Kusserow on Compliance: Continued confusion regarding the CMS preclusion list

Those on list are prohibited from MA Plans or Part D Sponsors payment

Questions continue arise concerning the CMS Preclusion List final rule. The Preclusion List is a list generated by CMS that contains the names of prescribers, individuals, and entities that are unable to receive payment for Medicare Advantage (MA) items and service and or Part D drugs prescribed or provided to Medicare beneficiaries. The rule mandates Part D sponsors, or their pharmacy benefit managers, to screen against the Preclusion List and reject any pharmacy claim prescribed by an individual or entity on it. MA plans must deny payment for a health care item or service furnished by an individual or entity on the list. Plans and sponsors must also notify impacted beneficiaries who received care or a prescription from a provider on the Preclusion List in the last twelve months. The list includes those who are currently revoked from Medicare, are under an active reenrollment bar, and whose underlying conduct CMS has determined to be detrimental to the Medicare program; or have engaged in behavior for which CMS could have revoked the prescriber and determined the underlying conduct would have led to the revocation. Such conduct includes, but is not limited to: felony convictions and OIG exclusions. CMS indicated that individuals or entities appearing on the List of Excluded Individuals/Entities (LEIE) and/or the System for Award Management (SAM) list would also be placed on the Preclusion List.

MA plans and Part D sponsors are required to access the list through an Enterprise Identity Data Management (EIDM) account with CMS. The list is updated monthly.  The causes for most of the confusion is that only plans approved by CMS are granted access to the Preclusion List. As a result, many if not most, organizations use a vendor for sanction screening services. However, the vendors are not always given access to the List.  The way around this obstacle has been for Plans to give their vendor the list and have them include it in their screening services. Another point of confusion is that technically, it is not a sanction list. It includes many parties who have not been formally sanctioned to be included on the OIG LEIE, although many on the list are also on the LEIE.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Tips on mergers and acquisitions due diligence

– Failing to engage in regulatory due diligence may result in legal exposure

– Most M&As in health care fail to adequately check regulatory risk liabilities

Tom Herrmann, a former senior executive in the Office of Counsel to the Inspector General (OCIG) and Medicare Appeals Council Appellate Judge, provides interesting insights on this subject as result of his government experience and work with due diligence reviews.  Traditionally, law firms conducting due diligence reviews focus on contracts and other legal obligations. They examine a multitude of areas including an entity’s structure; contractual, intellectual and property obligations; securities and financing compliance; tax exposure risks; and previous and current litigation. Public accounting firms assess the financial accountability and viability of an entity. It is not uncommon for the accounting and law firms to have the scope of their due diligence reviews limited to their areas of expertise, which often do not include health care regulatory compliance. This may result in a failure to adequately review and address potential problems in the regulatory compliance arena. Regulatory due diligence is a specialized review process that requires the application of certain protocols, and protocols and can be performed quickly and efficiently to identify areas of regulatory risk and vulnerability. A review should include assessing the effectiveness of the entity’s compliance program; evaluating internal monitoring of high-risk areas; conducting sample of claims audits and extrapolations; and the ongoing internal audit process of a company. Regulatory compliance experts know where to look for weaknesses without having to do a “deep dive.” Thus, such a review can be performed in an efficient and cost-effective manner. He offers the following tips for those engaged in M&A:

  1. Any party considering an acquisition or entering into a merger should adequately assess potential future government enforcement or regulatory action. This provides an incentive for an acquiring party to require the disclosure prior to a merger or acquisition of any information or documentation relating to a pending or potential government enforcement or regulatory action.

 

  1. The matters disclosed during a regulatory due diligence review may encompass a broad range of issues, including employing or contracting with an excluded party, a flawed arrangement with a physician, or Medicare or Medicaid overpayments.

 

  1. Once a potential legal or regulatory violation is identified, a resolution of the matter, including self disclosure to appropriate government authorities, should be addressed by the parties.

Tom Herrmann may be reached at thermmann@strategicm.com or at (703) 535-1410 for more information on this topic.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Meeting sanction checking mandates

As the HHS Inspector General, I created what is now referred to as the List of Excluded Individuals and Entities (LEIE) that was followed by OIG compliance guidance documents which call for checking employees, physicians, vendors, and contractors against the LEIE. The OIG considers all claims and costs associated with an excluded party as potentially false and fraudulent and can lead to significant financial penalties and more. The OIG Special Advisory Bulletin on the Effect of Exclusion provides very useful information in assessing this risk area. CMS mandates, as a condition of enrollment, providers may not employ or contract with individuals or entities that are excluded from participation in any federal health care program and call for checking not only against the LEIE, but also the General Service Administration’s (GSA) Excluded Parties List System (EPLS), now part of the System for Award Management (SAM). CMS further called upon State Medicaid Directors to establish their own sanction data base and requires providers to check it on a monthly basis. To date, 40 states have moved to establish their own Medicaid sanction lists with other states in the process of doing the same. This has increased the sanction screening burden exponentially, not only for the compliance office but other departments as well. HR often has responsibility of sanction checking new hires and periodically current employees. Procurement is also affected because they handle the screening of vendors and contractors. The Medical Credentialing Office must ensure checking on physicians who have been granted staff privileges.  Other federal sanction databases worth screening are maintained by the DEA and FDA, as well as the Department of the Treasury Office of Foreign Assets Control (OFAC) Terrorist Watch List.

