Skip to Content

Rule

Medicare, Medicaid, and Children's Health Insurance Programs; Additional Screening Requirements, Application Fees, Temporary Enrollment Moratoria, Payment Suspensions and Compliance Plans for Providers and Suppliers

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble Start Printed Page 5862

AGENCY:

Centers for Medicare & Medicaid Services (CMS); Office of Inspector General (OIG), HHS.

ACTION:

Final rule with comment period.

SUMMARY:

This final rule with comment period will implement provisions of the ACA that establish: Procedures under which screening is conducted for providers of medical or other services and suppliers in the Medicare program, providers in the Medicaid program, and providers in the Children's Health Insurance Program (CHIP); an application fee imposed on institutional providers and suppliers; temporary moratoria that may be imposed if necessary to prevent or combat fraud, waste, and abuse under the Medicare and Medicaid programs, and CHIP; guidance for States regarding termination of providers from Medicaid and CHIP if terminated by Medicare or another Medicaid State plan or CHIP; guidance regarding the termination of providers and suppliers from Medicare if terminated by a Medicaid State agency; and requirements for suspension of payments pending credible allegations of fraud in the Medicare and Medicaid programs. This final rule with comment period also discusses our earlier solicitation of comments regarding provisions of the ACA that require providers of medical or other items or services or suppliers within a particular industry sector or category to establish compliance programs.

We have identified specific provisions surrounding our implementation of fingerprinting for certain providers and suppliers for which we may make changes if warranted by the public comments received. We expect to publish our response to those comments, including any possible changes to the rule made as a result of them, as soon as possible following the end of the comment period. Furthermore, we clarify that we are finalizing the adoption of fingerprinting pursuant to the terms and conditions set forth herein.

DATES:

Effective date: These regulations are effective on March 25, 2011. Comment date: We will consider public comments only on the Fingerprinting Requirements, contained in §§ 424.518 and 455.434 and discussed in section II.A.5. of the preamble of this document, if we receive them at one of the addresses provided below, no later than 5 p.m. on April 4, 2011.

ADDRESSES:

In commenting, please refer to file code CMS-6028-FC. Because of staff and resource limitations, we cannot accept comments by facsimile (FAX) transmission.

You may submit comments in one of four ways (please choose only one of the ways listed):

1. Electronically. You may submit electronic comments on this regulation to http://www.regulations.gov. Follow the instructions for “submitting a comment.”

2. By regular mail. You may mail written comments to the following address ONLY: Centers for Medicare & Medicaid Services, Department of Health and Human Services, Attention: CMS-6028-FC, P.O. Box 8013, Baltimore, MD 21244-8013.

Please allow sufficient time for mailed comments to be received before the close of the comment period.

3. By express or overnight mail. You may send written comments to the following address ONLY: Centers for Medicare & Medicaid Services, Department of Health and Human Services, Attention: CMS-6028-FC, Mail Stop C4-26-05, 7500 Security Boulevard, Baltimore, MD 21244-1850.

4. By hand or courier. If you prefer, you may deliver (by hand or courier) your written comments before the close of the comment period to either of the following addresses: a. For delivery in Washington, DC—Centers for Medicare & Medicaid Services, Department of Health and Human Services, Room 445-G, Hubert H. Humphrey Building, 200 Independence Avenue, SW., Washington, DC 20201.

(Because access to the interior of the Hubert H. Humphrey Building is not readily available to persons without Federal government identification, commenters are encouraged to leave their comments in the CMS drop slots located in the main lobby of the building. A stamp-in clock is available for persons wishing to retain a proof of filing by stamping in and retaining an extra copy of the comments being filed.)

b. For delivery in Baltimore, MD—Centers for Medicare & Medicaid Services, Department of Health and Human Services, 7500 Security Boulevard, Baltimore, MD 21244-1850.

If you intend to deliver your comments to the Baltimore address, please call telephone number (410) 786-9994 in advance to schedule your arrival with one of our staff members.

Comments mailed to the addresses indicated as appropriate for hand or courier delivery may be delayed and received after the comment period.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

Frank Whelan (410) 786-1302 for Medicare enrollment issues. Claudia Simonson (312) 353-2115 for Medicaid and CHIP enrollment issues. Lori Bellan (410) 786-2048 for Medicaid payment suspension issues and Medicaid termination issues. Joseph Strazzire (410) 786-2775 for Medicare payment suspension issues. Laura Minassian-Kiefel (410) 786-4641 for compliance program issues.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

Due to the many organizations and terms to which we refer by acronym in this final rule with comment period, we are listing these acronyms and their corresponding terms in alphabetical order below. In addition, we are providing a table of contents which follows the list of acronyms to assist readers in referencing sections contained in this preamble.

Acronyms

ABC American Board for Certification in Orthotics and Prosthetics

A/B MAC Part A or Part B Medicare Administrative Contractor

ACA “Affordable Care Act”

APD Advance planning document

ASC Ambulatory surgical center

BBA Balanced Budget Act of 1997 (Pub. L. 105-33)

BIPA Medicare Medicaid, and SCHIP Benefits Improvement Protection Act of 2000 (Pub. L. 106-544)

CAH Critical access hospital

CAP Competitive acquisition program

CBA Competitive bidding area

CFR Code of Federal Regulations

CHIP Children's Health Insurance Program

CJIS Criminal Justice Information Services

CLIA Clinical laboratory improvement amendments

CMHC Community mental health centers

CMS Centers for Medicare & Medicaid Services

CON Certificate of Need

CoP Condition of participation

CORF Comprehensive outpatient rehabilitation facility

CPI-U Consumer price index for all urban consumers

DAB Department Appeal BoardStart Printed Page 5863

DEA Drug Enforcement Agency

DHUD Department of Housing and Urban Development

DME Durable medical equipment

DMEPOS Durable medical equipment prosthetics, orthotics, and supplies

DOB Dates of birth

DOJ Department of Justice

EIN Employer Identification Number

EMTALA Emergency Medical Treatment and Active Labor Act

VIN Vehicle Identifier Number

ESRD End-stage renal disease

EPLS General Service Administration's Excluded Parties List System

FBI Federal Bureau of Investigation

FFP Federal Financial Participation

FFS Medicare fee-for-service program

FQHC Federally qualified health center

GAO Government Accountability Office

HHAs Home health agencies

HHS [Department of] Health and Human Services

HIO Health insuring organization

IAFIS Integrated Automated Fingerprint Identification System

ICF/MR Intermediate care facilities for persons with mental retardation

IDTF Independent diagnostic testing facility

IHCIA Indian Health Care Improvement Act

IHS Indian Health Service

IHSS In-home supportive services

IPF Inpatient psychiatric facility

IRF Inpatient rehabilitation facility

ISDEAA Indian Self-Determination and Education Assistance Act

LEIE List of Excluded Individuals/Entities

MCEs Managed care entities

MFCU Medicaid fraud control unit

MAO Medicare Advantage organizations

MMA Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (Pub. L. 108-173)

NASDAQ National Association of Securities Dealers Automated Quotation System

NF Nursing facility

NPI National Provider Identifier

NPPES National Plan and Provider Enumeration System

NSC National Supplier Clearinghouse

NTIS National Technical Information Service

NPDB National Practitioner Data Bank

NYSE New York Stock Exchange

OIG Office of Inspector General

OMB Office of Management and Budget

OPO Organ procurement organization

PAHP Prepaid ambulatory health plan

PECOS Provider Enrollment, Chain, and Ownership System

PIHP Prepaid inpatient health plan

PSC Program Safeguard Contractors

PTAN Provider transaction account number

RFA Regulatory Flexibility Act

RHC Rural health clinic

RNHCI Religious nonmedical health care institution

SEC Securities and Exchange Commission

SMP Senior Medicare Patrol

SNFs Skilled nursing facilities

SPIA State Program Integrity Assessment

SSA Social Security Administration

SSA DMF Social Security Administration Death Master File

SSN Social Security Number

TTAG Tribal Technical Advisory Group

WAN [FBI CJIS Division's] Wide Area Network

ZPIC Zone Program Integrity Contractors

Table of Contents

I. Background

II. Proposed Provisions and Responses to Public Comments

A. Provider Screening Under Medicare, Medicaid, and CHIP

1. Statutory Changes

2. Summary of Existing Screening Measures

a. Licensure Requirements—Medicare and Medicaid

b. Site Visits—Medicare

c. Database Checks—Medicare

d. Criminal Background Checks—Medicare

e. Medicare MAO Requirements

f. Fingerprinting—Medicare

g. Screening—Medicaid and CHIP

3. General Screening of Providers—Medicare

a. Proposed Screening Requirements

(1) Limited

(2) Moderate

(3) High

b. Analysis of and Responses to Public Comment on Medicare Screening Categories

c. Final Screening Provision—Medicare

4. General Screening of Providers—Medicaid and CHIP: Proposed Provisions and Analysis of and Responses to Public Comments

a. Database Checks—Medicaid and CHIP

b. Unscheduled and Unannounced Site Visits—Medicaid and CHIP

c. Provider Enrollment and Provider Termination—Medicaid and CHIP

d. Criminal Background Checks and Fingerprinting—Medicaid and CHIP

e. Deactivation and Reactivation of Provider Enrollment—Medicaid and CHIP

f. Enrollment and NPI of Ordering or Referring Providers—Medicaid and CHIP

g. Other State Screening—Medicaid and CHIP

h. Final Screening Provisions—Medicaid and CHIP

5. Solicitation of Additional Comments Regarding the Implementation of the

Fingerprinting Requirements

B. Application Fee—Medicare, Medicaid, and CHIP

1. Statutory Changes

2. Proposed Application Fee Provisions

C. Temporary Moratoria on Enrollment of Medicare Providers and Suppliers, Medicaid and CHIP Providers

1. Statutory Changes

2. Proposed Temporary Moratoria Provisions

a. Medicare

b. Medicaid and CHIP

3. Analysis of and Responses to Public Comment

4. Final Temporary Moratoria on Enrollment of Medicare Providers and Suppliers, Medicaid and CHIP Provisions

D. Suspension of Payments

1. Medicare

a. Background

b. Previous Medicare Regulations

c. Proposed Medicare Suspension of Payments Requirements

2. Medicaid

a. Background

b. Previous Medicaid Regulations

c. Proposed Medicaid Suspension of Payments Requirements

E. Proposed Approach and Solicitation of Comments for Sections 6102 and 6401(a) of the Affordable Care Act—Ethics and Compliance Program

1. Statutory Changes

2. Proposed Ethics and Compliance Program Provisions

3. Analysis of and Responses to Public Comment

4. Final Provisions—Ethics and Compliance Program

F. Termination of Provider Participation Under the Medicaid Program and CHIP if Terminated Under the Medicare Program or Another State Medicaid Program or CHIP

1. Statutory Change

2. Proposed Provisions for Termination of Provider Participation Under the Medicaid Program and CHIP if Terminated Under the Medicare Program or Another State Medicaid Program or CHIP

3. Analysis of and Responses to Public Comment

4. Final Provisions for Termination of Provider Participation Under the Medicaid Program and CHIP if Terminated Under the Medicare Program or Another State Medicaid Program or CHIP

G. Additional Medicare Provider Enrollment Provisions

1. Statutory Changes

2. Proposed Provisions for Additional Medicare Provider Enrollment

3. Analysis of and Response to Public Comments

4. Final Provisions for Additional Medicare Provider Enrollment

H. Technical and General Comments

III. Collection of Information Requirements

A. ICRs Regarding Medicare Application Fee Hardship Exception (§ 424.514)

B. ICRs Regarding Medicare Fingerprinting Requirement (§ 424.518)

C. ICRs Regarding Medicaid Fingerprinting Requirement (§ 455.434)

D. ICRs Regarding Suspension of Payments in Cases of Fraud or Willful Misrepresentation (§ 455.23)

E. ICRs Regarding Collection of SSNs and DOBs for Medicaid and CHIP providers (§ 455.104)

F. ICRs Regarding Site Visits for Medicaid-Only or CHIP-Only Providers (§ 455.450)

G. ICRs Regarding the Rescreening of Medicaid Providers Every 5 Years (§ 455.414).

IV. Response to Comments

V. Regulatory Impact Analysis

A. Statement of Need

B. Overall Impact

C. Anticipated Effects

1. Medicare

a. Enhanced Screening Procedures—Medicare

b. Application Fee—MedicareStart Printed Page 5864

c. General Enrollment Framework

(1) New Enrollment

(2) Revalidation

2. Medicaid

a. Enhanced Screening Procedures

b. Application Fee—Medicaid

c. General Enrollment Framework

(1) New Enrollments

(2) Re-enrollment

3. Medicare and Medicaid

a. Moratoria on Enrollment of New Medicare Providers and Suppliers and Medicaid Providers

b. Suspension of Payments in Medicare and Medicaid

D. Accounting Statement and Table

1. Medicare

2. Medicaid

E. Alternatives Considered

1. General Burden Minimization Efforts

2. Fingerprinting

3. Other Suggested Alternatives

F. Conclusion

Regulations Text

I. Background

The Medicare program (title XVIII of the Social Security Act (the Act)) is the primary payer of health care for 47 million enrolled beneficiaries. Under section 1802 of the Act, a beneficiary may obtain health services from an individual or an organization qualified to participate in the Medicare program. Qualifications to participate are specified in statute and in regulations (see, for example, sections 1814, 1815, 1819, 1833, 1834, 1842, 1861, 1866, and 1891 of the Act; and 42 CFR Chapter IV, subchapter G, which concerns standards and certification requirements).

Providers and suppliers furnishing services must comply with the Medicare requirements stipulated in the Act and in our regulations. These requirements are meant to ensure compliance with applicable statutes, as well as to promote the furnishing of high quality care. As Medicare program expenditures have grown, we have increased our efforts to ensure that only qualified individuals and organizations are allowed to enroll or maintain their Medicare billing privileges.

The Medicaid program (title XIX of the Act) is a joint Federal and State health care program for eligible low-income individuals providing coverage to more than 51 million people. States have considerable flexibility in how they administer their Medicaid programs within a broad Federal framework and programs vary from State to State.

The Children's Health Insurance Program (CHIP) (title XXI of the Act) is a joint Federal and State health care program that provides health care coverage to more than 7.7 million otherwise uninsured children.

Historically, States, in operating Medicaid and CHIP, have permitted the enrollment of providers who meet the State requirements for program enrollment.

The Patient Protection and Affordable Care Act (Pub. L. 111-148), as amended by the Health Care and Education Reconciliation Act of 2010 (Pub. L. 111-152) (collectively known as the Affordable Care Act or ACA) makes a number of changes to the Medicare and Medicaid programs and CHIP that enhance the provider and supplier enrollment process to improve the integrity of the programs to reduce fraud, waste, and abuse in the programs.

The following is an overview of some of the statutory authority relevant to enrollment in Medicare, Medicaid, and CHIP:

  • Sections 1102 and 1871 of the Act provide general authority for the Secretary of Health and Human Services (the Secretary) to prescribe regulations for the efficient administration of the Medicare program. Section 1102 of the Act also provides general authority for the Secretary to prescribe regulations for the efficient administration of the Medicaid program and CHIP.
  • Section 4313 of the Balanced Budget Act of 1997 (BBA) (Pub. L. 105-33) amended sections 1124(a)(1) and 1124A of the Act to require disclosure of both the Employer Identification Number (EIN) and Social Security Number (SSN) of each provider or supplier, each person with ownership or control interest in the provider or supplier, any subcontractor in which the provider or supplier directly or indirectly has a 5 percent or more ownership interest, and any managing employees including directors and officers of corporations and non-profit organizations and charities. The “Report to Congress on Steps Taken to Assure Confidentiality of Social Security Account Numbers as required by the Balanced Budget Act” was signed by the Secretary and sent to the Congress on January 26, 1999. This report outlines the provisions of a mandatory collection of SSNs and EINs effective on or after April 26, 1999.
  • Section 936(a)(2) of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) (Pub. L. 108-173) amended the Act to require the Secretary to establish a process for the enrollment of providers of services and suppliers. We are authorized to collect information on the Medicare enrollment application (that is, the CMS-855, (Office of Management and Budget (OMB) approval number 0938-0685)) to ensure that correct payments are made to providers and suppliers under the Medicare program as established by title XVIII of the Act.
  • Section 1902(a)(27) of the Act provides general authority for the Secretary to require provider agreements under the Medicaid State Plans with every person or institution providing services under the State plan. Under these agreements, the Secretary may require information regarding any payments claimed by such person or institution for providing services under the State plan.
  • Section 2107(e) of the Act, which provides that certain title XIX and title XI provisions apply to States under title XXI, including 1902(a)(4)(C) of the Act, relating to conflict of interest standards.
  • Section 1903(i)(2) of the Act relating to limitations on payment.
  • Section 1124 of the Act relating to disclosure of ownership and related information.
  • Sections 6401, 6402, 6501, and 10603 of the ACA and 1304 of the Health Care and Education Reconciliation Act (Pub. L. 111-152) amended the Act by establishing: (1) Procedures under which screening is conducted for providers of medical or other services and suppliers in the Medicare program, providers in the Medicaid program, and providers in the CHIP; (2) an application fee to be imposed on providers and suppliers; (3) temporary moratoria that the Secretary may impose if necessary to prevent or combat fraud, waste, and abuse under the Medicare and Medicaid programs and CHIP; (4) requirements that State Medicaid agencies must terminate any provider that is terminated by Medicare or another State plan; (5) requirements for suspensions of payments pending credible allegations of fraud in both the Medicare and Medicaid programs.

II. Proposed Provisions and Responses to Public Comments

We received approximately 300 timely pieces of correspondence containing multiple comments on the Additional Screening Requirements, Application Fees, Temporary Enrollment Moratoria, Payment Suspensions and Compliance Plans for Providers and Suppliers proposed rule published September 23, 2010 (75 FR 58204). We note that we received some comments that were outside the scope of the proposed rule. These comments are not addressed in this final rule with comment period. Summaries of the public comments that are within the scope of the proposals and our responses to those comments are set forth in the various sections of this final rule with comment period under the appropriate headings.Start Printed Page 5865

A. Provider Screening Under Medicare, Medicaid, and CHIP

1. Statutory Changes

Section 6401(a) of the ACA, as amended by section 10603 of the ACA, amends section 1866(j) of the Act to add a new paragraph, paragraph “(2) Provider Screening.” Section 1866(j)(2)(A) of the Act requires the Secretary, in consultation with the Department of Health of Human Services' Office of the Inspector General (HHS OIG), to establish procedures under which screening is conducted with respect to providers of medical or other items or services and suppliers under Medicare, Medicaid, and CHIP. Section 1866(j)(2)(B) of the Act requires the Secretary to determine the level of screening to be conducted according to the risk of fraud, waste, and abuse with respect to the category of provider of medical or other items or services or supplier. The provision states that the screening shall include a licensure check, which may include such checks across State lines; and the screening may, as the Secretary determines appropriate based on the risk of fraud, waste, and abuse, include a criminal background check; fingerprinting; unscheduled or unannounced site visits, including pre-enrollment site visits; database checks, including such checks across State lines; and such other screening as the Secretary determines appropriate. Section 1866(j)(2)(C) of the Act requires the Secretary to impose a fee on each institutional provider of medical or other items or services or supplier that would be used by the Secretary for program integrity efforts including to cover the cost of screening and to carry out the provisions of sections 1866(j) and 1128J of the Act. We discussed the fee in section II.B. of the proposed rule.

Section 6401(b) of the ACA amends section 1902 of the Act to add new paragraph (a)(77) and (ii), which requires States to comply with the process for screening providers and suppliers as established by the Secretary under 1866(j)(2) of the Act.[1] Note that section 6401(b) of the ACA erroneously added a duplicate section 1902(ii) to the Act. Therefore, in the Medicare and Medicaid Extenders Act of 2010 (Pub. L. 111-309), the Congress enacted a technical correction to redesignate the section 1902(ii) of the Act added by section 6401(b) of ACA as section 1902(kk) of the Act. In this regulation, we therefore reference section 1902(kk) of the Act when referring to the provisions added by section 6401(b) of the ACA.

We noted in the proposed rule that the statute uses the terms “providers of medical or other items or services,” “institutional providers,” and “suppliers.” The Medicare program enrolls a variety of providers and suppliers, some of which are referred to as “providers of services,” “institutional providers,” “certified providers,” “certified suppliers,” and “suppliers.” In Medicare, the term “providers of services” under section 1861(u) of the Act means health care entities that furnish services primarily payable under Part A of Medicare, such as hospitals, home health agencies (including home health agencies providing services under Part B), hospices, and skilled nursing facilities. The term “suppliers” defined in section 1861(d) of the Act refers to health care entities that furnish services primarily payable under Part B of Medicare, such as independent diagnostic testing facilities (IDTFs), durable medical equipment prosthetics, orthotics, and supplies (DMEPOS) suppliers, and eligible professionals, which refers to health care suppliers who are individuals, that is, physicians and the other professionals listed in section 1848(k)(3)(B) of the Act. For Medicaid and CHIP, we use the terms “providers” or “Medicaid providers” or “CHIP providers” when referring to all Medicaid or CHIP health care providers, including individual practitioners, institutional providers, and providers of medical equipment or goods related to care. The term “supplier” has no meaning in the Medicaid program or CHIP.

The new screening procedures implemented pursuant to new section 1866(j)(2) of the Act are applicable to newly enrolling providers and suppliers, including eligible professionals, beginning on March 25, 2011. These new procedures are applicable to currently enrolled Medicare, Medicaid, and CHIP providers, suppliers, and eligible professionals beginning on March 23, 2012. These new screening procedures implemented pursuant to new section 1866(j)(2) of the Act are applicable beginning on March 25, 2011 for those providers and suppliers currently enrolled in Medicare, Medicaid, and CHIP who revalidate their enrollment information. Within Medicare, the March 25, 2011 implementation date will impact those current providers and suppliers whose 5-year revalidation cycle (or 3-year revalidation cycle for DMEPOS suppliers) results in revalidation occurring on or after March 25, 2011 and before March 23, 2012.

The requirements for revalidation are discussed in § 424.515. It is important to note that revalidation—for purposes of both provider enrollment in general and this final rule with comment period—does not include routine changes of information as described in § 424.516(d) and (e), such as address changes or changes in phone number.

2. Summary of Existing Screening Measures

Before we outline the new measures we are finalizing under the ACA, it may be helpful to provide a summary of some of the screening measures already being utilized in Medicare, Medicaid, and CHIP. Pursuant to other authority, but with the notable exception of background checks and fingerprinting, Medicare, generally through private contractors, already employs a number of the screening practices described in section 1866(j)(2)(B) of the Act to determine if a provider or supplier is in compliance with Federal and State requirements to enroll or to maintain enrollment in the Medicare program.

We also believe it important to note that nothing in this rule is intended to abridge our established screening authority under existing statutes and regulations or to diminish the screening that providers and suppliers currently undergo. To the contrary; the provisions specified in this final rule with comment period are intended to enhance our existing authority. This rule's provisions, in other words, set “floors”—not ceilings—on enrollment requirements for each screening level.

a. Licensure Requirements—Medicare and Medicaid

Over the past several years, we have taken a number of steps to strengthen our ability to deny or revoke Medicare billing privileges when providers or suppliers do not have or do not maintain the applicable State licensure requirements for their provider or supplier type or profession. We established reporting responsibilities for all providers, suppliers, and eligible professionals in earlier regulations at § 424.516(b) through (e). To ensure that only qualified providers and suppliers remain in the Medicare fee-for-service (FFS) program, we require that Medicare Start Printed Page 5866contractors review State licensing board data on a monthly basis to determine if providers and suppliers remain in compliance with State licensure requirements. Medicare billing privileges would be revoked for those providers and suppliers who do not report a final adverse action (for example, license revocation or suspension, felony conviction) within the applicable reporting period, as required in § 424.516(b) through (e). Medicare suppliers of DMEPOS and IDTFs are already subject to similar provisions in § 424.57(c) and § 410.33(g), respectively. DMEPOS suppliers are also subject to additional requirements including accreditation and surety bonding, pursuant to § 424.57(c)(22) through (26) and § 424.57(d).

Medicare Advantage organizations (MAOs) are required to verify licensure of providers and suppliers, including physicians and other health care professionals, in accordance with § 422.204.

For Medicaid and CHIP, most States do some checking of in-State provider licenses, but the extent of scrutiny varies. For example, in some States, the existence of the license may be verified, but little attention might be given to any restrictions on the license.

b. Site Visits—Medicare

Pursuant to § 424.517, Medicare conducts the following site visits and takes the following actions, generally through private contractors under CMS direction:

  • The National Supplier Clearinghouse (NSC) Medicare Administrative Contractor (the Medicare contractor that processes enrollment applications for suppliers of DMEPOS) conducts pre-enrollment site visits to DMEPOS suppliers that are not associated with a chain supplier of DMEPOS (a chain supplier of DMEPOS is a supplier with 25 or more distinct practice locations.)
  • The NSC also conducts unannounced post-enrollment site visits to DMEPOS suppliers for which CMS or the NSC believes there is a likelihood of fraudulent or abusive activities to ensure those DMEPOS suppliers remain in compliance with the supplier standards found at § 424.57(c). CMS at times exercises its right to—
  • Have the NSC conduct ad hoc pre- and post-enrollment site visits to any DMEPOS supplier;
  • Have Medicare contractors conduct pre-enrollment site visits to all IDTFs; and
  • Conduct ad hoc pre-and post enrollment site visits to any prospective Medicare provider and supplier or any enrolled Medicare provider or supplier.

In addition, under 42 CFR parts 488 and 489, a State survey agency or an approved national accreditation organization with deeming authority conducts pre-enrollment surveys for certified providers and suppliers to determine whether they meet the applicable Federal conditions and requirements for their provider or supplier type before they can participate in the Medicare program.

We note that the site visits discussed here and elsewhere within this preamble and the final regulations are separate and apart from the site visits that are conducted pursuant to the Clinical Laboratory Improvement Amendments (CLIA). We will work with our State survey agency partners in coordinating these site visits so as to avoid duplication and burden on providers.

c. Database Checks—Medicare

Under existing regulation, Medicare contractors employ database checks of eligible professionals, owners, authorized officials, delegated officials, managing employees, medical directors, and supervising physicians (at IDTFs and laboratories) as part of the Medicare provider and supplier enrollment process. These include database checks with the Social Security Administration (SSA) (to verify an individual's SSN), the National Plan and Provider Enumeration System (NPPES) to verify the National Provider Identifier (NPI) of an eligible professional, and State licensing board checks to determine if an eligible professional is appropriately licensed to furnish medical services within a given State. These checks also include checking a provider or supplier against the HHS OIG's List of Excluded Individuals/Entities (LEIE) and the General Service Administration's Excluded Parties List System (EPLS). All of the database checks have been used to assess the eligibility and qualifications of providers and suppliers to enroll in the Medicare program, to confirm the identity of an eligible professional to ensure that he or she may be considered for enrollment in the Medicare program.

Also, on a monthly basis, CMS' Medicare contractors systematically compare enrolled providers, suppliers, and eligible professionals against the information in the Medicare Exclusions Database. The Medicare Exclusions Database identifies providers, suppliers, and eligible professionals who have been excluded from the Medicare and Medicaid programs by the HHS OIG. When a match is found, the HHS OIG exclusion information is systematically noted in the Medicare enrollment record of the provider, supplier, or eligible professional. In the Medicare program, we deny or revoke the billing privileges of providers, suppliers, and eligible professionals who have been excluded by the HHS OIG. If the HHS OIG lifts the exclusion, the provider, supplier or eligible professional must reapply for enrollment in the Medicare program. In addition, Medicare contractors also review State licensure Web sites on a monthly basis to ensure that eligible professionals continue to meet State licensing requirements.

In addition, since January 2009, we have compared date of death information obtained from the Social Security Administration Death Master File (SSA DMF) with the information maintained in the National Plan and Provider Enumeration System (NPPES), the system that assigns an NPI to individuals and organizations. Based on this comparison and the subsequent verification, we have deactivated the NPIs of more than 11,500 individuals who were previously assigned a type 1 (individual) NPI. We automatically transfer this information from NPPES to the Provider Enrollment, Chain, and Ownership System (PECOS), CMS' national Medicare enrollment repository to deactivate a deceased individual's Medicare billing privileges. In addition, Medicare contractors are required to review and act upon monthly files that contain a list of non-practitioner individuals enrolled in the Medicare program who have been reported to the SSA as deceased. These individuals include: Owners, authorized officials, and delegated officials.

MAOs, as required by § 422.204, generally use database checks to verify licensure and licensure sanctions and limitations with State licensing boards and the Federation of State Medical Boards, DEA certificates with the National Technical Information Service (NTIS), history of adverse professional review actions and malpractice from the National Practitioner Data Bank (NPDB), accreditation status of institutional providers and suppliers with national accrediting boards, such as The Joint Commission (TJC), and search for HHS OIG exclusions using the HHS OIG Web site http://oig.hhs.gov/​fraud/​exclusions/​exclusions_​list.asp.

d. Criminal Background Checks—Medicare

Section 6401(a) of the ACA amended Section 1866(j) of the Act authorized the Secretary to perform criminal background checks. As described in § 424.530(a) and § 424.535(a), CMS or its Start Printed Page 5867designated Medicare contractor may deny or revoke the Medicare billing privileges of the owner of a provider or supplier, a physician or non-physician practitioner, and terminate any corresponding provider or supplier agreement for a number of reasons, including an exclusion from the Medicare, Medicaid, and any other Federal health care program, a felony within the preceding 10 years that is considered detrimental to the Medicare program, and/or submission of false or misleading information on the Medicare enrollment application. While we require our Medicare contractors to verify data submitted on, and as part of, the Medicare provider/supplier enrollment application, our contractors are not able to verify information that may have been purposefully omitted or changed in a manner to obfuscate any previous criminal activity. A 2005 report issued by the National Task Force on the Criminal Backgrounding of America, sponsored by the Bureau of Justice Statistics and the U.S. Department of Justice, defined a Criminal History Record Check as a check that returns records from official criminal repositories (meaning State repositories and the Federal Bureau of Investigations (FBI) Interstate Identification Index that links Federal and State criminal record systems), and the FBI uses the same terminology. For purposes of responding to comments in this document we use the term criminal history record check to mean criminal background checks when referring to such fingerprint-based checks. Criminal History Record Checks have not been historically used in the FFS Medicare enrollment screening process.

e. Medicare MAO Requirements

As mentioned earlier in this section, MAOs already employ a number of screening procedures in accordance with regulations and CMS manual instructions. Specifically, under § 422.204(b)(3) in the case of providers meeting the definition of “provider of services” in section 1861(u) of the Act, basic benefits may only be provided through providers if they have a provider agreement with us permitting them to furnish services under original Medicare. With respect to other entities like suppliers, § 422.204(b)(3) requires that they “meet the applicable requirements of title XVIII and Part A of title XI of the Act.” Given these requirements we considered to what extent MAOs would be required to apply the identical screening requirements we proposed for the original Medicare program or whether substantively similar alternative approaches adopted by MAOs would be acceptable. Accordingly, we solicited public comments on whether or to what extent MAOs should be required to implement the same enhanced screening requirements for providers, suppliers and physicians that we proposed for the original Medicare program.

f. Fingerprinting—Medicare

Previous to this final rule with comment period fingerprinting and fingerprint-based criminal history record information from the FBI was not used in the Medicare enrollment screening process.

g. Screening—Medicaid and CHIP

States vary in the degree to which they employ screening methods such as unscheduled and unannounced site visits and database checks, including such checks across State lines, criminal background checks, and fingerprinting. However, at least a few States utilize each of those methods.

States also varied in what they require their managed care entities (MCEs) [2] to do in terms of screening network-level providers that are not also enrolled in the Medicaid program as FFS providers. We considered to what extent States must require their MCEs to apply the identical screening requirements we proposed for the States or whether substantively similar alternative approaches adopted by MCEs are acceptable. Accordingly, we solicited public comments on whether or to what extent MCEs should be required to implement the same enhanced screening requirements for Medicaid and CHIP providers that we proposed for State Medicaid and CHIP programs.

We again stress that the provider enrollment verification tools that we are currently using—including, but not limited to, those described previously—will not in any way be diminished as a result of this final rule with comment period. In other words, the validation techniques in this rule do not supplant those that are presently in use.

3. General Screening of Providers—Medicare

a. Proposed Screening Requirements

Section 1866(j)(2)(B) of the Act requires the Secretary to determine the level of screening applicable to providers and suppliers according to the risk of fraud, waste, and abuse the Secretary determines is posed by particular provider and supplier categories.

In considering how to establish consistent screening standards, we proposed to designate provider and supplier categories that are subject to certain screening procedures based on CMS' assessment of fraud, waste and abuse risk of the provider or supplier category, taking into consideration a variety of factors. These factors include our own experience with claims data used to identify fraudulent billing practices as well as the expertise developed by our contractors charged with investigating and identifying instances of Medicare fraud across a broad spectrum of providers. In addition, CMS has relied on insights gained from numerous studies conducted by the HHS-OIG, GAO, and other sources. We have designated categories of providers or suppliers (for example, “newly enrolling DME suppliers” or “currently enrolled home health agencies”) that are subject to screening procedures based on our assessment of the level of screening based on the risk presented by the category of provider. There are three levels of screening and associated risk: “limited,” “moderate” and “high,” and each provider/supplier category is assigned to one of these three screening levels. The categories described below and associated risk levels assigned are designed to identify those categories of providers and suppliers that pose a risk of fraud, waste, and abuse.

The screening procedures applicable to each screening level are set by us and are included in this final rule with comment period. Under this approach, the relevant Medicare contractor (for example, fiscal intermediary, regional home health intermediary, carriers, Part A or Part B Medicare Administrative Contractor (A/B MAC), or the NSC Administrative Contractor) would utilize the screening tools mandated by us for the screening level assigned to a particular provider or supplier category.

We solicited comments on the proposed assignment of specific provider and supplier types to the proposed risk screening levels, including what criteria should be considered in making such assignments, whether such assignments should be Start Printed Page 5868released publicly, whether they should be subject to agency review and updated according to an established schedule (that is, annually, bi-annually), and the extent to which they should be updated according to evolving risks. We also solicited comments on any additional database checks that we should consider as a type of screening.

Based on the level of screening assigned, we proposed that the Medicare contractors would establish and conduct the following categorical screenings.

Table 1—Proposed Screening Levels and Procedures for Medicare Physicians, Non-Physician Practitioners, Providers, and Suppliers

Type of screening requiredLimitedModerateHigh
Verification of any provider/supplier-specific requirements established by MedicareXXX
Conduct license verifications, (may include licensure checks across States)XXX
Database Checks (to verify Social Security Number (SSN), the National Provider Identifier (NPI), the National Practitioner Data Bank (NPDB) licensure, an OIG exclusion; taxpayer identification number; tax delinquency; death of individual practitioner, owner, authorized official, delegated official, or supervising physician)XXX
Unscheduled or Unannounced Site VisitsXX
Criminal Background CheckX
FingerprintingX

As described previously, we already require Medicare contractors to ensure that every provider or supplier meets any applicable Federal regulations or State requirements, including applicable licensure requirements [3] for the provider or supplier type prior to making an enrollment determination. In addition, we also require that Medicare contractors conduct monthly reviews of State licensing board actions to determine if an individual practitioner, such as a physician or non-physician practitioner continues to meet State licensing requirements. In the case of organizational entities, we also require our Medicare contractors to conduct monthly or periodic checks to determine if an organizational entity continues to meet the Federal and State requirements for its provider or supplier type. Such verifications help ensure that a prospective provider or supplier is eligible to participate in the Medicare program or that an existing provider or supplier is eligible to maintain its Medicare billing privileges.

Previous to this final rule with comment period, in the Medicare program, DMEPOS suppliers were required to re-enroll every 3 years, and other providers were required to revalidate their enrollment every 5 years. The terms revalidation and re-enrollment were often used interchangeably, but are actually specific to these provider types. To eliminate any confusion about which term applies to which provider or supplier, we proposed language at § 424.57(e) to change all references from re-enroll or re-enrollment to revalidate or revalidation. In addition, the ACA requires that no provider or supplier shall be allowed to enroll in Medicare or revalidate its enrollment in Medicare after March 23, 2013 without being screened pursuant to the authorities covered by this final rule with comment period. To assist us in assuring that the statutory effective date is met, we proposed at § 424.515 to permit us to require that a provider or supplier revalidate its enrollment at any time. After the revalidation, the current cycle for revalidation (3 years for DMEPOS, and 5 years for all other providers) would apply.

(1) Limited

Based on our own analysis of historical trends and our own experience with provider screening and enrollment we proposed that, as a category, the following providers and suppliers pose a limited risk to the Medicare program: Physician or non-physician practitioners and medical groups or clinics; providers or suppliers that are publicly traded on the NYSE or NASDAQ; ambulatory surgical centers (ASCs); end-stage renal disease (ERSD) facilities; Federally qualified health centers (FQHCs); histocompatibility laboratories; hospitals, including critical access hospitals (CAHs); Indian Health Service (IHS) facilities; mammography screening centers; organ procurement organizations (OPOs); mass immunization roster billers, portable x-ray suppliers; religious nonmedical health care institutions (RNHCIs); rural health clinics (RHCs); radiation therapy centers; skilled nursing facilities (SNFs), and public or government-owned ambulance services suppliers.

In § 424.518(a), we proposed that the following screening tools will apply to providers and suppliers in categories designated as limited risk: (1) Verification that a provider or supplier meets any applicable Federal regulations, or State requirements for the provider or supplier type prior to making an enrollment determination; (2) verification that a provider or supplier meets applicable licensure requirements; and (3) database checks on a pre- and post-enrollment basis to ensure that providers and suppliers continue to meet the enrollment criteria for their provider/supplier type.

To assist readers in understanding the type of providers and suppliers that we proposed to include in the limited risk screening level, we are providing the following table.

Table 2—Proposed Medicare Providers and Suppliers Designated as a “Limited” Categorical Risk for Screening Purposes

Provider/supplier category
Physician or non-physician practitioners and medical groups or clinics.
Providers or suppliers that are publicly traded on the NYSE or NASDAQ.
Start Printed Page 5869
Ambulatory surgical centers, end-stage renal disease facilities, Federally qualified health centers, histocompatibility laboratories, hospitals, including critical access hospitals, Indian Health Service facilities, mammography screening centers, organ procurement organizations, mass immunization roster billers, portable x-ray supplier, religious non-medical health care institutions, rural health clinics, radiation therapy centers, skilled nursing facilities, and public or government-owned or -affiliated ambulance service suppliers.

(2) Moderate

Based on our experience, we proposed that community mental health centers (CMHCs); comprehensive outpatient rehabilitation facilities (CORFs); hospice organizations; independent diagnostic testing facilities (IDTFs); independent clinical laboratories; and non-public, non-government owned or affiliated ambulance services suppliers pose a moderate risk to the Medicare program. However, we provided that any such provider or supplier that is publicly traded on the NYSE or NASDAQ would be considered limited risk. Furthermore, we proposed that currently enrolled (revalidating) home health agencies would be considered “moderate” risk, except any such provider that is publicly traded on the NYSE or NASDAQ would be considered limited risk. Finally, we proposed that currently enrolled (re-validating) suppliers of DMEPOS pose a moderate risk, except that any such supplier that is publicly traded on the NYSE or NASDAQ would be considered “limited” risk. We provide our rationale for these categories in this section below.

For those provider and supplier categories in the “moderate” screening level, we proposed that Medicare contractors would conduct unannounced pre- and/or post-enrollment site visits in addition to those screening tools applicable to the limited level of screening. Based on the success of pre-and/or post enrollment site visits conducted by the NSC during the enrollment process for suppliers of DMEPOS and a similar process established by carriers and A/B MACs during the enrollment of IDTFs, we believe that unscheduled and unannounced pre-and post-enrollment site visits help ensure that suppliers are operational and meet applicable supplier standards or performance standards. In addition, we believe that unscheduled and unannounced pre-and post-enrollment site visits are an essential tool in determining whether a provider or supplier is in compliance with its reporting responsibilities, including the requirement in § 424.516 to notify the Medicare contractor of any change of practice location.

Moreover, § 424.530(a)(5) and § 424.535(a)(5) give us the authority to deny or revoke Medicare billing privileges for providers and suppliers if the provider or supplier is not operational or the provider does not maintain the established provider or supplier performance standards. And while we do not believe that unscheduled or unannounced site visits are necessary for all providers and suppliers, we do believe that a number of businesses, like the ones mentioned below, pose an increased risk to the Medicare program, due at least in part to the lack of individual professional licensure.

In addition, as discussed below, we have found that certain types of providers and suppliers that easily enter a line or business without clinical or business experience—for example, by leasing minimal office space and equipment—present a higher risk of possible fraud to our programs. As such, we believe that because these types of providers pose an increased risk of fraud they should be subject to substantial scrutiny before being permitted to enroll and bill Medicare, Medicaid, or CHIP. This type of pre-enrollment scrutiny will help us move away from the “pay and chase” approach.

Most of the provider and supplier categories in the moderate screening level are generally highly dependent on Medicare, Medicaid, or CHIP to pay their salaries and other operating expenses and are subject to less additional government or professional oversight than the providers and suppliers in the limited risk screening level. Accordingly, we believe it is appropriate and necessary to conduct unscheduled and unannounced pre-enrollment site visits to ensure that these prospective providers and suppliers meet our enrollment requirements prior to enrolling in the Medicare program. Moreover, we believe that post-enrollment site visits are also important to ensure that the enrolled provider or supplier remains a viable health care provider or supplier in the Medicare program.

Accordingly, we proposed in § 424.518(b) that in addition to the categorical screening tools used with respect to limited risk providers and suppliers, Medicare contractors would conduct unannounced and unscheduled site visits prior to enrolling the providers and suppliers assigned to the moderate risk screening level, as set forth earlier in this Section.

In the proposed rule, we set forth our rationale for the assessment of risk ascribed to the providers and suppliers assigned to the “moderate” level of screening. First, we noted that HHS OIG and GAO have issued studies indicating that several of the provider and supplier types cited previously pose an elevated risk of fraud, waste and abuse to the Medicare and Medicare programs and CHIP. In an October 2007 report titled, “Growth in Advanced Imaging Paid under the Medicare Physician Fee Schedule” (OEI-01-06-00260), the HHS OIG recommended that CMS consider conducting site visits to monitor IDTFs' compliance with Medicare requirements.” In addition, in an April 2007 report titled, “Medicare Hospices: Certification and Centers for Medicare & Medicaid Services Oversight” (OEI-06-05-00260), the HHS OIG recommended that CMS seek legislation to establish additional enforcement remedies for poor hospice performance. In response to this recommendation, CMS stated that it was considering whether to pursue new enforcement remedies for poor hospice performance. While the Medicare enrollment process is not designed to verify the conditions of participation, we do believe that more frequent onsite visits may help identify those hospice organizations that are no longer operational at the practice location identified on the Medicare enrollment application.

In a January 2006 report titled, “Medicare Payments for Ambulance Transports” (OEI-05-02-000590), the HHS OIG found that “25 percent of ambulance transports did not meet Medicare's program requirements, resulting in an estimated $402 million in improper payments.”

In an August 2004 report titled, “Comprehensive Outpatient Rehabilitation Facilities: High Medicare Payments in Florida Raise Program Integrity Concerns” (GAO-04-709), the GAO concluded that, “[s]izeable disparities between Medicare therapy payments per patient to Florida CORFs and other facility-based outpatient therapy providers in 2002—with no clear indication of differences in patient needs—raise questions about the appropriateness of CORF billing practices. After finding high rates of medically unnecessary therapy services to CORFs, CMS's claims administration Start Printed Page 5870contractor for Florida took steps to ensure appropriate claim payments for a small, targeted group of CORF patients. Despite its limited success, billing irregularities continued among some CORFs and many CORFs continued to receive relatively high payments the following year. This suggests that the contractor's efforts were too limited in scope to be effective with all CORF providers.”

In addition to GAO and HHS OIG studies and reports, a number of Zone Program Integrity Contractors (ZPIC) and Program Safeguard Contractors (PSC) used by CMS in helping to fight fraud in Medicare, have taken a number of administrative actions including payment suspensions and increased medical review, for the provider and supplier types shown previously. For example, the Zone 7 ZPIC contractor in South Florida has conducted onsite reviews at 62 CORFs since January 2010 and recommended revocation for 51 CORFs, or 82 percent of the CORFS in the area. The same contractor has conducted an onsite reviews at 38 CMHCs located in Dade, Broward, and Palm Beach County since January 2010, and recommended that 30 CMHCs be revoked for noncompliance (79 percent of the CMHCs in the area). In each instance where the ZPIC requested a revocation, the CMHC was also placed on prepay review. We have also conducted an analysis of IDTF licensure requirements and have found several circumstances that indicate irregularity and potential risk of fraud. Although independent clinical laboratories are subject to survey against CLIA requirements, there are nonetheless a number of potentials for fraud, not the least of which is the sheer volume of service and associated billing generated by these entities.

We believe that there is ample evidence to support the use of post-enrollment site visits as a reliable and effective tool to ensure that a current supplier of DMEPOS remains operational and continues to meet the supplier standards found in § 424.57(c). In a March 2007 report titled, “Medical Equipment Suppliers Compliance with Medicare Enrollment Requirements” (OEI-04-05-00380), the HHS OIG concluded that, “By helping to ensure the legitimacy of DMEPOS suppliers, out-of-cycle site visits may help to prevent fraud, waste, and abuse in the Medicare program. CMS may want to consider the findings of our study as they determine how and to what extent out-of-cycle site visits of DMEPOS suppliers will occur.” Today, the NSC MAC utilizes post-enrollment site visits as the primary screening to determine ongoing compliance with the enrollment criteria set forth in § 424.57(c). Therefore, we have included currently enrolled DMEPOS suppliers in the “moderate” category.

We also noted that, in addition to the new screening measures proposed in the proposed rule under the existing regulation at § 424.517, a Medicare contractor may conduct an unannounced or unscheduled site visit at any time for any provider or supplier type prior to enrolling a prospective provider or supplier or for any existing provider or supplier enrolled in the Medicare program. While the primary purpose of an unannounced and unscheduled site visit is to ensure that a provider or supplier is operational at the practice location found on the Medicare enrollment application, a Medicare contractor may also verify established supplier standards or performance standards other than conditions of participation (CoP) subject to survey and certification by the State Survey agency, where applicable, to ensure that the supplier remains in compliance with program requirements.

To assist readers in understanding the type of providers and suppliers that we proposed to be in the “moderate” risk screening level, we are providing the following table.

Table 3—Proposed Medicare Providers and Suppliers Designated as a “Moderate” Categorical Risk for Screening Purposes

Provider/supplier category
Community mental health centers; comprehensive outpatient rehabilitation facilities; hospice organizations; independent diagnostic testing facilities; independent clinical laboratories; and non-public, non-government owned or affiliated ambulance services suppliers. (Except that any such provider or supplier that is publicly traded on the NYSE or NASDAQ is considered “limited” risk.)
Currently enrolled (revalidating) home health agencies. (Except that any such provider that is publicly traded on the NYSE or NASDAQ is considered “limited” risk.)
Currently enrolled (re-validating) suppliers of DMEPOS. (Except that any such supplier that is publicly traded on the NYSE or NASDAQ is considered “limited” risk.)

(3) High

For those provider and supplier categories assigned the “high” level of screening, we proposed that, in addition to the screening tools applicable to the limited and moderate level of screening, Medicare contractors would use the following screening tools in the enrollment process: (1) Criminal background check; and (2) submission of fingerprints using the FD-258 standard fingerprint card. (The FD-258 fingerprint card is recognized nationally and can be found at local, county or State law enforcement agencies where, for a fee, agencies will supply the card and take the fingerprints.) We proposed that these tools would be applied to owners, authorized or delegated officials or managing employees of any provider or supplier assigned to the “high” level of screening. We believe that criminal background checks will assist us in determining if such individuals submitted a complete and truthful Medicare enrollment application and whether an individual is eligible to enroll in the Medicare program or maintain Medicare billing privileges. We believe that this position is supported by testimony of the GAO before the subcommittees for Health and Oversight and Ways and Means within the House of Representatives on June 15, 2010, stating in part that “[c]hecking the background of providers at the time they apply to become Medicare providers is a crucial step to reduce the risk of enrolling providers intent on defrauding or abusing the program. In particular, we have recommended stricter scrutiny of enrollment processes for two types of providers whose services and items CMS has identified as especially vulnerable to improper payments—home health agencies (HHAs) and suppliers of durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS).”

In § 424.518(c)(1), we proposed that, unless they are publicly traded on the NYSE or NASDAQ, newly enrolling HHAs and suppliers of DMEPOS would be assigned to the high risk screening level. Based on our experience and on work conducted by the HHS OIG and the GAO, and because we do not have the monitoring experience with newly enrolling DMEPOS suppliers or HHAs that we have with those currently enrolled, we assigned these providers and suppliers to the “high” risk screening level. We are especially concerned about newly enrolling HHAs and suppliers of DMEPOS because of the high number of HHAs and suppliers of DMEPOS already enrolled in the Medicare program and program vulnerabilities that these entities pose to the Medicare program. Below is a list of HHS OIG and GAO reports identifying home health agencies and suppliers of DMEPOS as posing an elevated risk to the Medicare program.

  • In a December 2009 report titled, “Aberrant Medicare Home Health Outlier Payment Patterns in Miami-Dade County and Other Geographic Start Printed Page 5871Areas in 2008” (OEI-04-08-00570), the HHS OIG recommended that CMS continue with efforts to strengthen enrollment standards for home health providers to prevent illegitimate HHAs from obtaining billing privileges.
  • In a February 2009 report titled, “Medicare: Improvements Needed to Address Improper Payments in Home Health” (GAO-09-185), the GAO concluded that the Medicare enrollment process does not routinely include verification of the criminal history of applicants, and without this information individuals and businesses that misrepresent their criminal histories or have a history of relevant convictions, such as for fraud, could be allowed to enter the Medicare program. In addition, the GAO recommended that CMS assess the feasibility of verifying the criminal history of all key officials named on the Medicare enrollment application.
  • In a February 2008 report titled, “Los Angeles County Suppliers' Compliance with Medicare Standards: Results from Unannounced Visits” (OEI-09-07-00550) and in a March 2007 report titled, “South Florida Suppliers' Compliance with Medicare Standards: Results from Unannounced Visits (OEI-03-07-00150), the HHS OIG recommended that CMS strengthen the Medicare DMEPOS supplier enrollment process and ensure that suppliers meet Medicare supplier standards. The HHS OIG provided several options to implement this recommendation including: (1) Conducting more unannounced site visits to suppliers; (2) performing more rigorous background checks on applicants; (3) assessing the fraud risk of suppliers; and (4) targeting, monitoring, and enforcement of high risk suppliers.
  • In a September 2005 report titled, “Medicare: More Effective Screening and Stronger Enrollment Standards Needed for Medical Equipment Suppliers” (GAO-05-656), the GAO concluded that,

CMS is responsible for assuring that Medicare beneficiaries have access to the equipment, supplies, and services they need, and at the same time, for protecting the program from abusive billing and fraud. The supplier standards and NSC's gate keeping activities were intended to provide assurance that potential suppliers are qualified and would comply with Medicare rules. However, there is overwhelming evidence—in the form of criminal convictions, revocations, and recoveries—that the enrollment processes and the standards are not strong enough to thoroughly protect the program from fraudulent entities. We believe that CMS must focus on strengthening the standards and overseeing the supplier enrollment process. It needs to better focus on ways to scrutinize suppliers to ensure that they are responsible businesses, analogous to Federal standards for evaluating potential contractors.

We recognize that there may also be circumstances where a particular provider or supplier or group of providers and suppliers may pose a higher risk of fraud, waste, and abuse than the screening level assignment for their category assessed. Therefore, in § 424.518(c)(3), we proposed specific criteria that we would use to adjust the classification of a provider or supplier into a higher risk screening level than would generally apply to the entire category of provider or supplier, in order to address specific program vulnerabilities. We solicited comments on specific additional circumstances that might justify shifting a provider or supplier into a higher screening level than would generally apply to its category. We also solicited comments on the criteria that we could use to shift the screening level back down.

In § 424.518(c)(3)(i), we proposed to adjust a provider or supplier from the limited or “moderate” risk screening level to the “high” risk screening level when we have evidence from or concerning a physician or non-physician practitioner that another individual is using his or her identity within the Medicare program. In § 424.518(c)(3)(ii) and (iii), which in this final rule with comment period has been redesignated § 424.518(c)(3)(i) and (ii), we proposed to adjust a provider or supplier from the “limited” or “moderate” level of screening to the “high” screening level when: The provider or supplier has been placed on a previous payment suspension within the previous ten years; or the provider or supplier has been excluded by the HHS OIG or had its Medicare billing privileges revoked by a Medicare contractor within the previous 10 years and is attempting to establish additional Medicare billing privileges for a new practice location or by enrolling as a new provider or supplier. In addition, we believe that providers that have been terminated or otherwise precluded from billing Medicaid should be adjusted from the “limited” or “moderate” screening level to the “high” screening level. We believe that such providers or suppliers pose an elevated level of risk to the Medicare program.

In § 424.518(c)(3)(iv), redesignated in this final rule with comment period as § 424.518(c)(3)(iii), we proposed to adjust providers or suppliers from the “limited” or “moderate” level of screening to the “high” level of screening for 6 months after we lift a temporary moratorium (see section II.C. of this final rule with comment period) applicable to such providers or suppliers. This would include providers and suppliers revalidating their enrollment if the moratorium is applicable to the provider or supplier type. We solicited comments on criteria that would justify reassignment of providers or suppliers from the “limited” or “moderate” screening level to the “high” screening level. We also solicited comments on criteria appropriate to the reassignment from “high” to “moderate” screening levels or “limited” screening levels. We also solicited comment on the applicability of geographical circumstances as a possible criterion for adjusting providers or suppliers from one screening level to another. We also solicited comment on whether non-practitioner owned facilities and suppliers should be subject to a higher level of screening than their practitioner-owned counterparts or, whether there is an appropriate corresponding trigger for non-practitioner owned facilities and suppliers. We solicited comment on whether providers and suppliers should be subject to higher levels of screening when the provider specialty does not match clinic type on an enrollment application. We solicited comment on what objective conditions might support a broad set of circumstances or factors that would allow us to determine that provider screening levels by risk should be based on “other conditions or factors that CMS determines are necessary to combat fraud, waste, and abuse.”

We solicited public comment on the appropriateness of using criminal background checks in the provider enrollment screening process, including the instances when such background checks might be appropriate, the process of notifying a provider, supplier or individual that a criminal background check is to be performed, and the frequency of such checks.

We solicited comment on the use of fingerprinting as a screening measure in our programs. We recognized that requesting, collecting, analyzing, and checking fingerprints from providers and suppliers are complex and sensitive undertakings that place certain burdens on affected individuals. There are privacy concerns and operational concerns about how to assure individual privacy, how to check fingerprints against appropriate law enforcement fingerprint databases, and how to store the results of the query of the data bases and also how to handle the subsequent analysis of the results. As a result, we solicited comments on how CMS or its contractor should maintain and store fingerprints, what security processes Start Printed Page 5872and measures are needed to protect the privacy of individuals, and any other issues related to the use of fingerprints in the enrollment screening process. We were interested in comments on possible circumstances in which fingerprinting would be potentially useful in provider screening or other fraud prevention efforts. Our proposed screening approach contemplated requesting fingerprints from providers and suppliers designated as presenting a “high” risk of fraud. We solicited comment on this requirement, the circumstances under which it is appropriate, limitations on its use and any alternatives to the proposed approach regarding fingerprints. Our proposed approach allowed denial of billing privileges to newly enrolled providers and suppliers and revocation of billing privileges for revalidating providers and suppliers if owners or officials of providers or suppliers refused to submit fingerprints when requested to do so. We solicited comments on this proposal including its appropriateness and utility as a fraud prevention tool. In addition, we also solicited comment on the applicability and appropriateness of using, in addition to or in lieu of fingerprinting, other enhanced identification techniques and secure forms of identification including but not limited to other biological or biometric techniques, passports, United States Military identification, or Real ID drivers licenses. As technology and secure identification techniques change, the tools we use may change to reflect improvements or shifts in technology or in risk identification. We solicited comment on the appropriate uses of these techniques.

We noted that any physician or non-physician practitioner or organizational provider or supplier that is denied enrollment into the Medicare program or whose Medicare billing privileges are revoked is afforded due process rights under § 405.874.

To assist readers in understanding the type of providers and suppliers that we proposed to include in the “high” risk screening level, we are providing the following table.

Table 4—Proposed Medicare Pro-viders and Suppliers Designated as a “High” Categorical Risk for Screening Purposes

Provider/supplier category
Prospective (newly enrolling) home health agencies and suppliers of DMEPOS. (Except that any such provider or supplier that is publicly traded on the NYSE or NASDAQ is considered “limited” risk.)

The new screening procedures implemented pursuant to new section 1866(j)(2) of the Act will be applicable to newly enrolling categories providers and suppliers beginning on March 25, 2011. These new screening procedures will also be applicable beginning on March 25, 2011 for those providers and suppliers currently enrolled in Medicare, Medicaid, and CHIP who revalidate their enrollment information. For Medicare, this will impact those providers and suppliers whose revalidation cycle results in revalidation occurring between March 25, 2011 and March 23, 2012. Finally, these new procedures will be applicable to currently enrolled Medicare, Medicaid, and CHIP providers and suppliers beginning on March 23, 2012, in accordance with section 1866(j)(2)(ii) of the Act. As such, some providers and suppliers may be required to revalidate their enrollment outside of their regular revalidation cycle. However, the additional screening procedures for categories and individuals in the high level of screening, namely, as discussed below, fingerprint-based criminal history record checks, will be implemented 60 days following the publication of subregulatory guidance.

b. Analysis of and Responses to Public Comment on Medicare Screening Categories

Below is a summary of the comments we received regarding the screening categories and the validation activities contained within each category.

Comment: Several commenters expressed concern that we differentiated between publicly traded and non-publicly traded entities. Many commenters stated that CMS did not specify how publicly traded companies were any less of a fraud risk than companies that are not publicly traded. Several commenters suggested this distinction was arbitrary and without merit. One commenter stated that being publicly traded does not offer immunity from risk, and that having one set of standards for all providers will make it easier for governments, providers and consumers to identify and address fraud and abuse. One trade association argued that it preferred an approach that would elevate its members into a higher risk screening level than to distinguish among its members based upon whether a particular entity was publicly traded. Another commenter suggested that CMS withdraw its proposal; and requested that if CMS decides to implement it, it should provide the data analysis it used in creating this policy choice and explain why large privately held companies are a greater risk than publicly traded companies.

Response: We agree with the arguments the commenters made regarding distinguishing among screening levels based on a provider or supplier's publicly traded status, and thus we have eliminated the distinction between publicly traded and non-publicly traded companies for purposes of the screening levels. While it has been our general experience that publicly traded companies have not posed the elevated risk of fraud, waste or abuse as non-publicly traded companies, we do not believe the risk differential between publicly traded and non-publicly traded entities is such as to warrant the automatic assignment of the former into a lesser screening level.

Comment: Similar to the distinction between publicly traded versus non-publicly traded, several comments suggested that the distinction between government-owned or affiliated versus non-government owned or affiliated ambulance service suppliers was not based on any evidence. One commenter stated that CMS furnished little or no supporting data for the position that publicly owned companies pose less of a risk. Another commenter contended that this distinction presented challenges that would make it difficult for states to operationalize. Another commenter believes that the distinction is arbitrary, and noted that private ambulance companies are, like public companies, held to the same strict standards, such as the need for them and their personnel to be State-licensed. The commenter added that there is no evidence to support the assertion that private ambulance services pose a greater risk of fraud, waste or abuse than public companies, and that the OIG report referred to in the proposed rule entitled “Medicare Payments for Ambulance Transports” (OEI-05-02-000590) did not single out private ambulance services as posing such a risk. Another commenter was concerned that assigning private ambulance companies to a higher screening level could put them at a competitive disadvantage vis-à-vis their public counterparts.Start Printed Page 5873

Response: We disagree that this distinction would be difficult to operationalize. The enrollment process generally captures information on the supplier's ownership; this enables contractors and States to distinguish between government-owned and non-government owned entities. However, we do agree with the arguments made regarding the use of public ownership as a criterion for making a distinction in the level of screening as determined by the risk of fraud, waste or abuse posed to the programs, and we have eliminated the distinction between government-owned and non-government owned ambulance companies for purposes of the screening level assignments. The available evidence does not suggest that the risk differential between government-owned and non-government owned ambulance companies is such as to warrant the automatic placement of the former into a lower screening level. Moreover, we note that the ACA requires levels of screening according to the risk of fraud, waste and abuse posed by categories of providers and suppliers. The approach taken in this final rule with comment period whereby we assign specific categories of providers and suppliers to screening levels determined by a categorical assessment of the risk of fraud, waste or abuse to the programs—rather than assessing individual's risk— is consistent with the requirements of the statute. While we believe that a more nuanced and precise approach for classifying specific categories of providers and suppliers into screening levels, for example using a scoring algorithm to create categories, could also be consistent with the statute under certain circumstances and were we able to provide an adequate rationale for the classification, we do not yet have experience with such an approach, and are therefore finalizing an approach based on classifications by entire provider and supplier types. We may consider additional classifications in future rulemaking.

Comment: A commenter supported CMS's designation of provider fraud and abuse risk into three levels for Medicare, Medicaid, and CHIP providers, and stated that CMS appropriately assigned hospitals (including critical access hospitals) to the limited level.

Response: We appreciate this commenter's support.

Comment: A commenter expressed support for CMS's proposal to move a provider type from one screening level to another only if it has been found by CMS to pose more or less of a fraud and abuse risk. However, the commenter suggested, that CMS: (1) Review a provider class over pre-prescribed time periods (for example, 24 months), and (2) allow sufficient time for the provider community to offer comment prior to changing a provider's screening level.

Response: Our proposal to reassign providers or suppliers or provider or supplier types to another level of screening was based on changes in circumstances that contribute to the risk of fraud. We believe that to restrict ourselves to reassigning providers and suppliers only at specific, pre-defined time intervals would not provide us with the flexibility we need to quickly address emerging program integrity risks. If a situation arose where there was an immediate risk of fraud that required the imposition of enhanced screening procedures, we must be able to deal with it rapidly, rather than wait until a particular prescribed time interval arrives. We will periodically reexamine screening level classifications for provider and supplier categories. Should a change in a particular provider or supplier type's assignment be warranted and should it necessitate a change in existing regulatory language, we will publish notice of the change in the Federal Register.

Comment: A commenter expressed support for CMS' inclusion of physicians, non-physician practitioners, and medical groups or clinics in the limited screening level. The commenter stated that these suppliers submit the CMS-855I to enroll in Medicare and are subject to all of the penalties listed in Section 14 of CMS-855I regarding falsifying information.

Response: We appreciate the commenter's support.

Comment: A commenter requested that CMS consider moving CMHCs and CORFs from the “moderate” screening level to the “limited” screening level. With respect to CORFs, the commenter stated that CMS' studies regarding program integrity concerns have been limited to the State of Florida, and contended that it is arbitrary to extrapolate that experience to the rest of the country.

Response: We disagree with the commenter's assessment of the risk of fraud associated with CMHCs and CORFs. These risks extend beyond any single region of the country. As a result we have decided to keep these provider types assigned to the moderate level of screening. We believe that the assignment of CMHCs and CORFs into the moderate screening level was appropriate based on the information we presented in the proposed rule.

Comment: A commenter expressed support for background checks and fingerprinting, but requested that they be limited to only providers and suppliers assigned to the high risk level because of the potential administrative burden.

Response: The final rule with comment period is clear that fingerprint-based criminal background checks are only applicable to providers and suppliers assigned to the high screening level.

Comment: A commenter stated that CMS, in listing various provider types and the levels of risk into which they were assigned, did not provide the documentation on which it based its conclusions, therefore violating the Administrative Procedure Act. The commenter recommended that CMS furnish the following information by provider/supplier type to justify its conclusions and to inform the public as to why certain providers are a limited risk to the Medicare program: (1) Number of Medicare revocations; (2) number of Medicare deactivations; (3) Medicare payment suspensions; (4) Medicare civil monetary penalties; (5) OIG mandatory exclusions; (6) OIG permissive exclusions; (7) indictments; and (8) felony convictions.

Response: We based our risk assessments on a variety of factors, including some of those listed by the commenter, as well as others. However, because our conclusions were not based on any one factor nor any specific combination of factors, but rather on CMS's aggregate experience with each provider and supplier type, providing the data requested by the commenter would not serve to clarify the determinations of risk.

Comment: Several commenters stated that CMS did not describe how it will screen providers and suppliers with a designated “other” category, or which types of providers and suppliers fall within this category and how many there are. One commenter stated that providers and suppliers in the “Other” category should be assigned to the high risk level.

Response: The “other” category is largely reserved for future situations in which a statute is enacted that authorizes a particular provider or supplier type to bill the Medicare program; it is designed as a placeholder of sorts pending the revision of the CMS-855 application to accommodate the new provider or supplier type. Since we cannot predict which new provider or supplier types may be able to bill Medicare in the future, we are unable to assign them to a particular screening level in this final rule with comment period.Start Printed Page 5874

Comment: Several commenters stated that CMS did not explain which risk level outpatient physical therapy/occupational therapy (PT/OT), speech pathology, and rehabilitation agencies would fall into.

Response: We received a number of comments on this issue. We will assign occupational therapists, speech language pathology, and rehabilitation agencies to the “limited” level of risk because we do not have evidence of program integrity risk that suggest that these entities should be assigned to the moderate or high levels of screening. However, we will assign physical therapists (including physical therapy groups) to the moderate screening level. We believe this classification is supported, in part, by a recent OIG report entitled “Questionable Billing for Medicare Outpatient Therapy Services” (December 2010) (http://oig.hhs.gov/​oei/​reports/​oei-04-09-00540.pdf), which found, among other things, that Miami-Dade County had three times, and nineteen other counties had at least twice, the national level on five of six questionable billing characteristics. Law enforcement has also identified fraudulent billing schemes involving physical therapy.

Comment: One commenter stated that CMS did not describe how it would screen new providers or suppliers types permitted to enroll in Medicare. Since CMS excluded these providers and suppliers from its discussion, the commenter recommended that these entities be considered a high risk.

Response: Since we cannot predict which new provider or supplier types may be able to bill Medicare in the future, we are unable to assign them to a particular screening level in this final rule with comment period. When such entities emerge, we will make an appropriate determination based on the data sources we have already described in this final rule with comment period, as to what screening level assignment is most appropriate for such new entities. As previously discussed, we will publish notice of these new provider category assignments in the Federal Register prior to making final any such assignment.

Comment: One commenter recommended that non-physician owned medical facilities and groups be considered a higher risk than physician-owned medical facilities.

Response: In the proposed rule, we solicited comments on whether non-practitioner owned facilities and suppliers should be subject to a higher level of screening than practitioner-owned facilities and suppliers. We received several comments suggesting that the former category should be subject to higher screening than the latter. We are declining to adopt this suggestion in this final rule with comment period, however. As previously stated, the ACA requires levels of screening according to the risk of fraud, waste and abuse posed by categories of providers and suppliers. The approach taken in this final rule with comment period whereby we assign specific categories of providers and suppliers to risk levels that determine screening requirements—rather than determining individual risk—is consistent with the statute.

Comment: Several commenters stated that extending the enhanced screening requirements to MAOs will prove duplicative and unnecessarily increase costs for providers. Identifying those providers participating in multiple health programs and coordinating their screening and monitoring could, the commenters contended, avoid unnecessary administrative burden for all involved. Otherwise, by extending the screening requirements to MAOs, providers will be forced to undergo the same screening process multiple times, for each MAO with whom they contract. One commenter stated that it would be more efficient for CMS and the States to perform the screenings and make that data available to the MAO plans through a centralized process. Another commenter recommended that fingerprinting and background checks be restricted to State and Federal law enforcement agencies, adding that there is no legitimate purpose for MA or Medicare managed care plans to collect and maintain this information.

Another commenter opposed applying the proposed requirements to MAOs and other managed care organizations (MCOs) for several reasons. First, there are already appropriate screening tools for MAOs for their providers and suppliers pursuant to § 422.204(b)(3). Second, MAOs have other requirements, as established in § 422.204, to access certain data bases to verify licensure, licensure sanctions and other limitations. Third, traditional Medicare has a greater population to serve and a wider network of providers and suppliers to process and screen than individual MA plan networks. Therefore, the processes should stem from those with oversight and administration of traditional Medicare, with a trickledown effect and benefit for MAOs. Fourth, if a limited, moderate or high risk provider has an enrollment verification letter from Medicare issued after March 25, 2011, the provider has been appropriately credentialed and needs no further credentials for a MAO. Fifth, Medicare's enrollment application captures certain elements that are not currently captured by some insurers' enrollment applications, such as delegated representative, authorized representative, and owners. This information would be difficult to capture and verify, and the workload would increase substantially on the part of MCOs to credential numerous individuals who may not have a significant role within the providers/supplier entity.

Response: Because there are a large number of other regulatory provisions that form the framework for oversight of managed care plans, and we do not want to duplicate these requirements by imposing additional screening and enrollment criteria on these organizations, we have decided not to apply the provisions of this final rule with comment period to managed care plans and organizations.

Comment: A commenter stated that MCOs design their anti-fraud initiatives based on the risks they encounter, which may be unique and different from the risks faced by FFS programs. Consequently, CMS should give MCOs the flexibility to decide whether to adopt any of the proposed new screening requirements and, if so, how to do so; CMS should not extend the screening requirements to MCOs. The commenter stated that MCOs should be allowed to: (1) Assign providers and suppliers to a level that is higher or lower than the level assigned by Medicare FFS or the State FFS Medicaid programs, and (2) deem a provider as having satisfied its screening requirements if the provider is enrolled in Medicare FFS and/or a Medicaid FFS program, and has gone through their screening procedures.

Response: As explained previously, we are concerned that the application of the screening provisions to MCOs would duplicate existing oversight and regulatory authority. We therefore have decided not to apply the provisions of this final rule with comment period to managed care plans and organizations. This will, as the commenter suggests, allow MCOs to develop provider screening requirements that are unique to their circumstances, including (1) assign providers and suppliers to a level that is higher or lower than that assigned by Medicare or the State Medicaid program, and (2) deem a provider as having satisfied their screening requirements if the provider is enrolled in Medicare and/or a State Medicaid program.

Comment: A commenter stated that applying consistent risk management Start Printed Page 5875practices throughout an organization fosters a culture of program integrity. As such, the commenter recommended that MAOs be required to implement the same enhanced screening processes that CMS is considering for the original Medicare program.

Response: As mentioned earlier, we have decided not to apply the provisions of this final rule with comment period to managed care plans and organizations.

Comment: A commenter recommended that CMS explain what type of screening process will be used for Medicare Advantage, managed care organizations or health maintenance organizations.

Response: As previously stated, there are a large number of other regulatory provisions that form the framework for oversight of managed care plans. We do not want to duplicate these requirements by imposing additional screening and enrollment criteria on these organizations. We therefore have decided not to apply the provisions of this final rule with comment period to managed care plans and organizations.

Comment: A commenter recommended that CMS establish screening criteria for slide preparation facilities and competitive acquisition program/Part B vendors.

Response: We will not be establishing screening criteria or prescribing screening levels for slide preparation facilities in this final rule with comment period. Slide preparation facilities do not enroll in Medicare at this time; thus, we do not believe it is appropriate to assign a level of screening to such entities. As for competitive acquisition program/Part B vendors, these will be assigned to the limited screening level. It has not been our experience that this supplier type poses an elevated risk of fraud, waste or abuse to the Medicare program.

In addition, we are adding portable x-ray suppliers to the moderate screening level. In support of this classification, we note that the OIG has analyzed Medicare claims data to identify suppliers with questionable billing patterns. The unusual claims patterns that were found raise concerns about the integrity of payments to certain portable x-ray suppliers. Based on this, and combined with the fact that there are low barriers to entry for this type of supplier, portable x-ray suppliers will be placed in the moderate screening level.

Comment: A commenter recommended that CMS establish higher levels of screening when: (1) A provider or supplier changes ownership on a frequent basis; (2) a physician or non-physician practitioner is enrolled in different States; (3) a physician has a large number of reassignments or when reassignments cross States; (4) a physician is engaging or billing in a reciprocal billing or locum tenens billing arrangement; (5) owners have businesses in different States; and (6) when owners establish banking relationships in different States from where their practice is located.

Response: In the proposed rule, we sought comment on what factors should permit us to elevate an individual provider or supplier to a higher level of screening. We appreciate the commenter's suggestion. While we are not adopting these recommendations at this time, such suggestions may form the basis of future rulemaking. We would first like to evaluate how the factors we will finalize as part of this rule will work prior to adopting new factors such as the ones the commenter has identified.

Comment: One commenter recommended that CMS assign to the higher screening level any owner or physician who had an final adverse action within the previous 10 years; has an unrepaid overpayment with Medicare, Medicaid or CHIP; has a Medicare or Medicaid payment suspension; exclusion or debarment; a felony conviction; unpaid taxes; or a Medicare revocation. Another commenter stated that in Table 1, CMS appears not to consider previous payment suspensions, overpayments, OIG exclusions, or Medicare revocations in establishing higher risk levels. The commenter recommended that CMS explain why such actions are not an indicator of higher program risk and the need for enhanced screening.

Response: As in the proposed rule, we state in § 424.518(c) of the final rule with comment period that a provider or supplier will be moved from the “limited” or “moderate” category to the “high” level if it has been excluded by the OIG, or has had its Medicare billing privileges revoked in the previous ten years. We have added in the final rule with comment that a provider or supplier that has been subject to any final adverse action as defined at § 424.502 would also be moved to the high level of screening. With regard to these commenters' other proposals, we are generally supportive of them, and may examine the possibility of future rulemaking to include some of them as factors that may elevate a provider or supplier to a higher level of risk. As previously mentioned, however, we would first like to evaluate how the factors we will finalize as part of this rule will work prior to adopting new factors.

Comment: A commenter recommended that CMS propose a definition for the term “tax delinquency,” as it is used in Table 1 of the proposed rule, and clarify whether the term refers to Federal, State and/or local taxes.

Response: We have removed tax delinquency from the list of database checks in this final rule with comment period. Though we do have new authorities to obtain tax information as part of ACA and other recently enacted statutes, we are not prepared to operationalize this provision at this time.

Comment: A commenter stated that CMS' categorical risk approach did not address the individual risk associated with certain owners and individual practitioners. The commenter recommended that CMS issue a new proposed rule to establish specific risk factors would increase/decrease a provider or supplier's screening level.

Response: The ACA requires levels of screening according to the risk of fraud, waste and abuse posed by categories of providers and suppliers. The approach taken in the final rule with comment period whereby we assign specific categories of providers and suppliers to screening levels determined by risk of fraud, waste and abuse is consistent with the requirements of the statute. Furthermore, we believe the approach taken in this final rule with comment period is objective and allows us to avoid subjective assessments of a provider's or supplier's risk to the programs.

Comment: A commenter supported the use of background checks to ensure the identity and integrity of owners and senior managers of home health and hospice agencies. While supporting the maintenance of the confidentiality of this information, the commenter believes it should be used to: (1) Target agencies for special oversight, (2) alert owners of patterns of criminal behavior on the part of their managers, and (3) disqualify owners or managers that have criminal histories.

Response: We intend to use this tool in a way that safeguards personal information and also helps prevent fraud, waste and abuse. The criminal history record will verify whether a provider, supplier, or an individual with a 5 percent or greater direct or indirect ownership interest in such provider or supplier has been convicted of certain types of felonies that could result in the denial or revocation of billing privileges under § 424.530 or § 424.535, respectively. We believe that Start Printed Page 5876criminal history record checks will confirm the accuracy of information submitted in enrollment applications, and the discovery of false or misleading information could result in denial or revocation of billing privileges under § 424.530 or § 424.535. Providers or suppliers who have been denied on these bases are afforded all applicable appeals rights.

While in some instances, such a denial may result in alerting a provider or supplier of an individual's criminal history, this is not the purpose or intention of this enrollment screening tool. Rather we will use this authority for the purpose of verifying eligibility for Medicare enrollment. We will disseminate guidance and instructions to providers, suppliers and our enrollment contractors shortly after the publication of this final rule with comment period regarding the implementation of the criminal history record check requirement.

Comment: A commenter opposed the proposal to move those who have previously been placed on a payment suspension or subject to a denial or revocation in the past year, into a higher screening level. The commenter stated that a payment suspension may be imposed upon a mere or false suspicion of wrongdoing, and that the denial or revocation could have been based on an innocent mistake.

Response: We agree with this commenter with respect to the denial of billing privileges. Many denials occur simply because the provider does not meet the requirements to enroll as a particular provider type or other clerical errors. We have therefore removed the denial of billing privileges as a basis for moving a provider or supplier into a higher risk screening level. We have retained revocations of Medicare billing privileges as such a basis because we believe that such a provider poses a heightened risk of fraud, waste or abuse to the Medicare Trust Fund.

Payment suspension is used as a fraud fighting tool only in instances where facts available point to possible fraud, waste, or abuse. Consequently, because of the risk to the program posed by individuals and entities upon which a payment suspension has been imposed, we believe we are justified in placing them in the high risk screening level.

Comment: One commenter suggested that in lieu of fingerprinting, each owner or physician should submit: (1) A U.S. Passport or a Foreign Passport with their enrollment application, and/or (2) copies of their Federal Tax Returns.

Response: We agree with the commenter that there may be alternatives to fingerprint-based criminal history record checks to verify identity; however information on U.S. or foreign passports and Federal Tax Returns, such as name, date of birth and Social Security number are duplicative of information that is captured in the Medicare enrollment application. Information that would be obtained from a U.S. or foreign passport or Federal Tax Returns could only be used to process a name-based criminal history record check, and the FBI does not process name-based requests for non-criminal justice purposes. The submission of fingerprints is the only way to obtain a criminal history record check from the FBI.

Additionally, the National Task Force on the Criminal Backgrounding of America concluded that fingerprint-based criminal history record checks are more accurate than name-based checks because “names tend to be unreliable because: people lie about their names; obtain names from false documents; change their names; people have the same name; people misspell names; people use different versions of their names * * * people use aliases * * * ” The suppliers assigned to the high screening level have been so assigned because, in CMS, and its law enforcement partners' experience, such supplier types have, as a category, not undergone sufficient scrutiny in the enrollment process. Some may have gained entry in the past through falsification of an enrollment application that may have passed a name based check. As a result, the extra level of screening provided by the submission of fingerprints for the purposes of an FBI database check has the potential to deny enrollment to individuals whose sole intent is to defraud the Medicare program. We believe fingerprint-based criminal history record checks will be an effective tool to prevent fraud, waste, and abuse in Federal health care programs by independently verifying information provided on applications of potential providers and suppliers in the high screening level.

If, after a sufficient period of evaluation, we conclude that fingerprint-based FBI criminal history record checks do not fulfill our program integrity objective of identifying applicants who pose a heightened risk of fraud, waste, and abuse prior to enrollment or we determine that supplementary actions are needed, we may pursue additional rulemaking that seeks to adopt alternative or additional safeguards consistent with authorities given to the Secretary in the ACA.

Comment: A commenter stated the screening process described by CMS does little to ensure that a provider or supplier is submitting legitimate claims for eligible individuals, since there is no linkage between the enrollment process and claim submission process. The commenter contended that it did not appear that CMS considered the alternative approach of linking its proposed screening requirements to section 1866(j)(3) of the Act. The commenter recommended that CMS establish a link between the screening process and the payment process by establishing payment caps and prepayment claims review as described in section 1866(j)(3) of the Act.

Response: The commenter references new section 1866(j)(3) of the Act, which addresses a provisional period of enhanced oversight for new providers or suppliers of services. We believe that the payment caps and prepayment claims processes should supplement, but not be used in lieu of, the procedures outlined in this proposed rule. Payment caps and prepayment claims processes will be addressed in separate vehicles. Clearly, the provisions of section 1866(j)(3) of the Act are an important complement to the pre-enrollment screening provisions in this rule. We intend to use both to fight fraud. However, this provision is not part of this final rule with comment period. In fact, the ACA authorizes the Secretary to implement the provisions of section 1866(j)(3) of the Act through instruction or otherwise.

Comment: A commenter contended that with respect to the limited risk screening requirements, the language in proposed § 424.518(a)(2)(i) may be overly broad. The commenter believes the intent of this provision is for the contractor to verify that the provider or supplier meets only the applicable regulations or requirements that qualify it for the appropriate provider or supplier type. However, the commenter stated that, as written, § 424.518(a)(2)(i) could be construed to require the Medicare contractor to verify the provider or supplier's compliance with virtually every Federal regulation and State requirement that applies to the provider or supplier type. This, the commenter argued, could subject limited categorical risk providers and suppliers to an overly broad, burdensome, and time-consuming verification process.

Response: As explained in the proposed rule, the verification process for limited risk providers and suppliers will be that which is currently used for most providers and suppliers. The verification will be limited to enrollment requirements, and will not examine compliance with all other State Start Printed Page 5877and Federal regulations unless the other State and Federal regulations have an impact on whether the provider or supplier meets the requirements for enrolling or revalidating enrollment in Medicare. The table that describes the types of screening to be performed for each of the three screening levels explains clearly the kinds of verification processes that CMS contractors will be using to verify a provider's or supplier's eligibility to enroll or remain enrolled in Medicare.

Comment: One commenter requested that CMS explain why it did not consider compliance plans in establishing its screening criteria.

Response: We solicited comments regarding the use of compliance plans in combating fraud, waste, and abuse. Because there are a several complex policy and implementation issues we are pursuing separate additional rulemaking in this area.

Comment: One commenter stated that CMS did not include a discussion of low quality of care when it established its screening criteria.

Response: Quality of care is the subject of several other CMS regulations. Accordingly, we did not include quality consideration in our development of levels of categorical screening. We believe that the factors we included in the proposed rule for establishing the screening criteria support our classifications.

Comment: A commenter recommended that CMS increase the level of screening for any provider using a billing agent or clearinghouse convicted of health care fraud. The commenter also recommended that, similar to the provisions found in section 6503 of the ACA, CMS establish enrollment standards for clearinghouses and billing agents for Medicare. CMS, the commenter stated, mentioned in the proposed rule that “based on our data analysis including analysis of historical trends and CMS' own experience with provider screening and enrollment we believe the following providers and suppliers pose a limited risk.” The commenter also recommended that CMS furnish the data analysis used to assign each provider type in the limited screening levels and the moderate screening levels.

Response: As for the commenter's recommendation regarding billing agents and clearinghouses, the commenter references section 6503 of ACA, which calls for billing agents and clearinghouses to register under Medicaid. The implementation of 6503 of the ACA, is not part of this rule; however, we will be addressing that provision in the future. We do not propose to screen billing agents and/or clearinghouses as part of this rule because such entities do not enroll in Medicare as providers or suppliers.

With respect to the data analysis we used, we furnished information in the proposed rule regarding our reasons for assigning certain provider and supplier types to limited, moderate or high level of screening. We relied on our experience to identify categories of providers with a higher incidence of fraud as well as our familiarity with types of fraudulent schemes that are currently prevalent in Medicare. In addition, we used the expertise of our contractors charged with identifying and investigating instances of fraudulent billing practices in making our decisions regarding the appropriate risk assessment of various providers. In some instances, we also relied on the data analysis and expertise of the OIG, GAO, and other sources to develop screening levels designed to increase scrutiny for specific categories of providers and suppliers as the risk posed to the Medicare and Medicaid programs increases.

Comment: A commenter asked whether CMS, in grouping all hospital types—including specialty hospitals, physician-owned hospitals, short-term hospitals, and acute hospitals—into one risk level, is stating that all hospitals have the same risk. If so, the commenter requested that CMS provide data to support this assertion and to explain why it believes that all hospitals pose the same risk

Response: Our assignment of hospitals to the limited screening level should not be construed as meaning that every type of hospital poses the same exact degree of risk. We did, however, base our assignment on the premise that all hospital provider types have certain features in common that make them less likely to be a program integrity concern on the whole. For example, such entities have significant start up costs and capital and infrastructure costs. In addition, such entities are subject to significant government oversight, at both the State and Federal levels. Finally, such entities often are subject to oversight from other accrediting bodies through deeming authority. These features are, in general, less apparent with other provider and supplier types. We note that these are not the only features we considered when evaluating hospitals and that these features, by themselves, are not sufficient to cause us to place a provider or supplier type in the limited screening category.

Comment: A commenter stated that in Table 1, CMS appears not to consider previous payment suspensions, overpayments, OIG exclusions, or Medicare revocations in establishing higher risk levels. The commenter recommended that CMS explain why such actions are not an indicator of higher program risk and the need for enhanced screening.

Response: As mentioned previously, we state in this final rule with comment period that a provider or supplier will be placed into the high screening level if the provider or supplier (or an individual who maintains a 5 percent or greater direct or indirect ownership interest in such provider or supplier) has had a final adverse action—as that term is defined in § 424.502—imposed against it within the previous 10 years.

Comment: A commenter stated that because of the wide variation in DMEPOS items and services and differing levels of behavior, CMS should subdivide the general category of DMEPOS suppliers and assign appropriate screening levels to each product category, rather than to DMEPOS suppliers as a whole.

Response: We think the commenter's suggestion might lead to an overly complex system of provider screening and related oversight tools. Accordingly, we have decided not to create such a distinction based on such sub-categories. At this time, we are not determining the risk of fraud, waste, and abuse by product category.

Comment: Several commenters requested CMS to change the proposed rule to state that both publicly traded entities and their wholly-owned subsidiaries are afforded “limited categorical risk” status.

Response: As stated previously, publicly traded status is not being included as a criterion for assigning provider or supplier categories to screening levels. The approach taken in this final rule with comment period whereby we assign specific categories of providers and suppliers to screening levels determined by the categorical risk of fraud—rather than determining individual risk—is consistent with the requirements of the ACA.

Comment: One commenter supported CMS's proposal to place new HHAs into the high screening level. The commenter stated that much of the fraud and abuse that has been detected in the home health benefit is associated with new providers, particularly in areas not subject to certificate of need (CON) or other State controls on provider development.

Response: We appreciate this commenter's support.

Comment: One commenter recommended that the proposed rules for assigning screening levels for Start Printed Page 5878existing home health and hospice providers be modified so as to more accurately focus enforcement efforts on certain existing providers within a particular category. More specifically, the commenter stated that CMS can use its ample data resources to more precisely differentiate between agencies with proven histories of good performance and those that are either untested or have demonstrated irregular patterns of performance. The commenter recommended that any nonprofit home health or hospice agency that was certified in Medicare or Medicaid before October 1, 2000, and has not been identified as having program integrity problems, be placed in the limited risk screening level. The commenter added that CMS should also create a scoring algorithm that would identify those HHAs and hospices at moderate risk based on criteria such as: (1) Years of program participation; (2) ownership type; (3) number of medical review requests; (4) pattern of selectively serving highly profitable cases; (5) frequent changes in ownership; (6) geographic location; (7) relationship to other stable (for example, hospital) or less stable provider types (DMEPOS); and (8) current accreditation status.

Response: We did not base our development of levels of screening on provider-specific risk assessments. As described previously, the statutory requirements set forth in ACA guided our approach in assigning categories of providers and suppliers to screening levels appropriate to the risk of fraud, rather than pre-screening individuals prior to the assignment of a screening level. Adopting the type of scoring algorithm suggested by the commenter would automatically provide for individual breakdowns of each HHA's or hospice's risk, which we believe would be inconsistent with the statute and constitute a pre-screening step in the enrollment process. We do not rule out the possibility of using scoring algorithms in the future for other program integrity functions or for provider and supplier enrollment, but we decline to adopt this suggestion for enrollment screening purposes at this time. For the reasons stated previously, we believe that the moderate risk screening level is appropriate for currently enrolled HHAs and hospices.

Comment: A commenter did not believe that site visits were necessary to ensure that ambulance providers and suppliers were in compliance with applicable program requirements. The commenter expressed concern that the time associated with conducting pre-enrollment site visits could slow down the enrollment process. The commenter added that ambulance services are already subject to site inspections by the State licensing agency (as well as other State and Federal requirements), and that the existing procedures are sufficient to ensure that ambulance providers and suppliers are operating in compliance with program requirements. Another commenter stated that in this proposed rule, CMS states that it only conducts a limited number of unscheduled or unannounced site visits for certain provider types. If this is based on a policy decision, the commenter requested that CMS explain why it now believes that unscheduled or unannounced site visits will reduce fraud, waste, and abuse. The commenter also requested a cost/benefit analysis for its previous onsite efforts to show the effectiveness of this new strategy. If a fiscal constraint, the commenter requested that CMS explain: (1) Why it is spending $9 million on grants to Senior Medicare Patrol (SMP) and millions in advertising to promote “Stop Medicare Fraud” in lieu of conducting unscheduled and unannounced site visits, and (2) where the additional funds will come from to conduct thousands of unannounced site visits.

Response: We have been conducting site visits of one kind or another for years, and have found such visits to be an extremely effective tool in fighting fraud. We plan to conduct site visits pursuant to the authorities provided in the ACA and as outlined in this final rule with comment period. We have received many valuable tips and other information from SMP volunteers across the country. We believe that site visits are appropriate for ambulance companies, especially considering that we have uncovered several instances where an enrolling ambulance company—contrary to the information it furnished on the CMS-855B—had no base of operations. Regarding the commenters concern about the Senior Medicare Patrol initiative, we believe the SMP program is outside the scope of this regulation.

Comment: With respect to whether non-practitioner-owned facilities and suppliers should be subject to a higher level of screening than their practitioner-owned counterparts, a commenter urged CMS to exempt dually-enrolled physicians from enrollment screening requirements applicable to entities only enrolling as DMEPOS suppliers. The commenter believes it would make no sense to consider physicians “limited risk” while simultaneously labeling them either “moderate risk” or “high risk” when they provide DMEPOS to their own patients.

Response: We disagree. As stated previously, the approach taken in this final rule with comment period whereby we assign specific categories of providers and suppliers to screening levels determines by the assessed categorical risk of fraud—rather than determining individual risk—is consistent with the requirements of the ACA. We believe that each provider and supplier category must be considered on its own merits as an entire class, rather than be sub-categorized based on whether or not a particular provider is owned by provider subject to the limited screening level. For reasons we have stated, both in this final rule with comment period and in the past, newly enrolling DMEPOS suppliers are currently subject to a higher level of scrutiny and revalidating DMEPOS suppliers are subject to the moderate level of screening—such as through the need to comply with the supplier standards in § 424.57(c)—because of the heightened risk posed by this class of suppliers as a whole. We therefore decline to exempt certain types of DMEPOS suppliers from either the moderate level of screening for revalidating suppliers or the high level of screening for newly enrolling suppliers.

Comment: A commenter suggested that CMS revise the enrollment applications to include language in the certification statement so that CMS' contractors can conduct a criminal background check on any owner, authorized official, delegated official, managing employees and individual practitioners during the initial enrollment process or subsequently thereafter. The commenter believes that CMS is needlessly limiting its ability to conduct criminal background checks.

Response: We appreciate this comment but decline to adopt this approach. We will perform fingerprint-based criminal history record checks of the FBI's Integrated Automated Fingerprint Identification System consistent with the methodology specified in this rule. We do not intend to amend the CMS-855 to include language that would expand the use of such criminal history record checks beyond the requirements set forth in this final rule with comment period. We think that to conduct the same screening for all provider categories without taking into account the variation in risk of fraud, waste or abuse would be an inappropriate allocation of resources and would be inconsistent with the provisions of the ACA. As stated previously, if CMS re-assigns additional categories of providers to the high level of screening, or expands the use of FBI Start Printed Page 5879criminal history record checks to the other screening levels, CMS will publish a notice in the Federal Register.

Comment: A commenter suggested that Medicare, Medicaid, and CHIP consider bankruptcy and credit report scores during the screening process and that CMS deny enrollment where an owner, authorized official, or delegated official has a credit score of less than 720 or has had a personal or business bankruptcy within the last 5 or 10 years. The commenter stated that credit score is indicative a person's ability to manage financial assets.

Response: We decline to adopt this approach in this final rule with comment period. We would need to perform additional study to determine whether credit scores correlate with program integrity risk. Because we do not have evidence to support such a relationship, we decline to adopt this approach at this time.

Comment: Several commenters requested clarification on whether a Federal agency or a private company will process the fingerprint card, how CMS will safeguard this information, and how much additional time fingerprinting will add to the screening process of new applicants. Another commenter urged CMS to ensure that documentation concerning fingerprints be tracked from origination to delivery to prevent loss, and that all information be protected from FOIA disclosure.

Response: The FBI requires that fingerprints be collected and submitted by FBI-approved “authorized channelers.” The FBI currently has approved 15 such private companies to collect and submit fingerprints to the FBI CJIS Division's Wide Area Network (WAN), receive the criminal history record information, and submit the record to authorized recipients, in this case CMS (or its FBI approved outsourced contractors) for the determination of eligibility for enrollment. CMS will use of one or more of the pre-approved authorized channelers to collect and submit fingerprints directly to the FBI, and CMS will ensure the written proposal(s) provided by the selected channeler(s) contains the appropriate assurances of compliance with privacy and security considerations mandated by the Compact Council (the national independent authority that regulates and facilitates the exchange of noncriminal justice criminal history record information) and as required by 28 CFR part 906. Additionally, CMS will adhere to the Compact Council's Security and Management Control Outsourcing Standard for Channelers. The use of authorized channelers effectively means CMS never has custody of the submitted fingerprints, only the resulting criminal history record. CMS will, of course, protect the information in the criminal history record according to existing Federal standards and procedures that govern personally identifiable information.

After further consideration of the proposed requirement that all required applicants submit their fingerprints on the FD-258 card, CMS has removed the requirement to use only the FD-258 card from this final rule with comment period. CMS strongly encourages all required applicants to provide electronic fingerprints to the CMS-selected authorized channeler, but will also accept the FD-258 card. As stated previously, CMS and the authorized channeler will safeguard the information as required by the existing requirements of the Compact Council, and specifically the Compact Council's Security and Management Control Outsourcing Standard for Non-Channelers and Channelers and the FBI's Criminal Justice Information System's Security Policy.

We believe the additional time for a contractor's processing of the application in light of the fingerprint-based criminal history record check will be minimal for those applicants who submit electronic fingerprints. Applicants who submit the FD-258 card will experience an extended processing time as the authorized channeler selected by CMS will have to convert the paper print into a electronic submission so that the FBI can quickly process all requests. The FBI processing of the electronic prints occurs within 24 hours of receipt from the authorized channeler, and the authorized channeler will receive and transmit the report to CMS. The report will be reviewed for disqualifying felonies and omitted information as outlined in existing regulations at § 424.530(a) for enrollment and at § 424.535(a) for revalidation and once the fitness determination has been made, the appropriate contractor will process the enrollment application as before. CMS believes this process will not cause significant delays to the enrollment process.

As stated previously, CMS and our Medicare contractors will protect individuals' information under the Privacy Act, 5 U.S.C. 552a and the Privacy Act system of records notice for this information. We recognize that the safeguarding of individual privacy and ensuring the security of fingerprints collected under this regulation is a serious concern. We will ensure that these concerns are addressed and that all necessary safeguards are implemented to protect this information -from both privacy and security standpoints—when we issue guidance on fingerprint-based criminal history record checks following the publication of this final rule with comment period. We will ensure that fingerprint documentation is fully protected to the extent required by Federal law.

As stated previously, the fingerprint-based criminal history record check will be required 60 days following the publication of subregulatory guidance. All other screening requirements are effective on March 25, 2011 for those in the “high” screening level. The delay in the effective date for the fingerprint-based criminal history check will permit CMS to coordinate the implementation of this new process with our law enforcement partners, ensure that all concerns related to privacy are addressed, educate our providers and suppliers about the new process, and ensure that our contractors are adequately prepared to implement this new process so that the implementation of this new process does not cause any undue delay.

Comment: A commenter stated that while CMS assigns CMHCs to the moderate screening level, CMS has not taken steps to implement section 1301 of the Health Care and Education Reconciliation Act of 2010 (collectively, the Affordable Care Act), which requires that CMHCs provide at least 40 percent of its services to individuals who are not eligible for benefits. The commenter recommended that CMS consider CMHCs as a “high” categorical screening risk until CMS implements section 1301 of the ACA.

Response: For reasons already explained, we believe that CMHCs are most appropriately assigned to the moderate screening level. Section 1301 of ACA is not a part of this rule.

Comment: Several commenters requested that CMS consider establishing criteria for making assignments to screening levels before moving forward with this rule.

Response: We explain in the preamble the criteria and factors we used for our placement of various provider and supplier types into particular levels. These factors include our experience with claims data used to identify fraudulent billing practices, as well as the expertise developed by our contractors charged with investigating and identifying instances of Medicare fraud across multiple categories of providers. In addition, we have relied on insights gained from numerous studies conducted by the HHS OIG, GAO, and other sources.Start Printed Page 5880

Comment: A commenter requested that a fourth level of “no risk” be established. This is to reflect positively on providers who have had no incidents of fraud, waste or abuse.

Response: We do not believe it is appropriate to create a “no risk” level as the limited level of screening represents the baseline screening requirements for entry into the Medicare program. We believe that fraud, waste and abuse can occur at any time and among any provider or supplier category. Our screening methodology is designed to match an appropriate level of screening to provider or supplier categories based on level of risk of fraud, waste or abuse posed by the provider or supplier category.

Comment: A commenter requested clarification regarding whether CMS will conduct TIN matches with the IRS via an automated match or whether the provider will be required to sign an I-9 verification form. The commenter also asked whether CMS will conduct tax delinquency database matches with the IRS and the authority for such a match. In both cases, the commenter recommended that CMS establish new denial and revocation reasons if the TIN does not match or there is a tax delinquency.

Response: We currently verify the provider's TIN as part of the enrollment process; if the TIN does not match the provider's legal business name, the application will be denied, or, if enrolled, the provider's billing privileges will be revoked. However, we have removed references to tax delinquencies as a component of the screening methodology from this rule. While we do plan to implement provisions that will allow us to coordinate enrollment decisions with data obtained from the Internal Revenue Service—for instance, potentially denying an application based on tax delinquency information from the IRS—such an effort is not a part of this rule.

Comment: A commenter stated that CMS's proposed “limited risk” classification for publicly traded companies does not explicitly afford the same treatment to subsidiaries of publicly traded providers and suppliers. Several commenters recommended that majority owned subsidiaries of publicly traded providers and suppliers be treated the same as their publicly traded parents. Specifically, since subsidiaries of publicly traded providers and suppliers are subject to substantially similar oversight and scrutiny, the commenter proposed that all providers and suppliers—regardless of whether the parent is enrolled—that are at least majority owned, directly or indirectly, by a publicly traded provider or supplier be assigned to the limited risk level for screening. The commenter suggested that proposed § 424.518(a)(2) be revised to read as follows: “(2) When CMS designates a provider or supplier into the ”limited” categorical level of screening, the provider or supplier is publicly traded on the New York Stock Exchange (NYSE) or the National Association of Securities Dealers Automated Quotation System (NASDAQ), or the provider or supplier is majority owned, directly or indirectly, by an organization publicly traded on the NYSE or NASDAQ * * *.”. Another commenter stated that subjecting different providers under a hospital to different levels of scrutiny could cause confusion and unnecessary hardship.

Response: For reasons already stated, we have eliminated the distinction between publicly traded and private companies and have declined to subcategorize individual providers and suppliers based on their ownership.

Comment: A commenter stated that while subjecting newly enrolling DMEPOS suppliers to stringent screening may be proper, an enrolled DMEPOS supplier that reenrolls following an ownership change should not be subject to the same screening as a newly established supplier. It should instead be treated as moderate risk, just as enrolled suppliers that revalidate their enrollment information. The commenter contended that the seller's business, much of which remains after the purchase, has already been verified and authenticated; if CMS and the NSC subject the purchaser to stringent enrollment screening, they will duplicate the work that they have already done to validate and inspect the purchased business, wasting resources. It could also delay the new owner's receipt of a Medicare number, which could disrupt the continuity of business and patient care. The commenter added that if CMS does not agree that an enrollment following an ownership change of an enrolled DMEPOS supplier should be moderate risk, CMS should formally state that purchasers of enrolled DMEPOS suppliers will receive new Medicare numbers with billing privileges retroactive to the purchase date. In closing, the commenter stated that the proposed rule is a dramatic change to the existing methods of Medicare enrollment; while change to prevent fraud and abuse is advisable, such change should not harm honest providers and suppliers who strive to provide high quality service to Medicare beneficiaries. Another comment stated the purchaser of an existing community pharmacy DME supplier store should be screened as a moderate (not a high) risk supplier during reenrollment.

Response: We disagree that a DMEPOS supplier undergoing a change of ownership should be assigned to the as moderate screening level. For purposes of enrollment, a DMEPOS supplier undergoing a change of ownership is treated and must enroll as a new supplier. Hence, since all newly-enrolling DMEPOS suppliers are subject to a “high” level of screening, we believe DMEPOS suppliers undergoing a change of ownership should also be subject to a “high” level of screening. Further, the screening requirements in the high screening level include a fingerprint-based criminal history record check of any individual with direct or indirect ownership of 5 percent or greater. Therefore, enrollment screening after a change in ownership has clear value to the enrollment process, and we disagree that it would be a waste of resources. Currently-enrolled (revalidating) DMEPOS suppliers are assigned to the moderate level of screening.

Comment: A commenter stated that certified orthotic and prosthetic DMEPOS suppliers and American Board for Certification in Orthotics and Prosthetics (ABC)-accredited DMEPOS suppliers should be assigned to the limited screening level. The commenter stated that accreditation is not an easy standard to meet, and asked CMS to investigate whether there are any studies or other evidence that indicate that ABC Accredited Facilities and/or ABC Certified practitioners as a DMEPOS subcategory pose an elevated risk to the Medicare program. If there are not, such suppliers should be subject to limited screening.

Response: We believe the commenter is asserting that accreditation bodies perform a sufficient level of oversight to ensure that the entities they accredit are a low program integrity risk. We do not believe this is true. The accreditation bodies help verify the supplier's compliance with DMEPOS standards, rather than assess the supplier's risk of fraud, waste and abuse. Accordingly, we decline to assign entities accredited by ABC or any other accrediting organization to the limited screening level solely on that basis.

Comment: A commenter contended that in States without licensure, if a DMEPOS supplier is practitioner-owned and one or more of the practitioners is certified by ABC (accrediting body referenced in section 427 of the Medicare, Medicaid, and SCHIP Benefits Improvement and Protection Act of 2000 (BIPA)), or if the facility itself has been accredited by one of these entities, it should be as assigned Start Printed Page 5881to the limited screening level. The practitioner being credentialed in either of these ways has demonstrated a commitment to quality.

Response: As already stated, we decline to subcategorize individual providers and suppliers based on their ownership and do not believe accreditation—standing alone—should be the foremost indicator of fraud and abuse risk.

Comment: One commenter stated that chain pharmacies should be exempt from the increased screening levels and screening procedures, as they are already subject to significant regulation within their respective States.

Response: We disagree. For the same reason that we cited for eliminating the distinction between publicly traded and non-publicly traded or public or non-public ownership status as a basis for determining screening level, state regulation of chain DMEPOS suppliers is not in itself a sufficient indicator of the risk of fraud, waste or abuse posed by a particular category of provider or supplier. The fact that a particular provider or supplier type may be regulated by the State is not adequate grounds for placing it in a lower screening level.

Comment: A commenter stated that the proposed provisions punish legitimate providers and that the most egregious fraud is committed by scam artists and organized crime. The commenter expressed concern that small practices will be driven out of business. In light of CMS's proposed exemption for public companies, one or two large national companies may be the only ones “left standing” and will have a monopoly. CMS, the commenter argued, will then be unable to objectively compare “best practices” or to objectively evaluate trends in care, and that patients will not have a choice for their care.

Response: As already stated, we have eliminated the distinction between publicly held and private companies. In addition, we believe that the proposed provisions will help stem the fraud that both the commenter and we are concerned about.

Comment: A commenter recommended that CMS provide the analysis for which it based its risk assignment decisions for limited and moderate screening levels. The commenter also recommended that CMS consider the Medicare and Medicaid error rates for each provider or supplier in establishing its screening levels. Finally, the commenter also requested the following data for each type of Medicare provider and supplier for 2008, 2009, and 2010:

  • Number of Medicare revocations.
  • Number of Medicare payment suspension.
  • Number of Medicare overpayment.
  • Medicare error rate.
  • Medicaid error rate.
  • CMPs.
  • Convictions by the Department of Justice.
  • HHS OIG mandatory exclusions under 1128 of the Act.
  • HHS OIG permissive exclusions under 1128 of the Act.

Response: We based our risk assessments on a variety of factors, including some of those listed by the commenter as well as others. However, because our conclusions were not based on any one factor nor any specific combination of factors, but rather on CMS's aggregate experience with each provider and supplier type, providing the data requested by the commenter would not serve to clarify the determinations of risk.

Comment: A commenter stated that the proposed screening approach in the proposed rule is simplistic at best and flawed at worst. The commenter did not believe provider type is the only measure of risk of fraud. To address those individuals and organizations who intend to enroll for the sole purpose of committing fraud, CMS must: (1) Consider the provider's past experience with Medicare, Medicaid, or CHIP; (2) coordinate enrollment and billing issues with commercial health plans, Medicaid and CHIP; and (3) establish more stringent program requirements. The commenter believes that CMS did not offer any enhanced program requirements in the proposed rule, the rule does not reduce the “pay and chase” approach used by CMS and OIG today.

Response: We disagree, and believe that the program safeguard measures outlined in this final rule with comment period will greatly assist in reducing fraudulent activity. We believe several of the elements proposed by the commenter are inherent in this rule. First, under the final rule with comment period, final adverse actions will lead to a high screening level assignment and the use of additional screening tools. Second, with regard to more stringent program safeguards, we believe there is much in this final rule with comment period to bolster our efforts at combating fraud, waste, and abuse For example, in this final rule with comment period, we are expanding the instances in which we can impose a payment suspension. Furthermore, for the first time in the history of the programs, we will be able to impose an enrollment moratorium in order to combat fraud, waste, and abuse. Accordingly, we believe the new authorities that we are implementing under the ACA will assist us in strengthening our program integrity efforts.

Comment: A commenter recommended that the following be placed into the high screening level: (1) Any provider or supplier that is not State licensed, and (2) any owner, authorized official, delegated official, physician or non-physician practitioner who has ever been excluded by the OIG, revoked by Medicare, or had a State license revocation or suspension.

Response: We stated previously that merely because a particular provider or supplier type may be regulated by the State is not in and of itself adequate grounds for placing it in a lower screening level. By the same token, we do not believe that a failure to be licensed by the State should automatically place the provider or supplier in a high screening level, as the State may not have licensure requirements for that particular provider or supplier type. In addition, the standards for licensure vary among the States and Territories such that these are largely out of our control. With regard to the commenter's second suggestion, we again note that § 424.518(c) of the final rule with comment period states that a provider or supplier will be moved from the “limited” or “moderate” level to the “high” level if it has had final adverse actions imposed against it.

Comment: A commenter recommended that CMS explain why it did not consider comments regarding publicly traded companies in the final rule with comment period; Home Health Prospective Payment System Rate Update for Calendar Year 2011; Changes in Certification Requirements for Home Health Agencies and Hospices, when developing the proposed policy found in the proposed rule to this final rule with comment period.

Response: This rule and the rule that the commenter references deal with different issues. Each was developed and considered on its own merits.

Comment: A commenter supported CMS's placement of hospitals and physicians into the limited screening level. However, the commenter disagreed that publicly traded DMEPOS suppliers or HHAs would have less risk. The commenter also stated that the providers and suppliers that are designated as “high risk” or “moderate risk” but which are members of, operate as a part of, or are owned by a hospital or a health system, should instead fall under the same risk assignment as the hospital. Such providers and suppliers Start Printed Page 5882are part of larger established organizations that have high levels of accountability to their internal governance structures and have longstanding relationships with and responsibility to their local communities.

Response: For reasons already stated, we have eliminated the distinction between publicly traded and private companies and have declined to subcategorize individual providers and suppliers based on their ownership.

Comment: Several commenters requested greater specificity regarding what level of managing employees would be subject to the screening requirements for high risk providers and suppliers. Some of them requested that for large provider organizations, only the highest-level managing employees who operate or manage, or who oversee the operation of the entire healthcare organization—and not lower-level managers of individual departments or functions—should be subject to the enhanced screening procedures.

Response: In this final rule with comment period, we will only apply the screening requirements for high screening level providers and suppliers to individuals with a 5 percent or greater direct or indirect ownership interest. Officers, directors, and managing employees—to the extent that they do not have a 5 percent or greater ownership interest—will not be subject to fingerprint-based criminal background checks. However, we intend to monitor the situation and may seek to extend the scope of fingerprint-based criminal background checks in the future if circumstances warrant.

Comment: A commenter stated that hospitals should be exempted from all screening levels—even the limited screening level—if they are State-licensed and accredited.

Response: We disagree with this commenter. To exempt a provider or supplier from any screening level would be the equivalent of stating that the provider need not undergo even the most basic verification requirements used under the limited risk level of screening.

Comment: Several commenters supported site visits as a tool to improve program integrity, but believes that they could disrupt or administratively burden a legitimate provider or supplier's business operations. They recommended that CMS limit the purpose of these site visits to verifying that the provider/supplier exists and is operational; other matters that would require significant management and clinical staff time should be handled through separately scheduled site visits. Several other commenters believe that site visits were appropriate, but said that the number of such visits must be reasonable for the circumstances and should only increase if inappropriate activity is suspected. In addition, another commenter suggested that as part of a DMEPOS site visit, the auditor should confirm with the owner of the warehouse or facility the terms of the lease; for HHAs, the auditor should confirm that the HHA has been using the OASIS form and that a sample of Patient Plan of Care medical records/files can be directly linked to an OASIS document.

Response: We decline to state that site visits will always be limited to verifying whether the provider or supplier is operational. We must retain the flexibility to conduct a closer on-site review if warranted.

Comment: One commenter stated that classifying DMEPOS suppliers that are physician-owned as high risk could pose a significant disincentive to office-based physicians to continue offering DMEPOS supplies to their patients. The commenter stated that there has been little to no documentation of fraud, waste, or abuse in this category of DMEPOS, and that these suppliers should be exempted from the high risk level of screening.

Response: For reasons already stated, we have declined to subcategorize individual providers and suppliers based on their ownership.

Comment: Several commenters stated that the risk assessments of specific providers should not be made public.

Response: To the extent allowed by Federal law, we will not release to the general public the risk assessment of an individual provider or supplier. Thus when an individual provider or supplier is elevated in screening level as a result of a triggering event in § 424.518 and § 455.450, we will not publish the individual provider's or supplier's name.

Comment: Several commenters supported the creation of limited, moderate, and high screening levels, as well as the proposal to place physicians into the limited screening levels. They added that CMS should use public notice and comment prior to modifying the process or revising level assignments based on new criteria.

Response: We appreciate the commenters support and will publish notice in the Federal Register regarding changes in assignment or levels of screening specified at § 424.518 and § 455. 450. However, as mentioned previously, we will not publish information about an individual provider or supplier that meets certain triggering events as described in these sections.

Comment: A commenter opposed “geographical circumstances” as a possible criterion for adjusting a provider or supplier's screening level. This would deny all providers and suppliers in the specified geographic area basic due process and could seriously damage beneficiary access to health care providers and services in the impacted area.

Response: We are not adopting “geographic circumstances” as a criterion for adjusting a provider or supplier's screening level at this time. We believe that should circumstances arise where we have concerns about a provider or supplier type in a geographic area, the authority to impose an enrollment moratorium, as detailed in this rule, will provide program integrity protection. However, we do retain the authority to add geographic location as a criterion for adjusting a provider or supplier's screening level through future rulemaking.

Comment: Several commenters opposed the proposal to re-assign physicians from the “limited” or “moderate” screening level to the “high” screening level when CMS has evidence from or concerning a physician that another individual is using their identity within the Medicare program. Classifying physicians who have been the victims of identity theft to the high screening level would stigmatize the physician and create a presumption that he/she has engaged in conduct warranting heightened scrutiny. They urged CMS to establish a fourth level, which signifies a heightened level of risk to Federal health care programs as a result of compromised physician identity or identity theft. Another commenter requested that CMS clarify that it will be the offender who is subjected to additional scrutiny and that the victim will not be penalized for the actions of the offender. Another commenter, however, supported CMS's proposal to adjust the categorical screening level if a practitioner notifies CMS or its contractor that another individual is using his or her identity within the Medicare program, and to require fingerprinting of high risk provider and supplier types (but not of individual practitioners who have been the victim of identity or provider number theft).

Response: We stress that we will work closely with law enforcement against those individuals who are perpetrating Medicare identity theft. We do not plan to use screening tools to address identity theft concerns as it would not be an adequate response. We believe Start Printed Page 5883identity theft concerns are most appropriately handled by our law enforcement partners.

Comment: A commenter requested clarification as to the screening level assignment of in-home supportive services (IHSS). If they fall into the “moderate” level, as do home health agencies, the commenter expressed concern that site visits could burden program recipients.

Response: Medicare does not recognize “in home supportive services” as a specific category of provider or supplier. To the extent that the IHSS supplier is or will be enrolling in Medicare or Medicaid as a HHA, it will be subject to the same requirements and standards as all other HHAs. As for the site visits, they will generally be conducted at the HHA's physical locations.

Comment: Several commenters expressed concern with the proposal to re-assign physicians (and other providers/suppliers) from the “limited” or “moderate” screening levels to the “high” screening level if a physician has had billing privileges revoked by a Medicare contractor within the previous ten years. Billing privileges can be revoked for a number of reasons unrelated to fraud, waste, or abuse, such as a failure to respond to a request for revalidation documentation within stringent contractor imposed deadlines. They urged CMS to differentiate between a temporary revocation of billing privileges and revocations based on actual misconduct by a provider or supplier.

Response: As stated earlier, revocation is undertaken as an administrative remedy only if clearly justified. Also, there is an appeals process in place for provider revocations. Should a revocation be rescinded, the provider or supplier would be restored to its previous screening level.

Comment: A commenter urged CMS to exercise the temporary moratorium authority judiciously and to exempt physicians from re-assignment from level I (limited) to level III (high) if physicians are ever subject to the temporary moratorium; this would include an exemption for physicians enrolled as DMEPOS suppliers if the latter are subject to a moratorium.

Response: We believe this commenter is addressing a concern that if a moratorium is imposed on a category of providers that includes physicians or physician-owned DMEPOS suppliers, that when the moratorium is lifted the provider or supplier category to which the moratorium applied would be moved to the high screening level for 6 months following the lifting of the moratorium. The commenter is asking for an exception to this proposal. A moratorium may be imposed if there is a heightened risk of fraud, waste or abuse in a particular geographic area or involving a certain provider or supplier type. If a particular provider or supplier type posed such a risk as to warrant a moratorium, it would be inappropriate for us to automatically exempt it from enhanced screening once the moratorium ends. In the event that we were to impose a temporary moratorium on physicians or physician-owned DMEPOS suppliers, the moratorium would be as narrowly tailored as possible to address specific fraudulent activity.

Comment: A commenter believes that the moderate and high screening level assignments for community pharmacies are inappropriate and contended that: (1) all existing community pharmacy DME suppliers, as well as new locations of existing community pharmacy DME suppliers, should be designated as limited risk, and (2) newly enrolling community pharmacy DME suppliers should be treated as posing a moderate risk. The commenter stated that community pharmacies are already heavily regulated by the States and Federal government through State boards of pharmacy, CMS supplier standards and surety bonds, and argued that community pharmacies are not a major source of fraud. The commenter also urged CMS to incorporate into its final rule the same exemption criteria that CMS's uses to exempt certain community pharmacies from DME supplier accreditation requirements. In addition, the commenter stated that CMS should designate community pharmacies as limited risk suppliers if: (1) They have had a supplier number for at least 5 years; (2) their DME sales are less than 5 percent of their total sales over the last 3 years; and (3) they have not received a final adverse action against them in the past 5 years. Another commenter stated that DMEPOS sales are but a small portion of genuine community pharmacy sales. Accordingly, the proposal regarding unannounced pre- and/or post-enrollment site visits for moderate risk suppliers and criminal background checks and fingerprinting for high risk suppliers may prove unbearably costly and burdensome to community pharmacies. The commenter added that it could lead to community pharmacies to stop supplying DME products, causing access problems.

Response: As already stated, all newly-enrolling DMEPOS suppliers, regardless of sub-type or ownership, will be placed in the high level of categorical screening. This includes new DMEPOS locations, which have long been treated as initial enrollments. Moreover, we do not believe it is appropriate to apply the community pharmacy exemption for accreditation to the risk classifications, as the standards for accreditation are different from the criteria we are using for the risk classifications.

Comment: A commenter urged CMS to more narrowly tailor its risk assignments of provider or supplier types by geography, so that DMEPOS suppliers in many areas of the country are not unfairly grouped into a higher screening level merely because those same DME supplier types pose major fraud risks in other limited areas of the country.

Response: We disagree. While some areas of the country are undeniably more prone to fraud than others, fraudulent activity can occur anywhere. Furthermore, we believe it most objective to apply the same standard to all parts of the country and use other tools to narrowly tailor our approach when necessary, including the enrollment moratoria provision set forth in this final rule with comment period.

Comment: A commenter requested clarification on whether an existing community pharmacy DME supplier that seeks to add a new DMEPOS supplier store would fall under the moderate or high screening level under the proposed rule. The commenter believes this should fall within the moderate screening level.

Response: As already stated, the addition of a new DMEPOS location would be subject to the level or screening specified for providers and suppliers assigned to the high screening level.

Comment: A commenter expressed concern that the Medicare contractor may not know which companies are publicly traded.

Response: We have eliminated the distinction between publicly traded and non-publicly traded companies; as such, this comment is no longer applicable.

Comment: One commenter stated that on June 23, 2010, the Director of the Office of Management and Budget published a memorandum titled, “Enhancing Payment Accuracy” through a “Do Not Pay List”; this Presidential document stated that, “At a minimum, agencies shall, before payment and award, check the following existing databases (where applicable and permitted by law) to verify eligibility: the Social Security Administration Death Master File, the GSA's EPLS, the Department of the Treasury's Debt Start Printed Page 5884Check Database, the Department of Housing and Urban Development's (DHUD) Credit Alert System or Credit Alert Interactive Voice Response System and the DHHS OIG LEIE.” The commenter stated that CMS should explain why the proposed rule does not mention these verification sources.

Response: Medicare contractors have long been required to review the EPLS and the LEIE prior to enrolling a provider or supplier in Medicare. In addition, providers, suppliers and their owners and managers are currently reviewed against the SSA Death Master File. As for the DHUD Credit Alert System and the Department of the Treasury's Debt Check Database, we understand the Presidential memorandum requires review of these systems prior to payment or award and will integrate their use as appropriate in our protocols.

Comment: Several commenters supported the placement of hospitals in the limited screening level. However, they added that high risk or moderate risk providers and suppliers that are members of, operate as a part of, or are owned by a hospital or a health system, should instead fall under the same limited risk assignment that CMS proposes for hospitals.

Response: Again, for reasons already mentioned, we have declined to subcategorize individual providers and suppliers based on their ownership.

Comment: Several commenters stated that in States with orthotic and prosthetic licensure, orthotic and prosthetic DMEPOS suppliers should be designated as limited risk, as there is no evidence of significant elevated risk for such licensed professionals. In States without orthotic and prosthetic licensure, several commenters stated that the supplier should be treated as limited risk if: (1) One or more of the supplier's practitioners are certified by the American Board for Certification of Orthotics, Prosthetics and Pedorthics or the Board of Certification/Accreditation International, or (2) the supplier itself has been accredited by one of these entities. Other commenters stated that if the orthotic and prosthetic supplier is not practitioner owned, but has been in business at least 3 years, it should be considered limited risk due to a demonstrated lack of inappropriate billings over time; if it is not practitioner-owned and has not been in business at least 3 years, it should be rated as a moderate risk. Finally, the commenters objected to the proposed risk provision for this risk assignment provision because: (1) Orthotics and prosthetics is not part of DME, and has significantly lower fraud and abuse risks; and (2) there has not been sufficient consideration of the impact of number of years in business, or accreditation/certification status as factors that diminish risk.

Response: As stated earlier, we do not believe certification or accreditation to be dispositive of risk for fraud and decline to adopt this suggestion. While we appreciate the commenter's suggestion that we should look at length of time in business as a means of supporting the assessment of risk, we believe that OIG and GAO reports and experiences are instructive and rely on those as well as our own data to support the assignment to levels of screening that we finalize in this rule.

Comment: A commenter expressed concern that the time and cost necessary to comply with the requirements in the proposed rule is a significant burden on small providers, in light of all of the other requirements they are subjected to. The commenter stated that for reasons of reduced risk, time in business and demonstrated commitment to quality, no certified practitioner or accredited orthotist or prosthetist facility should be subject to background checks and fingerprinting.

Response: We decline to adopt this suggestion; to do so would foreclose the possibility that any high risk practitioner or orthotic or prosthetic facility would be subject to enhanced scrutiny.

Comment: A commenter questioned whether requirements such as fingerprinting will accomplish CMS's goal of tracking violators, since CMS will have no way to ensure that the person providing the fingerprints is the person rendering the care. The commenter also questioned whether fingerprinting will help prevent identity theft for physicians.

Response: We are confident that fingerprint-based criminal history record checks will enable us to identify individuals who violate CMS existing regulations at § 424.530(a) and § 424.535(a), and appropriately deny or revoke Medicare billing privileges in these circumstances. This screening tool is intended to prevent individuals who pose an elevated risk of fraud, waste, and abuse from enrolling in the programs. Physicians will not be subject to the fingerprint-based criminal history check if they are not in the high screening level. Physicians as a category are in the limited screening level and providers and suppliers in the limited screening level are not subject to fingerprint-based requirements as are individuals and entities in the high screening level. The submission of fingerprints for the purposes of an FBI criminal history record check is not intended to address identity theft concerns.

Comment: A commenter stated that raising a supplier's screening level seems reasonable only if the supplier has come under a payment suspension or if after investigation, the type of provider and the services it will render are not congruent on its enrollment application.

Response: We disagree. There are, as explained in this final rule with comment period, a variety of final adverse actions that we believe warrant the placement of a provider or supplier in a higher screening level. Payment suspensions and inconsistent information on the enrollment application should not be the only two grounds for elevating a provider's screening level.

Comment: A commenter stated that with regard to the “high” screening level, although government enforcement efforts to date have shown fraud, waste and abuse issues with HHAs and DMEPOS suppliers in certain geographical regions (for example, South Florida, Texas, and California), it is not clear that issues with such entities are national. Because the criminal background checks and fingerprints are onerous requirements that are not currently used by Medicare, the commenter stated that CMS should limit itself to introducing such requirements in high risk geographic areas, rather than nationally, at least at this stage. Moreover, the commenter stated that CMS has neither provided the data nor made the convincing case that its proposed changes will deliver results to justify the extent to which the rules would intrude on normal patient care and business practices. With respect to orthotic and prosthetic suppliers, the commenter urged CMS to adopt a more realistic approach that cracks down on fraudulent providers, without either considering every provider to be a crook, or adding huge regulatory burdens that could put honest, legitimate, hard-working orthotic and prosthetic suppliers out of business.

Response: We disagree that our enhanced screening procedures should initially be restricted to high risk geographical areas. While some regions of the country evidence fraud, waste and abuse more than others, fraudulent activity can occur anywhere. In addition, we believe that a national approach is most objective in implementing the screening provisions herein. We will rely on other program integrity tools, including, without limitation, the enrollment moratoria authority contained within this rule, to Start Printed Page 5885address concerns in particular locales. Moreover, CMS will monitor implementation of the final requirements on provider and supplier screening with respect to patient care and business practices.

Comment: A commenter stated that with respect to changing a health care provider's level of screening, the basis for this determination should be on information released during 2011 and beyond.

Response: We disagree. We have found that long-term trends (for example, data from 2005 through 2009) are often good indicators of potential fraudulent activity.

Comment: A commenter suggested that CMS establish certain exemptions to DMEPOS suppliers prior to a company being deemed a moderate or high risk supplier, such as: (1) A multiple year history as a DMEPOS provider; (2) award of a DMEPOS competitive bidding contract (where CMS itself has extensively reviewed the financials of contracted suppliers); and (3) accreditation by a CMS-approved third party.

Response: We did not base our development of levels of screening and the assignment of provider and supplier categories to these levels of screening of fraud, waste or abuse on the past experience of specific individual providers. Rather, it is based on collective experience of provider and supplier categories. Furthermore, we do not believe length of time in business is an appropriate determination of fraud risk. Similarly, as described previously, we do not believe accreditation is—in and of itself—an indication that a provider or supplier should be assigned to the limited screening level. Finally, we decline to accept the commenter's suggestion that the award of a DMEPOS competitive bidding contract should provide an exemption from the assignment specified in this rule. The criteria for competitive bidding are different than those that we are using to determine the appropriate screening level appropriate to particular categories of provider or supplier.

Comment: A commenter stated that any criteria utilized by CMS to assign screening levels should be made public, and that CMS should regularly review its assignment to screening levels. The commenter questioned whether automatically applying the proposed additional screening measures for providers and suppliers assigned to the moderate and high levels will be effective in shutting-out sham suppliers and past violators from participating in Medicare, particularly since these safeguards do not protect Medicare against criminals who use a shell as the owner of record to avoid detection. The commenter believes that the recently implemented accreditation and bonding requirements for DMEPOS suppliers are a stronger deterrent in ensuring that fraudulent suppliers are not able to participate in Medicare, and recommended that CMS first determine whether these requirements adequately deter fraud before imposing additional and arguably less effective safeguards, especially considering the cost and burden of these new requirements.

Response: Criteria for the risk assessments were discussed in the proposed rule and this final rule with comment period. The criteria will be reviewed on a consistent and ongoing basis, and in the event we decide to update the assignment of screening levels, we will publish a regulatory document in the Federal Register. We do not believe, though, that we should wait for the results of the accreditation and surety bond requirements before taking additional steps to address program integrity problems related to DMEPOS suppliers. Indeed, it could take several years for the full impact of the surety bond and accreditation requirements to take effect on our anti-fraud efforts. As such, we do not believe it to be premature to assign newly-enrolling DMEPOS suppliers to the high screening level and require enhanced screening pursuant to this rule. It is our expectation that all of these program integrity protections together will lessen the risk of fraud and abuse in the Medicare program.

