You are here: Home / Archives for Office of Inspector General

Kusserow’s Corner: Medicaid Sanction Screening

May 20, 2013 by Leave a Comment

“To obtain/maintain active enrollment status, providers may not employ or contract with individuals/entities excluded from participation in any federal health care program or debarred by the GSA from any other executive branch program or activity”.[1]

What all this means is that Medicare and Medicaid payments are prohibited for all items and services furnished by excluded persons and entities.  From CMS’ perspective, sanctions and exclusions do not only play a role in terms of payment, but also enrollment. In order for providers to enroll or maintain active enrollment status, they may not employ or contract with individuals/entities excluded from participation in any federal health care program or debarred by the Government Services Administration (GSA).  

When State Medicaid agencies take final actions against providers that affect their participation in the Medicaid program, they are supposed to promptly report those providers to Office of Inspector General (OIG).  The OIG then determines whether to exclude the provider based on federal criteria for exclusion and include the individual/entity on the OIG List of Excluded Individuals and Entities (LEIE).

It is a mistake to assume that all individuals excluded by States are also listed on the LEIE.  In fact, the LEIE cannot be relied upon to include Medicaid exclusions.  The OIG found in its own review of state reporting that many states were not sending their sanction information to the OIG.  It noted that two-thirds of providers with final actions imposed by state agencies were not included on the LEIE. The majority of states even had a match rate less than twenty-five percent.   Most states indicated that this is due to uncertainty among states about when they should notify the OIG of such final actions and what kind of information to provide. I believe this is just an excuse. 

Meanwhile, CMS has been taking action on ensuring providers and programs are screening for Medicaid exclusions.  Beginning in 2008, it has been sending letters to the State Medicaid Directors to give them guidance and inform them of CMS’ interpretation of the regulations as they relate to sanctioned and excluded individuals/entities.  First, CMS called for State Medicaid Directors to mandate checking their enrolled providers for exclusions on a monthly basis.  This was followed by another letter wherein CMS stated that states should remind providers of their obligation to screen all their employees and contractors against the OIG LEIE monthly.   It also stated that states should advise providers upon enrollment and re-enrollment of their obligation to screen all employees and contractors against the OIG LEIE monthly, and explicitly require providers to agree to comply with this obligation as a condition of enrollment.  While this letter is directed to State Medicaid Directors, it points to the direction CMS is taking: namely an obligation for providers to screen.  Furthermore, these letters formalize CMS’ position on the frequency (monthly) with which both the State Medicaid agency itself as well as providers should conduct screening.

At this urging by CMS, states are moving to develop and maintain their own Medicaid exclusion lists, followed by mandates for providers to screen against them on a monthly basis.  This movement has been slow and steady.  However, in response to this call, nearly half of the states have moved to develop their own statutes and regulations on sanctions for and exclusions of providers.  It is reasonable to assume that this trend will continue and that eventually all states will be doing this. A growing number of states have developed their own sanction and exclusion lists. In addition to the development of state Medicaid exclusion lists, more and more states are also following the CMS guidance that calls for monthly screening of the database. Most of those that have gone this route have published those lists on their websites, but not all.  As such, it may be necessary to contact the state Medicaid agency or health department directly in order to access the necessary information. The following are states have developed their own Medicaid sanction lists with many others having this under development:

Alabama, Arkansas, California, Connecticut, Florida, Hawaii, Idaho, Illinois, Kentucky, Maine, Maryland, Michigan, Mississippi, Nebraska, Nevada, New Jersey, New York, South Carolina, Texas, and West Virginia.

