OIG’s Updated Special Advisory Bulletin on the Effect of Exclusions

OIG Sanction Checks
The Office of the Inspector General (OIG) Broadly Interprets Exclusion Regulations
OIG’s Demonstrated Interest in Exclusion Screening and Forewarning of Increased Enforcement Efforts
By Paul Weidenfeld

The OIG’s Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs[1] explains the types of conduct that could violate the payment prohibition, which regards items or services provided by excluded persons, and the potential administrative sanction checks for employing excluded persons or contractors. The advisory was issued less than a month after OIG specifically amended its Self-Disclosure[2] protocol to include exclusion violations.

Although the advisory bulletin provides some guidance on the screening of employees and contractors, it is not very helpful. Thus, the timing of the advisory and its emphasis on enforcement strongly suggested that OIG would expand its efforts. Subsequent events have shown this to be true.

I.  The Regulations on Payment and Penalties

The regulation prohibiting payment for services furnished or provided by excluded persons, 42 CFR § 1001.1901(b), states that payments should not be made for items or services furnished “by an excluded individual or entity, or at the medical direction or on the prescription of a physician or other authorized individual who is excluded when the person furnishing such item or service knew or had reason to know of the exclusion.” The regulation’s language makes no reference to services or items provided by employees or contractors, so one could reasonably understand the payment prohibition to be relatively narrow.

Reasonable or not, the OIG takes the opposite view and interprets the prohibition expansively. In its view, the regulation applies to “all methods of . . . payment,”[3] and includes virtually any item or service performed by an excluded person or entity that contributes in any way to any form of reimbursement. The bulletin advises, for instance, that the preparation of a surgical tray by an excluded person could run afoul of the prohibition, as could inputting information into a computer by an excluded person. Administrative and management services, IT support, and even strategic planning would also be prohibited “unless wholly unrelated to Federal health care programs.” Even a volunteer’s assistance might trigger the prohibition if he or she was excluded.

OIG takes a similar approach when interpreting 42 CFR §1003.102(a)(2), which gives OIG authority to issue Civil Money Penalties (CMPs) for violations of the payment prohibition in addition to sanction checks for the submission of false or fraudulent claims.[4] In its view, the imposition of penalties are appropriate if an “excluded person participates in any way in the furnishing of items or services that are payable by a Federal health care program” and if the provider “knew or should have known” of the exclusion. Furthermore, the prohibition extends to “all categories of items or services”—whether they involve direct or indirect care, are administrative or management services, or even, as noted previously, if an excluded volunteer provided part of a service that was ultimately reimbursed. As long as the provider’s claim includes “any items or services furnished by an excluded person,” and the provider “knew or should have known” of the exclusion, OIG has the authority to issue CMPs.

II.  OIG Sanction Checks Guidance on Screening: Follow at your own Peril!

According to the advisory, providers can “avoid potential CMP liability” by checking the LEIE (OIG’s List of Excluded Individuals and Entities) “to determine the exclusion status of current employees and contractors.” OIG describes the LEIE as a “tool” that is “searchable” and “downloadable” to enable providers to identify excluded employees and contractors, and recommends that providers check it monthly to “minimize potential overpayment and CMP liability.”[5]

The section on screening suggests that the process is a relatively easy one. It states that providers have to simply “review each job category or contractual relationship to determine whether the item or service being provided is directly or indirectly, in whole or in part, payable by a Federal health care program. If the answer is yes, then . . .  [providers must] screen all persons that perform under that contract or that are in that job category.”[6] Simple as that? Unfortunately, no. There are a number of problems the guidance fails to recognize or understand.

III. Failures of OIG’s Guidance in Advisory Bulletin

To begin, though the LEIE can be searched, it can only search five employees at a time. Each name has to be entered manually, and potential matches must be verified individually. This might work if a provider only has to screen a handful of employees or contractors, but imagine how long searching 100 employees, five at a time, would take. Or 1,000? Or 10,000? Nor does downloading the database help many providers. Most do not have the IT capability to compare their employee database to the LEIE in any reliable or economically viable way.

