Kusserow on Compliance: Meeting sanction-screening requirements

As the HHS Inspector General, I created what is now referred to as the List of Excluded Individuals and Entities (LEIE). This was followed by various HHS Office of Inspector General (OIG) compliance guidance documents that call for screening employees, physicians, vendors, and contractors against the LEIE. Subsequently, the OIG encouraged screening against the General Service Administration’s (GSA) Excluded Parties List System (EPLS), now part of the System for Award Management (SAM).  Other federal sanction databases worth screening are maintained by the Drug Enforcement Administration (DEA) and FDA, as well as the Department of the Treasury Office of Foreign Assets Control (OFAC) Terrorist Watch List. As a condition of enrollment, providers may not employ or contract with individuals or entities that are excluded from participation in any federal health care program.  All claims and costs associated with an excluded party may be viewed as false and fraudulent and, potentially, leading to significant financial penalties and more.  The OIG Special Advisory Bulleting on the Effect of Exclusion provides very useful information in assessing this risk area

CMS calls for screening, not only against the LEIE, but also the GSA debarment list. It sent letters to State Medicaid Directors calling on them to screen their enrolled providers for exclusions against state Medicaid exclusion databases on a monthly basis. To date, 40 states have moved to establish their own Medicaid sanction lists, with a number of other states in the process of doing the same. This has increased the sanction screening burden exponentially, not only for the compliance office but other departments as well. Human resources management (HRM) normally has the responsibility of screening new hires and periodically screening current employees.  Procurement is also affected because it handles the screening of vendors and contractors.  Lastly, the Medical Credentialing Office must be involved in order to screen physicians who have been granted staff privileges.

Alena Treen, of the Compliance Resource Center (CRC), has more than 15 years’ experience with sanction screening services. She notes that spending time, money, and resources on developing and maintaining a search engine and regularly collecting and updating sanction information from many databases is not very cost effective. This all has to be done before you begin the search process and resolving potential hits.  This option is prohibitive in terms of costs, time, effort, and quality control to guard against errors or omissions.

Carrie Kusserow also has over 15 years’ experience in sanction screening as a compliance officer and consultant. She makes the point that the high cost of using internal resources to develop and manage the sanction-screening process has resulted in the great majority of health care entities subscribing to a vendor service that provides a search engine to their established databases. Vendors can afford the high cost of maintaining the currency of the data because they amortize the costs over many clients. The problem is that vendor quality, cost, and reliability can vary enormously. From experience, she offers the following tips for those considering a vendor:

  1. Know the cost up front with a fixed rate, not based upon per click searches.
  2. The contract should permit cancelling, without cause at any time, if dissatisfied.
  3. Ensure the vendor has liability insurance (preferably $1-3 million).
  4. Determine other services included (e.g. policy templates, regulatory updates, etc.).
  5. Determine how much “help desk” assistance is available to resolve potential hits.

Outsourcing sanction screening process

Jillian Bower has been providing sanction-screening services for years. She says using a vendor’s sanction screening tool to conduct screenings is only part of easing the burden.  The bulk of the effort remains in conducting the actual screening, resolving potential “hits,” and preparing a report for the record to evidence it was all done correctly.  In seeking the right vendor, look for one that includes all those steps in its agreements, but also permits–without added charge–the use of the vendor’s tool for ad hoc and individual screening, as needed.  The vendor also should be prepared to provide certified reports on the results of each round of screening that can be made part of the organization’s permanent record to evidence its completion; it should be available if the OIG or another government agency challenges the organization on meeting this compliance obligation.  Bower says the additional cost of going beyond just using a vendor’s sanction screening tool to having the vendor actually perform the searching and resolve the potential hit is surprisingly inexpensive, when compared against the time and cost of doing the work in-house.  In many cases, it may be actually be less than what some vendors would charge for only using their screening tools.  She stresses the importance of maintaining records of all sanction screenings to evidence that it was conducted properly to avoid penalties.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Equities rest with agency in administrative enforcement actions

Administrative enforcement is quicker than an investigation but still “deadly” for the provider or supplier, concluded Judith Waltz, partner at Foley & Lardner LLP, at the American Health Lawyers Association’s 2017 Institute on Medicare and Medicaid Payment Issues. “Administrative enforcement” means the tools available to HHS, CMS, and the HHS Office of Inspector General (OIG) without or with limited formal involvement of the Department of Justice, including civil money penalties (CMPs), payment suspensions, and billing privilege or enrollment denials and revocations. In administrative enforcement actions, the equities and more discretion may rest with the agency, and a lesser burden of persuasion applies for the agency to prove its case.

