A Provider’s Guide to OIG Exclusions
A Provider’s Guide to OIG ExclusionsFederal Exclusion Regulations and Enforcement Authorities, and How Providers Can Avoid Risk with Proper Exclusion Screening–Part 1
Paul S. Weidenfeld, JD
WHAT IS AN OIG EXCLUSION? WHAT IS ITS IMPACT?
- Management, administrative or any leadership roles;
- Surgical support such as the preparation of a surgical tray that indirectly assists in care;
- Claims processing and information technology;
- Providing transportation services with excluded ambulance drivers or by employing excluded ambulance company dispatchers;
- Selling, delivering or refilling orders for medical devices or equipment (whether reimbursed directly or indirectly);
- Review of treatment plans, and other support services, whether billed separately or as part of a bundled payment.
TYPES OF OIG EXCLUSIONS
There are two types of OIG Exclusions – Mandatory and Permissive. Mandatory Exclusions are identified in Sections 1128(a)(1) – 1128(a)(4) of the Social Security Act (SSA), (42 U.S.C. §1320a-7(a)(1)-(4)) and they are imposed as a result of convictions for program fraud, patient abuse and certain drug offenses. Permissive exclusions, on the other hand, are discretionary and can be imposed for broad range of conduct. These are identified in §1128(b)(1)–§1128(b)(16) and §1156 of the Act. 
The following figures provide a general breakdown of OIG Exclusions over the last five years. Figure 1A illustrates that permissive exclusions based on licensing disciplinary actions and mandatory exclusions based on federal health care fraud convictions accounted for over 75% of all exclusions during this period (41% and 35% respectively). The first chart also illustrates that mandatory exclusions accounted for 55% of all exclusions.
Figure 2 breaks down exclusions by “specialty” as labeled by the OIG in the LEIE postings. It shows that nurses, nurse aides, personal care providers, home health care aides and physicians account for almost two-thirds of all exclusions over the last five years. Taken together, these two charts demonstrate the OIG’s dual focus on patient safety and program integrity.
Sections 1128(a)1-(a4) of the Social Security Act identify the four legal basis which warrant the imposition of a mandatory exclusion by the Office of Inspector General. They are:
- 1128(a)(1): Conviction related to the delivery of an item or services to a Federal or State Health Care Program;
- 1128(a)(2): Conviction under State or Federal law relating to neglect or abuse of patients in connection with the delivery of a health care item or service;
- 1128(a)(3): Felony conviction relating to health care fraud program (other than Medicare or Medicaid); and,
- 1128(a)(4): Felony conviction relating to the unlawful manufacture, distribution, prescription, or dispensing of a controlled substance.
It is important to note that though a mandatory exclusion under sections 1128(a)(1) and (a)(2) must be based on a “conviction,” the term is extremely broadly defined. “Nolo contendere” pleas, for example, qualify as convictions under this section; even dispositions under first offender programs and deferred adjudications – programs where no finding of guilt is ever entered – satisfy the conviction requirement for purposes of the Act. In addition, Section 1128 is satisfied by any “State, Federal or Local Court.” (See §§ 1128(i)(1)- (i)(4) of the Social Security Act.) Thus, it has been held that a deferred adjudication agreement in a local court for misdemeanor theft is a sufficient basis for the imposition of a mandatory exclusion under (a)(1) because it was related to Medicaid services. (Department of Health and Human Service, Departmental Appeals Board Civil Remedies Division, Okwilagwe v. The Office of Inspector General, Docket No. C-13-322, Decision No. CR2920, September 6, 2013.) The same standards would apply to exclusions under (a)(2).
Mandatory exclusions be must be imposed for at least five years, however they are often imposed for much longer periods if warranted by the underlying facts and circumstances. Once a mandatory exclusion is imposed, the person must wait at least five years before applying for reinstatement if this is their first exclusion, but ten years must pass before reinstatement may be sought after a second mandatory exclusion, and a third mandatory exclusion is permanent. If the OIG seeks to impose a mandatory exclusion, the only viable defense that can be raised is the length of the exclusion is subject to challenge. (42 C.F.R. 402.214.)
Finally, it is worth noting that the “balance” of mandatory to permissive exclusions appears to be changing. The current composition of all exclusions on the List of Excluded Individuals and Entities (LEIE) is 47% mandatory and 53% permissive, but Figure 1B shows us that during the period 2013 to 2017 the percentages essentially switched as mandatory exclusions increased from 47% to 55%. And in 2017 the mandatory exclusions increased to almost 63% of all exclusions. Althought these data are relatively new and there is no ready explanation, it is a trend worth watching.
