Kusserow’s Corner: Overview Relating to Mandates for GSA Sanction Screening

I have frequently updated on the question of sanction screening in this blog. Questions continue to arise about when and how often individuals and entities engaged by an organization should be screened against the General Services Administration’s (GSA) debarment data. These questions often result from frustration by providers over the user non-friendly data provided by GSA and the difficulty in resolving “false hits.” Added to this is the fact that GSA is continuing to add other databases to the System for Awards Management (SAM), which also includes the Excluded Parties List System (EPLS). I have made clear in a series of articles that I don’t like the idea of screening against the GSA and consider it a waste of time for many reasons, including the fact that the data is designed only for federal government agencies involved in contracting. The following is provided in response to the continuing request for additional clarification on the subject.

CMS Position

There are no specific regulations requiring providers to screen against the GSA debarment list; however, the Medicare Enrollment Application for Institutional Providers, requires applicant hospitals to have a compliance plan that states that the hospital checks all managing employees against the exclusion/debarment lists of both the HHS Office of the Inspector General (OIG) and the GSA. They also require that a provider not contract with any individuals or entities that are debarred by the GSA as a condition to maintaining active enrollment status. CMS also requires managed care plans to screen prior to the hiring or contracting of any new employee, temporary employee, volunteer, consultant, governing body member, or First Tier, Downstream or Related Entity (FDR), and on a monthly basis thereafter. Additionally, debarred providers who apply for Medicare shall be denied, and debarred providers enrolled with Medicare shall have their Medicare billing privileges revoked. CMS does not set forth the frequency of sanction screening the GSA debarment list, although it advocates to state Medicaid directors requiring monthly screening against both the LEIE and EPLS. CMS states “to obtain/maintain active enrollment status, providers may not employ or contract with individuals/entities excluded from participation in any federal health care program or debarred by the GSA from any other executive branch program or activity.. It is also worthwhile to remember that CMS has not established any enforcement mechanism to deal with providers have relationships with parties on the debarment list. I don’t believe that CMS gave sufficient thought to what it was doing.

OIG Position

Last year the OIG issued its “Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs,” where it addressed questions regarding the GSA’s EPLS and put a little distance between itself and CMS regarding screening against the EPLS. The OIG noted that in January 2009, CMS issued final regulations mandating states to screen all enrolled providers monthly against both the LEIE and EPLS. The OIG’s position is that LEIE should be considered the primary source for reporting any “hits” to the OIG and that it has no authority to impose CMPs on the employment of a debarred person appearing on the GSA EPLS. In short, the OIG is not interested in GSA debarments and won’t act on any matches to that listing.

GSA Position

The fact is that the GSA’s debarment list is intended to prevent the government from doing business with companies or individuals who demonstrate a lack of present responsibility and is intended for federal government agencies. It is not intended for any other purposes. In fact, the GSA has no interest with any entity that is not a federal agency, and that includes virtually the entire provider and managed care community. Furthermore, the GSA SAM database is not user-friendly. Unlike the OIG LEIE that provides mechanisms for determining validity of hits, GSA does not provide that assistance. As a result, screening against the SAM is a burdensome process that produces very little tangible results.

Bottom line: no agency is prepared to enforce actions involving health care entities engaging anyone who is on the debarment list. However, the fact remains that CMS calls for health care providers and plans to screen against the GSA debarment list. The following are some thoughts about what might be done to mitigate the burden, while meeting what is called for by CMS.

  1. Screen only those vendors and contractors providing health care-related services and/or products.
  1. Consider reducing frequency of GSA screenings.
  1. Conduct a “rolling screening” program whereby there is continuing monthly screening of only a small portion of the universe of contractors and vendors, but at a rate whereby all have been checked by the end of the 12-month period.
  1. Outsource the whole screening process in order to save time and costs, as well as gain the confidence that the verification and resolution are accurate and providing peace of mind that you are meeting the sanction screening requirements.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow’s Corner Newsletter

Copyright © 2014 Strategic Management Services, LLC. Published with permission.