Exclusion regulations

In December 2016 the OIG revised its exclusion regulations (see 81 FR 88334) in part to implement the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148). Waltz explained that the Final rule did the following: (1) expanded its permissive exclusion authority for convictions related to obstruction of an investigation to include audits; (2) added permissive exclusion authority for making false statements, omissions, or misrepresentations in enrollment applications; (3) added early reinstatement for loss of license in a different state; and (4) added a 10-year look-back period for exclusions.

Inflation

Waltz noted that CMPs are being updated annually for inflation pursuant to a final rule issue in December 2016 (see 45 C.F.R. Part 102). For example, a CMP for failing to grant timely access is up to $15,000 per day, $16,312 after inflation, and the CMP for false statements, omissions, or misrepresentations in enrollment or similar documents is up to $50,000 per false statement, $54,732 after inflation. Waltz said, “After inflation, numbers are unbelievable.”

Kusserow on Compliance: Factors OIG considers in deciding exclusions

The HHS Office of Inspector General (OIG) has authority exclude any individual or entity engaging in prohibited activities from participation in the federal health care programs, and add him or her to their List of Excluded Individuals and Entities (LEIE). The effect of this is that no payment may be made for any items or services furnished by an excluded individual or entity, or directed or prescribed by an excluded physician. This authority is anchored in legislation going back to 1977; the OIG was delegated authority to impose civil monetary penalties (CMPs), assessments, and program exclusion on health care providers and others determined to have submitted, or caused the submission of, false or fraudulent claims to the Medicare or Medicaid programs. During my 11-year tenure as Inspector General (IG), the administrative remedies were broadened to address additional types of misconduct. This has continued over the years.  Passage of the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) amended and expanded the existing authority for the OIG to impose CMPs and exclusions.

 Factors in exclusion decisions

The LEIE database is very large, with 3,000 new exclusions being added annually. About half of the exclusions included in the database are for criminal convictions related to health care programs and for patient abuse or neglect. These are mandatory exclusion.  In addition, the OIG has discretionary authority to exclude for other types of misconduct, such as license revocation or suspension, exclusion or suspension from another federal or state health care program, provision of unnecessary or substandard services, fraud or kickbacks, and default on a health education loan.

Tom Herrmann, J.D. served over 20 years in the Office of Counsel to the Inspector General. He explained that when exercising its discretionary authority to exclude, the OIG takes into consideration a number of factors, including the following:

  • Nature and circumstances of conduct. This includes determining adverse physical, mental, financial, or other impact to program beneficiaries, recipients, or other patients.
  •  Financial loss. Conduct  that (1) was part of a pattern of wrongdoing; (2) occurred over a substantial period of time; (3) was continual or repeated; and (4) continued until or after the person learned of the Government’s investigation indicates higher risk.
  • Leadership role. If the individual organized, led, or planned the unlawful conduct.
  • History of prior fraudulent conduct. History of judgments, convictions, decisions, or settlements in prior enforcement actions, as well as (1) refusal to have entered into a corporate integrity agreement (CIA), (2) breach of a prior CIA, or (3) lies or failure to cooperate with the OIG while under a CIA.
  • Conduct during investigation. Any (1) obstruction in the investigation or audit; (2) taking any steps to conceal the conduct from the government; or (3) failure to comply with a subpoena.
  • Resolution. The inability to pay an appropriate monetary amount (including damages, assessments, and penalties) to resolve a fraud case.
  • Absence of compliance program. Absence of a compliance program that incorporates the seven elements of an effective compliance program.

