Kusserow on Compliance: OIG expanded exclusion authorities go into effect

On February 13, 2017, the HHS Office of Inspector General (OIG) Final rule amending the regulations related to its exclusion authority goes into effect. It incorporates recent statutory changes, early reinstatement provisions, and recent policy changes, and clarifies existing regulatory provisions. It is the most substantial revision to the exclusion regulations in many years and reflects changes made by the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) in 2010 and the Medicare Modernization Act (MMA) in 2003, as well as informal practices that the OIG has now codified in regulations. Most of the changes in the final rule are largely technical in nature; however they significantly expand and solidify the OIG’s authority to exclude providers.

The scope of OIG oversight now will move beyond claims submission based on the ACA’s permissive exclusion authority over an individual or entity that knowingly makes or causes to be made any false statement, omission, or misrepresentation of material fact in any application, agreement, bid, or contract to participate or enroll as a provider of services or supplier under a federal health care program. Under the new rules, the OIG’s authority has been extended to exclude based on the following:

  • conviction relating to obstruction of an investigation or audit;
  • failure to provide payment information by individuals who “order, refer for furnishing, or certify the need for” items or services paid for by Medicare or state health care programs;
  • those who refer patients or certify the need for items or services, even if they do not provide the items or services; and
  • making false statements or misrepresenting material facts in applications to participate as a provider or supplier under a federal health care program.

The OIG also will now consider materials obtained from various entities, including CMS, state Medicaid agencies, fiscal agents or contractors, private insurance companies, state or local licensing or certification authorities, and law enforcement. This information may be considered in determining the length of exclusion.  Also, a number of technical changes were made regarding key terms, such as replacing the language “who submit claims to” with “who request or receive payment from” in the definitions of “directly” and “indirectly,” thereby clarifying the scope of individuals and entities subject to oversight by the OIG.

The OIG may impose exclusion up to a 10-year period from the time the conduct occurred. It may consider a request for a waiver from a federal health care program administrator, as opposed to only waivers submitted by state health care program administrators. It also makes several changes to the aggravating and mitigating factors that the agency considers in determining whether to increase the length of exclusion above the minimum required. Mitigating factors are only considered if OIG has established one or more aggravating factors. Other changes include:

  • updating the dollar amounts for aggravating and mitigating factors that consider the financial loss to federal health care programs as a result of the misconduct from $15,000 to $50,000;
  • reworking the existing aggravating factors regarding other offenses to include considering adverse actions based on offenses separate from those forming the basis of the exclusion and adverse actions based on the same offenses; and
  • removing the mitigating factor related to availability of alternative sources of the type of health care items or services furnished by the person.

Kusserow on Compliance: Self-disclosures to the OIG continue to result in settlements

The HHS Office of Inspector General (OIG) announced an update on self-disclosures reporting that settlements from that process have exceeded $500 million since the inception of the program in 1998. Health care providers, suppliers, or other individuals or entities subject to Civil Monetary Penalties are encouraged to use the OIG Provider Self-Disclosure Protocol, to voluntarily disclose self-discovered evidence of potential fraud. It gives providers the opportunity to avoid the costs and disruptions associated with a government-directed investigation and civil or administrative litigation.

Settlements are posted on the OIG Website that show amounts through this process most often range between a quarter and a half million dollars, with many under $100,000. However there are some significantly larger settlements in the millions of dollars. By far the large settlement came last year with Kroger Co., who agreed to pay $21,523,047 for (1) employment of 14 excluded individuals; and (2) filling prescriptions written by 84 excluded prescribers. It is also a reminder that the most common self disclosure involves parties on the OIG List of Excluded Individuals and Entities (LEIE). The lesson to be learned from this is to ensure ongoing screening of employees, health care professionals, contractors and vendors, as called for by the OIG. However, many times organizations that do screen frequently are not sufficiently trained to identify and confirm those that may appear on the LEIE. Sometimes this is as the result of slightly different spelling of names, transposition of first and surnames, etc. As such, it pays to train people in resolving potential hits, or use a service that will do it for you.

