AGENCY:

Centers for Medicare & Medicaid Services (CMS), HHS.

ACTION:

Proposed rule.

SUMMARY:

This proposed rule would implement provisions of the Affordable Care Act that establish: Procedures under which screening is conducted for providers of medical or other services and suppliers in the Medicare program, providers in the Medicaid program, and providers in the Children's Health Insurance Program (CHIP); an application fee to be imposed on providers and suppliers; temporary moratoria that may be imposed if necessary to prevent or combat fraud, waste, and abuse under the Medicare and Medicaid programs, and CHIP; guidance for States regarding termination of providers from Medicaid and CHIP if terminated by Medicare or another Medicaid State plan or CHIP; guidance regarding the termination of providers and suppliers from Medicare if terminated by a Medicaid State agency; and requirements for suspension of payments pending credible allegations of fraud in the Medicare and Medicaid programs. This proposed rule would also present an approach and request comments on the provisions of the Affordable Care Act that require providers of medical or other items or services or suppliers within a particular industry sector or category to establish compliance programs.

DATES:

To be assured consideration, comments must be received at one of the addresses provided below, no later than 5 p.m. on November 16, 2010.

ADDRESSES:

In commenting, please refer to file code CMS-6028-P. Because of staff and resource limitations, we cannot accept comments by facsimile (FAX) transmission.

You may submit comments in one of four ways (please choose only one of the ways listed):

1. Electronically. You may submit electronic comments on this regulation to http://www.regulations.gov. Follow the “Submit a comment” instructions.

2. By regular mail. You may mail written comments to the following address only:

Centers for Medicare & Medicaid Services, Department of Health and Human Services, Attention: CMS-6028-P, P.O. Box 8020, Baltimore, MD 21244-8020.

Please allow sufficient time for mailed comments to be received before the close of the comment period.

3. By express or overnight mail. You may send written comments to the following address only:

Centers for Medicare & Medicaid Services, Department of Health and Human Services, Attention: CMS-6028-P, Mail Stop C4-26-05, 7500 Security Boulevard, Baltimore, MD 21244-1850

4. By hand or courier. If you prefer, you may deliver (by hand or courier) your written comments before the close of the comment period to either of the following addresses:

a. For delivery in Washington, DC—Centers for Medicare & Medicaid Services, Department of Health and Human Services, Room 445-G, Hubert H. Humphrey Building, 200 Independence Avenue, SW., Washington, DC 20201.

(Because access to the interior of the Hubert H. Humphrey Building is not readily available to persons without Federal government identification, commenters are encouraged to leave their comments in the CMS drop slots located in the main lobby of the building. A stamp-in clock is available for persons wishing to retain a proof of filing by stamping in and retaining an extra copy of the comments being filed.)

b. For delivery in Baltimore, MD—Centers for Medicare & Medicaid Services, Department of Health and Human Services, 7500 Security Boulevard, Baltimore, MD 21244-1850.

If you intend to deliver your comments to the Baltimore address, please call telephone number (410) 786-9994 in advance to schedule your arrival with one of our staff members.

Comments mailed to the addresses indicated as appropriate for hand or courier delivery may be delayed and received after the comment period.

Submission of comments on paperwork requirements. You may submit comments on this document's paperwork requirements by following the instructions at the end of the “Collection of Information Requirements” section in this document.

For information on viewing public comments, see the beginning of the SUPPLEMENTARY INFORMATION section.

FOR FURTHER INFORMATION CONTACT:

Patricia Peyton (410) 786-1812 for Medicare enrollment issues. Claudia Simonson (312) 353-2115 for Medicaid and CHIP enrollment and Medicaid payment suspension issues.

Joseph Strazzire (410) 786-2775 for Medicare payment suspension issues.

Laura Minassian-Kiefel (410) 786-4641 for compliance program issues.

SUPPLEMENTARY INFORMATION:

Inspection of Public Comments: All comments received before the close of the comment period are available for viewing by the public, including any personally identifiable or confidential business information that is included in a comment. We post all comments received before the close of the comment period on the following Web site as soon as possible after they have been received: http://www.regulations.gov. Follow the search instructions on that Web site to view public comments.

Comments received timely will also be available for public inspection as they are received, generally beginning approximately 3 weeks after publication of a document, at the headquarters of the Centers for Medicare & Medicaid Services, 7500 Security Boulevard, Baltimore, Maryland 21244, Monday through Friday of each week from 8:30 a.m. to 4 p.m. To schedule an appointment to view public comments, phone 1-800-743-3951.

I. Background

The Medicare program (title XVIII of the Social Security Act (the Act)) is the primary payer of health care for 45 million enrolled beneficiaries. Under section 1802 of the Act, a beneficiary may obtain health services from an individual or an organization qualified to participate in the Medicare program. Qualifications to participate are specified in statute and in regulations ( see, for example, sections 1814, 1815, 1819, 1833, 1834, 1842, 1861, 1866, and 1891 of the Act; and 42 CFR chapter IV, subchapter G, which concerns standards and certification requirements).

Providers and suppliers furnishing services must comply with the Medicare requirements stipulated in the Act and in our regulations. These requirements are meant to ensure compliance with applicable statutes, as well as to promote the furnishing of high quality care. As Medicare program expenditures have grown, we have increased our efforts to ensure that only qualified individuals and organizations are Start Printed Page 58205 allowed to enroll or maintain their Medicare billing privileges.

The Medicaid program (title XIX of the Act) is a joint Federal and State health care program for eligible low-income individuals. States have considerable flexibility in how they administer their Medicaid programs within a broad Federal framework and programs vary from State to State.

The Children's Health Insurance Program (CHIP) (title XXI of the Act) is a joint Federal and State health care program that provides health care coverage to more than 7.7 million otherwise uninsured children.

Historically, States, in operating Medicaid and CHIP, have permitted the enrollment of providers who meet the State requirements for program enrollment.

The Patient Protection and Affordable Care Act (Pub. L. 111-148), as amended by the Health Care and Education Reconciliation Act of 2010 (Pub. L. 111-152) (collectively known as the Affordable Care Act) (the ACA) makes a number of changes to the Medicare and Medicaid programs and CHIP that enhance the provider and supplier enrollment process to improve the integrity of the programs to reduce fraud, waste, and abuse in the programs.

A. Statutory Authority

The following is an overview of some of the statutory authority relevant to enrollment in Medicare, Medicaid, and CHIP:

• Sections 1102 and 1871 of the Act provide general authority for the Secretary of Health and Human Services (the Secretary) to prescribe regulations for the efficient administration of the Medicare program. Section 1102 of the Act also provides general authority for the Secretary to prescribe regulations for the efficient administration of the Medicaid program and CHIP.
• Section 4313 of the Balanced Budget Act of 1997 (BBA) (Pub. L. 105-33) amended sections 1124(a)(1) and 1124A of the Act to require disclosure of both the Employer Identification Number (EIN) and Social Security Number (SSN) of each provider or supplier, each person with ownership or control interest in the provider or supplier, any subcontractor in which the provider or supplier directly or indirectly has a 5 percent or more ownership interest, and any managing employees including directors and officers of corporations and non-profit organizations and charities. The “Report to Congress on Steps Taken to Assure Confidentiality of Social Security Account Numbers as required by the Balanced Budget Act” was signed by the Secretary and sent to the Congress on January 26, 1999. This report outlines the provisions of a mandatory collection of SSNs and EINs effective on or after April 26, 1999.
• Section 936(a)(2) of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) (Pub. L. 108-173) amended the Act to require the Secretary to establish a process for the enrollment of providers of services and suppliers. We are authorized to collect information on the Medicare enrollment application (that is, the CMS-855, (Office of Management and Budget (OMB) approval number 0938-0685)) to ensure that correct payments are made to providers and suppliers under the Medicare program as established by title XVIII of the Act.
• Section 1902(a)(27) of the Act provides general authority for the Secretary to require provider agreements under the Medicaid State Plans with every person or institution providing services under the State plan. Under these agreements, the Secretary may require information regarding any payments claimed by such person or institution for providing services under the State plan.
• Section 2107(e) of the Act, which provides that certain title XIX and title XI provisions apply to States under title XXI, including 1902(a)(4)(C) of the Act, relating to conflict of interest standards.
• Section 1903(i)(2) of the Act relating to limitations on payment.
• Section 1124 of the Act relating to disclosure of ownership and related information.
• Sections 6401, 6402, 6501,10603, and 1304 of the ACA amended the Act by establishing: (1) Procedures under which screening is conducted for providers of medical or other services and suppliers in the Medicare program, providers in the Medicaid program, and providers in the CHIP; (2) an application fee to be imposed on providers and suppliers; (3) temporary moratoria that the Secretary may impose if necessary to prevent or combat fraud, waste, and abuse under the Medicare and Medicaid programs and CHIP; (4) procedures to terminate providers if terminated by Medicare or another State plan; (5) requirements for suspensions of payments pending credible allegations of fraud in both the Medicare and Medicaid programs.

II. Provisions of the Proposed Regulations

A. Provider Screening Under Medicare, Medicaid, and CHIP

1. Statutory Changes

Section 6401(a) of the ACA, as amended by section 10603 of the ACA, amends section 1866(j) of the Act to add a new paragraph, paragraph “(2) Provider Screening.” Section 1866(j)(2)(A) of the Act requires the Secretary, in consultation with the Department of Health of Human Services' Office of the Inspector General (HHS OIG), to establish procedures under which screening is conducted with respect to providers of medical or other items or services and suppliers under Medicare, Medicaid, and CHIP. Section 1866(j)(2)(B) of the Act requires the Secretary to determine the level of screening to be conducted according to the risk of fraud, waste, and abuse with respect to the category of provider of medical or other items or services or supplier. The provision states that the screening shall include a licensure check, which may include such checks across State lines; and the screening may, as the Secretary determines appropriate based on the risk of fraud, waste, and abuse, include a criminal background check; fingerprinting; unscheduled or unannounced site visits, including pre-enrollment site visits; database checks, including such checks across State lines; and such other screening as the Secretary determines appropriate. Section 1866(j)(2)(C) of the Act requires the Secretary to impose a fee on each institutional provider of medical or other items or services or supplier that would be used by the Secretary for program integrity efforts including to cover the cost of screening and to carry out the provisions of sections 1866(j) and 1128J of the Act. We discuss the fee in section II.B. of this proposed rule.

Section 6401(b) of the ACA amends section 1902 of the Act to add new paragraphs (a)(77)(i) and (ii), which require States to comply with the process for screening providers and suppliers as established by the Secretary under 1866(j)(2) of the Act.^[1]

We note that the statute uses the terms “providers of medical or other items or services,” “institutional providers,” and “suppliers.” The Medicare program enrolls a variety of providers and suppliers, some of which are referred to as “providers of services,” “institutional providers,” “certified providers,” “certified suppliers,” and “suppliers.” In Medicare, the term “providers of services” under section 1861(u) of the Act means health care entities that furnish services primarily payable under Part A of Medicare, such as hospitals, home health agencies (including home health agencies providing services under Part B), hospices, and skilled nursing facilities. The term “suppliers” defined in section 1861(d) of the Act refers to health care entities that furnish services primarily payable under Part B of Medicare, such as independent diagnostic testing facilities (IDTFs), durable medical equipment prosthetics, orthotics, and supplies (DMEPOS) suppliers, and eligible professionals, which refers to health care suppliers who are individuals, that is, physicians and the other professionals listed in section 1848(k)(3)(B) of the Act. For Medicaid and CHIP, we use the terms “providers” or “Medicaid providers” or “CHIP providers” when referring to all Medicaid or CHIP health care providers, including individual practitioners, institutional providers, and providers of medical equipment or goods related to care. The term “supplier” has no meaning in the Medicaid program or CHIP.

Section 424.502 contains additional definitions that apply to these and other terms used throughout this proposed rule including the following:

• Authorized official means an appointed official (for example, chief executive officer, chief financial officer, general partner, chairman of the board, or direct owner) to whom the organization has granted the legal authority to enroll it in the Medicare program, to make changes or updates to the organization's status in the Medicare program, and to commit the organization to fully abide by the statutes, regulations, and program instructions of the Medicare program.
• Delegated official means an individual who is delegated by the “Authorized Official,” the authority to report changes and updates to the enrollment record. The delegated official must be an individual with ownership or control interest in, or be a W-2 managing employee of the provider or supplier.
• Managing employee means a general manager, business manager, administrator, director, or other individual that exercises operational or managerial control over, or who directly or indirectly conducts, the day-to-day operation of the provider or supplier, either under contract or through some other arrangement, whether or not the individual is a W-2 employee of the provider or supplier.
• Owner means any individual or entity that has any partnership interest in, or that has 5 percent or more direct or indirect ownership of the provider or supplier as defined in sections 1124 and 1124A(A) of the Act.
• Physician or nonphysician practitioner organization means any physician or nonphysician practitioner entity that enrolls in the Medicare program as a sole proprietorship or organizational entity.

The new screening procedures implemented pursuant to new section 1866(j)(2) of the Act would be applicable to newly enrolling providers and suppliers, including eligible professionals, beginning on March 23, 2011. These new procedures would be applicable to currently enrolled Medicare, Medicaid, and CHIP providers, suppliers, and eligible professionals beginning on March 23, 2012. These new screening procedures implemented pursuant to new section 1866(j)(2) of the Act would be applicable beginning on March 23, 2011 for those providers and suppliers currently enrolled in Medicare, Medicaid, and CHIP who revalidate their enrollment information. Within Medicare, the March 23, 2011 implementation date will impact those current providers and suppliers whose 5-year revalidation cycle (or 3-year revalidation cycle for DMEPOS suppliers) results in revalidation occurring on or after March 23, 2011 and before March 23, 2012.

2. Summary of Existing Screening Measures

Before we outline the new measures we are proposing under the ACA, it may be helpful to provide a summary of some of the screening measures already being utilized in Medicare, Medicaid, and CHIP. Pursuant to other authority, but with the notable exceptions of criminal background checks and fingerprinting, Medicare, generally through private contractors, already employs a number of the screening practices described in section 1866(j)(2)(B) of the Act to determine if a provider or supplier is in compliance with Federal and State requirements to enroll or to maintain enrollment in the Medicare program.

a. Licensure Requirements—Medicare and Medicaid

Over the past several years, we have taken a number of steps to strengthen our ability to deny or revoke Medicare billing privileges when providers or suppliers do not have or do not maintain the applicable State licensure requirements for their provider or supplier type or profession. We established reporting responsibilities for all providers, suppliers, and eligible professionals in earlier regulations at § 424.516(b) through (e). Today, to ensure that only qualified providers and suppliers remain in the Medicare fee-for-service (FFS) program, we require that Medicare contractors review State licensing board data on a monthly basis to determine if providers and suppliers remain in compliance with State licensure requirements. Medicare billing privileges would be revoked for those providers and suppliers who do not report a final adverse action (for example, license revocation or suspension, felony conviction) within the applicable reporting period, as required in § 424.516(b) through (e). Medicare suppliers of DMEPOS and IDTFs are already subject to similar provisions in § 424.57(c) and § 410.33(g), respectively. DMEPOS suppliers are also subject to additional requirements including accreditation and surety bonding, pursuant to 42 CFR 424.57(c)(22) through (26) and 42 CFR 424.57(d).

Medicare Advantage organizations (MAOs) are required to verify licensure of providers and suppliers, including physicians and other health care professionals, in accordance with § 422.204.

For Medicaid and CHIP, most States do some checking of in-State provider licenses. For example, in some States, the existence of the license may be verified, but little attention might be given to any restrictions on the license.

b. Site Visits—Medicare

Pursuant to § 424.517, Medicare conducts the following site visits and takes the following actions, generally through private contractors under CMS direction:

• The National Supplier Clearinghouse (NSC) Medicare Administrative Contractor (the Medicare contractor that processes enrollment applications for suppliers of DMEPOS) conducts pre-enrollment site visits to DMEPOS suppliers that are not associated with a chain supplier of Start Printed Page 58207 DMEPOS (a chain supplier of DMEPOS is a supplier with 25 or more distinct practice locations.)

• The NSC also conducts unannounced post-enrollment site visits to DMEPOS suppliers for which CMS or the NSC believes there is a likelihood of fraudulent or abusive activities to ensure those DMEPOS suppliers remain in compliance with the supplier standards found at § 424.57(c).
• CMS at times exercises its right to—
• Have the NSC conduct ad hoc pre- and post-enrollment site visits to any DMEPOS supplier;
• Have Medicare contractors conduct pre-enrollment site visits to all IDTFs; and
• Conduct ad hoc pre-and post enrollment site visits to any prospective Medicare provider and supplier or any enrolled Medicare provider or supplier.

In addition, under 42 CFR parts 488 and 489, a State survey agency or an approved national accreditation organization with deeming authority conducts pre-enrollment surveys for certified providers and suppliers to determine whether they meet the applicable Federal conditions and requirements for their provider or supplier type before they can participate in the Medicare program.

We believe these efforts need to be expanded to include additional site visits and site visits to additional provider and supplier types in order to protect the Medicare FFS program from unscrupulous or potentially fraudulent providers and suppliers.

We note that the site visits discussed here and elsewhere within this preamble and the proposed regulations are separate and apart from the site visits that are conducted pursuant to the Clinical Laboratory Improvement Amendments (CLIA). We intend to work with our State survey agency partners in coordinating these site visits so as to avoid duplication and burden on providers.

c. Database Checks—Medicare

Today, Medicare contractors employ database checks of eligible professionals, owners, authorized officials, delegated officials, managing employees, medical directors, and supervising physicians (at IDTFs and laboratories) as part of the Medicare provider and supplier enrollment process. These include database checks with the Social Security Administration (SSA) (to verify an individual's SSN), the National Plan and Provider Enumeration System (NPPES) to verify the National Provider Identifier (NPI) of an eligible professional, and State licensing board checks to determine if an eligible professional is appropriately licensed to furnish medical services within a given State. These checks also include checking a provider or supplier against the HHS OIG's List of Excluded Individuals/Entities (LEIE) and the General Service Administration's Excluded Parties List System (EPLS). All of the database checks are used to assess the eligibility and qualifications of providers and suppliers to enroll in the Medicare program, to confirm the identity of an eligible professional to ensure that he or she may be considered for enrollment in the Medicare program.

Also, on a monthly basis, CMS' Medicare contractors systematically compare enrolled providers, suppliers, and eligible professionals against the information in the Medicare Exclusions Database. The Medicare Exclusions Database identifies providers, suppliers, and eligible professionals who have been excluded from the Medicare and Medicaid programs by the HHS OIG. When a match is found, the HHS OIG exclusion information is systematically noted in the Medicare enrollment record of the provider, supplier, or eligible professional. In the Medicare program today, we deny or revoke the billing privileges of providers, suppliers, and eligible professionals who have been excluded by the HHS OIG. If the HHS OIG lifts the exclusion, the provider, supplier or eligible professional must reapply for enrollment in the Medicare program. In addition, Medicare contractors also review State licensure Web sites on a monthly basis to ensure that eligible professionals continue to meet State licensing requirements.

In addition, since January 2009, we have compared date of death information obtained from the Social Security Administration Death Master File (SSA DMF) with the information maintained in the National Plan and Provider Enumeration System (NPPES), the system that assigns a NPI to individual and organizations. Based on this comparison and the subsequent verification, we have deactivated the NPIs of more than 11,500 individuals who were previously assigned a type 1 (individual) NPI. We automatically transfer this information from NPPES to the Provider Enrollment, Chain, and Ownership System (PECOS), CMS' national Medicare enrollment repository to deactivate a deceased individual's Medicare billing privileges. In addition, Medicare contractors are required to review and act upon monthly files that contain a list of nonpractitioner individuals enrolled in the Medicare program who have been reported to the SSA as deceased. These individuals include: Owners, authorized officials, and delegated officials.

MAOs, as required by § 422.204, generally use database checks to verify licensure and licensure sanctions and limitations with State licensing boards and the Federation of State Medical Boards, DEA certificates with the National Technical Information Service (NTIS), history of adverse professional review actions and malpractice from the National Practitioner Data Bank (NPDB), accreditation status of institutional providers and suppliers with national accrediting boards, such as The Joint Commission (TJC), and search for HHS OIG exclusions using the HHS OIG Web site http://www.oig.hhs.gov/​fraud/​exclusions/​list of excluded.html.

d. Criminal Background Checks—Medicare

As described in § 424.530(a) and § 424.535(a), CMS or its designated Medicare contractor may deny or revoke the Medicare billing privileges of the owner of a provider or supplier, a physician or nonphysician practitioner, and terminate any corresponding provider or supplier agreement for a number of reasons, including an exclusion from the Medicare, Medicaid, and any other Federal health care program, a felony within the preceding 10 years that is considered detrimental to the Medicare program, and/or submission of false or misleading information on the Medicare enrollment application. While we currently require our Medicare contractors to verify data submitted on, and as part of, the Medicare provider/supplier enrollment application, our contractors are not able to verify information that may have been purposefully omitted or changed in a manner to obfuscate any previous criminal activity. In addition, criminal background checks are not routinely used in the FFS Medicare screening process.

e. Medicare MAO Requirements

As mentioned earlier in this section, MAOs already employ a number of screening procedures in accordance with regulations and CMS manual instructions. Specifically, under § 422.204(b)(3) in the case of providers meeting the definition of “provider of services” in section 1861(u) of the Act, basic benefits may only be provided through providers if they have a provider agreement with CMS permitting them to furnish services under original Medicare. With respect to other entities like suppliers, § 422.204(b)(3) requires that they “meet the applicable requirements of title XVIII and Part A of title XI of the Act.” Start Printed Page 58208 Given these requirements we are considering to what extent MAOs should be required to apply the identical screening requirements we are proposing for the original Medicare program or whether substantively similar alternative approaches adopted by MAOs would be acceptable. Accordingly, we solicit public comments on whether or to what extent MAOs should be required to implement the same enhanced screening requirements for providers, suppliers and physicians that we are proposing for the original Medicare program.

f. Fingerprinting—Medicare

We do not currently use fingerprinting in the Medicare screening process.

g. Screening—Medicaid and CHIP

States vary in the degree to which they employ screening methods such as unscheduled and unannounced site visits and database checks, including such checks across State lines, criminal background checks, and fingerprinting. However, there are at least a few States that utilize each of those methods.

