A Provider’s Guide to OIG Exclusions

Share this article

Table of Contents

A Provider’s Guide to OIG Exclusions: Federal Exclusion Regulations and Enforcement Authorities, and How Providers Can Avoid Risk with Proper Exclusion Screening

This article is an updated version of “A Provider’s Guide to OIG Exclusions: Federal Exclusion Regulations and Enforcement Authorities, and How Providers Can Avoid Risk with Proper Exclusion Screening.” The original article was published in The Journal of Medical Practice Management (Volume 34, Number 5, March/April, 2019 and Volume 34, Number 6, May/June Issue, 2019. 

Office of Inspector General (OIG) exclusions[1] are one of the most powerful weapons available to the law enforcement in its efforts to fight healthcare fraud. Individuals and entities subject to OIG exclusions are barred from participation in all Federal healthcare benefit programs, resulting in a payment prohibition on all items and services they provide, whether directly or indirectly. Additionally, providers that employ or contract with excluded individuals or entities risk the imposition of civil money penalties, overpayment liability, and even potential exposure under the False Claims Act. However, even though OIG exclusions are one of law enforcement’s oldest tools, many providers often fail to appreciate their compliance obligations and the risks associated with employing or contracting with excluded individuals or entities. Indeed, many providers make only minimal efforts to screen their employees and contractors to ensure compliance—and some make no effort at all. This article seeks to educate providers on the existing legal and regulatory framework, the risks and potential consequences of a failure to comply with those laws and regulations, and how best to comply and avoid those risks.[2]

I. Legislative Background 

Congress initially authorized the use of exclusions as an enforcement tool in the battle against healthcare fraud over 40 years ago with the passage of the Medicare-Medicaid Anti-Fraud and Abuse Amendments of 1977. The bill granted the Department of Health, Education and Welfare, which later became the Department of Health and Human Services (HHS), the authority to exclude physicians and others convicted of crimes related to Medicare and Medicaid from participating in those programs.[3] In 1981, the Civil Money Penalties Law (Public Law 97-35 [codified at section 1128A of the SSA]) extended the authority to impose penalties to providers that submitted claims for items or services that had been furnished by an excluded entity, and the Secretary of HHS delegated his exclusion authority to its Office of Inspector General (OIG) in 1988 (53 Fed. Reg. 12,993 (April 20, 1988)). The current framework of mandatory and permissive exclusions was then established by the Medicare and Medicaid Patient and Program Protection Act of 1987. 

In 1995, Attorney General Janet Reno declared healthcare fraud to be one of the top priorities of the Department of Justice, second only to violent crime.[4] Shortly thereafter, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub. L.105-33, 111 Stat.1936, enacted August 21, 1996) extended the OIG’s exclusion authority to all Federal healthcare programs.[5] The Balanced Budget Act of 1997 (BBA) (Pub.L.105-33, 111 Stal. 251. enacted August 5, 1997) expanded the OIG’s Civil Money Penalty (CMP) authority to apply to providers that employed or contracted with entities subject to an OIG exclusion. Prior to the passage of the BBA, the OIG could impose penalties only on excluded entities or persons who submitted claims on their behalf. The OIG’s permissive exclusion authorities were expanded in both the Medicare Modernization Act of 2003 (MMA) (Public Law No: 108-173, enacted December 8, 2003) and the 2010 Affordable Care Act (ACA). Initially passed as the “Patient Protection and Affordable Care Act,” Pub. L. No 111-148 (2010), and shortly thereafter amended by the “Health Care and Education Reconciliation Act of 2010,” Pub. L. No. 111-152 (2010), these two pieces of legislation are collectively referred to as the “Affordable Care Act” (ACA). 

II. What are OIG Exclusions? What is the Impact of OIG Exclusions? 

OIG exclusions are final administrative actions that bar individuals and entities from any and all participation in Medicare, Medicaid, and all other federal healthcare programs. 

[6] They are imposed “to protect beneficiaries…stem fraud and abuse…ensure that federal health care programs are protected…and help make sure excluded individuals are not involved in any way in the care of federal program beneficiaries.”[7] Excluded entities are deemed, as a matter of fact and law, to pose unacceptable risks to federal healthcare programs and to the patients they serve. 

The effect of an OIG Exclusion is extremely broad. Federal healthcare programs, broadly defined to include “any plan or program that provides health benefits either directly or indirectly, will not pay for “any items or services” that are “furnished” by an excluded individual or entity, or at the medical direction or on the prescription of an excluded person. (see 42 C.F.R. 1001.1901(b), 42 C.F.R. § 1001.10). “Items or services” include any item, device, drug, biological, supply, or service—including management or administrative services; and they are “furnished” if provided or supplied, either directly or indirectly, by an individual or entity; and an “indirect claim” is “furnished” even if a non-excluded provider submits the claim if an excluded entity actually provided the service in the first place.[8] 

The “payment prohibition” is a complete payment ban applicable to “all methods of Federal program reimbursement” regardless of whether it is from an itemized claim, cost report, capitated payment, or other bundled payment. It extends beyond direct patient care and includes, for example, services performed by excluded individuals who work for or under an arrangement with a hospital, nursing home, home health agency, or managed care entity where they are separately billed or part of a bundled payment. (See 2013 Special Advisory, at pages 6 and 7.) The following are examples of activities identified by the OIG in the Special Advisory as potentially problematic and susceptible to the imposition of civil money penalties if not properly screened for exclusions: 

  • Management, administrative, or any leadership roles; 
  • Surgical support such as the preparation of a surgical tray that indirectly assists in care; 
  • Claims processing and information technology; 
  • Providing transportation services with excluded ambulance drivers or by employing excluded ambulance company dispatchers; 
  • Selling, delivering, or refilling orders for medical devices or equipment (whether reimbursed directly or indirectly); 
  • Review of treatment plans, and other support services, whether billed separately or as part of a bundled payment. 

Even unpaid volunteers can trigger overpayment and CMP liability if the items or services they furnish are not “wholly unrelated to Federal Health Care Programs” and the provider “does not ensure that appropriate exclusion screening was performed!” (Emphasis added, 2013 OIG Special Advisory, at 11-12, 16; see also Advisory Opinion No. 18-01.) 

III. Types of OIG Exclusions 

There are two types of OIG Exclusions – Mandatory and Permissive. Mandatory Exclusions are identified in Sections 1128(a)(1) – 1128(a)(4) of the Social Security Act (SSA), (42 U.S.C. §1320a-7(a)(1)-(4)), and they are imposed as a result of convictions for program fraud, patient abuse, and certain drug offenses.  Permissive exclusions, on the other hand, are discretionary and can be imposed for a broad range of conduct. These are identified in §1128(b)(1)–§1128(b)(16) and §1156 of the Act. [9] 

The following figures provide a general breakdown of OIG Exclusions over the last five years. Figure 1 illustrates that permissive exclusions based on licensing disciplinary actions and mandatory exclusions based on federal healthcare fraud convictions accounted for over 70.9% of all exclusions during this period (40.5% and 30.4% respectively). The first chart also illustrates that mandatory exclusions accounted for 51% of all exclusions. 

Pie chart of all OIG exclusions, categorized by permissive and mandatory exclusions in 2023

 

Figure 1. All Exclusions 2023

All Exclusions
Both Exclusions
51% Mandatory
49% Permissive
40.5% Of All Exclusions
Permissive Exclusions Based on Licensing Discipline
30.4% of All Exclusions 
Mandatory Exclusions Based on Health Care Fraud Convictions
Figure 1. All Exclusions 2023

Figure 2 breaks down exclusions by “specialty” as labeled by the OIG in the LEIE postings.[10] It shows that nurses, nurse aides, personal care providers, home health care aides, and physicians account for almost two-thirds of all exclusions over the last five years.  Taken together, these two charts demonstrate the OIG’s dual focus on patient safety and program integrity. 

pie chart of all OIG exclusions based on occupations

 

Figure 2. All Exclusions by Occupation 2023

42.4% of All Exclusions
Nurses or Nurse Aides
9.4% of Exclusions
Physicians
7.1% of Exclusions
Home Health Aides or Personal Care Providers
Figure 2. All Exclusions by Occupation 

A. Mandatory OIG Exclusions

Sections 1128(a)1-(a4) of the Social Security Act identify the four legal bases that warrant the imposition of a mandatory exclusion by the Office of Inspector General. They are: 

  • 1128(a)(1): Conviction related to the delivery of an item or services to a Federal or State Health Care Program; 
  • 1128(a)(2): Conviction under State or Federal law relating to neglect or abuse of patients in connection with the delivery of a health care item or service; 
  • 1128(a)(3): Felony conviction relating to health care fraud program (other than Medicare or Medicaid); and,
  • 1128(a)(4): Felony conviction relating to the unlawful manufacture, distribution, prescription, or dispensing of a controlled substance.

