AGENCY:

Centers for Medicare & Medicaid Services (CMS), HHS.

ACTION:

Final rule.

SUMMARY:

Section 1936 of the Social Security Act (the Act) (as added by section 6034 of the Deficit Reduction Act of 2005 (DRA) established the Medicaid Integrity Program to promote the integrity of the Medicaid program by requiring CMS to enter into contracts with eligible entities to: (1) Review the actions of individuals or entities furnishing items or services (whether on a fee-for-service, risk, or other basis) for which payment may be made under an approved State plan and/or any waiver of such plan approved under section 1115 of the Act; (2) audit claims for payment of items or services furnished, or administrative services rendered, under a State plan; (3) identify overpayments to individuals or entities receiving Federal funds; and (4) educate providers of services, managed care entities, beneficiaries, and other individuals with respect to payment integrity and quality of care.

This final rule will provide requirements for an eligible entity to enter into a contract under the Medicaid integrity audit program. The final rule will also establish the contracting requirements for eligible entities. The requirements will include procedures for identifying, evaluating, and resolving organizational conflicts of interest that are generally applicable to Federal acquisition and procurement; competitive procedures to be used; and procedures under which a contract may be renewed.

DATES:

This final rule is effective October 27, 2008.

FOR FURTHER INFORMATION CONTACT:

Barbara Rufo, 410 786-5589 or Crystal High, 410-786-8366.

SUPPLEMENTARY INFORMATION:

I. Background

A. Current Law

States and the Federal government share in the responsibility for safeguarding Medicaid program integrity. States must comply with Federal requirements designed to ensure that Medicaid funds are properly spent (or recovered, when necessary). CMS is the primary Federal agency responsible for providing oversight of States' Medicaid activities and facilitating their program integrity efforts.

B. Medicaid Integrity Program

Section 6034 of the Deficit Reduction Act (DRA) of 2005 (Pub. L. 109-171, enacted on February 8, 2006) added a new section 1936 to the Act that established the Medicaid Integrity Program, referenced as the “Program” hereafter, to combat Medicaid fraud and abuse. The Program is intended to identify, recover, and prevent Medicaid overpayments. It is also intended to support the efforts of the State Medicaid agencies through a combination of support and technical assistance.

Although individual States work to ensure the integrity of their respective Medicaid programs, the Program represents CMS' first national strategy to detect and prevent Medicaid fraud and abuse. The Program will provide CMS with the ability to more directly ensure the accuracy of Medicaid payments and to deter those who would exploit the program.

Section 6034 of the DRA amended title XIX of the Act by redesignating the former section 1936 as section 1937; and adding the new 1936 “Medicaid Integrity Program.” The new section 1936 states the Secretary will promote the integrity of the Medicaid program by entering into contracts with eligible entities to carry out the following activities:

• Review of actions of individuals or entities furnishing items or services (whether on a fee-for-service, risk, or other basis) for which payment may be made under the State plan approved under title XIX (or under any waiver of such plan approved under section 1115 of the Act) to determine whether fraud, waste, or abuse has occurred, or is likely to occur, or whether such actions have a potential for resulting in an expenditure of funds under title XIX in a manner which is not intended under the provisions of title XIX.
• Audit of claims for payment for items or services furnished, or administrative services rendered, under a State plan under title XIX, including cost reports, consulting contracts, and risk contracts under section 1903(m) of title XIX.
• Identification of overpayments to individuals or entities receiving Federal funds under title XIX.
• Education of providers of services, managed care entities, beneficiaries, and other individuals with respect to payment integrity and quality of care.

Section 1936 of the Act also mandates that the Secretary will, by regulation, establish procedures which will include the following:

• Procedures for identifying, evaluating, and resolving organizational conflicts of interest that are generally applicable to Federal acquisition and procurement.
• Competitive procedures to be used when entering into new contracts under this section; when entering into contracts that may result in the elimination of responsibilities under section 202(b) of the Health Insurance Portability and Accountability Act of 1996; and any other time considered appropriate by the Secretary.
• Procedures under which a contract under this section may be renewed without regard to any provision of law requiring competition if the contractor has met or exceeded the performance requirements established in the current contract.

