Search Legal Perspectives:
Increased Scrutiny to Obtain and Maintain Medicare and Medicaid Enrollment – Time to Comment is Now
October 7, 2010
By: Donna J. Senft
Several provisions in the recent health care reform legislation were designed to enhance the Medicare and Medicaid enrollment procedures to protect against fraud by prohibiting unqualified individuals and entities from obtaining or maintaining enrollment. Proposed regulations "Medicare, Medicaid, and Children's Health Insurance Programs: Additional Screening Requirements, Application Fees, Temporary Enrollment Moratoria, Payment Suspensions and Compliance Plans for Providers and Suppliers" [PDF] were published on September 23, 2010, with a 60-day comment period ending November 16, 2010. The following discussion provides a glimpse into some of the key provisions in the proposed regulation changes. There are specific rules related to Medicare enrollment as well as rules that state Medicaid programs would be required to implement to get federal financial participation funding.
Provider and Supplier Screening
CMS has identified three categories that will guide enrollment screening based upon "CMS' assessment of fraud, waste and abuse risk of the provider or supplier category." Tables [PDF] are included that list the proposed provider and supplier types that are identified as "limited," "moderate," or "high" risk, with CMS requesting comments on the provider and supplier types in each category.
Screening for Limited Risk providers and suppliers:
- Federal and State Requirements Satisfied: Verification that an enrollee meets Federal and State requirements related to the services to be rendered under a specific provider or supplier type.
- Licensure Verification: Verification that the enrollee has the requisite licenses prior to approving the enrollment. Will require Medicaid agencies to perform monthly checks of licensing board data, similar to what Medicare contractors are already doing, to ensure each enrolled provider continues to hold an unrestricted license.
- Database Checks: Database checks to be performed at the time of the initial enrollment and following the termination of an enrollment. The databases to be checked include: SSA (such as to check for deceased individuals), NPPES (NPI data), OIG's List of Excluded Individuals/Entities and GSA Excluded Parties List.
Additional screening for Moderate Risk providers and suppliers:
- Site Visits: Unannounced site visits to be conducted before granting enrollment, throughout enrollment, or even following the termination of an enrollment.
Additional screening for High Risk providers and suppliers: For this particular category, CMS is proposing the following additional screening be conducted for persons with ownership and controlling interests including authorized and delegated officials and managing employees. Fees for the screening would be required to be paid prior to accepting an enrollment application for processing. These additional screening requirements for High Risk providers and suppliers would be effective for new enrollees beginning March 23, 2011, at the time of a required revalidation between March 23, 2011 and March 23, 2012, and for all other existing High Risk providers and suppliers after March 23, 2012:
- Criminal Background Checks: Social security numbers and dates of birth will need to be disclosed in order to conduct criminal background checks.
- Fingerprint Screening: For Medicare enrollment purposes, the standard FD-258 fingerprint card will be used, since it is readily available at county and State law enforcement agencies.
These additional High Risk screening requirements, however, raise concerns regarding how the agencies will protect both the personal data and the fingerprint cards. Furthermore, there is no discussion in the proposed rules addressing a foreign owner, who otherwise is not eligible to receive a Social Security Card and would not be available to obtain fingerprinting in the states.
The rules would allow Medicaid agencies to rely on Medicare enrollment checks for providers and suppliers that participate in both governmental programs. A refusal by an individual to submit to these additional screening requirements or failure to pay the screening fee would be grounds for denial of enrollment or revocation of billing privileges for currently enrolled providers and suppliers.
CMS is soliciting input in how a provider or supplier type may be upgraded to a higher risk or downgraded to a lower risk. CMS is also proposing situations that might warrant upgrading a particular provider or supplier, rather than a category of providers or suppliers, to a higher risk category, such as instances of suspected identity theft, a prior payment suspension, a prior billing privilege revocation or termination.
Other Provisions in the Proposed Rule
- Medicaid Enrollment Revalidation: Similar to existing Medicare rules, Medicaid agencies would be required to conduct revalidations or reenrollments on an every 5-year cycle.
- Medicaid Enrollment Deactivations and Terminations: Similar to the existing Medicare enrollment regulations, the Medicaid rules would require billing privilege deactivations or enrollment terminations under specified situations with appeal rights granted for either agency action. For terminations required because the provider or supplier was terminated from another states Medicaid program, the rules do not allow the termination to occur until all appeal rights had been exhausted in the State where the original termination occurred. This is an important point since the Medicare enrollment rules are silent regarding when a revocation becomes a reportable event -- when first initiated or after exhausting an appeal.
- Application Fee: Each "Institutional Provider" would be required to pay an application fee at the time of the initial enrollment, when requesting to add a practice location, and when submitting a requested revalidation. "Institutional Provider" is defined to include all providers who enroll in Medicare using the CMS 855A, CMS 855B, or CMS 855S enrollment form, with the exception of physician and non-physician group practices. The current every 3-year re-enrollment for DMEPOS suppliers will be re-defined to be an every 3-year revalidation. The initial fee would be $500.00, updated annually, with a March 23, 2011 implementation date. The proposed rule envisions a hardship exception, not only for financial reasons but also when necessary to enhance access to services such as during a declared disaster when providers would enroll simply to respond to the emergent need.
- Temporary Moratorium: CMS and state Medicaid agencies would be able to impose temporary enrollment moratoria for a particular type of provider or supplier if determined to be "necessary to combat fraud, waste, or abuse." The proposed rules identify situations that might warrant an enrollment moratorium, which would apply to new enrollees and currently enrolled providers and suppliers who want to add a practice location. The moratorium would not affect a provider or supplier undergoing a change of ownership.
- Suspension of Payments: Regulations would allow for the suspension of payments during an investigation of a "credible allegation of fraud" until there is "resolution of an investigation." To be "credible" the allegation must be from a reliable source, with a listing of such sources, and "have an indicia of reliability." The proposed rules include exceptions to implementing a payment suspension, such as when there is a risk the payment suspension may jeopardizing an ongoing undercover investigation.
The proposed regulations provide significant changes and will increase the time and expense associated with obtaining and maintaining both Medicare and Medicaid enrollment, not to mention the risk of losing billing privileges for failing to comply. Providers and suppliers should take this opportunity to provide input by November 16, 2010, to help shape the final regulations, whether through individually submitted comments or by working with professional or trade associations and submitting a response.
Donna Senft is author of the blog MedicareforGeeks.com, which provides information relating to the requirements and new initiatives with respect to PECOS (Provider Enrollment, Chain, and Ownership System), the national electronic database for recording and retaining data on Medicare-enrolled providers and suppliers.