Revocation Authorities

Today, a final rule issued by the Centers for Medicare & Medicaid Services (CMS) establishing new enforcement initiatives aimed at removing and excluding previously sanctioned entities from Medicare, Medicaid, and the Children’s Health Insurance Program (CHIP) goes into effect.[1] Published September 10 with a comment period that also closed today, the new rule expands CMS’s “program integrity enhancement” capabilities by introducing new revocation and denial authorities and increasing reapplication and enrollment bars as part of the Trump Administration’s efforts to reduce spending. While CMS suggests that only “bad actors” will face additional burdens from the regulation, the new policies will have significant impacts on all providers and suppliers participating in Medicare, Medicaid, and CHIP.[2]

AN OVERVIEW OF THE NEW RULE

The New “Affiliations” Revocation Authority

The new “affiliations” enforcement framework—the regulation’s most significant expansion of CMS’s revocation authority—permits CMS to revoke or deny a provider’s or supplier’s enrollment in Medicare if CMS determines an “affiliation” with a problematic entity presents undue risk of fraud, waste, or abuse. Generally to bill Medicare, providers and suppliers not only must submit an enrollment application to CMS for initial enrollment, but also must recertify enrollment, reactivate enrollment, change ownership, and to change certain information.[3] In the rule’s current form, providers or suppliers submitting an enrollment application or recertification to CMS (“applicants”) will be required to submit affiliation disclosures upon CMS’s request if the agency determines the entity likely has an affiliation with a problematic entity as described below.[4] CMS will base its request on a review of various data, including Medicare Provider Enrollment, Chain, and Ownership System data and other CMS and external databases that might indicate problematic behavior, such as patterns of improper billing.[5] Upon CMS’s request, applicants identified as having at least one affiliation with a problematic entity would be required to report any current or previous direct or indirect “affiliations” to CMS.[6]


Continue Reading