CMS has determined not to address in this final rule the above bullet that references the Health Insurance Portability and Accountability Act of 1996 (HIPAA). We have determined that section 202(b) of HIPAA addressed certain Medicare contracting issues which, because of structural differences between the Medicare and Medicaid programs, such as the fact that the Federal Government does not utilize carriers or fiscal intermediaries in the Federal administration of the Medicaid program, do not pertain to the Medicaid contracting environment. Moreover, we have also determined that the provisions of the Act established by section 202(b) of HIPAA have since been repealed by section 911 of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003. Start Printed Page 55766

C. Medicaid Integrity Audit Program Contract Overview

The Medicaid Integrity Audit Program will use three separate Indefinite-Delivery Indefinite Quantity (IDIQ) contracts to achieve the goals identified above. These contracts include the following: Audit and Identification of Overpayment Medicaid Integrity Contractor (Audit MIC), Review or Provider MIC (Review MIC) to five contractors, and Education MIC.

CMS has awarded two of the three IDIQ contracts to Medicaid Integrity Contractors (MICs) to carry out the Secretary's mandated activities described above. In December 2006, CMS awarded Audit MIC IDIQ contracts to five contractors and awarded the Review MIC IDIQ contracts to five contractors. The Education MIC is yet to be awarded. The IDIQ contracts will be managed by task orders. Each of the MIC IDIQ contractors will have the opportunity to bid for task orders authorizing specific work within the scope of the appropriate IDIQ contract. To date, one task order has been awarded to an Audit MIC and one to a Review MIC. In addition to the requirements described in the IDIQ contract, the task order statement of work provides further clarification and specifics as to the work to be performed.

CMS is planning to release individual task orders for five jurisdictions, which are comprised of two CMS Regions, as well as for identified special initiatives. When requesting task order proposals, CMS provided protocols to the Audit MICs to use during the course of an audit. The protocols, which were developed by contractor, provide specific guidelines and audit steps that each Audit MIC will follow during an audit. This will help ensure that audits are conducted in a uniform manner among the Audit MICs and across the five jurisdictions. In an effort to ensure that the protocols concisely and accurately describe the auditing process, CMS had the protocols reviewed and tested by a separate CMS contractor. Having a separate CMS contractor review the protocols eliminated the potential of conflict of interest that may have occurred had the development contractor reviewed and tested the protocols.

Auditing is scheduled to begin in mid-June 2008 with the Atlanta jurisdiction which is comprised of CMS Regions II and IV. With the first task order, the Review MIC will initially concentrate on CMS' Region IV, the Atlanta Region; the Audit MIC will concentrate on CMS' Region III and IV, the Atlanta and Philadelphia Region.

II. Provisions of the Proposed Regulations and Responses to Comments

Eligible Entity and Contracting Requirements for the Medicaid Integrity Audit Program

Section 6034 of the DRA of 2005 (DRA) amended title XIX of the Act by establishing, under the new section 1936, the Medicaid Integrity Program to promote the integrity of the Medicaid program by requiring CMS to enter into contracts with eligible entities to: (1) Review the actions of individuals or entities furnishing items or services (whether on a fee-for-service, risk, or other basis) for which payment may be made under an approved State plan and/or any waiver of such plan approved under section 1115 of the Act; (2) audit claims for payment of items or services furnished, or administrative services rendered, under a State plan; (3) identify overpayments to individuals or entities receiving Federal Medicaid funds; and (4) educate providers of services, managed care entities, beneficiaries, and other individuals with respect to payment integrity and quality of care.

In the proposed rule we provided requirements for which an entity is eligible to enter into a contract under the Medicaid integrity audit program. The requirements would include procedures for identifying, evaluating, and resolving organizational conflicts of interest that are generally applicable to Federal acquisition and procurement; competitive procedures to be used; and procedures under which a contract may be renewed.

In the November 23, 2007 Federal Register (72 FR 65686), we published the proposed rule entitled “Medicaid Integrity Program; Eligible Entity and Contracting Requirements for the Medicaid Integrity Audit Program,” and provided for a 30 day public comment period. We received a total of 3 timely comments from State government agencies and a health care association. Brief summaries for each proposed provision, a summary of the public comments we received, and our responses to comments are set forth below.

General Comments

Comment: One commenter indicated that although they support the provisions of this proposed rule, they believe the rule does not sufficiently establish requirements for the MICs to ensure their work is carried out in an efficient, effective, and defensible manner. The commenter also stated that the proposed rule does not address methods of assuring coordination between the Medicaid integrity functions and existing programs already on-going in the States. In addition, the commenter notes that the proposed rule does not address how to prevent duplication of efforts or prevent multiple audits related to the same time period or same claims.