States also vary in what they require their managed care entities (MCEs) ^[2] to do in terms of screening network-level providers that are not also enrolled in the Medicaid program as FFS providers. We are considering to what extent States must require their MCEs to apply the identical screening requirements we are proposing for the States or whether substantively similar alternative approaches adopted by MCEs would be acceptable. Accordingly, we solicit public comments on whether or to what extent MCEs should be required to implement the same enhanced screening requirements for Medicaid and CHIP providers that we are proposing for State Medicaid and CHIP programs.

3. Proposed Screening Requirements

a. Medicare

Section 1866(j)(2)(B) of the Act requires the Secretary to determine the level of screening applicable to providers and suppliers according to the risk of fraud, waste, and abuse the Secretary determines is posed by particular categories of providers and suppliers.

In considering how to establish consistent screening standards, we are proposing to designate provider and supplier categories that would be subject to certain screening procedures based on CMS' assessment of fraud, waste and abuse risk of the provider or supplier category, taking into consideration a variety of factors including studies conducted by the HHS OIG and the GAO and other sources. We would designate categories of providers or suppliers (for example, “newly enrolling DME suppliers” or “currently enrolled home health agencies”) that would be subject to screening procedures in each category based on our assessment of the level of risk presented by the category of provider. There will be 3 levels of risk: “limited,” “moderate” and “high,” and each provider/supplier category will be assigned to one of these 3 levels. The screening procedures applicable to each risk level will be set by us and are included in this proposed rule. The categories described below and associated risk levels assigned are designed to identify those categories of providers and suppliers that pose a risk of fraud, waste, and abuse.

Under this proposed approach, the relevant Medicare contractor (for example, fiscal intermediary, regional home health intermediary, carriers, Part A or Part B Medicare Administrative Contractor (A/B MAC), or the NSC Administrative Contractor) would utilize the screening tools mandated by us for the risk level assigned to a particular provider or supplier category.

We are soliciting comments on the proposed assignment of specific provider and supplier types to established risk levels, including what criteria should be considered in making such assignments, whether such assignments should be released publicly, whether they should be subject to agency review and updated according to an established schedule (that is, annually, bi-annually), and the extent to which they should be updated according to evolving risks. We are also soliciting comments on any additional database checks that we should consider as a type of screening.

Based on the level of risk assigned, we propose that the Medicare contractors would establish and conduct the following categorical screenings.

As described above, we already require Medicare contractors to ensure that every provider or supplier meets any applicable Federal regulations or State requirements, including applicable licensure requirements ^[3] for the provider or supplier type prior to making an enrollment determination. In addition, we also require that Medicare Start Printed Page 58209 contractors conduct monthly reviews of State licensing board actions to determine if an individual practitioner, such as a physician or non-physician practitioner continues to meet State licensing requirements. In the case of organizational entities, we also require our Medicare contractors to conduct monthly or periodic checks to determine if an organizational entity continues to meet the Federal and State requirements for its provider or supplier type. Such verifications help ensure that a prospective provider or supplier is eligible to participate in the Medicare program or that an existing provider or supplier is eligible to maintain its Medicare billing privileges.

Currently in the Medicare program, DMEPOS suppliers are required to re-enroll every 3 years, and other providers are required to revalidate their enrollment every 5 years. The terms revalidation and re-enrollment are often used interchangeably, but are actually specific to these provider types. To eliminate any confusion about which term applies to which provider or supplier, we are proposing language at 42 CFR 424.57(e) to change all references to re-enroll or re-enrollment to revalidate or revalidation. In addition, the ACA requires that no provider or supplier shall be allowed to enroll in Medicare or revalidate its enrollment in Medicare after March 23, 2013 without being screened pursuant to the authorities covered by this proposed rule. To assist CMS in assuring that the statutory effective date is met, we are proposing at 42 CFR 424.515 to permit CMS to require that a provider or supplier revalidate its enrollment at any time. After the revalidation, the current cycle for revalidation (3 years for DMEPOS, and 5 years for all other providers) would apply.

(1) Limited

In general, we consider physicians, nonphysician practitioners, and medical clinics and group practices to pose limited risk because these professionals are State licensed and we are not aware of any recent studies or other evidence that indicates that these suppliers, as a category, pose an elevated risk to the Medicare program.

Similarly, we believe that a provider or supplier that is publicly traded on the New York Stock Exchange (NYSE) or the National Association of Securities Dealers Automated Quotation System (NASDAQ) poses a limited risk because of the financial oversight provided by investors, corporate boards of directors, and the Security and Exchange Commission. Finally, based on our own data analysis including analysis of historical trends and CMS's own experience with provider screening and enrollment we believe that the following providers and suppliers currently pose a limited risk to the Medicare program: Ambulatory surgical centers (ASCs); end-stage renal disease (ERSD) facilities; Federally qualified health centers (FQHCs); histocompatibility laboratories; hospitals, including critical access hospitals (CAHs); Indian Health Service (IHS) facilities; mammography screening centers; organ procurement organizations (OPOs); mass immunization roster billers, portable x-ray suppliers; religious nonmedical health care institutions (RNHCIs); rural health clinics (RHCs); radiation therapy centers; public or government owned or affiliated ambulance services suppliers (defined as an ambulance supplier owned in whole or in part by a State or local government), and skilled nursing facilities (SNFs). Accordingly, we propose to include the categories of providers and suppliers listed above within the “limited” level of risk. We think the additional government oversight of “government owned or affiliated” ambulance service providers justifies placing these providers in the limited category.

In § 424.518(a), we propose that the following screening tools will apply to providers and suppliers in categories designated as “limited” risk: (1) Verification that a provider or supplier meets any applicable Federal regulations, or State requirements for the provider or supplier type prior to making an enrollment determination; (2) verification that a provider or supplier meets applicable licensure requirements; and (3) database checks on a pre- and post-enrollment basis to ensure that providers and suppliers continue to meet the enrollment criteria for their provider/supplier type.

To assist readers in understanding the type of providers and suppliers that we propose to include in the “limited” risk level, we are providing the following table.

(2) Moderate

For those provider and supplier categories with a “moderate” level of risk, we propose that Medicare contractors will conduct unannounced pre- and/or post-enrollment site visits in addition to those screening tools applicable to the “limited” level of risk. Based on the success of pre- and/or post-enrollment site visits conducted by the NSC during the enrollment process for suppliers of DMEPOS and a similar process established by carriers and A/B MACs during the enrollment of IDTFs, we believe that unscheduled and unannounced pre- and post-enrollment site visits help ensure that suppliers are operational and meet applicable supplier standards or performance standards. In addition, we believe that unscheduled and unannounced pre- and post-enrollment site visits are an essential tool in determining whether a provider or supplier is in compliance with its reporting responsibilities, including the requirement in § 424.516 to notify the Medicare contractor of any change of practice location.

Moreover, § 424.530(a)(5) and § 424.535(a)(5) give CMS and its Medicare contractors the authority to deny or revoke Medicare billing privileges for providers and suppliers respectively if the provider or supplier is not operational or the provider does not maintain the established provider or supplier performance standards. And while we do not believe that unscheduled or unannounced site visits are necessary for all providers and Start Printed Page 58210 suppliers, we do believe that a number of businesses, like the ones mentioned below, pose an increased risk to the Medicare program, due at least in part to the lack of individual professional licensure.

Moreover, as discussed below, we have found that certain types of providers and suppliers that easily enter a line or business without clinical or business experience, for example by leasing minimal office space and equipment, present a higher risk of possible fraud to our programs. As such, we believe that because these types of providers pose an increased risk of fraud they should be subject to substantial scrutiny before being permitted to enroll and bill Medicare, Medicaid, or CHIP. This type of pre-enrollment scrutiny will help us move away from the “pay and chase” approach. With the exception of providers and suppliers that are publicly traded on the NYSE or NASDAQ and therefore considered “limited” risk, we propose that the following prospective provider and supplier types be considered a “moderate” risk for the purpose of determining the appropriate level of screening: nonpublic, non-government owned or affiliated ambulance service suppliers, community mental health centers (CMHCs), comprehensive outpatient rehabilitation facilities (CORFs), hospice organizations, IDTFs, and independent clinical laboratories.

Most of these provider and supplier types are generally highly dependent on Medicare, Medicaid, or CHIP to pay their salaries and other operating expenses and are subject to less additional other government or professional oversight than the providers and suppliers in the limited risk category. Accordingly, we believe it is appropriate and necessary to conduct unscheduled and unannounced pre-enrollment site visits to ensure that these prospective providers and suppliers meet CMS' enrollment requirements prior to enrolling in the Medicare program. Moreover, we believe that post-enrollment site visits are also important to ensure that the enrolled provider or supplier remains a viable health care provider or supplier in the Medicare program.

Accordingly, we propose in § 424.518(b)(i) that in addition to the categorical screening tools used with respect to limited risk providers and suppliers that Medicare contractors shall conduct unannounced and unscheduled site visits prior to enrolling the following prospective providers and suppliers with the exception of providers and suppliers that are publicly traded on the NYSE or NASDAQ and therefore considered “limited” risk: Nonpublic, nongovernment owned or affiliated ambulance services suppliers, CMHCs, CORFs, hospice organizations, IDTFs, and independent clinical laboratories. In addition, we propose that the following currently enrolled Medicare providers should be categorized as “moderate”: Currently enrolled (revalidating) home health agencies or suppliers of DMEPOS. (Except that any such provider that is publicly traded on the NYSE or NASDAQ is considered “limited” risk.)

We believe that the providers and suppliers described above have the similar risk level as suppliers of DMEPOS and IDTFs, for both of which we already require a pre-enrollment site visit prior to completing the enrollment process.

We are also proposing in § 424.518(b)(ii) that the Medicare contractor shall conduct an unannounced and unscheduled pre-enrollment and/or post-enrollment on-site visit for the following providers and suppliers that are not publicly traded on the NYSE or NASDAQ during the revalidation process: non-public, non-government owned or affiliated ambulance services suppliers; CMHCs, CORFs, DMEPOS suppliers, HHAs, hospice organizations, IDTFs, and independent clinical laboratories. For the same reasons that we believe that a Medicare contractor should conduct a pre-enrollment site visit, we believe that Medicare contractors should conduct post-enrollment site visits during the revalidation process for the provider and supplier types described above.

HHS OIG and GAO have issued studies indicating that several of the provider and supplier types cited above have an elevated risk. In an October 2007 report titled, “Growth in Advanced Imaging Paid under the Medicare Physician Fee Schedule” (OEI-01-06-00260), the HHS OIG recommended that CMS consider conducting site visits to monitor IDTFs' compliance with Medicare requirements.” In addition, in an April 2007 report titled, “Medicare Hospices: Certification and Centers for Medicare & Medicaid Services Oversight” (OEI-06-05-00260), the HHS OIG recommended that CMS seek legislation to establish additional enforcement remedies for poor hospice performance. In response to this recommendation, CMS stated that it was considering whether to pursue new enforcement remedies for poor hospice performance. While the Medicare enrollment process is not designed to verify the conditions of participation, we do believe that more frequent onsite visits may help identify those hospice organizations that are no longer operational at the practice location identified on the Medicare enrollment application.

In a January 2006 report titled, “Medicare Payments for Ambulance Transports” (OEI-05-02-000590), the HHS OIG found that “twenty-five percent of ambulance transports did not meet Medicare's program requirements, resulting in an estimated $402 million in improper payments.”

In an August 2004 report titled, “Comprehensive Outpatient Rehabilitation Facilities: High Medicare Payments in Florida Raise Program Integrity Concerns” (GAO-04-709), the GAO concluded that, “[s]izeable disparities between Medicare therapy payments per patient to Florida CORFs and other facility-based outpatient therapy providers in 2002—with no clear indication of differences in patient needs—raise questions about the appropriateness of CORF billing practices. After finding high rates of medically unnecessary therapy services to CORFs, CMS's claims administration contractor for Florida took steps to ensure appropriate claim payments for a small, targeted group of CORF patients. Despite its limited success, billing irregularities continued among some CORFs and many CORFs continued to receive relatively high payments the following year. This suggests that the contractor's efforts were too limited in scope to be effective with all CORF providers.”

In addition to GAO and HHS OIG studies and reports, a number of Zone Program Integrity Contractors (ZPIC) and Program Safeguard Contractors (PSC), organizations used by CMS in helping to fight fraud in Medicare, have taken a number of administrative actions including payment suspensions and increased medical review, for the provider and supplier types shown above. For example, the Zone 7 ZPIC contractor in South Florida has conducted onsite reviews at 62 CORFs since January 2010 and recommended revocation for 51 CORFs, or 82 percent of the CORFS in the area. The same contractor has conducted an onsite reviews at 38 CMHCs located in Dade, Broward and Palm Beach County since January 2010, and recommended that 30 CMHCs be revoked for noncompliance (79 percent of the CMHCs in the area). In each instance where the ZPIC requested a revocation, the CMHC was also placed on prepay review. We have also conducted an analysis of IDTF licensure requirements and have found several circumstances that indicate Start Printed Page 58211 irregularity and potential risk of fraud. Although independent clinical laboratories are subject to survey against CLIA requirements, there are nonetheless a number of potentials for fraud, not the least of which is the sheer volume of service and associated billing generated by these entities.

Also, while we believe that prospective suppliers of DMEPOS that are not publicly-traded on the NYSE or NASDAQ are a “high” categorical risk (see discussion below), we believe that there is ample evidence to support the use of post-enrollment site visits as a reliable and effective tool to ensure that a current supplier of DMEPOS remains operational and continues to meet the supplier standards found in § 424.57(c). In a March 2007 report titled, “Medical Equipment Suppliers Compliance with Medicare Enrollment Requirements” (OEI-04-05-00380), the HHS OIG concluded that, “By helping to ensure the legitimacy of DMEPOS suppliers, out-of cycle site visits may help to prevent fraud, waste, and abuse in the Medicare program. CMS may want to consider the findings of our study as they determine how and to what extent out-of-cycle site visits of DMEPOS suppliers will occur.” Today, the NSC MAC utilizes on post-enrollment site visits as the primary screening to determine ongoing compliance with the enrollment criteria set forth in § 424.57(c). Therefore, we have included currently enrolled DMEPOS suppliers in the “moderate” category.

We also note that, in addition to the new screening measures being proposed in this rule, under the existing regulation at § 424.517, a Medicare contractor may conduct an unannounced or unscheduled site visit at any time for any provider or supplier type prior to enrolling a prospective provider or supplier or for any existing provider or supplier enrolled in the Medicare program. While the primary purpose of an unannounced and unscheduled site visit is to ensure that a provider or supplier is operational at the practice location found on the Medicare enrollment application, a Medicare contractor may also verify established supplier standards or performance standards other than conditions of participation (CoP) subject to survey and certification by the State Survey agency, where applicable, to ensure that the supplier remains in compliance with program requirements.

To assist readers in understanding the type of providers and suppliers that we propose to include in the “moderate” risk level, we are providing the following table.

(3) High

For those provider and supplier categories within the “high” level of risk, we propose that, in addition to the screening tools applicable to the “limited” and “moderate” levels of risk, Medicare contractors would use the following screening tools in the enrollment process: (1) Criminal background check; and (2) submission of fingerprints using the FD-258 standard fingerprint card. (The FD-258 fingerprint card is recognized nationally and can be found at local, county or State law enforcement agencies where, for a fee, agencies will supply the card and take the fingerprints.) We propose that these tools would be applied to owners, authorized or delegated officials or managing employees of any provider or supplier within the “high” level of risk. We believe that criminal background checks will assist CMS in determining if an individual, such as an owner, authorized official, or delegated official, or managing employee of a high-risk provider or supplier type, submitted a complete and truthful Medicare enrollment application and whether an individual is eligible to enroll in the Medicare program or maintain Medicare billing privileges. We also believe that use of fingerprinting will help in verification of an individual's identity and help resolve issues associated with identity theft as discussed below. We believe that this position is supported by testimony of the GAO before the subcommittees for Health and Oversight and Ways and Means within the House of Representatives on June 15, 2010, stating in part that “[c]hecking the background of providers at the time they apply to become Medicare providers is a crucial step to reduce the risk of enrolling providers intent on defrauding or abusing the program. In particular, we have recommended stricter scrutiny of enrollment processes for two types of providers whose services and items CMS has identified as especially vulnerable to improper payments—home health agencies (HHAs) and suppliers of durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS).”

In § 424.518(c)(1), we are proposing that, unless they are publicly traded on the NYSE or NASDAQ, newly enrolling HHAs and suppliers of DMEPOS are within the “high” risk level. Based on our experience and on work conducted by the HHS OIG and the GAO, and because we do not have the monitoring experience with newly enrolling DMEPOS suppliers or HHAs that we have with those currently enrolled, we have placed these providers and suppliers in the “high” risk category. We are especially concerned about newly enrolling HHAs and suppliers of DMEPOS because of the high number of HHAs and suppliers of DMEPOS already enrolled in the Medicare program and program vulnerabilities that these entities pose to the Medicare program. Below is a list of HHS OIG and GAO reports identifying home health agencies and suppliers of DMEPOS as posing an elevated risk to the Medicare program.

• In a December 2009 report titled, “Aberrant Medicare Home Health Outlier Payment Patterns in Miami-Dade County and Other Geographic Areas in 2008” (OEI-04-08-00570), the HHS OIG recommended that CMS continue with efforts to strengthen enrollment standards for home health providers to prevent illegitimate HHAs from obtaining billing privileges. Start Printed Page 58212

• In a February 2009 report titled, “Medicare: Improvements Needed to Address Improper Payments in Home Health” (GAO-09-185), the GAO concluded that the Medicare enrollment process does not routinely include verification of the criminal history of applicants, and without this information individuals and businesses that misrepresent their criminal histories or have a history of relevant convictions, such as for fraud, could be allowed to enter the Medicare program. In addition, the GAO recommended that CMS assess the feasibility of verifying the criminal history of all key officials named on the Medicare enrollment application.
• In a February 2008 report titled, “Los Angeles County Suppliers' Compliance with Medicare Standards: Results from Unannounced Visits” (OEI-09-07-00550) and in a March 2007 report titled, “South Florida Suppliers' Compliance with Medicare Standards: Results from Unannounced Visits (OEI-03-07-00150), the HHS OIG recommended that CMS strengthen the Medicare DMEPOS supplier enrollment process and ensure that suppliers meet Medicare supplier standards. The HHS OIG provided several options to implement this recommendation including: (1) Conducting more unannounced site visits to suppliers; (2) performing more rigorous background checks on applicants; (3) assessing the fraud risk of suppliers; and (4) targeting, monitoring, and enforcement of high-risk suppliers.
• In a September 2005 report titled, “Medicare: More Effective Screening and Stronger Enrollment Standards Needed for Medical Equipment Suppliers” (GAO-05-656), the GAO concluded that,

CMS is responsible for assuring that Medicare beneficiaries have access to the equipment, supplies, and services they need, and at the same time, for protecting the program from abusive billing and fraud. The supplier standards and NSC's gate keeping activities were intended to provide assurance that potential suppliers are qualified and would comply with Medicare rules. However, there is overwhelming evidence—in the form of criminal convictions, revocations, and recoveries—that the enrollment processes and the standards are not strong enough to thoroughly protect the program from fraudulent entities. We believe that CMS must focus on strengthening the standards and overseeing the supplier enrollment process. It needs to better focus on ways to scrutinize suppliers to ensure that they are responsible businesses, analogous to Federal standards for evaluating potential contractors.

We recognize that there may also be circumstances where a particular provider or supplier or group of providers and suppliers may pose a higher risk of fraud, waste, and abuse than the level identified for their category generally. Therefore, in § 424.518(c)(3), we are proposing specific criteria that we would use to adjust the classification of a provider or supplier into a higher risk level than would generally apply to the category of provider or supplier, in order to address specific program vulnerabilities. We are soliciting comments on specific additional circumstances that might justify shifting a provider or supplier into a higher risk level than would generally apply to its category. We are also soliciting comment on the criteria that we could use to shift the risk level back down.

In § 424.518(c)(3)(i), we are proposing to adjust a provider or supplier from the “limited” or “moderate” risk level to the “high” risk level when CMS has evidence from or concerning a physician or nonphysician practitioner that another individual is using their identity within the Medicare program. While our Medicare contractors have implemented procedures to reduce the possibility of identity theft and use of physician's identity for the purposes of enrolling and fraudulently billing the Medicare program, we believe that we have a responsibility to all individuals participating in the Medicare program to take the necessary steps to investigate and resolve any allegations of identity theft. We do not intend to fingerprint the individual physician or other eligible professional who has been the victim of identity or provider number theft.

In § 424.518(c)(3), we are proposing to adjust a provider or supplier from the “limited” or “moderate” level of risk to the “high” level of risk based on: the provider or supplier having been placed on a previous payment suspension; or the provider or supplier has been excluded by the HHS OIG or had its Medicare billing privileges denied or revoked by a Medicare contractor within the previous 10 years and is attempting to establish additional Medicare billing privileges for a new practice location or by enrolling as a new provider or supplier. In addition, we believe that providers that have been terminated or otherwise precluded from billing Medicaid should be adjusted from the “limited” or “moderate” category to the “high” category. We believe that such providers or suppliers pose an elevated level of risk to the Medicare program.

In § 424.518(c)(3)(iv), we are proposing to adjust providers or suppliers from the “limited” or “moderate” level of risk to the “high” level of risk for 6 months after CMS lifts a temporary moratorium (see section II.C. of this proposed rule) applicable to such providers or suppliers. This would include providers and suppliers revalidating their enrollment if the moratorium is applicable to the provider or supplier type. We are seeking comments on criteria that would justify recategorization of providers or suppliers from the “limited” or “moderate” category to the “high” category. We are also seeking comment on criteria appropriate to the recategorization from “high” to “moderate” or “limited.” We are seeking comment on the applicability of geographical circumstances as a possible criterion for adjusting providers or suppliers from one risk level to another. We are also seeking comments on whether non-practitioner-owned facilities and suppliers should be subject to a higher level of screening than their practitioner-owned counterparts or, whether there is an appropriate corresponding trigger for non-practitioner owned facilities and suppliers. We are seeking comment on whether providers and suppliers should be subject to higher levels of screening when the provider specialty does not match clinic type on an enrollment application. We are seeking comment on what objective conditions might support a broad category of circumstances or factors that would allow us to determine that provider screening levels of risk should be based on “other conditions or factors that CMS determines are necessary to combat fraud, waste, and abuse.”

