White Paper

Is Your Funding at Risk?

Excluded Party Screening for Medical Research and Healthcare Organizations

Is Your Funding at Risk?

Table of Contents
Executive Summary ................................................................................................................3 The Legislative Origins for Excluded Party Screening ............................................................3 The False Claims Act ..............................................................................................................3 The Social Security Act ...........................................................................................................4 Health Insurance Portability and Accountability Act (HIPAA) ................................................4 CMS Policy Letters ..................................................................................................................4 Patient Protection and Affordable Care Act (PPACA) ............................................................5 CMS Final Rule .......................................................................................................................6 Circular A-110 Revised 11/19/93 As Further Amended 9/30/99 ...........................................7 NIH Grants Policy Statement ..................................................................................................8 Conducting Screening for Compliance ..................................................................................8 Benefits of Screening ..............................................................................................................9 Conclusion ...............................................................................................................................9

Is Your Funding at Risk?

Executive Summary
Healthcare professionals, academic researchers and administrators are subject to a wide range of regulations that require detailed attention to compliance in a variety of settings, such as physician practices, hospitals, laboratories, managed care organizations, nursing homes, home healthcare, research facilities and academic medical centers. These regulations range from protecting patient privacy, to export controls, to screening employees and vendors. Failure to comply with these mandates could result in fines, denied payments, termination from federal programs, withdrawn funding or jail time for responsible parties. For example, any items or services that are furnished, ordered or prescribed by an excluded individual or entity on the United States Department of Health and Human Services (HHS) Office of Inspector General (OIG) List of Excluded Individuals/Entities (LEIE) will not receive reimbursement or payment from the Federal Government. This includes hospitals or organizations that may employ or contract with an excluded individual or entity. Similarly, any organization that receives funding through a federal contract must ensure that it is not employing or contracting with excluded parties. Federal grants and contracts from the National Institutes of Health (NIH) are common in research institutions, such as medical universities, and must be carefully executed. Understanding the legislation is critical when it comes to protecting your healthcare or research organization from the consequences of engaging with excluded individuals or entities. Conducting screening in a consistent, regular and automated fashion can go a long way toward mitigating your organizations financial and security risks and toward protecting federally-awarded research funds.

Failure to comply with these mandates could result in fines, denied payments, termination from federal programs, withdrawn funding or jail time for responsible parties.
This paper will review the legislative history behind the need to screen employees, students, researchers, contractors and other parties who may put an organization at risk. Well also look at the benefits of screening from an organizational perspective.

The Legislative Origins for Excluded Party Screening

Legislation prohibiting defrauding the Federal Government goes back over 100 years, and has evolved to cover federally-funded research and the federal health programs, such as Medicare and Medicaid. It is helpful to understand the laws and amendments that now affect healthcare providers, research institutions, their employees and contractors.

The False Claims Act

Dating back to the Civil War, the False Claims act is used by the government to impose penalties on people or entities (such as corporations) who defraud governmental programs. Amendments to the law in 1986 intended to apply to fraud by defense contractors have subsequently been used to target healthcare fraud. Relevant original language of the law imposes liability for certain acts by any person who:

Knowingly presents, or causes to be presented, to an officer or employee of the United States Government or a member of the armed forces of the United States a false or fraudulent claim for payment or approval Knowingly makes, uses, or causes to be made or used, a false record or statement to get a false or fraudulent claim paid or approved by the Government Conspires to defraud the Government by getting a false or fraudulent claim allowed or paid

Penalties for violating the Federal False Claims Act can be up to three times the value of the false claim, plus $5,500 to $11,000 in fines per claim, and program exclusion. The False Claims Act also provides for the reward of whistleblowers who bring the fraud to the attention of the government through the filing of a civil suit to recover damages on the governments behalf. The 1986 amendments increased protection and awards for whistleblowers, thereby encouraging more people to report potential instances of fraud. 3

Is Your Funding at Risk?

Penalties for violating the Federal False Claims Act can be up to three times the value of the false claim, plus $5,500 to $11,000 in fines per claim, and program exclusion. The Social Security Act
Originally enacted in 1935 by President Franklin Roosevelt, the Social Security Act has been amended many times over the ensuing decades. Title XI, Section 1128 of the Social Security Act establishes the exclusion of certain individuals and entities from participation in any federal healthcare program. This section defines the conditions for exclusion, as follows: Mandatory exclusion for:

Conviction of program-related crimes Conviction relating to patient abuse Felony conviction relating to healthcare fraud Felony conviction relating to a controlled substance

If there is one prior conviction, the exclusion will be for 10 years. If there are two prior convictions, the exclusion will be permanent. There are also a range of conditions for permissive exclusion, among them:

Conviction relating to fraud (presumably a conviction less than a felony or not related to healthcare) Misdemeanor conviction relating to a controlled substance License revocation or suspension Exclusion or suspension under federal or state healthcare Claims for excessive charges or unnecessary services and failure of certain organizations to furnish medically necessary services Fraud, kickbacks, and other prohibited activities

Once an exclusion determination has been made, the government has the obligation to inform state agencies and state licensing bodies about the excluded individual/entity. These individuals/entities are not permitted to receive payment or reimbursement for services provided under federally-funded health programs, such as Medicare, Medicaid and Childrens Health Insurance Programs (CHIP). They are also not permitted to participate in any federally-funded contracts, such as those granted by the NIH.

