It’s common knowledge within healthcare compliance that the Office of the Inspector General (OIG) of the U.S. Department of Health & Human Services keeps a list of excluded healthcare providers banned from participating in Medicare, Medicaid, and other federal healthcare programs. Providers and payers participating in state and federal programs must take steps to ensure they do not employ or contract with excluded individuals or entities.
The requirements of providers and payers related to OIG and state Medicaid exclusions are not new. Still, unless you think about this often-overlooked aspect of healthcare compliance every day (like we do), then you are likely unaware of the many data, process, and reporting challenges involved in meeting seemingly simple requirements.
1. There Are Currently 44 Total Exclusion Sources Including the OIG LEIE
Since 2010, the total number of exclusion sources has changed many times, as more and more states have found it valuable to publish their exclusion list rather than only reporting to the OIG. Currently, there are two federal exclusion lists and 42 state Medicaid exclusion lists. The federal exclusion lists are the HHS OIG LEIE and the SAM.gov database. The OIG LEIE provides information to the healthcare industry, patients, and the public regarding individuals and entities currently excluded from Medicare, Medicaid, and all other federal healthcare programs. The purpose of SAM.gov (System for Award Management) is to prevent companies from doing business with an individual or entity that has been debarred, sanctioned, or excluded by a federal agency.
State Medicaid exclusion or terminated provider lists vary dramatically in how they publish this data and what’s included. The most recent states to add exclusion lists were: Colorado and New Hampshire.
2. There are Two Types of Exclusions: Mandatory and Permissive
- Felony conviction for substance abuse or alcohol
- Felony conviction for patient abuse
- Felony conviction for fraud and abuse
- Felony conviction for sexual assault
- License revocation due to any of the above
- Misdemeanor convictions for substance abuse or alcohol
- Misdemeanor convictions for patient abuse
- Misdemeanor convictions fraud and abuse
- Misdemeanor convictions sexual assault
- License revocation due to any of the above
- Default on a federal student loan
3. Exclusion Reporting is S-L-O-W
One of the challenges of manually staying on top of all 45 exclusion sources is that they all update their lists with new and expired exclusions on different schedules. Some states, along with the OIG, update monthly, some every other month, and some only refresh their database when they have new exclusions to report. State Medicaid Fraud Control Units (MFCUs) must report Medicaid exclusions and terminated providers to the OIG within 30 days. Still, we know that it is often much longer before a published state exclusion appears on the OIG LEIE. As healthcare organizations rely on state Medicaid exclusion or terminated provider lists for their exclusion screening, time delays can create compliance issues.
On average, it takes a state exclusion 173 days to appear on the OIG LEIE. We have seen state exclusions take up to two years. Industry-standard is to check the LEIE every month, as well as your state Medicaid exclusion list and that of any other state your organization does business in and any state bordering one of those states. Best Practice and ProviderTrust’s standard is to check every available exclusion source (today, 45 total) on an ongoing basis to ensure that any exclusion matching one of your employees or contracted providers are identified as early as possible. We advocate that providers and payers take an ongoing monitoring approach to every source because of the serious and sometimes dangerous actions that result in exclusions. Knowing the truth about the providers and vendors in your facilities and networks helps your team act faster to navigate risk and protect patients.
4. Many State Exclusion Sources Are Missing Key Data
We mentioned that state exclusion reporting varies significantly from state to state. But they also vary in the amount of data they publish about each exclusion.
An exclusion record should include these fields:
- First, middle, and last name
- Business name
- Occupation (e.g., physician, nurse, accountant)
- Specialty (i.e., internal medicine, nurse’s aide)
- Date of birth
- Address, city, state, zip code
- Sanction type, sanction date, and reinstatement date
But some states only report the bare minimum: name, occupation, address, and exclusion date. With only these available data fields, it’s very difficult to say with certainty that Alabama’s excluded Jane Doe is or is not your recently hired nurse of the same name or address. Less than 40% of published exclusions include a date of birth, and only 6.3% include an NPI. Without a data enrichment strategy, it is tough to definitively rule out an exclusion match without at least one of these fields available.
If you seek to clear a small office staff of exclusions, this may not be too big of an issue for you. You’ll have to dedicate recurring manual resources to investigating the ongoing exclusion mysteries, but you may be able to arrive at reasonable confidence (though not absolute certainty). But if you are attempting to use a manual or rudimentary name-only matching technology to clear an employed population of 10,000 or a provider network of 100,000—good luck.
For the past decade, ProviderTrust has been building a grid of enriched data that complements publicly available information with identifying data that doesn’t change over time. This is why our data enrichment and cutting-edge monitoring science give us absolute certainty about our exclusion monitoring results.
5. The Most Common Reason for an Exclusion is A License Action
6. Nurses are the Most Commonly Excluded Discipline
7. Most Exclusion Monitoring Services Return a Lot of False Positives and Even More False Negatives
The false-positive exclusion: a well-known goose chase for anyone who has dealt with a rudimentary exclusion monitoring technology. You receive a whole list of potential exclusion matches and must perform due diligence on each one to ascertain whether the excluded provider is indeed your excluded provider. It’s tedious; it’s exhausting; it’s a poor use of your time.
The reason for false-positive exclusion monitoring results (which you won’t find in ProviderTrust’s service) is simple: the algorithm or person did not have the right data available to know for sure whether the monitored provider is the excluded provider. We see this very frequently with vendors that rely on publicly available data to identify exclusions.
While the false-positive creates headaches and wastes resources, the more ominous exclusion monitoring results are the false-negative. A false-negative exclusion result occurs when the monitoring technology is not sophisticated enough to account for the myriad creative ways excluded providers remain undetected. False-negative results are an unfelt pain for healthcare organizations because there was never even a clue that you should investigate them further. These are the people who keep us up at night, and they’re exactly who our monitoring science was designed to detect. While false-negative results occur within all types of healthcare populations, they are highest among those for which your organization keeps the least data: provider networks and ordering and referring physicians.