Kusserow’s Corner: The OIG on Screening Against the GSA EPLS

I served as HHS Inspector General for eleven years, and I’ve made it clear in previous blog articles that I do not like the GSA debarment list for many reasons.  The Office of Inspector General (OIG) issued its “Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs” on May 8, 2013, suggesting the OIG is not wedded to the list, either.  In its Bulletin, the OIG addresses questions regarding the General Services Administration’s (GSA) Excluded Parties List System (EPLS).  First, it is important to note that the OIG has never called for health care providers to screen against the GSA list.  In its various compliance guidance documents, it notes the GSA maintains a monthly listing of debarred contractors on the Internet as an additional resource available to providers.  However, the fact that the GSA debarment list was mentioned by the OIG has led providers to believe that they should not only screen against the LEIE, which is mandatory, but also against the EPLS.

In its Bulletin, the OIG contrasted the LEIE with the GSA’s EPLS, which was recently merged into the Systems for Awards Management (SAM).  The OIG appears to have put a little distance between itself and CMS regarding screening against the EPLS. The OIG noted that in January 2009, CMS issued final regulations (42 C.F.R. sec. 455.436) mandating states to screen all enrolled providers monthly against both the LEIE and EPLS.  This is in contrast to the OIG’s position.

The key points laid out by the OIG on this subject are as follows:

  1. The OIG stated the LEIE lists only exclusion actions taken by the OIG and that it provides the LEIE information to GSA, which is incorporated into the system.
  2. The LEIE should be considered the primary source for reporting any “hits” to the OIG.
  3. In contrast to the GSA debarment list, the OIG exclusion does not affect a person’s ability to participate in other Government procurement or non-procurement transactions.
  4. The OIG stated it has no authority to impose civil monetary penalties on the employment of a debarred person appearing on the GSA EPLS.

Final note: It is worthwhile to remember that CMS has not established any enforcement mechanism to deal with providers that have relationships with parties on the debarment list. With the foregoing in mind, I continue to suggest that providers limit the screening against the EPLS to a bare minimum, as required.

Richard P. Kusserow served 11 years as the DHHS Inspector General and currently is CEO of the Compliance Resource Center (CRC), including Sanction Screening Services (S³), which provides sanction screening tools and also provides full outsourcing of sanction screening.  For more information, he can be contacted at rkusserow@strategicm.co.

Connect with Richard Kusserow on Google+ or LinkedIn.

Copyright © 2013 Strategic Management Services, LLC.  Published with permission.

From the Contributor’s Corner: What Is the Purpose of the GSA Debarment Database?

I served as the Department of Health and Human Services (DHHS) Inspector General for eleven years.  During my term, I was responsible for the creation of what is now known as the OIG List of Excluded Individuals and Entities (LEIE).  I believe this has been a major contribution for guarding against fraud and abuse of the Medicare and Medicaid programs.  It is also user-friendly to assist health care organizations and entities in resolving potential hits of excluded individuals and entities that are not eligible to cause costs to the health care financing programs of the Federal government.  I don’t like health care entities screening against the General Services Administration (GSA) debarment list.  It is not user-friendly, and for the most part is a waste of time, energy, and resources. However, this is not GSA’s fault, as it never designed its system to be used for other than Federal government agency purposes.

The GSA’s position is that a debarment is intended to prevent the Government from doing business with companies or individuals who demonstrate a lack of present responsibility and is intended for Federal government agencies.[1]  It is not intended for any other purposes.  The key point of this article is that the GSA debarment list applies ONLY to use by Federal government agencies, not health care providers and plans. Debarments prohibit debarred parties from contracting with the government. Health care providers may participate in government finance programs, in that they provide services and products and engage in business activities that are paid for by government programs, such as Medicare or Medicaid, but that does not make them a government agency or a grantee of the Federal government. Put simply, those parties who contract with a health care provider are not contracting with the government.

The General Services Administration’s debarment is part of the System for Award Management (SAM). Until recently, it was known as the Excluded Parties List System (EPLS). It provides a single list of individuals and firms that have been excluded by Federal government agencies and was designed to prevent debarred entities from receiving federal contracts or federally approved sub-contracts. Its purpose was to ensure that Federal government agencies solicit offers from; award contracts, grants, or financial or non-financial assistance and benefits to; and consent to subcontracts with responsible contractors only.  It was to ensure that any party debarred, suspended, or otherwise excluded by any Executive department or agency was prevented from participating in an affected program.

