Your exclusion monitoring has revealed a matched OIG exclusion within your organization’s employed or contracted population. Don’t panic. Here’s what to do next.
This can be a stressful and intimidating experience for a compliance, HR, or operations leader. But don’t panic. Start by alerting your organization’s Legal counsel right away, so they can help determine the best course of action.
This guidance was presented by ProviderTrust Chief Compliance Officer, Donna Thiel, as part of our webinar: The State of OIG and Medicaid Exclusion Monitoring in 2021.
In this post, we provide an overview of what you can expect, the questions and analysis you’ll want to conduct, and what’s involved in self-disclosure to HHS OIG.
What to Do After You Identify an Exclusion
With more than 200,000 active healthcare exclusions, it’s not unlikely that one of them may find its way into your organization.
If you conduct your exclusion monitoring manually or rely on a vendor that isn’t ProviderTrust, you may need to launch an investigation to ensure your exclusion match is indeed accurate before proceeding. Then, be ready to provide accurate, detailed reporting to the OIG. Then there will be waiting to find out exactly how you’ll be disciplined. Even if the infraction is deemed to be minor—for instance, the excluded person at one time defaulted on a student loan and didn’t follow through to ensure they did what was needed to be reinstated—your organization can expect monetary fines, at a minimum. At maximum, it could mean a devasting blow, as the OIG has the authority to exclude an organization from ever receiving federal Medicare or Medicaid funds again.
And, whether an organization (or their vendor) finds the exclusion themselves or the OIG does through their own investigation, the onus will always be on the employer to comply and swiftly respond.
First, you’ll need to ensure the exclusion match is real. If you don’t already have full verification and documentation from your vendor, you will need to contact the agency or body that published the exclusion source and collect documentation. The next step will be to submit the appropriate documentation to the OIG.
Conduct an Internal Investigation
After you have confirmed a matched exclusion, you should follow this roadmap as you conduct an internal investigation:
- Notify internal stakeholders.
- Upon confirmation of the excluded person, suspend the individual, pending further investigation.
- Research their hire date, salary and wages information, hours worked, etc. during the excluded period of time.
- Gather information surrounding the applicable Medicare and Medicaid billing percentages for the location where the employee worked.
- Work with in-house counsel to determine if outside counsel is required to assist with any possible self-disclosure.
- Review Self-Disclosure Protocols for the OIG and possibly the State Medicaid agency.
- Before disclosing on the OIG Self-Disclosure Portal, you should screen all current employees and contractors against the LEIE, to ensure no one else was missed.
- You’ll also want to begin an analysis of how to improve the current exclusion monitoring process to ensure you don’t miss another exclusion.
"Finally, ask: How did we miss this?"
Dealing with the OIG After an Exclusion Match
The OIG Self-Disclosure Protocol
Start by understanding what the OIG will want to know. The OIG Self Disclosure Portal has specific guidelines for the information to be reported in disclosures involving the employment of an excluded individual, which includes:
- Excluded individual’s identity
- Job duties
- Dates of employment
- Description of background checks performed
- Description of entity’s screening process
- How the excluded individual was discovered
- What corrective action was taken
“You really have to think about that concept of ‘knew’ or ‘should have known’ and how you are going to manage the self-disclosure.”
How to Deal with an OIG Investigation
When the OIG initiates an investigation, they will issue a Pre-Demand Letter. You should treat it like a subpoena and immediately issue a document hold to preserve relevant information. Simultaneously, you’ll need to take swift action with the employee and consider placing them on administrative leave.
“You need to pull that person off the floor,” says Thiel. “You need to make sure you aren’t compounding your risk.”
Next, contact the OIG representative to discuss timing, then begin your internal inquiry, gathering the data requested by the OIG. Check the LEIE to confirm liability and identify the statute of limitations.
OIG Settlement Formula
Damages may be based on the Federal payer mix percentage of salary and benefits if services are not separately billed.
Single Damages = Salary x Payer Mix
Settlement = Singles Damages x Multiplier
Multiplier:
- OIG Initiated Investigation = 2x – 3x
- Self-Disclosed Conduct = 1.5x
“If the OIG finds it, it’s basically triple the damages,” explains Theil. “If you find it, and if you self-disclose, the OIG will give you credit for self-disclosing and will only multiply the damages you have identified by 1.5 percent.”
Reinstatement is Not Automatic
During an investigation, an excluded person or entity may point out, correctly, that the exclusion period has long since passed. However, reinstatement does not happen automatically after the exclusion period is complete. Every excluded person or entity gets a letter 90 days before the end of their exclusion period, explaining what they need to do to be reinstated, and they must take action.
“Just because someone is able to get a license or is able to become Medicare approved or Medicaid approved, that doesn’t mean that the OIG has reinstated them,” says Thiel. “The individual or entity must apply for reinstatement and receive written notice from OIG that reinstatement has been granted.”
When it Comes to Identifying Exclusions: The Sooner, The Better
In June 2016, a licensed professional was accused of theft. The provider investigated, then reported to the Licensing Board of Nursing. The Board took an entire year to complete their investigation, and then issued an administrative action against that person. The person had a month to defend themselves but chose not to so the board revoked their license.
Since the OIG didn’t have all the information they needed to immediately make a decision, six months passed before they ultimately made a decision to exclude that person. The System for Award Management (SAM) will almost always instantly exclude them as well.
Fast forward five months: the excluded person moved to a different state. They got a new license while their license was still in good standing and they also changed their name.
Later, the organization engaged with ProviderTrust. ProviderTrust connected data using smarter monitoring to identify the excluded individual.
When you look at your monitoring program, at which point in this story do you become aware of a potential problem? Learn more about how comprehensive sanctions monitoring can identify high-risk providers months or years before an OIG exclusion.
“These are real-word stories that illustrate what we see all the time,” says Thiel.