We are seeking public comment on the appropriateness of using criminal background checks in the provider enrollment screening process, including the instances when such background checks might be appropriate, the process of notifying a provider, supplier or individual that a criminal background check is to be performed, and the frequency of such checks.

We are also seeking comment on the use of fingerprinting as a screening measure in our programs. We recognize that requesting, collecting, analyzing, and checking fingerprints from providers and suppliers are complex and sensitive undertakings that place certain burdens on affected individuals. There are privacy concerns and operational concerns about how to assure individual privacy, how to check fingerprints against appropriate law enforcement fingerprint databases, and how to store the results of the query of the data bases and also how to handle the subsequent analysis of the results. As a result, we are soliciting comments on how CMS or an approved contractor Start Printed Page 58213 should maintain and store fingerprints, what security processes and measures are needed to protect the privacy of individuals, and any other issues related to the use of fingerprints in the enrollment screening process. As indicated in other portions of the document, we think fingerprints would be useful in situations where a provider's identity has been compromised or potentially compromised. We are interested in comments on this and other possible circumstances in which fingerprinting would be potentially useful in provider screening or other fraud prevention efforts. Our proposed screening approach contemplates requesting fingerprints from providers and suppliers categorized as presenting a “high” risk of fraud. We are seeking comment on this requirement, the circumstances under which it is appropriate, limitations on its use and any alternatives to the proposed approach regarding fingerprints. Our proposed approach would allow denial of billing privileges to newly enrolled providers and suppliers and revocation of billing privileges for revalidating providers and suppliers if owners or officials of providers or suppliers refuse to submit fingerprints when requested to do so. We are seeking comments on this proposal including its appropriateness and utility as a fraud prevention tool. In addition, we are also seeking comment on the applicability and appropriateness of using, in addition to or in lieu of fingerprinting, other enhanced identification techniques and secure forms of identification including but not limited to other biological or biometric techniques, passports, United States Military identification, or Real ID drivers licenses. As technology and secure identification techniques change, the tools we use may change to reflect improvements or shifts in technology or in risk identification. We are seeking comment on the appropriate uses of these techniques

We note that any physician or non-physician practitioner or organizational provider or supplier that is denied enrollment into the Medicare program or whose Medicare billing privileges are revoked is afforded due process rights under § 405.874.

To assist readers in understanding the type of providers and suppliers that we propose to include in the “high” risk level, we are providing the following table.

The new screening procedures implemented pursuant to new section 1866(j)(2) of the Act would be applicable to newly enrolling providers and suppliers, beginning on March 23, 2011. These new screening procedures would also be applicable beginning on March 23, 2011 for those providers and suppliers currently enrolled in Medicare, Medicaid, and CHIP who revalidate their enrollment information. For Medicare, this will impact those providers and suppliers whose revalidation cycle results in revalidation occurring between March 23, 2011 and March 23, 2012. Finally, these new procedures would be applicable to currently enrolled Medicare, Medicaid, and CHIP providers and suppliers beginning on March 23, 2012, in accordance with section 1866(j)(2)(ii) of the Act. As such, some providers and suppliers may be required to revalidate their enrollment outside of their regular revalidation cycle.

b. General Screening of Providers—Medicaid and CHIP

Section 1902(ii)(1) of the Act requires that States comply with the process for screening providers established by the Secretary under section 1866(j)(2) of the Act ^[4] . Section 2107(e)(1) of the Act provides that all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(ii) of the Act apply to CHIP. We propose in new regulation § 457.990 that all the provider screening, provider application, and moratorium regulations that apply to Medicaid providers will apply to providers that participate in CHIP. In addition, in this proposed rule, we refer to State Medicaid agencies as responsible for screening Medicaid-only providers. CHIP is often not administered by the Medicaid agency. Throughout this proposed rule, with respect to those instances, “State Medicaid agency” should be read as “Children's Health Insurance Program agency.”

Because it would be inefficient and costly to require States to conduct the same screening activities that Medicare contractors perform for dually-enrolled providers, we are proposing that a State may rely on the results of the screening conducted by a Medicare contractor to meet the provider screening requirements under Medicaid and CHIP. Similarly, we propose in § 455.410 that State Medicaid agencies may rely on the results of the provider screening performed by their sister State Medicaid programs and CHIP. For Medicaid-only providers or CHIP-only providers, we are proposing that States follow the same screening procedures that CMS or its contractors follow with respect to Medicare providers and suppliers.

As noted above, section 1902(ii)(1) of the Act requires that State screening methods follow those performed under the Medicare program. For the sake of brevity, we will not restate those methods verbatim. We propose that States follow the rationale that we have set forth for Medicare in section II.A.3. of this proposed rule, and that we use as the basis for § 455.450. For the types of providers that are recognized as a provider or supplier under the Medicare program, States will use the same risk level that is assigned to that category of provider by Medicare. For those Medicaid and CHIP provider types that are not recognized by Medicare, States will assess the risk posed by a particular provider or provider type. States should examine their programs to identify specific providers or provider types that may present increased risks of fraud, waste or abuse to their Medicaid programs or CHIP. States are uniquely qualified to understand issues involved with balancing beneficiaries' access to medical assistance and ensuring the fiscal integrity of the Medicaid programs and CHIP. However, where applicable, we expect that States will assess the risk of fraud, waste, and abuse using similar criteria to those used in Medicare. For example, physicians and non-physician practitioners, medical groups and Start Printed Page 58214 clinics that are State-licensed or State-regulated would generally be categorized as limited risk, as would providers publicly traded on the NYSE or NASDAQ. Those provider types that are generally highly dependent on Medicare, Medicaid and CHIP to pay salaries and other operating expenses and which are not subject to additional government or professional oversight would be considered moderate risk, and those provider types identified by the State as being especially vulnerable to improper payments would be considered high risk. States will then screen the provider using the screening tools applicable to that risk assigned. However, we are not proposing to limit or otherwise preclude the ability of States to engage in provider screening activities beyond those required under section 1866(j)(2) of the Act, including, but not limited to, assigning a particular provider type to a higher risk level than the level assigned by Medicare.

As with the proposed screening provisions for Medicare, we are soliciting comments on the applicability of these proposals for Medicaid as well. We are seeking comment on the proposed assignment of specific provider types to established risk categories, including whether such assignments should be released publicly, whether they should be reconsidered and updated according to an established schedule, and what criteria should be considered in making such assignments.

Based on the level of risk assigned to a provider or provider type, we propose that States conduct the following screenings:

All States do not routinely require persons with an ownership or control interest or who are agents or managing employees of the provider to submit SSNs or dates of birth (DOBs). Without such critical personal identifiers, it is difficult to be certain of the identity of persons with an ownership or control interest or who are agents or managing employees of the provider, and it may be difficult for States to conduct the screening proposed under this rule. Accordingly, and to be consistent with Medicare requirements, pursuant to our general rulemaking authority under section 1102 of the Act, we propose in § 455.104 to require that States will require submission of SSNs and DOBs for all persons with an ownership or control interest in a provider. In addition to the amendment to § 455.104, we are proposing to revise that section for the sake of clarity both for the disclosing entities' provision and the States' collection of the disclosures. We recognize that there may be privacy concerns raised by the submission of this personally identifiable information as well as concerns about how the States will assure individual privacy as appropriate; however, we believe this personally identifiable information is necessary for States to adequately conduct the provider screening activities under this proposed rule. We are seeking comment specifically on this issue.

Although the level of screening may vary depending on the risk of fraud, waste or abuse the provider represents to the Medicaid program or CHIP, under section 1866(j)(2)(B)(i) of the Act, all providers would be subject to licensure checks. Therefore, we are proposing that States be required to verify the status of a provider's license by the State of issuance and whether there are any current limitations on that license.

As stated above, pursuant to section 2107(e)(1) of the Act, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(ii) of the Act apply to CHIP. Because we are proposing a new regulation in Part 457 under which all provider screening requirements that apply to Medicaid providers will apply to providers that participate in CHIP, these requirements for provider screening and assigning of categories of risk of fraud, waste, or abuse, as well as verification of licensure, under § 455.412 and § 455.450 will apply in CHIP.

1. Database Checks—Medicaid and CHIP

States employ several database checks, including database checks with the Social Security Administration and the NPPES, to confirm the identity of an individual or to ensure that a person with an ownership or control interest is eligible to participate in the Medicaid program.

A critical element of Medicaid program integrity is the assurance that persons with an ownership or control interest or who are agents or managing employees of the provider do not receive payments when excluded or debarred from such payments. Accordingly, in § 455.436, we propose that States be required to screen all persons disclosed under § 455.104 against the OIG's LEIE and the General Services Administration's EPLS. We propose that States be required to conduct such screenings upon initial enrollment and monthly thereafter for as long as that provider is enrolled in the Medicaid program.

We also propose at § 455.450, as well as § 455.436, that database checks be conducted on all providers on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type.

As stated above, pursuant to section 2107(e)(1) of the Act, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(ii) of the Act apply to CHIP. Because we are proposing a new regulation in Part 457 under which all provider screening requirements that apply to Medicaid providers will apply to providers that participate in CHIP, this requirement for database checks under § 455.436 will apply in CHIP.

2. Unscheduled and Unannounced Site Visits—Medicaid and CHIP

Section 1866(j)(2)(B)(ii)(III) of the Act states that the Secretary, based on the level of fraud, waste, and abuse, may conduct unscheduled and unannounced site visits, including pre-enrollment site visits, for prospective providers and those providers already enrolled in the Start Printed Page 58215 Medicare and Medicaid programs and CHIP.

Some States already require site visits, often for provider categories at increased risk of fraud, waste or abuse such as home health and non-emergency transportation. According to FY 08 State Program Integrity Assessment (SPIA) data, at least 16 States report that they perform some type of site visits. However, such efforts vary widely across the country and are subject to budget shortfalls.

We are also proposing to require in § 455.432 and § 455.450(b) that States must conduct pre-enrollment and post-enrollment site visits for those categories of providers the State designates as being in the “moderate” or “high” level of risk.

Further, in § 455.432, pursuant to our general rulemaking authority under section 1102 of the Act, we are proposing that any enrolled provider must permit the State Medicaid agency and CMS, including CMS' agents or its designated contractors, to conduct unannounced on-site inspections to ensure that the provider is operational at any and all provider locations.

We maintain that site visits are essential in determining whether a provider is operational at the practice location found on the Medicaid enrollment agreement. We expect these requirements to increase the number of both pre-enrollment and post-enrollment site visits for those provider types that pose an increased financial risk of fraud, waste, or abuse to the Medicaid program.

We propose that failure to permit access for site visits would be a basis for denial or termination of Medicaid enrollment as specified in § 455.416.

As stated above, pursuant to section 2107(e)(1) of the Act, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(ii) of the Act apply to CHIP. Because we are proposing a new regulation in Part 457 under which all provider screening requirements that apply to Medicaid providers will apply to providers that participate in CHIP, this requirement for site visits under § 455.432 will apply in CHIP.

3. Provider Enrollment and Provider Termination—Medicaid and CHIP

States may refuse to enroll or may terminate the enrollment agreement of providers for a number of reasons related to a provider's status or history, including an exclusion from Medicare, Medicaid, or any other Federal health care program, conviction of a criminal offense related to Medicare or Medicaid, or submission of false or misleading information on the Medicaid enrollment application. Failure to provide disclosures is another reason for termination from participation in the Medicaid program.

Federal regulations beginning at § 455.100 require certain disclosures by providers to States before enrollment. States require additional disclosures prior to enrollment. Some States require periodic re-enrollment and disclosure at that time. However, States vary in the frequency of such re-disclosures. Providers are also inconsistent in keeping their enrollment information current, including items as elementary as their address.

We are proposing, at § 455.414, pursuant to our general rulemaking authority under section 1102 of the Act, that all providers undergo screening pursuant to the procedures outlined herein at least once every 5 years, consistent with current Medicare requirements for revalidation.

In § 455.416, we propose to establish termination provisions, requiring States to deny or terminate the enrollment of providers: (1) Where any person with an ownership or control interest or who is an agent or managing employee of the provider does not submit timely and accurate disclosure information or fails to cooperate with all required screening methods; (2) that are terminated on or after January 1, 2011 by Medicare or any other Medicaid program or CHIP (see section II.F. of this proposed rule); and (3) where the provider or any person with an ownership or control interest or who is an agent or managing employee of the provider fails to submit sets of fingerprints within 30 days of a State agency or CMS request. We propose to permit States to deny enrollment to a provider if the provider has falsified any information on an application if CMS or the State cannot verify the identity of the applicant. We also propose to require States to deny enrollment to providers, unless States determine in writing that denial of enrollment is not in the best interests of the State's Medicaid program, in these circumstances: (1) The provider or a person with an ownership or control interest or who is an agent or managing employee of the provider fails to provide accurate information; (2) the provider fails to provide access to the provider's locations for site visits, or (3) the provider, or any person with an ownership or control interest, or who is an agent or managing employee of the provider has been convicted of a criminal offense related to that person's involvement in Medicare, Medicaid, or CHIP in the last ten years. We believe that providers can significantly reduce the likelihood of fraud, waste or abuse by providing and maintaining timely and accurate Medicaid enrollment information. We believe the Medicaid program will be better protected by not allowing persons with serious criminal offenses related to Medicare, Medicaid, and CHIP to serve as providers.

We propose at § 455.416 that the State be allowed to deny an initial enrollment application or agreement submitted by a provider or terminate the Medicaid enrollment of a provider, including an individual physician or non-physician practitioner, if CMS or the State is not able to verify an individual's identity, eligibility to participate in the Medicaid program, or determines that information on the Medicaid enrollment application was falsified.

In § 455.420, we propose to require that any providers whose enrollment has been denied or terminated must undergo screening and pay all appropriate application fees again to enroll or re-enroll as a Medicaid provider.

We propose at § 455.422 that in the event of termination under § 455.416, the State Medicaid agency must give a provider any appeal rights available under State law or rule.

As stated above, pursuant to section 2107(e)(1) of the Act, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(ii) of the Act apply to CHIP. Because we are proposing a new regulation in Part 457 under which all provider screening requirements that apply to Medicaid providers will apply to providers that participate in CHIP, these requirements for provider enrollment, provider termination, and provider appeal rights under §§ 455.414, 455.416, 455.420, and 455.422 will apply in CHIP.

4. Criminal Background Checks and Fingerprinting—Medicaid and CHIP

Section 1866(j)(2)(B)(ii)(II) of the Act allows the Secretary to use fingerprinting during the screening process; and while several States have implemented procedures to require fingerprinting of physicians and non-physician practitioners as a condition of licensure, we maintain that if a State designates a provider as within the “high” level of risk as described previously, each person with an ownership or control interest of that provider or who is an agent or managing employee of the provider should be subject to fingerprinting.

We maintain that adding fingerprinting to State screening processes for those providers that pose the greatest risk to the Medicaid program will allow CMS and the State to: (1) Verify The individual's identity; Start Printed Page 58216 (2) determine whether the individual is eligible is participate in the Medicaid program; (3) ensure the validity of information collected during the Medicaid enrollment process; and (4) prevent and detect identity theft. Ensuring the identity of “high” risk Medicaid providers through fingerprinting protects both the Medicaid program and providers whose identities might otherwise be stolen as part of a scheme to defraud Medicaid.

In addition, while § 455.106 requires providers to submit information to the Medicaid agency on criminal convictions related to Medicare and Medicaid and title XX, current regulations do not require States to verify data submitted as part of the Medicaid enrollment application and they are sometimes not able to verify information that was purposefully omitted or changed in a manner to obfuscate any previous criminal activity. According to fiscal year (FY) 2008 SPIA data, at least 20 States report that they conduct some type of criminal background check as part of their Medicaid enrollment practices.

Elements of a robust criminal background check could include, but are not necessarily limited to: (1) Conducting national and State criminal records checks; and (2) requiring submission of fingerprints to be used for conducting the criminal records check and verification of identity.

We are proposing in § 455.434 and § 455.450 for those categories of providers that a State Medicaid agency determines is within the “high” level of risk, the State must: (1) Conduct a criminal background check of each person with an ownership or control interest or who is an agent or managing employee of the provider, and (2) require that each person with an ownership or control interest or who is an agent or managing employee of the provider to submit his or her fingerprints. While the FD-258 fingerprint card is recognized nationally and can be found at local, county, or State law enforcement agencies where, for a fee, agencies will supply the card and take the fingerprints, the State Medicaid agency has the discretion to determine the form and manner of submission of fingerprints.

At § 455.434, we propose that the State Medicaid agency must require providers or any person with an ownership or control interest or who is an agent or managing employee of the provider to submit fingerprints in response to a State's or CMS' request.

We are seeking public comment on the appropriateness of using criminal background checks in the provider enrollment screening process, including the instances when such background checks might be appropriate, the process of notifying a provider or individual that a criminal background check is to be performed, and the frequency of such checks.

We are also seeking comment on the use of fingerprinting as a screening measure. We recognize that requesting, collecting, analyzing, and checking fingerprints from providers are complex and sensitive undertakings that place certain burdens on affected individuals. There are privacy concerns and operational concerns about how to assure individual privacy, how to check fingerprints against appropriate law enforcement fingerprint databases, and how to store the results of the query of the databases and also how to handle the subsequent analysis of the results. As a result, we are soliciting comments on how CMS or a State Medicaid agency should maintain and store fingerprints, what security processes and measures are needed to protect the privacy of individuals, and any other issues related to the use of fingerprints in the enrollment screening process. As indicated in other portions of the document, we think fingerprints would be useful in situations where a provider's identity has been compromised or potentially compromised. We are interested in comments on this and other possible circumstances in which fingerprinting would be potentially useful in provider screening or other fraud prevention efforts. Our proposed screening approach contemplates requesting fingerprints from providers categorized as presenting a “high” risk of fraud. We are seeking comment on whether this is an appropriate requirement, the circumstances under which it might be appropriate or inappropriate, and any alternatives to the proposed approach regarding fingerprints. Our proposed approach would allow States to deny enrollment to newly-enrolling providers and to terminate existing providers if individuals who have an ownership or control interest in the provider or who are agents or managing employees of the provider refuse to submit fingerprints when requested to do so. We are seeking comments on this proposal including its appropriateness and utility as a fraud prevention tool.

In addition, we are also seeking comment on the applicability and appropriateness of using, in addition to or in lieu of fingerprinting, other enhanced identification techniques and secure forms of identification including but not limited to passports, United States Military identification, or Real ID drivers licenses. As technology and secure identification techniques change, the tools we or State Medicaid agencies use may change to reflect changes in technology or in risk identification. We are seeking comment on the appropriate uses of these techniques and the ways in which we should notify the public about any tools CMS or State Medicaid agencies would adopt. We also welcome comments on whether there should be differences allowed between Federal and State techniques, or among States, and if so, on what basis.

As stated above, pursuant to section 2107(e)(1) of the Act, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(ii) of the Act apply to CHIP. Because we are proposing a new regulation in Part 457 under which all provider screening requirements that apply to Medicaid providers will apply to providers that participate in CHIP, these requirements for criminal background checks and fingerprinting under § 455.434 will apply in CHIP.

5. Deactivation and Reactivation of Provider Enrollment—Medicaid and CHIP

Section 1902(ii)(1) of the Act requires the screening of Medicaid providers to ensure they are eligible to provide services and receive payments. While the ACA does not specifically require it, we maintain that it is important to the protection of the Medicaid program and consistent with longstanding Medicare requirements to identify and deactivate the enrollment of inactive Medicaid providers.

Accordingly, in § 455.418, we propose that any Medicaid provider that has not submitted any claims or made a referral that resulted in a Medicaid claim for a period of 12 consecutive months must have its Medicaid provider enrollment deactivated. Further, we propose that any such provider wishing to be reinstated to the Medicaid program must first undergo all disclosures and screening required of any other applicant. In addition, the provider must pay any associated application fees under § 455.426.

As stated above, pursuant to section 2107(e)(1) of the Act, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(ii) of the Act apply to CHIP. Because we are proposing a new regulation in Part 457 under which all provider screening requirements that apply to Medicaid providers will apply to providers that participate in CHIP, this requirement for deactivation of provider enrollment under § 455.418 will apply in CHIP. Start Printed Page 58217

6. Enrollment and NPI of Ordering or Referring Providers—Medicaid and CHIP

Section 1902(ii)(7) of the Act provides that States must require all ordering or referring physicians or other professionals to be enrolled under a Medicaid State plan or waiver of the plan as a participating provider. Further, the NPI of such ordering or referring provider or other professional must be on any Medicaid claim for payment based on an order or referral from that physician or other professional.

Providers and suppliers under Medicare and providers in the Medicaid program are already subject to the requirement that the NPI be on applications to enroll and on all claims for payment, pursuant to section 6402(a) of the ACA, amending section 1128J of the Act, and under § 424.506, § 424.507, and § 431.107, as amended by the May 5, 2010 interim final rule with comment (75 FR 24437).

In § 455.410, we propose that any physician or other professional ordering or referring services for Medicaid beneficiaries must be enrolled as a participating provider by the State in the Medicaid program. This applies equally to fee-for-service providers or MCE network-level providers.

Additionally, we propose to amend § 438.6 to require that States must include in their contracts with MCEs a requirement that all ordering and referring network-level MCE providers be enrolled in the Medicaid program, as are fee-for-service providers, and thus are screened directly by the State.

Although the NPI requirements in section 6402(a) of the ACA did not extend to CHIP providers, section 6401 of the ACA does apply equally to CHIP, and the proposed requirement herein for ordering and referring physicians or other professionals under the Medicaid program would apply equally under CHIP.

In addition, in § 455.440, we propose that all claims for payment for services ordered or referred by such a physician or other professional must include the NPI of the ordering or referring physician or other professional. This applies equally to fee-for-service providers or MCE network-level providers.

It is essential that all such claims have the ordering or referring NPI and that the State has properly screened the ordering or referring physician or other professional. Without such assurances, it is difficult for CMS or the State to determine the validity of individual claims for payment or to conduct effective data mining to identify patterns of fraud, waste, and abuse.