Response: The Medicaid Integrity Group (MIG), a component within CMS which has been created in order to carry out the Medicaid Integrity Program, will coordinate and communicate with its stakeholders in an effort to prevent duplication of efforts. In addition, the MIG will closely monitor the performance of the MICs. The roles and responsibilities of the MICs are further defined within the IDIQ contract as well as each task order. In addition, the MICs have been provided with protocols to help guide them through the audit process. The Audit MICs are responsible for performing comprehensive and focused audits. The goal of the audits is to examine payments to individuals or entities providing items or services under title XIX of the Act for the purposes of identifying potential overpayments to those individuals or entities. The Review MICs are responsible for performing reviews of providers furnishing Medicaid items or services to determine whether Medicaid fraud, waste, or abuse has occurred, is likely to occur, or whether Medicaid provider actions have the potential of causing inappropriate or incorrect expenditure of Medicaid funds. The Review MICs are also responsible for analyzing data and performing risk assessments of Medicaid data including, but not limited to, claims for payment under title XIX of the Act. The Education MICs will be responsible for promoting the integrity of the Medicaid program by educating providers of services, managed care entities, and other individuals with respect to Medicaid payment and quality of care.

Subpart C—Medicaid Integrity Audit Program

Section 455.200 Basis and Scope

In the proposed § 455.200 we set forth the statutory basis, section 1936 of the Act, for promulgating this rule. We proposed, in subpart C, § 455.200(b), Basis and Scope, additional language stating that part of the Medicaid Integrity Program's scope is to carry out the Medicaid integrity audit functions. CMS also published a final rule in the Federal Register on November 30, 2007 (72 FR 67653), entitled “Limitation on Contractor Liability” that finalized the portion of our proposed rule addressing Start Printed Page 55767the limitation on a contractor's liability to carry out a contract under the Medicaid Integrity Program. In addition, subpart C would apply to entities that seek to compete for, or receive an award of, a contract under section 1936 of the Act.

Comment: A commenter expressed concern that the proposed rule fails to recognize the respective roles of State Medicaid Agencies and Medicaid Fraud Control Units. The commenter additionally stated the proposed rule is silent on the respective roles of the States and the new contractors and silent on any coordination of effort between the eligible entities and the States. The commenter recommended that the rule be expanded to clarify the relationship between the States and any contracted entities, including the plan for coordination of effort and addressing individual State plan provisions.

Response: This final rule is not designed to discuss the roles of State Medicaid Agencies and Medicaid Fraud Control Units. There are however, regulations set forth in 42 CFR part 455—Program Integrity: Medicaid, that address the relationships with States. These regulations, which will remain in effect, at § 455.21, describe the cooperation with State Medicaid Fraud Control Units and the provisions at § 455.12 address State plan requirements. In addition, when conducting the audits, the Audit MICs will utilize established protocols that provide guidance on how the MICs are to coordinate with the individual States.

Section 455.230 Eligibility Requirements

In § 455.230 we described that an eligible entity may enter into a Medicaid integrity audit program contract if it:

• Has demonstrated the capability to carry out the contractor activities;
• In carrying out such activities, agrees to cooperate with the Inspector General of the Department of Health and Human Services, the Attorney General, and other law enforcement agencies, as appropriate, in the investigation and deterrence of fraud and abuse in relation to title XIX and in other cases arising out of such activities;
• Maintains an appropriate written code of conduct and compliance policies that include, without limitation, an enforced policy on employee conflicts of interest;
• Complies with such conflict of interest standards are generally applicable to Federal acquisition and procurement; and,
• Meets other requirements the Secretary may impose.

It would not be possible to identify in this rule every possible contractor requirement that may appear in a future solicitation. In order to permit maximum flexibility to tailor our contractor eligibility requirements to specific solicitations while satisfying section 1936 of the Act, any additional requirements would be contained in the applicable solicitation.

Comment: A commenter strongly recommended that the MIC utilize medical directors from the outset of claims reviews and that complex medical decisions made by physician specialists and specialized mid-level providers be reviewed by a physician from a like specialty.

