What is an exclusion?
An exclusion is something everyone and every entity should take proactive steps to avoid! An exclusion, in this context, is defined as administrative action taken by the Office of Inspector General (OIG) and/or State Medicaid Agency to exclude an individual or entity within the healthcare realm based on a criminal conviction(s) and/or a license revocation. The effect of an exclusion is that the person or entity cannot participate in or have federal healthcare dollars reimbursed to their employer, in whole or in part, for their services.
Who can be excluded?
Any individual (i.e. all employees, contractors, vendors, referring physicians, volunteers, etc.) and/or entity (i.e. vendors, contractors, etc.) that commits a crime specified by the Office of Inspector General (OIG). This encompasses a broad range of people and companies with the full intention of minimizing any and all fraud and abuse within our healthcare system. Whether the individual is providing direct patient care is NOT relevant.
What are the different types of exclusions?
Exclusions may be classified in one of two categories: Mandatory or Permissive. See 1128 USC.
The OIG is required to exclude the individual or entity when a specified mandatory exclusion is committed. Mandatory causes for exclusions include (but are not limited to): Medicare or Medicaid fraud, patient abuse or neglect, felony convictions, theft, and financial misconduct.
The OIG has full discretion to exclude the individual or entity when a specified mandatory exclusion is committed. Permissive exclusions include (but are not limited to): Unlawful manufacture, distribution, prescription, or dispensing of controlled substances, suspension, revocation, license revocations/suspensions/surrender, and engaging in unlawful kickback arrangements.
How long do exclusions last? How does one get reinstated?
Exclusions may remain for five (5) years or more and can also be an indefinite amount of time depending on the type and severity. Once the term ends, an individual or entity may seek reinstatement.
Reinstatement requires an individual or entity go through a lengthy administrative process at both the state and federal level. Reinstatement is not automatic and is never guaranteed. Rather, it is determined on a case-by-case basis. The individual or entity is responsible for applying for a reinstatement, not their employer.
Why conduct exclusion monitoring?
There a many reasons healthcare related organizations should conduct exclusion monitoring. Here are a few:
- Per the Patient Protection and Affordable Care Act (PPACA) required Center for Medicare and Medicaid Services (CMS) says you should! Please reference the specific guidance here. Section 6501
- Healthcare organizations cannot employ an excluded individual or entity if participating in any Federal healthcare program. To do so will result in hefty fines.
- Several State Medicaid Regulations require monthly exclusion monitoring.
- Several State Medicaid Agencies have their own state exclusion list.
Reference: CHIRP (Compliance Healthcare Index Report by ProviderTrust)
Who should be monitored and why? How frequently?
Per the CMS’s guidance, it’s recommended that anyone who can be excluded be monitored, at minimum, on a monthly basis. Further, the OIG has stated that it recommends employers and contractors search its list (OIG-LEIE) monthly, as it updates the list monthly.
What data sets should be monitored?
Per the Patient Protection and Affordable Care Act’s (PPACA) Section 6501, CMS issued guidelines and suggested that, at the minimum, employers check the OIG-LEIE for exclusions. Best Practice would include all available and relevant Federal data sets (i.e. OIG-LEIE, GSA-SAM.gov and EPLS) and State Medicaid lists should be checked and monitored monthly. The underlying premise is, if an individual or entity is excluded in one state, the individual or entity is excluded in all. It’s the employer’s responsibility to monitor all of the above regularly to mitigate such foreseeable risks. No excuses!
What is the OIG-LEIE database?
What is the difference between the OIG-LEIE and the GSA Exclusion List?
What is SAM.gov? What are best practices for exclusion or debarment monitoring?
Do you (the employer) need permission to monitor for OIG exclusions?
What happens if I’ve been doing business with an excluded individual or entity?