It is important to understand that there are two types of debarments identified by the GSA on its website:

  1. Statutory debarments that are often mandatory. This leaves little discretion to Federal contracting officers in permitting their use.  These debarments remain in effect for a period prescribed by statute, with limited opportunities for agencies to waive them. Statutory suspensions otherwise resemble statutory debarments, but last only until a designated agency official finds that the contractor has ceased the conduct violating the statute.
  2. Administrative debarments that are within the discretion of agency contracting officials.  This category of debarments, according to the GSA, is not punitive.  They may generally last no longer than three years and can be waived by Federal agency heads. Administrative debarments are within the discretion of agency contracting officials; suspensions are temporary administrative debarments, lasting only as long as any agency investigation of contractor misconduct or ensuing legal proceedings.

The GSA debarment list was not created for non-governmental entities in any sector, including health care. There are very few providers of health care services and products that meet the criteria of a Federal agency. Among the exceptions are the Veterans Administration, Indian Health Service, National Institutes of Health, Department of Defense health care facilities, and other similar bodies of government providing health care.

  1. The Government debarment and suspension procedures are intended for government agencies contracting with commercial entities, not for non-government entities.
  2. Many of the government contractors on the SAM/EPLS are very large multi-billion dollar organizations with many subsidiaries.  It is difficult to know when a debarment arises from one of those subsidiaries how relevant it is to another.
  3. The DHHS OIG decided to add its LEIE to the SAM/EPLS.  As such, any hits on the LEIE may also show up on the GSA database.  It is a double hit for the same action.

[1] David A. Drabkin, Acting Chief Acquisition Officer for the GSA at a House Committee on Oversight and Government Reform hearing on February 26, 2009

Richard P. Kusserow served 11 years as the DHHS Inspector General and was responsible for the creation of what is now the LEIE.  He currently is CEO of the Compliance Resource Center (CRC), including Sanction Screening Services (S³), which provides sanction screening tools and also provides full outsourcing of sanction screening. For more information, he can be contacted at rkusserow@strategicm.co.

Connect with Richard Kusserow on Google+ or LinkedIn.

Copyright © 2013 Strategic Management Services, LLC.  Published with permission.

From the Contributor’s Corner: GSA Sanction Screening Security Problems

The General Services Administration (GSA) maintains debarment data in the well known Excluded Parties List System (EPLS).  They recently migrated this data to a new and more comprehensive system call the System for Award Management (SAM).  The purpose of this was to streamline the federal government contracting process. Because SAM consolidates the procurement process from a federal government perspective, the new system incorporates several databases typically consulted during that process. Currently, SAM incorporates the Central Contractor Registration/Federal Agency Registration (CCR/FedReg), Online Representations and Certifications Application (ORCA), and the EPLS into one online database.  Future phases of SAM will include additional databases also screened during the procurement process.

However, there have already been serious problems with the new consolidated system.   Bringing EPLS into SAM as part of the larger database has created added difficulties for screening debarments within an already user un-friendly system.  Since SAM incorporates information from CCR/FedReg and ORCA, the results of each single search must be filtered to display only exclusion records. This filter is designed to eliminate records that are not necessary to review for the purpose of sanction and debarment screening. Additional complexities were incurred when GSA chose to not implement functionality in SAM that users relied on when screening EPLS. As a result, certain necessary functions (i.e. search using the social security number) and data elements (i.e. CT Codes) were eliminated.

Security Breach

On top of the already confusing and difficult screening process using SAM, the GSA now reports a security breach in SAM, which places registered users at risk. It appears that the breach affected those registered through SAM in order to do business with the federal government. Upon learning of the breach, GSA sent an email to all registered users that provided little clarification on the exact impact to users. For the purpose of health care sanction screening, users do not necessarily need to be registered users to access the debarment list; however, many in the health care industry have registered with SAM to access the debarment list. For those individuals, the risk is low.  The greatest vulnerability impacts entities that utilize SAM for contracting purposes and, additionally, use a Social Security Number as the Taxpayer Identification Number and have “opted in” to the public search. GSA has identified those highly vulnerable registrants and has contacted them via a separate email. As a result of this breach, user management components of SAM are temporarily unavailable. Users are not able to update their user roles and administrators are unable to manage entity users.

Those organizations that register through SAM are at risk, but those using a vendor to screen against SAM EPLS data are not directly affected by the security breach.  The author recommends that all health care organizations suspend sanction screening against GSA SAM until the agency has worked out the bugs and security flaws.  It is also worth recalling that the entire SAM, and formerly the EPLS, was designed for government agency use and not for health care providers, who are not government agencies.

More information regarding the state of affairs and the security breach can be found at the GSA website.

Richard P. Kusserow served 11 years as the DHHS Inspector General and currently is CEO of the Compliance Resource Center (CRC), including Sanction Screening Services (S³), which provides sanction screening tools and full outsourcing of sanction screening.  For more information, he can be contacted at rkusserow@strategicm.co.

Connect with Richard Kusserow on Google+ or LinkedIn.

Copyright © 2013 Strategic Management Services, LLC.  Published with permission.