Another commenter suggested that this section be amended by clarifying the categories of entities eligible to perform the audit functions. For example, the commenter inquired as to whether State Medicaid agencies would qualify, and addressed the potential conflict of interest that may arise if a MIC already acts as a fiscal agent in one or more States and/or performs key Medicaid administrative functions including, but not limited to, claims adjudication, provider enrollment, pharmacy benefits management, etc.

Response: The Audit MICs are required, as described in the IDIQ contract, to have as key personnel a medical director. The Audit MICs are to ensure that questions of medical necessity are reviewed by physicians with appropriate expertise.

A State Medicaid Agency will not be able to operate as a MIC. We adhered to the requirements of the Federal Acquisition Regulation (FAR) organizational conflict of interest requirements found at 48 CFR subpart 9.5 when soliciting contracts for the Medicaid Integrity Program.

Section 455.232 Medicaid Integrity Audit Program Contractor Functions

In § 455.232 we identified the functions of the Medicaid integrity audit program contractor as follows:

• Review of the individual actions or entities furnishing items or services (whether on a fee-for-service, risk, other basis) for which payment may be made under a State Plan approved under title XIX (or under any waiver of such plan approved under section 1115 of the Act) to determine whether fraud, waste, or abuse has occurred, is likely to occur, or whether such actions have the potential for resulting in an expenditure of funds under title XIX in a manner which is not intended under the provisions of title XIX.
• Audit of claims for payment for items or services furnished or administrative services rendered, under a State plan under title XIX, including cost reports; consulting contracts; and risk contracts under section 1903(m) of the Act.
• Identification of overpayments to individuals or entities receiving Federal funds under title XIX.
• Educating providers of service, managed care entities, beneficiaries, and other individuals with respect to payment integrity and quality of care.

Comment: Several commenters indicated there is no direction on how the contractors should coordinate with existing State Medicaid integrity programs and Medicaid Fraud Control Units. They expressed concern that this will result in duplication of efforts and possible interference with State program integrity investigations. One commenter recommended that we add a bullet to read: Coordinate any provider specific action outlined above including but not limited to, claim audits, other audits, overpayment recoveries and provider education with appropriate State Medicaid agency, before, during and after the action. Another commenter questioned how the contractors will coordinate with the State surveillance and utilization review (SUR) functions; how the contractors will be assigned their integrity cases; how the source data will be used by contractors to determine audit targets; whether the contactors be allowed to access the Medicaid Management Information Systems (MMIS); who will perform the data analysis; and to whom the contractor will refer suspicion of fraud cases.

Response: As previously stated under the Background section C. Medicaid Integrity Program Contract Overview, CMS has awarded two IDIQ contracts each of which are managed by task orders. When CMS released the request for task order proposal for the Audit MICs, CMS issued protocols to which the Audit MICs must adhere to when performing audits. The protocols provide specific guidance as to how the Audit MICs are to coordinate and communicate with State agencies. The task order instructs the Audit MICs to refer any instances of potential cases of fraud to the CMS as well as to the Department of Health and Human Services, Office of Inspector General (OIG). The task order further defines the Audit MIC roles and responsibilities for coordinating with law enforcement. The Review MICs will be responsible for performing reviews of providers furnishing Medicaid items or services to determine whether Medicaid fraud, waste, or abuse has occurred, is likely to occur, or whether provider actions Start Printed Page 55768have the potential of causing inappropriate or incorrect expenditure of Medicaid funds. After performing these reviews, the Review MICs will provide their findings to CMS. CMS will provide the Audit MICs with the specific providers to be audited. The Review MICs will not perform audits.

Comment: A commenter suggested that the MICs should allow providers to track electronically the status of claims. The commenter indicated that they have experienced frustration with the Recovery Audit Contractors (RAC) demonstration contractor and the lack of communication between the RAC and provider regarding the status of claims under review and therefore suggested that providing this information to the providers will enable them to plan accordingly.

Response: It is important to note that the RAC is a separate program from the Medicaid Integrity Audit Program. The RAC operates under different statutory authority and is associated with Medicare and not Medicaid. While it is not feasible to implement a system as suggested by the commenter, States and providers will have an opportunity to comment on the findings of a provider audit before the audit is completed and an overpayment is finally and formally identified. To minimize the likelihood of duplication of effort, before the MIG communicates audit targets to the Audit MICs, the MIG will communicate with the State program integrity offices and State Medicaid Fraud Control Units, among others, to ensure that a proposed audit does not interfere with an ongoing investigation.

