I Introduction

On September 23, 2010, the Centers for Medicare & Medicaid Services (CMS) published a proposed rule that would implement provisions of the Affordable Care Act (ACA) designed to strengthen provider and supplier screening requirements under the Medicare, Medicaid, and Children’s Health Insurance Program (CHIP).1 According to CMS, the Proposed Rule is intended to ensure “that only legitimate providers and suppliers are enrolled in Medicare, Medicaid, and CHIP, and that only legitimate claims will be paid.”  

Among many other things, the Proposed Rule would: apply screening tools, including unannounced site visits, background checks, and fingerprinting, based on the level of risk associated with different provider and supplier types; impose a $500 application fee on certain providers and suppliers; authorize temporary moratoria on enrollment of certain types of new providers and suppliers; require Medicare and Medicaid payments to be suspended upon credible allegations of fraud; and update various Medicaid screening requirements. Comments on the proposed rule will be accepted until November 16, 2010.  

The following is a summary of the major provisions of the Proposed Rule. We would be pleased to provide you with additional information on any aspect of the proposal.

II. Risk-Based Provider Screening Under Medicare, Medicaid and CHIP

The Proposed Rule would implement ACA provisions that require the Secretary of Health & Human Services (HHS) to establish procedures for screening providers and suppliers participating in federal health care programs (specifically, Medicare, Medicaid and CHIP). The Secretary is authorized to set different levels of screening depending upon the type of provider or supplier.  

The proposed screening procedures would apply to newly enrolling Medicare, Medicaid, and CHIP providers, suppliers, and eligible professionals beginning March 23, 2011. The procedures also would be applicable beginning March 23, 2011 for currently enrolled providers and suppliers who revalidate2 their enrollment information. CMS proposes that effective March 23, 2012, it could require a provider or a supplier of durable medical equipment, orthotics, prosthetics, and supplies (DMEPOS) to revalidate its enrollment at any time; after this off-cycle revalidation, the current cycle for revalidation (three years for DMEPOS suppliers and five years for all other providers) would apply. The screening procedures would apply to all currently enrolled providers, suppliers, and eligible professionals beginning March 23, 2012.  

A. Medicare Screening  

1. Assignment of Risk Levels  

The Proposed Rule would establish new screening requirements for Medicare providers and suppliers that vary based on different categories of risk, taking into account factors such as studies conducted by the HHS Office of Inspector General (OIG) and the Government Accountability Office (GAO). CMS proposes establishing three levels of risk – Limited, Moderate, and High – and every provider and supplier category would be assigned to one of these three levels. The relevant Medicare contractor would be required to use the screening tools mandated by CMS for the risk level assigned to a particular provider or supplier category.

The following screening tools will be used for providers and suppliers in the limited risk category: (1) verification that a provider or supplier meets any applicable federal regulations or state requirements prior to making an enrollment determination; (2) verification that a provider or supplier meets applicable licensure requirements; and (3) database checks on a pre- and post-enrollment basis to ensure that providers and suppliers continue to meet the applicable enrollment criteria. Those provider and supplier categories assigned to the moderate risk category also would be subject to unannounced pre- and/or post-enrollment site visits, in addition to the screening tools for the “limited” risk category. Providers and suppliers in the high risk category would be subject to criminal background checks and the submission of fingerprints,3 in addition to the screening tools used for the limited and moderate categories.  

The following chart summarizes the types of screening tools CMS proposes to require for each of the risk categories:

To see table please click here.