The OIG’s permissive exclusion authority has been expanded a number of times over the years, and the imposition of permissive OIG exclusions includes convictions for obstructing heatlhcare investigatiosn adn/or audits, improper certification for items or services, and making false statements or misrepresentations in applicatiosn to participate in Medicare. The following is a list of the permissive exclusions as found on the OIG website:
Unlike its mandatory exclusion authority which is virtually automatic when specific convictions occur, the OIG has the discretion to impose permissive exclusions over a wide range of conduct (or misconduct). OIG guidance on the implementation of its permissive exclusion authority, begins with a presumption favoring exclusion under certain circumstances. The guidance outlines a “compliance risk spectrum” that is based on the risks posed to patients and to federal health care programs. The factors to be considered include a company’s underlying conduct during the investigation, in addition to current and historical compliance efforts. The OIG also issued specific guidance with respect to the imposition of permissive exclusions based on an excluded individual’s ongoing role or interest in a company.
Although the OIG is authorized to impose permissive exclusions over a wide range of conduct, figure 4 shows that the agency actually invokes its permissive exclusion authority over a narrow range of persons and limited circumstances. For example, Figure 4A shows that nurse and nurse aides alone account for approximately 70% of all permissive exclusions, with “other licensed professionals” (mostly therapists, mid-level providers and counselors) and physicians accounting for 16% and 9% respectively. As nurses and nurse aides are the persons in the best positions to impact both patient care and claims arising from that care, it is not surprising that they comprise a significant percentage of the exclusions. However, it is somewhat surprising that business owners only account for 3% of all permissive exclusions.
As seen in Chart 5, despite the many permissive exclusion options available to the OIG, the vast majority of permissive exclusions it has imposed over the last five years (a surprisingly high 90%) were based on final disciplinary actions such as license suspensions and revocations that had been taken by a State licensing board. The only other measurable bases were health care fraud misdemeanors, State exclusions, fraud or kickbacks, and defaults on student loans – though none of which accounted for more than 3% of the permissive exclusions imposed.
Process, Finality and Appeal Rights for OIG Exclusions
The process of imposing and appealing an exclusion depends upon the exclusion the OIG seeks to impose as is governed by 42 C.F.R. §§ 1001.2001- 1001.2007. When the OIG seeks to impose a mandatory exclusion, it may initiate the process by sending the party a Notice of Intent to Exclude, which identifies the basis for the proposed exclusion, describes the potential effect of an exclusion, and gives the individual or entity 30 days to respond in writing with relevant information or evidence. At this stage in a mandatory exclusion, there is no provision for a hearing. Indeed, the OIG can skip the “Notice of Intent” when seeking a mandatory exclusion and begin the process with a “Notice of Exclusion.” This must include the basis and length of the exclusion, the earliest reinstatement date, the requirements for reinstatement, and the excluded party’s appeal rights. When the OIG seeks a permissive exclusion, in most instances it begins the process with a “Notice of Intent to Exclude.” However, if the OIG seeks to exclude based on something other than an underlying final determination (such as a license revocation or State exclusion action), the process may include a “Notice of Proposal to Exclude.”
Exclusions may be appealed first to an Administrative Law Judge (ALJ), then to the Departmental Appeals Board (DAB), and then to a United States District Court. However, appeals of exclusions are limited to two issues: (1) whether the OIG had a “basis for the imposition of the sanction,” and (2) whether the length of the exclusion is unreasonable. 42 C.F.R. 402.214. In addition, an ALJ considering these issues is prohibited from reviewing the “exercise of discretion” by the OIG, 42 C.F.R. §1005.4(c)(7), and if the sanction is based on a “prior determination,” the underlying basis may not be attacked if a “final decision was made.” § 1001.2007(d). As a result, most exclusion appeals, particularly those of mandatory exclusions, are focused on the length of the exclusion.
Mandatory exclusions are final 20 after the Notice of Exclusion. They are not stayed pending the outcome of the appeal upon finality. The OIG posts the exclusion on the LEIE, and it sends notices of the exclusion to various State and Federal interests including, but not limited to, State licensing boards, State health programs, medical societies, Medicaid fraud control units, and the National Practitioner Data Bank.