The OIG’s guidance that providers simply need to use “the same analysis” for contractors and subcontractors “that they would for their own employees” is also problematic.[7] It is difficult enough to identify every employee who contributes in any way to items or services that contribute to any amount of reimbursement in any form, but it is extremely unrealistic to expect a provider to meet that standard for his contractors, subcontractors, and their employees. Wouldn’t almost every person that walked into hospital or nursing home that wasn’t a patient or relative be a candidate? And what about their co-employees working out of their offices?

Still another concern, perhaps the most significant one, is that the guidance can be read to give the impression that providers can satisfy their screening obligations by conducting searches of the LEIE on a regular basis. The OIG might be satisfied with screening the LEIE on a regular basis, but such a screening protocol is unlikely to satisfy the various state Medicaid requirements or state regulations. For instance, approximately 38 states have their own sanction checks lists, and providers are required to check these state lists. Some states also require providers to certify that none of their employees or contractors have been “suspended, or excluded from Medicare, Medicaid or other Health Care Program in any state![8] Even the OIG’s advice that exclusion checks be completed on a “regular” basis would be inadequate in most states, as CMS has directed State Medicaid directors to require monthly screening and most, perhaps all, have followed that directive.

IV.  Final Thoughts

Exclusion screening has clearly become a “front burner” issue for OIG. Providers should take note of OIG’s broad interpretation of their obligations and of its inclusion in the Self-Disclosure Protocol. Providers also need to be aware of the regulations in their States which are typically more onerous that federal ones. Finally, while there are a number of difficult questions that don’t have easy answers (such as, Who do I need to screen? Which databases do I screen? How can I accomplish screening? and How do I deal with contractors?), they are easier to deal with sooner rather than later, and they are dangerous to put off.

OIG Sanction Checks

Paul Weidenfeld, Co-Founder and CEO of Exclusion Screening, LLC, is the author of this article. He is a longtime health care lawyer whose practice has focused on False Claims Act cases and health care fraud matters generally. Contact Paul should you have any  questions at: pweidenfeld@exclusionscreening.com or 1-800-294-0952.


[1] The 2013 Bulletin “replaces and supersedes the 1999 Bulletin.” Dep’t of Health and Human Servs. Office of the Inspector Gen., Updated Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs, 4 (May 8, 2013).

[2] Update to Self-Disclosure Protocol issued April 17, 2013, Dep’t of Health and Human Servs. Office of the Inspector Gen.

[3] “This payment prohibition applies to all methods of Federal health care program payment, whether from itemized claims, cost reports, fee schedules, capitated payments, a prospective payment system or other bundled payment, or other payment system and applies even if the payment is made to a State agency or a person that is not excluded.” Updated Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs at 6.

[4] The regulation authorizes CMPs under circumstances where a person making a claim:

“knew, or should have known, that the claim was false or fraudulent, including a claim for any item or service furnished by an excluded individual employed by or otherwise under contract with that person.”

While the regulation’s reference to excluded persons seems clearly intended to clarify the circumstances under which CMPs would be applicable to false claims, the OIG’s interpretation that it also authorizes sanctions for violations of the payment prohibition is accepted and rarely, if ever, questioned.

[5] Updated Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs at 15. The OIG recognizes that there is no federal requirement to check the LEIE monthly, recommends it. It also recommends that providers rely on the LEIE over other databases such as GSA-SAM and NPDB.

[6] Updated Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs at 15. Providers were also advised that they could rely on contractor screening, but that they would remain responsible for overpayment liability and CMPs if it failed to ensure that “appropriate exclusion screening had been performed.” Id.

[7] Updated Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs at 16.

[8] See, for example, Rule § 352.5 of the Texas Administrative Code which states:

Prior to submitting an enrollment application, the applicant or re-enrolling provider must conduct an internal review to confirm that neither the applicant or the re-enrolling provider, nor any of its employees, owners, managing partners, or contractors (as applicable), have been excluded from participation in a program under Title XVIII, XIX, or XXI of the Social Security Act.

An even more exacting obligation is found in Louisiana where provider agreements require applicants to certify that no employee is:

not now or … ever been: suspended or excluded from Medicare, Medicaid or other Health Care Program in any state” or “employed by a corporation, business, or professional association that is now or has ever been suspended or excluded from Medicare, Medicaid or other Health Care Programs in any state” (emphasis added).

CMP Liabilities: Why Are Some Much Higher Than Others?

