A word of caution to durable medical equipment ("DME") suppliers planning to enroll in the Medicare program—the government is watching you! According to a new report released in December 2011 by the Office of Inspector General ("OIG"), more than 25 percent of all DME suppliers faced enforcement actions by the Centers for Medicare & Medicaid Services ("CMS") during their first year of participation in the Medicare program.
The Affordable Care Act ("ACA") strengthened the enrollment and screening processes for DME suppliers. These changes took effect in March 2011 for new supplier applicants and will become effective in March 2012 for current Medicare suppliers. In its December 2011 report ("OIG Report" or "Report"), the OIG reviewed a sample of 229 suppliers that enrolled in the Medicare program for the first time during the time period October 1 - December 31, 2008. OIG investigators examined multiple data sources, including Medicare claims data, data from the National Supplier Clearinghouse ("NSC") on revocation of Medicare billing privileges, prepayment claims review data, supplier enrollment applications, and NSC site investigator reports. In order to assess the extent, if any, that the suppliers in the sample had program integrity issues, OIG focused on two types of possible enforcement actions: (1) the placement of a supplier on prepayment claims review, and (2) a complete revocation of a supplier's Medicare billing privileges.
According to the OIG Report, OIG found that during the first year of participation in the Medicare program, 26 percent of those suppliers classified as medium or high risk by the NSC for committing fraud, and 2 percent of those deemed low-risk by the NSC, had their Medicare billing privileges revoked or were subjected to prepayment claims review. These results corroborate previous government findings that Medicare providers and suppliers and, specifically, the DME industry have historically presented significant program integrity problems for the Medicare program. As such, the OIG concluded the Report by strongly recommending that additional scrutiny of DME supplier applications is required. Specifically, the Report stated, "further scrutiny of the riskiest applicants and enrolled suppliers is needed to prevent dishonest individuals from receiving Medicare payment."
OIG highlighted several key reasons why DME suppliers were subjected to prepayment review. For example, 9 percent of medium- and high-risk suppliers were found to have billed for services not ordered by a physician, had unusual billing patterns, or failed to respond to CMS or contractor requests for information. Likewise, OIG found that 13% of medium- and high-risk suppliers and 4 percent of low-risk suppliers omitted ownership or management information from their enrollment applications. In fact, many of these suppliers reportedly left the ownership information blank on their enrollment applications and continued to receive Medicare payments for more than a year. OIG also found that 4 percent of medium- and high-risk suppliers omitted information on their enrollment applications about owner or manager criminal histories or adverse legal actions, including convictions for insurance fraud, theft by deception, felony drug possession and felony aggravated battery.
CMS revoked the Medicare billing privileges of 21 percent of high- and medium-risk suppliers in the sample. However, some of these suppliers received significant Medicare payments prior to revocation of their supplier numbers. According to the Report, Medicare reimbursed high-risk suppliers $2.8 million and medium-risk suppliers $70,582 prior to revoking their billing privileges. OIG found that these revocations occurred after the NSC determined that the suppliers no longer met all of the Medicare supplier standards. To participate in the Medicare program, all suppliers of durable medical equipment, prosthetics, orthotics, and supplies ("DMEPOS") must demonstrate compliance with the supplier standards found at 42 C.F.R. § 424.57(c). CMS can deny billing privileges to any applicant that does not meet one or more of these standards and can revoke the billing privileges of any existing Medicare supplier that does not continue to meet these standards.
