Epstein Becker Green Health Care and Life Sciences Client AlertOn December 3, 2014, the Centers for Medicare & Medicaid Services (“CMS”) issued a final rule (CMS-6045-F) that updates various requirements for providers and suppliers wishing to enroll in the Medicare program. CMS issued the final rule for public inspection on December 3, 2014, and it was published in the Federal Register on December 5, 2014. The new regulations created by the final rule will be effective 60 days after the date of publication in the Federal Register, on February 3, 2015.

The April 2013 proposed rule, 78 Fed. Reg. 25013 (Apr. 29, 2013), among other things, proposed to increase the rewards under the Medicare Incentive Reward Program (“IRP”). CMS received many comments voicing concerns about the proposed approach and ultimately decided that the Dec. 2014 final rule would not address the issue due to its complexity but has reserved the right to address the issue in a future rulemaking. (The agency stated, “Due to the complexity of the operational aspects of our proposal, we are not finalizing our proposed IRP provisions in this rule. We may finalize them in future rulemaking.”)

This rule is merely the latest development in a longstanding effort by CMS to increase Medicare program integrity efforts. Focusing on program integrity has been a top priority for CMS in recent years, due, in large part, to a comprehensive strategy shaped by the Affordable Care Act (“ACA”), in terms of both protecting Medicare beneficiaries and ensuring that taxpayer dollars are spent on legitimate services and items. Using new authorities created by the ACA, CMS’s program integrity efforts to date have included establishing temporary enrollment moratoria on new ambulance and home health providers in certain “fraud hot spots” around the country and implementing the Fraud Prevention System, a predictive analytics technology, that CMS has used to identify providers and suppliers whose billing privileges ultimately were revoked.[1] The enrollment process for Medicare providers and suppliers is a critical “gateway to billing the Medicare program” and, as such, has been carefully scrutinized by CMS in recent years, reportedly to ensure that only legitimate providers and suppliers are enrolling in the program.[2]

At the same time, these efforts in general and these regulations in particular also create substantial barriers to entry for health care organizations. Providers all along the spectrum, from newly enrolled to well established, are subject to rigorous screening, possible imposition of moratoria on enrollment, and other similar barriers to entry and growth. The final rule illustrates that these requirements will become even more rigorous over time.

Key Enrollment Changes

The enrollment requirements for Medicare providers and suppliers can be found at 42 C.F.R. Part 424, Subpart P. Providers and suppliers must satisfy these conditions in order to bill for and receive payments for services provided to Medicare beneficiaries. In April 2013, CMS issued a proposed rule that, among other things, would revise certain of these enrollment requirements.[3] CMS stated in the preamble of the proposed rule that regulatory action was needed in this area to “help ensure that fraudulent entities and individuals do not enroll in or maintain their enrollment in the Medicare program.”[4] The April 2013 proposed rule and now the final rule focus on a number of changes to the enrollment requirements:

  • Unpaid Medicare Debts. Under 42 C.F.R. § 424.530(a)(6), an enrollment application can be denied if “[t]he current owner . . ., physician or non-physician practitioner has an existing overpayment at the time of filing of an enrollment application” (emphasis added). The final rule gives CMS the authority to examine the total debt owed to Medicare, not solely overpayments, and to expand its analysis of provider debts from whether an individual owner, provider, or supplier owed a debt to whether that individual owner, provider, or supplier had a prior relationship with an entity that owed a debt or had its enrollment voluntarily or involuntarily terminated. If such a relationship was discovered, CMS could then use this evidence to restrict enrollment for the new entity if CMS determines that the uncollected debt poses an “undue risk” of fraud, waste, or abuse to the Medicare program. CMS stated in its press release regarding the final rule that these changes “will help prevent individuals and entities from being able to incur substantial debt to Medicare, leave the Medicare program and then re-enroll as a new business to avoid repayment of the outstanding Medicare debt.”
  • Felony Convictions. Under 42 C.F.R. §§ 424.530(a)(3) and .535(a)(3), respectively, a provider’s or supplier’s Medicare enrollment may be denied or revoked if the provider or supplier, or any owner of the provider or supplier, has, within the last 10 years preceding enrollment or revalidation of enrollment, been convicted of a federal or state felony offense that CMS has determined to be detrimental to the best interests of the Medicare program and/or its beneficiaries. Currently, a denial or revocation is permitted only if an owner, provider, or supplier has been convicted of a serious felony, such as murder, rape, or assault; a financial crime; or a felony that exposes the Medicare program and/or its beneficiaries to immediate risks. With the new final rule, CMS has eliminated this enumerated list and inserted broad discretion to deny or revoke enrollment privileges based on any felony conviction that CMS deems detrimental to the best interests of the Medicare program and/or its beneficiaries. CMS also has indicated that this provision would apply to convictions against a provider’s or supplier’s managing employees, rather than limiting its application to convictions against an owner or the provider or supplier itself.
  • “Pattern or Practice” of Submitting Improper Claims. Currently, 42 C.F.R. § 424.535(a)(8) permits revocation of a provider’s or supplier’s Medicare enrollment for “abusive billing practices” based on consideration of the following factors: (1) percentage of submitted claims that were denied; (2) reason(s) for claim denials; (3) whether the provider or supplier has any history of “final adverse actions” (as defined at 42 C.F.R. § 424.502) and the nature of such actions; (4) length of time over which the pattern or practice has continued; (5) how long the provider or supplier has been enrolled in the Medicare program; and (6) any other information regarding the provider’s or supplier’s specific circumstances that CMS deems relevant to its determination whether the provider or supplier has engaged in a “pattern or practice” of submitting claims that fail to meet Medicare requirements. CMS expands this provision in the final rule to also include the evaluation of whether the billings in question meet Medicare’s requirement that a service be “reasonable and necessary.” This change shifts CMS’s focus from the propriety of individual claims to a provider’s or supplier’s overall billing patterns or practices. Although CMS has indicated that it intends to apply the provision only in cases where there is an unusually high volume of claims denied for failure to meet Medicare requirements, this change gives CMS broader discretion to revoke a provider’s or supplier’s enrollment status based on a pattern of inaccurate or erroneous submissions.
  • “Backbilling” by Ambulance Suppliers. Per the current 42 C.F.R. § 424.520(d), the effective date of billing privileges for physicians, non-physician practitioners, and physician/non-physician practitioner organizations is the later of: (1) the date of filing of a Medicare enrollment application that was subsequently approved by a Medicare contractor, or (2) the date an enrolled physician or non-physician practitioner first began furnishing services at a new practice location. CMS originally put this rule in place to limit the practice of “backbilling” by physicians and non-physician practitioners, due to concerns about these providers being able to bill for Medicare services rendered well before enrollment. Historically, however, CMS has not imposed this restriction on other types of Medicare providers and suppliers. The final rule now extends the “backbilling” restriction to apply to ambulance suppliers; other types of providers (e.g., home health agencies) will remain exempt from these restrictions because of more intensive enrollment processes that are applicable to such certified providers and suppliers, as well as existing limitations on their ability to “backbill” (42 C.F.R. § 489.13).

Other changes discussed in the final rule that will impact the Medicare provider/supplier enrollment process include the following:

  • CMS rephrased the definition of “Enrollment” to clarify the distinction between enrollment in the Medicare program to obtain billing privileges and enrollment that does not receive billing privileges and is solely for the purpose of ordering or certifying items or services for Medicare beneficiaries.
  • CMS narrowed the time period during which any provider or supplier other than a home health agency may submit post-revocation claims, from 27 months to 60 days after the effective date of the revocation.
  • CMS fixed the effective date of the one-to-three-year enrollment bar as beginning 30 days after the agency or one of its contractors mails the notice of revocation, rather than permitting the enrollment bar to become operative on the effective date of the revocation.
  • CMS limited the circumstances in which a provider or supplier may submit a corrective action plan (“CAP”) to cases in which the provider or supplier is determined not to be in compliance with enrollment requirements and is providing entities only one opportunity to submit a CAP to correct any deficiencies serving as the basis for a revocation.

