Excluded in One Excluded in All

Terminated-copy

Excluded in one, Excluded in all

The Affordable Care Act section 6501 discusses “Termination” of a medical provider under Medicaid if Terminated Under Medicare, CHIP, or Other State Plan.

“Termination occurs when the Medicare program, a State Medicaid program, or CHIP has taken an action to revoke a provider’s billing privileges, a provider has exhausted all applicable appeal rights or the timeline for appeal has expired, and there is no expectation on the part of a provider or supplier or the Medicare program, State Medicaid program, or CHIP that the revocation is temporary. The requirement for termination based upon a termination in another program applies in cases where providers, suppliers, or eligible professionals were terminated or had their billing privileges revoked for cause which may include reasons based on fraud, integrity, or quality.”

We find important clarifying details in an informational bulletin published in May of 2011. One point made by the director of the CPI (Center for Program Integrity) addresses the “for cause” portion of this section. The statement reads “For cause may include, but is not limited to, termination for reasons based upon fraud, integrity, or quality. For cause does not include cases where a State terminates a Medicaid or CHIP provider as a result of a failure to submit claims due to inactivity.” Additionally if a provider voluntarily ends participation in the program this is not considered “for cause” except when the “voluntary” action is taken to avoid sanction. The end of billing privileges does not necessarily result in Termination

Another important clarification from this bulletin is that if a provider is “Terminated” in one state, then all other states must also terminate, and the duration of the termination should follow the terminating State’s law. They provide the following example for clarification; “State A terminates a provider and the length of termination is 3 years. A termination action is triggered in State B with regard to that same provider as a result of the State A termination action. State B’s length of termination is 1 year. The provider is not allowed to re-enroll in State B’s Medicaid program for a 1-year period as opposed to State A’s 3-year bar to re-enrollment.” We usually refer to this as the excluded in one excluded in all scenario.

A couple of other points worth mentioning. It is clarified that there is a difference between termination and exclusion. Termination happens at the state level for the reasons stated above. “Generally, “exclusion” from participation in a federal health care program, including Medicare, Medicaid, and CHIP is a penalty imposed on providers and suppliers by the Department’s Office of Inspector General (HHS-OIG). Individuals and entities may be excluded from participating in federal health care programs for misconduct ranging from fraud convictions to patient abuse to defaulting on health education loans.” While they are technically different situations the end result is the same, a provider’s involuntary departure from the Medicaid program or CHIP. Finally the information should be reported on at least a monthly basis to the HHS-OIG.

Want to review the bulletin? Here’s the link; https://downloads.cms.gov/cmsgov/archived-downloads/CMCSBulletins/downloads/6501-Term.pdf

Let’s Talk about Primary Source Data

What is a Primary Source?

A Primary Source is the original source repository or the source that legally issue licenses, discipline, education, training, or examination. A couple of examples of this in our industry are:

California Board of Registered Nursing
Office of Inspector General, U.S. Department of Health and Human Services (OIG)
Pharmacy Technician Certification Board (PTCB)
Centers for Medicare and Medicaid Services (CMS)

What is a Primary Source Data?

Primary Source Data is the license, certification, or disciplinary data directly from the original source. This means the data we collect is directly from the primary source. This data includes exclusion information, opt-out affidavits, license issuance, and disciplinary records. Another caveat to primary source data is we do not change, adjust, or modify the record found at the primary source.

Why is Primary Source Data Important?

Primary source data is important to your company as a way to confirm that your employee can be authorized to work for your facility.

The OIG has the authority to exclude individuals and entities from participation in federal healthcare programs. Any organization or individual who hires excluded parties may be subject to civil monetary penalties (CMP). To avoid these penalties, the LEIE recommends (as a part of the Updated Special Advisory Bulletin on the Effect of Exclusion from Participation in Federal Health Care Programs) that you check their database upon hire, and on an ongoing monthly basis.

Primary Source data is not only important to us, it’s important to accrediting bodies (i.e. The Joint Commission, URAC) and exclusion bodies (i.e. OIG, GSA).

