On February 2, 2011, the Centers for Medicare and Medicaid Services (CMS) published a final rule implementing a number of program integrity provisions of the Patient Protection and Affordable Care Act (PPACA) (the Final Rule). The provisions are aimed at reducing fraud, waste and abuse in Medicare, Medicaid, and Children’s Health Insurance Program (CHIP) by targeting provider and supplier enrollment processes and expanding CMS’s authority to impose payment suspensions. In a series of three blog posts, we will highlight the following topics from the Final Rule: provider and supplier screening; enrollment fees for institutional providers; and, the future of payment suspensions and compliance plans. We begin with the new screening procedures.

Effective March 25, 2011, CMS has adopted screening procedures for newly enrolling Medicare, Medicaid, and CHIP providers and suppliers and for those currently enrolled who revalidate their enrollment information. CMS has assigned providers and suppliers to one of three risk categories—limited, moderate, and high—based on a CMS assessment of fraud, waste and abuse risk for each category. Outlined in 42 C.F.R. § 424.518, the applicable screening measures vary depending on the category.

The screening process for entities in the Limited Risk category, including physicians, non-physician practitioners, hospitals, and ESRD facilities, includes: verification of the enrollee’s compliance with federal and state requirements; licensure verification; and database checks (SSA, NPI data, OIG exclusion list, etc.).

The Moderate Risk category is subject to unannounced pre- and/or post-enrollment site visits in addition to those screening tools applicable to the Limited Risk category. This category covers independent diagnostic testing facilities, independent clinical laboratories, hospice organizations, and community mental health centers, among others.

In addition to all of the screening methods listed above for the Limited and Moderate categories, entities in the High Risk category—newly enrolling home health agencies and DMEPOS suppliers—are required to submit a set of fingerprints from all individuals maintaining a 5% or greater direct or indirect ownership interest in the provider or supplier. CMS will then conduct a fingerprint-based criminal history record check on these individuals. Implementation of these extra screening requirements for the High Risk category will be delayed until 60 days following CMS’s publication of sub-regulatory guidance, which is intended to provide further clarification on the fingerprinting and record check processes.

CMS may adjust the screening level for a particular type of provider or supplier in certain limited circumstances. In addition, States are required to follow the minimum screening methods performed by the Medicare program, but they are authorized to employ additional screening tools and assign particular provider types to higher screening levels than those assigned by Medicare.

To access a chart listing the key providers and suppliers in each group and applicable screening procedures, please click here.