The following are suggestions and best practices for providers when it comes to meeting sanction screening obligations:

  1. It is mandatory to screen against the LEIE; therefore screen in advance of hiring or engaging any individual or entity, as well as granting staff privilege to physicians.  Thereafter it is advisable to screen all affected parties at least annually, but if possible, monthly.
  2. Check with the state jurisdictions where a provider does business for any Medicaid sanction screening mandates.  Note that states are moving to follow CMS guidance for monthly screening.
  3. If the state requires monthly screening, then it is advisable to consider screening against the LEIE as often. 
  4. The OIG notes the GSA debarment List, formerly called the Excluded Parties List System (EPLS), now System for Awards Management (SAM), is a resource that is available, but does not call for screening against it.  This was restated in its Special Advisory Opinion of May 8, 2013, wherein it also stated that it has no interest in and will take no action on any “hit” on the GSA debarment list.  However, CMS more directly says this should be done.  I strongly recommend screening against the GSA at the time of engagement of a vendor, contractor, physician, or employee and thereafter as infrequently as possible. In my opinion screening more often is unnecessary and a waste of time and resources.

[1] (42 CFR 424.516)

Richard P. Kusserow served 11 years as the DHHS Inspector General and currently is CEO of the Compliance Resource Center (CRC), including Sanction Screening Services (S³), which provides sanction screening tools and also provides full outsourcing of sanction screening. For more information, he can be contacted at rkusserow@strategicm.co.

Copyright © 2013 Strategic Management Services, LLC.  Published with permission.

Filed Under: Centers for Medicare and Medicaid, Health Care Compliance, HHS, News, Office of Inspector General

CIAs: What Health Care Providers Can and Should Learn About Them

May 17, 2013 by Leave a Comment

A corporate integrity agreement (CIA) can provide valuable information to health care providers on the elements of an effective compliance program. A CIA is part of a civil settlement between the Department of Health and Human Services (HHS),  the Department of Justice (DOJ) and a health care entity that outlines commitments the health care entity agrees to in exchange for not being excluded from participation in federal health care programs. By reviewing a CIA, providers can learn what the Office of Inspector General (OIG) and the DOJ think an effective compliance program should have in place to address particular  issues, as Alice Martin, Esq., Martin Compliance Consulting  (MC2) explained at a Health Care Compliance Association (HCCA) webinar on April 8, 2013. According to Martin, no healthcare entity is immune from the possibility of  a CIA, including medical device companies, ambulance suppliers, physicians and physician groups, pharmaceutical companies, hospitals, and others.

What to Look for in the CIA

Health care providers must be proactive in identifying problem areas, Martin said. Reviewing CIAs to determine how OIG and DOJ are analyzing problem areas and who is held accountable within organizations can help health care providers be more proactive in areas of concern. Health care providers should note how OIG and DOJ will track performance and accountability, including but not limited to entity reporting and independent review organizations (IROs) oversight activities. In addition, they should look at the elements of the compliance program that the OIG and DOJ require the entity to establish. In addition to providing valuable information for improving the organization’s compliance program, the CIA includes specific elements of a compliance program that address identified issues such as physician contracts, quality of care, improper referrals, inadequate documentation, and improper billing and coding. One area included in more recent CIAs is Board of Directors participation and training, including individual director certification that the entity is complying with the terms of the CIA. Martin said that compliance officers should stress the importance of  directors’ participation  in and support of the compliance program, noting that they could be held accountable under the Responsible Corporate Officer Doctrine. Quality of care  is another more recent area being addressed in CIAs by the OIG and DOJ. In addition to requirements found in other CIAs, quality of care CIAs have quality-related elements, including the creation of a quality assurance compliance committee, a Board-level quality assurance monitoring committee, an internal audit program for quality, special tracking of temporary staff, and special reporting to the OIG/Monitor.

Mitigating Factors

Typical enforcement actions come under the False Claims Act (FCA) and can be brought either as a civil or criminal FCA, the Anti-kickback Statute, and False Statement, which is a federal crime. An effective compliance program, however, can help mitigate the effects of an enforcement action taken by the DOJ and move a false claim to a simple overpayment, Martin said. Martin recommended that health care providers have arrangement databases with a robust system to track physician contracts and leases of space and equipment that would help prevent anti-kickback and Stark violations. In addition, she recommended strong internal controls, including monitoring and data analytics to identify patterns of billing errors and prevent unintentional improper payments.