How does the OIG determine who to Exclude

The OIG (Office of Inspector General) has updated their “Criteria for implementing section 1128(b)(7) exclusion authority.”

Here is a link to the OIG write up about the new standards. https://oig.hhs.gov/exclusions/files/1128b7exclusion-criteria.pdf

 

The OIG has a mission “to protect the integrity of Department of Health & Human Services (HHS) programs as well as the health and welfare of program beneficiaries.”  To fulfil this mission the OIG creates resources to help the health care industry comply with the Nation’s Fraud laws. They also work to educate the public, to protect them from fraud, and to have the public report suspicious activities. The Office of Counsel to the Inspector General (OCIG) is responsible for imposing program exclusions and civil monetary penalties (CMP) on health care providers. The excluded health care providers are included on a list known as the List of Excluded Individuals/Entities (LEIE). This article will summarize the current method the OIG uses in determining the action taken against an individual or entity.  

 

Risk Spectrum

The OIG will be using a scale to determine the action taken, ranging from Exclusion to imposing Integrity Obligations to Release. There are a number of factors included in the risk assessment, which then determine the course of action the OIG will take. The categories included in this evaluation are; The Nature and Circumstance of the Conduct, Conduct During the Investigation, Significant Ameliorative Efforts, and History of Compliance.

 

Factors applied to determine the action taken

These Factors have an impact on the risk assessment, they indicate a higher risk, a lower risk, or can be neutral in determining what action will be taken by the OIG. Here is a quick summary  

  1. Nature and Circumstance of Conduct
    1. If the conduct had an adverse impact on Individuals
    2. Financial loss- the greater the amount of loss or intended loss to the Federal healthcare programs the greater the risk assessment.
    3. Conduct that occurs as part of a pattern, or over a period of time, or is continual or repeated indicates a higher risk
    4. Conduct that is currently ongoing or was continued until the Government began an investigation leads to a higher risk
    5. A lack of criminal sanctions has no impact on the level of risk
    6. Leadership Role- if the individual organized, led or planned the unlawful activity
    7. History of Prior Fraudulent Conduct, including prior judgements or convictions, refusal to enter into a Corporate Integrity Agreement (CIA), having a prior CIA, and failing to cooperate with OIG while under a CIA all indicate higher risk levels
  2. Conduct during Investigation
    1. Overall response to the investigation
      1. Did the individual obstruct or impede the investigation or attempt to do so?
      2. Was anything done to conceal the conduct from the government
      3. The inability for a person to engage in the conduct again for whatever reason has no effect on the risk assessment
      4. While a prompt response to the subpoena has no effect, failure to comply within a reasonable time frame would result in a higher risk assessment.
    2. Internal Investigation
      1. If an internal investigation began prior to the individual or entity learning about the Government’s investigation, and any information gained as a result is shared with the government, risk will be lower.
      2. If the person self-disclosed the conduct prior to the Government’s investigation, this would also result in a lower risk assessment.
    3. Cooperation
      1. If the person cooperates with the Government the risk assessment is lower.
      2. If through the person’s cooperation a criminal, civil, or administrative action is taken against an individual or entity, then risk assessment is lower.
    4. Resolution
      1. Adverse Licensure action increases the risk
      2. A criminal resolution including either a conviction, a Deferred Prosecution Agreement, or a Non-Prosecution Agreement. Any of these actions will increase risk which varies depending on the type of criminal action taken
  3. Significant Ameliorative Efforts
    1. Significant changes in the entity
      1. The entity taking appropriate action against the individual lowers risk.
      2. If the entity has dedicated more resources to insure compliance this will also lower the risk.
      3. If after the conduct has stopped, the entity has been sold to a non-affiliated, independent third party that has a history of compliant participation in Federal healthcare programs, the risk will be lower
      4. If there has been additional training, or a mentor assigned or other mitigating steps have been taken that will also lower the risk assessment.
  4. History of Compliance
    1. If the person has a history of appropriate timely self-disclosure made in good faith the risk will be lower
    2. Having a compliance program in place has no impact on risk level, but not having a compliance program in place that incorporates the U.S. Sentencing Commission Guidelines Manual’s seven elements of an effective compliance program will increase the risk.

