BUSINESS & INDUSTRY
insights
CMS Sanctions Screening History and Best Practices B y Jonathan Besler , C PA, B E SLE R C ons u lting
I
ndividuals and organizations are excluded from the Medicare and Medicaid programs for various reasons: fraudulent billing, patient abuse, controlled substance convictions and other prohibited activities. Congress established an “excluded person” to help deter fraud and abuse in federal health care programs and prevent payment to those convicted of program-related crimes. As a financial professional, it is critical that you play a key role in mitigating risk via screening and best practices.
Screening
In 1987, the exclusion authorities were expanded to include a variety of mandatory and discretionary exclusion types, and by the late 1990s a new Civil Monetary Penalties (CMP) authority was created to impose fines on providers that employ or contract with excluded entities. The guidelines from the Centers for Medicare and Medicaid Services (CMS) stated only that employees and vendors should be screened “routinely.” In January 2009, the CMS notified Medicaid program directors regarding the screening and sanction process. The letter recommended that Medicaid programs instruct enrolled providers that their employees should be screened against the Office of Inspector General’s (OIG’s) List of Excluded Individuals and Entities (LEIE) monthly. It was the first time that the CMS was specific about a monthly screening interval. In May 2012, the OIG referenced the state Medicaid directors’ letter and indicated that the OIG’s LEIE is updated monthly. In May 2013, the anticipated OIG guidance arrived as an update to a Special Advisory Bulletin that had originally been issued in 1999.
Excluded individuals face CMPs of up to $10,000 for each item or service furnished, in addition to assessments of up to three times the billed amount, among others.
Best Practices
Screening Frequency – Monthly screening is deemed a best practice by the OIG; however, fewer than 25 percent of providers are screening this often, if at all. Early detection of an employee or vendor who has been sanctioned can reduce potential takebacks from CMS and demonstrate a good-faith effort that may help to mitigate significant fines. Name Matching – A simple one-toone match of first name and last name is not effective screening. Consider nicknames and maiden names, among other conventions. A misspelled name on the OIG’s LEIE is no safe harbor from penalties and fines. Vendor Name Matching – There is not much to go on besides the name N E W J E R S E Y C P A • j u ly • a u g u s t 2 0 1 4
18
and electronic identification number. There is no birth date or middle name, and not all data sources support addresses, which are not particularly reliable. How many company names contain “health care,” “American,” “corporation?” There is also the issue of whether the word “incorporated” is spelled out or abbreviated and with or without the period. Use of Tools and Services – While finding actual matches when employees and vendors are screened is key, a close second is avoiding any unnecessary matches. Some tools provide a scoring system that compares all of the data elements available by list and calculates a probability of a match. This allows prioritization of most important results. Coordination Across Departments – Sanction screening might be handled by the compliance, IT or accounts payable department. Once monthly screening is introduced and repeated, it often prompts a wider conversation