CMS discusses the factors the agency believes warrant assignment to each of the three risk categories:

  • Limited” Risk Category: Because of state licensure requirements and the absence of evidence of widespread fraud, CMS proposes assigning physicians, nonphysician practitioners, and medical clinics and group practices to this category. CMS also believes that a provider or supplier that is publicly traded on the New York Stock Exchange (NYSE) or the National Association of Securities Dealers Automated Quotation System (NASDAQ) poses a limited risk because financial oversight is provided by investors, corporate boards of directors, and the Security and Exchange Commission. Finally, CMS’s analysis of historical trends and provider screening experience indicates that that a number of other specific provider and supplier types pose limited risk to the Medicare program, as listed in the table below.
  • “Moderate ” Risk Category: CMS asserts that the provider and supplier types it proposes including in the “moderate” risk category are “generally highly dependent on Medicare, Medicaid, or CHIP to pay their salaries and other operating expenses and are subject to less additional other government or professional oversight” than limited-risk providers. Such moderate risk providers also may “easily enter a line or business without clinical or business experience, for example by leasing minimal office space and equipment,” thereby presenting a higher risk of fraud. The OIG and GAO also have issued reports indicating that several of the provider and supplier types proposed for the moderate risk category and listed in the table below pose an elevated risk of fraud.
  • “High” Risk Category: CMS is proposing including two categories of providers in the “high” risk category: newly enrolling home health agencies (HHAs) and DMEPOS suppliers that are not publically traded. CMS has particular concerns about these entities “because of the high number of HHAs and suppliers of DMEPOS already enrolled in the Medicare program and program vulnerabilities that these entities pose to the Medicare program.” CMS lists in the preamble numerous OIG and GAO reports that have concluded that there are elevated risks associated with HHAs and DMEPOS suppliers.

The following table indicates the provider/supplier types CMS proposes to include in each of the three risk categories:

To see table please click here.

CMS is soliciting comments on its proposed assignment of provider and supplier types to the various risk level categories, including: the criteria that should be considered in making such assignments, whether assignments should be released publicly, whether assignments should be subject to agency review, and whether assignments should be updated regularly and/or according to evolving risks. CMS also seeks comments on any additional database checks the agency should consider as a type of screening.

Additionally, CMS requests comments regarding whether Medicare Advantage organizations (MAOs) should be required to apply the same screening requirements that CMS is proposing for the original Medicare program, or whether substantively similar alternative approaches by MAOs would be acceptable.

2. Adjusting Risk Levels

CMS anticipates that there may be circumstances in which a particular provider or supplier (or group of providers and suppliers) may pose a higher fraud risk than the general level for their category. Thus, CMS is proposing to authorize the risk category for a provider or supplier to be raised if:

  • CMS or its Medicare contractor has information from a physician or nonphysician practitioner that another individual is using his or her identity within Medicare.
  • CMS imposes a payment suspension on a provider or supplier.
  • The provider or supplier: (1) has been excluded from Medicare; (2) has had its billing privileges denied or revoked by Medicare within the previous 10 years and is attempting to establish additional Medicare billing privileges by enrolling as a new provider or supplier, or by billing for a new practice location; or (3) has been terminated or otherwise precluded from billing Medicaid.
  • CMS lifts a temporary moratorium for a particular provider or supplier type.

CMS is soliciting comments on specific additional circumstances that might justify shifting a provider or supplier into a higher risk level than generally would apply to its category. Likewise, CMS requests comments on the criteria it could use to shift down the risk level for a provider or supplier. CMS also is seeking comment on the applicability of geographical circumstances as a factor in adjusting provider/ supplier risk level.

3. Other Subjects for Public Comment

CMS is seeking comments on a variety of issues in connection with its screening proposal. Among other things, CMS requests feedback on:

  • Whether non-practitioner-owned facilities and suppliers should be subject to a higher level of screening than their practitioner-owned counterparts
  • Whether providers and suppliers should be subject to higher levels of screening when the provider specialty does not match clinic type on an enrollment application
  • What objective conditions might allow CMS to determine that provider screening levels of risk should be based on “other conditions or factors that CMS determines are necessary to combat fraud, waste, and abuse”
  • The appropriateness of and procedural issues involved with using criminal background checks and fingerprinting in the provider enrollment screening process, including how CMS should maintain and store fingerprints, what security processes and measures are needed to protect the privacy of individuals, and any other issues related to the use of fingerprints in the enrollment screening process
  • The appropriateness of using, in addition to or in lieu of fingerprinting, other enhanced identification techniques and secure forms of identification, such as other biological or biometric techniques, passports, United States Military identification, or Real ID drivers licenses