Key Takeaways for Providers and Suppliers

The final rule ultimately sends what providers and suppliers should recognize as an all-too-familiar message regarding the importance of creating and fostering a “culture of compliance” within their organizations. Here are some key takeaways:

  • Know Whom You Are Doing Business With. As CMS reminds in the final rule, “[i]t is ultimately the hiring provider or supplier’s responsibility” to check the backgrounds of any individuals or entities that the organization is doing business with. The final rule certainly suggests several specific areas where hiring providers and suppliers should be paying particularly close attention (e.g., past debts to the Medicare program, criminal history, and even past practices and patterns with regard to submitting claims to the Medicare program). It is worthwhile for organizations to spend time, resources, and expense up front to ensure that the organization understands whom it is doing business with.      
  • Keep Your Eyes on CMS . . . and Even More Closely on the Contractors. Medicare providers and suppliers should pay particularly close attention to the newly strengthened billing revocation authorities, because CMS contractors may begin to use this sanction authority with increased frequency as a tool in their program integrity arsenal, even without being able to use it directly. CMS relies on its contractors to review claims and evaluate whether potential risks of fraud, waste, and abuse are present. Thus, even with CMS’s insistence that the agency, and not its contractors, will make these ultimate determinations, there is no doubt that such determinations will be made using information provided by the contractors, as they are closest to the actual claims. The ability to revoke a Medicare provider’s or supplier’s billing privileges is tantamount to program payment exclusion and comes with administrative appeal rights that, for most Medicare providers and suppliers, afford too few protections that are not even available when needed most (before a potential billing revocation goes into effect). Moreover, the combination of strong billing revocation authority and the potential of a 10-year look-back period for overpayments[5]should signify to providers and suppliers a critical need to take a cautious approach to assessing potential risks within organizations, and to take steps necessary to ensure adequate due process protections.

*           *           *

Epstein Becker Green attorneys can be key partners to providers and suppliers in this process, both to understand the potential risks inherent in the enrollment process for providers and suppliers once the new rules are in place, and also to preemptively assess how an organization can refine existing corporate compliance policies and procedures so that they realistically reflect the changing enrollment environment for providers wishing to participate in the Medicare program.

*          *          *

This Client Alert was authored by George B. Breen and Amy F. Lerman. For additional information about the issues discussed in this Client Alert, please contact one of the authors or the Epstein Becker Green attorney who regularly handles your legal matters.

IRS Circular 230 Disclosure

To ensure compliance with requirements imposed by the IRS, we inform you that any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of: (i) avoiding any tax penalty, or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.


[1] Centers for Medicare & Medicaid Services, Press Release, New CMS Rules Enhance Medicare Provider Oversight; Strengthen Beneficiary Protections (Dec. 3, 2014), available at http://www.cms.gov.

[2] See Statement on Medicare Program Integrity: Screening Out Errors, Fraud and Abuse, by Shantanu Agrawal, M.D., Deputy Administrator and Director, Center for Program Integrity, Centers for Medicare & Medicaid Services, U.S. Department of Health and Human Services, before Committee on Energy and Commerce, Subcommittee on Oversight & Investigations, U.S. House of Representatives (June 25, 2014), available athttp://www.hhs.gov/asl/testify/2014/06/t20140625a.html.

[3] 78 Fed. Reg. 25013 (Apr. 29, 2013).

[4] Id. at 25014.

[5] In February 2012, CMS published a proposed rule to implement the agency’s interpretation of, and providers’ obligations to report and return, identified Medicare Part A and Part B overpayments. 77 Fed. Reg. 9179 (Feb. 16, 2012). The proposed rule creates a 10-year look-back period that could create retroactive liabilities for the previous 10 years. This is inconsistent with government and industry practice regarding document retention, Medicare’s longstanding and current “reopening” provisions for adjudicated Medicare claims, and even government underpayment liability look-back provisions (which generally are only four years). In response to the solicitation for comments, 203 public comments were filed with the Acting Administration of CMS. To date, the proposed rule has not been issued in final form. For more information regarding the February 2012 proposed rule, see the Epstein Becker Green Health Reform Alert, The Clock Is Ticking: CMS Issues a Proposed Rule on Reporting and Returning Overpayments(Feb. 22, 2012), available at publications/health-reform-the-clock-is-ticking-cms-issues-a-proposed-rule-on-reporting-and-returning-overpayments/.


Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.