Federal Register, Volume 75 Issue 184 (Thursday, September 23, 2010)

[Federal Register Volume 75, Number 184 (Thursday, September 23, 2010)]
[Proposed Rules]
[Pages 58204-58248]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2010-23579]

[[Page 58203]]

-----------------------------------------------------------------------

Part IV

Department of Health and Human Services

-----------------------------------------------------------------------

Centers for Medicare & Medicaid Services

-----------------------------------------------------------------------

42 CFR Parts 405, 424, 438, et al.

Medicare, Medicaid, and Children's Health Insurance Programs;
Additional Screening Requirements, Application Fees, Temporary
Enrollment Moratoria, Payment Suspensions and Compliance Plans for
Providers and Suppliers; Proposed Rule

Federal Register / Vol. 75 , No. 184 / Thursday, September 23, 2010 /
Proposed Rules

[[Page 58204]]

-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Centers for Medicare & Medicaid Services

42 CFR Parts 405, 424, 438, 447, 455, 457, 498, and 1007

[CMS-6028-P]
RIN 0938-AQ20

AGENCY: Centers for Medicare & Medicaid Services (CMS), HHS.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: This proposed rule would implement provisions of the
Affordable Care Act that establish: Procedures under which screening is
conducted for providers of medical or other services and suppliers in
the Medicare program, providers in the Medicaid program, and providers
in the Children's Health Insurance Program (CHIP); an application fee
to be imposed on providers and suppliers; temporary moratoria that may
be imposed if necessary to prevent or combat fraud, waste, and abuse
under the Medicare and Medicaid programs, and CHIP; guidance for States
regarding termination of providers from Medicaid and CHIP if terminated
by Medicare or another Medicaid State plan or CHIP; guidance regarding
the termination of providers and suppliers from Medicare if terminated
by a Medicaid State agency; and requirements for suspension of payments
pending credible allegations of fraud in the Medicare and Medicaid
programs. This proposed rule would also present an approach and request
comments on the provisions of the Affordable Care Act that require
providers of medical or other items or services or suppliers within a
particular industry sector or category to establish compliance
programs.

DATES: To be assured consideration, comments must be received at one of
the addresses provided below, no later than 5 p.m. on November 16,
2010.

ADDRESSES: In commenting, please refer to file code CMS-6028-P. Because
of staff and resource limitations, we cannot accept comments by
facsimile (FAX) transmission.
You may submit comments in one of four ways (please choose only one
of the ways listed):
1. Electronically. You may submit electronic comments on this
regulation to http://www.regulations.gov. Follow the ``Submit a
comment'' instructions.
2. By regular mail. You may mail written comments to the following
address only:
Centers for Medicare & Medicaid Services, Department of Health and
Human Services, Attention: CMS-6028-P, P.O. Box 8020, Baltimore, MD
21244-8020.
Please allow sufficient time for mailed comments to be received
before the close of the comment period.
3. By express or overnight mail. You may send written comments to
the following address only:
Centers for Medicare & Medicaid Services, Department of Health and
Human Services, Attention: CMS-6028-P, Mail Stop C4-26-05, 7500
Security Boulevard, Baltimore, MD 21244-1850
4. By hand or courier. If you prefer, you may deliver (by hand or
courier) your written comments before the close of the comment period
to either of the following addresses:
a. For delivery in Washington, DC--Centers for Medicare & Medicaid
Services, Department of Health and Human Services, Room 445-G, Hubert
H. Humphrey Building, 200 Independence Avenue, SW., Washington, DC
20201.
(Because access to the interior of the Hubert H. Humphrey Building
is not readily available to persons without Federal government
identification, commenters are encouraged to leave their comments in
the CMS drop slots located in the main lobby of the building. A stamp-
in clock is available for persons wishing to retain a proof of filing
by stamping in and retaining an extra copy of the comments being
filed.)
b. For delivery in Baltimore, MD--Centers for Medicare & Medicaid
Services, Department of Health and Human Services, 7500 Security
Boulevard, Baltimore, MD 21244-1850.
If you intend to deliver your comments to the Baltimore address,
please call telephone number (410) 786-9994 in advance to schedule your
arrival with one of our staff members.
Comments mailed to the addresses indicated as appropriate for hand
or courier delivery may be delayed and received after the comment
period.
Submission of comments on paperwork requirements. You may submit
comments on this document's paperwork requirements by following the
instructions at the end of the ``Collection of Information
Requirements'' section in this document.
For information on viewing public comments, see the beginning of
the SUPPLEMENTARY INFORMATION section.

FOR FURTHER INFORMATION CONTACT: Patricia Peyton (410) 786-1812 for
Medicare enrollment issues. Claudia Simonson (312) 353-2115 for
Medicaid and CHIP enrollment and Medicaid payment suspension issues.
Joseph Strazzire (410) 786-2775 for Medicare payment suspension
issues.
Laura Minassian-Kiefel (410) 786-4641 for compliance program
issues.

SUPPLEMENTARY INFORMATION: Inspection of Public Comments: All comments
received before the close of the comment period are available for
viewing by the public, including any personally identifiable or
confidential business information that is included in a comment. We
post all comments received before the close of the comment period on
the following Web site as soon as possible after they have been
received: http://www.regulations.gov. Follow the search instructions on
that Web site to view public comments.
Comments received timely will also be available for public
inspection as they are received, generally beginning approximately 3
weeks after publication of a document, at the headquarters of the
Centers for Medicare & Medicaid Services, 7500 Security Boulevard,
Baltimore, Maryland 21244, Monday through Friday of each week from 8:30
a.m. to 4 p.m. To schedule an appointment to view public comments,
phone 1-800-743-3951.

I. Background

The Medicare program (title XVIII of the Social Security Act (the
Act)) is the primary payer of health care for 45 million enrolled
beneficiaries. Under section 1802 of the Act, a beneficiary may obtain
health services from an individual or an organization qualified to
participate in the Medicare program. Qualifications to participate are
specified in statute and in regulations (see, for example, sections
1814, 1815, 1819, 1833, 1834, 1842, 1861, 1866, and 1891 of the Act;
and 42 CFR chapter IV, subchapter G, which concerns standards and
certification requirements).
Providers and suppliers furnishing services must comply with the
Medicare requirements stipulated in the Act and in our regulations.
These requirements are meant to ensure compliance with applicable
statutes, as well as to promote the furnishing of high quality care. As
Medicare program expenditures have grown, we have increased our efforts
to ensure that only qualified individuals and organizations are

[[Page 58205]]

allowed to enroll or maintain their Medicare billing privileges.
The Medicaid program (title XIX of the Act) is a joint Federal and
State health care program for eligible low-income individuals. States
have considerable flexibility in how they administer their Medicaid
programs within a broad Federal framework and programs vary from State
to State.
The Children's Health Insurance Program (CHIP) (title XXI of the
Act) is a joint Federal and State health care program that provides
health care coverage to more than 7.7 million otherwise uninsured
children.
Historically, States, in operating Medicaid and CHIP, have
permitted the enrollment of providers who meet the State requirements
for program enrollment.
The Patient Protection and Affordable Care Act (Pub. L. 111-148),
as amended by the Health Care and Education Reconciliation Act of 2010
(Pub. L. 111-152) (collectively known as the Affordable Care Act) (the
ACA) makes a number of changes to the Medicare and Medicaid programs
and CHIP that enhance the provider and supplier enrollment process to
improve the integrity of the programs to reduce fraud, waste, and abuse
in the programs.

A. Statutory Authority

The following is an overview of some of the statutory authority
relevant to enrollment in Medicare, Medicaid, and CHIP:
Sections 1102 and 1871 of the Act provide general
authority for the Secretary of Health and Human Services (the
Secretary) to prescribe regulations for the efficient administration of
the Medicare program. Section 1102 of the Act also provides general
authority for the Secretary to prescribe regulations for the efficient
administration of the Medicaid program and CHIP.
Section 4313 of the Balanced Budget Act of 1997 (BBA)
(Pub. L. 105-33) amended sections 1124(a)(1) and 1124A of the Act to
require disclosure of both the Employer Identification Number (EIN) and
Social Security Number (SSN) of each provider or supplier, each person
with ownership or control interest in the provider or supplier, any
subcontractor in which the provider or supplier directly or indirectly
has a 5 percent or more ownership interest, and any managing employees
including directors and officers of corporations and non-profit
organizations and charities. The ``Report to Congress on Steps Taken to
Assure Confidentiality of Social Security Account Numbers as required
by the Balanced Budget Act'' was signed by the Secretary and sent to
the Congress on January 26, 1999. This report outlines the provisions
of a mandatory collection of SSNs and EINs effective on or after April
26, 1999.
Section 936(a)(2) of the Medicare Prescription Drug,
Improvement, and Modernization Act of 2003 (MMA) (Pub. L. 108-173)
amended the Act to require the Secretary to establish a process for the
enrollment of providers of services and suppliers. We are authorized to
collect information on the Medicare enrollment application (that is,
the CMS-855, (Office of Management and Budget (OMB) approval number
0938-0685)) to ensure that correct payments are made to providers and
suppliers under the Medicare program as established by title XVIII of
the Act.
Section 1902(a)(27) of the Act provides general authority
for the Secretary to require provider agreements under the Medicaid
State Plans with every person or institution providing services under
the State plan. Under these agreements, the Secretary may require
information regarding any payments claimed by such person or
institution for providing services under the State plan.
Section 2107(e) of the Act, which provides that certain
title XIX and title XI provisions apply to States under title XXI,
including 1902(a)(4)(C) of the Act, relating to conflict of interest
standards.
Section 1903(i)(2) of the Act relating to limitations on
payment.
Section 1124 of the Act relating to disclosure of
ownership and related information.
Sections 6401, 6402, 6501,10603, and 1304 of the ACA
amended the Act by establishing: (1) Procedures under which screening
is conducted for providers of medical or other services and suppliers
in the Medicare program, providers in the Medicaid program, and
providers in the CHIP; (2) an application fee to be imposed on
providers and suppliers; (3) temporary moratoria that the Secretary may
impose if necessary to prevent or combat fraud, waste, and abuse under
the Medicare and Medicaid programs and CHIP; (4) procedures to
terminate providers if terminated by Medicare or another State plan;
(5) requirements for suspensions of payments pending credible
allegations of fraud in both the Medicare and Medicaid programs.

II. Provisions of the Proposed Regulations

A. Provider Screening Under Medicare, Medicaid, and CHIP

1. Statutory Changes
Section 6401(a) of the ACA, as amended by section 10603 of the ACA,
amends section 1866(j) of the Act to add a new paragraph, paragraph
``(2) Provider Screening.'' Section 1866(j)(2)(A) of the Act requires
the Secretary, in consultation with the Department of Health of Human
Services' Office of the Inspector General (HHS OIG), to establish
procedures under which screening is conducted with respect to providers
of medical or other items or services and suppliers under Medicare,
Medicaid, and CHIP. Section 1866(j)(2)(B) of the Act requires the
Secretary to determine the level of screening to be conducted according
to the risk of fraud, waste, and abuse with respect to the category of
provider of medical or other items or services or supplier. The
provision states that the screening shall include a licensure check,
which may include such checks across State lines; and the screening
may, as the Secretary determines appropriate based on the risk of
fraud, waste, and abuse, include a criminal background check;
fingerprinting; unscheduled or unannounced site visits, including pre-
enrollment site visits; database checks, including such checks across
State lines; and such other screening as the Secretary determines
appropriate. Section 1866(j)(2)(C) of the Act requires the Secretary to
impose a fee on each institutional provider of medical or other items
or services or supplier that would be used by the Secretary for program
integrity efforts including to cover the cost of screening and to carry
out the provisions of sections 1866(j) and 1128J of the Act. We discuss
the fee in section II.B. of this proposed rule.
Section 6401(b) of the ACA amends section 1902 of the Act to add
new paragraphs (a)(77)(i) and (ii), which require States to comply with
the process for screening providers and suppliers as established by the
Secretary under 1866(j)(2) of the Act.\1\
---------------------------------------------------------------------------

\1\ We believe that the reference to section 1886(j)(2) of the
Act in section 6401(b)(1) of the Affordable Care Act is a
scrivener's error. We believe the Congress intended to refer to
section 1866(j)(2) of the Act, which, as amended by section 6401(a)
of the Affordable Care Act, requires the Secretary to establish a
process for screening providers and suppliers. Because the drafting
error is apparent, and a literal reading of the reference to section
1886(j)(2) of the Act would produce absurd results, we propose to
interpret the cross-reference to section 1886(j)(2) in the new
section 1902(ii) of the Act as if the reference were to section
1866(j)(2).

---------------------------------------------------------------------------

[[Page 58206]]

We note that the statute uses the terms ``providers of medical or
other items or services,'' ``institutional providers,'' and
``suppliers.'' The Medicare program enrolls a variety of providers and
suppliers, some of which are referred to as ``providers of services,''
``institutional providers,'' ``certified providers,'' ``certified
suppliers,'' and ``suppliers.'' In Medicare, the term ``providers of
services'' under section 1861(u) of the Act means health care entities
that furnish services primarily payable under Part A of Medicare, such
as hospitals, home health agencies (including home health agencies
providing services under Part B), hospices, and skilled nursing
facilities. The term ``suppliers'' defined in section 1861(d) of the
Act refers to health care entities that furnish services primarily
payable under Part B of Medicare, such as independent diagnostic
testing facilities (IDTFs), durable medical equipment prosthetics,
orthotics, and supplies (DMEPOS) suppliers, and eligible professionals,
which refers to health care suppliers who are individuals, that is,
physicians and the other professionals listed in section 1848(k)(3)(B)
of the Act. For Medicaid and CHIP, we use the terms ``providers'' or
``Medicaid providers'' or ``CHIP providers'' when referring to all
Medicaid or CHIP health care providers, including individual
practitioners, institutional providers, and providers of medical
equipment or goods related to care. The term ``supplier'' has no
meaning in the Medicaid program or CHIP.
Section 424.502 contains additional definitions that apply to these
and other terms used throughout this proposed rule including the
following:
Authorized official means an appointed official (for
example, chief executive officer, chief financial officer, general
partner, chairman of the board, or direct owner) to whom the
organization has granted the legal authority to enroll it in the
Medicare program, to make changes or updates to the organization's
status in the Medicare program, and to commit the organization to fully
abide by the statutes, regulations, and program instructions of the
Medicare program.
Delegated official means an individual who is delegated by
the ``Authorized Official,'' the authority to report changes and
updates to the enrollment record. The delegated official must be an
individual with ownership or control interest in, or be a W-2 managing
employee of the provider or supplier.
Managing employee means a general manager, business
manager, administrator, director, or other individual that exercises
operational or managerial control over, or who directly or indirectly
conducts, the day-to-day operation of the provider or supplier, either
under contract or through some other arrangement, whether or not the
individual is a W-2 employee of the provider or supplier.
Owner means any individual or entity that has any
partnership interest in, or that has 5 percent or more direct or
indirect ownership of the provider or supplier as defined in sections
1124 and 1124A(A) of the Act.
Physician or nonphysician practitioner organization means
any physician or nonphysician practitioner entity that enrolls in the
Medicare program as a sole proprietorship or organizational entity.
The new screening procedures implemented pursuant to new section
1866(j)(2) of the Act would be applicable to newly enrolling providers
and suppliers, including eligible professionals, beginning on March 23,
2011. These new procedures would be applicable to currently enrolled
Medicare, Medicaid, and CHIP providers, suppliers, and eligible
professionals beginning on March 23, 2012. These new screening
procedures implemented pursuant to new section 1866(j)(2) of the Act
would be applicable beginning on March 23, 2011 for those providers and
suppliers currently enrolled in Medicare, Medicaid, and CHIP who
revalidate their enrollment information. Within Medicare, the March 23,
2011 implementation date will impact those current providers and
suppliers whose 5-year revalidation cycle (or 3-year revalidation cycle
for DMEPOS suppliers) results in revalidation occurring on or after
March 23, 2011 and before March 23, 2012.
2. Summary of Existing Screening Measures
Before we outline the new measures we are proposing under the ACA,
it may be helpful to provide a summary of some of the screening
measures already being utilized in Medicare, Medicaid, and CHIP.
Pursuant to other authority, but with the notable exceptions of
criminal background checks and fingerprinting, Medicare, generally
through private contractors, already employs a number of the screening
practices described in section 1866(j)(2)(B) of the Act to determine if
a provider or supplier is in compliance with Federal and State
requirements to enroll or to maintain enrollment in the Medicare
program.
a. Licensure Requirements--Medicare and Medicaid
Over the past several years, we have taken a number of steps to
strengthen our ability to deny or revoke Medicare billing privileges
when providers or suppliers do not have or do not maintain the
applicable State licensure requirements for their provider or supplier
type or profession. We established reporting responsibilities for all
providers, suppliers, and eligible professionals in earlier regulations
at Sec. 424.516(b) through (e). Today, to ensure that only qualified
providers and suppliers remain in the Medicare fee-for-service (FFS)
program, we require that Medicare contractors review State licensing
board data on a monthly basis to determine if providers and suppliers
remain in compliance with State licensure requirements. Medicare
billing privileges would be revoked for those providers and suppliers
who do not report a final adverse action (for example, license
revocation or suspension, felony conviction) within the applicable
reporting period, as required in Sec. 424.516(b) through (e). Medicare
suppliers of DMEPOS and IDTFs are already subject to similar provisions
in Sec. 424.57(c) and Sec. 410.33(g), respectively. DMEPOS suppliers
are also subject to additional requirements including accreditation and
surety bonding, pursuant to 42 CFR 424.57(c)(22) through (26) and 42
CFR 424.57(d).
Medicare Advantage organizations (MAOs) are required to verify
licensure of providers and suppliers, including physicians and other
health care professionals, in accordance with Sec. 422.204.
For Medicaid and CHIP, most States do some checking of in-State
provider licenses. For example, in some States, the existence of the
license may be verified, but little attention might be given to any
restrictions on the license.
b. Site Visits--Medicare
Pursuant to Sec. 424.517, Medicare conducts the following site
visits and takes the following actions, generally through private
contractors under CMS direction:
The National Supplier Clearinghouse (NSC) Medicare
Administrative Contractor (the Medicare contractor that processes
enrollment applications for suppliers of DMEPOS) conducts pre-
enrollment site visits to DMEPOS suppliers that are not associated with
a chain supplier of

[[Page 58207]]

