Medicare and Medicaid Exclusion Screening Compliance: A Challenging Problem with a Surprisingly Simple Solution©
Since August 2014, the Office of Inspector General (OIG) has collected roughly $3.75 Million in Civil Money Penalties (CMPs) in cases involving the employment of persons that have been “excluded” from Medicare. This amount exceeds the total CMPs assessed by OIG on this issue in all of 2013. This continues an established trend. The number of exclusion cases has more than doubled over the last three years. The OIG specifically added exclusion violations to its Self Disclosure Protocol and followed that with new guidance on the issue within a matter of weeks last spring. Furthermore, even the Office of Audit Services has become involved with a data analysis project that supports enforcement efforts. Considering this increasing interest, the failure to properly screen for excluded employees or contractors has become a real and tangible risk for providers that should not be ignored.
I. What is An Exclusion?
The Department of Health and Human Services (HHS) is responsible for administering the Medicare and Medicaid Programs and it decides who may receive benefits under these programs as well as who will be allowed to provide them. When it is determined that a person or entity will not be permitted to provide services to the program, that person or entity is said to be “excluded.”
The authority to exclude individuals and entities from Federal health care programs has been delegated by the Secretary to the OIG. There are two types of exclusions, mandatory and permissive, and both have the effect of barring an individual or entity from participating in all Federal health care programs until such time, if ever, that their privilege has been reinstated. Mandatory exclusions last a minimum of 5 years and must be imposed if a person or entity is convicted of certain criminal offenses. These include, among others, offenses related to defrauding Federal or State health care programs, felony convictions for other health care related offenses, most drug related felony convictions, and patient abuse or neglect.
Permissive exclusion authority implicates a much wider range of conduct. Samples of the types of conduct for which permissive exclusions may be imposed include misdemeanor conviction related to defrauding heath care fraud programs; drug related misdemeanors; suspension, revocation or surrender of a health care license based on competence, performance, or financial integrity; providing unnecessary or substandard services; submitting false claims; defaulting on health education loans or student loans, and so on.
II. If I’m Not Excluded, How, or Why, Does it Affect Me?
Providers are affected because the impact of an exclusion extends to anyone who employs or contracts with the excluded person or entity. 42 CFR § 1001.1901(b) states that payments cannot be made for items or services furnished “by an excluded individual or entity, or at the medical direction or on the prescription of a physician or other authorized individual who is excluded when the person furnishing such item or service knew or had reason to know of the exclusion.” Though the language of the regulation appears to be directed at excluded persons who provide direct, billable services, the OIG broadly interprets the regulation to create a “payment prohibition” that includes virtually any item or service performed by an excluded person that contributes to any claim for reimbursement from any Federal or State Health Care Program.
By way of example, in the OIG’s view the preparation of a surgical tray by an excluded person or the inputting of information into a computer by an excluded person could run afoul of the prohibition. Similarly, administrative and management services, IT support, and even strategic planning would also be problematic. Even an excluded volunteer’s assistance might trigger the prohibition unless his activities were “wholly unrelated to Federal health care programs.”
In addition to overpayments that could result from the payment prohibition, providers can also be liable for CMPs pursuant to 42 CFR §1003.102(a)(2). Though this regulation, like § 1001.1901(b), seems intended to be restrictive in nature, the OIG conflates it with the payment prohibition and broadly interprets it to authorize CMPs for any violation of the payment prohibition under circumstances where an “excluded person participates in any way in the furnishing of items or services that are payable by a Federal health care program” and the provider “knew or should have known” of the exclusion.
III. What Are the Federal Exclusion Screening Requirements? Are they Difficult To Meet? Are There Separate State Requirements?
Federal screening requirements are contained in the May, 2013 Special Advisory Bulletin. The Advisory Bulletin states that providers can “avoid potential CMP liability” simply by checking the OIG exclusion list, the List of Excluded Individuals and Entities (LEIE), to “determine the exclusion status of current employees and contractors”. According to the Bulletin’s guidance, all providers have to do to meet this obligation is “review each job category or contractual relationship to determine whether the item or service being provided is directly or indirectly, in whole or in part, payable by a Federal health care program.” Then providers must “screen everyone that perform[s] under that contract or in that job category” on a “regular” basis. If only it was that simple.
To start, notwithstanding the fact that the LEIE is a “searchable and downloadable database that can assist in identifying excluded employees,” the logistics of the screening process are extremely challenging. For instance, if a provider elects to use the “search function” of the LEIE, he can only screen five employees at a time and each name must be entered manually. In addition, potential matches can only be verified individually by entering the social security number. This might work well enough if a provider only has to screen a handful of employees or contractors, but how would this work out if a provider has 200, 2,000, or even 20,000 employees? The alternative of downloading the LEIE database is equally problematic.
Most providers simply do not have the capability to download the LEIE (which contains almost 60,000 names) and compare it with their own employee database in any reliable, or economically viable way. Another issue is the requirement that providers apply the same standard to contractors and sub-contractors as to their own employees. Contractors are not likely to want to share their employee lists. Neither would a provider want to screen the employee list of a large contractor. Thus, while the OIG does seem to recognize the issue by suggesting that providers can “choose to rely screening conducted by the contractor,” it immediately follows the suggestion by reminding providers that they remain responsible for both overpayment liability and CMPs if they fail to ensure that “appropriate exclusion screening” had been done.
