The Centers for Medicare and Medicaid Services (CMS) has issued new proposed fraud and abuse rules in accordance with requirements of the Affordable Care Act (ACA) — first known as the Patient Protection and Affordable Care Act (PPACA). 

Section 6501(a) of ACA added Social Security section 1866(j), and required CMS to establish screening procedures for provider and supplier enrollment processes in order to combat fraud and abuse. 

CMS issued the proposed rules on September 23, 2010. The proposed rule classifies types of additional scrutiny and screening that could be applied and risk categories of providers to which they will be applied. 

The screening efforts consist of crosschecking with state licensure, criminal background checks, fingerprinting, site visits and database comparisons among enforcement agencies. 

CMS proposes to categorize providers and supplies into three categories: limited risk; moderate risk; and high risk.

The limited risk category consists primarily of physicians, physician assistants, clinics and group practices, publicly traded entities which by nature of their stock listing endure additional scrutiny and are subject to rules such as Sarbanes Oxley, and entities with more clearly defined medical necessity requirements such as ambulatory surgery centers (ASC), end stage renal disease facilities (ESRD), federally qualified health centers (FHQC), critical access hospitals (CAH), rural health centers, radiation therapy providers, and skilled nursing facilities (SNF). The limited risk categories will be required to perform enhanced verification of state licensing and database comparisons. 

Moderate risk categories will be community health centers (CHC), comprehensive outpatient rehabilitation facilities (CORF), independent testing facilities (IDTF), and clinical laboratories, and non-publically traded companies involved in ambulance services, home health agencies, and hospice care. The most significant addition to the screening of the moderate risk providers and suppliers will be the addition of unannounced pre- and post-enrollment site visits. In explaining the need for this role, CMS referred to reviews done by Zone Program Integrity Contractors (ZPIC) and specifically one in Zone 7, which is South Florida, which found that 51 of 62 corfs (82%) failed to meet licensing requirements and 30 of 38 community mental health centers (CMHC), or 79%, failed to meet licensing requirements. 

Finally, there will be a category of high risk providers, which will be required to perform criminal background checks and fingerprinting. The primary categories in the high risk providers are home health agencies (HHA) and DMEPOS. 

In addition to establishing these categories in the basic screening processes, the proposed rules provide for:

1.         Transfer of providers from one category to the next based on facts and circumstances;

2.         Suspension of payment authorization for existing providers who refuse to fingerprint new managers;

3.         Deactivation of providers who have had no claims for more than 12 months;

4.         Requiring that prescribing and referring providers must be enrolled in Medicare or Medicaid, as appropriate;

5.         Procedures to allow temporary enrollment moratoria; and

6.         Procedures to allow suspension of payment when credible allegation of fraud exists.

I will be devoting a separate blog post to the issue of payment suspensions, since it presents such a clear risk to the financial stability and cash flow of organizations.