DMEPOS (a chain supplier of DMEPOS is a supplier with 25 or more
distinct practice locations.)
The NSC also conducts unannounced post-enrollment site
visits to DMEPOS suppliers for which CMS or the NSC believes there is a
likelihood of fraudulent or abusive activities to ensure those DMEPOS
suppliers remain in compliance with the supplier standards found at
Sec. 424.57(c).
CMS at times exercises its right to--
Have the NSC conduct ad hoc pre- and post-enrollment site
visits to any DMEPOS supplier;
Have Medicare contractors conduct pre-enrollment site
visits to all IDTFs; and
Conduct ad hoc pre-and post enrollment site visits to any
prospective Medicare provider and supplier or any enrolled Medicare
provider or supplier.
In addition, under 42 CFR parts 488 and 489, a State survey agency
or an approved national accreditation organization with deeming
authority conducts pre-enrollment surveys for certified providers and
suppliers to determine whether they meet the applicable Federal
conditions and requirements for their provider or supplier type before
they can participate in the Medicare program.
We believe these efforts need to be expanded to include additional
site visits and site visits to additional provider and supplier types
in order to protect the Medicare FFS program from unscrupulous or
potentially fraudulent providers and suppliers.
We note that the site visits discussed here and elsewhere within
this preamble and the proposed regulations are separate and apart from
the site visits that are conducted pursuant to the Clinical Laboratory
Improvement Amendments (CLIA). We intend to work with our State survey
agency partners in coordinating these site visits so as to avoid
duplication and burden on providers.
c. Database Checks--Medicare
Today, Medicare contractors employ database checks of eligible
professionals, owners, authorized officials, delegated officials,
managing employees, medical directors, and supervising physicians (at
IDTFs and laboratories) as part of the Medicare provider and supplier
enrollment process. These include database checks with the Social
Security Administration (SSA) (to verify an individual's SSN), the
National Plan and Provider Enumeration System (NPPES) to verify the
National Provider Identifier (NPI) of an eligible professional, and
State licensing board checks to determine if an eligible professional
is appropriately licensed to furnish medical services within a given
State. These checks also include checking a provider or supplier
against the HHS OIG's List of Excluded Individuals/Entities (LEIE) and
the General Service Administration's Excluded Parties List System
(EPLS). All of the database checks are used to assess the eligibility
and qualifications of providers and suppliers to enroll in the Medicare
program, to confirm the identity of an eligible professional to ensure
that he or she may be considered for enrollment in the Medicare
program.
Also, on a monthly basis, CMS' Medicare contractors systematically
compare enrolled providers, suppliers, and eligible professionals
against the information in the Medicare Exclusions Database. The
Medicare Exclusions Database identifies providers, suppliers, and
eligible professionals who have been excluded from the Medicare and
Medicaid programs by the HHS OIG. When a match is found, the HHS OIG
exclusion information is systematically noted in the Medicare
enrollment record of the provider, supplier, or eligible professional.
In the Medicare program today, we deny or revoke the billing privileges
of providers, suppliers, and eligible professionals who have been
excluded by the HHS OIG. If the HHS OIG lifts the exclusion, the
provider, supplier or eligible professional must reapply for enrollment
in the Medicare program. In addition, Medicare contractors also review
State licensure Web sites on a monthly basis to ensure that eligible
professionals continue to meet State licensing requirements.
In addition, since January 2009, we have compared date of death
information obtained from the Social Security Administration Death
Master File (SSA DMF) with the information maintained in the National
Plan and Provider Enumeration System (NPPES), the system that assigns a
NPI to individual and organizations. Based on this comparison and the
subsequent verification, we have deactivated the NPIs of more than
11,500 individuals who were previously assigned a type 1 (individual)
NPI. We automatically transfer this information from NPPES to the
Provider Enrollment, Chain, and Ownership System (PECOS), CMS' national
Medicare enrollment repository to deactivate a deceased individual's
Medicare billing privileges. In addition, Medicare contractors are
required to review and act upon monthly files that contain a list of
nonpractitioner individuals enrolled in the Medicare program who have
been reported to the SSA as deceased. These individuals include:
Owners, authorized officials, and delegated officials.
MAOs, as required by Sec. 422.204, generally use database checks
to verify licensure and licensure sanctions and limitations with State
licensing boards and the Federation of State Medical Boards, DEA
certificates with the National Technical Information Service (NTIS),
history of adverse professional review actions and malpractice from the
National Practitioner Data Bank (NPDB), accreditation status of
institutional providers and suppliers with national accrediting boards,
such as The Joint Commission (TJC), and search for HHS OIG exclusions
using the HHS OIG Web site http://www.oig.hhs.gov/fraud/exclusions/list
of excluded.html.
d. Criminal Background Checks--Medicare
As described in Sec. 424.530(a) and Sec. 424.535(a), CMS or its
designated Medicare contractor may deny or revoke the Medicare billing
privileges of the owner of a provider or supplier, a physician or
nonphysician practitioner, and terminate any corresponding provider or
supplier agreement for a number of reasons, including an exclusion from
the Medicare, Medicaid, and any other Federal health care program, a
felony within the preceding 10 years that is considered detrimental to
the Medicare program, and/or submission of false or misleading
information on the Medicare enrollment application. While we currently
require our Medicare contractors to verify data submitted on, and as
part of, the Medicare provider/supplier enrollment application, our
contractors are not able to verify information that may have been
purposefully omitted or changed in a manner to obfuscate any previous
criminal activity. In addition, criminal background checks are not
routinely used in the FFS Medicare screening process.
e. Medicare MAO Requirements
As mentioned earlier in this section, MAOs already employ a number
of screening procedures in accordance with regulations and CMS manual
instructions. Specifically, under Sec. 422.204(b)(3) in the case of
providers meeting the definition of ``provider of services'' in section
1861(u) of the Act, basic benefits may only be provided through
providers if they have a provider agreement with CMS permitting them to
furnish services under original Medicare. With respect to other
entities like suppliers, Sec. 422.204(b)(3) requires that they ``meet
the applicable requirements of title XVIII and Part A of title XI of
the Act.''

[[Page 58208]]

Given these requirements we are considering to what extent MAOs should
be required to apply the identical screening requirements we are
proposing for the original Medicare program or whether substantively
similar alternative approaches adopted by MAOs would be acceptable.
Accordingly, we solicit public comments on whether or to what extent
MAOs should be required to implement the same enhanced screening
requirements for providers, suppliers and physicians that we are
proposing for the original Medicare program.
f. Fingerprinting--Medicare
We do not currently use fingerprinting in the Medicare screening
process.
g. Screening--Medicaid and CHIP
States vary in the degree to which they employ screening methods
such as unscheduled and unannounced site visits and database checks,
including such checks across State lines, criminal background checks,
and fingerprinting. However, there are at least a few States that
utilize each of those methods.
States also vary in what they require their managed care entities
(MCEs) \2\ to do in terms of screening network-level providers that are
not also enrolled in the Medicaid program as FFS providers. We are
considering to what extent States must require their MCEs to apply the
identical screening requirements we are proposing for the States or
whether substantively similar alternative approaches adopted by MCEs
would be acceptable. Accordingly, we solicit public comments on whether
or to what extent MCEs should be required to implement the same
enhanced screening requirements for Medicaid and CHIP providers that we
are proposing for State Medicaid and CHIP programs.
---------------------------------------------------------------------------

\2\ For purposes of this preamble and the proposed regulations,
``managed care entity'' and ``MCE'' will have the meaning Medicaid
managed care organization (MCO), primary care case manager (PCCM),
prepaid inpatient health plan (PIHP), prepaid ambulatory health plan
(PAHP), and health insuring organization (HIO). This definition
differs from the meaning in section 1932(a)(1)(B) of the Social
Security Act, which limits MCEs to Medicaid MCOs and PCCMs. We
propose a more inclusive definition for the regulation so that all
those entities in States' managed care programs will provide
disclosure information.
---------------------------------------------------------------------------

3. Proposed Screening Requirements
a. Medicare
Section 1866(j)(2)(B) of the Act requires the Secretary to
determine the level of screening applicable to providers and suppliers
according to the risk of fraud, waste, and abuse the Secretary
determines is posed by particular categories of providers and
suppliers.
In considering how to establish consistent screening standards, we
are proposing to designate provider and supplier categories that would
be subject to certain screening procedures based on CMS' assessment of
fraud, waste and abuse risk of the provider or supplier category,
taking into consideration a variety of factors including studies
conducted by the HHS OIG and the GAO and other sources. We would
designate categories of providers or suppliers (for example, ``newly
enrolling DME suppliers'' or ``currently enrolled home health
agencies'') that would be subject to screening procedures in each
category based on our assessment of the level of risk presented by the
category of provider. There will be 3 levels of risk: ``limited,''
``moderate'' and ``high,'' and each provider/supplier category will be
assigned to one of these 3 levels. The screening procedures applicable
to each risk level will be set by us and are included in this proposed
rule. The categories described below and associated risk levels
assigned are designed to identify those categories of providers and
suppliers that pose a risk of fraud, waste, and abuse.
Under this proposed approach, the relevant Medicare contractor (for
example, fiscal intermediary, regional home health intermediary,
carriers, Part A or Part B Medicare Administrative Contractor (A/B
MAC), or the NSC Administrative Contractor) would utilize the screening
tools mandated by us for the risk level assigned to a particular
provider or supplier category.
We are soliciting comments on the proposed assignment of specific
provider and supplier types to established risk levels, including what
criteria should be considered in making such assignments, whether such
assignments should be released publicly, whether they should be subject
to agency review and updated according to an established schedule (that
is, annually, bi-annually), and the extent to which they should be
updated according to evolving risks. We are also soliciting comments on
any additional database checks that we should consider as a type of
screening.
Based on the level of risk assigned, we propose that the Medicare
contractors would establish and conduct the following categorical
screenings.

Table 1--Category of Risk and Required Screening for Medicare
Physicians, Non-Physician Practitioners, Providers, and Suppliers
------------------------------------------------------------------------
Type of screening required Limited Moderate High
------------------------------------------------------------------------
Verification of any provider/ X X X
supplier-specific
requirements established by
Medicare.....................
Conduct license verifications, X X X
(may include licensure checks
across States)...............
Database Checks (to verify X X X
Social Security Number (SSN),
the National Provider
Identifier (NPI), the
National Practitioner Data
Bank (NPDB) licensure, an OIG
exclusion, taxpayer
identification number, tax
delinquency, death of
individual practitioner,
owner, authorized official,
delegated official, or
supervising physician).......
Unscheduled or Unannounced ............ X X
Site Visits..................
Criminal Background Check..... ............ ............ X
Fingerprinting................ ............ ............ X
------------------------------------------------------------------------

As described above, we already require Medicare contractors to
ensure that every provider or supplier meets any applicable Federal
regulations or State requirements, including applicable licensure
requirements \3\ for the provider or supplier type prior to making an
enrollment determination. In addition, we also require that Medicare

[[Page 58209]]

contractors conduct monthly reviews of State licensing board actions to
determine if an individual practitioner, such as a physician or non-
physician practitioner continues to meet State licensing requirements.
In the case of organizational entities, we also require our Medicare
contractors to conduct monthly or periodic checks to determine if an
organizational entity continues to meet the Federal and State
requirements for its provider or supplier type. Such verifications help
ensure that a prospective provider or supplier is eligible to
participate in the Medicare program or that an existing provider or
supplier is eligible to maintain its Medicare billing privileges.
---------------------------------------------------------------------------

\3\ We note that under section 408 of the reauthorized Indian
Health Care Improvement Act, ``[a]ny requirement for participation
as a provider of health care services under a Federal health care
program that an entity be licensed or recognized under the State or
local law where the entity is located to furnish health care
services shall be deemed to have been met in the case of an entity
operated by the [Indian Health] Service, an Indian tribe, tribal
organization, or urban Indian organization if the entity meets all
the applicable standards for such licensure or recognition,
regardless of whether the entity obtains a license or other
documentation under such State or local law.''
---------------------------------------------------------------------------

Currently in the Medicare program, DMEPOS suppliers are required to
re-enroll every 3 years, and other providers are required to revalidate
their enrollment every 5 years. The terms revalidation and re-
enrollment are often used interchangeably, but are actually specific to
these provider types. To eliminate any confusion about which term
applies to which provider or supplier, we are proposing language at 42
CFR 424.57(e) to change all references to re-enroll or re-enrollment to
revalidate or revalidation. In addition, the ACA requires that no
provider or supplier shall be allowed to enroll in Medicare or
revalidate its enrollment in Medicare after March 23, 2013 without
being screened pursuant to the authorities covered by this proposed
rule. To assist CMS in assuring that the statutory effective date is
met, we are proposing at 42 CFR 424.515 to permit CMS to require that a
provider or supplier revalidate its enrollment at any time. After the
revalidation, the current cycle for revalidation (3 years for DMEPOS,
and 5 years for all other providers) would apply.
(1) Limited
In general, we consider physicians, nonphysician practitioners, and
medical clinics and group practices to pose limited risk because these
professionals are State licensed and we are not aware of any recent
studies or other evidence that indicates that these suppliers, as a
category, pose an elevated risk to the Medicare program.
Similarly, we believe that a provider or supplier that is publicly
traded on the New York Stock Exchange (NYSE) or the National
Association of Securities Dealers Automated Quotation System (NASDAQ)
poses a limited risk because of the financial oversight provided by
investors, corporate boards of directors, and the Security and Exchange
Commission. Finally, based on our own data analysis including analysis
of historical trends and CMS's own experience with provider screening
and enrollment we believe that the following providers and suppliers
currently pose a limited risk to the Medicare program: Ambulatory
surgical centers (ASCs); end-stage renal disease (ERSD) facilities;
Federally qualified health centers (FQHCs); histocompatibility
laboratories; hospitals, including critical access hospitals (CAHs);
Indian Health Service (IHS) facilities; mammography screening centers;
organ procurement organizations (OPOs); mass immunization roster
billers, portable x-ray suppliers; religious nonmedical health care
institutions (RNHCIs); rural health clinics (RHCs); radiation therapy
centers; public or government owned or affiliated ambulance services
suppliers (defined as an ambulance supplier owned in whole or in part
by a State or local government), and skilled nursing facilities (SNFs).
Accordingly, we propose to include the categories of providers and
suppliers listed above within the ``limited'' level of risk. We think
the additional government oversight of ``government owned or
affiliated'' ambulance service providers justifies placing these
providers in the limited category.
In Sec. 424.518(a), we propose that the following screening tools
will apply to providers and suppliers in categories designated as
``limited'' risk: (1) Verification that a provider or supplier meets
any applicable Federal regulations, or State requirements for the
provider or supplier type prior to making an enrollment determination;
(2) verification that a provider or supplier meets applicable licensure
requirements; and (3) database checks on a pre- and post-enrollment
basis to ensure that providers and suppliers continue to meet the
enrollment criteria for their provider/supplier type.
To assist readers in understanding the type of providers and
suppliers that we propose to include in the ``limited'' risk level, we
are providing the following table.

Table 2--Medicare Providers and Suppliers Designated as a ``Limited''
Categorical Risk for Screening Purposes
------------------------------------------------------------------------
Provider/supplier category
-------------------------------------------------------------------------
Physician or non-physician practitioners and medical groups or clinics.
Providers or suppliers that are publicly traded on the NYSE or NASDAQ.
Ambulatory surgical centers, end-stage renal disease facilities,
Federally qualified health centers, histocompatibility laboratories,
hospitals, including critical access hospitals, Indian Health Service
facilities, mammography screening centers, organ procurement
organizations, mass immunization roster billers, portable x-ray
supplier, religious non-medical health care institutions, rural health
clinics, radiation therapy centers, public or government owned or
affiliated ambulance services suppliers, and skilled nursing
facilities.
------------------------------------------------------------------------

(2) Moderate
For those provider and supplier categories with a ``moderate''
level of risk, we propose that Medicare contractors will conduct
unannounced pre- and/or post-enrollment site visits in addition to
those screening tools applicable to the ``limited'' level of risk.
Based on the success of pre- and/or post-enrollment site visits
conducted by the NSC during the enrollment process for suppliers of
DMEPOS and a similar process established by carriers and A/B MACs
during the enrollment of IDTFs, we believe that unscheduled and
unannounced pre- and post-enrollment site visits help ensure that
suppliers are operational and meet applicable supplier standards or
performance standards. In addition, we believe that unscheduled and
unannounced pre- and post-enrollment site visits are an essential tool
in determining whether a provider or supplier is in compliance with its
reporting responsibilities, including the requirement in Sec. 424.516
to notify the Medicare contractor of any change of practice location.
Moreover, Sec. 424.530(a)(5) and Sec. 424.535(a)(5) give CMS and
its Medicare contractors the authority to deny or revoke Medicare
billing privileges for providers and suppliers respectively if the
provider or supplier is not operational or the provider does not
maintain the established provider or supplier performance standards.
And while we do not believe that unscheduled or unannounced site visits
are necessary for all providers and

[[Page 58210]]

suppliers, we do believe that a number of businesses, like the ones
mentioned below, pose an increased risk to the Medicare program, due at
least in part to the lack of individual professional licensure.
Moreover, as discussed below, we have found that certain types of
providers and suppliers that easily enter a line or business without
clinical or business experience, for example by leasing minimal office
space and equipment, present a higher risk of possible fraud to our
programs. As such, we believe that because these types of providers
pose an increased risk of fraud they should be subject to substantial
scrutiny before being permitted to enroll and bill Medicare, Medicaid,
or CHIP. This type of pre-enrollment scrutiny will help us move away
from the ``pay and chase'' approach. With the exception of providers
and suppliers that are publicly traded on the NYSE or NASDAQ and
therefore considered ``limited'' risk, we propose that the following
prospective provider and supplier types be considered a ``moderate''
risk for the purpose of determining the appropriate level of screening:
nonpublic, non-government owned or affiliated ambulance service
suppliers, community mental health centers (CMHCs), comprehensive
outpatient rehabilitation facilities (CORFs), hospice organizations,
IDTFs, and independent clinical laboratories.
Most of these provider and supplier types are generally highly
dependent on Medicare, Medicaid, or CHIP to pay their salaries and
other operating expenses and are subject to less additional other
government or professional oversight than the providers and suppliers
in the limited risk category. Accordingly, we believe it is appropriate
and necessary to conduct unscheduled and unannounced pre-enrollment
site visits to ensure that these prospective providers and suppliers
meet CMS' enrollment requirements prior to enrolling in the Medicare
program. Moreover, we believe that post-enrollment site visits are also
important to ensure that the enrolled provider or supplier remains a
viable health care provider or supplier in the Medicare program.
Accordingly, we propose in Sec. 424.518(b)(i) that in addition to
the categorical screening tools used with respect to limited risk
providers and suppliers that Medicare contractors shall conduct
unannounced and unscheduled site visits prior to enrolling the
following prospective providers and suppliers with the exception of
providers and suppliers that are publicly traded on the NYSE or NASDAQ
and therefore considered ``limited'' risk: Nonpublic, nongovernment
owned or affiliated ambulance services suppliers, CMHCs, CORFs, hospice
organizations, IDTFs, and independent clinical laboratories. In
addition, we propose that the following currently enrolled Medicare
providers should be categorized as ``moderate'': Currently enrolled
(revalidating) home health agencies or suppliers of DMEPOS. (Except
that any such provider that is publicly traded on the NYSE or NASDAQ is
considered ``limited'' risk.)
We believe that the providers and suppliers described above have
the similar risk level as suppliers of DMEPOS and IDTFs, for both of
which we already require a pre-enrollment site visit prior to
completing the enrollment process.
We are also proposing in Sec. 424.518(b)(ii) that the Medicare
contractor shall conduct an unannounced and unscheduled pre-enrollment
and/or post-enrollment on-site visit for the following providers and
suppliers that are not publicly traded on the NYSE or NASDAQ during the
revalidation process: non-public, non-government owned or affiliated
ambulance services suppliers; CMHCs, CORFs, DMEPOS suppliers, HHAs,
hospice organizations, IDTFs, and independent clinical laboratories.
For the same reasons that we believe that a Medicare contractor should
conduct a pre-enrollment site visit, we believe that Medicare
contractors should conduct post-enrollment site visits during the
revalidation process for the provider and supplier types described
above.
HHS OIG and GAO have issued studies indicating that several of the
provider and supplier types cited above have an elevated risk. In an
October 2007 report titled, ``Growth in Advanced Imaging Paid under the
Medicare Physician Fee Schedule'' (OEI-01-06-00260), the HHS OIG
recommended that CMS consider conducting site visits to monitor IDTFs'
compliance with Medicare requirements.'' In addition, in an April 2007
report titled, ``Medicare Hospices: Certification and Centers for
Medicare & Medicaid Services Oversight'' (OEI-06-05-00260), the HHS OIG
recommended that CMS seek legislation to establish additional
enforcement remedies for poor hospice performance. In response to this
recommendation, CMS stated that it was considering whether to pursue
new enforcement remedies for poor hospice performance. While the
Medicare enrollment process is not designed to verify the conditions of
participation, we do believe that more frequent onsite visits may help
identify those hospice organizations that are no longer operational at
the practice location identified on the Medicare enrollment
application.
In a January 2006 report titled, ``Medicare Payments for Ambulance
Transports'' (OEI-05-02-000590), the HHS OIG found that ``twenty-five
percent of ambulance transports did not meet Medicare's program
requirements, resulting in an estimated $402 million in improper
payments.''
In an August 2004 report titled, ``Comprehensive Outpatient
Rehabilitation Facilities: High Medicare Payments in Florida Raise
Program Integrity Concerns'' (GAO-04-709), the GAO concluded that,
``[s]izeable disparities between Medicare therapy payments per patient
to Florida CORFs and other facility-based outpatient therapy providers
in 2002--with no clear indication of differences in patient needs--
raise questions about the appropriateness of CORF billing practices.
After finding high rates of medically unnecessary therapy services to
CORFs, CMS's claims administration contractor for Florida took steps to
ensure appropriate claim payments for a small, targeted group of CORF
patients. Despite its limited success, billing irregularities continued
among some CORFs and many CORFs continued to receive relatively high
payments the following year. This suggests that the contractor's
efforts were too limited in scope to be effective with all CORF
providers.''
In addition to GAO and HHS OIG studies and reports, a number of
Zone Program Integrity Contractors (ZPIC) and Program Safeguard
Contractors (PSC), organizations used by CMS in helping to fight fraud
in Medicare, have taken a number of administrative actions including
payment suspensions and increased medical review, for the provider and
supplier types shown above. For example, the Zone 7 ZPIC contractor in
South Florida has conducted onsite reviews at 62 CORFs since January
2010 and recommended revocation for 51 CORFs, or 82 percent of the
CORFS in the area. The same contractor has conducted an onsite reviews
at 38 CMHCs located in Dade, Broward and Palm Beach County since
January 2010, and recommended that 30 CMHCs be revoked for
noncompliance (79 percent of the CMHCs in the area). In each instance
where the ZPIC requested a revocation, the CMHC was also placed on
prepay review. We have also conducted an analysis of IDTF licensure
requirements and have found several circumstances that indicate

[[Page 58211]]

irregularity and potential risk of fraud. Although independent clinical
laboratories are subject to survey against CLIA requirements, there are
nonetheless a number of potentials for fraud, not the least of which is
the sheer volume of service and associated billing generated by these
entities.
Also, while we believe that prospective suppliers of DMEPOS that
are not publicly-traded on the NYSE or NASDAQ are a ``high''
categorical risk (see discussion below), we believe that there is ample
evidence to support the use of post-enrollment site visits as a
reliable and effective tool to ensure that a current supplier of DMEPOS
remains operational and continues to meet the supplier standards found
in Sec. 424.57(c). In a March 2007 report titled, ``Medical Equipment
Suppliers Compliance with Medicare Enrollment Requirements'' (OEI-04-
05-00380), the HHS OIG concluded that, ``By helping to ensure the
legitimacy of DMEPOS suppliers, out-of cycle site visits may help to
prevent fraud, waste, and abuse in the Medicare program. CMS may want
to consider the findings of our study as they determine how and to what
extent out-of-cycle site visits of DMEPOS suppliers will occur.''
Today, the NSC MAC utilizes on post-enrollment site visits as the
primary screening to determine ongoing compliance with the enrollment
criteria set forth in Sec. 424.57(c). Therefore, we have included
currently enrolled DMEPOS suppliers in the ``moderate'' category.
We also note that, in addition to the new screening measures being
proposed in this rule, under the existing regulation at Sec. 424.517,
a Medicare contractor may conduct an unannounced or unscheduled site
visit at any time for any provider or supplier type prior to enrolling
a prospective provider or supplier or for any existing provider or
supplier enrolled in the Medicare program. While the primary purpose of
an unannounced and unscheduled site visit is to ensure that a provider
or supplier is operational at the practice location found on the
Medicare enrollment application, a Medicare contractor may also verify
established supplier standards or performance standards other than
conditions of participation (CoP) subject to survey and certification
by the State Survey agency, where applicable, to ensure that the
supplier remains in compliance with program requirements.
To assist readers in understanding the type of providers and
suppliers that we propose to include in the ``moderate'' risk level, we
are providing the following table.

Table 3--Medicare Providers and Suppliers Designated as a ``Moderate''
Categorical Risk for Screening Purposes
------------------------------------------------------------------------
Provider/supplier category
-------------------------------------------------------------------------
Community mental health centers; Comprehensive outpatient rehabilitation
facilities; Hospice organizations; Independent diagnostic testing
facilities; Independent clinical laboratories; and Nonpublic,
Nongovernment owned or affiliated ambulance services suppliers. (Except
that any such provider or supplier that is publicly traded on the NYSE
or NASDAQ is considered ``limited'' risk.)
Currently enrolled (revalidating) home health agencies. (Except that any
such provider that is publicly traded on the NYSE or NASDAQ is
considered ``limited'' risk.)
Currently enrolled (re-validating) suppliers of DMEPOS.(Except that any
such supplier that is publicly traded on the NYSE or NASDAQ is
considered ``limited'' risk.)
------------------------------------------------------------------------

(3) High
For those provider and supplier categories within the ``high''
level of risk, we propose that, in addition to the screening tools
applicable to the ``limited'' and ``moderate'' levels of risk, Medicare
contractors would use the following screening tools in the enrollment
process: (1) Criminal background check; and (2) submission of
fingerprints using the FD-258 standard fingerprint card. (The FD-258
fingerprint card is recognized nationally and can be found at local,
county or State law enforcement agencies where, for a fee, agencies
will supply the card and take the fingerprints.) We propose that these
tools would be applied to owners, authorized or delegated officials or
managing employees of any provider or supplier within the ``high''
level of risk. We believe that criminal background checks will assist
CMS in determining if an individual, such as an owner, authorized
official, or delegated official, or managing employee of a high-risk
provider or supplier type, submitted a complete and truthful Medicare
enrollment application and whether an individual is eligible to enroll
in the Medicare program or maintain Medicare billing privileges. We
also believe that use of fingerprinting will help in verification of an
individual's identity and help resolve issues associated with identity
theft as discussed below. We believe that this position is supported by
testimony of the GAO before the subcommittees for Health and Oversight
and Ways and Means within the House of Representatives on June 15,
2010, stating in part that ``[c]hecking the background of providers at
the time they apply to become Medicare providers is a crucial step to
reduce the risk of enrolling providers intent on defrauding or abusing
the program. In particular, we have recommended stricter scrutiny of
enrollment processes for two types of providers whose services and
items CMS has identified as especially vulnerable to improper
payments--home health agencies (HHAs) and suppliers of durable medical
equipment, prosthetics, orthotics, and supplies (DMEPOS).''
In Sec. 424.518(c)(1), we are proposing that, unless they are
publicly traded on the NYSE or NASDAQ, newly enrolling HHAs and
suppliers of DMEPOS are within the ``high'' risk level. Based on our
experience and on work conducted by the HHS OIG and the GAO, and
because we do not have the monitoring experience with newly enrolling
DMEPOS suppliers or HHAs that we have with those currently enrolled, we
have placed these providers and suppliers in the ``high'' risk
category. We are especially concerned about newly enrolling HHAs and
suppliers of DMEPOS because of the high number of HHAs and suppliers of
DMEPOS already enrolled in the Medicare program and program
vulnerabilities that these entities pose to the Medicare program. Below
is a list of HHS OIG and GAO reports identifying home health agencies
and suppliers of DMEPOS as posing an elevated risk to the Medicare
program.
In a December 2009 report titled, ``Aberrant Medicare Home
Health Outlier Payment Patterns in Miami-Dade County and Other
Geographic Areas in 2008'' (OEI-04-08-00570), the HHS OIG recommended
that CMS continue with efforts to strengthen enrollment standards for
home health providers to prevent illegitimate HHAs from obtaining
billing privileges.

[[Page 58212]]

In a February 2009 report titled, ``Medicare: Improvements
Needed to Address Improper Payments in Home Health'' (GAO-09-185), the
GAO concluded that the Medicare enrollment process does not routinely
include verification of the criminal history of applicants, and without
this information individuals and businesses that misrepresent their
criminal histories or have a history of relevant convictions, such as
for fraud, could be allowed to enter the Medicare program. In addition,
the GAO recommended that CMS assess the feasibility of verifying the
criminal history of all key officials named on the Medicare enrollment
application.
In a February 2008 report titled, ``Los Angeles County
Suppliers' Compliance with Medicare Standards: Results from Unannounced
Visits'' (OEI-09-07-00550) and in a March 2007 report titled, ``South
Florida Suppliers' Compliance with Medicare Standards: Results from
Unannounced Visits (OEI-03-07-00150), the HHS OIG recommended that CMS
strengthen the Medicare DMEPOS supplier enrollment process and ensure
that suppliers meet Medicare supplier standards. The HHS OIG provided
several options to implement this recommendation including: (1)
Conducting more unannounced site visits to suppliers; (2) performing
more rigorous background checks on applicants; (3) assessing the fraud
risk of suppliers; and (4) targeting, monitoring, and enforcement of
high-risk suppliers.
In a September 2005 report titled, ``Medicare: More
Effective Screening and Stronger Enrollment Standards Needed for
Medical Equipment Suppliers'' (GAO-05-656), the GAO concluded that,

CMS is responsible for assuring that Medicare beneficiaries have
access to the equipment, supplies, and services they need, and at
the same time, for protecting the program from abusive billing and
fraud. The supplier standards and NSC's gate keeping activities were
intended to provide assurance that potential suppliers are qualified
and would comply with Medicare rules. However, there is overwhelming
evidence--in the form of criminal convictions, revocations, and
recoveries--that the enrollment processes and the standards are not
strong enough to thoroughly protect the program from fraudulent
entities. We believe that CMS must focus on strengthening the
standards and overseeing the supplier enrollment process. It needs
to better focus on ways to scrutinize suppliers to ensure that they
are responsible businesses, analogous to Federal standards for
evaluating potential contractors.

We recognize that there may also be circumstances where a
particular provider or supplier or group of providers and suppliers may
pose a higher risk of fraud, waste, and abuse than the level identified
for their category generally. Therefore, in Sec. 424.518(c)(3), we are
proposing specific criteria that we would use to adjust the
classification of a provider or supplier into a higher risk level than
would generally apply to the category of provider or supplier, in order
to address specific program vulnerabilities. We are soliciting comments
on specific additional circumstances that might justify shifting a
provider or supplier into a higher risk level than would generally
apply to its category. We are also soliciting comment on the criteria
that we could use to shift the risk level back down.
In Sec. 424.518(c)(3)(i), we are proposing to adjust a provider or
supplier from the ``limited'' or ``moderate'' risk level to the
``high'' risk level when CMS has evidence from or concerning a
physician or nonphysician practitioner that another individual is using
their identity within the Medicare program. While our Medicare
contractors have implemented procedures to reduce the possibility of
identity theft and use of physician's identity for the purposes of
enrolling and fraudulently billing the Medicare program, we believe
that we have a responsibility to all individuals participating in the
Medicare program to take the necessary steps to investigate and resolve
any allegations of identity theft. We do not intend to fingerprint the
individual physician or other eligible professional who has been the
victim of identity or provider number theft.
In Sec. 424.518(c)(3), we are proposing to adjust a provider or
supplier from the ``limited'' or ``moderate'' level of risk to the
``high'' level of risk based on: the provider or supplier having been
placed on a previous payment suspension; or the provider or supplier
has been excluded by the HHS OIG or had its Medicare billing privileges
denied or revoked by a Medicare contractor within the previous 10 years
and is attempting to establish additional Medicare billing privileges
for a new practice location or by enrolling as a new provider or
supplier. In addition, we believe that providers that have been
terminated or otherwise precluded from billing Medicaid should be
adjusted from the ``limited'' or ``moderate'' category to the ``high''
category. We believe that such providers or suppliers pose an elevated
level of risk to the Medicare program.
In Sec. 424.518(c)(3)(iv), we are proposing to adjust providers or
suppliers from the ``limited'' or ``moderate'' level of risk to the
``high'' level of risk for 6 months after CMS lifts a temporary
moratorium (see section II.C. of this proposed rule) applicable to such
providers or suppliers. This would include providers and suppliers
revalidating their enrollment if the moratorium is applicable to the
provider or supplier type. We are seeking comments on criteria that
would justify recategorization of providers or suppliers from the
``limited'' or ``moderate'' category to the ``high'' category. We are
also seeking comment on criteria appropriate to the recategorization
from ``high'' to ``moderate'' or ``limited.'' We are seeking comment on
the applicability of geographical circumstances as a possible criterion
for adjusting providers or suppliers from one risk level to another. We
are also seeking comments on whether non-practitioner-owned facilities
and suppliers should be subject to a higher level of screening than
their practitioner-owned counterparts or, whether there is an
appropriate corresponding trigger for non-practitioner owned facilities
and suppliers. We are seeking comment on whether providers and
suppliers should be subject to higher levels of screening when the
provider specialty does not match clinic type on an enrollment
application. We are seeking comment on what objective conditions might
support a broad category of circumstances or factors that would allow
us to determine that provider screening levels of risk should be based
on ``other conditions or factors that CMS determines are necessary to
combat fraud, waste, and abuse.''
We are seeking public comment on the appropriateness of using
criminal background checks in the provider enrollment screening
process, including the instances when such background checks might be
appropriate, the process of notifying a provider, supplier or
individual that a criminal background check is to be performed, and the
frequency of such checks.
We are also seeking comment on the use of fingerprinting as a
screening measure in our programs. We recognize that requesting,
collecting, analyzing, and checking fingerprints from providers and
suppliers are complex and sensitive undertakings that place certain
burdens on affected individuals. There are privacy concerns and
operational concerns about how to assure individual privacy, how to
check fingerprints against appropriate law enforcement fingerprint
databases, and how to store the results of the query of the data bases
and also how to handle the subsequent analysis of the results. As a
result, we are soliciting comments on how CMS or an approved contractor

[[Page 58213]]

should maintain and store fingerprints, what security processes and
measures are needed to protect the privacy of individuals, and any
other issues related to the use of fingerprints in the enrollment
screening process. As indicated in other portions of the document, we
think fingerprints would be useful in situations where a provider's
identity has been compromised or potentially compromised. We are
interested in comments on this and other possible circumstances in
which fingerprinting would be potentially useful in provider screening
or other fraud prevention efforts. Our proposed screening approach
contemplates requesting fingerprints from providers and suppliers
categorized as presenting a ``high'' risk of fraud. We are seeking
comment on this requirement, the circumstances under which it is
appropriate, limitations on its use and any alternatives to the
proposed approach regarding fingerprints. Our proposed approach would
allow denial of billing privileges to newly enrolled providers and
suppliers and revocation of billing privileges for revalidating
providers and suppliers if owners or officials of providers or
suppliers refuse to submit fingerprints when requested to do so. We are
seeking comments on this proposal including its appropriateness and
utility as a fraud prevention tool. In addition, we are also seeking
comment on the applicability and appropriateness of using, in addition
to or in lieu of fingerprinting, other enhanced identification
techniques and secure forms of identification including but not limited
to other biological or biometric techniques, passports, United States
Military identification, or Real ID drivers licenses. As technology and
secure identification techniques change, the tools we use may change to
reflect improvements or shifts in technology or in risk identification.
We are seeking comment on the appropriate uses of these techniques
We note that any physician or non-physician practitioner or
organizational provider or supplier that is denied enrollment into the
Medicare program or whose Medicare billing privileges are revoked is
afforded due process rights under Sec. 405.874.
To assist readers in understanding the type of providers and
suppliers that we propose to include in the ``high'' risk level, we are
providing the following table.

Table 4--Medicare Providers and Suppliers Designated as a ``High''
Categorical Risk for Screening Purposes
------------------------------------------------------------------------
Provider/supplier category
-------------------------------------------------------------------------
Prospective (newly enrolling) home health agencies and suppliers of
DMEPOS. (Except that any such provider or supplier that is publicly
traded on the NYSE or NASDAQ is considered ``limited'' risk.)
------------------------------------------------------------------------

The new screening procedures implemented pursuant to new section
1866(j)(2) of the Act would be applicable to newly enrolling providers
and suppliers, beginning on March 23, 2011. These new screening
procedures would also be applicable beginning on March 23, 2011 for
those providers and suppliers currently enrolled in Medicare, Medicaid,
and CHIP who revalidate their enrollment information. For Medicare,
this will impact those providers and suppliers whose revalidation cycle
results in revalidation occurring between March 23, 2011 and March 23,
2012. Finally, these new procedures would be applicable to currently
enrolled Medicare, Medicaid, and CHIP providers and suppliers beginning
on March 23, 2012, in accordance with section 1866(j)(2)(ii) of the
Act. As such, some providers and suppliers may be required to
revalidate their enrollment outside of their regular revalidation
cycle.
b. General Screening of Providers--Medicaid and CHIP
Section 1902(ii)(1) of the Act requires that States comply with the
process for screening providers established by the Secretary under
section 1866(j)(2) of the Act \4\. Section 2107(e)(1) of the Act
provides that all provisions that apply to Medicaid under sections
1902(a)(77) and 1902(ii) of the Act apply to CHIP. We propose in new
regulation Sec. 457.990 that all the provider screening, provider
application, and moratorium regulations that apply to Medicaid
providers will apply to providers that participate in CHIP. In
addition, in this proposed rule, we refer to State Medicaid agencies as
responsible for screening Medicaid-only providers. CHIP is often not
administered by the Medicaid agency. Throughout this proposed rule,
with respect to those instances, ``State Medicaid agency'' should be
read as ``Children's Health Insurance Program agency.''
---------------------------------------------------------------------------

\4\ As noted previously, we believe that the reference to
section 1886(j)(2) of the Act in section 6401(b)(1) of the
Affordable Care Act is a scrivener's error, and that the Congress
intended to refer instead to section 1866(j)(2) of the Act.
---------------------------------------------------------------------------

Because it would be inefficient and costly to require States to
conduct the same screening activities that Medicare contractors perform
for dually-enrolled providers, we are proposing that a State may rely
on the results of the screening conducted by a Medicare contractor to
meet the provider screening requirements under Medicaid and CHIP.
Similarly, we propose in Sec. 455.410 that State Medicaid agencies may
rely on the results of the provider screening performed by their sister
State Medicaid programs and CHIP. For Medicaid-only providers or CHIP-
only providers, we are proposing that States follow the same screening
procedures that CMS or its contractors follow with respect to Medicare
providers and suppliers.
As noted above, section 1902(ii)(1) of the Act requires that State
screening methods follow those performed under the Medicare program.
For the sake of brevity, we will not restate those methods verbatim. We
propose that States follow the rationale that we have set forth for
Medicare in section II.A.3. of this proposed rule, and that we use as
the basis for Sec. 455.450. For the types of providers that are
recognized as a provider or supplier under the Medicare program, States
will use the same risk level that is assigned to that category of
provider by Medicare. For those Medicaid and CHIP provider types that
are not recognized by Medicare, States will assess the risk posed by a
particular provider or provider type. States should examine their
programs to identify specific providers or provider types that may
present increased risks of fraud, waste or abuse to their Medicaid
programs or CHIP. States are uniquely qualified to understand issues
involved with balancing beneficiaries' access to medical assistance and
ensuring the fiscal integrity of the Medicaid programs and CHIP.
However, where applicable, we expect that States will assess the risk
of fraud, waste, and abuse using similar criteria to those used in
Medicare. For example, physicians and non-physician practitioners,
medical groups and

[[Page 58214]]

clinics that are State-licensed or State-regulated would generally be
categorized as limited risk, as would providers publicly traded on the
NYSE or NASDAQ. Those provider types that are generally highly
dependent on Medicare, Medicaid and CHIP to pay salaries and other
operating expenses and which are not subject to additional government
or professional oversight would be considered moderate risk, and those
provider types identified by the State as being especially vulnerable
to improper payments would be considered high risk. States will then
screen the provider using the screening tools applicable to that risk
assigned. However, we are not proposing to limit or otherwise preclude
the ability of States to engage in provider screening activities beyond
those required under section 1866(j)(2) of the Act, including, but not
limited to, assigning a particular provider type to a higher risk level
than the level assigned by Medicare.
As with the proposed screening provisions for Medicare, we are
soliciting comments on the applicability of these proposals for
Medicaid as well. We are seeking comment on the proposed assignment of
specific provider types to established risk categories, including
whether such assignments should be released publicly, whether they
should be reconsidered and updated according to an established
schedule, and what criteria should be considered in making such
assignments.
Based on the level of risk assigned to a provider or provider type,
we propose that States conduct the following screenings:

Table 5--Category of Risk and Required Screening for Medicaid and CHIP
Providers
------------------------------------------------------------------------
Type of Screening Required Limited Moderate High
------------------------------------------------------------------------
Verification of any provider/ X X X
supplier-specific
requirements established by
Medicaid/CHIP................
Conduct license verifications X X X
(may include licensure checks
across State lines)..........
Database Checks (to verify SSN X X X
and NPI, the NPDB, licensure,
a HHS OIG exclusion, taxpayer
identification number, tax
delinquency, death of
individual practitioner, and
persons with an ownership or
control interest or who are
agents or managing employees
of the provider).............
Unscheduled or Unannounced ............ X X
Site Visits..................
Criminal Background Check..... ............ ............ X
Fingerprinting................ ............ ............ X
------------------------------------------------------------------------

All States do not routinely require persons with an ownership or
control interest or who are agents or managing employees of the
provider to submit SSNs or dates of birth (DOBs). Without such critical
personal identifiers, it is difficult to be certain of the identity of
persons with an ownership or control interest or who are agents or
managing employees of the provider, and it may be difficult for States
to conduct the screening proposed under this rule. Accordingly, and to
be consistent with Medicare requirements, pursuant to our general
rulemaking authority under section 1102 of the Act, we propose in Sec.
455.104 to require that States will require submission of SSNs and DOBs
for all persons with an ownership or control interest in a provider. In
addition to the amendment to Sec. 455.104, we are proposing to revise
that section for the sake of clarity both for the disclosing entities'
provision and the States' collection of the disclosures. We recognize
that there may be privacy concerns raised by the submission of this
personally identifiable information as well as concerns about how the
States will assure individual privacy as appropriate; however, we
believe this personally identifiable information is necessary for
States to adequately conduct the provider screening activities under
this proposed rule. We are seeking comment specifically on this issue.
Although the level of screening may vary depending on the risk of
fraud, waste or abuse the provider represents to the Medicaid program
or CHIP, under section 1866(j)(2)(B)(i) of the Act, all providers would
be subject to licensure checks. Therefore, we are proposing that States
be required to verify the status of a provider's license by the State
of issuance and whether there are any current limitations on that
license.
As stated above, pursuant to section 2107(e)(1) of the Act, all
provisions that apply to Medicaid under sections 1902(a)(77) and
1902(ii) of the Act apply to CHIP. Because we are proposing a new
regulation in Part 457 under which all provider screening requirements
that apply to Medicaid providers will apply to providers that
participate in CHIP, these requirements for provider screening and
assigning of categories of risk of fraud, waste, or abuse, as well as
verification of licensure, under Sec. 455.412 and Sec. 455.450 will
apply in CHIP.
1. Database Checks--Medicaid and CHIP
States employ several database checks, including database checks
with the Social Security Administration and the NPPES, to confirm the
identity of an individual or to ensure that a person with an ownership
or control interest is eligible to participate in the Medicaid program.
A critical element of Medicaid program integrity is the assurance
that persons with an ownership or control interest or who are agents or
managing employees of the provider do not receive payments when
excluded or debarred from such payments. Accordingly, in Sec. 455.436,
we propose that States be required to screen all persons disclosed
under Sec. 455.104 against the OIG's LEIE and the General Services
Administration's EPLS. We propose that States be required to conduct
such screenings upon initial enrollment and monthly thereafter for as
long as that provider is enrolled in the Medicaid program.
We also propose at Sec. 455.450, as well as Sec. 455.436, that
database checks be conducted on all providers on a pre- and post-
enrollment basis to ensure that providers continue to meet the
enrollment criteria for their provider type.
As stated above, pursuant to section 2107(e)(1) of the Act, all
provisions that apply to Medicaid under sections 1902(a)(77) and
1902(ii) of the Act apply to CHIP. Because we are proposing a new
regulation in Part 457 under which all provider screening requirements
that apply to Medicaid providers will apply to providers that
participate in CHIP, this requirement for database checks under Sec.
455.436 will apply in CHIP.
2. Unscheduled and Unannounced Site Visits--Medicaid and CHIP
Section 1866(j)(2)(B)(ii)(III) of the Act states that the
Secretary, based on the level of fraud, waste, and abuse, may conduct
unscheduled and unannounced site visits, including pre-enrollment site
visits, for prospective providers and those providers already enrolled
in the

