Kusserow on Compliance: Tips for determining sanction-screening costs

The majority of HHS Office of Inspector General (OIG) compliance guidance documents are advisory, not mandatory, however there are exceptions. One such exemption is sanction-screening. The OIG makes it clear that it is an obligation to screen employees, physicians, vendors, contractors against the List of Excluded Individuals and Entities (LEIE) and failing to do so could result in all claims and costs associated with that excluded party being viewed as false and fraudulent, which, in turn, could result in significant financial penalties.

This obligation began during my watch as the Inspector General when the OIG developed what is now referred to as the LEIE. CMS requires proper screening as well as enrollment as a condition of payment, mandates that states develop their own sanction databases, and requires enrolled providers to screen against these databases on a monthly basis. Thirty-six states have already moved to establish their own Medicaid sanction list with many now mandating monthly screening against it, as well as the LEIE. All this has increased the burden on compliance officers greatly. It also leads to a lot of questions about best practices. No matter how the compliance officers meet this obligation, proper analysis of the process should be executed. The following are some question and thoughts to consider.

Analytical steps to evaluating sanction-screening

  • Identify those who have personal responsibility for controlling the entire process.
  • List all federal databases that are used to screen (e.g. LEIE, FDA, Excluded Parties List System (EPLS), Drug Enforcement Administration (DEA), etc.).
  • Note the number of state Medicaid databases against which there must be sanction-screening.
  • Determine the proper frequency of screening (e.g. monthly, quarterly, annually, at the time of engagement).
  • Note all of the functions involved in screening efforts (e.g. procurement, compliance office, HRM, medical credentialing).
  • Assess the level of time and effort supporting the sanction-screening program by each function.
  • Compile the time and effort contributed by those involved in the process, including resolving potential “hits.”
  • Identify how sanction-screening reports and documents are maintained.
  • Identity those who sign off on sanction-screening report results.
  • Ensure policies are in place that provide guidance on the entire process.
  • Review how and how long “potential hits” are resolved and by whom.

After conducting the evaluation of the process as it now exists, consideration may be given to alternative and more economical means to accomplish the same or better ends by employing a vendor. There are generally two types of services: (1) paying to use a vendor tool to conduct sanction-screening across multiple databases; and (2) outsourcing the entire process to a vendor.

Today, thousands of health care providers rely on vendor search engine tools to carry out sanction screening in-house. It saves them from developing their own search engine, as well as maintaining and collecting sanction data monthly. If using a vendor tool, the cost should be a fixed rate that can be budgeted; and not one that charges upon a “per click” basis which may prove to be very expensive. Using a vendor tool is only a small part of the sanction-screening burden. The bulk of the screening effort remains for the organization to handle and that effort includes conducting the actual screening, resolving potential “hits,” and preparing a report for the record to evidence it was all done correctly. The alternative may be to “outsource” the entire process to a vendor who will:

  • keep all sanctioned data up to date;
  • continue servicing and improving the search engine technology and capabilities;
  • perform the screening as often as needed (preferably monthly);
  • use its own professionally trained staff to resolve potential hits; and
  • provide a certified report for the record.

The cost to using a vendor tool should be less than what it is costing the organization to do the same work without it. The same hold true for fully outsourcing the sanction screening process; it should be less than what organizations may already be paying to simply access a vendor’s search engine tools. As such, deciding upon a vendor should be a “shopping expedition” to compare services and costs.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2015 Strategic Management Services, LLC. Published with permission.


The doctor will see you on screen, after math class

Texas is making access to health care much more convenient for the parents of children enrolled in the state’s Medicaid program. Through new legislation effective September 1, 2015, providers will be able to bill the program for telemedicine appointments after “seeing” the patients over video chats during school hours, with the help of the school nurse. If a diagnosis is made, parents will be able to pick up a prescription later that day.


State Representative Jodie Laubenberg (R-89) authored the legislation in an effort to increase access to health care while limiting work and school disruptions for parents and students. Laubenberg pointed to programs like the one organized by Children’s Health(SM), which provides 27 grade schools in the Dallas-Fort Worth area with electronic access to a doctor and two nurse practitioners. A local school nurse (who may or may not have a nursing degree) examines the child, and then schedules an appointment with Children’s if a problem is observed. Due to the success of the program, Children’s will deploy to an additional 30 schools. This program was limited to five years of funding through a Medicaid 1115 waiver, so the new law is vital to continuing to provide this type of access. The Texas program follows similar laws in Georgia and New Mexico.