 

Summary

This new criteria helps clarify the process for how a health care provider can find themselves excluded by the OIG. If an individual or entity is on the LEIE, then “no payment will be made by any Federal health care program (ie; medicare or medicaid) for items or services furnished, ordered, or prescribed by the excluded individual in any capacity.” The OIG can impose penalties on entities and individuals who bill the Federal government for services while excluded by the OIG. These Civil Monetary Penalties (CMP) can be up to $10,000.00 per occurrence plus treble damages.

At Typhoon Data one of our services is to verify that providers are not on the LEIE. We offer a variety of services to help maintain compliance.

 

If you would like to discuss our solutions, feel free to contact me, David Rees at (800) 780-5901 Ext 705 or email drees@typhoondata.com.

Typhoon Data is Certified by the NCQA

Typhoon Data, a healthcare data solution provider, announced today it has received certification from the National Committee for Quality Assurance (NCQA), a private, non-profit organization dedicated to improving healthcare quality, for the following credentials verifications services;

License to Practice
DEA Registration
Medical Board Sanctions
Ongoing Monitoring
Medicaid/Medicare Sanctions

This credential verifies Typhoon Data’s use of industry best practices and demonstrates its commitment to quality improvement, increased performance measures, and better compliance data. Typhoon Data was built from the ground up applying knowledge gained from years of industry experience to provide the most effective and accurate solution available. Verification services designed to comply with NCQA credentialing standards demonstrates that Typhoon Data has the systems, process and personnel in place to thoroughly and accurately verify providers’ credentials and help health plan clients meet their accreditation goals.

Recognizing the critical nature of the services they provide, Typhoon Data determined that obtaining certification was a key business strategy. Typhoon Data was built with the customer in mind, and offers integration or turnkey solutions, customization, exclusion data, and verification services. Typhoon Data has revolutionized the method for continuously monitoring compliance data. Typhoon Data is positioned to move the industry forward through innovation and by leveraging technology.

As a bootstrapped startup Typhoon Data has worked to establish sound policies and procedures, and to become an expert in credentialing and compliance. The management and operations teams have created systems that ensure complete, accurate, and timely data gathering and verification. Certification includes rigorous on-site evaluations conducted by a team of health care professionals and certified credentialing specialists. A national oversight committee of physicians analyzes the team’s finding and determines certification based on the CVO’s compliance with NCQA standards.

About Typhoon Data

Typhoon Data is transforming the data industry through automation and partnerships. We make it possible to search for license, exclusion, and board action data in a more efficient and cost effective way. Because our processes are based in the future, we have the ability to offer better products than our competitors at a fraction of the price and in a standardized way that brings new meaning to Compliance Monitoring.

We efficiently handle monthly batching or quarterly reviews, we are constantly monitoring, making it possible for you to truly get the complete picture on your health care staff.

About the National Committee for Quality Assurance (NCQA)

NCQA is a private, non-profit organization dedicated to improving healthcare quality. NCQA accredits and certifies a wide range of healthcare organizations. It also recognizes clinicians and practices in key areas of performance. NCQA’s Web site (http://www.ncqa.org) contains information to help consumers, employers and others make more informed health care choices.

For the original version on PRWeb visit: http://www.prweb.com/releases/2017/01/prweb13989788.htm

The HIPAA Audit Program and you

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has begun it’s next phase of audits to confirm that organizations are in line with HIPAA protocol. The 2016 Phase 2 HIPAA Audit Program is looking to strengthen it’s Health Insurance Portability and Accountability Act (HIPAA) enforcement efforts by being more proactive.

For 2016’s Fiscal Year, the budget for OCR’s office increased by $4 million over the year before in anticipation of these audits. They will review the policies and procedures adopted and employed by covered entities and their business associates to meet selected standards (laid out in Phase 1) and implementation specifications of the Privacy, Security, and Breach Notification Rules.

