On May 9, the Office of Inspector General (OIG) released the first updated guidance on exclusions since 1999. Of particular concern to small physician practices, the new guidance states that a healthcare provider who employs or contracts with a person that the provider "knows or should know is excluded by OIG," may be subject to civil monetary penalty (CMP) liability.
OIG may impose CMPs of up to $10,000 for each item or service furnished by the excluded person for which federal program payment is sought, as well as an assessment of up to three times the amount claimed.
[See also: OIG strengthens authority on exclusions.]
PhysBizTech talked to Paula Sanders, principal and chair of law firm Post & Schell's Health Care Practice Group, about the potential impact of the guidance at the physician practice level. A transcript of that conversation follows.
Q: What should small practices take away from this new OIG guidance on exclusions?
A: For physician practices that only participate in the Medicare program and not their state Medicaid program, there's actually some welcome language in the guidance.
OIG acknowledges that there is no regulatory or statutory requirement that practices check people against the OIG exclusion list for Medicare. There had been expectations that OIG was going to mandate a frequency for checking the exclusion list. I think OIG realized they can't force people under Medicare to perform monthly exclusion checks -- although that is clearly best practice.
The guidance allows providers to assess their own risk tolerance for how frequently they want to be doing these checks.
Best practice is to check the exclusion list monthly as that is how frequently the OIG updates the list.
Q: What about providers who participate in both Medicare and Medicaid?
A: If the practitioner is dually certified, there may be a state requirement that is more stringent. It's important to make that distinction.
Depending on the state in which the practice is located, there may be a requirement to perform monthly checks if you are a Medicaid provider. CMS is requiring states to perform monthly checks. And some states have passed that requirement on to Medicaid providers.
Q: What are the possible repercussions of not looking closely at exclusions?
A: The penalties can be catastrophic if you are working with someone who has been excluded.
I would recommend doing exclusion checks upon hire [of a new employee]. If you've never done a check, do it now. And then consider whether you want to do it on an annual basis.
Q: Could we run through a sample scenario?
A: If a physician in a group practice is excluded, and the practice doesn't know that, the practice could be at risk for all of that physician's billing, plus a multiplier. So for each service that the excluded provider has ordered and billed for, all of that money is subject to being returned to the government.
The government will not pay for any goods or services furnished by an excluded person. You have a direct billing relationship where service in and of itself is potentially a false claim. And the government uses a "you knew or should have known" standard to make this assessment. The should-have-known standard is very dangerous from the provider's perspective if they're not monitoring the exclusions website.
Anytime there's a reference in law in this arena that you knew or should have known, and the OIG or the Medicare Administrative Contractor is putting things on its website, you are presumed to know for purposes of meeting that standard.
Q: How do the mechanics of the CMPs work?
A: Let's say you employ or take orders from an excluded individual. You are now on the hook for paying back all that money -- the amount of billings that were done by the excluded person -- plus a multiplier. If the government discovers it, they are entitled to triple damages.
One of the reasons we're encouraging people to do checks and self-disclose is that if you self-disclose, you are able to use a multiplier of 1.5 times instead of 3. OIG will not impose a corporate integrity agreement upon you. They'll presume if you found it by yourself, that you have some sort of compliance program in existence by virtue of the fact that you are policing yourself.
The OIG website provides information on how to do a self-disclosure if you discover that you're dealing with an excluded person.
Q: What have you learned from exclusion cases that your firm has handled?
A: One of our clients was a large Medicare/Medicaid nursing home. A woman who was hired as a secretary with no patient care responsibilities had been excluded -- and she never disclosed that previously she had been fired from a nursing home for drug diversion.
This was a strict liability for the employer. When they finally discovered that she had been excluded, the client had to pay back about 95 percent of her salary and benefits over a period of her entire employment. And even though she had lied about her history -- and even though the employer had some documentation of doing an exclusion check -- OIG still gave us a multiplier of 1.5.
Q: So this is a very real risk with harsh potential consequences?
A: Yes, depending on the size of the practice it could be devastating.
I would bet that small practices are not screening [for excluded persons]. I know from experience that sometimes a doctor gets in trouble from a licensing board, loses his/her license, and then gets the license back under probation. And one of his/her friends says, "That's fine, you can come work with me." It happens all the time. People are trying to help out their colleague.
What they don't realize is that you can have your medical license and still be on the excluded list. There is a risk that the hiring practice is probably not aware of.