Kusserow’s Corner: New Problems With GSA Debarment System

The General Services Administration (GSA) sanction screening database continues to have problems for users.  The GSA debarment list, previously known as the Excluded Parties Lists System (EPLS), is now part of the System for Award Management (SAM). This is a new consolidated database that includes EPLS, as well as the Central Contractor Registration/Federal Agency Registration (CCR/FedReg) and the Online Representations and Certifications Application (ORCA).  Additional databases are planned to be added in the future as part of the government procurement processes.  However, all of this has resulted in operational bugs, including recently some security breaches for users, along with data discrepancies.  For example, in April the GSA reported that it had identified security vulnerability in SAM, including the potential breach of names, taxpayer ID numbers, and bank information associated with those accounts.  The GSA subsequently reported that it fixed that problem.

Now, it is reporting another problem and posted an Important Exclusion Search Message on its website.  The message states that if a user is searching for exclusion records, he or she should not use the “DUNS Number Search” or “CAGE Code Search” boxes on the Search Records page because the GSA identified an issue that could return incomplete exclusion results. Until this issue is resolved, exclusion searches — especially those by DUNS number or CAGE code — should only be conducted using the main (uppermost) search bar, where it states “Enter your specific search term.”  Much of this does not make sense to health care providers and plans.  This is not surprising, in that the GSA SAM has been designed exclusively for federal government contractors.  Also, it is important to note that the HHS Office of Inspector General (OIG) has never actively called for sanction screening against the GSA.  It has noted that the screening may be an added resource for the compliance program.  It made clear in its “Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs” of May 8, 2013 that it does not have interest in cases where a provider finds a debarred party on EPLS and will take no action in such cases.  The only government entity pushing sanction screening of the GSA SAM has been CMS, which has no specific function or operation to enforce this.

In view of the forgoing, I recommend considering one of the following avenues to reduce the GSA screening burden:

  1. Screen only those parties providing health care-related services and/or products.
  2. Screen at the time of engagement and at a reduced frequency thereafter (e.g. annually).
  3. Conduct a “rolling screening” program of continuous screening of a small portion of the universe at a rate to ensure that all necessary parties have been checked over the year.
  4. Outsource the whole screening process in order to save time and costs, as well as gain the confidence that the verification and resolution are accurate and provide peace of mind that you are meeting the sanction screening requirements.

Richard P. Kusserow served 11 years as the DHHS Inspector General and currently is CEO of the Compliance Resource Center (CRC), including Sanction Screening Services (S³), which provides sanction screening tools and also provides full outsourcing of sanction screening. For more information, he can be contacted at rkusserow@strategicm.co.

Connect with Richard Kusserow on Google+ or LinkedIn.

Copyright © 2013 Strategic Management Services, LLC.  Published with permission.

Kusserow’s Corner: Tips to Mitigate the GSA Sanction Screening Burden

CMS is the only government agency really pushing screening against the Excluded Parties Lists System (EPLS) (now moved to the System for Award Management (SAM)).  The HHS Office of Inspector General (OIG), in its “Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs” of May 8, 2013 made it clear that it does not have interest in cases where a provider finds a debarred party on EPLS and it will take no action ins such cases.

There are no specific regulations requiring providers to screen against the GSA debarment list; however, the Medicare Enrollment Application for Institutional Providers requires applicant hospitals to have a compliance plan that states that the hospitals check all managing employees against the exclusion/debarment lists of both the OIG and the General Services Administration (GSA).  It also requires that a provider not contract with any individuals or entities that are debarred by the GSA as a condition to maintaining active enrollment status. [1]

CMS also requires managed care plans to screen prior to the hiring or contracting of any new employee, temporary employee, volunteer, consultant, governing body member, or First Tier, Downstream or Related Entity (FDR), and on a monthly basis thereafter.[2] Additionally, debarred providers who apply for Medicare shall be denied and debarred providers enrolled with Medicare shall have their Medicare billing privileges revoked.[3]

CMS does not set forth the frequency of sanction screening the GSA debarment list, although it advocates that state Medicaid directors require monthly screening against both the LEIE and EPLS.   It states “to obtain/maintain active enrollment status, providers may not employ or contract with individuals/entities excluded from participation in any federal health care program or debarred by the GSA from any other executive branch program or activity” (42 CFR 424.516).

