Kusserow on Compliance: Employee screening against the Specially Designated Nationals and Blocked Persons list

A frequently asked question by compliance officers for health care organizations is whether they should be screening employees and others with whom they do business against the Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons list (SDN). OFAC is part of the U.S. Department of Treasury that determines whether or not an entity or individual is permitted to do business with the United States. The SDN is “….a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific.”

Tom Herrmann, JD—who served over 20 years in the HHS Office of Inspector General (OIG) Office of Counsel to the IG and subsequently 6 years as an Appellate Judge for the Medicare Appeals Board—was asked to comment on this issue. He noted that the SDN list was primarily designed for use by financial institutions; they are not permitted to deal with anyone on the list. As a result, OFAC alerts can sometimes show up on credit reports. It is safe to assume that employers, also, would prefer not to hire someone on the SDN list. Those industries most involved in OFAC screening are international businesses, particularly in banking, finance, and insurance. He made special note of the fact that screening against the OFAC SDN List is not required for healthcare providers or managed care and may create more problems than benefits from doing it.

Ashley Felder is a Human Resources Consultant who warns that from an employer’s perspective, a significant problem is that the list consists of a very large number of common Arabic names that can be transliterated into English many different ways that create many false hits. This opens up the possibility of discriminatory practices unless a great deal of care is used in applying the information. In view of the fact that there is not specifically identifiable data that can confirm a match, means that a potential hit cannot be fully resolved without confronting the individual for a detailed briefing of their background. This can be very troublesome and may lead to charges of discrimination, profiling, defamation of character, etc. The result is that OFAC may or may not be a useful supplement to a standard criminal check or screening against state credentialing agencies, the OIG List of Excluded Individuals, and Medicaid sanction lists.

Jillian Bower, Vice President of the Compliance Resource Center that provides sanction-screening tools and services, noted that the overwhelming majority of healthcare related entities “do not” screen against the OFAC SDN. She explained that there are some issues and potential complications in using it for employment screening, as result of the fact that for the most part, the list is name-only with multiple aliases per person, and is a mix of individuals and organizations. Dates of birth are usually missing, or multiple possibilities are listed. Address history, if present, only includes city and country. So OFAC checks are name-only, and making a positive identification can be difficult, if not impossible. As such, the Compliance Resource Center (CRC) does not recommend screening OFAC, unless there are special concerns or reasons for doing so, such as operating outside the United States in areas designated by the Department of Treasury for special concern.


Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Report shows management of CMS payment program shows vulnerabilities

While CMS has made some progress towards addressing problems with the Quality Payment Program (QPP), a new report shows vulnerabilities remain regarding technical assistance for clinicians and the potential for fraud and improper payments. The HHS Office of the Inspector General (OIG) report noted that if CMS fails to sufficiently address these issues, clinicians may struggle to success under the QPP or choose not to participate. The report also found that CMS needs to put systems in place to effectively prevent, detect, and address fraud and improper payments.

CMS is implementing core provisions of the Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) (P.L. 114-10) as the QPP, a set of clinician payment reforms designed to put increased focus on the quality and value of care. The QPP is a significant shift in how Medicare calculates payment for clinicians and requires CMS to develop a complex system for measuring, reporting, and scoring the value and quality of care.

Technical assistance

The report shows that if clinicians do not receive sufficient technical assistance, they may struggle to succeed under the QPP or choose not to participate. Clinician feedback collected by CMS demonstrates widespread basic awareness of the QPP, but also indicates uncertainty regarding details of participation such as who must report and how to submit data. CMS contractors have focused largely on general education initiatives, with fewer resources devoted to more customized, practice-specific technical assistance. CMS has established a Service Center to answer questions about the QPP by phone or email. Service Center data indicate that clinicians continue to have questions about both eligibility and scoring criteria, and that small practices, in particular, need information and assistance. Small practices and clinicians in rural or medically underserved areas, who may have fewer administrative resources and less experience with prior CMS quality programs, should be prioritized for assistance. The report stated, “Clinician feedback collected by CMS demonstrates widespread awareness of the QPP, but also uncertainty about eligibility, data submission, and other key elements of the program.”


The report also found that if CMS does not develop and implement a comprehensive QPP program integrity plan, the program will be at greater risk of fraud and improper payments. To ensure that the QPP succeeds, CMS must effectively prevent, detect, and address fraud and improper payments. QPP payment adjustments are intended to reward high-value, high-quality care. Safeguarding the validity of Merit-based Incentive Payment System (MIPS) data and the accuracy of QPP payment adjustments is critical to ensure that these payments are based on clinicians’ actual performance. Appropriate oversight is critical to prevent fraud and improper payment adjustments. CMS needs to clearly designate leadership responsibility for QPP program integrity. CMS also needs to develop a comprehensive program-integrity plan for the GPP to ensure the accuracy of MIPS data submitted by clinicians. CMS said that it “is currently in the early stages of developing an oversight plan to QPP data.”