Pie Chart of Mandatory Exclusions

 

Figure 3. Mandatory Exclusions

Social Security Act 42 USC § Basis for Violation
1128(a)(1) 1320a-7(a)(1) Conviction of program-related crimes. Minimum Period: 5 years
1128(a)(2) 1320a-7(a)(2) Conviction relating to patient abuse or neglect. Minimum Period: 5 years
1128(a)(3) 1320a-7(a)(3) Felony conviction relating to health care fraud. Minimum Period: 5 years
1128(a)(4) 1320a-7(a)(4) Felony conviction relating to controlled substance. Minimum Period: 5 years
1128(c)(3)(G)(i) 1320a-7(c)(3)(G)(i) Conviction of second mandatory exclusion offense. Minimum Period: 10 years
1128(c)(3)(G)(ii) 1320a-7(c)(3)(G)(ii) Conviction of third or more mandatory exclusion offenses. Permanent Exclusion
Table 1. Mandatory Exclusions

It is important to note that though a mandatory exclusion under sections 1128(a)(1) and (a)(2) must be based on a “conviction,” the term is extremely broadly defined. Indeed, Nolo contendere qualifies under this section; even dispositions under first offender programs and deferred adjudications – programs where no finding of guilt is ever entered – satisfy the conviction requirement for purposes of the Act.  In addition, Section 1128 is satisfied by any “State, Federal or Local Court.”  Thus, it has been held that a deferred prosecution agreement in a local court for misdemeanor theft is a sufficient basis for the imposition of a mandatory exclusion under (a)(1) because it was related to Medicaid services.  The same standards would apply to exclusions under (a)(2).

Mandatory exclusions must be imposed for at least five years, however, they are often imposed for much longer periods if warranted by the underlying facts and circumstances. Once a mandatory exclusion is imposed, the person must wait at least five years before applying for reinstatement if this is their first exclusion, but ten years must pass before reinstatement may be sought after a second mandatory exclusion and a third mandatory exclusion is permanent. If the OIG seeks to impose a mandatory exclusion, the only viable defense that can be raised is the length of the exclusion is subject to challenge. 42 C.F.R. 402.214.    

Finally, it is worth noting that the “balance” of mandatory to permissive exclusions appears to be changing. The current composition of all exclusions on the List of Excluded Individuals and Entities (LEIE) is 47% mandatory and 53% permissive, but Figure 1B shows us that during the period 2013 to 2017, the percentages essentially switched as mandatory exclusions increased from 47% to 55%. And in 2017 the mandatory exclusions increased to almost 63% of all exclusions.[11]  Although this data is relatively new and there is no ready explanation, it is a trend worth watching. 

B. Permissive OIG Exclusions

The OIG’s permissive exclusion authority has been expanded a number of times over the years, and the imposition of permissive OIG exclusions includes convictions for obstructing healthcare, investigations and/or audits, improper certification for items or services, and making false statements or misrepresentations in applications to participate in Medicare.[12] The following is a list of the permissive exclusions as found on the OIG website:[13] 

Social Security Act 42 USC § Basis for Exclusion
1128(b)(1)(A) 1320a-7(b)(1)(A) Misdemeanor conviction relating to health care fraud. Baseline Period: 3 years
1128(b)(1)(B) 1320a-7(b)(1)(B) Conviction relating to fraud in non-healthcare programs. Baseline Period: 3 years
1128(b)(2) 1320a-7(b)(2) Conviction relating to obstruction of an investigation or audit. Baseline Period: 3 years
1128(b)(3) 1320a-7(b)(3) Misdemeanor conviction relating to controlled substance. Baseline Period: 3 years
1128(b)(4) 1320a-7(b)(4) License revocation, suspension, or surrender. Minimum Period: Period imposed by the state licensing authority.
1128(b)(5) 1320a-7(b)(5) Exclusion or suspension under federal or state health care program. Minimum Period: No less than the period imposed by federal or state health care program.
1128(b)(6) 1320a-7(b)(6) Claims for excessive charges, unnecessary services, services not up to professionally recognized standards, failure of HMO to furnish medically necessary services. Min: 1 year
1128(b)(7) 1320a-7(b)(7) Fraud, kickbacks, and other prohibited activities. Minimum Period: None
1128(b)(8) 1320a-7(b)(8) Entities controlled by a sanctioned individual. Minimum Period: Same as the exclusion.
1128(b)(8)(A) 1320a-7(b)(8)(A) Entities controlled by a family or household member of an excluded individual and where there has been a transfer of ownership/control. Min. Period: Same as exclusion.
1128(b)(9), (10), and (11) 1320a-7(b)(9), (10), and (11) Failure to disclose required information, supply requested information on subcontractors and suppliers; or supply payment information. Minimum Period: None
1128(b)(12) 1320a-7(b)(12) Failure to grant immediate access. Minimum Period: None
1128(b)(13) 1320a-7(b)(13) Failure to take corrective action. Minimum Period: None
1128(b)(14) 1320a-7(b)(14) Default on health education loan or scholarship obligations. Minimum Period: Until resolved.
1128(b)(15) 1320a-7(b)(15) Individuals controlling a sanctioned entity. Minimum Period: Same as length of exclusion.
1128(b)(16) 1320a-7(b)(16) Making false statements or misrepresentations of material fact. Minimum period: None.
1156 1320c-5 Failure to meet statutory obligations of practitioners and providers to provide medically necessary services meeting professionally recognized standards of health care (Quality Improvement Organization (QIO) findings). Minimum Period: 1 year
Table 2. Permissive Exclusions 

Compliance Risk Spectrum

 

Figure 3. Compliance Risk Spectrum. 

Unlike its mandatory exclusion authority which is virtually automatic when specific convictions occur, the OIG has the discretion to impose permissive exclusions over a wide range of conduct (or misconduct). OIG guidance on the implementation of its permissive exclusion authority begins with a presumption favoring exclusion under certain circumstances. The guidance outlines a “compliance risk spectrum” that is based on the risks posed to patients and to federal health care programs. The factors to be considered include a company’s underlying conduct during the investigation, in addition to current and historical compliance efforts.[14] The OIG also issued specific guidance with respect to the imposition of permissive exclusions based on an excluded individual’s ongoing role or interest in a company.[15]

Although the OIG is authorized to impose permissive exclusions over a wide range of conduct, figure 4 shows that the agency actually invokes its permissive exclusion authority over a narrow range of persons and limited circumstances. For example, Figure 4A shows that nurse and nurse aides alone account for approximately 70% of all permissive exclusions, with “other licensed professionals” (mostly therapists, mid-level providers, and counselors) and physicians accounting for 16% and 9% respectively.  As nurses and nurse aides are the persons in the best positions to impact both patient care and claims arising from that care, it is not surprising that they comprise a significant percentage of the exclusions. However, it is somewhat surprising that business owners only account for 3% of all permissive exclusions. 

As seen in Figure 5, despite the many permissive exclusion options available to the OIG, the vast majority of permissive exclusions it has imposed over the last five years(a surprisingly high 83%) were based on final disciplinary actions such as license revocations and suspensions that had been taken by a State licensing board. The only other measurable bases were health care fraud misdemeanors, State exclusions, fraud or kickbacks, and defaults on student loans – though none of which accounted for more than 3% of the permissive exclusions imposed

Pie chart of permissive OIG exclusions by basis in 2023

 

Figure 5. Permissive Exclusions by Basis 2023

Permissive Exclusions by Basis 2023
License Revocation, Suspension, or Surrender 82%
Default or Federal Loan Obligations 6%
Entity Controlled by Sanction Party 4%

IV. Process, Finality, and Appeal Rights for OIG Exclusions 

The process of imposing and appealing an exclusion depends upon the exclusion the OIG seeks to impose as is governed by 42 C.F.R. §§ 1001.2001- 1001.2007.  When the OIG seeks to impose a mandatory exclusion, it may initiate the process by sending the party a Notice of Intent to Exclude, which identifies the basis for the proposed exclusion, describes the potential effect of an exclusion, and gives the individual or entity 30 days to respond in writing with relevant information or evidence.  At this stage in a mandatory exclusion, there is no provision for a hearing.  Indeed, the OIG can skip the “Notice of Intent” when seeking a mandatory exclusion and begin the process with a “Notice of Exclusion.”  This must include the basis and length of the exclusion, the earliest reinstatement date, the requirements for reinstatement, and the excluded party’s appeal rights.  When the OIG seeks a permissive exclusion, in most instances it begins the process with a “Notice of Intent to Exclude.” However, if the OIG seeks to exclude based on something other than an underlying final determination (such as a license revocation or State exclusion action), the process may include a “Notice of Proposal to Exclude.” 