As stated above, pursuant to section 2107(e)(1) of the Act, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(ii) of the Act apply to CHIP. Because we are proposing a new regulation in Part 457 under which all provider screening requirements that apply to Medicaid providers will apply to providers that participate in CHIP, these requirements for provider enrollment and NPI under §§ 455.410 and 455.440 will apply in CHIP.

7. Other State Screening—Medicaid and CHIP

Section 1902(ii)(8) of the Act establishes that States are not limited in their abilities to engage in provider screening beyond those required by the Secretary. Accordingly, in § 455.452, we propose that States may utilize additional screening methods, in accordance with their approved State plan.

As stated above, pursuant to section 2107(e)(1) of the Act, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(ii) of the Act apply to CHIP. Because we are proposing a new regulation in Part 457 under which all provider screening requirements that apply to Medicaid providers will apply to providers that participate in CHIP, this requirement for other State screening under § 455.452 will apply in CHIP.

B. Application Fee—Medicare, Medicaid, and CHIP

1. Statutory Changes

Section 6401(a) of the ACA, as amended by section 10603 of the ACA, amended section 1866(j) of the Act and requires the Secretary of DHHS to impose a fee on each “institutional provider of medical or other items or services or supplier,” The fee would be used by the Secretary to cover the cost of screening and to carry out the screening and other program integrity efforts under section 1866(j) and section 1128J of the Act. Since section 10603 of the ACA excludes eligible professionals, such as physicians and nurse practitioners, from paying an enrollment application fee, we maintain that an “institutional provider of medical or other items or services or supplier” would be any health care provider that bills Medicare, Medicaid, or CHIP on a fee-for-service basis, with the exception of Part B medical groups or clinics and physician and nonphysician practitioners who submit the CMS 855I to enroll in Medicare.

Section 1866(j)(2)(D)(i) of the Act states that the new screening procedures implemented pursuant to section 6401 of the ACA would be applicable to newly enrolling providers, suppliers, and eligible professionals who are not enrolled in Medicare, Medicaid, or CHIP by March 23, 2011. Accordingly, the enrollment application fees for newly enrolling institutional providers and suppliers would be applicable on that date as well.

Section 1866(j)(2)(D)(ii) of the Act states that the new screening procedures will apply to currently enrolled Medicare, Medicaid, and CHIP providers, suppliers, and eligible professionals beginning on March 23, 2012. However, because the new procedures will be applicable beginning on March 23, 2011 for those providers, suppliers, (and eligible professionals) currently enrolled in Medicare, Medicaid and CHIP that revalidate their enrollment information, we will begin collecting the application fee for those revalidating entities for all revalidation activities beginning after March 23, 2011.

Section 1866(j)(2)(C)(ii) of the Act permits the Secretary, acting through CMS, to, on a case-by-case basis, exempt a provider or supplier from the imposition of an application fee if CMS determines that the imposition of the enrollment application fee would result in a hardship. It also permits the Secretary to waive the enrollment application fee for Medicaid providers for whom the State demonstrates that imposition of the fee would impede Medicaid beneficiaries' access to care.

Section 1866(j)(2)(C)(i)(I) of the Act establishes a $500 application fee for providers and suppliers in 2010. For 2011 and each subsequent year, the amount of the fee would be the amount for the preceding year, adjusted by the percentage change in the consumer price index for all urban consumers (all items; United States city average), (CPI-U) for the 12-month period ending with June of the previous year. To ease the administration of the fee, if the adjustment sets the fee at an uneven dollar amount, CMS will round the fee to the nearest whole dollar amount.

2. Proposed Provisions

In § 424.502, we also propose to establish a definition for an “institutional provider” as it relates to the submission of an application fee. We propose that an “institutional provider” means any provider or supplier that submits a paper Medicare enrollment application using the CMS-855A, CMS-855B (but not physician and nonphysician practitioner Start Printed Page 58218 organizations), or CMS-855S or associated Internet-based PECOS enrollment application.

For purposes of Medicare, Medicaid, and CHIP, we interpret the statutory reference to “institutional provider[s] of medical or other items or services or supplier” to include, but not be limited to: the range of ambulance service suppliers; ASCs; CMHCs; CORFs; DMEPOS suppliers; ESRD facilities; FQHCs; histocompatibility laboratories; HHAs; hospices; hospitals, including but not limited to acute inpatient facilities, inpatient psychiatric facilities (IPFs), inpatient rehabilitation facilities (IRFs), and physician-owned specialty hospitals; CAHs; independent clinical laboratories; IDTFs; mammography centers; mass immunizers (roster billers); OPOs; outpatient physical therapy/occupational therapy/speech pathology services, portable x-ray suppliers; SNFs; slide preparation facilities; radiation therapy centers; RNHCIs; and RHCs.

In addition to the providers and suppliers listed above, for purposes of Medicaid and CHIP, we propose that a State may impose the application fee on any institutional entity that bills the State Medicaid program or CHIP on a fee-for-service basis, such as: Personal care agencies, non-emergency transportation providers, and residential treatment centers, in accordance with the approved Medicaid or CHIP State plan.

We propose that an application fee will not be required from an eligible professional who reassigns Medicare benefits to another individual or organization, since it would not create a new enrollment of an institutional provider or supplier that would result in an application fee. In addition, we propose that in no case would the application fee be required from any individual physician or Part B medical group/clinic.

We propose that an application fee will be required with the submission of an initial enrollment application, the application to establish a new practice location, as a part of revalidation, or in response to a Medicare contractor revalidation request.

We are proposing that prospective institutional providers and suppliers as well as currently enrolled providers who are re-enrolling or revalidating their enrollment in Medicare must submit the applicable application fee or submit a request for a hardship exception to the application fee at the time of filing a Medicare enrollment application on or after March 23, 2011 in the case of prospective providers or suppliers, and in the case of revalidations. We believe that it is essential that a Medicare contractor be able to receive and deposit the application fee or consider the institutional provider's request for a hardship exception prior to initiating an application review. Therefore, Medicare contractors would not begin processing an application for either a new provider or supplier, or for a provider or supplier that is currently enrolled, until the enrollment application fee is received and is credited to the United States Treasury.

The fee would accompany the certification statement that the provider or supplier signs, dates, and mails to the Medicare contractor if the provider or supplier uses Internet-based PECOS to enroll or revalidate. The fee would accompany the paper CMS-855 provider enrollment application if the provider or supplier enrolls or revalidates by paper. Because the statutory provisions are effective for newly enrolling providers and suppliers effective March 23, 2011 institutional providers and suppliers will not be required to furnish the application fee with applications submitted before that date. However, because the ACA provides that the new procedures will be applicable beginning on March 23, 2011 for those providers and suppliers, (and eligible professionals) currently enrolled in Medicare, Medicaid, and CHIP that revalidate their enrollment information, CMS will begin collecting the application fee for those revalidating entities for all revalidation activities beginning after March 23, 2011. We will not collect the fee from individual physicians and eligible professionals.

We propose that the Medicare contractor reject and return to the provider or supplier an initial enrollment application submitted by a provider or supplier, without further review as to whether the provider or supplier qualifies to enroll in the Medicare program, when the Medicare enrollment application or the Certification Statement is received by the Medicare contractor and the provider or supplier did not include a request for hardship exception to the application fee, did not include the application fee or the appropriate number of application fees, if applicable. We do not believe that it is appropriate for a Medicare contractor to begin the application review process without first having received the application fee.

We propose that the Medicare contractor reject any initial enrollment applications submitted after March 23, 2011, if a provider or a supplier did not furnish the application fee at the time of filing, using § 424.525(a)(3) as the legal basis for the rejection.

In § 424.525(a)(3), we propose adding a new reason why a Medicare contractor could reject an initial enrollment application or an application to establish a new practice location. Specifically, we are proposing a new § 424.525(a)(3) to state, “The prospective institutional provider or supplier does not submit an application fee in the appropriate amount or a hardship exception request with the Medicare enrollment application at the time of filing.”

We also believe that a Medicare contractor should be allowed to reject an initial enrollment application received from a provider or supplier on or after March 23, 2011, using § 424.525(a)(1) as the legal basis, if, for any reason, CMS or the Medicare contractor is not able to deposit the full application amount into a government-owned account and credited to the U.S. Treasury. In the case where a provider or supplier did not submit the application fee because they requested a hardship exception that is not granted, a provider or supplier has 30 days from the date on which the contractor sends notice of the rejection of the hardship exception request to send in the required application fee and application forms.

In § 424.535, we propose adding a new reason why a Medicare contractor can revoke Medicare billing privileges. Specifically, we are proposing a new § 424.535(a)(6)(i) to state that billing privileges may be revoked if “An institutional provider does not submit an application fee or hardship exception request that meets the requirements set forth in § 424.514 with the Medicare revalidation application or the hardship exception is not granted.”

In addition, in § 424.535, we are proposing a new § 424.535(a)(6)(ii) to state that billing privileges shall be revoked if “The Medicare contractor is not able to deposit the full application amount into a government-owned account or the funds are not able to be credited to the U.S. Treasury.”

In § 424.514(b), we are proposing that currently enrolled institutional providers and suppliers that are subject to CMS revalidation efforts must submit the applicable application fee or submit a request for a hardship exception to the application fee at the time of filing a Medicare enrollment application on or after March 23, 2011.

In § 424.514(d)(2)(iii), we propose that institutional providers and suppliers submit the application fee with each initial application, application to establish a new practice location, or Start Printed Page 58219 with the submission of an application in response to a Medicare contractor revalidation request.

In § 424.514(d)(2), we propose that the application fee be based on the amount calculated by CMS using the CPI-U as of June 30 of the previous year and adjusted annually to be effective January 1st of the following year. The application fee for a given year will be effective from January 1 to December 31 of a calendar year.

In § 424.514(d)(2)(v), we propose that the application fee be non-refundable. Neither the Federal government, its Medicare contractors, State Medicaid agencies or CHIP should be liable for reimbursement of the application fee to the provider or supplier if the application fee has been received by the Medicare contractor and deposited into a Government-owned account and, later, during the course of verifying, validating, and processing the information in the enrollment application, CMS or its Medicare contractor appropriately denies the enrollment application. Appropriate denial requires a substantive reason and applications will not be denied over inconsequential errors or omissions or over errors or omissions corrected timely.

In § 424.514(d)(4)(vi), we propose that a provider or supplier must submit a new application fee if the provider or supplier resubmits a Medicare enrollment application because a previously-submitted enrollment application was appropriately denied or rejected. In some cases, a rejected application would be returned to the provider or supplier along with the application fee; in other cases, the application would be denied and the application fee retained by the Federal government because the processing of the application would have already begun. In those latter cases, CMS funds would have been expended for some or all of the required screening involved in processing the application. For example, if a home health agency enrollment application is rejected because the enrollment application, or the certification statement generated by Internet-based PECOS, was not signed, the enrollment application would be rejected and it and the check for the application fee would both be returned to the home health agency. If a home health agency enrollment application is denied based on non-compliance with a provider enrollment requirement or because the HHA did not meet the conditions of participation for its provider type, the enrollment would be denied and the application fee would be retained by the Federal government. If the HHA wishes to send a new enrollment application, it would have to include another application fee with that new enrollment application. Similarly, we propose that a provider or supplier would be required to submit to the Medicare contractor a new application fee with a subsequent enrollment application if, among other things, the previous enrollment application was rejected because the provider or supplier did not timely furnish the Medicare contractor with the applicable supporting documentation or information necessary to complete its review and verification of the previous enrollment application.

In § 424.514(d)(6)(vii), we propose that the application fee must be able to be deposited into a government-owned account.

Because we are proposing that a State may rely on the results of the screening conducted by the Medicare contractor to meet the screening requirements for participation in a State Medicaid program or CHIP, we propose that, for dually participating providers, the application fee would be imposed at the time of the Medicare enrollment application, consistent with the procedures described above. Additionally, because the purpose of the application fee is to, in part, cover the costs of conducting the provider and supplier screening activities, we propose that a provider or supplier enrolled in more than one program (that is, Medicare and Medicaid or CHIP, or all three programs) would only be subject to the application fee under Medicare and that the fee would cover screening activities for enrollment in all programs.

Section 1866(j)(2)(C)(iii) of the Act also permits the Secretary to grant, on a case-by-case basis, exceptions to the application fee for institutional providers and suppliers enrolled in the Medicare and Medicaid programs and CHIP if the Secretary determines that imposition of the fee would result in a hardship. One instance that might support a request for hardship exception is in the event of a national public health emergency where a provider or supplier is enrolling for purposes of furnishing services required as a result of the national public health emergency situation. Such requests will be considered on a case-by-case basis, as required by the statute. In addition, we are soliciting comments on the appropriate objective criteria that should be used in making a hardship determination and if there are any other circumstances in which such exemptions should be allowed. We are also seeking comment on the kinds of documents to be submitted to CMS or its contractor to exhibit hardship, including any comments on the financial or legal records that might be needed to make a determination of hardship. Section 1866(j)(2)(C)(iii) of the Act also permits the Secretary to waive the application fee for providers enrolled in a State Medicaid program for whom the State demonstrates that imposition of the fee would impede beneficiary access to care. We are soliciting comments on how waivers from the application fee should be implemented for Medicaid-only or dually-participating Medicare and Medicaid providers and suppliers specifically those seeking to furnish services where beneficiary access issues are prevalent, either geographically or in the provision of the services.

We are committed to assuring access to care for program beneficiaries. We are in the process of undertaking a review of promising practices related to ensuring access in the Medicaid program and CHIP. We will incorporate information from that review into developing appropriate access criteria for purposes of the required fee. We are also soliciting comments on the appropriate criteria that we should consider. We are particularly interested in hearing from States, providers, advocates, and other stakeholders relating to concrete examples based on experiences in using specific access criteria.

Based on the statutory requirements for calculating the application fee, we offer the following example for purely illustrative purposes. The initial application fee beginning in 2010 is established by law at $500. However, for the following year, when the annual Consumer Price Index (CPI-U) is calculated for the period ending June 2010, we would recalculate the application fee using the CPI-U. Thus, if the CPI increased by 2.34 percent for the 12-month period ending June 2010, the application fee would be calculated by multiplying the fee for the year by the CPI-U. The $500 application fee established by law in 2010 would be multiplied by 1.0234 to give $511.70. We would then round to the nearest dollar amount of $512.00. This would be the amount of the fee in effect for 2011, and would apply to applications received after the effective date of the statute—March 23, 2011 for newly enrolling providers and suppliers and for revalidating providers and suppliers. A similar process, based on the CPI-U for the period of July 1, 2010 through June 30, 2011 would be used to calculate the fee that would become effective on January 1, 2012, and that Start Printed Page 58220 would apply to new and currently enrolled providers or suppliers that submit applications on or after March 23, 2012. In § 424.514(d)(2), we propose that the annually recalculated application fee amount would be effective for the calendar year during which the application for enrollment is being submitted.

The amount of the application fee that is required of enrolling providers or suppliers, would be the amount that is in effect on the day the provider or supplier mails an enrollment application or Certification Statement, postmarked by the USPS, or if mailed through a private mail service, the date of receipt by the Medicare contractor. Because the application fee will become an integral part of the enrollment process, we believe that it is essential that we notify State Medicaid agencies and the public about any changes in the application fee prior to implementing a change in the fee. Accordingly, we would afford States and the public with at least 30 days' notice of any impending change in the application fee. We will make such notification annually in the Federal Register and by issuing guidance to the State Medicaid and CHIP Directors, issuing CMS provider and supplier listserv messages, making announcements at CMS Open Door Forums, and placing information on the CMS Provider/Supplier Enrollment Web page ( http://www.cms.gov/​MedicareProviderSupEnroll ).

We are proposing that a provider or supplier that believes it is entitled to a hardship exception from the application fee enclose a letter with the enrollment application or, if using Internet-based PECOS, with the Certification Statement, explaining the nature of the hardship. Further, we propose that we would not begin to process an enrollment application submitted with a letter requesting a hardship exception from the application fee until it makes a decision on whether to grant the exception. Further, we are proposing that we make a hardship exception determination within 60 days from receipt of the request from an institutional provider and CMS contractor notify the applicant or enrolled institutional provider or supplier by letter approving or denying the request for a hardship exception. Moreover, if we deny the request for hardship exception, we would provide our reason(s) for denying the hardship exception.

In § 424.530(a)(8), we propose adding a new reason why a Medicare contractor can deny Medicare billing privileges. Specifically, we are proposing a new § 424.530(a)(8) to state, “An institutional provider's or supplier's ‘hardship exception’ request is not granted.”

In 424.535(a)(6)(i), we propose adding a new reason why a Medicare contractor can revoke Medicare billing privileges. Specifically, we are proposing a new § 424.535(a)(6)(i) to state, “An institutional provider does not submit an application fee or ‘hardship exception’ request that meets the requirements set forth in § 424.514 with the Medicare revalidation application or the hardship exception request is not granted and the institutional provider or supplier does not submit the required application fee within 30 days of being notified that the exception request was not approved.

We are also proposing that an institutional provider may appeal the determination not to grant a hardship exception from the application fee using the provider enrollment appeals process established in § 405.874 and found in 1866(j)(2) of the Act.

In § 455.460, we are proposing that, for those providers who do not participate in Medicare, the State may collect the fee established by the Secretary as outlined above as the State will be responsible for conducting the provider screening activities for these providers. Total fees collected will be used to offset the cost of the Medicaid and CHIP screening programs. The fees represent an applicable credit under OMB Circular A-87, entitled “Cost Principles for State, Local, and Indian Tribal Governments” (August 31, 2005 (70 FR 51910)), codified at 2 CFR part 225, and made applicable to States by 45 CFR 92.22(b). The cost principles require that the costs a State claims must be reduced by “applicable credits,” or “those receipts or reduction of expenditure-type transactions that offset or reduce expense items allocable to Federal awards as direct or indirect costs”, (Paragraphs C.1.i., C.4.a. and D.1. of Appendix A to 2 CFR part 225). If the fees collected by a State agency exceed the cost of the screening program, the State agency must return that portion of the fees to the Federal Government. CMS will direct these fees to support program integrity efforts as permitted by the ACA.

C. Temporary Moratoria on Enrollment of Medicare Providers and Suppliers, Medicaid and CHIP Providers

1. Statutory Changes

Section 6401(a) of the ACA amended section 1866(j) of the Act by adding a new section 1866(j)(7) of the Act, which provides that the Secretary may impose temporary moratoria on the enrollment of new Medicare, Medicaid, or CHIP providers and suppliers, including categories of providers and suppliers, if the Secretary determines such moratoria are necessary to prevent or combat fraud, waste, or abuse under the programs.

Section 6401(b)(1) of the Act adds specific moratorium language applicable to Medicaid at section 1902(ii)(4) of the Act, requiring States to comply with any temporary moratorium imposed by the Secretary unless the State determines that the imposition of such moratorium would adversely affect Medicaid beneficiaries' access to care. Section 1902(ii)(4)(B) of the Act further permits States to impose temporary enrollment moratoria, numerical caps, or other limits, for providers identified by the Secretary as being at high risk for fraud, waste, or abuse, if the State determines that the imposition of such moratorium, cap, or other limits would not adversely impact Medicaid beneficiaries' access to care.

Section 1866(j)(7) of the Act uses the term “providers of services and suppliers.” Although, as noted above, the Medicaid program does not use the term “suppliers,” section 1902(ii)(4) of the Act refers to “providers and suppliers.” In this regulation, for uniformity with sections II A. and B. of the proposed rule, we are using the term “providers and suppliers” in lieu of the term “provider of services and suppliers.” We will use the term “provider” or “Medicaid provider” or “CHIP provider” in lieu of the term “provider or supplier” when referring to all Medicaid or CHIP health care providers, including, but not limited to, providers and suppliers of Medicaid items or services, individual practitioners, and institutional providers.

2. Proposed Requirements

a. Medicare

We propose at § 424.570(a) that CMS may impose a moratorium on the enrollment of new Medicare providers and suppliers in 6- month increments in situations where—(1) CMS, based on its review of existing data, without limitation, indentifies a trend that appears to be associated with a high risk of fraud, waste or abuse, such as highly disproportionate number of providers or suppliers in a category relative to the number of beneficiaries or a rapid increase in enrollment applications within a category determines that there is a significant potential for fraud, waste or abuse with respect to a particular provider or supplier type or particular geographic area or both; (2) a State has Start Printed Page 58221 imposed a moratorium on enrollment in a particular geographic area or on a particular provider of supplier type or both; or (3) CMS, in consultation with the HHS OIG or the Department of Justice (DOJ) or both identifies either or both of the following as having a significant potential for fraud, waste or abuse in the Medicare program:

• A particular provider or supplier type.
• Any particular geographic area.

As part of the CMS decision-making process, we will consider any recommendation from the DOJ, HHS OIG, or the GAO to impose a temporary moratorium for a specific provider or supplier type in a specific geographic area.

We believe that imposing moratoria will, among other things, allow us to review and consider additional programmatic initiatives, including the development of additional regulatory and subregulatory provisions to ensure that Medicare providers and suppliers are meeting program requirements, beneficiaries receive quality care, and that an adequate number of providers of suppliers exists to furnish services to Medicare beneficiaries.

We also propose that enrollment moratoria be limited to: (1) Newly enrolling providers and suppliers (that is., initial enrollment applications); and (2) the establishment of new practice locations, not to a change of practice locations. The temporary moratoria would not apply to existing providers or suppliers of services unless they were attempting to expand operations to new practice locations where a temporary moratorium was imposed. Moreover, the temporary moratoria would not apply in situations involving changes in ownership of existing providers or suppliers, mergers, or consolidations.

We also propose at § 424.570(b) that a moratorium would be imposed for a period of 6 months, and such moratorium could be extended by CMS in 6-month increments if CMS continues to believe that a moratorium is needed to prevent or combat fraud, waste, or abuse. The Secretary will re-evaluate whether a moratorium should continue prior to each 6 month expiration date.

We also propose at § 424.570(c) that CMS will deny enrollment applications received from providers or suppliers covered by an existing moratorium. We note that denial of Medicare billing privileges is subject to the administrative review process established in § 405.874. Accordingly, we believe that denial of Medicare billing privileges is also afforded the right to appeal a Medicare contractor determination to deny enrollment into the Medicare program.