Although some point out that the vast majority of things seen in a pediatric clinic, like sports injuries, strep throat, and mental illnesses, can be handled via telemedicine, others have raised concerns about these programs. Even those who find health intervention in school “effective” are concerned about equity and access for children who get sick in school but are not enrolled in Medicaid. Others pointed out that these busy doctors may not have a full picture of the child’s health, and children cannot be expected to understand risks and report allergies and medical histories appropriately.


The Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) incorporates telemedicine in several sections, paving the way for the increased use of this method of providing care. For example, section 3021 of the ACA created the Center for Medicare and Medicaid Innovation (CMMI) in an effort to test new payment models, including ways of using telehealth services to treat behavioral health issues (see Are we there yet? Telehealth, telemedicine, and the ACA, Health Reform WK-EDGE, April 22, 2015). As states embrace new ways of delivering care and explore payment strategies, the ACA can serve as a guide for reform.

A device for devices: Developing a national medical device surveillance system

A nationwide medical device surveillance system would be most effective if developed from existing health information systems, data registries, and health records, according to the recommendations of the Medical Device Registries Task Force (MDRTF), in a August 24, 2015 report. The MDRTF was tasked with identifying objectives, operations and architecture for such a national medical device surveillance system. The MDRTF report, which contains the task force’s recommendations for that national system, acknowledged that the task force did not recommend a de novo system, but instead, one that takes advantage of extant data systems to develop a nationwide network. The MDRTF report explained the importance using alongside existing systems and infrastructure to reach a public domain with an important data store of medical device information.


An article published in the Journal of the American Medical Association (JAMA), addressed the MDRTF’s recommendations and outlined the specific goals of the hypothetical network:

  • provide continuously updated benefit/risk and safety data on priority medical devices;
  • provide customized analyses supporting both regulatory and other key stakeholder decisions;
  • integrate broad electronic patient access infrastructure with implementation of standardized data elements and dictionaries, moving currently heterogeneous data into more structured domains reflecting the multidimensional aspects of device use, procedures, patients, and outcomes in clinical practice;
  • actively engage stakeholders to transform the medical device landscape from one of fragmentation, redundancy, and distrust to one of goodwill, inclusiveness, efficiency, continuity, and partnering;
  • pursue stepwise system development, sharing of lessons learned, and solutions use/reuse across device areas;
  • pursue sustainability through a progressive demonstration of value across stakeholders;
  • leverage international efforts; and
  • promote a portfolio of pilot programs capable of creating momentum toward this vision.


According to the JAMA article, current systems, including electronic health records (EHRs) and data sources, are inadequate from a medical device registry standpoint because they “do not contain all the elements necessary for device evaluations, including device and procedural details, patient descriptors, or long-term outcomes.” The MDRTF recommended that the ideal network would get around such limitations through interoperability—linking several registries in order to achieve a more comprehensive data collection than one single source would allow. The MDRTF called this hypothetical interoperable network a “coordinated registries network” (CRN). A series of CRNs would then serve as “the foundational architectural construct for the national system.” The five priority principles for CRN functionality that the MDRTF recommended include: “(1) the ability to uniquely identify medical devices; (2) implementation of standardized clinical vocabularies and dictionaries; (3) reusable interoperability solutions linking diverse, strategically complementary data sources; (4) partnered, inclusive governance; and (5) value-based, incentivized sustainability.”

Benefits and Challenges

If a functional CRN or system of CRNs were developed, the benefits for patient safety and device development could be significant. Such a system could provide faster and more comprehensive post market information about device risks and benefits over the total product life cycle of medical devices. CRNs could facilitate better access to device information including information about the device itself, operator and user experience, procedure, and patient profiles. A national network could be used to profile medical devices based upon specific characteristics, in order to identify devices with higher risks. Some important device characteristics that could lead to such profiling include:

  • serious public health consequences of device failure;
  • new technology with safety and effectiveness concerns that are not well understood;
  • devices with significant design variations; and
  • devices with costs that are higher than current therapy costs.