I don’t believe that CMS gave sufficient thought to what it was requesting.  The fact is that the GSA’s debarment list is intended to prevent the Government from doing business with companies or individuals that demonstrate a lack of present responsibility and is intended for Federal government agencies.[4]  It is not intended for any other purposes.  Debarments prohibit debarred parties from contracting with the government. Health care providers may participate in government finance programs, in that they provide services and products and engage in business activities that are paid for by government programs, such as Medicare or Medicaid, but that does not make them government agencies or grantees of the Federal government. Put simply, those parties who contract with a health care provider are not contracting with the government.

However, the fact remains that CMS calls for health care providers and plans to screen against the GSA debarment list.  It is a burdensome process that produces very little tangible results.  The following are some thoughts about what might be done to mitigate the burden, while meeting what is called for by CMS.

  1. Screen against the GSA SAM only those vendors and contractors providing health care-related services and/or products.
  2. Reduce the frequency of GSA screenings.  Monthly screenings can be excessive in cost, time and effort.  Consideration may be given to screening individuals and parties at time of engagement and annually thereafter.  Alternatively, if GSA screening is something you wish to conduct more frequently than annually, quarterly screening would be preferable and sufficient.
  3. Conduct a “rolling screening” program.  This approach is to have continuous screening of a small portion of the universe of contractors and vendors at a rate whereby all have been checked by the end of the twelve month period.
  4. Outsource the whole screening process in order to save time and costs, as well as gain the confidence that the verification and resolution are accurate and provide peace of mind that you are meeting the sanction screening requirements.
[1]  42 CFR § 424.516(a)(3)(ii)
[2] See the CMS Medicare Managed Care Manual, Chapter 21 – Compliance Program Guidelines, 50.6.8 (last implemented 7/20/12).

[3] See the Medicare Program Integrity Manual (PIM), Chapter 15 – Medicare Enrollment, 15.5.3(B) and (E), 15.8.4, and 15.27.2(a)( last implemented 11/23/12).

See also 42 CFR § 424.530(a)(2)(ii); 42 CFR § 424.535(a)(2)(ii)

[4] David A. Drabkin, Acting Chief Acquisition Officer for the GSA at a House Committee on Oversight and Government Reform hearing on February 26, 2009

Richard P. Kusserow served 11 years as the DHHS Inspector General and currently is CEO of the Compliance Resource Center (CRC), including Sanction Screening Services (S³), which provides sanction screening tools and also provides full outsourcing of sanction screening. For more information, he can be contacted at rkusserow@strategicm.co.

Connect with Richard Kusserow on Google+ or LinkedIn.

Copyright © 2013 Strategic Management Services, LLC.  Published with permission.

Kusserow’s Corner: A Dozen Reasons to Not Like the GSA Debarment List

I don’t like the General Services Administration (GSA) debarment list.  It provides mostly useless information with very little return on time and effort.  In my opinion, health care entities screening against it is a waste of tens of millions of health care dollars that could be better spent on providing patient care.  My reasons are as follows:

  1. The GSA debarment list was never intended to be used by health care providers and plans. The Excluded Parties List System (EPLS) is now part of the System for Award Management (SAM) and is designed solely for use by Federal government agencies’ procurement process.  Just go to their website and see that.  With rare exceptions, health care providers and plans are not Federal agencies or part of any Federal procurement process. The GSA debarment list is designed to prevent Federal government agencies from soliciting offers from, and awarding contracts, grants, or financial or non-financial assistance and benefits to those on the list.
  2. GSA sanction screening has never been user friendly. It also generates many “false hits” that result in considerable work to make determinations as to whether the entity in question is identifiable to the one on which the hospital is checking.
  3. The GSA does not offer any useful assistance in trying to verify a potential “hit.” Unlike the OIG LEIE that has verification tools available to assist with possible hits, the EPLS often lacks solid identifiable information to permit easy verification that the party listed.  This problem is further complicated by the large number of entities with similar sounding names.
  4. The GSA is complicating an already difficult sanction screening process. The new operational bugs that recently surfaced with the GSA SAM database included some security breaches for users, along with data discrepancies.  These new problems resulted from GSA consolidating a number of federal procurement processes related to government contracting. Its new system consolidates several databases into one online system. They include the Central Contractor Registration/Federal Agency Registration (CCR/FedReg), Online Representations and Certifications Application (ORCA), and the EPLS.  Future phases of SAM will include additional databases for use during government procurement processes.
  5. There is no provision or guidance for health care providers or plans to consider administrative debarments discretionary. The GSA lists two types of debarments:  mandatory and administrative.  Federal agencies have the discretion of contracting with those on administrative debarment.  There is no guidance by CMS or any other federal agency as to whether that discretion applies to health care entities.
  6. The overwhelming majority of entities on the EPLS are not relevant to health care entities. It makes some sense to conduct sanction screening of health care-related contractors or vendors, but most hospitals have thousands of other types of entities providing everything imaginable for running any business, such as printing paper, toilet paper, computer supplies, delivery services, ground keeping services, trash hauling contractors, accounting and legal services, and on and on.  All one has to do is to look at the accounts payable and see that the list can be neverending.  Yet, there is no guidance as to where to draw the line for sanction screening.
  7. There are no specific CMS regulations requiring providers to screen against the GSA debarment list. However, the Medicare Enrollment Application for Institutional Providers requires applicant hospitals to have a compliance plan that states that the hospital checks all managing employees against the exclusion/debarment lists of both the OIG and the GSA. Also, under 42 CFR § 424.516(a)(3)(ii), providers may not contract with any individuals or entities that are debarred by the GSA as a condition to maintaining active enrollment status.  CMS also requires managed care plans to screen against the GSA EPLS prior to the hiring or contracting of any new employee, temporary employee, volunteer, consultant, governing body member, or First Tier, Downstream or Related Entity (FDR), and on a monthly basis thereafter. Additionally, debarred providers who apply for Medicare shall be denied and debarred providers enrolled with Medicare shall have their Medicare billing privileges revoked.
  8. Sanction screening against the GSA database is not very cost effective.  Although “hits” as result of sanction screening against the EPLS are not uncommon, legitimate one are very uncommonWhat this means is that the effort level is high for screening against the GSA data; and the return on effort is very low.
  9. Screening individuals and entities who are unrelated to health care delivery of services and products does not make much sense. It particularly makes little sense to run IBM, Staples, a courier service, computer repair services, etc. through the EPLS.
  10. The cost versus benefit equation of sanction screening against the EPLS is poor. It particularly makes little sense to run entities such as IBM, Staples, courier services, computer repair services, etc. through the EPLS.
  11. The OIG has added its LEIE data to the SAM, creating a redundancy.  As such, the only likely confirmed hits on the GSA database would those parties that were already listed on the LEIE, and the LEIE is the primary source.  Once again the relative value of sanction screening against GSA data is limited.  There are lag times from when an OIG sanction appears on the SAM and when it is removed.  What this means is that it is possible that an exclusion may have been rescinded by the OIG, but GSA may still carry it on their debarment list.  This lag time can be considerable.
  12. Unlike screening against the LEIE, the OIG only suggests the GSA data as a useful resource.  It does not see failure to screen as creating a liability or potential fraud.   CMS is alone in believing a health care organization should terminate a contract with the debarred party, regardless of the vagueness of what that party might be or the nature of the debarments.
  13. It is not clear how an entity would deal with a finding of a debarred party. It is neither an OIG nor DOJ issue and they would not be involved.  I would question the legal basis or reasonableness for cancelling valid contract just because CMS thinks it is should be done.

In a future blog article, I will offer some suggestions to mitigate the GSA sanction screening burdens.

Richard P. Kusserow served 11 years as the DHHS Inspector General and currently is CEO of the Compliance Resource Center (CRC), including Sanction Screening Services (S³), which provides sanction screening tools and also provides full outsourcing of sanction screening. For more information, he can be contacted at rkusserow@strategicm.co.

Connect with Richard Kusserow on Google+ or LinkedIn.

Copyright © 2013 Strategic Management Services, LLC.  Published with permission.