Comment: A commenter stated that the language of the proposed rule describing the functions of the contractors was broad and ambiguous. The commenter further noted that this language failed to provide sufficient guidance by which the intent of the statute can be determined, and appears to leave the contractors in a policy-making role. The commenter recommended the language be removed or modified to make clear the responsibility of the contractors. The commenter questions whether there are standard criteria for the contractors to use to determine that an action is likely to result in fraud, waste or abuse and whether there are specific audit standards that must be followed.

Response: MICs are not policy-making entities. We have outlined the MICs' roles and responsibilities not only in the proposed rule, but also in the MICs IDIQ contracts as well as in the task orders. The Audit MICs have been provided audit protocols, which provide guidance on how to conduct audits and which set forth audit standards.

Comment: A commenter suggested the proposed rule is silent on the qualifications of the potential contractors. The commenter also questioned whether there will be minimum education and training requirements; how performance will be measured; whether there will be evaluations and whether the criteria on which they are based will be made public; and whether they will be required to show a better return on investment than the States.

Response: The IDIQ contracts specify minimum qualifications that the MICs must meet. CMS evaluated the qualifications information bidders submitted in selecting the MICs. The MICs are not required to show a better return on investment than the States. Although individual States work to ensure the integrity of their respective programs, the Medicaid Integrity Audit Program provides CMS with the ability to set in place a national strategy to ensure the accuracy of Medicaid payments and to deter those exploiting the program. This advances goals that are shared by the States and Federal government.

Comment: A commenter expressed concern that it is unclear what entity is responsible for collecting the overpayments and defending the audit findings, and what appeal process will be followed.

Response: Pursuant to existing regulations at part 433, Subpart F, once CMS formally identifies a Medicaid overpayment, CMS will collect the federal share of the overpayment from a State. The individual States will be responsible for collecting overpayments from providers. Providers may utilize the laws and procedures of the State, including State appellate procedures, to challenge findings concerning an overpayment. A determination by a State administrative or judicial proceeding altering or dismissing a finding of, or relating to, a provider overpayment, however, will not necessarily relieve a State of the obligation to refund the federal share of CMS' determined overpayment. During the audit process, CMS, Audit MIC, and the State will confer and discuss the audit findings before CMS formally identifies an overpayment.

Section 455.234 Awarding of a Contract

Section 455.234 would specify that a Medicaid integrity audit contract will be awarded in accordance with 48 CFR chapters 1 and 3 (the Federal Acquisition Regulation (FAR) and the Health and Human Services Acquisition Regulation, respectively), this subpart, and all other applicable laws and regulations. In accordance with section 1936 of the Act, we would specify that these competitive procedures and requirements will be used as follows:

• When entering into new contracts under this section.
• At any other time considered appropriate by the Secretary. In addition, we proposed to specify in § 455.234 that an entity must meet the eligibility requirements established in proposed § 455.230 to become eligible to be awarded a Medicaid integrity audit program contract.

Comment: A commenter stated that although the DRA does not require that the contractor be retained on a contingency-fee basis, they would caution CMS from using such a compensation scheme. The commenter believed tying a contractor's payment to the volume of claims denied creates a perverse incentive irrespective of the claims' merits. The commenter also suggested that CMS should allow providers to retain funds recouped as part of the MIC's work until all avenues of appeal are exhausted. The commenter recognized this is not common practice, but believes it is within the Secretary's authority to administer the recovery program under section 1885 of the Act.

Response: The Audit MICs will not be compensated on a contingency fee basis.

In response to the comment indicating CMS should allow providers to retain monies recouped during the course of appeals, it is important to note that the recoupment of overpayments is not the responsibility of the MIC, but will remain the responsibility of the State. Whether the provider is allowed to retain recouped funds until the appellate process is complete will depend on State law. CMS will, however, recover from States the Federal share of an overpayment consistent with the existing statutory and regulatory requirements. Section 1885 is a provision of the Medicare statute, title XVIII of the Act. Section 1885 does not apply to the Medicaid Integrity Program. The Medicaid statue is at title XIX of the Act.

Section 455.236 Renewal of a Contract

In § 455.236, we proposed that an initial contract term would be defined in the Medicaid integrity audit program contract and a renewal clause may be included in the contract. We also proposed that we may, but are not required to, renew the Medicaid integrity audit program contracts without regard to any provision of law requiring competition if the contractor Start Printed Page 55769has met or exceeded the performance requirements established in the current contract.

