Let’s take a stroll down memory lane. Do you remember when you were the new compliance officer in your organization? Maybe you were reviewing all of the compliance processes and trying to determine what was working well and where things might need a little improvement? At some point, if you’re like me, you began to review the exclusion monitoring process and quickly realized you need some help.
Does that sound familiar? I am sure it does for many of you. The exclusion monitoring process is very complicated and gets more complicated every day. I think most of us would agree that there are many different levels of monitoring “sophistication”. What I mean by that is that many organizations are conducting exclusion monitoring in their own unique way. Let’s look at some possible examples of the varying levels of monitoring that a particular compliance program may have in place.
So in reality, how many of us are completing all of these? I can honestly say that in my former organization we didn’t reach this broad of a process until we began utilizing a third-party monitoring service. That is the first time I could confidently say we had all of our bases covered and I could focus on other compliance responsibilities and trust the software used.
Why is it that it is so difficult to complete the exclusion monitoring process internally? Well there are number of reasons but let’s focus on just a few of them.
- Employee Information:
- Your employee population is ever-changing. You are continuously adding and terminating employees.
- Are you capturing all of their previous names?
- Did they move from another State to get ahead of a licensing investigation in their last State?
- Non-employed health care professionals
- How are you collecting their information?
- What information are you collecting? Name, License Number, SSN, DOB, NPI?
- What system or systems is it stored in?
- How readily available is that information when you are trying to complete the exclusion searches?
- How are you collecting their information
- What information are you collecting? Legal Entity name, DBA, TIN, NPI?
- Do you know who really owns the organization?
- Does anyone maintain your A/P system or does it contain every vendor you have ever paid in the history of your company?
- Does it contain all of your employee reimbursements, patient refunds, etc.?
These are just a few examples of the many challenges of collecting the right data in order to do a search of any of the Federal or State systems. Here are a couple of interesting statistics about the 40 State Exclusion Databases:
- Only 12 contain the full address
- Only 7 contain only city and state
- Only 2 contain date of birth
- Only 11 contain a license number
- All 40 contain first and last name
So how do you even begin to narrow down a potential name match with such limited information? In my opinion, this is why it is so hard to complete exclusion monitoring without some outside assistance.
Let’s think again about just starting out as a compliance officer. You are past the initial review of the monitoring system and realize that your process isn’t as complete as you would like. At which point, you reach out to a third party vendor to help automate your exclusion monitoring. You are now anxiously awaiting that first report to see if you have any matches that your internal process missed and you get the call…They have found a match. Oh no, now what?
So you just got off the phone and now have the initial information that you have an employee with an OIG exclusion. Based on the information you received, you suspend the employee pending investigation and start reviewing the information in more detail.
The first thing that you learn is that the name of the OIG exclusion record isn’t the same as the name you have on file for your employee, but the SSN and date of birth are a match. Unfortunately, this is way too common of a story. It is often difficult to capture and store all former names in an H/R or payroll system.
You now interview the employee and they tell you that yes, they were excluded by the OIG. They also tell you that the exclusion was in their maiden name which you didn’t ask for and they did not provide to you. When asked why they didn’t report this the employee responds that they needed their job so hoped no one would find out. At this time, you likely terminate the employee and begin the investigation to determine what reporting obligations you may have.
You realize that historically your monitoring system only had the ability to monitor the name that is captured in the H/R or payroll system and you were not capturing maiden names. Unfortunately, the OIG LEIE database allows you to search by name only and therefore would not have returned a possible match. Even if your system was downloading the LEIE database, you would not have received a match because the OIG does not provide the SSN in the LEIE data. The SSN is only available when “verifying” a match. Again, this is why it is so difficult to conduct thorough searches.
To finish your investigation you have to continue to gather information such as:
- Determine the length of time the employee has worked after excluded
- Collect all salary and wage information including the cost of benefits
- Review job responsibilities to better understand the level of direct or indirect care that he or she provided during her employment
- Determine the Revenue-based Federal health care program payor mix (Medicare, Medicare, TRICARE) during the time of his or her employment (Assuming the services provided were not separately billable)
If you haven’t already, at this point I would suggest reviewing the OIG’s Provider Self-Disclosure Protocol to help guide you through reporting obligations and next steps. You may also consider reviewing your findings with legal counsel as you are finalizing your investigation.
Exclusion monitoring and reporting are both very complicated and it is important that you have the right systems in place to protect yourself against hiring an excluded person. Having the right processes in place is essential if you find yourself in a similar situation we described.
Written by Donna Thiel, Director of Compliance Integrity Team
Donna Thiel is the Director of our Compliance Integrity team, a consulting division of ProviderTrust. Donna works with compliance officers across the country to help reduce the stress and anxiety of this very difficult role.