New CMS Disclosure Rule Implemented

The Centers for Medicare and Medicaid Services (CMS) recently issued a final rule that includes several anti-fraud measures and significantly enhances the agency’s authority to exclude new and current providers and suppliers that are identified as posing an undue risk of fraud, waste, or abuse.

The new measures require providers and suppliers to disclose to CMS upon its request for initial enrollment, revalidation of any “affiliations” or parties who have one or more defined “disclosable events.”

The rule went into effect November 4, 2019.

The new rule requires all providers to disclose any current or prior affiliations within the past five years the provider-or any of its owning or managing employees or organizations-has had with a current or former Medicare provider with a “disclosable event.”

Related: Changes Proposed for Medicare, Medicaid Anti-Kickback, and Self-Referral Rules

This can be triggered by any of the following:

• An uncollected debt to CMS.

• Current or previous payment suspension from a federal healthcare program.

• Current or previous exclusion from healthcare programs.

• Previous denial, revocation or termination of Medicare, Medicaid or Children's Health Insurance Program (CHIP) billing privileges.

The term “affiliation” is broadly defined to include any of the following conditions:

• A five percent or greater direct or indirect ownership in another organization.

• A general partnership interest in another organization.

• An interest in which the entity or individual exercises operational or managerial control over direct or indirect conducts.

• An interest in which the individual acts as an officer or director of a corporation.

• Any reassignment relationship under Title 42, Section 424.80 in the Federal Register, which prohibits reassignment of claims by suppliers under the Medicare program.

Whenever there is a triggering affiliation, the provider must disclose certain information about the affiliates such as legal and fictitious names, tax ID number, national provider identifier, the reason for the disclosure, the length of the relationship, the type of relationship, the degree of affiliation and, if applicable, the reason for termination.

CMS can deny or revoke enrollment if it determines the affiliation poses an undue risk of fraud, waste or abuse. This power extends to both reported and unreported affiliations. CMS can also deny enrollment or revoke an existing enrollment if it requests information about the affiliation and the provider fails to “fully and completely disclose” the required information when it “knew or should have known of the information.”

When the rule was originally proposed, the public comments raised concerns about the broad authority of CMS to determine whether there is “an undue risk of fraud, waste or abuse.”

In response, CMS stated it would only take actions against a provider “after careful consideration of the facts and circumstances.”

The final rule also gives CMS more authority and discretion to revoke or deny Medicare enrollment if:

• The agency determines it previously excluded providers or suppliers attempting to reenter the program under a different identifier (name, numeral identifier, business identity).

• A provider or a supplier bills for services or items it knew or should have reasonably known are from non-compliant locations.

• An eligible professional exhibits a pattern or practice of abusive ordering or certifying of Medicare Part A or Part B items, services or drugs.

• A provider or supplier has an outstanding debt to CMS from an overpayment that was referred to the Treasury Department.

CMS has also been given new authority to prohibit a provider from enrolling in Medicare for up to three years if the basis for its initial enrollment denial was the submission of false or misleading information on its application. Under certain circumstances CMS can also extend the re-enrollment bar against a previously excluded provider for three to 10 years. Providers or suppliers that are revoked from Medicare for a second time may be prohibited from applying to re-enroll in the program for up to 20 years.

This new rule puts a premium on making sure a corporate compliance and ethics program thoroughly reviews the information of persons with whom the provider is doing business or entering into business relationships.