On April 18, 2016, the Office of the Inspector General (OIG) of the Department of Health and Human Services issued revised guidance (see attached) describing how it will use its permissive exclusion authority under Section 1128(b)(7) of the Social Security Act, 42 U.S.C. § 1320a­7, to reduce the risk of harm to federal health care programs and their beneficiaries.

The Social Security Act provides for two types of exclusion from participation in federal health care programs – mandatory exclusion and permissive exclusion.  Mandatory exclusion is imposed where a provider or entity has been convicted of certain offenses, including Medicare or Medicaid fraud, patient abuse or neglect, and felony convictions for other health care­related fraud, theft, or financial misconduct.  42 U.S.C § 1320a­7(a).  The OIG has discretion to exclude providers on a variety of other grounds, including submission of false or fraudulent claims and the provision of unnecessary or substandard health care services.  42 U.S.C. § 1320a­7(b).

In the revised guidance, the OIG notes that in addition to its exclusion authority, other remedies designed to reduce risk are available to it, including heightened scrutiny and imposition of integrity obligations.  The OIG explained that it evaluates risk – and whether exclusion, or something short of exclusion, is sufficient to mitigate that risk – on a continuum.  The OIG generally begins its analysis with a rebuttable presumption that a person should be excluded for a period of time if found to have defrauded a federal health care program. Exclusion is the remedy for those cases presenting the highest risk, whereas no action, or even release of OIG exclusion authority, is warranted in instances of low risk.  In between lie those cases in which the OIG, in exchange for its release of its exclusion authority, will require heightened scrutiny or integrity obligations with OIG oversight.

The OIG issued its first guidance governing the exercise of its right to seek exclusion in October 1997.  That guidance identified four categories of factors to be weighed by OIG staff: (1) the circumstances and seriousness of the misconduct; (2) the person’s actions in response to allegations of misconduct, including his or her willingness to modify future conduct or compensate injured parties; (3) the likelihood of future misconduct; and(4) the person’s financial ability to operate without real threat to its ability to provide future quality health care services if permitted to continue participating in federal health care programs.  62 Fed. Reg. 67,392.

The revised guidance again utilizes four criteria to determine whether to pursue exclusion, but the categories have been restructured and the associated factors have been modified.  Under the revised criteria, the OIG considers: (1) the nature and circumstances of the misconduct; (2) the person’s conduct during the government’s investigation; (3) any significant ameliorative efforts; and (4) the person’s history of compliance. The most notable change under the revised criteria is the removal of the analysis of the person’s financial ability to provide quality health care services in the future, which has been replaced with analysis of the past record of compliance.  The revised guidance provides additional detail for providers regarding the factors underlying each criteria.  OIG Inspector General Daniel Levinson explained that the revised guidance is meant to provide the OIG with additional discretion in determining whether to seek exclusion as a sanction.

An important component of the revised guidance is the OIG’s acknowledgement that it will, and often does, release its exclusion authority in exchange for an entity’s voluntary agreement to enter into a Corporate Integrity Agreement (CIA).  Such agreements typically require additional and enhanced compliance efforts aimed at preventing or identifying future fraudulent activity.  The revised guidance explains that there are times when the OIG may determine that the violator poses such a low future risk that neither exclusion nor a CIA is warranted, and identifies two situations where low risk is typically found: (1) where there has been relatively small financial harm to a federal health care program and the violator has not engaged in “egregious conduct such as patient harm or intentional fraud;” and (2) where the entity resolving a fraud case is a successor in interest to the party who engaged in the misconduct.

The revised guidance memorializes the OIG’s longstanding practice of leveraging its exclusion authority to obtain participants’ agreements to adopt or enhance training and compliance programs and, in some cases, to engage an Independent Review Organization (IRO) to review arrangements, services, policies and procedures for the purpose of ensuring that participants are in compliance with applicable statutes, regulations and directives.  There has been a steady increase in the number of CIAs the OIG has entered with providers in recent years, with the OIG reporting 31 such CIAs in 2010 and 55 in 2015.  The revised guidance likely signals the OIG’s intent to continue leveraging its authority to seek enhanced compliance agreements from providers.