Comment: A commenter stated that the language in § 424.500, et seq., does not define “Medicare contractor,” and the verbiage in the preamble is somewhat vague. The commenter requested clarification as to: (1) The contractors that will be conducting the on-site visits, (2) whether this approach will be uniform across the country, and (3) the training and experience the individuals conducting these visits will have.

Response: Since the term “Medicare contractors,” as used strictly in the provider enrollment context, is generally understood and recognized by the provider community to mean the entities that process CMS-855 provider enrollment applications, we do not believe it is necessary to include a formal definition of this term in this final rule with comment period. The contractors that will conduct site visits will vary, as will the scope and breadth of individual visits; however, such site visits will be in accordance with guidance issued by CMS. Those who will conduct site visits will receive appropriate instructions and oversight regarding the performance of the visits.

Comment: Several commenters stated that HHAs and hospices are already subject to a State survey prior to enrollment—as well as on a periodic basis thereafter—thus making a site visit superfluous. As such, initially enrolling HHAs and hospices should be included in the limited screening level rather than in the moderate screening level. A commenter also stated that including all revalidating HHAs, hospices and DME suppliers in the moderate screening level is unfair and inappropriate, as they are already established providers; the commenter believes it should be exempt from the site visit requirement if it has been in existence for at least 5 years and there is no reason to suspect fraudulent activity. The commenter added, however, that additional site visits and increased medical review during the provider's first 5 years of enrollment could be performed to ensure compliance. Another commenter stated that it would be better to conduct HHA site visits, if they had to be performed, with existing or recent patients in their homes, since most care is provided to patients in their homes; care is not provided in the HHA or hospice office.

Response: We do not believe that a site visit is superfluous. Due to the length of the enrollment, survey, and certification processes, we believe it is important for us to institute verification activities at multiple points during this period, and not to restrict its validation efforts to the enrollment process and the State survey. Moreover, we do not believe that site visits should be limited to providers who have been enrolled for less than 5 years, as we do not have data to suggest that those who have been enrolled for 5 years or more present less of a fraud, waste, and abuse concern than newly enrolled providers and suppliers. Finally, and as mentioned earlier, provider enrollment site visits will be conducted at the HHA's physical locations.

Comment: A commenter asked CMS to describe the process the Medicare contractors are using to review State licensing data on a monthly basis. The commenter also requested clarification as to whether the reference to “non-public, non-government owned” applies only to affiliated ambulance services suppliers, or extends to the other provider types listed in the moderate level.

Response: The contractors use various processes to review licensure data; frequently, this is an automated process. With regard to the clarification requested, the term as used in the NPRM applied only to ambulance Start Printed Page 5886suppliers. However, as we have eliminated the distinction between public and non-public ambulance service providers, this comment is no longer applicable.

Comment: A commenter suggested that CMS consider reclassifying providers and suppliers in the “moderate” and “high” screening level to the “limited” risk level if the provider or supplier is subject to State licensure requirements. In addition, the commenter opposed reclassifying providers or suppliers from one screening level to another based strictly on their geographical location. To do so would be arbitrary, and would not reflect the risk associated with particular provider or supplier types.

Response: As already mentioned, we do not believe that State licensure is, in and of itself, indicative of a limited risk of fraud. In addition, we do not plan to reclassify providers or suppliers based solely on geographical location. As stated earlier, if we identify a concern among provider and supplier categories in a particular geographic location, our authority to impose a temporary moratorium will help to address those concerns. However, we do retain the authority to add geographic location as a criterion for adjusting a provider or supplier's screening level through future rulemaking.

Comment: A commenter expressed concern that fingerprinting: (1) Could be very costly; (2) raises privacy and security concerns once an organization begins to collect, maintain, administer access and store a database of fingerprints; and (3) is technologically being replaced by much more modern and reliable identification techniques. The commenter urged CMS to avoid requirements for fingerprinting in screening requirements and to use more modern techniques.

Response: As already mentioned, we believe that fingerprint-based criminal history record checks will be an effective tool in combating Medicare waste, fraud, and abuse. In our view, such criminal history record checks—more effectively than a name-based background check—will prevent ineligible individuals from enrolling in the Medicare program. CMS believes that the cost to both the applicants for the collection of fingerprints, and to CMS for the processing of the prints is not unduly burdensome either to the providers and suppliers or the agency. We would like to clarify that CMS will not be collecting and storing any fingerprints. As mentioned earlier, the selected authorized channeler will collect and transmit the prints electronically directly to the FBI CJIS Division's Wide Area Network to check against the IAFIS, the FBI maintained database. CMS will only receive the criminal history record information, and will protect that information as the Privacy Act requires—both from a privacy and security standpoint. In response to the commenter's third remark, while CMS is aware of the advances in technology in the biometric market, the FBI and State law enforcement standard is currently the fingerprint. Once the FBI or State law enforcement requires a new standard of identification to access the criminal history record information, we will comply with that standard.

Comment: A commenter suggested that in implementing the screening requirements, CMS should minimize duplication of effort. Often the same providers who participate in traditional Medicare are also participating in other plans, such as Medicaid. Having separate screenings could be burdensome and inefficient.

Response: We agree with the commenter that every possible attempt should be made to avoid duplication of effort. To that end, we have attempted to address this concern by providing that the States may rely upon a screening performed by the Medicare program.

Comment: A commenter supported the concept of applying geographical circumstances when adjusting providers or suppliers from one screening level to another, and recommended that anti-fraud efforts be coordinated with other payers—such as through information sharing—because providers and suppliers perpetrating fraud do so across the spectrum of payers, and that reality should be integrated into CMS's overall strategy.

Response: We agree that anti-fraud efforts should be coordinated among payors and we are taking steps to promote greater coordination. As stated previously, we believe our temporary moratoria authority described later in this rule will be an effective tool in particular geographic locations. We may revisit as a factor for enrollment screening level in future rulemaking.

Comment: Several commenters stated that new locations of currently enrolled Medicare DMEPOS providers should be distinguished from other providers that do not have an established record with the Medicare program. CMS should therefore screen new locations of Medicare enrolled suppliers in the same manner as it proposes to screen currently enrolled providers.

Response: We disagree. As previously stated, the addition of a new location is considered an initial enrollment. Consequently, a new DMEPOS location will be subject to the “high” level of categorical screening.

Comment: Several commenters requested that occupational and physical therapists, including those enrolled or applying to enroll as DMEPOS suppliers, be placed in the limited risk level.

Response: As stated earlier, all newly-enrolling DMEPOS suppliers (including those with new practice locations), regardless of sub-type, and including those that are owned by occupational and/or physical therapists, will be subject to a high level of categorical screening. For physical therapists enrolling as individuals or group practices via, respectively, the CMS-855I and CMS-855B applications, these suppliers will be placed in the moderate level of screening. As we explained earlier with respect to physical therapy providers, we believe the classification of physical therapists in the moderate level is supported by a recent OIG report entitled “Questionable Billing for Medicare Outpatient Therapy Services” (December 2010) (http://oig.hhs.gov/​oei/​reports/​oei-04-09-00540.pdf), which found, among other things, that Miami-Dade County had three times, and nineteen other counties had at least twice, the national level on five of six questionable billing characteristics.

Comment: A commenter asked whether CMS will identify the contractors that will perform these screenings, or whether it will accept screenings performed by commercial screening services widely used by large employers outside the health care industry.

Response: We believe the commenter is referring to criminal background screenings. To comply with the FBI requirements that only authorized channelers submit fingerprints to the Wide Area Network, and receive the criminal history record information from the FBI, CMS will contract with a pre-approved FBI authorized channeler. In the future guidance, CMS will identify the selected authorized channeler(s) where individuals may have their fingerprints collected, or to whom they may submit the FD-258 card that was completed at a local law enforcement agency. In addition to ensuring compliance with FBI security requirements, such authorized channelers have vendors all over the country where individuals can have their fingerprints electronically collected. In addition, individuals may have their prints taken on the FD-258 paper card at a local law enforcement agency, and then have it sent to the Start Printed Page 5887authorized channeler to have it digitized and submitted to the FBI.

Comment: A commenter had several suggestions for screening levels. The commenter recommended that the limited screening level include providers affiliated with non-profit acute care hospitals or health systems; any not-for-profit providers who have been in existence for at least 20 years and who have filed annual cost reports (if required) for their line of business; and any for-profit providers in business for 20 years as a single site provider. The moderate screening level should include all other providers except those indicated in the high screening level, plus any provider who has entered into a settlement with a government agency (Federal, State or local) within the past 20 years, up through the most recent 5 years, where such settlement covered any over-charge allegations. The high screening level should include any provider who has entered into a settlement with a government agency (Federal, State or local) for any overpayment in the past 5 years; and any provider or group of providers which may currently be under review for possible billing overcharges or other violations who is seeking either a new provider number or seeking a new provider location.

Response: We appreciate these suggestions, and may consider them as part of a future rulemaking effort should circumstances warrant. However, for now, and for the reasons described previously, we believe that the screening level assignments discussed in this preamble will best implement the statute.

Comment: A commenter recommended that CMS refrain from publicly posting risk levels, particularly as they relate to individual providers or group practices. The commenter believes that in some instances this could give a false impression as to the level of risk of any provider or supplier, and that CMS has not clarified how this action will assist the agency with fraud prevention.

Response: To the extent permitted by Federal law, we do not plan to publish risk assessments and the corresponding screening level of individual providers or suppliers.

Comment: A commenter urged CMS to provide contractors with sufficient and targeted resources to handle identity theft screening to ensure that the additional screening precipitated by identity theft will not delay processing of new enrollment applications.

Response: As mentioned throughout this rule, we do not plan to use fingerprint-based criminal history record checks to address identity theft concerns. Identity theft is within the purview of law enforcement and we will make referrals to our law enforcement partners whenever appropriate.

Comment: A commenter requested clarification as to whether a revalidating provider would need to resubmit fingerprints with its application. The commenter believes this would be burdensome, costly, and unnecessary, since fingerprints do not change.

Response: If an individual has provided fingerprints on one occasion, we will not ask such individual to furnish fingerprints a second time unless required by FBI protocols.

Comment: A commenter disagreed that in all cases publicly traded entities pose a “limited” risk while all HHA companies that are not publicly traded pose a “moderate” risk to the program. The commenter supported the “high” risk assignment for those new to the program, but stated that the proposed rule does not consider that companies that have operated successful and compliant HHAs for years would fall into the high screening level if they were to open a new location or branch simply based on the arbitrary assignment of the screening level.

Response: As stated earlier, we believe that newly enrolling HHA locations (for which a CMS-855 is submitted) should be subject to the enhanced scrutiny of the high risk screening level. Further, as stated earlier, we have eliminated the distinction between publicly traded and non-publicly traded companies.

Comment: A commenter urged CMS to expand the definition of limited risk to include entities that file with the Securities and Exchange Commission (SEC), even though they do not have securities traded on the NYSE or NASDAQ. By reason of their debt obligations, such entities are subject to the same disclosure and reporting requirements under Federal securities laws as a company that is subject to section 13 or 15(d) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”).

Response: As stated earlier, we have eliminated the distinction between publicly traded and non-publicly traded companies, and the comment is no longer applicable.

Comment: A commenter stated that adjusting HHAs from the “limited” or “moderate” screening level to “high” risk simply because they reside in an area for which CMS imposes a moratorium is arbitrary and punishes good HHAs with no consideration of their compliant service to the Medicare beneficiaries and the program.

Response: As explained elsewhere in this section and also later in the general discussion regarding moratoria, a moratorium may be imposed if there is a heightened risk of fraud, waste, or abuse in a particular area or involving a certain provider or supplier category. If a particular provider or supplier type posed such a risk as to warrant a moratorium, it would be inappropriate for us to automatically exempt it from enhanced screening once the moratorium ends. To do so would, in effect, require us to state that once the moratorium ends, that provider or supplier type no longer poses a risk, a conclusion that we could not necessarily draw.

Comment: A commenter stated that the assignment of risk should be based on defined criteria beyond those proposed, such as compliance history related to billings, medial review, and history of negative audits from the program safeguard contractors. The commenter added that defined criteria should also be used to identify when providers are moved to different screening levels. For instance, brand new HHAs with no previous enrollment history should be part of the high screening level; however, upon 5 years of compliant operation, they should be moved to the moderate screening level. If a company with a 5 year compliance history opens a HHA, it should not be assigned to the high screening level; instead, it should be assigned to the moderate screening level based on its good history with Medicare. Agencies that have a 7 year or more compliance history should be assigned the limited screening level.

Response: Though we do not at this point believe that length of time as a Medicare provider should be a criterion for reducing a provider's or supplier's screening level, we may consider this as part of a future rulemaking effort should circumstances warrant.

Comment: A commenter believes that the phrase “Indian Health Service facilities” should be deleted in favor of “health programs operated by an Indian Health Program (as that term is defined in section 4(12) of the Indian Health Care Improvement Act) or an urban Indian organization (as that term is defined in section 4(29) of the Indian Health Care Improvement Act) that receives funding from the Indian Health Service pursuant to Title V of the Indian Health Care Improvement Act.” Such language would encompass all Indian and tribal programs that are carried out pursuant to the Indian Health Care Improvement Act (IHCIA) and Indian Self-Determination and Education Assistance Act (ISDEAA). Moreover, to Start Printed Page 5888ensure that all Indian and tribal health programs are treated as limited risk, the exception in (b)(1) and (c)(1) should be amended to refer to Indian and tribal health programs. The commenter stated that the burden on Indian and tribal providers of meeting new screening requirements would be significant and duplicative of screening requirements imposed already under the Indian Child Protection and Family Violence Act on many of the providers.

Response: We will revise the language in the final regulation as requested by the commenter to ensure that Indian and tribal health programs are described accurately and are assigned to the limited screening level.

Comment: A commenter stated that CMS should designate provider screening levels in the final rule with comment period, and should require changes in the risk level for a provider type to be subject to the rulemaking process.

Response: We have specified the different screening levels in this final rule with comment period. Should a change in a particular provider or supplier type's classification be warranted and should it necessitate a change in existing regulatory language, we will publish notice of it in the Federal Register. However, we will not publish notice of the circumstances under which an individual provider or supplier has been moved to an elevated level of screening as described in § 424.518(c) and § 455.450(e).

Comment: A commenter stated that ophthalmologists, optometrists, and opticians who only bill as DMEPOS suppliers for post-cataract glasses and lenses should fall into the limited screening level.

Response: As detailed previously, currently enrolled DMEPOS suppliers will be placed in the moderate level of categorical screening and newly-enrolling DMEPOS suppliers will be assigned to the high level of screening.

Comment: A commenter opposed CMS' proposal to consider assigning all providers or suppliers in a specific geographic location to a higher level of screening, solely because others in that area may be considered moderate or high risk. The commenter believes this type of action was arbitrary, and could cause new, limited risk providers to think twice before entering a geographic market, thus potentially blocking beneficiary access to needed services.

Response: We did not assign any provider or supplier category to a screening level based on geography.

Comment: A commenter did not believe independent laboratories should be placed in the moderate screening level, due to their high level of regulation. The commenter stated that the sheer volume has no bearing on risk and that they are already subject to regular site visits.

Response: We disagree. Based on our experience, we believe that independent laboratories are appropriately assigned to the moderate screening level. We note that newly-enrolling DMEPOS suppliers are, too, subject to site visits, yet they are assigned the high screening level.

Comment: A commenter stated that all physicians should not be placed in the limited screening level. Several specialties are increasingly engaging in abusive self-referral arrangements.

Response: For the reasons stated previously, we believe that physicians and non-physician practitioners are appropriately classified in the limited screening level. Moreover, we note that the final rule with comment period contains provisions for elevating a particular physician's or practitioner's screening level in certain circumstances.

Comment: One commenter disagreed that geographical circumstances should justify the adjustment of FQHC providers and suppliers to elevated screening levels based upon this criterion alone. The commenter stated that FQHC entities are in an entirely different classification and should not be subject to the same categorical movement.

Response: We assume this commenter is concerned about our ability to reassign providers or suppliers after a temporary moratorium is lifted such that FQHCs could be classified as high risk in the event they are located in an area in which a temporary moratorium is lifted. We intend to finalize the elevated risk factors. We believe it important to closely monitor all providers and suppliers in the event a temporary moratorium is imposed—and for a period thereafter. We note that this would only apply to providers and suppliers to which the moratorium applied. Unless the moratorium that was lifted had applied to either all providers and suppliers in a geographic area or to a category of providers or suppliers that included FQHCs or to FQHC specifically, the elevation to the high screening level would not apply to FQHCs or any other provider or supplier category not originally subject to the moratorium.

Comment: A commenter: (1) Expressed concern about potential application delays if the Medicare contractors have insufficient funds to conduct these visits; (2) requested assurances from CMS that adequate funds will exist; and (3) recommended that CMS provide guidance to the Medicare contractors on the timeframes within which enrollment inspections shall occur.

Response: We believe that adequate funds will exist to perform the required site visits, and we will issue guidance to our contractors regarding processing times.

Comment: A commenter expressed concern that tax-exempt, faith-based HHAs will be subject to a higher level of scrutiny than publicly traded for-profit HHAs. The commenter believes that such faith-based HHAs should be placed in the limited screening category.

Response: We have eliminated the distinction between publicly traded and non-publicly traded HHAs. We decline to adopt the commenter's suggestion to assign faith-based HHAs in the limited level of screening as it has not been our experience that faith-based HHAs present a different risk of fraud and abuse than non-faith-based HHAs.

Comment: A commenter stated that the inclusion of CMHCs in the “moderate” risk group seems appropriate given the history of fraud in “for profit” CMHCs. The commenter believes, however, that in the future, “not for profit” CMHCs be considered for status as a “limited” screening level.

Response: We decline to adopt the commenter's suggestion, as it has not been our experience that non-profit CMHCs pose a different risk than for-profit CMHCs. We will monitor CMHCs and other provider and supplier types after this final rule with comment period is implemented and, if need be, make adjustments to various risk classifications.

Comment: A commenter stated that the fingerprint requirement is problematic. The FD-258 fingerprint card could be fairly easy to obtain and complete without the involvement of government officials or by manipulating the form before forwarding it to the concerned government representative which could lead to fraudulent data being accepted by CMS contactors. In order to ensure the validity and acceptability of fingerprint data, the commenter stated that a clear chain of custody will be required for the FD-258 cards, providing for uninterrupted and secure forwarding of the completed cards from an originating law enforcement office to the CMS contractor. The commenter believes that consultation with the FBI and other expert agencies on this subject could prove valuable.

Response: CMS has consulted and will continue to consult with the FBI regarding the use of the FD-258 card. As noted previously, CMS has found that in addition to a longer processing time for Start Printed Page 5889the FD-258, there is a higher cost to CMS for the processing of such cards. However, individuals who have their prints collected by a local law enforcement agency must use the FD-258 card and submit it to CMS' authorized channeler. The authorized channeler will digitize such FD-258 cards obtained at a local law enforcement agency for submission to the FBI. The chain of custody will conform to the FBI Security and Management Control Outsourcing Standard for Channelers and Non-Channelers and the FBI's Criminal Justice Information Services (CJIS) Division's Security Policy.

Comment: A commenter recommended that the proposed screening procedures be applied across the board for all providers and suppliers in or being introduced into any aspect of the Medicare, Medicaid or CHIP system.

Response: We disagree with this comment. Different categories of providers and suppliers pose different risks that must be addressed in distinct ways.

Comment: A commenter recommended that when determining whether to adjust an individual DMEPOS supplier's screening level, CMS should consider the supplier's: (1) Experience in furnishing services; (2) experience in the geographic area; (3) accreditation status and compliance with quality standards; and (4) compliance program, as well as any past fraudulent activity by the supplier or its employees and the category of DMEPOS it furnishes.

Response: We decline to adopt this approach. First, we believe that this could be subject to inherently arbitrary implementation. Second, as has been described previously, we believe the ACA requires us to assign categories of providers and suppliers to a level of screening based on the risk for fraud. The criteria the commenter proposes would necessitate a level of pre-screening that is not feasible for every applicant CMS must process.

Comment: A commenter stated that providers and suppliers should be individually notified of the screening level into which they will be placed and the reasons for such designation. The categorizations should not be made public because that could easily lead to irreparable damage to reputations and the companies' business.

Response: The publication of this final rule with comment period serves as notification to suppliers and providers of the assignment of their category to a particular screening level. The only new screening requirement that requires action on the part of a provider or supplier is the fingerprint-based criminal history record check. As stated, there will be an additional 60 day period after the publication of subregulatory guidance prior to its implementation for DMEPOS and HHAs. In instances where an individual provider or supplier has been reassigned to a higher level of scrutiny under § 424.518(c)(3), we anticipate that each provider or supplier will be individually notified of its newly assigned screening level prior to revalidation. This process will be clarified in the subregulatory guidance that CMS will issue as described in this final rule with comment period. Moreover, to the extent permitted by Federal law, we do not intend to make public a particular provider or supplier's screening level assignment.

Comment: A commenter requested that CMS expand the limited screening level defined in the proposed regulation to include the term “non-physician practitioner.” This term is frequently used to describe nurse practitioners, clinical nurse specialists, and physicians' assistants.

Response: This regulation uses the term “non-physician practitioner” in describing categories of providers assigned to a level of screening. See § 424.518(a)(1)(i).

Comment: A commenter recommended that, to the extent allowed under law, CMS disclose limited information about the risk model so as to avoid reverse-engineering by individuals intent on defrauding the Medicare program.

Response: We appreciate this comment, but believe it is important that the provider and supplier communities be made aware of what will be required as part of the enrollment process.

Comment: A commenter recommended that reimbursement be provided for the cost of the background check and fingerprint card. With budget cuts and regulatory mandates, providers are struggling to meet the increasing costs of delivering health care services in an environment with decreasing resources. Another commenter suggested, however, that fingerprinting be done at the cost of the provider prior to the Medicare contractor receiving the enrollment application.

Response: A fingerprint-based criminal history record check is part of the Medicare enrollment screening process for specified applicants. The cost of the having the fingerprints taken and supplying the fingerprints to the authorized channeler, whether electronic or on the card, will be borne by the provider or supplier. There will be no cost to the provider or supplier for the subsequent processing of the prints or the background check, as CMS will pay for the processing of the prints and the criminal history record check.

Comment: A commenter recommended that providers be able to have their fingerprints electronically scanned with a vendor contracting with the Federal government.

Response: Shortly after the publication of this final rule with comment period, we will be issuing guidance to the provider and supplier communities regarding the processes for obtaining fingerprints. We anticipate that CMS will contract with an FBI-approved authorized channeler for the collection and transmission of fingerprints. It is our understanding that such authorized channelers use electronic technology to collect and process fingerprints. We will provide more information regarding available technologies and vendors prior to the implementation of this requirement, as announced 60 days prior to the effective date through the publication of subregulatory guidance.

Comment: A commenter stated that CMS needs to ensure that information used in the classification of suppliers is correct and appropriate. Thus, CMS should require that only final agency actions be used as a basis for assigning suppliers. Decisions overturned on appeal should have no bearing or effect on the supplier's screening level.

Response: We do not believe it is appropriate to wait until a particular action is final before shifting a provider into a different screening level. The appeals process can take an extended period, during which a provider intent on defrauding the Medicare program could have more time to do so if permitted to remain in a lower screening level. As already mentioned, should a particular action be rescinded, the provider will be restored to its previous screening level.

Comment: A commenter stated that pharmacies licensed by the State—whether newly enrolling or as part of an additional location—should be specified as limited risk providers.

Response: As we mentioned earlier, State licensure is not automatically indicative of the screening level that should be ascribed to a category of provider or supplier.

Comment: A commenter questioned whether hospice organizations are correctly included within the moderate screening level and should instead be included in the limited screening level. The commenter did not believe that sufficient data exists to justify placing Start Printed Page 5890hospices in the moderate screening level.

Response: For the reasons we explained, we believe that hospices are most appropriately as assigned to the moderate screening level.

Comment: A commenter stated that if an enrollment moratorium were placed on a particular geographic area and then lifted, the Medicare contractor would be required to conduct background checks and fingerprints on all physicians in that area. The commenter urged CMS to reconsider the burdens and costs of doing so for large groups of providers. The delays in processing these applications would deter physicians from enrolling and revalidating their enrollments. The commenter also stated that CMS should limit those physicians placed in the highest level of screening to individuals previously found guilty of crimes against Medicare or where there is publicly available evidence to justify such intrusions.

Response: The situation described in the commenter's first sentence would only apply in the unlikely event that physicians in that area were subject to a moratorium. As stated earlier, CMS does not believe that the collection of the fingerprints for the FBI fingerprint-based criminal history record check will substantially impact the time to process an enrollment application by the relevant Medicare contractor. If, as will most likely be the case with any temporary enrollment moratorium, the moratorium only applies to non-physician provider or supplier types, physicians would not be affected by the lifting of the moratorium. We believe we have clarified this point in the final rule with comment period.

Comment: Regarding fingerprinting and background checks, a commenter requested clarification regarding: (1) How the information will be stored and whether it will be destroyed after a period of time; (2) how the information will be used; (3) what constitutes background information that rises to the level of a threat to Medicare; (4) whether the physician or non-physician practitioner be afforded a copy of the results; (5) the policies that will ensure that the information is protected and secure and, in the event of a security lapse, whether the practitioner will be notified; (6) who will be conducting the background checks; (7) whether the information will be added to State or Federal databases for other purposes; and (8) whether practitioners will know prior to or at the time of application submission that they will be subject to these additional requirements.

Response: We have clarified in this final rule with comment period that the fingerprint requirement will be used in the context of obtaining FBI criminal history record information. This information will be stored according to all Federal requirements as well as the FBI's Security and Management Control Outsourcing Standard for Channelers and Non-Channelers and the CJIS Security Policy. CMS will rely on existing authority to deny and revoke enrollment at § 424.530(a) and § 424.535(a) if an individual who maintains a 5 percent or greater direct or indirect ownership interest in a provider or supplier has certain prior felony convictions, or if an enrollment application contains false or misleading information. The FBI will send the results of the criminal history record check only to the authorized channeler, who will be permitted to send the results only to the authorized recipient, or an FBI approved outsourced third party. In the event of loss of the criminal history record reports, CMS will follow the established protocol for communicating with the public and individuals regarding the loss of personally identifiable information. The criminal history record information is compiled when the FBI receives the fingerprint and links it to an existing record(s) of arrest and prosecution in State and FBI databases. Individuals or entities do not conduct criminal background checks. CMS, through an authorized channeler, will be accessing existing law enforcement data on fingerprinted individuals as required by this final rule with comment period. CMS will inform all relevant individuals of their requirement to submit fingerprints for the purposes of an FBI criminal history check as a condition of enrollment. While we are finalizing this screening method, we do not plan to implement this provision upon the effective date. Instead, we will be issuing additional guidance to providers, suppliers, the general public, and our contractors after the publication of this final rule with comment period to explain the operational aspects of the fingerprint-based criminal history record check requirement. As stated previously, we will delay implementation until 60 days after the publication of subregulatory guidance.

Comment: A commenter asked who will pay the fee for the fingerprinting and, if the physician or practitioner must pay it, whether he or she will be reimbursed, given the restrictions on application fees for certain non-institutional providers.

Response: The relevant individuals who are required to undergo the criminal history record check will incur the cost of having their fingerprints taken. Providers and suppliers will not be reimbursed by Medicare, Medicaid or CHIP for the fingerprint collection costs. CMS will bear the cost of processing the fingerprint-based criminal history record check for providers and suppliers that enroll in Medicare. For Medicaid-only and CHIP-only providers, the States and Federal government will share these costs.

Comment: A commenter stated that fingerprinting is generally limited to certain hours of the day. Due to the demands of physicians' schedules, the commenter asked how CMS will ensure the availability of fingerprinting for those physicians placed in the high screening level.

Response: Physicians who are enrolled in Medicare as practicing physicians will generally not be subject to fingerprinting. Fingerprint-based criminal history record checks will only be required in the case of providers or suppliers that are assigned to the high screening level. Physicians are generally assigned to the limited screening level.

Comment: A commenter urged CMS to ensure that fingerprinting and background checks do not delay the enrollment of legitimate and honest physicians.

Response: Physicians are generally assigned to the limited screening level and, as such, will not be subject to fingerprinting based on their enrollment as a physician. Physicians who choose to enroll as DMEPOS suppliers or HHAs will be required to undergo a fingerprint-based criminal history record check as a requirement of the high screening level but, as stated previously, CMS does not believe this requirement will significantly delay the enrollment of any provider or supplier.

Comment: A commenter stated that hospital-owned HHAs and hospices should be designated as limited risk and, therefore, should not be subject to unannounced and unscheduled pre-enrollment and/or post-enrollment onsite visits.

Response: For the reasons already discussed, newly enrolling HHAs will be placed in the high screening level, regardless of ownership.

Comment: Several commenters stated that implementing the new screening procedures by March 23, 2011 is not feasible due to the coordination efforts required between Medicare and Medicaid. They recommended that the implementation date be moved to March 23, 2012.

Response: We disagree, and believe that all screening procedures except the fingerprint-based criminal history record check required for those in the high level of screening will be in place Start Printed Page 5891beginning on March 25, 2011. As noted previously, we will delay implementation of such high screening level until 60 days after the publication of subregulatory guidance on how this provision will be implemented. Further, we believe the statute requires the implementation dates that we have specified.

Comment: A commenter recommended that CMS reconsider the risks associated with allowing existing enrollees to be exempted from the new screening procedures until March 23, 2012. The commenter believes this creates a potential gap in program integrity.

Response: The ACA specifies the effective dates for the new screening provisions. For newly enrolling providers and suppliers, and for those currently enrolled whose revalidation is scheduled between March 25, 2011 and March 23, 2012, the effective date is March 23, 2011 or the date scheduled for the revalidation. For providers and suppliers assigned to the high screening level, the fingerprint-based criminal history record check requirement will be implemented through subregulatory guidance and will be effective 60 days following the publication of the guidance. All other screening requirements are effective on March 25, 2011 for those in the high screening level. For all other currently enrolled providers and suppliers, the statute established an effective date of March 23, 2012.

Comment: A commenter recommended simplifying the screening process such that all enrolling providers and suppliers are put into the moderate level, and then adjust screening interventions based on specific circumstances related to elevated risk of fraud.

Response: We decline to base the assignment of provider and supplier types to a level of screening on the assumption that every provider or supplier is of equal risk upon enrollment into the Medicare. We see clear differences in risk among categories of providers and suppliers. Therefore, we do not plan to assign all provider and supplier categories to the same screening level. In response to the suggestion that we adjust screening interventions based on specific circumstances, we believe this process is both unwieldy and burdensome to implement for every provider as the baseline screening methods. Although we have identified certain events that will cause a provider to move from “limited” or “moderate” to “high” screening, we do not believe we should conduct individual assessments. As stated previously, CMS will assess an individual provider's risk and potential actions based on the individual provider's enrollment application and may continue to use existing program integrity tools that are not addressed by this rule. We believe this approach is the most objective approach and is consistent with the ACA.

Comment: A commenter requested clarification on how States will be notified of providers' risk classifications and any changes thereto.

Response: We will disseminate guidance to the States on this topic shortly after the publication of this final rule with comment period.

Comment: A commenter recommended that CMS explain whether it is replacing or removing the current revalidation basis in § 424.535(a)(6) with the proposed new § 424.535(a)(6).

Response: We are neither replacing nor removing the current revalidation basis. We simply proposed an additional reason at § 424.535(a)(6)(i) for the revocation of Medicare billing privileges. Specifically, we proposed that billing privileges may be revoked if “An institutional provider does not submit an application fee or hardship exception request that meets the requirements set forth in § 424.514 with the Medicare revalidation application,” or the hardship exception is not granted. We will renumber the subsections in § 424.535(a) accordingly.

The commenter refers to the current revalidation basis but cites to the revocation regulation. To clarify, as stated previously, the proposed rule proposed to require that a provider or supplier revalidate its enrollment at any time pursuant to § 424.515. This new authority to permit off-cycle revalidations does not replace the current cycle for revalidation (3 years for DMEPOS and 5 years for all other providers).

Comment: To reduce the paperwork burden imposed on providers and suppliers and to reduce the administrative expense associated with processing a revalidation application, several commenters recommend that CMS allow providers and suppliers in good standing to submit an annual attestation, rather than a full revalidation application. The attestation, in other words, would be used in lieu of revalidation, and would require the provider or supplier to notify CMS of any changes or to attest that there were no changes within the prior year. This approach would promote compliance without requiring the provider or supplier to submit a full revalidation application and a fee.

Response: The burden associated with submitting Medicare enrollment applications A, B, I, R and CMS-855S is currently approved under Office of Management and Budget (OMB) control numbers 0938-0685 and 0938-1057, respectively. Such an attestation, as proposed by the commenter, would not fulfill the screening requirements of this final rule with comment period, as re-screening is a condition of revalidation. The screening requirement and associated application fee are required by the ACA to minimize the risk of fraud, waste and abuse to the Medicare, Medicaid programs and CHIP, and cannot be circumvented by a process that would limit the scope of such screenings.

Comment: One commenter stated that CMS did not furnish sufficient justification or rationale for its proposal in § 424.515 that CMS may require a provider or supplier to revalidate its enrollment at any time. The commenter added that the proposed revision seems punitive and overly broad because CMS does not furnish ample discussion for the public to fully evaluate the proposal. The commenter recommended that CMS remove its proposal because CMS did not: (1) Justify its reasons for establishing this new authority, (2) describe its existing authorities and how this proposal is different, and (3) explain or justify the number of times that CMS can require revalidation within a given period of time.

Response: We proposed at § 424.515 that we have the ability to require that a provider or supplier revalidate its enrollment at any time, and stated that this proposal was designed to help ensure that the statutory effective date of March 23, 2013 is met. We fully intend to implement the new authorities provided by the ACA by the deadlines that have been set out by the Congress.

We stated in the proposed rule that DMEPOS suppliers are required to re-enroll every 3 years, and other providers and suppliers are required to revalidate their enrollment every 5 years. For purposes of clarity, we also proposed language at § 424.57(e) that changes all references to “re-enroll” or “re-enrollment” to “revalidate” or “revalidation.” We have existing authority at § 424.515(d) to require off-cycle validations in addition to the regular 5 year revalidations and may request that a provider or supplier recertify the accuracy of the enrollment information when warranted to assess and confirm the validity of the enrollment information maintained by us. Such off-cycle revalidations may be triggered as a result of random checks, information indicating local health care Start Printed Page 5892fraud problems, national initiatives, complaints, or other reasons that cause us to question the compliance of the provider or supplier with Medicare enrollment requirements. Off cycle revalidations may be accompanied by site visits. The new authority to conduct off-cycle validations of providers and suppliers will enable us to apply the new screening requirements to all currently enrolled providers and suppliers by the statutory effective date.

The proposed rule stated that once a provider has been subject to an off-cycle validation under § 424.515(e), the current cycle for revalidation would apply. This means that if a provider subject to the 5-year revalidation cycle had to revalidate in 2013, the provider or supplier would next have to revalidate in 2018. However, a provider or supplier may be required to revalidate under § 424.515(d) during that time period if there are indicators of the noncompliance for a particular provider.

Comment: A commenter stated that CMS currently requires contractors to review State licensing board data on a monthly basis. As such, it would be more efficient to access a centralized, federated database to provide CMS with the most comprehensive data on physician licensure status.

Response: As previously mentioned, we are currently in the process of re-assessing the provider enrollment process and systems that are used to support screening and enrollment. We are exploring a number of options to take advantage of technological advances to improve the provider screening process. Increased automation of the process is one of the areas on which we are focusing.

Comment: A commenter stated that, given the ongoing Medicare backlogs, CMS should provide information regarding: (1) The number of revalidations started and completed by CMS or its contractors in 2007, 2008, 2009, and 2010, (2) how an estimated 93,000 revalidations per year beginning in 2010 will impact the processing of new applications by providers and suppliers, and (3) the amount of money obligated on provider screening activities for each fiscal year between 2005 and 2010, and (4) how much money CMS expects to obligate for these activities in 2011. Another commenter recommended that CMS furnish the number of revalidation applications processed by the National Supplier Clearinghouse, MACs, carriers, and fiscal intermediaries for each of the last 5 years.

Response: This final rule with comment period specifically increases the number of providers and suppliers that will be revalidated through the use of off-cycle revalidations, for the explicit purpose of applying the new screening requirements to currently enrolled providers. Therefore, the number of revalidations processed in the past 4 or 5 years and the money obligated to that process is irrelevant to the evaluation of our ability to process additional revalidations as required by this final rule with comment period. Additionally, we have undertaken steps to streamline the enrollment process, both for newly enrolling and revalidating providers and suppliers. We recognize that there have been challenges in implementing the new authorities to safeguard the integrity of Medicare, Medicaid and CHIP, and have demonstrated a willingness to work with providers and suppliers to reduce unnecessary burdens and risks that may have accompanied the enrollment processes in the past. We have communicated with providers via Medicare Learning Networks and provider Open Door Forums, and will continue to do so throughout the implementation of the ACA.

We believe that additional resources will be available to enable the processing of the increased numbers of enrollment applications. We have actively taken steps to reduce processing times as much as feasible. Furthermore, we have undertaken many activities to streamline the enrollment process to reduce the burden upon providers and suppliers.

Comment: A commenter recommended that CMS employ an expanded data-driven screening process by using open-source data during the enrollment and re-enrollment business processes. Such data could include the current operational status of the firm; chain of ownership or corporate family linkages; identification of tax liens; presence of open bankruptcies; and records of government enforcement actions. The commenter also suggested that each provider and supplier be registered for post-enrollment data monitoring, which “pushes” one or more high risk updates (for example, bankruptcy filing; a criminal filing involving a provider executive; or sudden increase in the risk of financial failure) to CMS automatically. CMS could use such high risk alerts for the selection and prioritization of unscheduled and unannounced site visits. Finally, the commenter recommended additional database checks that would vary by screening level. These included, but were not limited to, verifying: (1) Corporate chain of ownership, (2) tax liens, (3) non-HHS government enforcement actions, (4) extent of any government contracting, and (5) any open lawsuits.

Response: As stated previously, we are continually exploring additional improvements to our data systems. We are committed to working with both private and public partners to continue to evaluate technologies that can provide the scalability and safeguards to beneficiary access that we need to ensure accurate payments to legitimate providers for appropriate services.

Comment: A commenter urged CMS to release a proposal for comment that provides additional detail regarding what CMS believes should constitute background information relevant to Medicare provider enrollment that would prevent a practitioner from enrolling in the Medicare program.

Response: At some point it may be necessary to modify our existing regulations that address felonies that are relevant to enrollment of billing privileges. However, we have not yet proposed expansion of our existing authorities codified in the Code of Federal Regulations. The requirements for Medicare enrollment are established in other regulations and manual instructions, and are not—unless otherwise stated herein—being modified in this final rule with comment. The criminal background check is intended to verify certain information provided on the Medicare enrollment application. Under our existing regulatory authority, we could impose a denial of enrollment or a revocation of billing privileges based upon the results of the background check in certain instances. Illustratively, if, through the background check, CMS learned of a felony conviction that met the criteria at § 424.530(a)(3) or § 424.535(a)(3), billing privileges could be denied or revoked, respectively.

Comment: One commenter stated that in its FY 2011 performance budget, we say that we will create a limited number of MACs to carry out provider enrollment, and that each contractor would enroll providers for designated regions of the country. Given the publication of the proposed rule, the commenter recommended that we explain how reducing the number of MACs and increasing the workload will help providers and suppliers and reduce Medicare fraud, waste, and abuse in the Medicare program. The commenter also requested that CMS furnish an update on this consolidation effort. Another commenter asked CMS to explain how it will consolidate provider enrollment activities, conduct 93,000 revalidations, and handle initial applications without disrupting the provider enrollment Start Printed Page 5893process and creating additional backlogs and processing delays for providers of service and suppliers.

Response: We recognize that provider enrollment is a large and complicated task that requires not only internal consistency but also understanding and ease of interaction with the provider and supplier community. As a result, we are currently engaged in a thorough assessment of the provider enrollment process and in making improvements as needed to eliminate delays in enrollment and improve overall system performance. As part of this process, we are working toward consolidation of the number of enrollment contractors as a means to achieve economy of scale and greater consistency in the enrollment process. In developing the provisions of this final rule with comment period and other regulatory and subregulatory policies, we are mindful of the overall re-assessment of the provider enrollment process and supporting systems.

Comment: A commenter urged CMS to refine its provider enrollment specialty categories to accurately reflect the existing varieties of practitioners—particularly the categories for dentistry and the dental specialties—in order to reduce the likelihood that practitioners such as dentists will be inappropriately categorized and subject to unwarranted higher levels of screening.

Response: We do not believe it is necessary to further refine the provider enrollment specialty. Dentists should submit the CMS-855I if they intend to submit claims directly to Medicare. Further, dentists would be in the limited screening level.

Comment: A commenter stated that the proposed rule does little to prevent: (1) Identity theft; (2) health care fraud; (3) money laundering; and (4) bank fraud. The commenter believes that the screening levels were too broad and simplistic. To prevent fraud and abuse, the commenter recommended that CMS: (1) Implement section 6401(a)(3) of the ACA immediately; (2) consider and adopt distinct screening criteria and program requirements for non-physician owners of medical clinics and that these providers be placed into a high screening level, and (3) use the statutory authority in section 6401(a)(3) of the ACA to make sure that the claims being submitted are valid.

Response: We believe the commenter is referring to new section 1866(j)(3) of the Act, which addresses a provisional period of enhanced oversight for new providers of services or suppliers. We will implement all authorities granted under the ACA using the proper procedures. We disagree with the commenter that the proposed rule and this final rule with comment period will do little to prevent health care fraud, and believe that issues of money laundering and bank fraud are beyond the scope of this final rule with comment period. We strongly believe that additional site visits, both announced and unannounced, will help to identify fraudulent providers and suppliers before they are permitted to enroll in Medicare, Medicaid or CHIP. The temporary moratoria and payment suspension provisions give us the ability to act as soon as a problem is detected, preventing money from being paid while balancing the rights and needs of providers, suppliers, and beneficiaries.

Comment: One commenter stated that CMS's proposed ability to reenroll DMEPOS suppliers more frequently than every three years could be burdensome for CMS and the DMEPOS supplier, and suggested that CMS revalidate every 3 years from the most recent revalidation, rather than every 3 years from the date billing privileges were granted.

Response: As stated previously, the proposed rule and this final rule with comment period permit us to require revalidation of DMEPOS suppliers on or after March 23, 2012 to meet the statutory effective date for the screening requirements; after that, DMEPOS suppliers would then be subject to revalidation every 3 years. DMEPOS could be subject to off-cycle revalidation under existing authority at § 424.515(d) when CMS has reason to question the compliance of the provider or supplier with Medicare enrollment requirements.

Comment: One commenter stated that identity theft is a huge problem in the United States and that Medicare, Medicaid and CHIP should do everything possible to protect physicians' identities. The commenter recommended that CMS provide data on the number of physicians and non-physician practitioners who have practice locations in multiple States—including States with connecting State boundaries and States without connecting State boundaries. The commenter also suggested that CMS explain what efforts, if any, are used to verify a physician that is establishing a practice location in multiple States and that the individual's identity is authenticated. Another commenter stated that it is unclear how fingerprinting and background checks will achieve the goal of preventing identity theft for physicians.

Response: We agree with the comment that Medicare, Medicaid and CHIP should use all available authorities to protect physicians' identities. However, as we have noted previously, we will not use this screening regulation to identify instances of identity theft. We disagree that the publication of the number of physicians and non-physician practitioners who have practice locations in multiple States will address the issue of identity theft. We also have a process in place to verify a physician is legitimately establishing practice locations in multiple States, and have found there are multiple legitimate reasons why this may be the case.

We believe that criminal history record checks will enable us to verify information that has been submitted on an enrollment application is accurate and complete. As stated previously, using fingerprints to perform such a record check is the only accepted method by the FBI for non-criminal justice purposes, as it is believed to be the most accurate link between an individual and their criminal history record.

Comment: A commenter stated that in the proposed rule, CMS does not justify or explain the rationale for many of its positions, such as: (1) Placing providers and suppliers into various screening categories, and (2) its rationale for creating a new revalidation reason (see § 424.515(e)). The commenter recommended that CMS not finalize this proposed rule, but rather publish a new proposed rule using the information from this rule.

Response: We disagree that the proposed rule did not explain our rationale for our approaches. As mentioned earlier, we relied on our extensive experience to identify categories of providers with a higher incidence of fraud, waste and abuse. In addition, we used the expertise of our contractors charged with identifying and investigating instances of fraudulent billing practices in making our decisions regarding the appropriate risk classification of various providers. In some instances, we also relied on the data analysis and expertise of the OIG, GAO, and other sources to develop a process designed to increase scrutiny for specific categories of providers and suppliers that represent a higher risk to the Medicare program. Furthermore, we stated the new reason for off-cycle validation is to enable us to apply the new screening requirements to all applicable providers and suppliers by the statutory effective date of March 23, 2013.

Comment: In response to a request for comments, a commenter stated that harmonization between Medicare, Medicaid, and MA would be beneficial Start Printed Page 5894only to the extent that the programs have enrollment and re-validation reciprocity and that adequate resources and time were allocated to ensure that harmonization does not wreak havoc among state Medicaid programs and MA plans. Reciprocity would ensure that physicians are not subject numerous times to the same or similar onerous requirements; this would also represent significant savings for Federal health care programs.

Response: We agree that harmonization between program requirements will be beneficial for State Medicaid agencies, providers, and CMS. This final rule with comment period implements several changes that minimize the burden on States and providers, including the reciprocity of Medicare screening for dually enrolled providers and State responsibility to screen only Medicaid and CHIP-only providers.

Comment: A commenter requested special consideration and/or exemptions for States with comprehensive licensure statutes for orthotists and prosthetists.

Response: We do not agree that licensed orthotists and prosthetists should receive special consideration or exemptions as compared to orthotists and prosthetists that happen to be located in a State without what could be deemed ‘non-comprehensive' licensure statutes. CMS did not make a distinction based on licensure requirements for any other category of provider.

Comment: A commenter opposed the proposed language at § 424.515(e) allowing CMS to require additional off-cycle revalidations, stating it could allow CMS to initiate revalidations frequently and on a whim. At a minimum, off-cycle revalidations should be exempt from the $500 application fee.

Response: We disagree with this comment. Section 424.515(e) was added for a specific purpose and we could not require a provider or supplier to revalidate off-cycle pursuant to § 424.515(e) more than once. The application fee was included in the statute to cover exactly the type of screenings that will be performed during the revalidations, and we do not believe it is appropriate or necessary to exempt the revalidations from the fee.

Comment: A commenter suggested that CMS tie an enrollment ban to those who are trying to enroll in the Medicare program and not just for those who are already enrolled. That way, fraudulent providers would never be allowed to enter the program.

Response: We believe the commenter is referring to an enrollment bar for providers and suppliers whose applications are denied, similar to that which is currently in place for providers and suppliers whose Medicare billing privileges are revoked. We appreciate this suggestion. We are currently not in a position to adopt it, as additional research is needed to determine its potential effectiveness and the various circumstances under which it might apply. That said, we may consider it as part of a future rulemaking effort.

c. Final Screening Provision—Medicare

This final rule with comment period finalizes the provisions of proposed rule in regards to the Medicare screening requirements with the following modifications:

  • In § 424.518(a)(1), we are adding Competitive Acquisition Program/Part B Vendors to the limited risk screening level.
  • In § 424.518(a)(1), we are adding pharmacies that are newly enrolling or revalidating via the CMS-855B to the “limited” level of screening.
  • In § 424.518(a)(1), in response to comments, we have changed the description for Indian health service providers to state, “health programs operated by an Indian Health Program (as defined in section 4(12) of the Indian Health Care Improvement Act) or an urban Indian organization (as defined in section 4(29) of the Indian Health Care Improvement Act) that receives funding from the Indian Health Service pursuant to Title V of the Indian Health Care Improvement Act, hereinafter (IHS facilities).”
  • In 424.518(a)(2), we are clarifying that occupational therapy and speech pathology providers are assigned to the limited screening level.
  • In 424.518(a)(1), we are removing physical therapists and physical therapist groups from the category of non-physician practitioners that are within the limited screening level.
  • In 424.518(a)(1), we are removing non-public, non-government owned or affiliated ambulance suppliers from the limited screening level.
  • In § 424.518(a)(2), we are adding portable x-ray suppliers to the moderate screening level.
  • In 424.518(a)(2), we are adding physical therapists and physical therapist groups to the moderate screening level.
  • In 424.518(a)(2), we are assigning all ambulance suppliers to the moderate screening level, regardless of whether they are public or government affiliated.
  • In § 424.518(a)(1), we are adding pharmacies that are newly enrolling or revalidating via the CMS-855B to the limited screening level.
  • In § 424.518, we also eliminated the distinction between: (1) Publicly traded and non-publicly traded, and (2) publicly owned and non-publicly owned as criteria for assignment of any provider type to a level of screening.
  • In § 424.518(c)(2)(ii)(A), we have removed the requirement that fingerprints must be submitted using the FD-258 fingerprint card. Also, the fingerprints must be collected from all individuals who maintain a 5 percent or greater direct or indirect ownership interest in the provider or supplier.
  • In § 424.518(c)(2)(ii)(B), we have replaced “conducts a criminal background check” with “Conducts a fingerprint-based criminal history report check of the Federal Bureau of Investigations Integrated Automated Fingerprint Identification System on all individuals who maintain a 5 percent or greater direct or indirect ownership interest in the provider or supplier.”
  • In § 424.518(d), we have identified owners with a 5 percent or greater direct or indirect ownership as responsible for providing fingerprints, and the methodology of how to submit the fingerprints.
  • § 424.518(c)(3), we have added “final adverse action” as a basis for reassigning a provider or supplier to the high screening level at § 424.518(c)(3)(iii)(B).
  • In § 424.518(c)(3), we have added six months as the length of time a provider or supplier category will be assigned to the high screening level following the lifting of a temporary enrollment moratorium.
  • Finally, in § 424.518(c)(3), we have removed denial of Medicare billing privileges in the previous ten years as a basis for reassigning a provider or supplier to the high screening level at § 424.518(c)(3)(iii)(B).

As we have stressed throughout this preamble, we will monitor these new procedures and their effectiveness and may reconsider or modify our approach in the future as we gain experience with these procedures. We further reiterate that nothing in this rule is intended to abridge our established screening authority under existing statutes and regulations, or to diminish the screening that providers and suppliers currently undergo. The provisions specified in this final rule with comment period are intended to enhance—not replace—our existing authority. The screening laid out here reflects the minimum requirements. For example, a contractor may undertake database checks in addition to the ones listed below as deemed appropriate. Nothing in this rule should be interpreted as limiting the amount of scrutiny CMS or its Start Printed Page 5895contractors may give to an applicant. Tables 5 through 8 below outline the levels of screening by category that we are finalizing.

Table 5—Final Level of Required Screening for Medicare Physicians, Non-Physician Practitioners, Providers, and Suppliers

Type of screening requiredLimitedModerateHigh
Verification of any provider/supplier-specific requirements established by MedicareXXX
Conduct license verifications, (may include licensure checks across States)XXX
Database Checks (to verify Social Security Number (SSN); the National Provider Identifier (NPI); the National Practitioner Data Bank (NPDB) licensure; an OIG exclusion; taxpayer identification number; death of individual practitioner, owner, authorized official, delegated official, or supervising physicianXXX
Unscheduled or Unannounced Site VisitsXX
Fingerprint-Based Criminal History Record Check of law enforcement repositoriesX

Table 6—Final Medicare Providers and Suppliers Categories Designated to the “Limited” Level for Screening Purposes

Provider/supplier category
Physician or non-physician practitioners and medical groups or clinics, with the exception of physical therapists and physical therapist groups.
Ambulatory surgical centers, competitive acquisition program/Part B vendors, end-stage renal disease facilities, Federally qualified health centers, histocompatibility laboratories, hospitals, including critical access hospitals, Indian Health Service facilities, mammography screening centers, mass immunization roster billers, organ procurement organizations, pharmacies newly enrolling or revalidating via the CMS-855B, radiation therapy centers, religious non-medical health care institutions, rural health clinics, and skilled nursing facilities.

Table 7—Final Medicare Providers and Suppliers Categories Designated to the “Moderate” Level for Screening Purposes

Provider/supplier category
Ambulance suppliers, community mental health centers; comprehensive outpatient rehabilitation facilities; hospice organizations; independent diagnostic testing facilities; independent clinical laboratories; physical therapy including physical therapy groups and portable x-ray suppliers.
Currently enrolled (revalidating) home health agencies.

Table 8—Final Medicare Providers and Suppliers Categories Designated to the “High” Level for Screening Purposes

Provider/supplier category
Prospective (newly enrolling) home health agencies and prospective (newly enrolling) suppliers of DMEPOS.

4. General Screening of Providers—Medicaid and CHIP—Proposed Provisions and Analysis of and Responses to Public Comments

Section 1902(kk)(1) of the Act requires that States comply with the process for screening providers established by the Secretary under section 1866(j)(2) of the Act.[4] Section 2107(e)(1) of the Act provides that all provisions that apply to Medicaid under sections 1902(a)(77) of the Act,[5] the State plan mandate for compliance with provider and supplier screening, oversight, and reporting requirements in accordance with 1902(kk), and 1902(kk) of the Act, the specific State plan requirements regarding provider and supplier screening, oversight, and reporting, shall apply to CHIP. We proposed in new § 457.990 that all the provider screening, provider application, and moratorium regulations that apply to Medicaid providers will apply to providers that participate in CHIP. In addition, in this final rule with comment period, we refer to State Medicaid agencies as responsible for screening Medicaid-only providers. In some States, CHIP is not administered by the Medicaid agency. Throughout this final rule with comment period, with respect to those instances, “State Medicaid agency” should be read to encompass “Children's Health Insurance Program agency” where the two are separate entities.

Because it would be inefficient and costly to require States to conduct the same screening activities that Medicare contractors perform for dually-enrolled providers, we proposed that a State may rely on the results of the screening conducted by a Medicare contractor to meet the provider screening requirements under Medicaid and CHIP. Similarly, we proposed in § 455.410 that State Medicaid agencies may rely on the results of the provider screening performed by the State Medicaid programs and CHIP of other States. For Medicaid-only providers or CHIP-only providers, we proposed that States follow the same screening procedures that CMS or its contractors follow with respect to Medicare providers and suppliers.

As previously noted, section 1902(kk)(1) of the Act requires that State screening methods follow those performed under the Medicare program. For the sake of brevity, we will not restate those methods verbatim. We proposed that States follow the rationale that we have set forth for Medicare in section II.A.3. of this final rule with comment period, and that we use as the basis for § 455.450. For the types of providers that are recognized as a provider or supplier under the Medicare program, States will use the same screening level that is assigned to that category of provider by Medicare. For those Medicaid and CHIP provider types that are not recognized by Medicare, States will assess the risk posed by a particular provider or provider type. States should examine their programs to identify specific providers or provider types that may present increased risks of fraud, waste or abuse to their Medicaid programs or CHIP. States are uniquely qualified to understand issues involved with balancing beneficiaries' access to medical assistance and ensuring the fiscal integrity of the Medicaid programs and CHIP. However, where applicable, we expect that States will assess the risk of fraud, waste, and abuse using similar criteria to those used in Medicare. For example, physicians and non-physician practitioners, medical groups and clinics that are State-licensed or State-regulated would generally be categorized as limited risk. Those provider types that are generally highly Start Printed Page 5896dependent on Medicare, Medicaid and CHIP to pay salaries and other operating expenses and which are not subject to additional government or professional oversight would be considered moderate risk, and those provider types identified by the State as being especially vulnerable to improper payments would be considered high risk. States will then screen the provider using the screening tools applicable to that risk assigned. However, we did not propose to limit or otherwise preclude the ability of States to engage in provider screening activities beyond those required under section 1866(j)(2) of the Act, including, but not limited to, assigning a particular provider type to a higher screening level than the level assigned by Medicare.

As with the proposed screening provisions for Medicare, we solicited comments on the applicability of these proposals for Medicaid as well. We solicited comment on the proposed assignment of specific provider types to established risk categories, including whether such assignments should be released publicly, whether they should be reconsidered and updated according to an established schedule, and what criteria should be considered in making such assignments.

Based on the level of screening assigned to a provider or provider type, we proposed that States conduct the following screenings:

Table 9—Proposed Level of Risk and Required Screening for Medicaid and CHIP Providers

Type of screening requiredLimitedModerateHigh
Verification of any provider/supplier-specific requirements established by Medicaid/CHIPXXX
Conduct license verifications (may include licensure checks across State lines)XXX
Database Checks (to verify SSN and NPI, the NPDB, licensure, a HHS OIG exclusion, taxpayer identification, tax delinquency, death of individual practitioner, and persons with an ownership or control interest or who are agents or managing employees of the provider)XXX
Unscheduled or Unannounced Site VisitsXX
Criminal Background CheckX
FingerprintingX

Not all States routinely require persons with an ownership or control interest or who are agents or managing employees of the provider to submit SSNs or dates of birth (DOBs). Without such critical personal identifiers, it is difficult to be certain of the identity of persons with an ownership or control interest or who are agents or managing employees of the provider, and it may be difficult for States to conduct the screening proposed under this rule. Accordingly, and to be consistent with Medicare requirements, pursuant to our general rulemaking authority under section 1102 of the Act, we proposed in § 455.104 to require that States will require submission of SSNs and DOBs for all persons with an ownership or control interest in a provider. In addition to the amendment to § 455.104, we proposed to revise that section for the sake of clarity both for the disclosing entities' provision and the States' collection of the disclosures. We recognize that there may be privacy concerns raised by the submission of this personally identifiable information as well as concerns about how the States will assure individual privacy as appropriate; however, we believe this personally identifiable information is necessary for States to adequately conduct the provider screening activities under this final rule with comment period. We solicited comment specifically on this issue.

Although the level of screening may vary depending on the risk of fraud, waste or abuse the provider represents to the Medicaid program or CHIP, under section 1866(j)(2)(B)(i) of the Act, all providers would be subject to licensure checks. Therefore, we proposed that States be required to verify the status of a provider's license by the State of issuance and whether there are any current limitations on that license.

As stated previously, pursuant to section 2107(e)(1) of the Act, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(kk) of the Act apply to CHIP. Because we proposed a new regulation in Part 457 under which all provider screening requirements that apply to Medicaid providers would apply to providers that participate in CHIP, these requirements for provider screening and assigning of categories of risk of fraud, waste, or abuse, as well as verification of licensure, under § 455.412 and § 455.450 will apply in CHIP.

Comment: Commenters expressed concerns about new and existing disclosure requirements under § 455.104, including our proposal to add to the disclosure requirements collection of SSNs and DOBs of persons with an ownership or control interest in the disclosing entity. Some States support the proposal, already having instituted the disclosure requirement in their enrollment application procedures. Other States support the proposal but request additional time for implementation, including forms and system changes. Two States expressed concern about the impact the requirement might have upon beneficiary access to providers.

Response: We will not address the comments directed at the existing language of § 455.104. The regulation was rearranged for ease of application by States and disclosing entities, but with the exception of the addition of SSNs and DOBs, as well as changes suggested by a few commenters regarding corporate entity addresses and familial relationships, the language is substantially unchanged from the language currently in effect. We acknowledge the commenters' concerns about collection of SSNs and DOBs, however, collection of SSNs and DOBs is necessary to complete the screening process and be certain of the identity of the party being screened. We recognize that the addition of SSNs and DOBs and other improvements in disclosure collection will require systems and forms changes and States will need time for implementation. We encourage States to contact us about their specific timeframes. Furthermore, we do not believe that this requirement will have an adverse impact on beneficiary access as the majority of disclosure requirements have not changed, and our experience with the same requirement in Medicare indicates that such a requirement does not adversely impact beneficiary access.

Comment: Other commenters made recommendations on language changes that would clarify § 455.104(b)(1)(i) regarding the address of corporate entities with ownership or control of disclosing entities; § 455.104(b)(2) regarding familial relationships; and § 455.104(b)(4) regarding SSNs and DOBs of managing employees.

Response: We agree with the commenters that § 455.104(b)(1)(i) should be clarified regarding addresses Start Printed Page 5897of corporate entities with ownership or control of disclosing entities and accordingly will revise § 455.104(b)(1)(i) to clarify from whom the name and address must be provided and to require the disclosing entity to supply primary business address as well as every business location and P.O. Box address, if applicable. We agree that § 455.104(b)(2) should be clarified regarding to whom the spouse, parent, child, or sibling is related, and we are revising § 455.104(b)(2) accordingly. We agree that § 455.104(b)(4) should be clarified to require managing employees to provide SSNs and DOBs, as that was the intent of the proposal, and we are revising § 455.104(b)(4) accordingly.

Comment: Several commenters expressed concern regarding collection of disclosures under § 455.104. One commenter expressed concern about the confidentiality and privacy of board member identity and the protection from disclosure to the general public. Other commenters were concerned that not-for-profit board members were volunteers and might not serve were they compelled to provide their SSNs and DOBs as a condition of the entity being enrolled.

Response: We have previously provided guidance to States that § 455.104 requires disclosures from persons with ownership and control interests in the disclosing entity, which includes officers and directors of a disclosing entity that is organized as a corporation, without regard to the for-profit or not-for-profit status of that corporation. That guidance is available at http://www.cms.gov/​FraudAbuseforProfs/​Downloads/​bppedisclosure.pdf. We are sensitive to the concerns related to confidentiality of identifiable information such as SSNs. We are also concerned about issues that arise out of identity theft. We encourage States to institute appropriate safeguards to protect the information they gather as required by these rules. However, collection of disclosures including the SSNs and DOBs of persons with ownership and control interests in a disclosing entity, and of managing employees, is necessary to protect the integrity of the State Medicaid programs. Therefore, we are finalizing the proposal requiring provision of SSNs and DOBs.

Comment: One commenter sought clarification whether the disclosure requirements in § 455.104 apply to IHS providers.

Response: This rule does not make any changes about whom disclosures must be provided, but rather simply adds additional items of information that must be disclosed. The boards of IHS facilities were not previously subject to the—disclosure requirements in § 455.104, and accordingly, are not subject to the additional disclosure requirements imposed by this rule.

Comment: Commenters expressed concern about the applicability of § 455.104 to public school districts. Public schools deliver Medicaid school based health services to Medicaid eligible children and therefore are enrolled as Medicaid providers. The commenters objected to the proposed requirement in § 455.104 that the schools provide the SSNs and DOBs of persons with controlling interests of the provider, which they interpreted to include the SSNs and DOBs of school board members. The majority of the commenters stated that the public school districts were closely regulated by numerous checks and balances and there was a low likelihood that fraud would be perpetrated in schools, therefore, the collection of SSNs and DOBs from public school districts was unnecessary.

Response: As previously noted, this rule does not change about whom disclosures must be provided, but rather what information must be disclosed. Except to the extent that any public school districts may be organized as corporations, they were not previously required to make disclosures about their boards, nor are they required to under this new rule.

Comment: Several commenters expressed concern regarding the license verification requirement in § 455.412. One commenter noted that it would be administratively inefficient, costly, and unrealistic for States to verify each provider applicant's licensure status in another State. Another commenter offered that searching its database containing multi-State licensure data would be more efficient than requiring States to search State by State.

