Kusserow on Compliance: Meeting sanction-screening requirements

As the HHS Inspector General, I created what is now referred to as the List of Excluded Individuals and Entities (LEIE). This was followed by various HHS Office of Inspector General (OIG) compliance guidance documents that call for screening employees, physicians, vendors, and contractors against the LEIE. Subsequently, the OIG encouraged screening against the General Service Administration’s (GSA) Excluded Parties List System (EPLS), now part of the System for Award Management (SAM).  Other federal sanction databases worth screening are maintained by the Drug Enforcement Administration (DEA) and FDA, as well as the Department of the Treasury Office of Foreign Assets Control (OFAC) Terrorist Watch List. As a condition of enrollment, providers may not employ or contract with individuals or entities that are excluded from participation in any federal health care program.  All claims and costs associated with an excluded party may be viewed as false and fraudulent and, potentially, leading to significant financial penalties and more.  The OIG Special Advisory Bulleting on the Effect of Exclusion provides very useful information in assessing this risk area

CMS calls for screening, not only against the LEIE, but also the GSA debarment list. It sent letters to State Medicaid Directors calling on them to screen their enrolled providers for exclusions against state Medicaid exclusion databases on a monthly basis. To date, 40 states have moved to establish their own Medicaid sanction lists, with a number of other states in the process of doing the same. This has increased the sanction screening burden exponentially, not only for the compliance office but other departments as well. Human resources management (HRM) normally has the responsibility of screening new hires and periodically screening current employees.  Procurement is also affected because it handles the screening of vendors and contractors.  Lastly, the Medical Credentialing Office must be involved in order to screen physicians who have been granted staff privileges.

Alena Treen, of the Compliance Resource Center (CRC), has more than 15 years’ experience with sanction screening services. She notes that spending time, money, and resources on developing and maintaining a search engine and regularly collecting and updating sanction information from many databases is not very cost effective. This all has to be done before you begin the search process and resolving potential hits.  This option is prohibitive in terms of costs, time, effort, and quality control to guard against errors or omissions.

Carrie Kusserow also has over 15 years’ experience in sanction screening as a compliance officer and consultant. She makes the point that the high cost of using internal resources to develop and manage the sanction-screening process has resulted in the great majority of health care entities subscribing to a vendor service that provides a search engine to their established databases. Vendors can afford the high cost of maintaining the currency of the data because they amortize the costs over many clients. The problem is that vendor quality, cost, and reliability can vary enormously. From experience, she offers the following tips for those considering a vendor:

  1. Know the cost up front with a fixed rate, not based upon per click searches.
  2. The contract should permit cancelling, without cause at any time, if dissatisfied.
  3. Ensure the vendor has liability insurance (preferably $1-3 million).
  4. Determine other services included (e.g. policy templates, regulatory updates, etc.).
  5. Determine how much “help desk” assistance is available to resolve potential hits.

Outsourcing sanction screening process

Jillian Bower has been providing sanction-screening services for years. She says using a vendor’s sanction screening tool to conduct screenings is only part of easing the burden.  The bulk of the effort remains in conducting the actual screening, resolving potential “hits,” and preparing a report for the record to evidence it was all done correctly.  In seeking the right vendor, look for one that includes all those steps in its agreements, but also permits–without added charge–the use of the vendor’s tool for ad hoc and individual screening, as needed.  The vendor also should be prepared to provide certified reports on the results of each round of screening that can be made part of the organization’s permanent record to evidence its completion; it should be available if the OIG or another government agency challenges the organization on meeting this compliance obligation.  Bower says the additional cost of going beyond just using a vendor’s sanction screening tool to having the vendor actually perform the searching and resolve the potential hit is surprisingly inexpensive, when compared against the time and cost of doing the work in-house.  In many cases, it may be actually be less than what some vendors would charge for only using their screening tools.  She stresses the importance of maintaining records of all sanction screenings to evidence that it was conducted properly to avoid penalties.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Factors OIG considers in deciding exclusions

The HHS Office of Inspector General (OIG) has authority exclude any individual or entity engaging in prohibited activities from participation in the federal health care programs, and add him or her to their List of Excluded Individuals and Entities (LEIE). The effect of this is that no payment may be made for any items or services furnished by an excluded individual or entity, or directed or prescribed by an excluded physician. This authority is anchored in legislation going back to 1977; the OIG was delegated authority to impose civil monetary penalties (CMPs), assessments, and program exclusion on health care providers and others determined to have submitted, or caused the submission of, false or fraudulent claims to the Medicare or Medicaid programs. During my 11-year tenure as Inspector General (IG), the administrative remedies were broadened to address additional types of misconduct. This has continued over the years.  Passage of the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) amended and expanded the existing authority for the OIG to impose CMPs and exclusions.

 Factors in exclusion decisions

The LEIE database is very large, with 3,000 new exclusions being added annually. About half of the exclusions included in the database are for criminal convictions related to health care programs and for patient abuse or neglect. These are mandatory exclusion.  In addition, the OIG has discretionary authority to exclude for other types of misconduct, such as license revocation or suspension, exclusion or suspension from another federal or state health care program, provision of unnecessary or substandard services, fraud or kickbacks, and default on a health education loan.

Tom Herrmann, J.D. served over 20 years in the Office of Counsel to the Inspector General. He explained that when exercising its discretionary authority to exclude, the OIG takes into consideration a number of factors, including the following:

  • Nature and circumstances of conduct. This includes determining adverse physical, mental, financial, or other impact to program beneficiaries, recipients, or other patients.
  •  Financial loss. Conduct  that (1) was part of a pattern of wrongdoing; (2) occurred over a substantial period of time; (3) was continual or repeated; and (4) continued until or after the person learned of the Government’s investigation indicates higher risk.
  • Leadership role. If the individual organized, led, or planned the unlawful conduct.
  • History of prior fraudulent conduct. History of judgments, convictions, decisions, or settlements in prior enforcement actions, as well as (1) refusal to have entered into a corporate integrity agreement (CIA), (2) breach of a prior CIA, or (3) lies or failure to cooperate with the OIG while under a CIA.
  • Conduct during investigation. Any (1) obstruction in the investigation or audit; (2) taking any steps to conceal the conduct from the government; or (3) failure to comply with a subpoena.
  • Resolution. The inability to pay an appropriate monetary amount (including damages, assessments, and penalties) to resolve a fraud case.
  • Absence of compliance program. Absence of a compliance program that incorporates the seven elements of an effective compliance program.

Avoiding exclusion

There are a number of steps that can be taken to reduce the likelihood of the OIG exercising its discretion to exclude parties and put them on the LEIE. These include being able to evidence:

  1. Initiating internal investigation and sharing results before the government gets involved;
  2. Self-disclosing an internal investigation;
  3. Cooperating with the government, if it initiate an investigation;
  4. Taking appropriate disciplinary action against individuals responsible for bad conduct;
  5. Implementing an effective compliance program, prior to government investigation;
  6. Devoting increased/improved support for the compliance program; and
  7. Having in the past self-disclosed overpayments in good faith to the OIG and CMS.

LEIE sanction screening

Screening individuals and entities prior to engagement and periodically thereafter is not optional–it is a necessity.   The best practice is to screen monthly against the LEIE and any state exclusion database where business is conducted, in that CMS has set this as a standard for Medicaid Directors.   In addition to screening against the LEIE, most states require screening against their database of sanction parties. Often there are delays in resolution of cases, so that a party may not be included in a sanction database at time of engagement, but is added later. Furthermore, inasmuch as most state Medicaid Fraud Control Units report their criminal actions to the OIG, that in turn includes them in the LEIE, resulting in frequent cases of multiple hits for the same underlying action. This is further complicated by the fact that there are delays when actions by state agencies are reported to the OIG for their determination to add them to the LEIE.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG imposed penalties for noncompliance with corporate integrity agreements

Health care organizations continue to enter into corporate integrity agreements (CIAs) with the HHS Office of Inspector General (OIG) in exchange for the OIG not seeking an exclusion from participation in federal health care programs. There are serious “stipulated penalties” or, in the case of a material breach, possible exclusion from Medicare and Medicaid for non-compliance with CIA terms and conditions.