Exclusions may be appealed first to an Administrative Law Judge (ALJ), then to the Departmental Appeals Board (DAB), and then to a United States District Court. However, appeals of exclusions are limited to two issues: (1) whether the OIG had a “basis for the imposition of the sanction,” and (2) whether the length of the exclusion is unreasonable. 42 C.F.R. 402.214. In addition, an ALJ considering these issues is prohibited from reviewing the “exercise of discretion” by the OIG, 42 C.F.R. §1005.4(c)(7), and if the sanction is based on a “prior determination,” the underlying basis may not be attacked if a “final decision was made.” § 1001.2007(d).  As a result, most exclusion appeals, particularly those of mandatory exclusions, are focused on the length of the exclusion. 

Mandatory exclusions are final 20 after the Notice of Exclusion. They are not stayed pending the outcome of the appeal upon finality. The OIG posts the exclusion on the LEIE, and it sends notices of the exclusion to various State and Federal interests including, but not limited to, State licensing boards, State health programs, medical societies, Medicaid fraud control units, and the National Practitioner Data Bank. 

V. Enforcement Tools for OIG Exclusion Violations 

“Exclusion Violations” are actions taken by an individual or entity in contravention of the “payment prohibition” as defined in 42 C.F.R. § 1001.1901, and the authority to impose CMPs and assessments is delegated by the Secretary to the OIG pursuant to 42 CFR § 1003.150.  The specific exclusion violations for which the OIG has the authority to impose civil money penalties and assessments are presented in Table 2.  

Violation Penalty Provision Date of last penalty figure or adjustment 2022 Maximum adjusted penalty 2023 Maximum adjusted penalty Description of Exclusion Violation
42 CFR 1003.200(a)(1) 42 CFR 1003.210(a)(1) 2022 $22,427 Per Violation $24,164 Per Violation Knowing the presentation of an item or service furnished by an excluded individual or entity.
42 CFR 1003.200(a)(3) 42 CFR 1003.210(a)(3) 2022 $22,427 Per Violation $24,164 Per Violation Claims for items or services furnished by an excluded person.
42 CFR 1003.200(b)(3) 42 CFR 1003.210(b)(3) 2022 $22,427 per day for each day that the prohibited relationship $24,164 per day for each day that the prohibited relationship  Excluded party retains ownership or control interest in a participating entity.
42 CFR 1003.200(b)(4) 42 CFR 1003.210(b)(4) 2022 $22,427 for each item billed $24,164 for each item billed Employing or contracting with an excluded individual.
42 CFR 1003.200(b)(6) 42 CFR 1003.210(a)(1) 2022 $22,427 for each item billed $24,164 for each item billed Ordering or prescribing while excluded
42 CFR 1003.400(b)(2) 42 CFR 1003.410(a) 2022 $42,788 Per Violation $46,102 Per Violation Medicare Advantage organization employs or contracts with excluded individuals or entities.
42 CFR 1003.410(c)(5) 42 CFR 1003.410(a) 2022 $55,052 Per Violation $59,316 Per Violation HMO employs or contracts with excluded individuals or entities.
Table 3. Civil Money Penalties Authorities and Amounts, 2022-2023

Most of the exclusion cases pursued by the OIG have been for violations of § 1003.200(b)(4) —employing or contracting with an individual or entity. Recently, however, the OIG has been actively investigating and pursuing cases involving the ordering and prescribing of medicine from excluded persons.  42 C.F.R. § 1003.200(b)(6). Investigations involving the direct submission of a large number of claims by an excluded person (such as an excluded physician continuing to practice medicine and submit claims in violation of § 1003.200(a)(3)), or the retention of ownership or control through fraudulent representations in violation of § 1003.200(b)(3)) are fewer in number, and those that have been reported have typically resulted in criminal and/or false claims act resolutions. To date, there have been few, if any, enforcement actions involving MCOs, Medicare Advantage (MA), or Part D contracting organizations that have been reported. 

VI. Civil Money Penalties for OIG Exclusion Violations 

CMPs are “remedial measures designed to protect the Federal health care programs from any person whose continued participation in the programs constitutes a risk to the programs and their beneficiaries.”[16] designed to protect program integrity and patient safety. They are the favored weapon of the OIG in its enforcement of exclusion violations. As stated in the 2016 final rule amending CMP authorities and incorporating new ones:  

“The CMP authorities in this part, as a general matter, aim to redress fraud on the Federal health care programs by recovering funds, protecting the programs and beneficiaries from untrustworthy providers and suppliers, and deterring improper conduct by others. Accordingly, it is highly relevant if the conduct puts beneficiaries at risk of patient harm.”[17] 

Table 3 identifies the OIG’s CMP authority for each exclusion violation.[18]  As can be seen, the OIG may impose a penalty of up to $10,000 for each individual violation of § 1003.200(a)(3) and § 1003.200(b)(6); up to $10,000 for each day § 1003.210(b)(3) is violated; and up to $10,000 for each item or service provided, furnished, ordered, or prescribed in violation of § 1003.200(b)(4). MCOs, MA, and Part D contracting organizations that employ or contract with excluded persons or entities face a penalty of $25,000 for each offense. [19] 

Basis for Civil Money Penalty Authority for Penalty Amount Potential Civil Money Penalty
Presentation of the claim for an item or service by an excluded party. §1003.200(a)(3) 42 CFR 1003.200(a)(1) Up to $22,427 for each individual violation
Excluded party retaining ownership or control. §1003.200(b)(3) §1003.210(a)(3) Up to $22,427 per day for each day that the prohibited relationship occurs
Arranges or contracts with an excluded party. §1003.200(b)(4) §1003.210(a)(4) Up to $22,427 for each item or service provided or furnished ((separately or non-separately billable)
Orders or prescribes medicine from the excluded person.  §1003.200(b)(6) §1003.210(a)(1) Up to $22,427 for each individual violation
MCO employs or contracts with an excluded party.  §1003.400(b)(2) §1003.410(a)(1) Up to $42,788 for each individual violation
MA and Part D contracting org. employs or contract with excluded party §1003.400(c)(5) §1003.410(a)(1) $42,788 for each individual violation
Table 4. Assessment Authorities and Amounts

A. Assessment Authority of the OIG for Exclusion Violations

In addition to its authority to impose CMPs, the OIG is also authorized to impose assessments for OIG Exclusion violations.  Assessments differ from CMPs in that they are not considered to be sanctions; instead, they may be imposed “in lieu of damages sustained by the Department or the State agency because of the violation.” 42 C.F.R. § 1003.130. [20]  That is, assessments act as a proxy for damages presumed to have been sustained by either the Federal or State agency as a consequence of the violation, and the OIG is specifically authorized to impose them in exclusion violations in 42 C.F.R. § 1003.210 and § 1003.410. Section 1129 of the Social Security Act [42 U.S.C. § 1320a–8(a)(1)].  Since assessments are considered to be a form of restitution and not a penalty or sanction, the OIG theoretically could impose both a CMP and an assessment for an exclusion violation. Table 4 shows the assessment amounts the OIG is authorized to impose for exclusion violations. 