Personal service care fraud; a growing problem for Medicaid

Medicaid personal care service (PCS) fraud cases made up a “substantial and growing” portion of cases investigated by the Medicaid Fraud Control Units (MCFUs) and greater oversight is recommended by the HHS Office of the Inspector General (OIG). In a report covering the PCS work of MFCUs over fiscal years 2012-2015, the OIG found that these cases comprised over 12 percent of the total investigations and accounted for 34 percent of the convictions (OIG Report, OEI-12-16-00500, December 6, 2017).


Personal care services are those services that support consist daily living activities, including bathing and dressing, meal preparation, and transportation. PCS providers assist the elderly, people with disabilities, and individuals with chronic or temporary health conditions, allowing these persons to remain living in their homes and communities. PCS are typically delivered through either an agency-directed PCS or a self-directed PCS, through which beneficiaries hire and supervise their own provider. PCS are offered either as an optional benefit through a Medicaid State plan or through demonstration projects and waiver programs. States are required to develop their requirement and qualification standards for PCS providers, resulting in widely varying requirements across the country.

Growing percentage

The OIG found that during the three-year review period, PCS fraud cases made up a substantial and increasing number of MFCU cases and outcomes. In FY 2015, such cases made up 12 percent of total investigations and over the review period, they made up 38 percent of indictments, and 34 percent of convictions. Furthermore, during the review period, indictments increased 56 percent and convictions increased 33 percent. Payments to PCS providers represented $13 billion out of $524 billion total Medicaid expenditures during FY 2015.

Recommendations and challenges

MCFUs have recommended that State Medicaid either enroll PCS attendants as Medicaid providers, or include PCS attendants in a provider registry. This would allow for the assignment of unique provider identification number to PCS attendants to include on claims for reimbursement. Some form of enrollment or registration is needed, as the inability to identify individual PCS attendants restricts the ability to identify fraudulent providers. MCFUs have suggested that enrolling PCS attendants in Medicaid would better inform them about Medicaid procedures and requirements.

MCFUs have also recommended the use of background checks for attendants. They found that the current, minimal, background check requirements could put vulnerable beneficiaries at risk. For example, a PCS attendant in Arizona pleaded guilty to theft and financial exploitation of a vulnerable adult, after having stolen checkbooks, cash, credit cards, and personal items belonging to the beneficiaries. The PCS agency checked for felony arrests and found none; the attendant had, however, numerous misdemeanor convictions and had previously lost her nursing assistant license.

The MCFUs have also recommended using additional documentation requirements, such as requiring require PCS attendants to provide detailed or standardized timesheets and to show the start and stop times for the services. The currently minimal PCS documentation means that PCS claims data may not contain the identity of the PCS attendant, the number of hours worked, or the time of day during which the services were provided.

Lastly, the MCFUs recommended that State Medicaid agencies implement a variety of controls regarding oversight of PCS providers and their services. These controls include more frequent in-home supervisory visits, training for PCS attendants and cross-reference attendant and beneficiary location. For a variety of reasons, beneficiaries may be reluctant to report abuses and more frequent in-home visits could curtail fraud.

Funding issues

The units reported that their efforts to protect beneficiaries are hamstrung by their ineligibility to receive Federal funding to investigate and prosecute complaints in nonfacility settings. Such complaints are often referred to other agencies. Those agencies often do not receive the same level of training on patient abuse and neglect that MCFU staff receives and may have severely strained resources.


The report found that the volume and increase of MFCU investigations and prosecutions indicates that PCS remain vulnerable to fraud. The report noted that the recommendations are similar to those made in previous reports and states that it is crucial that federal funding authority be expanded to allow MFCUs to investigate and prosecute cases of patient abuse and neglect in nonfacility settings.

Kusserow on Compliance: GAO expects increase in fraud investigations in 2018

In report entitled “Medicare CMS Fraud Prevention System Uses Claims Analysis to Address Fraud”, the Government Accountability Office (GAO) noted that 65 percent of providers were subject to prepayment review with 654 new Fraud Prevention System (FPS) new investigations in Fiscal Year (FY) 2016. CMS is responsible for conducting program integrity activities intended to reduce fraud, waste, and abuse and they are relying upon the FPS and other CMS information technology (IT) system to meet this responsibility.  More than one out of five fraud investigations have been based on leads generated by Medicare claims data analysis.  Also, FPS edits last year resulted in the denial of 324,000 claims and saved more than $20.4 million. FPS analyzes Medicare claims to identify health care providers with suspect billing patterns for further investigation and to prevent improper payments. The analysis is done using a set of models that develop leads for investigators and execute automated payment edits. Leads are created by looking at billing patterns, such as a disproportionate number of services in a single day from a single provider.  The CMS FPS helped stopping billions of dollars in improper payments. Now 20 percent of the Zone Program Integrity Contractors (ZPIC) fraud investigations began with a FPS lead and this is expected to increase as CMS with the continued roll out of the FPS and changes program integrity contractor requirements for using FPS with the transition from ZPICs to Unified Program Integrity Contractors (UPICs)

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.