Daniel Peake, of the Compliance Resource Center (CRC), works with clients to provide a variety of CRC services that includes providing sanction checking services, as well as the investigation and resolution of potential hits. He noted that the time and resources necessary for developing and maintaining a search engine, along with regularly collecting and updating sanction information from many databases is not very cost effective. This high cost of using internal resources to develop and manage the sanction checking has resulted in the great majority of health care entities subscribing to a vendor service that provides a search engine to their established databases. Vendors can afford the high cost of maintaining the currency of the data because they amortize the costs over many clients. The problem is that that vendor quality, cost, and reliability can vary enormously.  From experience, he offered the following tips for those considering a vendor:

 

Tips on choosing a vendor search engine service

  1. Know the cost up front with a fixed rate, not based upon per click searches.
  2. Contract should permit cancelling without cause at any time, if dissatisfied.
  3. Ensure vendor has liability insurance ($ 1 to 3 million preferably).
  4. Determine other services included (e.g. policy templates, regulatory updates, etc.).
  5. Determine how much “help desk” assistance is available to resolve potential hits.

 

For more information, contact Daniel Peake at (dpeake@complianceresource.com) (703-236-9854).

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG provides Medicaid fraud and overpayment update to Congress

The OIG testified before the Senate Committee on Homeland Security and Governmental Affairs regarding Medicaid Fraud and Overpayments. Up front, it was noted that the Medicaid program has 67 million beneficiaries, costing $600 billion annually with projected improper Medicaid payments at about $59 billion. Key points of the testimony were:

  1. Complete and reliable national Medicaid data—which is necessary for effective program oversight and to quickly detect and address improper payments, fraud, waste, or quality concerns—is limited.
  2. Transformed Medicaid Statistical Information System (T-MSIS) data was mandated to address problems with national Medicaid claims and eligibility data. All states except Wisconsin and the District of Columbia have begun reporting data to T‐MSIS, but the data elements may not mean the same thing across states. CMS must ensure that the same data elements are consistently reported and uniformly interpreted across states.
  3. Eighty percent of all Medicaid beneficiaries receive part or all of their services through managed care entities who are required to report medical claims data to states who then report it to CMS via T‐MSIS. Without accurate and timely data, it is not possible to analyze costs, utilization or trends; evaluate benefits; or determine the quality of services being provided.  Medicaid managed care encounter data was found to be incomplete and CMS needs to ensure this corrected.
  4.  Lack of quality national Medicaid data to identify fraud schemes and other vulnerabilities that cross state lines is hampering enforcement efforts. Identifying schemes in one state can alert other states to patterns of fraudulent or abusive practices that may be occurring in their jurisdiction and can be referred to law enforcement agencies. CMS must improve Medicaid data to ensure T‐MSIS achieves its full potential.
  5. States have not fully enacted enhanced provider screening that prevents bad actors from entering the Medicaid program to reduce improper payments and protect patients from harm, such as conducting fingerprint‐based criminal background checks and site visits. States need timely, complete, and accurate data to identify the providers seeking access to Medicaid monies and patients. CMS must ensure that states timely and fully implement critical safeguards.
  6. The Medicaid improper payment rate is 10.1 percent and CMS is working with state Medicaid agencies to develop corrective action plans that address state‐specific reasons for improper payments as a part of CMS’s Payment Error Rate Measurement Program (PERM). Additional guidance to the states by CMS is needed. OIG has also identified a number of states that inflate payment rates to increase their Federal Medicaid funding and CMS needs to closely review state Medicaid plans and plan amendments for potentially inappropriate cost‐shifting from states to the federal government.
  7. The OIG has found that states are not always correctly determining Medicaid eligibility for beneficiaries. The Affordable Care Act (ACA) allowed states to expand Medicaid eligibility and claim a higher Federal Medical Assistance Percentage, but incorrectly determining beneficiaries’ eligibility could result in the improper shift of costs from the state to the federal government. States must comply with requirements to verify applicants’ income, citizenship, identity, and other eligibility criteria in order to verify eligibility criteria.
  8. Medicaid is overpaying for prescription drugs due to underpaid rebates. Manufacturers are generally required to pay rebates to the states for covered outpatient drugs under the Medicaid Drug Rebate Program that includes reporting product and pricing information to CMS that is used to calculate the rebates owed. Manufacturer misreporting can result in manufacturers’ underpaying rebates, which inappropriately increases federal and state Medicaid costs. Overseeing states’ collection of manufacturer rebates remains a challenge for HHS.
  9. Medicaid must know with whom it is doing business, not only to prevent improper payments to ineligible providers, but also to protect beneficiaries from low‐quality care. The varying standards, and in some cases, minimal vetting, for Medicaid personal care services (PCS) providers, potentially expose the Medicaid program to financial fraud and Medicaid beneficiaries to abuse and neglect. CMS needs to improve states’ ability to monitor billing and care quality by enrolling PCS attendants as providers, or require them to register with their state Medicaid agencies, and assign each attendant a unique identifier.
  10. The OIG found that up to 99 percent of critical incidents of abuse and neglect of developmentally disabled were not reported to the appropriate law enforcement or state agencies as required. The OIG worked with the HHS Administration for Community Living, Office for Civil Rights, CMS, as well as with the DOJ and States to create a joint report entitled Ensuring Beneficiary Health and Safety in Group Homes Through State Implementation of Comprehensive Compliance Oversight. It features suggested model practices for states and CMS with four main aspects of handling critical incidents: investigation, reporting, correction, and transparency and accountability. It also detailed suggestions as to what actions states should take when group homes repeatedly fail to report incidents.
  11. The OIG partners with state Medicaid Fraud Control Units (MFCUs) which, last year, reported more than 1,500 convictions, nearly 1,000 civil settlements and judgments, and more than $1.8 billion in criminal and civil recoveries. The 50 existing MFCUs receive 75 percent of their funding on a matching basis from the federal government but often they encounter severe restrictions on their ability to maintain or expand staff.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.