Enforcement Tools for Exclusion Violations
“Exclusion Violations” are actions taken by an individual or entity in contravention of the “payment prohibition” as defined in 42 C.F.R. § 1001.1901, and the authority to impose CMPs and assessments is delegated by the Secretary to the OIG pursuant to 42 CFR § 1003.150. The specific exclusion violations for which the OIG has the authority to impose civil money penalties and assessments are presented in Table 2.
Most of the exclusion cases pursued by the OIG have been for violations of § 1003.200(b)(4) —employing or contracting with an individual or entity. Recently, however, the OIG has been actively investigating and pursuing cases involving the ordering and prescribing of medicine from excluded persons. 42 C.F.R. § 1003.200(b)(6). Investigations involving the direct submission of a large number of claims by an excluded person (such as an excluded physician continuing to practice medicine and submit claims in violation of § 1003.200(a)(3)), or the retention of ownership or control through fraudulent representations in violation of § 1003.200(b)(3)) are fewer in number, and those that have been reported have typically resulted in criminal and/or false claims act resolutions. To date, there have been few, if any, enforcement actions involving MCOs, Medicare Advantage (MA) or Part D contracting organizations that have been reported.
Civil Money Penalties for Exclusion Violations
CMPs are “remedial measures designed to protect the Federal health care programs from any person whose continued participation in the programs constitutes a risk to the programs and their beneficiaries.” designed to protect program integrity and patient safety. They are the favored weapon of the OIG in its enforcement of exclusion violations. As stated in the 2016 final rule amending CMP authorities and incorporating new ones:
“The CMP authorities in this part, as a general matter, aim to redress fraud on the Federal health care programs by recovering funds, protecting the programs and beneficiaries from untrustworthy providers and suppliers, and deterring improper conduct by others. Accordingly, it is highly relevant if the conduct put beneficiaries at risk of patient harm.”
Tabel 3 identifies the OIG’s CMP authority for each exclusion violation. As can be seen, the OIG may impose a penalty of up to $10,000 for each individual violation of § 1003.200(a)(3) and § 1003.200(b)(6); up to $10,000 for each day § 1003.210(b)(3) is violated; and up to $10,000 for each item or service provided, furnished, ordered, or prescribed in violation of § 1003.200(b)(4). MCOs, MA, and Part D contracting organizations that employ or contract with excluded persons or entities face a penalty of $25,000 for each offense. 
Assessment Authority of the OIG for Exclusion Violations
In addition to its authority to impose CMPs, the OIG is also authorized to impose assessments for OIG Exclusion violations. Assessments differ from CMPs in that they are not considered to be sanctions; instead, they may be imposed “in lieu of damages sustained by the Department or the State agency because of the violation.” 42 C.F.R. § 1003.130.  That is, assessments act as a proxy for damages presumed to have been sustained by either the Federal or State agency as a consequence of the violation, and the OIG is specifically authorized to impose them in exclusion violations in 42 C.F.R. § 1003.210 and § 1003.410. Section 1129 of the Social Security Act [42 U.S.C. § 1320a–8(a)(1)]. Since assessments are considered to be a form of restitution and not a penalty or sanction, the OIG theoretically could impose both a CMP and an assessment for an exclusion violation. Table 4 Shows the assessment amounts the OIG is authorized to impose for exclusion violations.
The assessment provisions for employing or contracting with excluded individuals were recently amended in an effort to recognize the difference in effect between exclusions involving direct billers (such as a doctor) and those involving persons that provide support services not directly billed (such as an aide). The amended assessment regulations permit an assessment to be as much as three times the amount of each service billed for employing or contracting with a person that provides directly billable services, whereas the assessment for persons that provide a “non-separately-billable” service is limited to three times the amount of the costs associated with that individual. As will be discussed later, this is consistent with the methodology of calculating the federal “loss” in self-disclosures involving exclusion violations.
FACTORS IN IMPOSING PENTALTIES AND ASSESSMENTS
When considering the imposition of penalties and assessments, the OIG considers the nature and circumstances of the violation, the degree of culpability of the individual being assessed, the history of prior offenses, other wrongful conduct (if any) and any other matters the OIG deems relevant to its determination. 42 C.F.R. § 1004.140(a). Relevant mitigating and aggravating factors contained in the regulation and discussed in subsequent OIG guidance include the following:
- If the length of time was short and the amount claimed was less than $5,000.
