In March 2011, when CMS published regulations to implement the Medicare enrollment screening provisions of the Affordable Care Act, the requirement for background fingerprint screening was put on hold. In a recent Special Edition MLN Matters publication[PDF], CMS announced the implementation of fingerprint-based background checks. This particular screening requirement is only mandated for the 5% or more direct or indirect individual owners of high risk category providers or suppliers. In addition to all newly enrolling HHAs and DMEPOS suppliers (which are currently the only two enrollee types that are categorized as high risk), the enrollment rules provide situations in which other providers and suppliers may be elevated to the high risk category. For more information on the risk categories and screening based on the category, refer to the Payment Mattersarticle, “Increased Scrutiny to Obtain and Maintain Medicare and Medicaid Enrollment – Final Regulations Published.”
The fingerprint screening requirement will be phased-in beginning this year, and CMS outlined the following process for completing the background screening:
- Written notification of the need to complete the fingerprint screening process will be sent by the MAC via regular mail to the provider’s or supplier’s correspondence and special payments addresses on file with Medicare.
- The letter will have contact information for the Fingerprint-Based Background Check Contractor (FBBC). The FBBC will provide at least three convenient fingerprint locations for each owner to obtain fingerprinting.
- Although electronic fingerprinting is encouraged, CMS has authorized fingerprinting using FD-258 forms.
- The cost of the fingerprinting will be the responsibility of the individual being fingerprinted.
- Individuals will have 30 days from the notification letter date to be fingerprinted.
If a provider or supplier identifies a discrepancy between the list of identified owners that need to be fingerprinted and the actual owners of the enrolled entity, appropriate action will need to be promptly taken to update the enrollment record.
Following the background screening, the FBBC will review the screening record and make a “fitness” recommendation to CMS. CMS did not provide any insight into the “fitness” assessment. The final determination of fitness to hold an ownership interest in a Medicare-enrolled provider or supplier will be made by CMS. Furthermore, CMS made it clear that it will exercise its authority to deny an initial enrollment or revoke billing privileges if the screening reveals that an enrolled or enrolling provider or supplier submitted an enrollment application with false or misleading information. For example, if the reporting of an owner indicated there was no adverse final action to report but the fingerprint screening revealed otherwise, the provider or supplier risks being sanctioned by CMS.
High risk providers and suppliers should review their enrollment records to be sure there is current and accurate information regarding owners, the correspondence address, and the special payments address. If a lock box is used as the special payments address, the financial institution should be informed to promptly forward any letters that arrive from the MAC. Fingerprinting activities should be monitored to ensure that all fingerprints are obtained within the 30-day time period.