Brace yourself for a plethora of fines. The employer is responsible for all fines associated with employing or contracting with an excluded person or entity. Note that the average fine for hiring or contracting with an excluded person or entity is $100,000 per person or entity, with more recent cases indicating a steady increase to roughly $197,000 per person or entity. Generally speaking, the amount typically assessed in fines if the OIG initiates the investigation (such as in an audit) is 3 times the amount of all damages. The silver lining lies in the recommended self-disclosure process, which, in most cases, reduces the multiplier to 1.5 times the amount of all damages. Click here for all you need to know about self-disclosing to the OIG.
You can always visit the OIG’s website at www.oig.hhs.gov for more information regarding the OIG exclusions database.
Why should we self disclose an excluded individual or entity?
In any case where you identify an excluded individual or entity currently or previously employed by your organization, you can self-report it to the Office of Inspector General (OIG), helping to significantly decrease fines.
Otherwise, by not reporting, you can expect the net impact on your organization to be far more substantial. For more details regarding civil monetary fines and penalties associated with employing, contracting or engaging any individual or entity that is excluded, please reference this link.
What are the fines and penalties if we have hired, employed, contracted or otherwise billed or sought reimbursement for an excluded person or entity?
According to the OIG and regulations, the civil and monetary fines that can be imposed by the OIG is up to $10,000 per item claimed (notice it is based on items claimed, not actually reimbursed) plus up to three times (treble damages). Further, the claims that were reimbursed may subject your organization to the submission of a False Claim (see above). A repeated or serious infraction can lead to your organization losing its right to bill CMS, and may result in the issuance of a Corporate Integrity Agreement with the OIG- or worse, being shut down.
Costs of non-compliance
- 10K for each item/service billed
- Fines equaling triple (3x) that of the amount paid for the services
- Possible exclusion from federal healthcare programs
Since 2008, OIG fines average more than $100K per excluded individual. For a more in-depth coverage of exclusion monitoring, read The ABC's of Exclusion Monitoring.
We had a False Claim Act violation and were issued a Corporate Integrity Agreement (CIA). What should we do proactively to ensure we’re compliant regarding our exclusion monitoring?
CIAs always include a provision entitled: “Ineligible Persons”. This section requires that the employer conduct exclusion monitoring in order to be compliant. The Independent Review Officer will check to see if the organization is compliant in this area. Be prepared to prove it!
What is a sanction?
In this context, a sanction means a disciplinary action taken against a person's license by a state professional license board. Learn more about sanctions, what they are, and why sanction screening matters here.
Why monitor sanctions?
Sanction screening is a requirement for the OIG and CMS and should be a priority for any healthcare organization. Sanction screening is a preventative measure taken against fraud and abuse related to:
- Excluded individuals billing Medicare and/or Medicaid for items and/or services Patient abuse/neglect
- Defaulting on student loans
- Healthcare license revocation
- Misdemeanor affiliated with controlled substances
Why monitor licenses and/or certifications?
There are several reasons to conduct monthly license and/or certification monitoring. First, state licensing boards require that a provider be qualified to conduct or perform services requiring a license. The same is true for a certification that is treated as a license (ie., AART). In order to lawfully comply and provide services the provider must be in good standing with the state license board. Otherwise, the employer can be liable for providing unlicensed care or care from an nonlicensed provider.
Second, remaining in good standing is required by most federal healthcare programs such as Medicare and Medicaid by contract with CMS. If the person is required to be licensed, but is not, the employer may face a False Claims Action and have to reimburse the payor, plus pay fines to the government.
Third, a license and/or certification will expire upon one of two triggering events: (1) its expiring term and/or (2) a revocation or termination.
Finally, if an individual is sanctioned or disciplined, an employer should be aware of this to prevent violating a restricted or suspended license.
Certifications can be treated as a license in some cases if they are issued by a state agency in lieu of a license or from a recognized association that regulates a profession.
Thus, in order to remain conitinually compliant an employer should monitor each month the status of a license and/or certification. Knowing the status of the license and when it is due to expire is part of license monitoring.
Is there anything else I should consider monitoring to ensure compliance?
Please check out our awesome blog posts that address many healthcare compliance best practices while sharing valuable insights and resources.
Here are a few to get you started: