Tag: HHS

OIG Compliance is the Key

When a healthcare organization is found to not be in compliance with laws or regulations, corporate integrity agreements (“CIA”) and civil monetary penalties (“CMP”) may be the unintended consequences.

Beginning in September 1999, the United States Department of Health and Human Services (“HHS”) and the Office of Inspector General (“OIG”) embarked on an initiative to prevent the submission of erroneous claims and combat fraud and abuse in the Federal health care programs through voluntary compliance efforts.  Submitting a false claim, or causing a false claim to be submitted, to a Federal health care program may subject the individual, the entity, or both to criminal prosecution, civil liability (including treble damages and penalties) under the False Claims Act, and exclusion from participation in Federal health care programs.(1)  

The OIG has the authority to exclude individuals and entities from Federally funded health care programs for a variety of reasons, including a conviction for Medicare or Medicaid fraud.  Those that are excluded can receive no payment from Federal healthcare programs for any items or services they furnish, order, or prescribe.  This includes those that provide health benefits funded directly or indirectly by the United States (other than the Federal Employees Health Benefits Plan).

The OIG maintains a list of all currently excluded individuals and entities called the List of Excluded Individuals/Entities (“LEIE”).  Anyone who hires an individual or entity on the LEIE may be subject to civil monetary penalties (“CMP”).  To avoid CMP liability, health care entities should routinely check the list to ensure that new hires and current employees are not on it.(2)

References:

  1. https://oig.hhs.gov/compliance/compliance-guidance/docs/complianceguidance/nhg_fr.pdf
  2. https://oig.hhs.gov/exclusions/index.asp

The HIPAA Audit Program and you

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has begun it’s next phase of audits to confirm that organizations are in line with HIPAA protocol. The 2016 Phase 2 HIPAA Audit Program is looking to strengthen it’s Health Insurance Portability and Accountability Act (HIPAA) enforcement efforts by being more proactive.

For 2016’s Fiscal Year, the budget for OCR’s office increased by $4 million over the year before in anticipation of these audits. They will review the policies and procedures adopted and employed by covered entities and their business associates to meet selected standards (laid out in Phase 1) and implementation specifications of the Privacy, Security, and Breach Notification Rules.

These audits were mandated by the HITECH Act to conduct periodic random audits to assess entity compliance with HIPAA. These will primarily be desk audits, but some on-site audits can occur. This could be anything from a drop in one-hour audit to a multi-day operational audit.

Let’s look back:

Before phase 2 (the audits) began, they started with phase 1:

“HIPAA established important national standards for the privacy and security of protected health information and the Health Information Technology for Economic and Clinical Health Act (HITECH) established breach notification requirements to provide greater transparency for individuals whose information may be at risk. HITECH requires the HHS Office for Civil Rights (OCR) to conduct periodic audits of covered entity and business associate compliance with the HIPAA Privacy, Security, and Breach Notification Rules. In 2011 and 2012, OCR implemented a pilot audit program to assess the controls and processes implemented by 115 covered entities to comply with HIPAA’s requirements.  OCR also conducted an extensive evaluation of the effectiveness of the pilot program.  Drawing on that experience and the results of the evaluation, OCR is implementing phase two of the program, which will audit both covered entities and business associates. As part of this program, OCR is developing enhanced protocols (sets of instructions) to be used in the next round of audits and pursuing a new strategy to test the efficacy of desk audits in evaluating the compliance efforts of the HIPAA regulated industry. Feedback regarding the protocol can be submitted to OCR at OSOCRAudit@hhs.gov.” – HHS.gov Read More The HIPAA Audit Program and you

SAM.gov Exclusions – What Are They, and Where do They Come From?

SAM.gov publishes an exclusion file used by many organizations for screening and/or compliance purposes. This exclusion file replaces the former EPLS files as of November, 2012. The SAM exclusion file receives regular updates and contains the collective exclusion reporting of over 80 different federal agencies totaling to approximately 130,000 exclusion records. An exclusion record from SAM.gov indicates that the individual or organization listed is disqualified from receiving any federal government contracts. S.A.M. stands for System for Award Management. This system is used for any party seeking to be awarded a federal government contract and become a federal vendor or supplier.

Let’s take a look at the break-down of the SAM.gov exclusions to see where most of the information comes from. As seen in the chart below, almost 1/2 of the SAM.gov exclusion records come from the Department of Health and Human Services’ OIG LEIE exclusion list. The top 6 contributors to the SAM.gov file makeup over 90% of its total records. The chart below only shows the top 27 federal agencies that report to SAM, there are many more which have made small record contributions.

Each agency that reports to the SAM exclusion system is responsible for the accuracy of its records and the information they contain. Exclusions records have a “type” and a “termination date”. The types are generally “Prohibition/Restriction” or “Ineligible”. In some cases the type may indicate “Proceedings Pending” or “Proceedings Completed”. These types give a little insight into the status of the investigation resulting in exclusion. The termination date in the record indicates the shelf-life of the exclusion. In some cases, a future date is present. This means that once that date is reached, the party on record is no longer excluded. In many cases, the word “Indefinite” is seen in the termination date. An indefinite exclusion never expires and can only be removed at the digression of the reporting agency. If specific conditions or criteria are met, the excluding agency may remove the exclusion. SAM does not publish a reinstatement list, non-excluded parties are simply removed from the updated file. Some reporting agencies (such as the OIG) do maintain their own reinstatement lists.

 

SAM Pie3

TyphoonDATA offers data and compliance solutions that include the SAM.gov exclusions file and much more.

To speak with TyphoonDATA directly, please contact:

Richard Rupert, VP Compliance Solutions
Office: 800.780.5901 extension 705
rrupert@typhoondata.com

Top 5 reasons why providers make the OIG Exclusion List

It is a common assumption that the majority of providers on the OIG List of Excluded Individuals/Entities (LEIE) arrived there by defrauding the Medicare/Medicaid systems. It turns out that program related crimes are the second most common reason for exclusion. The most common reason why providers are excluded is due to license revocation or suspension. Below are the top 5 exclusion types and their descriptions:

OIG_breakdown

Drilling down on why a given provider’s license was revoked or suspended is not always easy. The reasons for these revocations and suspensions are many. Often times, the notes or minutes coming from the state licensing board do not specify a reason as the relinquishment may have been voluntary. Additional digging is often required to get the full picture.

Let’s look at an example:

Malissa Bender, was recently excluded on the OIG List. She was excluded because the Florida Board of Pharmacy granted a “Voluntary Relinquishment of License” tendered by the provider in October, 2013. Additional internet research reveals that Bender was arrested in July 2013, for stealing schedule II and III drugs from the Pharmacy where she worked. (see story)

With over 25,000 providers excluded for type 1128b4 you can see how tedious case-by-case research can become to get to the bottom of each exclusion. Fortunately, in most cases, simply knowing that the provider’s license is suspended or revoked should be enough for most employers to take action. In some cases, the reason for revocation or suspension will not be due to criminal action, or any other reason known to the employer. This fact emphasizes the need for employers to monitor an employee’s license and exclusion status.

TyphoonData offers solutions for license and exclusion monitoring.

If you would like to discuss our thoughts and solutions, give us a call at 800-780-5901.