Exclusion Screening

CMS Regulations for Provider Enrollment Process


Emptech's founder, Jeff Aleixo


Jeffrey Aleixo

CMS Regulations Healthcare Compliance

In September 2019, the Centers for Medicare & Medicaid Services (CMS) issued a final rule expanding Medicare, Medicaid, and Children’s Health Insurance Program (CHIP) enrollment reporting requirements. This rule also expanded CMS’ ability to strengthen its program integrity efforts through the Medicare enrollment process.

CMS regulations are intended to address the program integrity and vulnerability issues when it comes to identifying provider and supplier fraud and deception within Medicare, Medicaid, and CHIP. The new rule is expected to improve the agency’s ability to stop fraud before it happens by keeping unscrupulous providers out of the federal health insurance programs. Such CMS enforcement activities put an additional burden on healthcare providers and organizations. Now they need to collect additional information to ensure they are not involved in arrangements with individuals or entities presenting a risk to federal healthcare program integrity.

New CMS Regulations Background

According to Section 1866(j) (5) of the Social Security Act, providers and suppliers have to disclose certain enrollment information before CMS enrolls and makes payments to them. New CMS regulations resulted from concerns that some enrolled providers and suppliers were able to evade federal healthcare program integrity provisions. On March 1, 2016, CMS published a proposed rule to ensure additional authority to deny or revoke enrollment and impose and extend Medicare re-enrollment and reapplication bars.

Under the Final Rule, Medicare, Medicaid, and CHIP providers and suppliers are required to disclose any current or previous direct or indirect affiliation with a provider or supplier due to:

  • Current uncollected debt to Medicare, Medicaid, or CHIP,
  • Prior or current payment suspension under a federal health program,
  • Exclusion from participation in Medicare, Medicaid, or CHIP, and
  • Denial, revocation or termination of Medicare, Medicaid or CHIP enrollment.

These disclosable events will allow CMS to deny enrollment if the affiliation poses an undue risk of fraud, waste, or abuse. According to current Medicare enrollment disclosure requirements, an affiliation includes:

  • A 5% or greater direct or indirect ownership interest that an individual or entity has in another organization,
  • A general or limited partnership interest in an entity, regardless of the ownership interest,
  • The exercise of operational or managerial control, or directly or indirectly conducting the day-to-day operations of another organization, either under contract or other arrangement, regardless of whether or not the managing individual or entity is a W–2 employee of the organization,
  • An interest in which an individual is acting as an officer or director of a corporation, or
  • Any reassignment relationship under 42 CFR § 424.80.
Use this detailed guide on exclusion screening to remain compliant with healthcare regulations that constantly change and avoid potential costs.

Revocation Authority

According to CMS regulations, the agency will have the authority to deny or revoke a provider or supplier’s Medicare enrollment if it is determined that their enrollment is currently revoked under a different name, a numerical identifier, or business identity, and the re-enrollment bar period has not expired. They can also face revocation of Medicare enrollment if they have shown an abusive pattern or otherwise fail to meet Medicare requirements.

A provider or supplier’s enrollment may also be revoked if the provider or supplier has an existing debt that CMS has referred to the United States Department of the Treasury. Finally, revocation takes place if a provider or supplier is currently terminated, suspended, or otherwise barred from participation in a state Medicaid or any other federal healthcare program or their license is revoked or suspended in any state.

Enrollment Bar Increase

The previous maximum enrollment bar was 3 years. The new CMS regulations increase that bar to 10 years, with some exceptions. Providers or suppliers may face prohibition from enrolling in the Medicare program for up to 3 years if their application is denied due to submission of false or misleading information, or omission of information. Providers or suppliers whose participation is revoked from Medicare for a second time can be barred from reentering the program for up to 20 years.

CMS regulations are expected to contribute to substantial savings. On the other side, providers and suppliers may expect some costs for compliance with the new rule, mainly when it comes to information collection.

Given the concerns about the burden of researching, tracking, and reporting information, CMS has adopted a phased-in approach for Medicare enrollment. During the initial phase, providers and suppliers will need to disclose affiliations if CMS determines that they have at least one affiliation that includes any of the disclosable events. Upon this, CMS will specifically request the provider or supplier to submit more information.

Healthcare Compliance and Effects of CMS Regulations

HHS OIG and CMS constantly work on reducing fraud, waste, and abuse in federal healthcare programs such as Medicare, Medicaid, CHIP, and more. Due to new CMS regulations, providers and suppliers are now more accountable for their relationships with previously sanctioned or revoked individuals. In addition to following a complex set of healthcare rules and requirements, providers and suppliers need to identify, evaluate and report certain arrangements and relationships for enrollment purposes.

CMS regulations can have far-reaching implications for providers and suppliers who are otherwise without fault but may have unknowingly engaged in arrangements with individuals or organizations that present a risk to federal healthcare program integrity. Due to increased compliance standards, it is of utmost importance for healthcare organizations to have effective auditing and monitoring processes in place. However, healthcare organizations can successfully meet CMS and OIG requirements and effectively gather and manage data by integrating automated solutions. Thus, with the ongoing sanction and exclusion monitoring, healthcare organizations can reduce risks and costs associated with identifying providers and suppliers who are abusing the federal healthcare system.

The information contained within this document is general in nature and is not intended and should not be construed as legal, HR, or opinion by Emtpech. Please contact Emptech or another subject matter professional prior to acting on any information provided in this document. We recommend caution when contemplating acting on any information provided in this document as it may not be applicable or suitable for the specific viewer’s needs. Emptech assumes no obligation to update any viewer of any changes in law, rule, or regulation that could affect the information contained herein. Without express written permission from Emptech, no part of this document may be reproduced, retransmitted, or otherwise redistributed in any form or by any means, including, but not limited to photocopying, electronic, facsimile transmission, or using any other information storage and retrieval system.