In an effort to assist our clients and friends with reviewing the OIG Work Plan for Fiscal Year 2015, we will be publishing a series of articles focusing on different aspects of the Work Plan. In this first article of the Series, we focus on the new reviews and projects that have been added to the OIG’s portfolio.

The U.S. Department of Health and Human Services, Office of Inspector General (OIG) announced plans to review ownership information and enhanced enrollment screening procedures for Medicare providers as part of its Work Plan for Fiscal Year 2015 (OIG Work Plan).

In particular, the OIG Work Plan stated the following regarding the collection and verification of provider ownership information:

We will determine the extent to which States and CMS collect and verify required ownership information for provider entities enrolled in Medicare and Medicaid. We will also review States’ and CMS’s practices for collecting and verifying provider ownership information and determine whether States and CMS had comparable provider ownership information for providers enrolled in Medicaid and/or Medicare. Federal regulations require Medicaid and Medicare providers to disclose ownership information, such as the name, address, and date of birth of each person with an ownership or controlling interest in the provider entity.

Medicare and Medicaid providers must comply with various state and federal regulations requiring the disclosure of certain ownership information. These regulations are particularly relevant whenever providers enter into business transactions affecting either their direct or indirect ownership.

42 C.F.R. § 420.206 provides that Medicare providers must disclose the name and address of all persons or entities with a 5% or more direct or indirect ownership or control interest in the Medicare provider or in any subcontractor in which the Medicare provider has a 5% or more direct or indirect ownership interest. Medicare providers must also specify whether any 5% or more owners are related to each other as spouse, parent, child, or sibling.

In addition, 42 C.F.R. § 420.206 requires Medicare providers to disclose:

the name of any other disclosing entity in which any person with an ownership or control interest, or who is a managing employee in the reporting disclosing entity, has, or has had in the previous three-year period, an ownership or control interest or position as managing employee, and the nature of the relationship with the other disclosing entity.

Medicare providers must also report whether any of these other disclosing entities has been convicted of a criminal offense or received a civil monetary or other administrative sanction related to participation in Medicare, Medicaid, title V (Maternal and Child Health) or title XX (Social Services) programs. Failure to report the required information can result in termination from the Medicare program.

42 C.F.R. § 455.104 requires Medicaid providers to disclose similar information, including the date of birth and social security number of all 5% owners who are individuals, and tax identification numbers for all 5% owners that are corporations.

The OIG plans to review whether providers have reported comparable ownership information to the state Medicaid agencies and to CMS. Given that the OIG plans to take a close look at ownership information, providers should ensure that their ownership information on file with CMS and Medicaid is up-to-date and accurate. Providers that undergo a change of ownership or enter into a transaction affecting their indirect ownership interests must make timely filings with CMS as well as their state licensure and Medicaid agencies.

The OIG also announced the following regarding the enhanced enrollment screening process for Medicare providers:

We will determine the extent to which and the way in which CMS and its contractors have implemented enhanced screening procedures for Medicare providers pursuant to the ACA, § 6401. We will also collect data on and report the number of initial enrollments and enrollment revalidations approved and denied by CMS before and after the implementation of the enhanced screening procedures. As part of an effort to prevent fraud, waste, and abuse resulting from vulnerabilities in the Medicare enrollment process, CMS is implementing new authorities that include site visits, fingerprinting, and background checks, as well as an automated provider screening process.

The Affordable Care Act, § 6401requires additional enrollment and revalidation screening for providers based on their risk level. Providers are assigned to one of three categories: limited risk, moderate risk, and high risk. The enhanced screening process is required to include a licensure check, and may include a criminal background check, fingerprinting, unannounced site visits, and database checks. Medicare providers should be aware of these enhanced screening procedures and should anticipate additional scrutiny during initial enrollments and enrollment revalidations.