Response: Holding a valid professional license should be a prerequisite in any State prior to assignment of a Medicaid provider identification number. Medicaid beneficiaries have a right to be treated only by those providers that have been deemed by the licensing boards of their States to be eligible to treat them. As a matter of public policy, it is not unreasonable to expect that licensure status of all in-State and out-of-State providers be checked prior to enrollment, and that any limitations on their licenses be checked as well. Out-of-State provider applicants submit licensure information including status to the Medicaid agency with their application. While verification of out-of-State licensure may be challenging, all those Medicaid agencies that enroll out-of-State providers have the obligation to verify licensure status of out-of-State providers as well. We appreciate the commenter's suggestion of its database of provider information. We are aware that State licensing boards maintain publicly available information that neighboring States may access. It is within the States' discretion which databases to check.

Comment: A commenter requested clarification of whether license verification was required when the chart at 75 FR 58214 states that license verification “may include licensure checks across State lines” thereby implying that licensure checks across State lines are permissive, not mandatory.

Response: The State Medicaid agency must verify the licensure of a provider applicant in the State in which the provider applicant purports to be licensed. If an out-of-State provider submitted an application for enrollment, the State Medicaid agency would be required to verify license across State lines.

a. Database Checks—Medicaid and CHIP

States employ several database checks, including database checks with the Social Security Administration and the NPPES, to confirm the identity of an individual or to ensure that a person with an ownership or control interest is eligible to participate in the Medicaid program.

A critical element of Medicaid program integrity is the assurance that persons with an ownership or control interest or who are agents or managing employees of the provider do not receive payments when excluded or debarred from such payments. Accordingly, in § 455.436, we proposed that States be required to screen all persons disclosed under § 455.104 against the OIG's LEIE and the General Services Administration's EPLS. We proposed that States be required to conduct such screenings upon initial enrollment and monthly thereafter for as long as that provider is enrolled in the Medicaid program.

We also proposed at § 455.450, as well as § 455.436, that database checks be conducted on all providers on a pre- and post-enrollment basis to ensure that providers continue to meet the enrollment criteria for their provider type.

As previously stated, pursuant to section 2107(e)(1) of the Act, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(kk) of the Act also apply to CHIP. Because we proposed a new regulation in Part 457 Start Printed Page 5898under which all provider screening requirements that apply to Medicaid providers will apply to providers that participate in CHIP, this requirement for database checks under § 455.436 and § 455.450 apply in CHIP.

We received many comments on the database requirements in § 455.436 from States concerned about the administrative burden presented by searching several databases upon enrollment, and both the LEIE and the EPLS on a monthly basis by the names of both the provider and those with ownership or control interests in the provider and managing employees of the provider.

Comment: Some commenters questioned whether there were costs associated with accessing the databases. The commenters suggested that CMS establish a centralized database that States could access, including using an automated, rather than manual, search, all at no cost to States. One State suggested that the databases be accessible through automated data exchanges and that any cost to the States be waived to avoid barriers to compliance with the rule. Two other States questioned whether there were costs associated with accessing the databases that must be considered. Other commenters suggested a delay or elimination of the proposed requirement at § 455.436(c)(2) until CMS established such a centralized database.

Response: We are aware that there may be costs to the State Medicaid agency associated with checking some databases. However, § 455.436 enumerates databases that most State Medicaid agencies already check in their routine provider enrollment operations. In addition, we have previously issued guidance to State Medicaid Directors recommending searching the LEIE on a monthly basis by the names of enrolled providers and for providers, by the names of their employees and contractors. Those guidance documents are available here: http://www.cms.gov/​smdl/​downloads/​SMD061208.pdf and http://www.cms.gov/​SMDL/​downloads/​SMD011609.pdf. Many States have already adopted the recommendations in their enrollment policies. More recently, in September 2010, we provided guidance to program integrity directors on the availability of the LEIE and EPLS for exclusion searches. That guidance document is available here: http://www.cms.gov/​FraudAbuseforProfs/​Downloads/​bppedisclosure.pdf.

Accordingly, we are finalizing § 455.436 to require State Medicaid agencies to conduct Federal database checks.

Comment: A commenter questioned whether other databases will be prescribed in the final rule with comment period or whether States will be notified of requirements in another fashion.

Response: In § 455.436(b), we proposed that the States be required to check “any such other databases as the Secretary may prescribe.” We are not prescribing additional databases in the final rule with comment period. However, in response to evolving circumstances, the Secretary may issue guidance to States regarding checking specific databases.

Comment: One commenter sought clarification on which of a provider's managing employees the State Medicaid agency must search in the exclusions databases. The commenter noted that some large providers like hospitals have many managing employees that may be subject to the proposed database checks.

Response: We recognize the burden that conduct of database checks of managing employees may pose for providers with managing employees at multiple levels or locations in its organizations. Nevertheless, database checks must be conducted for all persons disclosed under § 455.104, including managing employees who could compromise or place in jeopardy a provider's compliance with Medicare, Medicaid, or CHIP requirements.

Comment: One commenter noted that State vital statistics information may be more accurate than the Social Security Administration's Death Master File. The commenter suggested allowing States to check against their own vital records systems and not require the States to check against the Social Security Administration's file.

Response: While on an anecdotal basis State records may be more accurate than the Social Security Administration's Death Master File, it is the Death Master File that is the national file of record. Therefore, we are finalizing the requirement that State Medicaid agencies check the Social Security Administration's Death Master File. However, under § 455.436(c)(1) a State may also consult other appropriate databases to confirm identity upon enrollment and reenrollment.

Comment: Another commenter noted that the Social Security Administration only allows SSN verification for W-2 purposes. The commenter recommended removing the reference to checks of “applicable” Social Security Administration databases from the database check requirement.

Response: We express no opinion as to the accuracy of the commenter's statement regarding SSN verification, but agree with the commenter that the database check requirement in this rule should be more explicit. Accordingly, we are revising § 455.436 to indicate a check of the “Social Security Administration's Death Master File” rather than “applicable databases”.

Comment: A few commenters requested clarification regarding which database States must check for verification of tax identifications and tax delinquencies and how the States would use that information as a tool for screening providers.

Response: Although we believe that verifying taxpayer identification and checking for tax delinquencies may be useful indicators of fraud to a State Medicaid program, access to that information is limited and may not be feasible in the short term. Therefore, we are not finalizing those requirements as suggested by Table 5 under “Type of Screening Required”.

Comment: One commenter asked whether it was our intention to require providers also to check their employees for exclusions on a monthly basis. The proposed regulation at § 455.436 does not require providers to check their employees for exclusions.

Response: We issued guidance on June 12, 2008, to State Medicaid Directors recommending that they check their enrolled providers for exclusions on a monthly basis. We followed up that guidance on January 16, 2009, with guidance to State Medicaid Directors recommending that they require their enrolled providers to check the providers' employees and contractors for exclusions on a monthly basis. Those letters are available at: http://www.cms.gov/​smdl/​downloads/​SMD061208.pdf and http://www.cms.gov/​SMDL/​downloads/​SMD011609.pdf. Many States made our recommendations their policy.

Section 455.436 does not mandate that States require their providers to check the LEIE and EPLS on a monthly basis to determine whether the providers' employees and contractors have been excluded. We do, however, recommend that States consider making this a requirement for all providers and contractors, including managed care contractors in their Medicaid programs and CHIP.

b. Unscheduled and Unannounced Site Visits—Medicaid and CHIP

Section 1866(j)(2)(B)(ii)(III) of the Act states that the Secretary, based on the risk of fraud, waste, and abuse, may conduct unscheduled and unannounced Start Printed Page 5899site visits, including pre-enrollment site visits, for prospective providers and those providers already enrolled in the Medicare and Medicaid programs and CHIP.

Some States already require site visits, often for provider categories at increased risk of fraud, waste or abuse such as home health and non-emergency transportation. According to FY 2008 State Program Integrity Assessment (SPIA) data, at least 16 States report that they perform some type of site visits. However, such efforts vary widely across the country and are subject to budget shortfalls.

We proposed to require in § 455.432 and § 455.450(b) that States must conduct pre-enrollment and post-enrollment site visits for those categories of providers the State designates as being in the “moderate” or “high” level of screening.

Further, in § 455.432, pursuant to our general rulemaking authority under section 1102 of the Act, we proposed that any enrolled provider must permit the State Medicaid agency and CMS, including CMS' agents or its designated contractors, to conduct unannounced on-site inspections to ensure that the provider is operational at any and all provider locations.

We maintain that site visits are essential in determining whether a provider is operational at the practice location found on the Medicaid enrollment agreement. We expect these requirements to increase the number of both pre-enrollment and post-enrollment site visits for those provider types that pose an increased financial risk of fraud, waste, or abuse to the Medicaid program.

We proposed that failure to permit access for site visits would be a basis for denial or termination of Medicaid enrollment as specified in § 455.416.

As stated previously, pursuant to section 2107(e)(1) of the Act, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(kk) of the Act apply to CHIP. Because we proposed a new regulation in Part 457 under which all provider screening requirements that apply to Medicaid providers will apply to providers that participate in CHIP, this requirement for site visits under § 455.432 apply in CHIP.

Comment: Some commenters were supportive of the proposal for pre-enrollment and post-enrollment site visits in § 455.432, although they noted that they would need additional funding for travel or for contractors to conduct the site visits. Some commenters stated that the States should have the discretion to define which providers are subject to pre- and post-enrollment site visits and when the site visits are conducted, for example, by established risk categories or an automatic flag that demonstrates that billing has gotten to a certain threshold thus requiring an onsite visit. A few commenters stated that the site visits were an undue burden on States. One commenter stated that the site visits were unnecessary given that other more cost-effective methods could prevent enrollment of providers who are using fraudulent identity, such as annual re-enrollment, license verification, and follow-up when a duplicate provider ID or address is used. Another commenter noted that pre-enrollment site visits could delay enrollment as a result of inclement weather.

Response: We recognize that conduct of site visits will place a burden on State budgets and staff time, and may be difficult to accomplish in rural areas or in inclement weather. However, site visits are a requirement depending on the risk the provider represents to the Medicaid program. In response to the commenters that suggested that States should have the discretion to define which providers are subject to pre- and post-enrollment site visits: The site visits are required for those providers that are determined to be a moderate or high categorical risk of fraud, waste, or abuse. In addition to the required site visits for providers in the moderate and high screening levels, the State may also conduct site visits at its discretion. While there may be other means to verify whether a provider is a going concern or whether a provider has a business location, conduct of site visits is one method that is required by this regulation. The State has the discretion to utilize other additional methods to prevent enrollment of non-existent providers or to ensure that spurious applications are not processed.

Comment: A few commenters sought clarification on what the expectations were for site visits when the provider performed services in the beneficiary's home, for example, personal care services; or for out-of-State providers or rural providers.

Response: If a Medicaid-only provider is in the moderate or high screening level, the State Medicaid agency does not have the discretion whether to conduct a site visit: It is required under § 455.432(a) and § 455.450(b). However, pursuant to § 455.452, States are permitted to establish additional or more stringent screening measures than those required by this final rule with comment period. Thus, for providers that are in the limited screening level, the State has the discretion to determine whether to conduct site visits, based on whatever factors the State deems appropriate. We recognize that the appropriate location of the site visit may differ based upon the provider type. For example, the personal care services agency is the enrolled provider, so its location would likely be subject to a site visit. While its employee the personal care attendant may not be an enrolled provider with the State Medicaid agency, it may also be appropriate to conduct a site visit in a beneficiary's home where the personal care attendant is providing services to ensure that services are in fact being provided appropriately. It would be within the discretion of the State Medicaid agency to determine whether to conduct an additional site visit for a provider in the limited screening level. With respect to providers in rural locations, the mere fact that the provider is in a rural location does not absolve the State Medicaid agency of its responsibility to conduct site visits. Similarly, for out-of-State providers, the mere fact that a provider in the moderate or high screening level is located in another State would not negate the requirement for a site visit, although we note that § 455.410 permits States to rely upon the screening performed by Medicare and by other State Medicaid programs and CHIP. Therefore, no additional site visit would be required if the provider is also enrolled by Medicare or in Medicaid or CHIP in its home State.

c. Provider Enrollment and Provider Termination—Medicaid and CHIP

States may refuse to enroll or may terminate the enrollment agreement of providers for a number of reasons related to a provider's status or history, including an exclusion from Medicare, Medicaid, or any other Federal health care program, conviction of a criminal offense related to Medicare or Medicaid, or submission of false or misleading information on the Medicaid enrollment application. Failure to provide disclosures is another reason for termination from participation in the Medicaid program.

Federal regulations beginning at § 455.100 require certain disclosures by providers to States before enrollment. States require additional disclosures prior to enrollment. Some States require periodic re-enrollment and disclosure at that time. However, States vary in the frequency of such re-disclosures. Providers are also inconsistent in keeping their enrollment information current, including items as elementary as their address.

We proposed, at § 455.414, pursuant to our general rulemaking authority Start Printed Page 5900under section 1102 of the Act, that all providers undergo screening pursuant to the procedures outlined herein at least once every 5 years, consistent with current Medicare requirements for revalidation.

In § 455.416, we proposed to establish termination provisions, requiring States to deny or terminate the enrollment of providers: (1) Where any person with an ownership or control interest or who is an agent or managing employee of the provider does not submit timely and accurate disclosure information or fails to cooperate with all required screening methods; (2) that are terminated on or after January 1, 2011 by Medicare or any other Medicaid program or CHIP (see section II.F. of this final rule with comment period); and (3) where the provider or any person with an ownership or control interest or who is an agent or managing employee of the provider fails to submit sets of fingerprints within 30 days of a State agency or CMS request. We proposed to permit States to deny enrollment to a provider if the provider has falsified any information on an application or if CMS or the State cannot verify the identity of the applicant. We also proposed to require States to deny enrollment to providers, unless States determine in writing that denial of enrollment is not in the best interests of the State's Medicaid program, in these circumstances: (1) The provider or a person with an ownership or control interest or who is an agent or managing employee of the provider fails to provide accurate information; (2) the provider fails to provide access to the provider's locations for site visits, or (3) the provider, or any person with an ownership or control interest, or who is an agent or managing employee of the provider has been convicted of a criminal offense related to that person's involvement in Medicare, Medicaid, or CHIP in the last 10 years. We believe that providers can significantly reduce the likelihood of fraud, waste or abuse by providing and maintaining timely and accurate Medicaid enrollment information. We believe the Medicaid program will be better protected by not allowing persons with serious criminal offenses related to Medicare, Medicaid, and CHIP to serve as providers.

We proposed at § 455.416 that the State be allowed to deny an initial enrollment application or agreement submitted by a provider or terminate the Medicaid enrollment of a provider, including an individual physician or non-physician practitioner, if CMS or the State is not able to verify an individual's identity, eligibility to participate in the Medicaid program, or determines that information on the Medicaid enrollment application was falsified.

In § 455.420, we proposed to require that any providers whose enrollment has been denied or terminated must undergo screening and pay all appropriate application fees again to enroll or re-enroll as a Medicaid provider.

We proposed at § 455.422 that in the event of termination under § 455.416, the State Medicaid agency must give a provider any appeal rights available under State law or rule.

As stated previously, pursuant to section 2107(e)(1) of the Act, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(kk) of the Act apply to CHIP. Because we proposed a new regulation in Part 457 under which all provider screening requirements that apply to Medicaid providers will apply to providers that participate in CHIP, these requirements for provider enrollment, provider termination, and provider appeal rights under § 455.414, § 455.416, § 455.420, and § 455.422 apply in CHIP.

Comment: Several commenters expressed concern regarding the requirement under § 455.414 related to a 5 year re-screening process. Some commenters stated that they already required a periodic re-enrollment process and CMS should take into consideration the States' existing processes and grant the States the flexibility to employ those existing processes.

Other commenters noted that the additional enrollments would place administrative and fiscal burdens on the States. Several commenters noted that they would need an extended period to implement the new requirements of the proposed rule, including the requirement set forth at § 455.414.

One commenter sought clarification whether all providers currently enrolled and that have been enrolled for 5 years would be up for revalidation when the regulation became effective; and whether currently enrolled providers could be revalidated over a 5-year timeframe to diminish the administrative burden on State Medicaid agency staff.

Another commenter sought clarification whether the requirement was for re-screening or for re-enrollment at least every 5 years; whether the requirement would apply to all enrolled providers including rendering providers, or just to ordering or referring physicians and other professionals who are the subject of the requirements set forth at § 455.410 and § 455.440; and whether CMS would give affected providers notice of the need to re-enroll.

Response: Periodic re-validation of enrollment information affords States the opportunity to ensure their provider rolls do not contain providers that have been excluded from participation in the Federal health care programs. The State Medicaid agencies can cull from their provider rolls those providers that have not submitted claims for payment or referred claims for payment in several years. Without removing those providers' numbers during a periodic re-enrollment process, those providers' numbers might be used at a later date in a fraudulent scheme: The providers may have been unwitting victims of identity theft or may have participated in selling their provider numbers.

The proposed requirement at § 455.414 describes screening of all providers at least every 5 years. Screening, as performed by the Medicare Administrative Contractors for all dually participating providers, and by the State Medicaid agency or CHIP for those providers that are not also participating in the Medicare program, should be distinguished from enrollment, a function performed by the State Medicaid agency or CHIP to participate in the Medicaid program or CHIP of a given State. Screening would involve various assessments commensurate to the risk the provider posed to the Medicaid program or CHIP, including license verification, database checks, site visits, background checks, and fingerprinting. Enrollment may involve all of those, as well as collection of disclosures required under § 455.104, § 455.105, and § 455.106, and a host of State-specific requirements.

We applaud States that already require periodic re-enrollment of Medicaid providers. For the sake of consistency with the Medicare program, however, we are finalizing § 455.414 as a 5 year re-validation of enrollment information, which includes re-screening as well as the collection of updated disclosure information, for providers regardless of provider type, including, but not limited to, rendering, ordering, and referring physicians, and other professionals. The screening component of the 5 year re-validation will be conducted by either the Medicare Administrative Contractors (for dually-participating providers) or by the States (for Medicaid-only or CHIP-only providers). The collection of updated enrollment information, including, but not limited to, disclosure information will be the province of the State Medicaid agencies, and subject to their existing procedures, therefore, we will not issue notices of the need to Start Printed Page 5901revalidate enrollment information to the affected providers.

State Medicaid agencies should complete the first re-validation cycle by 2015, with 20 percent of providers being re-validated each year beginning 2011. State Medicaid agencies have the discretion to determine which providers or provider types to re-validate enrollment first. However, they may want to consider re-validating enrollment in the first years of the cycle those providers or provider types that pose the greatest risk of fraud, waste or abuse to the Medicaid program and CHIP.

Comment: We received comments from States supportive of the proposed bases for denial of enrollment or termination of enrollment in § 455.416, but concerned about the time they would need for implementation to amend State laws and rules and to amend provider agreements. One State commented that it would be administratively inefficient, costly, and unrealistic for each State to independently confirm providers' enrollment status or termination history in another State's Medicaid program or CHIP.

Response: We believe that the bases for denial of enrollment or termination of enrollment in § 455.416 are necessary to protect the integrity of the Medicaid program. Therefore, prompt implementation of these additional bases for denial or termination will serve each State and Medicaid programs nationally. We acknowledge the additional burden that new bases for denial and termination will create for State Medicaid programs, for example, in changes to systems and forms, and changes to provider agreements. We are currently examining to what extent we can support a centralized information sharing solution for provider enrollment across programs and across States. However, we note that termination based on termination by Medicare or by another State's Medicaid program is a statutory requirement effective January 1, 2011.

Comment: One commenter recommended that the reasons for provider termination should be outlined and given to the provider upon denial or termination. The commenter noted that the provider would then have the ability to address or correct deficiencies prior to resubmitting its enrollment application. This requirement, the commenter noted, would be in addition to any appeal rights.

Response: We have provided for a right of appeals to the extent they are available under a State's existing laws or rules. While we recognize that the commenter's suggestion may be helpful, and States may elect to adopt it, we will not be disrupting a State's procedures under its existing laws or rules with this regulation.

Comment: One State recommended an addition to the language of § 455.416(g)(1) to recognize that a provider's omissions may be as egregious as its falsified statements.

Response: We appreciate the commenter's suggestion to cover all possible situations when a provider may have misled the State in the application process. However, § 455.416(d) addresses termination for a failure to submit timely and accurate information which would include omissions to provide information. Therefore we decline to revise section § 455.416(g)(1).

Comment: A State requested clarification on how rigorous the State's efforts must be to verify the identity of the provider applicant or whether a background check is sufficient.

Response: The State Medicaid agencies have the discretion to determine the steps that are appropriate to verify the identity of the provider applicant, which may include, but would not be limited to, verification of licensure, database checks, and criminal background checks.

d. Criminal Background Checks and Fingerprinting—Medicaid and CHIP

Section 1866(j)(2)(B)(ii)(II) of the Act allows the Secretary to use fingerprinting during the screening process; and while several States have implemented procedures to require fingerprinting of physicians and non-physician practitioners as a condition of licensure, we maintain that if a State designates a provider as within the high level of screening as described previously, each person with an ownership interest in that provider should be subject to fingerprinting.

Adding fingerprinting to State screening processes for those providers that pose the greatest risk to the Medicaid program will allow CMS and the State to: (1) Verify the individual's identity; (2) determine whether the individual is eligible is participate in the Medicaid program; (3) ensure the validity of information collected during the Medicaid enrollment process; and (4) prevent and detect identity theft. Ensuring the identity of “high” risk Medicaid providers through fingerprinting protects both the Medicaid program and providers whose identities might otherwise be stolen as part of a scheme to defraud Medicaid.

In addition, while § 455.106 requires providers to submit information to the Medicaid agency on criminal convictions related to Medicare and Medicaid and title XX, current regulations do not require States to verify data submitted as part of the Medicaid enrollment application and they are sometimes not able to verify information that was purposefully omitted or changed in a manner to obfuscate any previous criminal activity. According to fiscal year (FY) 2008 SPIA data, at least 20 States report that they conduct some type of criminal background check as part of their Medicaid enrollment practices.

Elements of a robust criminal background check could include, but not are necessarily limited to: (1) Conducting national and State criminal records checks; and (2) requiring submission of fingerprints to be used for conducting the criminal records check and verification of identity.

We proposed in § 455.434 and § 455.450 for those categories of providers that a State Medicaid agency determines is within the high level of screening, the State must: (1) Conduct a criminal background check of each provider and each person with an ownership or control interest or who is an agent or managing employee of the provider, and (2) require that each provider and each person with an ownership or control interest or who is an agent or managing employee of the provider to submit his or her fingerprints. The State Medicaid agency has the discretion to determine the form and manner of submission of fingerprints.

At § 455.434, we proposed that the State Medicaid agency must require providers or any person with an ownership or control interest or who is an agent or managing employee of the provider to submit fingerprints in response to a State's or CMS' request.

We solicited public comment on the appropriateness of using criminal background checks in the provider enrollment screening process, including the instances when such background checks might be appropriate, the process of notifying a provider or individual that a criminal background check is to be performed, and the frequency of such checks.

We also solicited comment on the use of fingerprinting as a screening measure. We recognize that requesting, collecting, analyzing, and checking fingerprints from providers are complex and sensitive undertakings that place certain burdens on affected individuals. There are privacy concerns and operational concerns about how to assure individual privacy, how to check fingerprints against appropriate law enforcement fingerprint data bases, and how to store Start Printed Page 5902the results of the query of the databases and also how to handle the subsequent analysis of the results. As a result, we solicited comments on how CMS or a State Medicaid agency should maintain and store fingerprints, what security processes and measures are needed to protect the privacy of individuals, and any other issues related to the use of fingerprints in the enrollment screening process. We expressed interest in comments on this and other possible circumstances in which fingerprinting would be potentially useful in provider screening or other fraud prevention efforts. Our proposed screening approach contemplated requesting fingerprints from providers assigned to the high level for screening. We solicited comments on whether this is an appropriate requirement, the circumstances under which it might be appropriate or inappropriate, and any alternatives to the proposed approach regarding fingerprints. Our proposed approach would allow States to deny enrollment to newly enrolling providers and to terminate existing providers if the provider or if individuals who have an ownership or control interest in the provider or who are agents or managing employees of the provider refuse to submit fingerprints when requested to do so. We solicited comments on this proposal including its appropriateness and utility as a fraud prevention tool.

In addition, we solicited comment on the applicability and appropriateness of using, in addition to or in lieu of fingerprinting, other enhanced identification techniques and secure forms of identification including but not limited to passports, United States Military identification, or Real ID drivers licenses. As technology and secure identification techniques change, the tools we or State Medicaid agencies use may change to reflect changes in technology or in risk identification. We solicited comment on the appropriate uses of these techniques and the ways in which we should notify the public about any tools CMS or State Medicaid agencies would adopt. We also welcomed comments on whether there should be differences allowed between Federal and State techniques, or among States, and if so, on what basis.

As stated previously, pursuant to section 2107(e)(1) of the Act, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(kk) of the Act apply to CHIP. Because we proposed a new regulation in Part 457 under which all provider screening requirements that apply to Medicaid providers will apply to providers that participate in CHIP, these requirements for criminal background checks and fingerprinting under § 455.434 will apply in CHIP.

Comment: A number of commenters noted the undue and significant burden on the States and providers that the criminal background check requirement in § 455.434, and specifically the fingerprint requirement, would pose. These commenters noted that State Medicaid agencies do not have the staff or expertise to conduct the checks. One commenter stated that enforcement of this provision will have deleterious effects on the Medicaid provider network and act as a barrier to care, and recommended removing the fingerprinting and background check requirements for high risk providers.

Other commenters were supportive of the proposal to conduct criminal background checks and collection of fingerprints, noting that the proposal was intended to screen out unscrupulous providers. One commenter recognized that the proposal to add fingerprinting of high risk entities was a way to evaluate the background of potential providers, to identify fraud and prevent individuals with known criminal backgrounds from participating in Medicaid.

Other commenters were concerned about the relative cost and efficiency of conducting the criminal background checks. Several commenters suggested that the background checks be at the States' discretion. One commenter suggested that CMS conduct any necessary fingerprinting, regardless of whether the person or entity is enrolled in Medicare. Another commenter recommended that CMS consider limiting FBI criminal background checks to cases in which there is reasonable cause to believe the subject may have a criminal record in another State.

Response: We have considered all the comments received and are sensitive to the burden the criminal background checks and fingerprinting will pose to the State Medicaid agencies and the affected providers. However, we believe that criminal background checks are an effective means of evaluating a high risk provider. Furthermore, we believe that fingerprinting high risk providers and their owners are worthwhile endeavors to determine identity and whether the provider and other individuals have been involved in criminal activities that would adversely impact the Medicaid program. While we are finalizing the requirement to conduct criminal background checks and collect fingerprints for high risk providers, the requirement will be limited to providers and persons with a five percent or more direct or indirect ownership interest in the provider. There will be no requirement to conduct criminal background checks on, or collect the fingerprints of, persons with a control interest in the provider or the agents or managing employees of high risk providers. However, we intend to monitor the situation and may seek to extend the scope of fingerprint-based criminal background checks in the future if circumstances warrant. We are making the appropriate changes to § 455.434. States will not be required to implement criminal background checks and fingerprinting until we issue additional guidance. To the extent that States have the ability to conduct background checks and collect fingerprints at this time, it is within their discretion to do so prior to the delayed implementation date. States have the discretion to impose more stringent requirements for Medicaid-only and CHIP-only providers than those we are requiring.

Comment: One commenter asked how results of criminal background checks would be communicated in data available to States from CMS.

Response: We are currently examining to what extent we can support a centralized information sharing solution for provider screening results across programs and across States. The individual results of a criminal background checks performed, however, would likely be sent directly to the agency requesting the background check from the entity that performed the check.

Comment: One commenter asked whether there would be standard criteria that define the types of convictions that warrant denial of a provider's application.

Response: Whether to deny enrollment or to terminate enrollment are decisions that are within the discretion of each State Medicaid agency in accord with § 455.416. Thus, the types of convictions that warrant denial of enrollment would be at the discretion of the State Medicaid agency.

Comment: Some commenters asked what level of background check was required, for example, were State Medicaid agencies expected to do a Federal criminal background check or a State criminal background check.

Response: While it is within the State Medicaid agency's discretion to decide whether to conduct State or Federal background checks for Medicaid-only providers, we recommend that the State conduct Federal criminal background checks which would provide information that is national in scope and therefore would be more complete.Start Printed Page 5903

Comment: A few commenters questioned which databases a States should consult to compare fingerprints against in order to do the screening under this provision, in the event that law enforcement is not available to review the fingerprints?

Response: We are not aware of databases that the State Medicaid agencies might search, however, there are vendors that provide the service for a fee.

Comment: One commenter questioned whether the State Medicaid agency must perform a criminal background check in its State only or in the neighboring State for a provider applicant that only provides services in the neighboring State.

Response: The States have the discretion to decide, however, we would recommend conducting a FBI criminal history record check, which would provide information that is national in scope and therefore would be more complete and would be preferable to a State background check in either the enrolling State or the neighboring State.

Comment: Some commenters noted that fingerprints created a logistical concern for the State Medicaid agencies. Once they have obtained the fingerprint cards from the providers, should the States maintain the files, how should they maintain the cards, and for how long? If electronic files, how should the States maintain those files?

Response: The State Medicaid agencies should follow their existing records retention laws and procedures, however we recommend that the State Medicaid agencies retain the files for at least 5 years, until the provider's revalidation. To the extent that a State Medicaid agency itself receives the fingerprints submitted, we expect them to maintain those files in a secure manner to protect the privacy of the individual who submitted the fingerprints.

Comment: One commenter suggested that the provision be revised so that it does not require two copies of the fingerprint card but allows for collection of two copies if the State determines that two copies are needed.

Response: We agree, and are making that change to § 455.434.

e. Deactivation and Reactivation of Provider Enrollment—Medicaid and CHIP

Section 1902(kk)(1) of the Act requires the screening of Medicaid providers to ensure they are eligible to provide services and receive payments. In an effort to further protect the Medicaid program and to be consistent with longstanding Medicare requirements, we proposed in § 455.418 that any Medicaid provider that has not submitted any claims or made a referral that resulted in a Medicaid claim for a period of 12 consecutive months must have its Medicaid provider enrollment deactivated. Further, under § 455.420, we proposed that any such provider wishing to be reinstated to the Medicaid program must first undergo all disclosures and screening required of any other applicant. In addition, we proposed that the provider must pay any associated application fees under § 455.426.

As stated previously, pursuant to section 2107(e)(1) of the Act, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(kk) of the Act apply to CHIP. Because we proposed a new regulation in Part 457 under which all provider screening requirements that apply to Medicaid providers will apply to providers that participate in CHIP, the proposed requirements for deactivation and reactivation of provider enrollment under § 455.418 and § 455.420 would apply in CHIP.

Comment: A few commenters supported the proposed requirement as written. A number of commenters were supportive of the spirit of this proposed requirement but suggested that we lengthen the timeframe to 24 months. Other commenters expressed concern regarding the applicability of the application fee when reactivating enrollment and suggested that Medicaid follow a streamlined reactivation process similar to what occurs in the Medicare program.

One State commenter expressed concern that the requirement to deactivate providers would necessitate deactivating one third of the State's enrolled providers. Other State commenters noted that out-of-State providers would routinely be deactivated because their billings are so infrequent.

Response: We recognize that many out-of-State providers provide occasional emergency treatment to Medicaid beneficiaries, and that requiring States to deactivate those providers after a year without billings would cause administrative burdens for the States and the providers. We believe States should have the discretion to police their own provider enrollment, although we recommend that States deactivate provider numbers that have not been used for an extended period of time.

After reviewing the comments received and other operational considerations we are not finalizing the requirement for deactivation of provider numbers after 12 months in § 455.418 at this time.

f. Enrollment and NPI of Ordering or Referring Providers—Medicaid and CHIP

Section 1902(kk)(7) of the Act provides that States must require all ordering or referring physicians or other professionals to be enrolled under a Medicaid State plan or waiver of the plan as a participating provider. Further, the NPI of such ordering or referring provider or other professional must be on any Medicaid claim for payment based on an order or referral from that physician or other professional.

Providers and suppliers under Medicare and providers in the Medicaid program are already subject to the requirement that the NPI be on applications to enroll and on all claims for payment, pursuant to section 6402(a) of the ACA, amending section 1128J of the Act, and under § 424.506, § 424.507, and § 431.107, as amended by the May 5, 2010 interim final rule with comment period (75 FR 24437).

In § 455.410, we proposed that any physician or other professional ordering or referring services for Medicaid beneficiaries must be enrolled as a participating provider by the State in the Medicaid program. We proposed that this would apply equally to fee for service providers or MCE network-level providers.

Additionally, we proposed to amend § 438.6 to require that States must include in their contracts with MCEs a requirement that all ordering and referring network-level MCE providers be enrolled in the Medicaid program, as are fee for service providers, and thus are screened directly by the State.

Although the NPI requirements in section 6402(a) of the ACA did not extend to CHIP providers, section 6401 of the ACA does apply equally to CHIP, and the proposed requirement for ordering and referring physicians or other professionals under the Medicaid program apply equally under CHIP.

In addition, in § 455.440, we proposed that all claims for payment for services ordered or referred by such a physician or other professional must include the NPI of the ordering or referring physician or other professional. We proposed that this would apply equally to fee for service providers or MCE network-level providers.

It is essential that all such claims have the ordering or referring NPI and that the State has properly screened the ordering or referring physician or other professional. Without such assurances, Start Printed Page 5904it is difficult for CMS or the State to determine the validity of individual claims for payment or to conduct effective data mining to identify patterns of fraud, waste, and abuse.

As stated previously, pursuant to section 2107(e)(1) of the Act, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(kk) of the Act apply to CHIP. Because we proposed a new regulation in Part 457 under which all provider screening requirements that apply to Medicaid providers will apply to providers that participate in CHIP, these requirements for provider enrollment and NPI under § 455.410 and § 455.440 apply in CHIP.

Comment: Many commenters expressed concern regarding whether the ordering and referring requirements in the proposed rule applied in the managed care environment. Many State, MCO, and association commenters also expressed concern regarding the impact that mandatory enrollment under § 455.410 would have upon Medicaid beneficiary access to providers. These commenters stated concerns about the ability to contract with providers and other professionals if there was a requirement for those providers to be enrolled with the State as participating providers. The MCO and association commenters also cited their concerns about network level providers wanting to control their practices and not being mandated to participate in the Medicaid program when their preference was to serve in a Medicaid MCO. In addition, a State commenter expressed the concern that they be able to attract MCOs to their programs to provide choice to beneficiaries.

Several State commenters also noted that adding managed care ordering and referring providers to their rolls in addition to the proposed requirement for re-enrollment every 5 years, as well as the other proposed screening requirements would impose administrative and fiscal burden on State resources.

A few association commenters suggested that States implement a registration process whereby MCO network level providers would engage in a process short of full enrollment with the Medicaid agency, solely for the purpose of screening. Several commenters also expressed concerned related to: (1) Consistency of screening across Medicare and Medicaid, and across the MAOs and Medicaid managed care; and (2) who would conduct the screening. There was some confusion about whether the MAOs and MCOs would conduct the screening of the network level providers, or whether Medicare contractors and State Medicaid agencies would conduct the screening. There was also the issue of MAO providers not being specifically required to be enrolled to order or refer for the items and services they ordered or referred for Medicare beneficiaries to be paid.

A few commenters noted the adequacy of current credentialing performed by Medicaid MCOs and the absence of any statement to the contrary justifying enrollment of network level ordering and referring providers.

Several State commenters questioned how the NPI requirement would apply in a managed care environment, when risk-based health plans file claims for payment for the services of their subcontracted network level providers based on the contract between the State and the risk-based health plan. The network level providers ordering or referring items or services do not file claims for payment as fee-for-service providers do.

Response: After careful consideration of the comments we received, as well as the statutory language, we have determined that the new requirements for ordering and referring physicians should not apply in a risk based managed care context. We do not believe it was the intent of the Congress to impose stricter requirements on the Medicaid program than are imposed in Medicare. To require Medicaid managed care providers that order or refer items or services for Medicaid beneficiaries to enroll as Medicaid participating providers when MAO providers are not also required to enroll in the Medicare program to order or refer items or services for Medicare beneficiaries would be to treat the programs unequally.

In consideration of the concerns for beneficiary access and the administrative burden that enrollment of MCO ordering and referring physicians and other professionals would impose on State Medicaid agencies, and in consideration of the parity of requirements for the Medicaid and Medicare programs, we are not requiring that ordering and referring physicians and other professionals in managed care risk based health plans enroll as participating providers by State Medicaid programs. Consequently, we are not finalizing the proposed change to § 438.6 that would have required State managed care contracts to require network level providers enroll with the Medicaid agency as participating providers.

We are limiting the exemption to risk based managed care. Section 1902(kk)(7) requires that States must require all ordering or referring physicians or other professionals to be enrolled under a Medicaid State plan or waiver of the plan as a participating provider. We want to give the greatest effect to the statute while creating the least adverse impact on beneficiaries. Had we extended the exemption to all forms of managed care, for example, we would have allowed physicians or other professionals that participate in primary care case management programs that operate under State plan waivers to avoid enrollment with a State's Medicaid program; or we would have allowed home and community based services program providers that order or refer to avoid enrollment, to the extent that a State requires such enrollment. We also gave consideration to the comments we received regarding access, burden on State processes, and credentialing. The State and managed care organization commenters expressed concerns about beneficiary access to managed care networks and providers, which would be likely to occur in the risk-based forms of managed care, but not in primary care case management, for example. The States also expressed concerns about the burden of enrolling as participating providers those physicians and other professionals in managed care. Again, we interpret their concerns to be about risk-based forms of managed care, rather than forms of managed care in which the provider or entity bears no risk, because in the vast majority of States network level providers in risk-based forms of managed care are not enrolled with the Medicaid agency. Primary case care managers, however, are already enrolled with the Medicaid agency as fee-for-service providers. In addition, risk-based managed care entities conduct credentialing required under Federal regulations and subject to the terms of the contracts between the States and the MCOs, PIHPs, or PAHPs. Providers that participate in non-risk-based forms of managed care are subject to the various enrollment requirements that each State may designate.

Given that managed care services are recorded in encounter claims, we recognize that it is not always possible for such an ordering or referring physician's or other professional's NPI to be reflected on such a claim. We leave it to the State's discretion, based in part on the capability of the State's systems, to require entrance of the NPI on the encounter record.

Comment: A commenter requested clarification on whether the requirement for ordering and referring physicians or other professionals to be enrolled with a State Medicaid agency would apply to professionals who may not be eligible to Start Printed Page 5905enroll in a State's Medicaid program but who provide services under the supervision of an enrolled provider and whose services are billed under the provider identification number of that eligible Medicaid enrolled provider.

Response: The requirement for other ordering or referring professionals to enroll with a State's Medicaid program as a participating provider would depend on whether a State's Medicaid program recognized the professional as a Medicaid provider. If it did not, there would be no requirement to enroll.

Comment: Several commenters expressed concern about the applicability of § 455.410 and § 455.440 to public school districts. Public schools deliver Medicaid school based health services to Medicaid eligible children and therefore are enrolled as Medicaid providers. Commenters expressed concern about public school-based providers, for example, speech language therapists, school psychologists, occupational therapists, and physical therapists, employed by public school districts being required to enroll with the Medicaid agency as ordering and referring physicians or other professionals. The commenters noted that public school based providers are able, but have not been required in the past, to get an NPI. Public school districts have included their NPI on claims and the clinicians are assigned unique provider identification numbers to facilitate identification of providers and services. Therefore, the commenters encourage an exemption for public school based providers from the NPI requirement.

Response: Public school based providers are subject to the ordering and referring requirements set forth in § 455.410 and § 455.440. However, as a way to minimize the administrative burden of enrolling additional providers, State Medicaid agencies may implement a streamlined enrollment process for those providers who only order or refer, that is, who do not bill for services, similar to the CMS-855-O process in the Medicare program. Additionally, State Medicaid agencies may delegate to State or local governmental agencies, such as public school districts, the responsibility to screen public school based providers and to assign unique provider identification numbers for claims identification.

Comment: Several commenters noted that the regulations at § 455.410 do not address whether CMS will provide a reliable mechanism or national database in which screening results can be shared. Without a method to obtain results from these other entities, States will have to screen all Medicaid providers at considerable cost. One commenter noted that Medicare and CHIP do not define providers the same way which will lead to confusion over who has been screened through Medicare and the sister agencies.

Response: We are currently examining to what extent we can support a centralized information sharing solution for provider enrollment across programs and across States.

Comment: Several commenters responded that the proposed regulation would be burdensome on both States and providers, requiring providers who do not normally work with the Medicaid program and new groups of providers to enroll. One commenter suggested that rather than being required to enroll with the Medicaid program, providers be permitted to use the NPI as evidence of successful Medicare screening and enrollment.

Response: We are sensitive to the additional burden that obtaining an NPI will pose, however, inclusion of the NPI on all Medicaid claims is a statutory requirement. The commenter suggested that providers enroll with Medicare and use the NPI as evidence of successful screening and enrollment. Providers should be aware that the NPI is not evidence of successful Medicare screening and enrollment, but providers who are actually enrolled in Medicare will not have to be screened again by the States to be enrolled in the Medicaid programs. The States may implement a streamlined enrollment process for those providers who only order or refer, that is, who do not bill for services, similar to the CMS-855-O process in the Medicare program.

Comment: One commenter described a scenario of a salaried hospital physician who was not enrolled by the State Medicaid agency, but the hospital that employed the physician was an enrolled, participating Medicaid provider. The commenter questioned whether the referral rule applied to the physician.

Response: Yes, the salaried hospital physician must enroll with the State Medicaid agency to order or refer for Medicaid beneficiaries.

Comment: A commenter sought clarification whether the order or referral rule applied when an order or referral was made prior to the Medicaid beneficiary being eligible for Medicaid.

Response: No, if the order or referral was made before the beneficiary was Medicaid eligible, then the beneficiary may have the order filled or the referral fulfilled and the claim for the order or referral will be paid.

Comment: A commenter asked whether the ordering and referring rule applied to Medicare crossover claims.

Response: Yes, the beneficiary's claims would be Medicaid claims, therefore the provider who ordered or referred the Medicaid beneficiary's services would be required to be enrolled as a Medicaid participating provider.

Comment: One commenter requested clarification on whether CMS will be changing claims forms to accommodate the collection of information regarding ordering and referring providers.

Response: To the extent it is necessary for the State Medicaid agencies to make changes to their claim forms to accommodate the new requirement regarding ordering and referring providers, and then the States should make those changes.

Comment: Several commenters sought clarification on whether the terms “ordering and referring physicians or other professionals” included prescribing providers.

Response: We interpret the statutory terms “ordering” and “referring” to include prescribing (either drugs or other covered items) or sending a beneficiary's specimens to a laboratory for testing or referring a beneficiary to another provider or facility for covered services.

Comment: Some of the commenters sought clarification on the definition of the term “other professional.” For example, does it include rendering providers, non-professional providers, or providers in waiver programs?

Response: Under § 455.410(b) and section 1902(kk) of the Act, the phrase “ordering and referring physicians and other professionals” does not include rendering providers, as these authorities impose a new enrollment requirement with respect to physicians and other professionals that order or refer items or services for Medicaid beneficiaries. Other professionals include any person or entity recognized to be enrolled by a State Medicaid agency, and that may order or refer. Of course, to be able to submit a claim to a State Medicaid agency, for services rendered or items supplied to a Medicaid beneficiary, a provider must be enrolled as a participating provider with that State Medicaid agency.

Comment: One commenter sought clarification whether the requirement for all ordering and referring physicians or other professionals to be enrolled with the Medicaid agency as participating providers applied to IHS providers.

Response: IHS providers are required to comply with § 455.410(b). However, Start Printed Page 5906as a way to minimize the administrative burden of enrolling additional providers, State Medicaid agencies may implement a streamlined enrollment process for those providers who only order or refer, that is who do not bill for services, similar to the CMS-855-O process in the Medicare program.

Comment: A commenter questioned whether a provider that has enrolled as a participating provider to comply with § 455.410(b) must submit fee-for-service claims to the Medicaid agency, or is the provider's status as an enrolled provider sufficient for compliance.

Response: Under § 455.410(b), a physician or other professional need not submit fee-for-service claims to the State Medicaid agency to remain enrolled as a Medicaid provider.

Comment: With respect to § 455.440, one State asked whether the provider's NPI must be on each and every claim or whether it is sufficient for the provider's NPI to be on file with the State Medicaid agency, and whether the prescribing provider's NPI would be required on pharmacy claims.

Response: Under § 455.440, “all claims for payment for items and services that were ordered or referred” must contain the NPI. This is based upon the statutory requirement in section 1902(kk)(7)(B) of the Act that States require the NPI “of any ordering and referring physician or other professional to be specified on any claim for payment that is based upon an order or referral of the physician or other professional.” Therefore, the provider's NPI must be on every claim, including pharmacy claims; it is not sufficient for the provider's NPI to be on file.

g. Other State Screening—Medicaid and CHIP

Section 1902(kk)(8) of the Act establishes that States are not limited in their abilities to engage in provider screening beyond those required by the Secretary. Accordingly, in § 455.452, we proposed that States may utilize additional screening methods, in accordance with their approved State plan.

As stated previously, pursuant to section 2107(e)(1) of the Act and specified in our regulations in Part 457, all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(kk) of the Act apply to CHIP. Because we proposed a new regulation under which all provider screening requirements that apply to Medicaid providers will apply to providers that participate in CHIP, this requirement for other State screening under § 455.452 applies in CHIP.

h. Final Screening Provisions—Medicaid and CHIP

We are adopting the Medicaid and CHIP provider screening requirements as proposed with the following modifications:

  • We clarified § 455.104(b)(1) regarding the elements of corporate addresses.
  • We clarified § 455.104(b)(2) with regard to whom the spouse, parent, child, or sibling is related.
  • We clarified § 455.104(b)(4) to require managing employees to provide SSNs and DOBs.
  • We clarified § 455.104(c)(1), and § 455.104(c)(1)(i) and (ii) to include submission of disclosures from disclosing entities as well as providers.
  • We clarified § 455.104(c)(1)(iii) to require submission of disclosures upon the request of the Medicaid agency during the revalidation of enrollment process.
  • We are adopting § 455.450 with modifications, having clarified that the State agency must screen applications both in re-enrollment and re-validation of enrollment in the introductory paragraph; deleted the reference to publicly traded companies in § 455.450(a); deleted reference to persons with controlling interests, agents and managing employees who are required to provide fingerprints in § 455.450(d); and clarified the basis for adjusting a screening level related to moratoria § 455.450(e)(2).
  • At § 455.414 we clarified that States must revalidate the enrollment information of all providers at least every 5 years.
  • We are adopting § 455.416 with modifications clarifying terminations of persons with 5 percent of more direct or indirect ownership interests in the provider; and deleting reference to persons with controlling interests, agents and managing employees under bases for termination for failure to provide fingerprints.
  • We clarified § 455.434 to require criminal background checks from providers or persons with a five percent or more direct or indirect ownership interest in the provider who meet the State Medicaid agency's criteria as a high risk to the Medicaid program; and to require fingerprints from providers and person with a five percent or more direct or indirect ownership interest in the provider, upon the State Medicaid agency's or CMS' request.
  • We are not finalizing the proposed provision that States deactivate the enrollment of any provider that has not billed for 12 months.
  • And finally, we are not finalizing the proposed requirement at § 438.6(c)(5)(vi) that required all ordering and referring Medicaid Managed Care network providers to be enrolled as participating providers based on commenters' concerns regarding access to services for beneficiaries.

5. Solicitation of Additional Comments Regarding the Implementation of the Fingerprinting Requirements

While this final rule with comment period is effective on the date indicated herein, we strongly believe that certain issues warrant further discussion. Accordingly, we will continue to seek comment limited to our implementation of the fingerprinting provisions contained in § 424.518 and § 455.434 of this rule.

Specifically, we seek comment on methods that we can use to ensure the privacy and confidentiality of the records that will be generated pursuant to adopting the criminal history records check provisions specified herein. As described, we will adopt all protocols issued by the FBI. However, we are interested in any other privacy concerns that interested parties may have in addition to thoughts on how best to address these concerns.

In addition, we seek comment on the means by which we can measure the effectiveness of our adoption of criminal history records checks. That is, we are seeking comments on tangible, measureable methods we should use to demonstrate the effectiveness of these provisions.

In addition, we seek comment on whether we should adopt additional technology to identify providers and suppliers that are enrolling in the program. In the proposed rule, we solicited specific comments on this topic. However, we are interested in receiving additional input from providers, suppliers, and other interested parties in light of the provisions set forth in this final rule with comment period.

As noted, we are only seeking comment on the limited areas previously described. We will accept public comment for 60 days following publication of this final rule with comment period. To reiterate, we are finalizing the requirement that providers and suppliers will be subject to criminal history records checks in the event they are considered within the “high” level of risk as described in this rule. Providers and suppliers, and all other commenters, are encouraged to submit comments within the 60-day window to assist us in best implementing the requirements that we are finalizing surrounding this Start Printed Page 5907technology. We are interested in hearing input from all stakeholders, including the beneficiary advocacy community, law enforcement, providers, and suppliers that are subject to the requirements set forth in this final rule with comment period, and any other interested parties.

B. Application Fee—Medicare, Medicaid, and CHIP

1. Statutory Changes

Section 6401(a) of the ACA, as amended by section 10603 of the ACA, amended section 1866(j) of the Act and requires the Secretary of DHHS to impose a fee on each “institutional provider of medical or other items or services or supplier.” The fee would be used by the Secretary to cover the cost of screening and to carry out screening and other program integrity efforts, including those under section 1866(j) and section 1128J of the Act. Since section 10603 of the ACA excludes eligible professionals, such as physicians and nurse practitioners, from paying an enrollment application fee, we maintain that an “institutional provider” would be any provider or supplier that submits a paper Medicare enrollment application using the CMS-855A, CMS-855B (not including physician and non-physician practitioner organizations), CMS-855S or associated Internet-based PECOS enrollment application.

Section 1866(j)(2)(D)(i) of the Act states that the new screening procedures implemented pursuant to section 6401 of the ACA would be applicable to newly enrolling providers, suppliers, and eligible professionals who are not enrolled in Medicare, Medicaid, or CHIP by March 25, 2011. Accordingly, the enrollment application fees for newly enrolling institutional providers and suppliers would be applicable on that date as well.

Section 1866(j)(2)(D)(ii) of the Act states that the new screening procedures will apply to currently enrolled Medicare, Medicaid, and CHIP providers, suppliers, and eligible professionals beginning on March 23, 2012. However, because the new procedures are applicable beginning on March 25, 2011 for those providers, suppliers, (and eligible professionals) currently enrolled in Medicare, Medicaid, and CHIP that revalidate their enrollment information, we will begin collecting the application fee for those revalidating entities for all revalidation activities beginning after March 25, 2011.

Section 1866(j)(2)(C)(ii) of the Act permits the Secretary, acting through CMS, to, on a case-by-case basis, exempt a provider or supplier from the imposition of an application fee if CMS determines that the imposition of the enrollment application fee would result in a hardship. It also permits the Secretary to waive the enrollment application fee for Medicaid providers for whom the State demonstrates that imposition of the fee would impede Medicaid beneficiaries' access to care.

Section 1866(j)(2)(C)(i)(I) of the Act establishes a $500 application fee for providers and suppliers in 2010. For 2011 and each subsequent year, the amount of the fee would be the amount for the preceding year, adjusted by the percentage change in the consumer price index for all urban consumers (all items; United States city average), (CPI-U) for the 12-month period ending with June of the previous year. To ease the administration of the fee, if the adjustment sets the fee at an uneven dollar amount, we will round the fee to the nearest whole dollar amount.

2. Proposed Application Fee Provisions

In § 424.502, we also proposed to establish a definition for an “institutional provider” as it relates to the submission of an application fee. We proposed that an “institutional provider” means any provider or supplier that submits a paper Medicare enrollment application using the CMS-855A, CMS-855B (but not physician and nonphysician practitioner organizations), or CMS-855S or associated Internet-based PECOS enrollment application.

For purposes of Medicare, Medicaid, and CHIP, we interpret the statutory reference to “institutional provider[s] of medical or other items or services or supplier” to include, but not be limited to: The range of ambulance service suppliers; ASCs; CMHCs; CORFs; DMEPOS suppliers; ESRD facilities; FQHCs; histocompatibility laboratories; HHAs; hospices; hospitals, including but not limited to acute inpatient facilities, inpatient psychiatric facilities (IPFs), inpatient rehabilitation facilities (IRFs), and physician-owned specialty hospitals; CAHs; independent clinical laboratories; IDTFs; mammography centers; mass immunizers (roster billers); OPOs; outpatient physical therapy/occupational therapy/speech pathology services, portable x-ray suppliers; SNFs; radiation therapy centers; RNHCIs; and RHCs.

In addition to the providers and suppliers listed previously, for purposes of Medicaid and CHIP, we proposed that a State may impose the application fee on any institutional entity that bills the State Medicaid program or CHIP on a fee-for-service basis, such as: Personal care agencies, non-emergency transportation providers, and residential treatment centers, in accordance with the approved Medicaid or CHIP State plan.

We proposed that an application fee will not be required from an eligible professional who reassigns Medicare benefits to another individual or organization, since it would not create a new enrollment of an institutional provider or supplier that would result in an application fee. In addition, we proposed that in no case would the application fee be required from any individual physician or Part B medical group/clinic.

We proposed that an application fee will be required with the submission of an initial enrollment application, the application to establish a new practice location, as a part of revalidation, or in response to a CMS revalidation request.

We proposed that prospective institutional providers and suppliers as well as currently enrolled providers who are revalidating their enrollment in Medicare must submit the applicable application fee or submit a request for a hardship exception to the application fee at the time of filing a Medicare enrollment application on or after March 25, 2011 in the case of prospective providers or suppliers, and in the case of revalidations. We believe that it is essential that we are able to receive and deposit the application fee or consider the institutional provider's request for a hardship exception prior to initiating an application review. Therefore, we would not begin processing an application for either a new provider or supplier, or for a provider or supplier that is currently enrolled, until the enrollment application fee is received and is credited to the United States Treasury.

The fee would accompany the certification statement that the provider or supplier signs, dates, and mails to CMS via the appropriate Medicare contractor if the provider or supplier uses Internet-based PECOS to enroll or revalidate. The fee would accompany the paper CMS-855 provider enrollment application if the provider or supplier enrolls or revalidates by paper. Because the statutory provisions are effective for newly enrolling providers and suppliers effective March 25, 2011 institutional providers and suppliers will not be required to furnish the application fee with applications submitted before that date. However, because the ACA provides that the new procedures will be applicable beginning on March 25, 2011 for those providers and suppliers, (and eligible professionals) currently Start Printed Page 5908enrolled in Medicare, Medicaid, and CHIP that revalidate their enrollment information, we will begin collecting the application fee for those revalidating entities for all revalidation activities beginning after March 25, 2011. We will not collect the fee from individual physicians and eligible professionals.

We proposed that CMS reject and return to the provider or supplier an initial enrollment application submitted by a provider or supplier, without further review as to whether the provider or supplier qualifies to enroll in the Medicare program, when the Medicare enrollment application or the Certification Statement is received by the Medicare contractor and the provider or supplier did not include a request for hardship exception to the application fee, did not include the application fee or the appropriate number of application fees, if applicable. We do not believe that it is appropriate for CMS to begin the application review process without first having received the application fee.

We proposed that the CMS reject any initial enrollment applications submitted after March 23, 2011, if a provider or a supplier did not furnish the application fee at the time of filing, using § 424.525(a)(3) as the legal basis for the rejection.

In § 424.525(a)(3), we proposed adding a new reason why CMS could reject an initial enrollment application or an application to establish a new practice location. Specifically, we proposed a new § 424.525(a)(3) to state, “The prospective institutional provider or supplier does not submit an application fee in the appropriate amount or a hardship exception request with the Medicare enrollment application at the time of filing.”

We also believe CMS should be allowed to reject an initial enrollment application received from a provider or supplier on or after March 25, 2011, using § 424.525(a)(1) as the legal basis, if, for any reason, CMS is not able to deposit the full application amount into a government-owned account or the funds are not able to be credited to the U.S. Treasury. In the case where a provider or supplier did not submit the application fee because they requested a hardship exception that is not granted, a provider or supplier has 30 days from the date on which the contractor sends notice of the rejection of the hardship exception request to send in the required application fee and application forms.

In § 424.535, we proposed adding a new reason why a CMS can revoke Medicare billing privileges. Specifically, we proposed a new § 424.535(a)(6)(i) to state that billing privileges may be revoked if “An institutional provider does not submit an application fee or hardship exception request that meets the requirements set forth in § 424.514 with the Medicare revalidation application or the hardship exception is not granted.”

In addition, in § 424.535, we proposed a new § 424.535(a)(6)(ii) to state that billing privileges shall be revoked if “CMS is not able to: deposit the full application amount into a government-owned account or the funds are not able to be credited to the U.S. Treasury.”

In § 424.514(b), we proposed that currently enrolled institutional providers and suppliers that are subject to CMS revalidation efforts must submit the applicable application fee or submit a request for a hardship exception to the application fee at the time of filing a Medicare enrollment application on or after March 23, 2011.

In § 424.514(d)(2)(iii), we proposed that institutional providers submit the application fee with each initial application, application to establish a new practice location, or with the submission of an application in response to a CMS revalidation request.

In § 424.514(d)(2), we proposed that the application fee be based on the amount calculated by CMS using the CPI-U for the 12-month period ending June 30 of the previous year and adjusted annually to be effective January 1st of the following year. In § 424.514(d)(2)(v), we proposed that the application fee be non-refundable. Neither the Federal government, its Medicare contractors, State Medicaid agencies or CHIP should be liable for reimbursement of the application fee to the provider or supplier if the application fee has been received by the Medicare contractor and deposited into a government-owned account and, later, during the course of verifying, validating, and processing the information in the enrollment application, CMS appropriately denies the enrollment application. Appropriate denial requires a substantive reason and applications will not be denied over inconsequential errors or omissions or over errors or omissions corrected timely.

In § 424.514(d)(4)(vi), we proposed that a provider or supplier must submit a new application fee if the provider or supplier resubmits a Medicare enrollment application because a previously submitted enrollment application was appropriately denied or rejected. In some cases, a rejected application would be returned to the provider or supplier along with the application fee; in other cases, the application would be denied and the application fee retained by the Federal government because the processing of the application would have already begun. In those latter cases, CMS funds would have been expended for some or all of the required screening involved in processing the application. For example, if a home health agency enrollment application is rejected because the enrollment application, or the certification statement generated by Internet-based PECOS, was not signed, the enrollment application would be rejected and it and the check for the application fee would both be returned to the home health agency. If a home health agency enrollment application is denied based on non-compliance with a provider enrollment requirement or because the HHA did not meet the conditions of participation for its provider type, the enrollment would be denied and the application fee would be retained by the Federal government. If the HHA wishes to send a new enrollment application, it would have to include another application fee with that new enrollment application. Similarly, we propose that a provider or supplier would be required to submit to the Medicare contractor a new application fee with a subsequent enrollment application if, among other things, the previous enrollment application was rejected because the provider or supplier did not timely furnish the Medicare contractor with the applicable supporting documentation or information necessary to complete its review and verification of the previous enrollment application.

In § 424.514(d)(6)(vii), we proposed that the application fee must be able to be deposited into a government-owned account before an enrollment application will be approved.

Because we proposed that a State may rely on the results of the screening conducted by the Medicare contractor to meet the screening requirements for participation in a State Medicaid program or CHIP, we proposed that, for dually participating providers, the application fee would be imposed at the time of the Medicare enrollment application, consistent with the procedures described previously. Additionally, because the purpose of the application fee is to, in part, cover the costs of conducting the provider and supplier screening activities, we proposed that a provider or supplier enrolled in more than one program (that is, Medicare and Medicaid or CHIP, or all three programs) would only be subject to the application fee under Medicare and that the fee would cover Start Printed Page 5909screening activities for enrollment in all programs.

Section 1866(j)(2)(C)(iii) of the Act also permits the Secretary to grant, on a case-by-case basis, exceptions to the application fee for institutional providers and suppliers enrolled in the Medicare and Medicaid programs and CHIP if the Secretary determines that imposition of the fee would result in a hardship. One instance that might support a request for hardship exception is in the event of a national public health emergency where a provider or supplier is enrolling for purposes of furnishing services required as a result of the national public health emergency situation. Such requests will be considered on a case-by-case basis, as required by the statute. In addition, we solicited comments on the appropriate objective criteria that should be used in making a hardship determination and if there are any other circumstances in which such exemptions should be allowed. We also solicited comment on the kinds of documents to be submitted to CMS or its contractor to exhibit hardship, including any comments on the financial or legal records that might be needed to make a determination of hardship. Section 1866(j)(2)(C)(iii) of the Act also permits the Secretary to waive the application fee for providers enrolled in a State Medicaid program for whom the State demonstrates that imposition of the fee would impede beneficiary access to care. We solicited comments on how waivers from the application fee should be implemented for Medicaid-only or dually-participating Medicare and Medicaid providers and suppliers specifically those seeking to furnish services where beneficiary access issues are prevalent, either geographically or in the provision of the services.

We are committed to assuring access to care for program beneficiaries. We are in the process of developing promising practices related to ensuring access in the Medicaid program and CHIP. We also solicited comments on the appropriate criteria that we should consider for purposes of the proposed fee. We were particularly interested in hearing from States, providers, advocates, and other stakeholders relating to concrete examples based on experiences in using specific access criteria.

Based on the statutory requirements for calculating the application fee, we offer the following example for purely illustrative purposes. The initial application fee beginning in 2010 is established by law at $500. However, for the following year, when the annual Consumer Price Index (CPI-U) is calculated for the period ending June 2010, we would recalculate the application fee using the CPI-U. Thus, if the CPI increased by 2.34 percent for the 12 month period ending June 2010, the application fee would be calculated by multiplying the fee for the year by the CPI-U. The $500 application fee established by law on in 2010 would be multiplied by 1.0234 to give $511.70. We would then round to the nearest dollar amount of $512.00. This would be the amount of the fee in effect for 2011, and would apply to applications received after the effective date of the statute—March 25, 2011 for newly enrolling providers and suppliers and for revalidating providers and suppliers. A similar process, based on the CPI-U for the period of July 1, 2010 through June 30, 2011 would be used to calculate the fee that would become effective on January 1, 2012, and that would apply to new and currently enrolled providers or suppliers that submit applications on or after March 23, 2012. In § 424.514(d)(2), we proposed that the annually recalculated application fee amount would be effective for the calendar year during which the application for enrollment is being submitted.

The amount of the application fee that is required of enrolling providers or suppliers, would be the amount that is in effect on the day the provider or supplier mails an enrollment application or Certification Statement, postmarked by the USPS, or if mailed though a private mail service the date of receipt by the Medicare contractor. Because the application fee will become an integral part of the enrollment process, we believe that it is essential that we notify State Medicaid Agencies and the public about any changes in the application fee prior to implementing a change in the fee. Accordingly, we would afford States and the public with at least 30 days' notice of any impending change in the application fee. We will make such notification annually in the Federal Register and by issuing guidance to the State Medicaid and CHIP Directors, issuing CMS provider and supplier listserv messages, making announcements at CMS Open Door Forums, and placing information on the CMS Provider/Supplier Enrollment Web page (http://www.cms.gov/​MedicareProviderSupEnroll).