These audits were mandated by the HITECH Act to conduct periodic random audits to assess entity compliance with HIPAA. These will primarily be desk audits, but some on-site audits can occur. This could be anything from a drop in one-hour audit to a multi-day operational audit.

Let’s look back:

Before phase 2 (the audits) began, they started with phase 1:

“HIPAA established important national standards for the privacy and security of protected health information and the Health Information Technology for Economic and Clinical Health Act (HITECH) established breach notification requirements to provide greater transparency for individuals whose information may be at risk. HITECH requires the HHS Office for Civil Rights (OCR) to conduct periodic audits of covered entity and business associate compliance with the HIPAA Privacy, Security, and Breach Notification Rules. In 2011 and 2012, OCR implemented a pilot audit program to assess the controls and processes implemented by 115 covered entities to comply with HIPAA’s requirements.  OCR also conducted an extensive evaluation of the effectiveness of the pilot program.  Drawing on that experience and the results of the evaluation, OCR is implementing phase two of the program, which will audit both covered entities and business associates. As part of this program, OCR is developing enhanced protocols (sets of instructions) to be used in the next round of audits and pursuing a new strategy to test the efficacy of desk audits in evaluating the compliance efforts of the HIPAA regulated industry. Feedback regarding the protocol can be submitted to OCR at OSOCRAudit@hhs.gov.” – HHS.gov Read More The HIPAA Audit Program and you

It’s a new year…

complianceHappy New Year!!!

Once those words are uttered at 12:01 a.m. on January 1st, we’re all promised improvement. We promise it to ourselves with resolutions and we’re promised it from the people around us. Most resolutions boil down to a single idea: trimming the fat.

Usually, we mean this literally. Whether we’re talking about losing a couple pounds from the holidays, or losing a couple handfuls of pounds. We all want to trim the fat from the previous year. Read More It’s a new year…

Risk: It’s All About Time!

usa-flag-map

Medical Provider data with regards to Medicare and Medicaid exclusions can be tricky from a timing perspective. Even though the Office of Inspector General (OIG) with the List of Excluded Individuals and Entities (LEIE) were created to attack the ever changing problem of Medicare Fraud, it can often be a trailing indicator. There are rules of inclusion that require the OIG to follow a process that often takes time. Once a name or entity is entered into the data set, it is only a matter of checking the names against the dataset either through the government website, downloading the data or using a Consumer Reporting Agency (CRA) or similar service.

The OIG is focused on this issue and does a good job to keep the data up to date as possible and it is a large effort indeed considering the estimate of Medical licensed professions is just under 12 million according to the most recent estimates.

But what about the risk of those organizations that hires or does business with individuals or entities who have been convicted of a crime or state boards who have taken action but the license is unaffected or the OIG has not issued an exclusion? What is the time factor of when the offender or subject shows up on the LEIE list? Or are the various State Medicaid lists timelier? Not all states have Medicaid sanctions lists but the number has grown to 37 states with the recent addition of Iowa and Georgia this year.

Let’s take for example the case of CNA Kenisha Abeene. Her name showed up on the Nevada List of Sanctioned Excluded Providers in early 2014. Her name did not appear on OIG until January of the following year.

As a matter of process, TyphoonDATA pulls press releases from various Law Enforcement sites, both state and federal to gauge how fast the issues get across the spectrum of reporting entities which include Federal sources like OIG, DEA Disbarment, SAM.gov and state exclusion sites like https://dch.georgia.gov/georgia-oig-exclusions-list. Also the issues might initially surface in Licensing repositories like Department of Professional Licensing or DOPL (pronounced “Dop-Pull”) or specific board sites. Unfortunately, the states are not uniform in the approach to posting and size does matter with regards to provider type licenses. There are more Doctors and Nurses in this country so often those boards have daily updates.

