The Office of Inspector General of the Department of Health and Human Services (OIG) has issued updated guidance on the use of its so-called permissive exclusion authority under Section 1128(b)(7) of the Social Security Act (42 U.S.C. §1320a-7(b)(7)) (“(b)(7) authority”). The new guidance, which supersedes guidance dating from 1997, is designed to guide OIG decision-making regarding the use of its (b)(7) authority in the context of settlements with the Department of Justice (DOJ) under the civil False Claims Act (FCA) and other civil and criminal statutes.

The new guidance places greater emphasis on assessing whether an individual or entity (collectively a "person") poses a significant future risk to federal health care programs when determining what remedy — exclusion, heightened monitoring or integrity obligations, or no further action without release — is appropriate. The guidance also addresses a number of specific situations, such as resolutions involving successor entities, where the OIG will provide a release of its (b)(7) authority without corresponding integrity obligations. While the new guidance should provide more transparency and predictability to the OIG's decision-making process, some of its specific provisions (such as providing companies with no credit for pre-existing compliance programs) may run counter to industry expectations of factors credited by OIG and cut against industry requests for OIG and DOJ to provide more positive incentives for the development and implementation of effective compliance programs.

Key Takeaways

  • New guidance provides greater emphasis on protecting federal health care programs from future fraud or abuse and uses a "risk spectrum" to determine an appropriate remedy (e.g., exclusion, heightened monitoring, integrity agreement or declination of further action).
  • Guidance includes a new focus on assessing an individual or entity's conduct in the course of an investigation, including an assessment of cooperation and whether an internal investigation was conducted prior to becoming aware of the government investigation
  • New guidance addresses specific situations, including:
    • Increased auditing and oversight by OIG and Centers for Medicare and Medicaid Services (CMS) where an individual or entity refuses to sign an integrity agreement
    • In limited situations, a release will be provided without corresponding integrity obligations
    • Criteria established for situations involving successor liability in the context of corporate acquisitions
  • Guidance provides that OIG may reserve its exclusion rights at the time of FCA settlement where OIG decides to close a case or pursue heightened monitoring, or considers exclusion.

Prior OIG Guidance on Permissive Exclusion

The Social Security Act gives the OIG two types of exclusion authority: mandatory exclusion, which occurs as a matter of law where an individual or entity is convicted of certain specified offenses (42 U.S.C. §1320a-7(a)), and permissive exclusion, which the OIG may — but is not required to — pursue, for fraud, kickbacks and certain other types of prohibited activities (42 U.S.C. § 1320a-7(b)). Exclusion is a remedial measure designed to protect federal health care programs from any person whose continued participation poses a risk to such programs and their beneficiaries. A person subject to a permissive exclusion action is entitled to notice, a hearing and judicial review as set forth in Section of 1128(f) of the Act (42 U.S.C. § 1320a-7(f)).

In 1997, OIG published a policy statement with nonbinding criteria to be used in assessing whether to impose exclusion under Section 1128(b)(7). See 62 Fed. Reg. 67,392 (December 24, 1997). Since that time, OIG has used these criteria to evaluate whether to impose exclusion under Section 1128(b)(7), release its authority in exchange for integrity obligations with OIG (in the form of corporate integrity agreements (CIAs) or, in limited cases involving smaller providers, integrity agreements) or take some other approach. The criteria in the 1997 guidance fell into four broad categories: (1) the circumstances of the misconduct and seriousness of the conduct underlying a settlement, (2) a defendant's response to allegations or a determination of unlawful conduct, (3) the likelihood that the defendant will engage in the same or similar conduct in the future, and (4) the defendant's financial responsibility (including ability to pay any fines or penalties imposed).

The prior guidance created a rebuttable presumption that some period of exclusion should be imposed when a person has defrauded Medicare or any other federal health care program, and this presumption is included in the new OIG guidance document.

New Focus on Assessing Risks of Future Misconduct

Under the new guidance, the OIG evaluates health care fraud cases on a continuum, and resolution of the OIG's exclusion authorities is based on the agency's assessment of future risk to federal health care programs. Higher risk persons may face exclusion, while those with risks in the middle of the spectrum face heightened scrutiny (in the form of OIG or CMS audits and oversight) and/or CIAs. Persons with lower risk may face no further action (without a release of exclusion authority); in limited situations, the OIG may provide a (b)(7) release with no corresponding integrity obligations.

Revised Criteria for Determining Whether to Exclude

Like the old guidance, the new guidance establishes four broad categories. They differ from the old, however, and include: (1) nature and circumstances of conduct, (2) conduct during the government's investigation, (3) significant ameliorative effects, and (4) history of compliance. Within each category, the guidance lists specific factors to be considered and provides whether the presence (or absence) of such a factor indicates a higher or lower risk or is neutral to the assessment. In this regard, the new guidance offers greater clarity than the old, which listed factors to be considered (phrased as questions) but provided no insight as to the relative weights of various factors.

Some of the more notable provisions of the new guidance are:

Nature and Circumstances of Conduct

  • Conduct that poses an actual or potential risk to patients indicates a higher risk, while a lack of patient harm is neutral to the assessment
  • Conduct that occurs as part of a pattern or over a substantial period of time indicates higher risk
  • Higher risk is indicated where individuals with managerial or operational control organized, led or planned the unlawful activity

Conduct During the Investigation

  • Conducting an internal investigation before becoming aware of the government investigation and sharing the results with the government indicates lower risk
  • Similarly, lower risk is indicated where a person self-discloses improper conduct in good faith prior to a government investigation
  • Cooperation with the government, including in actions against individuals, indicates lower risk
  • Prompt compliance with a subpoena is required by law and does not affect OIG’s risk assessment

Significant Ameliorative Effects

  • Taking disciplinary action against the individuals responsible for the conduct and devoting significantly more resources to compliance both are factors indicating lower risk
  • Lower risk is indicated where an entity is sold in an arm's length transition to an entity with a strong compliance history

History of Compliance

  • The existence of a compliance program in line with the U.S. Sentencing Commission's seven elements does not affect OIG’s risk assessment, while the absence of such a program indicates higher risk

New Criteria for Assessing Successor Liability in M&A Context

The new guidance addresses an important topic not specifically covered in the 1997 policy statement: how OIG will exercise its exclusion authorities in the context of corporate acquisitions. The new guidance provides that, in determining whether to require integrity obligations with a successor entity, OIG will consider whether the new owner: (1) purchased the entity after the fraudulent conduct occurred, (2) has an existing compliance program, (3) does not have a prior history of wrongdoing or fraud settlements with the United States, (4) took appropriate steps to address the predecessor's misconduct and reduce the risk of future misconduct, and (5) can demonstrate other facts and circumstances as relevant to each unique situation.

Conclusion and Implications for Individuals and Corporations

The new guidance is important for any company or individual that is seeking to resolve an FCA or other investigation with the OIG. Persons hoping to obtain a release of the OIG's permissive exclusion authority should be prepared to address each relevant factor in the guidance, offering as much documentary and other evidence to support a finding of moderate or low risk of future harm to federal health care programs. Similarly, companies seeking to enhance or bolster their compliance programs can look to the guidance for insight on what activities the OIG will view positively (e.g., prompt internal investigation of potential wrongdoing, devoting substantial resources to the compliance function), neutrally (e.g., responding to a subpoena or the pre-existence of a compliance program) and negatively (e.g., obstructing or impeding an investigation) and tailor their programs and activities accordingly.