Avoiding exclusion

There are a number of steps that can be taken to reduce the likelihood of the OIG exercising its discretion to exclude parties and put them on the LEIE. These include being able to evidence:

  1. Initiating internal investigation and sharing results before the government gets involved;
  2. Self-disclosing an internal investigation;
  3. Cooperating with the government, if it initiate an investigation;
  4. Taking appropriate disciplinary action against individuals responsible for bad conduct;
  5. Implementing an effective compliance program, prior to government investigation;
  6. Devoting increased/improved support for the compliance program; and
  7. Having in the past self-disclosed overpayments in good faith to the OIG and CMS.

LEIE sanction screening

Screening individuals and entities prior to engagement and periodically thereafter is not optional–it is a necessity.   The best practice is to screen monthly against the LEIE and any state exclusion database where business is conducted, in that CMS has set this as a standard for Medicaid Directors.   In addition to screening against the LEIE, most states require screening against their database of sanction parties. Often there are delays in resolution of cases, so that a party may not be included in a sanction database at time of engagement, but is added later. Furthermore, inasmuch as most state Medicaid Fraud Control Units report their criminal actions to the OIG, that in turn includes them in the LEIE, resulting in frequent cases of multiple hits for the same underlying action. This is further complicated by the fact that there are delays when actions by state agencies are reported to the OIG for their determination to add them to the LEIE.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG expanded exclusion authorities go into effect

On February 13, 2017, the HHS Office of Inspector General (OIG) Final rule amending the regulations related to its exclusion authority goes into effect. It incorporates recent statutory changes, early reinstatement provisions, and recent policy changes, and clarifies existing regulatory provisions. It is the most substantial revision to the exclusion regulations in many years and reflects changes made by the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148) in 2010 and the Medicare Modernization Act (MMA) in 2003, as well as informal practices that the OIG has now codified in regulations. Most of the changes in the final rule are largely technical in nature; however they significantly expand and solidify the OIG’s authority to exclude providers.

The scope of OIG oversight now will move beyond claims submission based on the ACA’s permissive exclusion authority over an individual or entity that knowingly makes or causes to be made any false statement, omission, or misrepresentation of material fact in any application, agreement, bid, or contract to participate or enroll as a provider of services or supplier under a federal health care program. Under the new rules, the OIG’s authority has been extended to exclude based on the following:

  • conviction relating to obstruction of an investigation or audit;
  • failure to provide payment information by individuals who “order, refer for furnishing, or certify the need for” items or services paid for by Medicare or state health care programs;
  • those who refer patients or certify the need for items or services, even if they do not provide the items or services; and
  • making false statements or misrepresenting material facts in applications to participate as a provider or supplier under a federal health care program.

The OIG also will now consider materials obtained from various entities, including CMS, state Medicaid agencies, fiscal agents or contractors, private insurance companies, state or local licensing or certification authorities, and law enforcement. This information may be considered in determining the length of exclusion.  Also, a number of technical changes were made regarding key terms, such as replacing the language “who submit claims to” with “who request or receive payment from” in the definitions of “directly” and “indirectly,” thereby clarifying the scope of individuals and entities subject to oversight by the OIG.

The OIG may impose exclusion up to a 10-year period from the time the conduct occurred. It may consider a request for a waiver from a federal health care program administrator, as opposed to only waivers submitted by state health care program administrators. It also makes several changes to the aggravating and mitigating factors that the agency considers in determining whether to increase the length of exclusion above the minimum required. Mitigating factors are only considered if OIG has established one or more aggravating factors. Other changes include:

  • updating the dollar amounts for aggravating and mitigating factors that consider the financial loss to federal health care programs as a result of the misconduct from $15,000 to $50,000;
  • reworking the existing aggravating factors regarding other offenses to include considering adverse actions based on offenses separate from those forming the basis of the exclusion and adverse actions based on the same offenses; and
  • removing the mitigating factor related to availability of alternative sources of the type of health care items or services furnished by the person.