CMS Publishes Healthcare Reform Fraud and Abuse Provisions


As published by the American Health Lawyers Association, Hospitals and Health Systems Practice Group, October 6, 2010

By Kim Harvey Looney, Stephen Page, Seema Kanwar

A key element in the enactment of healthcare reform legislation earlier this year was the inclusion of significant fraud and abuse provisions to help reduce overall healthcare costs. The Affordable Care Act (ACA) contains thirty-two sections focused on fraud and abuse and strengthening program integrity. On September 23, 2010, Centers for Medicare and Medicaid Services (CMS) published a proposed rule, 75 F.R. 58204, implementing several significant provisions of the Act including:

  • Screening procedures for providers/suppliers;
  • Moratoria to prevent fraud and abuse;
  • Requirements regarding suspending payments;
  • Guidance regarding providers terminated from Medicare or Medicaid; and
  • An application fee.

CMS stated that the provisions "are of critical importance in the transition of CMS' antifraud activities from 'pay and chase' to fraud prevention." According to CMS, the proposed rule will balance provision of services and fraud prevention: "The new and strengthened provisions . . . that are the subject of this proposed rule will help assure that only legitimate providers and suppliers are enrolled in Medicare, Medicaid, and Children's Health Insurance Program (CHIP), and that only legitimate claims will be paid." Thus, the provisions should do more on the front end to prevent criminals from getting into the system in the first place.

Tiered Levels of Risk for Screening Procedures

Under the proposed rule, providers would be placed into one of three categories, each of which would be subject to certain screening procedures based on the level of risk associated with the category: limited, moderate, or high. Providers/suppliers in the high-risk category would receive the most attention.

Providers/suppliers in limited-risk category would be subject to verification of provider/supplier-specific requirements under Medicare, license verifications, and database checks before and after enrollment that would verify Social Security numbers, tax delinquency, and any exclusions from the U.S. Department of Health and Human Services Office of the Inspector General (OIG). Limited-risk entities include: physicians, non-physician practitioners, group practices, and medical clinics because they are generally state licensed and CMS has not seen any recent research indicating an elevated fraud risk for this group. Other limited-risk entities include ambulatory surgery centers, critical-access hospitals, and skilled nursing facilities.

Providers/suppliers that are publicly traded on the NASDAQ or NYSE would only be subject to the limited-risk category screening requirements because they present limited risk based on the financial oversight required by the stock exchanges.

Moderate-risk providers/suppliers include non-publicly traded ambulance service providers, community mental health centers, comprehensive outpatient rehabilitation facilities, and independent clinical laboratories. These entities have less oversight than those in the limited-risk category, and are more dependent on CMS for their salaries and operating expenses. Currently enrolled home health agencies and durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) providers/suppliers are classified as moderate risk, while those that have not yet enrolled are high risk. In addition to the screening tools applicable to limited risk providers, moderate risk providers would also be subject to the additional measure of unscheduled or unannounced pre- and/or post-enrollment site visits.

Providers in the high-risk category would be subject to more thorough investigation by Medicare contractors using the screening tools listed above for limited- and moderate-risk providers as well as criminal background checks and fingerprinting. The high-risk category would include newly enrolling home health agencies and DMEPOS suppliers.

CMS is also proposing that the category for a specific provider/supplier could be adjusted based on certain circumstances, e.g. if the provider/supplier has been placed on a payment suspension previously.

The new screening procedures would be effective March 23, 2011, for initial applications, including applications for a new practice location, and currently enrolled providers/suppliers whose revalidation would occur between March 23, 2011, and March 23, 2012. For other currently enrolled providers/suppliers, the procedures would be effective March 23, 2012.

State agencies would be responsible for screening Medicaid-only or CHIP-only providers in accordance with the criteria set forth above. States would be able to rely on the Medicare contractor's screening results for providers also enrolled in Medicare, as well as the screening results of other state agencies.


Under the proposed rule, CMS would be allowed to impose moratoria for initial enrollment applications and to establish new practice locations when: CMS has identified trends that suggest high risks of fraud, waste, or abuse (e.g. a disproportionate number of providers/suppliers in a group relative to number of beneficiaries); a state has imposed a moratorium on enrollment; or CMS, in consultation with the OIG or U.S. Department of Justice, has identified a particular provider/supplier type or geographic area as having potential for fraud, waste, or abuse. If an enrollment application received from a provider/supplier covered by an existing moratorium is denied, the provider/supplier has the right to appeal a Medicare contractor determination to deny enrollment. For providers/suppliers located in a geographic area where CMS has imposed a moratorium, appeals would be limited to whether the moratorium applies to that particular provider/supplier. Providers/suppliers would be able to appeal an adverse determination based on a temporary moratorium up to the Department Appeal Board level of review.

State Medicaid agencies would be expected to comply with such moratoria unless the state determines that doing so would negatively affect access to care.

Suspension of Payments

In regards to Medicare, the proposed rule adds a definition for "credible allegation of fraud" to include "an allegation from any source, including but not limited to fraud hotline complaints, claims data mining, patterns identified through provider audits, civil false claims cases, and law enforcement investigations." CMS notes that a determination of whether a "credible allegation of fraud" exists would be made on a case-by-case basis. Payments would be suspended pending an investigation of a credible allegation of fraud. CMS proposes modifying the term "resolution of an investigation,'' such that a "resolution of an investigation occurs when legal action is terminated by settlement, judgment, or dismissal, or when the case is closed or dropped because of insufficient evidence." The proposed rule also adds certain good-cause exceptions under which CMS may retain discretion as to whether to impose or continue a suspension. Suspension of payments would be subject to the current time limits set forth in 42 C.F.R. § 405.372; however, if the suspension is based on a credible allegation of fraud, the time limits would not apply.

With respect to Medicaid, the proposed rule, among other things, indicates the circumstances under which payment suspensions are mandatory, requires that the state agency make a written report of suspected fraud to the state Medicaid Fraud Control Units or law enforcement agency, and sets forth certain good-cause exceptions when a state may determine not to suspend payments.

Provider Participation Termination

CMS proposes requiring a state Medicaid agency to deny or terminate enrollment for any provider/supplier that is terminated from Medicare, or has had its billing privileges revoked or is terminated under any other state Medicaid program or the CHIP. Additionally, CMS may revoke Medicare billing privileges when a state Medicaid agency revokes, terminates, or suspends a provider/supplier's enrollment or billing privileges.

Application fee

CMS has proposed that any "institutional provider," i.e., any provider/supplier that submits a CMS-855A, CMS-855B (with certain exceptions) or a CMS-855S, must also submit an application fee, or obtain a hardship exception. CMS may reject an application for initial enrollment application or to establish a new practice location if the fee is not included, or revoke billing privileges in the case of a revalidation.

CMS invites comments on the above provisions as well as compliance plan requirements included in ACA, specifically the use of the elements of an effective compliance and ethics program set forth in Chapter 8 of the U.S. Federal Sentencing Guidelines Manual as the basis for the required compliance programs for federal healthcare program enrollment. Comments must be submitted no later than 5 pm on November 16, 2010.

We would like to thank Kim Looney, Esquire, Stephen Page, Esquire, and Seema Kanwar, Esquire (Waller Lansden Dortch & Davis LLP, Nashville, TN), for authoring this alert. We would also like to thank the Physician Organizations Practice Group Leadership for sharing this alert with the Hospitals and Health Systems Practice Group.