A quick review of the Office of Inspector General’s (OIG) exclusion enforcement actions might make one wonder why the Civil Monetary Penalties (CMPs) for some entities are only $10,000 while others are closer to $2,000,000. We were curious as well, and took a look into the factors that might contribute to the vast differences in money owed.

 CMP Liabilities Higher

The easiest answer is that CMPs tend to be lower for entities that self-disclosed the exclusion violation as opposed to entities that were subject to an OIG investigation. “Tend” is the key word here. You’ll notice that the August 5, 2014 case (see “CMP Liabilities Higher” link above) was self-disclosed and has the highest CMP amount listed at $1,983,907.51.

I.  CMP Liability Depends on How Many Excluded Individuals Are Hired

Another contributing factor is the number of excluded individuals that the provider employed or contracted with. More individuals means that more claims were likely submitted for payment. Therefore, the government likely paid more money to these providers than providers who only employed or contracted with one excluded person. This is evident in the two exclusion actions which took place on August 5, 2014. The University Hospital employed one excluded individual and owed $10,000 in CMP liabilities, while the laboratory owed nearly $2,000,000 because it knew or should have known that four employees were excluded from participation in the federal health care programs. However, it’s important to note that the March 7, 2014 case which totaled $243,266.31 in CMPs only involved one excluded individual. So what is going on?

II.  CMP for Each Item or Service Provided

OIG has discretion to impose CMPs of up to $10,000 for each item or service that the excluded individual provided. Hence, the length of time and the number of items or services provided by the excluded individual directly contribute to the total CMP amount imposed on a provider. The March 7, 2014 case involved a nursing and rehabilitation center, so it is likely that a large majority of the entity’s claims were submitted to the Federal health care programs for payment. Additional information about the excluded individual is not available, but the rules governing CMPs lead us to believe that this individual was employed with the facility for a fairly substantial period of time and provided a large number of items and services that were directly or indirectly billed to the Federal health care programs.

The Federal health care program monies may not be used for activities that violate the law. Therefore, even a self-disclosing entity[1] will be subject to large CMPs if the excluded individual performed a lot of services that were billed (directly or indirectly) to the Federal health care programs.

III.  Our Take-Away

Our take-away from this closer look at CMPs confirms that it is best to identify an individual or entity that is excluded as soon as possible. This is where monthly screening comes in. You might screen your employee or contractor before hiring, but if you continue to let that employee or contractor conduct services that are billed directly or indirectly, you may be responsible for paying that money back. Finding out a person is excluded one month into a relationship with them is much better than learning about the exclusion six months or a year later because the person will not have had an opportunity to perform an extreme amount of services that will get you into hot water. 

CMP Liabilities

Paul Weidenfeld, Co-Founder and CEO of Exclusion Screening, LLC, is the author of this article. He is a longtime health care lawyer whose practice has focused on False Claims Act cases and health care fraud matters generally. Contact Paul should you have any questions at: pweidenfeld@exclusionscreening.com or 1-800-294-0952.


[1] Providers are reminded that OIG may use a lower multiplier for damages in self-disclosure cases, but it is under no obligation to do so. Dep’t of Health and Human Servs. Office of the Inspector Gen., Updated OIG’s Provider Self-Disclosure Protocol, 14 (Apr. 17, 2013).

CMS Finds Fault with Exclusion Information Sharing Between States

CMS
I.  Take It from CMS: If You’re Excluded in One State, You’re Excluded in All States

Section 6401(b)(2) of the Affordable Care Act (ACA) required the Centers for Medicare and Medicaid Services (CMS) to create a national database where State agencies could share and access information about individuals and entities that were terminated from the Medicare, Medicaid, or CHIP programs.[1] This platform would help states comply with ACA section 6501,[2] which mandates that a provider must be terminated in all state Medicaid programs if he or she were terminated “for cause”[3] in one state. CMS created the Medicaid and Children’s Health Insurance Program State Information Sharing System (MCSIS) to make this exclusion information available to all State Medicaid agencies.[4]

  Under section 6401(b)(2), states were asked to submit the terminated provider’s name, National Provider Identifier (NPI), and other identifying information to MCSIS. This information was incorporated into MCSIS so that other states could identify providers that needed to be terminated. Even though CMS has the authority[5] to require states to submit this information, it has only asked states to comply. CMS’ failure to make reporting mandatory resulted in a very deficient database.