In accordance with sections 1936(c)(2) and (3) of the Act, we proposed in § 455.236(b) that we may renew a Medicaid integrity audit program contract without competition if the contractor continues to meet all requirements of the proposed subpart C, the contractor meets or exceeds the performance requirements established in its current contract, and it is in the best interest of the Federal Government.

At § 455.236(a) we proposed that if CMS does not renew a contract, the contract would end in accordance with its terms. We also proposed that the contractor would not have a right to a hearing or judicial review regarding our renewal decision.

We did not receive public comments on our proposed provision. Therefore, we adopt the provisions as proposed.

Section 455.238 Conflict of Interest

We proposed to establish at § 455.238 the process for identifying, evaluating, and resolving conflicts of interest as mandated by section 1936(c)(2) and (3) of the Act. We adhered to the requirements of the FAR's organizational conflict of interest requirements found at 48 CFR subpart 9.5 when soliciting contracts for the Medicaid integrity audit program. Due to the sensitive nature of the work to be performed under the contract, the need to preserve public trust, and the history of fraud and abuse in the Medicaid program, we would maintain the presumption that each prospective contract involves a significant potential organizational conflict of interest.

Prior to awarding a Medicaid integrity audit program contract, the contracting officer will draft an organizational conflict of interest clause specific to the contractor for inclusion in the contract. In general we would not enter into a Medicaid integrity audit program contract with an offeror or an existing Medicaid integrity audit program contractor that has been determined to have, or that has the potential for, an unresolved organizational conflict of interest.

We did not receive public comments on our proposed provision. Therefore, we adopt the provisions as proposed.

Section 455.238(a)

At § 455.238(a), we proposed that an offeror for a Medicaid integrity audit program contract is, and the Medicaid integrity audit program contractors are, subject to the conflict of interest standards and requirements of the FAR organizational conflict of interest guidance found at 48 CFR subpart 9.5, and the requirements and standards that are contained in each individual contract awarded to perform the functions described under section 1936 of the Act.

We did not receive public comments on our proposed provision. Therefore, we adopt the provisions as proposed.

Section 455.238(b)

In § 455.238(b), we proposed to include post award discussions in which the contactor will present any later occurring or identified conflict of interest to CMS for resolution. We proposed that we would consider a post award conflict of interest resolution discussion if, during the term of the contract, the contractor or any of its employees, agents, or subcontractors received, solicited, or arranged to receive any fee, compensation, gift, payment of expenses, offer of employment, or any other thing of value from any entity that is reviewed, audited, investigated, or contacted during the normal course of performing activities under a Medicaid integrity audit program contract. We incorporated the definition of “gift” from the Standards of Ethical Conduct for Employees of the Executive Branch [5 CFR 2635.203(b)].

We did not receive public comments on our proposed provision. Therefore, we adopt the provisions as proposed.

Section 455.238(c)

In § 455.238(c) we proposed that if CMS has determined that a contractor's activities are creating a conflict, then a conflict of interest has occurred during the term of the contract. We proposed if such an event has occurred, among other actions, we may, as we deem appropriate:

• Not renew the contract for an additional term;
• Modify the contract; or
• Terminate the contract.

The proposed rule did not describe all of the information that may be required under each task order, or the level of detail that would be required. Therefore, we proposed to have the flexibility to tailor the requirements to each individual procurement.

Because potential offerors may have questions about whether information submitted in response to a solicitation, including information regarding potential conflicts of interest, may be redisclosed under the Freedom of Information Act (FOIA), we provided the following information. To the extent that a proposal containing information is submitted to us as a requirement of a competitive solicitation under 41 U.S.C. Chapter 4, Subchapter IV, we proposed to withhold the proposal when requested under the FOIA. This withholding is based upon 41 U.S.C. 253b(m). However, we proposed one exception to this policy. It involves any proposal that is set forth or incorporated by reference in the contract awarded to the proposing offeror. Such a proposal may not receive categorical protection. Rather, we would withhold, under 5 U.S.C. 552(b)(4), information within the proposal that is required to be submitted that constitutes trade secrets or commercial or financial information that is privileged or confidential, provided the criteria established by National Parks & Conservation Association v. Morton, 498 F.2d 765 (D.C. Cir 1974), as applicable, are met. For any such proposal, we proposed to follow pre-disclosure notification procedures set forth at 45 CFR 5.65(d).