In § 424.530(a)(9), we propose adding a new reason why CMS can deny Medicare billing privileges. Specifically, we are proposing a new § 424.530(a)(9) to state, “A provider or supplier submits an enrollment application for a practice location in a geographic area where CMS has imposed a temporary moratorium.” Further, in § 498.5(l)(4), we propose that the scope of review for appeals of denials under § 424.530(a)(9) based upon a provider or supplier being subject to a temporary moratorium will be limited to whether the temporary moratoria applies to that particular provider or supplier.

We note that section 1866(j)(7) of the Act provides that there shall be no judicial review of a temporary moratorium. Accordingly, we propose that a provider or supplier may administratively appeal an adverse determination based on the imposition of a temporary moratorium up to and including the Department Appeal Board (DAB) level of review.

Finally, we propose at § 424.570(d) that we may lift a moratorium in the following circumstances: (1) In the case of a Presidentially- declared disaster under the Robert T. Stafford Disaster Relief and Emergency Assistance Act, 42 U.S.C. 5121 through 5206 (Stafford Act); (2) circumstances warranting the imposition of a moratorium have abated or CMS has implemented program safeguards to address any program vulnerability that was the basis for the moratorium; or (3) in the judgment of the Secretary, the moratorium is no longer needed.

We also recognize that in a limited number of circumstances a State Medicaid agency may enroll a provider or supplier into Medicaid during the temporary moratorium period established by Medicare. If this occurs and the prospective Medicare provider or supplier applies to enroll in the Medicare program after the temporary moratorium is lifted, we would use the screening tools described in section II.A. of this proposed rule.

We are also seeking public comment on specific exemptions to the temporary moratoria criteria proposed above. Prior to imposing a moratorium, we would assess Medicare beneficiary access to the type(s) of services that are furnished by the provider or supplier type and/or within the geographic area to which the moratorium would apply.

We would announce the implementation of a moratorium at any time. The announcement would be made in the Federal Register and we would also address it in other methods or forums, such as Press Releases, at CMS Provider Open Door Forums, in CMS provider listservs, and on the CMS Provider/Supplier Enrollment Web page ( http://www.cms.gov/​MedicareProviderSupEnroll ). We would also require our Medicare contractors to post the moratorium announcement or note the expiration of a moratorium on their Web sites. Our Federal Register announcement would explain in detail the rationale for the moratorium and the rationale for the geographic area(s) in which it would apply.

b. Medicaid and CHIP

Pursuant to section 1902(ii)(4)(A) of the Act, we are proposing at § 455.470(a)(2) and (3) that a State Medicaid agency will comply with a temporary moratorium imposed by the Secretary unless it determines that the imposition of such a moratorium would adversely affect beneficiaries' access to medical assistance.

Where the Secretary has imposed a temporary moratorium in accordance with § 424.570, and the State has determined that compliance with such a moratorium would adversely impact Medicaid beneficiaries', or CHIP participants', as the case may be, access to medical assistance, section 1902(ii)(4)(A)(ii) of the Act creates an exception for the State from complying with the moratorium. We propose that the State provide the Secretary with written details of the moratorium's adverse impact on Medicaid beneficiaries. Prior to the Secretary imposing such a moratorium in any State, we propose at § 455.470(a)(1) that the Secretary consult with the State, so that the State may have an opportunity to seek an exception from the moratorium.

Pursuant to section 1902(ii)(4)(B) of the Act, States have authority to impose moratoria, numerical caps, or other limits for providers that are identified by the Secretary as being at “high” risk for fraud, waste, or abuse. We propose that where the State identifies a category of providers as posing a significant risk of fraud, waste, or abuse, the State must seek CMS' concurrence with that determination and provide CMS with written details of the proposed moratorium, including the anticipated duration, and with a substantial justification explaining why disallowing newly enrolling providers would reduce the risk of fraud. We propose at § 455.470 that States' moratoria would be imposed for a period of 6 months and may be extended in 6-month increments. Start Printed Page 58222

Section 2107(e)(1) of the Act provides that all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(ii) of the Act apply to CHIP. Accordingly, we propose in new regulation § 457.990 that all the provider screening, provider application, and moratorium regulations that apply to Medicaid providers will apply in providers that participate in CHIP.

D. Suspension of Payments

1. Medicare

a. Background

In section 6402(h) of the ACA, Congress amended section 1862 of the Social Security Act by adding a new paragraph (o), under which the Secretary may suspend payments to a provider or supplier pending an investigation of a credible allegation of fraud unless the Secretary determines that there is good cause not to suspend payments. This section requires that the Secretary consult with the HHS OIG in determining whether there is a credible allegation of fraud against a provider or supplier.

b. Current Medicare Regulations

We have long been authorized to suspend payments in cases of suspected fraudulent activity. On December 2, 1996, we finalized regulations § 405.370 through § 405.379 that provides for suspension of payments to providers and suppliers for several scenarios, including when we possess reliable information that fraud or willful misrepresentation exists. The rule provides that we may suspend payments to a provider or supplier in whole or in part based upon possession of reliable information that an overpayment or fraud or willful misrepresentation exists or that the payments to be made may not be correct, although additional evidence may be needed for a determination.

The existing rule provides that a suspension of payments is limited to 180 days, unless it meets one of several exceptions. A Medicare contractor may request a one-time-only extension of the suspension period for up to 180 additional days if it is unable to complete its examination of the information that serves as the basis for the suspension. Also, OIG or a law enforcement agency may request a one-time-only extension for up to 180 additional days to complete its investigation in cases of fraud and willful misrepresentation. The rule provides that these time limits do not apply if the case has been referred to and is being considered by the OIG for administrative action, such as civil monetary penalties. We may also grant an extension beyond the 180 additional days if DOJ requests that the suspension of payments be continued based on the ongoing investigation and anticipated filing of criminal or civil actions. The DOJ extension is limited to the amount of time needed to implement the criminal or civil proceedings.

c. Proposed Requirements

Section 6402(h) of the ACA requires that the Secretary consult with the OIG in determining whether there is a credible allegation of fraud against a provider or supplier. If a credible allegation of fraud exists, the Secretary may impose a suspension of payments pending an investigation of the allegations, unless the Secretary determines that there is good cause not to suspend payments. We are proposing to revise § 405.370 to add a definition of what constitutes a “credible allegation of fraud,” to include an allegation from any source, including but not limited to fraud hotline complaints, claims data mining, patterns identified through provider audits, civil false claims cases, and law enforcement investigations. Allegations are considered to be credible when they have an indicia of reliability. Many issues related to this definition will need to be determined on a case-by-case basis by looking at all the factors, circumstances and issues at hand. We continue to believe that CMS or its contractors must review all allegations, facts, and information carefully and act judiciously on a case-by-case basis when contemplating a payment suspension, mindful of the impact that payment suspension may have upon a provider.

We additionally propose modifying the existing § 405.370 to add a definition for “resolution of an investigation.” The ACA provides for the suspension of payments pending the investigation of a credible allegation of fraud, and we believe that this provision necessitates defining when an investigation has concluded and the basis for the suspension of payments no longer exists. The definition proposed here is that a resolution of an investigation occurs when legal action is terminated by settlement, judgment, or dismissal, or when the case is closed or dropped because of insufficient evidence. We are seeking comments on an alternative definition of the term “resolution of an investigation” which is that it occurs when a legal action is initiated or the case is closed or dropped because of insufficient evidence to support the allegations of fraud.

We propose modifying the existing § 405.371(a) to differentiate between suspensions based on either reliable information that an overpayment exists or that payments to be made may not be correct, and suspensions based upon a credible allegation of fraud. As required by the ACA, we propose in this section that CMS or its contractor must consult with the OIG, and as appropriate, the Department of Justice (DOJ) in determining whether a credible allegation of fraud exists prior to suspending payments on the basis of alleged fraud.

We also propose in accordance with the ACA that CMS retains discretion regarding whether or not to impose a suspension or continue a suspension, as there may be good cause not to suspend payments or not to continue to suspend payments to providers or suppliers in certain circumstances. We propose to add a new § 405.371(b) to describe circumstances that may qualify as good cause not to suspend payments or not to continue to suspend payments despite credible allegations of fraud.

In paragraph (b)(1), we propose a good cause exception based upon specific requests by law enforcement that CMS not suspend payments. There are numerous reasons for which law enforcement personnel might make such a request, including that imposing a payment suspension might alert a potential perpetrator to an investigation at an inopportune or particularly sensitive time, jeopardize an undercover investigation, or potentially expose whistleblowers or confidential sources.

In paragraph (b)(2), we propose a good cause exception not to suspend payments if CMS determines that beneficiary access to necessary items or services may be jeopardized. We envision there may be scenarios in which a payment suspension to a provider might jeopardize a provider's ability to continue rendering services to Medicare beneficiaries whose access to items or services would be so jeopardized as to cause a danger to life or health.

In paragraph (b)(3), we propose a good cause exception not to suspend payments if CMS determines that other available remedies implemented by or on behalf of CMS more effectively or quickly protect Medicare funds than would implementing a payment suspension. For example, law enforcement personnel might request that a court immediately enjoin potentially unlawful conduct or prevent the withdrawal, removal, transfer, disposal, or dissipation of assets, either or both of which might protect Medicare Start Printed Page 58223 funds more fully or quickly than would imposition of a payment suspension.

More generally, in paragraph (b)(4), we propose a good cause exception based upon a determination by CMS that a payment suspension or continuation of a payment suspension is not in the best interests of the Medicare program. We further propose that CMS will conduct an evaluation of whether there is good cause not to continue a suspension every 180 days after the initiation of a suspension based on credible allegations of fraud. We believe that circumstances surrounding a specific case may change as an investigation progresses, and it may become in the best of interests of the Medicare program to terminate a payment suspension prior to the resolution of an investigation. As part of this ongoing evaluation, CMS will request a certification from the OIG or other law enforcement agency as to whether that agency continues to investigate the matter.

We are considering additional specific circumstances and scenarios that may qualify as good cause not to continue a payment suspension prior to the resolution of an investigation, and solicit comments on this approach. For example, one scenario that we are considering as additional good cause not to continue a suspension is when a suspension has been in place for a specific length of time, such as 2 years or 3 years, and the investigation has not been resolved. We anticipate that on a case by case basis, CMS will evaluate the status of a particular investigation and the nature of the alleged fraud in determining whether keeping a payment suspension in effect beyond a certain length of time may not be in the best interests of the Medicare program. We have chosen not to propose specific language on duration in the regulatory text. However, we solicit comment on this approach.

We propose modifying the existing § 405.372 to reflect the changes made in § 405.371 which divides the payment suspension authority into situations involving overpayments and situations involving allegations of fraud. In § 405.372(c) we clarify the subsequent action requirements to distinguish between suspensions based on credible allegations of fraud and those that are based on other factors, such as overpayments. For suspensions that are not based on credible allegations of fraud, CMS and its contractors will continue to take timely action to obtain additional information needed to make an overpayment determination and make all reasonable efforts to expedite the determination. Once the determination is made, notice of the determination will be given to the provider or supplier and the payment suspension will be terminated. If the payment suspension is based on credible allegations of fraud, CMS and its contractors will take subsequent action to determine if an overpayment exists or if the payments may be made, however the termination of the suspension and the issuance of a final determination notice to the provider or supplier may be delayed until resolution of the investigation. At the end of the fraud investigation, it is possible that the Medicare contractor will not have completed its overpayment determination, but will have reliable evidence of an overpayment or will have evidence that the payments to be made may not be correct. This typically occurs when a law enforcement investigation results in civil or criminal resolution prior to the Medicare contractor having had sufficient time to complete its overpayment determination. In such a situation, we would allow the suspension to continue as an overpayment suspension.

We propose modifying the existing § 405.372(d) concerning the duration of suspension of payment. In § 405.372(d)(3) we except suspensions based on credible allegations of fraud from the established time limits specified in paragraphs (d)(1) and (d)(2). We believe the strict time constraints found in paragraphs (d)(1) and (d)(2) should only be applied to suspensions based on reliable information of an overpayment or where payments to be made may not be correct both of which require a speedy overpayment determination. When credible allegations of fraud are present, we believe that CMS should have the flexibility to maintain a suspension beyond these established time limits in order for an investigation to be completed or the matter to be resolved. However, we note that by excepting suspensions based on credible allegations of fraud from these previously established timeframes, we do not intend to suspend payments to providers and suppliers indefinitely. We will be actively evaluating the progress of any investigation to determine if good cause exists to no longer continue the suspension of payments, as suspensions are designed to be a temporary measure. As part of this recurring evaluation, CMS will request a certification from the OIG or other law enforcement agency that the matter continues to be under investigation.

We also propose eliminating the two other existing scenarios in paragraph (d)(3) for extending payment suspensions beyond the time limits in paragraphs (d)(1) and (d)(2), which are when the OIG is considering administrative action such as civil monetary penalties and also when the DOJ requests an extension based on an ongoing investigation and the anticipated filing of criminal and/or civil actions. We believe that both of these reasons under the existing rule for extending suspensions will be captured in the new rule which will allow for payment suspensions to extend until the resolution of an investigation and are unnecessary given the other proposed changes.

2. Medicaid

a. Background

In section 6402(h) of the ACA, the Congress amended section 1903(i)(2) of the Act to provide that Federal Financial Participation (FFP) in the Medicaid program shall not be made with respect to any amount expended for items or services (other than an emergency item or service, not including items or services furnished in an emergency room of a hospital) furnished by an individual or entity to whom a State has failed to suspend payments under the plan during any period when there is pending an investigation of a credible allegation of fraud against the individual or entity as determined by the State in accordance with these regulations, unless the State determines in accordance with these regulations that good cause exists not to suspend such payments.

b. Current Medicaid Regulations

State Medicaid agencies have long been authorized to withhold payments in cases of fraud or willful misrepresentation. On December 28, 1987, DHHS finalized regulations at § 455.23 that they described as specifically encouraging State Medicaid agencies to withhold program payments to providers without first granting administrative review where the State agency has reliable evidence of fraudulent activity by the provider. The regulations were issued by the HHS OIG based on a concern that State administrative hearings could interfere with investigations conducted by HHS OIG's Office of Investigations or by the State's Medicaid fraud control unit (MFCU). The requirements of an administrative hearing could jeopardize criminal cases and investigators were reluctant to agree to a State's withholding payment, thus risking additional overpayments. (See the December 28, 1987 final rule (52 FR Start Printed Page 58224 48814)). The December 28, 1987 final rule remains in effect and has remained unchanged since it was promulgated.

At the time the rule was proposed, the Department was in the process of reorganizing its fraud and abuse regulations to reflect authorities transferred to HHS OIG in 1983, as well as those retained by CMS. HHS OIG authorities were transferred to a new 42 CFR chapter V, while CMS' Medicaid program integrity authorities were retained at 42 CFR part 455. (See the September 30, 1986 final rule (51 FR 34764)).

This current rule provides that a State Medicaid agency may withhold payments to a provider in whole or in part based upon receipt of reliable evidence that the need for withholding payments involves fraud or willful misrepresentation under the Medicaid program. At the time this rule was published, commenters questioned what constituted “reliable evidence of fraud.” The HHS OIG declined to provide a specific definition, noting that what constitutes “reliable evidence” is not easily and readily definable. The HHS OIG noted that while the existence of an ongoing criminal or civil investigation against a provider may be a factor in determining whether reliable evidence exists, that reliable evidence should be determined on a case-by-case basis with the State agency looking at all the factors, circumstances, and issues at hand, and acting judiciously on this information.

The 1987 regulations also permitted payments to be suspended in whole or in part. Commenters had suggested that “clean claims” continue to be processed without delay, and that any withholding ought be targeted to only the type of Medicaid claims under investigation. The HHS OIG responded that it is usually difficult to determine which claims are “clean” until after an investigation has been completed, but noted that where an investigation is solely and definitively centered upon a specific type of claim that a State could, at its discretion, withhold payments on just those types of claims. The HHS OIG also agreed to commenters' requests to clarify that the withholding provisions apply only to alleged fraud or willful misrepresentation related to improperly received Medicaid payments and not to ancillary unrelated matters such as deceptive advertising.

c. Proposed Requirements

The current regulation at § 455.23 forms the framework for these proposed regulations. State Medicaid agencies have long had the authority to withhold payments in cases of alleged fraud or willful misrepresentation. Section 6402(h)(2) of the ACA now mandates that States not receive FFP in cases where they fail to suspend Medicaid payments during any period when there is pending an investigation of a credible allegation of fraud against an individual or entity as determined by the State in accordance with these proposed regulations unless the State determines that good cause exists for a State not to suspend such payments. To conform the existing regulation to the terminology of the ACA, we propose to change the phrase “withhold payments” to “suspend payments,” a change we believe is merely semantic.

We propose to implement section 6402(h)(2) of the ACA by modifying the existing § 455.23(a) to make payment suspensions mandatory where an investigation of a credible allegation of fraud under the Medicaid program exists. Based on the ACA's use of just the term “fraud,” we do not propose to retain the existing term “willful misrepresentation.” We believe that fraud and willful misrepresentation are largely indistinguishable, thus we do not believe this proposal represents a substantive change nor do we intend it to have a substantive effect insofar as reducing or limiting a State's authority to suspend Medicaid payments. We solicit comments on this approach.

To conform the proposed regulation to the requirements of the ACA, we propose to modify terminology in the existing § 455.23(a) that now refers to “receipt of reliable evidence” to instead refer to a “pending investigation of a credible allegation of fraud.” In contrast to the semantic change from “withhold payments” to “suspend payments,” in this case we believe that there is a substantive difference between the threshold level of certainty or proof necessary to identify a “credible allegation” versus the heightened requirement of “reliable evidence” in the current regulation.

We do not believe that the phrase “when there is pending an investigation of a credible allegation of fraud” necessarily demands that an investigation originate in or with a law enforcement agency. Rather, State Medicaid agencies have program integrity units that, in the normal course of business, receive, and conduct investigations based upon, tips alleging fraud, and which also conduct proactive investigations based upon internal data analyses and other fraud detection techniques. We believe that State agency investigations, though they may be preliminary in the sense that they lead to a referral to a law enforcement agency for continued investigation, are adequate vehicles by which it may be determined that a credible allegation of fraud exists sufficient to trigger a payment suspension to protect Medicaid funds.

This threshold by which a State agency investigation may give rise to a payment suspension is a somewhat lesser threshold than that in the current regulation. The preamble to the current regulation specified that it was anticipated the State agency would confer with, and receive the concurrence of, investigative or prosecuting authorities prior to imposing a withholding action. However, that preamble also stated that it was establishing mere minimum requirements, and that States could exercise broader power where State law or regulation so provided. Most States have availed themselves of the existing Federal authority (or broader state authority) to withhold payments, and we believe that experience over the past 20 years offers no indication this authority has been misused against providers. Moreover, we believe this proposed threshold is consistent with the phrase “investigation of a credible allegation of fraud” of the ACA. We do anticipate that payment suspension authority will be used more frequently because the ACA dictates that where there is a pending investigation of credible allegations of fraud against a provider, a State that fails to suspend payments to that provider will not receive FFP with respect to such payments unless good cause exists not to suspend them.

We propose to adopt at § 455.2 the same broad definition of “credible allegation” proposed above in the context of the Medicare program. In many cases, what constitutes a “credible allegation” must be determined on a case-by-case basis with the State agency looking at all the factors, circumstances, and issues at hand. Guided by the experience of more than 20 years, we are aware that States have been able to identify “reliable evidence” through a variety of means including, but not limited to, fraud hotline complaints, Medicaid claims data mining, and patterns identified through provider audits, along with the appropriate level of additional investigation that accompanies each of these. Moreover, States have received referrals from State MFCUs, other law enforcement agencies, and other State benefits program investigative units. We continue to believe that State agencies must review all allegations, facts, and evidence carefully and act judiciously on a case-by-case basis when contemplating a payment suspension, Start Printed Page 58225 mindful of the impact that payment suspension may have upon a provider.

In paragraph (b), we propose that the State agency notify a provider of a payment suspension in a way very similar to the mechanism currently specified in regulation by which the State agency is required to notify a provider, specifying certain details, within 5 days of taking such action. However, we do propose to provide for a 30-day period, renewable in writing up to twice for a total not to exceed 90 days, by which law enforcement may, in writing, request the State agency to delay notification to a provider. We propose this because we believe that occasionally an investigation may be at a sensitive stage, perhaps involving undercover personnel or a confidential informant, where required notification to the provider at a particular time might jeopardize the investigation. We do not believe we should extend the delay notification beyond 90 days out of fairness to a provider and, in any event, a provider deriving any significant revenue stream from Medicaid is likely to itself discern the fact of a payment suspension well in advance of 90 days.

We are proposing only minor changes to the current provisions in § 455.23(c) on the duration of a suspension. To comport with the ACA, we change the term “withholding” to “suspension”; this is a semantic change that, as noted above, has been made throughout. In the proposed new § 455.23(c)(2), we propose to require a State to notify a provider of the termination of a payment suspension and, where applicable, to specify the availability to a provider of any appeal rights under State law and regulation.

Substantively, we do not propose significant change to the existing duration provisions, which specify that withholding (now, suspension) will be temporary and will not continue after: (1) Authorities discern that there is insufficient evidence of fraud upon which to base a legal action; or (2) legal proceedings related to the alleged fraud are completed.

We believe that maintaining the existing duration provisions is consistent with the ACA that requires that FFP not be made when a State fails to suspend payments “during any period when there is pending an investigation of a credible allegation of fraud against an individual or entity.” We further recognize that the Act applies a very similar standard to the Medicare program. We solicit comments on our proposal to maintain the existing duration provisions.

In paragraph (d), we propose to require a State to make a formal, written suspected fraud referral to its MFCU or, where a State does not have a MFCU to an appropriate law enforcement agency, for each instance of payment suspension as the result of a State agency's preliminary investigation of a credible allegation of fraud. This will ensure that an appropriate full investigation by a law enforcement agency timely ensues. If the MFCU or other law enforcement agency declines to accept the referral, we propose to require the State to immediately release the payment suspension unless the State refers the matter to another law enforcement entity or unless the State has alternative Federal or State authority by which it may impose a suspension. In the latter case, the requirements of that alternative authority, including any notice and due process or other safeguards, would be applicable.