II.  CMS’ Comprehensive List…Not So Comprehensive

  Only thirty-three states[6] submitted information to CMS and many of the records were incomplete. For example, CMS asked states to only submit providers that were terminated “for cause,” but over 2,000 records lacked a “for cause” termination.[7] In addition, 59 percent of the records also did not include provider NPIs,[8] which the ACA specified as a mandatory database component.[9] Many other data fields, like provider type[10] and address, were blank.

  Seventeen states[11] and the District of Columbia failed to submit any data in the two years between MCSIS’s creation and the Office of the Inspector General’s (OIG) review.[12] Four states[13] submitted 72 percent, or 3,413 of 4,713 total Medicaid records.[14] The other states that reported information reported very small numbers. For example, Massachusetts only submitted two excluded providers between 2011 and 2013.[15] Even though, it excluded fifteen providers in 2012.[16]

 OIG concluded that CMS needed to improve its exclusion information-sharing process.[17] Specifically, CMS should mandate that state agencies report all “for cause” terminations.[18] OIG also stated that CMS should also remove all providers that were not terminated “for cause,” or if it would like to expand its database, then it must issue new guidance instructing the states as to which providers must be terminated under section 6501.[19]

III.  CMS Creates New List: OnePI Portal

  CMS agreed with OIG, and disclosed that it is in the process of creating a private database, the OnePI portal.[20] OnePI is accessible to only CMS, State Medicaid agencies, and CHIP. It provides a private platform for states to share information about terminated providers.

 Under this new system, CMS will require states to submit a copy of the termination letter sent to the provider. Then, CMS will review these letters to ensure that the provider should be included in the OnePI database.[21]

 CMS has not provided a proposed completion date for OnePI.[22] Furthermore, there is no information available in regard to whether this data will be incorporated into the LEIE, if it will be available to providers, or if states will be required to integrate excluded providers from other states into their Medicaid termination lists.

IV. Conclusion

This inaccurate reporting of data illustrates why it is critical to check all state Medicaid lists in addition to OIG-LEIE and GSA-SAM. You will be held responsible if you employ or contract with an excluded individual. A provider that is excluded in one state is excluded in all states. 

CMS

Ashley Hudson, Associate Attorney at Liles Parker, LLP and former Chief Operating Officer for Exclusion Screening, LLC, is the author of this article. Contact the exclusion experts at Exclusion Screening, LLCSM today for a free consultation by calling 1-800-294-0952 or online.


[1] Dep’t of Health and Human Servs. Office of the Inspector Gen., CMS’s Process for Sharing Information about Terminated Providers Needs Improvement, 1–2 (Mar. 2014).

[2] 42 C.F.R. § 455.416(c).

[3] States are only required to terminate providers from their Medicaid programs if they were terminated “for cause” under another state program. “For cause” means a provider was terminated due to fraud, integrity or quality.  Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 2.

[4] Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 1.

[5] Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 13.

[6] Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 7.

[7] Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 7.

[8] Not all providers are assigned NPIs. Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 4, 9.

[9] Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 2.

[10] Thirty-three percent of MCSIS records did not contain information about the provider type. Furthermore, some states identified 95 percent of providers as “other” when 25 different specific provider types were provided in a drop-down menu. See Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 11.

[11] The seventeen states were: Colorado, Hawaii, Kentucky, Minnesota, Montana, New Hampshire, New Mexico, North Carolina, North Dakota, Oklahoma, Oregon, South Carolina, South Dakota, Texas, Utah, West Virginia, and Wyoming. See Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 16.

[12] Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 7.

[13] California, New York, Pennsylvania, and Illinois. See Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 7.

[14] Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 7.

[15] Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 16.

[16] Massachusetts Health and Human Services, Suspended/Excluded MassHealth Providers as of 5/31/2014, 2, http://www.mass.gov/eohhs/docs/masshealth/provlibrary/suspended-excluded-masshealth-providers.pdf (last accessed June 6, 2014).

[17] Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 13.

[18] Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 13.

[19] Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 14.

[20] Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 22.

[21] Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 22.

[22] Dep’t of Health and Human Servs. Office of the Inspector Gen., supra note 1, at 22–23.