B. Medicaid and CHIP Screening

CMS is proposing that the provider screening regulations that apply to Medicaid providers also generally will apply to providers that participate in CHIP. Likewise, while CMS refers to state Medicaid agencies as responsible for screening Medicaid-only providers, it should be read to include CHIP agencies.

Recognizing that it would be “inefficient and costly” for states to conduct the same screening activities that Medicare contractors perform for dually enrolled providers, CMS is proposing to allow a state to rely on the results of the screening conducted by Medicare to fulfill the provider screening requirements under Medicaid and CHIP. Similarly, state Medicaid agencies may rely on the results of the provider screening performed by other state Medicaid programs and CHIP. For Medicaid-only providers or CHIP-only providers, states would follow the same screening procedures that CMS or its contractors follow with respect to Medicare providers and suppliers (including verification of any provider/supplier-specific requirements established by Medicaid/CHIP, license verification, database checks, unannounced site visits, criminal background checks, and fingerprinting).

With regard to assignment of risk levels, for Medicaid provider types also recognized under Medicare, CMS proposes that states use the same risk level that is assigned to that category of provider by Medicare. For those Medicaid and CHIP provider types that are not recognized by Medicare, states would assess the risk level using similar criteria to those used in Medicare. CMS specifies, however, that it is not proposing to limit the ability of states to engage in provider screening activities beyond those adopted for the Medicare program. For instance, a state would be permitted to assign a particular provider type to a higher risk level than the level assigned by Medicare. CMS is seeking comments on a number of issues associated with this proposal, including: the proposed assignment of specific provider types to established risk categories; whether such assignments should be released publicly; whether assignments should be updated according to an established schedule; and whether the same screening requirements should apply to Medicaid managed care entities (MCEs).

CMS also proposes a number of provisions related to enrollment and termination of Medicaid and CHIP providers. Specifically, CMS is proposing that such providers undergo screening at least once every five years, consistent with current Medicare requirements for revalidation. CMS also proposes to establish termination provisions, under which states must deny or terminate the enrollment of providers: (1) if any person with an ownership or control interest or who is an agent or managing employee of the provider does not submit timely and accurate disclosure information or fails to cooperate with all required screening methods; (2) that are terminated on or after January 1, 2011 by Medicare or any other Medicaid program or CHIP; and (3) if the provider or any person with an ownership or control interest, or who is an agent or managing employee of the provider, fails to submit sets of fingerprints within 30 days of a state agency or CMS request. Likewise, states would be permitted to deny enrollment to a provider who has falsified any information on an application if CMS or the state cannot verify the identity of the applicant. States also would be required to deny enrollment to providers – unless the state justifies in writing that it would not be in the best interests of the state’s Medicaid program – in the following circumstances: (1) the provider or a person with an ownership or control interest or who is an agent or managing employee of the provider fails to provide accurate information; (2) the provider fails to provide access to its locations for site visits, or (3) the provider, or any person with an ownership or control interest, or who is an agent or managing employee of the provider, has been convicted of a criminal offense related to that person’s involvement in Medicare, Medicaid, or CHIP in the past 10 years.

In the event of a termination, the state Medicaid agency must give a provider any appeal rights available under state policy. CMS also proposes that any providers whose enrollment has been denied or terminated by Medicaid must undergo screening and pay all appropriate application fees again to enroll or re-enroll as a Medicaid provider.  

CMS proposes a number of other Medicaid screening provisions designed to enhance program protections, including the following:

  • Requiring submission of SSNs or dates of birth (DOBs) for all persons with an ownership or control interest in a provider (CMS seeks comments on this proposal in particular in light of privacy concerns regarding the submission of this personally identifiable information).
  • States must deactivate the Medicaid provider enrollment of any Medicaid provider that has not submitted any claims or made a referral that resulted in a Medicaid claim for a period of 12 consecutive months. To be reinstated, the provider would be required to undergo all screening required of any other applicant and pay associated application fees.
  • Any physician or other professional ordering or referring services for Medicaid beneficiaries must be enrolled as a participating Medicaid provider.
  • States must require all ordering and referring network-level MCE providers to be enrolled in the Medicaid program and be screened directly by the state.
  • Physicians or other professionals must include their NPI on all claims for services they order or refer.

III. Application Fees

The ACA requires the HHS Secretary to impose an application fee on each “institutional provider of medical or other items or services or supplier” other than eligible professionals, to fund provider screening and other program integrity efforts. The application fee is set at $500 for 2011, updated annually thereafter for inflation.4 CMS proposes to begin collecting the enrollment application fee for new providers and suppliers, and for currently enrolled providers revalidating enrollment effective March 23, 2011.

With regard to the entities subject to the application fee, CMS is defining “institutional provider” as “any provider or supplier that submits a paper Medicare enrollment application using the CMS-855A, CMS-855B (not including physician and nonphysician practitioner organizations), CMS-855S or associated Internet-based PECOS enrollment application.” This definition includes, but is not limited to: ambulance service suppliers; ambulatory surgical centers, community mental health centers; comprehensive outpatient rehabilitation facilities; DMEPOS suppliers; end-stage renal disease facilities; federally qualified health centers; histocompatibility laboratories; HHAs; hospices; hospitals (including but not limited to acute inpatient facilities, inpatient psychiatric facilities, inpatient rehabilitation facilities, and physician-owned specialty hospitals); critical access hospitals; independent clinical laboratories; independent diagnostic testing facilities; mammography centers; mass immunizers (roster billers); organ procurement organizations; outpatient physical therapy/occupational therapy/speech pathology services, portable X ray suppliers; skilled nursing facilities; slide preparation facilities; radiation therapy centers; religious nonmedical health care institutions; and rural health clinics. Moreover, CMS proposes that a state may impose the application fee on any additional institutional entity that bills the state Medicaid program or CHIP on a fee-for-service basis, such as personal care agencies, non-emergency transportation providers, and residential treatment centers. On the other hand, an application fee would not be required from an eligible professional who reassigns Medicare benefits to another individual or organization, and in no case would the application fee be required from any individual physician or Part B medical group/clinic.

CMS is proposing to use its authority to permit “hardship” exceptions to the application fee on a case-by-case basis. CMS would make a hardship exception determination within 60 days of receipt of the request. The rule also would allow CMS to waive the enrollment application fee for Medicaid providers for whom a state demonstrates that imposition of the fee would impede Medicaid beneficiaries’ access to care. CMS is seeking comments on the appropriate criteria and documentation requirements for making a hardship determination. CMS also is requesting input on whether there are any other circumstances in which exceptions from the application fees should be allowed.

CMS proposes that institutional providers and suppliers would submit the application fee (or request for a hardship exception) with each initial application, application to establish a new practice location, or with the submission of an application in response to a Medicare contractor revalidation request. The Medicare contractor may reject any such application that does not include the appropriate application fee or a hardship exception request.5 Likewise, Medicare can revoke Medicare billing privileges if an institutional provider does not submit an application fee or hardship exception request with a revalidation application.

While application fees generally would be nonrefundable if the processing of the application had already begun, there are some cases in which a rejected application would be returned to the provider or supplier along with the application fee. CMS proposes that the application fee be nonrefundable if, during the course of verifying, validating, and processing the information in the enrollment application, CMS or its Medicare contractor appropriately denies the enrollment application, such as because the applicant does not meet enrollment requirements or does not meet conditions of participation for its provider type.6 In such cases, if the provider or supplier resubmits a Medicare enrollment application after the previous application was appropriately denied, CMS proposes that the supplier would be required to submit a new application fee. If, however, an enrollment application or certification statement was not signed, for example, the enrollment application would be rejected and both the application and the enrollment fee check would be refunded.

CMS is proposing special rules for providers and suppliers that participate in Medicare and Medicaid and/or CHIP. Under the Proposed Rule, a provider or supplier enrolled in more than one of these programs only would be subject to the application fee under Medicare (imposed at the time of the Medicare enrollment application), and that fee would cover screening activities for enrollment in all programs. In instances in which Medicaid providers do not participate in Medicare, the state may collect the application fee under the same criteria as the Medicare program, and the state will be responsible for conducting the provider screening activities for these providers. Any providers whose enrollment has been denied or terminated would be required to undergo screening and pay all appropriate application fees again to enroll or re-enroll as a Medicaid provider.

CMS estimates that providers and suppliers will pay more than $308 million in application fees over the first five years, with newly enrolling providers and suppliers paying about $79 million and current revalidating providers paying about $229 million. CMS projects that application fees for Medicaid institutional providers who are not dually enrolled will total more than $42 million during the first five years.

IV. Temporary Moratoria on Provider/Supplier Enrollment

Under the Proposed Rule, CMS could impose a moratorium on the enrollment of (or new practice locations for) certain types of new Medicare providers and suppliers in a particular geographic area or nationally, if necessary, to protect against a significant risk of fraud, waste, or abuse. CMS could base its determination regarding fraud potential on a review of existing data (which CMS specifies is “without limitation”) that identifies a trend such as a highly disproportionate number of providers or suppliers in a category relative to the number of beneficiaries, or a rapid increase in enrollment applications within a category. CMS also could impose a moratorium if a state Medicaid program has imposed such a moratorium for types of Medicaid providers or suppliers that are also eligible to enroll in Medicare or in a particular geographic area. Likewise, CMS, in consultation with the OIG and/or Department of Justice (DOJ) could impose a moratorium if it deems a particular provider or supplier type or any particular geographic area to have “a significant potential for fraud, waste or abuse in the Medicare program.”

CMS would announce any moratoria through Federal Register notices and through other methods. A moratorium would imposed for a period of six months, which could be extended in six-month increments if CMS deems necessary. CMS could lift a temporary moratorium in response to a natural disaster, if the circumstances warranting the imposition of a moratorium have abated or if CMS has implemented program safeguards to address the program vulnerability, or if the Secretary determines that the moratorium is no longer needed.

Note that CMS is proposing to limit the enrollment moratoria to: (1) newly enrolling providers and suppliers and (2) the establishment of new practice locations (but not to a change of practice locations). Thus, the temporary moratoria would not apply to existing providers or suppliers unless they were attempting to expand operations to new practice locations where a temporary moratorium was imposed. CMS also specifies that the temporary moratoria would not apply for existing providers or suppliers in situations involving changes in ownership, mergers, or consolidations. CMS is seeking public comment on specific exemptions to the temporary moratoria criteria.

Since the ACA provides that there is no judicial review of a temporary moratorium, CMS is proposing that a provider or supplier could administratively appeal an adverse determination based on the imposition of a temporary moratorium up to and including the Department Appeal Board (DAB) level of review.

CMS also is proposing moratoria criteria for the Medicaid program (which also apply to CHIP). State Medicaid agencies will be required to comply with a temporary moratorium imposed by the Secretary unless the state determines that such a moratorium would adversely affect Medicaid or CHIP beneficiaries’ access to care. The state would need to provide written details supporting its request for an exception from the moratorium. The rule also would authorize states to impose moratoria, numerical caps, or other limits for providers identified by the Secretary as being at “high” risk for fraud, waste, or abuse if it would not adversely impact beneficiary access to services. If a state identifies a category of providers as posing a significant risk of fraud, waste, or abuse, the state must seek CMS’s concurrence with that determination. As is the case for CMS-imposed moratoria, state-imposed moratoria would be imposed for a period of six months and may be extended in six-month increments.

V. Suspension of Payments

A. Medicare Provisions  

The proposed rule would implement the ACA provision that authorizes the Secretary to suspend payments to a provider or supplier, in whole or in part, pending an investigation of a credible allegation of fraud, unless the Secretary determines that there is good cause not to suspend payments.7 The Secretary must consult with the OIG in determining whether there is a credible allegation of fraud against a provider or supplier.  

In the Proposed Rule, CMS would define “credible allegation of fraud” to include an allegation from any source, including but not limited to fraud hotline complaints, claims data mining, patterns identified through provider audits, civil false claims cases, and law enforcement investigations. Allegations are considered to be credible when they have “indicia of reliability,” with CMS recognizing that this definition may require a case-by-case determination based on “all the factors, circumstances and issues at hand.”  

CMS also proposes to define when an investigation has been resolved and the basis for the suspension of payments no longer exists. Specifically, CMS would define resolution of an investigation as when legal action is terminated by settlement, judgment, or dismissal, or when the case is closed or dropped because of insufficient evidence. CMS seeks comment on the following alternative definition of the term “resolution of an investigation”: when a legal action is initiated or the case is closed or dropped because of insufficient evidence to support the allegations of fraud. CMS is not establishing a strict timeframe for ending a suspension based on credible allegations of fraud, although CMS notes that the agency does “not intend to suspend payments to providers and suppliers indefinitely.” CMS states that the agency “will be actively evaluating the progress of any investigation to determine if good cause exists to no longer continue the suspension of payments, as suspensions are designed to be a temporary measure.” As part of its evaluation, CMS will request a certification from the OIG or other law enforcement agency that the matter continues to be under investigation.  

As authorized by the ACA, CMS would have discretion regarding whether there was good cause not to suspend payments or not to continue to suspend payments to providers or suppliers in certain circumstances. Circumstances that may qualify as good cause not to suspend payments, despite credible allegations of fraud, could include:

  • Specific requests by law enforcement that CMS not suspend payments (if, for instance, such suspension might jeopardize an investigation or potentially expose whistleblowers or confidential sources)
  • If CMS determines that beneficiary access to items or services would be so jeopardized by a payment suspension as to cause a danger to life or health
  • Other available remedies implemented by CMS or a Medicare contractor (i.e., a request that a court immediately enjoin potentially unlawful conduct) could more effectively or quickly protect Medicare funds than would implementing a payment suspension
  • CMS determines that a payment suspension or a continuation of a payment suspension is not in the best interests of the Medicare program  

CMS seeks comments on whether additional specific circumstances should qualify as good cause not to continue a payment suspension prior to the resolution of an investigation.

Every 180 days, CMS would evaluate whether there is good cause not to continue a suspension. Note that while providers may provide information to “rebut” a suspension of payment, there are no further due process opportunities. Stated otherwise, if a rebuttal is rejected, the determination is final and not subject to appeal.

B. Medicaid and CHIP Provisions

CMS notes that state Medicaid agencies have long been authorized under § 455.23 to withhold payments in cases of alleged fraud or willful misrepresentation. Under the ACA, states now will not receive Federal Financial Participation (FFP) in cases where they fail to suspend Medicaid payments when there is a pending investigation of a credible allegation of fraud against an individual or entity, as determined by the state in accordance with the Proposed Rule (unless the state determines that good cause exists not to suspend such payments).

CMS proposes making a series of amendments to conform § 455.23 to the new ACA mandate, such as changing the current phrase “withhold payments” to “suspend payments,” deleting the current reference to “willful misrepresentation,” and changing the current reference to “receipt of reliable evidence” to “pending investigation of a credible allegation of fraud.”

CMS proposes to adopt for the Medicaid program the same broad definition of “credible allegation” as the agency proposes in the context of the Medicare program. While credible allegations often must be determined on a case-by-case basis, CMS points out that states are experienced identifying ‘‘reliable evidence’’ through means such as fraud hotline complaints, Medicaid claims data mining, patterns identified through provider audits and investigation, and referrals from state Medicaid Fraud Control Units (MFCUs), other law enforcement agencies, and other state investigative units.

As for the Medicare program, CMS also proposes to create several “good cause” exceptions by which states may determine good cause exists not to suspend payments or to suspend payments only in part. These exceptions generally parallel those proposed for the Medicare program. CMS also proposes to continue to allow states to suspend payments in part (such as only specific types of claims or claims arising from a particular business unit of a provider), if specific conditions are met.

The proposed rule provides notification requirements related to payment suspensions, which are similar to current rules, but with the option for law enforcement agencies to request a delay in notification of a provider because of a pending investigation. CMS does not propose significant substantive changes to the existing duration provisions, which specify that withholding will be temporary and will not continue after: (1) authorities discern that there is insufficient evidence of fraud upon which to base a legal action; or (2) legal proceedings related to the alleged fraud are completed. The Proposed Rule also establishes specific requirements for states to report suspected fraud referrals to its MFCU and to the Secretary, and to meet documentation requirements related to all suspensions.

CMS notes that while the proposed payment suspension authority is “critically important to protect Medicaid funds,” such suspensions “can have dire consequences to a provider.” Therefore, this authority “must be exercised responsibly by a State at all stages, from the inception to the termination of the suspension.” Nevertheless, CMS clarifies that “we expressly and explicitly do not expect State compliance (or noncompliance) with these documentation or retention provisions to give rise to any enforceable right of a provider aggrieved by any real or perceived failures with respect to these requirements to seek any form of redress (administratively, judicially, or otherwise).”

CMS requests comments on many specific aspects of its proposed Medicaid payment suspension provisions.

VI. Compliance Programs

By way of background, the OIG has issued voluntary compliance program guidance for a number of segments of the health care industry, outlining actions that providers, suppliers, and manufacturers should consider to promote compliance with Medicare, Medicaid, and other federal health care program rules and guidelines.8 Moreover, in some cases, the OIG requires the adoption of an effective compliance program as a condition of a settlement with the government, (i.e., as part of a corporate integrity agreement).

Under the ACA, the Secretary must mandate that certain providers and suppliers adopt compliance programs, with the Secretary having broad discretion with regard to the scope of such compliance programs. Rather than propose regulatory text to implement this provision as part of the Proposed Rule, CMS is soliciting industry stakeholder input on the ACA compliance program requirements. In fact, the Proposed Rule announces that CMS does not intend to finalize compliance plan requirements when the other provisions of the Proposed Rule are finalized; instead, compliance plan requirements will be addressed in a separate rulemaking.

CMS specifically requests feedback on use of the elements of an effective compliance and ethics program as described in Chapter 8 of the U.S. Federal Sentencing Guidelines Manual9 as the basis for the core elements of the required compliance programs for Medicare, Medicaid and CHIP enrollment. These elements include:

  • The development and distribution of written policies and procedures to prevent and detect inappropriate behavior
  • The designation of a chief compliance officer and other appropriate bodies to operate the compliance program
  • The use of reasonable efforts not to include within the substantial authority personnel of the organization, any individual who the organization knew, or should have known, has engaged in illegal activities or other conduct inconsistent with an effective compliance program
  • The development and implementation of regular, effective education and training programs for the governing body, all employees, and, as appropriate, the organization’s agents
  • The maintenance of a process, such as a hotline, to receive complaints, and the adoption of procedures to protect the anonymity of complainants and to protect whistleblowers from retaliation
  • The development of a system to respond to allegations of improper conduct, and the enforcement of appropriate disciplinary action against employees who have violated internal compliance policies or applicable federal health care program requirements
  • The use of audits and/or other evaluation techniques to monitor compliance and assist in the reduction of identified problem areas
  • The investigation and remediation of identified systemic problems, including any necessary modifications to the organization’s compliance program