[[Page 58215]]

Medicare and Medicaid programs and CHIP.
Some States already require site visits, often for provider
categories at increased risk of fraud, waste or abuse such as home
health and non-emergency transportation. According to FY 08 State
Program Integrity Assessment (SPIA) data, at least 16 States report
that they perform some type of site visits. However, such efforts vary
widely across the country and are subject to budget shortfalls.
We are also proposing to require in Sec. 455.432 and Sec.
455.450(b) that States must conduct pre-enrollment and post-enrollment
site visits for those categories of providers the State designates as
being in the ``moderate'' or ``high'' level of risk.
Further, in Sec. 455.432, pursuant to our general rulemaking
authority under section 1102 of the Act, we are proposing that any
enrolled provider must permit the State Medicaid agency and CMS,
including CMS' agents or its designated contractors, to conduct
unannounced on-site inspections to ensure that the provider is
operational at any and all provider locations.
We maintain that site visits are essential in determining whether a
provider is operational at the practice location found on the Medicaid
enrollment agreement. We expect these requirements to increase the
number of both pre-enrollment and post-enrollment site visits for those
provider types that pose an increased financial risk of fraud, waste,
or abuse to the Medicaid program.
We propose that failure to permit access for site visits would be a
basis for denial or termination of Medicaid enrollment as specified in
Sec. 455.416.
As stated above, pursuant to section 2107(e)(1) of the Act, all
provisions that apply to Medicaid under sections 1902(a)(77) and
1902(ii) of the Act apply to CHIP. Because we are proposing a new
regulation in Part 457 under which all provider screening requirements
that apply to Medicaid providers will apply to providers that
participate in CHIP, this requirement for site visits under Sec.
455.432 will apply in CHIP.
3. Provider Enrollment and Provider Termination--Medicaid and CHIP
States may refuse to enroll or may terminate the enrollment
agreement of providers for a number of reasons related to a provider's
status or history, including an exclusion from Medicare, Medicaid, or
any other Federal health care program, conviction of a criminal offense
related to Medicare or Medicaid, or submission of false or misleading
information on the Medicaid enrollment application. Failure to provide
disclosures is another reason for termination from participation in the
Medicaid program.
Federal regulations beginning at Sec. 455.100 require certain
disclosures by providers to States before enrollment. States require
additional disclosures prior to enrollment. Some States require
periodic re-enrollment and disclosure at that time. However, States
vary in the frequency of such re-disclosures. Providers are also
inconsistent in keeping their enrollment information current, including
items as elementary as their address.
We are proposing, at Sec. 455.414, pursuant to our general
rulemaking authority under section 1102 of the Act, that all providers
undergo screening pursuant to the procedures outlined herein at least
once every 5 years, consistent with current Medicare requirements for
revalidation.
In Sec. 455.416, we propose to establish termination provisions,
requiring States to deny or terminate the enrollment of providers: (1)
Where any person with an ownership or control interest or who is an
agent or managing employee of the provider does not submit timely and
accurate disclosure information or fails to cooperate with all required
screening methods; (2) that are terminated on or after January 1, 2011
by Medicare or any other Medicaid program or CHIP (see section II.F. of
this proposed rule); and (3) where the provider or any person with an
ownership or control interest or who is an agent or managing employee
of the provider fails to submit sets of fingerprints within 30 days of
a State agency or CMS request. We propose to permit States to deny
enrollment to a provider if the provider has falsified any information
on an application if CMS or the State cannot verify the identity of the
applicant. We also propose to require States to deny enrollment to
providers, unless States determine in writing that denial of enrollment
is not in the best interests of the State's Medicaid program, in these
circumstances: (1) The provider or a person with an ownership or
control interest or who is an agent or managing employee of the
provider fails to provide accurate information; (2) the provider fails
to provide access to the provider's locations for site visits, or (3)
the provider, or any person with an ownership or control interest, or
who is an agent or managing employee of the provider has been convicted
of a criminal offense related to that person's involvement in Medicare,
Medicaid, or CHIP in the last ten years. We believe that providers can
significantly reduce the likelihood of fraud, waste or abuse by
providing and maintaining timely and accurate Medicaid enrollment
information. We believe the Medicaid program will be better protected
by not allowing persons with serious criminal offenses related to
Medicare, Medicaid, and CHIP to serve as providers.
We propose at Sec. 455.416 that the State be allowed to deny an
initial enrollment application or agreement submitted by a provider or
terminate the Medicaid enrollment of a provider, including an
individual physician or non-physician practitioner, if CMS or the State
is not able to verify an individual's identity, eligibility to
participate in the Medicaid program, or determines that information on
the Medicaid enrollment application was falsified.
In Sec. 455.420, we propose to require that any providers whose
enrollment has been denied or terminated must undergo screening and pay
all appropriate application fees again to enroll or re-enroll as a
Medicaid provider.
We propose at Sec. 455.422 that in the event of termination under
Sec. 455.416, the State Medicaid agency must give a provider any
appeal rights available under State law or rule.
As stated above, pursuant to section 2107(e)(1) of the Act, all
provisions that apply to Medicaid under sections 1902(a)(77) and
1902(ii) of the Act apply to CHIP. Because we are proposing a new
regulation in Part 457 under which all provider screening requirements
that apply to Medicaid providers will apply to providers that
participate in CHIP, these requirements for provider enrollment,
provider termination, and provider appeal rights under Sec. Sec.
455.414, 455.416, 455.420, and 455.422 will apply in CHIP.
4. Criminal Background Checks and Fingerprinting--Medicaid and CHIP
Section 1866(j)(2)(B)(ii)(II) of the Act allows the Secretary to
use fingerprinting during the screening process; and while several
States have implemented procedures to require fingerprinting of
physicians and non-physician practitioners as a condition of licensure,
we maintain that if a State designates a provider as within the
``high'' level of risk as described previously, each person with an
ownership or control interest of that provider or who is an agent or
managing employee of the provider should be subject to fingerprinting.
We maintain that adding fingerprinting to State screening processes
for those providers that pose the greatest risk to the Medicaid program
will allow CMS and the State to: (1) Verify The individual's identity;

[[Page 58216]]

(2) determine whether the individual is eligible is participate in the
Medicaid program; (3) ensure the validity of information collected
during the Medicaid enrollment process; and (4) prevent and detect
identity theft. Ensuring the identity of ``high'' risk Medicaid
providers through fingerprinting protects both the Medicaid program and
providers whose identities might otherwise be stolen as part of a
scheme to defraud Medicaid.
In addition, while Sec. 455.106 requires providers to submit
information to the Medicaid agency on criminal convictions related to
Medicare and Medicaid and title XX, current regulations do not require
States to verify data submitted as part of the Medicaid enrollment
application and they are sometimes not able to verify information that
was purposefully omitted or changed in a manner to obfuscate any
previous criminal activity. According to fiscal year (FY) 2008 SPIA
data, at least 20 States report that they conduct some type of criminal
background check as part of their Medicaid enrollment practices.
Elements of a robust criminal background check could include, but
are not necessarily limited to: (1) Conducting national and State
criminal records checks; and (2) requiring submission of fingerprints
to be used for conducting the criminal records check and verification
of identity.
We are proposing in Sec. 455.434 and Sec. 455.450 for those
categories of providers that a State Medicaid agency determines is
within the ``high'' level of risk, the State must: (1) Conduct a
criminal background check of each person with an ownership or control
interest or who is an agent or managing employee of the provider, and
(2) require that each person with an ownership or control interest or
who is an agent or managing employee of the provider to submit his or
her fingerprints. While the FD-258 fingerprint card is recognized
nationally and can be found at local, county, or State law enforcement
agencies where, for a fee, agencies will supply the card and take the
fingerprints, the State Medicaid agency has the discretion to determine
the form and manner of submission of fingerprints.
At Sec. 455.434, we propose that the State Medicaid agency must
require providers or any person with an ownership or control interest
or who is an agent or managing employee of the provider to submit
fingerprints in response to a State's or CMS' request.
We are seeking public comment on the appropriateness of using
criminal background checks in the provider enrollment screening
process, including the instances when such background checks might be
appropriate, the process of notifying a provider or individual that a
criminal background check is to be performed, and the frequency of such
checks.
We are also seeking comment on the use of fingerprinting as a
screening measure. We recognize that requesting, collecting, analyzing,
and checking fingerprints from providers are complex and sensitive
undertakings that place certain burdens on affected individuals. There
are privacy concerns and operational concerns about how to assure
individual privacy, how to check fingerprints against appropriate law
enforcement fingerprint databases, and how to store the results of the
query of the databases and also how to handle the subsequent analysis
of the results. As a result, we are soliciting comments on how CMS or a
State Medicaid agency should maintain and store fingerprints, what
security processes and measures are needed to protect the privacy of
individuals, and any other issues related to the use of fingerprints in
the enrollment screening process. As indicated in other portions of the
document, we think fingerprints would be useful in situations where a
provider's identity has been compromised or potentially compromised. We
are interested in comments on this and other possible circumstances in
which fingerprinting would be potentially useful in provider screening
or other fraud prevention efforts. Our proposed screening approach
contemplates requesting fingerprints from providers categorized as
presenting a ``high'' risk of fraud. We are seeking comment on whether
this is an appropriate requirement, the circumstances under which it
might be appropriate or inappropriate, and any alternatives to the
proposed approach regarding fingerprints. Our proposed approach would
allow States to deny enrollment to newly-enrolling providers and to
terminate existing providers if individuals who have an ownership or
control interest in the provider or who are agents or managing
employees of the provider refuse to submit fingerprints when requested
to do so. We are seeking comments on this proposal including its
appropriateness and utility as a fraud prevention tool.
In addition, we are also seeking comment on the applicability and
appropriateness of using, in addition to or in lieu of fingerprinting,
other enhanced identification techniques and secure forms of
identification including but not limited to passports, United States
Military identification, or Real ID drivers licenses. As technology and
secure identification techniques change, the tools we or State Medicaid
agencies use may change to reflect changes in technology or in risk
identification. We are seeking comment on the appropriate uses of these
techniques and the ways in which we should notify the public about any
tools CMS or State Medicaid agencies would adopt. We also welcome
comments on whether there should be differences allowed between Federal
and State techniques, or among States, and if so, on what basis.
As stated above, pursuant to section 2107(e)(1) of the Act, all
provisions that apply to Medicaid under sections 1902(a)(77) and
1902(ii) of the Act apply to CHIP. Because we are proposing a new
regulation in Part 457 under which all provider screening requirements
that apply to Medicaid providers will apply to providers that
participate in CHIP, these requirements for criminal background checks
and fingerprinting under Sec. 455.434 will apply in CHIP.
5. Deactivation and Reactivation of Provider Enrollment--Medicaid and
CHIP
Section 1902(ii)(1) of the Act requires the screening of Medicaid
providers to ensure they are eligible to provide services and receive
payments. While the ACA does not specifically require it, we maintain
that it is important to the protection of the Medicaid program and
consistent with longstanding Medicare requirements to identify and
deactivate the enrollment of inactive Medicaid providers.
Accordingly, in Sec. 455.418, we propose that any Medicaid
provider that has not submitted any claims or made a referral that
resulted in a Medicaid claim for a period of 12 consecutive months must
have its Medicaid provider enrollment deactivated. Further, we propose
that any such provider wishing to be reinstated to the Medicaid program
must first undergo all disclosures and screening required of any other
applicant. In addition, the provider must pay any associated
application fees under Sec. 455.426.
As stated above, pursuant to section 2107(e)(1) of the Act, all
provisions that apply to Medicaid under sections 1902(a)(77) and
1902(ii) of the Act apply to CHIP. Because we are proposing a new
regulation in Part 457 under which all provider screening requirements
that apply to Medicaid providers will apply to providers that
participate in CHIP, this requirement for deactivation of provider
enrollment under Sec. 455.418 will apply in CHIP.

[[Page 58217]]

6. Enrollment and NPI of Ordering or Referring Providers--Medicaid and
CHIP
Section 1902(ii)(7) of the Act provides that States must require
all ordering or referring physicians or other professionals to be
enrolled under a Medicaid State plan or waiver of the plan as a
participating provider. Further, the NPI of such ordering or referring
provider or other professional must be on any Medicaid claim for
payment based on an order or referral from that physician or other
professional.
Providers and suppliers under Medicare and providers in the
Medicaid program are already subject to the requirement that the NPI be
on applications to enroll and on all claims for payment, pursuant to
section 6402(a) of the ACA, amending section 1128J of the Act, and
under Sec. 424.506, Sec. 424.507, and Sec. 431.107, as amended by
the May 5, 2010 interim final rule with comment (75 FR 24437).
In Sec. 455.410, we propose that any physician or other
professional ordering or referring services for Medicaid beneficiaries
must be enrolled as a participating provider by the State in the
Medicaid program. This applies equally to fee-for-service providers or
MCE network-level providers.
Additionally, we propose to amend Sec. 438.6 to require that
States must include in their contracts with MCEs a requirement that all
ordering and referring network-level MCE providers be enrolled in the
Medicaid program, as are fee-for-service providers, and thus are
screened directly by the State.
Although the NPI requirements in section 6402(a) of the ACA did not
extend to CHIP providers, section 6401 of the ACA does apply equally to
CHIP, and the proposed requirement herein for ordering and referring
physicians or other professionals under the Medicaid program would
apply equally under CHIP.
In addition, in Sec. 455.440, we propose that all claims for
payment for services ordered or referred by such a physician or other
professional must include the NPI of the ordering or referring
physician or other professional. This applies equally to fee-for-
service providers or MCE network-level providers.
It is essential that all such claims have the ordering or referring
NPI and that the State has properly screened the ordering or referring
physician or other professional. Without such assurances, it is
difficult for CMS or the State to determine the validity of individual
claims for payment or to conduct effective data mining to identify
patterns of fraud, waste, and abuse.
As stated above, pursuant to section 2107(e)(1) of the Act, all
provisions that apply to Medicaid under sections 1902(a)(77) and
1902(ii) of the Act apply to CHIP. Because we are proposing a new
regulation in Part 457 under which all provider screening requirements
that apply to Medicaid providers will apply to providers that
participate in CHIP, these requirements for provider enrollment and NPI
under Sec. Sec. 455.410 and 455.440 will apply in CHIP.
7. Other State Screening--Medicaid and CHIP
Section 1902(ii)(8) of the Act establishes that States are not
limited in their abilities to engage in provider screening beyond those
required by the Secretary. Accordingly, in Sec. 455.452, we propose
that States may utilize additional screening methods, in accordance
with their approved State plan.
As stated above, pursuant to section 2107(e)(1) of the Act, all
provisions that apply to Medicaid under sections 1902(a)(77) and
1902(ii) of the Act apply to CHIP. Because we are proposing a new
regulation in Part 457 under which all provider screening requirements
that apply to Medicaid providers will apply to providers that
participate in CHIP, this requirement for other State screening under
Sec. 455.452 will apply in CHIP.

B. Application Fee--Medicare, Medicaid, and CHIP

1. Statutory Changes
Section 6401(a) of the ACA, as amended by section 10603 of the ACA,
amended section 1866(j) of the Act and requires the Secretary of DHHS
to impose a fee on each ``institutional provider of medical or other
items or services or supplier,'' The fee would be used by the Secretary
to cover the cost of screening and to carry out the screening and other
program integrity efforts under section 1866(j) and section 1128J of
the Act. Since section 10603 of the ACA excludes eligible
professionals, such as physicians and nurse practitioners, from paying
an enrollment application fee, we maintain that an ``institutional
provider of medical or other items or services or supplier'' would be
any health care provider that bills Medicare, Medicaid, or CHIP on a
fee-for-service basis, with the exception of Part B medical groups or
clinics and physician and nonphysician practitioners who submit the CMS
855I to enroll in Medicare.
Section 1866(j)(2)(D)(i) of the Act states that the new screening
procedures implemented pursuant to section 6401 of the ACA would be
applicable to newly enrolling providers, suppliers, and eligible
professionals who are not enrolled in Medicare, Medicaid, or CHIP by
March 23, 2011. Accordingly, the enrollment application fees for newly
enrolling institutional providers and suppliers would be applicable on
that date as well.
Section 1866(j)(2)(D)(ii) of the Act states that the new screening
procedures will apply to currently enrolled Medicare, Medicaid, and
CHIP providers, suppliers, and eligible professionals beginning on
March 23, 2012. However, because the new procedures will be applicable
beginning on March 23, 2011 for those providers, suppliers, (and
eligible professionals) currently enrolled in Medicare, Medicaid and
CHIP that revalidate their enrollment information, we will begin
collecting the application fee for those revalidating entities for all
revalidation activities beginning after March 23, 2011.
Section 1866(j)(2)(C)(ii) of the Act permits the Secretary, acting
through CMS, to, on a case-by-case basis, exempt a provider or supplier
from the imposition of an application fee if CMS determines that the
imposition of the enrollment application fee would result in a
hardship. It also permits the Secretary to waive the enrollment
application fee for Medicaid providers for whom the State demonstrates
that imposition of the fee would impede Medicaid beneficiaries' access
to care.
Section 1866(j)(2)(C)(i)(I) of the Act establishes a $500
application fee for providers and suppliers in 2010. For 2011 and each
subsequent year, the amount of the fee would be the amount for the
preceding year, adjusted by the percentage change in the consumer price
index for all urban consumers (all items; United States city average),
(CPI-U) for the 12-month period ending with June of the previous year.
To ease the administration of the fee, if the adjustment sets the fee
at an uneven dollar amount, CMS will round the fee to the nearest whole
dollar amount.
2. Proposed Provisions
In Sec. 424.502, we also propose to establish a definition for an
``institutional provider'' as it relates to the submission of an
application fee. We propose that an ``institutional provider'' means
any provider or supplier that submits a paper Medicare enrollment
application using the CMS-855A, CMS-855B (but not physician and
nonphysician practitioner

