Author: Erin Kerr

The CMS Preclusion List and You

What is the CMS Preclusion List?

The Preclusion List is a list of prescribers and individuals or entities who fall within any of

the following categories:

(1) Are currently revoked from Medicare, are under an active reenrollment bar, and CMS has determined that the underlying conduct that led to the revocation is detrimental to the best interests of the Medicare program; or

(2) Have engaged in behavior for which CMS could have revoked the prescriber, individual or entity to the extent applicable if they had been enrolled in Medicare, and CMS determines that the underlying conduct that would have led to the revocation is detrimental to the best interests of the Medicare program. Such conduct includes, but are not limited to, felony convictions and Office of Inspector General (OIG) exclusions.

Why was it created? 

The CMS-4182 Final Rule was created to make revisions to the Medicare Advantage (MA) program (Part C) and Prescription Drug Benefit Program (Part D) regulations based on our continued experience in the administration of the Part C and Part D programs and to implement certain provisions of the Comprehensive Addiction and Recovery Act and the 21st Century Cures Act.

Will I get access to it?

Did you have access to the Medicare Advantage (MA) program (Part C) and/or Prescription Drug Benefit Program (Part D) in the past? If so, then you can get access to this list by applying to receive access to the EDMI through CMS. Submit your application here

Who is required to search the CMS Preclusion List?

Preclusion List Requirements for Prescribers in Part D and Individuals and Entities in MA, Cost Plans, and PACE

This final rule will rescind current regulatory provisions that require prescribers of Part D drugs and providers of MA services and items to enroll in Medicare in order for the Part D drug or MA service or item to be covered. As a replacement, a Part D plan sponsor will be required to reject, or require its pharmacy benefit manager to reject, a pharmacy claim for a Part D drug if the individual who prescribed the drug is included on the ‘‘preclusion list.’’ Similarly, an MA service or item will not be covered if the provider that furnished the service or item is on the preclusion list. The preclusion list will consist of certain individuals and entities that are currently revoked from the Medicare program under 42 CFR 424.535 and are under an active reenrollment bar, or have engaged in behavior for which CMS could have revoked the individual or entity to the extent applicable if they had been enrolled in Medicare, and CMS determines that the underlying conduct that led, or would have led, to the revocation is detrimental to the best interests of the Medicare program. We believe that this change from an enrollment requirement to a preclusion list requirement will reduce the burden on Part D prescribers and MA providers without compromising our program integrity efforts.

Where can I get more information?

The CMS Preclusion List Homepage

Erin’s two cents:

The CMS preclusion list is not for background screening. It’s available to Part C and Part D prescribers. Its primary purpose is to eliminate the opioid epidemic. The creation of this new list is in response to the Comprehensive Addiction and Recovery Act of 2016 (CARA). There may be excluded providers on this list, however, those exclusions will also still be listed on the OIG. 


The Medicare Exclusion Database (MED) and You

We are often asked if we have the Medicare Exclusion Database (MED) in our system. We do not collect the MED directly from CMS, but we do have this data in our system. The reason for this is because we collect our data from the primary source, as the Office of Inspector General is the primary source, we do not see a need to collect this data from the CMS as well.

We are precise in our collection. We believe in quality over quantity here at Typhoon Data. We don’t see a need in collecting “Everything”. Instead, we collect the pertinent, actionable, and primary source records that can help you and your clients get a full and complete picture on your health care providers. We take pride in our knowledge of these sources.

Last week, we got official and final confirmation that collecting the MED is not necessary.

Exact verbiage from CMS in regards to the MED:

“The Medicare Exclusion Database (MED) is a national database populated with information from the Office of the Inspector General.”

Reviewing Sanctions – What does the word “sanction” really mean?

sanc·tion
ˈsaNG(k)SH(ə)n/
noun
a threatened penalty for disobeying a law or rule.
“a range of sanctions aimed at deterring insider abuse”

Sanction is a term that is often used when referring to databases like ours. I’m often asked “do you have a sanction database?” or “is this a sanction check?”

We do have sanctions in our dataset. For example, Office of Foreign Assets Control (OFAC) has many lists of sanctioned individuals.

However, it’s a common misconception that an entire dataset like ours is a Sanction Database or Sanction search. Sanctions usually refer to Financial Sanctions. Financial Sanctions are restrictive measures imposed on individuals or entities in an effort to curtail their activities and to exert pressure and influence on them.

Our focus at Typhoon Data is to assemble a data set of all Federal and State Exclusions and Board Disciplinary Actions. Many organizations publish critical information for our customers, and we gather all of it, including Opt out affidavits, abuse registries, and imposter lists.

Federal and State Exclusions are Individuals and Entities that are excluded from participation in Medicare, Medicaid and other federal and state healthcare programs.

Termination occurs when the Medicare program, a State Medicaid program, or CHIP has taken an action to revoke a provider’s billing privileges, a provider has exhausted all applicable appeal rights or the timeline for appeal has expired, and there is no expectation on the part of a provider or supplier or the Medicare program, State Medicaid program, or CHIP that the revocation is temporary.