We propose to require that a State's formal, written suspected fraud referral meets fraud referral performance standards issued by the Secretary. The currently applicable fraud referral performance standards were issued by CMS on September 30, 2008. In a January 2007 report entitled “Suspected Medicaid Fraud Referrals,” (OEI 07-04-00181) the HHS OIG expressed concern with the lack of CMS criteria specific to the referral of suspected fraud issues from State Medicaid agencies to MFCUs such that it was unable to determine the adequacy of State Medicaid agencies' performance. CMS agreed in response to that report to work towards the establishment of fraud referral performance standards (which it has now issued) to which States will be required to conform in making referrals under this regulation.

In paragraph (d)(3), we propose that on a quarterly basis a State must request a certification from the MFCU or other law enforcement agency that any matter accepted on the basis of a referral continues to be under investigation or in the course of enforcement proceedings warranting continuation of the payment suspension. We recognize that due to various constraints, law enforcement agencies may not be able to provide specific updates on matters under investigation. In recognition of the fact that payment suspensions are only temporary, however, we propose to require such quarterly certifications to ensure, for example, that a suspension will not be continued long after a law enforcement agency has closed an investigation but neglected to alert a State agency of that fact. To maximize State flexibility to implement this requirement, we are not prescribing the precise format such certifications must take.

Consistent with the new Affordable Care Act provision, we also propose to create several “good cause” exceptions by which States may determine good cause exists not to suspend payments or to suspend payments only in part. In new paragraph (e) we have included several circumstances that we believe constitute “good cause” for a State to determine not to suspend payments, or not to continue a payment suspension previously imposed, to an individual or entity despite a pending investigation of a credible allegation of fraud. In paragraph (e)(1), we propose a good cause exception based upon specific requests by law enforcement that State officials not suspend (or continue to suspend) payment. There are numerous reasons for which law enforcement personnel might make such a request, including that imposing a payment suspension might alert a potential perpetrator to an investigation at an inopportune or particularly sensitive time, jeopardize an undercover investigation, or potentially expose whistleblowers or confidential sources.

In paragraph (e)(2), we propose a good cause exception if a State determines that other available remedies implemented by the State could more effectively or quickly protect Medicaid funds than would implementing (or continuing) a payment suspension. For example, law enforcement personnel might request that a court immediately enjoin potentially unlawful conduct or prevent the withdrawal, removal, transfer, disposal, or dissipation of assets, either or both of which might protect Medicaid funds more fully or quickly than would imposition of a payment suspension.

Paragraph (e)(3) proposes a good cause exception based upon a determination by the State agency that a payment suspension is not in the best interests of the Medicaid program. It is conceivable that a State may, in rare situations, face exigent circumstances with respect to a suspension situation not addressed by the other good cause exceptions specified here but where it otherwise determines suspension would not be in the State Medicaid's programs best interests. This broad standard is intended to reflect that payment suspension is a very serious action that can potentially lead to dire consequences, but that it is impossible to specify detailed contingencies with respect to every possible scenario that might arise. We do not anticipate that States will frequently make use of this exception; however where this exception is utilized we do require that States document their use of this exception, and will closely monitor its Start Printed Page 58226 implementation to determine whether further regulation is necessary. We solicit comments on this approach.

In paragraph (e)(4), we propose a good cause exception based upon a determination by the State of an adverse effect of the suspension on beneficiary access to necessary items or services. We envision there may be scenarios in which a payment suspension to a provider might jeopardize a provider's ability to continue rendering services to Medicaid beneficiaries, thus threatening Medicaid beneficiaries' access to care. Utilizing a standard identical to that which CMS and the HHS OIG apply in assessing requests for waivers of exclusion at Parts 402 and 1001 of Title 42, for example, we posit one basis for a good cause exception from payment suspension is if a provider under investigation is a sole community physician or the sole source of specialized services available in a community. Likewise, in Federally-designated medically underserved areas the potential impact of a payment suspension upon a large provider might equally threaten recipient access, thus this underlies a second access exception. We welcome comments on this approach, including comments with respect to other metrics by which to assess potential beneficiary jeopardy in terms of access to necessary items or services.

Finally, in paragraph (e)(5) we propose a good cause exception that would permit (but not require) a State to discontinue an existing suspension to the extent law enforcement declines to cooperate in certifying under the requirements of paragraph (d)(3) that a matter continues to be under investigation and therefore warrants continuing the suspension.

We do not interpret the new provision in the ACA as mandating that a State must always suspend payments in toto in cases of an investigation of a credible allegation of fraud. In general, we continue to believe a payment suspension should apply to all claims consistent with the HHS OIG's responses to comments in the 1987 regulations that it is usually difficult to determine which claims are clean claims until after an investigation is completed, and one purpose of payment suspension is to build a type of escrow account out of which any overpayments can be deducted when an investigation is concluded.

With certain new constraints, we have chosen to continue to allow States the flexibility to suspend payments in part. For example, as stated in the preamble to the current regulation, there may be times where an investigation is solely and definitively centered on only a specific type of claim in which case a State may determine it is appropriate to impose a payment suspension on only that type of claim. Likewise, a State might determine that an investigation of a credible allegation of fraud is limited to a particular business unit or component of a provider such that a suspension need not apply to certain business units or components of a provider.

Balancing these approaches, we propose to allow States to implement a partial payment suspension, or, where appropriate, to convert a previously imposed full payment suspension to a partial payment suspension, if justified via a good cause exception. The good cause exceptions for partial suspension at paragraphs (f)(1) and (2) mirror those at paragraphs (e)(4) and (3), respectively, and allow the State to adopt a partial payment suspension where suspension in whole would so jeopardize a recipient's access to items or services as to endanger the recipient's life or health, or where the State deems it in the best interests of the Medicaid program. At paragraph (f)(3), we propose that a State may avail itself of the good cause exception to suspend payments only in part if the nature of the credible allegation is focused solely and definitively on only a specific type of claim or arises from only a specific business unit of a provider, and the State determines and documents in writing that a payment suspension in part would effectively ensure that potentially fraudulent claims were not continuing to be paid. Many such cases will still demand suspension in full, but this provision, which we anticipate States would exercise sparingly, gives States flexibility to act otherwise in those limited circumstances where appropriate. Finally, at paragraph (f)(4), we propose that a State may avail itself of the good cause exception to convert a payment suspension in whole to one only in part to the extent law enforcement declines to cooperate in certifying under the requirements of paragraph (d)(3) that a matter continues to be under investigation. We solicit comment on these proposed approaches.

We propose in new paragraph (g) to add several reporting and document retention guidelines to § 455.23. Payment suspension authority is critically important to protect Medicaid funds, but payment suspension can have dire consequences to a provider. Payment suspension authority, including a State's exercise of a good cause exception to otherwise address a suspension situation, must be exercised responsibly by a State at all stages, from the inception to the termination of the suspension. Through, among other things, its State Program Integrity Reviews, we expect to maintain close oversight of State utilization of suspension authority. However, to be clear, we expressly and explicitly do not expect State compliance (or noncompliance) with these documentation or retention provisions to give rise to any enforceable right of a provider aggrieved by any real or perceived failures with respect to these requirements to seek any form of redress (administratively, judicially, or otherwise).

Under these proposed reporting and retention guidelines, States are required to maintain for a minimum of 5 years from the date of issuance all materials documenting the life cycle of a payment suspension that is imposed, including: (1) All notices of suspension of payment in whole or part; (2) all fraud referrals to MFCUs or other law enforcement agencies; (3) all quarterly certifications by law enforcement that a matter continues to be under investigation; and (4) all notices documenting the termination of a suspension. Likewise, we propose to require States to maintain for the same period all documentation justifying the exercise of the good cause exceptions. Finally, we propose to require States to annually report to the Secretary information regarding the life cycle of each payment suspension imposed and any determinations to exercise the good cause exceptions not to suspend payment, to suspend payment only in part, or to discontinue a payment suspension.

To effectuate section 6402(h)(2) of the ACA's prohibition on expenditure of FFP where a State fails to suspend payments that should, by virtue of the ACA standard and this proposed rule, have been suspended, we propose to add a new § 447.90 that contains both the general rule and which refers to the exceptions found in § 455.23 for “good cause.” Paragraph (a) specifies the basis and purpose for the new provision. Paragraph (b) specifies the general rule that FFP would not be available with respect to items or services furnished by an individual or entity to whom the State has failed to suspend Medicaid payments during any period where there is pending an investigation of a credible allegation of fraud against the individual or entity except in specified circumstances that include certain emergency circumstances, or if good cause exists as specified at § 455.23(e) or (f).

As mentioned, we anticipate that CMS' enforcement and monitoring of Start Printed Page 58227 these provisions will largely be accomplished through measures such as State Program Integrity reviews conducted by CMS. Such reviews will, among other things, evaluate States' complaint intake and investigation efforts, and assess whether States have an effective process to move matters where there are found to be credible allegations of fraud to the point where they are evaluated for payment suspension. However, we do not believe it is viable to require States to report and document to CMS every instance of where any allegation of fraud arises and further qualify which ones rise to the level of credible allegation. We want to foster effective and efficient State program integrity efforts with respect to which payment suspension is an integral component, but we do not want to create a system so procedurally onerous that it overwhelms a State's ability to substantively perform this critical work. Nevertheless, we will thoroughly investigate and act by, among other things, deferring and/or disallowing FFP in accordance with § 430.40 and § 430.42, if program integrity reviews or other methods of ensuring State compliance with Medicaid program requirements reveal a State is failing to suspend payments (or inappropriately applying a good cause exception) where pending investigations of credible allegations of fraud do exist. A State may not claim (on its Form CMS-64) FFP for payments that are suspended. Any State that does not suspend payments, or that suspends payments but continues to claim FFP with respect to what would have been paid had no suspension been in place, puts that FFP at risk. In such cases, we would pursue a deferral and/or disallowance to reclaim the Federal portion of such payment. We solicit comments on CMS' proposed oversight approach.

Finally, three provisions are proposed to be added to the regulations at § 1007.9 that specify the State MFCU's relationship to, and agreement with, the State Medicaid agency. These proposed revisions are necessary to effectuate the proposed revisions under § 455.23. The regulations at 42 CFR part 1007 are enforced by HHS OIG as part of its delegated authority to certify and fund the State MFCUs. ( See August 15, 1979 final rule (44 FR 47811)). However, we are including amendments to part 1007 here to ensure a comprehensive regulatory package that sets forth in one location the Department's implementation of the suspension provisions of section 6402(h) of the ACA.

The first of these provisions proposes to add a new paragraph (e) to § 1007.9 that specifies that the MFCU may refer to the State agency any provider against which there is pending an investigation of a credible allegation of fraud for purposes of payment suspension in accord with § 455.23. Allegations of potential fraud may first be identified by the MFCU rather than by the State agency, so this provision merely formalizes a path from the MFCU to the State agency so a payment suspension may be implemented where appropriate. This provision also proposes that any referral to the State agency for consideration of a payment suspension be in writing. The written referral need not be extensive, but must include information adequate to enable the State agency to identify the provider and a brief explanation of the credible allegations forming the grounds for the payment suspension. The second proposed addition to § 1007.9 proposes to add a new paragraph (f) providing that any request by the unit to the State agency to delay notification of suspension to a provider pursuant to the provisions of the proposed § 455.23(b)(1)(ii) come in writing. Proposing to require that such requests need be made in writing (which could take the form of an e-mail) provides for an audit trail to ensure that proper procedures are followed. However, we expressly do not intend for this requirement to create any substantive right upon which a provider might lodge objection or other legal challenge to the extent the proper procedures were not followed. Last, a new paragraph (g) is proposed to require the unit to notify the State agency in writing when it has accepted or declined a case referred by the State agency. Aside from also creating an audit trail, this proposed provision would be important in that it would alert the State agency as to the status of a referral, which would shape how the State agency would handle a suspension under the proposed revisions to § 455.23.

E. Proposed Approach and Solicitation of Comments for Sections 6102 and 6401(a) of the ACA—Ethics and Compliance Program

Under section 6102 of the ACA which established new section 1128I of the Act, a nursing facility (NF) or SNF shall have in operation a compliance and ethics program that is effective in preventing and detecting criminal, civil, and administrative violations and in promoting quality of care, consistent with regulations developed by the Secretary, working jointly with the HHS OIG. The regulations to establish the compliance and ethics program for operating organizations may include a model compliance program. The statute requires that in the case of an organization that has five or more facilities, the formality or specific elements of the program vary with the size of the organization. The statute also requires that not later than 3 years after the effective date of the regulations, the Secretary shall complete an evaluation of the programs to determine if such programs led to changes in deficiency citations, changes in quality performance, or changes in the quality of resident care. The Secretary shall submit to Congress a report on such evaluation with recommendations for changes in the requirements, as the Secretary deems appropriate.

Similarly, under section 6401(a) of the ACA, which established a new section 1866(j)(8) of the Act, a provider of medical or other items or services or a supplier shall, as a condition of enrollment in Medicare, Medicaid or CHIP, establish a compliance program that contains certain “core elements.” The statute requires the Secretary, in consultation with the HHS OIG, to establish the core elements for providers or suppliers within a particular industry or category. The statute allows the Secretary to determine the date that providers and suppliers need to establish the required core elements as a condition of enrollment in Medicare, Medicaid, and CHIP. The statute requires the Secretary to consider the extent to which the adoption of compliance programs by providers or suppliers is widespread in a particular industry sector or particular provider or supplier category. Please note, NFs and SNFs are subject to both compliance plan requirements under sections 6102 and 6401(a) since section 6401(a) of the ACA includes all providers and suppliers enrolling into Medicare, Medicaid and CHIP. We intend to establish compliance program core elements per section 6401(a) of the ACA for NFs and SNFs that closely match the required components of a compliance program per section 6102 of the ACA.

In order to consider the views of industry stakeholders, we are soliciting comments on compliance program requirements included in the ACA. We do not intend to finalize compliance plan requirements when the other proposals in this proposed rule are finalized; rather, we intend to do further rulemaking on compliance plan requirements and will advance specific proposals at some point in the future. We are most interested in receiving comments on the following: Start Printed Page 58228

The use of the seven elements of an effective compliance and ethics program as described in Chapter 8 of the U.S. Federal Sentencing Guidelines Manual ( http://www.ussc.gov/​2010guid/​20100503_​Reader_​Friendly_​Proposed_​Amendments.pdf, pp. 31-35) as the basis for the core elements of the required compliance programs for Medicare, Medicaid and CHIP enrollment. These elements instill a commitment to prevent, detect and correct inappropriate behavior and ensure compliance with all applicable laws, regulations and requirements, and include—

• The development and distribution of written policies, procedures and standards of conduct to prevent and detect inappropriate behavior;
• The designation of a chief compliance officer and other appropriate bodies (for example a corporate compliance committee) charged with the responsibility of operating and monitoring the compliance program and who report directly to high-level personnel and the governing body;
• The use of reasonable efforts not to include any individual in the substantial authority personnel whom the organization knew, or should have known, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program;
• The development and implementation of regular, effective education and training programs for the governing body, all employees, including high-level personnel, and, as appropriate, the organization's agents;
• The maintenance of a process, such as a hotline, to receive complaints and the adoption of procedures to protect the anonymity of complainants and to protect whistleblowers from retaliation;
• The development of a system to respond to allegations of improper conduct and the enforcement of appropriate disciplinary action against employees who have violated internal compliance policies, applicable statutes, regulations or Federal health care program requirements;
• The use of audits and/or other evaluation techniques to monitor compliance and assist in the reduction of identified problem areas; and
• The investigation and remediation of identified systemic problems including making any necessary modifications to the organization's compliance and ethics program.

In addition, we are particularly interested in comments about the following:

• The extent to which, and the manner in which, providers and suppliers already incorporate each of the seven U.S. Federal Sentencing Guidelines elements into their compliance programs or business operations. We are interested in how and to what degree each element has been incorporated effectively into the compliance programs of different types of providers and suppliers considering their risk areas, business model and industry sector or particular provider or supplier category.
• Any other suggestions for compliance program elements beyond, or related to, the seven elements referenced above considering provider or supplier risk areas, business model and industry sector or particular provider or supplier category including whether external and/or internal quality monitoring should be a required for hospitals and long-term care facilities.
• The costs and benefits of compliance programs or operations including aggregate or component costs and benefits of implementing particular elements and how these costs and benefits were measured.
• The types of systems necessary for effective compliance, the costs associated with these systems and the degree to which providers and suppliers already have these systems including, but not limited to, tracking systems, data capturing systems and electronic claims submission systems. We anticipate having providers and suppliers evaluate the effectiveness of their compliance plans using electronic data.
• The existence of and experience with state or other compliance requirements for various providers and suppliers and foreseeable conflicts or duplication from multiple requirements.
• The criteria we should consider when determining whether, and if so, how to divide providers and suppliers into groupings that would be subject to similar compliance requirements including whether individuals should have different compliance obligations from corporations.
• Available research or individual experience regarding the current rate of adoption and level of sophistication of compliance programs for providers or suppliers based on their business model and industry sector or particular provider or supplier category.
• How effective compliance programs have been for varied providers and suppliers and how the level of effectiveness was measured.
• The extent to which providers and suppliers currently use third party resources, such as consultants, review organizations, and auditors, in their compliance efforts.
• The extent to which providers and suppliers have already identified staff responsible for compliance and, for those who already have staff responsible for compliance, the positions of these staff.
• A reasonable timeline for establishment of a required compliance program for various types and sizes of providers and suppliers, assuming the compliance program core elements were based on the aforementioned U.S. Federal Sentencing Guidelines' seven elements of an effective compliance and ethics program, considering business model and industry sector or particular provider or supplier category.

We welcome any information concerning how the industry views compliance program elements and how we can establish required compliance program elements to protect Medicare, Medicaid, and CHIP from fraud and abuse.

F. Termination of Provider Participation Under the Medicaid Program and CHIP if Terminated Under the Medicare Program or Another State Medicaid Program or CHIP

1. Discussion

Effective provider screening prevents excluded providers from enrolling in government health care programs and being paid with Federal and State funds. Providers barred from participating because of effective screening cannot abuse Medicare, Medicaid, or CHIP.

When a State terminates a provider but does not share that information with any other State, all other States become vulnerable to potential fraud, waste, and abuse committed by that provider. Similarly, a provider, supplier, or eligible professional that has been terminated from Medicare or has had Medicare billing privileges revoked may enroll with a State Medicaid program or with CHIP when a State is not aware of the Medicare termination or revocation. We may terminate or revoke the billing privileges of a provider, supplier, or eligible professional under Medicare for a number of reasons, as set forth at § 424.535, including exclusion from health care programs, government-wide debarment, and conviction of violent felonies and financial crimes.

Section 6501 Affordable Care Act requires a State's Medicaid program to terminate an individual or entity's participation in the program (subject to certain limitations on exclusions in sections 1128(c)(2)(B) and 1128(d)(2)(B) of the Act), if the individual or entity has been terminated under Medicare or Start Printed Page 58229 another State's Medicaid program. Although the term “termination” only applies to providers under Medicare whose billing privileges have been revoked (and does not apply to Medicare suppliers or eligible professionals), we believe it was the intent of the Congress that this requirement also be applicable to suppliers and eligible professionals that have had their billing privileges under Medicare revoked as well. Therefore, we are proposing that “termination” be inclusive of situations where an individual's or entity's billing privileges have been revoked. The requirement for States to terminate would only apply in cases where providers, suppliers, or eligible professionals were terminated or had their billing privileges revoked for cause, for example, for reasons based upon fraud, integrity or quality, and not in cases where the providers, suppliers, or eligible professionals were terminated or had their billing privileges revoked based upon a failure to submit claims over a period of 12 months or more, or any other voluntary action taken by the provider to end its participation in the program, except where that voluntary action is taken to avoid a sanction.

In addition, State Medicaid programs would terminate a provider only after the provider had exhausted all available appeal rights in the State that originally terminated the provider.

Section 6501 of the ACA builds upon the requirements in section 6401(b)(2) of the ACA, which requires that CMS establish a process to make available Medicare provider, supplier, and eligible professional and CHIP provider termination information to State Medicaid programs. Section 1902(ii)(6) of the Act also requires States to report adverse provider actions to CMS, including criminal convictions, sanctions, and negative licensure actions.

When States are apprised of the terminations or revocations of billing privileges, as the case may be, of providers, suppliers, and eligible professionals that have occurred in other State Medicaid programs, CHIP, or in Medicare, States have the information they need to protect their programs.

2. Statutory Change

Section 6501 of the ACA amends section 1902(a)(39) of the Act to require a State Medicaid program to terminate any provider, be it an individual or entity, participating in that program, subject to the limitations on exclusions in sections 1128(c)(2)(B) and 1128(d)(2)(B) of the Act, if the provider's participation has been terminated under title XVIII of the Act or another State's Medicaid program.

3. Proposed Requirements

We propose at 42 CFR 455.416 that a State Medicaid program must deny enrollment or terminate the enrollment of a provider that is terminated on or after January 1, 2011 under Medicare, or has had its billing privileges revoked, or is terminated on or after January 1, 2011 under any other State's Medicaid program or CHIP.

While section 6501 of the ACA does not expressly require that individuals or entities that have been terminated under Medicare or Medicaid also be terminated from CHIP, we also propose, under our general rulemaking authority pursuant to section 1102 of the Act, to require in CHIP regulations that CHIP take similar action to terminate a provider terminated or revoked under Medicare, or terminated under any other State's Medicaid program or CHIP.

We also propose to add a definition at § 455.101 for termination for purposes of this section. That definition distinguishes between Medicaid providers and Medicare providers, suppliers, and eligible professionals and specifies that termination means a State Medicaid program or the Medicare program has taken action to revoke the Medicaid provider's or Medicare provider, supplier or eligible professional's billing privileges and the provider, supplier or eligible professional has exhausted all applicable appeal rights. There is no expectation on the part of the provider, supplier, or eligible professional or the State or Medicare program that the termination or revocation is temporary. The provider, supplier or eligible professional would be required to reenroll with the applicable program if they wish billing privileges to be reinstated.