We proposed that proposal containing the information submitted to us under an authority other than 41 U.S.C. Chapter 4, Subchapter IV, and any information submitted independent of a proposal would be evaluated solely on the criteria established by National Parks & Conservation Association v. Morton and other appropriate authorities to determine if the proposal in whole or in part contains trade secrets or commercial or financial information that is privileged or confidential and protected from disclosure under 5 U.S.C. 552(b)(4). Again, for any such proposal, we proposed to follow pre-disclosure notification procedures set forth at 45 CFR 5.65(d) and will also invoke 5 U.S.C. 552(b)(6) to protect information that is of a highly sensitive personal nature. It should be noted that the protection of proposals under FOIA does not preclude us from releasing contractor proposals when necessitated by law, such as in the case of a lawful subpoena.

We did not receive public comments on our proposed provision. Therefore, we adopt the provisions as proposed.

Section 455.240 Conflict of Interest Resolution

We described at § 455.240(a) how a conflict of interest may be resolved. We stated that a Conflicts of Interest Review Board may be established and convened at any time during the term of the contract, as well as during the procurement process, to evaluate and assist the contracting officer in resolving conflicts of interest. We proposed to determine when or if the Board will be convened.

We proposed, at § 455.240(b), to specify that a resolution of an Start Printed Page 55770organizational conflict of interest is a determination by the contracting officer that:

• The conflict is mitigated;
• The conflict precludes award of a contract to the offeror;
• The conflict requires that we modify an existing contract;
• The conflict requires that we terminate an existing contract; or
• It is in the best interest of the Federal Government to contract with the offeror or contractor even though the conflict of interest exists.

We discussed an offeror's or contractor's method of mitigating conflicts of interest will be evaluated on a case by case basis. We provided examples of methods an offeror or contractor may use to mitigate organizational conflicts of interest. The examples are not an all-inclusive list of possible methods of mitigation nor are we obligated to approve a mitigation method that uses one of the provided examples. Possible methods of mitigation include:

• Divestiture, or reduction in the amount, of the financial relationship the organization has in another organization to a level acceptable to us and appropriate for the situation.
• If shared responsibilities create the conflict, a plan, subject to our approval, to separate lines of business and management or critical staff from work on the Medicaid integrity audit program contract.
• If the conflict exists because of the amount of financial dependence upon the Federal Government, negotiating a phasing out of other contracts or grants that continue in effect at the start of the Medicaid integrity audit program contract.
• If the conflict exists because of the financial relationships of individuals within the organization, divestiture of the relationships by the individual involved.
• If the conflict exists because of an individual's indirect interest, divestiture of the interest to levels acceptable to us or removal of the individual from the work under the Medicaid integrity audit program contract.

By providing a process for the identification, evaluation, and resolution of conflicts of interest, we not only protect the government's interests but help to ensure that the contractors do not hinder competition in their service areas by misusing their position as a Medicaid integrity audit program contractor.

We did not receive public comments on our proposed provision. Therefore, we adopt the provisions as proposed.

III. Provisions of the Final Regulations

The comments received required no substantive revisions to the proposed rule. The comments did, however, ask specific questions or asked for clarification on the CMS Medicaid Integrity Audit Program processes. We provided responses to the questions and provided clarification to other comments. In addition, we inserted, under the preamble, “Section C. Medicaid Integrity Audit Program Contract Overview” in an effort to provide additional clarification to the comments. In this final rule we are adopting all of the provisions as set forth in the November 23, 2007 proposed rule with the exception of several minor editorial changes which that did not result in any policy changes.

IV. Regulatory Impact Statement

We have examined the impact of this rule as required by Executive Order 12866 (September 1993, Regulatory Planning and Review), the Regulatory Flexibility Act (RFA) (September 19, 1980, Pub. L. 96-354), section 1102(b) of the Social Security Act, the Unfunded Mandates Reform Act of 1995 (Pub. L. 104-4), and Executive Order 13132.

Executive Order 12866 directs agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). A regulatory impact analysis (RIA) must be prepared for major rules with economically significant effects ($100 million or more in any 1 year). This rule will not reach the economic threshold and thus is not considered a major rule.