We proposed that a provider or supplier that believes it is entitled to a hardship exception from the application fee enclose a letter with the enrollment application or, if using Internet-based PECOS, with the Certification Statement, explaining the nature of the hardship. Further, we proposed that we would not begin to process an enrollment application submitted with a letter requesting a hardship exception from the application fee until it makes a decision on whether to grant the exception. Further, we proposed that we a make hardship exception determination within 60 days from receipt of the request from an institutional provider and CMS contractor notify the applicant or enrolled institutional provider or supplier by letter approving or denying the request for a hardship exception. Moreover, if we deny the request for hardship exception, we would provide our reason(s) for denying the hardship exception.

In § 424.530(a)(9), we proposed adding a new reason why CMS can deny Medicare billing privileges. Specifically, we proposed a new § 424.530(a)(9) to state, “An institutional provider's or suppliers “hardship exception” request is not granted and the provider or supplier does not submit the application fee within 30 days of notification that the hardship exception request was not approved.”

In § 424.535(a)(6)(i), we proposed adding a new reason why CMS can revoke Medicare billing privileges. Specifically, we proposed a new § 424.535(a)(6)(i) to state, “An institutional provider does not submit an application fee or “hardship exception” request that meets the requirements set forth in § 424.514 with the Medicare revalidation application or the hardship exception request is not granted and the institutional provider does not submit the applicable application form or the application fee within 30 days of being notified that the hardship exception request was denied.”

We also proposed that an institutional provider may appeal the determination not to grant a hardship exception from the application fee using the provider enrollment appeals process established in § 405.874 and found in 1866(j)(2) of the Act.

In § 455.460, we proposed that, for those providers who do not participate in Medicare, the State may collect the fee established by the Secretary as outlined previously as the State will be responsible for conducting the provider screening activities for these providers. Total fees collected will be used to offset the cost of the Medicaid and CHIP screening programs. The fees represent an applicable credit under OMB Circular A-87, entitled “Cost Principles for State, Local, and Indian Tribal Governments” (August 31, 2005 (70 FR 51910)), codified at 2 CFR part 225, and made applicable to States by 45 CFR Start Printed Page 591092.22(b). The cost principles require that the costs a State claims must be reduced by “applicable credits,” or “those receipts or reduction of expenditure-type transactions that offset or reduce expense items allocable to Federal awards as direct or indirect costs”, (Paragraphs C.1.i., C.4.a. and D.1. of Appendix A to 2 CFR part 225). If the fees collected by a State agency exceed the cost of the screening program, the State agency must return that portion of the fees to the Federal government. CMS will direct these fees to support program integrity efforts as permitted by the ACA.

3. Analysis of and Responses to Public Comments

Below is a summary of the comments we received regarding the proposed enrollment application fee.

Comment: Through section 6401 of the ACA, CMS is authorized to collect and retain an application fee. Some commenters stated that CMS did not explain or justify the purpose behind the enrollment application fee, for enrolled providers of service and suppliers, beyond stating that the Congress mandated it. The commenters urged CMS to explain whether the revalidation/enrollment fee is meant to ensure compliance with a provider's or supplier's reporting responsibilities or to collect monies for the Federal Government.

Response: The ACA authorizes the collection of an application fee to cover costs of screening, including screening required for providers and suppliers that are revalidating their enrollment. The ACA specifies that the fees are to be collected from institutional providers and are to be used for program integrity efforts, including the costs of screening.

Comment: Several commenters questioned whether CMS has the statutory authority to exempt medical clinics and group practices from the application fee. They contended that while section 10603 of the ACA strikes the provision found in section 6401 of the ACA relating to individual provider application fees, section 10603 of the ACA does not establish a waiver for organizational suppliers, such as groups or clinics. They also stated that CMS furnished only a limited discussion of why it decided to give medical groups and clinics an application fee waiver. They stated that CMS should explain why it is giving medical groups and clinics a significant financial benefit by excluding them from the application fee. Another commenter stated that if CMS retains its policy to exempt medical groups and clinics from the application fee, CMS should estimate the annual loss in revenue to the Federal government and explain what this will mean to CMS' efforts to fight fraud, waste and abuse. Another commenter stated that if CMS retains this provision, it should exclude the reference to physician and non-physician practitioner organizations in the proposed definition of institutional provider.

Response: Section 6401(a) of the ACA that adds section 1866(j)(2) of the Act specifically excluded physicians from paying the application fee. Physicians and non-physician practitioners in medical groups and clinics reassign their Medicare billing privileges to those medical group and clinics. As such they would be exempt from the fees.

Comment: One commenter asked if a small group practice would be considered institutional, and whether every practice location would need to submit a separate application fee.

Response: We will clarify that the application fee is not applicable to physicians and non-physician practitioners, regardless if the physician or non-physician practitioner is organized in a small group practice.

Comment: A commenter urged CMS to consider exceptions to the required application fee, which, the commenter stated, could impose a hardship on small home and community based service providers.

Response: We are committed to ensuring access to care and services for beneficiaries and will clarify that a State, in consultation with the Secretary, may waive the application fee for Medicaid-only or CHIP-only providers if the State demonstrates that imposition of such a fee will impede beneficiary access to care.

Comment: A commenter suggested that CMS develop and issue a standard enrollment fee “hardship exception form” that a provider can use when requesting an exception to the fee.

Response: Whereas a standard form might be useful, there could be many situations that justify exception from the fee. We do not want to limit the basis for fee exceptions for providers and suppliers to a pre-established list of circumstances. Accordingly we have not listed options for providers and suppliers to request hardship exceptions from application fees. As indicated in the preamble to the proposed rule, each request will be considered on its own merit on a case-by-case basis.

Comment: A commenter suggested that to avoid processing delays associated with depositing the application fee into a government-owned account, CMS should allow newly-enrolling Medicare, Medicaid and CHIP providers to submit the application fee in advance of submitting a new enrollment application.

Response: We disagree with the commenter's suggestion. We think payments should be clearly associated with the CMS-855 application form. We believe that payments submitted before the CMS-855 could have a greater likelihood of being disassociated with the appropriate CMS-855.

Comment: One commenter stated that since the application fee must be credited to the United States Treasury, CMS should explain how long it will take before the application fee is paid by a provider or supplier and when CMS will receive this money to fight fraud, waste and abuse.

Response: The Treasury Department has existing regulations in place governing the time frame in which received funds must be deposited and made available in the U.S. Treasury. We will be working with the Office of Management and Budget and Department of HHS budget officials to assure that the full amount collected from application fees will accrue to CMS for HHS's program integrity work as required by section 1866(j)(2)(C)(iii) of the Act.

Comment: A commenter requested that CMS explain why an application fee is required by a Competitive Acquisition Program (CAP) Part B Drug Vendor, since this entity does not bill the Medicare program.

Response: Only institutional providers, as defined in the proposed rule, are subject to the application fee. Providers and suppliers that do not bill Medicare on a fee-for-service basis are not subject to the application fee.

Comment: A commenter stated that in exempting medical groups/clinics from the application fee, CMS does not distinguish between clinics owned by physicians/practitioners and non-physicians/non-practitioners.

Response: We did not distinguish between medical groups/clinics on the basis of ownership. Medical groups and clinics are exempt from the fee because as noted previously, they are paid through reassignment of payments from physicians and non-physician practitioners. Physicians, non-physician practitioners and other individual practitioners are not subject to the fee by statute.

Comment: A commenter stated that FQHCs should be exempted from the application fees for two reasons. First, FQHCs, unlike other providers, are not permitted to submit one Medicare enrollment application for all sites, and that consequently, these low-risk entities would pay the majority of the Start Printed Page 5911application fees. Second, a significant portion of an FQHC's budget includes section 330 grant funds. These funds are primarily intended for the care of uninsured and indigent patients. The application fees would take a significant portion of those funds away from the neediest individuals.

Response: While we understand the commenter's concerns, the statute did not exempt FQHCs from the application fee requirement. However, FQHCs can request a hardship exception to the fee.

Comment: A commenter recommended that CMS update the CMS-855A, CMS-855B, and CMS-855S forms to add information about the application fee, including the basis for this fee, the amount of the fee, and where the fee should be mailed.

Response: We agree that providers and suppliers need additional information about the process for submitting the application fee, its basis and intended use. We plan to have such materials available by the effective date of the final regulation. We will make these materials available through our Web site, listservs, open door forums, and other communication methods. We will also share these documents with professional and provider and supplier associations in an effort to provide additional information.

Comment: A commenter noted that section 1866(j)(2)(D)(ii) of the Act states that the application fee would not apply to current providers or suppliers until two years after enactment. However, the commenter argued, CMS was silent on this statutory provision in the proposed rule. The commenter recommended that CMS explain why section 1866(j)(2)(D)(ii) of the Act does not apply to current providers and suppliers and why CMS has decided to apply the provisions in section 1866(j)(2)(D)(iii) of the Act instead.

Response: Section 1866(j)(2)(D) of the Act contains conflicting effective dates for currently enrolled providers and suppliers. In 1866(j)(2)(D)(iii), providers and suppliers that are revalidating are subject to the fee and the other provisions of the proposed rule 180 days after enactment, or September 19, 2010. In section 1866(j)(2)(D)(ii) of the Act the new screening provisions including the fee are effective for currently enrolled providers and suppliers on March 23, 2012. For newly enrolling providers and suppliers the provisions are effective on March 25, 2011. We recognize the conflicting effective dates for the same group of currently enrolled providers and suppliers. As a result, in an effort to promote consistency in the application of the rule, we proposed two effective dates for the provisions of the rule for currently enrolled providers and suppliers. On March 25, 2011, the fees and other requirements of the regulation are applicable for currently enrolled providers that are revalidating their enrollment in the period between March 25, 2011 and March 23, 2012. For all other currently enrolled providers and suppliers, the fees and other provisions of the proposed rule are effective on March 23, 2012, as specified in the statute. The statute authorizes us to begin collecting fees from providers and suppliers that are revalidating as early as September 23, 2010.

Comment: A commenter recommended that—consistent with section 10603 of the ACA-CMS establish an application fee exemption for physicians who are sole proprietorships or sole owners and who provide DMEPOS “incident to” their medical service.

Response: Physicians who are enrolled in Medicare as physicians are exempt from the fee. DMEPOS suppliers, whether owned by physicians or otherwise, are institutional suppliers and as such, are subject to the application fee.

Comment: Several commenters urged an exception from the enrollment fee for: (1) Existing providers, or (2) new providers in under-served areas. A commenter added, however, that such exceptions should be limited to nonprofit and governmental entities with low overall margins. The commenter also stated that CMS should allow enrollment fee exceptions: (1) For existing providers when it is clearly equitable and in the public's interest—since to do otherwise simply transfers limited resources needed for patient care to the enrollment process and constitutes a tax on an otherwise nontaxable entity—and (2) for any new nonprofit or public provider that is proposing to establish services in an underserved area. The commenter did not believe that for-profit providers should qualify for fee waivers because their business model is based on their capacity to generate sufficient capital to start a business and operate profitably.

Response: We recognize that the application fees are a new financial obligation on nonprofit and public providers and suppliers; however, the statute provides no blanket exception for providers and suppliers by financial status. However, the law and rule contain provisions that would allow institutional providers and suppliers to apply for hardship exception to the fees for circumstances that are appropriate to their respective situations. We encourage any provider or supplier that cannot pay the fee to notify us and provide us with justification for the exception.

Comment: A commenter stated that the application fee should be waived for providers that routinely update their Medicare enrollment information more than once in a five-year period (3 years for DMEPOS).

Response: While we do not discourage providers and suppliers from submitting revalidation applications more frequently than the regulatory-prescribed timeframes, we do not believe that the fee should be waived for providers that do so. As stated in the preamble, the application fee is to be used by the Secretary to cover the cost of screening. If the provider or supplier submits a revalidation application on its own volition, we believe it is appropriate to require a fee that would cover the cost of processing that application.

Comment: A commenter, expressing concern about the time it can take for Medicare contractors to process applications, recommended that payment of the enrollment fee be tied to a corresponding obligation of the Medicare contractor to complete the enrollment process within a specified period of time. Specifically, the commenter requested that CMS create a hardship category that would permit an enrollment fee to be refunded to the provider or supplier if the Medicare contractor fails to process the application within a specified period of time (for example, 30 days from the date a completed enrollment is received by the Medicare contractor). The commenter stated that such a policy would create the proper incentive for Medicare contractors to process these applications in a timely fashion. Other commenters, too, stated that the fee should be refunded if the Medicare contractor does not process the application in a timely manner.

Response: We are concerned about any delay in processing enrollment applications. Our enrollment contractors have clear standards in their contracts regarding processing enrollment applications. In fact, we are currently in the process of strengthening such performance standards for all of our contractors. However, the ACA provides that a provider may be exempted from the fee only when the imposition of the fee itself would result in a hardship. We do not interpret the ACA as linking the application fee to contractor performance standards.

Comment: One commenter stated that it appears that physicians who also enroll as DMEPOS suppliers so they can furnish DMEPOS to their own patients Start Printed Page 5912would be expected to pay an enrollment fee. The commenter believes that this would be inconsistent with the congressional decision to exempt physicians and other health professionals from the enrollment fee. It might also cause some physicians and other health professionals to decide against enrolling as DMEPOS suppliers, thus they would no longer be in a position to provide their patients with Medicare-covered DMEPOS. The commenter also stated that CMS should modify its enrollment procedures so that physicians who also wish to provide DMEPOS to their own patients would only need to enroll once, not twice. This approach would simplify the enrollment process for both physicians and CMS.

Response: Physicians that supply DMEPOS services to patients are currently required to enroll as both a physician (for medical services) and as a DMEPOS supplier. The screening required of any DMEPOS supplier, even one that is incident to a physician's practice, is more resource intensive than screening for physicians. Accordingly, we think applying the fee to all DMEPOS suppliers is justified. Moreover, we think it is a necessary component of our efforts to assure overall benefit integrity in Medicare to have all DMEPOS suppliers meet the supplier standards for DMEPOS suppliers. Accordingly, we have no plans to change the requirements as suggested by the commenter. We note in addition that a decision to make any such changes would be outside the scope of this rule.

Comment: A commenter asked why CMS is proposing to exempt a physician or non-physician practitioner organizations from the application fee when they submit a CMS-855B application, but the same physician or non-physician practitioner organization would be required to pay an application fee if they enrolled using the CMS-855S.

Response: The ACA specifically excluded physicians and nonphysician practitioners from paying the application fee. Physicians or non-physician practitioner organizations that elect to apply to enroll in Medicare as an institution or other entity, for example, submitting an CMS-855S to enroll as a DMEPOS supplier, are applying to enroll as an institutional provider not a physician or non-physician practitioner. Accordingly, applications to enroll as institutional providers are subject to submitting the application fee.

Comment: Several commenters stated that a $500 application fee for DMEPOS suppliers who are orthotists and prosthetists is not reasonable, especially on top of the required annual payment for a surety bond, accreditation and to maintain licensure. One of these commenters opposed the proposed rule because it seems redundant in light of other requirements such as accreditation, licensure, non-mandatory OIG compliance plans, and HIPAA. The commenter stated that with reimbursements being cut, expenses increasing, and the government constantly imposing new, unnecessary fees, it is becoming difficult for small businesses to survive in this economy. Several other commenters stated that the fee should be waived for the smallest providers. For community pharmacies, another commenter urged CMS to either: (1) Impose a $500 fee upon initial enrollment and in the case of the addition of new practice locations without imposing any fees for revalidation, or (2) impose a lower fee of $200 if the fee will apply to revalidation, as well as initial enrollment and adding new locations.

Response: The ACA sets the initial fee at $500.00 for all types of institutional providers or suppliers and for revalidating providers. Because the ACA specifies that the money be used for program integrity activities, including screening, we believe it is reasonable and appropriate to impose a fee on new practice location applications which require us to expend resources to screen for example onsite visits or background checks may be required. Also, the ACA specifies the formula for updating the fee. Affected providers and suppliers can request an exception from the fee if they can demonstrate that it poses a hardship.

Comment: A commenter requested clarification as to whether a returned, rejected, or denied application would trigger the need for a provider to resend another fee when it resubmits its application. The commenter also asked whether a provider going from one state to another within Medicare would only be required to submit the fee once.

Response: The proposed rule itemized circumstances when additional fees would be required. The answer to the commenter's question about returned, rejected, or denied applications and whether these actions would trigger a requirement for a new fee will vary depending upon the circumstances. Providers and suppliers that submitted applications that were denied because the provider or supplier did not meet the requirements to enroll would be subject to an additional fee for any new application they submit. Providers and suppliers that submitted an application that could not be processed because of a temporary moratorium would not be required to submit an additional fee. Applications that were accompanied by a request for hardship exception waiver to the fee and for which the hardship waiver request was denied would be required to submit a fee in order for the application to be processed. If, in this latter circumstance, the provider or supplier submitted the fee with the application and the hardship exception waiver request, and the fee was not returned, the provider or supplier would not be required to submit a new fee payment. Providers establishing a new practice location in a different enrollment jurisdiction or as a new provider type would be required to submit a fee for each new practice location or provider type.

Comment: A commenter stated that CMS should allow application fees to be held in escrow when an application is denied.

Response: We think it is important for the fee to be associated clearly and specifically with the application for new enrollment or revalidation at the time the application for enrollment or revalidation is being processed. In this way we avoid any administrative errors involved in associating a fee held in escrow with an instant application. There are a number of reasons it might be complicated to associate an escrowed fee with an application, particularly if the provider or supplier has a different name or identifier, or a large amount of time has elapsed between applying for enrollment or revalidation.

Comment: A commenter believes it was inequitable that institutional providers in the limited level of screening are still subject to the same $500 application fee as providers in the high level of screening. The commenter recognized that this is a matter of statute, but stated that a more equitable policy would be to link the application fee amount to the assigned level of screening, with a zero or minimal fee applicable for facilities in the limited screening level and higher scaled fees applied to the moderate and high screening levels. The commenter also recommended that CMS use the application fee collected from “limited risk” providers to develop prioritized and expedited processes and timeframes for contractor review and approval of initial enrollment applications and revalidations for “limited risk” providers.

Response: The ACA established a flat rate of $500 for application fees to be imposed upon institutional providers and suppliers. In addition, the ACA does not include provisions to link the Start Printed Page 5913fee to assigned screening level. Accordingly, the proposed rule implementing the statute did not link the fee to assigned screening level.

Comment: A commenter stated that for DMEPOS suppliers, requiring a $500 application fee at the time of submission of an enrollment application for each Medicare PTAN is unsupported and improper. A simple $500 fee per company, or paying for up to four facility locations (but not more) per company, or $500 for the first location and $50 for the next 10 makes sense. A flat $500 per location does not make sense according to the commenter, since clearly larger companies with multiple locations pose lower risk.

Response: As mentioned previously, the fee amount is included in the ACA. In addition, the ACA requires each institutional provider to pay the fee. Providers and suppliers will be charged the fee for each form CMS-855 they submit for enrollment or revalidation.

Comment: A commenter stated that CMS should not allow contractors to revoke a provider's billing privileges if an application fee or hardship waiver does not accompany a revalidation application.

Response: We disagree. We believe that the failure to submit an application fee or hardship waiver with a reenrollment or revalidation application should be treated as the equivalent of the non-submission of the application, which is grounds for revocation under regulation § 424.535(a)(6). However, we understand the concern expressed and will instruct our enrollment contractors to contact any enrolling or revalidating provider or supplier that does not submit the fee with the enrollment application and afford an opportunity to submit the fee. Thirty days after the date of the notification, the enrollment contractor would reject the application and revoke the billing privileges of the enrolled provider or supplier that has not submitted the fee. We have modified the regulation provisions in § 424.514(g) to include the 30 day period.

Comment: Several commenters requested clarification that changes of information, reactivations, and contractor-solicited, off-cycle revalidations do not require an application fee.

Response: The ACA authorizes fees for new enrollment and revalidation of enrollment. Simple changes in the CMS-855, for example, new phone numbers, new bank account information, new billing address(es), change in name of provider or supplier, or other such updates, do not constitute a new enrollment or a revalidation of an enrollment and therefore would not be subject to an additional fee.

Comment: A commenter stated that there is no justification to assess new fees to providers to support CMS enforcement activities that should be ongoing in any event. Moreover, CMS' proposed actions, the commenter contended, ignore the much more practical and effective measures to stem fraud and abuse outlined in H.R. 2479, and instead of stopping the fraud at the outset (as seems to be the stated objective) rely unduly on straightforward delays in delivering payments to all providers. This punishes all legitimate providers, and without any assurance that delays will solve the fraud problem.

Response: Section 1866(j)(2)(C) of the Act authorizes the the Secretary to collect application fees from institutional providers and suppliers. This section also specifies that “the amounts collected as a result of the imposition of a fee under this subparagraph shall be used by the Secretary for program integrity efforts, including to cover the costs of conducting screening under this paragraph and to carry out this subsection and section 1128J of the Act.” We are implementing the provisions of the statute. The application fees collected will be used for program integrity efforts as specified in the statute.

Comment: A commenter stated that imposition of the fee on physicians who are enrolled as DMEPOS suppliers is unambiguously beyond the scope of CMS's statutory authority, would frustrate congressional intent, and is not warranted, since the vast majority of physicians would not be subject to additional screening.

Response: The fees are only paid by institutional providers and suppliers. If a physician is enrolled as a physician and also as a DMEPOS supplier, the fee is required only for the DMEPOS supplier enrollment.

Comment: A commenter supported CMS's proposal to exempt physicians and non-physician practitioners from the application fee. The commenter stated that with a potential Medicare provider shortage on the horizon, introducing an application fee to these suppliers would only serve to drive more providers out of the Medicare system.

Response: The ACA exempts physicians and non-physician practitioners from paying the application fee.

Comment: A commenter stated that an appropriate course would be to process the application and require that if the application is accepted but the hardship waiver is denied, the application fee will be deducted from future payments. This certainly creates the risk that some applications would be considered for which no application fee payment was ultimately available, but that outcome is offset by the need to avoid draconian requirements with illusory protections.

Response: The ACA requires institutional providers and suppliers that submit an application to enroll in or revalidate their enrollment in Medicare to pay the fee. Contractors should not process applications for new enrollment or revalidation of enrollment without a fee accompanying the application. In the case of an application that is accompanied by a request for a hardship waiver that is denied, the contractor will notify the provider or supplier that a fee is required for further processing. The provider or supplier has the option to submit the fee with the application and waiver request as a contingency to expedite processing should the hardship waiver be denied and the provider or supplier is concerned about delays associated with the time required to provide the fee.

Comment: A commenter expressed concern that there was no exception for governmental providers, including those that are funded by Federal agencies. To permit Medicare and Medicaid, for instance, to impose enrollment fees on Indian and tribal providers merely transfers funds from one health system to Medicare and Medicaid.

Response: Neither the ACA nor the proposed rule provide a blanket exemption from the fee for Federal institutional providers. Accordingly, we are unable to grant such an exception. However, Federal health care providers have the option to seek a hardship exception to the fee, and could request such an exception with any applications submitted to enroll in Medicare as an institutional provider.

Comment: A commenter stated that if an application fee or hardship waiver request is missing from an application, the contractor should—consistent with § 424.520—treat this as a request for additional information and give the provider 30 days to furnish the missing items.

Response: We agree. Consistent with § 424.514(g)(3)(ii), contractors will be instructed to give providers and suppliers 30 days after the provider or supplier receives notification that the request for a hardship waiver is denied to submit the enrollment fee.

Comment: A commenter stated that requiring two enrollment fees for a provider enrolling as two different Start Printed Page 5914Medicare provider types—such as DMEPOS suppliers and mass immunizers—would be inconsistent with CMS' proposed one-fee policy for dually enrolled providers, that is those enrolled in Medicare and Medicaid. Similarly, a commenter stated that if physicians functioning as DMEPOS suppliers for their patients are subjected to the additional screening mechanisms in the “Moderate” and “High” screening levels, many physicians will simply relinquish the services they provide as DMEPOS suppliers with minimal to no benefit to CMS's anti-fraud efforts.

Response: The ACA specifically excludes physicians and nonphysician practitioners from paying the application fee. Physicians or non-physician practitioner organizations that elect to apply to enroll in Medicare as something other than a physician or nonphysician practitioner, for example, submitting an CMS-855S to enroll as a DMEPOS supplier, are applying to enroll as an institutional provider not as a physician or nonphysician practitioner. Accordingly, applications to enroll as institutional providers are subject to submitting the application fee. Individual institutional providers that enroll in Medicare and Medicaid will be required to pay only one application fee per enrollment. Entities or individuals that enroll only in Medicare or only in Medicaid as more than one kind of institutional provider, for example, a DMEPOS supplier and a home health agency, will be required to submit the fee for each enrollment.

Comment: A commenter suggested that providers submit one application for all commonly-owned entities, with addenda to address each specific entity as needed. A single fee for each provider would be paid by the parent. The commenter added that if multiple application fees are required for providers and suppliers wholly owned by the parent entity, a cap of $5,000.00 per year in application fees should be instituted.

Response: The ACA requires each institutional provider to pay the fee, in the amount specified in the statute. In general, most providers and suppliers must report each practice location on the enrollment Form CMS-855; however, the provider or supplier may list multiple practice locations on one Form CMS-855. The rules for DMEPOS suppliers, FQHCs and IDTFs are different; these entities must enroll each practice site separately—with separate for CMS-855. Because of these differences among the different categories of providers and suppliers, we believe it is most prudent to rely upon the requirement that a provider or supplier will simply pay the application fee whenever a Form CMS-855 is submitted.

Comment: A commenter suggests that CMS specifically exempt physical therapists in private practice from paying an enrollment fee when enrolling as a DMEPOS supplier with NSC. The commenter acknowledges that physical therapists in private practice are listed under “eligible professionals.”

Response: As with physicians, physical therapists that enroll as individual practitioners will be exempt from the fee. DMEPOS suppliers that are owned by a physical therapist are institutional providers and as a result are subject to the fee.

Comment: A commenter stated that CMS should exempt recertification, re-enrollment, or other actions not related to a change in ownership from the application fee.

Response: The ACA specifically provides for the fee to be paid for revalidating institutional providers, section 1866(j)(2)(C) of the Act.

Comment: A commenter suggested that a provider or supplier enrolled in more than one program (that is, Medicare, Medicaid or CHIP) be subject to only one application fee.

Response: We agree. Dually-participating providers and suppliers will only be subject to the application fee at the time of Medicare enrollment or revalidation.

Comment: A commenter requested clarification on whether a fee is charged: (1) For each individual provider associated with a facility or institution, or (2) per facility. The commenter recommended a sliding fee based on the size and number of employees the facility has.

Response: Under the ACA, a fee is required only from institutional providers. Therefore, if the commenter is referring to individual physicians or non-physician practitioners who are associated with an institutional provider or supplier, the individual physician or non-physician practitioner would not be required to submit an application fee. Only the facility or institutional provider with which they are associated would be required to submit the fee. If the commenter was referring to affiliated entities that would be considered institutional providers, then each of those institutional providers would be required to submit the fee as would the institutional provider with which they are associated.

Comment: The same commenter also recommended a sliding scale for the fee that would be based on the size of the provider or facility and the number of employees.

Response: The application fee is derived from a statutorily-mandated formula. Neither CMS nor the States have the discretion to change the amount of the fee.

Comment: A number of commenters requested clarification regarding whether a State is required to collect the application fee for Medicaid-only or CHIP-only providers, or if the collection of this fee is at a State's discretion. One commenter stated that it should continue to be at a State's discretion.

Response: Section 1866(j)(2)(C)(ii) of the Act requires that the fee be imposed for institutional providers, and the State will be required to collect the fee in the case of Medicaid-only and CHIP-only institutional providers. In addition to the providers and suppliers subject to the application fee under Medicare, Medicaid-only and CHIP-only institutional providers would include nursing facilities, intermediate care facilities for persons with mental retardation (ICF/MR), psychiatric residential treatment facilities, and may include other institutional provider types designated by a State in accordance with their approved State plan. Under section 1866(j)(2)(C)(iii) of the Act, we may grant case-by-case exceptions to the application fee, based upon a demonstration of hardship, and in those instances, the State would not be required to collect the fee from Medicaid-only and CHIP-only institutional providers. Additionally, section 1866(j)(2)(C)(iii) of the Act permits the Secretary to waive the application fee for providers enrolled in a State Medicaid program for whom the State demonstrates the imposition of the fee would impede beneficiary access to care. If a State is concerned that the imposition of the application fee may adversely impact beneficiary access to care, we encourage them to seek a waiver of the fee in those circumstances.

Comment: One commenter asked whether a State could choose to lower the fee from $500 to a different amount, for example, $250.

Response: The amount of the application fee is derived from a statutorily-mandated formula. States do not have discretion to change the amount of the fee that is collected from Medicaid-only or CHIP-only institutional providers.

Comment: One commenter asked that if a State elects not to collect the application fee, would the cost of screening be eligible for FFP.

Response: As stated previously, Section 1866(j)(2)(C)(ii) of the Act requires that the fee be imposed for institutional providers, and the State will be required to collect the fee in the Start Printed Page 5915case of Medicaid—only and CHIP—only institutional providers. However, to the extent that the costs associated with performing the screening exceed the amounts collected as a result of the application fees, these costs would be eligible for FFP.

Comment: One commenter requested that CMS describe the process for determining whether the Medicaid and CHIP application fee exceeds the cost of provider screening.

Response: States will be required to account for the costs of the provider screening program and measure it against total fees collected. If the cost of the program exceeds fees collected, then the State can claim FFP for excess cost. Note, that this requires that principles of OMB Circular A-87 be properly applied and that total fees collected serve as an applicable credit to the Medicaid program.

Comment: One commenter requested that CMS confirm whether the application fee is intended to cover both State and Federal share of the costs.

Response: The application fees collected by the State must be used to offset the total cost, both State and Federal share, of the screening program. As stated in the proposed rule, if the fees collected by a State agency exceed the cost of the State's screening program, the State agency must return that portion of the fees to the Federal Government.

Comment: One commenter asked if States would be eligible for enhanced Federal match for changes to provider enrollment and claims processing systems that implement reporting and screening requirements.

Response: If the changes are to the MMIS for purposes of Medicaid provider enrollment and Medicaid claims processing, then States may be eligible for the enhanced match rate (either 90 percent for enhancements/new functionality or 75 percent for ongoing maintenance and operations). States must contact their CMS Regional Office to determine whether an advance planning document (APD) is required.

Comment: One commenter requested clarification on how the state should record expenditures on necessary MMIS changes to implement the rule, prior to collecting the application fee.

Response: All State share costs including those involving the enhancement and operation of the MMIS in addition to administrative costs related to provider screening and reporting as specified in the proposed regulation (§ 455.460) are to be included in the screening program costs and offset by the application fees collected by the State. We understand that the MMIS costs may be matched at higher rates (90 percent for development and 75 percent for operation). States will be required to report the 10 percent and 25 percent State share of the MMIS costs associated with the screening program and offset the application fee against such costs. In the event that the application fees are greater than the costs for the screening program for any reporting period, the State will refund the difference to CMS. Please refer to OMB Circular A-87, “Cost Principles for State, Local, and Indian Tribal Governments” for guidance in the reporting of the application fees as an applicable credit.

Comment: One commenter asked if the application fee is an allowable cost report expense for Medicaid and CHIP providers.

Response: If a Medicaid-only or CHIP-only institutional provider is subject to the application fee, this could be considered an allowable cost report expense. This determination would be governed by the State's approved reimbursement methodology within its State plan.

Comment: One commenter asked if the amount of the fee could be included in determining a government provider's cost based rates.

Response: Yes, if the application fee is imposed on a government institutional provider, then the amount of the fee could be included in determining the government provider's cost-based rates.

Comment: A few commenters asked if a State is permitted to have the applicant/provider pay the fees associated with fingerprinting and conducting criminal history checks.

Response: The application fee is intended to cover the costs associated with the State's Medicaid or CHIP provider screening program. It is permissible for the State to require the provider to pay the costs associated with capturing fingerprints. However, we expect that the amount of funds collected by imposition of the application fee should be used by the State to fund the costs incurred by the State associated with processing the fingerprints and conducting the criminal background checks.

Comment: A number of commenters stated that local education agencies (that is, public schools) should be exempt from having to pay the application fee.

Response: To the extent that a State determines, consistent with the approved State plan, that a local education agency is an institutional provider for purposes of this provision, then it would be subject to the application fee.

Comment: A few commenters requested that CMS clarify whether the application fee applies to institutional providers only under Medicaid and/or CHIP, and what types of Medicaid and CHIP providers are considered institutional.

Response: We will clarify in the regulation that the application fee does not apply to physicians or other individual non-physician practitioners such as nurse practitioners under Medicaid and/or CHIP. Medicaid-only and CHIP-only institutional providers that would be subject to the application fee include: Medicaid-only nursing facilities, intermediate care facilities for persons with mental retardation (ICF/MR), and psychiatric residential treatment facilities. Additionally, a State may impose the application fee on other types of Medicaid-only or CHIP-only institutional providers, consistent with their approved State plan.

Comment: One commenter asked if pharmacies are considered institutional providers for purposes of the application fee.

Response: In the Medicare program, pharmacies are generally enrolled as DMEPOS suppliers, and thus are considered institutional providers for the purposes of the application fee. Therefore, pharmacies would be subject to the application fee, and it would likely be imposed at the time of Medicare enrollment or revalidation.

Comment: One commenter suggested that the application fee requirement should provide an exception for providers that are required to pay a pre-existing State-level application or certification fee to enroll in the Medicaid program.

Response: The enrollment screening activities are distinct from State-licensing and certification activities that seek to address conditions of participation or structures, processes and outcomes to support quality of care for the beneficiaries. The application fee is intended to support provider screening activities as part of enrollment.

Comment: A number of commenters requested that CMS provide further guidance regarding the manner in which States will be expected to report the costs associated with screening. One commenter specifically requested whether CMS will want screening costs detailed per screening, per provider (for example, detailed travel expenses for site visits) or if a more generic reporting of screening cost is expected.

Response: We anticipate that a State will be required to report the costs associated with its provider screening program on a semi-annual or annual Start Printed Page 5916basis. Although we do not anticipate requiring States to routinely report very detailed information such as detailed travel expenses for a site visit, this information should be maintained by the State and be made available upon request if necessary for conducting an audit or other oversight activities. Additional guidance for States will be forthcoming regarding the specific form and manner of reporting.

Comments: One commenter requested that CMS clarify whether the application fee be designed to include current program integrity activities, or whether the State will be expected to track the increased expenditures of PI activities resulting from this regulation separate from historic PI activities.

Response: The application fee may only be used by the State to offset the cost of the provider screening program. It is not permissible for a State to design the fee in any manner that would include current program integrity activities. If the fees collected by a State agency exceed the cost of the screening program, the State agency must return that portion of fees to the Federal Government.

Comment: One commenter recommended that CMS provide a comprehensive exception for out-of-State providers providing emergency services to managed care members, stating that such an exception would allow for timely access to critical services for managed care enrollees.

Response: After considering the comment, we are not inclined to provide a comprehensive exception to the application fee in this circumstance. We believe that the overwhelming majority of providers that provide emergency services to out-of-State MCO members are dually-participating providers, and would thus be subject to the application fee at the time of Medicare enrollment. Furthermore, there are additional Federal laws that exist to safeguard beneficiary well-being in emergency situations, such as, the Emergency Medical Treatment and Active Labor Act (EMTALA).

Comment: A few commenters stated that each State should have the flexibility to waive the application fee, for particular providers or a class of providers, if it determines that this would help assure access to services for beneficiaries.

Response: We agree and will clarify that a State, in consultation with the Secretary, may waive the application fee for Medicaid-only or CHIP-only providers if the State demonstrates that imposition of such a fee will impede beneficiary access to care.

Comment: One commenter stated that providers who have already paid the fee to their own State's Medicaid or CHIP program should also be exempt, if the provider is already enrolled in one and applies to the other.

Response: We agree that providers enrolled in more than one program, be it Medicare, Medicaid, and CHIP, including Medicaid and CHIP in multiple States must only be required to pay the application fee once.

Comment: One commenter urged CMS to expand the exemption provisions to allow an exemption for providers in medically underserved areas as well as those whose patient population are overwhelmingly Medicaid beneficiaries.

Response: We are committed to assuring access to care and services for program beneficiaries and will clarify that a State, in consultation with the Secretary, may waive the application fee for Medicaid-only or CHIP-only providers if the State demonstrates that imposition of such a fee will impede beneficiary access to care.

Comment: A few commenters expressed concern that requiring providers to pay a non-refundable application fee to participate in the Medicaid program will decrease the likelihood that providers will choose to participate.

Response: We are committed to assuring access to care and services for program beneficiaries and will clarify that a State, in consultation with the Secretary, may waive the application fee for Medicaid-only or CHIP-only providers if the State demonstrates that imposition of such a fee will impede beneficiary access to care.

Comment: A number of commenters requested clarification as to the process that a Medicaid agency would use to determine if a provider has paid an application fee to Medicare or another State. One commenter specifically requested clarification on whether the Medicare revalidation fee is applicable to payments made in one calendar year only when considered for Medicaid program(s). Will waiver programs honor fees made to Medicare? How will Medicaid honor a Medicare fee when the revalidation is a different time period?

Response: The basic concept of the screening and enrollment provisions included in this regulation is that Medicaid will accept Medicare screening for providers that receive payments from both Medicare and Medicaid. For dually-participating providers, the application fee is imposed at the time of Medicare enrollment and no additional screening fee is imposed by the State regardless of the time period or revalidation cycle. For institutional providers that participate only in Medicaid, the State Agency is responsible for assuring that the provisions of the regulation are met. Institutional providers will be required to submit the application fee to only one program. We believe these operational logistics are more appropriately addressed in subregulatory guidance. We will be issuing subregulatory guidance to assist States with the operational aspect of implementing this provision in the near future.

Comment: One commenter supported the proposal that for dually participating providers, the application fee would be imposed at the time of Medicare enrollment.

Response: We agree and are finalizing this provision accordingly.

Comment: One commenter encouraged CMS to consider establishing a lower price point or expedited review for providers in the lower risk group.

Response: The amount of the application fee is derived from a statutorily-mandated formula. Neither CMS nor the States have discretion to change the amount of the fee that is collected from Medicaid-only or CHIP-only institutional providers.

Comment: One commenter requested clarification that ongoing resubmissions do not trigger the application fee and that the fee will merely be levied through the actual recertification process.

Response: The ACA authorizes fees for new enrollment and revalidation of enrollment. Simple changes to the provider enrollment information, that is, new phone numbers, new bank account information, new billing address, change in name of provider or other such updates are not subject to the fee. They will apply to newly-enrolling providers, revalidating providers and creation of new practice locations.

Comment: A commenter noted that the application fee and other provisions are effective on March 23, 2011. The commenter stated, however, that CMS must first complete the notice and comment rulemaking process. The commenter recommended that CMS implement the application fee only after a final regulation has been issued and the public has been given at least 60 days notice.

Response: We agree with the commenter and we are finalizing the regulation in regard to the application fee. It will be displayed for 60 days prior to the effective date on March 25, 2011.

Comment: A commenter stated that some of the provider types listed under Start Printed Page 5917the definition of “institutional provider” do not bill Medicare on a fee-for-service basis. For example, RHCs and FQHCs bill Medicare on a cost-based, all-inclusive rate basis. The commenter believes this distinction is significant because on past occasions when the Congress authorized certain incentive payments and linked those payments to the “fee-for-service” payment, RHCs and FQHCs were excluded from those incentive payment programs. The commenter believes it was unfair to deny certain providers from participating in programs because they are not “fee-for-service,” but then mandate their inclusion in other initiatives reserved for “fee-for-service” providers. Moreover, the commenter stated that RHCs and FQHCs are by definition located in areas designated as underserved or serving populations with a demonstrated problem accessing the healthcare delivery system. Imposing an application fee on these providers will only serve as a further barrier to access to care. The commenter believes that the term “institutional providers” should exclude new entities seeking designation as RHCs and FQHCs and include only those providers that bill Medicare on a fee-for-service basis. Another commenter believes that the term “institutional provider” refers to providers whose beneficiaries are institutionalized; the proposed rule's envisioned use of the term is therefore inappropriate. The commenter suggested using the term “non-institutional provider.”

Response: In the NPRM, we proposed a definition of institutional provider that does not distinguish among providers or suppliers based on which version of the form 855 they submit, or whether they submit the form electronically. We are finalizing this definition. The distinction on payment methods the commenter suggests is not related to the definition of institutional provider used in this rule. Physician and practitioner organizations are exempt from the application fee by statute; the exemption is not affected by how they are reimbursed. In addition, the inpatient status of patients has no bearing on whether a provider or supplier is considered an institutional provider in this rule. For example, hospitals are institutional providers as are home health agencies and DMEPOS suppliers.

If certain institutional providers and suppliers such as FQHCs and RHCs may face financial obstacles to paying the application fee, they can seek a waiver of the fee based upon a request for a hardship exception for Medicare or a request for a hardship waiver for Medicaid. Newly enrolling institutional providers and suppliers that are seeking such a waiver must submit a request for the hardship exception at the time of filing a Medicare enrollment application on or after March 25, 2011.

Comment: A commenter stated that the proposed rule indicates that the fee will be applied only to those providers that bill “Medicare, Medicaid, or CHIP on a fee-for-service basis.” The commenter stated that most Indian and tribal providers are reimbursed either on the encounter rates established annually by CMS and IHS for Indian health programs or on FQHC encounter rates. The commenter requested clarification as to whether Indian and tribal providers will therefore be exempt from the application fee. The commenter added that the proposed rate of increase in the fee has often exceeded the increase in funding for Indian and tribal programs. Finally, the commenter stated that CMS failed to seek an exchange of views, information, or advice from the Tribal Technical Advisory Group (TTAG) or to consult directly with Tribes or confer with urban Indian organizations. Unless Indian and tribal health programs are exempt from these rules, the commenter believes that the effective date should be delayed, discussions with the TTAG and consultation with Tribes held, after which the proposed rules with any changes that result from the advice and consultation be published with a new comment period.

Response: We are statutorily unable to exempt IHS, Tribal, and Urban (I/T/U) Indian health programs from these rules or to delay the effective date. Moreover, we do understand Tribal concerns about not having the opportunity to provide advice on this regulation. All I/T/U's are eligible to apply for the hardship exception to the application fee and CMS is committed to working with Tribes, the TTAG and I/T/Us in implementing requests for hardship exceptions.

4. Final Application Fee Provisions—Medicare, Medicaid, and CHIP

This final rule with comment period finalizes the provision of the proposed rule in regards to the application fees with the following exceptions:

In § 424.514, we modified our proposal as follows:

  • Added language to clarify that a provider or supplier may submit both an application fee and hardship exception waiver to avoid delays in the processing of the application if the hardship exception is not approved at § 424.514(a) and (b).
  • Added language at § 424.514(d)(2) clarifying that the application fee is non-refundable except in the circumstance where the provider or supplier opts to submit both an application fee and a hardship waiver request and the waiver request is subsequently approved.
  • Added language to clarify that if a provider submits a hardship exception request without an application fee, and CMS does not approve the hardship exception request, CMS will notify the provider or supplier and allow the provider or supplier thirty (30) days from the date of notification to submit the application fee at § 424.514(h).
  • Added language that specifies that States must collect the applicable application fee from Medicaid-only and CHIP-only providers and suppliers at § 455.460.

C. Temporary Moratoria on Enrollment of Medicare Providers and Suppliers, Medicaid and CHIP Providers

1. Statutory Changes

Section 6401(a) of the ACA amended section 1866(j) of the Act by adding a new section 1866(j)(7) of the Act, which provides that the Secretary may impose temporary moratoria on the enrollment of new Medicare, Medicaid, or CHIP providers and suppliers, including categories of providers and suppliers, if the Secretary determines such moratoria are necessary to prevent or combat fraud, waste, or abuse under the programs.

Section 6401(b)(1) of the Act adds specific moratorium language applicable to Medicaid at section 1902(kk)(4) of the Act, requiring States to comply with any temporary moratorium imposed by the Secretary unless the State determines that the imposition of such moratorium would adversely affect Medicaid beneficiaries' access to care. Section 1902(kk)(4)(B) of the Act further permits States to impose temporary enrollment moratoria, numerical caps, or other limits, for providers identified by the Secretary as being at high risk for fraud, waste, or abuse, if the State determines that the imposition of such moratorium, cap, or other limits would not adversely impact Medicaid beneficiaries' access to care.

Section 1866(j)(7) of the Act uses the term “providers of services and suppliers.” Although, as noted previously, the Medicaid program does not use the term “suppliers,” section 1902(kk)(4) of the Act refers to “providers and suppliers.” In this regulation, for uniformity with sections II A. and B. of this final rule with comment period, we are using the term Start Printed Page 5918“providers and suppliers” in lieu of the term “provider of services and suppliers.” We are using the term “provider” or “Medicaid provider” or “CHIP provider” in lieu of the term “provider or supplier” when referring to all Medicaid or CHIP health care providers, including, but not limited to, providers and suppliers of Medicaid items or services, individual practitioners, and institutional providers.

2. Proposed Temporary Moratoria Provisions

a. Medicare

We proposed at § 424.570(a) that we may impose a temporary moratorium on the enrollment of new Medicare providers and suppliers in 6 month increments in situations where— (1) CMS, based on its review of existing data, without limitation, identifies a trend that appears to be associated with a high risk of fraud, waste or abuse, such as highly disproportionate number of providers or suppliers in a category relative to the number of beneficiaries or a rapid increase in enrollment applications within a category suggests that there is a significant potential for fraud, waste or abuse with respect to a particular provider or supplier type or particular geographic area or both; (2) a State has imposed a moratorium on enrollment in a particular geographic area or on a particular provider of supplier type or both; or (3) CMS, in consultation with the HHS OIG or the Department of Justice (DOJ) or both and with the approval of the CMS Administrator identifies either or both of the following as having a significant potential for fraud, waste or abuse in the Medicare program:

  • A particular provider or supplier type.
  • Any particular geographic area.

As part of the CMS decision making process, we will consider any recommendation from the DOJ, HHS OIG, or the GAO to impose a temporary moratorium for a specific provider or supplier type in a specific geographic area.

We believe that imposing moratoria will, among other things, allow us to review and consider additional programmatic initiatives, including the development of additional regulatory and sub regulatory provisions to ensure that Medicare providers and suppliers are meeting program requirements, beneficiaries receive quality care, and that an adequate number of providers of suppliers exists to furnish services to Medicare beneficiaries.

We also proposed that enrollment moratoria be limited to: (1) Newly enrolling providers and suppliers (that is, initial enrollment applications); and (2) the establishment of new practice locations, not to a change of practice locations. The temporary moratoria will not apply to existing providers or suppliers of services unless they were attempting to expand operations to new practice locations where a temporary moratorium was imposed. Moreover, the temporary moratoria would not apply in situations involving changes in ownership of existing providers or suppliers, mergers, or consolidations.

We also proposed at § 424.570(b) that a temporary enrollment moratorium would be imposed for a period of 6 months, and such moratorium could be extended by CMS in 6 month increments if we continue to believe that a moratorium is needed to prevent or combat fraud, waste, or abuse. The Secretary will re-evaluate whether a moratorium should continue prior to each 6 month expiration date.

We also proposed at § 424.570(c) that we will deny enrollment applications received from providers or suppliers covered by an existing moratorium. We noted that denial of Medicare billing privileges is subject to the administrative review process established in § 405.874. Accordingly, we believe that a provider or supplier also is afforded the right to appeal a Medicare contractor determination to deny enrollment into the Medicare program.

In § 424.530(a)(10), we proposed adding a new reason why we can deny Medicare billing privileges. Specifically, we proposed a new § 424.530(a)(10) to state, “A provider or supplier submits an enrollment application for a practice location in a geographic area where CMS has imposed a temporary moratorium.” Further, in § 498.5(l)(4), we proposed that the scope of review for appeals of denials under § 424.530(a)(10) based upon a provider or supplier being subject to a temporary moratorium will be limited to whether the temporary moratoria applies to that particular provider or supplier.

We noted that section 1866(j)(7) of the Act provides that there shall be no judicial review of a temporary moratorium. Accordingly, we proposed that a provider or supplier may administratively appeal an adverse determination based on the imposition of a temporary moratorium up to and including the Department Appeal Board (DAB) level of review.

Finally, we proposed at § 424.570(d) that we may lift a moratorium in the following circumstances: (1) In the case of a Presidentially declared disaster under the Robert T. Stafford Disaster Relief and Emergency Assistance Act, 42 U.S.C. 5121 through 5206 (Stafford Act); (2) circumstances warranting the imposition of a moratorium have abated or CMS has implemented program safeguards to address any program vulnerability that was the basis for the moratorium; or (3) in the judgment of the Secretary, the moratorium is no longer needed.

We also recognized that in a limited number of circumstances a State Medicaid agency may enroll a provider or supplier into Medicaid during the temporary moratorium period established by Medicare. If this occurs and the prospective Medicare provider or supplier applies to enroll in the Medicare program after the temporary moratorium is lifted, we would use the screening tools described in section II.A. of this final rule with comment period.

We also solicited public comment on specific exemptions to the temporary moratoria criteria proposed previously. Prior to imposing a moratorium, we would assess Medicare beneficiary access to the type(s) of services that are furnished by the provider or supplier type and/or within the geographic area to which the moratorium would apply.

We would announce the implementation of a moratorium at any time when it is being imposed. The announcement would be made in the Federal Register and we would also address it in other methods or forums, such as Press Releases, at CMS Provider Open Door Forums, in CMS provider listservs, and on the CMS Provider/Supplier Enrollment web page (http://www.cms.gov/​MedicareProviderSupEnroll). We would also require our Medicare contractors to post the moratorium announcement or note the expiration of a moratorium on their Web sites. Our Federal Register announcement would explain in detail the rationale for the moratorium and the rationale for the geographic area(s) in which it would apply.

b. Medicaid and CHIP

Pursuant to section 1902(kk)(4)(A) of the Act, we proposed at § 455.470(a)(2) and (3) that a State Medicaid agency will comply with a temporary moratorium imposed by the Secretary unless it determines that the imposition of such a moratorium would adversely affect beneficiaries' access to medical assistance.

Where the Secretary has imposed a temporary moratorium in accordance with § 424.570, and the State has determined that compliance with such a moratorium would adversely impact Medicaid beneficiaries', or CHIP participants', as the case may be, access Start Printed Page 5919to medical assistance, section 1902(kk)(4)(A)(ii) of the Act creates an exception for the State from complying with the moratorium. We proposed that the State provide the Secretary with written details of the moratorium's adverse impact on Medicaid beneficiaries. Prior to the Secretary imposing such a moratorium in any State, we proposed at § 455.470(a)(1) that the Secretary consult with the State, so that the State may have an opportunity to seek an exception from the moratorium.

Pursuant to section 1902(kk)(4)(B) of the Act, States have authority to impose moratoria, numerical caps, or other limits for providers that are identified by the Secretary as being at “high” risk for fraud, waste, or abuse. We proposed, at § 455.470(b) that where the State identifies a category of providers as posing a significant risk of fraud, waste, or abuse, the State must seek our concurrence with that determination and provide us with written details of the proposed moratorium, including the anticipated duration, and with a substantial justification explaining why disallowing newly enrolling providers would reduce the risk of fraud. We proposed at § 455.470(c) that States' moratoria would be imposed for a period of 6 months and may be extended in 6 month increments.

Section 2107(e)(1) of the Act provides that all provisions that apply to Medicaid under sections 1902(a)(77) and 1902(kk) of the Act apply to CHIP. Accordingly, we proposed in new regulation § 457.990 that all the provider screening, provider application, and moratorium regulations that apply to Medicaid providers also apply in providers that participate in CHIP.

3. Analysis of and Responses to Public Comment

Below is a summary of the comments we received regarding the temporary enrollment moratoria.

Comment: A commenter expressed support for our proposal to establish a moratorium on new providers or new practice locations only when it is believes through the agency's review that a risk of fraud and abuse is detected. The commenter, however, requested CMS to: (1) To review the proposed 6-month timeframe for the moratoria, (2) add more flexibility to the standard if it is determined that 6 months is too long, and (3) give the provider community an opportunity to comment prior to its effective date. Another commenter stated that a moratorium is a drastic remedy that should only be used when CMS can clearly articulate the basis for imposing such an extreme measure. CMS must, in such cases, publish: (1) The data it used to determine a moratorium was necessary, (2) the steps it will take to resolve the issues that gave rise to the need for the moratorium, and (3) when it expects to lift the suspension in new enrollments.

Response: We believe that the rule as proposed directly addressed the timeframe, standards, and process for imposing, explaining the rationale for, and lifting an enrollment moratorium; because we received multiple related comments, this response should be read in conjunction with the discussion of those comments. The ACA gives the Secretary broad authority to impose a temporary moratorium on the enrollment of new providers and suppliers if the Secretary determines that a moratorium is necessary to prevent fraud, waste or abuse in Medicare, Medicaid or CHIP. After considerable discussion within CMS and HHS, the proposed rule was published proposing that an initial temporary enrollment moratorium would be imposed for a period of 6 months, with possible extensions in 6-month increments should the Secretary determine that the moratorium was still needed. The 6-month duration was proposed in the NPRM because it was sufficiently long to enable an assessment of its impact on the circumstances that the moratorium was designed to address. The proposed rule also included criteria for when the Secretary would consider imposition of a temporary enrollment moratorium, and the circumstances under which such a temporary enrollment moratorium would be lifted. The proposed rule also indicated that we would announce the implementation of a moratorium at any time, that the announcement would be made in the Federal Register, and that the announcement would explain in detail the rationale for the moratorium and the rationale for the geographic area(s) in which it would apply.

Comment: A commenter stated that advance public notice in the Federal Register of a moratorium should be given. The commenter recognized that this may lead to a rush to apply prior to the effective date, but stated that this could be fixed by limiting the length of time for the advance notice to 30-60 days.

Response: A temporary moratorium on enrollment is an action that will only be used if necessary to fight fraud, waste or abuse in Medicare, Medicaid, or CHIP. Moratoria will be imposed only if based on detailed information indicating a problem that can be addressed through a temporary enrollment moratorium. Although not required by the ACA to do so, we will announce the imposition of a moratorium in the Federal Register. The announcement would explain in detail the rationale for the moratorium and the rationale for the geographic area(s) in which it would apply. We will not be providing advance notice of any planned moratorium as such a notice would likely cause a rush of enrollments of the type posing the problem that would be addressed by the moratorium.

Comment: Several commenters stated that applying a moratorium to providers whose enrollment applications are pending would be unfair and could—in light of the efforts and cost the provider incurred in attempting to enroll—prove financially harmful. They requested that CMS limit moratoria to new applications, not those already submitted. Another commenter requested that the moratorium not apply to applications submitted prior to public notice of the moratorium being given in the Federal Register. Another commenter recommended that CMS explain: (1) What will happen to an application submitted by a new provider when CMS imposes a temporary moratorium, and (2) whether pending applications will be processed when a temporary moratorium is imposed or whether the application will be automatically denied using § 424.530(a)(10).

Response: In the NPRM, we indicated both in the preamble and the proposed regulations that an application to enroll in Medicare from a provider or supplier that is subject to a temporary enrollment moratorium would be denied. With regard to pending applications, we interpret the ACA as applying to pending applications. If a temporary enrollment moratorium is deemed necessary for any provider or supplier type, or for any geographic area, then all enrollment applications from unenrolled providers and suppliers of the type subject to the temporary enrollment moratorium or in the geographic area subject to the moratorium would be denied. However, we will not deny any enrollment for which the Medicare enrollment contractor has completed review of the application and has determined that the provider or supplier meets all the requirements for enrollment and all that remains is to assign appropriate billing number(s) and enter the provider or supplier into PECOS.

Comment: A commenter stated that in CMS's manual instructions, it describes Start Printed Page 5920a provider enrollment fraud detection program for high-risk areas, but that this process is not discussed in the proposed rule. The commenter requested that CMS explain the nexus, if any, between this fraud detection program and the policy described in the temporary moratorium provisions contained in this proposed rule. The commenter also requested that CMS explain whether it will use data submitted or obtained from its contractors in determining whether to impose a temporary moratorium.

Response: We plan to revise our manuals to be consistent with the provisions of the final rule with comment period. We plan to use data from many sources in making a decision about imposing a temporary moratorium—including data from our contractors.

Comment: One commenter recommended that CMS: (1) Explain why it is not using section 1866(j)(3) of the Act, related to a provisional period of enhanced oversight for new providers and suppliers, in the process of establishing a temporary moratorium, and (2) publish a Federal Register Notice explaining its reasons and rationale for establishing a temporary moratorium for a provider or supplier.

Response: Section 1866(j)(3) of the Act is not a part of this final rule with comment period. Moreover, its provisions can be implemented by subregulatory instructions. We plan to implement the provisions in that fashion and in concert with the provisions of this rule and other CMS regulations governing program integrity. As stated in a response to a previous comment, we will publish a notice of imposition of a temporary enrollment moratorium in the Federal Register.

Comment: One commenter expressed concern that the language associated with the temporary moratoria provision: (1) Is vague, (2) does not provide sufficient information on the specific triggers that would cause CMS to suspect that a provider or group of providers is committing fraud, and (3) does not identify the situations in which the moratoria would be applied. The commenter feared that certain providers or suppliers could be prevented from providing services in a particular area without sufficient grounds and that patient access to care could be hindered in the process. The commenter recommended that CMS specifically define the parameters and triggers that CMS intends to use in imposing or enforcing a moratorium on the enrollment of new Medicare providers or suppliers. Another commenter expressed concern with the general nature of the proposed temporary moratoria provisions because it could lead to an abuse of discretion or arbitrary and capricious decision-making with little recourse beyond the internal review process. The commenter was also concerned with the proposed length of the moratorium, stating that a 6 month period: (1) Cannot be reasonably inferred from the Congress having authorized “temporary” moratoria, (2) cannot be considered “temporary,” (3) would have significant consequences for new physicians interested in enrolling in the Medicare program, and (4) should not be extended because there is no congressional authority to do so.

Response: As stated previously, the Affordable Care Act gives the Secretary broad authority to impose a temporary moratorium. After considerable discussion within CMS and HHS, the proposed rule was published proposing that an initial temporary enrollment moratorium would be imposed for a period of 6 months, with possible extensions in six month increments should the Secretary determine that the moratorium was still needed. The 6 month duration was proposed in the NPRM because it was sufficiently long to enable an assessment of its impact on the circumstances that the moratorium was designed to address, and would afford us the opportunity to determine whether the circumstances warranting the imposition of a temporary enrollment moratorium have abated or we have implemented program safeguards to address program vulnerabilities. With regard to the temporary nature of a moratorium, we would note that the NPRM explicitly indicated that an initial moratorium would be for a 6 month period, not an indefinite period. Regarding the impact a temporary enrollment moratorium would have on beneficiary access to care, we stated in the NPRM that we will assess Medicare and Medicaid beneficiaries' and CHIP participants access' to the types of services that are furnished by the provider or supplier type and/or within the geographic area to which the moratorium would apply. We take seriously our responsibility to assure that all Medicare beneficiaries have access to the services and supplies they need. With regard to extending moratoria, we would note that, as stated previously, the Secretary has broad authority to impose a moratorium. The statute confers on the Secretary the responsibility and authority to make the judgment about the need for moratoria—whether initial or an extension—if the circumstances requiring the moratorium are still present.

Comment: A commenter stated that CMS failed to outline the criteria it will use to make the determination that a moratorium is to be extended.

Response: We would not impose a temporary enrollment moratorium without an adequate rationale. Should it be necessary to impose a temporary enrollment moratorium on any provider or supplier type, we will discuss the issues associated with the decision to impose a temporary enrollment moratorium in a public notice in the Federal Register.

In the NPRM, we listed some examples of circumstances that could lead to the imposition of a temporary enrollment moratorium in situations where: (1) CMS, based on its review of existing data, identifies a trend that appears to be associated with a high risk of fraud, waste or abuse, such as highly disproportionate number of providers or suppliers in a category relative to the number of beneficiaries or a rapid increase in enrollment applications within a category determines that there is a significant potential for fraud, waste or abuse with respect to a particular provider or supplier type or particular geographic area or both, (2) a State has imposed a temporary enrollment moratorium, or (3) CMS in consultation with the Department of HHS Office of Inspector General or the Department of Justice or both identifies either or both a particular provider or supplier type or a particular geographic area as having significant potential for fraud, waste, or abuse. We also included in the NPRM the reasons a temporary enrollment moratorium could be lifted. The decision to extend a moratorium would be based on the proposals in the NPRM and would take into account the extent to which the conditions necessitating the moratorium were still present.

Comment: A commenter requested clarification regarding the term “geographic area” as it is used in proposed § 424.530(a)(10).

Response: The geographic area referred to in § 424.530(a)(10) is the region that is under a temporary enrollment moratorium. For example, this may constitute a county, a number of counties, state, a number of states, regions, or MSAs.

Comment: A commenter expressed support for CMS's proposal to impose a temporary moratorium on the enrollment of new providers or provider types in a geographic location to prevent fraud and abuse. However, the commenter urged CMS to ensure that such moratoria do not prevent health care providers in the geographic Start Printed Page 5921location from enrolling as an ordering/referring provider, as a moratorium may impair these practitioners from providing Medicare beneficiaries with needed care.

Response: We take seriously our responsibility to assure that all Medicare beneficiaries have access to the services and supplies they need. As a part of this assurance, we would consider the implications of a temporary enrollment moratorium for physicians and other eligible professionals who order and refer services for Medicare. However, enrollment moratoria imposed on provider types will not distinguish between the enrollment purpose, that is, enrollment for the right to bill Medicare versus enrollment solely to order and refer, unless otherwise specified in the Federal Register. As stated previously, the notice in the Federal Register will both discuss the issues associated such the decision, and identify the provider types subject to the temporary enrollment moratoria. We believe the rationale that supports a decision to put a temporary enrollment moratorium in place for those who bill Medicare should extend to those same types of providers who seek to enroll to order and refer. In addition, the enrollment process solely to order and refer was established by us for those provider types that do not typically enroll in Medicare, such as dentists, other government agency employees (such as the Department of Veterans Affairs), and pediatricians. Therefore, it will be highly unlikely that those who were seeking to enroll in order to bill Medicare will similarly seek to enroll solely to order and refer. Regarding the impact a temporary enrollment moratorium may have on beneficiary access to needed care, we stated in the NPRM that we will assess Medicare beneficiary access to the types of services that are furnished by the provider or supplier type and/or within the geographic area to which the moratorium would apply.

Comment: A commenter supported CMS's statement in the preamble to the proposed rule that a moratorium shall not apply to a change of practice location or to changes of ownership of existing providers or suppliers.

Response: We agree and plan to finalize these provisions.

Comment: A commenter recommended that CMS establish a temporary moratorium on the enrollment of slide preparation Facilities, since these organizations are not authorized by the Congress to enroll in or bill the Medicare program.

Response: It would be premature to identify in this rule any provider or supplier type that might be subject to imposition of a temporary enrollment moratorium. Should it be necessary to impose a temporary enrollment moratorium on any provider or supplier type, we will explain the reasons for the temporary enrollment moratorium in a public notice in the Federal Register.

Comment: A commenter recommended that CMS develop and implement a regulatory-defined process to utilize when determining whether or not to mandate a moratorium. The process should effectively prevent any negative impact in quality of and access to care for Medicare beneficiaries or Medicaid program enrollees.

