Kusserow on Compliance: Meeting sanction checking mandates

As the HHS Inspector General, I created what is now referred to as the List of Excluded Individuals and Entities (LEIE) that was followed by OIG compliance guidance documents which call for checking employees, physicians, vendors, and contractors against the LEIE. The OIG considers all claims and costs associated with an excluded party as potentially false and fraudulent and can lead to significant financial penalties and more. The OIG Special Advisory Bulletin on the Effect of Exclusion provides very useful information in assessing this risk area. CMS mandates, as a condition of enrollment, providers may not employ or contract with individuals or entities that are excluded from participation in any federal health care program and call for checking not only against the LEIE, but also the General Service Administration’s (GSA) Excluded Parties List System (EPLS), now part of the System for Award Management (SAM). CMS further called upon State Medicaid Directors to establish their own sanction data base and requires providers to check it on a monthly basis. To date, 40 states have moved to establish their own Medicaid sanction lists with other states in the process of doing the same. This has increased the sanction screening burden exponentially, not only for the compliance office but other departments as well. HR often has responsibility of sanction checking new hires and periodically current employees. Procurement is also affected because they handle the screening of vendors and contractors. The Medical Credentialing Office must ensure checking on physicians who have been granted staff privileges.  Other federal sanction databases worth screening are maintained by the DEA and FDA, as well as the Department of the Treasury Office of Foreign Assets Control (OFAC) Terrorist Watch List.

Daniel Peake, of the Compliance Resource Center (CRC), works with clients to provide a variety of CRC services that includes providing sanction checking services, as well as the investigation and resolution of potential hits. He noted that the time and resources necessary for developing and maintaining a search engine, along with regularly collecting and updating sanction information from many databases is not very cost effective. This high cost of using internal resources to develop and manage the sanction checking has resulted in the great majority of health care entities subscribing to a vendor service that provides a search engine to their established databases. Vendors can afford the high cost of maintaining the currency of the data because they amortize the costs over many clients. The problem is that that vendor quality, cost, and reliability can vary enormously.  From experience, he offered the following tips for those considering a vendor:

 

Tips on choosing a vendor search engine service

  1. Know the cost up front with a fixed rate, not based upon per click searches.
  2. Contract should permit cancelling without cause at any time, if dissatisfied.
  3. Ensure vendor has liability insurance ($ 1 to 3 million preferably).
  4. Determine other services included (e.g. policy templates, regulatory updates, etc.).
  5. Determine how much “help desk” assistance is available to resolve potential hits.

 

For more information, contact Daniel Peake at (dpeake@complianceresource.com) (703-236-9854).

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG provides Medicaid fraud and overpayment update to Congress

The OIG testified before the Senate Committee on Homeland Security and Governmental Affairs regarding Medicaid Fraud and Overpayments. Up front, it was noted that the Medicaid program has 67 million beneficiaries, costing $600 billion annually with projected improper Medicaid payments at about $59 billion. Key points of the testimony were:

  1. Complete and reliable national Medicaid data—which is necessary for effective program oversight and to quickly detect and address improper payments, fraud, waste, or quality concerns—is limited.
  2. Transformed Medicaid Statistical Information System (T-MSIS) data was mandated to address problems with national Medicaid claims and eligibility data. All states except Wisconsin and the District of Columbia have begun reporting data to T‐MSIS, but the data elements may not mean the same thing across states. CMS must ensure that the same data elements are consistently reported and uniformly interpreted across states.
  3. Eighty percent of all Medicaid beneficiaries receive part or all of their services through managed care entities who are required to report medical claims data to states who then report it to CMS via T‐MSIS. Without accurate and timely data, it is not possible to analyze costs, utilization or trends; evaluate benefits; or determine the quality of services being provided.  Medicaid managed care encounter data was found to be incomplete and CMS needs to ensure this corrected.
  4.  Lack of quality national Medicaid data to identify fraud schemes and other vulnerabilities that cross state lines is hampering enforcement efforts. Identifying schemes in one state can alert other states to patterns of fraudulent or abusive practices that may be occurring in their jurisdiction and can be referred to law enforcement agencies. CMS must improve Medicaid data to ensure T‐MSIS achieves its full potential.
  5. States have not fully enacted enhanced provider screening that prevents bad actors from entering the Medicaid program to reduce improper payments and protect patients from harm, such as conducting fingerprint‐based criminal background checks and site visits. States need timely, complete, and accurate data to identify the providers seeking access to Medicaid monies and patients. CMS must ensure that states timely and fully implement critical safeguards.
  6. The Medicaid improper payment rate is 10.1 percent and CMS is working with state Medicaid agencies to develop corrective action plans that address state‐specific reasons for improper payments as a part of CMS’s Payment Error Rate Measurement Program (PERM). Additional guidance to the states by CMS is needed. OIG has also identified a number of states that inflate payment rates to increase their Federal Medicaid funding and CMS needs to closely review state Medicaid plans and plan amendments for potentially inappropriate cost‐shifting from states to the federal government.
  7. The OIG has found that states are not always correctly determining Medicaid eligibility for beneficiaries. The Affordable Care Act (ACA) allowed states to expand Medicaid eligibility and claim a higher Federal Medical Assistance Percentage, but incorrectly determining beneficiaries’ eligibility could result in the improper shift of costs from the state to the federal government. States must comply with requirements to verify applicants’ income, citizenship, identity, and other eligibility criteria in order to verify eligibility criteria.
  8. Medicaid is overpaying for prescription drugs due to underpaid rebates. Manufacturers are generally required to pay rebates to the states for covered outpatient drugs under the Medicaid Drug Rebate Program that includes reporting product and pricing information to CMS that is used to calculate the rebates owed. Manufacturer misreporting can result in manufacturers’ underpaying rebates, which inappropriately increases federal and state Medicaid costs. Overseeing states’ collection of manufacturer rebates remains a challenge for HHS.
  9. Medicaid must know with whom it is doing business, not only to prevent improper payments to ineligible providers, but also to protect beneficiaries from low‐quality care. The varying standards, and in some cases, minimal vetting, for Medicaid personal care services (PCS) providers, potentially expose the Medicaid program to financial fraud and Medicaid beneficiaries to abuse and neglect. CMS needs to improve states’ ability to monitor billing and care quality by enrolling PCS attendants as providers, or require them to register with their state Medicaid agencies, and assign each attendant a unique identifier.
  10. The OIG found that up to 99 percent of critical incidents of abuse and neglect of developmentally disabled were not reported to the appropriate law enforcement or state agencies as required. The OIG worked with the HHS Administration for Community Living, Office for Civil Rights, CMS, as well as with the DOJ and States to create a joint report entitled Ensuring Beneficiary Health and Safety in Group Homes Through State Implementation of Comprehensive Compliance Oversight. It features suggested model practices for states and CMS with four main aspects of handling critical incidents: investigation, reporting, correction, and transparency and accountability. It also detailed suggestions as to what actions states should take when group homes repeatedly fail to report incidents.
  11. The OIG partners with state Medicaid Fraud Control Units (MFCUs) which, last year, reported more than 1,500 convictions, nearly 1,000 civil settlements and judgments, and more than $1.8 billion in criminal and civil recoveries. The 50 existing MFCUs receive 75 percent of their funding on a matching basis from the federal government but often they encounter severe restrictions on their ability to maintain or expand staff.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2018 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Appealing exclusions–practical advice

Attorneys and consultants frequently have sanctioned clients desperately wanting to appeal and overturn the HHS Office of Inspector General (OIG) decision on exclusion, adding them to the List of Excluded Individuals and Entities (LEIE). The desperation is driven by the fact that exclusion is tantamount to putting them out of business. Few health care providers of services and products can function without access to federal health care programs and trying to continue servicing in that area after exclusion represents further violation of law with increased penalties.

Tom Herrmann, J.D., served over 20 years in the Office of Counsel to the Inspector General and as Appellate Judge for the Medicare Appeals Counsel and is frequently engaged to assist in Medicare appeals. He explained that there is, indeed, a process for appeal on exclusion to an HHS Administrative Law Judge (“ALJ”), the HHS Departmental Appeals Board (“DAB”), and ultimately the federal courts.  However, he warns that trying to appeal exclusions imposed by the OIG is not generally advisable, in that they are rarely overturned.  This is because most exclusion actions, both mandatory and discretionary, are derivative of a prior official action, whether it is court conviction or licensure board revocation.  Upon appeal, the underlying predicate action for exclusion may not be challenged through the established administrative and judicial review process.  The governing regulations provide further that an ALJ may not “review the exercise of discretion by the OIG to exclude an individual or entity under section 1128(b) of the Act, or determine the scope or effect of the exclusion.”   Moreover, the ALJ is prohibited from setting “a period of exclusion at zero, or reduce[ing] a period of exclusion to zero, in any case where the ALJ finds that an individual or entity committed an act described in section 1128(b) of the Act.”

Furthermore, an excluded party can affect entities with who affiliated. Should a provider permit an excluded party to be involved in services, it will create a liability to that organization.  As a condition of participation in Medicare/Medicaid, it is the affirmative duty and responsibility of the organization to ensure that any provider of services or products that is included in claims submitted for payment to those programs are licensed, qualified and NOT excluded.  To engage excluded parties places in jeopardy the entity’s status as a provider.  Furthermore, it is the OIG’s position that all claims submitted that include anything from a sanctioned provided may be considered false and potentially fraudulent.  Providers should take steps to avoid being poisoned by excluded parties.  Sanction screening can be a challenge because of multiple exclusion databases and variations of names and data.

Practical tips

Organizations should consider the following:

  • The fact that most exclusions arise from court or licensing agency actions underscores the importance of sanction screening and conducting background investigations prior to engaging employees, contractors, and vendors, to ensure they have not been subject to adverse actions by these authorities.
  • Screen parties before engaging them and thereafter periodically (e.g. monthly) against the LEIE or relevant State sanction lists.
  • Ensure data used in screening is accurate and up to date. Frequently, sanctioned parties disguise their exclusion with a name change (e.g. spouse surname), variations on name (particularly significant in the case of names that are transliterated).
  • Include on any application for employment or for medical privilege a statement that they are not under investigation and have not been subject of adverse action by any duly authorized enforcement agency.
  • Check the enrollment and exclusion status of physicians and other non-physician practitioners that routinely order or prescribe, as any services ordered or prescribed by an excluded health care practitioner will not be eligible for program payments.
  • If a party is verified to be on an exclusion list, take immediate action to terminate the party; determine the monetary exposure of the services involving that party that was billed to Federal health care programs; and disclose the findings to the OIG.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Meeting sanction-screening requirements

As the HHS Inspector General, I created what is now referred to as the List of Excluded Individuals and Entities (LEIE). This was followed by various HHS Office of Inspector General (OIG) compliance guidance documents that call for screening employees, physicians, vendors, and contractors against the LEIE. Subsequently, the OIG encouraged screening against the General Service Administration’s (GSA) Excluded Parties List System (EPLS), now part of the System for Award Management (SAM).  Other federal sanction databases worth screening are maintained by the Drug Enforcement Administration (DEA) and FDA, as well as the Department of the Treasury Office of Foreign Assets Control (OFAC) Terrorist Watch List. As a condition of enrollment, providers may not employ or contract with individuals or entities that are excluded from participation in any federal health care program.  All claims and costs associated with an excluded party may be viewed as false and fraudulent and, potentially, leading to significant financial penalties and more.  The OIG Special Advisory Bulleting on the Effect of Exclusion provides very useful information in assessing this risk area

CMS calls for screening, not only against the LEIE, but also the GSA debarment list. It sent letters to State Medicaid Directors calling on them to screen their enrolled providers for exclusions against state Medicaid exclusion databases on a monthly basis. To date, 40 states have moved to establish their own Medicaid sanction lists, with a number of other states in the process of doing the same. This has increased the sanction screening burden exponentially, not only for the compliance office but other departments as well. Human resources management (HRM) normally has the responsibility of screening new hires and periodically screening current employees.  Procurement is also affected because it handles the screening of vendors and contractors.  Lastly, the Medical Credentialing Office must be involved in order to screen physicians who have been granted staff privileges.

Alena Treen, of the Compliance Resource Center (CRC), has more than 15 years’ experience with sanction screening services. She notes that spending time, money, and resources on developing and maintaining a search engine and regularly collecting and updating sanction information from many databases is not very cost effective. This all has to be done before you begin the search process and resolving potential hits.  This option is prohibitive in terms of costs, time, effort, and quality control to guard against errors or omissions.

Carrie Kusserow also has over 15 years’ experience in sanction screening as a compliance officer and consultant. She makes the point that the high cost of using internal resources to develop and manage the sanction-screening process has resulted in the great majority of health care entities subscribing to a vendor service that provides a search engine to their established databases. Vendors can afford the high cost of maintaining the currency of the data because they amortize the costs over many clients. The problem is that vendor quality, cost, and reliability can vary enormously. From experience, she offers the following tips for those considering a vendor:

  1. Know the cost up front with a fixed rate, not based upon per click searches.
  2. The contract should permit cancelling, without cause at any time, if dissatisfied.
  3. Ensure the vendor has liability insurance (preferably $1-3 million).
  4. Determine other services included (e.g. policy templates, regulatory updates, etc.).
  5. Determine how much “help desk” assistance is available to resolve potential hits.

Outsourcing sanction screening process

Jillian Bower has been providing sanction-screening services for years. She says using a vendor’s sanction screening tool to conduct screenings is only part of easing the burden.  The bulk of the effort remains in conducting the actual screening, resolving potential “hits,” and preparing a report for the record to evidence it was all done correctly.  In seeking the right vendor, look for one that includes all those steps in its agreements, but also permits–without added charge–the use of the vendor’s tool for ad hoc and individual screening, as needed.  The vendor also should be prepared to provide certified reports on the results of each round of screening that can be made part of the organization’s permanent record to evidence its completion; it should be available if the OIG or another government agency challenges the organization on meeting this compliance obligation.  Bower says the additional cost of going beyond just using a vendor’s sanction screening tool to having the vendor actually perform the searching and resolve the potential hit is surprisingly inexpensive, when compared against the time and cost of doing the work in-house.  In many cases, it may be actually be less than what some vendors would charge for only using their screening tools.  She stresses the importance of maintaining records of all sanction screenings to evidence that it was conducted properly to avoid penalties.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.