- There were several violations, or a pattern, over a lengthy period of time;
- The ownership, control, or responsibility implicated §1003.200(b)(3);
- The amount claimed or requested for such items was $50,000 or more;
- The violation caused or could have caused, adverse patient consequences.
Appeal Rights for Civil Money Penalties and Assessments
The appeal rights of parties with respect to CMPs and assessments are found in 42 C.F.R. § 1005 et seq. Parties have the right to request a hearing before an ALJ to challenge the imposition of penalties and assessments if they make a written request within 60 days of receiving notice of the sanction. The process allows for representation by counsel, discovery rights, the right to present and cross examine witnesses, a hearing, and the right to present oral and written arguments to the ALJ. The ALJ has full authority over the pre-hearing process and the hearing itself. However, the ALJ does not have the authority to compel negotiations, enjoin the Secretary in any way, invalidate existing regulations, or refuse to follow them. The ALJ is also not permitted to review the exercise of discretion by the OIG to impose a CMP or assessment. At the conclusion of the hearing, the ALJ issues an “initial decision” which includes findings of fact and conclusions of law in which he may increase or reduce penalties and assessments.
An “Initial Decision” can be appealed to the DAB; a timely appeal stays the imposition of a CMP. The DAB has broad authority in the manner in which it handles the appeal. It can decline to review the case; increase, reduce, or remand a penalty or assessment determined by the ALJ; and remand the matter to the ALJ for consideration of additional evidence. The decision of the DAB is final 60 days from issuance unless it involves a remand, and the parties have the right to appeal the DAB ruling to federal district court. A stay of the imposition of a CMP may be requested during the federal appeal process. However, the request goes to the ALJ that imposed the penalty in the first instance, and the ALJ is not authorized to grant the stay unless a bond or other security is posted.
Potential Overpayment and False Claims Act Liability for Exclusion Violations
Providers have the burden of ensuring that they comply with exclusion-related regulations and that they do not employ or contract with an excluded individual or entity. Those that fail in this obligation are at risk for overpayment liability regardless of whether they have actual knowledge of the person’s status at the time of their transaction. As the OIG states: “If a hospital contracts with a staffing agency for temporary or per diem nurses, the hospital will be subject to overpayment liability … if the nurse furnishes items or services reimbursed by a federal health care program. 2013 Special Advisory, at 15.
Exclusion violations can also give rise to potential False Claims Act (FCA) liability under the Fraud Enforcement Recovery Act of 2009 (FERA) and the Affordable Care Act of 2010 (ACA). FERA expands the scope of “reverse false claims” liability under the FCA by making the retention of an “obligation” to the government a false claim, and the ACA specifically states that retained overpayments are legal “obligations” under FERA. Thus, since providers “know” they have a legal obligation to ensure compliance with exclusion regulations and that overpayments result from exclusion violations, any failure of compliance that results in an overpayment may be viewed as the result of conduct that constituted a “reckless disregard” or a “deliberate ignorance” of the rules – and that therefore violated the FCA.
ABOUT THE AUTHOR
“OIG” in this paper refers to “Office of Inspector General, Department of Health and Human Services” unless otherwise stated. The term “OIG Exclusion” is used as shorthand for an administrative action taken by the OIG barring an individual or entity from participating in Federal health care programs pursuant to §1128(a)(1)-(4), (b)(1)-(b)(16) or §1156 of the Social Security Act (SSA).
 This article focuses on exclusions from a regulatory and enforcement perspective, but exclusions also play a critical role in compliance and risk management programs. See, e.g., HCCA, Measuring Compliance Program Effectiveness: A Resource Guide (Jan. 2017), available at ttps://oig.hhs.gov/compliance/compliance-resource-portal/files/HCCA-OIG-Resource-Guide.pdf. (guidance reconfigures the traditional “Seven Elements of an Effective Compliance Program” and makes the “Screening and Evaluation of Employees, Physicians, Vendors and other Agents” an element unto itself – or the new “Seventh Element of Compliance”).
 The Medicare-Medicaid Anti-Fraud and Abuse Amendments of 1977, Public Law 95–142. In 1979, the Department of Health Education and Welfare was renamed the Department of Health and Human Services (HHS).
See e.g. Crackdown on Health Care Fraud, https://www.nytimes.com/1995/12/22/us/in-crackdown-on-health-care-fraud-us-focuses-on-training-hospitals-and-clinics.html.