OIG makes several significant recommendations in the Report. The first is to conduct post-enrollment site visits earlier for new DME suppliers receiving the most funds from Medicare. Although OIG found that the NSC conducted site visits as required by CMS, in many cases, the suppliers already received significant payments from Medicare prior to their first post-enrollment site visit. OIG recommends that CMS use the Fraud and Abuse Indicator of Risk ("FAIR") rating to prioritize the scheduling of post-enrollment site visits for certain types of newly enrolled suppliers and require that the NSC conduct post-enrollment site visits earlier for high- and medium-risk suppliers found to have submitted large dollar amounts of claims. By way of background, all supplier applicants and current suppliers are assigned a FAIR rating (formerly known as a Fraud Level Indicator). A FAIR rating represents the supplier's potential for fraudulent and/or abusive business practices. The NSC can assign one of four possible FAIR ratings: (1) low risk, (2) limited risk, (3) medium risk, or (4) high risk. When determining a supplier's FAIR rating, the NSC will consider factors such as the supplier's prior Medicare experience (if any) and/or any experience with other payors, the geographic area in which the supplier does business, the results of the NSC site visit made to the supplier, and the accreditation status of the supplier. Once a supplier is assigned a FAIR rating, the NSC will establish a Review Plan that may include information pertaining to the frequency of unscheduled site visits. As part of the Review Plan, the NSC will also recommend maximum billing amounts before prepayment review, or maximum billing "spike" amounts before prepayment review or payment suspension. A supplier's FAIR rating may be updated by the NSC based on information obtained through the enrollment process, such as reported changes of information.
The next recommendation is to apply investigative techniques and tools to identify any owners or managers of DME suppliers who are not reported on the enrollment application as required. OIG suggests that CMS improve processes to detect information that may be purposely omitted by individuals intent on defrauding the Medicare program. For example, CMS may consider developing mechanisms to access public records to identify all owners and managers who should be listed on new DME supplier enrollment applications. As with its first recommendation, OIG suggests the focus of these efforts should be on high- and medium-risk supplier applicants.
The final recommendation is to take appropriate actions when DME suppliers are found to have omitted information from enrollment applications. OIG suggests that when CMS determines that a supplier has inappropriately omitted information, CMS should share this information with OIG for permissive exclusion from the Medicare program if warranted.
CMS recently announced its plans to debut an enrollment screening system in January 2012 that will automate its pre-enrollment risk assessment and screening processes. Pre-enrollment screening of potential Medicare providers and suppliers is considered an essential step in the government's effort to fight fraud and abuse in the federal health care programs, as a more rigorous screening process is designed to allow the agency to have more significant control over the flow of Medicare dollars.
What Should DME Suppliers Do?
Being among those providers that are subject to the highest level of screening, DME suppliers seeking to newly enroll or reenroll in the Medicare program should be more vigilant in their maintenance of information relevant to the enrollment and screening processes. First, a supplier must be diligent in ensuring that its application information is detailed, accurate, and complete. Suppliers must remain in good standing with up-to-date license and registration information. Additionally, the supplier organization should have internal monitoring processes in place to ensure that all employee licenses are maintained and that all employees are screened regularly in the OIG's List of Excluded Individuals and Entities ("LEIE") and the General Service Administration's Excluded Parties List System.
Further, suppliers should strive to have effective corporate compliance programs in place to prevent and detect potential fraud and avoid prepayment review and/or revocation of Medicare billing privileges once assigned. To work toward these levels of compliance, organizations should consider undertaking internal audits and data mining to enhance their compliance efforts, and should consult with legal counsel regarding strategies to challenge or reverse any adverse actions taken by CMS during the enrollment, screening, and payment review processes.
* * * *
For more information about this issue of IMPLEMENTING HEALTH AND INSURANCE REFORM, please contact one of the authors below or the member of the firm who normally handles your legal matters.
 U.S. Dep't of Health & Human Servs., Office of Inspector Gen., Program Integrity Problems with Newly Enrolled Medicare Equipment Suppliers (Dec. 2011), OEI-06-09-00230 (hereinafter "OIG Report").
 Refer to Epstein Becker Green's Implementing Health and Insurance Reform alerts entitled "New Regulations Implement Health Reform's Enforcement Tools: Providers and Suppliers in Focus," available at /publications/health-reform-new-regulations-implement-health-reforms-enforcement-tools-providers-and-suppliers-in-focus/ (Feb. 14, 2011) and "Medicare Providers and Suppliers Continue in the Spotlight: Expansion of the DMEPOS Competitive Bidding Program; Legislative Inquiry Related to Fraud and Abuse Enforcement Actions; and Automated Pre-Enrollment Provider Screening," available at/publications/health-reform-medicare-providers-and-suppliers-continue-in-the-spotlight/ (Dec. 2, 2011).
