Healthcare Compliance White Paper

By Lorinda Walters

How a Higher Standard of Screening Can Keep Your Healthcare Business in Compliance

As the COVID-19 pandemic has demonstrated, the service that healthcare professionals offer to United States citizens is crucial to a thriving American society. Data from the Bureau of Labor Statistics concerning occupational employment indicates that there were more than 20 million people working in healthcare and social assistance in 2019. As one of the fastest-growing industries in the U.S., BLS predictions indicate that more than 23 million people will be working in healthcare by 2029 – significantly outpacing other large employment sectors. The volume of individuals working in the healthcare industry is growing at a rapid rate. 1

Organizations that employ workers in this sector should perform their due diligence to ensure that each of their providers/practitioners are properly licensed, have a clean history with their licensing board, and are not excluded from any state or federal programs. By following best practices for compliance – such as checking relevant databases at least monthly, checking all names related to an individual (such as maiden name and previous married name), and screening an individual’s Social Security Number – organizations can protect themselves and the patients under their care.

Screening providers through the various healthcare-related databases is a complex process, and navigating the exclusion lists maintained by different government agencies can be challenging. An overview of the exclusions lists and reporting processes most relevant to CRAs will provide a framework for understanding why it is important for employers to perform initial screens of providers and practitioners.

How providers and practitioners are ‘excluded,’ and what that means 

There are two federal databases relevant to healthcare sanction and exclusion information. The Office of the Inspector General (OIG), an agency within the U.S. Department of Health and Human Services (DHHS), is responsible for preventing and detecting fraud, waste, and abuse. The OIG not only oversees the Medicare and Medicaid programs, but more than 100 other HHS institutions, including the Centers for Disease Control and Prevention (CDC), the National Institutes of Health (NIH), and the Food and Drug Administration (FDA). The OIG maintains a healthcare exclusions database call the “List of Excluded Individuals and Entities” (LEIE).2

The Systems for Award Management (SAM) is an official government website, managed by the General Services Administration (GSA). The SAM database inherited its exclusionary database from the GSA’s “Excluded Parties List System” (EPLS), which was folded into SAM in 2012. The SAM database receives and maintains exclusionary data from all federal agencies, including the OIG exclusion list. The SAM database is an “umbrella” of various federal agency exclusion data – it includes any data reported on the OIG’s exclusions list, but also maintains its own database for exclusions outside the healthcare industry.

These two databases receive reported state-level data from Medicaid programs in each state (plus the District of Columbia) and state medical boards. Actions taken by state medical boards are reported to state Medicaid, who in turn report these actions to the OIG. The OIG can then choose to exclude these individuals or entities on its database, the LEIE.

The OIG and SAM databases are the closest thing to national data sources for sanctions and exclusions that exist in the healthcare industry, but they are far from comprehensive. The OIG excludes individuals and entities based on reports from State Medicaid programs regarding actions taken by medical boards for each state, and not everything pertaining to a board action or State Medicaid exclusion is reported to the OIG and SAM. This makes it critical to use a more comprehensive search that includes State Medicaid and state board actions.

For its part, the OIG performs exclusions under the authority of the DHHS, which is in turn added to the larger SAM/GSA database, and has the authority to exclude individuals and entities from federally funded healthcare programs. Excluded individuals or entities can receive no payment from federal healthcare programs for their services, opening up anyone who continues to employ them to punitive action from the Department of Health and Human Services.

OIG exclusions include both mandatory and permissive exclusions. Mandatory exclusions are placed on individuals or entities who are convicted of fraud related to Medicare, Medicaid, State Children’s Health Insurance Program (CHIP), or other state healthcare program, while permissive exclusions are placed on individuals or entities who are guilty of a variety of other unacceptable actions occurring outside Medicare or State health programs.3

What is the difference between mandatory and permissive exclusions?

Mandatory Exclusions

The OIG is required to exclude individuals and entities from all federal health care programs for convictions related to:

• Medicare or Medicaid fraud;
• Patient abuse or neglect;
• Felony convictions for other healthcare-related fraud.

Permissive Exclusions

The OIG has discretion to exclude individuals and entities for offenses such as:

• Provision of unnecessary or substandard care;
• Misdemeanor convictions for other healthcare-related fraud not involving Medicare or a state health program.