GAO Report on Revised Provider Enrollment Screening Process
In March 2011, the Centers for Medicare and Medicaid Services (CMS) implemented a revised process for processing the enrollment of new Medicare providers and suppliers. This revised process also applied to existing Medicare providers and suppliers that were revalidating their enrollment information. This new process included assigning all providers and suppliers to one of three risk categories—limited, moderate, and high—based on the perceived risk of fraud and abuse. The risk category then determines the applicable screening process used for providers within that risk category.
Please note that ambulance providers and suppliers were placed in the moderate risk category. This risk category includes a verification of the information provided by the provider on its enrollment application, a check of the provider’s state licensure, a check of any adverse legal actions against the provider, and a site visit of the provider.
On December 15, 2016, the Government Accountability Office (GAO) released a report on the initial results of this revised provider enrollment screening process.
In its report, the GAO indicated that CMS applied its revised enrollment screening process to over 2.4 million newly enrolling and revalidating Medicare providers and suppliers from March 25, 2011 through December 31, 2015. Other relevant findings include:
- The total number of enrolled Medicare providers and suppliers increased from 1.4 million in March 2011 to 1.9 million in December 2015, an increase of more than 30%.
- CMS denied more than 6,000 applications for ineligible providers and suppliers. The most commonly cited reason for a denial was the failure of applicant to meet the provider/supplier type requirements. This included situations where the provider/supplier did not hold the required certification for that provider/supplier type.
- CMS rejected 17,000 applications as incomplete. The GAO found that approximately 25% of the rejected applications were the result of the application being filed in error, either by the provider/supplier or the MAC. 21% of applications were rejected as being duplicates. Another 16% of rejections were the result of the provider/supplier failing to timely respond to the MAC’s request for additional information.
- CMS screening of existing providers/suppliers resulted in more than 660,000 provider numbers being deactivated. This was typically (47%) the result of the provider failing to respond to the MAC’s request that they revalidate. Another 29% were the result of the provider/supplier voluntarily withdrawing from the Medicare program. Another 5% of deactivations were the result of the provider/supplier not submitting a claim to Medicare within the previous 12 months. The majority of these were likely individual practitioners (e.g., physicians) that either died, or who retired from professional practice, and who failed to inform the MAC at the time of retirement to request that their provider number be deactivated. This could also include organizational providers that were sold or otherwise no longer operational.
- These were frequently the result of an individual practitioner (e.g., a physician) failing to deactivate his or her Medicare number upon their retirement, and their either not responding to a request to revalidate, or notifying the MAC of their retirement and agreeing to voluntarily withdraw
- CMS revoked the billing privileges of 43,000 provider/suppliers. The most common reason cited (61%) was the failure of the provider/supplier to be professionally licensed. However, within the moderate risk category, which includes ambulance, 26% of all revocations were the result of a “CMS-approved revocation,” e.g., the result of some adverse legal action against the provider/supplier which was not properly disclosed to the MAC within 30 days.
CMS estimated that its revised screening procedures avoided $2.4 billion in Medicare payments to ineligible providers and suppliers over this period.
CMS also reported that it made several changes to its screening process over this period. This includes the implementation of a continuous license monitoring report in November 2013, and a continuous criminal monitoring report in July 2015. This also includes fingerprint-based criminal background checks for the owners and certain key employees of categorically high-risk providers and suppliers. In December 2015, CMS also began conducting site-visits for certain limited-risk providers and suppliers.
Despite the progress made by CMS, the GAO did find that certain program vulnerabilities still exist. For example, the GAO found that CMS had not established performance measures to monitor its ability to place providers and suppliers in the proper risk categories. The GAO recommended that CMS establish objectives and performance measures for assessing its progress in establishing better screening procedures for new enrollments and revalidations. CMS ultimately agreed with this recommendation.
Have a Medicare question? AAA members, send your inquiry to Brian Werfel, Esq. using our simple form!