Health Insurance Portability and Accountability Act (HIPAA)

Most people know HIPAA as the law that protects patient privacy, but HIPAA also enacted amendments to the Social Security Act, Title XI by inserting the Health Care and Abuse Data Collection Program to Section 1128. It stipulated that the Secretary of HHS shall establish a national healthcare fraud and abuse data collection program for the reporting of final adverse actions against healthcare providers, suppliers, or practitioners. It also specified the maintenance of, and access to a database of the information collected. So, at this point, legislation has established that there are non-payment consequences for defrauding the government, there are a variety of conditions whereby individuals or entities can be excluded from federal healthcare programs, and the government has an obligation to make information about excluded parties available to the states.

CMS Policy Letters

With the information available, it now becomes incumbent upon the states to ensure that they dont do business with excluded parties. In a letter issued to state Medicaid directors, the Center for Medicare and Medicaid Services (CMS)

Is Your Funding at Risk?

clarified its policy with regard to screening and told the states how to proceed: States must determine whether current providers, managed care entities (MCEs), providers applying to participate in the Medicaid program, and individuals with an ownership or control interest in the provider entity or MCE are excluded individuals or entities. Since federal regulations prohibit payment for items or services furnished by excluded individuals and entities, it is imperative that this first line of defense in combating fraud and abuse be conducted accurately, thoroughly, and routinely. 1 CMS further instructs the state Medicaid directors to:

Search the Medicare Exclusion Database (MED) or the OIG List of Excluded Individuals/Entities database by the names of any individual, entity, or individual with ownership or control interest in any provider entity providing services for which payment is made under the Medicaid program or seeking to participate in the Medicaid program Review provider eligibility upon enrollment or reenrollment Search the MED or the OIG website monthly to capture exclusions and reinstatements that have occurred since the last search

In a subsequent letter 2, CMS advises states of their obligation to direct providers to screen their own employees and contractors for excluded persons. Specifically, the obligations of the states are to:

Advise providers of their obligation to screen all employees and contractors to determine whether any of them have been excluded. States should communicate this obligation to providers upon enrollment and reenrollment Explicitly require providers to agree to comply with this obligation as a condition of enrollment Inform providers that they can search the HHS-OIG website by the names of any individual or entity Require providers to search the HHS-OIG website monthly to capture exclusions and reinstatements that have occurred since the last search Require that providers immediately report to them any exclusion information discovered

In these letters, CMS has explicitly informed the states that they must screen program providers and they must ensure that providers screen their employees and contractors. They must also conduct monthly searches of the databases for status changes.

Patient Protection and Affordable Care Act (PPACA)

However, it is not until the Patient Protection and Affordable Care Act (PPACA) (effective January 1, 2011) where it is mandated that HHS promulgate uniform screening procedures. Also, and most importantly, PPACA provides for termination from Medicaid if an individual or entity has been terminated from Medicare or another states Medicaid program. This prevents terminated providers from setting up shop in another state. Relevant sections of PPACA include:

Section 6401 Screening Procedures The Secretary of HHS, in consultation with the OIG, must establish procedures for screening providers and suppliers participating in Medicare, Medicaid, and CHIP. It also requires the Secretary to determine the level of screening according to the risk of fraud, waste, and abuse with respect to each category of provider or supplier.

Section 6501 Termination of Providers This section requires states to terminate the participation of individuals or entities from their Medicaid programs if the individuals or entities were terminated from Medicare or another states Medicaid program.

1 2

SMDL #08-003, June, 2008 SMDL #09-001, January 2009

Is Your Funding at Risk?