[[Page 58218]]

organizations), or CMS-855S or associated Internet-based PECOS
enrollment application.
For purposes of Medicare, Medicaid, and CHIP, we interpret the
statutory reference to ``institutional provider[s] of medical or other
items or services or supplier'' to include, but not be limited to: the
range of ambulance service suppliers; ASCs; CMHCs; CORFs; DMEPOS
suppliers; ESRD facilities; FQHCs; histocompatibility laboratories;
HHAs; hospices; hospitals, including but not limited to acute inpatient
facilities, inpatient psychiatric facilities (IPFs), inpatient
rehabilitation facilities (IRFs), and physician-owned specialty
hospitals; CAHs; independent clinical laboratories; IDTFs; mammography
centers; mass immunizers (roster billers); OPOs; outpatient physical
therapy/occupational therapy/speech pathology services, portable x-ray
suppliers; SNFs; slide preparation facilities; radiation therapy
centers; RNHCIs; and RHCs.
In addition to the providers and suppliers listed above, for
purposes of Medicaid and CHIP, we propose that a State may impose the
application fee on any institutional entity that bills the State
Medicaid program or CHIP on a fee-for-service basis, such as: Personal
care agencies, non-emergency transportation providers, and residential
treatment centers, in accordance with the approved Medicaid or CHIP
State plan.
We propose that an application fee will not be required from an
eligible professional who reassigns Medicare benefits to another
individual or organization, since it would not create a new enrollment
of an institutional provider or supplier that would result in an
application fee. In addition, we propose that in no case would the
application fee be required from any individual physician or Part B
medical group/clinic.
We propose that an application fee will be required with the
submission of an initial enrollment application, the application to
establish a new practice location, as a part of revalidation, or in
response to a Medicare contractor revalidation request.
We are proposing that prospective institutional providers and
suppliers as well as currently enrolled providers who are re-enrolling
or revalidating their enrollment in Medicare must submit the applicable
application fee or submit a request for a hardship exception to the
application fee at the time of filing a Medicare enrollment application
on or after March 23, 2011 in the case of prospective providers or
suppliers, and in the case of revalidations. We believe that it is
essential that a Medicare contractor be able to receive and deposit the
application fee or consider the institutional provider's request for a
hardship exception prior to initiating an application review.
Therefore, Medicare contractors would not begin processing an
application for either a new provider or supplier, or for a provider or
supplier that is currently enrolled, until the enrollment application
fee is received and is credited to the United States Treasury.
The fee would accompany the certification statement that the
provider or supplier signs, dates, and mails to the Medicare contractor
if the provider or supplier uses Internet-based PECOS to enroll or
revalidate. The fee would accompany the paper CMS-855 provider
enrollment application if the provider or supplier enrolls or
revalidates by paper. Because the statutory provisions are effective
for newly enrolling providers and suppliers effective March 23, 2011
institutional providers and suppliers will not be required to furnish
the application fee with applications submitted before that date.
However, because the ACA provides that the new procedures will be
applicable beginning on March 23, 2011 for those providers and
suppliers, (and eligible professionals) currently enrolled in Medicare,
Medicaid, and CHIP that revalidate their enrollment information, CMS
will begin collecting the application fee for those revalidating
entities for all revalidation activities beginning after March 23,
2011. We will not collect the fee from individual physicians and
eligible professionals.
We propose that the Medicare contractor reject and return to the
provider or supplier an initial enrollment application submitted by a
provider or supplier, without further review as to whether the provider
or supplier qualifies to enroll in the Medicare program, when the
Medicare enrollment application or the Certification Statement is
received by the Medicare contractor and the provider or supplier did
not include a request for hardship exception to the application fee,
did not include the application fee or the appropriate number of
application fees, if applicable. We do not believe that it is
appropriate for a Medicare contractor to begin the application review
process without first having received the application fee.
We propose that the Medicare contractor reject any initial
enrollment applications submitted after March 23, 2011, if a provider
or a supplier did not furnish the application fee at the time of
filing, using Sec. 424.525(a)(3) as the legal basis for the rejection.
In Sec. 424.525(a)(3), we propose adding a new reason why a
Medicare contractor could reject an initial enrollment application or
an application to establish a new practice location. Specifically, we
are proposing a new Sec. 424.525(a)(3) to state, ``The prospective
institutional provider or supplier does not submit an application fee
in the appropriate amount or a hardship exception request with the
Medicare enrollment application at the time of filing.''
We also believe that a Medicare contractor should be allowed to
reject an initial enrollment application received from a provider or
supplier on or after March 23, 2011, using Sec. 424.525(a)(1) as the
legal basis, if, for any reason, CMS or the Medicare contractor is not
able to deposit the full application amount into a government-owned
account and credited to the U.S. Treasury. In the case where a provider
or supplier did not submit the application fee because they requested a
hardship exception that is not granted, a provider or supplier has 30
days from the date on which the contractor sends notice of the
rejection of the hardship exception request to send in the required
application fee and application forms.
In Sec. 424.535, we propose adding a new reason why a Medicare
contractor can revoke Medicare billing privileges. Specifically, we are
proposing a new Sec. 424.535(a)(6)(i) to state that billing privileges
may be revoked if ``An institutional provider does not submit an
application fee or hardship exception request that meets the
requirements set forth in Sec. 424.514 with the Medicare revalidation
application or the hardship exception is not granted.''
In addition, in Sec. 424.535, we are proposing a new Sec.
424.535(a)(6)(ii) to state that billing privileges shall be revoked if
``The Medicare contractor is not able to deposit the full application
amount into a government-owned account or the funds are not able to be
credited to the U.S. Treasury.''
In Sec. 424.514(b), we are proposing that currently enrolled
institutional providers and suppliers that are subject to CMS
revalidation efforts must submit the applicable application fee or
submit a request for a hardship exception to the application fee at the
time of filing a Medicare enrollment application on or after March 23,
2011.
In Sec. 424.514(d)(2)(iii), we propose that institutional
providers and suppliers submit the application fee with each initial
application, application to establish a new practice location, or

[[Page 58219]]

with the submission of an application in response to a Medicare
contractor revalidation request.
In Sec. 424.514(d)(2), we propose that the application fee be
based on the amount calculated by CMS using the CPI-U as of June 30 of
the previous year and adjusted annually to be effective January 1st of
the following year. The application fee for a given year will be
effective from January 1 to December 31 of a calendar year.
In Sec. 424.514(d)(2)(v), we propose that the application fee be
non-refundable. Neither the Federal government, its Medicare
contractors, State Medicaid agencies or CHIP should be liable for
reimbursement of the application fee to the provider or supplier if the
application fee has been received by the Medicare contractor and
deposited into a Government-owned account and, later, during the course
of verifying, validating, and processing the information in the
enrollment application, CMS or its Medicare contractor appropriately
denies the enrollment application. Appropriate denial requires a
substantive reason and applications will not be denied over
inconsequential errors or omissions or over errors or omissions
corrected timely.
In Sec. 424.514(d)(4)(vi), we propose that a provider or supplier
must submit a new application fee if the provider or supplier resubmits
a Medicare enrollment application because a previously-submitted
enrollment application was appropriately denied or rejected. In some
cases, a rejected application would be returned to the provider or
supplier along with the application fee; in other cases, the
application would be denied and the application fee retained by the
Federal government because the processing of the application would have
already begun. In those latter cases, CMS funds would have been
expended for some or all of the required screening involved in
processing the application. For example, if a home health agency
enrollment application is rejected because the enrollment application,
or the certification statement generated by Internet-based PECOS, was
not signed, the enrollment application would be rejected and it and the
check for the application fee would both be returned to the home health
agency. If a home health agency enrollment application is denied based
on non-compliance with a provider enrollment requirement or because the
HHA did not meet the conditions of participation for its provider type,
the enrollment would be denied and the application fee would be
retained by the Federal government. If the HHA wishes to send a new
enrollment application, it would have to include another application
fee with that new enrollment application. Similarly, we propose that a
provider or supplier would be required to submit to the Medicare
contractor a new application fee with a subsequent enrollment
application if, among other things, the previous enrollment application
was rejected because the provider or supplier did not timely furnish
the Medicare contractor with the applicable supporting documentation or
information necessary to complete its review and verification of the
previous enrollment application.
In Sec. 424.514(d)(6)(vii), we propose that the application fee
must be able to be deposited into a government-owned account.
Because we are proposing that a State may rely on the results of
the screening conducted by the Medicare contractor to meet the
screening requirements for participation in a State Medicaid program or
CHIP, we propose that, for dually participating providers, the
application fee would be imposed at the time of the Medicare enrollment
application, consistent with the procedures described above.
Additionally, because the purpose of the application fee is to, in
part, cover the costs of conducting the provider and supplier screening
activities, we propose that a provider or supplier enrolled in more
than one program (that is, Medicare and Medicaid or CHIP, or all three
programs) would only be subject to the application fee under Medicare
and that the fee would cover screening activities for enrollment in all
programs.
Section 1866(j)(2)(C)(iii) of the Act also permits the Secretary to
grant, on a case-by-case basis, exceptions to the application fee for
institutional providers and suppliers enrolled in the Medicare and
Medicaid programs and CHIP if the Secretary determines that imposition
of the fee would result in a hardship. One instance that might support
a request for hardship exception is in the event of a national public
health emergency where a provider or supplier is enrolling for purposes
of furnishing services required as a result of the national public
health emergency situation. Such requests will be considered on a case-
by-case basis, as required by the statute. In addition, we are
soliciting comments on the appropriate objective criteria that should
be used in making a hardship determination and if there are any other
circumstances in which such exemptions should be allowed. We are also
seeking comment on the kinds of documents to be submitted to CMS or its
contractor to exhibit hardship, including any comments on the financial
or legal records that might be needed to make a determination of
hardship. Section 1866(j)(2)(C)(iii) of the Act also permits the
Secretary to waive the application fee for providers enrolled in a
State Medicaid program for whom the State demonstrates that imposition
of the fee would impede beneficiary access to care. We are soliciting
comments on how waivers from the application fee should be implemented
for Medicaid-only or dually-participating Medicare and Medicaid
providers and suppliers specifically those seeking to furnish services
where beneficiary access issues are prevalent, either geographically or
in the provision of the services.
We are committed to assuring access to care for program
beneficiaries. We are in the process of undertaking a review of
promising practices related to ensuring access in the Medicaid program
and CHIP. We will incorporate information from that review into
developing appropriate access criteria for purposes of the required
fee. We are also soliciting comments on the appropriate criteria that
we should consider. We are particularly interested in hearing from
States, providers, advocates, and other stakeholders relating to
concrete examples based on experiences in using specific access
criteria.
Based on the statutory requirements for calculating the application
fee, we offer the following example for purely illustrative purposes.
The initial application fee beginning in 2010 is established by law at
$500. However, for the following year, when the annual Consumer Price
Index (CPI-U) is calculated for the period ending June 2010, we would
recalculate the application fee using the CPI-U. Thus, if the CPI
increased by 2.34 percent for the 12-month period ending June 2010, the
application fee would be calculated by multiplying the fee for the year
by the CPI-U. The $500 application fee established by law in 2010 would
be multiplied by 1.0234 to give $511.70. We would then round to the
nearest dollar amount of $512.00. This would be the amount of the fee
in effect for 2011, and would apply to applications received after the
effective date of the statute--March 23, 2011 for newly enrolling
providers and suppliers and for revalidating providers and suppliers. A
similar process, based on the CPI-U for the period of July 1, 2010
through June 30, 2011 would be used to calculate the fee that would
become effective on January 1, 2012, and that

[[Page 58220]]

would apply to new and currently enrolled providers or suppliers that
submit applications on or after March 23, 2012. In Sec. 424.514(d)(2),
we propose that the annually recalculated application fee amount would
be effective for the calendar year during which the application for
enrollment is being submitted.
The amount of the application fee that is required of enrolling
providers or suppliers, would be the amount that is in effect on the
day the provider or supplier mails an enrollment application or
Certification Statement, postmarked by the USPS, or if mailed through a
private mail service, the date of receipt by the Medicare contractor.
Because the application fee will become an integral part of the
enrollment process, we believe that it is essential that we notify
State Medicaid agencies and the public about any changes in the
application fee prior to implementing a change in the fee. Accordingly,
we would afford States and the public with at least 30 days' notice of
any impending change in the application fee. We will make such
notification annually in the Federal Register and by issuing guidance
to the State Medicaid and CHIP Directors, issuing CMS provider and
supplier listserv messages, making announcements at CMS Open Door
Forums, and placing information on the CMS Provider/Supplier Enrollment
Web page (http://www.cms.gov/MedicareProviderSupEnroll).
We are proposing that a provider or supplier that believes it is
entitled to a hardship exception from the application fee enclose a
letter with the enrollment application or, if using Internet-based
PECOS, with the Certification Statement, explaining the nature of the
hardship. Further, we propose that we would not begin to process an
enrollment application submitted with a letter requesting a hardship
exception from the application fee until it makes a decision on whether
to grant the exception. Further, we are proposing that we make a
hardship exception determination within 60 days from receipt of the
request from an institutional provider and CMS contractor notify the
applicant or enrolled institutional provider or supplier by letter
approving or denying the request for a hardship exception. Moreover, if
we deny the request for hardship exception, we would provide our
reason(s) for denying the hardship exception.
In Sec. 424.530(a)(8), we propose adding a new reason why a
Medicare contractor can deny Medicare billing privileges. Specifically,
we are proposing a new Sec. 424.530(a)(8) to state, ``An institutional
provider's or supplier's `hardship exception' request is not granted.''
In 424.535(a)(6)(i), we propose adding a new reason why a Medicare
contractor can revoke Medicare billing privileges. Specifically, we are
proposing a new Sec. 424.535(a)(6)(i) to state, ``An institutional
provider does not submit an application fee or `hardship exception'
request that meets the requirements set forth in Sec. 424.514 with the
Medicare revalidation application or the hardship exception request is
not granted and the institutional provider or supplier does not submit
the required application fee within 30 days of being notified that the
exception request was not approved.
We are also proposing that an institutional provider may appeal the
determination not to grant a hardship exception from the application
fee using the provider enrollment appeals process established in Sec.
405.874 and found in 1866(j)(2) of the Act.
In Sec. 455.460, we are proposing that, for those providers who do
not participate in Medicare, the State may collect the fee established
by the Secretary as outlined above as the State will be responsible for
conducting the provider screening activities for these providers. Total
fees collected will be used to offset the cost of the Medicaid and CHIP
screening programs. The fees represent an applicable credit under OMB
Circular A-87, entitled ``Cost Principles for State, Local, and Indian
Tribal Governments'' (August 31, 2005 (70 FR 51910)), codified at 2 CFR
part 225, and made applicable to States by 45 CFR 92.22(b). The cost
principles require that the costs a State claims must be reduced by
``applicable credits,'' or ``those receipts or reduction of
expenditure-type transactions that offset or reduce expense items
allocable to Federal awards as direct or indirect costs'', (Paragraphs
C.1.i., C.4.a. and D.1. of Appendix A to 2 CFR part 225). If the fees
collected by a State agency exceed the cost of the screening program,
the State agency must return that portion of the fees to the Federal
Government. CMS will direct these fees to support program integrity
efforts as permitted by the ACA.

C. Temporary Moratoria on Enrollment of Medicare Providers and
Suppliers, Medicaid and CHIP Providers

1. Statutory Changes
Section 6401(a) of the ACA amended section 1866(j) of the Act by
adding a new section 1866(j)(7) of the Act, which provides that the
Secretary may impose temporary moratoria on the enrollment of new
Medicare, Medicaid, or CHIP providers and suppliers, including
categories of providers and suppliers, if the Secretary determines such
moratoria are necessary to prevent or combat fraud, waste, or abuse
under the programs.
Section 6401(b)(1) of the Act adds specific moratorium language
applicable to Medicaid at section 1902(ii)(4) of the Act, requiring
States to comply with any temporary moratorium imposed by the Secretary
unless the State determines that the imposition of such moratorium
would adversely affect Medicaid beneficiaries' access to care. Section
1902(ii)(4)(B) of the Act further permits States to impose temporary
enrollment moratoria, numerical caps, or other limits, for providers
identified by the Secretary as being at high risk for fraud, waste, or
abuse, if the State determines that the imposition of such moratorium,
cap, or other limits would not adversely impact Medicaid beneficiaries'
access to care.
Section 1866(j)(7) of the Act uses the term ``providers of services
and suppliers.'' Although, as noted above, the Medicaid program does
not use the term ``suppliers,'' section 1902(ii)(4) of the Act refers
to ``providers and suppliers.'' In this regulation, for uniformity with
sections II A. and B. of the proposed rule, we are using the term
``providers and suppliers'' in lieu of the term ``provider of services
and suppliers.'' We will use the term ``provider'' or ``Medicaid
provider'' or ``CHIP provider'' in lieu of the term ``provider or
supplier'' when referring to all Medicaid or CHIP health care
providers, including, but not limited to, providers and suppliers of
Medicaid items or services, individual practitioners, and institutional
providers.
2. Proposed Requirements
a. Medicare
We propose at Sec. 424.570(a) that CMS may impose a moratorium on
the enrollment of new Medicare providers and suppliers in 6- month
increments in situations where--(1) CMS, based on its review of
existing data, without limitation, indentifies a trend that appears to
be associated with a high risk of fraud, waste or abuse, such as highly
disproportionate number of providers or suppliers in a category
relative to the number of beneficiaries or a rapid increase in
enrollment applications within a category determines that there is a
significant potential for fraud, waste or abuse with respect to a
particular provider or supplier type or particular geographic area or
both; (2) a State has

[[Page 58221]]

imposed a moratorium on enrollment in a particular geographic area or
on a particular provider of supplier type or both; or (3) CMS, in
consultation with the HHS OIG or the Department of Justice (DOJ) or
both identifies either or both of the following as having a significant
potential for fraud, waste or abuse in the Medicare program:
A particular provider or supplier type.
Any particular geographic area.

As part of the CMS decision-making process, we will consider any
recommendation from the DOJ, HHS OIG, or the GAO to impose a temporary
moratorium for a specific provider or supplier type in a specific
geographic area.
We believe that imposing moratoria will, among other things, allow
us to review and consider additional programmatic initiatives,
including the development of additional regulatory and subregulatory
provisions to ensure that Medicare providers and suppliers are meeting
program requirements, beneficiaries receive quality care, and that an
adequate number of providers of suppliers exists to furnish services to
Medicare beneficiaries.
We also propose that enrollment moratoria be limited to: (1) Newly
enrolling providers and suppliers (that is., initial enrollment
applications); and (2) the establishment of new practice locations, not
to a change of practice locations. The temporary moratoria would not
apply to existing providers or suppliers of services unless they were
attempting to expand operations to new practice locations where a
temporary moratorium was imposed. Moreover, the temporary moratoria
would not apply in situations involving changes in ownership of
existing providers or suppliers, mergers, or consolidations.
We also propose at Sec. 424.570(b) that a moratorium would be
imposed for a period of 6 months, and such moratorium could be extended
by CMS in 6-month increments if CMS continues to believe that a
moratorium is needed to prevent or combat fraud, waste, or abuse. The
Secretary will re-evaluate whether a moratorium should continue prior
to each 6 month expiration date.
We also propose at Sec. 424.570(c) that CMS will deny enrollment
applications received from providers or suppliers covered by an
existing moratorium. We note that denial of Medicare billing privileges
is subject to the administrative review process established in Sec.
405.874. Accordingly, we believe that denial of Medicare billing
privileges is also afforded the right to appeal a Medicare contractor
determination to deny enrollment into the Medicare program.
In Sec. 424.530(a)(9), we propose adding a new reason why CMS can
deny Medicare billing privileges. Specifically, we are proposing a new
Sec. 424.530(a)(9) to state, ``A provider or supplier submits an
enrollment application for a practice location in a geographic area
where CMS has imposed a temporary moratorium.'' Further, in Sec.
498.5(l)(4), we propose that the scope of review for appeals of denials
under Sec. 424.530(a)(9) based upon a provider or supplier being
subject to a temporary moratorium will be limited to whether the
temporary moratoria applies to that particular provider or supplier.
We note that section 1866(j)(7) of the Act provides that there
shall be no judicial review of a temporary moratorium. Accordingly, we
propose that a provider or supplier may administratively appeal an
adverse determination based on the imposition of a temporary moratorium
up to and including the Department Appeal Board (DAB) level of review.
Finally, we propose at Sec. 424.570(d) that we may lift a
moratorium in the following circumstances: (1) In the case of a
Presidentially- declared disaster under the Robert T. Stafford Disaster
Relief and Emergency Assistance Act, 42 U.S.C. 5121 through 5206
(Stafford Act); (2) circumstances warranting the imposition of a
moratorium have abated or CMS has implemented program safeguards to
address any program vulnerability that was the basis for the
moratorium; or (3) in the judgment of the Secretary, the moratorium is
no longer needed.
We also recognize that in a limited number of circumstances a State
Medicaid agency may enroll a provider or supplier into Medicaid during
the temporary moratorium period established by Medicare. If this occurs
and the prospective Medicare provider or supplier applies to enroll in
the Medicare program after the temporary moratorium is lifted, we would
use the screening tools described in section II.A. of this proposed
rule.
We are also seeking public comment on specific exemptions to the
temporary moratoria criteria proposed above. Prior to imposing a
moratorium, we would assess Medicare beneficiary access to the type(s)
of services that are furnished by the provider or supplier type and/or
within the geographic area to which the moratorium would apply.
We would announce the implementation of a moratorium at any time.
The announcement would be made in the Federal Register and we would
also address it in other methods or forums, such as Press Releases, at
CMS Provider Open Door Forums, in CMS provider listservs, and on the
CMS Provider/Supplier Enrollment Web page (http://www.cms.gov/MedicareProviderSupEnroll). We would also require our Medicare
contractors to post the moratorium announcement or note the expiration
of a moratorium on their Web sites. Our Federal Register announcement
would explain in detail the rationale for the moratorium and the
rationale for the geographic area(s) in which it would apply.
b. Medicaid and CHIP
Pursuant to section 1902(ii)(4)(A) of the Act, we are proposing at
Sec. 455.470(a)(2) and (3) that a State Medicaid agency will comply
with a temporary moratorium imposed by the Secretary unless it
determines that the imposition of such a moratorium would adversely
affect beneficiaries' access to medical assistance.
Where the Secretary has imposed a temporary moratorium in
accordance with Sec. 424.570, and the State has determined that
compliance with such a moratorium would adversely impact Medicaid
beneficiaries', or CHIP participants', as the case may be, access to
medical assistance, section 1902(ii)(4)(A)(ii) of the Act creates an
exception for the State from complying with the moratorium. We propose
that the State provide the Secretary with written details of the
moratorium's adverse impact on Medicaid beneficiaries. Prior to the
Secretary imposing such a moratorium in any State, we propose at Sec.
455.470(a)(1) that the Secretary consult with the State, so that the
State may have an opportunity to seek an exception from the moratorium.
Pursuant to section 1902(ii)(4)(B) of the Act, States have
authority to impose moratoria, numerical caps, or other limits for
providers that are identified by the Secretary as being at ``high''
risk for fraud, waste, or abuse. We propose that where the State
identifies a category of providers as posing a significant risk of
fraud, waste, or abuse, the State must seek CMS' concurrence with that
determination and provide CMS with written details of the proposed
moratorium, including the anticipated duration, and with a substantial
justification explaining why disallowing newly enrolling providers
would reduce the risk of fraud. We propose at Sec. 455.470 that
States' moratoria would be imposed for a period of 6 months and may be
extended in 6-month increments.