It is important to remember that the OIG’s guidance addresses only federal concerns. While the OIG may be satisfied with just screening the LEIE on a “regular” basis, there are only a handful of State Medicaid Programs that would find that this satisfied their requirements. Indeed, most States require, at a minimum, that providers screen their State Exclusion List (37 States have them) in addition to the LEIE, and many also require screening of the SAM and/or other State specific exclusions lists (such as sex offender lists, elder abuse lists, etc.).
Still, it is not uncommon for States to add onerous screening requirements through their provider agreements. For example, applicants have been required to certify that no employees or contractors are currently (or have ever been) “suspended, or excluded from Medicare, Medicaid or other Health Care Program in any state” (the emphasis is ours). A final thought on the various State exclusions lists is that the lists have a wide range of formats that vary from excel spreadsheets to unsearchable PDF documents further adding to the problems with screening.
IV. A Simple, Affordable Solution
Exclusion Screening, LLCSM was created because we saw a way to create a simple and cost effective solution to the challenges and risks that exclusion screening and verification requirements were causing our clients and many other practices and organizations. It is simple because once a provider puts together its list of employees and contractors (with our assistance) we do the rest. It is cost effective because Exclusion Screening, LLCSM charges are very small in comparison to the risk. Here’s how it works:
After the employee/contractor list is finalized, we screen it through SAFER™ (State And Federal Exclusion Registry), our proprietary exclusion registry comprised of the LEIE, SAM and all 37 State Exclusion Lists. SAFER™ also has a comprehensive search protocol that is far more inclusive than either the LEIE or SAM, so the screen will generate “potential matches” which are subjected to additional analytics to determine if there are any verified exclusions. Screens are conducted on a monthly basis and a report is sent to the provider that identifies each database that has been searched, the results of each search, all verified matches, and whether there are any outstanding potential matches (some State confirmation processes are more difficult and take longer than others). Interim reports are provided immediately after upon the verification of any match, and supplemental reports track all open potential matches until they are resolved.
Our process is simple, but we feel strongly that the monthly screening of all Federal and State Exclusion Lists will stand up to any level of scrutiny. In our experience, providers want to be in compliance and are willing to pay to ensure it, but they often experience frustration because the “compliance tools” they purchase are costly, time consuming, and difficult to implement. This will never be the case with Exclusion Screening, LLCSM. We not only do all the work once we have the list to be screened, but we also guarantee the provider’s satisfaction.
This article was written by Exclusion ScreeningSM co-founder, Paul Weidenfeld, and originally published within the National Alliance of Medical Auditing Specialists (NAMAS) “Medical Auditing Tip of the Week 12-12-2014″.
Paul Weidenfeld, Co-Founder and CEO of Exclusion Screening, LLC, is a longtime health care lawyer whose practice has focused on False Claims Act cases and health care fraud matters generally. Contact Paul should you have any questions at: email@example.com or 1-800-294-0952.
 The project was identified last month in a press release announcing a CMP settlement for $357,341.96 with a chain of 74 long term care facilities. Seven excluded employees were found within the chain (less than 1 per 10 facilities), and the Office of Audit’s project was specifically credited for identifying 5 of the 7.
 See Sections 1128 and 1156 of the Social Security Act. Though loosely defined to include any program that provides any health benefits, the most significant of these programs are Medicare and TRICARE. Medicaid exclusions are left to the State Fraud Control Units.
 Mandatory exclusions are found at 42 USC § 1320a-7; permissive exclusions at 42 USC § 1320a-7(b).
 The Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs issued May, 8, 2013 replaced and superseded the 1999 Bulletin and states: “This payment prohibition applies to all methods of Federal health care program payment, whether from itemized claims, cost reports, fee schedules, capitated payments, a prospective payment system or other bundled payment, or other payment system and applies even if the payment is made to a State agency or a person that is not excluded, (at page 6 of the Bulletin).
 These are examples taken from the Special Advisory Bulletin, id.
 The regulation seems to be explaining the circumstances under which CMPs are available, not extending them stating that they may be assessed where a person making a claim stating: “knew, or should have known, that the claim was false or fraudulent, including a claim for any item or service furnished by an excluded individual employed by or otherwise under contract with that person.”
 Id., at 11.
 This is the language that appears in the OIG press releases announcing settlements of exclusion violations.
 Special Advisory Bulletin, at 13-18. It is noted, however, that this is a bulletin and not a formal regulation.
 Id., at 15.
 Id., at 15-16. The “same analysis” is used for contractors, subcontractors and employees.
 Id., at 16.
 Id., at 15 n.27.
 Id., at 16.
 Id., at 14.
 Id., at 16.
 The System for Award Management (SAM) is the Official U.S. Government system that consolidated the capabilities of the CCR/FedReg, ORCA, and EPLS which were pre-existing debarment databases.
 See, e.g., Rule § 352.5 of the Texas Administrative Code which states:
Prior to submitting an enrollment application, the applicant or re-enrolling provider must conduct an internal review to confirm that neither the applicant or the re-enrolling provider, nor any of its employees, owners, managing partners, or contractors (as applicable), have been excluded from participation in a program under Title XVIII, XIX, or XXI of the Social Security Act.
See also the Louisiana Medicaid Provider Agreement which requires applicants to certify that no employee is:
“not now or … ever been: suspended or excluded from Medicare, Medicaid or other Health Care Program in any state” or “employed by a corporation, business, or professional association that is now or has ever been suspended or excluded from Medicare, Medicaid or other Health Care Programs in any state” (emphasis added).