CMS Final Rule

To comply with PPACA, on January 24, 2011, CMS announced a final rule3 that specified program integrity provisions, including: 1. Screening of providers and suppliers 2. Enhanced oversight 3. Disclosure requirements 4. Imposition of temporary enrollment moratoria 5. Establishment of compliance programs For the purposes of this paper, well look more closely at Items 1 and 5. Screening of providers and suppliers The level of screening for each provider/supplier category is based on CMSs assessment of the risk of fraud, waste, and abuse. The screening process must include a licensure check, which may be across states. As shown in the table below, the CMS final rule requires database checks for all levels of risk. Final Level of Required Screening for Medicare Physicians, Non-Physician Practitioners, Providers, and Suppliers; Medicaid and CHIP Providers

TYPE OF SCREENING REQUIRED

Verification of any provider/supplier-specific requirements established by Medicare Conduct license verifications, (may include licensure checks across states) Database checks (to verify Social Security Number (SSN); the National Provider Identifier (NPI); the National Practitioner Data Bank (NPDB) licensure; an OIG exclusion; taxpayer identification number; death of individual practitioner, owner, authorized official, delegated official, or supervising physician Unscheduled or unannounced site visits Fingerprint-based criminal history record check of law enforcement repositories

LIMITED X

MODERATE X

HIGH X

X X

Establishment of Compliance Programs The degree of screening and checking required by CMS does not lend itself to ad hoc execution. Therefore, CMS also requires that all providers and suppliers must adopt compliance plans as a condition of enrollment in federal healthcare programs. The statute requires the Secretary to adopt core elements of compliance plans for each type of provider or supplier, and each industry segment. Although the PPACA compliance program mandate is new, the Federal Governments support for compliance programs is not. It seems likely that the core elements will be based on previous compliance documents published by
3 Federal Register Vol. 76 No. 22, February 2, 2011

Is Your Funding at Risk?

OIG, such as the one for physicians4. Here, OIG lays out seven components that provide a solid basis upon which a physician practice can create a voluntary compliance program. These include:

Conducting internal monitoring and auditing Implementing compliance and practice standards Designating a compliance officer or contact Conducting appropriate training and education Responding appropriately to detected offenses and developing corrective action Developing open lines of communication Enforcing disciplinary standards through well-publicized guidelines

These seven elements have been identified by the United States Sentencing Commission as those an organization must have incorporated into a compliance program to demonstrate that it exercised due diligence in detecting and deterring fraud, waste and abuse of government resources. The PPACA does not specify whether compliance plans will be required of currently enrolled providers and suppliers or only those seeking initial enrollment in Medicare, Medicaid, or CHIP. Nevertheless, all providers and suppliers currently enrolled or planning to enroll in these programs should have in place a compliance program one that meets the currently recommended criteria for their industry and that can evolve to meet new requirements imposed by the PPACA. Having such a program in place now will give providers and suppliers a head start when the new required core elements are adopted.

Circular A-110 Revised 11/19/93 As Further Amended 9/30/99

Circular A-110 from the Office of Management and Budget (OMB) addresses the Uniform Administrative Requirements for Grants and Agreements with Institutions of Higher Education, Hospitals, and Other Non-Profit Organizations. The standards apply to all federal agencies. Further, the provisions of the Circular must be applied by federal agencies to recipients and sub-recipients performing substantive work under grants and agreements that are passed through or awarded by the primary recipient. As defined in the circular: Recipient means an organization receiving financial assistance directly from federal awarding agencies to carry out a project or program. The term includes public and private institutions of higher education, public and private hospitals, and other quasi-public and private non-profit organizations such as, but not limited to, community action agencies, research institutes, educational associations, and health centers. The term may include commercial organizations, foreign or international organizations (such as agencies of the United Nations) which are recipients, sub-recipients, or contractors or subcontractors of recipients or sub-recipients at the discretion of the federal awarding agency. Research and development means all research activities, both basic and applied, and all development activities that are supported at universities, colleges, and other non-profit institutions. Research is defined as a systematic study directed toward fuller scientific knowledge or understanding of the subject studied. Development is the systematic use of knowledge and understanding gained from research directed toward the production of useful materials, devices, systems, or methods, including design and development of prototypes and processes. The term research also includes activities involving the training of individuals in research techniques where such activities utilize the same facilities as other research and development activities and where such activities are not included in the instruction function. Subpart B 13 specifies that federal awarding agencies and recipients shall comply with the non-procurement debarment and suspension common rule implementing E.O.s 12549 and 12689, Debarment and Suspension. This common rule restricts sub-awards and contracts with certain parties that are debarred, suspended or otherwise excluded from or ineligible for participation in federal assistance programs or activities.
4 Federal Register Vol. 65 No. 194, October 5, 2000

Is Your Funding at Risk?

