • A Corporate Integrity Agreement (CIA) 
  • A Corrective Action Plan (CAP)  
  • Fee repayments  

 Voluntary disclosure using OIG’s self-reporting process can help avoid this and may reduce penalties associated with misconduct.3 However, the best way to avoid penalties during an OIG investigation is simply to have your compliance program in order, which is where Compliance Resource Center can help.  

Our expert team develops detailed policies and procedures that can be quickly adopted and integrated into your organization. This saves time, reduces the compliance burden, and ensures you are ready for any audit.  

Worried about potential investigations? 

Book a Consultation 

1 Texas Health and Human Services, Office of Inspector General. (n.d.). Provider investigations: Average less than 24 days for preliminary investigations. Retrieved August 20, 2025, from https://oig.hhs.texas.gov/about-us/news/provider-investigations-average-less-24-days-preliminary-investigations

2 U.S. Department of Health and Human Services, Office of Inspector General. (2024, December 4). HHS-OIG’s efforts result in $7.13 billion in expected recoveries and receivables, according to Fall 2024 Semiannual Report. Retrieved August 20, 2025, from https://oig.hhs.gov/newsroom/news-releases-articles/hhs-oigs-efforts-result-in-713-billion-in-expected-recoveries-and-receivables-according-to-fall-2024-semiannual-report/

3 U.S. Department of Health and Human Services, Office of Inspector General. (n.d.). Self-disclosure information. Retrieved August 20, 2025, from https://oig.hhs.gov/compliance/self-disclosure-info/

Subscribe to blog

Build an effective compliance program with expert hotlines, sanctions screening, training, and more.

Speak to an Expert