The RFA requires agencies to analyze options for regulatory relief of small businesses. For purposes of the RFA, small entities include small businesses, nonprofit organizations, and small governmental jurisdictions. Most hospitals and most other providers and suppliers are small entities, either by nonprofit status or by having revenues of $6.5 million to $31.5 million in any 1 year. Individuals and States are not included in the definition of a small entity. We are not preparing an analysis for the RFA because we certify that this rule will not have a significant economic impact on a substantial number of small entities.

In addition, section 1102(b) of the Act requires us to prepare a regulatory impact analysis if a rule may have a significant impact on the operations of a substantial number of small rural hospitals. This analysis must conform to the provisions of section 603 of the RFA. For purposes of section 1102(b) of the Act, we define a small rural hospital as a hospital that is located outside of a Core-Based Statistical Area and has fewer than 100 beds. We are not preparing an analysis for section 1102(b) of the Act because we certify that this rule will not have a significant impact on the operations of a substantial number of small rural hospitals.

Section 202 of the Unfunded Mandates Reform Act of 1995 also requires that agencies assess anticipated costs and benefits before issuing any rule whose mandates require spending in any 1 year of $100 million in 1995 dollars, updated annually for inflation. That threshold level is currently approximately $120 million. This final rule will not exceed this established threshold level. This rule will not have a significant impact on State, local, or tribal governments or on the private sector.

Executive Order 13132 establishes certain requirements that an agency must meet when it promulgates a final rule (and subsequent final rule) that imposes substantial direct requirement costs on State and local governments, preempts State law, or otherwise has Federalism implications. Since this regulation will not impose any costs on State or local governments, the requirements of E.O. 13132 are not applicable.

In accordance with the provisions of Executive Order 12866, this regulation was reviewed by the Office of Management and Budget.

V. Collection of Information Requirements

Under the Paperwork Reduction Act of 1995, we are required to provide 30-day notice in the Federal Register and solicit public comment before a collection of information requirement is submitted to the Office of Management and Budget (OMB) for review and approval. In order to fairly evaluate whether an information collection should be approved by OMB, section 3506(c)(2)(A) of the Paperwork Reduction Act of 1995 requires that we solicit comment on the following issues:

• The need for the information collection and its usefulness in carrying out the proper functions of our agency.
• The accuracy of our estimate of the information collection burden.
• The quality, utility, and clarity of the information to be collected.
• Recommendations to minimize the information collection burden on the Start Printed Page 55771affected public, including automated collection techniques.

Therefore, we are soliciting public comment on each of these issues for the following sections of this document that contain information collection requirements:

Section 455.230 Eligibility Requirements

Section 455.230(c) requires that each entity that has entered into a contract with CMS to perform the activities described at 455.232, maintain an appropriate written code of conduct and compliance policies that include, without limitation, an enforced policy on employee conflicts of interest.

The burden associated with this requirement is the time and effort put forth by the entity to prepare and maintain such policies. While there is burden associated with this requirement, we believe that the burden is exempt from the PRA in accordance with 5 CFR 1320.3(b)(2) because the time, effort, and financial resources necessary to comply with these requirements would be incurred by persons in the normal course of their activities.

If you comment on these information collection and recordkeeping requirements, please mail copies directly to the following:

Centers for Medicare & Medicaid Services, Office of Strategic Operations and Regulatory Affairs, Regulations Development and Issuances Group, Attn: Melissa Musotto (CMS-2271-F), Room C5-14-03, 7500 Security Boulevard, Baltimore, MD 21244-1850; and

Office of Information and Regulatory Affairs, Office of Management and Budget, Room 10235, New Executive Office Building, Washington, DC 20503, Attn: OIRA Desk Officer for CMS, (CMS-2271-F), carolyn_lovett@omb.eop.gov. Fax (202) 395-6974.

List of Subjects in Part 455

• Fraud
• Grant programs-health
• Health facilities
• Health professions
• Investigations
• Medicaid
• Reporting and recordkeeping requirements

For the reasons set forth in the preamble, the Centers for Medicare & Medicaid Services amends 42 CFR Chapter IV as set forth below:

PART 455—PROGRAM INTEGRITY; MEDICAID

1. The authority citation for part 455 continues to read as follows:

Authority: Sec. 1102 of the Social Security Act (42 U.S.C. 1302).

2. Section 455.200 is revised to read as follows:

3. New §§ 455.230, 455.232, 455.234, 455.236, 455.238 and 455.240 are added to read as follows:

(Catalog of Federal Domestic Assistance Program No. 93.778, Medical Assistance Program)