On October 20, 2010, the Office of the Inspector General of the Department of Health and Human Services (OIG) published a new guidance document, listing factors it will consider in implementing its permissive exclusion authority under Section 1128(b)(15) of the Social Security Act, which authorizes the exclusion of owners, officers or managing employees of an entity that has been excluded or convicted of certain offenses. OIG states that the guidance is intended to serve several useful purposes, including (1) facilitating effective investigations by OIG and law enforcement partners; (2) establishing a framework to serve as a basis for OIG’s permissive exclusion decisions; (3) ensuring that OIG resources are used in a manner to have the most remedial and deterrent effect; and (4) influencing individuals’ behavior going forward and holding the appropriate individuals accountable for misconduct. This guidance provides useful insights for health care organizations and, particularly, their owners, officers, and managers regarding how OIG expects them to act and the evidence that OIG will require should they bring an individual exclusion action following a company sanction.
Permissive Exclusion of Owners
Under Section 1128(b)(15)(i), OIG is permitted to exclude owners of a sanctioned entity if they knew or should have known of the conduct constituting the basis of the sanction. The guidance notes that in general, “if the evidence supports a finding that an owner knew or should have known of the conduct, OIG will operate with a presumption in favor of exclusion,” which can be overcome if OIG finds that “significant factors weigh against exclusion.”
This presumption for exclusion when there is evidence of knowledge on the owner’s part appears to elevate (b)(15)(i) from a “permissive” exclusion, left to the discretion of OIG to determine on a case-by-case basis, to almost a mandatory exclusion. It remains to be seen how strictly the presumption will be applied, and it is still unclear what “significant factors” may be pointed to in overcoming the presumption, but it may mean that more company owners will find themselves defending against exclusion actions. Notably, OIG’s exercise of discretion whether or not to exclude is not subject to administrative or judicial review.
Permissive Exclusion of Officers or Managing Employees
For officers or managing employees, however, there is no knowledge requirement for exclusion, allowing OIG, as noted in the guidance, “to exclude every officer and managing employee of a sanctioned entity” based on position alone. Although there is no knowledge element in the statute, the OIG guidance notes that when there is evidence that an officer or managing employee had knowledge of the conduct at issue, OIG will operate as it does regarding company owners, with a presumption in favor of exclusion. As with the presumption regarding owners, this presumption can be overcome if OIG finds that “significant factors weigh against exclusion.” In the absence of evidence that a person knew or should have know of the conduct leading to the sanction, OIG will then turn to the new guidance document factors for assistance in deciding whether to exclude an officer or managing employee, as described in the section below.
Factors OIG Will Consider in Implementing Permissive Exclusion Authority
The informal, non-binding factors OIG will consider in determining whether to exercise its discretion to exclude individuals are provided in the form of questions, divided into four broad categories. First, the OIG will consider the circumstances of the misconduct and seriousness of the offense, including the nature and scope of the misconduct and corresponding sanction, whether “the misconduct resulted in . . . actual or potential harm to beneficiaries or . . . financial harm to any Federal health care program or any other entity,” or whether the misconduct was an isolated incident or “part of a pattern of wrongdoing” over a period of time. Second, the OIG will consider the individual’s role in the sanctioned entity and, particularly, what degree of managerial control or authority the individual had with respect to the misconduct at the time of the offense. Third, the OIG will consider the individual’s actions in response to the misconduct, including whether the individual took steps to stop or mitigate the misconduct and whether the individual cooperated with investigators and appropriately disclosed the misconduct to the appropriate Federal or State authorities. Notably, the guidance states that if the “individual . . . can demonstrate either that preventing the misconduct was impossible or that the individual exercised extraordinary care but still could not prevent the conduct,” OIG may consider that fact a factor weighing against exclusion. And finally, the OIG will consider general facts about the sanctioned entity’s structure and history, such as whether “the sanctioned entity or a related entity previously been convicted of a crime or otherwise found liable for an offense.”
Implications for Health Care Companies, Owners, and Executives
Although OIG has not frequently exercised its permissive exclusion authority under Section 1128(b)(15) in the past, this new guidance document is in line with the federal government’s recent focus on holding individuals accountable for misconduct in the health care arena. The guidance emphasizes OIG’s expectation that officers and managing employees should and will be closely involved in the day-to-day operations of the company, including ensuring that such operations are compliant with applicable laws and regulations. However, even for officers and managing employees who are intimately involved in company operations and compliance efforts, when misconduct occurs, even without their knowledge, they are at risk of possible exclusion, and there is very little they can do at that point to mitigate that risk. The majority of the factors in the exclusion analysis simply address the nature of the offense, the individual’s position in the company, and the nature of the company. Of the four categories of factors, the only one that provides an individual with an opportunity to actively protect him/herself from sanction once misconduct has occurred is the third category, which accounts for the individual’s actions in response to the misconduct. As noted above, that category appears to indicate that only if the individual can demonstrate that preventing the misconduct was impossible, or that the individual exercised “extraordinary care” but still could not prevent the conduct, could this be a factor weighing against exclusion.
Recommendations for Avoiding Exclusion Under Section 1128(b)(15)
Because there may be little that an officer or managing employee can do to mitigate the prospect of exclusion once misconduct and a sanction have occurred, it is especially important for companies and their officers and management to take steps to minimize the risk of misconduct, to cultivate company compliance on the whole, and to take a more active role in the company’s compliance efforts. Now is the time to implement and/or strengthen compliance programs and monitoring systems. Specifically, it is imperative to have appropriate policies and standards of procedure in place that effectively address all known compliance risks and assign specific responsibilities for monitoring and overseeing those risks, as well as for reporting and addressing potential violations. Training on all policies and procedures, with a particular focus on each individual’s responsibilities relating to compliance and obligations to report potential non-compliance, should be provided regularly to all employees. Preventing misconduct in the first instance is the best protection against exclusion.
The second line of defense is to demonstrate that the company had all of the appropriate mechanisms in place to prevent violations, and to be able to document that such measures were followed, including regular auditing and monitoring. To aid in this effort, it may be beneficial to use an “up-the-chain” certification system to ensure that individuals are performing their duties and responsibilities, and to ensure that there are no vulnerabilities in the compliance program. Independent assessments or reviews of the company’s compliance program may also be helpful. Another useful option may be an employee compensation program that includes performance criteria based on compliance metrics. Such a program may prove useful in getting all company employees involved in ensuring adherence to company policies and procedures and help cultivate a culture of compliance company-wide. Finally, it is important to ensure at all levels of the compliance program and company operations that there is sufficient visibility for, and involvement of, management to know what is being done and how it is being done in compliance with internal policies and external rules and regulations.