For example, in the case of Physician Cyrus Sajadi, Dr. Sajadi was charged in 2012 and his name was all over the DOJ and other news sites. But, there was no action granted until 2015. Meaning his license stayed clear and without action for three years, making it possible for him to practice when he was known to have committed fraud. Leaving any organization that hadn’t known of his fraud opens them up to potential risk. For three years, his name did not pop up on the OIG or any state exclusion site. Knowing as much about your employees or potential employees as possible will cut away at your exposure to fraud or potential fines.

Moving from state to state also presents challenges. Doing a Social Security (SSN) trace often reveals multiple states the subject has lived, worked or studied. Name changes, especially in marital status, are also a driving issue. The exclusion is a post that is current at the time of posting and personal identifying information or Pii is needed to capture the action or exclusion. Often the board action is “thin file” or lacking identifiers so Sherlock Holmes will be needed to crack the case.

And last but not least this is not a one and done issue. Continuous monitoring not periodic batching is recommended. The on-going update process of data should be at a minimum monthly and some sites (Medi–CAL) have some provider types where daily updates are done.

Here are examples of delayed reporting:

INDIVIDUAL

PROVIDER TYPE

DATE OF BOARD ACTION

DATE OF APPEARANCE IN THE OIG LEIE

H, AMBER DAWN

Pharmacy Technician

10/25/2013

1/20/2015

B, BENJAMIN

CNA

12/22/2014

5/20/2015

P, THOMAS A

Pharmacy Technician

11/22/2013

1/20/2015

A, DAVID

LPN

5/15/2006

8/20/2006

A, KENISHA

CNA

3/27/2014

1/20/2015

 

Multi-State Licenses and Board Actions

I recently read an article on ProPublica (Read article here) about nurses who skip from state to state after receiving disciplinary actions. This has been and continues to be a huge weakness in the compliance industry.

When Craig Peske was fired from his nursing position in his home state in Wisconsin, and subsequently received an action against his license as well as six felony counts of narcotic possession, he used his “multi-state license” to get a job as a traveling nurse in North Carolina.

His license in North Carolina didn’t have an action against it, it was active and clear. It even surprised him when he checked on it. But, because his license was active, he had the ability to work as a nurse in North Carolina.

His license being clear in North Carolina could have been due to a lag time in getting the discipline on his record. Or because it’s possible that even with a multi-state license, the boards of separate states don’t communicate.

While I’m sure the hospital in North Carolina did their due diligence in searching his North Carolina license to confirm he was active. I believe they probably also searched for him in SAM and OIG to confirm he had no federal actions against him. What was missed, though, was that they clearly didn’t check into his Wisconsin license. The reason for this could range from Craig Peske not releasing the information that he did in fact have a license in another state. Or that their only requirement for employment is to have a free and clear license in the state of the employment.

There are many reasons why licenses for a practitioner can and will stay active when the practitioner shouldn’t be working in the healthcare industry anymore. Employing a nurse that has stolen painkillers at another facility creates a weak spot in your facility. It can open your facility up to being sanctioned or fined. It can put your patients in jeopardy as well.

And, although, most employers ask for every practitioner to disclose their actions, organizations can’t always trust employees to do so. As healthcare organizations, we need to gather as much knowledge about our practitioners as we can to protect our patients and our organization from fraud. I believe we owe this to the people out there trusting us to provide them with quality medical care.

That’s why TyphoonDATA’s product is so invaluable. With each new employee that is hired, you can search TyphoonDATA’s comprehensive database and see if there has been an action against them from a multitude of different sources. Or you can select one of our monitoring products, so with each refresh of the data, your employees are searched against the database. If a new record that matches your employee is found, you will be notified and TyphoonDATA does a verification to confirm or deny whether or not your employee is free and clear. It gives facilities and organizations just a little more comfort in knowing their employees are sanction free.

TyphoonDATA has packages that range from Basic Exclusion (searches against the OIG database) to Standard Plus (Searches against our entire database, including board actions, federal and state exclusions, and medicare opt-outs) to Premium Exclusion searches (Includes everything in Standard Plus, with a license check as well, to guarantee that their license is active and clear). All of our products are available as just a stand alone search, or with verification, or as a monitoring product.

