On April 18, the U.S. Department of Health and Human Services Office of Inspector General (OIG) issued a policy statement with new, non-binding criteria it will use in assessing whether to exclude an individual or entity from Federal health care programs, such as Medicare, under Section 1128(b)(7) of the Social Security Act (the Act). This policy statement supersedes and replaces the non-binding criteriaOIG published in 1997.
The policy statement clearly articulates the five administrative options available to the OIG, ranging from full exclusion to complete release, and places them on a compliance risk spectrum with the former necessary for conduct that presents the highest risk to the Federal health care programs and the latter necessary for conduct that presents the lowest risk to those programs. Similar to the recent Yates Memo issued by the Department of Justice (DOJ), the policy statement encourages voluntary disclosure and emphasizes individual (as well as entity) accountability. However, in somewhat of a departure from the Yates Memo, the policy statement indicates that the prompt response to a subpoena is expected and does not affect the risk assessment at all, thereby dismissing the notion of any “cooperation credit” in this context. Importantly, the policy statement makes clear that the mere existence of a compliance program that incorporates the U.S. Sentencing Guidelines’ seven elements of an effective compliance program does not affect the risk assessment. A compliance program is now assumed, which is a significant change from the 1997 guidance, and it is only the absence of a compliance program that will affect the compliance risk assessment.
OIG’s policy statement reiterates that “[e]xclusion is a remedial measure designed to protect the Federal health care programs from any person whose continued participation in the programs constitutes a risk to the programs and their beneficiaries.” In determining whether to issue an exclusion order, OIG first presumes that some period of exclusion should be imposed against a person who has defrauded Medicare or any other health care program. OIG explains, however, that this presumption in favor of exclusion is “rebuttable in certain situations,” and the policy statement “sets forth circumstances in which the presumption may be rebutted and the non-binding factors that OIG will use to make such a determination.”
Compliance Risk Spectrum
According to the policy statement, OIG evaluates health care fraud cases on a spectrum, and resolution of OIG’s exclusion authorities is based on its assessment of future risk to the Federal health care programs. Depending on the facts and circumstances presented, OIG will usually pursue one of the following approaches with respect to a person when settling a civil or administrative health care fraud case: exclusion; heightened scrutiny (e.g., implement unilateral monitoring); integrity obligations; no further action; or in the case of a good faith and cooperative self-disclosure, release of exclusion with no integrity obligations.
- Exclusion. As noted above, OIG uses its exclusion authority to protect the Federal health care programs from any person whose continued participation in the programs constitutes a risk to the programs and their beneficiaries. OIG generally will not exclude an individual unless the facts and circumstances indicate that one of the other administrative approaches (discussed below) will not adequately protect the Federal health care programs.
- Heightened Scrutiny. In “rare circumstances,” OIG may determine that a corporate integrity agreement (CIA) is necessary, but the person refuses to agree to appropriate integrity obligations with OIG. In these situations, OIG evaluates whether to pursue exclusion or whether other administrative actions, including “unilateral monitoring,” are appropriate to monitor the person’s compliance with Federal health care programs. OIG considers persons who have refused to enter CIAs a greater continuing compliance risk to the various programs than persons who have agreed to enter CIAs.
- Integrity Obligations. OIG often concludes that exclusion is not necessary to protect the Federal health care programs if the person agrees to “appropriate integrity obligations” because integrity obligations with OIG oversight mitigate the risk that fraud will occur in the future.
- No Further Action. OIG sometimes concludes that a person presents a relatively low risk to the Federal health care programs such that neither exclusion nor integrity obligations are necessary when either there is an absence of egregious conduct (e.g., patient harm or intentional fraud) or the person with whom the government is resolving a fraud case is a successor owner.
- Release (Self-Disclosure). OIG will “usually” give a person a release of exclusion without requiring integrity obligations when either the person self-discloses the fraudulent conduct, cooperatively and in good faith, to OIG or the person agrees to robust integrity obligations with a state or the DOJ, and OIG determines that those obligations are sufficient to protect the Federal health care programs.
Factors OIG Applies in Deciding Whether to Use Exclusion Authority
Consistent with the 1997 OIG criteria for implementing its permissive exclusion authority, the updated criteria set forth various factors that OIG considers in its determination of where a person falls on the compliance risk spectrum. The policy statement lists the factors under the following four broad categories: (1) nature and circumstances of the conduct; (2) conduct during the government’s investigation; (3) significant ameliorative efforts, and (4) history of compliance. Below, we summarize select factors under each category.
- Nature and Circumstances of Conduct
- Although a lack of patient harm does not affect the risk assessment, conduct that causes or has the potential to cause any adverse effect to program beneficiaries, recipients or other patients indicates higher risk.
- Conduct that is continual or repeated; that occurs as part of a pattern of wrongdoing; or that occurs over a substantial period of time indicates higher risk.
- Notably, under the new criteria, the absence of criminal sanctions does not affect the risk assessment.
- If leadership led or planned the unlawful conduct, higher risk is indicated.
- Previously refusing to enter or having been under a CIA indicates higher risk.
- Conduct During Investigation
- Obstructing or impending an investigation indicates higher risk.
- Notably, OIG makes clear that, under the new criteria, “[p]rompt response to a subpoena is expected and does not affect the risk assessment” (emphasis added). However, failure to comply with a subpoena within a reasonable period of time indicates higher risk.
- Self-disclosing violative conduct cooperatively and in good faith following an internal investigation, before becoming aware of the government’s investigation, indicates lower risk.
- Clearly demonstrating acceptance of responsibility for the conduct lowers risk.
- Inability to pay the appropriate damages, assessments or penalties to resolve a fraud case indicates higher risk.
- Significant Ameliorative Efforts
- Taking appropriate disciplinary action against individuals responsible for the conduct indicates a lower risk.
- Devoting significantly more resources to the compliance function indicates lower risk.
- History of Compliance
- Notably, although the absence of a compliance program that incorporates the U.S. Sentencing Commission Guidelines Manual’s seven elements of an effective compliance program indicates higher risk, the existence of such a compliance program does not affect the risk assessment.
- A history of self-disclosing violative conduct (including Stark law violations and non-fraud overpayments) in good faith indicates a lower risk.