[[Page 58222]]

Section 2107(e)(1) of the Act provides that all provisions that
apply to Medicaid under sections 1902(a)(77) and 1902(ii) of the Act
apply to CHIP. Accordingly, we propose in new regulation Sec. 457.990
that all the provider screening, provider application, and moratorium
regulations that apply to Medicaid providers will apply in providers
that participate in CHIP.

D. Suspension of Payments

1. Medicare
a. Background
In section 6402(h) of the ACA, Congress amended section 1862 of the
Social Security Act by adding a new paragraph (o), under which the
Secretary may suspend payments to a provider or supplier pending an
investigation of a credible allegation of fraud unless the Secretary
determines that there is good cause not to suspend payments. This
section requires that the Secretary consult with the HHS OIG in
determining whether there is a credible allegation of fraud against a
provider or supplier.
b. Current Medicare Regulations
We have long been authorized to suspend payments in cases of
suspected fraudulent activity. On December 2, 1996, we finalized
regulations Sec. 405.370 through Sec. 405.379 that provides for
suspension of payments to providers and suppliers for several
scenarios, including when we possess reliable information that fraud or
willful misrepresentation exists. The rule provides that we may suspend
payments to a provider or supplier in whole or in part based upon
possession of reliable information that an overpayment or fraud or
willful misrepresentation exists or that the payments to be made may
not be correct, although additional evidence may be needed for a
determination.
The existing rule provides that a suspension of payments is limited
to 180 days, unless it meets one of several exceptions. A Medicare
contractor may request a one-time-only extension of the suspension
period for up to 180 additional days if it is unable to complete its
examination of the information that serves as the basis for the
suspension. Also, OIG or a law enforcement agency may request a one-
time-only extension for up to 180 additional days to complete its
investigation in cases of fraud and willful misrepresentation. The rule
provides that these time limits do not apply if the case has been
referred to and is being considered by the OIG for administrative
action, such as civil monetary penalties. We may also grant an
extension beyond the 180 additional days if DOJ requests that the
suspension of payments be continued based on the ongoing investigation
and anticipated filing of criminal or civil actions. The DOJ extension
is limited to the amount of time needed to implement the criminal or
civil proceedings.
c. Proposed Requirements
Section 6402(h) of the ACA requires that the Secretary consult with
the OIG in determining whether there is a credible allegation of fraud
against a provider or supplier. If a credible allegation of fraud
exists, the Secretary may impose a suspension of payments pending an
investigation of the allegations, unless the Secretary determines that
there is good cause not to suspend payments. We are proposing to revise
Sec. 405.370 to add a definition of what constitutes a ``credible
allegation of fraud,'' to include an allegation from any source,
including but not limited to fraud hotline complaints, claims data
mining, patterns identified through provider audits, civil false claims
cases, and law enforcement investigations. Allegations are considered
to be credible when they have an indicia of reliability. Many issues
related to this definition will need to be determined on a case-by-case
basis by looking at all the factors, circumstances and issues at hand.
We continue to believe that CMS or its contractors must review all
allegations, facts, and information carefully and act judiciously on a
case-by-case basis when contemplating a payment suspension, mindful of
the impact that payment suspension may have upon a provider.
We additionally propose modifying the existing Sec. 405.370 to add
a definition for ``resolution of an investigation.'' The ACA provides
for the suspension of payments pending the investigation of a credible
allegation of fraud, and we believe that this provision necessitates
defining when an investigation has concluded and the basis for the
suspension of payments no longer exists. The definition proposed here
is that a resolution of an investigation occurs when legal action is
terminated by settlement, judgment, or dismissal, or when the case is
closed or dropped because of insufficient evidence. We are seeking
comments on an alternative definition of the term ``resolution of an
investigation'' which is that it occurs when a legal action is
initiated or the case is closed or dropped because of insufficient
evidence to support the allegations of fraud.
We propose modifying the existing Sec. 405.371(a) to differentiate
between suspensions based on either reliable information that an
overpayment exists or that payments to be made may not be correct, and
suspensions based upon a credible allegation of fraud. As required by
the ACA, we propose in this section that CMS or its contractor must
consult with the OIG, and as appropriate, the Department of Justice
(DOJ) in determining whether a credible allegation of fraud exists
prior to suspending payments on the basis of alleged fraud.
We also propose in accordance with the ACA that CMS retains
discretion regarding whether or not to impose a suspension or continue
a suspension, as there may be good cause not to suspend payments or not
to continue to suspend payments to providers or suppliers in certain
circumstances. We propose to add a new Sec. 405.371(b) to describe
circumstances that may qualify as good cause not to suspend payments or
not to continue to suspend payments despite credible allegations of
fraud.
In paragraph (b)(1), we propose a good cause exception based upon
specific requests by law enforcement that CMS not suspend payments.
There are numerous reasons for which law enforcement personnel might
make such a request, including that imposing a payment suspension might
alert a potential perpetrator to an investigation at an inopportune or
particularly sensitive time, jeopardize an undercover investigation, or
potentially expose whistleblowers or confidential sources.
In paragraph (b)(2), we propose a good cause exception not to
suspend payments if CMS determines that beneficiary access to necessary
items or services may be jeopardized. We envision there may be
scenarios in which a payment suspension to a provider might jeopardize
a provider's ability to continue rendering services to Medicare
beneficiaries whose access to items or services would be so jeopardized
as to cause a danger to life or health.
In paragraph (b)(3), we propose a good cause exception not to
suspend payments if CMS determines that other available remedies
implemented by or on behalf of CMS more effectively or quickly protect
Medicare funds than would implementing a payment suspension. For
example, law enforcement personnel might request that a court
immediately enjoin potentially unlawful conduct or prevent the
withdrawal, removal, transfer, disposal, or dissipation of assets,
either or both of which might protect Medicare

[[Page 58223]]

funds more fully or quickly than would imposition of a payment
suspension.
More generally, in paragraph (b)(4), we propose a good cause
exception based upon a determination by CMS that a payment suspension
or continuation of a payment suspension is not in the best interests of
the Medicare program. We further propose that CMS will conduct an
evaluation of whether there is good cause not to continue a suspension
every 180 days after the initiation of a suspension based on credible
allegations of fraud. We believe that circumstances surrounding a
specific case may change as an investigation progresses, and it may
become in the best of interests of the Medicare program to terminate a
payment suspension prior to the resolution of an investigation. As part
of this ongoing evaluation, CMS will request a certification from the
OIG or other law enforcement agency as to whether that agency continues
to investigate the matter.
We are considering additional specific circumstances and scenarios
that may qualify as good cause not to continue a payment suspension
prior to the resolution of an investigation, and solicit comments on
this approach. For example, one scenario that we are considering as
additional good cause not to continue a suspension is when a suspension
has been in place for a specific length of time, such as 2 years or 3
years, and the investigation has not been resolved. We anticipate that
on a case by case basis, CMS will evaluate the status of a particular
investigation and the nature of the alleged fraud in determining
whether keeping a payment suspension in effect beyond a certain length
of time may not be in the best interests of the Medicare program. We
have chosen not to propose specific language on duration in the
regulatory text. However, we solicit comment on this approach.
We propose modifying the existing Sec. 405.372 to reflect the
changes made in Sec. 405.371 which divides the payment suspension
authority into situations involving overpayments and situations
involving allegations of fraud. In Sec. 405.372(c) we clarify the
subsequent action requirements to distinguish between suspensions based
on credible allegations of fraud and those that are based on other
factors, such as overpayments. For suspensions that are not based on
credible allegations of fraud, CMS and its contractors will continue to
take timely action to obtain additional information needed to make an
overpayment determination and make all reasonable efforts to expedite
the determination. Once the determination is made, notice of the
determination will be given to the provider or supplier and the payment
suspension will be terminated. If the payment suspension is based on
credible allegations of fraud, CMS and its contractors will take
subsequent action to determine if an overpayment exists or if the
payments may be made, however the termination of the suspension and the
issuance of a final determination notice to the provider or supplier
may be delayed until resolution of the investigation. At the end of the
fraud investigation, it is possible that the Medicare contractor will
not have completed its overpayment determination, but will have
reliable evidence of an overpayment or will have evidence that the
payments to be made may not be correct. This typically occurs when a
law enforcement investigation results in civil or criminal resolution
prior to the Medicare contractor having had sufficient time to complete
its overpayment determination. In such a situation, we would allow the
suspension to continue as an overpayment suspension.
We propose modifying the existing Sec. 405.372(d) concerning the
duration of suspension of payment. In Sec. 405.372(d)(3) we except
suspensions based on credible allegations of fraud from the established
time limits specified in paragraphs (d)(1) and (d)(2). We believe the
strict time constraints found in paragraphs (d)(1) and (d)(2) should
only be applied to suspensions based on reliable information of an
overpayment or where payments to be made may not be correct both of
which require a speedy overpayment determination. When credible
allegations of fraud are present, we believe that CMS should have the
flexibility to maintain a suspension beyond these established time
limits in order for an investigation to be completed or the matter to
be resolved. However, we note that by excepting suspensions based on
credible allegations of fraud from these previously established
timeframes, we do not intend to suspend payments to providers and
suppliers indefinitely. We will be actively evaluating the progress of
any investigation to determine if good cause exists to no longer
continue the suspension of payments, as suspensions are designed to be
a temporary measure. As part of this recurring evaluation, CMS will
request a certification from the OIG or other law enforcement agency
that the matter continues to be under investigation.
We also propose eliminating the two other existing scenarios in
paragraph (d)(3) for extending payment suspensions beyond the time
limits in paragraphs (d)(1) and (d)(2), which are when the OIG is
considering administrative action such as civil monetary penalties and
also when the DOJ requests an extension based on an ongoing
investigation and the anticipated filing of criminal and/or civil
actions. We believe that both of these reasons under the existing rule
for extending suspensions will be captured in the new rule which will
allow for payment suspensions to extend until the resolution of an
investigation and are unnecessary given the other proposed changes.
2. Medicaid
a. Background
In section 6402(h) of the ACA, the Congress amended section
1903(i)(2) of the Act to provide that Federal Financial Participation
(FFP) in the Medicaid program shall not be made with respect to any
amount expended for items or services (other than an emergency item or
service, not including items or services furnished in an emergency room
of a hospital) furnished by an individual or entity to whom a State has
failed to suspend payments under the plan during any period when there
is pending an investigation of a credible allegation of fraud against
the individual or entity as determined by the State in accordance with
these regulations, unless the State determines in accordance with these
regulations that good cause exists not to suspend such payments.
b. Current Medicaid Regulations
State Medicaid agencies have long been authorized to withhold
payments in cases of fraud or willful misrepresentation. On December
28, 1987, DHHS finalized regulations at Sec. 455.23 that they
described as specifically encouraging State Medicaid agencies to
withhold program payments to providers without first granting
administrative review where the State agency has reliable evidence of
fraudulent activity by the provider. The regulations were issued by the
HHS OIG based on a concern that State administrative hearings could
interfere with investigations conducted by HHS OIG's Office of
Investigations or by the State's Medicaid fraud control unit (MFCU).
The requirements of an administrative hearing could jeopardize criminal
cases and investigators were reluctant to agree to a State's
withholding payment, thus risking additional overpayments. (See the
December 28, 1987 final rule (52 FR

[[Page 58224]]

48814)). The December 28, 1987 final rule remains in effect and has
remained unchanged since it was promulgated.
At the time the rule was proposed, the Department was in the
process of reorganizing its fraud and abuse regulations to reflect
authorities transferred to HHS OIG in 1983, as well as those retained
by CMS. HHS OIG authorities were transferred to a new 42 CFR chapter V,
while CMS' Medicaid program integrity authorities were retained at 42
CFR part 455. (See the September 30, 1986 final rule (51 FR 34764)).
This current rule provides that a State Medicaid agency may
withhold payments to a provider in whole or in part based upon receipt
of reliable evidence that the need for withholding payments involves
fraud or willful misrepresentation under the Medicaid program. At the
time this rule was published, commenters questioned what constituted
``reliable evidence of fraud.'' The HHS OIG declined to provide a
specific definition, noting that what constitutes ``reliable evidence''
is not easily and readily definable. The HHS OIG noted that while the
existence of an ongoing criminal or civil investigation against a
provider may be a factor in determining whether reliable evidence
exists, that reliable evidence should be determined on a case-by-case
basis with the State agency looking at all the factors, circumstances,
and issues at hand, and acting judiciously on this information.
The 1987 regulations also permitted payments to be suspended in
whole or in part. Commenters had suggested that ``clean claims''
continue to be processed without delay, and that any withholding ought
be targeted to only the type of Medicaid claims under investigation.
The HHS OIG responded that it is usually difficult to determine which
claims are ``clean'' until after an investigation has been completed,
but noted that where an investigation is solely and definitively
centered upon a specific type of claim that a State could, at its
discretion, withhold payments on just those types of claims. The HHS
OIG also agreed to commenters' requests to clarify that the withholding
provisions apply only to alleged fraud or willful misrepresentation
related to improperly received Medicaid payments and not to ancillary
unrelated matters such as deceptive advertising.
c. Proposed Requirements
The current regulation at Sec. 455.23 forms the framework for
these proposed regulations. State Medicaid agencies have long had the
authority to withhold payments in cases of alleged fraud or willful
misrepresentation. Section 6402(h)(2) of the ACA now mandates that
States not receive FFP in cases where they fail to suspend Medicaid
payments during any period when there is pending an investigation of a
credible allegation of fraud against an individual or entity as
determined by the State in accordance with these proposed regulations
unless the State determines that good cause exists for a State not to
suspend such payments. To conform the existing regulation to the
terminology of the ACA, we propose to change the phrase ``withhold
payments'' to ``suspend payments,'' a change we believe is merely
semantic.
We propose to implement section 6402(h)(2) of the ACA by modifying
the existing Sec. 455.23(a) to make payment suspensions mandatory
where an investigation of a credible allegation of fraud under the
Medicaid program exists. Based on the ACA's use of just the term
``fraud,'' we do not propose to retain the existing term ``willful
misrepresentation.'' We believe that fraud and willful
misrepresentation are largely indistinguishable, thus we do not believe
this proposal represents a substantive change nor do we intend it to
have a substantive effect insofar as reducing or limiting a State's
authority to suspend Medicaid payments. We solicit comments on this
approach.
To conform the proposed regulation to the requirements of the ACA,
we propose to modify terminology in the existing Sec. 455.23(a) that
now refers to ``receipt of reliable evidence'' to instead refer to a
``pending investigation of a credible allegation of fraud.'' In
contrast to the semantic change from ``withhold payments'' to ``suspend
payments,'' in this case we believe that there is a substantive
difference between the threshold level of certainty or proof necessary
to identify a ``credible allegation'' versus the heightened requirement
of ``reliable evidence'' in the current regulation.
We do not believe that the phrase ``when there is pending an
investigation of a credible allegation of fraud'' necessarily demands
that an investigation originate in or with a law enforcement agency.
Rather, State Medicaid agencies have program integrity units that, in
the normal course of business, receive, and conduct investigations
based upon, tips alleging fraud, and which also conduct proactive
investigations based upon internal data analyses and other fraud
detection techniques. We believe that State agency investigations,
though they may be preliminary in the sense that they lead to a
referral to a law enforcement agency for continued investigation, are
adequate vehicles by which it may be determined that a credible
allegation of fraud exists sufficient to trigger a payment suspension
to protect Medicaid funds.
This threshold by which a State agency investigation may give rise
to a payment suspension is a somewhat lesser threshold than that in the
current regulation. The preamble to the current regulation specified
that it was anticipated the State agency would confer with, and receive
the concurrence of, investigative or prosecuting authorities prior to
imposing a withholding action. However, that preamble also stated that
it was establishing mere minimum requirements, and that States could
exercise broader power where State law or regulation so provided. Most
States have availed themselves of the existing Federal authority (or
broader state authority) to withhold payments, and we believe that
experience over the past 20 years offers no indication this authority
has been misused against providers. Moreover, we believe this proposed
threshold is consistent with the phrase ``investigation of a credible
allegation of fraud'' of the ACA. We do anticipate that payment
suspension authority will be used more frequently because the ACA
dictates that where there is a pending investigation of credible
allegations of fraud against a provider, a State that fails to suspend
payments to that provider will not receive FFP with respect to such
payments unless good cause exists not to suspend them.
We propose to adopt at Sec. 455.2 the same broad definition of
``credible allegation'' proposed above in the context of the Medicare
program. In many cases, what constitutes a ``credible allegation'' must
be determined on a case-by-case basis with the State agency looking at
all the factors, circumstances, and issues at hand. Guided by the
experience of more than 20 years, we are aware that States have been
able to identify ``reliable evidence'' through a variety of means
including, but not limited to, fraud hotline complaints, Medicaid
claims data mining, and patterns identified through provider audits,
along with the appropriate level of additional investigation that
accompanies each of these. Moreover, States have received referrals
from State MFCUs, other law enforcement agencies, and other State
benefits program investigative units. We continue to believe that State
agencies must review all allegations, facts, and evidence carefully and
act judiciously on a case-by-case basis when contemplating a payment
suspension,

