By now, we all have been made aware of the HHS Office of Inspector General OIG’s position on exclusion monitoring. Did you know that not only do OIG exclusions pertain to individuals, but entities or third-party healthcare vendors as well? Accordingly, risk-averse and compliant programs include monthly exclusion monitoring for all employed staff, vendors, third-party suppliers and those who order, at the medical direction of, or prescribe.

Persons that order or prescribe items or services while excluded are subject to Civil Monetary Penalties when the excluded person knows or should have known that a claim for the item or services may be made to a federal healthcare program, under Section 1128(a)(8) of the Social Security Act (SSA). Furthermore, many times, excluded individuals will try and hide behind the veil of a healthcare company that they either manage or own. In this post, we’ll take a deeper look at how these individuals are evaluated by HHS OIG and the best practices necessary to maintain compliance when it comes to excluded owners and managers. 

HHS Office of Inspector General (OIG) Special Advisory: The Effect of Exclusion from Participation in Federal Health Care Programs

It’s very important that healthcare professionals review this bulletin to fully understand the scope and importance of a comprehensive exclusion monitoring approach. The bulletin provides clarity on the parties involved and accountability for those who are noncompliant within federal guidelines.

According to the OIG, an excluded “person”, whether as an individual or entity, may not provide services that are payable by federal healthcare program dollars. The OIG Special Advisory also advises that this is true regardless of whether the person is an employee, a contractor, a volunteer, or has any other relationship with the *Provider/Employer (Page 12).

* Document Notes:

21 “The hospital may reduce or eliminate its CMP liability if the hospital is able to demonstrate that it reasonably relied on the staffing agency to perform a check of the LEIE for the nurses furnished by the staffing agency (e.g., the staffing agency agreed by contract to perform the screening of the LEIE and the hospital exercised due diligence in ensuring that the staffing agency was meeting its contractual obligation.)

22 This guidance applies only with respect to assisting providers in determining whether they are in compliance with the Act.

HHS OIG recommends that when determining which individuals and entities to monitor, “…the provider review each job category or contractual relationship to determine whether the item or service being provided is directly or indirectly, in whole or in part, payable by a Federal health care program. If the answer is yes, then the best mechanism for limiting CMP (Civil Monetary Penalties) liability is to screen all persons that perform under that contract or that are in that job category.” 

Who is a Provider?

OIG classifies a “Provider” as a hospital, critical access hospital, skilled nursing facility, comprehensive outpatient rehabilitation facility, home health agency, or hospice, that has in effect an agreement to participate in Medicare; or a clinic, rehabilitation agency, or public health agency that has in effect a similar agreement but only to furnish outpatient physical therapy or speech pathology services; or a community mental health center that has in effect a similar agreement but only to furnish partial hospitalization services. 42 CFR § 400.202.

OIG Guidelines for Screening Vendors, Contractors, and Third-parties

The OIG advises: “Providers should determine whether or not to screen contractors, subcontractors, and the employees of contractors using the same analysis that they would their own employees.”  (Pages 15-16).

Although an exclusion does not directly prohibit the excluded person from owning a provider that participates in Federal health care programs, there are several risks to such ownership. OIG may exclude the provider if certain circumstances regarding the ownership are present. Although this authority to exclude is not mandatory and OIG exercises it at its discretion, any provider owned in part (5 percent or more) by an excluded person is potentially subject to exclusion.

In addition, an excluded individual may be subject to CMPL liability if he or she has an ownership or control interest in a provider participating in Medicare or State healthcare programs or if he or she is an officer or a managing employee of such an entity.

Further, the provider may not seek Federal health care program payment for any services, including the administrative and management services described above, furnished by the excluded owner. As a practical matter, this means that an excluded person may own a provider, but may not provide any items or services, including administrative and management services, that are payable by Federal health care programs. If an excluded owner does, for example, participate in billing activities or management of the business, both the owner and the provider will risk CMPL liability.”,  (Pages 9-10).”

One could then conclude that third-party entities, vendors, and contractors need to be included in your monthly exclusion monitoring program.


Third-Party Healthcare Owners

Who is an Owner?

According to OIG, “any provider owned in part (5 percent or more) by an excluded person is potentially subject to exclusion.”

In addition, an excluded individual may be subject to CMPL liability if he or she has an ownership or control interest in a provider participating in Medicare or State health care programs or if he or she is an officer or a managing employee of such an entity.18 Further, the provider may not seek Federal health care program payment for any services, including the administrative and management services described above, furnished by the excluded owner.

As a practical matter, this means that an excluded person may own a provider, but may not provide any items or services, including administrative and management services, that are payable by Federal health care programs. If an excluded owner does, for example, participate in billing activities or management of the business, both the owner and the provider will risk CMPL liability.”

Why is HHS OIG Concerned About Owners and Managers?

In 2016, HHS OIG released the Medicare: Vulnerabilities Related to Provider Enrollment and Ownership Disclosure Report. The study was used to better explain how the Centers for Medicare and Medicaid (CMS), “can prevent inappropriate payments, protect beneficiaries, and reduce time-consuming and expensive “pay and chase” activities by ensuring that providers that intend to engage in fraudulent or abusive activities are not allowed to enroll in Medicare.”

The goal of the study was for “CMS to identify potentially fraudulent providers, as well as those that may be associated with excluded individuals or entities, providers must disclose accurate and timely information about their owners (i.e., individuals or corporations with a 5-percent or more ownership or controlling interest; agents; or managing employees).”

