John BrennanTroy A. BarskyHarsh P. Parikh

The Office of the Inspector General of the Department of Health and Human Services (OIG) last week replaced a 20-year old policy statement, and issued guidance on the criteria the agency will use to evaluate whether to exclude certain individuals and entities from billing or “participation in” Federal health programs under its permissive exclusion authority. The new guidelines supersede and replace the OIG’s December 24, 1997 policy statement and set forth “non-binding” criteria that the OIG may consider in exercising this authority under circumstances involving fraud, kickbacks and other prohibited conduct. The newly-memorialized policy is yet another effort by the agency to encourage healthcare providers to implement robust compliance mechanisms that can timely identify and voluntarily self-disclose to the government any unlawful conduct.

Under Sections 1128(b)(1)-(b)(15) of the Social Security Act (the “Act”), the Secretary, by delegation to the OIG, has discretion to exclude individuals and entities based on a number of grounds. This so-called “permissive exclusion” authority grants significant discretion to the OIG.  The new policy provides guidelines for permissive exclusions that are based on Section 1128(b)(7) of the Act, which permits the OIG to exclude persons from participation in any Federal health care program if the OIG determines that the individual or the entity has engages in fraud, kickbacks and other prohibited activities.

Fraud, kickbacks and other prohibited conduct under Section 1128(b)(7) often arise in the context of False Claims Act matters, criminal investigation and prosecutions, as well as from claims review by CMS contractors, RAC auditors, and the OIG.  If the OIG determines that an individual or entity has engaged in fraud or kickbacks, the agency generally presumes that some period of exclusion should be imposed to protect Federal health care programs.  An individual or an entity may rebut this presumption and the new policy sets forth the criteria that OIG will utilize to determine whether exclusion is appropriate.  Under the new guidelines, if the individual or the entity sufficiently demonstrates that it has significantly ameliorated the risk of future misconduct, the agency is likely to exercise its discretion to pursue other administrative remedies.  The policy notes that the OIG often concludes that exclusion is not necessary to protect the Federal health care programs if the person or entity agrees to enhanced OIG oversight (i.e. appropriate integrity obligations).

According to the policy, the OIG assesses future risk to Federal health care programs using a continuum: higher the risk, the more likely it is that the agency will seek exclusion:


The OIG will consider four general factors to determine where a person falls on this compliance risk spectrum: (1) nature and circumstances of conduct; (2) conduct during investigation; (3) significant ameliorative efforts; and (4) history of compliance. Whether the OIG will seek exclusion of the individual or entity under Section 1128(b)(7) will depend on the OIG’s assessment of risk.  The OIG’s guidance under the “non-binding” factors is summarized by the following chart:

Lower Risk Assessment Not Relevant to Risk Assessment Higher Risk Assessment
• initiating an internal investigation before a government subpoena; • lack of patient harm; • adverse physical, mental, financial or other impact on patients;
• self-disclosure of the conduct “cooperatively and in good faith”; • inability to engage in the conduct again; • large actual or intended financial loss;
• acceptance of responsibility; • prompt response to subpoena; and • conduct indicating a pattern of wrongdoing;
• cooperation with the Government; • existence of compliance program incorporating U.S. Sentencing Commission Guideline Manual’s seven elements. • conduct covering substantial time period;
• cooperation that results in criminal, civil or administrative action against another person; • ongoing, continual or repeated conduct;
• disciplinary action against responsible individuals; • leaders of an entity organized, led or planned the unlawful activity;
• devoting significant resources to compliance functions; and • history of civil, criminal or administrative judgments, conviction, decisions, or settlements
• sale of entity to a third party with history of compliance; • prior refusal to enter a CIA or breach of a CIA;
• additional training and other steps to improve the practice; and • obstruction or impediment to investigation, audit or other reporting;
• history of self-disclosures. • concealment of the conduct;
• failure to timely comply to subpoena;
• adverse licensure action;
• criminal conviction, Deferred Prosecution Agreement or Non-Prosecution Agreement;
• inability to pay monetary damages or penalty; and
• absence of compliance program.

The new policy underscores the importance of robust compliance programs and the need for health care providers to exercise reasonable diligence in timely investigations of potentially noncompliant practices and policies. Upon discovery that an improper practice or policy has led to a potential overpayment, providers should consider voluntary disclosing such violations and should aim to work cooperatively with the appropriate government agencies.  Finally, the new policy highlights that the OIG will likely waive its exclusion authority if providers agree to enter into corporate integrity agreements that increase OIG’s oversight of the person or entity that engaged in health care fraud and abuse.

For more information, please contact the authors of this post, or your regular Crowell & Moring contact.