Sanction Screening Obligations Prove to be a Growing Challenge: Best Practices Tips in Meeting the Challenge

The Department of Health and Human Services Office of Inspector General (OIG) makes it clear that providers and plans that fail to screen employees, physicians, vendors, and contractors against the OIG’s List of Excluded Individuals and Entities (LEIE) may be subject to significant Civil Monetary Penalties (CMPs) and potential exposure under the False Claims Act. Tom Herrmann, JD, former Appellate Judge for the Medicare Appeals Board who served over 20 years in the Office of Counsel to the Inspector General, explained that: “If a claim is submitted to a Federal health care program that includes items or services provided by an excluded party, it may be subject to a CMP of $10,000. The party may also be subject to treble damages for the amount claimed for each item or service. Furthermore, once an organization has discovered a party working on their behalf, it becomes a ‘disclosable’ event. As such, the best practice to guard against this is not engaging anyone until they have been screened and continue to screen everyone with some frequency.”

The Centers for Medicare & Medicaid Services (CMS) makes sanction screening a condition of participation. Organizations must screen against the LEIE as well as the General Services Administration (GSA) Excluded Parties List System (EPLS), now part of GSA’s System for Award Management (SAM). CMS has also called upon State Medicaid Directors to develop their own sanction databases and to mandate enrolled providers to screen against their respective databases on a monthly basis. Since then, 39 states have already moved to establish their own Medicaid sanction lists and more states are sure to follow. Many states now mandate monthly screening against both the state compiled sanction lists and the LEIE. This exponentially increases the burden for compliance officers, HRM, and procurement officers. Among the challenges for compliance officers are: (1) who should be screened, (2) which databases must be checked, (3) frequency of screening, and (4) what documentation must be maintained to evidence what has been done.

The OIG issued a Special Advisory Bulletin addressing the scope and frequency of screening employees and contractors against the LEIE. The bulletin states that when checking the LEIE, providers should maintain documentation of all names searched in order to verify results of potential hits. Documentation will evidence that organizations have executed proper and complete screening. The OIG also notes that inasmuch as they update the LEIE monthly, monthly screening “best minimizes potential overpayment and CMP liability.” Additionally, the OIG noted that that they will only take action on parties on the LEIE and have no interest or authority to address confirmed “hits” on the GSA SAM.

Sanction databases continue to expand federally, including those maintained by the Drug Enforcement Administration (DEA) and the Food and Drug Administration (FDA). A recent trend in legislation and regulation demonstrates the increased emphasis on sanction screening. For example, CMS published a final rule amending Section 6501 of the Patient Protection and Affordable Care Act to require that states terminate the participation of any individual or entity if such individual or entity is terminated under Medicare or any other Medicaid State plan.  Another example is seen through the Health Information Technology for Economic and Clinical Health Act (HITECH). HITECH has increased the government’s interest in policing proper sanction screening and reinforced this interest by increasing enforcement funding. Additionally, the Health Insurance Portability and Accountability Act (HIPAA) and the Balanced Budget Act (BBA) have expanded the OIG’s sanction authority and the scope of both current CMP and exclusion authority beyond programs funded by the Department to all “Federal health care programs.”

Most providers rely upon vendors to assist with sanction screening

Jillian Bower, Vice President of the Compliance Resource Center (CRC) which provides both search engine sanction screening services as well as outsourced screening, noted that in her experience with scores of providers: “Any provider with a large work force, or that engages many contractors or vendors, finds manual screening too costly, especially when they have to do so with many different federal and state sanction databases. Today, most meet the challenges of the increased burden of sanction screening by using a vendor service that offers sanction screening search engine support. This can greatly facilitate the sanction process by enabling providers to “batch search” large numbers of files simultaneously against multiple databases at both the federal and state level. However, there remains the problem of resolving “potential hits.” For many, the answer is to simply outsource the entire process to a vendor who will conduct sanction screening against all identified database, as well as resolving potential hits.”

Tips and Best Practices

1. Conduct sanction screening for individuals prior to engaging with them or granting staff privileges.
2. Conduct periodic monthly sanction screening across the universe of covered parties.
3. Screen, at a minimum, the LEIE, SAM, and State Medicaid Exclusion database.
4. Document all screening (i.e. date, names screened, process to resolve “potential hits”).
5. Have each sanction screening report signed-off and certified by a responsible party.
6. Maintain records of all sanction screening for at least 5 years to evidence the work done.
7. If manual screening is a burden, consider using a vendor search engine service.
8. Use only fixed rate services and avoid fees based upon volume that can be very costly.
9. Don’t engage a vendor that only provides services limited to LEIE and/or SAM.
10. Use sanction screening software / search engines that include all relevant federal and state Medicaid databases.
11. Use a service that can batch search all applicable databases simultaneously.
12. Include a termination provision in all contracts to permit termination/cancelation without cause and without notice in order to avoid being trapped in an unsatisfactory service agreement.
13. Look for vendors providing “help desk” support services.
14. Consider “outsourcing” the entire process for screening and for the resolution of “potential hits.”
15. Require outsourced vendors to provide an explanation of how they resolved “hits.”
16. Ensure any contract with an outsourced vendor requires they certify their report results.