 In addition to establishing the principle of insurance portability, HIPAA contained several provisions related to health care fraud enforcement, including containing legislation that significantly increased the ability of law enforcement agencies to obtain and share information and establishing the Health Care Fraud and Abuse Fund (HCFAC) as a permanent funding source specifically designated for health care fraud enforcement.
 The effect of an OIG Exclusion is addressed in the Special Advisory Bulletin on the Effects of Exclusion from Federal Health Care Programs,” issued September 2, 1999, and in the “Updated Special Advisory Bulletin on the Effect of Exclusions from Participation in Federal Health Care Programs,” issued May 8, 2013. Hereinafter, the initial advisory will be referred to as the “1999 Special Advisory” and the update will be referred to as the “Updated Special Advisory” or the “2013 Special Advisory.” The 1999 Special Advisory can be found at: https://oig.hhs.gov/fraud/docs/alertsandbulletins/effected.htm; the 2013 Updated Special Advisory can be found at https://oig.hhs.gov/exclusions/files/sab-05092013.pdf.
 Inspector General June Gibbs Brown, in the press release for the 1999 Special Advisory.
 See 42 C.F.R. § 1001.10. Definitional changes were made to direct and indirect claims pursuant to rulemaking authority granted to the OIG in the MMA and the ACA; See also, OIG Advisory Opinion No. 18-01 at 5 (Feb. 20, 2018) available at https://oig.hhs.gov/fraud/docs/advisoryopinions/2018/AdvOpn18-01.pdf.
 The Data in the figures in this section come from the exclusion data reportered in the List of Excluded Individuals/Entities (LEIE) by calendar year.
 The data in the charts in this section comes from exclusion data reported in the List of Excluded Individuals/Entities (LEIE).
 These calculatiosn are based on the composition of the LEIE through December 31, 2017.
 See, §§ 1128(c)(3)(G)(i) and (G)ii of the SSA. See also 82 Fed. Reg. 4100.
 See https://oig.hhs.gov
 See Criteria for implementing section 1128(b)(7) exclusion authority (April 18, 2016) available at https://oig.hhs.gov/exclusions/files/1128b7exclusion-criteria.pdf. The OIG breaks these down into “high risk factors,” “low risk factors,” and factors that have “no effect.” High risk factors include the impact on beneficiaries cooperation, and whether an adverse licensing action occurred. “Lower risk” factors include acceptance of responsibility and self-disclosure. Factors that are “expected,” and thsu have “no effect”, are coopearation in the investigation and having a compliance plan with the seven elements of compliance.
 See Guidance for the Implentation of its Permissive Exclusion Authority Under Sectino 1128(b)(15) at 1, available at https://oig.hhs.gov/fraud/exclusions/files/permissive_excl_under_1128b15_10192010.pdf. The guidance was issued because 1128(b)(15) provides for exclusion based on whether the individual in question is either an owner or an officer or a managing employee and the analysis is different for each.
 Criteria for implementing section 1128(b)(7) exlcusion authority (April 18, 2016) avialable at https://oig.hhs.gov/exclusions/files/1128b7exclusion-criteria.pdf.See also 81 Fed. Reg. 88, 334 (Dec. 7, 2016): “In 1981, Congress enacted the CMPL, section 1128A of the Act (42 U.S.C. §1320a-7a), as one of several administrative remedies to combat fraud and abuse in Medicare and medicaid”
Id. 81 Fed. Reg. at 88.
 This is a listing of the CMP authorities related to exclusion violations. A complete listing of the OIGs CMP authorities can be found on the OIG’s website, or at 42 C.F.R. § 1003.210.
 The OIG may also impose a penalty or, when applicable, an assessment, against a Medicare Advantage or Part D contracting organization with a contract under section 1857 or 1860D-12 of the SSA if any of its employees, agents, or contracting providers violate § 1003.400(a) – (d).
 The penalty amounts for CMPs and assessments are updated annually and are published at 45 C.F.R. § 102.
 A discussion of the change is found in 81 Fed. Reg. 88, 334 (Dec. 7, 2016).
 See 42 CFR § 1004.140(c); see also Criteria for implementing section 1128(b)(7) exclusion authority (April 18, 2016), available at https://oig.hhs.gov/exclusions/files/1128b7exclusion-criteria.pdf..
See § 3729(a)(1) of the Fraud Enforcement Recovery Act of 2009 and § 6401of the Affordable Care Act (2010).