We are pleased to welcome a guest today on the blog – Harold Malkin, a former Assistant U.S. Attorney who specialized in the resolution of civil healthcare fraud cases involving individual providers, medical practices and institutional providers in the Western District of Washington in Seattle for over 15 years. In this article, Harold will highlight some important information regarding the permissive and mandatory exclusion authority of the Office of Inspector General (OIG) as well as some things to consider if you find yourself in settlement discussions with OIG.

*The information provided is not intended to nor should be construed as providing legal advice. Neither ProviderTrust, Inc, nor Harold Malkin is acting in a capacity of legal services or rendering a legal opinion. The information provided is for the purpose of education and represents research and opinions of the author(s).

Exclusion from participation in federally-funded healthcare programs is, without question, OIG’s nuclear option. While certain offenses, such as a criminal conviction for healthcare fraud, require OIG to exclude a provider, less serious offenses do not. A “mandatory” exclusion stems from certain enumerated felony offenses. However, less serious offenses, such as misdemeanors for related crimes as well as the reckless submission of false or fraudulent claims for reimbursement by CMS in violation of the False Claims Act (FCA), for example, implicate OIG’s “permissive” exclusion authority. Permissive exclusions are those OIG has the discretion to pursue, but are not compelled.

What Latitude Does OIG Have Under the Law?

OIG may not waive its mandatory exclusion authority, but it may elect to forego its permissive exclusion authority. Most frequently, OIG will agree as part of an FCA settlement agreement not to seek permissive exclusion in exchange for a provider’s willingness to enter into a five-year Corporate Integrity Agreement (CIA), to resolve certain matters and to set the provider/company on the right path to compliance.

A CIA in lieu of exclusion is not a right, but if afforded, will set out certain requirements for compliance and impose regulatory oversight by OIG and most likely require an Independent Review Officer (IRO) to perform a limited, annual, retrospective audit of a random sample of the provider’s claims to Medicare. If the limited annual sample does not exceed a certain error rate (typically five percent) no further review is required, but if the sample exceeds the error rate, a more comprehensive and commensurately costly review is required. 

In addition to annual audits, CIAs typically require providers to enact or attend certain types of annual, compliance-oriented training and to abide by certain annual reporting requirements. Like annual claims audits, adherence to these requirements can also be costly, time-consuming, and distracting. The failure to comply with any provisions of a CIA can result in quickly escalating stipulated monetary penalties.

What My Experience Has Taught Me

Prior to joining the law firm of Lane Powell in Seattle as Chair of the firm’s Investigations and Regulatory Compliance practice, I served as an Assistant US Attorney overseeing the resolution of civil healthcare fraud cases involving individual providers, medical practices and institutional providers in the Western District of Washington (Seattle) for over 15 years. Prior to that, I worked in the Civil Fraud Section of the Department of Justice in Washington, D.C. for almost seven years.

In my former life, I was relieved whenever OIG was willing to offer providers the chance to avoid the possibility of permissive exclusion at the time of settlement by agreeing to enter into a CIA. Providers, especially those that strenuously rejected the notion that their conduct rose to the level of a FCA violation in the first instance, almost always insisted on a “global” resolution — one that wrapped up all conceivable civil and administrative exposure the provider might face as a result of an FCA violation.

OIG’s refusal to trade permissive exclusion in exchange for a provider signing a CIA, while rare, threatened to derail FCA settlements involving providers who already felt they were being forced to overpay to resolve what they believed were mere overpayments caused by simple negligence or carelessness.

Towards the conclusion of my tenure as an Assistant U.S. Attorney and since my return to private law practice, I’ve increasingly observed and even counseled clients to consider the possibility of resolving their FCA liability without accepting the imposition of a CIA to also resolve any potential permissive exclusion exposure. The impact and costs of a CIA are very real, so before providers enter into a CIA, they are well-advised to perform a cost/benefit analysis in regards to whether to settle with or without a CIA.

Considering a Corporate Integrity Agreement

As noted above, CIAs can be expensive, disruptive, and pose the risk of monetary penalties and litigation in the event of non-compliance. So when providers are considering their settlement options, they will want to discuss with counsel the following factors:

  • Where the conduct at issue was not egregious, what is the likelihood that OIG will expend its limited resources pursuing exclusion?
  • Are single damages relatively modest?
  • Has purposeful remedial action been designed and implemented to prevent a recurrence?

With these considerations, a provider can quite rationally choose, after careful analysis of all relevant risk factors, to accept what should be the remote possibility of permissive exclusion proceedings (in which OIG must still prevail) in lieu of agreeing to a CIA. This is especially the case where a provider has voluntarily disclosed the conduct at issue to OIG and it is clear that there was no intent to defraud the government at the time reimbursement for services was sought or received from the relevant federally-funded healthcare program. 

New Guidance from OIG

Recently, OIG issued guidance providing insight into the criteria it will consider, and the weight it assigns to those criteria, when deciding whether it will seek a CIA or, conversely, forego permissive exclusion altogether. See April 18, 2016 OIG guidance regarding Criteria for Implementing Section 1128(b)(7) Exclusion Authority. Decisions concerning CIA and permissive exclusion risk should start with the careful consideration of OIG’s exclusion implementation criteria.

Finally, OIG has recently published a Resource to Determining an Effective Compliance Program which provides great insight gathered by OIG and a workshop in conjunction with Health Care Compliance Association (HCCA) hand picked members. Donna Thiel, of ProviderTrust, was one of the 30 selected advisors for this compendium. I highly recommend taking the time to read this resource and to examine which parts provide you with best practice thinking as you continuously review and enhance your company’s annual compliance program.


haroldmalkin.pngHarold Malkin recently joined the Seattle law firm Lane Powell where he is a shareholder and heads the firm’s Investigations and Regulatory Practice Group. Prior to joining Lane Powell, Harold was an Assistant United States Attorney, serving as the Deputy Chief of the Civil Division in the U.S. Attorney’s Office for the Western District of Washington. He also supervised the Affirmative Civil Enforcement (ACE) Unit, which is charged with pursuing False Claims Act violations and recoveries and investigating qui tam actions, many of which focus on federally-funded healthcare programs. 

Harold began his government service at the Department of Justice in 1988 in the Civil Fraud Section of the Civil Division in Washington, D.C. Over the course of his more than 20 years with DOJ, Harold resolved many notable and complex healthcare fraud matters, as well as many smaller matters involving sole practitioners and smaller medical practices.