Take a look at our products here.

SAM.gov Exclusions – What Are They, and Where do They Come From?

SAM.gov publishes an exclusion file used by many organizations for screening and/or compliance purposes. This exclusion file replaces the former EPLS files as of November, 2012. The SAM exclusion file receives regular updates and contains the collective exclusion reporting of over 80 different federal agencies totaling to approximately 130,000 exclusion records. An exclusion record from SAM.gov indicates that the individual or organization listed is disqualified from receiving any federal government contracts. S.A.M. stands for System for Award Management. This system is used for any party seeking to be awarded a federal government contract and become a federal vendor or supplier.

Let’s take a look at the break-down of the SAM.gov exclusions to see where most of the information comes from. As seen in the chart below, almost 1/2 of the SAM.gov exclusion records come from the Department of Health and Human Services’ OIG LEIE exclusion list. The top 6 contributors to the SAM.gov file makeup over 90% of its total records. The chart below only shows the top 27 federal agencies that report to SAM, there are many more which have made small record contributions.

Each agency that reports to the SAM exclusion system is responsible for the accuracy of its records and the information they contain. Exclusions records have a “type” and a “termination date”. The types are generally “Prohibition/Restriction” or “Ineligible”. In some cases the type may indicate “Proceedings Pending” or “Proceedings Completed”. These types give a little insight into the status of the investigation resulting in exclusion. The termination date in the record indicates the shelf-life of the exclusion. In some cases, a future date is present. This means that once that date is reached, the party on record is no longer excluded. In many cases, the word “Indefinite” is seen in the termination date. An indefinite exclusion never expires and can only be removed at the digression of the reporting agency. If specific conditions or criteria are met, the excluding agency may remove the exclusion. SAM does not publish a reinstatement list, non-excluded parties are simply removed from the updated file. Some reporting agencies (such as the OIG) do maintain their own reinstatement lists.

 

SAM Pie3

TyphoonDATA offers data and compliance solutions that include the SAM.gov exclusions file and much more.

To speak with TyphoonDATA directly, please contact:

Richard Rupert, VP Compliance Solutions
Office: 800.780.5901 extension 705
rrupert@typhoondata.com

Slipping Through the Cracks in the Process

More and more public watchdog groups, press and user groups are finding holes in the system that may be of concern to those who are hiring or credentialing medical providers.  The article dated June 30, 2014 from NPR demonstrates the complexities and timing issues.  Some providers are able to circumvent the billing process and continue to receive payment for years after being acted upon by the various state medical boards. http://www.npr.org/blogs/health/2014/06/20/323889329/sanctions-common-against-doctors-with-odd-medicare-billing?ft=1&f=1001

Credit Reporting Agencies focusing on hiring, compliance groups and credentialing organizations have the mission to surface issues beyond just the exclusion data repositories like the Office of the Inspector General (OIG) or one of the many Federal sites that track violators.  As you know, being excluded from the Federal Medicare process is only one element of the wider net that is needed to get all the data to make a hiring, risk or just plain due diligence decision.

The problem is often just timing.  A scenario might be a provider is arrested for a crime and adjudication begins.  Maybe a state medical board reviews the incident and takes action.  The various states may jump into action and exclude the provider from receiving Medicaid payments which is administered from the states even though the money comes primarily from the Federal tax dollars.  The license may be affected at the board level and it make take time to get into the exclusion process.  Hearings have to be set and conclusions reviewed.

It is the due process that takes time and we all appreciate the need for it.  But if you are a hiring entity or compliance group you may get caught in the cracks.  The key is to check the various Federal, State and board actions that will blanket the whole process.

It is possible to get an accurate, up to date picture and TyphoonDATA has a solution with will cast a wide net, verify the false positives and close the cracks into a simple to use click process.

If you would like to discuss, call us at 800.780.5901 or email us at RRupert@typhoondata.com or SSkyhawk@typhoondata.com .  We would love to help you with your mission.