G. Additional Medicare Provider Enrollment Provisions

In § 424.535(a)(11), we propose allowing CMS or its designated Medicare contractor to revoke Medicare billing privileges when a State Medicaid agency terminates, revokes, or suspends a provider or supplier's Medicaid enrollment or billing privileges. We believe that this approach works in tandem with section 6501 of the ACA which requires States to terminate a provider or supplier under the Medicaid program when the provider or supplier has been terminated by Medicare or by another State's Medicaid program. Moreover, we believe that providers and suppliers whose enrollment has been terminated by a State Medicaid program pose an increased risk to the Medicare program.

III. Collection of Information Requirements

Under the Paperwork Reduction Act of 1995, we are required to provide 60-day notice in the Federal Register and solicit public comment before a collection of information requirement is submitted to the Office of Management and Budget (OMB) for review and approval. In order to fairly evaluate whether an information collection should be approved by OMB, section 3506(c)(2)(A) of the Paperwork Reduction Act of 1995 requires that we solicit comment on the following issues:

• The need for the information collection and its usefulness in carrying out the proper functions of our agency.
• The accuracy of our estimate of the information collection burden.
• The quality, utility, and clarity of the information to be collected.
• Recommendations to minimize the information collection burden on the affected public, including automated collection techniques.

We are soliciting public comment on each of these issues for the following sections of this document that contain information collection requirements (ICRs):

A. ICRs Regarding Application Fee Hardship Exception (§ 424.514)

Proposed § 424.514(e) states that a provider or supplier that believes it has a hardship that justifies a waiver exception of the application fee must include with its enrollment application a letter that describes the hardship and why the hardship justifies a waiver exception. The burden associated with this proposed requirement would be the time and effort necessary to submit a Medicare enrollment application, which is required currently of any individual or entity enrolling in Medicare. In addition to the enrollment application, a provider or supplier would have the new burden of drafting and submitting a letter to justify its hardship waiver request should it choose to submit one. The burden associated with submitting Medicare enrollment applications is approved under both 0938-0685 and 0938-1056, the CMS Forms 855-A, B, and the CMS-855-S (or their associated Internet-based PECOS enrolment application), respectively. Although we have no way of knowing for certain how many entities will actually submit an application with a letter requesting a waiver, we know that initially there are likely to be more such requests in the early years of implementation than in later years. We estimate that in the first Start Printed Page 58230 year, 12,000 providers or suppliers -or slightly over 50 percent of the total number of providers and suppliers that we believe (as discussed in the section V. of this proposed rule) will be subject to the application fee—will submit waiver request letters as part of their application packages. We also estimate that it will take each provider or supplier 1 hour to develop the letter. The total estimated annual burden associated with this requirement is therefore 12,000 hours at a cost of $600,000, or $50.00 per waiver request.

B. ICRs Regarding Fingerprinting (§ 424.518 and § 455.434)

Proposed § 424.518(c) which reads: “In addition to the “limited” and “moderate” screening requirements described in (a) and (b) above, the Medicare enrollment contractor shall conduct a criminal background check or require the submission of set of fingerprints using the FD-258 standard fingerprint card when a prospective home health agency or supplier of DMEPOS is enrolling into the Medicare program or is establishing a new practice location and is not publicly-traded on the NYSE or NASDAQ,” would allow CMS, its agents or its designated contractors to require the submission of a set of fingerprints using the FD-258 standard fingerprint card. Similarly, proposed § 424.518(d) which reads in part: “An individual must submit a set of fingerprints using the FD-258 standard fingerprint card with the Medicare enrollment application or within 30 days of a Medicare contractor request. An individual who does not submit a set of fingerprints using the FD-258 standard fingerprint card with the Medicare enrollment revalidation or revalidation application or within 30 days of a Medicare contractor request, may have his/her Medicare billing privileges denied,” would allow CMS, its agents or its designated contractors to require that each owner, authorized official, delegated official, and managing employee, of a provider or supplier to submit a set of fingerprints using the FD-258 standard fingerprint card. We estimate that CMS or its designated contractors will make 7,000 such requests per year. This is predicated on our projection that—based on 2009 statistics—roughly 7,000 DMEPOS suppliers and HHAs will annually enroll in Medicare. For purposes of this ICR statement only, and to ensure that we do not underestimate the possible burden, we will estimate that all of these providers and suppliers will be required to submit the standard fingerprint card. We further estimate that an average of five individuals per provider or supplier will be required to comply with this request, though we do seek comments—for purposes of this ICR and the RIA below—on whether the estimate of 5 individuals per applicant is accurate. Additionally, we estimate that it will take each of the 35,000 respondents (7,000 × 5) a total of 2 hours to obtain a set of fingerprints using the FD-258 standard fingerprint card and to submit the card to CMS or its designated contractor. Consequently, the total estimated annual burden associated with this requirement is 70,000 hours (35,000 respondents × 2 hours) at a cost of $3.5 million (70,000 hours × an estimated per hour cost of $50).

Similarly, proposed § 424.518(c)(3)(iv) (new providers in “high” risk category after lifting of moratoria) would allow CMS, its agents or its designated contractors to require that each owner, authorized official, delegated official, and managing employee, of a provider or supplier to submit a set of fingerprints using the FD-258 standard fingerprint card. The burden associated with the proposed requirement is the time and effort necessary for the owner, authorized official, delegated official, and managing employee of a provider or supplier to submit the required information upon request. We estimate that CMS or its designated contractors will make 2,000 requests per year. This is based on the number of providers and suppliers that we estimate will attempt to enroll in Medicare after the lifting of a moratorium for their respective provider or supplier type. This estimate of course, cannot be conclusively quantified because it is impossible for us to say with certainty which provider and supplier types will be subject to a moratorium. To ensure that we do not underestimate the potential burden, we will calculate projections should 5,000 or even 10,000 requests be made.

We estimate that an average of five individuals per provider or supplier will be required to comply with this request. We further project that it will take each of the 10,000 respondents (2,000 × 5) a total of 2 hours to obtain a set of fingerprints using the FD-258 standard fingerprint card and to submit the card to CMS or its designated fee-for-service contractor. The estimate annual burden associated with this requirement, based on 2000 requests, is 20,000 hours (10,000 respondents × 2 hours) at a cost of $1 million (20,000 × $50 per hour). If 5,000 requests are made, the burden is 50,000 hours at a cost of $2.5 million (5,000 × 5 respondents × 2 hours × $50 per hour.) If 10,000 requests are made, the burden is 100,000 hours at a cost of $5 million (10,000 × 5 respondents × 2 hours × $50 per hour).

In addition, there are some limited circumstances when CMS could ask a physician to submit fingerprints. For example, a provider or supplier that is being enrolled in Medicare after the lifting of a temporary moratorium could automatically be classified as “high” risk and as such would be subject to criminal background checks and fingerprinting of owners and other officials in the company. If a physician were to be the owner or other official of the company, CMS would have the authority to request fingerprints from the company official. Other circumstances where physicians might be subject to a request for finger printing are when the physician is an official of an entity in the “high” risk category, or if CMS or its agent(s) determine that a particular provider or supplier in the “high” risk category is possibly engaged in fraud. We estimate that CMS or its designated contractors will make 500 such requests for finger prints per year. We further estimate that it will take each of the 500 respondents a total of 2 hours to obtain a set of fingerprints using the FD-258 standard fingerprint card and to submit the card to CMS or its contractor. The total estimate annual burden associated with this requirement is 1,000 hours (500 respondents × 2 hours) at a cost of $50,000 (1,000 hours × $50 per hour).

Assuming that 2,000 post-moratorium requests for fingerprints are made, the total estimated annual burden associated with the requirements in this ICR is 103,000 hours at a cost of $5,150,000. If 5,000 post-moratorium requests are made, the estimated annual burden is 133,000 hours at a cost of $6,650,000. If 10,000 post-moratorium requests are made, the estimated annual burden is 183,000 hours at a cost of $9,150,000.

Proposed § 455.434 states that when a State Medicaid agency determines that a provider is “high” risk, the State Medicaid agency will require that provider to submit fingerprints. We anticipate that States will be collecting fingerprints on a significantly smaller number of providers. However, as with our estimate on potential burden discussed for Medicare, we prefer to overestimate the potential burden rather than underestimate it. Therefore, we anticipate that States may require an additional 26,000 individuals to submit fingerprints prior to enrolling in a State's Medicaid program or CHIP. The total estimate annual burden associated with this requirement for Medicaid and CHIP is 52,000 hours (26,000 respondents × 2 hours) at a cost of Start Printed Page 58231 $2,600,000 (52,000 hours × $50 per hour).

C. ICRs Regarding Suspension of Payments in Cases of Fraud or Willful Misrepresentation (§ 455.23)

As stated in proposed § 455.23(a), a State Medicaid agency shall suspend all Medicaid payments to a provider when there is pending an investigation of a credible allegation of fraud under the Medicaid program against an individual or entity unless it has good cause to not suspend payments or to suspend payment only in part. The State Medicaid agency may suspend payments without first notifying the provider of its intention to suspend such payments. A provider may request, and must be granted, administrative review where State law so requires.

The burden associated with this requirement is the time and effort necessary for a provider to request administrative review were State law so requires. While this requirement is subject to the PRA, we believe the associated burden is exempt in accordance with 5 CFR 1320.4; information collected subsequent to an administrative action is not subject.

D. ICRs Regarding Collection of SSNs and DOBs for Medicaid and CHIP Providers (§ 455.104)

As stated in proposed § 455.104(b)(1), the State Medicaid agency must require that all persons with an ownership or control interest in a provider submit their SSN and DOB. The burden associated with the Medicaid requirements in § 455.104(b)(1) is the time and effort necessary for a provider to report the SSN and DOB for all persons with an ownership or control interest in a provider.

Although our data on Medicaid provider enrollment at the national level is very limited, we do collect annual data on State Medicaid program integrity activities. This annual data collection, known as the State Program Integrity Assessment (SPIA) program approved, under OCN 0938-1033, consists of self-reported data by States regarding a variety of program integrity related activities. The information is self-reported and has not been independently verified by CMS, and it undoubtedly represents some unknown degree of duplication among providers across States. Consequently, the estimated number of Medicaid providers nationally is likely overstated. According to SPIA data for FFYs 2007 and 2008, there has been an average of 1,855,070 existing Medicaid providers nationally over the 2-year period of FFY 2007 and FFY 2008. We estimate that one-fifth, or 371,014 (1,855,070 × 20 percent) of existing Medicaid providers would be required to re-enroll each year. Additionally, we estimate that there will be 56,250 newly enrolling Medicaid providers each year, for a total of 427,264 Medicaid providers that will be subject to the SSN and DOB reporting requirements each year. We further estimate that it will take each provider an average of 2 minutes to report the SSN and DOB for all persons with an ownership or control interest. Thus, the estimate annual burden associated with this requirement for Medicaid providers is 14,242 hours (427,264 × 2 minutes, divided by 60 minutes per hr) at a cost of $712,100 (14,242 hours × $50 per hour).

E. ICRs Regarding Site Visits for Medicaid-Only or CHIP-Only Providers (§ 455.450)

As stated in proposed in § 455.450(b), a State Medicaid agency must conduct on-site visits for providers it determines to be “moderate” or “high” categorical risk. We anticipate that Medicare contractors will perform the screening activities for the overwhelming majority of providers that are dually enrolled in both Medicare and Medicaid, and thus, we estimate that State Medicaid agencies will conduct approximately 5,000 site visits for Medicaid-only providers nationally per year. We further estimate that it will take one individual 8 hours to perform each on-site visit (including travel time). Thus, the total estimate annual burden associated with this requirement for Medicaid is 40,000 hours (5,000 site visits × 8 hours) at a cost of $2,000,000 (40,000 hours × $50 per hour).

F. ICRs Regarding the Rescreening of Medicaid Providers Every 5 Years (§ 455.414)

As stated in proposed § 455.414, a State Medicaid agency must screen all providers at least every 5 years. This requirement is consistent with the Medicare requirement that providers, suppliers, and eligible professionals must re-enroll at least every 5 years (more often for certain types of suppliers). The burden associated with this proposed requirement would be the time and effort necessary for Medicaid-only providers to re-enroll in Medicaid, and the time and effort necessary for a State to conduct the provider screening,

Although our data on Medicaid provider enrollment at the national level is very limited, we do collect annual data on State Medicaid program integrity activities. This annual data collection, known as the State Program Integrity Assessment (SPIA) program, consists of self-reported data by States regarding a variety of program integrity related activities. The information is self-reported and has not been independently verified by CMS, and it undoubtedly represents some unknown degree of duplication among providers across States. Consequently, the estimated number of Medicaid providers nationally is likely overstated. According to SPIA data for FFYs 2007 and 2008, there has been an average of 1,855,070 existing Medicaid providers nationally over the 2-year period of FFY 2007 and FFY 2008. We estimate that one-fifth, or 371,014 (1,855,070 × 20 percent) of existing Medicaid provider would be required to re-enroll each year, Although provider enrollment requirements vary by State, we further estimate that it will take each provider an average of 2 hours to complete the Medicaid re-enrollment requirements. Thus, the estimate annual burden associated with this requirement for Medicaid providers is 742,028 hours (371,014 × 2 hours) at a cost of $37,101,400 (742,028 hours × $50 per hour).

We estimate that 80 percent of Medicaid providers also participate in Medicare, and thus would have provider screening activities performed by the Medicare contractors. Thus, we estimate that States would be required to conduct provider screening activities for 74,203 (371,014 × 20 percent) re-enrolling Medicaid-only providers each year. We further estimate that it will take States, on average, 4 hours to perform the required provider screening activities—noting that currently enrolled providers would generally be categorized as lower risk than newly-enrolling providers. The estimated burden associated with this requirement for State Medicaid agencies is 296,812 hours (74,203 × 4 hours) at a cost of $14,840,600 (296,812 hours × $50 per hour). We believe that the burden on States will be in large part offset by the application fees collected and by the Federal share for the amounts not covered by the application fee.

The total estimate annual burden associated with this requirement is 1,038,840 hours at a cost of $51,942,000. Start Printed Page 58232

IV. Response to Comments

Because of the large number of public comments we normally receive on Federal Register documents, we are not able to acknowledge or respond to them individually. We will consider all comments we receive by the date and time specified in the DATES section of this preamble, and, when we proceed with a subsequent document, we will respond to the comments in the preamble to that document.

V. Regulatory Impact Analysis

A. Overall Impact

We have examined the impact of this rule as required by Executive Order 12866 on Regulatory Planning and Review (September 1993), the Regulatory Flexibility Act (RFA) (September 19, 1980, Pub. L. 96-354), section 1102(b) of the Social Security Act, section 202 of the Unfunded Mandates Reform Act of 1995 (Pub. L. 104-4), Executive Order 13132 on Federalism (August 4, 1999), and the Congressional Review Act (U.S.C. 804(s).

Executive Order 12866 directs agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts; and equity). A regulatory impact analysis (RIA) must be prepared for rules with economically significant effects ($100 million or more in any 1 year). This rule does reach the economic threshold and thus is considered an economically significant rule.

The RFA requires agencies to analyze options for regulatory relief for small businesses. Under the RFA, we must either prepare an Initial Regulatory Flexibility Analysis or certify that the proposed rule will not have a significant impact on a substantial number of small entities. For purposes of the RFA, small entities include small businesses, nonprofit organizations, and government agencies. Most hospitals and most other providers and suppliers are small entities, either by nonprofit status or by having revenues of less than $7.0 to $34.5 million (depending on provider type) in any one year. Individuals and States are not included in the definition of a small entity. HHS practice is to assume that all providers affected by our rules are small entities, since we know that the vast majority meet the criteria used under the RFA. We do not believe that our application fees will have a significant impact on any small entities. Likewise, we do not believe that other screening provisions, such as the provision of fingerprints or accommodating unannounced visits, will have a significant impact on any small entities. We think this proposed rule could have significant impact on a relatively small proportion of small businesses in terms of restrictions on Federal health monies paid to small businesses participating in the Medicare or Medicaid programs or CHIP. Clearly, imposition of an enrollment moratorium would have an impact on a small business that is attempting to do business with any of the Federal health programs. Similarly, suspension of payments to any small entity could create a significant impact on that entity. We have, however, no basis for estimating how many entities might be affected by these provisions. Finally, we believe that this proposed rule will reduce fraud and abuse among potential providers. Clearly, there will be a significant impact on their ability to defraud the taxpayer in several ways. First, closer screening of certain high-risk providers and suppliers will better enable CMS to detect those individuals and entities that pose a risk to the Medicare program. Preventing unqualified providers and suppliers from enrolling in Medicare will protect the Medicare Trust Fund and save the taxpayers millions of dollars. Second, an application fee will help reduce the costs of administering the Medicare program. Third, the temporary moratoria provisions will enable CMS to restrict the entry of certain providers and suppliers into Medicare in order to prevent or combat fraud, waste, and abuse, thus, again, saving millions of Federal dollars. While we cannot quantify with exactitude the amount of money that the Medicare program will save as a result of these measures, we do believe that the figure will exceed the costs outlined in this RIA. We are seeking comment on the overall proposed screening processes described in section II.A. of this proposed rule, including how the risk of fraud is determined, the administrative interventions proposed to address the risk, and the criteria for exceptions to the enrollment application fee and any temporary enrollment moratoria. We ask small businesses to comment on these provisions and offer suggestions about how to mitigate what they might see as adverse administrative or financial impacts. This RIA, taken together with the remainder of the preamble, constitutes an Initial Regulatory Flexibility Analysis under the RFA.

In addition, section 1102(b) of the Act requires us to prepare a regulatory impact analysis if a rule may have a significant impact on the operations of a substantial number of small rural hospitals. This analysis must conform to the provisions of section 603 of the RFA. For purposes of section 1102(b) of the Act, we define a small rural hospital Start Printed Page 58233 as a hospital that is located outside of a Metropolitan Statistical Area and has fewer than 100 beds. We are not preparing an analysis for section 1102(b) of the Act because we have determined that this final rule will not have a significant impact on the operations of a substantial number of small rural hospitals.

Section 202 of the Unfunded Mandates Reform Act of 1995 also requires that agencies assess anticipated costs and benefits before issuing any rule that may result in expenditure in any 1 year by State, local, or tribal governments, in the aggregate, or by the private sector, of $135 million. This rule does mandate expenditures by State and local governments, in order to enforce the Medicaid-related provisions, but we believe that those expenditures will be relatively minor. The mandated costs on providers—primarily for application fees—may approach or exceed the threshold for the private sector. Accordingly, this RIA constitutes the required assessment of costs and benefits under UMRA.

Executive Order 13132 establishes certain requirements that an agency must meet when it promulgates a proposed rule (and subsequent final rule) that imposes substantial direct requirement costs on State and local governments, preempts State law, or otherwise has Federalism implications. Since this proposed rule would not impose any substantial direct requirement costs on State or local governments, preempt State law, or otherwise have Federalism implication, the requirements of E.O. 13132 are not applicable.

B. Anticipated Effects

1. Medicare

a. Enhanced Screening Procedures—Medicare

Based on statistics obtained from PECOS and our Medicare contractors, there are approximately 400,000 providers and suppliers currently enrolled in the Medicare program. (This does not include eligible professionals.) This figure includes ambulance service suppliers; ambulatory surgical centers; community mental health centers; comprehensive outpatient rehabilitation facilities; suppliers of DMEPOS; end-stage renal disease facilities; federally qualified health centers; histocompatibility laboratories; home health agencies; hospices; hospitals, including physician-owned specialty hospitals; critical access hospitals; independent clinical laboratories; independent diagnostic testing facilities; Indian health service facilities; mammography centers; mass immunizers (roster billers); medical groups/clinics, including single and multi-specialty clinics; organ procurement organizations; outpatient physical therapy/occupational therapy/speech pathology services; portable X-ray suppliers; skilled nursing facilities; radiation therapy centers; religious non-medical health care institutions; and rural health clinics. We note the following in section III. of this proposed rule:

• Based on 2009 experience we estimate that there will be 7,000 DMEPOS suppliers and HHAs that will submit an application to become a new Medicare enrolled provider in 2011. We would require approximately 35,000 individuals (7,000 providers/suppliers × 5 individuals per applicant) to undergo fingerprinting to participate in the Medicare program as an owner, authorized official, delegated official, or managing employee of an HHA or supplier of DMEPOS. We have found that the cost of having a set (two prints) of fingerprints done through a local law enforcement office is approximately $50.00 per individual. The cost of this fingerprinting requirement would therefore be $1.75 million per year (35,000 individuals × $50).
• We estimate that 10,000 individuals (2,000 providers or suppliers × 5 individuals per applicant) would undergo fingerprinting following the lifting of a moratorium on a particular provider or supplier type, at a cost of $500,000 per year (10,000 × $50). Should requests be made of 5,000 providers or suppliers, the annual figure would be $1,250,000 (5,000 × 5 individuals per applicant × $50). Should requests be made of 10,000 providers or suppliers, the annual figure would be $2.5 million (10,000 × 5 × $50).
• We estimate that 500 physicians would undergo fingerprinting per year, at a cost of $25,000.

This results in a total cost of the fingerprinting requirement of $2,275,000 per year ($1,750,000 + $500,000 + $25,000), or $11,375,000 over 5 years. If 5,000 post-moratorium requests are made, the annual cost is $3,025,000, with a 5-year cost of $15,125,000. Should 10,000 post-moratorium requests be made, the annual cost is $4,275,000, with a 5-year cost of $21,375,000.

As we believe that 2,000 post-moratorium requests is the most likely scenario, we will hereafter use the $2,275,000 amount as the annual cost of this requirement. This results in an estimated 5-year cost of $11,375,000.

b. Application Fee—Medicare

The Secretary shall impose an application fee on each institutional provider. The amount of the fee is $500 per provider or supplier for 2010. For 2011 and each subsequent year, the fee amount will be determined by the statutorily-required formula using the consumer price index for all urban consumers (CPI-U). The enrollment application fee does not apply to individual eligible professionals (for example, physicians). The fee is to be paid by institutional providers only. The new screening provisions are applicable to new and revalidating providers and suppliers effective March 23, 2011, and to currently enrolled providers and suppliers as of March 23, 2012. We intend to begin collecting the enrollment application fee for new providers and suppliers and for currently enrolled providers revalidating enrollment effective March 23, 2011.

c. General Enrollment Framework

(1) New Enrollment

Medicare contractors report that over the last several years, approximately 32,000 is the annual number of newly enrolling providers and suppliers that would—without accounting for the possible granting of waivers—be subject to the enrollment application fee—(approximately 20,000 for Medicare Part B, approximately 7,000 DMEPOS suppliers and HHAs (as explained in the Collection of Information section above), and approximately 5,000 non-HHA Medicare Part A providers).