Basis for Exclusion Description Amount of Penalties and Assessments Description
42 CFR 1003.200(a)(1) Knowing the presentation of an item or service furnished by an excluded individual or entity 42 CFR 1003.210(a)(1) Up to 3 times the amount claimed for each item or service
42 CFR 1003.200(a)(3) Claims for items or services furnished by an excluded person 42 CFR 1003.210(a)(3) Up to 3 times the amount claimed for each item or service
42 CFR 1003.200(b)(3) Excluded party retains ownership or control interest in a participating entity 42 CFR 1003.210(b)(3) Up to 3 times the amount claimed for each item or service
42 CFR 1003.200(b)(4) Employing or contracting with an excluded individual 42 CFR 1003.210(b)(4) Up to 3 times the amount claimed for each separately billable item or service provided, furnished, ordered, or prescribed by an excluded individual or entity or The total costs (including salary, benefits, taxes, and other money or items of value) related to the excluded individual or entity incurred by the person that employs, contracts with, or otherwise arranges for an excluded individual or entity to provide, furnish, order, or prescribe a non-separately-billable item or service…
42 CFR 1003.200(b)(6) Ordering or prescribing while excluded 42 CFR 1003.210(a)(1) Up to 3 times the amount claimed for each item or service
42 CFR 1003.400(b)(2) Arranges or contracts (by employment or otherwise) with an individual or entity that the person knows, or should know, is excluded from participation in Federal health care programs for the provision of items or services for which payment may be made under such a program; 1003.410(c) The amount claimed for each separately billable item or service provided, furnished, ordered, or prescribed by an excluded individual or entity or The total costs (including salary, benefits, taxes, and other money or items of value) related to the excluded individual or entity incurred by the person that employs, contracts with, or otherwise arranges for an excluded individual or entity to provide, furnish, order, or prescribe a non-separately-billable item or service. 
1003.400(c)(5) HMO Arranges or contracts (by employment or otherwise) with an individual or entity that the person knows, or should know, is excluded from participation in Federal health care programs for the provision of items or services for which payment may be made under the program 1003.410(c) The amount claimed for each separately billable item or service provided, furnished, ordered, or prescribed by an excluded individual or entity or The total costs (including salary, benefits, taxes, and other money or items of value) related to the excluded individual or entity incurred by the person that employs, contracts with, or otherwise arranges for an excluded individual or entity to provide, furnish, order, or prescribe a non-separately-billable item or service.
Table 5. Assessment Amounts Authorized by the OIG 

The assessment provisions for employing or contracting with excluded individuals were recently amended in an effort to recognize the difference in effect between exclusions involving direct billers (such as a doctor) and those involving persons who provide support services not directly billed (such as an aide).[21] The amended assessment regulations permit an assessment to be as much as three times the amount of each service billed for employing or contracting with a person that provides directly billable services,  whereas the assessment for persons that provide a “non-separately-billable” service is limited to three times the amount of the costs associated with that individual.  As will be discussed later, this is consistent with the methodology of calculating the federal “loss” in self-disclosures involving exclusion violations. 

VII. Factors in Imposing Penalties and Assessments 

When considering the imposition of penalties and assessments, the OIG considers the nature and circumstances of the violation, the degree of culpability of the individual being assessed, the history of prior offenses, other wrongful conduct (if any), and any other matters the OIG deems relevant to its determination. 42 C.F.R. § 1004.140(a). Relevant mitigating and aggravating factors contained in the regulation and discussed in subsequent OIG guidance include the following:[22]

A. Mitigating Factors: 

  • If the length of time was short and the amount claimed was less than $5,000. 

B. Aggravating circumstances: 

  • There were several violations, or a pattern, over a lengthy period of time; 
  • The ownership, control, or responsibility implicated §1003.200(b)(3); 
  • The amount claimed or requested for such items was $50,000 or more; 
  • The violation caused or could have caused, adverse patient consequences. The payment prohibition also extends to providers that furnish items or services on the basis of orders or prescriptions they receive from others. Thus, in addition to screening their own employees, vendors, and contractors, providers such as laboratories, imaging centers, and pharmacies “should ensure, at the point of service, that the ordering or prescribing physician is not excluded. A failure to do so on their part would violate the payment prohibition and could result in both overpayments and CMPs. (2013 Advisory, page 8.) 

VIII. Appeal Rights for Civil Money Penalties and Assessments 

The appeal rights of parties with respect to CMPs and assessments are found in 42 C.F.R. § 1005 et seq.  Parties have the right to request a hearing before an ALJ to challenge the imposition of penalties and assessments if they make a written request within 60 days of receiving notice of the sanction. The process allows for representation by counsel, discovery rights, the right to present and cross-examine witnesses, a hearing, and the right to present oral and written arguments to the ALJ.  The ALJ has full authority over the pre-hearing process and the hearing itself.  However, the ALJ does not have the authority to compel negotiations, enjoin the Secretary in any way, invalidate existing regulations, or refuse to follow them.  The ALJ is also not permitted to review the exercise of discretion by the OIG to impose a CMP or assessment. At the conclusion of the hearing, the ALJ issues an “initial decision” which includes findings of fact and conclusions of law in which he may increase or reduce penalties and assessments. 

An “Initial Decision” can be appealed to the DAB; a timely appeal stays the imposition of a CMP. The DAB has broad authority in the manner in which it handles the appeal.  It can decline to review the case; increase, reduce, or remand a penalty or assessment determined by the ALJ; and remand the matter to the ALJ for consideration of additional evidence.  The decision of the DAB is final 60 days from issuance unless it involves a remand, and the parties have the right to appeal the DAB ruling to the federal district court. A stay of the imposition of a CMP may be requested during the federal appeal process. However, the request goes to the ALJ that imposed the penalty in the first instance, and the ALJ is not authorized to grant the stay unless a bond or other security is posted. 

IX. Potential Overpayment and False Claims Act Liability for Exclusion Violations 

Providers have the burden of ensuring that they comply with exclusion-related regulations and that they do not employ or contract with an excluded individual or entity. Those who fail in this obligation are at risk for overpayment liability regardless of whether they have actual knowledge of the person’s status at the time of their transaction. As the OIG states: “If a hospital contracts with a staffing agency for temporary or per diem nurses, the hospital will be subject to overpayment liability … if the nurse furnishes items or services reimbursed by a federal health care program. 2013 Special Advisory, at 15. 

Exclusion violations can also give rise to potential False Claims Act (FCA) liability under the Fraud Enforcement Recovery Act of 2009 (FERA) and the Affordable Care Act of 2010 (ACA).[23] FERA expands the scope of “reverse false claims” liability under the FCA by making the retention of an “obligation” to the government a false claim, and the ACA specifically states that retained overpayments are legal “obligations” under FERA. Thus, since providers “know” they have a legal obligation to ensure compliance with exclusion regulations and that overpayments result from exclusion violations, any failure of compliance that results in an overpayment may be viewed as the result of conduct that constituted a “reckless disregard” or a “deliberate ignorance” of the rules – and that therefore violated the FCA.

X. Enforcement of OIG Exclusion Violations

The OIG credits the 1999 Special Advisory as the “beginning” of its initiative to ensure compliance and enforcement of exclusions” (2013 Special Adisory, at pg 2), but the updates to the OIG’s Self-Disclosure Protocol and its Special Advisory on the Effect of Exclusions in 2013 more accurately mark the beginning of the OIG’s focus on exclusion enforcement[24]. Before the Special Advisory was updated, for example, the OIG routinely suggested that providers screen employees and those with whom they had contracts on an annual basis, whereas the Updated Advisory requires monthly screening of a significantly expanded universe of persons and entities.  And until the OIG issued its Updated Self-Disclosure Protocol only weeks earlier, there was no established protocol for providers to self-disclose exclusion violations.  Read together, and in conjunction with the investigation and repayment obligations in the ACA, these three principles form the foundation upon which exclusion enforcement is based.  

Generally, enforcement matters come to the OIG’s attention in a variety of ways. In addition to its inherent authority to initiate investigations, the OIG receives hotline tips, referrals from its sister agencies,[25] referrals from various CMS contractors, self-referrals from providers wishing to avoid CMPs and whistleblower actions, to name just a few. With respect to exclusion enforcement, however, the OIG has historically relied heavily on self-disclosures.  Indeed, until the 2013 Updates, the OIG rarely initiated investigations based on exclusion violations on its own. In the years leading up to the 2013 Updates, the OIG reported the following number of exclusion settlements based on an investigation it had initiated: seven in 2010, three in 2011, ten in 2012, and none in 2013 prior to the publication of the updates.  

Since 2013, however, some change has been evident.  The number of reported settlements based on OIG investigations increased to a high of 26 in 2015, both the Office of Evaluations and Inspections and the Office of Audit have reported separate “exclusion initiatives,” and in 2015, the OIG established a special litigation unit whose focus was on the imposition of civil monetary penalties and exclusions. 