[[Page 58225]]

mindful of the impact that payment suspension may have upon a provider.
In paragraph (b), we propose that the State agency notify a
provider of a payment suspension in a way very similar to the mechanism
currently specified in regulation by which the State agency is required
to notify a provider, specifying certain details, within 5 days of
taking such action. However, we do propose to provide for a 30-day
period, renewable in writing up to twice for a total not to exceed 90
days, by which law enforcement may, in writing, request the State
agency to delay notification to a provider. We propose this because we
believe that occasionally an investigation may be at a sensitive stage,
perhaps involving undercover personnel or a confidential informant,
where required notification to the provider at a particular time might
jeopardize the investigation. We do not believe we should extend the
delay notification beyond 90 days out of fairness to a provider and, in
any event, a provider deriving any significant revenue stream from
Medicaid is likely to itself discern the fact of a payment suspension
well in advance of 90 days.
We are proposing only minor changes to the current provisions in
Sec. 455.23(c) on the duration of a suspension. To comport with the
ACA, we change the term ``withholding'' to ``suspension''; this is a
semantic change that, as noted above, has been made throughout. In the
proposed new Sec. 455.23(c)(2), we propose to require a State to
notify a provider of the termination of a payment suspension and, where
applicable, to specify the availability to a provider of any appeal
rights under State law and regulation.
Substantively, we do not propose significant change to the existing
duration provisions, which specify that withholding (now, suspension)
will be temporary and will not continue after: (1) Authorities discern
that there is insufficient evidence of fraud upon which to base a legal
action; or (2) legal proceedings related to the alleged fraud are
completed.
We believe that maintaining the existing duration provisions is
consistent with the ACA that requires that FFP not be made when a State
fails to suspend payments ``during any period when there is pending an
investigation of a credible allegation of fraud against an individual
or entity.'' We further recognize that the Act applies a very similar
standard to the Medicare program. We solicit comments on our proposal
to maintain the existing duration provisions.
In paragraph (d), we propose to require a State to make a formal,
written suspected fraud referral to its MFCU or, where a State does not
have a MFCU to an appropriate law enforcement agency, for each instance
of payment suspension as the result of a State agency's preliminary
investigation of a credible allegation of fraud. This will ensure that
an appropriate full investigation by a law enforcement agency timely
ensues. If the MFCU or other law enforcement agency declines to accept
the referral, we propose to require the State to immediately release
the payment suspension unless the State refers the matter to another
law enforcement entity or unless the State has alternative Federal or
State authority by which it may impose a suspension. In the latter
case, the requirements of that alternative authority, including any
notice and due process or other safeguards, would be applicable.
We propose to require that a State's formal, written suspected
fraud referral meets fraud referral performance standards issued by the
Secretary. The currently applicable fraud referral performance
standards were issued by CMS on September 30, 2008. In a January 2007
report entitled ``Suspected Medicaid Fraud Referrals,'' (OEI 07-04-
00181) the HHS OIG expressed concern with the lack of CMS criteria
specific to the referral of suspected fraud issues from State Medicaid
agencies to MFCUs such that it was unable to determine the adequacy of
State Medicaid agencies' performance. CMS agreed in response to that
report to work towards the establishment of fraud referral performance
standards (which it has now issued) to which States will be required to
conform in making referrals under this regulation.
In paragraph (d)(3), we propose that on a quarterly basis a State
must request a certification from the MFCU or other law enforcement
agency that any matter accepted on the basis of a referral continues to
be under investigation or in the course of enforcement proceedings
warranting continuation of the payment suspension. We recognize that
due to various constraints, law enforcement agencies may not be able to
provide specific updates on matters under investigation. In recognition
of the fact that payment suspensions are only temporary, however, we
propose to require such quarterly certifications to ensure, for
example, that a suspension will not be continued long after a law
enforcement agency has closed an investigation but neglected to alert a
State agency of that fact. To maximize State flexibility to implement
this requirement, we are not prescribing the precise format such
certifications must take.
Consistent with the new Affordable Care Act provision, we also
propose to create several ``good cause'' exceptions by which States may
determine good cause exists not to suspend payments or to suspend
payments only in part. In new paragraph (e) we have included several
circumstances that we believe constitute ``good cause'' for a State to
determine not to suspend payments, or not to continue a payment
suspension previously imposed, to an individual or entity despite a
pending investigation of a credible allegation of fraud. In paragraph
(e)(1), we propose a good cause exception based upon specific requests
by law enforcement that State officials not suspend (or continue to
suspend) payment. There are numerous reasons for which law enforcement
personnel might make such a request, including that imposing a payment
suspension might alert a potential perpetrator to an investigation at
an inopportune or particularly sensitive time, jeopardize an undercover
investigation, or potentially expose whistleblowers or confidential
sources.
In paragraph (e)(2), we propose a good cause exception if a State
determines that other available remedies implemented by the State could
more effectively or quickly protect Medicaid funds than would
implementing (or continuing) a payment suspension. For example, law
enforcement personnel might request that a court immediately enjoin
potentially unlawful conduct or prevent the withdrawal, removal,
transfer, disposal, or dissipation of assets, either or both of which
might protect Medicaid funds more fully or quickly than would
imposition of a payment suspension.
Paragraph (e)(3) proposes a good cause exception based upon a
determination by the State agency that a payment suspension is not in
the best interests of the Medicaid program. It is conceivable that a
State may, in rare situations, face exigent circumstances with respect
to a suspension situation not addressed by the other good cause
exceptions specified here but where it otherwise determines suspension
would not be in the State Medicaid's programs best interests. This
broad standard is intended to reflect that payment suspension is a very
serious action that can potentially lead to dire consequences, but that
it is impossible to specify detailed contingencies with respect to
every possible scenario that might arise. We do not anticipate that
States will frequently make use of this exception; however where this
exception is utilized we do require that States document their use of
this exception, and will closely monitor its

[[Page 58226]]

implementation to determine whether further regulation is necessary. We
solicit comments on this approach.
In paragraph (e)(4), we propose a good cause exception based upon a
determination by the State of an adverse effect of the suspension on
beneficiary access to necessary items or services. We envision there
may be scenarios in which a payment suspension to a provider might
jeopardize a provider's ability to continue rendering services to
Medicaid beneficiaries, thus threatening Medicaid beneficiaries' access
to care. Utilizing a standard identical to that which CMS and the HHS
OIG apply in assessing requests for waivers of exclusion at Parts 402
and 1001 of Title 42, for example, we posit one basis for a good cause
exception from payment suspension is if a provider under investigation
is a sole community physician or the sole source of specialized
services available in a community. Likewise, in Federally-designated
medically underserved areas the potential impact of a payment
suspension upon a large provider might equally threaten recipient
access, thus this underlies a second access exception. We welcome
comments on this approach, including comments with respect to other
metrics by which to assess potential beneficiary jeopardy in terms of
access to necessary items or services.
Finally, in paragraph (e)(5) we propose a good cause exception that
would permit (but not require) a State to discontinue an existing
suspension to the extent law enforcement declines to cooperate in
certifying under the requirements of paragraph (d)(3) that a matter
continues to be under investigation and therefore warrants continuing
the suspension.
We do not interpret the new provision in the ACA as mandating that
a State must always suspend payments in toto in cases of an
investigation of a credible allegation of fraud. In general, we
continue to believe a payment suspension should apply to all claims
consistent with the HHS OIG's responses to comments in the 1987
regulations that it is usually difficult to determine which claims are
clean claims until after an investigation is completed, and one purpose
of payment suspension is to build a type of escrow account out of which
any overpayments can be deducted when an investigation is concluded.
With certain new constraints, we have chosen to continue to allow
States the flexibility to suspend payments in part. For example, as
stated in the preamble to the current regulation, there may be times
where an investigation is solely and definitively centered on only a
specific type of claim in which case a State may determine it is
appropriate to impose a payment suspension on only that type of claim.
Likewise, a State might determine that an investigation of a credible
allegation of fraud is limited to a particular business unit or
component of a provider such that a suspension need not apply to
certain business units or components of a provider.
Balancing these approaches, we propose to allow States to implement
a partial payment suspension, or, where appropriate, to convert a
previously imposed full payment suspension to a partial payment
suspension, if justified via a good cause exception. The good cause
exceptions for partial suspension at paragraphs (f)(1) and (2) mirror
those at paragraphs (e)(4) and (3), respectively, and allow the State
to adopt a partial payment suspension where suspension in whole would
so jeopardize a recipient's access to items or services as to endanger
the recipient's life or health, or where the State deems it in the best
interests of the Medicaid program. At paragraph (f)(3), we propose that
a State may avail itself of the good cause exception to suspend
payments only in part if the nature of the credible allegation is
focused solely and definitively on only a specific type of claim or
arises from only a specific business unit of a provider, and the State
determines and documents in writing that a payment suspension in part
would effectively ensure that potentially fraudulent claims were not
continuing to be paid. Many such cases will still demand suspension in
full, but this provision, which we anticipate States would exercise
sparingly, gives States flexibility to act otherwise in those limited
circumstances where appropriate. Finally, at paragraph (f)(4), we
propose that a State may avail itself of the good cause exception to
convert a payment suspension in whole to one only in part to the extent
law enforcement declines to cooperate in certifying under the
requirements of paragraph (d)(3) that a matter continues to be under
investigation. We solicit comment on these proposed approaches.
We propose in new paragraph (g) to add several reporting and
document retention guidelines to Sec. 455.23. Payment suspension
authority is critically important to protect Medicaid funds, but
payment suspension can have dire consequences to a provider. Payment
suspension authority, including a State's exercise of a good cause
exception to otherwise address a suspension situation, must be
exercised responsibly by a State at all stages, from the inception to
the termination of the suspension. Through, among other things, its
State Program Integrity Reviews, we expect to maintain close oversight
of State utilization of suspension authority. However, to be clear, we
expressly and explicitly do not expect State compliance (or
noncompliance) with these documentation or retention provisions to give
rise to any enforceable right of a provider aggrieved by any real or
perceived failures with respect to these requirements to seek any form
of redress (administratively, judicially, or otherwise).
Under these proposed reporting and retention guidelines, States are
required to maintain for a minimum of 5 years from the date of issuance
all materials documenting the life cycle of a payment suspension that
is imposed, including: (1) All notices of suspension of payment in
whole or part; (2) all fraud referrals to MFCUs or other law
enforcement agencies; (3) all quarterly certifications by law
enforcement that a matter continues to be under investigation; and (4)
all notices documenting the termination of a suspension. Likewise, we
propose to require States to maintain for the same period all
documentation justifying the exercise of the good cause exceptions.
Finally, we propose to require States to annually report to the
Secretary information regarding the life cycle of each payment
suspension imposed and any determinations to exercise the good cause
exceptions not to suspend payment, to suspend payment only in part, or
to discontinue a payment suspension.
To effectuate section 6402(h)(2) of the ACA's prohibition on
expenditure of FFP where a State fails to suspend payments that should,
by virtue of the ACA standard and this proposed rule, have been
suspended, we propose to add a new Sec. 447.90 that contains both the
general rule and which refers to the exceptions found in Sec. 455.23
for ``good cause.'' Paragraph (a) specifies the basis and purpose for
the new provision. Paragraph (b) specifies the general rule that FFP
would not be available with respect to items or services furnished by
an individual or entity to whom the State has failed to suspend
Medicaid payments during any period where there is pending an
investigation of a credible allegation of fraud against the individual
or entity except in specified circumstances that include certain
emergency circumstances, or if good cause exists as specified at Sec.
455.23(e) or (f).
As mentioned, we anticipate that CMS' enforcement and monitoring of

[[Page 58227]]

these provisions will largely be accomplished through measures such as
State Program Integrity reviews conducted by CMS. Such reviews will,
among other things, evaluate States' complaint intake and investigation
efforts, and assess whether States have an effective process to move
matters where there are found to be credible allegations of fraud to
the point where they are evaluated for payment suspension. However, we
do not believe it is viable to require States to report and document to
CMS every instance of where any allegation of fraud arises and further
qualify which ones rise to the level of credible allegation. We want to
foster effective and efficient State program integrity efforts with
respect to which payment suspension is an integral component, but we do
not want to create a system so procedurally onerous that it overwhelms
a State's ability to substantively perform this critical work.
Nevertheless, we will thoroughly investigate and act by, among other
things, deferring and/or disallowing FFP in accordance with Sec.
430.40 and Sec. 430.42, if program integrity reviews or other methods
of ensuring State compliance with Medicaid program requirements reveal
a State is failing to suspend payments (or inappropriately applying a
good cause exception) where pending investigations of credible
allegations of fraud do exist. A State may not claim (on its Form CMS-
64) FFP for payments that are suspended. Any State that does not
suspend payments, or that suspends payments but continues to claim FFP
with respect to what would have been paid had no suspension been in
place, puts that FFP at risk. In such cases, we would pursue a deferral
and/or disallowance to reclaim the Federal portion of such payment. We
solicit comments on CMS' proposed oversight approach.
Finally, three provisions are proposed to be added to the
regulations at Sec. 1007.9 that specify the State MFCU's relationship
to, and agreement with, the State Medicaid agency. These proposed
revisions are necessary to effectuate the proposed revisions under
Sec. 455.23. The regulations at 42 CFR part 1007 are enforced by HHS
OIG as part of its delegated authority to certify and fund the State
MFCUs. (See August 15, 1979 final rule (44 FR 47811)). However, we are
including amendments to part 1007 here to ensure a comprehensive
regulatory package that sets forth in one location the Department's
implementation of the suspension provisions of section 6402(h) of the
ACA.
The first of these provisions proposes to add a new paragraph (e)
to Sec. 1007.9 that specifies that the MFCU may refer to the State
agency any provider against which there is pending an investigation of
a credible allegation of fraud for purposes of payment suspension in
accord with Sec. 455.23. Allegations of potential fraud may first be
identified by the MFCU rather than by the State agency, so this
provision merely formalizes a path from the MFCU to the State agency so
a payment suspension may be implemented where appropriate. This
provision also proposes that any referral to the State agency for
consideration of a payment suspension be in writing. The written
referral need not be extensive, but must include information adequate
to enable the State agency to identify the provider and a brief
explanation of the credible allegations forming the grounds for the
payment suspension. The second proposed addition to Sec. 1007.9
proposes to add a new paragraph (f) providing that any request by the
unit to the State agency to delay notification of suspension to a
provider pursuant to the provisions of the proposed Sec.
455.23(b)(1)(ii) come in writing. Proposing to require that such
requests need be made in writing (which could take the form of an e-
mail) provides for an audit trail to ensure that proper procedures are
followed. However, we expressly do not intend for this requirement to
create any substantive right upon which a provider might lodge
objection or other legal challenge to the extent the proper procedures
were not followed. Last, a new paragraph (g) is proposed to require the
unit to notify the State agency in writing when it has accepted or
declined a case referred by the State agency. Aside from also creating
an audit trail, this proposed provision would be important in that it
would alert the State agency as to the status of a referral, which
would shape how the State agency would handle a suspension under the
proposed revisions to Sec. 455.23.

E. Proposed Approach and Solicitation of Comments for Sections 6102 and
6401(a) of the ACA--Ethics and Compliance Program

Under section 6102 of the ACA which established new section 1128I
of the Act, a nursing facility (NF) or SNF shall have in operation a
compliance and ethics program that is effective in preventing and
detecting criminal, civil, and administrative violations and in
promoting quality of care, consistent with regulations developed by the
Secretary, working jointly with the HHS OIG. The regulations to
establish the compliance and ethics program for operating organizations
may include a model compliance program. The statute requires that in
the case of an organization that has five or more facilities, the
formality or specific elements of the program vary with the size of the
organization. The statute also requires that not later than 3 years
after the effective date of the regulations, the Secretary shall
complete an evaluation of the programs to determine if such programs
led to changes in deficiency citations, changes in quality performance,
or changes in the quality of resident care. The Secretary shall submit
to Congress a report on such evaluation with recommendations for
changes in the requirements, as the Secretary deems appropriate.
Similarly, under section 6401(a) of the ACA, which established a
new section 1866(j)(8) of the Act, a provider of medical or other items
or services or a supplier shall, as a condition of enrollment in
Medicare, Medicaid or CHIP, establish a compliance program that
contains certain ``core elements.'' The statute requires the Secretary,
in consultation with the HHS OIG, to establish the core elements for
providers or suppliers within a particular industry or category. The
statute allows the Secretary to determine the date that providers and
suppliers need to establish the required core elements as a condition
of enrollment in Medicare, Medicaid, and CHIP. The statute requires the
Secretary to consider the extent to which the adoption of compliance
programs by providers or suppliers is widespread in a particular
industry sector or particular provider or supplier category. Please
note, NFs and SNFs are subject to both compliance plan requirements
under sections 6102 and 6401(a) since section 6401(a) of the ACA
includes all providers and suppliers enrolling into Medicare, Medicaid
and CHIP. We intend to establish compliance program core elements per
section 6401(a) of the ACA for NFs and SNFs that closely match the
required components of a compliance program per section 6102 of the
ACA.
In order to consider the views of industry stakeholders, we are
soliciting comments on compliance program requirements included in the
ACA. We do not intend to finalize compliance plan requirements when the
other proposals in this proposed rule are finalized; rather, we intend
to do further rulemaking on compliance plan requirements and will
advance specific proposals at some point in the future. We are most
interested in receiving comments on the following:

[[Page 58228]]

The use of the seven elements of an effective compliance and ethics
program as described in Chapter 8 of the U.S. Federal Sentencing
Guidelines Manual (http://www.ussc.gov/2010guid/20100503_Reader_Friendly_Proposed_Amendments.pdf, pp. 31-35) as the basis for the
core elements of the required compliance programs for Medicare,
Medicaid and CHIP enrollment. These elements instill a commitment to
prevent, detect and correct inappropriate behavior and ensure
compliance with all applicable laws, regulations and requirements, and
include--
The development and distribution of written policies,
procedures and standards of conduct to prevent and detect inappropriate
behavior;
The designation of a chief compliance officer and other
appropriate bodies (for example a corporate compliance committee)
charged with the responsibility of operating and monitoring the
compliance program and who report directly to high-level personnel and
the governing body;
The use of reasonable efforts not to include any
individual in the substantial authority personnel whom the organization
knew, or should have known, has engaged in illegal activities or other
conduct inconsistent with an effective compliance and ethics program;
The development and implementation of regular, effective
education and training programs for the governing body, all employees,
including high-level personnel, and, as appropriate, the organization's
agents;
The maintenance of a process, such as a hotline, to
receive complaints and the adoption of procedures to protect the
anonymity of complainants and to protect whistleblowers from
retaliation;
The development of a system to respond to allegations of
improper conduct and the enforcement of appropriate disciplinary action
against employees who have violated internal compliance policies,
applicable statutes, regulations or Federal health care program
requirements;
The use of audits and/or other evaluation techniques to
monitor compliance and assist in the reduction of identified problem
areas; and
The investigation and remediation of identified systemic
problems including making any necessary modifications to the
organization's compliance and ethics program.
In addition, we are particularly interested in comments about the
following:
The extent to which, and the manner in which, providers
and suppliers already incorporate each of the seven U.S. Federal
Sentencing Guidelines elements into their compliance programs or
business operations. We are interested in how and to what degree each
element has been incorporated effectively into the compliance programs
of different types of providers and suppliers considering their risk
areas, business model and industry sector or particular provider or
supplier category.
Any other suggestions for compliance program elements
beyond, or related to, the seven elements referenced above considering
provider or supplier risk areas, business model and industry sector or
particular provider or supplier category including whether external
and/or internal quality monitoring should be a required for hospitals
and long-term care facilities.
The costs and benefits of compliance programs or
operations including aggregate or component costs and benefits of
implementing particular elements and how these costs and benefits were
measured.
The types of systems necessary for effective compliance,
the costs associated with these systems and the degree to which
providers and suppliers already have these systems including, but not
limited to, tracking systems, data capturing systems and electronic
claims submission systems. We anticipate having providers and suppliers
evaluate the effectiveness of their compliance plans using electronic
data.
The existence of and experience with state or other
compliance requirements for various providers and suppliers and
foreseeable conflicts or duplication from multiple requirements.
The criteria we should consider when determining whether,
and if so, how to divide providers and suppliers into groupings that
would be subject to similar compliance requirements including whether
individuals should have different compliance obligations from
corporations.
Available research or individual experience regarding the
current rate of adoption and level of sophistication of compliance
programs for providers or suppliers based on their business model and
industry sector or particular provider or supplier category.
How effective compliance programs have been for varied
providers and suppliers and how the level of effectiveness was
measured.
The extent to which providers and suppliers currently use
third party resources, such as consultants, review organizations, and
auditors, in their compliance efforts.
The extent to which providers and suppliers have already
identified staff responsible for compliance and, for those who already
have staff responsible for compliance, the positions of these staff.
A reasonable timeline for establishment of a required
compliance program for various types and sizes of providers and
suppliers, assuming the compliance program core elements were based on
the aforementioned U.S. Federal Sentencing Guidelines' seven elements
of an effective compliance and ethics program, considering business
model and industry sector or particular provider or supplier category.
We welcome any information concerning how the industry views
compliance program elements and how we can establish required
compliance program elements to protect Medicare, Medicaid, and CHIP
from fraud and abuse.

