On April 18, the Office of Inspector General (“OIG”) of the U.S. Department of Health and Human Services issued revised guidance regarding exclusions imposed under section 1128(b)(7) of the Social Security Act.1 That provision allows the OIG to “permissively” exclude individuals or entities from participation in all federal healthcare programs for engaging in certain prohibited conduct, usually the offering or paying of illegal kickbacks or submission of false or fraudulent claims. The OIG often invokes section 1128(b)(7) exclusion authority in False Claims Act (“FCA”) matters in exchange for integrity obligations. During the past several years, the OIG has been increasingly less reticent about bringing exclusion cases under 1128(b)(7) outside the FCA context.

The revised guidance describes how the OIG assesses a provider’s future risk to federal healthcare programs by placing the provider on what the OIG calls a “Risk Spectrum.” Next, it summarizes the categories the OIG considers when placing providers on the spectrum and determining whether to seek exclusion. The revised guidance replaces a 1997 OIG policy statement on the same topic.

Assessing Future Risk to Federal Healthcare Programs

In its updated guidance, the OIG articulates for the first time a compliance “Risk Spectrum.” The spectrum illustrates that such exclusion typically is reserved for providers determined to be the highest future risk to federal healthcare programs. The OIG specifically points out that it has a wide range of administrative options it can exercise, and “will usually pursue one of the following when settling a civil or administrative healthcare fraud case: (1) exclusion; (2) heightened scrutiny (e.g., implement unilateral monitoring); (3) integrity obligations; (4) take no further action; or (5) in the case of a good faith and cooperative self-disclosure, release 1128(b)(7) exclusion with no integrity obligations.” The OIG’s choice of administrative option depends on where it finds a provider falls on the risk continuum, with lower risk providers possibly receiving a release and higher risk providers potentially receiving exclusion.

The OIG further explained it reserves its exclusion authority in FCA settlements for several reasons, but not necessarily because it has concluded the provider poses a low risk. The revised guidance also lists two circumstances in which the OIG typically gives a provider a release without integrity obligations: (1) when the conduct is self-disclosed to the OIG in good faith; and (2) when the provider agrees to integrity obligations with the State or DOJ and the OIG determines those obligations are sufficient to protect federal healthcare programs.

Applying Factors to Determine Whether to Exclude

Importantly, the revised guidance provides four categories of factors the OIG uses to evaluate where a provider falls on the compliance risk spectrum:

  1. Nature and circumstances of the conduct, including factors such as whether there is an adverse impact on individuals or financial loss; whether the conduct was part of a pattern of wrongdoing, is continual, ongoing, or occurs over a substantial period of time; the leadership role of individuals or an individual in the conduct; and the history of prior fraudulent conduct.
  2. Conduct during the investigation, including factors such as whether the provider obstructed or attempted to obstruct the investigation or audit; whether the provider attempted to conceal conduct; failure to comply with a subpoena; whether an internal investigation was initiated prior to government action; self-disclosure; cooperation; and resolution (adverse licensure action, criminal resolution, or inability to pay monetary amounts to resolve a fraud case).
  3. Significant ameliorative efforts, including factors such as whether there have been significant changes within the entity (e.g., disciplinary actions against responsible individuals); an increase in resources devoted to the compliance function; new, non-affiliated ownership; and additional training or steps taken to improve ability to provide healthcare items or services to the federal healthcare programs.
  4. History of compliance, including factors such as whether the provider has a history of significant self-disclosures made appropriately and in good faith prior to becoming aware of the investigation, and the absence of an appropriate compliance program.

Each factor indicates a higher, lower or neutral risk. Because these four categories have long been used by the OIG to justify seeking affirmative exclusion, providers can assess their risk under the factors when facing conduct implicating the OIG’s permissive exclusion authority. Providers may better position themselves as low risk by taking a number of steps, including: (1) establishing a robust, effective compliance program; (2) immediately responding and reacting to allegations of misconduct; (3) accepting responsibility and self-disclosing when necessary; and (4) cooperating fully with the government during any investigation.

If these suggestions sound familiar, they are. Under 2015’s Yates Memorandum, DOJ demands the same familiar concessions and evaluates similar conduct when choosing to bring criminal cases against corporate entities or releasing individuals from culpability. Whether the OIG, unlike DOJ, will be more selective when seeking exclusion under section 1128(b)(7) against individuals remains to be seen. At the very least, all providers of federal healthcare items or services should familiarize themselves with this new and evolved OIG guidance to avoid unnecessary risks of sanctions.