Many providers are under the mistaken impression that the OIG’s enforcement efforts are focused on physicians and other direct billers, and therefore think that their credentialing process adequately screens for exclusions.  This can be a costly mistake.[26]

The chart to the left reflects OIG enforcement efforts in cases in which the agency initiated the investigation. It shows the OIG’s focus on institutions that provide a lot of care and then submit a lot of claims for that care. 

The table below is intended to show that the OIG’s enforcement net extends far wider than doctors and other direct billers. While there is an emphasis on non-billing, direct care providers, the chart also shows that no position is “safe” when it comes to imposing CMPs for excluded employees.

Position Type Job Description Amount of Settlement
Management Office Manager $ 408,000
Direct Care Nurse Supervisor $ 242,000
Direct Care Registered Nurse  $ 317,000
Direct Care Licensed Practical Nurse $ 205,000
Direct Care Licensed Vocational Nurse $ 70,000
Direct Care Certified Nursing Assistant $ 207,000
Direct Care Home Health Nurses Aide $ 189,000
Social Services Social Services Assistant $ 214,000
Administrative Eligibility Clerk $ 257,000
Administrative Community Care Support Personnel $ 208,000
Support Housekeeper/Information Specialist $ 180,000
Support Activities Assistant $   35,000
Table 6. Demonstrative Sample of Settlements

While the imposition of CMPs is the favored enforcement methodology, a growing number of cases involving exclusions have resulted in FCA cases and criminal convictions.  For example, a joint Federal/State investigation in Tennessee involving an excluded private duty nurse who worked for a home health agency resulted in a $6.5 million settlement.  In addition, the OIG has brought a number of FCA cases in which the principal allegations involved businesses operated by excluded persons

Finally, recent enforcement efforts with respect to the requirement that providers ensure the exclusion status of physicians, pharmacies, and labs at the point of service have been increasing. This has resulted in a number of settlements with pharmacies based on the employment of excluded pharmacists or excluded support personnel. For example, in one of the settlements, a pharmacy chain paid $21.5 million in settlement because it had employed a large number of excluded pharmacists.[27] In addition, States have also taken an interest in this issue; for example,  the Attorney General of New York settled with a pharmacy for $442,000 to resolve allegations that the pharmacy had been fulfilling prescriptions by an excluded physician.

XI. Avoiding Civil Money Penalties and Overpayment Liability: Compliance with Federal Exclusion Screening Requirements

Exclusion enforcement is based on the simple principle that providers are responsible for ensuring the exclusion status of their employees and those with whom they do business.  If providers have any claims connected to an excluded individual or entity paid with federal funds are overpayments, then those claims are presumptively the result of a regulatory violation and, therefore, are subject to the imposition of civil money penalties.[28] Only proper exclusion screening can help providers avoid these risks, and this section seeks to help providers understand their federal screening obligations.  Much of the content in this section relies on the guidance contained in the 2013 Special Advisory,[29] but it also relies on subsequent guidance issued by the OIG, and on Corporate Integrity Agreements (CIAs) that have been imposed by the OIG as part of recent False Claims Act settlements.[30]

A. Which Employees Should be Screened for OIG Exclusions?

Employees must be screened for exclusions if they furnish any item or service that is payable directly or indirectly, whether in whole or in part, by a Federal health care program. The OIG recommends the following process for providers to use in determining which employees should be screened: 

Review each job category or contractual relationship to determine whether the item or service being provided is directly or indirectly, in whole or in part, payable by a Federal health care program. If the answer is yes, then the best mechanism for limiting CMP liability is to screen all persons who perform under that contract or who are in that job category. (2013 Special Advisory, at 15-16). 

As all the relevant terms are broadly defined (see footnote 9 and pages 2 and 3, infra,) and as the process is as time-consuming and difficult to follow as it is broad, providers are best served by screening all of their direct employees unless they can identify specific employees that work in a separate, identifiable division wholly unrelated to Federal health care programs.  Caution dictates against “picking and choosing” who to screen unless a “quarantine” can be guaranteed. In addition, corporate integrity agreements include owners, officers, directors, managing employees, agents, and active medical staff as those who should be screened regardless of whether they are employed directly or indirectly.

B. Exclusion Screening of Vendors and Contractors 

The OIG suggests that providers use the same analysis in determining “whether or not to screen contractors, subcontractors, and the employees of contractors” that it uses for its own employees. This standard is unrealistic in many circumstances, and though the OIG does not acknowledge the difficulty of its suggestion, it goes on to state that “[T]he risk of potential CMP liability is greatest for those persons that provide items or services integral to the provision of patient care because it is more likely that such items or services are payable by the Federal health care programs.” (See 2013 Special Advisory at 16. The dual focus of patient safety and program integrity was again emphasized in the amendment of CMP rules in 2017. The new 2017 rules are a valuable guide in determining who to screen. 

The CMP authorities in this part, as a general matter, aim to redress fraud in the Federal health care programs by recovering funds, protecting the programs and beneficiaries from untrustworthy providers and suppliers, and deterring improper conduct by others. Accordingly, it is highly relevant if the conduct puts beneficiaries at risk of patient harm. 81 Fed. Reg. 88, 334 (Dec. 7, 2016).

CIAs from OIG settlements can contain indirect acknowledgments by the OIG as to the broad nature of the screening obligation it outlined in the guidance.  In most of these documents, there is a specific provision stating that providers do not need to screen vendors whose sole connection to the provider is selling or providing supplies or equipment for which the vendor does not bill.  This is a common-sense exception that removes uncertainty with regard to a large class of vendors who provide supplies for which the provider is ultimately reimbursed.

Applying the guidance and understanding of the concerns of the OIG, the contractors, and vendors who are likely candidates for exclusion screening are the ones that provide the services identified below : 

  • Ambulance and other transportation service providers
  • IT Solution Providers
  • Security providers and their technicians 
  • Medical equipment suppliers
  • Food service workers
  • Lab Technicians
  • Billers and Coders 
  • Pharmacists
  • Nurses, Physicians, and other Individuals Provided by Staffing Agencies.
  • Physician Groups that Provide Emergency Room Coverage.

For obvious reasons, the OIG is highly focused on screening billers and third-party billing companies. In most CIAs, OIG will only allow providers to delegate the exclusion screening function to their billing company if it doesn’t have an ownership or controlling interest in the billing company and it certifies that the following conditions have been met: 

  1. The billing company has a policy of not employing persons who are excluded, suspended or otherwise ineligible to participate in Medicare or other Federal healthcare programs; 
  2. The company screens its employees upon hire and monthly thereafter against the LEIE;
  3. The company provides proof of its screening activities; 
  4. The billing company provides training in the applicable requirements of the Federal health care programs to those employees involved in the preparation and submission of claims to Federal health care programs.

C. How Often Should Providers Screen for OIG Exclusions?  

Providers are responsible for ensuring the exclusion status of employees, vendors and contractors at all times and at the point of service and they should screen accordingly.  Thus, exclusion screening should be performed prior to employment or to the initiation of a business relationship. Exclusion screening should also be performed without regard to the person’s status or “whether or by whom” exclusion screening had previously been performed.  

In order to ensure ongoing compliance with the obligation to ensure an “exclusion-free” workforce, screening must also be performed “regularly” thereafter. Providers sometimes question the necessity of ongoing screening, but the reasons for it are obvious: exclusion is not a static condition and someone who is not excluded at the time of hire can certainly become excluded at a later date.  This is particularly the case if an exclusion is based on a licensing action that was pending at the time of employment and but not resolved until sometime after the employment relationship began. Also, and perhaps most importantly,  regular screening is required.

Though there aren’t any statutes or regulations that expressly state exactly what constitutes “regular screening,” the OIG has unequivocally expressed its view that monthly screening “best minimizes potential overpayment and CMP liability.” (2013 Special Advisory at 15).  In addition, the OIG notes that in June, 2008, CMS issued a State Medicaid Director Letter (SMDL #08-003) that provided guidance to Medicaid directors on checking providers and contractors for excluded individuals,[31] and that CMS issued a follow-up directive in 2009 (SMDL #09-001) providing further guidance to the States and, essentially, mandating that screening be done upon hire and monthly thereafter.[32] The OIG also notes that LEIE is updated monthly, and, finally, there is the practical consideration that removing an excluded employee as soon as possible is the best action a practice can take for business.[33]

D. Which Federal Exclusion Lists Should be Screened?

The OIG requires that providers screen its LEIE.  It does not, however, require providers to screen the Government Service Administration’s System for Award Management (GSA/SAM) because the OIG has no authority to impose penalties or assessments based upon an individual or entity inclusion on a separate federal agency’s debarment list or on a State exclusion or debarment list.  

Though searching for the LEIE can satisfy the OIG’s screening requirement, providers that participate in State Medicaid Programs should understand that every State has its own set of exclusion regulations and exclusion screening requirements.  Indeed, at last count, 40 States had their own Exclusion Lists which had to be screened in addition to the LEIE. Medicaid providers need to consult the relevant rules and regulations in the State, or States, in which they participate.[34] 

It is also noted that Section 6501 of the ACA specifically states that if a provider or entity is excluded from any State Medicaid program, then that provider or entity is excluded from participating in all State programs. 42 U.S.C. § 1396(a).  Though it has not been fully settled as to how the statute will be implemented, it is worth noting and considering when determining which databases to screen. Many screening services routinely screen all such databases instead of screening individual States.

E. Additional Recommended Practices

The following policies and procedures are all found in either CIAs or other published materials by the OIG.  They are not required, but they do reflect practices that providers might consider including as part of exclusion screening program:

  • Have a provision on maintaining documentation of its exclusion screening activities in its document retention policy;
  • Have a written policy requiring the disclosure of any exclusion or any other adverse action that occurs during the course of their employment, including any State exclusions, suspensions, licensing actions, revocations and debarments; and
  • Have a written policy requiring employees to identify the existence of any pending or proposed exclusions or adverse action that might cause an exclusion.

XII. The Screening Process for OIG Exclusions

A. How Difficult is it to Actually Screen oIG exclusions? 

The actual process of screening employees, vendors, and contractors as against the LEIE is a cumbersome process.  Providers can either manually input names into the OIG website or download the entire exclusion list from the website and compare it with their employee list – but both options provide significant challenges. If a provider decides to manually input the names, for example, he is limited to 5 names or 4 entities at a time, any potential match requires an additional step for confirmation, and unless the inputted name is an exact match with the name in the LEIE – it will not register as a potential exclusion.  Providers that elect to download the entire list, the other option, also face serious challenges. There are over 65,000 names on the LEIE, and many providers simply don’t have the technical expertise to compare lists – particularly where the names may not result in perfect matches. Providers should not rely on screening only the LEIE because its search function is extremely narrow, leading to gaps in OIG and State Exclusion Lists. In addition, the OIG requires that the screening process be documented by screenshots or otherwise – which would not be easily accomplished by either screening methodology.

B. Can Providers Rely on Others to Screen OIG Exclusions? 

The OIG recognizes that providers will sometimes seek to delegate their screening obligation to contractors such as staffing agencies. When that occurs, the OIG again advises the provider to demand and maintain documentation that the screening was performed, and it also reminds providers that a delegation of the responsibility to screen does not equate to a delegation of the liability attached to that obligation.  For example, the OIG states in the 2013 Advisory that even when a third party reliably and “effectively” screens for excluded individuals,” those that rely on them are still “responsible for overpayments and CMPs.” (at page 8.)

Regardless of whether and by whom screening is performed and the status of the person…the provider is subject to overpayment liability for any items or services furnished by any excluded person for which the provider received Federal health care program reimbursement and may be subject to CMP liability if the provider does not ensure that an appropriate exclusion screening was performed. (2013 Special Advisory, at 16).

C. Does it Make Sense for Providers to Hire a 3rd Party Vendor to Screen?

Hiring a third-party vendor to screen for exclusions does not solve all of a provider’s screening issues and problems, but it is a relatively inexpensive alternative that solves most of them.  Reputable exclusion screening vendors can do all of the work inherent in screening, including the verification of potential matches, such that providers don’t need to waste employees manually entering tens (or hundreds, or thousands) of names; they should have sophisticated software that is able to identify “potential matches” when names are not a “perfect match;” and they should also maintain records of all screening activities.  Another important advantage of having a vendor perform exclusion screening is that they should be able to screen the various State exclusion lists at little or no additional cost.  Finally, even though the provider cannot delegate its overpayment liability, having a 3rd party that regularly screens all names can provide strong defenses against the imposition of any civil money penalties.[35]

XIII. Self-Disclosing OIG Exclusion Violations[36]

The OIG’s updated Self-Disclosure Protocol issued a new section for self-disclosing exclusion violations and a formula for calculating single damages. In addition to creating a path for self-disclosures and injecting some certainty into the process, the updated protocol clarified the OIG’s expectation that providers fully comply with exclusion regulations and its intention to enforce the exclusion regulations if providers fail to do so.  

The protocol requires that providers fully investigate the matter and submit their findings in a narrative that includes the following information:

  • Identification information regarding the excluded individual including license and provider identification information (if any);
  • Job duties, and their dates of service;
  • A description of the screening that took place both prior to and after employment began;
  • How the problem was discovered or and the corrective actions taken; and
  • A calculation of the loss.  

A. Calculation of the “Loss”

Prior to the update, calculating the “loss” for exclusion violations was particularly problematic if the employee provided services that indirectly contributed to the submission of a claim but were not billable in of themselves (e.g., nurses, surgical assistants, etc.) or if the employee provided services that supported the organization but were not connected with any specific claims (e.g., administrative, IT or housekeeping services).  Providers were at a loss when attempting to calculate the single damages of exclusion violations associated such individuals. To calculate the loss for an excluded shift supervisor, would every service provided during every shift while the shift supervisor was employed be tainted and constitute an overpayment? How would one calculate the overpayment amount for a biller or coder, or a coding or billing supervisor?

The revised protocol directly addressed this issue of how to self-disclose by creating a  simple, workable methodology that could be used to generate an amount, which would then serve as a proxy for the single damages. Specifically, the formula requires providers to do the following: 

  1. identify the total cost of employment for the excluded person or persons (including benefits, etc.) during the period of employment; 
  2. calculate the provider’s payor mix (by the unit in which the person worked if possible, or by the entire entity if not); and 
  3. simply multiply the cost by the federal mix.  

The result can then be used as a “proxy” for the single damages and as basis for “compromising the OIG’s CMP authority.”  Since the calculation considers the contribution of the excluded employee during the exclusion period and the extent of the federal contribution to the organization, it provides a generally proportionate result in matters involving non-billing employees that provide services that contribute to claims to federal health care payers.[37]

XIV. Reinstatement

Reinstatement at the conclusion of an exclusion period is not automatic. Applications may be submitted 90 days prior to the reinstatement date. However, in many permissive exclusions, the reinstatement date is dependent upon external factors that are unknown at the time of the exclusion. For example, when a person is excluded based on a license revocation, he is not eligible for reinstatement until he has regained the license referenced in the exclusion or an equivalent license in another state. Alternatively, if the person does not regain his license, he may seek reinstatement if a minimum of 3 years has passed and the action was not based on patient abuse or neglect. 42 CFR § 1001.501(b)-(c).  An OIG Exclusions based on a State health care program exclusion is also linked in length to that action, but a person subject to exclusion on this basis is not eligible for reinstatement until the State exclusion is lifted – unless the basis of that action was an OIG Exclusion in the first place. 42 CFR § 1001.601(b).

If the OIG determines that the provider is eligible for reinstatement, the OIG will send the provider a number of forms and releases of information to be completed, notarized, and returned. In evaluating reinstatement requests, the OIG considers the following: 

  • Conduct of the individual or entity prior to, and after, the exclusion; 
  • Whether there are reasonable assurances that the conduct that formed the basis for the original exclusion will not recur; 
  • Whether all fines and all debts due have been repaid or if there are satisfactory arrangements for those that have not; 
  • The benefits of reinstatement to Federal health care programs and its beneficiaries; and 
  • Whether CMS has determined that the individual or entity complies with, or has made satisfactory arrangements to fulfill, all the applicable conditions of participation. 42 C.F.R. § 1001.3002. 

Once it has completed its review, the OIG will notify the applicant of its decision. If an application for reinstatement is denied, the excluded individual or entity has 30 days to submit documentary evidence and written argument against the continued exclusion. He may also make a request to present written evidence and oral argument to an OIG official. After evaluating the submission, the OIG will send the provider written notice of its final decision. If the OIG confirms its decision to deny reinstatement, the decision is not subject to administrative or judicial review and the provider must wait at least one year to submit another request for reinstatement. 42 C.F.R. § 1001.3004. finally, in light of the fact that almost all exclusions are imposed for reasons related to fraud, abuse or drugs, providers should also assess the potential risks excluded entities pose to their patients and their organization.

You can read more about how to apply for reinstatement in our article “How to Apply for OIG Reinstatement

XV. Waivers

The OIG has the authority to grant a “waiver” of an exclusion under certain proscribed circumstances as found in 42 C.F.R. § 1001.1801, et seq.  The request must come from the administrator of a Federal health care program who is “directly responsible” for administering that program under certain limited circumstances. It may not be made on behalf of someone excluded for abuse or neglect. If the request is made on behalf a person that has been the subject of a mandatory exclusion, the administrator must make a determination that 1) the individual or entity is the sole source of an essential specialized service in a community, and, 2) that the exclusion would impose a hardship to the beneficiaries of that program. Requests made on behalf of persons or entities subject to a permissive exclusion must also be made by a program administrator. However, the waiver may be granted if the “OIG determines that imposition of the exclusion would not be in the public interest.” 42 CFR § 10011801(c).  If a waiver is granted, it is applicable only to the program (or programs if made by more than one) for which it has been requested and if the basis for the waiver ceases to exist, it is rescinded.  The decision to grant, deny, or rescind a waiver is not subject to administrative or judicial review. § 10011801(c).  

Our article “What is an Exclusion Waiver and Who May Apply for One?” goes more in-depth about exclusion waivers. 

XVI. Closing Comments

The primary goal of this article is to give providers a comprehensive reference guide on the existing legal and regulatory framework of OIG Exclusions and the risks and potential consequences of exclusion violations and to make suggestions on compliance strategies to avoid those risks.  However, providers are reminded that there are additional good reasons for having a rigorous and effective exclusion screening program.  State Medicaid programs, for example, often have screening requirements that are more rigorous than those of the OIG; and, finally, in light of the fact that almost all exclusions are imposed for reasons related to fraud, abuse, or drugs, providers should also assess the potential risks excluded entities pose to their patients and their organization.

About the Author

Provider's Guide to OIG Exclusions

Paul Weidenfeld is a former federal healthcare fraud prosecutor and Department of Justice National Health Care Fraud Coordinator. His principal area of practice is healthcare fraud and abuse and the Federal False Claims Act, and he has represented providers and individuals in healthcare matters since leaving government in 2006. Mr. Weidenfeld also has an extensive litigation background that includes numerous trials and appeals and appearances before the United States Supreme Court, the Federal 5th Circuit Court of Appeals, and the Louisiana Supreme Court.

For a quote and for more information about how Exclusion Screening can help you please call us at 1-800-294-0952 or fill out the form below.


[1]“OIG” in this paper refers to “Office of Inspector General, Department of Health and Human Services” unless otherwise stated.  The term “OIG Exclusion” is used as shorthand for an administrative action taken by the OIG barring an individual or entity from participating in Federal health care programs pursuant to §1128(a)(1)-(4), (b)(1)-(b)(16) or §1156 of the Social Security Act (SSA).

[2]This article focuses on exclusions from a regulatory and enforcement perspective, but exclusions also play a critical role in compliance and risk management programs. See, e.g., HCCA, Measuring Compliance Program Effectiveness: A Resource Guide (Jan. 2017), available at ttps://oig.hhs.gov/compliance/compliance-resource-portal/files/HCCA-OIG-Resource-Guide.pdf. (guidance reconfigures the traditional “Seven Elements of an Effective Compliance Program” and makes the “Screening and Evaluation of Employees, Physicians, Vendors, and other Agents” an element unto itself – or the new “Seventh Element of Compliance”).

[3] The Medicare-Medicaid Anti-Fraud and Abuse Amendments of 1977, Public Law 95-142.  In 1979, the Department of Health Education and Welfare was renamed the Department of Health and Human Services (HHS).

[4]See e.g. Crackdown on Health Care Fraud, https://www.nytimes.com/1995/12/22/us/in-crackdown-on-health-care-fraud-us-focuses-on-training-hospitals-and-clinics.html.

[5] In addition to establishing the principle of insurance portability, HIPAA contained several provisions related to healthcare fraud enforcement, including containing legislation that significantly increased the ability of law enforcement agencies to obtain and share information and establishing the Health Care Fraud and Abuse Fund (HCFAC) as a permanent funding source specifically designated for health care fraud enforcement.

[6] The effect of an OIG Exclusion is addressed in the Special Advisory Bulletin on the Effects of Exclusion from Federal Health Care Programs,” issued September 2, 1999, and in the “Updated Special Advisory Bulletin on the Effect of Exclusions from Participation in Federal Health Care Programs,” issued May 8, 2013.  Hereinafter, the initial advisory will be referred to as the “1999 Special Advisory” and the update will be referred to as the “Updated Special Advisory” or the “2013 Special Advisory.”  The 1999 Special Advisory can be found at: https://oig.hhs.gov/fraud/docs/alertsandbulletins/effected.htm; the 2013 Updated Special Advisory can be found at https://oig.hhs.gov/exclusions/files/sab-05092013.pdf.

[7] Inspector General June Gibbs Brown, in the press release for the 1999 Special Advisory.

[8] See 42 C.F.R. § 1001.10. Definitional changes were made to direct and indirect claims pursuant to rulemaking authority granted to the OIG in the MMA and the ACA; See also, OIG Advisory Opinion No. 18-01 at 5 (Feb. 20, 2018) available at https://oig.hhs.gov/fraud/docs/advisoryopinions/2018/AdvOpn18-01.pdf.

[9] The Data in the figures in this section come from the exclusion data reported in the List of Excluded Individuals/Entities (LEIE) by calendar year.

[10] The data in the charts in this section comes from exclusion data reported in the List of Excluded Individuals/Entities (LEIE).

[11] These calculations are based on the composition of the LEIE through December 31, 2017.

[12] See, §§ 1128(c)(3)(G)(i) and (G)ii of the SSA. See also 82 Fed. Reg. 4100.

[13] See https://oig.hhs.gov

[14] See Criteria for implementing section 1128(b)(7) exclusion authority (April 18, 2016) available
at https://oig.hhs.gov/exclusions/files/1128b7exclusion-criteria.pdf. The OIG breaks these down into “high-risk factors,” “low-risk factors,” and factors that have “no effect.” High-risk factors include the impact on beneficiaries’ cooperation, and whether an adverse licensing action occurred. “Lower risk” factors include acceptance of responsibility and self-disclosure. Factors that are “expected,” and thus have “no effect”, are cooperation in the investigation and having a compliance plan with the seven elements of compliance.

[15] See Guidance for the Implementation of its Permissive Exclusion Authority Under Section 1128(b)(15) at 1, available at https://oig.hhs.gov/fraud/exclusions/files/permissive_excl_under_1128b15_10192010.pdf. The guidance was issued because 1128(b)(15) provides for exclusion based on whether the individual in question is either an owner or an officer or a managing employee and the analysis is different for each.

[16] Criteria for implementing section 1128(b)(7) exclusion authority (April 18, 2016) available at https://oig.hhs.gov/exclusions/files/1128b7exclusion-criteria.pdf.See also 81 Fed. Reg. 88, 334 (Dec. 7, 2016): “In 1981, Congress enacted the CMPL, section 1128A of the Act (42 U.S.C. §1320a-7a), as one of several administrative remedies to combat fraud and abuse in Medicare and Medicaid”

[17]Id. 81 Fed. Reg. at 88.

[18] This is a listing of the CMP authorities related to exclusion violations. A complete listing of the OIG CMP authorities can be found on the OIG’s website, or at 42 C.F.R. § 1003.210.

[19] The OIG may also impose a penalty or, when applicable, an assessment, against a Medicare Advantage or Part D contracting organization with a contract under section 1857 or 1860D-12 of the SSA if any of its employees, agents, or contracting providers violate § 1003.400(a) – (d).

[20] The penalty amounts for CMPs and assessments are updated annually and are published at 45 C.F.R. § 102.

[21] A discussion of the change is found in 81 Fed. Reg. 88, 334 (Dec. 7, 2016).

[22] See 42 CFR § 1004.140(c); see also Criteria for implementing section 1128(b)(7) exclusion authority (April 18, 2016), available athttps://oig.hhs.gov/exclusions/files/1128b7exclusion-criteria.pdf..

[23]See § 3729(a)(1) of the Fraud Enforcement Recovery Act of 2009 and § 6401of the Affordable Care Act (2010).

[24]The Self Disclosure protocol was updated on April 17, 2013, and the Special Advisory was updated May 3, 2013.

[25]The Office of Evaluations and Inspections (OIG/OEI) and the Office of Audit (OIG/OA).

[26]The table cited is intended to be a demonstrative sample of settlements. Settlement of exclusion civil money penalty cases are reported and published on the OIG website, available at https://oig.hhs.gov/fraud/enforcement/cmp/index.asp

[27]Cases referenced herein have been reported and published on: https://oig.hhs.gov/fraud/enforcement

[28]Overpayments that are not the result of a regulatory violation can occur if a provider properly screens and an employee is added to the LEIE while employed. This would limit the overpayment and not result in a CMP. 

[29]The updated Bulletin was issued, in part, to provide guidance

[30]CIAs are imposed by the OIG in lieu of their imposing administrative remedies in cases involving FCA investigations.  As such, requirements in them are sometimes concrete examples of OIG interpretations and expectations, and therefore they can be useful as “guidance.” 

[31]Meaning to take actions sufficient to ensure that the employee does not touch federally reimbursed services. But even if it were possible that a provider could meet this test, the scope of the payment prohibition is so broad that it is unlikely that it would be worth the effort to remove them from the screening list. 

[32]See, https://downloads.cms.gov/cmsgov/archived-downloads/SMDL/downloads/SMD061208.pdf

[33]See https://downloads.cms.gov/cmsgov/archived-downloads/SMDL/downloads/SMD011609.pdf

[34]In addition to meeting its regulatory obligations, a proper exclusion screening program can also provide significant benefits to compliance and risk management programs. See HCCA, Measuring Compliance Program Effectiveness: A Resource Guide (Jan. 2017), available at  https://oig.hhs.gov/compliance/compliance-resource-portal/files/HCCA-OIG-Resource-Guide.pdf.

[35]States, at a minimum, require that providers screen the LEIE and the State List (if there is one). However, they may also require providers to screen additional State Lists and/or additional Federal debarment lists.

[36] As noted in footnote 1, the author is a co-founder of Exclusion Screening, LLC, a third-party vendor of exclusion screening services. 

[37]See OIG’s Provider Self-Disclosure Protocol (April 17, 2013), available at https://oig.hhs.gov/compliance/self-disclosure-info/files/Provider-Self-Disclosure-Protocol.pdfhow to 

Frequently Asked Questions

OIG Basics

Exclusions are final administrative sanctions imposed by the Office of Inspector General for the Department of Health and Human Services (HHS/OIG, or simply OIG) that bar individuals and entities from participating in Federal and State health care programs such as Medicare, Medicaid, CHIPs, and any other program that receives federal funding.  Federal programs are prohibited from paying for items or services provided by excluded parties, and providers that employ or contract with them risk the imposition of civil money penalties and significant overpayment liability. In addition to the authority to impose exclusions, OIG is authorized to enforce compliance with exclusion regulations through civil money penalties and overpayments.

For more information on OIG Exclusions, visit What is an OIG Exclusion? 

The LEIE, or List of Excluded Individuals/Entities, is the database that identifies all of the individuals and entities that are currently under an exclusion sanction imposed by the Office of Inspector General (OIG).  The LEIE is hosted and maintained by the OIG,  which has the authority to impose exclusions and enforce violations of exclusion regulations. The LEIE website and it currently has almost 80,000 entries and increases each year.

To read more about the difference between the LEIE, GSA/SAM, and State Exclusion Lists, visit How the LEIE, GSA/SAM, and State Exclusion Lists Differ; And Why They Need to be Screened

The GSA/SAM list is centralized registry that identifies individuals and contractors that have been debarred or suspended from contracting with federal agencies.  The name is derived from the fact that the General Services Administration (GSA), the agency that oversees federal government contracting and procurement activities, is responsible for administering and updating the list; and the list is hosted on the agency’s System of Award Management (SAM).  In 2012, the GSA’s Excluded Provider List System (EPLS) and several other active and legacy debarment and suspension systems were migrated to GSA/SAM to consolidate and centralize the process. 

For more information on the importance of GSA’s SAM Database, visit Why is it Important to Screen Against the GSA’s SAM Database?

The process for imposing exclusions depends on the type of exclusion being imposed. For mandatory exclusions, the OIG sends the party a Notice of Exclusion. The notice identifies the basis and effect of the exclusion and the party of its appeal rights. It also notifies the party that their exclusion is effective 20 days after the notice was mailed.  The process for permissive exclusions depends upon the basis for the exclusion.  being imposed. In most instances, the OIG initiates the process with a Notice of Intent to Exclude that gives the party it seeks to exclude 30 days to respond in writing with relevant information or evidence in addition. The OIG will then consider the response and make a decision. There are, however, some permissive exclusions in which the OIG is authorized to proceed directly to the Notice of Exclusion as it does with mandatory exclusions; and there are some limited instances in which the party is entitled to a full hearing with the right to call witnesses and to discovery The process of exclusions and appeals are governed by 42 C.F.R. §§ 1001.2001- 1001.2007.

 

Exclusions can be reviewed by an ALJ, appealed to the Department Appeals Board, and, ultimately, taken to Federal Court – but as a practical matter, the right to dispute and appeal an OIG Exclusion is limited to the length of an exclusion, and not the validity of the exclusion itself. The reason that appeals are so limited is that excluded parties do not have the right to challenge or re-litigate “final determinations” that form the basis of an exclusion such as convictions (which are the basis for all mandatory convictions) or licensing board actions (the basis for over 90% of all permissive exclusions) or civil judgments (the basis for almost all of the rest of the permissive exclusions).  Excluded parties can, however, challenge the length of an exclusion and that often happens. The process of exclusions and appeals are governed by 42 C.F.R. §§ 1001.2001- 1001.2007.

 

Exclusions are effective 20 days after the mailing of the Notice of Exclusion. With respect to permissive exclusions, however, if a request for review to the ALJ is made, the OIG may, in its discretion, delay the effective date until after the ALJ makes his decision.  Once an exclusion is final, the OIG posts it on the LEIE, and sends notices to various State and Federal interests including, but not limited to, State licensing boards, State health programs, medical societies, Medicaid fraud control units, and the National Practitioner Data Bank. 

For more information on the importance of GSA’s SAM Database, visit Why is it Important to Screen Against the GSA’s SAM Database?

Mandatory exclusions must be imposed for a minimum of 5 years and most permissive exclusions are imposed for a minimum of 3 years (there are a few that can be imposed for slightly shorter periods).  However, these are minimum periods of time and, depending on the facts and circumstances, they can be imposed for significantly longer periods of time. 

For more in-depth information on the length of mandatory exclusions, visit What is the Length of A Mandatory Exclusion?

The Office of Inspector General (OIG) has the authority to impose a mandatory exclusion if one of the following conditions are met: 1) A conviction of any type related to a Federal or State Health Care Program; 2) A conviction of any type relating to the neglect or abuse of patients; 3) A felony conviction relating to a health care fraud program other than Medicare or Medicaid, and 4) A felony convictions relating to the unlawful manufacture, distribution, prescription, or dispensing of a controlled substance. Mandatory exclusions must be imposed for at least five years but are often imposed for a much longer period of time. It is also noted that mandatory exclusions account for approximately half of all exclusions and they

Permissive exclusions are generally imposed for at least three years (there are some exceptions) and there is a much wider range of conduct for which they may be implemented. By way of example, they can be imposed for any of the following reasons:

  • Misdemeanor convictions related to fraud or to certain drug offenses
  • Providing unnecessary or substandard services;
  • Submission of false or fraudulent claims to a Federal health care program,
  • Defaulting on health education loan or scholarship obligation, and
  • Controlling a sanctioned entity as an owner, officer, or managing employee

Although there are over 20 different bases for the imposition of permissive exclusions, almost 90% are based on a licensing disciplinary action, such as a suspension, revocation, or surrender. Beyond licensing, the other main categories for permissive exclusions are defaulting on federal education loans and the transfer of an excluded entity to avoid the consequences of an exclusion.

Request a demo, inquire about Pricing, or to ask about our services,

Share this article