CMS reconsiders $10 million bounties for reporting of regulatory violations.

On December 5, the Centers for Medicare & Medicaid Services (CMS) finalized a rule (the Final Rule)[1] that expands its program integrity and provider enrollment authorities. The regulations contained in the Final Rule will be effective on February 3, 2015. Among its many provisions, the Final Rule allows CMS to revoke a provider’s Medicare enrollment for “repeated and systemic” improper billing. CMS provided a framework for how it will determine when improper claim submissions result in revocation, including the length of the provider’s Medicare enrollment and the actual percentage of claims that are denied. Note, however, that CMS retains a significant amount of discretion in assessing these factors and making a revocation.

In addition, the Final Rule allows CMS to reject or revoke a provider’s Medicare enrollment application if that provider is associated with an individual or entity that owes Medicare debt. For instance, if a provider is audited, found to have substantial Medicare overpayment liability, and simply shuts down to avoid repayment, the owners may not be able to enroll a new venture in Medicare. In expanding on its original proposal, CMS has identified in the Final Rule several factors that make a relationship between an indebted entity and an applying entity an “undue risk,” including the amount of the debt, the length of time the owner of the applying entity owned the prior entity, the percentage of ownership in the prior entity, and whether the claims that make up the debt are currently under appeal. Nevertheless, CMS will retain wide discretion in how it makes an “undue risk” determination. Thus, when faced with overpayment demands, it may be strategically important for providers to appeal these actions in an attempt to reduce or eliminate potential debt to CMS. In that way, providers and their owners can better demonstrate that any outstanding debts do not rise to the level of “undue risk.”

Moreover, the Final Rule implements a policy revision that allows CMS to deny or revoke Medicare billing privileges if a managing employee has been convicted of a felony that CMS believes is “detrimental to the best interests of the Medicare program and its beneficiaries.” Although CMS originally had the authority to revoke or deny enrollment based on owners’ felonies, the Final Rule expands this authority to managing employees as well. In addition, CMS granted itself greater flexibility than its regulations currently allow to determine which offenses will result in denial, noting that these offenses include (but are not limited to) felony violent crimes (murder, rape, assault, etc.); financial crimes (extortion, embezzlement, insurance fraud, etc.); felonies that present immediate risk to patients, such as malpractice resulting in criminal negligence; and felonies that result in mandatory exclusion under the Office of Inspector General’s (OIG) exclusion authority. This requirement will likely add significant confusion to employee and potential owner criminal background checks, given that different states approach felony and misdemeanor crimes differently and that CMS retains discretion as to what crimes could actually result in an enrollment denial or revocation. Finally, CMS clarified that “convicted” under this policy has the same meaning as in OIG’s exclusion authority—in essence, any pretrial diversion or settlement, guilty or nolo contendere plea, or actual conviction will serve as a basis for CMS to use this authority.

The Final Rule does offer some good news for providers, however. Following spirited public comment, CMS declined to finalize a policy that would pay Medicare beneficiaries and other whistleblowers up to almost $10 million for reporting overpayments, fraud, and abuse under its Incentive Reward Program (IRP). Instead, the IRP will remain at its current level—10% of Medicare recoveries, with a reward cap of $1,000. The $10 million reward proposal was widely panned by the industry, particularly by those who believed that such a policy would result in a flood of unwarranted, erroneous, or irrelevant tips and complaints to CMS that would impose a substantial burden on both CMS and providers. Commenters also believed that this policy would encourage potential whistleblowers to first report to CMS without using established internal compliance reporting methods or diligently reviewing and validating the facts of their potential claims. The public comments convinced CMS to reverse course on this aspect of the proposed rule—good news for healthcare providers that seem to be under increased scrutiny in today’s enforcement environment.