skip to main content

October 28, 2019

By: Susan E. Ziel and Robert A. Anderson

Does your organization have a policy relating to verification of exclusion from Federal and State healthcare programs? If so, does your Policy comply with all applicable requirements?   Requirements include the following:

  • The Civil Monetary Penalties (“CMP”) Law[1] which imposes monetary penalties against any “person” who “arranges or contracts (by employment or otherwise) with an individual or entity that the person knows or should know is excluded from participation in a Federal Health Care Program[2] for the provision of items or services for which payment may be made under such Program;”

  • The Health and Human Services’ Office of Inspector General (“OIG”) and its Exclusion Program[3] materials, including, but not limited to, the Updated Special Advisory Bulletin on the Effect of Exclusion From Participation in Federal Health Care Programs;[4]

  • Any additional final rules adopted by applicable state Medicaid programs that govern verification of excluded individuals.  To date, at least 20 states have adopted final rules governing exclusion verifications, any of which Krieg DeVault attorneys are available to confirm for their clients anytime; and

  • The Affordable Care Act (“ACA”), Section 6501, which states that if a provider is excluded in one state, the provider is excluded in all 50 states.[5]

Taking into account these requirements, here's a checklist to assist you in updating (or creating) this important policy. To do otherwise, leaves your organization vulnerable to potential claims of wrongful employment or other engagement of excluded individuals or entities in violation of the CMP Law.  

  1. Key Terms.  The Policy should define certain key terms, including the following: 

  1. The term “Applicable Requirements” which includes the above listed CMP Law, OIG Exclusion Program materials and any applicable state Medicaid final rules;


  1. The term “Exclusion Databases” which confirms all Federal or applicable state Medicaid exclusion databases, including the following:


  1. Department of Health and Human Services, Office of Inspector General’s (“OIG”) List of Excluded Individuals and Entities;[6] and


  1. General Services Administration’s System for Award Management (“SAM”) List of Parties Excluded from Federal Programs.[7]


  1. The term “Federal Health Care Program” referenced above;


  1. The term “Applicant” which confirms any individual or entity making application to initiate an employment, contractual, or other business relationship with your organization;


  1. The term “Representative” which confirms all key persons and other individuals who are subject to the Policy requirements, including owners, officers, directors, employees, physicians and other credentialed providers and other paid and unpaid individuals who are subject to your organization’s direction and control; and


  1. The term “Vendor” which includes any individual or entity who performs services for or on behalf of your organization under a contract, invoice or otherwise in the delivery of items or services covered by a Federal Health Care Program, or alternatively, whose fees or expenses are reported on any applicable cost report.  

  1. Applicant Screening.  The Policy should require all Applicants to be diligent in reporting all past and current surnames and business names, all current licenses, certifications and professional liability insurance, and all other information regarding any sanction or other adverse action concerning these or other credentials, including whether the Applicant is currently or has ever been excluded from participation in any of the Exclusion Databases.  The Policy should require that any evidence that an Applicant is the subject of a sanction or exclusion action must be promptly reported to the Compliance Officer and the designated Representative responsible for the application process shall  notify the Applicant that the application for employment, Medical Staff or other business relationship has been denied, without exception, in accordance with applicable Human Resources, Medical Staff and/or other organizational Policies. 

  1. Ongoing Representative and Vendor Screening


  1. The Policy should specify the designated Representative(s) responsible for the ongoing screening of all Representatives and Vendors which are subject to the Policy.  If the screening procedures are performed by a third party, a copy of the written agreement should be reviewed and approved by the Chief Executive Officer, Compliance Officer and legal counsel and the review should be appropriately documented. 


  1. Although the OIG Exclusion Program materials do not specify the frequency for conducting ongoing screening procedures, it is important to note that most, if not all of the Exclusion Databases are updated monthly and most of the state Medicaid exclusion databases require monthly review. For these reasons, it is prudent to recommend an ongoing screening procedure, conducted on a monthly basis, in order to  minimize the potential and serious risk of civil money penalties and other sanctions under Applicable Requirements. 


  1. The Policy should require that any evidence that a Representative or Vendor is the subject of a sanction or exclusion action be promptly reported to the Compliance Officer and the designated Representative(s) responsible for the business relationship shall arrange for prompt termination of the employment or other business relationship, in accordance with applicable Human Resources, Medical Staff and/or other applicable organizational Policies.


  1. Ongoing Representative and Vendor Obligations to Report Change in Status.  The organization should clearly communicate, by way of applicable policies or contracts that all Representatives and Vendors have an affirmative obligation to notify its Compliance Officer immediately, in writing, of any sanction or exclusion action reported on any Exclusion Database and that any failure to report such changes may result in immediate termination of employment or other business relationship.


  1. Policy Responsibilities.  The Policy should confirm that the Compliance Officer is responsible for the oversight of all exclusion verification procedures under the Policy.  Any investigations, terminations or other corrective actions required under the Policy should be carried out in accordance with other applicable Policies, as appropriate.


  1. Records.  The Policy should also specify and require the retention of all records, work papers, reports or other information that is created or received under the Policy, whether as a result of the reporting and investigation of an exclusion, or any other process completed under the Policy. The Policy should also require these materials to be maintained in a confidential manner in accordance with applicable corporate compliance record retention requirements.


  1. Frequently Asked Questions.  Lastly, we often find that client policies that incorporate a series of “Frequently Asked Questions” often assists in clarifying Policy language or specifying how to get additional information regarding the Policy from the Corporate Compliance Officer, or otherwise. 

If we can assist you in updating (or creating) your organization’s Exclusion Verification Policy or other documentation that can maximize the effectiveness of your Corporate Compliance Program, please contact us for additional information.

  1. 1. 42 USC 1320a-7a(6).

  1. 2. 42 USC 1320a-7b(f).

  1. 3.

  1. 4.

  1. 5. 42 USC 1396a(a)(39);

  1. 6. 

  1. 7.