Guidance on the Provider Self-Disclosure Protocol can be found on the OIG website. The “principal purpose” of this program is making available “guidance to health care providers that decide voluntarily to disclose irregularities in their dealings with federal health care programs.” They accept on submissions relevant to the False Claims Act, the anti-kickback statute, and claims pertaining to excluded individuals. The OIG places emphasis on organizations to undergo a full internal investigation before disclosure submission and providing detailed findings to the OIG. Self-disclosure may be submitted online or by written submissions by mail to the OIG.

Disclosure Benefits

  1. No Corporate Integrity Agreement (CIA)
  2. Lower multiplier (1.5 times single damages)
  3. CMS suspending “the obligation to report overpayments” for those self disclosed
  4. Reduced the time a case is pending to less than 12 months.

The OIG leaves it to the provider to ensure the conduct in violation of federal criminal, civil, or administrative laws ended at the time of disclosure, or that corrective action is undertaken within 90 days of submission to the protocol. They must conduct a review to estimate the improper amount received from a federal healthcare program when reporting a submission of improper claims to the protocol. Damage estimation must be either a review of claims submitted or a random sample of affected claims (the random sample must be accompanied by a copy of the sampling plan). This is a critical step and must be done correctly by experts.

Meet Before Self Disclosing

  • Ensure reportable has ended before disclosure.
  • Corrective actions taken to correct underlying problem and prevent future non-compliance.
  • Waiver of any statute of limitations defenses pertaining to OIG administrative actions.
  • “Must acknowledge that the conduct is a potential violation” and “explicitly identify the laws that were potentially violated.”

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2016 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG continues distancing itself from the GSA debarment list

The HHS Office of Inspector General (OIG) has never called for all health care organizations to screen against the General Services Administration (GSA) System for Award Management (SAM). In the past, the OIG has noted in its various compliance guidance documents that the GSA maintains a federal debarment list and cited it as an additional resource available to health care organizations. The fact that SAM was mentioned by the OIG often leads organizations to believe that they must screen against both the OIG’s List of Excluded Individuals and Entities (LEIE) and SAM.

Yet, for the last several years, the OIG has distanced themselves from the recommendation to health care organizations to screen SAM. In the OIG’s 2013 “Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs” the agency addressed questions regarding its position on screening against SAM and contrasted the LEIE and SAM. The OIG made it clear that it would take action only on parties found on the LEIE and that they had no interest or authority to address confirmed hits on the GSA SAM. It also noted that in January 2011, CMS issued final guidance mandating states to screen all enrolled providers monthly against both the LEIE and SAM, but that was CMS’ position, not the OIG’s position.

This means CMS is the only federal government agency calling for health care providers and plans to screen SAM. The CMS Medicare Enrollment Application for Institutional Providers requires applicant hospitals to have a compliance plan that states that the hospital checks all managing employees against the exclusion/debarment lists of both the OIG LEIE and the GSA SAM. For health plans, the regulation states that they cannot contract with any individuals or entities that are debarred by GSA as a condition to maintaining active enrollment status. CMS also requires managed care plans to screen prior to the hiring or contracting of any new employee, temporary employee, volunteer, consultant, governing body member, or First Tier, Downstream or Related Entity (FDR), and on a monthly basis thereafter. It is worthwhile to remember that CMS has not established any enforcement mechanism to deal with providers who have relationships with parties on the SAM debarment list.

As such, distance is growing between OIG and CMS regarding screening against SAM, which has never been user-friendly for health care organizations and yields numerous false matches that then take time and effort in resolve and verify. SAM records simply have very limited identifying information on individuals and entities. GSA designed their system to be used by federal government agencies for procurement purposes, and not for any other purpose or for use by non-federal organizations.

The latest policy statement by the OIG was announced at the recent Health Care Compliance Association (HCCA) Compliance Institute. An OIG Deputy Branch Chief noted that the OIG will soon no longer include screening the SAM as part of compliance integrity agreement (CIA) requirements. The OIG must recognize the added burden on organizations to resolve false hits to SAM. However, the agency made it clear that screening against the LEIE is mandatory, whether or not an entity is under a CIA. So, providers and plans are still confronted with CMS’ position on the subject and continue to struggle with all the problems presented by the user unfriendly SAM system.

Jillian Bower, a compliance screening expert stated that “any provider with a large work force, or that engages many contractors or vendors, finds manual screening too costly, especially when multiple federal and state exclusion lists must be included. Most organizations turn to using a vendor that offers a sanction screening application that can greatly facilitate the process by enabling providers to conduct batch screenings of a large number of names simultaneously against multiple federal and state exclusion lists. However, there remains the problem of resolving potential matches and for many the answer is to simply outsource the entire process to a vendor who will conduct sanction screening against all identified exclusion lists, as well as resolving potential matches.”

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2016 Strategic Management Services, LLC. Published with permission.


Kusserow on Compliance: More on the new OIG guidance on exclusions

The HHS Office of Inspector General (OIG) has authority under the Social Security Act to exclude any individual or entity from participation in the federal health care programs for engaging in prohibited conduct. Those programs may not pay for any items or services furnished, ordered, or prescribed by an excluded party. Going back to 1997, the OIG published a policy statement with non-binding criteria to be used by the OIG in assessing whether to impose exclusion under its authorities and has used this in evaluating whether to impose exclusion ever since. This policy has also been used as an OIG authority in the creation of Corporate Integrity Agreements (CIAs), or the use of some other approach to mitigate risks of future misconduct with OIG oversight. The OIG has now published a revised superseding policy.

The OIG position in favor of sanctions is rooted in the idea that some period of exclusion should be imposed against a person who has defrauded Medicare or any other federal health care program. The new OIG guidance document sets forth circumstances in which this presumption may be rebutted and the non-binding factors that the OIG will use to make such a determination, as well as describing how they will evaluate risk to the federal health care programs in using its other available remedies. The OIG outlined a “risk spectrum” range of options when settling a civil or administrative health care fraud case that includes the following remedies: (1) exclusion; (2) heightened scrutiny (e.g., implement unilateral monitoring); (3) integrity obligations; (4) take no further action; or (5) in the case of a good faith and cooperative self-disclosure, release exclusion with no integrity obligations.

The OIG often concludes that exclusion is not necessary if there is agreement to appropriate integrity obligations, in exchange for a release of exclusion, such as with a CIA. The CIAs are designed to strengthen and promote an entities’ compliance program so that future issues can be prevented or identified, reported, and corrected. Integrity obligations also enhance the OIG’s oversight of the entity. Failure to agree to terms of a CIA may result in pursuing exclusion or the exercise of other administrative actions, as deemed appropriate to “unilaterally monitor” compliance with federal health care programs. If the OIG determines a party presents a relatively low risk to federal health care programs, neither exclusion nor integrity obligations will be deemed necessary. These situations include the absence of egregious conduct, such as patient harm or intentional fraud, relatively low financial harm, and where a successor owner, after the misconduct, is resolving the matter.

There are two limited circumstances in which OIG will usually give a person a release of exclusion without requiring integrity obligations: (1) when the person self- discloses the fraudulent conduct, cooperatively and in good faith, to the OIG; or (2) when the person agrees to robust integrity obligations with a state or the Department of Justice (DOJ) and OIG determines these obligations are sufficient to protect the federal health care programs.

It is worthwhile to review the revised exclusion policy statement and evaluate how your compliance programs, self-disclosure protocols, and other practices measure against the standards described by the OIG.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2016 Strategic Management Services, LLC. Published with permission.