HHS OIG Examples of Excluded Individuals, Vendors, Owners and Managers

Let’s take a look at a few recent examples and how the OIG issued severe and costly CMP’s as a result.

1. 15-Year Exclusion A Reminder to Industry

Washington, DC – On August 17, 2018, Administrative Law Judge (ALJ) Bill Thomas upheld OIG’s 15-year exclusion of Karim Maghareh, Ph.D. and BestCare Laboratory Services, LLC from participation in all federal healthcare programs under section 1128(b)(7) of the Social Security Act, the Office of Inspector General (OIG) for the U.S. Department of Health and Human Services (HHS) announced today.

According to the case, Dr. Maghareh was the majority owner and CEO of BestCare Laboratory, a clinical laboratory in Texas. The evidence at the hearing proved that Dr. Maghareh and BestCare Laboratory submitted false claims to Medicare for reimbursement of travel costs associated with the collection of samples which were tested by BestCare. Of particular note, was the fact that BestCare Laboratory billed Medicare for trained personnel travel, but instead used commercial airline flights to ship samples that were not accompanied by trained personnel.

This billing scheme was concocted to add unnecessary miles and expenses to maximize billing for the benefit of Maghareh and BestCare Laboratory, which he owned and controlled. As such, it was fraud under 1128(b)(7) which allowed the OIG to impose exclusions on persons from the federal healthcare programs for presenting or causing to present claims for items or services that the person knows or should have known were not provided for as claimed or are otherwise false and fraudulent.  

The OIG has authority to exclude both the individual and/or the company and chose to do so to both in this case due to the egregiousness of the fraud scheme. As an owner, Dr. Maghareh and his company are excluded.  

As the case above shows, it is easy for an owner to hide behind the corporate veil and continue billing federal healthcare programs. In that case, Dr. Maghareh was not excluded first, and then acted as an owner or administrator; but if he had, that would result in an exclusion under Section,1128(b)(8).

2. Excluded Minnesota Pharmacist Uses Business Name to Bill CMS

In January 2015, the OIG settled for $96,259 with a Minnesota Pharmacist, Joseph C. Moon for submitting claims while excluded between March 2006 to July 2013. Moon owned and managed a pharmacy that participated in federal healthcare programs while he was excluded from participating in those programs. Moon thought that he could get away with this by simply billing under the pharmacy that he owned, which is specifically prohibited.

3. OnSite OHS, Inc. & Kyle Johnson vs CMS

In the case of Onsite OHS, Inc. & Kyle Johnson v. CMS (HHS Dept of Appeals Bd. 1/17/15), Clinical Laboratory and its former owner sustained the imposition of remedies for deficiencies discovered during a survey. OnSite claimed insufficient notice of claim and Johnson claimed he cannot be subject to CMS’s remedy since he was not an owner during the time of the triggering event. The ALJ held notice was sufficient as it was sent to Lab and further, that Johnson was held to be subject to remedy because he was the sole shareholder of the holding company that owned OnSite at time of the survey.

Best Practices for Collecting Vendor Ownership Information

It is essential to collect ownership information from third-party contractors every year to have the most accurate database to help mitigate your organization’s risk. However, we see that many health systems have an inefficient or error-ridden data set for their vendor population. So how can you remedy these issues?

Healthcare Vendor Data Information Collection

Workflows and Solutions for Collecting Vendor Data

Having an effective solution or workflow process to identify and collect updated vendor data is so important for your compliance program. With the increased demand for better data and an efficient capturing process, companies are looking to fill in the gaps with software solutions and data collection specialists. When it comes to critical reporting for Medicare Advantage and other CMS requirements, we fully equip healthcare organizations with the tools they need to manage active vendor profiles and documentation.

VendorProof healthcare vendors

Our team at ProviderTrust has developed a model with an innovative enrollment portal that can manage vendor attestation and qualification. Qualified data experts help communicate with vendors and get the job done in an efficient and cost-effective way, ensuring your organization stays compliant and has the most up-to-date information! Interested in learning more about vendor monitoring and data collection? Check out more information on VendorProof by ProviderTrust.

What if I am currently contracting with someone excluded by HHS OIG?

If contracting with an excluded owner, be sure to answer the following questions:

  1. Is the excluded individual providing any administrative or related management services?
  2. Is the excluded individual indirectly managing a business through a spouse or family partnership?
  3. Does the excluded individual provide any oversight on billing or conduct billing for the company?
  4. Is the excluded individual hiding behind the corporate veil of a company (billing from the company name with fraudulent intent)?
  5. Does the excluded individual hold a title such as CEO, CFO, Chairman, Manager, or is involved in strategic business decisions?

If you could identify the answer is “Yes” for the excluded individual for the questions above, serious consideration should be taken involving the level of risk you are willing to accept for this vendor relationship. If you have any questions regarding exclusions, vendor ownership, or identifying contractor information, please feel free to reach out to us with any questions!


Check out our latest resources!

ProviderTrust PassPort Healthcare License Monitoring


Written by Michael Rosen, ESQ

ProviderTrust Co-Founder, mrosen@providertrust.com

Michael brings over 20 years of experience founding and leading risk mitigation businesses, receiving numerous accolades such as Inc Magazine’s Inc 500 Award and Nashville Chamber of Commerce Small Business of the Year.

 Connect with Michael on LinkedIn