Disciplinary Actions (aka Board Actions) is the language used to describe the types of actions that occur at a board level. These can be minor, like a fine or civil penalty. Or they can be major, like a revocation or suspension of a medical license.

The difference between these? Though these both are targeted to the medical world, Disciplinary Actions cannot occur unless you are licensed, or attempting to become licensed. However, anyone can become excluded. Many times, a severe enough action will result in an exclusion, however this is not always the case.

Our dataset has much more than just these sources. We have a myriad of sources that are going to help give you the complete picture on your provider. We include Medicare Opt-Out’s, Abuse Registries, License Conditions, Imposter Alerts, Federal and State Actions, Press Releases, etc. Often times all of these different types of data fall into one category. Sanctions.

It would appear that the term “sanction” has been adopted to include any or all of the possible actions taken by the Federal government, state governments, or boards. As has been noted the terminology used by the many reporting entities varies greatly including;
Exclusion
Termination
Board Action
Medicare Opt-Out
Abuse Registries
License Condition
Imposter List
Federal and State Action
Press Release

That’s why, when asked if we have a sanction dataset, I’m always careful to ask follow-up questions about what specific sources the customer might want or need. If my customer is unsure of what exactly they need, we try to always stay up to date on the compliance regulations so we can offer them exactly what they need to meet the standards.

Let’s Talk about Primary Source Data

What is a Primary Source?

A Primary Source is the original source repository or the source that legally issue licenses, discipline, education, training, or examination. A couple of examples of this in our industry are:

California Board of Registered Nursing
Office of Inspector General, U.S. Department of Health and Human Services (OIG)
Pharmacy Technician Certification Board (PTCB)
Centers for Medicare and Medicaid Services (CMS)

What is a Primary Source Data?

Primary Source Data is the license, certification, or disciplinary data directly from the original source. This means the data we collect is directly from the primary source. This data includes exclusion information, opt-out affidavits, license issuance, and disciplinary records. Another caveat to primary source data is we do not change, adjust, or modify the record found at the primary source.

Why is Primary Source Data Important?

Primary source data is important to your company as a way to confirm that your employee can be authorized to work for your facility.

The OIG has the authority to exclude individuals and entities from participation in federal healthcare programs. Any organization or individual who hires excluded parties may be subject to civil monetary penalties (CMP). To avoid these penalties, the LEIE recommends (as a part of the Updated Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs) that you check their database upon hire, and on an ongoing monthly basis.

Primary Source data is not only important to us, it’s important to accrediting bodies (i.e. The Joint Commission, URAC) and exclusion bodies (i.e. OIG, GSA).

Typhoon Data is Certified by the NCQA

Typhoon Data, a healthcare data solution provider, announced today it has received certification from the National Committee for Quality Assurance (NCQA), a private, non-profit organization dedicated to improving healthcare quality, for the following credentials verifications services;

License to Practice
DEA Registration
Medical Board Sanctions
Ongoing Monitoring
Medicaid/Medicare Sanctions

This credential verifies Typhoon Data’s use of industry best practices and demonstrates its commitment to quality improvement, increased performance measures, and better compliance data. Typhoon Data was built from the ground up applying knowledge gained from years of industry experience to provide the most effective and accurate solution available. Verification services designed to comply with NCQA credentialing standards demonstrates that Typhoon Data has the systems, process and personnel in place to thoroughly and accurately verify providers’ credentials and help health plan clients meet their accreditation goals.

Recognizing the critical nature of the services they provide, Typhoon Data determined that obtaining certification was a key business strategy. Typhoon Data was built with the customer in mind, and offers integration or turnkey solutions, customization, exclusion data, and verification services. Typhoon Data has revolutionized the method for continuously monitoring compliance data. Typhoon Data is positioned to move the industry forward through innovation and by leveraging technology.

As a bootstrapped startup Typhoon Data has worked to establish sound policies and procedures, and to become an expert in credentialing and compliance. The management and operations teams have created systems that ensure complete, accurate, and timely data gathering and verification. Certification includes rigorous on-site evaluations conducted by a team of health care professionals and certified credentialing specialists. A national oversight committee of physicians analyzes the team’s finding and determines certification based on the CVO’s compliance with NCQA standards.

About Typhoon Data

Typhoon Data is transforming the data industry through automation and partnerships. We make it possible to search for license, exclusion, and board action data in a more efficient and cost effective way. Because our processes are based in the future, we have the ability to offer better products than our competitors at a fraction of the price and in a standardized way that brings new meaning to Compliance Monitoring.

We efficiently handle monthly batching or quarterly reviews, we are constantly monitoring, making it possible for you to truly get the complete picture on your health care staff.

About the National Committee for Quality Assurance (NCQA)

NCQA is a private, non-profit organization dedicated to improving healthcare quality. NCQA accredits and certifies a wide range of healthcare organizations. It also recognizes clinicians and practices in key areas of performance. NCQA’s Web site (http://www.ncqa.org) contains information to help consumers, employers and others make more informed health care choices.