In addition to inviting comments on how industry views compliance program elements and how CMS can establish required compliance program elements to protect Medicare, Medicaid, and CHIP from fraud and abuse, CMS is seeking comments on a host of specific issues related to implementation of the ACA compliance plan provision, including the following:

  • The extent to which each element of the U.S. Federal Sentencing Guidelines has been incorporated effectively into compliance programs of different types of providers and suppliers.
  • Suggestions for additional compliance program elements, considering provider or supplier risk areas, business model, and industry sector (including whether external and/or internal quality monitoring should be required for hospitals and long-term care facilities).
  • The costs and benefits of compliance programs.
  • Types of systems (e.g., tracking systems, data capturing systems and electronic claims submission systems) necessary for effective compliance, including associated costs and the extent to which providers/ suppliers already have these systems. CMS anticipates that entities will evaluate the effectiveness of compliance plans using electronic data.
  • Foreseeable conflicts or duplication from multiple compliance requirements from states or other entities.
  • Criteria for dividing providers and suppliers into groupings subject to similar compliance requirements, including whether individuals and corporations should have different obligations.
  • The current rate of adoption and level of sophistication of compliance programs based on business models, industry sector, or provider/supplier category.
  • The effectiveness of compliance programs for various provider/supplier types.
  • The extent to which providers and suppliers use third-party resources, such as consultants, review organizations, and auditors, in compliance efforts.
  • The extent to which providers and suppliers have identified compliance staff.
  • A reasonable timeline for establishment of a mandatory compliance program for various types and sizes of providers and suppliers.

VII. Termination of Provider Participation if Revoked Under Another Program

The Proposed Rule would implement section 6501 of the ACA, which requires state Medicaid programs to terminate an individual or entity’s participation in the program if the individual or entity has been terminated under Medicare or another state’s Medicaid program (subject to certain limitations). CMS is interpreting this mandate to apply also to Medicare suppliers or eligible professionals whose billing privileges under Medicare are revoked. Likewise, CMS is proposing to require that CHIP take similar actions to terminate a provider terminated or revoked by Medicare or terminated under any other state Medicaid program or CHIP. The requirement for state terminations would apply only in cases where providers were terminated or had their billing privileges revoked for cause, not based upon a failure to submit claims over a period of 12 months or more, or any other voluntary action by a provider to end participation in Medicare (unless that voluntary action is taken to avoid a sanction). State Medicaid programs would terminate a provider only after all appeals rights were exhausted. This provision would apply to terminations under Medicare or another state’s Medicaid or CHIP program on or after January 1, 2011.

In addition, CMS is proposing to allow CMS or Medicare contractor to revoke Medicare billing privileges when a state Medicaid agency terminates, revokes, or suspends a provider or supplier’s Medicaid enrollment or billing privileges.

VIII. Conclusion

CMS characterizes its Proposed Rule as being “of critical importance in the transition of CMS’ antifraud activities from ‘pay and chase’ to fraud prevention.” CMS maintains that its proposal “strikes a balance that will permit CMS to continue to assure that eligible beneficiaries receive appropriate services from qualified providers whose claims are paid on a timely basis while implementing enhanced measures to prevent outright fraud.” However, we observe that the Proposed Rule would impose new regulatory burdens and hundreds of millions of dollars in new costs on suppliers and providers at the same time that steep Medicare spending cuts under the ACA are being implemented.

We recommend careful review of the operational implications of the Proposed Rule. We would be pleased to assist you with assessing the proposal in developing comments as necessary to help shape the final policy.