We assume that no more than 2.5 percent of these 32,000 providers and suppliers—or 800—will receive a hardship exception; as indicated earlier, exceptions will only be approved infrequently.

In FY 2011, we reduced the estimate number of institutional providers subject to the application fee by 25 percent because the application fee will not begin until March 23, 2011. Accordingly, the number of institutional providers that we anticipate paying the application fee will be 23,400 (or 31,200 X .75) in FY 2011. In FY 2011, we reduced the estimate number of institutional providers subject to the application fee by 25 percent because the application fee will not begin until March 23, 2011. Accordingly, the number of institutional providers that we anticipate paying the application fee will be 24,000 in FY 2011.

Therefore, the impacts of the enrollment application fee are as follows. If we use 23,400 as the number of newly enrolling providers and Start Printed Page 58234 suppliers in 2011, multiply this number by the $500 application fee, we get $11,700,000 collected for the first year (that is, CY 2011). If we assume that the number of newly enrolling providers and suppliers will remain constant at 31,200 for years 2012 through 2015, then the cost to the number of newly enrolling providers and suppliers would be approximately $78.87 million. These estimates are displayed in the table below, and account for a projected annual CPI-U rate increase of 3 percent from FY 2012 to FY 2015—knowing, of course, that this figure could fluctuate significantly based on national economic conditions.

Although we have no way to predict that the number of new enrollments will change in future years, it is possible that the number of enrolling providers and suppliers vary from what has been the norm. If our estimate of the number of newly enrolling providers is inaccurate and we enroll a different number of providers and suppliers after the effective date of the new screening and other provisions contained in the ACA, we estimate based on the $500 enrollment application fee—a rough difference of $1 million for each increment of 2000 new enrollments, whether fewer or greater.

(2) Revalidation

There are approximately 100,000 currently enrolled suppliers of DMEPOS who are required to revalidate their enrollment every 3 years and 300,000 additional providers and suppliers that do not provide DMEPOS that are required to revalidate their enrollment every 5 years. On a yearly basis, we estimate that approximately 33,000 DMEPOS suppliers (one-third of the total) and 60,000 other, non-DMEPOS providers/suppliers (one-fifth of the total) would revalidate their enrollment in Medicare, for an annual total of 93,000. Since, as explained earlier, we estimate that no more than 2.5 percent of these providers and suppliers will receive a waiver from the application fee, we project that 90,675 such providers and suppliers will be subject to the fee.

This proposed rule contemplates collecting the application fee for currently enrolled providers that revalidate their enrollment on or after March 23, 2011—almost 3 months into CY 2011. Therefore, we have adjusted the number of existing Medicare institutional providers subject to an application fee by 25 percent, from 90.675 to 68.006 (or 90.675 × .75) in FY 2011. Further accounting for: (1) A projected annual CPI-U rate increase of 3 percent, as stated above; and (2) our assumption that the number of revalidating providers and suppliers will remain at 90,675 between CY 2012 and 2015, the cost associated with these fees for revalidating providers and suppliers would be approximately $183,548,740 over the first 5 years that the ACA provisions are in effect, as shown in Table 8 below.

Therefore, we estimate that the total impact of the proposed provisions for the application fee to be approximately $308,099,875 over the next 5 years. This number was approximated by adding the cumulative application fees for newly enrolling providers and suppliers ($78,873,600 as shown in Table 6) to the cumulative application fees for revalidating providers and suppliers ($229,226,275).

2. Medicaid

a. Enhanced Screening Procedures

Although our data on Medicaid provider enrollment at the national level is very limited, we do collect annual data on State Medicaid program integrity activities. This annual data collection, known as the State Program Integrity Assessment (SPIA) program, consists of self-reported data by States regarding a variety of program integrity related activities. The information is self-reported and has not been independently verified by CMS, and it undoubtedly represents some unknown degree of duplication among providers across States. Consequently, the estimated number of Medicaid providers nationally is likely overstated. According to SPIA data for FFYs 2007 and 2008, there has been an average of 1,855,070 existing Medicaid providers nationally over the 2-year period of FFY 2007 and FFY 2008. This universe of Medicaid providers includes all provider types, both institutional providers and individual practitioners. In the Medicare program, eligible practitioners make up approximately 70 percent of the total universe of providers, suppliers, and eligible practitioners. Because we do not have detailed information regarding the breakdown of Medicaid providers by type nationally, we will apply the same ratio to determine the percentage of institutional Medicaid providers. Therefore, we estimate that there are approximately 556,521 Medicaid-only providers nationally that are not individual practitioners.

We also estimate almost all CHIP providers are also Medicaid providers. So, for purposes of this section, we are considering CHIP providers to also be Medicaid providers and will subsequently refer to them only as Medicaid providers.

As previously stated in the Medicare section of the analysis, we estimate that we would require the following:

• Approximately 35,000 individuals will undergo fingerprinting to enroll in the Medicare program as owners, authorized officials, delegated officials, or managing employees of a home health agency or supplier of DMEPOS. Based on data collected as part of the State survey and certification activities for home health agencies, less than 1 percent of home health agencies are Medicaid-only. And, although there is no data available on the number of Medicaid-only suppliers of DMEPOS, we estimate that the number is minimal as well, as a number of States require suppliers of DMEPOS to be enrolled in Medicare prior to enrolling in Medicaid. Therefore, we estimate that States may require approximately 1,000 additional individuals with ownership or control interests in the suppliers of DMEPOS, or home health agencies, or persons who are agents of or managing employees of the suppliers of DMEPOS, or home health agencies, to undergo fingerprinting for enrollment in the Medicaid program. The cost of this fingerprinting requirement would be approximately $50,000 (1,000 × $50 = $50,000), though we seek comments on the accuracy of this figure.
• We anticipate that Medicare contractors will perform the screening activities for the overwhelming majority of providers following the lifting of a Secretary-imposed temporary moratorium and for the limited circumstances in which physicians may be fingerprinted. However, given that States may also classify certain Medicaid-only providers as “high” categorical risks, we are estimating that States may require approximately 25,000 additional individuals to undergo fingerprinting prior to enrolling in a State's Medicaid program, at a cost of $1,250,000 (25,000 × $50 = $1,250,000).

Consequently, we estimate that fingerprinting individuals for purposes of Medicaid enrollment will cost $1,300,000.

When averaged across 50 States, the District of Columbia and Puerto Rico, the annual cost of fingerprinting per State will be $26,000.

b. Application Fee—Medicaid

For those providers not screened by Medicare, the State may impose a fee on each institutional provider being screened. The amount of the fee is $500 per provider for 2010. For 2011 and each subsequent year, the amount will be determined by the statutorily-required formula using the consumer price index for all urban consumers (CPI-U).

c. General Enrollment Framework

For purposes of this section, we assume that 80 percent of institutional Medicaid providers will be dually participating in both Medicare and Medicaid, and thus will be subject to the application fee as part of the Medicare screening and enrollment. Therefore we estimate that 20 percent, or 111,304 (556,521 × 20 percent), of the institutional Medicaid-only providers will not be screened by Medicare and thus will be subject to the application fee under Medicaid. We project that a significant number of existing and future Medicaid providers will request a hardship exception, or that a State will request a waiver of the application fee for certain Medicaid provider types of the application fee on the basis of ensuring access to care. For purposes of this section, although we have no way to estimate the exact number of providers that will ultimately request and be approved for a hardship exception, or the number of States that will request a waiver of the fee for certain Medicaid provider types, we predict that 25 percent of all Medicaid providers subject to the fee will receive the hardship exception or be granted a waiver of the fee on the basis of ensuring beneficiary access to care. We recognize that this 25 percent figure is significantly higher than the 2.5 percent waiver rate we are using for Medicare application fees. Yet we believe the difference is justified because of the greater access to care issues that may arise in Medicaid. Consequently, we estimate that 83,478 existing Medicaid providers will be required to pay the application fee (111,304 existing Medicaid providers that are not dually enrolled less 25 percent or 27,826 existing providers).

(1) New Enrollments

We apply the 80 percent rate for newly-enrolling Medicaid institutional providers that will be dually participating in both Medicare and Medicaid and thus not subject to the fee under Medicaid, and 25 percent hardship exception rate to the annual number of newly-enrolling Medicaid institutional providers not dually enrolled. The 45,000 newly-enrolling Medicare institutional providers annually represent 80 percent of the total newly-enrolling Medicaid institutional providers annually. Therefore, we estimate that there will be 11,250 newly-enrolling Medicaid institutional providers annually that are subject to the application fee under Medicaid (45,000 providers divided by 80 percent, −45,000 = 11,250). We project another 25 percent will be exempted for hardship or be granted a waiver of the fee on the basis of ensuring beneficiary access to care, resulting in 8,438 newly-enrolling Medicaid institutional providers being Start Printed Page 58236 subject to the application fee each year nationally.

Consistent with the Medicare analysis, in FY 2011, we reduced the estimated number of institutional providers subject to the application fee by 25 percent because the application fee will not begin until March 23, 2011. Accordingly, the number of institutional providers that we anticipate paying the application fee will be 6,329 in FY 2011. Consequently, we project the dollars due from application fees for newly-enrolling Medicaid institutional providers who are not dually enrolled to be $21,331,514 for the first 5 years in total. When averaged across 50 States, the District of Columbia and Puerto Rico, the total application fees for the 5 years in total per State will be approximately $410,221.

(2) Re-Enrollment

This proposed rule contemplates that States would require Medicaid providers to re-enroll every 5 years. On a yearly basis, we estimate that approximately 16,696 Medicaid institutional providers (one fifth of the total) would re-enroll with the State Medicaid agency.

We contemplate collecting the application fee for currently enrolled providers beginning on March 24, 2011. States would not collect an application fee with any re-enrollments until that time—almost 3 months into CY 2011. Therefore, we have adjusted the number of existing Medicaid institutional providers subject to an application fee by 25 percent, from 16,696 to 12,522 in FY 2011. Consequently, we project the dollars due from application fees for currently-enrolled Medicaid institutional providers who are not dually enrolled is $42,207,488 for the first 5 years in total. When averaged across 50 States, the District of Columbia and Puerto Rico, the total application fees for the 5 years in total per State will be approximately $811,682.

3. Medicare and Medicaid

a. Moratoria on Enrollment of New Medicare Providers and Suppliers and Medicaid Providers

Although we have no way of predicting the exact cost savings associated with enrollment moratoria, we expect there will be program savings achieved by implementation of this section. As stated previously, these provisions will enable CMS to restrict the entry of certain providers and suppliers into Medicare in order to prevent or combat fraud, waste, and abuse. However, there are no cost burdens to the public or to the provider community. Therefore, we have not estimated the cost impacts of this provision.

b. Suspension of Payments in Medicare and Medicaid

As with payment moratoria, although we have no way of predicting the exact cost savings to Medicare and Medicaid associated with implementation of the provisions contained in this proposed rule, we certainly expect that there will be program savings that result from implementation of this provision. CMS and its law enforcement partners already have a process for payment suspension when possible fraud is involved. The changes proposed in this rule will strengthen the existing process and its applicability to Medicaid, but it will not create any different impact or burden on the provider community in circumstances of payment suspension. There are no new cost burdens to the public or the provider community associated with this provision.

C. Accounting Statement and Table

As required by OMB Circular A-4 (available at http://www.whitehouse.gov/​sites/​default/​files/​omb/​assets/​omb/​circulars/​a004/​a4.pdf ), we have prepared an accounting statement. This statement only addresses: (1) The costs of the fingerprinting requirement, and (2) the monetary transfer associated with the application fee. It does not address the potential financial benefits of these two requirements from the standpoint of their possible effectiveness in deterring certain unscrupulous providers and suppliers from enrolling in or maintaining their enrollment in Medicare and Medicaid. This is because it is impossible for us to quantify these benefits in monetary terms. Moreover, we cannot predict how many potentially fraudulent providers and suppliers will be kept out of the Medicare and Medicaid programs due to these proposed requirements.

1. Medicare

As stated previously, we estimate a total cost of the fingerprinting requirement of $2,275,000 per year ($1,750,000 + $500,000 + $25,000), or $11,375,000 over 5 years, if 2,000 post-moratorium requests are made. If 5,000 post-moratorium requests are made, the annual cost is $3,025,000, with a 5-year cost of $15,125,000. Should 10,000 post-moratorium requests be made, the annual cost is $4,275,000, with a 5-year cost of $21,375,000. We also stated in the RIA that the expected total application fees:

• For newly enrolling providers and suppliers would be $11.7 million in 2011, $16,068,000 in 2012, $16,536,000 in 2013, $17,035,200 in 2014, and $17,534,400 in 2015. This results in a 5-year total of $78,873,600.
• For revalidating providers and suppliers would be $34,003,000 in 2011, $46,697,625 in 2012, $48,057,750 in 2013, $49,508,550 in 2014, and $50,959,350 in 2015. This results in a 5-year total of $229,226,275.

The accounting statement reflects the: (1) Annual cost of the fingerprinting requirement, and (2) the application of the 3 percent and 7 percent discount rate to the combined amounts of the application fees for FY 2015—that is, $17,534,400 plus $50,959,350 (revalidations), for a total of $68,493,750; this constitutes a transfer of funds to the Federal government. We chose the FY 2015 figures so as to reflect the maximum amount of transferred funds in a given year during the initial-5 year period.

2. Medicaid

As stated in the RIA, we estimate that the annual cost of the fingerprint requirement for Medicaid will be $1,300,000, or $6,500,000 over a 5-year period. We also stated in the RIA that the expected total application fees:

• For newly enrolling providers and suppliers would be $3,164,500 in 2011, $4,345,570 in 2012, $4,472,140 in 2013, $4,607,148 in 2014, and $4,742,156 in 2015. This results in a 5-year total of $21,331,514. For revalidating providers and suppliers would be $0 in 2011; $6,448,830 in 2012; $8,448,880 in 2013; $9,116,016 in 2014; and $9,383,152 in 2015. This results in a 5-year total of $33,796,878.

The accounting statement reflects: (1) The annual cost of the fingerprinting requirement, and (2) the application of the 3 percent and 7 percent discount rate to the combined amounts of the application fees for FY 2015—specifically, $4,742,156 (new applicants) plus $9,383,152 (revalidations), for a total of $14,125,308. This constitutes a transfer of funds to the Federal government. As with the Medicare figures, we chose to use those from FY 2015 for Medicaid so as to reflect the maximum amount of transferred funds in a given year during the initial-5 year period.

D. Conclusion

This proposed rule contains provisions that are of critical importance in the transition of CMS' antifraud activities from “pay and chase” to fraud prevention. “Pay and chase” refers to the traditional approach under which CMS met its obligations to provide beneficiaries access to qualified providers and suppliers and to pay claims quickly by making it relatively easy for providers to sign up to bill Medicare, Medicaid or CHIP, paying their claims rapidly, and then detecting overpayments or fraudulent bills and pursuing recoveries of overpayments after the fact. That system functions reasonably well when the problems arise with legitimate providers and suppliers that will be solvent and in business when CMS seeks to recover overpayments or law enforcement pursues civil or criminal penalties. It is not adequate when the fraud is committed by sham operations that provide no services or supplies and exist simply to steal from Medicare or Medicaid and thrive on stealing or subverting the identities of beneficiaries and providers.

This proposed rule strikes a balance that will permit CMS to continue to assure that eligible beneficiaries receive appropriate services from qualified providers whose claims are paid on a timely basis while implementing enhanced measures to prevent outright fraud. The new and strengthened provisions in the ACA that are the subject of this proposed rule will help assure that only legitimate providers and suppliers are enrolled in Medicare, Medicaid, and CHIP, and that only legitimate claims will be paid. These provisions are applied according to the level of risk of fraud, waste, and abuse posed by different provider and supplier types. CMS will use screening tools for a particular provider or supplier type based on 3 distinct categories of risk: (1) Limited; (2) moderate; and (3) high. Limited risk providers will have enrollment requirements, license and database verifications; moderate risk will have those verifications plus unscheduled site visits; high risk will have verifications, unscheduled site visits, criminal background check and fingerprinting. CMS and the States will impose moratoria on the enrollment of new providers in situations when doing so is necessary to protect against a high risk of fraud. Working in conjunction with the OIG, CMS, and States will suspend payments pending an investigation of a credible allegation of fraud. And legitimate providers will be assisted in avoiding problems by implementing effective compliance programs.

This proposed rule is an essential tool in protecting public resources and assuring that they are devoted to providing health care rather than enriching fraudulent actors.

In accordance with the provisions of Executive Order 12866, this regulation was reviewed by the Office of Management and Budget.

List of Subjects

42 CFR Part 405

• Administrative practice and procedure
• Health facilities
• Health professions
• Kidney diseases
• Medical devices
• Medicare
• Reporting and recordkeeping requirements
• Rural areas
• X-rays

42 CFR Part 424

• Emergency medical services
• Health facilities
• Health professions
• Medicare, and Reporting and recordkeeping requirements

42 CFR Part 438

• Grant programs—health
• Medicaid
• Reporting and recordkeeping requirements

42 CFR Part 447

• Accounting
• Administrative practice and procedure
• Drugs
• Grant programs—health
• Health facilities
• Health professions
• Medicaid
• Reporting and recordkeeping requirements, and Rural areas

42 CFR Part 455

• Fraud
• Grant programs—health
• Health facilities
• Health professions
• Investigations
• Medicaid, and Reporting and recordkeeping requirements

42 CFR Part 457

• Administrative practice and procedure
• Grant programs—health
• Health insurance, and Reporting and recordkeeping requirements

42 CFR Part 498

• Administrative practice and procedure
• Health facilities
• Health professions
• Medicare
• Reporting and recordkeeping requirements

42 CFR Part 1007

• Administrative practice and procedure
• Fraud
• Grant programs—health
• Medicaid, and Reporting and recordkeeping requirements

For the reasons set forth in the preamble, the Centers for Medicare & Medicaid Services proposes to amend 42 CFR chapters IV and V as set forth below:

PART 405—FEDERAL HEALTH INSURANCE FOR THE AGED AND DISABLED

1. The authority citation for part 405 continues to read as follows:

Authority: Secs. 205(a), 1102, 1861, 1862(a), 1869, 1871, 1874, 1881, and 1886(k) of the Social Security Act (42 U.S.C. 405(a), 1302, 1395x, 1395y(a), 1395ff, 1395hh, 1395kk, 1395rr and 1395ww(k)), and sec. 353 of the Public Health Service Act (42 U.S.C. 263a).

Subpart C—Suspension of Payment, Recovery of Overpayments, and Repayment of Scholarships and Loans

2. The authority citation for subpart C is revised to read as follows:

Authority: Secs. 1102, 1815, 1833, 1842, 1862, 1866, 1870, 1871, 1879 and 1892 of the Social Security Act (42 U.S.C. 1302, 1395g, 1395l, 1395u, 1395y, 1395cc, 1395gg, 1395hh, 1395pp and 1395ccc) and 31 U.S.C. 3711.

3. In subpart C, remove the phrase “intermediary or carrier” and add the phrase “Medicare contractor” in its place.

4. Section 405.370 is amended as follows:

A. In paragraph (a), adding the definitions of “Credible allegation of fraud,” “Medicare contractor,” and “Resolution of an investigation” in alphabetical order.

B. In paragraph (a), revising the definitions of “Offset,” “Recoupment,” and “Suspension of payment”.

The additions and revisions read as follows:

PART 424—CONDITIONS FOR MEDICARE PAYMENT

7. The authority of citation for part 424 continues to read as follows:

Authority: Secs. 1102 and 1871 of the Social Security Act (42 U.S.C. 1302 and 1395hh).

8. Section 424.57 is amended by revising paragraph (e) to read as follows:

PART 438—MANAGED CARE

17. The authority for part 438 continues to read as follows:

Authority: Sec. 1102 of the Social Security Act (42 U.S.C. 1302).

18. Section 438.6 is amended by adding new paragraph (c)(5)(vi).

PART 447—PAYMENT FOR SERVICES

19. The authority citation for part 447 continues to read as follows:

Authority: Sec. 1102 of the Social Security Act (42 U.S.C. 1302).

20. A new § 447.90 is added to read as follows:

PART 455—PROGRAM INTEGRITY: MEDICAID

21. The authority citation for part 455 continues to read as follows:

Authority: Sec. 1102 of the Social Security Act (42 U.S.C. 1302).

22. Section 455.2 is amended by adding the definition of “Credible allegation of fraud” to read as follows:

Subpart E—Provider Screening and Enrollment

PART 457—ALLOTMENTS AND GRANTS TO STATES

27. The authority for part 457 continues to read as follows:

Authority: Section 1102 of the Social Security Act (42 U.S.C. 1302).

28. Section 457.900 is amended by adding a new paragraph (a)(2)(x) to read as follows:

PART 498—APPEALS PROCEDURES FOR DETERMINATIONS THAT AFFECT PARTICIPATION IN THE MEDICARE PROGRAM AND FOR DETERMINATIONS THAT AFFECT THE PARTICIPATION OF ICFs/MR AND CERTAIN NFs IN THE MEDICAID PROGRAM

30. The authority citation for part 498 continues to read as follows:

Authority: Secs. 1102 and 1871 of the Social Security Act (42 U.S.C. 1302 and 1395hh).

31. Section 498.5 is amended by adding a new paragraph (l)(4) to read as follows:

(l) * * *

(4) Scope of review. For appeals of denials based on § 424.530(a)(9) related to temporary moratorium, the scope of review will be limited to whether the temporary moratoria applies to the provider or supplier appealing the denial. The agency's basis for imposing a temporary moratorium is not subject to review.

PART 1007—STATE MEDICAID FRAUD CONTROL UNITS

32. The authority for part 1007 continues to read as follows:

Authority: 42 U.S.C. 1320 and 1395hh.

33. Section 1007.9 is amended by adding paragraphs (e) through (g) to read as follows:

Footnotes