For the original version on PRWeb visit: http://www.prweb.com/releases/2017/01/prweb13989788.htm

The HIPAA Audit Program and you

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has begun it’s next phase of audits to confirm that organizations are in line with HIPAA protocol. The 2016 Phase 2 HIPAA Audit Program is looking to strengthen it’s Health Insurance Portability and Accountability Act (HIPAA) enforcement efforts by being more proactive.

For 2016’s Fiscal Year, the budget for OCR’s office increased by $4 million over the year before in anticipation of these audits. They will review the policies and procedures adopted and employed by covered entities and their business associates to meet selected standards (laid out in Phase 1) and implementation specifications of the Privacy, Security, and Breach Notification Rules.

These audits were mandated by the HITECH Act to conduct periodic random audits to assess entity compliance with HIPAA. These will primarily be desk audits, but some on-site audits can occur. This could be anything from a drop in one-hour audit to a multi-day operational audit.

Let’s look back:

Before phase 2 (the audits) began, they started with phase 1:

“HIPAA established important national standards for the privacy and security of protected health information and the Health Information Technology for Economic and Clinical Health Act (HITECH) established breach notification requirements to provide greater transparency for individuals whose information may be at risk. HITECH requires the HHS Office for Civil Rights (OCR) to conduct periodic audits of covered entity and business associate compliance with the HIPAA Privacy, Security, and Breach Notification Rules. In 2011 and 2012, OCR implemented a pilot audit program to assess the controls and processes implemented by 115 covered entities to comply with HIPAA’s requirements.  OCR also conducted an extensive evaluation of the effectiveness of the pilot program.  Drawing on that experience and the results of the evaluation, OCR is implementing phase two of the program, which will audit both covered entities and business associates. As part of this program, OCR is developing enhanced protocols (sets of instructions) to be used in the next round of audits and pursuing a new strategy to test the efficacy of desk audits in evaluating the compliance efforts of the HIPAA regulated industry. Feedback regarding the protocol can be submitted to OCR at OSOCRAudit@hhs.gov.” – HHS.gov Read More The HIPAA Audit Program and you

It’s a new year…

complianceHappy New Year!!!

Once those words are uttered at 12:01 a.m. on January 1st, we’re all promised improvement. We promise it to ourselves with resolutions and we’re promised it from the people around us. Most resolutions boil down to a single idea: trimming the fat.

Usually, we mean this literally. Whether we’re talking about losing a couple pounds from the holidays, or losing a couple handfuls of pounds. We all want to trim the fat from the previous year. Read More It’s a new year…

Multi-State Licenses and Board Actions

I recently read an article on ProPublica (Read article here) about nurses who skip from state to state after receiving disciplinary actions. This has been and continues to be a huge weakness in the compliance industry.

When Craig Peske was fired from his nursing position in his home state in Wisconsin, and subsequently received an action against his license as well as six felony counts of narcotic possession, he used his “multi-state license” to get a job as a traveling nurse in North Carolina.

His license in North Carolina didn’t have an action against it, it was active and clear. It even surprised him when he checked on it. But, because his license was active, he had the ability to work as a nurse in North Carolina.

His license being clear in North Carolina could have been due to a lag time in getting the discipline on his record. Or because it’s possible that even with a multi-state license, the boards of separate states don’t communicate.

While I’m sure the hospital in North Carolina did their due diligence in searching his North Carolina license to confirm he was active. I believe they probably also searched for him in SAM and OIG to confirm he had no federal actions against him. What was missed, though, was that they clearly didn’t check into his Wisconsin license. The reason for this could range from Craig Peske not releasing the information that he did in fact have a license in another state. Or that their only requirement for employment is to have a free and clear license in the state of the employment.

There are many reasons why licenses for a practitioner can and will stay active when the practitioner shouldn’t be working in the healthcare industry anymore. Employing a nurse that has stolen painkillers at another facility creates a weak spot in your facility. It can open your facility up to being sanctioned or fined. It can put your patients in jeopardy as well.

And, although, most employers ask for every practitioner to disclose their actions, organizations can’t always trust employees to do so. As healthcare organizations, we need to gather as much knowledge about our practitioners as we can to protect our patients and our organization from fraud. I believe we owe this to the people out there trusting us to provide them with quality medical care.

That’s why TyphoonDATA’s product is so invaluable. With each new employee that is hired, you can search TyphoonDATA’s comprehensive database and see if there has been an action against them from a multitude of different sources. Or you can select one of our monitoring products, so with each refresh of the data, your employees are searched against the database. If a new record that matches your employee is found, you will be notified and TyphoonDATA does a verification to confirm or deny whether or not your employee is free and clear. It gives facilities and organizations just a little more comfort in knowing their employees are sanction free.

TyphoonDATA has packages that range from Basic Exclusion (searches against the OIG database) to Standard Plus (Searches against our entire database, including board actions, federal and state exclusions, and medicare opt-outs) to Premium Exclusion searches (Includes everything in Standard Plus, with a license check as well, to guarantee that their license is active and clear). All of our products are available as just a stand alone search, or with verification, or as a monitoring product.

Take a look at our products here.