To effectively combat fraud, waste, and abuse in federal healthcare programs, the Office of Inspector General (OIG) has the authority to exclude individuals and entities from these programs for a variety of reasons. Consequently, federal healthcare programs do not pay for any service provided directly or indirectly by an excluded person or entity.
Over the years, the HHS OIG has released different advisory bulletins explaining the exclusion program and how it evaluates reasons for imposing exclusions or sanctions. Therefore, healthcare providers and organizations need to pay close attention to the OIG exclusion criteria used in the process of enacting authority to impose exclusions in order to maintain effective healthcare compliance and avoid penalties.
Revised Guidelines for the OIG Exclusion Criteria
Under section 1128(b)(7) of the Social Security Act, the OIG may exclude any individual or entity from participation in any federal healthcare program if the OIG determines that the individual or entity has engaged in fraud, kickback, or other prohibited activities. The Act provides OIG with permissive exclusion authority in these situations, meaning that it has the discretion to decide whether to exclude the person or entity, versus the mandatory exclusion required due to certain conduct.
In 1997, the OIG published the non-binding guidance that set forth the OIG exclusion criteria for determining whether to exercise its permissive exclusion authority. On April 18, 2016, the OIG issued the revised guidance that explains how OIG bases its decision to exclude based on its assessment of future risk to the federal healthcare programs.
Compared to the previous version, the revised guidance describes the existence of a compliance program as a neutral factor in evaluating whether exclusion is appropriate and encourages affirmative self-disclosure to avoid potential sanctions. The revised OIG exclusion criteria introduce the concept of rebuttable presumption and place a burden on the individual or entity to establish that exclusion is not appropriate. Since the question of whether to exercise exclusion authority often arises in the context of False Claims Act cases, the OIG states that it operates under a rebuttable presumption that some period of exclusion should apply to individuals and entities that defrauded the government.Use this comprehensive guide to find out what steps to take in order to avoid costly fines and ensure effective healthcare compliance aligned with federal and state requirements.
The OIG Fraud Risk Spectrum
The OIG evaluates healthcare fraud cases on a continuum, and the resolution of the OIG’s exclusion authorities is based on the agency’s assessment of future risk to federal healthcare programs. Under this risk spectrum, the exclusion is appropriate for the highest risk cases, while those with risks in the middle of the spectrum face heightened scrutiny in the form of OIG or CMS audits and Corporate Integrity Agreements. Also, according to the OIG exclusion criteria, full release from exclusion is appropriate for cases presenting the lowest risk of future risk to federal healthcare programs, especially those arising out of self-disclosure.
When determining where on the risk spectrum a provider falls, The OIG considers several factors:
Nature and circumstances of the conduct
- Higher risk exists if the conduct poses an actual or potential risk to patients, causes substantial financial loss to federal healthcare programs, or indicates a pattern of misconduct,
- Higher risk also exists if individuals with managerial control caused the unlawful activity, or if the person previously was under a corporate integrity agreement.
Conduct during the government’s investigation
- Higher risk is indicated if the person obstructed the investigation or failed to comply with a subpoena,
- Lower risk exists if the person initiated an internal investigation and self-disclosed the conduct, or cooperated with the investigation.
Significant ameliorative efforts
- Lower risk exists if the person has taken disciplinary action or devoted more resources to the compliance function.
History of compliance
- The existence of a compliance program in line with the U.S. Sentencing Commission’s seven elements does not affect OIG’s risk assessment, while the absence of such a program indicates higher risk.
Healthcare Compliance and the OIG Exclusion Criteria
The OIG exclusion criteria are consistent with encouraging increased self-disclosure of overpayments and fraud, cooperation with the government during investigations, and rigorous internal self-monitoring. Therefore, to maintain and enhance healthcare compliance, providers and organizations need to take into account the OIG guidance and tailor their programs and activities accordingly. Similarly, individuals and entities hoping to obtain a release of the OIG’s permissive exclusion authority should address each relevant factor in the OIG exclusion criteria. They should also offer as much documentary and other evidence to support a finding of moderate or low risk of future harm to federal healthcare programs.
To ensure compliance with the OIG exclusion criteria, healthcare providers and organizations can take different steps and begin with establishing a robust compliance system that incorporates seven elements of an effective compliance program. Furthermore, they need to take prompt action to respond to alleged unlawful contact and accept responsibility for it, self-disclose unlawful conduct in good faith when appropriate, and cooperate with government investigators.
In addition to incorporating the OIG exclusion criteria to avoid unnecessary risks of sanctions, healthcare organizations need to have a comprehensive approach to screening their providers and organizations against various excluded lists. Despite the challenges this presents, exclusion screening is a key element for successful healthcare compliance that needs to be performed accurately every time. With an exclusion screening software, healthcare organizations improve the accuracy and speed of the process and get downloadable results followed by multiple search capabilities. As a result, they avoid compliance risks as well as other liabilities, meet federal and state requirements, and limit the number of individuals and entities involved in fraud, waste, or abuse.