The rule requires providers to disclose any affiliations they have had with a current or former Medicare provider that has been in an act identified as a risk of fraud, waste, or abuse.
The Centers for Medicare and Medicaid Services (CMS) recently issued a final rule that includes several anti-fraud measures and significantly enhances the agency’s authority to exclude new and current providers and suppliers that are identified as posing an undue risk of fraud, waste, or abuse.
The new measures require providers and suppliers to disclose to CMS upon its request for initial enrollment, revalidation of any “affiliations” or parties who have one or more defined “disclosable events.”
The rule went into effect November 4, 2019.
The new rule requires all providers to disclose any current or prior affiliations within the past five years the provider-or any of its owning or managing employees or organizations-has had with a current or former Medicare provider with a “disclosable event.”
This can be triggered by any of the following:
The term “affiliation” is broadly defined to include any of the following conditions:
Whenever there is a triggering affiliation, the provider must disclose certain information about the affiliates such as legal and fictitious names, tax ID number, national provider identifier, the reason for the disclosure, the length of the relationship, the type of relationship, the degree of affiliation and, if applicable, the reason for termination.
CMS can deny or revoke enrollment if it determines the affiliation poses an undue risk of fraud, waste or abuse. This power extends to both reported and unreported affiliations. CMS can also deny enrollment or revoke an existing enrollment if it requests information about the affiliation and the provider fails to “fully and completely disclose” the required information when it “knew or should have known of the information.”
When the rule was originally proposed, the public comments raised concerns about the broad authority of CMS to determine whether there is “an undue risk of fraud, waste or abuse.”
In response, CMS stated it would only take actions against a provider “after careful consideration of the facts and circumstances.”
The final rule also gives CMS more authority and discretion to revoke or deny Medicare enrollment if:
CMS has also been given new authority to prohibit a provider from enrolling in Medicare for up to three years if the basis for its initial enrollment denial was the submission of false or misleading information on its application. Under certain circumstances CMS can also extend the re-enrollment bar against a previously excluded provider for three to 10 years. Providers or suppliers that are revoked from Medicare for a second time may be prohibited from applying to re-enroll in the program for up to 20 years.
This new rule puts a premium on making sure a corporate compliance and ethics program thoroughly reviews the information of persons with whom the provider is doing business or entering into business relationships.