Response: We would consider a number of factors in deciding whether to impose a temporary enrollment moratorium. These are spelled out in the proposed rule and include: situations where: (1) CMS, based on its review of existing data, identifies a trend that appears to be associated with a high risk of fraud, waste or abuse, such as highly disproportionate number of providers or suppliers in a category relative to the number of beneficiaries or a rapid increase in enrollment applications within a category determines that there is a significant potential for fraud, waste or abuse with respect to a particular provider or supplier type or particular geographic area or both, (2) a State has imposed a temporary enrollment moratorium, or (3) CMS in consultation with the Department of HHS Office of Inspector General or the Department of Justice or both identifies either or both a particular provider or supplier type or a particular geographic area as having significant potential for fraud, waste, or abuse.

As mentioned elsewhere, we indicated in the NPRM that prior to imposing a temporary enrollment moratorium we would assess Medicare beneficiary access to the type(s) of services that are furnished by the provider or supplier type and/or within the geographic area to which the moratorium would apply. We also indicated that if a State has determined that compliance with a Medicare imposed moratorium would adversely impact Medicaid beneficiaries' or CHIP participants' access to care, the State would not be required to comply with the moratorium. We and the States take the assurance of adequate access seriously.

Comment: A commenter requested clarification as to the mechanism—for instance, via the Federal Register—by which it will announce the lifting of a temporary moratorium.

Response: We will announce the imposition of any temporary enrollment moratorium via a notice published in the Federal Register. We would also provide notice on our Web sites, listservs, and through open door forums. Similarly, we would provide notice of the lifting of a moratorium in the Federal Register. We would also provide notice on our Web sites, listservs, and through open door forums.

Comment: A commenter mentioned that while the preamble of the proposed rule states that CMS will announce a moratorium in the Federal Register, the regulation text does not include a reference to Federal Register. The commenter recommended that the regulation text match the preamble language.

Response: We agree. We will ensure that the regulation text matches the preamble and other portions of this document.

Comments: A commenter urged CMS to immediately impose the proposed 6 month moratorium on the new certification of HHAs and hospices in its final rule with comment period, stating that there is a clear relationship between rapid development of new home health and hospice providers and the growth in fraud, abuse and waste. The commenter added that this will allow some time for other initiatives and proposals in the proposed rule to reduce fraud and abuse before hundreds of more providers enter the already saturated home health and hospice programs. For home health, the commenter stated that the moratorium should be maintained until new home health conditions of participation (CoPs) are implemented by CMS and other protections against referral abuse can be implemented by the OIG. For hospices, the commenter recommended that the moratorium be maintained until standardized hospice quality measures and payment system reforms are implemented by CMS.

Response: It would be premature to identify any provider or supplier type that might be subject to imposition of a temporary enrollment moratorium, or the circumstances necessitating such an action. Should it be necessary to impose a temporary enrollment moratorium on any provider or supplier type, we will explain the reasons for the temporary enrollment moratorium in a public notice in the Federal Register. We specified in the NPRM examples of why a moratorium would be imposed. “Revisions to the HHA Conditions of Participation” is not among the examples we cited for the reason that moratoria are focused on specific kinds of problems or areas, and are to be temporary.Start Printed Page 5922

Comments: A commenter requested that CMS clarify the process for timely notifying the State Medicaid agency of a moratorium imposition, and whether the process will include advance notice.

Response: We will be issuing subregulatory guidance to assist States with the operational aspect of implementing this provision in the near future.

Comments: A commenter stated that while a temporary moratorium might be reasonable in some limited situations, CMS should make such decisions based on specialty, not on provider type; for instance, it would be inappropriate for all DMEPOS suppliers to be put under such a moratorium when fraud concerns do not include orthotists and prosthetists.

Response: The ACA gives the Secretary broad authority to impose a temporary enrollment moratorium. We believe that circumstances could justify imposing a temporary enrollment moratorium on a category of providers or suppliers and not a subset within a provider or supplier type. As stated previously, the Secretary would explain the reasons for the moratorium in a Federal Register notice.

Comment: A commenter stated that the proposed policies need to be modified to accommodate newly enrolling physicians (and physicians establishing new practice locations) in cases where a moratorium relates to DMEPOS suppliers. In other words, if CMS or a State imposes a moratorium on DMEPOS suppliers, the moratorium should not apply to newly enrolling physicians (or physicians establishing a new practice location) who are now also required to enroll as DMEPOS suppliers if they wish to furnish DMEPOS to their own patients.

Response: In the example cited by the commenter, physicians enrolled as physicians to provide medical care would not be subject to a moratorium on DMEPOS suppliers. Only the new DMEPOS suppliers would be subject to the temporary enrollment moratorium. Physicians would be able to enroll in Medicare as physicians for the purpose of providing medical care (or ordering or referring medical care or services). The moratorium would only apply to the physician if he or she were newly applying to be a DMEPOS supplier in the geographic area covered by the moratorium.

Comment: A commenter suggested that CMS specify that a moratorium will not be imposed unless: (1) There is significant risk of widespread fraud, waste, or abuse in a specified and discrete geographic region, and (2) clear and documented agency analysis showing that the moratorium will not exacerbate health disparities or create additional barriers for underserved communities. Also, CMS should include greater specificity as to what conditions would warrant the imposition of a moratorium and what factors would be considered to ensure that the harm does not outweigh the benefit and will not have a disparate adverse impact on racially and ethnically diverse beneficiaries and physicians.

Response: We appreciate the concerns expressed by the commenter and we are also concerned about the issues of access and disparities. As mentioned previously, we indicated in the proposed rule that prior to imposing a temporary enrollment moratorium we will assess Medicare beneficiary access to the type(s) of services that are furnished by the provider or supplier type and/or within the geographic area to which a moratorium would apply. We also indicated that if a State has determined that compliance with a Medicare imposed moratorium would adversely impact Medicaid beneficiaries' or CHIP participants' access to care, the State would not be required to comply with the moratorium. CMS and the States take the assurance of adequate access seriously. We do not intend to impose a moratorium that would impede access to needed services.

Comment: A commenter expressed concern that CMS's proposed standards for implementing a temporary moratorium on new enrollment of potentially high risk providers and suppliers is too broad, and that CMS could impose a moratorium on new enrollment of all DMEPOS suppliers, even though only a subset of suppliers or a particular region or State poses a high risk of fraud. CMS should specify that it will narrowly limit the moratoria to those provider types or those narrow geographic regions that generate the fraud concerns. In particular, the commenter stated that community pharmacies face the danger that, in the midst of preparing to open up, CMS will impose a moratorium. The commenter urged that the expansion of an existing community pharmacy DMEPOS supplier does not pose a fraud risk and such an expansion should not be subject to a possible moratorium. Another commenter stated that CMS should adopt a more targeted approach to moratoria that takes other relevant factors into consideration, such as the history or trend in proven fraud and/or abusive practices for specific types or categories of providers or suppliers. The commenter believes that painting all providers and suppliers in a particular geographic area with the same broad brush is too extreme a measure, and that CMS should not use geography, by itself, as a determining factor in imposing a temporary enrollment moratorium on all providers and suppliers.

Response: As stated elsewhere in this document, we will publish a notice in the Federal Register announcing imposition of a temporary enrollment moratorium. This notice would contain a discussion of the factors associated with the moratorium. Although there are clear differences in the levels of fraud in different geographic areas of the United States, geography by itself without any indication of a risk of fraud, waste or abuse would not be a cause for a moratorium. Community pharmacies generally enroll in Medicare as roster billers for purposes of immunizations, and as such are listed in the limited risk level. DMEPOS suppliers that are owned by a community pharmacy are enrolled in Medicare as DMEPOS suppliers and are subject to the supplier standards for DMEPOS suppliers (except accreditation under certain circumstances). If we, on behalf of the Secretary, determine that a moratorium is needed for any particular provider or supplier type or geographic area or both, we would publish our rationale for the moratorium in our Federal Register notice. Decisions to impose a temporary enrollment moratorium would be made based on presenting circumstances. It would not be appropriate to exclude any provider or supplier category, for example, DMEPOS suppliers owned by community pharmacies, from being subject to a moratorium if the circumstances warrant the imposition of a temporary enrollment moratorium.

Comment: Several commenters recommended that CMS also be permitted to lift a moratorium if the Secretary of HHS declares a public health emergency in an area.

Response: The ACA gives the Secretary broad authority to impose temporary enrollment moratoria as a means to combat fraud, waste or abuse. The Secretary has considerable discretion to consider all aspects of the impact of a possible temporary moratorium. In the NPRM we proposed that the Secretary may lift a moratorium in the following three circumstances: (1) The President declares an area a disaster under the Robert T. Stafford Disaster Relief and Emergency Assistance Act, (2) circumstances warranting imposition of moratorium have abated or we have implemented safeguards to address the issue that was the cause of such moratorium, or (3) in the judgment of the Secretary, the moratorium is no Start Printed Page 5923longer needed. Based on the comments received in response to the NPRM, and consistent with the broad authority provided to the Secretary in the Affordable Care Act, we have decided to add a public health emergency declared by the Secretary under section 319 of the Public Health Service Act to the list of circumstances the Secretary could cite in lifting a moratorium. We would closely evaluate these circumstances in the decision to continue a temporary enrollment moratorium.

Comment: A commenter suggested that CMS include the restrictions listed in the preamble regarding temporary moratoria in the regulation text at § 424.570.

Response: It is unclear which provisions included in the preamble of the NPRM are of concern to the commenter. However, we will include any provisions dealing with imposition of temporary enrollment moratoria at § 424.570.

Comment: A commenter asserted that new § 424.570 is inconsistent with the DMEPOS competitive bidding program. Under competitive bidding, a company might win a contract in a competitive bidding area (CBA) where a moratorium exists. If so, the company could not alter its geographic locations to best serve the CBA. The commenter requested that CMS in the final rule with comment period carefully delineate how the competitive bidding program and the proposed temporary moratoria requirements will intersect.

Response: All winners of DMEPOS competitive bidding contracts are required to be enrolled in Medicare as a condition of their contract. As a result, these suppliers would not likely be subject to a moratorium on enrollment after they were awarded a contract, as they would already be enrolled. However, in a situation where a competitive bid winner applied to expand to a new practice location, the new location would need to be enrolled in Medicare. If a moratorium were imposed on DMEPOS suppliers in the area where the competitive bid winner was attempting to enroll a new practice location, the application would in all likelihood be denied based on the existence of a moratorium.

Comment: The same commenter also suggested that: (1) Suppliers with 10 or more provider transaction account numbers (PTANs) be exempt from § 424.570 and (2) CMS allow exceptions for bona fide acquisitions of assets belonging to an existing provider in the area for the protection of the beneficiaries served by the selling provider.

Response: We will be applying the provisions of this rule to all enrolled physicians, individual practitioners, providers and suppliers regardless of the number of PTANs. In addition, as stated in the NPRM, changes in ownership are not subject to moratoria. Moreover, the provisions of this rule do not address the conditions under which a provider or supplier can complete a bona fide acquisition of assets.

Comment: Several commenters stated that new locations of enrolled suppliers should not be subject to a moratorium. Existing suppliers with no history of fraud should not be constrained in their ability to adjust their businesses to best meet the needs of beneficiaries; indeed, beneficiary access could be impaired if new locations were affected by a moratorium. Another commenter stated that applying a moratorium to a new location should only occur when the supplier has an objectively demonstrated history of fraud or for whom CMS has credible evidence of fraud.

Response: As mentioned elsewhere in this document, a temporary enrollment moratorium would not be imposed without adequate rationale. The decision to impose a temporary enrollment moratorium would not be made lightly and would only be pursued should one or more of the conditions for imposing a temporary moratoria exist—as described in the proposed rule. One factor for imposing a moratorium could be that—as stated in the NPRM—there are a disproportionate number of providers or suppliers relative to the number of beneficiaries. For example, currently enrolled providers and suppliers that are trying to enroll in or establish new practice locations in areas subject to a moratorium that has been imposed because there is a disproportionate number of a particular provider category relative to beneficiaries, should not be exempt from the moratorium.

Comment: A commenter stated that given that the intensity of a Certificate of Need program is designed to limit the number of providers to match beneficiary need, an exception to a temporary moratorium should be granted in the presence of such a program. Another commenter agreed that an exemption to the moratorium should be given if the State has a Certificate of Need program and the State determines that there is a need for additional providers. Several commenters also recommended exceptions to a moratorium when a provider is establishing a branch location within its geographic service area. Branch locations are subject to the oversight of the established parent location and operate under the same Medicare provider number. Another commenter stated that the addition of a branch office to an HHA is not the equivalent of “establishing a new practice location.”

Response: We have decided not to provide a link to State CON programs because these programs vary in effectiveness and are subject to different standards, coverage and regulations and are not focused on fraud, waste or abuse prevention as would be a temporary enrollment moratorium that is authorized in the ACA. To provide an exemption in States with CON programs would require considerable effort to assure that all provider types are afforded due process and equal treatment. Accordingly, we did not propose an exemption from temporary enrollment moratoria in States with CON programs. We plan to take into account the impact a CON has on provider supply and beneficiary access when deciding to impose a moratorium. Regarding the HHA branch offices, we note that the extent to which the branch office is subject to a moratorium depends on whether the branch office is to be enrolled separately.

Comment: A commenter stated that the proposal to allow unlimited 6 month extensions without thorough documentation of supporting data hardly makes the moratoria temporary and could pose a significant risk to access to quality care for Medicare beneficiaries.

Response: The ACA gives the Secretary broad authority to impose a temporary moratorium on the enrollment of new providers and suppliers if the Secretary determines that a moratorium is necessary to prevent fraud, waste or abuse in Medicare, Medicaid or CHIP. The statute did not provide a specific time period for the duration of a moratorium. After considerable discussion within CMS and HHS, the proposed rule was published proposing that an initial temporary enrollment moratorium would be imposed for a period of 6 months, with possible extensions in 6 month increments should the Secretary determine that the moratorium was still needed. We proposed the 6 month duration because it would be sufficiently long to enable an assessment of its impact on the circumstances that the moratorium was designed to address, and would afford us the opportunity to determine whether the circumstances warranting the imposition of a temporary enrollment moratorium have abated or whether we have implemented program Start Printed Page 5924safeguards to address program vulnerabilities. The 6 month period would also afford the Secretary reasonable opportunity to determine whether the moratorium was no longer needed. With regard to the temporary nature of a moratorium, we would note that the NPRM explicitly indicated that an initial moratorium would be for a 6 month period, not an indefinite period. Regarding the impact a temporary enrollment moratorium would have on beneficiary access to needed care, we stated in the NPRM that we will assess Medicare beneficiary access to the types of services that are furnished by the provider or supplier type and/or within the geographic area to which the moratorium would apply. We take seriously our responsibility to assure that all Medicare beneficiaries have access to the services and supplies they need. With regard to extending moratoria, the statute confers on the Secretary the responsibility and authority to make the judgment about the need for moratoria—whether initial or an extension—if the circumstances requiring the moratorium are still present.

Comment: A commenter stated that as part of the implementation of a temporary moratorium and any extension thereof, CMS should publish data and research that support their decision to impose the moratorium. The data should be thorough and indicate the “actual increased” risk rather than perceived risk for fraud and abuse, in addition to supportive material data. Another commenter added that CMS should ensure that beneficiary access is not curtailed in an area where a moratorium is imposed.

Response: As stated earlier, the ACA gives the Secretary broad authority to impose temporary enrollment moratoria when necessary to prevent or combat fraud, waste or abuse. We will announce any temporary enrollment moratoria in the Federal Register, including a discussion of the issues associated with the decision to impose a temporary enrollment moratorium. We are concerned about the effect imposition of a temporary enrollment moratorium would have on beneficiary access, and would consider access to care as one possible factor related to imposition of a moratorium. The ACA specifically mentions access to Medicaid services as a reason that States should consider in making decisions to implement moratoria.

Comment: A commenter stated that the proposed rule should be amended to state that a moratorium does not apply to instances where the new provider is a result of a merger, change of ownership, or consolidation. Also, the fact that the moratorium would not apply where there is a change in practice location should be stated directly in the rule.

Response: We agree. All of these instances are addressed in the final rule with comment period.

Comment: A commenter requested that FQHCs be exempt from any geographical moratoria established by CMS. FQHCs are required to contract with State Medicaid and CHIP programs within certain specified locations. Inclusion in a moratorium would force these FQHCs to provide services without compensation.

Response: The ACA gives the Secretary authority to impose a moratorium when necessary to combat fraud waste and abuse in Medicare, Medicaid, or CHIP. Should there ever be a reason to impose a temporary enrollment moratorium on FQHCs, we would need to be able to do so. As mentioned previously, we indicated in the NPRM that prior to imposing a temporary enrollment moratorium we would assess Medicare beneficiary access to the type(s) of services that are furnished by the provider or supplier type and/or within the geographic area to which the moratorium would apply. We also indicated that if a State has determined that compliance with a Medicare imposed moratorium would adversely impact Medicaid beneficiaries' or CHIP participants' access to care, the State would not be required to comply with the moratorium. We and the States take the assurance of adequate access seriously.

Comment: The commenter also stated that Indian and Tribal providers should be exempt from the temporary moratoria provisions, as their programs are not viable without third-party revenue (especially Medicare and Medicaid) and that a moratorium could impede the programs and harm access to care.

Response: The ACA gives the Secretary authority to impose a temporary enrollment moratorium when necessary to combat fraud, waste and abuse in Medicare, Medicaid, or CHIP. Should there ever be a reason to impose a temporary enrollment moratorium on Indian or Tribal providers, we would need to be able to do so. As mentioned previously, we indicated in the NPRM that prior to imposing a temporary enrollment moratorium we would assess Medicare beneficiary access to the type(s) of services that are furnished by the provider or supplier type and/or within the geographic area to which the moratorium would apply. We also indicated that if a State has determined that compliance with a Medicare imposed moratorium would adversely impact Medicaid beneficiaries' or CHIP participants' access to care, the State would not be required to comply with the moratorium. We and the States take the assurance of adequate access seriously.

Comment: A commenter stated that the moratorium exceptions should be very limited. The commenter agreed with CMS's proposal for an exemption for health crisis situations related to, for example, a natural disaster. The commenter also recommended that exceptions should be granted in areas: (1) With active CON programs, (2) not being served by any provider or (3) where the provider(s) (other than the applicant for the exception) attest that they lack the capacity to meet current demand. Still, the commenter stated that exemptions should only be granted in such exceptional circumstances and not become a vehicle for routine circumvention of the moratorium.

Response: We agree with the intent of these comments. Temporary enrollment moratoria must be considered carefully and the reasons for their imposition must be clear. Prior to imposing a moratorium, we will consider a number of factors, such as, any potential effect on access to care for beneficiaries. CON programs are not factored in to CMS decisions regarding exceptions.

Comment: A commenter requested clarification as to whether the temporary moratoria provisions apply to managed care organizations.

Response: This provision does not apply to Medicaid managed care entities. Medicaid risk based managed care is subject to contracts between States and the managed care entities, and the States rely upon those contracts to ensure that Medicaid beneficiaries have access to providers and a choice of networks within the managed care programs the State maintains. We would not impose moratoria on managed care programs that could restrict the ability of States to ensure beneficiary access and choice.

Comment: A commenter stated that an enrollment moratorium should not apply to publicly traded companies, since CMS can look to the board of directors and similar organizational structures to provide appropriate oversight and accountability. Moreover, after a moratorium is lifted, publicly traded providers and suppliers that were subject to the moratorium should not be lifted to a high screening level; to do so would be inconsistent with CMS's own statements in the preamble that publicly traded providers and suppliers pose a limited risk.Start Printed Page 5925

Response: It would be inappropriate for us to identify any one provider or supplier characteristic, such as being publicly traded, as a basis for not being subject to a temporary enrollment moratorium. In addition, as noted below, in the screening portion of this final rule with comment period, we have decided not to draw a distinction between publicly traded and other providers and suppliers. Should there ever be a reason to impose a temporary enrollment moratorium in a geographic area or on a particular provider or supplier category; we would need to be able to do so. We cannot state that there will never be circumstances that warrant imposition of a temporary enrollment moratorium that will affect providers and suppliers that are publicly traded or that these providers and suppliers will never be subject to a temporary enrollment moratorium. We have in response to many comments on this issue, has decided to eliminate the distinction between publicly traded and non-publicly traded status as a determinant of assignment of provider or supplier types to risk levels. Temporary enrollment moratoria will not be imposed without adequate rationale for how the moratorium would address fraud, waste and abuse in Medicare, Medicaid and CHIP. Such moratoria would be imposed based on careful analysis and assessment of circumstances that are present.

Comment: CMS, according to one commenter, states repeatedly that the application of the temporary moratoria could be to either a particular provider or supplier type or a particular geographic area. The commenter urged CMS to reconsider whether it is appropriate to ever apply moratoria on particular geographic areas for all provider and supplier types—such as physicians, whom CMS assigns to the limited level of screening. The commenter believes that physicians should be exempt from geographic provider/supplier enrollment moratoria.

Response: We would not likely impose a temporary enrollment moratorium on all provider and supplier types in a particular geographic area particularly given the potential impact on beneficiary access. However, if circumstances were to be such that a temporary enrollment moratorium in a particular geographic area should apply to all provider and supplier types in that area, we would need to be able to impose such a moratorium. As stated elsewhere in this document, we would publish notice of any moratorium and would include in the notice the rationale for the imposition of a temporary enrollment moratorium. Also, as stated earlier, we would consider access issues as well.

Comment: A commenter urged that the final rule with comment period be revised to clarify that it is only to be used as an option of last resort, when less onerous enforcement efforts have failed to reduce program abuse by a significant number of providers or suppliers of the same type. The commenter also stated that it should be imposed only if there is irrefutable evidence of fraud, waste or program abuse by a significant portion of the population of providers that are targeted by the moratorium.

Response: The ACA gives the Secretary broad authority to impose temporary enrollment moratoria in instances where the Secretary has determined that the moratorium is necessary to combat fraud, waste or abuse in Medicare, Medicaid or CHIP. A moratorium would not be imposed without adequate justification. We would announce in the Federal Register the imposition of any temporary enrollment moratorium and would include a discussion of the issues associated with the decision to impose the temporary enrollment moratorium.

In the NPRM, we did list circumstances that could lead to the imposition of a temporary enrollment moratorium in situations where: (1) Based on our review of existing data, identifies a trend that appears to be associated with a high risk of fraud, waste or abuse, such as when a highly disproportionate number of providers or suppliers in a category relative to the number of beneficiaries or a rapid increase in enrollment applications within a category is associated with a significant potential for fraud, waste or abuse with respect to a particular provider or supplier type or particular geographic area or both, (2) a State has imposed a temporary enrollment moratorium, or (3) CMS in consultation with the Department of HHS Office of Inspector General or the Department of Justice or both identifies either or both a particular provider or supplier type or a particular geographic area as having significant potential for fraud, waste, or abuse. We also included in the NPRM the reasons a temporary enrollment moratorium could be lifted. The decision to extend a moratorium would be based on the proposals in the NPRM and would take into account the extent to which the conditions necessitating the moratorium were still present.

Comment: A commenter stated that CMS and Medicaid should be permitted to extend a temporary moratorium by a maximum of one additional 6 month period. Twelve months is more than a sufficient amount of time for CMS to consider additional programmatic initiatives. The commenter added that CMS's statement in the preamble that it “would assess Medicare beneficiary access to the type(s) of services that are furnished by the provider or supplier type and/or within the geographic area to which the moratorium would apply” before imposing a moratorium, should be included in the regulatory text.

Response: We reserve the option to extend a temporary moratorium if circumstances warrant the continuation. We do not want to limit our ability to keep a temporary enrollment moratorium in place if necessary. Conversely, if the Secretary determines that a moratorium is no longer needed, consistent with the provisions of the proposed rule, the moratorium could be lifted at any time. We have modified the regulation text to make this clarification. We will consider safeguards for beneficiary access related to the imposition of an enrollment moratorium at § 424.570.

Comment: A commenter stated that CMS should exempt new practice locations from the moratoria and should limit the moratorium to newly-enrolling providers and suppliers.

Response: Currently enrolled providers and suppliers that are trying to establish additional new practice locations as a means to enroll in areas that are subject to a moratorium, and the provider is of the type for which the temporary enrollment moratorium is imposed, should not be exempt from the moratorium. However, if an enrolled provider or supplier is merely changing its practice location from a current location to a new location—not an additional new location—then that new location would not be subject to a temporary enrollment moratorium.

Comment: A commenter stated that CMS should establish an administrative appeals mechanism to address adverse determinations based on the imposition of a temporary moratorium that would also permit providers and suppliers to question whether CMS has an appropriate statutory or evidentiary basis for imposing a temporary moratorium.

Response: The ACA specifies that there is no judicial review under sections 1869 and 1878 of the Act, or otherwise of the decision to impose a temporary enrollment moratorium

However, as stated in the NPRM, we note that a provider or supplier may use the existing appeal procedures at 42 CFR part 498 to administratively appeal a denial of billing privileges based on the imposition of a temporary moratorium.Start Printed Page 5926

Comment: One commenter stated that CMS should allow exceptions to the moratorium, such as: (1) A low ratio of the provider or supplier type to the number of beneficiaries in the targeted area, (2) pandemics and other threats to beneficiary health that would be served by the provider or supplier type, and (3) other circumstances as the Secretary or the State Medicaid director determine are in the best interests of the program.

Response: As discussed previously, the ACA gives the Secretary broad authority to impose temporary enrollment moratoria. We also stated earlier that we listed in the NPRM circumstances that could lead to the imposition of a temporary enrollment moratorium in situations. We also indicated in the NPRM that prior to imposing a temporary enrollment moratorium we would assess Medicare beneficiary access issues. And we indicated that if a State has determined that compliance with a Medicare imposed temporary enrollment moratorium would adversely impact Medicaid beneficiaries', or CHIP participants' access to care, the State would not be required to comply with the temporary enrollment moratorium. We and the States take the assurance of adequate access seriously.

Comment: A commenter believes that CMS moratoria authority was open-ended to the point where CMS could, towards the end of a fiscal year, announce the suspension of provider enrollment in a variety of categories not to stem fraud and abuse, but rather to achieve some budgetary goal of reducing Medicare expenditures. The commenter requested that CMS clarify: (1) Who will decide what constitutes a highly disproportionate number of providers relative to the number of beneficiaries, (2) the standards that will be used to determine the number of providers necessary relative to the number of beneficiaries, and (3) whether this is a de facto return of the certificate of need process.

Response: We proposed and sought comments on factors that would have to be in place to impose a temporary enrollment moratorium, including identifiable trends in CMS data, State imposition of a moratoria, or consultation with the Office of Inspector General or the Department of Justice. The ACA requires that any moratorium imposed be implemented to reduce fraud, waste and abuse in the Medicare, Medicaid and CHIP programs. Additionally, we will not deny any enrollment for which the Medicare enrollment contractor has completed review of the application and has determined that the provider or supplier meets all the requirements for enrollment and all that remains is to assign appropriate billing number(s) and enter the provider or supplier into PECOS. Actively enrolled providers and suppliers will still be reimbursed for claims for services that are provided, and reimbursement would be at levels preceding the moratoria. The process for imposing a moratorium in this rule provides no opportunity for us to use the temporary enrollment moratoria to stop payments to enrolled providers and suppliers, and there is no intention for us to use temporary moratoria for purposes other than the ones authorized under the ACA.

Additionally, as stated previously, we would provide notice in the Federal Register of the imposition of a temporary enrollment moratorium and would include a discussion of the issues associated with the decision to impose a temporary enrollment moratorium. We will decide what constitutes a disproportionate number of providers relative to beneficiaries. We indicated in the NPRM that prior to imposing a temporary enrollment moratorium we would assess Medicare beneficiary access to the type(s) of services that are furnished by the provider or supplier type and/or within the geographic area to which the temporary enrollment moratorium would apply. As a part of this process, we would examine the levels of providers in a given area and make a judgment about whether any temporary enrollment moratorium would adversely affect the delivery of needed services to beneficiaries. Regarding Certificate of Need processes, we would note that a number of States use the CON process. We have stated elsewhere in this document that we have not linked this proposed rule to the CON process. The CON programs vary in effectiveness and coverage and are subject to different standards and regulations. If there were a need to impose a temporary enrollment moratorium in any part of a State that has a CON requirement, we would impose the temporary enrollment moratorium in that part of the State, as needed.

Comment: A commenter stated that CMS should exclude from any moratoria those providers and suppliers: (1) Assigned to the limited level of screening, and (2) that have completed and passed a State licensure process. Another commenter urged that a moratorium be applied only to providers included within the moderate or high screening levels, and then only after: (1) Appropriate appeals measures have been established, and (2) CMS has addressed any beneficiary access to care issues.

Response: The ACA provides that the Secretary can impose a moratorium if she decides that it is necessary to combat fraud, waste or abuse. Accordingly the decision to impose a temporary enrollment moratorium will be based on a variety of factors, including the potential risk of fraud in the Medicare program that could be posed by a particular category of provider or supplier in a specific geographic area. The ACA gives the Secretary authority to impose a moratorium when necessary to combat fraud waste and abuse in Medicare, Medicaid, or CHIP. Should there ever be a reason to impose a temporary enrollment moratorium on any category of providers or suppliers, we would need to be able to do so—regardless of the screening level to which they were assigned as part of the provider and supplier screening process described in this regulation. We cannot state that providers and suppliers in the “limited” screening level will never be subject to a temporary enrollment moratorium. Nor are we prepared to state that providers or suppliers that are licensed would never be subject to a temporary enrollment moratorium. With regard to access to care, we indicated in the NPRM that prior to imposing a temporary enrollment moratorium we would assess Medicare beneficiary access to the type(s) of services that are furnished by the provider or supplier type and/or within the geographic area to which the temporary enrollment moratorium would apply. We also indicated that if a State has determined that compliance with a Medicare imposed temporary enrollment moratorium would adversely impact Medicaid beneficiaries', or CHIP participants' access to care, the State would not be required to comply with the temporary enrollment moratorium. We and the States take the assurance of adequate access seriously.

Comment: A commenter stated that while the preamble mentions that advanced notice of a moratorium will be given, this is not specified in the regulation text. The commenter stated that the text should be amended to reflect the advanced notice requirement.

Response: The preamble to the proposed rule says that we will announce the imposition of a temporary enrollment moratorium in the Federal Register. The preamble does not say we will give advance notice. We have stated in response to other comments that we do not think we should provide advance notice as this may foster an increase in applications for enrollment in an Start Printed Page 5927attempt to circumvent the intent of the temporary enrollment moratorium. Accordingly, we did not include any language about advance notice in the regulation text.

Comment: A commenter requested clarification as to what the term “significant potential for fraud” means in the context of the moratorium and the datasets that will be used to determine whether such a trend exists.

Response: We offered examples in the NPRM of the kinds of circumstances that might warrant imposition of a temporary enrollment moratorium. We plan to draw on data and information from many sources in coming to a decision about imposition of temporary enrollment moratoria—including existing CMS claims and enrollment data as well as other public data as well as data from our contractors or from law enforcement entities.

Comment: A commenter noted that CMS proposes to allow a Medicare enrollment moratorium where a State Medicaid program has imposed a moratorium on a group of providers who are also eligible to enroll in Medicare. The commenter stated that the proposal does not clarify whether CMS intends for such a moratorium to apply only to those providers within the affected State or whether that moratorium could apply nationwide in the event that the moratorium pertains to provider type. The commenter believes that for a State-imposed moratorium to have such a drastic effect across the country without evidence of a nationwide problem would be an overly broad and unnecessary imposition of CMS authority, and urged CMS to craft this provision more narrowly.

Response: We agree that imposing a moratorium on a national level based on one State's action in its State would be an unnecessarily broad action for us to take. The intent of that provision in the NPRM was to afford Medicare the option to adopt a State moratorium in a State or part of a State if appropriate.

Comment: A commenter stated that in the case of a moratorium, CMS and the States should explain their actions and provide an opportunity for notice and comment.

Response: We have said that we plan to provide notice of imposition of a temporary enrollment moratorium in the Federal Register, explaining the rationale for the imposition. We will not be providing an opportunity for comment prior to the imposition of a temporary enrollment moratorium, because it is not a rulemaking effort. Moreover, we think that providing advance notice of a temporary enrollment moratorium might foster a spike in enrollment applications from providers or suppliers that would be subject to the moratorium. If we determine that a temporary enrollment moratorium is needed, we would not want to provide opportunities for providers and suppliers to circumvent the moratorium's purpose.

Comment: A commenter recommended that CMS impose a temporary moratorium nationally on any Medicare-certified HHAs. As an alternative, the commenter suggested a moratorium in any State without either HHA licensure or a certificate of need, or in any State where the growth in new HHAs in the most recent 4 years has exceeded 15 percent.

Response: At this time, we are not contemplating the imposition of national moratoria. Moreover, it would be premature to identify any provider or supplier type that might be subject to imposition of a temporary enrollment moratorium. Should it be necessary to impose a temporary enrollment moratorium on any provider or supplier type, we will explain the reasons for the temporary enrollment moratorium in a public notice in the Federal Register.

Comment: One commenter stated that while they are in agreement with the proposal that State Medicaid agencies should have the authority to impose temporary moratoria on the enrollment of new providers or impose numerical caps or other limits on the providers assigned to the high screening level by the Secretary, the State Medicaid agency should also be allowed the discretion to identify providers that are high risk by State standards.

Response: We agree that the State Medicaid agency has the discretion to identify providers that are high risk by State standards. However, section 1902(kk)(4)(B) of the Act explicitly states that the designation of “high risk” providers for purposes of this provision must be made by the Secretary. Thus, we are finalizing the requirement that when a State Medicaid agency identifies a category of providers that are high risk of fraud, waste or abuse by State standards, the State must seek our concurrence with that assignment prior to imposing any type of moratoria, numerical caps or other limits on the enrollment of these providers.

Comment: One commenter requested that the rule be clarified to allow a State to complete any provider enrollment initiated prior to a Federally imposed moratorium.

Response: If a moratorium is deemed necessary, then we believe that all unenrolled providers should be subject to the moratorium. However, we would not require the State to deny any enrollment for which the State has completed its review of the enrollment application and has made a determination that the provider meets all requirements for enrollment.

Comment: A few commenters requested additional information regarding the process that should be used by State Medicaid agencies to notify CMS that imposition of a temporary moratorium would adversely impact beneficiaries' access to medical assistance, including the documentation that will be required and the standards CMS will use for its review.

Response: We believe that additional information regarding the operational processes that should be used by States regarding temporary moratorium are more appropriately addressed in subregulatory guidance. We will be issuing subregulatory guidance to assist States with the operational impact of implementing this provision in the near future.

Comment: Regarding State “identification” of providers with a “significant potential for fraud, waste or abuse,” one commenter asked that documentation of the significant risk be required, as well as a description of the rationale used to arrive at numerical caps or other limits on enrollment of that provider type.

Response: Consistent with section 1902(kk)(4)(B) of the Act, when a State Medicaid agency identifies a category of providers that is high risk by State standards, the State must seek our concurrence with that designation prior to imposing any type of moratorium, numerical cap or other limit on the enrollment of these providers. We will expect the State to provide rationale and justification for assigning providers to the high screening level when seeking our concurrence. We will be issuing subregulatory guidance to assist States with the operational aspect of implementing this provision in the near future. We agree a temporary enrollment moratorium should be imposed only with adequate rationale. A temporary enrollment moratorium on any category of provider that a State identifies as posing a significant potential for fraud, waste, or abuse, should be supported by adequate rationale to justify the imposition of a temporary moratorium, numerical caps or other limits on enrollment of that provider type.

Comment: One commenter requested that CMS add an exception where the State has other measures in place that adequately control for the potential fraud, waste, and abuse that is the basis for the proposed moratorium.Start Printed Page 5928

Response: The ACA does not allow us to grant such an exception to States even when the State has other fraud controls in place. Additionally, we believe this additional program integrity safeguard is necessary to prevent loss to Medicare, Medicaid and CHIP programs when existing safeguards have not prevented an emergent trend in fraudulent, wasteful, or abusive practices. We believe the authority to impose temporary enrollment moratorium when appropriate will be a useful tool for both CMS and the States.

Comment: Several commenters requested clarification regarding whether this requirement applies to Medicaid managed care. These commenters specifically asked CMS to provide an explicit exception to temporary moratoria for Medicaid managed care entities so to ensure that the adequacy of these plans' provider networks is not compromised and in turn, impede beneficiary access to care.

Response: As stated previously, this provision does not apply to Medicaid managed care entities. Medicaid risk based managed care is subject to contracts between States and the managed care entities, and the States rely upon those contracts to ensure that Medicaid beneficiaries have access to providers and a choice of networks within the managed care programs the State maintains. We would not impose moratoria on managed care programs that could restrict the ability of States to ensure beneficiary access and choice.

Comment: One commenter requested the development of a process for an individual provider exemption from a moratorium or, in the alternative, the establishment of a more focused process for imposing any necessary moratoria.

Response: As mentioned previously, we will take action to impose a temporary moratorium only if justified. Accordingly, the decision to impose a temporary enrollment moratorium will be based on the potential risk of fraud, waste or abuse in the Medicare or Medicaid programs.

Comment: A commenter stated that CMS, should it proceed with this proposed rule, must introduce much better controls to limit over-reaching and to assure providers due process rights. The commenter cited CMS's proposed ability to impose a temporary enrollment moratorium on potentially high risk providers and suppliers with no rights of judicial review of the agency's decision. The commenter stated that the absence of defined rights for orthotic and prosthetic suppliers in the proposed rule could, in some instances, appear to be a Federal “taking” without due process.

Response: As stated previously, we will provide a discussion of the factors for imposing a moratorium on a case by case basis when the notice of such a moratorium is published in the Federal Register. If a provider or supplier's billing privileges are denied due to the imposition of a temporary enrollment moratorium, the denial of billing privileges can be challenged administratively through the existing enrollment appeal procedures at 42 CFR part 498. Further, we disagree with the commenter's characterization of a temporary moratoria of newly-enrolling providers and suppliers as a Federal “taking.”

4. Final Temporary Moratoria on Enrollment of Medicare Providers and Suppliers, Medicaid and CHIP Provisions

This final rule with comment period finalizes the provision of the proposed rule in regards to the temporary enrollment moratoria with the following exceptions:

In § 424.570, we modified our proposal as follows:

  • Added language to clarify that we will fully assess the impact of a temporary enrollment moratorium would have on beneficiary access to services that will be subject to the temporary enrollment moratorium at § 424.570(a).
  • Added language that specifies we will announce any temporary enrollment moratorium in a notice in the Federal Register that will include the rational for the imposition of the moratorium, the particular provider or supplier type or the establishment of new practice locations of a particular type in a particular geographic area at § 424.570(a).
  • Added language to clarify that Medicare contractor will deny enrollment applications from a provider or supplier subject to a moratorium specified in paragraph (a) including providers and suppliers with pending enrollment applications, EXCEPT such applications that have been approved by the enrollment contractor before the imposition of a moratorium at § 424.530(a)(10).
  • Added language that adopts a public commenter's proposal that the Secretary may lift a temporary enrollment moratorium in the event of a public health emergency in the affected geographic area at § 424.570(d).
  • Added language that specifies we will publish notice of lifting the moratorium in the Federal Register at § 424.570(d).

D. Suspension of Payments

1. Medicare

a. Background

In section 6402(h) of the ACA, the Congress amended section 1862 of the Act by adding a new paragraph (o), under which the Secretary may suspend payments to a provider or supplier pending an investigation of a credible allegation of fraud unless the Secretary determines that there is good cause not to suspend payments. This section requires that the Secretary consult with the HHS OIG in determining whether there is a credible allegation of fraud against a provider or supplier. For purposes of this Medicare payment suspension regulation, we will refer to providers and suppliers collectively as “providers”.

b. Previous Medicare Regulations

We have long been authorized to suspend payments in cases of suspected fraudulent activity. On December 2, 1996, we finalized regulations § 405.370 through § 405.379 that provides for suspension of payments to providers for several scenarios, including when we possess reliable information that fraud or willful misrepresentation exists. The rule provides that we may suspend payments to a provider in whole or in part based upon possession of reliable information that an overpayment or fraud or willful misrepresentation exists or that the payments to be made may not be correct, although additional evidence may be needed for a determination.

The existing rule provides that a suspension of payments is limited to 180 days, unless it meets one of several exceptions. A Medicare contractor may request a one-time only extension of the suspension period for up to 180 additional days if it is unable to complete its examination of the information that serves as the basis for the suspension. Also, OIG or a law enforcement agency may request a one-time only extension for up to 180 additional days to complete its investigation in cases of fraud and willful misrepresentation. The rule provides that these time limits do not apply if the case has been referred to and is being considered by the OIG for administrative action, such as civil monetary penalties. We may also grant an extension beyond the 180 additional days if DOJ requests that the suspension of payments be continued based on the ongoing investigation and anticipated filing of criminal or civil actions. The DOJ extension is limited to the amount Start Printed Page 5929of time needed to implement the criminal or civil proceedings.

c. Proposed Medicare Suspension of Payments Requirements

Section 6402(h) of the ACA requires that the Secretary consult with the OIG in determining whether there is a credible allegation of fraud against a provider. If a credible allegation of fraud exists, the Secretary may impose a suspension of payments pending an investigation of the allegations, unless the Secretary determines that there is good cause not to suspend payments. We proposed to revise § 405.370 to add a definition of what constitutes a “credible allegation of fraud,” to include an allegation from any source, including but not limited to fraud hotline complaints, claims data mining, patterns identified through provider audits, civil False Claims Act, and law enforcement investigations. Allegations are considered to be credible when they have indicia of reliability. Many issues related to this definition will need to be determined on a case-by-case basis by looking at all the factors, circumstances and issues at hand. We continue to believe that CMS or its contractors must review all allegations, facts, and information carefully and act judiciously on a case-by-case basis when contemplating a payment suspension, mindful of the impact that payment suspension may have upon a provider.

We received the following comments:

Comment: We received numerous comments suggesting that the proposed definition of “credible allegation of fraud” was ambiguous and fails to detail a precise evidentiary standard that CMS and OIG will employ in determining if a payment suspension is warranted. Commenters were also concerned that including fraud hotline complaints as a source of allegations would inevitably lead to disingenuous allegations from competitors and/or disgruntled former employees that would lead to unjustified payment suspensions.

Response: We did not intend to detail a precise evidentiary standard in this definition; rather we intended to give examples of the typical sources of allegations of fraud and explain that assessing the reliability of an allegation is a process that will occur on a case-by-case basis. CMS and OIG fully understand the need to act judiciously when corroborating information and investigating allegations of fraud, especially when the source of the allegation is an anonymous fraud hotline complaint. The statutorily required consultation between CMS and the OIG prior to implementing a payment suspension will provide ample opportunity for the credibility of an allegation to be assessed and for a preliminary investigation into the allegation of fraud to occur sufficient to meet a reasonable evidentiary standard.

We additionally proposed modifying the existing § 405.370 to add a definition for “resolution of an investigation.” The ACA provides for the suspension of payments pending the investigation of a credible allegation of fraud, and we believe that this provision necessitates defining when an investigation has concluded and the basis for the suspension of payments no longer exists. The definition proposed in the proposed rule and finalized here is that a resolution of an investigation occurs when legal action is terminated by settlement, judgment, or dismissal, or when the case is closed or dropped because of insufficient evidence. We solicited comments on an alternative definition of the term “resolution of an investigation” which is that it occurs when a legal action is initiated or the case is closed or dropped because of insufficient evidence to support the allegations of fraud. We did not receive any comments that specifically addressed a preference for either of these definitions.

We proposed modifying the existing § 405.371(a) to differentiate between suspensions based on either reliable information that an overpayment exists or that payments to be made may not be correct, and suspensions based upon a credible allegation of fraud. As required by the ACA, we proposed in this section that CMS or its contractor must consult with the OIG, and as appropriate, the Department of Justice (DOJ) in determining whether a credible allegation of fraud exists prior to suspending payments on the basis of alleged fraud.

We also proposed in accordance with the ACA that we retain discretion regarding whether or not to impose a suspension or continue a suspension, as there may be good cause not to suspend payments or not to continue to suspend payments to providers or suppliers in certain circumstances. We proposed to add a new § 405.371(b) to describe circumstances that may qualify as good cause not to suspend payments or not to continue to suspend payments despite credible allegations of fraud.

In paragraph (b)(1), we proposed a good cause exception based upon specific requests by law enforcement that CMS not suspend payments. There are numerous reasons for which law enforcement personnel might make such a request, including that imposing a payment suspension might alert a potential perpetrator to an investigation at an inopportune or particularly sensitive time, jeopardize an undercover investigation, or potentially expose whistleblowers or confidential sources.

In paragraph (b)(2), we proposed a good cause exception not to suspend payments if we determine that beneficiary access to necessary items or services may be jeopardized. We envision there may be scenarios in which a payment suspension to a provider might jeopardize a provider's ability to continue rendering services to Medicare beneficiaries whose access to items or services would be so jeopardized as to cause a danger to life or health.

In paragraph (b)(3) of the proposed rule, we proposed a good cause exception not to suspend payments if CMS determines that other available remedies implemented by or on behalf of CMS more effectively or quickly protect Medicare funds than would implementing a payment suspension. For example, law enforcement personnel might request that a court immediately enjoin potentially unlawful conduct or prevent the withdrawal, removal, transfer, disposal, or dissipation of assets, either or both of which might protect Medicare funds more fully or quickly than would imposition of a payment suspension.

More generally, in paragraph (b)(4) of the proposed rule, we proposed a good cause exception based upon a determination by us that a payment suspension or continuation of a payment suspension is not in the best interests of the Medicare program. We further proposed that we will conduct an evaluation of whether there is good cause not to continue a suspension every 180 days after the initiation of a suspension based on credible allegations of fraud. We believe that circumstances surrounding a specific case may change as an investigation progresses, and it may become in the best of interests of the Medicare program to terminate a payment suspension prior to the resolution of an investigation. As part of this ongoing evaluation, we will request a certification from the OIG or other law enforcement agency as to whether that agency continues to investigate the matter.

We considered additional specific circumstances and scenarios that may qualify as good cause not to continue a payment suspension prior to the resolution of an investigation, and solicited comments on this approach. For example, one scenario that we considered as additional good cause not to continue a suspension is when a Start Printed Page 5930suspension has been in place for a specific length of time, such as 2 years or 3 years, and the investigation has not been resolved. We anticipated that on a case by case basis, we would evaluate the status of a particular investigation and the nature of the alleged fraud in determining whether keeping a payment suspension in effect beyond a certain length of time may not be in the best interests of the Medicare program. We chose not to propose specific language on duration in the regulatory text. However, we solicited comment on this approach.

Comment: Numerous commenters supported an additional good cause exception not to continue a payment suspension when the accompanying investigation continued beyond a certain length of time. Several commenters supported this exception, however most believe that 2 years or 3 years was much too long for a suspension to be in effect and the length of time associated with this good cause exception should be much shorter.

Response: We agree with the commenters who support the additional good cause exception not to continue a payment suspension when an investigation has continued beyond a certain length of time, in certain cases. We believe that 18 months is the appropriate timeframe for a good cause-based exception beyond which a payment suspension ought not continue except under certain limited circumstances. Therefore, good cause not to continue a payment suspension beyond 18 months shall be deemed to exist unless one of two specific criteria is met. The first of these criteria is if the case has been referred to, and is being considered by, the OIG for administrative action (for example, civil money penalties) or such administrative action is pending. The second of these criteria is if the Department of Justice submits a written request to CMS that the suspension of payments be continued based on the ongoing investigation and anticipated filing of criminal and/or civil actions or based on a pending criminal and/or civil action. We are adopting these two law enforcement specific scenarios that will serve as the criteria for extending a payment suspension beyond 18 months and are based upon the longstanding criteria for extending suspensions found in the Medicare payment suspension regulations.

We proposed modifying the existing § 405.372 to reflect the changes made in § 405.371 which divides the payment suspension authority into situations involving overpayments and situations involving allegations of fraud. In § 405.372(c) we clarify the subsequent action requirements to distinguish between suspensions based on credible allegations of fraud and those that are based on other factors, such as overpayments. For suspensions that are not based on credible allegations of fraud, CMS and its contractors will continue to take timely action to obtain additional information needed to make an overpayment determination and make all reasonable efforts to expedite the determination. Once the determination is made, notice of the determination will be given to the provider or supplier and the payment suspension will be terminated. If the payment suspension is based on credible allegations of fraud, CMS and its contractors will take subsequent action to determine if an overpayment exists or if the payments may be made, however the termination of the suspension and the issuance of a final determination notice to the provider or supplier may be delayed until resolution of the investigation. At the end of the fraud investigation, it is possible that the Medicare contractor will not have completed its overpayment determination, but will have reliable evidence of an overpayment or will have evidence that the payments to be made may not be correct. This typically occurs when a law enforcement investigation results in civil or criminal resolution prior to the Medicare contractor having had sufficient time to complete its overpayment determination. In such a situation, we would allow the suspension to continue as an overpayment suspension.

We proposed modifying the existing § 405.372(d) concerning the duration of suspension of payment. In § 405.372(d)(3) we except suspensions based on credible allegations of fraud from the established time limits specified in paragraphs (d)(1) and (d)(2). We believe the strict time constraints found in paragraphs (d)(1) and (d)(2) should only be applied to suspensions based on reliable information of an overpayment or where payments to be made may not be correct, both of which require a speedy overpayment determination. When credible allegations of fraud are present, we believe we should have the flexibility to maintain a suspension beyond these established time limits in order for an investigation to be completed or the matter to be resolved. However, we noted that by excepting suspensions based on credible allegations of fraud from these previously established timeframes, we do not intend to suspend payments to providers and suppliers indefinitely. We will be actively evaluating the progress of any investigation to determine if good cause exists to no longer continue the suspension of payments, as suspensions are designed to be a temporary measure. As part of this recurring evaluation, we will request a certification from the OIG or other law enforcement agency that the matter continues to be under investigation.

We also proposed eliminating the two other existing scenarios in paragraph (d)(3) for extending payment suspensions beyond the time limits in paragraphs (d)(1) and (d)(2), which are when the OIG is considering administrative action such as civil monetary penalties and also when the DOJ requests an extension based on an ongoing investigation and the anticipated filing of criminal and/or civil actions. We have removed these two scenarios from the existing duration provisions in § 405.372(d), however we have added similar criteria for extending suspensions to the good cause criteria at § 405.371 (b)(3), based on these law enforcement scenarios.

Comment: We received numerous comments raising concern over the perceived lack of due process afforded to the provider community in this proposed rule and numerous comments suggesting that more attention needs to be paid to establishing clear criteria for suspensions and basic due process rights before implementing this provision. Commenters also pointed out that the ACA does not mandate a deadline for implementing this policy and commenters recommend we withdraw the suspension provision from the final rule with comment period and work to develop defined standards with meaningful due process protections.

Response: We believe that the proposed rule affords providers who have had their payments suspended based on credible allegations of fraud ample opportunity to submit information to us in the established rebuttal statement process to demonstrate their case for why a suspension is unjustified. We believe that the criteria for suspension of payments are clear. We reiterate that this authority will be exercised judiciously by CMS, in consultation with the OIG, and that only in the most egregious cases will payment suspensions last longer than the previously established timeframes for payment suspensions. We will not withdraw the suspension provision from the final rule with comment period as we believe the due process Start Printed Page 5931protections are more than adequate and the evidentiary standards for payment suspensions cannot be more precisely defined.

Comment: A commenter suggested that the proposed rule lacks specificity around the required consultation between CMS and the OIG and the DOJ and asked which entity ultimately decides whether an allegation is credible and whether a unanimous determination is required.

Response: We retain the ultimate authority regarding whether or not a payment suspension will be implemented in a given case. The mechanics of the consultation between CMS and our law enforcement partners to determine the credibility of allegations will be detailed in a Memorandum of Understanding between the respective agencies and we do not believe it is appropriate to detail this process in the final rule with comment period.

Comment: A commenter questions why there is no defined time requirement for CMS to provide written notice of a suspension that was imposed without prior notice, similar to the time limits required of States in the Medicaid payment suspension rule.

Response: The Medicare and Medicaid payment suspension rules need not mirror each other in every respect. We have long suspended payments without prior notice to providers in cases of suspected fraud and have an established track record for providing written notice to providers as soon as is practicable after implementing a suspension. We do not believe it is necessary to impose a strictly defined time period for providing notice to providers who were suspended without prior notice based on credible allegations of fraud, and we do not believe that a 30, 60, or 90 day limit is necessary as in nearly all historical cases we have provided notice to providers well within these suggested time limits.

Comment: One commenter expressed concern over CMS treatment of payment suspensions in the cases of overpayments without credible allegations of fraud and pointed out that there are a multitude of scenarios under which physicians might be overpaid due to inadvertent billing errors or Medicare contractor claims processing errors that are no fault of the provider.

Response: We believe that we must retain the ability to suspend payments in both cases of potential fraud and cases that do not involve potential fraud but are based solely on potential overpayments. We have long had the authority to suspend payments without evidence of fraud but historically have not often used the suspension tool in these cases. We will determine on a case-by-case basis whether a suspension of payments is appropriate in cases that do not involve fraud, and factors such as Medicare contractor claims processing errors and provider billing history are certainly considered.

Comment: One commenter requested that CMS provide clarification on whether the proposed rule's suspension provisions apply to the Medicare Part D program and suggested that the proposed rule seems to conflict with legislation and CMS promulgated rules regarding prompt payment of Medicare Part D claims.

Response: The Medicare payment suspension authority is applicable to providers under both the Part A and Part B programs. Separate authorities are available to address potential fraud by plans participating in the Part C and D programs.

Comment: One commenter believes that Federally Qualified Health Centers (FQHCs) should be exempted from the potential application of the suspension of payments because payment to FQHCs is premised on reimbursement of reasonable costs and FQHCs are subject to an annual reconciliation process under which surplus payments in excess of reasonable Medicare costs are returned to the CMS contractor.

Response: All providers in Medicare Part A and Part B are subject to the payment suspension provisions, regardless of the method of reimbursement. The annual reconciliation process under which surplus payments are returned does not necessarily account for credible allegations of fraud and we reserve the right to impose a payment suspension on any provider for whom there is a credible allegation of fraud.

We are adopting the provisions of the proposed rule, with one exception. In § 405.371(b)(3), we state that good cause shall be deemed to exist to not continue to suspend payments if a payment suspension has been in effect for a period of 18 months unless certain conditions are met.

2. Medicaid

a. Background

In section 6402(h) of the ACA, the Congress amended section 1903(i)(2) of the Act to provide that Federal Financial Participation (FFP) in the Medicaid program shall not be made with respect to any amount expended for items or services (other than an emergency item or service, not including items or services furnished in an emergency room of a hospital) furnished by an individual or entity to whom a State has failed to suspend payments under the plan during any period when there is pending an investigation of a credible allegation of fraud against the individual or entity as determined by the State in accordance with these regulations, unless the State determines in accordance with these regulations that good cause exists not to suspend such payments.

b. Previous Medicaid Regulations

State Medicaid agencies have long been authorized to withhold payments in cases of fraud or willful misrepresentation. On December 28, 1987, DHHS finalized regulations at § 455.23 that they described as specifically encouraging State Medicaid agencies to withhold program payments to providers without first granting administrative review where the State agency has reliable evidence of fraudulent activity by the provider. The regulations were issued by the HHS OIG based on a concern that State administrative hearings could interfere with investigations conducted by HHS OIG's Office of Investigations or by the State's Medicaid fraud control unit (MFCU). The requirements of an administrative hearing could jeopardize criminal cases and investigators were reluctant to agree to a State's withholding payment, thus risking additional overpayments. (See the December 28, 1987 final rule (52 FR 48814)). The December 28, 1987 final rule remains in effect and has remained unchanged since it was promulgated.

At the time the rule was proposed, the Department was in the process of reorganizing its fraud and abuse regulations to reflect authorities transferred to HHS OIG in 1983, as well as those retained by CMS. HHS OIG authorities were transferred to a new 42 CFR chapter V, while CMS' Medicaid program integrity authorities were retained at 42 CFR part 455. (See the September 30, 1986 final rule (51 FR 34764)).

This current rule provides that a State Medicaid agency may withhold payments to a provider in whole or in part based upon receipt of reliable evidence that the need for withholding payments involves fraud or willful misrepresentation under the Medicaid program. At the time this rule was published, commenters questioned what constituted “reliable evidence of fraud.” The HHS OIG declined to provide a specific definition, noting that what constitutes “reliable evidence” is not easily and readily definable. The HHS OIG noted that while the existence of an Start Printed Page 5932ongoing criminal or civil investigation against a provider may be a factor in determining whether reliable evidence exists, that reliable evidence should be determined on a case-by-case basis with the State agency looking at all the factors, circumstances, and issues at hand, and acting judiciously on this information.

The 1987 regulations also permitted payments to be suspended in whole or in part. Commenters had suggested that “clean claims” continue to be processed without delay, and that any withholding ought to be targeted to only the type of Medicaid claims under investigation. The HHS OIG responded that it is usually difficult to determine which claims are “clean” until after an investigation has been completed, but noted that where an investigation is solely and definitively centered upon a specific type of claim that a State could, at its discretion, withhold payments on just those types of claims. The HHS OIG also agreed to commenters' requests to clarify that the withholding provisions apply only to alleged fraud or willful misrepresentation related to improperly received Medicaid payments and not to ancillary unrelated matters such as deceptive advertising.

c. Proposed Medicaid Suspension of Payments Requirements

The current regulation at § 455.23 formed the framework for these final regulations. State Medicaid agencies have long had the authority to withhold payments in cases of alleged fraud or willful misrepresentation. Section 6402(h)(2) of the ACA now mandates that States not receive FFP in cases where they fail to suspend Medicaid payments during any period when there is pending an investigation of a credible allegation of fraud against an individual or entity as determined by the State in accordance with these proposed regulations unless the State determines that good cause exists for a State not to suspend such payments. To conform the existing regulation to the terminology of the ACA, we proposed to change the phrase “withhold payments” to “suspend payments,” a change we believe is merely semantic.

We proposed to implement section 6402(h)(2) of the ACA by modifying the existing § 455.23(a) to make payment suspensions mandatory where an investigation of a credible allegation of fraud under the Medicaid program exists. Based on the ACA's use of just the term “fraud,” we did not propose to retain the existing term “willful misrepresentation.” We believe that fraud encompasses willful misrepresentation as well as other acts that may constitute civil or criminal fraud; thus we do not believe this proposal represents a substantive change nor do we intend it to have a substantive effect insofar as reducing or limiting a State's authority to suspend Medicaid payments. We solicited comments on this approach.

To conform the proposed regulation to the requirements of the ACA, we proposed to modify terminology in the existing § 455.23(a) that now refers to “receipt of reliable evidence” to instead refer to a “pending investigation of a credible allegation of fraud.” In contrast to the semantic change from “withhold payments” to “suspend payments,” in this case we believe that there is a substantive difference between the threshold level of certainty or proof necessary to identify a “credible allegation” versus the heightened requirement of “reliable evidence” in the current regulation.

We do not believe that the phrase “when there is pending an investigation of a credible allegation of fraud” necessarily demands that an investigation originate in or with a law enforcement agency. Rather, State Medicaid agencies have program integrity units that, in the normal course of business, receive, and conduct investigations based upon, tips alleging fraud, and which also conduct proactive investigations based upon internal data analyses and other fraud detection techniques. We believe that State agency investigations, though they may be preliminary in the sense that they lead to a referral to a law enforcement agency for continued investigation, are adequate vehicles by which it may be determined that a credible allegation of fraud exists sufficient to trigger a payment suspension to protect Medicaid funds.

This threshold by which a State agency investigation may give rise to a payment suspension is a somewhat lesser threshold than that in the current regulation. The preamble to the current regulation specified that it was anticipated the State agency would confer with, and receive the concurrence of, investigative or prosecuting authorities prior to imposing a withholding action. However, that preamble also stated that it was establishing mere minimum requirements, and that States could exercise broader power where State law or regulation so provided. Most States have availed themselves of the existing Federal authority (or broader state authority) to withhold payments, and we believe that experience over the past 20 years offers no indication this authority has been misused against providers. Moreover, we believe this proposed threshold is consistent with the phrase “pending investigation of a credible allegation of fraud” of the ACA. We do anticipate that payment suspension authority will be used more frequently because the ACA dictates that where there is a pending investigation of credible allegations of fraud against a provider, a State that fails to suspend payments to that provider will not receive FFP with respect to such payments unless good cause exists not to suspend them.

We proposed to adopt at § 455.2 the same broad definition of “credible allegation” proposed previously in the context of the Medicare program. In many cases, what constitutes a “credible allegation” must be determined on a case-by-case basis with the State agency looking at all the factors, circumstances, and issues at hand. Guided by the experience of more than 20 years, we are aware that States have been able to identify “reliable evidence” through a variety of means including, but not limited to, fraud hotline complaints, Medicaid claims data mining, and patterns identified through provider audits, along with the appropriate level of additional investigation that accompanies each of these. Moreover, States have received referrals from State MFCUs, other law enforcement agencies, and other State benefits program investigative units. We continue to believe that State agencies must review all allegations, facts, and evidence carefully and act judiciously on a case-by-case basis when contemplating a payment suspension, mindful of the impact that payment suspension may have upon a provider.

We proposed at § 455.23(b) that the State agency notify a provider of a payment suspension in a way very similar to the mechanism currently specified in regulation, by which the State agency is required to notify a provider, specifying certain details, within 5 days of taking such action. However, we did propose to provide for a 30-day period, renewable in writing up to twice for a total not to exceed 90 days, by which law enforcement may, in writing, request the State agency to delay notification to a provider. We proposed this because we believe that occasionally an investigation may be at a sensitive stage, perhaps involving undercover personnel or a confidential informant, where required notification to the provider at a particular time might jeopardize the investigation. We do not believe we should extend the delay notification beyond 90 days out of fairness to a provider and, in any event, a provider deriving any significant Start Printed Page 5933revenue stream from Medicaid is likely to itself discern the fact of a payment suspension well in advance of 90 days.

We proposed only minor changes to the current provisions in § 455.23(c) on the duration of a suspension. To comport with the ACA, we change the term “withholding” to “suspension”; this is a semantic change that, as noted previously, has been made throughout. In the new § 455.23(c)(2), we propose to require a State to notify a provider of the termination of a payment suspension and, where applicable, to specify the availability to a provider of any appeal rights under State law and regulation.

Substantively, we did not propose significant change to the existing duration provisions, which specify that withholding (now, suspension) will be temporary and will not continue after: (1) Authorities discern that there is insufficient evidence of fraud upon which to base a legal action; or (2) legal proceedings related to the alleged fraud are completed.

We believe that maintaining the existing duration provisions is consistent with the ACA that requires that FFP not be made when a State fails to suspend payments “during any period when there is pending an investigation of a credible allegation of fraud against an individual or entity.” We further recognized that the Act applies a very similar standard to the Medicare program. We solicited comments on our proposal to maintain the existing duration provisions.

In § 455.23(d) of the proposed rule, we proposed to require a State to make a formal, written suspected fraud referral to its MFCU or, where a State does not have a MFCU to an appropriate law enforcement agency, for each instance of payment suspension as the result of a State agency's preliminary investigation of a credible allegation of fraud. This will ensure that an appropriate full investigation by a law enforcement agency timely ensues. If the MFCU or other law enforcement agency declines to accept the referral, we proposed to require the State to immediately release the payment suspension unless the State refers the matter to another law enforcement entity or unless the State has alternative Federal or State authority by which it may impose a suspension. In the latter case, the requirements of that alternative authority, including any notice and due process or other safeguards, will be applicable.

We proposed to require that a State's formal, written suspected fraud referral meets fraud referral performance standards issued by the Secretary. The currently applicable fraud referral performance standards were issued by CMS on September 30, 2008.

In § 455.23(d)(3), we proposed that on a quarterly basis a State must request a certification from the MFCU or other law enforcement agency that any matter accepted on the basis of a referral continues to be under investigation or in the course of enforcement proceedings warranting continuation of the payment suspension. We recognized that due to various constraints, law enforcement agencies may not be able to provide specific updates on matters under investigation. In recognition of the fact that payment suspensions are only temporary, however, we proposed to require such quarterly certifications to ensure, for example, that a suspension will not be continued long after a law enforcement agency has closed an investigation but neglected to alert a State agency of that fact. To maximize State flexibility to implement this requirement, we are not prescribing the precise format such certifications must take.

Consistent with the new ACA provision, we also proposed to create several “good cause” exceptions by which States may determine good cause exists not to suspend payments or to suspend payments only in part. In new § 455.23(e) we included several circumstances that we believe constitute “good cause” for a State to determine not to suspend payments, or not to continue a payment suspension previously imposed, to an individual or entity despite a pending investigation of a credible allegation of fraud. In § 455.23(e)(1), we proposed a good cause exception based upon specific requests by law enforcement that State officials not suspend (or continue to suspend) payment. There are numerous reasons for which law enforcement personnel might make such a request, including that imposing a payment suspension might alert a potential perpetrator to an investigation at an inopportune or particularly sensitive time, jeopardize an undercover investigation, or potentially expose whistleblowers or confidential sources.

In § 455.23(e)(2), we proposed a good cause exception if a State determines that other available remedies implemented by the State could more effectively or quickly protect Medicaid funds than would implementing (or continuing) a payment suspension. For example, law enforcement personnel might request that a court immediately enjoin potentially unlawful conduct or prevent the withdrawal, removal, transfer, disposal, or dissipation of assets, either or both of which might protect Medicaid funds more fully or quickly than would imposition of a payment suspension.

Paragraph (e)(3) proposed a good cause exception based upon a determination by the State agency that a payment suspension is not in the best interests of the Medicaid program. It is conceivable that a State may, in rare situations, face exigent circumstances with respect to a suspension situation not addressed by the other good cause exceptions specified here but where it otherwise determines suspension would not be in the State Medicaid program's best interests. This broad standard is intended to reflect that payment suspension is a very serious action that can potentially lead to dire consequences, but that it is impossible to specify detailed contingencies with respect to every possible scenario that might arise. We did not anticipate that States will frequently make use of this exception; however where this exception is utilized we do require that States document their use of this exception, and will closely monitor its implementation to determine whether further regulation is necessary. We solicited comments on this approach.

In paragraph (e)(4), we proposed a good cause exception based upon a determination by the State of an adverse effect of the suspension on beneficiary access to necessary items or services. We envision there may be scenarios in which a payment suspension to a provider might jeopardize a provider's ability to continue rendering services to Medicaid beneficiaries, thus threatening Medicaid beneficiaries' access to care. Utilizing a standard identical to that which CMS and the HHS OIG apply in assessing requests for waivers of exclusion at Parts 402 and 1001 of Title 42, for example, we posit one basis for a good cause exception from payment suspension is if a provider under investigation is a sole community physician or the sole source of specialized services available in a community. Likewise, in Federally-designated medically underserved areas the potential impact of a payment suspension upon a large provider might equally threaten recipient access, thus this underlies a second access exception. We welcomed comments on this approach, including comments with respect to other metrics by which to assess potential beneficiary jeopardy in terms of access to necessary items or services.

Finally, in paragraph (e)(5) we proposed a good cause exception that would permit (but not require) a State to discontinue an existing suspension to the extent law enforcement declines to cooperate in certifying under the Start Printed Page 5934requirements of paragraph (d)(3) that a matter continues to be under investigation and therefore warrants continuing the suspension.

We do not interpret the new provision in the ACA as mandating that a State must always suspend all payments to a provider in cases of an investigation of a credible allegation of fraud. In general, we continue to believe a payment suspension should apply to all of a provider's claims consistent with the HHS OIG's responses to comments in the 1987 regulations that it is usually difficult to determine which claims are clean claims until after an investigation is completed, and one purpose of payment suspension is to build a type of escrow account out of which any overpayments can be deducted when an investigation is concluded.

With certain new constraints, however, we have chosen to continue to allow States the flexibility to suspend payments in part. For example, as stated in the preamble to the current regulation, there may be times where an investigation is solely and definitively centered on only a specific type of claim in which case a State may determine it is appropriate to impose a payment suspension on only that type of claim. Likewise, a State might determine that an investigation of a credible allegation of fraud is limited to a particular business unit or component of a provider such that a suspension need not apply to certain business units or components of a provider.

Balancing these approaches, we proposed to allow States to implement a partial payment suspension, or, where appropriate, to convert a previously imposed full payment suspension to a partial payment suspension, if justified via a good cause exception. The good cause exceptions for partial suspension at paragraphs (f)(1) and (2) mirror those at paragraphs (e)(4) and (3), respectively, and allow the State to adopt a partial payment suspension where suspension in whole would so jeopardize a recipient's access to items or services as to endanger the recipient's life or health, or where the State deems it in the best interests of the Medicaid program. At paragraph (f)(3), we proposed that a State may avail itself of the good cause exception to suspend payments only in part if the nature of the credible allegation is focused solely and definitively on only a specific type of claim or arises from only a specific business unit of a provider, and the State determines and documents in writing that a payment suspension in part would effectively ensure that potentially fraudulent claims were not continuing to be paid. Many such cases will still demand suspension in full, but this provision, which we anticipate States would exercise sparingly, gives States flexibility to act otherwise in those limited circumstances where appropriate. Finally, at paragraph (f)(4), we proposed that a State may avail itself of the good cause exception to convert a payment suspension in whole to one only in part to the extent law enforcement declines to cooperate in certifying under the requirements of paragraph (d)(3) that a matter continues to be under investigation. We solicited comment on these proposed approaches.

We proposed in new paragraph (g) to add several reporting and document retention guidelines to § 455.23. Payment suspension authority is critically important to protect Medicaid funds, but payment suspension can have dire consequences to a provider. Payment suspension authority, including a State's exercise of a good cause exception to otherwise address a suspension situation, must be exercised responsibly by a State at all stages, from the inception to the termination of the suspension. Through, among other things, our State Program Integrity Reviews, we expect to maintain close oversight of State utilization of suspension authority. However, to be clear, we expressly and explicitly do not expect State compliance (or noncompliance) with these documentation or retention provisions to give rise to any enforceable right of a provider aggrieved by any real or perceived failures with respect to these requirements to seek any form of redress (administratively, judicially, or otherwise).

Under these final reporting and retention guidelines, States are required to maintain for a minimum of 5 years from the date of issuance all materials documenting the life cycle of a payment suspension that is imposed, including: (1) All notices of suspension of payment in whole or part; (2) all fraud referrals to MFCUs or other law enforcement agencies; (3) all quarterly certifications by law enforcement that a matter continues to be under investigation; and (4) all notices documenting the termination of a suspension. Likewise, we proposed to require States to maintain for the same period all documentation justifying the exercise of the good cause exceptions. Finally, we proposed to require States to annually report to the Secretary information regarding the life cycle of each payment suspension imposed and any determinations to exercise the good cause exceptions not to suspend payment, to suspend payment only in part, or to discontinue a payment suspension.

To effectuate section 6402(h)(2) of the ACA's prohibition on expenditure of FFP where a State fails to suspend payments that should, by virtue of the ACA standard and this proposed rule, have been suspended, we proposed to add a new § 447.90. Paragraph (a) of proposed § 447.90 specifies the basis and purpose for the new provision, while paragraph (b) specifies the general rule that FFP would not be available with respect to items or services furnished by an individual or entity to whom the State has failed to suspend Medicaid payments during any period where there is pending an investigation of a credible allegation of fraud against the individual or entity except in specified circumstances that include certain emergency circumstances, or if good cause exists as specified at § 455.23(e) or (f).

As mentioned, we anticipate that CMS' enforcement and monitoring of these provisions will largely be accomplished through measures such as State Program Integrity reviews conducted by CMS. Such reviews will, among other things, evaluate States' complaint intake and investigation efforts, and assess whether States have an effective process to move matters where there are found to be credible allegations of fraud to the point where they are evaluated for payment suspension. However, we do not believe it is viable to require States to report and document to CMS every instance of where any allegation of fraud arises and further qualify which ones rise to the level of credible allegation. We want to foster effective and efficient State program integrity efforts with respect to which payment suspension is an integral component, but we do not want to create a system so procedurally onerous that it overwhelms a State's ability to substantively perform this critical work. Nevertheless, we will thoroughly investigate and act by, among other things, deferring and/or disallowing FFP in accordance with § 430.40 and § 430.42, if program integrity reviews or other methods of ensuring State compliance with Medicaid program requirements reveal a State is failing to suspend payments (or inappropriately applying a good cause exception) where pending investigations of credible allegations of fraud do exist. A State may not claim (on its Form CMS-64) FFP for payments that are suspended. Any State that does not suspend payments, or that suspends payments but continues to claim FFP with respect to what would have been paid had no suspension been in place, Start Printed Page 5935puts that FFP at risk. In such cases, we would pursue a deferral and/or disallowance to reclaim the Federal portion of such payment. We solicited comments on CMS' proposed oversight approach.

Finally, three provisions were proposed to be added to the regulations at § 1007.9 that specify the State MFCU's relationship to, and agreement with, the State Medicaid agency. These proposed revisions were necessary to effectuate the proposed revisions under § 455.23. The regulations at 42 CFR part 1007 are enforced by HHS OIG as part of its delegated authority to certify and fund the State MFCUs. (See August 15, 1979 final rule (44 FR 47811). However, we are including amendments to part 1007 here to ensure a comprehensive regulatory package that sets forth in one location the Department's implementation of the suspension provisions of section 6402(h) of the ACA.

The first of these provisions proposes to add a new paragraph (e) to § 1007.9 that specifies that the MFCU may refer to the State agency any provider against which there is pending an investigation of a credible allegation of fraud for purposes of payment suspension in accord with § 455.23. Allegations of potential fraud may first be identified by the MFCU rather than by the State agency, so this provision merely formalizes a path from the MFCU to the State agency so a payment suspension may be implemented where appropriate. This provision also proposed that any referral to the State agency for consideration of a payment suspension be in writing. The written referral need not be extensive, but must include information adequate to enable the State agency to identify the provider and a brief explanation of the credible allegations forming the grounds for the payment suspension. The second proposed addition to § 1007.9 proposed to add a new paragraph (f) providing that any request by the unit to the State agency to delay notification of suspension to a provider pursuant to the provisions of the proposed § 455.23(b)(1)(ii) come in writing. Requiring that such requests be made in writing (which could take the form of an email) provides for an audit trail to ensure that proper procedures are followed. However, we expressly do not intend for this requirement to create any substantive right upon which a provider might lodge objection or other legal challenge to the extent the proper procedures were not followed. Last, a new paragraph (g) was proposed to require the unit to notify the State agency in writing when it has accepted or declined a case referred by the State agency. Aside from also creating an audit trail, this proposed provision is important in that it would alert the State agency as to the status of a referral, which would shape how the State agency would handle a suspension under the proposed revisions to § 455.23.

We received the following comments:

Comment: Several commenters expressed concern regarding the definition of “credible allegation of fraud.” Specifically, several commenters requested that CMS provide an exact definition of “credible allegation of fraud” as well as specific standards and guidelines for providers to follow to make a determination regarding what is a credible allegation of fraud. One commenter suggested removing the word “fraud” from the term. Other commenters indicated that the definition of what is credible or reliable under the proposed rule is circular, that is, an allegation is credible if it has “indicia of reliability.” In addition, several commenters have suggested that the new evidentiary threshold is too low.

Response: The term “credible allegation of fraud” is a statutory term as reflected in section 6402(h) of the ACA. Accordingly, we do not have the authority to change the term. We have considered these comments but decline to provide a more exact definition, recognizing that different States may have different considerations in determining what may be a “credible allegation of fraud.” Accordingly, we believe that States should have the flexibility to determine what constitutes a “credible allegation of fraud” consistent with individual State law. We will neither seek to limit what States may determine qualifies as a “credible allegation of fraud” nor will we require States to consult with HHS in making such a determination.

Comment: One commenter suggested that CMS should update its policies and procedures and develop consistent and standard guidance to State Medicaid programs regarding the determination of credible allegations of fraud.

Response: We will review our current policies and procedures in light of the regulatory changes contained in this rule, and will provide updated guidance to States as necessary.

Comment: Several commenters expressed concern that the evidentiary standard is too low and urged CMS to retain the current standard, by which they suggested defining a “credible allegation of fraud” as “reliable information that fraud or willful misrepresentation exists” as a component of the basis for suspension of payments under § 455.23(a).

Response: In the proposed rule, we acknowledged that the proposed threshold for triggering a payment suspension is lower than what is contemplated in current regulations, but we also indicated that we believe this result is dictated by the ACA. However, in this final rule with comment period, we are amending the definition of “credible allegation of fraud” at § 455.2, which in the proposed rule read, in pertinent part, “[a]llegations are considered to be credible when they have indicia of reliability” to include the following: “and the State Medicaid agency has reviewed all allegations, facts, and evidence carefully and acts judiciously on a case-by-case basis.” Due to use of just the word “fraud” in section 6402(h)(2) of the ACA, we proposed to remove the term “willful misrepresentation” from existing regulation, though as we noted in the proposed rule, we take the position that “fraud” includes “willful misrepresentation.”

Comment: A few commenters suggested that the final regulation should include a requirement and a discussion to provide technical guidance to State Medicaid programs that clarifies the term “fraud” as a legal term and one that carries evidence of a willful intent to deceive.

Response: The definition of fraud, for purposes of Medicaid program integrity, is reflected in existing regulations at § 455.2 and reads as follows: “an intentional deception or misrepresentation made by a person with the knowledge that the deception could result in some unauthorized benefit to himself or some other person. It includes any act that constitutes fraud under applicable Federal or State law.” Medicaid fraud is addressed through, for example, civil remedies imposed under Federal and State false claims acts, as well as through criminal prosecutions.

Comment: Numerous commenters expressed concerns regarding the list of potential sources of credible allegations of fraud. Specifically, several commenters expressed concern about false reports of fraud that may be generated by competitors or disgruntled employees. In addition, there were numerous comments that expressed concern over allegations received through a fraud hotline and whether such allegations could be considered to be reliable. Another commenter suggested that anonymous hotlines should refer to State-operated Medicaid fraud hotlines as well as specify to Start Printed Page 5936whom or what entity the fraud hotline complaints are being made.

Response: First, we will not seek to limit the potential sources from which States may derive credible allegations of fraud. We provided examples of sources for States to consider and will clarify in the final regulation that we are not limiting such sources. We recognize that credible allegations may come from a variety of sources. Second, with respect to identifying fraud hotlines as a potential source of a credible allegation of fraud, we recognize that there may be irrelevant or false reports made through hotlines. Due to the potential for not just false allegations, but also the equal possibility of honest mistakes and the like, we encourage States to not solely rely on a singular allegation without considering the total facts and circumstances surrounding such allegations. In the proposed rule, we indicated that States “must review all allegations, facts, and evidence carefully and act judiciously on a case-by-case basis * * *”. As noted previously, we are including this language in the final rule with comment period in the definition of “credible allegation of fraud” at § 455.2. We take the position that States should have the flexibility to determine what they deem to be reliable sources for credible allegations of fraud. Finally, we will not identify which specific fraud hotlines States may use. We are aware that there may be a variety of hotlines. For example, States may have different components within their respective agencies that utilize hotlines or State law enforcement agencies may also utilize hotlines from which credible allegations may be generated. Accordingly, we will not seek to limit the type of hotline States use as sources for credible allegations of fraud.

Comment: Commenters indicated that discussions of investigations and credible allegations of fraud need to defer to State and Federal legal definitions of “fraud.” In addition, commenters suggested that existing Federal regulations indicate that investigating fraud is the responsibility of State Medicaid Fraud Control Units (MFCU). Accordingly, MFCUs should be the designated investigators of allegations of fraud.

Response: First, as noted previously, “fraud” is defined in existing regulations at § 455.2. Second, we disagree that only the MFCU may investigate allegations of fraud. While MFCUs clearly play a key role in investigating and prosecuting Medicaid fraud, most, if not all, States have program integrity units that, in the normal course of business, receive hotline and other tips about potential fraud, and conduct proactive investigations based upon internal data analyses and other fraud detection techniques. Program integrity units have the responsibility under existing Federal regulations at § 455.14 and § 455.15(a)(1) and the proposed regulation at § 455.23(d) of determining whether allegations constitute fraud, and if they do, referring the matter to the MFCU or an appropriate law enforcement agency for further investigations. Thus, we do not believe MFCUs are the sole investigators of fraud.

Comment: Several commenters requested that CMS clarify whether a finding of billing errors during an audit that are not related to allegations of fraud would trigger a payment suspension.

Response: Irrespective of the circumstances, absent pending investigations of credible allegations of fraud, payment suspensions would not be triggered under these regulations, although that does not preclude the possibility that a State may exercise its own broader suspension authority in other circumstances.

Comment: Several commenters requested clarification regarding whether States should determine the credibility of an allegation of fraud prior to initiating a suspension action.

Response: Due to the potential for not just false allegations, but also for good faith mistakes, misunderstandings, and misinterpretations regarding reports of alleged fraud as well as data analysis errors, we encourage States not to rely on any singular allegation or data run but rather States should review all allegations, facts, and data carefully and act judiciously on a case-by-case basis, mindful of the potential impact a payment suspension may have on a provider.

Comment: One commenter suggested that we include the term “abuse” as a basis for payment suspension and not limit such suspensions to investigations of “credible allegations of fraud.”

Response: We decline to add the term “abuse” to Federal regulations in the context of payment suspensions, as the phrase we have adopted, “credible allegation of fraud” has a statutory basis reflected in section 6402(h) of the ACA. As a practical matter, however, conduct that constitutes abuse as opposed to fraud (we note that both terms are defined at § 455.2) may be indistinguishable not just at the outset of an investigation but even through the course of an investigation and enforcement proceedings and may hinge on fine factual distinctions or legal points including knowledge and intent, and this regulation would not preclude the imposition of a suspension in such a circumstance so long as there is a credible allegation of fraud. Moreover, this regulation presents a floor for protection of Medicaid funds and does not bar a State from setting a higher bar allowing for imposition of suspensions in other circumstances.

Comment: One commenter expressed concern regarding Federal oversight and whether such oversight will amount to second-guessing a State's determination of what constitutes a credible allegation of fraud.

Response: We do not intend to second-guess State determinations regarding credible allegations of fraud. We intend to work collaboratively with States to prevent critical Medicaid funds. The purpose of Federal oversight is to ensure that States have effective processes in place in order to make determinations regarding credible allegations of fraud.

Comment: Several commenters expressed concern regarding the lack of a definition for the phrase “indicia of reliability” and requested CMS to provide one.

Response: We have considered the concerns of commenters, but decline in this final rule with comment period to define “indicia of reliability.” We recognize the possibility that there may be differing standards among States with respect to what may be considered “indicia of reliability,” but also, as we have noted several times in these responses, we expect States to gauge the credibility of allegations through a lens after reviewing all allegations, facts, data, and evidence carefully and that State action will be exercised judiciously on a case-by-case basis.

Comment: Several commenters want CMS to define “investigation” of a credible allegation of fraud. One commenter inquired whether a State may rely on its MFCU to determine if an allegation of fraud is credible. Other commenters suggested that the State and its investigators are in the best position to determine when credible allegations of fraud should lead to a payment suspension, such that CMS should rely on the judgment of these individuals in deciding whether to withhold FFP. Certain commenters also wanted to know if the process of determining whether an allegation of fraud is credible is sufficient to trigger a payment suspension.

Response: We recognize that the process to determine whether an allegation of fraud is credible may vary among States, and we defer to States—applying the principles of careful review and judicious action to which we refer several times in these responses Start Printed Page 5937and which we now include in the final rule with comment period—to determine whether an allegation or complaint rises to the level of a credible allegation of fraud. We do not want to limit a State's due diligence process or preliminary investigations with respect to its assessment of credibility. Nor do the proposed regulations specify or limit who, or what other agency, may assist the State agency with the investigation or validation of credible allegations of fraud. Nevertheless, if it is determined that an allegation is credible, a State must still submit a formal written referral to its MFCU irrespective of whether the MFCU assisted in validating an allegation's credibility. Finally, the mere fact of an investigation to assess the credibility of a fraud allegation is insufficient to trigger a payment suspension. Rather, a payment suspension is triggered when that there is, in fact, a pending investigation of a credible allegation of fraud. We will clarify this in the regulation.

Comment: One commenter suggested that the notice of suspension to providers should be sent by certified mail, set forth the specific (not general) allegations and inform the providers of the State's administrative review process and provide appropriate citation. Another commenter suggested revising the language in § 455.23(b)(2)(v) regarding notice of suspension to include information about any administrative appeal procedures that are available under State law. Other commenters suggested that notice be furnished to providers prior to the implementation of an adverse action such as payment suspensions. One commenter suggested giving States more discretion regarding when notices of suspension should be furnished to providers. One commenter in particular indicated that bi-weekly remittance advisories are issued to providers that would, in effect, disclose the State's actions.

Response: We believe that we should afford States the flexibility to determine the best method of delivery of notices of suspension so we decline to take an overly prescriptive approach in this regulation. However, we agree that a notice of suspension furnished to a provider should appropriately reference the general allegations upon which a suspension is based as well as any existing State appeals process. Accordingly, we will revise the proposed language to reflect the inclusion of State administrative appeal procedures in the notice of suspension to providers. We do not agree that providers should be given notice of a payment suspension prior to such action being taken. We recognize the sensitive nature of a fraud investigation which may be jeopardized by such notice, and expect that State agencies will act appropriately so as not to jeopardize any investigation.

Comment: Commenters suggested that if a provider or supplier who is subject to a payment suspension submits an acceptable written rebuttal statement as to why the suspension should be removed, then this should qualify as “good cause” as currently permitted under § 405.372(b). In other words, a rebuttal could establish a good cause exception to end a payment suspension. Several other commenters suggested that in cases of economic hardship, a provider should be able to submit evidence of this fact for consideration by the State in determining whether to terminate a payment suspension, and requested that CMS create an expedited review process. Commenters also suggested that the regulations should acknowledge the severe financial impact of a payment suspension and should limit the scope of the suspension to the services under review.

Response: We believe that the proposed regulation as written allows a State to account for a provider's rebuttal statement. Specifically, as proposed at § 455.23(e), States have the flexibility to make a determination that a payment suspension is not in the best interests of the Medicaid program. States also have the option to suspend payments only in part if there is good cause. Therefore, we do not believe that an additional good cause exception is necessary. Moreover, as the existing Medicaid suspension has for more than 20 years, we continue to defer to any State administrative (or judicial) review processes, and therefore decline to require States to adopt an expedited review process. Nevertheless, we are including new good cause exceptions in this final rule with comment period at § 455.23(e)(3) and (f)(2) to allow a State to terminate a whole payment suspension or impose a payment suspension only in part if a provider furnishes written evidence that persuades the State that a payment suspension should be terminated or imposed only in part. Furthermore, the preamble acknowledges and requests States to be mindful of the impact that suspensions may have upon providers.

Comment: One commenter inquired whether “good cause” is established if the items or services are furnished as an emergency.

Response: Section 1903(i)(2) of the Act provides for a limited exception for payment to be made with respect to emergency items or services, though not including items or services furnished in the emergency room of a hospital. We believe this statutory exception speaks for itself and we do not need to otherwise address or expand upon it in these regulations.

Comment: Commenters have suggested that the proposed “good cause” regulatory provisions should include the language contained in the preamble acknowledging that “reliable evidence should be determined on a case-by-case basis with the State agency looking at all the factors, circumstances, and issues at hand * * * ” (75 FR 58224).

Response: We disagree that this language belongs in the “good cause” regulatory provisions. Instead, we have revised the definition of “credible allegation of fraud” to reflect that States must carefully review all allegations, facts and evidence on a case-by-case basis. Accordingly, we do not see the need to include this language in the “good cause” regulatory provisions.

Comment: One commenter suggested that CMS consider placing the catchall of “not in the best interests of the Medicaid program” reflected in § 455.23(e)(3) and similarly the catchall reflected at subparagraph (f)(2) of “* * * payment suspension in part is in the best interests of the Medicaid program” at the end of the respective subparagraphs.

Response: We agree and will make such changes in the final regulation.

Comment: One of the good cause exceptions not to suspend payments to Medicaid providers is when “an individual or entity is the sole community physician or the sole source of essential specialized services in a community.” (emphasis added) One commenter suggested replacing “in a community” with “for a particular beneficiary population.”

Response: We disagree. We are concerned about negatively impacting beneficiary access to care so this exception does not turn on whether a provider serves a particular beneficiary population, but on whether a beneficiary's access to necessary care is impeded. Thus, the good cause exception may be applied when a beneficiary's access to care is jeopardized because he/she cannot obtain necessary services from a particular provider type.

Comment: Several commenters questioned whether the requirements of this section would apply to Medicaid managed care, including whether the term “provider” includes managed care entities, whether managed care capitation payments are included in suspensions when an individual network provider is under investigation; Start Printed Page 5938and what would be the process for notifying a managed care entity of a credible allegation of fraud.

Response: The rules governing payment suspensions based upon pending investigations of credible allegations of fraud apply to Medicaid managed care entities. If there is a pending investigation of a credible allegation of fraud against a Medicaid managed care organization (MCO), prepaid inpatient health plan (PIHP), prepaid ambulatory health plan (PAHP), or health insuring organization (HIO) at the plan level, the State should address the issue either through imposing a payment suspension or through other authorities that may be available to them under State law or as part of the State's negotiated agreement with the Medicaid MCO, PIHP, PAHP, or HIO. The same would hold true for pending investigations of credible allegations of fraud regarding individual network providers. Managed care capitation payments may be included in a suspension when an individual network provider is under investigation based upon credible allegations of fraud, depending on the allegations at issue. We would expect the process regarding the notice of suspension to a Medicaid MCO, PIHP, PAHP, or HIO to follow the criteria as outlined in this final rule with comment period.

Comment: Some commenters requested clarification regarding whether FFP extends to managed care entities' capitation payment.

Response: FFP extends to Medicaid MCOs', PIHPs', PAHPs', and HIOs' capitation payments. Accordingly, if a State fails to suspend payments to such an entity for which there is a pending investigation of a credible allegation of fraud, without good cause, FFP may be disallowed with regard to such payments to the managed care entity.

Comment: Several commenters requested that CMS clarify whether interest accrued on suspended payments to providers is eligible for FFP.

Response: FFP is not available for interest accrued on suspended payments to providers.

Comment: Commenters asked how CMS will notify a State that FFP is to be suspended as a result of payment to an entity for items or services for which the State has received a credible allegation of fraud. Will the State receive advanced notice of the FFP suspension and be given the opportunity to correct or will the suspension be immediate?

Response: The process for deferring and disallowing FFP is governed by § 430.40 and § 430.42, respectively. Generally, we take action to defer the claim (by excluding the claimed amount from the grant award) within 60 days after the receipt of a Quarterly Statement of Expenditures (prepared in accordance with our instructions) that includes that claim. The notice of deferral to the State is provided by CMS within 15 days of such deferral. The notice should identify the type and amount of the deferred claim and specify the reason for deferral. The State is also requested to make available all the documents and materials that CMS believes are necessary to determine the allow-ability of the claim. However, prior to taking action to defer or disallow FFP, we may engage States to request that impermissible claims for FFP are removed from the Quarterly Medicaid Statement of Expenditures for the Medicaid Assistance Program (Form CMS-64).

Comment: One commenter asked, if CMS suspends a State's FFP, and the allegations of fraud are cleared after the fact, what the process will be to restore FFP.

Response: When we determine claims associated with deferred or disallowed FFP are permissible, we will release the deferred or disallowed funds to the State by providing FFP for the subject claims.

Comment: One commenter expressed concern regarding what the commenter saw as a “shift in evaluation of the appropriateness of suspensions away from the Medicaid agency and entities investigating the allegations of fraud to the exclusive and unilateral discretion of CMS” as well as a broad and sweeping increase in CMS's ability to impose a deferral of FFP.

Response: We have long had the authority to withhold FFP and the payment suspension rule is not an attempt to inappropriately withhold FFP from States. Instead, the rule is intended to protect precious Medicaid dollars from fraudulent providers, an effort in which we view the States as partners. Generally, we will withhold FFP only where a State has unreasonably or repeatedly failed to suspend payments or otherwise terminate a payment suspension where there are credible allegations of fraud.

Comment: One commenter suggested that the proposed rule regarding suspension of payments to Medicaid providers gives Medicaid agencies an improper incentive to aggressively deny payments to providers or risk losing FFP.

Response: We disagree. As we explained in the proposed rule, State Medicaid agencies have long had the authority to suspend payments to providers based upon suspected fraudulent conduct. Our goal is to ensure that State agencies appropriately suspend payments from potentially fraudulent providers, in order to protect critical Medicaid dollars from falling into the hands of such providers. In this rule we encourage State agencies to suspend payment based upon pending investigations of credible allegations of fraud only after reviewing all of the facts and circumstances surrounding a particular case and making a determination that such suspension is in fact warranted.

Comment: One commenter suggested that the suspension of payments could be interpreted to have retroactive application to providers who have already been referred to MFCUs or other law enforcement agencies:

Response: We will not require States to retroactively apply the law regarding suspension of payments based on pending investigations of credible allegations of fraud. However, upon the effective date of this final rule with comment period, we expect States; to the extent they have not already done so, to suspend payments to providers against whom there exist pending investigations of credible allegations of fraud.

Comment: Commenters have sought clarification regarding whether the proposed rule applies to individual providers who are employed or contracted by institutional providers.

Response: The payment suspension rule applies to institutional providers as well as enrolled providers who are employed or contracted by such institutional providers.

Comment: One commenter wanted CMS to clarify whether the “individual or entity” under investigation is the same “individual or entity” subject to the payment suspension.

Response: Yes, the “individual or entity” under investigation is the same “individual or entity” that is subject to the payment suspension.

Comment: Several commenters expressed concern with States' compliance dates with the Medicaid payment suspension rule because some States may require State law or regulatory changes in order to be able to implement the rule. Certain commenters also expressed similar concerns that the proposed document retention requirements exceed time frames currently required by their State laws.

Response: We encourage the State Medicaid or program integrity director of any State that faces State legislative, regulatory, or administrative implementation obstacles to contact us Start Printed Page 5939in order to work out a plan of resolution.

Comment: One commenter suggested that the process for quarterly reporting and certification at § 455.23(d) is onerous to the State and the MFCU. The commenter further indicated that reporting is already addressed in Memoranda of Understanding between the States and the MFCUs, and therefore, additional reporting requirements would be burdensome on the State.

Response: We disagree, and in the proposed rule stated that we would not prescribe the format that such certifications must take to maximize State flexibility. The Memoranda of Understanding between the States and the MFCUs routinely do not address reporting and documentation to the degree that will be required by § 455.23(d). Moreover, in the proposed rule we emphasized that payment suspensions should be temporary and we noted the profound impact that a payment suspension can have upon a provider. We believe that the quarterly reporting and certification process is an important protection for providers to ensure that suspensions do not continue after law enforcement has concluded its investigation but did not report this information to the State Medicaid agency.

Comment: Some commenters suggested that documentation and record retention in instances regarding the decision to not suspend payments is expensive and unnecessary given the high volume of unfounded allegations. These commenters also suggested that the requirement to report summary information to the Secretary is duplicative given that CMS will be reviewing State actions on suspension of payment during periodic on-site program integrity reviews.

Response: We disagree. As we generally discuss in both these responses and in the proposed rule, we are balancing a number of interests including: (1) A statutory directive from the ACA that FFP not be paid in certain circumstances; (2) a payment suspension provision that, if not rigorously and carefully administered, can detrimentally impact honest providers; and (3) CMS' intent to maintain its appropriate oversight role but at the same time not to arbitrarily or unreasonably second-guess State decision-making. As such, we believe rigorous documentation requirements that go beyond what may be reviewed during on-site program integrity reviews actually serve to protect everyone's interests. Moreover, we believe it is particularly important that States carefully document those processes that require special judgment calls, such as with respect to exercising the various good cause exceptions, so that, upon CMS review, FFP is not inappropriately withheld.

Comment: One commenter recommended that Medicaid State agencies should be allowed to share potentially helpful information with their MFCUs without following the requirements in the proposed rule regarding documentation and timing of the referral of a credible allegation of fraud.

Response: We fully agree with the notion that States may share information or otherwise consult with their MFCUs, recognizing that States may need to consult and/or exchange information with their respective MFCUs prior to making a formal referral, and do not seek to limit or otherwise define the circumstances by which States make such communications. We disagree, however, with the proposition that States should not need to follow our proposed MFCU documentation/referral requirements, which we believe are important for reasons similar to those addressed in the previous response, thus we will not alter the proposed documentation and timing requirements.

Comment: Certain commenters have suggested that it will be cumbersome to require the State to obtain a written certification from the MFCU or other law enforcement agency that any matter that is accepted on the basis of a referral continues to be under investigation or in the course of enforcement proceedings warranting continuation of the payment suspension every 90 days. In addition, these commenters expressed concern that this requirement will result in a substantial increase in workload and could result in increased staffing levels. Commenters also suggested that existing methods of communication regarding caseload and referrals between the States and the MFCUs should be sufficient.

Response: We disagree with the proposition that the quarterly law enforcement certification requirement is overly cumbersome or that the documentation requirements finalized here will result in substantial increases in workload. As we have indicated previously in these responses and in the proposed rule, we believe rigorous documentation requirements are in everyone's interest. Moreover, to maintain State flexibility, we are not prescriptive with respect to the format of the quarterly certification. States have long had authority to implement payment suspensions and, though we formalize certain documentation and referral requirements here, we believe that most States that have used suspension authority likely have rigorous documentation requirements already in place to ensure they are able to adequately justify suspension actions and withstand any provider challenges.

Comment: With regard to formal fraud referrals issued by the State to the MFCU or other law enforcement agency, one commenter suggested combining the relevant NPIs of the affected providers into one referral instead of referring individual cases.

Response: This is outside the scope of the proposed rule and therefore we will not address this issue at this time.

Comment: One commenter suggested that the regulation at § 455.23(g) proposing to require States to annually report to the Secretary information regarding the life cycle of each payment suspension imposed and any determinations to exercise the good cause exceptions not to suspend payment, to suspend payment only in part, or to discontinue a payment suspension, be modified. Specifically, the commenter suggested that such annual report be filed only if such information is shared by law enforcement.

Response: We disagree with the commenter's proposition for two reasons. First, a number of the elements the commenter points out are not contingent on any response from law enforcement. Second, we certainly appreciate that States can only report on the information that is in their possession, but believe that annual reporting should not be contingent on whether law enforcement has shared such information. Importantly, to the extent that annual reporting reveals gaps where law enforcement has neglected or refused to share information it will illustrate where CMS may have to exercise additional oversight authority to attempt to close such gaps. Likewise, law enforcement's “failure to communicate” may be a significant factor in a State's decision to exercise certain of the rule's good cause exception authorities.

Comment: One commenter suggested that CMS include in the final regulation at § 455.23(d)(4), as reflected in the preamble to the proposed rule, a requirement for States to immediately release the payment suspension “unless the State has alternative Federal or State authority by which it may impose a suspension.” (75 FR 58225). The proposed regulation does not reflect this additional language governing the immediate release of a payment suspension when MFCU or law Start Printed Page 5940enforcement declines to accept the fraud referral.

Response: We agree, and are including this language in the final rule with comment period.

Comment: Certain commenters suggested revising the proposed language to include a 180 day time limit for the duration of a suspension of payment in the Medicaid program, similar to the proposed process under Medicare.

Response: Aside from the general constraints and protections built in to the rule around the notion that suspensions are intended to be temporary, we believe that States need the flexibility to decide the duration of payment suspensions in order to accommodate State laws and legal processes. Because Medicare is a national program there is more uniformity surrounding the disposition of Medicare program suspensions. So while a specific time limit may be adequate there, we believe a more flexible approach, nearly identical to the approach used with respect to Medicaid payment suspensions for more than 20 years, is necessary to address the needs of 50 plus States and territories.

Comment: One commenter suggested that the duration of a payment suspension by States should be permanent where the provider is later convicted of the offense.

Response: Payment suspensions are intended to stem the flow of Medicaid dollars to providers against whom there are credible allegations of fraud, during the pendency of the investigation, which includes any related proceedings. Separate authorities, some administered by other agencies, including possible exclusion from participation in Federal health care programs, may be implemented upon a provider's conviction.

Comment: One commenter indicated that while the proposed rule gives States authority to immediately release payment suspensions if a timely investigation by law enforcement does not ensue, that “timely,” is not clearly defined.

Response: We believe that when a State learns that law enforcement has declined to investigate a fraud referral from the State in connection with a payment suspension or otherwise discontinues a pending investigation, the State should immediately take steps to terminate a payment suspension. As discussed several times in these responses, we proposed a requirement for States to obtain quarterly certifications from law enforcement to help address this type of scenario so that providers are not subject to a continuing payment suspension based upon a fraud referral that was declined by law enforcement or an investigation that has been concluded without the State's knowledge.

Comment: Certain commenters requested clarification regarding the resolution of an investigation for purposes of terminating a payment suspension.

Response: Generally, a payment suspension is temporary and will not continue after the State Medicaid agency or the prosecuting authorities determine that there is insufficient evidence of fraud by the provider or legal proceedings related to the alleged fraud are completed.

Comment: One commenter suggested that the proposed rule be changed to defer to State law to dictate how long and under what circumstances a payment suspension can be imposed.

Response: As we noted in an earlier response, this rule presents a floor for protection of Medicaid funds and does not bar a State from setting a higher bar allowing for imposition of suspensions with other conditions or in other circumstances.

Comment: Several commenters suggested that the proposed rule does not provide adequate due process for providers facing suspension of payments. Certain commenters also suggested that the proposed rule could result in a de facto termination from the Medicaid program without any meaningful due process. Commenters expressed concern that non-fraudulent providers may effectively be terminated by lengthy suspensions. Commenters also suggested shortening the length of suspensions or in the alternative, maintaining the current permitted duration without extension. Another commenter indicated that the proposed rule does not create a right to challenge the ongoing validity of a payment suspension.

Response: Under the proposed rule, providers have an opportunity to submit written evidence for consideration by the Medicaid agency regarding payment suspensions. Based upon this written evidence, a State may determine whether there is good cause to terminate a suspension of payment. Accordingly, we believe there are adequate due process protections in place pursuant to which a provider may establish good cause to terminate a payment suspension. In addition, this process was already accounted for in existing Medicaid regulations and we did not change the process. We are not aware of any issues associated with this process which has been in existence for more than 20 years. Moreover, we expressed in the proposed rule that suspensions, because of their significant impact upon providers, are only temporary. We provided in the rule several protections (such as the quarterly law enforcement certification and State documentation requirements) and also various “good cause” exceptions. Moreover, the duration of suspension provisions of the proposed rule, finalized here, are essentially the same as have been in place for more than 20 years with the existing Medicaid payment suspension rule. We believe that the significant built-in protections, in conjunction with the fact that we are not aware that the current Medicaid suspension process has caused significant undue hardship with providers having payments wrongly suspended, lend adequate safeguards to the process. CMS will also monitor States' implementation of the Medicaid payment suspension rule through the various documentation requirements and State program integrity reviews, to ensure that there are no marked shortcomings with regard to States' processes.

Comment: One commenter suggested that the final regulation should require State Medicaid programs to establish and codify a Medicaid administrative review process with regard to the review of payment suspensions.

Response: We recognize that individual State laws vary with regard to their respective administrative review processes, and believe that most or all States have established such processes. As previously stated, we will revise the proposed language in the regulations to reflect the inclusion of State administrative appeal procedures in the notice of suspension furnished to providers. In addition, we believe the notice should also include relevant citations to State law, where applicable.

Comment: A couple of commenters suggested that CMS develop a system or process for exposing and penalizing those who make false fraud complaints.

Response: This is outside the scope of the proposed rule and therefore we will not consider this suggestion at this time.

Comment: One commenter requested clarification regarding the fraud referral standards established by CMS as a result of an OIG January 2007 report entitled “Suspected Medicaid Fraud Referrals” (OEI 07-04-00181).

Response: We issued fraud referral standards on September 30, 2008. The link to CMS' Web site where the fraud referral standards may be found is: http://www.cms.gov/​FraudAbuseforProfs/​downloads/​fraudreferralperformancestandardsstateagencytomfcu.pdf. Start Printed Page 5941

Comment: One commenter suggested that the content of a fraud referral should be left to the discretion of each State. This commenter suggested that a continuing collaborative environment will fulfill the regulatory provisions regarding content of fraud referrals.

Response: We encourage States to collaborate with their MFCU. A fraud referral must contain, at a minimum, the elements as outlined in the proposed regulation and finalized here, but it is within a State's discretion to the extent it wishes to add additional information.

Comment: One commenter suggested that FQHCs should be exempted from the application of payment suspensions.

Response: We disagree. There is no statutory requirement to carve out an exception for any particular category of provider. We believe that payment suspensions apply to fraudulent conduct regardless of provider type.

Comment: One commenter suggested that payment suspensions should only apply to providers in the limited screening level, as that term is defined and used in connection with the provider screening rules, under only the most extraordinary circumstances.

Response: We decline to carve out an exception for providers in the limited screening level in the context of a payment suspension. This assignment to the limited level applies in the context of provider screening, not for suspension of payments. The determination regarding whether to impose a payment suspension is driven by credible allegations of fraudulent conduct and not whether a provider is assigned to a certain level for purposes of screening.

Comment: One commenter requested clarification regarding the application of payment suspensions to billing providers as opposed to prescribing providers. Another commenter requested a guarantee that payment suspensions will not be imposed against a billing provider.

Response: We understand that there are circumstances in which the prescribing provider may be different from the furnishing provider and/or billing provider. Generally, we believe that payment suspension is not the appropriate mechanism to recover Medicaid funds from one provider who inescapably, but innocently, happens to be associated with the fraudulent conduct of another provider. Because payment suspensions only apply based upon credible allegations of fraud, payment suspensions are generally not the appropriate vehicle by which to recover reimbursement for items and/or services furnished by a provider against whom there are no allegations of fraud. Nevertheless, there is no guarantee that a payment suspension will only be imposed against the billing provider as, particularly at the outset of an investigation of a credible allegation of fraud, it may be impossible to precisely determine the locus of the fraud or whether it involved collusion or conspiracy.

Comment: One commenter requested clarification regarding whether States with authority under existing State law may impose suspensions for reasons other than where there is a credible allegation of fraud. This commenter suggested that where such authority exists, the requirements proposed under § 455.23, including those concerning referrals to the MFCU and the duration of suspension should not apply.

Response: The requirements for payment suspensions under the proposed rule are based upon credible allegations of fraud. As we have noted several times in both these responses and in the proposed rule, nothing in these rules bar a State from exercising other broader authorities to suspend payments to providers.

We are adopting the provisions of the proposed rule with the exception of the following changes:

  • In § 455.2, we have revised the definition of “credible allegation of fraud” to address the issue of the State's verification of the allegation.
  • In § 455.23(a)(1), we have added the verbiage “after the agency determines there is a credible allegation of fraud for which” after the term “provider.”
  • In § 455.23(b)(2), we have added a new subsection (vi) that reads: “Set forth the applicable State administrative appeals process and corresponding citations to State law.”
  • In § 455.23(d), we have added the verbiage “has alternative Federal or State authority by which it may impose a suspension or” before “makes a fraud referral to another law enforcement agency.”
  • In § 455.23(e), we have revised subsection (3) to state: “The State determines, based upon the submission of written evidence by the individual or entity that is the subject of the payment suspension, that the suspension should be removed.”
  • In § 455.23(e), we have added a new subsection (6) that states: “The State determines that payment suspension is not in the best interests of the Medicaid program.”
  • In § 455.23(f), we have revised subsection (2) to read: “The State determines, based upon the submission of written evidence by the individual or entity that is the subject of a whole payment suspension, that such suspension should be imposed only in part.”
  • In § 455.23(f), we have added a new subsection (5) that states: “The State determines that payment suspension only in part is in the best interests of the Medicaid program.”

E. Proposed Approach and Solicitation of Comments for Sections 6102 and 6401(a) of the Affordable Care Act —Ethics and Compliance Program

1. Statutory Changes

Under section 6102 of the ACA which established new section 1128I of the Act, a nursing facility (NF) or SNF shall have in operation a compliance and ethics program that is effective in preventing and detecting criminal, civil, and administrative violations and in promoting quality of care, consistent with regulations developed by the Secretary, working jointly with the HHS OIG. The regulations to establish the compliance and ethics program for operating organizations may include a model compliance program. The statute requires that in the case of an organization that has five or more facilities, the formality or specific elements of the program vary with the size of the organization. The statute also requires that not later than 3 years after the effective date of the regulations, the Secretary shall complete an evaluation of the programs to determine if such programs led to changes in deficiency citations, changes in quality performance, or changes in the quality of resident care. The Secretary shall submit to the Congress a report on such evaluation with recommendations for changes in the requirements, as the Secretary deems appropriate.

Similarly, under section 6401(a) of the ACA, which established a new section 1866(j)(8) of the Act, a provider of medical or other items or services or a supplier shall, as a condition of enrollment in Medicare, Medicaid or CHIP, establish a compliance program that contains certain “core elements.” The statute requires the Secretary, in consultation with the HHS OIG, to establish the core elements for providers or suppliers within a particular industry or category. The statute allows the Secretary to determine the date that providers and suppliers need to establish the required core elements as a condition of enrollment in Medicare, Medicaid, and CHIP. The statute requires the Secretary to consider the extent to which the adoption of compliance programs by providers or suppliers is widespread in a particular industry sector or particular provider or supplier category. Please note, NFs and Start Printed Page 5942SNFs are subject to both compliance plan requirements under sections 6102 and 6401(a) since section 6401(a) of the ACA includes all providers and suppliers enrolling into Medicare, Medicaid and CHIP. We intend to establish compliance program core elements per section 6401(a) of the ACA for NFs and SNFs that closely match the required components of a compliance program per section 6102 of the ACA.

2. Proposed Ethics and Compliance Program Provisions

In order to consider the views of industry stakeholders, we solicited comments on compliance program requirements included in the ACA. We do not intend to finalize compliance plan requirements in this final rule with comment period; rather, we intend to do further rulemaking on compliance plan requirements and will advance specific proposals at some point in the future. We were most interested in receiving comments on the following:

The use of the seven elements of an effective compliance and ethics program as described in Chapter 8 of the U.S. Federal Sentencing Guidelines Manual (http://www.ussc.gov/​2010guid/​20100503_​Reader_​Friendly_​Proposed_​Amendments.pdf, pp. 31-35) as the basis for the core elements of the required compliance programs for Medicare, Medicaid and CHIP enrollment. These elements instill a commitment to prevent, detect and correct inappropriate behavior and ensure compliance with all applicable laws, regulations and requirements, and include:

  • The development and distribution of written policies, procedures and standards of conduct to prevent and detect inappropriate behavior;
  • The designation of a chief compliance officer and other appropriate bodies (for example a corporate compliance committee) charged with the responsibility of operating and monitoring the compliance program and who report directly to high-level personnel and the governing body;
  • The use of reasonable efforts not to include any individual in the substantial authority personnel whom the organization knew, or should have known, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program;
  • The development and implementation of regular, effective education and training programs for the governing body, all employees, including high-level personnel, and, as appropriate, the organization's agents;
  • The maintenance of a process, such as a hotline, to receive complaints and the adoption of procedures to protect the anonymity of complainants and to protect whistleblowers from retaliation;
  • The development of a system to respond to allegations of improper conduct and the enforcement of appropriate disciplinary action against employees who have violated internal compliance policies, applicable statutes, regulations or Federal health care program requirements;
  • The use of audits and/or other evaluation techniques to monitor compliance and assist in the reduction of identified problem areas; and
  • The investigation and remediation of identified systemic problems including making any necessary modifications to the organization's compliance and ethics program.

In addition, we are particularly interested in comments about the following:

  • The extent to which, and the manner in which, providers and suppliers already incorporate each of the seven U.S. Federal Sentencing Guidelines elements into their compliance programs or business operations. We are interested in how and to what degree each element has been incorporated effectively into the compliance programs of different types of providers and suppliers considering their risk areas, business model and industry sector or particular provider or supplier category.
  • Any other suggestions for compliance program elements beyond, or related to, the seven elements referenced previously considering provider or supplier risk areas, business model and industry sector or particular provider or supplier category including whether external and/or internal quality monitoring should be a required for hospitals and long-term care facilities.
  • The costs and benefits of compliance programs or operations including aggregate or component costs and benefits of implementing particular elements and how these costs and benefits were measured.
  • The types of systems necessary for effective compliance, the costs associated with these systems and the degree to which providers and suppliers already have these systems including, but not limited to, tracking systems, data capturing systems and electronic claims submission systems. We anticipate having providers and suppliers evaluate the effectiveness of their compliance plans using electronic data.
  • The existence of and experience with State or other compliance requirements for various providers and suppliers and foreseeable conflicts or duplication from multiple requirements.
  • The criteria we should consider when determining whether, and if so, how to divide providers and suppliers into groupings that would be subject to similar compliance requirements including whether individuals should have different compliance obligations from corporations.
  • Available research or individual experience regarding the current rate of adoption and level of sophistication of compliance programs for providers or suppliers based on their business model and industry sector or particular provider or supplier category.
  • How effective compliance programs have been for varied providers and suppliers and how the level of effectiveness was measured.
  • The extent to which providers and suppliers currently use third party resources, such as consultants, review organizations, and auditors, in their compliance efforts.
  • The extent to which providers and suppliers have already identified staff responsible for compliance and, for those who already have staff responsible for compliance, the positions of these staff.
  • A reasonable timeline for establishment of a required compliance program for various types and sizes of providers and suppliers, assuming the compliance program core elements were based on the aforementioned U.S. Federal Sentencing Guidelines' seven elements of an effective compliance and ethics program, considering business model and industry sector or particular provider or supplier category.

We welcomed any information concerning how the industry views compliance program elements and how we can establish required compliance program elements to protect Medicare, Medicaid, and CHIP from fraud and abuse.

3. Analysis of and Responses to Public Comment

We received numerous comments on compliance program elements in response to this request. Though we will not respond to those comments within this final rule with comment period, these will be considered for further rulemaking on compliance plan requirements.

4. Final Provisions—Ethics and Compliance Program

We are not finalizing these provisions in this final regulation. We are in the process of developing a new Notice of Proposed Rule Making incorporating the Start Printed Page 5943compliance plan provisions and comments received that will be published at a later date. The proposed rule will also have an opportunity for further public comment.

F. Termination of Provider Participation Under the Medicaid Program and CHIP if Terminated Under the Medicare Program or Another State Medicaid Program or CHIP

1. Statutory Change

Section 6501 of the ACA amends section 1902(a)(39) of the Act to require a State Medicaid program to terminate any provider, be it an individual or entity, participating in that program, subject to the limitations on exclusions in sections 1128(c)(3)(B) and 1128(d)(3)(B) of the Act, if the provider's participation has been terminated under title XVIII of the Act or another State's Medicaid program. Effective provider screening prevents excluded providers from enrolling in government health care programs and being paid with Federal and State funds. Effective screening of providers barred from participation can reduce the risk of fraud, waste, and abuse in the Medicare and Medicaid programs and CHIP

When a State terminates a provider but does not share that information with any other State, all other States become vulnerable to potential fraud, waste, and abuse committed by that provider. Similarly, a provider, supplier, or eligible professional that has been terminated from Medicare or has had Medicare billing privileges revoked may enroll with a State Medicaid program or with CHIP when a State is not aware of the Medicare termination or revocation. We may terminate or revoke the billing privileges of a provider, supplier, or eligible professional under Medicare for a number of reasons, as set forth at § 424.535, including exclusion from health care programs, government-wide debarment, and conviction of certain violent felonies and financial crimes.

Section 6501 of the ACA requires a State's Medicaid program to terminate an individual or entity's participation in the program (subject to certain limitations on exclusions in sections 1128(c)(3)(B) and 1128(d)(3)(B) of the Act), if the individual or entity has been terminated under Medicare or another State's Medicaid program. Although the term “termination” only applies to providers under Medicare whose billing privileges have been revoked (and does not apply to Medicare suppliers or eligible professionals), we believe it was the intent of the Congress that this requirement also be applicable to suppliers and eligible professionals that have had their billing privileges under Medicare revoked as well. Therefore, we proposed that “termination” be inclusive of situations where an individual's or entity's billing privileges have been revoked. The requirement for States to terminate would only apply in cases where providers, suppliers, or eligible professionals were terminated or had their billing privileges revoked for cause. “For cause” may include fraud, integrity or quality, but not cases where the providers, suppliers, or eligible professionals were terminated or had their billing privileges revoked based upon voluntary action taken by the provider to end its participation in the program, except where that voluntary action is taken to avoid a sanction, or where a State removes inactive providers from its enrollment files.

In addition, State Medicaid programs would terminate a provider only after the provider had exhausted all available appeal rights in the Medicare program or in the State that originally terminated the provider or the timeline for such appeal has expired.

Section 6501 of the ACA builds upon the requirements in section 6401(b)(2) of the ACA, which requires that we establish a process to make available Medicare provider, supplier, and eligible professional and CHIP provider termination information to State Medicaid programs. Section 1902(kk)(6) of the Act also requires States to report adverse provider actions to CMS, including criminal convictions, sanctions, and negative licensure actions.

When States are apprised of the terminations or revocations of billing privileges, as the case may be, of providers, suppliers, and eligible professionals that have occurred in other State Medicaid programs, CHIP, or in Medicare, States have the information they need to protect their programs.

2. Proposed Provisions for Termination of Provider Participation Under the Medicaid Program and CHIP if Terminated Under the Medicare Program or Another State Medicaid Program or CHIP

We proposed at § 455.416(c) that a State Medicaid program must deny enrollment or terminate the enrollment of a provider that is terminated on or after January 1, 2011 under Medicare, or has had its billing privileges revoked, or is terminated on or after January 1, 2011 under any other State's Medicaid program or CHIP.

While section 6501 of the ACA does not expressly require that individuals or entities that have been terminated under Medicare or Medicaid also be terminated from CHIP, we also proposed, under our general rulemaking authority pursuant to section 1102 of the Act, to require in CHIP regulations that CHIP take similar action to terminate a provider terminated or revoked under Medicare, or terminated under any other State's Medicaid program or CHIP.

We also proposed to add a definition at § 455.101 for termination for purposes of this section. That definition distinguishes between Medicaid providers and Medicare providers, suppliers, and eligible professionals and specifies that termination means a State Medicaid program or the Medicare program has taken action to revoke the Medicaid provider's or Medicare provider, supplier or eligible professional's billing privileges and the provider, supplier or eligible professional has exhausted all applicable appeal rights. There is no expectation on the part of the provider, supplier, or eligible professional or the State or Medicare program that the termination or revocation is temporary. The provider, supplier or eligible professional would be required to reenroll with the applicable program if they wish billing privileges to be reinstated.

3. Analysis of and Responses to Public Comment

We received the following comments:

Comment: One commenter stated that while there is value to the States to have additional authority under which to deny or terminate Medicaid providers, it will be necessary to amend current statute and regulations to include new reasons for denials and terminations, and additional time will be required.

Response: In accordance with section 6508(b) of the ACA, a State may delay implementation of this provision if the Secretary determines that State legislation is required.

Comment: Commenters asked for clarification regarding ACA section 6401(b)(2) that requires CMS to establish a process to make available Medicare provider, supplier, and eligible professional and CHIP termination information to State Medicaid programs. Commenters asked if a mechanism was in place for States to check for terminated providers starting January 1, 2011. One commenter requested clarification as to how State Medicaid programs would communicate with Medicare contractors when the States had revoked or suspended a Medicaid enrollment. Another commenter asked if the Provider Enrollment, Chain, and Ownership System (PECOS) would be Start Printed Page 5944used. Another commenter stated it would be “next to impossible” to carry out this provision without an effective way to obtain information from Medicare regarding terminated providers. One commenter urged CMS to establish a national database that contains Medicare, CHIP termination and exclusion information as well as information on terminations from all State Medicaid programs.

Response: We are in the process of establishing a secure web-based portal that will allow States to share information regarding terminated providers. Using this web-based portal, a State will be able to upload as well as download information regarding its terminated providers and download information regarding terminated providers in other States and Medicare. States will not be required to report those providers who were terminated prior to January 1, 2011. Access to the information-sharing portal is limited to users that we have approved.

Comment: Some commenters requested that CMS clarify the timeframes for State reporting of terminations.

Response: States should report terminations on a monthly basis in order to assist other States and the Medicare program in protecting themselves from providers who pose an increased risk to government health care programs.

Comment: One commenter requested that States be granted real time access to the exclusion database. Another commenter suggested that CMS consider leveraging existing Federal databases such as the NPI and NPPES.

Response: We are in the process of exploring potential opportunities to leverage existing databases and infrastructure that would enable timely access to provider enrollment data across programs. We are currently examining to what extent we can support such a centralized information sharing solution.

Comment: One commenter requested clarification that Medicaid termination should only last as long as the Medicare termination, especially in States where “terminate” means “permanent exclusion.”

Response: When a State terminates a provider based on the fact that the provider was terminated by Medicare, the duration of the State's termination action should be consistent with State law, and not necessarily driven by the length of the Medicare termination. The same would hold true when a State terminates a provider based on a termination action in another State. We do not wish to dictate to States the duration of their terminations.

Comment: One commenter contended that the proposed rule did not detail the parameters of the termination process. Specifically, it did not state what would happen if a provider is wrongfully terminated from participation in Medicare or another public benefit, or the different termination scenarios—such as the effect on a group practice if a provider in that group is suspected of fraud. The commenter also requested further explanation and clarification regarding the timeline and parameters for termination of provider participation in Medicare, Medicaid, and CHIP.

Response: For purposes of the Medicaid program, the parameters of the termination process would be governed by the terminating State's administrative appeals processes. Accordingly, the timeline and parameters for termination will vary depending on the State in which the termination occurs. State Medicaid agencies and CHIP must deny enrollment or terminate the enrollment of any provider that is terminated by Medicare or another State's Medicaid program or CHIP on or after January 1, 2011. If a provider is wrongfully terminated from Medicare or another State's Medicaid program or CHIP, and a subsequent State has already terminated such provider from its Medicaid program or CHIP, the subsequent State should reinstate the provider once the subsequent State has evidence demonstrating that the provider was wrongfully terminated.

When an individual provider is terminated by a State Medicaid program or CHIP, the effect on a group practice would be that the individual provider who is terminated may not participate in the Medicaid or CHIP programs until that provider is eligible to, and does re-enroll. Therefore, neither the individual provider, nor the group practice would be able to bill Medicaid or CHIP for care and/or services provided by the individual provider that has been terminated.

Comment: One commenter stated that termination is defined to be inclusive of situations where an individual or entity's billing privileges have been revoked. The commenter requested clarification because not all providers have billing privileges. For example, a particular pharmacist may be denied participation in a State's Medicaid program; however, because the pharmacist does not have direct billing privileges, another State would not have to also terminate that provider.

Response: The requirement for termination is not limited to situations in which a provider is billing the Medicaid program. The requirement for termination applies to enrolled providers generally, not just billing providers. An enrolled provider that has had its billing privileges revoked by Medicare must be terminated by the States' Medicaid programs, regardless of whether the provider is submitting claims.

Comment: One commenter requested clarification for States regarding termination when a provider has more than one NPI or Medicare ID number. A commenter inquired if CMS will terminate a provider's NPI, Medicare legacy number or both. This commenter also asked if a provider has multiple NPIs and/or Medicare numbers, does Medicare terminate a provider under one number but allow them to continue to participate under other NPI/Medicare numbers. This commenter indicated that if the response is yes, would a State be expected to follow suit, that is, terminate only the NPI that Medicare has terminated. Finally, the commenter asked what States should do in cases where providers have multiple legacy Medicaid numbers that crosswalk to a single NPI.

Response: It is the provider, not the provider's identifiers, which are to be terminated under this provision. Thus, to the extent that Medicare terminated one or multiple NPIs/Medicare legacy numbers for cause that are tied to one provider we generally expect that State Medicaid agencies will follow suit. Accordingly, if one provider has multiple Medicaid identification numbers, then the State would be required to terminate such provider numbers if the State determines there is cause for such termination and the provider has exhausted its appeal rights.

Comment: Several commenters expressed concern over the potential for terminations of affiliated providers when one provider had been terminated in another State. One commenter asked if other State Medicaid agencies will be compelled to terminate affiliates that have a common corporate parent. A commenter asked if terminations for a corporation apply to any branches or franchises of that corporation.

Response: Section 6501 of the ACA does not require the termination of affiliates of terminated entities. Accordingly, we are not requiring States at this time to terminate affiliates of those individuals or entities that have been terminated by another Medicaid program or had their billing privileges revoked by the Medicare program.

Comment: One commenter stated that it is a common State statutory requirement or best practice for a provider to form a legal corporate entity Start Printed Page 5945unique to the State. The commenter requested clarification for the legal basis for Federal enforceability of termination from or denied enrollment into a State's program based upon the termination or denial status in another State where the provider and its principals are the same individuals but the “provider” is a separate legally incorporated entity under State law.

Response: Section 1902(a)(39) of the Act requires State Medicaid agencies to terminate the participation of any individual or entity that has been terminated under Medicare or another State's Medicaid program. When a State is contemplating a termination as a result of a termination that was initiated by another State's Medicaid program, and there is a question regarding the identity of the provider who is the subject of the termination, it is generally up to the subsequent terminating State to determine whether a provider in their State is the same provider that was initially terminated by another State's Medicaid program. In order to determine whether a provider in one State is the same provider that was terminated in another State, a State could look at a variety of factors, including, but not limited to, NPI and correspondence address. The State could also communicate with the Medicaid agency that originally terminated the provider to help resolve the question of the provider's identity. If the State believes that background checks are required to verify the identity of a provider, then States should conduct such background checks. We believe the States should have flexibility to determine the best method for identity verification.

Comment: One commenter suggested that the regulatory definition of termination at § 455.101 should be revised to include the termination of persons or entities with an ownership or control interest or who is an agent or managing employee of a provider.

Response: The ACA does not contemplate termination based upon ownership or control. The statute requires termination of the same individual or entity that was terminated by Medicare or another State's Medicaid program.

Comment: A few commenters requested that CMS clarify in the final rule with comment period that termination from the Medicaid program must only occur when a provider has had billing privileges revoked or terminated by Medicare for cause.

Response: The requirement for States to terminate would only apply in cases where providers, suppliers or eligible professionals were terminated or had their billing privileges revoked for cause which may include, but is not limited to, fraud, integrity or quality issues. In addition, we have defined “termination” in the final rule with comment period as occurring when a State Medicaid program has taken action to terminate a provider and the provider has exhausted all applicable appeal rights that are available in the State or the Medicare program, or the timeline for appeal has expired, whichever is applicable.

Comment: One commenter requested information regarding how managed care organizations will be able to access provider termination information.

Response: We encourage States to share such information with their managed care entities.

Comment: One commenter requested that an appeals process be established for providers and suppliers that would permit a provider/supplier to continue to provide care under a program if they can demonstrate “good cause exemptions.”

Response: While we appreciate the commenter's suggestion, section 6501 of the ACA requires States to terminate the participation of any provider that has been terminated under Medicare or another State's Medicaid program, and allows for exceptions only as permitted under sections 1128(c)(3)(B) and 1128(d)(3)(B) of the Act.

Comment: Commenters expressed concern that the proposed rule allows for the imposition of sanctions based upon findings made outside the agency. For example, if Medicare revokes a provider's billing privileges and a State initiates a termination action as a result of such revocation, then, in the commenter's view, the proposed rule gives the provider a right to use the State administrative appeal process to challenge anew the Medicare revocation.

Response: We disagree. The provider is not provided a new forum in which to litigate the Medicare termination action. The ACA does not give a State the authority to review a Medicare termination action. The statute requires a State to terminate a provider that was terminated by Medicare or another State's Medicaid program, with certain limited exceptions.

Comment: A few commenters indicated that the proposed regulation fails to state that termination from the Medicaid program must only occur in situations in which the provider or supplier had its billing privileges terminated or revoked for cause, that is, fraud, integrity or quality issues.

Response: We agree. In the regulatory definition for “termination,” we will state that the requirement for States to terminate would only apply in cases where providers, suppliers or eligible professionals were terminated or had their billing privileges revoked for cause which may include, but is not limited to, fraud, integrity or quality issues.

Comment: Certain commenters requested a specific timeline for due process in connection with the appeal of termination actions and the parameters of the termination process in Medicaid.

Response: As we have indicated previously in these responses, we believe that States should have the flexibility to decide termination actions consistent with their individual State administrative appeals process. In addition, since State law and regulations may vary with regard to this issue, we defer to the States regarding their existing termination processes.

Comment: One commenter suggested that reciprocal termination must be limited to revocations of privileges due to fraud and where the physician has exhausted all possible appeal rights.

Response: We agree. As stated in the proposed rule, the requirement for States to terminate would only apply in cases where providers, suppliers or eligible professionals were terminated or had their billing privileges revoked for cause. In addition, we defined “termination” as occurring when a State Medicaid program has taken action to revoke a Medicaid provider's billing privileges and the provider has exhausted all applicable appeal rights that are available in that State, or the timeline for appeal has expired, or when the Medicare program has revoked the provider or supplier's billing privileges and the provider or supplier has exhausted all applicable appeal rights, or the timeline for appeal has expired.

Comment: One commenter requested a definition of “eligible professional.”

Response: In the context of terminations, “eligible professional” is a term that is specific to the Medicare program. For purposes of the Medicare program, an eligible professional may include a physician assistant, nurse practitioner, or clinical nurse specialist, certified nurse-midwife, clinical social worker, clinical psychologist, registered dietitian or nutrition professional. See section 1842(b)(18) of the Act.

Comment: Certain commenters requested clarification regarding when a termination is triggered under the statute.

Response: A termination in a subsequent State is triggered when Medicare or a State Medicaid program has taken action to revoke a provider's billing privileges for cause and the provider has exhausted all applicable appeal rights that are available in Start Printed Page 5946Medicare or the originally-terminating State or the timeline for appeal has expired.

Comment: A commenter stated that section 6 of Executive Order 13132 requires that: (1) Each agency have an accountable process to ensure meaningful and timely input by State officials in the development of regulatory policies that have Federalism implications, and (2) no agency shall promulgate any regulation that has Federalism implications that imposes substantial direct compliance cost on State governments. The commenter recommended that CMS explain the process that was used to ensure that meaningful and timely input was received from the States prior to the development of this proposed rule.

Response: We have worked closely with State Medicaid agencies on the proposed rule and in the development of the final rule with comment period.

Comment: One commenter requested clarification regarding the process of how Medicare reinstatements will be communicated to States and whether States will be required to automatically reinstate a provider in the Medicaid program once a provider “finishes the Medicare termination/revocation period.”

Response: Presumably, States will be notified by providers who are seeking re-enrollment or reinstatement in the Medicaid program. It is the responsibility of the States to validate the status of a provider's termination with Medicare. When a provider may seek re-enrollment is up to the discretion of the States and should be consistent with State law. Similarly, the duration of termination should be consistent with existing State law.

4. Final Provisions for Termination of Provider Participation Under the Medicaid Program and CHIP if Terminated Under the Medicare Program or Another State Medicaid Program or CHIP

We have retained the provisions of the proposed rule, with the exception of the following:

  • In § 455.101, we have added the following subsection (3) to the definition of termination: “The requirement for termination applies in cases where providers, suppliers, or eligible professionals were terminated or had their billing privileges revoked for cause which may include, but is not limited to: (i) Fraud; (ii) integrity; or (iii) quality.”

G. Additional Medicare Provider Enrollment Provisions

1. Statutory Changes

Section 6501 of the ACA requires States to terminate a provider or supplier under the Medicaid program when the provider or supplier has been terminated by Medicare or by another State's Medicaid program. We believe that permitting CMS to revoke Medicare billing privileges when a State Medicaid agency terminates, revokes, or suspends a provider or supplier's Medicaid enrollment or billing privileges works in tandem with section 6501 of the ACA.

2. Proposed Provisions for Additional Medicare Provider Enrollment

In § 424.535(a)(11), we proposed allowing CMS, directly or through its contractor, to revoke Medicare billing privileges when a State Medicaid agency terminates, revokes, or suspends a provider or supplier's Medicaid enrollment or billing privileges. Moreover, we believe that providers and suppliers whose enrollment has been terminated by a State Medicaid program may pose an increased risk to the Medicare program.

3. Analysis of and Response to Public Comments

We received one comment on the proposed provision related to Medicare termination.

Comment: A commenter stated that proposed § 424.535(a)(11) contains an editorial error that makes the language of the proposed rule difficult to understand.

Response: Section 424.535(a) lists reasons for revocation of Medicare enrollment. § 424.535(a)(12) is one such reason—if a State has terminated a provider from Medicaid, Medicare can terminate the provider from Medicare. We will reword the language in § 424.535(a)(12) to clarify the circumstances being addressed.

4. Final Provisions for Additional Medicare Provider Enrollment

This final rule with comment period finalizes the provisions of the proposed rule in regards to our discretion to revoke a provider or supplier's Medicare billing privileges when terminated, revoked or suspended by a State Medicaid agency with no modifications.

H. Technical and General Comments

Comment: A commenter stated that the definition of “provider of services” in section 1861(u) of the Act and “supplier” in section 1861(d) of the Act differs from the meaning of “provider of services” and “supplier,” respectively, in the proposed rule. The commenter also was unclear as to whether the proposed rule's references to “providers” refer to “provider of services.” The commenter requested clarification on both issues.

Response: The proposed rule stated that in Medicare, the term provider of services under section 1861(u) of the Act means health care entities that furnish services primarily payable under Part A of Medicare, such as hospitals, home health agencies (including home health agencies providing services under Part B), hospices, and skilled nursing facilities. The term “suppliers” defined in section 1861(d) of the Act refers to health care entities that furnish services primarily payable under Part B of Medicare, such as independent diagnostic testing facilities (IDTFs), durable medical equipment prosthetics, orthotics, and supplies (DMEPOS) suppliers, and eligible professionals, which refers to health care suppliers who are individuals, that is, physicians and the other professionals listed in section 1848(k)(3)(B) of the Act. For Medicaid and CHIP, we use the terms “providers” or “Medicaid providers” or “CHIP providers” when referring to all Medicaid or CHIP health care providers, including individual practitioners, institutional providers, and providers of medical equipment or goods related to care. The term “supplier” has no meaning in the Medicaid program or CHIP.

Comment: A commenter suggested that to avoid misinterpretation, non-physician practitioners should be clearly defined in the final rule with comment period.

Response: The proposed and final rule with comment period refer to non-physician practitioners to mean any non-physician practitioner who is eligible to enroll in Medicare, Medicaid or CHIP under existing regulations and statutes. In addition, this term is already defined at section 1848(b)(18)(C) of the Act.

Comment: A commenter stated that with the issuance of CMS-1510-F on November 2, 2010, CMS should renumber the denial and revocation reasons found in this proposed rule. In CMS-1510-F, CMS finalized a new denial reason in § 424.530(a)(8) and a new revocation reason in § 424.535(a)(12).

Response: We have revised these provisions in the regulatory text.

Comment: A commenter stated that CMS violated section 6(a) of Executive Order 12866 by not giving the public a 60 day review period for this rule and that CMS only allowed a 55 day review period. The commenter also could not Start Printed Page 5947find a CMS Press Release or information on the CMS Web site indicating that CMS notified the public that it placed this rule on display and began the public comment period in advance of the publication of the proposed rule in the Federal Register. The commenter recommended that CMS reissue a new proposed rule or extend the comment period for this proposed rule by additional 60 days.

Response: The Department of Health and Human Services released a press release on September 20, 2010 accessible on its Web site that announced the display of the proposed rule at the Federal Register. The press release is accessible at: http://www.hhs.gov/​news/​press/​2010pres/​09/​20100920e.html. Additional media outlets reported the proposed rule display on September 17th, 2010. We do not believe it is appropriate to extend the comment period for an additional 60 days, and we have taken into account all comments received during the comment period.

Comment: Several commenters stated that the proposed timeframe for implementation and compliance is extremely aggressive. First, smaller, rural providers and suppliers may not be organizationally able to fully comply without significant cost and effort, thus impacting access to care. Second, the DME MACs and the NSC will have to be able to identify suppliers and implement payment edits, both by specialty code.

Response: As stated previously, the timeline is a required under the ACA. We have been working closely with our contractors and with providers and suppliers to ensure that compliance with this final rule with comment period will not affect patients' access to health care.

Comment: Several commenters stated that the implementation timetables for this proposed rule were too ambitious, and that sufficient lead time is necessary for CMS to have operational computer programs in place to administer these requirements correctly and consistently.

Response: This final rule with comment period is implementing provisions of the ACA which sets forth deadlines for implementation of the screening provisions.

Comment: A commenter stated that in its manual instructions, CMS describes the verification of legalized status for physicians and non-physician practitioners. However, the commenter stated that the proposed rule is silent regarding the verification or screening process that will be used to determine legal status of an owner, authorized official, delegated official, managing employee, physician or non-physician. The commenter recommended that CMS explain this process in the proposed rule. Another commenter urged CMS to revise its existing CMS-855 enrollment applications to include questions on residency, legal status, and/or citizenship, arguing that this would help reduce fraud.

Response: Information collected on the CMS-855 enrollment applications are used to verify residency, including the Social Security Number and the Date of Birth. This process is a part of the general screening process, and is applied to all screening levels, including limited.

Comment: A commenter stated that since illegal immigrants are not legally authorized to work in the United States or own or operate a business in the United States, CMS should: (1) Coordinate and verify both the identity and work status of any individual practitioner or owner with the United States Citizenship and Immigration Services, and (2) establish new Medicare, Medicaid and CHIP denial and revocation reasons when an individual is not authorized to work in the United States legally and that CMS refer any individuals to the appropriate authorities for expulsion from the United States.

Response: As stated previously, we have existing procedures in place that verify an applicant's eligibility to work in the United States.

Comment: One commenter recommended that CMS furnish the number of providers and suppliers by specialty type that have or do not have an enrollment record in PECOS. This will, the commenter believes, help clarify the impact of this rule on providers and suppliers.

Response: This final rule with comment period does not impact the enrollment requirements related to PECOS for providers and suppliers. In May of 2010, we published CMS—6010-IFC which required all physicians and eligible professionals who order and refer home health services or Part B items and services (excluding Part B drugs) to Medicare to be enrolled in PECOS. Additional communications have been published with regard to that interim final rule with comment period, and do not impact the provisions finalized here. This final rule with comment period established the screening requirements for providers under Medicare, Medicaid and CHIP, and application fees for newly enrolling or revalidating providers. All newly enrolling or revalidating providers must establish records in PECOS as this is the only available enrollment option at this time.

Comment: A commenter stated that Medicare, Medicaid and CHIP must work in tandem to assure compliance, so that bad actors cannot move from one program to another and shelter themselves through the lack of coordinated data, standards, information and enforcement.

Response: We concur with this comment. This final rule with comment period implements the ACA provision that requires State Medicaid Agencies, to terminate a provider when a provider has been terminated by Medicare added at § 455.416. This final rule with comment period also implements regulations at § 455.470 that authorizes State Medicaid agencies to impose a temporary moratoria when Medicare imposes such a moratoria, except when the State Medicaid agency determines an imposition would affect beneficiaries' access. These provisions are directly aimed at eliminating the type of program abuses addressed by the commenter.

Comment: A commenter stated that despite the additional burdens it will create, it supported the proposed rule because there is no alternative. The commenter stated that if fraud, abuse and waste are not eliminated and quality improvement is not made central to home health and hospice, it feared for the future of home-based care when it is needed most.

Response: We agree with the commenter. We believe that these provisions are intended to protect the integrity of these programs for future generations.

Comment: A commenter suggested that CMS should change its contractors' claims processing system to a system similar to that used by credit card companies. This will help ensure that fraud and abuse can be detected in real time, rather than later.

Response: We are continually exploring additional improvements to our data systems, but disagree with the commenter's suggestion that we must change all of our contractors systems to implement real time data analysis. We are committed to working with both private and public partners to evaluate technologies that can provide the scalability and safeguards to beneficiary access that are necessary to ensure accurate payments to legitimate providers for appropriate services supplied to enrolled beneficiaries.

Comment: A commenter stated that CMS should establish a new requirement that organized medical staffs and hospitals report the provision of (but not the results of) peer review as Start Printed Page 5948a quality indicator, and that CMS should post the quality indicator for each hospital department on its Hospital Compare Web site, together with an explanation of the importance of peer review to assure patient safety, quality, and identification of medically unnecessary services.

Response: This comment is beyond the scope of this rule. This final rule with comment period does not address the reporting of quality indicators or the Hospital Compare Web site.

Comment: A commenter stated that MACs should no longer accept certain CPT codes for laboratory test payments.

Response: This comment is beyond the scope of this rule. This final rule with comment period does not address our coverage and payment decisions for CPT codes.

Comment: A commenter stated that CMS should consider bidding out laboratory coding to a contractor, similar to the manner in which the PDAC operates for DME coding.

Response: This comment is beyond the scope of this rule. This final rule with comment period does not address the bidding of laboratory coding to a contractor.

Comment: A commenter expressed support for many of the details and provisions contained within the proposed rule and requested that CMS continue to seek input from all stakeholders about matters related to hospitals and health systems.

Response: We concur with the commenter's request to continue to seek input from all stakeholders, and fully intend to do so in regard to the requirements of this final rule with comment, as well as annual payment regulations.

Comment: A commenter expressed concern that anti-fraud laws and regulations, adopted to root out unscrupulous activity resulting from criminal intent, are increasingly used to impose harsh penalties for inadvertent mistakes and contribute to the escalating costs of health care as providers attempt to comply with increasingly voluminous and sophisticated systems and requirements.

Response: We continually balance the necessity to eliminate fraud, waste, and abuse with reducing the burden on legitimate providers, suppliers, and beneficiaries. Section 6401 of the ACA requires that the Secretary determine the level of screening according to the risk of fraud, waste, and abuse. This final rule with comment period implements this provision by instituting levels of screening based on risk of fraud, waste, and abuse, and has the flexibility to adapt to future developments by adjusting the categories as appropriate. We will use this new authority to prevent just such situations as described by the commenter, and will reduce the burden on legitimate providers who may make mistakes, and target fraud prevention resources appropriately.

Comment: A commenter stated that serial number tracking should be considered for much of the equipment provided by DMEPOS suppliers, similar to the Vehicle Identifier Number (VIN) system used in the transportation manufacturing industry.

Response: While we appreciate this comment, it appears to be outside the scope of this rule. Also, this comment would require a thorough evaluation of the cost of such a requirement on DMEPOS suppliers, the access issues it could potentially cause to beneficiaries if we mandated that only serial numbered equipment must be provided to beneficiaries, the additional system requirements that we would need to enhance to track such equipment, and the estimated benefit from such a requirement.

Comment: A commenter stated that the fight against health care fraud would be bolstered if Medicare, Medicaid and private insurers would share information about providers' enrollment and billing patterns. The commenter therefore recommended that CMS: (1) Revise its regulations and the CMS-855 to collect information about all other health care payers, and (2) share the information it collects via the enrollment and payment process with private payers, Medicaid, and Medicare Advantage Organizations.

Response: We would have to carefully evaluate the commenter's proposal. We must go through notice of rulemaking and comment period before revising any regulation. Additionally, we would have to carefully consider the privacy issues that accompany increased data sharing, especially with private payers, and weigh the potential concerns of providers and suppliers with the expected benefit of such a measure. However, we have been working closely with private and public partners regarding strategies to effectively work together to have a broad view of the health care claim landscape, and will continue to evaluate opportunities to collaborate on the improved detection of health care fraud.

Comment: A commenter urged CMS to consider ways to enhance Medicare CoPs for home health and hospice providers to achieve more lasting changes. The commenter stated that CMS withdrew the proposed CoPs changes for home health in 1997 and has not taken further action. The commenter recommended that CMS consult with provider groups to revise and finalize the CoPs for home health as quickly as possible.

Response: This comment is outside of the scope of the final rule with comment period.

Comment: A commenter recommended that CMS: (1) Provide the direct savings that have resulted from provider screening activities between 2000 and 2010, (2) calculate the savings to the Medicare Trust Funds and the General Fund based on this proposed rule, and (3) explain whether the estimated savings will result in fewer actual dollars spent on health care or whether the changes proposed will only slow the expenditure growth.

Response: We believe that all of the agency's program integrity activities have resulted in savings to the Trust Fund and the General Fund. We are not required to report a return on investment regarding historical screening initiatives, or project savings regarding the statutory requirements. The fact that we have in the past denied any application means that we have prevented an unqualified provider or supplier from providing services and/or care to Medicare beneficiaries that could have resulted in physical harm or financial loss to such a beneficiary.

Comment: One commenter stated that this proposed rule will be ineffective in halting fraud because it is reactive, and it is impossible for any government entity to react in a timely manner.

Response: We disagree with the comment that the new authorities in this final rule with comment period are reactive. Particularly, the screening requirements for newly enrolling providers which will proactively prevent individuals from entering the Medicare, Medicaid and CHIP programs for the sole purpose of defrauding taxpayers. Temporary moratoria will also permit the agency to develop a strategy to mitigate the risk of fraud while stopping the pace of potentially fraudulent enrolling providers. We believe these new tools will enable us to become a more proactive gatekeeper of the Medicare Trust Fund.

Comment: A commenter recommended that all providers and suppliers be subject to the provisions associated with section 6401(a)(3) of the ACA.

Response: This comment is outside of the scope of this final rule with comment period.

Comment: A commenter contended that CMS's statement in the preamble that Medicare is the primary payer of health care for 45 million enrolled Start Printed Page 5949beneficiaries is incorrect. The correct number should be more than 47 million. The commenter also recommended that CMS provide the number of Medicare beneficiaries that are enrolled in Medicare Advantage plans.

Response: We will address this correction in the preamble. The provisions of this final rule with comment period do not apply to Medicare Advantage plans, so the number of Medicare Advantage-enrolled beneficiaries would not be relevant to the preamble.

Comment: A commenter questioned whether CMS could implement the provisions of this proposed rule when information on its provider enrollment Web site is not regularly updated.

Response: We are implementing provisions of this proposed rule, and are working with the provider community in various outlets, including its provider Web site. The provider enrollment Web site will reflect the requirements of this final rule with comment period.

Comment: Several commenters stated that the Federal and State programs will be more efficient if they recognize another program's enrollment determinations, decisions to suspend payments, and imposition of moratoria. To handle the complexity and coordination of monitoring participation and appropriately suspending payments or terminating contracts with providers and suppliers, the commenter recommended CMS develop and maintain a central, consolidated database for housing participation status, suspension of payments and imposed moratoria for all three programs. The commenters stated that CMS should also strengthen and expand efforts to coordinate data sharing between government health programs across the various Federal agencies, as well sharing of information with MAOs, MCOs and CHIP sponsors.

Response: We agree with the previous comment that we should seek to become more efficient by sharing screening determinations, decisions to suspend payments and imposition of enrollment moratoria to the extent possible under applicable laws. We are continually evaluating and strengthening efforts to coordinate data sharing between health programs across various agencies.

Comment: A commenter stated that regulators and industry need to work together to minimize the impact of sham companies and other instances of fraud, and that this proposed regulation is a step in the right direction.

Response: We agree with this comment.

III. Collection of Information Requirements

Under the Paperwork Reduction Act of 1995, we are required to provide 60-day notice in the Federal Register and solicit public comment before a collection of information requirement is submitted to the Office of Management and Budget (OMB) for review and approval. In order to fairly evaluate whether an information collection should be approved by OMB, section 3506(c)(2)(A) of the Paperwork Reduction Act of 1995 requires that we solicit comment on the following issues:

  • The need for the information collection and its usefulness in carrying out the proper functions of our agency.
  • The accuracy of our estimate of the information collection burden.
  • The quality, utility, and clarity of the information to be collected.
  • Recommendations to minimize the information collection burden on the affected public, including automated collection techniques.

We solicited public comment on each of these issues for the following sections of this document that contain information collection requirements (ICRs):

For this final rule with comment period, we will be retaining the Collection of Information estimates in the proposed rule, in accordance with the discussion below.

A. ICRs Regarding Medicare Application Fee Hardship Exception (§ 424.514)

Section 424.514(e) states that a provider or supplier that believes it has a hardship that justifies a waiver exception of the application fee must include with its enrollment application a letter that describes the hardship and why the hardship justifies a waiver exception. The burden associated with this requirement is the time and effort necessary to submit a Medicare enrollment application, which is required currently of any individual or entity enrolling in Medicare. In addition to the enrollment application, a provider or supplier would have the new burden of drafting and submitting a letter to justify its hardship waiver request should it choose to submit one. The burden associated with submitting Medicare enrollment applications A, B, I, R and CMS-855S, are currently approved under Office of Management and Budget (OMB) control numbers 0938-0685 and 0938-1057, respectively). Although we have no way of knowing for certain how many entities will actually submit an application with a letter requesting a waiver, we know that there are likely to be more such requests in the early years of implementation than in later years. We estimated that in the first year, 12,000 providers or suppliers—or slightly over 50 percent of the total number of providers and suppliers that we believe will be subject to the application fee—will submit waiver request letters as part of their application packages. (As stated in the preamble, the application fee does not apply to individual eligible professionals nor to group practices of these individual professionals.) We also estimated that it will take each provider or supplier 1 hour to develop the letter. The total estimated annual burden associated with this requirement is therefore 12,000 hours at a cost of $600,000, or $50.00 per waiver request.

B. ICRs Regarding Medicare Fingerprinting Requirement (§ 424.518)

Consistent with § 424.518 we will require the submission of a set of fingerprints—either electronically collected by CMS' authorized channeler or using the FD-258 standard fingerprint card obtained from the local law enforcement agency that collected the fingerprints—from all individuals who maintain a 5 percent or greater direct or indirect ownership interest in a prospective HHA or DMEPOS supplier that is enrolling in Medicare. We estimate that CMS or its designated contractors will make 7,000 such requests per year. This is predicated on our projection that—based on 2009 statistics—roughly 7,000 DMEPOS suppliers and HHAs will annually enroll in Medicare. For purposes of this ICR statement only, and to ensure that we do not underestimate the possible burden, we estimate that all of these providers and suppliers will be required to submit fingerprints. We further estimate that an average of five individuals per provider or supplier will be required to comply with this request. (It must be noted that for purposes of this ICR and the RIA below, we sought comments on whether the estimate of five individuals per applicant is accurate. No comments were received.) Additionally, we estimate that it will take each of the 35,000 respondents (7,000 provider requests × 5 respondents per provider request) an average of 2 hours to obtain and submit fingerprints. Consequently, the total estimated annual burden associated with this requirement is 70,000 hours (35,000 responses × 2 hours per response) at a cost of $3.5 million (70,000 hours × $50 per hour).

Sections 424.518(c)(3)(ii) and (iii) call for the submission of a set of fingerprints for a national background Start Printed Page 5950check from all individuals who maintain a 5 percent or greater direct or indirect ownership interest in a provider or supplier that has moved into the “high” risk category based on an adverse action or the lifting of a moratorium. The burden associated with this requirement is the time and effort necessary for the individual to submit the required information upon request. We estimate that CMS or its designated contractors will make 2,000 requests per year. This is based on the number of providers and suppliers that we estimate will attempt to enroll in Medicare: (1) After the lifting of a moratorium for their respective provider or supplier type, or (2) that have had one of the adverse actions in § 424.518(c)(3)(ii) imposed against it. This estimate of course, cannot be conclusively quantified because it is impossible for us to say with certainty which provider and supplier types will be subject to a moratorium. To ensure that we do not underestimate the potential burden, we also calculated projections should 5,000 or 10,000 requests be made.

We estimate that an average of five individuals per provider or supplier will be required to comply with this request. We further project that it will take each of the 10,000 respondents (2,000 provider or suppliers requests × 5 respondents per provider or supplier request) an average of 2 hours to obtain and submit the fingerprints. The estimated annual burden associated with this requirement, based on 2,000 requests is 20,000 hours (10,000 respondents × 1 response per respondent × 2 hours per response) at a cost of $1 million (20,000 hours × $50 per hour). If 5,000 requests are made, the burden is 50,000 hours at a cost of $2.5 million (5,000 requests × 5 responses per request × 2 hours per response × $50 per hour.) If 10,000 requests are made, the burden is 100,000 hours at a cost of $5 million (10,000 requests × 5 responses per request × 2 hours per response × $50 per hour).[6]

In addition, there are some limited circumstances when CMS could ask a physician to submit fingerprints. For example, a provider or supplier that is being enrolled in Medicare after the lifting of a temporary moratorium could automatically be classified as “high” risk and, as such, would be subject to criminal background checks and fingerprinting of owners of the company. If a physician were to have a 5 percent or greater direct or indirect ownership interest in the provider or supplier, CMS would have the authority to request fingerprints from him or her. Other circumstances might include when a physician has had an adverse action imposed against him or her and, in accordance with § 424.518(c)(3)(ii), has been placed in the “high” risk category. We estimate that CMS or its designated contractors will make 500 such requests for fingerprints per year. We further estimate that it will take each of the 500 respondents a total of 2 hours to obtain and submit the fingerprints. The total estimated annual burden associated with this requirement is 1,000 hours (500 respondents × 1 response per respondent × 2 hours per response) at a cost of $50,000 (1,000 hours × $50 per hour).

Therefore, assuming that 2,000 post-moratorium requests for fingerprints are made, the total estimated annual burden associated with the Medicare requirements in this ICR is 103,000 hours at a cost of $5,150,000. If 5,000 post-moratorium requests are made, the estimated annual burden is 133,000 hours at a cost of $6,650,000. If 10,000 post-moratorium requests are made, the estimated annual burden is 183,000 hours at a cost of $9,150,000.

Comment: In the collection of information requirements section of this proposed rule, CMS used 2009 statistics for estimating the number of individuals that will need to undergo fingerprinting. A commenter recommended that CMS update these estimates using 2010 data.

Response: We believe it is more appropriate to use the most recent full year's data.

Comment: A commenter contended that CMS's estimate that it will take 2 hours to obtain a set of fingerprints using the FD-258 standard fingerprint card seems low. The commenter recommended that CMS provide the analysis used, including literature review, to estimate the time it will take to obtain a set of fingerprints using the FD-258 fingerprint card. The commenter also asked that CMS explain whether there are any alternatives to the FD-258 standard fingerprint card and, if there are, the costs associated with these alternatives.

Response: We believe that the 2 hour figure, which was based on our analysis of a number of materials, is accurate. Since the FD-258 is the standard fingerprint card, we focused primarily on the use of this format in the proposed rule. However, as explained in the preamble to this final rule with comment period, electronic fingerprints will be an alternative—and one that we will encourage—to the FD-258.

C. ICRs Regarding Medicaid Fingerprinting Requirement (§ 455.434)

Section 455.434 states that when a State Medicaid agency determines that a provider is “high” risk, the State Medicaid agency will require that provider to submit fingerprints. We anticipate that States will be collecting fingerprints on a significantly smaller number of providers. However, as with our estimates of the potential burden for the Medicare requirements, we preferred to overestimate the potential burden rather than underestimate it. Therefore, we anticipate that States may require an additional 26,000 individuals to submit fingerprints prior to enrolling in a State's Medicaid program or CHIP. The total estimated annual burden associated with this requirement for Medicaid and CHIP is 52,000 hours (26,000 respondents × 1 response per respondent × 2 hours per response) at a cost of $2.6 million (52,000 hours × $50 per hour).

D. ICRs Regarding Suspension of Payments in Cases of Fraud or Willful Misrepresentation (§ 455.23)

As stated in § 455.23(a), a State Medicaid agency must suspend all Medicaid payments to a provider when there is pending an investigation of a credible allegation of fraud under the Medicaid program against an individual or entity unless it has good cause to not suspend payments or to suspend payment only in part. The State Medicaid agency may suspend payments without first notifying the provider of its intention to suspend such payments. A provider may request, and must be granted, administrative review where State law so requires.

The burden associated with this requirement is the time and effort necessary for a provider to request administrative review where State law so requires. While this requirement is subject to the PRA, we believe the associated burden is exempt in accordance with 5 CFR 1320.4.

E. ICRs Regarding Collection of SSNs and DOBs for Medicaid and CHIP Providers (§ 455.104)

As stated in § 455.104(b)(1), the State Medicaid agency must require that all persons with an ownership or control interest in a provider submit their SSN and DOB. The burden associated with the Medicaid requirements in § 455.104(b)(1) is the time and effort necessary for a provider to report the SSN and DOB for all persons with an ownership or control interest in a provider.

Although our data on Medicaid provider enrollment at the national level Start Printed Page 5951is very limited, we do collect annual data on State Medicaid program integrity activities. This annual data collection, known as the State Program Integrity Assessment (SPIA) program, approved under OCN 0938-1033, consists of self-reported data by States regarding a variety of program integrity related activities. The information is self-reported and has not been independently verified by CMS, and it undoubtedly represents some unknown degree of duplication among providers across States. Consequently, the estimated number of Medicaid providers nationally is likely overstated.

According to SPIA data for FFYs 2007 and 2008, there has been an average of 1,855,070 existing Medicaid providers nationally over the 2 year period of FFY 2007 and FFY 2008. We estimate that one-fifth or 371,014 (1,855,070 × 20 percent) of existing Medicaid providers would be required to re-enroll each year. Additionally, we estimate that there will be 56,250 newly enrolling Medicaid providers each year, for a total of 427,264 Medicaid providers that will be subject to the SSN and DOB reporting requirements each year. We further estimate that it will take each provider an average of 2 minutes to report the SSN and DOB for all persons with an ownership or control interest. Thus, the estimated annual burden associated with this requirement for Medicaid providers is 14,242 hours (427,264 × (2 minutes, divided by 60 minutes per hour)) at a cost of $712,100 (14,242 hours × $50 per hour).

F. ICRs Regarding Site Visits for Medicaid-Only or CHIP-Only Providers (§ 455.450)

As stated in § 455.450(b), a State Medicaid agency must conduct on-site visits for providers it determines to be “moderate” or “high” categorical risk. We anticipate that Medicare contractors will perform the screening activities for the overwhelming majority of providers that are dually enrolled in both Medicare and Medicaid and thus, we estimate that State Medicaid agencies will conduct approximately 5,000 site visits for Medicaid-only providers nationally per year. We further estimate that it will take one individual 8 hours to perform each on-site visit (including travel time). Thus, the total estimated annual burden associated with this requirement for Medicaid is 40,000 hours (5,000 site visits × 8 hours) at a cost of $2,000,000 (40,000 hours × $50 per hour).

G. ICRs Regarding the Rescreening of Medicaid Providers Every 5 Years (§ 455.414)

As stated in § 455.414, a State Medicaid agency must screen all providers at least every 5 years. This requirement is consistent with the Medicare requirement that providers, suppliers, and eligible professionals must re-enroll at least every 5 years (more often for certain types of suppliers). The burden associated with this requirement would be the time and effort necessary for Medicaid-only providers to re-enroll in Medicaid, and the time and effort necessary for a State to conduct the provider screening,

Although our data on Medicaid provider enrollment at the national level is very limited, we do collect annual data on State Medicaid program integrity activities. As previously explained, this annual data collection, known as the State Program Integrity Assessment (SPIA) program, consists of self-reported data by States regarding a variety of program integrity related activities. The information is self-reported and has not been independently verified by CMS, and it undoubtedly represents some unknown degree of duplication among providers across States. Consequently, the estimated number of Medicaid providers nationally is likely overstated.

According to SPIA data for FFYs 2007 and 2008, there has been an average of 1,855,070 existing Medicaid providers nationally over the 2 year period of FFY 2007 and FFY 2008. We estimate that one fifth, or 371,014 (1,855,070 × 20 percent), of existing Medicaid providers would be required to re-enroll each year. Although provider enrollment requirements vary by State, we further estimate that it will take each provider an average of 2 hours to complete the Medicaid re-enrollment requirements. Thus, the estimated annual burden associated with this requirement for Medicaid providers is 742,028 hours (371,014 responses × 2 hours per response) at a cost of $37,101,400 (742,028 hours × $50 per hour).

In addition, we estimate that 80 percent of Medicaid providers also participate in Medicare, and thus would have provider screening activities performed by the Medicare contractors. Thus, we estimate that States would be required to conduct provider screening activities for 74,203 (371,014 × 20 percent) re-enrolling Medicaid-only providers each year. We further estimate that it will take States, on average, 4 hours to perform the required provider screening activities—noting that currently enrolled providers would generally be categorized as lower risk than newly-enrolling providers. The estimated burden associated with this requirement for State Medicaid agencies is 296,812 hours (74,203 responses × 4 hours per response) at a cost of $14,840,600 (296,812 hours × $50 per hour). We believe that the burden on States will be in large part offset by the application fees collected and by the Federal share for the amounts not covered by the application fee.

The total estimate annual burden associated with the Medicaid prescreening requirement is 1,038,840 hours at a cost of $51,942,000 ($37,101,400 + $14,840,600).

Table 10—Estimated Annual Reporting/Recordkeeping Burden

Regulation section(s)OMB Control No.RespondentsResponsesBurden per response (hours)Total annual burden (hours)Hourly labor cost of reporting ($)Total labor cost of reporting ($)Total capital/ maintenance costs ($)Total cost ($)
§ 424.514(e)**0938-0685; 0938-105712,00012,000112,00050600,0000600,000
§ 424.518(c)(2)(b) and (d)0938-New35,00035,000270,000503,500,00003,500,000
§ 424.518(c)(3)(iv) and (d)0938-New10,50010,500221,000501,050,00001,050,000
§ 455.4340938-New26,00026,000252,000502,600,00002,600,000
§ 455.1040938-New427,264427,264.03314,24250712,1000712,100
§ 455.4500938-New50005000840,000502,000,00002,000,000
§ 455.414 (Providers)0938-New371,014371,0142742,0285037,101,400037,101,400
§ 455.414 (State Medicaid Agencies)0938-New74,20374,2034296,8125014,840,60014,840,600
Start Printed Page 5952
Total960,981960,9811,248,08262,404,100
** Denotes that we will be submitting revisions of the currently approved information collection requests for OMB review and approval.

Comment: A commenter requested clarification on whether the dollar figure of $62 million in Table 6 of the proposed rule (entitled “Estimated Annual Reporting/Recordkeeping Burden”) is the cost shared by the Federal Medicare programs as well as all of the State Medicaid agencies collectively.

Response: It includes Medicare costs, and those of the State Medicaid agencies.

IV. Response to Comments

Because of the large number of public comments we normally receive on Federal Register documents, we are not able to acknowledge or respond to them individually. We will consider all comments we receive by the date and time specified in the “DATES” section of this preamble, and, when we proceed with a subsequent document, we will respond to the comments in the preamble to that document.

V. Regulatory Impact Analysis

A. Statement of Need

This final rule with comment period is needed to implement the following provisions of the ACA: (1) Section 6401(a) and section 6401(b) of the ACA added section 1866(j)(2) to the Act and requires the establishment of screening procedures for providers and suppliers in the Medicare, Medicaid and CHIP programs; (2) section 6401(a) of the ACA added section 1866(j)(2)(C) to the Act and requires the establishment of application fees for institutional providers and suppliers; (3) section 6401(a) of the ACA added a new section 1866(j)(7) to the act establishing the use of temporary moratoria regarding the enrollment of providers and suppliers in Medicare, and section 6401(b)(1) of the ACA added a new section 1902(kk)(4) of the Act for a parallel requirement in the Medicaid and CHIP programs; (4) section 6501 of the ACA added section 1902(a)(39) to the Act establishing guidance for States regarding the termination of providers from Medicaid and CHIP if terminated by Medicare or another Medicaid State plan or CHIP; and permitting guidance regarding the termination of providers and suppliers from Medicare if terminated by a Medicaid State agency; and (5) Section 6402(h) of the ACA added 1862(o) to the Act establishing the requirements for the suspension of payments pending credible allegations of fraud in the Medicare and Medicaid programs. As previously explained, we believe these provisions are necessary to assist us in preventing fraud, waste and abuse in the Medicare, Medicaid and CHIP programs.

B. Overall Impact

We have examined the impact of this rule as required by Executive Order 12866 on Regulatory Planning and Review (September 1993), the Regulatory Flexibility Act (RFA) (September 19, 1980, Pub. L. 96-354), section 1102(b) of the Social Security Act, section 202 of the Unfunded Mandates Reform Act of 1995 (Pub. L. 104-4), Executive Order 13132 on Federalism (August 4, 1999), and the Congressional Review Act (U.S.C. 804(s)).

Executive Order 12866 directs agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts; and equity). A regulatory impact analysis (RIA) must be prepared for rules with economically significant effects ($100 million or more in any 1 year). This final rule with comment period does reach the economic threshold and thus is considered an economically significant rule.

The RFA requires agencies to analyze options for regulatory relief for small businesses. Under the RFA, we must either prepare an Initial Regulatory Flexibility Analysis or certify that the final rule with comment period will not have a significant impact on a substantial number of small entities. For purposes of the RFA, small entities include small businesses, nonprofit organizations, and government agencies. Most hospitals and most other providers and suppliers are small entities, either by nonprofit status or by having revenues of less than $7.0 to $34.5 million (depending on provider type) in any one year. Individuals and States are not included in the definition of a small entity. We do not believe that our application fees will have a significant impact on any small entities. Likewise, we do not believe that other screening provisions, such as the provision of fingerprints or accommodating unannounced visits, will have a significant impact on any small entities. We believe this final rule with comment period could have significant impact on a relatively small proportion of small businesses in terms of restrictions on federal health monies paid to small businesses participating in the Medicare or Medicaid programs or CHIP. Clearly, imposition of an enrollment moratorium would have an impact on a small business that is attempting to do business with any of the Federal health programs. Similarly, suspension of payments to any small entity could create a significant impact on that entity. However, we have no basis for estimating how many entities might be affected by these provisions. Finally, we believe that this final rule with comment period will reduce fraud and abuse among potential providers.

We believe there will be a significant impact on their ability to defraud the taxpayer in several ways. First, closer screening of certain high-risk providers and suppliers will better enable CMS to detect those individuals and entities that pose a risk to the Medicare program. We expect that the prevention of unqualified providers and suppliers from enrolling in Medicare will protect the Medicare Trust Fund and save the taxpayers millions of dollars. Second, the temporary moratoria provisions will enable CMS to restrict the entry of certain providers and suppliers into Medicare in order to prevent or combat fraud, waste, and abuse, thus, again, saving millions of Federal dollars. While we cannot quantify with exactitude the amount of money that the Medicare program will save as a result of these measures, we do believe that the figure will exceed the costs outlined in this RIA. We solicited comment on the overall proposed screening processes of the proposed rule, including how the risk of fraud is determined, the administrative Start Printed Page 5953interventions proposed to address the risk, and the criteria for exceptions to the enrollment application fee and any temporary enrollment moratoria. We requested that small businesses comment on these provisions and offer suggestions about how to mitigate what they might see as adverse administrative or financial impacts. This RIA, taken together with the remainder of the preamble, constitutes an Initial Regulatory Flexibility Analysis under the RFA.

In addition, section 1102(b) of the Act requires us to prepare a regulatory impact analysis if a rule may have a significant impact on the operations of a substantial number of small rural hospitals. This analysis must conform to the provisions of section 604 of the RFA. For purposes of section 1102(b) of the Act, we define a small rural hospital as a hospital that is located outside of a Metropolitan Statistical Area and has fewer than 100 beds. We did not prepare an analysis for section 1102(b) of the Act because we have determined that this final rule with comment period will not have a significant impact on the operations of a substantial number of small rural hospitals.

Section 202 of the Unfunded Mandates Reform Act of 1995 also requires that agencies assess anticipated costs and benefits before issuing any rule that may result in expenditure in any 1 year by State, local, or tribal governments, in the aggregate, or by the private sector, of $135 million. This rule does mandate expenditures by State and local governments, in order to enforce the Medicaid-related provisions, but we believe that those expenditures will be relatively minor. The mandated costs on providers—primarily for application fees—may approach or exceed the threshold for the private sector. Accordingly, this RIA constitutes the required assessment of costs and benefits under UMRA.

Executive Order 13132 establishes certain requirements that an agency must meet when it promulgates a proposed rule (and subsequent final rule) that imposes substantial direct requirement costs on State and local governments, preempts State law, or otherwise has Federalism implications. Since this final rule with comment period would not impose any substantial direct requirement costs on State or local governments, preempt State law, or otherwise have Federalism implication, the requirements of E.O. 13132 are not applicable.

We received several comments on the RIA. They are as follows:

Comment: A commenter noted that, under the proposed rule, Medicare contractors will not begin processing an enrollment application until the application fee is received and credited to the United States Treasury. The commenter recommended that CMS estimate the increase in enrollment application processing times due to the fee requirement and the impact this additional time will have on private sector.

Response: It is not possible to qualify the additional time, if any, that this requirement would have on processing times. Moreover, we do not believe that a minor delay in processing would result in any quantifiable and definable monetary cost to a particular provider.

Comment: Several commenters contended that CMS did not comply with section 6(a)(3)(C)(i) of Executive Order 12866. Specifically, CMS: (1) Did not include an assessment or quantification of benefits associated from this regulatory action; (2) the underlying analysis of the costs and benefits of potentially effective and reasonably feasible alternatives to the planned regulation; (3) explain why the planned regulatory action is preferable to the identified potential alternatives; (4) include any feasible alternatives to the planned screening process; (5) include alternatives to the payment suspension portions; (6) include the cost impact on health care providers due to increased processing times; (7) solicit comments on or consider the costs or benefits of reasonably feasible alternatives, such as assessing the application fee by NPI or TIN or assessing the risk based on as past experience with the Medicare program or other health plans; or (8) consider the Medicare error rate in determining the category of risk. The commenter stated that CMS should therefore not finalize the provisions of this proposed rule until a new proposed rule is published.

Response: The proposed rule and the final rule with comment period both contain a Regulatory Impact Analysis as required by Executive Order 12866. As explained in section IV.E. and throughout this final rule with comment period, we believe that this regulation will have a significant benefit by reducing the ability of potential providers to defraud taxpayers. The proposed rule solicited comments on the proposed screening categories, on the use of fingerprinting and other alternatives to identity verification, on the kind of documentation that must be submitted to assert a hardship exception to the application fee, an alternative definition of the term “resolution of an investigation,” on criteria that would justify the reclassification of a provider from one risk category to another, on the applicability of geography in the determination of a risk category, and on additional triggers that would move a provider into a different risk category.

We did not believe the use of NPIs or TINs in the assessment of the application fee was appropriate because the requirement to submit an enrollment application is separate from the requirement to have an NPI or a TIN. We believe that basing the fee on the submission of an application is most consistent with the statute. With respect to the Medicare error rate, an erroneously paid claim does not necessarily mean that the claim was fraudulently submitted. For this reason, we believe it would be improper to use it in our placement of providers into risk categories when there were other factors—including comprehensive studies of fraudulent behavior, such as OIG and GAO reports—that were more conclusive. We have solicited comments on proposals and potential alternatives, and have considered such comments in the development of this final rule with comment period.

Comment: A commenter stated that the proposed rule contained a number of internal inconsistencies between the preamble and regulation impact statement, such as: (1) use of 2.34 percent as the CPI in preamble and 3.0 percent as the CPI in the regulation impact section; (2) the lack of an “Alternatives Considered” section in the regulation impact section, and (3) a failure to account for the cost or impact of the additional off-cycle revalidations in the regulation impact section. The commenter recommended that CMS publish a new proposed rule.

Response: The use of 2.34 percent in the preamble was simply for illustrative purposes. Having said that we have revised the 3 percent figure to more accurately reflect actual and projected CPI-U statistics we have received. Specifically, the rates we used for 2011, 2012, 2013, 2014 and 2015 are, respectively, 1.0 percent, 2.0 percent, 2.0 percent, 2.0 percent and 2.0 percent. The figure for 2011 is based on data obtained from the Bureau of Labor Statistics, while the data for years 2012 through 2015 represent the estimated CPI-U figures offered in the Budget of the U.S. Government, Fiscal Year 2011. The CPI-U figures reflect the percentage change in the consumer price index for all urban consumers (all items; United States city average), for the 12-month period ending with June of the previous year. Moreover, we have added an “Alternative Considered” section to the RIA.

As stated previously, we solicited comments on multiple issues in the Start Printed Page 5954proposed rule. Additionally, we are implementing provisions of the ACA that had already outlined certain requirements for the regulations. The ACA, for example, required that we determine the level of screening to be conducted with respect to the category of provider or supplier, to require an application fee of $500 adjusted after 2010 for the consumer price index, and to suspend payments pending an investigation of credible allegations of fraud.

The RIA took into account the cost of revalidations beginning on March 25, 2011, prior to the date at which CMS could begin off-cycle validations under § 424.515(e), but the same date at which the new screening requirements will go into effect. Any provider validated after March 25, 2011 but before March 23, 2012 will not be subject to off-cycle revalidation and any provider that is revalidated will begin a new cycle of revalidation requirements. Therefore, any off-cycle revalidations that occur after March 23, 2012 will restart the revalidation cycle, and only DMEPOS suppliers who are on 3 year validations will be revalidated, in cycle, prior to the end of CY 2015. We believe the RIA is valid.

Comment: A commenter noted that, under the proposed rule, Medicare contractors will not begin processing an enrollment application until the application fee is received and credited to the United States Treasury. The commenter recommended that CMS estimate the increase in enrollment application processing times due to the fee requirement and the impact this additional time will have on private sector.

Response: It is not possible to qualify the additional time, if any, that this requirement would have on processing times. Moreover, we do not believe that a minor delay in processing would result in any quantifiable and definable monetary cost to a particular provider.

Comment: One commenter stated that the preamble of this proposed regulation uses 2.34 percent as the Consumer Price Index (CPI) for the application fee, while the regulatory impact section uses 3 percent as the CPI for the application fee. The commenter recommended that CMS: (1) Use the official percentage by the Bureau of Labor Statistics in calculating the change in application fee year by year, (2) explain if a negative CPI will result in a decrease in the application fee, and (3) use the actual CPI for 2010 in developing the final rule with comment period and establishing the application fee that must be paid by providers and suppliers in 2011.

Response: We agree and, as previously explained, have incorporated more accurate CPI-U rates into this final rule with comment period. A negative CPI would result in a fee decrease; however, the RIA projects a continued increase in the CPI.

Comment: A commenter noted that CMS states in the RIA that 400,000 providers and suppliers would need to revalidate their enrollment over a 5 year period. However, CMS excluded groups and clinics from the impact of the application fee. The commenter did not believe there are 400,000 providers and suppliers to revalidate, since a large number of providers and suppliers are designated as medical groups/clinics. The commenter recommended that CMS furnish a breakdown of the providers and suppliers that would be required to revalidate their enrollment in Medicare and adjust, if necessary, the amount collected via the application fee. The commenter also suggested that CMS provide the number of providers and suppliers by year that were subject to revalidation since 2006.

Response: We do not believe that a specific breakdown by provider type and year is necessary, and maintain our view that approximately 400,000 providers and suppliers will revalidate their enrollment over a 5 year period—even accounting for medical groups/clinics. This figure, admittedly, may be a little high, but we would prefer to overestimate the potential burden than underestimate it.

In light of these comments, we have revised our calculations based on new and more accurate CPI-U rates and have added an “Alternative Considered” section.

C. Anticipated Effects

1. Medicare

a. Enhanced Screening Procedures—Medicare

Based on statistics obtained from PECOS and our Medicare contractors, there are approximately 400,000 providers and suppliers currently enrolled in the Medicare program. (This does not include eligible professionals.) This figure includes ambulance service suppliers; ambulatory surgical centers; community mental health centers; comprehensive outpatient rehabilitation facilities; suppliers of DMEPOS; end-stage renal disease facilities; federally qualified health centers; histocompatibility laboratories; home health agencies; hospices; hospitals, including physician-owned specialty hospitals; critical access hospitals; independent clinical laboratories; independent diagnostic testing facilities; Indian health service facilities; mammography centers; mass immunizers (roster billers); medical groups/clinics, including single and multi-specialty clinics; organ procurement organizations; outpatient physical therapy/occupational therapy/speech pathology services; portable x-ray suppliers; skilled nursing facilities; radiation therapy centers; religious non-medical health care institutions; and rural health clinics. We note the following in section III. of this final rule with comment period:

  • Based on 2009 experience we estimated that there will be 7,000 DMEPOS suppliers and HHAs that will submit an application to become a new Medicare enrolled provider in 2011. We would require approximately 35,000 individuals (7,000 providers/suppliers x 5 individuals per applicant) to undergo fingerprinting to participate in the Medicare program as an owner of an HHA or supplier of DMEPOS. We have found that the cost of having a set (two prints) of fingerprints done through law enforcement is approximately $50.00 per individual. (This includes the time spent in obtaining the fingerprints.) The cost of this fingerprinting requirement would therefore be $1.75 million per year (35,000 individuals x $50).
  • We estimated that 10,000 individuals (2,000 providers or suppliers × 5 individuals per applicant) would undergo fingerprinting following the lifting of a moratorium on a particular provider or supplier type, at a cost of $500,000 per year (10,000 × $50). Should requests be made of 5,000 providers or suppliers, the annual figure would be $1,250,000 (5,000 × 5 individuals per applicant × $50). Should requests be made of 10,000 providers or suppliers, the annual figure would be $2.5 million (10,000 × 5 × $50).
  • We estimate that 500 physicians would undergo fingerprinting per year, at a cost of $25,000.

This results in a total cost of the fingerprinting requirement of $2,275,000 per year ($1,750,000 + $500,000 + $25,000), or $11,375,000 over 5 years. If 5,000 post-moratorium requests are made, the annual cost is $3,025,000, with a 5 year cost of $15,125,000. Should 10,000 post-moratorium requests be made, the annual cost is $4,275,000, with a 5 year cost of $21,375,000.

As we believe that 2,000 post-moratorium requests is the most likely scenario, we will hereafter use the $2,275,000 amount as the annual cost of this requirement. This results in an estimated 5 year cost of $11,375,000.Start Printed Page 5955

b. Application Fee—Medicare

The Secretary shall impose an application fee on each institutional provider. The amount of the fee is $500 per provider or supplier for 2010. For 2011 and each subsequent year, the fee amount will be determined by the statutorily required formula using the consumer price index for all urban consumers (CPI-U). The enrollment application fee does not apply to individual eligible professionals (for example, physicians). The fee is to be paid by institutional providers only. The new screening provisions are applicable to new and revalidating providers and suppliers effective March 25, 2011, and to currently enrolled providers and suppliers as of March 23, 2012. We will to begin collecting the enrollment application fee for new providers and suppliers and for currently enrolled providers revalidating enrollment effective March 25, 2011.

c. General Enrollment Framework

(1) New Enrollment

Medicare contractors report that over the last several years, approximately 32,000 is the annual number of newly enrolling providers and suppliers that would—without accounting for the possible granting of waivers—be subject to the enrollment application fee—(approximately 20,000 for Medicare Part B, approximately 7,000 DMEPOS suppliers and HHAs (as explained in the Collection of Information section), and approximately 5,000 non-HHA Medicare Part A providers).[7]

We assumed that no more than 2.5 percent of these 32,000 providers and suppliers—or 800—will receive a hardship exception; as indicated earlier, exceptions will only be approved infrequently.

In CY 2011, we reduced the estimate number of institutional providers subject to the application fee by 25 percent because the application fee will not begin until March 25, 2011. Accordingly, the number of institutional providers that we anticipate paying the application fee will be 23,400 (or 31,200 × .75) in CY 2011. Therefore, the impacts of the enrollment application fee are as follows. If we use 23,400 as the number of newly enrolling providers and suppliers in 2011 and multiply this number by an application fee of $505 (or $500 × 1.0 percent), we get $ 11,817,000 collected for the first year (that is, CY 2011). If we assume that the number of newly enrolling providers and suppliers will remain constant at 31,200 for years 2012 through 2015, the cost to the number of newly enrolling providers and suppliers would be $78,054,600. Although we have no way to predict that the number of new enrollments will change in future years, it is possible that the number of enrolling providers and suppliers vary from what has been the norm. If our estimate of the number of newly enrolling providers is inaccurate and we enroll a different number of providers and suppliers after the effective date of the new screening and other provisions contained in the ACA, we estimate based on the $500 enrollment application fee—a rough difference of $1 million for each increment of 2,000 new enrollments, whether fewer or greater.

Table 11—Cumulative Application Fees for Newly Enrolling Medicare Providers and Suppliers for the First 5 Years of the Provision

Calendar yearNewly enrolling institutional providers and suppliersNewly enrolling institutional providers and suppliers paying the application fee (based on a 2.5% hardship exception rate)CPI-U increase (%)Consumer price index adjusted fee in dollars *Total fees for each year in dollarsCumulative fees in dollars
201124,00023,4001.050511,817,00011,817,000
201232,00031,2002.051516,068,00027,885,000
201332,00031,2002.052516,380,00044,265,000
201432,00031,2002.053616,723,20060,988,200
201532,00031,2002.054717,066,40078,054,600
Total78,054,60078,054,600
* As already mentioned, section 6401(a)(3) of the ACA called for a $500 application fee for institutional providers in 2010. Since the effective date of this final rule with comment period is March 25, 2011, we have added a 1.0 percent increase to the $500 fee for 2011. Moreover, each fee amount in this category was rounded up to the nearest dollar.

(2) Revalidation

There are approximately 100,000 currently enrolled suppliers of DMEPOS who are required to revalidate their enrollment every 3 years and 300,000 additional providers and suppliers that do not provide DMEPOS that are required to revalidate their enrollment every 5 years. On a yearly basis, we estimate that approximately 33,000 DMEPOS suppliers (one-third of the total) and 60,000 other, non-DMEPOS providers/suppliers (one-fifth of the total) would revalidate their enrollment in Medicare, for an annual total of 93,000. Since, as explained earlier, we estimate that no more than 2.5 percent of these providers and suppliers will receive a waiver from the application fee, we project that 90,675 such providers and suppliers will be subject to the fee.

This final rule with comment period contemplates collecting the application fee for currently enrolled providers that revalidate their enrollment on or after March 25, 2011—almost 3 months into CY 2011. Therefore, we have adjusted the number of existing Medicare institutional providers subject to an application fee by 25 percent, from 90,675 to 68,006 (or 90,675 × .75) in CY 2011. With respect to the period between CY 2012 and 2015, it is possible that, as previously alluded to in the preamble, we may perform an elevated number of revalidations early in this 4-year timeframe—specifically, in CY 2012. This would be done Start Printed Page 5956pursuant to our authority under § 424.515(e) to require off-cycle revalidations. We cannot say for certain how many will be performed in CY 2012. For purposes of this RIA only, however, we will estimate that 111,000 will be conducted in CY 2012, with 87,000 performed in each of the remaining 3 years. Further accounting for projected annual CPI-U rate increases, we estimate that the cost associated with these fees for revalidating providers and suppliers would be approximately $226,477,505 over the first 5 years that the ACA provisions are in effect, as shown in Table 12.

Table 12—Cumulative Application Fees for Revalidating Medicare Providers and Suppliers for the First 5 Years of the Provision

Calendar yearRevalidating institutional providers and suppliersRevalidating institutional providers & suppliers paying application fee (based on 2.5% hardship exception rate)CPI-U increaseConsumer price index adjusted fee in dollarsTotal fees for each year (in dollars)Cumulative fees (in dollars)
201169,75068,0061.0%50534,343,03034,343,030
2012111,000108,2252.0%51555,735,87590,078,905
201387,00084,8252.0%52544,533,125134,612,030
201487,00084,8252.0%53645,466,200180,078,230
201587,00084,8252.0%54746,399,275226,477,505
Total226,477,505226,477,505

Therefore, we estimate that the total impact of the provisions for the application fee to be approximately $304,532,105 over the next 5 years. This number was approximated by adding the cumulative application fees for newly enrolling providers and suppliers ($78,054,600 as shown in Table 11) to the cumulative application fees for revalidating providers and suppliers ($226,477,505).

2. Medicaid

a. Enhanced Screening Procedures

Although our data on Medicaid provider enrollment at the national level is very limited, we do collect annual data on State Medicaid program integrity activities. This annual data collection, known as the State Program Integrity Assessment (SPIA) program, consists of self-reported data by States regarding a variety of program integrity related activities. The information is self-reported and has not been independently verified by CMS, and it undoubtedly represents some unknown degree of duplication among providers across States. Consequently, the estimated number of Medicaid providers nationally is likely overstated. According to SPIA data for FFYs 2007 and 2008, there has been an average of 1,855,070 existing Medicaid providers nationally over the 2-year period of FFY 2007 and FFY 2008. This universe of Medicaid providers includes all provider types, both institutional providers and individual practitioners. In the Medicare program, eligible practitioners make up approximately 70 percent of the total universe of providers, suppliers, and eligible practitioners. Because we do not have detailed information regarding the breakdown of Medicaid providers by type nationally, we will apply the same ratio to determine the percentage of institutional Medicaid providers. Therefore, we estimate that there are approximately 556,521 Medicaid-only providers nationally that are not individual practitioners.

We also estimate almost all CHIP providers are also Medicaid providers. So, for purposes of this section, we are considering CHIP providers to also be Medicaid providers and will subsequently refer to them only as Medicaid providers.

As previously stated in the Medicare section of the analysis, we estimated that we would require the following:

  • Approximately 35,000 individuals will undergo fingerprinting to enroll in the Medicare program as owners, of a home health agency or supplier of DMEPOS. Based on data collected as part of the State survey and certification activities for home health agencies, less than 1 percent of home health agencies are Medicaid-only. And, although there is no data available on the number of Medicaid-only suppliers of DMEPOS, we estimated that the number is minimal as well, as a number of States require suppliers of DMEPOS to be enrolled in Medicare prior to enrolling in Medicaid. Therefore, we estimated that States may require approximately 1,000 additional individuals with ownership interests in suppliers of DMEPOS or home health agencies, to undergo fingerprinting for enrollment in the Medicaid program. The cost of this fingerprinting requirement would be approximately $50,000 (1,000 × $50 = $50,000), though we solicited comments on the accuracy of this figure.
  • We anticipated that Medicare contractors will perform the screening activities for the overwhelming majority of providers following the lifting of a Secretary-imposed temporary moratorium and for the limited circumstances in which physicians may be fingerprinted. However, given that States may also classify certain Medicaid-only providers as “high” categorical risks, we are estimating that States may require approximately 25,000 additional individuals to undergo fingerprinting prior to enrolling in a State's Medicaid program, at a cost of $1,250,000 (25,000 × $50 = $1,250,000).

Consequently, we estimated that fingerprinting individuals for purposes of Medicaid enrollment will cost $1,300,000. When averaged across 50 States, the District of Columbia and Puerto Rico, the annual cost of fingerprinting per State will be $26,000.

b. Application Fee—Medicaid

For those providers not screened by Medicare, the State may impose a fee on each institutional provider being screened. The amount of the fee is $500 per provider for 2010. For 2011 and each subsequent year, the amount will be determined by the statutorily-required formula using the consumer price index for all urban consumers (CPI-U).Start Printed Page 5957

c. General Enrollment Framework

For purposes of this section, we assume that 80 percent of institutional Medicaid providers will be dually participating in both Medicare and Medicaid, and thus will be subject to the application fee as part of the Medicare screening and enrollment. Therefore we estimated that 20 percent, or 111,304 (556,521 × 20 percent), of the institutional Medicaid-only providers will not be screened by Medicare and thus will be subject to the application fee under Medicaid. We project that a significant number of existing and future Medicaid providers will request a hardship exception, or that a State will request a waiver of the application fee for certain Medicaid provider types of the application fee on the basis of ensuring access to care. For purposes of this section, although we have no way to estimate the exact number of providers that will ultimately request and be approved for a hardship exception, or the number of States that will request a waiver of the fee for certain Medicaid provider types, we predict that 25 percent of all Medicaid providers subject to the fee will receive the hardship exception or be granted a waiver of the fee on the basis of ensuring beneficiary access to care. We recognize that this 25 percent figure is significantly higher than the 2.5 percent waiver rate we are using for Medicare application fees. Yet we believe the difference is justified because of the greater access to care issues that may arise in Medicaid. Consequently, we estimated that 83,478 existing Medicaid providers will be required to pay the application fee (111,304 existing Medicaid providers that are not dually enrolled less 25 percent or 27,826 existing providers).

(1) New Enrollments

We apply the 80 percent rate for newly-enrolling Medicaid institutional providers that will be dually participating in both Medicare and Medicaid and thus not subject to the fee under Medicaid, and 25 percent hardship exception rate to the annual number of newly-enrolling Medicaid institutional providers not dually enrolled. The 45,000 newly-enrolling Medicare institutional providers annually represent 80 percent of the total newly-enrolling Medicaid institutional providers annually. Therefore, we estimate that there will be 11,250 newly-enrolling Medicaid institutional providers annually that are subject to the application fee under Medicaid (45,000 providers divided by 80 percent, − 45,000 = 11,250). We project another 25 percent will be exempted for hardship or be granted a waiver of the fee on the basis of ensuring beneficiary access to care, resulting in 8,438 newly-enrolling Medicaid institutional providers being subject to the application fee each year nationally.

Consistent with the Medicare analysis, in CY 2011, we reduced the estimated number of institutional providers subject to the application fee by 25 percent because the application fee will not begin until March 25, 2011. Accordingly, the number of institutional providers that we anticipate paying the application fee will be 6,329 in CY 2011. Consequently, we projected the dollars due from application fees for newly-enrolling Medicaid institutional providers who are not dually enrolled to be $21,110,019 for the first 5 years in total. When averaged across 50 States, the District of Columbia and Puerto Rico, the total application fees for the 5 years in total per State will be approximately $405,962.

Table 13—Cumulative Application Fees for Newly Enrolled Medicaid Providers for the First 5 Years of the Provision

Calendar yearNew Medicaid providers not exempted from the application feeCPI-U increaseConsumer price index adjusted fee (in dollars)Total fees for each year (in dollars)Cumulative fees (in dollars)
20116,3291.0%5053,196,1453,196,145
20128,4382.01.1%5154,345,5707,541,715
20138,4382.0%5254,429,95011,971,665
20148,4382.0%