NIH Grants Policy Statement

Part II: Terms and Conditions of NIH Grant Awards Subpart A: General makes it clear that NIH grantees must certify that, to the best of their knowledge and belief, they and their principals (including PIs and other key personnel):

Are not presently debarred, suspended, proposed for debarment, declared ineligible, or voluntarily excluded from covered transactions by any federal department or agency Have not, within the 3-year period preceding the application, been convicted of, or had a civil judgment rendered against them for:

Committing fraud or a criminal offense in connection with obtaining, attempting to obtain, or performing a public (federal, state, or local) transaction or contract under a public transaction Violating a federal or state antitrust statute Embezzlement, theft, forgery, bribery, falsification or destruction of records Making false statements or receiving stolen property

Are not presently indicted or otherwise criminally or civilly charged by a governmental entity (federal, state, or local) with commission of any of the offenses enumerated above Have not, within a 3-year period preceding the application, had any public transaction (federal, state, or local) terminated for cause or default

Regardless of whether a certification is required or made, organizations or individuals that are suspended, debarred, or voluntarily excluded from eligibility cannot receive NIH grants or be paid from NIH grant funds, whether under a primary or lower-tier transaction, during the period of suspension, debarment, or exclusion. Because individuals who have been debarred, suspended, declared ineligible, or voluntarily excluded from covered transactions may not receive federal funds for a specified period of time, charges made to the NIH grants for such individuals (e.g., salary) are unallowable.

Regardless of whether a certification is required or made, organizations or individuals that are suspended, debarred, or voluntarily excluded from eligibility cannot receive NIH grants or be paid from NIH grant funds Conducting Screening for Compliance
At this point, it should be very clear that the Federal Government is serious about eliminating fraud, waste and abuse and imposing consequences on those that commit it or permit it. Researchers, healthcare providers and contracting parties have an affirmative duty to check the program exclusion status of individuals and entities prior to entering into employment or contractual relationships, or run the risk of penalties if they fail to do so. A comprehensive screening program is a vital part of compliance. In addition to the (OIG) List of Excluded Individuals/Entities (LEIE), there are other databases that can be checked to ensure you are not engaging with excluded, debarred, reprimanded or other sanctioned parties. No less than 58 federal agencies and all 50 state Medicaid agencies have the authority to issue sanctions and exclusions. List sources include:

GSA Excluded Parties List System (EPLS) Unique Provider Identification Number Database (UPIN) National Provider Identifier Database (NPI) Office of Foreign Assets Control (OFAC) Specially Designated Nationals List (SDN) More than 800 licensing and certification agencies in 50 states

Larger healthcare and research institutions typically have compliance offices and screening processes in place, but smaller and mid-size facilities may find these requirements daunting. Simply checking the OIG and GSA lists is not 8

Is Your Funding at Risk?

sufficient to protect your organization. One of the best ways to ensure compliance is to subscribe to an online service that allows you to automatically perform individual or batch screenings against multiple lists.

Benefits of Screening
Aside from the obvious benefit of remaining compliant with regulations and avoiding the financial consequences of engaging with excluded parties, there are organizational benefits from screening new hires and contractors, and performing regular re-screening. These include:

Managing and avoiding the risk and potential legal liability from engaging with parties that have a history of medical malpractice, improper credentials, criminal activity or other compromising behavior Actively building and protecting the institutions reputation for quality, integrity and positive healthcare and research outcomes by only engaging with qualified and credentialed professionals

Using an automated software solution to perform screening provides further operational benefits, such as:

Higher productivity and lower ongoing costs. Staff that once performed manual screening can instead focus on handling exceptions or resolving conflicting matches. Resources can be reallocated to other, higher-value activities. Increased efficiency through consolidating all watch lists, proactive alerts and background information into one centralized location. All related activities can be performed on one integrated platform instead of disparate systems. Enforcement of policies and procedures with automated workflow management. For example, employee and contractor onboarding can be expedited using streamlined and consistent process flows. Creation and maintenance of audit trails. Screening software provides verifiable proof that an organization is exercising recurring and comprehensive due diligence in checking its employees and contractors for exclusions or other sanctions.

Conclusion
The consequences for non-compliance can be serious and far-reaching. Healthcare and medical research facilities can be fined, lose valuable federal funding, or risk jail time for administrators and staff. Accurate screening is wholly the responsibility of the institution. Todays technology has made it possible both for the government to distribute lists of excluded parties and for organizations to efficiently conduct screening. There is no longer any excuse for hiring or contracting with an excluded, debarred or suspended party. Reasonably-priced solutions, such as those offered by Amber Road, are a cost-effective way to achieve compliance and safeguard funding. In particular, Amber Roads restricted party screening (RPS) on-demand solution provides a secure, comprehensive method to automate this process, enabling institutions to quickly screen their healthcare practitioners, students, staff, faculty and contractors against more than 200 restricted party lists from governmental institutions worldwide.

About Amber Road

Amber Road provides a single, on-demand platform that automates and streamlines global trade. By helping organizations to comply with country-specific trade regulations, as well as plan, execute and track global shipments, Amber Road enables goods to flow unimpeded across international borders in the most efficient, compliant and profitable way.

One Meadowlands Plaza East Rutherford, NJ 07073 (T) 201 935 8588 (F) 201 935 5187 www.AmberRoad.com Copyright Amber Road, Inc., 2011. All rights reserved.