Advice for Negotiating and Implementing a CIA

Organizations that have been under CIAs have had issues dealing with implementation, Martin noted. For example, organizations had difficulty identifying who should be considered a “covered person.” Martin included contractors, subcontractors and vendors as covered persons. Another area of concern for such organizations was implementing policies and procedures and meeting training and education requirements. Martin suggested that if an organization will be entering into a CIA, it should include the important organizational players in its development, including lawyers, the chief financial officer, chief executive officer, and the compliance officer. According to Martin, an organization should also consider hiring a subject matter expert to develop terms and requirements and developing a folder on potential IROs to ensure that the organization hires an IRO that has experience in the subject matter area as well as experience with regulators. The organization should also check references before the IRO is hired. Even though the entity hires the IRO, the IRO is really a government agent, Martin stressed.

 Settlement May Not Be the Final Action

Health care providers may begin to see the light at the end of the tunnel once the settlement agreement and the CIA have been entered into by the parties; but that may not be the end. SouthernCare, Inc. (SouthernCare), a hospice provider, entered into a settlement with the DOJ and HHS to resolve allegations of violations of the FCA related to improperly applying eligibility requirements for the hospice benefit. The settlement  resulted in a $24.7 million settlement  and a five-year CIA. Bill Priest, Chief Compliance Officer and Rebekah Plowman, Partner, Jones Day, told SouthernCare’s story to attendees at HCCA’s Compliance Institute on April 23, 2013.  From the outset of the CIA term, SouthernCare, Inc. replaced its compliance program with one that was more aggressive, expedited training and implementation of reporting requirements, and it began to see improvements in IRO mandated annual eligibility reviews. As things improved in years three through four of the CIA, three qui tam suits were unsealed, all dealing with the same covered conduct that was the settlement and CIA. The government declined to intervene but the lawsuits were not dismissed. Plowman explained the Patient Protection and Affordable Care Act (PPACA) (P.L. 111-148) amended the public disclosure bar provisions of the FCA to limit much of the authority for courts to dismiss actions based on prior disclosure of the covered conduct. Now it is sufficient to have knowledge that is independent of, and materially adds to, the publicly disclosed allegations. The presenters noted that health care providers can protect themselves by aggressively and consistently complying with CIA provisions and applicable regulations; vigilant auditing and monitoring of claims and patient charts, hotline calls/complaints, and employee actions; taking appropriate action in a timely manner; open communication with the OIG and DOJ; and good counsel.

Filed Under: Anti-Kickback, Department of Justice, Fraud & Abuse, Health Care Compliance, Office of Inspector General

Kusserow’s Corner: A Dozen Reasons to Not Like the GSA Debarment List

May 16, 2013 by Leave a Comment

I don’t like the General Services Administration (GSA) debarment list.  It provides mostly useless information with very little return on time and effort.  In my opinion, health care entities screening against it is a waste of tens of millions of health care dollars that could be better spent on providing patient care.  My reasons are as follows:

  1. The GSA debarment list was never intended to be used by health care providers and plans. The Excluded Parties List System (EPLS) is now part of the System for Award Management (SAM) and is designed solely for use by Federal government agencies’ procurement process.  Just go to their website and see that.  With rare exceptions, health care providers and plans are not Federal agencies or part of any Federal procurement process. The GSA debarment list is designed to prevent Federal government agencies from soliciting offers from, and awarding contracts, grants, or financial or non-financial assistance and benefits to those on the list.  
  2. GSA sanction screening has never been user friendly. It also generates many “false hits” that result in considerable work to make determinations as to whether the entity in question is identifiable to the one on which the hospital is checking.
  3. The GSA does not offer any useful assistance in trying to verify a potential “hit.” Unlike the OIG LEIE that has verification tools available to assist with possible hits, the EPLS often lacks solid identifiable information to permit easy verification that the party listed.  This problem is further complicated by the large number of entities with similar sounding names.
  4. The GSA is complicating an already difficult sanction screening process. The new operational bugs that recently surfaced with the GSA SAM database included some security breaches for users, along with data discrepancies.  These new problems resulted from GSA consolidating a number of federal procurement processes related to government contracting. Its new system consolidates several databases into one online system. They include the Central Contractor Registration/Federal Agency Registration (CCR/FedReg), Online Representations and Certifications Application (ORCA), and the EPLS.  Future phases of SAM will include additional databases for use during government procurement processes.
  5. There is no provision or guidance for health care providers or plans to consider administrative debarments discretionary. The GSA lists two types of debarments:  mandatory and administrative.  Federal agencies have the discretion of contracting with those on administrative debarment.  There is no guidance by CMS or any other federal agency as to whether that discretion applies to health care entities.
  6. The overwhelming majority of entities on the EPLS are not relevant to health care entities. It makes some sense to conduct sanction screening of health care-related contractors or vendors, but most hospitals have thousands of other types of entities providing everything imaginable for running any business, such as printing paper, toilet paper, computer supplies, delivery services, ground keeping services, trash hauling contractors, accounting and legal services, and on and on.  All one has to do is to look at the accounts payable and see that the list can be neverending.  Yet, there is no guidance as to where to draw the line for sanction screening. 
  7. There are no specific CMS regulations requiring providers to screen against the GSA debarment list. However, the Medicare Enrollment Application for Institutional Providers requires applicant hospitals to have a compliance plan that states that the hospital checks all managing employees against the exclusion/debarment lists of both the OIG and the GSA. Also, under 42 CFR § 424.516(a)(3)(ii), providers may not contract with any individuals or entities that are debarred by the GSA as a condition to maintaining active enrollment status.  CMS also requires managed care plans to screen against the GSA EPLS prior to the hiring or contracting of any new employee, temporary employee, volunteer, consultant, governing body member, or First Tier, Downstream or Related Entity (FDR), and on a monthly basis thereafter. Additionally, debarred providers who apply for Medicare shall be denied and debarred providers enrolled with Medicare shall have their Medicare billing privileges revoked. 
  8. Sanction screening against the GSA database is not very cost effective.  Although “hits” as result of sanction screening against the EPLS are not uncommon, legitimate one are very uncommonWhat this means is that the effort level is high for screening against the GSA data; and the return on effort is very low.
  9. Screening individuals and entities who are unrelated to health care delivery of services and products does not make much sense. It particularly makes little sense to run IBM, Staples, a courier service, computer repair services, etc. through the EPLS.
  10. The cost versus benefit equation of sanction screening against the EPLS is poor. It particularly makes little sense to run entities such as IBM, Staples, courier services, computer repair services, etc. through the EPLS.
  11. The OIG has added its LEIE data to the SAM, creating a redundancy.  As such, the only likely confirmed hits on the GSA database would those parties that were already listed on the LEIE, and the LEIE is the primary source.  Once again the relative value of sanction screening against GSA data is limited.  There are lag times from when an OIG sanction appears on the SAM and when it is removed.  What this means is that it is possible that an exclusion may have been rescinded by the OIG, but GSA may still carry it on their debarment list.  This lag time can be considerable.
  12. Unlike screening against the LEIE, the OIG only suggests the GSA data as a useful resource.  It does not see failure to screen as creating a liability or potential fraud.   CMS is alone in believing a health care organization should terminate a contract with the debarred party, regardless of the vagueness of what that party might be or the nature of the debarments. 
  13. It is not clear how an entity would deal with a finding of a debarred party. It is neither an OIG nor DOJ issue and they would not be involved.  I would question the legal basis or reasonableness for cancelling valid contract just because CMS thinks it is should be done.

In a future blog article, I will offer some suggestions to mitigate the GSA sanction screening burdens.

Richard P. Kusserow served 11 years as the DHHS Inspector General and currently is CEO of the Compliance Resource Center (CRC), including Sanction Screening Services (S³), which provides sanction screening tools and also provides full outsourcing of sanction screening. For more information, he can be contacted at rkusserow@strategicm.co.

Copyright © 2013 Strategic Management Services, LLC.  Published with permission.

Filed Under: Contributor's Corner, Health Care Compliance, Office of Inspector General, Wolters Kluwer Law & Business
«Older Posts