 OIG Report, supra note 1.
 OIG Report, supra note 1.
 See, e.g., U.S. Dep't of Health & Human Servs., Office of Inspector Gen., South Florida Suppliers' Compliance with Medicare Standards: Results from Unannounced Visits (Mar. 2007), OEI-03-07-00150; Los Angeles County Suppliers' Compliance with Medicare Standards: Results from Unannounced Visits (Feb. 2008), OEI-09-07-00550; South Florida Medical Equipment Suppliers: Results of Appeals (Oct. 2008), OEI-03-07-00540; Power Wheelchairs in the Medicare Program: Supplier Acquisition Costs and Services(Aug. 2009), OEI-04-07-00400; Payments to Medicare Suppliers and Home Health Agencies Associated with "Currently Not Collectible" Overpayments(Nov. 2008), OEI-06-07-0080; and Aberrant Claims Patterns for Inhalation Drugs in South Florida (Apr. 2009), OEI-03-08-00290.
 OIG Report, supra note 1, at 15.
 OIG Report, supra note 1.
 OIG Report, supra note 1.
 Centers for Medicare & Medicaid Services, Medicare Program Integrity Manual, Pub. No. 100-08, ch. 10 § 21.4. As part of CMS's special oversight activities and projects in fiscal year ("FY") 2010, enrollment applications for specific supplier types were evaluated and assigned a FAIR rating of high, medium, or low, based on potential fraud risk to the Medicare program. In assessing the FAIR rating, factors such as experience as a DMEPOS supplier, experience with other payers, prior Medicare experience, and geographic area were considered. The subsequent level of screening used for an applicant depended on the FAIR rating. Applicants with a high or medium FAIR rating received at least one unannounced site visit to verify compliance with the DMEPOS supplier standards. Suppliers that were not in compliance with one or more of the DMEPOS supplier standards had their billing number revoked. As CMS indicated in the FY 2010 Annual Report, "enhanced review of applications for new DMEPOS supplier billing numbers helps to prevent non-compliant providers from ever entering the program." The Department of Health and Human Services and The Department of Justice, Health Care Fraud and Abuse Control Program, Annual Report for Fiscal Year 2010 (Jan. 2011), available at http://oig.hhs.gov/publications/docs/hcfac/hcfacreport2010.pdf.
 OIG Report, supra note 1.
 As noted above, refer to Epstein Becker Green's Implementing Health and Insurance Reform alert entitled "Medicare Providers and Suppliers Continue in the Spotlight: Expansion of the DMEPOS Competitive Bidding Program; Legislative Inquiry Related to Fraud and Abuse Enforcement Actions; and Automated Pre-Enrollment Provider Screening," available at /publications/health-reform-medicare-providers-and-suppliers-continue-in-the-spotlight/ (Dec. 2, 2011).
 OIG has the authority to exclude individuals and entities from federally funded health care programs and maintains the LEIE. Anyone who hires an individual or entity included on the LEIE may be subject to civil monetary penalties. See http://oig.hhs.gov/exclusions/index.asp. The General Service Administration's ("GSA") Excluded Parties List System ("EPLS") includes information regarding entities debarred, suspended, proposed for debarment, excluded or disqualified under the non-procurement common rule, or otherwise declared ineligible to receive federal contracts, certain subcontracts, and certain federal assistance and benefits. This information may include names, addresses, DUNS numbers, Social Security numbers, Employer Identification Numbers, or other Taxpayer Identification Numbers, if available and deemed appropriate and permissible to publish by the agency taking the action. Although GSA operates the EPLS, individual agencies are responsible for the timely reporting, maintenance, and accuracy of their data. See https://www.epls.gov/.