However, the MDRTF acknowledged that an interoperable data system like a CRN also presents challenges in the form of privacy and ethical dilemmas. The MDRTF recommended that CRNs address privacy and ethics problems by engaging patients in a way that allows for patient control of personal health data.

Impact of CRNs

The report explained that CRNs “are well-positioned to inform premarket study designs and post market performance, and hence positively impact the total product lifecycle for related devices.” The proposed network would benefit from the wealth of information held in a variety of different data stores to allow for a more comprehensive and more helpful surveillance system. The JAMA article acknowledges that although the coordination effort necessary to make CRNs possible would be complex—due to the intricacy of data sharing and standardization—the article also suggests that “doing so could allow more effective, low-cost, real-time, rich safety and research opportunities.”

Providers still have time to prepare for ICD-10, say experts

There is still time to prepare for International Classification of Diseases, Tenth Revision (ICD-10) before the October 1, 2015 implementation date, presenters emphasized during the MLN Connects National Provider Call, “Countdown to ICD-10.” In advance of the implementation, just over a month away, presenters discussed coding and documentation requirements, billing and reporting guidelines, and testing results.


CMS adopted ICD-10-CM (Clinical Modification) for diagnosis coding and ICD-10-PCS (Procedure Coding) for hospital inpatient procedure coding to replace ICD-9. CMS initially set an implementation date of October 1, 2013 (see Final rule, 74 FR 3328, January 16, 2009) but later extended it to October 1, 2014. Pursuant to section 212 of the Protection Access to Medicare Act (P.L. 113-93), CMS established October 1, 2015, as the final implementation date for ICD-10 (see Final rule, 79 FR 45128, August 4, 2014).

ICD-10 preparation

The ICD-10 Quick Start Guide outlines five steps for providers to prepare for ICD-10: (1) make a plan by assigning target dates for completing each step; (2) train staff on the fundamentals of ICD-10 and identify the top ICD-9 codes that the provider uses; (3) update processes, including updates of hard copy and electronic forms; (4) talk to vendors and health plans to confirm their readiness for ICD-10; and (5) test systems and processes to verify ICD-10 readiness.

Stacey Shagena, a technical advisor for CMS, described CMS’s four-pronged approach to testing for ICD-10 and noted that the national acceptance rate for acknowledgment testing ranged from 76 percent in November 2014 to a high of 91.8 percent in March 2015. No system errors were found in the July 2015 end-to-end testing, and according to CMS, “testing demonstrated that CMS systems are ready to accept ICD-10 claims.”


Sue Bowman, senior director, Coding Policy and Compliance, for the American Health Information Management Association, noted that the determination of which code set to use depends on the date of service, not the billing date. Claims for dates of service on or after October 1, 2015, must be coded in ICD-10, while claims for dates of service before October 1, 2015, must be coded in ICD-9. The date of service for inpatient facility reporting is the date of discharge. The claim submission date is irrelevant in the determination of which code set to use. MLN Matters SE1408 describes how to handle claims that span October 1.

The increased specificity of ICD-10 codes requires more detailed clinical documentation, according to Nelly Leon-Chisen, Director, Coding and Classification, for the American Hospital Association. She advised providers to assess their current documentation practices and resolve documentation gaps.

Transition flexibility

CMS is, however, offering some flexibility to physicians and other practitioners paid under the physician fee schedule who are transitioning to ICD-10. For 12 months after the ICD-10 implementation, if a valid ICD-10 code from the right family (i.e., the ICD-10 three-character category) is submitted, Medicare will process the code and will not audit based on specificity. In addition, for quality reporting completed for program year 2015, physicians and other eligible professionals (EPs) will not be subject to the Physician Quality Reporting System, value-based modifier, or meaningful use penalties during primary source verification or auditing related to additional specificity of the ICD-10 code as long as the physician/EP used a code from the correct family of codes. An EP will also not be subject to a penalty if CMS has difficulty calculating quality scores due to the transition.


Acting CMS Administrator Andy Slavitt announced that CMS is setting up and staffing an ICD-10 resource center, which will be operational in September, and named Dr. William Rogers as the ICD-10 ombudsman. The ombudsman, whose email address is icd10_ombudsman@cms.hhs.gov, will be a “one-stop shop” for providers, said Slavitt.

The fiscal year 2016 ICD-10 code set is available from the Centers for Disease Control and Protection.