Carrie Kusserow, a nationally recognized expert on CIA compliance, found that a real “game changer” has been the inclusion of certifications in CIAs by members of the board, executive leadership, and compliance officers. Under the CIA, there are stipulated penalties for false certifications.  Furthermore, they could also be considered a material false statement or representation implicating the False Claims Act. To take away any defenses to false certifications by board members, the OIG requires they engage a compliance expert to assist them in meeting their obligations. The expert reports must be included with those provided to the OIG. This places direct burden on board members for compliance with the CIA and subjects them to personal peril for non-compliance.  This, in turn, adds pressure on the compliance officer and executive leadership to be able to evidence meeting all the compliance obligations.  Many boards and executive leadership members wake up after a CIA is signed to realize how much must be done to meet the tight deadlines required under the agreement.

Stipulated penalties

Stipulated penalties include:

  • Daily penalties for failure to (a) comply with terms and conditions related to the compliance program; (b) engage and use an independent review organization (IRO); (c) submit a complete implementation report, annual report, or any certifications on time; and (d) submit any mandated claims review report.
  • $50,000 per false certification in (a) implementation reports, (b) annual reports, and (c) other OIG requested documentation.
  • $1,000 per day for each compliance failure with any obligation of the CIA.

Material breaches

Material breaches include:

  • Not responding to an OIG demand letter;
  • Not reporting a reportable event;
  • Not taking corrective action of CIA violations;
  • Not making appropriate refunds of overpayments;
  • Not responding to demands for stipulated penalties payments; and
  • Not engaging and using an IRO.

Enforcement actions

Tom Herrmann, J.D., former executive in the Office of Counsel to the Inspector General and an appellate judge for the Medicare Appeals Board, notes an organization can request a hearing before an HHS administrative law judge to dispute the OIG’s determination of noncompliance resulting in a stipulated penalty or exclusion, but this rarely proves to be a viable alternative. The OIG is not reluctant to use its authority to enforce compliance with CIAs and noted the following recent examples of enforcement actions taken by the agency for violations of CIA terms and conditions:

  1. Special Care Hospital Management Corp. and its CEO paid $30,000 for failure to conduct legal review of new, renewed, and existing focus arrangements and to timely submit its first annual report.
  2. Kindred Healthcare paid $3,073,961 for failing to correct improper billing practices in the fourth year of its CIA.
  3. A Maryland cardiology practice and physicians paid $2,800 for failure to timely submit its second annual report.
  4. A North Carolina physician paid $10,000 for not prominently posting the HHS OIG Fraud Hotline telephone number; failing to provide the required amount of compliance training within 60 days of the CIA; not screening employees and contractors; and submitting the implementation report late.
  5. Roberts Physical and Aquatic Therapy and its owner were excluded for six years for failing to report and to repay an IRO-identified overpayment and stipulated penalties.
  6. A pain management company was excluded for five years for not paying stipulated penalties of $34,000 and $239,961.80 in overpayments identified by its IRO.
  7. A Florida physician paid $20,000.00 for late submission of his first annual report.
  8. A renal dialysis company paid $450,000 for failure to comply with focus arrangements procedures and requirements.
  9. A Florida physician paid $12,000 for failure to: timely submit his third quarterly claims review report, provide training, retain an IRO, perform sanction screening, and timely submit an implementation report.
  10. A health services company was excluded for failing to timely retain an IRO and had to retain a quality monitor and extension on its CIA.
  11. A sleep clinic paid $5,000 for failure to disclose two reportable events involving the Anti-Kickback Statute.
  12. A Florida medical device company paid $15,000 for failure to: screen employees and contractors, distribute revised policies and procedures, and provide parties to focus arrangements with a copy of its code and Anti-Kickback Statute policies and procedures.
  13. A Puerto Rican physician paid $6,300 for failure to engage a new IRO within 60 days of terminating his previous one.
  14. A Maryland practice management company was penalized for failure to timely submit an implementation report and thereafter filed for bankruptcy.
  15. A health management company was excluded for failure to: implement compliance policies and procedures; report quality of care reportable events; develop and maintain a disclosure program and log; hire regional dental directors; perform onsite review; report and refund overpayments; conduct training and education; provide accurate certifications; and report quality of care reportable events.
  16. A pain management company, ambulatory center, and owner paid $5,000 for failure to designate and maintain a compliance contact, as required.
  17. A California hospital paid $105,000 for failing to comply with arrangements procedures and focus arrangements requirements.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG continues distancing itself from the GSA debarment list

The HHS Office of Inspector General (OIG) has never called for all health care organizations to screen against the General Services Administration (GSA) System for Award Management (SAM). In the past, the OIG has noted in its various compliance guidance documents that the GSA maintains a federal debarment list and cited it as an additional resource available to health care organizations. The fact that SAM was mentioned by the OIG often leads organizations to believe that they must screen against both the OIG’s List of Excluded Individuals and Entities (LEIE) and SAM.

Yet, for the last several years, the OIG has distanced themselves from the recommendation to health care organizations to screen SAM. In the OIG’s 2013 “Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs” the agency addressed questions regarding its position on screening against SAM and contrasted the LEIE and SAM. The OIG made it clear that it would take action only on parties found on the LEIE and that they had no interest or authority to address confirmed hits on the GSA SAM. It also noted that in January 2011, CMS issued final guidance mandating states to screen all enrolled providers monthly against both the LEIE and SAM, but that was CMS’ position, not the OIG’s position.

This means CMS is the only federal government agency calling for health care providers and plans to screen SAM. The CMS Medicare Enrollment Application for Institutional Providers requires applicant hospitals to have a compliance plan that states that the hospital checks all managing employees against the exclusion/debarment lists of both the OIG LEIE and the GSA SAM. For health plans, the regulation states that they cannot contract with any individuals or entities that are debarred by GSA as a condition to maintaining active enrollment status. CMS also requires managed care plans to screen prior to the hiring or contracting of any new employee, temporary employee, volunteer, consultant, governing body member, or First Tier, Downstream or Related Entity (FDR), and on a monthly basis thereafter. It is worthwhile to remember that CMS has not established any enforcement mechanism to deal with providers who have relationships with parties on the SAM debarment list.

As such, distance is growing between OIG and CMS regarding screening against SAM, which has never been user-friendly for health care organizations and yields numerous false matches that then take time and effort in resolve and verify. SAM records simply have very limited identifying information on individuals and entities. GSA designed their system to be used by federal government agencies for procurement purposes, and not for any other purpose or for use by non-federal organizations.

The latest policy statement by the OIG was announced at the recent Health Care Compliance Association (HCCA) Compliance Institute. An OIG Deputy Branch Chief noted that the OIG will soon no longer include screening the SAM as part of compliance integrity agreement (CIA) requirements. The OIG must recognize the added burden on organizations to resolve false hits to SAM. However, the agency made it clear that screening against the LEIE is mandatory, whether or not an entity is under a CIA. So, providers and plans are still confronted with CMS’ position on the subject and continue to struggle with all the problems presented by the user unfriendly SAM system.

Jillian Bower, a compliance screening expert stated that “any provider with a large work force, or that engages many contractors or vendors, finds manual screening too costly, especially when multiple federal and state exclusion lists must be included. Most organizations turn to using a vendor that offers a sanction screening application that can greatly facilitate the process by enabling providers to conduct batch screenings of a large number of names simultaneously against multiple federal and state exclusion lists. However, there remains the problem of resolving potential matches and for many the answer is to simply outsource the entire process to a vendor who will conduct sanction screening against all identified exclusion lists, as well as resolving potential matches.”

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2016 Strategic Management Services, LLC. Published with permission.