F. Termination of Provider Participation Under the Medicaid Program and
CHIP if Terminated Under the Medicare Program or Another State Medicaid
Program or CHIP

1. Discussion
Effective provider screening prevents excluded providers from
enrolling in government health care programs and being paid with
Federal and State funds. Providers barred from participating because of
effective screening cannot abuse Medicare, Medicaid, or CHIP.
When a State terminates a provider but does not share that
information with any other State, all other States become vulnerable to
potential fraud, waste, and abuse committed by that provider.
Similarly, a provider, supplier, or eligible professional that has been
terminated from Medicare or has had Medicare billing privileges revoked
may enroll with a State Medicaid program or with CHIP when a State is
not aware of the Medicare termination or revocation. We may terminate
or revoke the billing privileges of a provider, supplier, or eligible
professional under Medicare for a number of reasons, as set forth at
Sec. 424.535, including exclusion from health care programs,
government-wide debarment, and conviction of violent felonies and
financial crimes.
Section 6501 Affordable Care Act requires a State's Medicaid
program to terminate an individual or entity's participation in the
program (subject to certain limitations on exclusions in sections
1128(c)(2)(B) and 1128(d)(2)(B) of the Act), if the individual or
entity has been terminated under Medicare or

[[Page 58229]]

another State's Medicaid program. Although the term ``termination''
only applies to providers under Medicare whose billing privileges have
been revoked (and does not apply to Medicare suppliers or eligible
professionals), we believe it was the intent of the Congress that this
requirement also be applicable to suppliers and eligible professionals
that have had their billing privileges under Medicare revoked as well.
Therefore, we are proposing that ``termination'' be inclusive of
situations where an individual's or entity's billing privileges have
been revoked. The requirement for States to terminate would only apply
in cases where providers, suppliers, or eligible professionals were
terminated or had their billing privileges revoked for cause, for
example, for reasons based upon fraud, integrity or quality, and not in
cases where the providers, suppliers, or eligible professionals were
terminated or had their billing privileges revoked based upon a failure
to submit claims over a period of 12 months or more, or any other
voluntary action taken by the provider to end its participation in the
program, except where that voluntary action is taken to avoid a
sanction.
In addition, State Medicaid programs would terminate a provider
only after the provider had exhausted all available appeal rights in
the State that originally terminated the provider.
Section 6501 of the ACA builds upon the requirements in section
6401(b)(2) of the ACA, which requires that CMS establish a process to
make available Medicare provider, supplier, and eligible professional
and CHIP provider termination information to State Medicaid programs.
Section 1902(ii)(6) of the Act also requires States to report adverse
provider actions to CMS, including criminal convictions, sanctions, and
negative licensure actions.
When States are apprised of the terminations or revocations of
billing privileges, as the case may be, of providers, suppliers, and
eligible professionals that have occurred in other State Medicaid
programs, CHIP, or in Medicare, States have the information they need
to protect their programs.
2. Statutory Change
Section 6501 of the ACA amends section 1902(a)(39) of the Act to
require a State Medicaid program to terminate any provider, be it an
individual or entity, participating in that program, subject to the
limitations on exclusions in sections 1128(c)(2)(B) and 1128(d)(2)(B)
of the Act, if the provider's participation has been terminated under
title XVIII of the Act or another State's Medicaid program.
3. Proposed Requirements
We propose at 42 CFR 455.416 that a State Medicaid program must
deny enrollment or terminate the enrollment of a provider that is
terminated on or after January 1, 2011 under Medicare, or has had its
billing privileges revoked, or is terminated on or after January 1,
2011 under any other State's Medicaid program or CHIP.
While section 6501 of the ACA does not expressly require that
individuals or entities that have been terminated under Medicare or
Medicaid also be terminated from CHIP, we also propose, under our
general rulemaking authority pursuant to section 1102 of the Act, to
require in CHIP regulations that CHIP take similar action to terminate
a provider terminated or revoked under Medicare, or terminated under
any other State's Medicaid program or CHIP.
We also propose to add a definition at Sec. 455.101 for
termination for purposes of this section. That definition distinguishes
between Medicaid providers and Medicare providers, suppliers, and
eligible professionals and specifies that termination means a State
Medicaid program or the Medicare program has taken action to revoke the
Medicaid provider's or Medicare provider, supplier or eligible
professional's billing privileges and the provider, supplier or
eligible professional has exhausted all applicable appeal rights. There
is no expectation on the part of the provider, supplier, or eligible
professional or the State or Medicare program that the termination or
revocation is temporary. The provider, supplier or eligible
professional would be required to reenroll with the applicable program
if they wish billing privileges to be reinstated.

G. Additional Medicare Provider Enrollment Provisions

In Sec. 424.535(a)(11), we propose allowing CMS or its designated
Medicare contractor to revoke Medicare billing privileges when a State
Medicaid agency terminates, revokes, or suspends a provider or
supplier's Medicaid enrollment or billing privileges. We believe that
this approach works in tandem with section 6501 of the ACA which
requires States to terminate a provider or supplier under the Medicaid
program when the provider or supplier has been terminated by Medicare
or by another State's Medicaid program. Moreover, we believe that
providers and suppliers whose enrollment has been terminated by a State
Medicaid program pose an increased risk to the Medicare program.

III. Collection of Information Requirements

Under the Paperwork Reduction Act of 1995, we are required to
provide 60-day notice in the Federal Register and solicit public
comment before a collection of information requirement is submitted to
the Office of Management and Budget (OMB) for review and approval. In
order to fairly evaluate whether an information collection should be
approved by OMB, section 3506(c)(2)(A) of the Paperwork Reduction Act
of 1995 requires that we solicit comment on the following issues:
The need for the information collection and its usefulness
in carrying out the proper functions of our agency.
The accuracy of our estimate of the information collection
burden.
The quality, utility, and clarity of the information to be
collected.
Recommendations to minimize the information collection
burden on the affected public, including automated collection
techniques.
We are soliciting public comment on each of these issues for the
following sections of this document that contain information collection
requirements (ICRs):

A. ICRs Regarding Application Fee Hardship Exception (Sec. 424.514)

Proposed Sec. 424.514(e) states that a provider or supplier that
believes it has a hardship that justifies a waiver exception of the
application fee must include with its enrollment application a letter
that describes the hardship and why the hardship justifies a waiver
exception. The burden associated with this proposed requirement would
be the time and effort necessary to submit a Medicare enrollment
application, which is required currently of any individual or entity
enrolling in Medicare. In addition to the enrollment application, a
provider or supplier would have the new burden of drafting and
submitting a letter to justify its hardship waiver request should it
choose to submit one. The burden associated with submitting Medicare
enrollment applications is approved under both 0938-0685 and 0938-1056,
the CMS Forms 855-A, B, and the CMS-855-S (or their associated
Internet-based PECOS enrolment application), respectively. Although we
have no way of knowing for certain how many entities will actually
submit an application with a letter requesting a waiver, we know that
initially there are likely to be more such requests in the early years
of implementation than in later years. We estimate that in the first

[[Page 58230]]

year, 12,000 providers or suppliers -or slightly over 50 percent of the
total number of providers and suppliers that we believe (as discussed
in the section V. of this proposed rule) will be subject to the
application fee--will submit waiver request letters as part of their
application packages. We also estimate that it will take each provider
or supplier 1 hour to develop the letter. The total estimated annual
burden associated with this requirement is therefore 12,000 hours at a
cost of $600,000, or $50.00 per waiver request.

B. ICRs Regarding Fingerprinting (Sec. 424.518 and Sec. 455.434)

Proposed Sec. 424.518(c) which reads: ``In addition to the
``limited'' and ``moderate'' screening requirements described in (a)
and (b) above, the Medicare enrollment contractor shall conduct a
criminal background check or require the submission of set of
fingerprints using the FD-258 standard fingerprint card when a
prospective home health agency or supplier of DMEPOS is enrolling into
the Medicare program or is establishing a new practice location and is
not publicly-traded on the NYSE or NASDAQ,'' would allow CMS, its
agents or its designated contractors to require the submission of a set
of fingerprints using the FD-258 standard fingerprint card. Similarly,
proposed Sec. 424.518(d) which reads in part: ``An individual must
submit a set of fingerprints using the FD-258 standard fingerprint card
with the Medicare enrollment application or within 30 days of a
Medicare contractor request. An individual who does not submit a set of
fingerprints using the FD-258 standard fingerprint card with the
Medicare enrollment revalidation or revalidation application or within
30 days of a Medicare contractor request, may have his/her Medicare
billing privileges denied,'' would allow CMS, its agents or its
designated contractors to require that each owner, authorized official,
delegated official, and managing employee, of a provider or supplier to
submit a set of fingerprints using the FD-258 standard fingerprint
card. We estimate that CMS or its designated contractors will make
7,000 such requests per year. This is predicated on our projection
that--based on 2009 statistics--roughly 7,000 DMEPOS suppliers and HHAs
will annually enroll in Medicare. For purposes of this ICR statement
only, and to ensure that we do not underestimate the possible burden,
we will estimate that all of these providers and suppliers will be
required to submit the standard fingerprint card. We further estimate
that an average of five individuals per provider or supplier will be
required to comply with this request, though we do seek comments--for
purposes of this ICR and the RIA below--on whether the estimate of 5
individuals per applicant is accurate. Additionally, we estimate that
it will take each of the 35,000 respondents (7,000 x 5) a total of 2
hours to obtain a set of fingerprints using the FD-258 standard
fingerprint card and to submit the card to CMS or its designated
contractor. Consequently, the total estimated annual burden associated
with this requirement is 70,000 hours (35,000 respondents x 2 hours) at
a cost of $3.5 million (70,000 hours x an estimated per hour cost of
$50).
Similarly, proposed Sec. 424.518(c)(3)(iv) (new providers in
``high'' risk category after lifting of moratoria) would allow CMS, its
agents or its designated contractors to require that each owner,
authorized official, delegated official, and managing employee, of a
provider or supplier to submit a set of fingerprints using the FD-258
standard fingerprint card. The burden associated with the proposed
requirement is the time and effort necessary for the owner, authorized
official, delegated official, and managing employee of a provider or
supplier to submit the required information upon request. We estimate
that CMS or its designated contractors will make 2,000 requests per
year. This is based on the number of providers and suppliers that we
estimate will attempt to enroll in Medicare after the lifting of a
moratorium for their respective provider or supplier type. This
estimate of course, cannot be conclusively quantified because it is
impossible for us to say with certainty which provider and supplier
types will be subject to a moratorium. To ensure that we do not
underestimate the potential burden, we will calculate projections
should 5,000 or even 10,000 requests be made.
We estimate that an average of five individuals per provider or
supplier will be required to comply with this request. We further
project that it will take each of the 10,000 respondents (2,000 x 5) a
total of 2 hours to obtain a set of fingerprints using the FD-258
standard fingerprint card and to submit the card to CMS or its
designated fee-for-service contractor. The estimate annual burden
associated with this requirement, based on 2000 requests, is 20,000
hours (10,000 respondents x 2 hours) at a cost of $1 million (20,000 x
$50 per hour). If 5,000 requests are made, the burden is 50,000 hours
at a cost of $2.5 million (5,000 x 5 respondents x 2 hours x $50 per
hour.) If 10,000 requests are made, the burden is 100,000 hours at a
cost of $5 million (10,000 x 5 respondents x 2 hours x $50 per hour).
In addition, there are some limited circumstances when CMS could
ask a physician to submit fingerprints. For example, a provider or
supplier that is being enrolled in Medicare after the lifting of a
temporary moratorium could automatically be classified as ``high'' risk
and as such would be subject to criminal background checks and
fingerprinting of owners and other officials in the company. If a
physician were to be the owner or other official of the company, CMS
would have the authority to request fingerprints from the company
official. Other circumstances where physicians might be subject to a
request for finger printing are when the physician is an official of an
entity in the ``high'' risk category, or if CMS or its agent(s)
determine that a particular provider or supplier in the ``high'' risk
category is possibly engaged in fraud. We estimate that CMS or its
designated contractors will make 500 such requests for finger prints
per year. We further estimate that it will take each of the 500
respondents a total of 2 hours to obtain a set of fingerprints using
the FD-258 standard fingerprint card and to submit the card to CMS or
its contractor. The total estimate annual burden associated with this
requirement is 1,000 hours (500 respondents x 2 hours) at a cost of
$50,000 (1,000 hours x $50 per hour).
Assuming that 2,000 post-moratorium requests for fingerprints are
made, the total estimated annual burden associated with the
requirements in this ICR is 103,000 hours at a cost of $5,150,000. If
5,000 post-moratorium requests are made, the estimated annual burden is
133,000 hours at a cost of $6,650,000. If 10,000 post-moratorium
requests are made, the estimated annual burden is 183,000 hours at a
cost of $9,150,000.
Proposed Sec. 455.434 states that when a State Medicaid agency
determines that a provider is ``high'' risk, the State Medicaid agency
will require that provider to submit fingerprints. We anticipate that
States will be collecting fingerprints on a significantly smaller
number of providers. However, as with our estimate on potential burden
discussed for Medicare, we prefer to overestimate the potential burden
rather than underestimate it. Therefore, we anticipate that States may
require an additional 26,000 individuals to submit fingerprints prior
to enrolling in a State's Medicaid program or CHIP. The total estimate
annual burden associated with this requirement for Medicaid and CHIP is
52,000 hours (26,000 respondents x 2 hours) at a cost of

[[Page 58231]]

$2,600,000 (52,000 hours x $50 per hour).

C. ICRs Regarding Suspension of Payments in Cases of Fraud or Willful
Misrepresentation (Sec. 455.23)

As stated in proposed Sec. 455.23(a), a State Medicaid agency
shall suspend all Medicaid payments to a provider when there is pending
an investigation of a credible allegation of fraud under the Medicaid
program against an individual or entity unless it has good cause to not
suspend payments or to suspend payment only in part. The State Medicaid
agency may suspend payments without first notifying the provider of its
intention to suspend such payments. A provider may request, and must be
granted, administrative review where State law so requires.
The burden associated with this requirement is the time and effort
necessary for a provider to request administrative review were State
law so requires. While this requirement is subject to the PRA, we
believe the associated burden is exempt in accordance with 5 CFR
1320.4; information collected subsequent to an administrative action is
not subject.

D. ICRs Regarding Collection of SSNs and DOBs for Medicaid and CHIP
Providers (Sec. 455.104)

As stated in proposed Sec. 455.104(b)(1), the State Medicaid
agency must require that all persons with an ownership or control
interest in a provider submit their SSN and DOB. The burden associated
with the Medicaid requirements in Sec. 455.104(b)(1) is the time and
effort necessary for a provider to report the SSN and DOB for all
persons with an ownership or control interest in a provider.
Although our data on Medicaid provider enrollment at the national
level is very limited, we do collect annual data on State Medicaid
program integrity activities. This annual data collection, known as the
State Program Integrity Assessment (SPIA) program approved, under OCN
0938-1033, consists of self-reported data by States regarding a variety
of program integrity related activities. The information is self-
reported and has not been independently verified by CMS, and it
undoubtedly represents some unknown degree of duplication among
providers across States. Consequently, the estimated number of Medicaid
providers nationally is likely overstated. According to SPIA data for
FFYs 2007 and 2008, there has been an average of 1,855,070 existing
Medicaid providers nationally over the 2-year period of FFY 2007 and
FFY 2008. We estimate that one-fifth, or 371,014 (1,855,070 x 20
percent) of existing Medicaid providers would be required to re-enroll
each year. Additionally, we estimate that there will be 56,250 newly
enrolling Medicaid providers each year, for a total of 427,264 Medicaid
providers that will be subject to the SSN and DOB reporting
requirements each year. We further estimate that it will take each
provider an average of 2 minutes to report the SSN and DOB for all
persons with an ownership or control interest. Thus, the estimate
annual burden associated with this requirement for Medicaid providers
is 14,242 hours (427,264 x 2 minutes, divided by 60 minutes per hr) at
a cost of $712,100 (14,242 hours x $50 per hour).

E. ICRs Regarding Site Visits for Medicaid-Only or CHIP-Only Providers
(Sec. 455.450)

As stated in proposed in Sec. 455.450(b), a State Medicaid agency
must conduct on-site visits for providers it determines to be
``moderate'' or ``high'' categorical risk. We anticipate that Medicare
contractors will perform the screening activities for the overwhelming
majority of providers that are dually enrolled in both Medicare and
Medicaid, and thus, we estimate that State Medicaid agencies will
conduct approximately 5,000 site visits for Medicaid-only providers
nationally per year. We further estimate that it will take one
individual 8 hours to perform each on-site visit (including travel
time). Thus, the total estimate annual burden associated with this
requirement for Medicaid is 40,000 hours (5,000 site visits x 8 hours)
at a cost of $2,000,000 (40,000 hours x $50 per hour).

F. ICRs Regarding the Rescreening of Medicaid Providers Every 5 Years
(Sec. 455.414)

As stated in proposed Sec. 455.414, a State Medicaid agency must
screen all providers at least every 5 years. This requirement is
consistent with the Medicare requirement that providers, suppliers, and
eligible professionals must re-enroll at least every 5 years (more
often for certain types of suppliers). The burden associated with this
proposed requirement would be the time and effort necessary for
Medicaid-only providers to re-enroll in Medicaid, and the time and
effort necessary for a State to conduct the provider screening,
Although our data on Medicaid provider enrollment at the national
level is very limited, we do collect annual data on State Medicaid
program integrity activities. This annual data collection, known as the
State Program Integrity Assessment (SPIA) program, consists of self-
reported data by States regarding a variety of program integrity
related activities. The information is self-reported and has not been
independently verified by CMS, and it undoubtedly represents some
unknown degree of duplication among providers across States.
Consequently, the estimated number of Medicaid providers nationally is
likely overstated. According to SPIA data for FFYs 2007 and 2008, there
has been an average of 1,855,070 existing Medicaid providers nationally
over the 2-year period of FFY 2007 and FFY 2008. We estimate that one-
fifth, or 371,014 (1,855,070 x 20 percent) of existing Medicaid
provider would be required to re-enroll each year, Although provider
enrollment requirements vary by State, we further estimate that it will
take each provider an average of 2 hours to complete the Medicaid re-
enrollment requirements. Thus, the estimate annual burden associated
with this requirement for Medicaid providers is 742,028 hours (371,014
x 2 hours) at a cost of $37,101,400 (742,028 hours x $50 per hour).
We estimate that 80 percent of Medicaid providers also participate
in Medicare, and thus would have provider screening activities
performed by the Medicare contractors. Thus, we estimate that States
would be required to conduct provider screening activities for 74,203
(371,014 x 20 percent) re-enrolling Medicaid-only providers each year.
We further estimate that it will take States, on average, 4 hours to
perform the required provider screening activities--noting that
currently enrolled providers would generally be categorized as lower
risk than newly-enrolling providers. The estimated burden associated
with this requirement for State Medicaid agencies is 296,812 hours
(74,203 x 4 hours) at a cost of $14,840,600 (296,812 hours x $50 per
hour). We believe that the burden on States will be in large part
offset by the application fees collected and by the Federal share for
the amounts not covered by the application fee.
The total estimate annual burden associated with this requirement
is 1,038,840 hours at a cost of $51,942,000.

[[Page 58232]]

Table 6--Estimated Annual Reporting/Recordkeeping Burden
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Hourly
Burden per Total labor cost Total labor Total capital/
Regulation section(s) OMB Control No. Respondents Responses response annual of cost of maintenance Total cost
(hours) burden reporting reporting costs ($) ($)
(hours) ($) ($)
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Sec. 424.514(e)**............................ 0938-0685; 0938-1056........... 12,000 12,000 1 12,000 50 600,000 0 600,000
Sec. 424.518(c)(2)(b) and (d)................ 0938-New....................... 35,000 35,000 2 70,000 50 3,500,000 0 3,500,000
Sec. 424.518(c)(3)(iv) and (d)............... 0938-New....................... 10,500 10,500 2 21,000 50 1,050,000 0 1,050,000
Sec. 455.434................................. 0938-New....................... 26,000 26,000 2 52,000 50 2,600,000 0 2,600,000
Sec. 455.104................................. 0938-New....................... 427,264 427,264 .033 14,242 50 712,100 0 712,100
Sec. 455.450................................. 0938-New....................... 5,000 5,000 8 40,000 50 2,000,000 0 2,000,000
Sec. 455.414 (Providers)..................... 0938-New....................... 371,014 371,014 2 742,028 50 37,101,400 0 37,101,400
Sec. 455.414 (State Medicaid Agencies)....... 0938-New....................... 74,203 74,203 4 296,812 50 14,840,600 .............. 14,840,600
Total...................................... ............................... 960,981 960,981 ........... 1,248,082 ........... ............ .............. 62,404,100
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
** Denotes that we will be submitting revisions of the currently approved information collection requests for OMB review and approval.

IV. Response to Comments

Because of the large number of public comments we normally receive
on Federal Register documents, we are not able to acknowledge or
respond to them individually. We will consider all comments we receive
by the date and time specified in the DATES section of this preamble,
and, when we proceed with a subsequent document, we will respond to the
comments in the preamble to that document.

V. Regulatory Impact Analysis

A. Overall Impact

We have examined the impact of this rule as required by Executive
Order 12866 on Regulatory Planning and Review (September 1993), the
Regulatory Flexibility Act (RFA) (September 19, 1980, Pub. L. 96-354),
section 1102(b) of the Social Security Act, section 202 of the Unfunded
Mandates Reform Act of 1995 (Pub. L. 104-4), Executive Order 13132 on
Federalism (August 4, 1999), and the Congressional Review Act (U.S.C.
804(s).
Executive Order 12866 directs agencies to assess all costs and
benefits of available regulatory alternatives and, if regulation is
necessary, to select regulatory approaches that maximize net benefits
(including potential economic, environmental, public health and safety
effects, distributive impacts; and equity). A regulatory impact
analysis (RIA) must be prepared for rules with economically significant
effects ($100 million or more in any 1 year). This rule does reach the
economic threshold and thus is considered an economically significant
rule.
The RFA requires agencies to analyze options for regulatory relief
for small businesses. Under the RFA, we must either prepare an Initial
Regulatory Flexibility Analysis or certify that the proposed rule will
not have a significant impact on a substantial number of small
entities. For purposes of the RFA, small entities include small
businesses, nonprofit organizations, and government agencies. Most
hospitals and most other providers and suppliers are small entities,
either by nonprofit status or by having revenues of less than $7.0 to
$34.5 million (depending on provider type) in any one year. Individuals
and States are not included in the definition of a small entity. HHS
practice is to assume that all providers affected by our rules are
small entities, since we know that the vast majority meet the criteria
used under the RFA. We do not believe that our application fees will
have a significant impact on any small entities. Likewise, we do not
believe that other screening provisions, such as the provision of
fingerprints or accommodating unannounced visits, will have a
significant impact on any small entities. We think this proposed rule
could have significant impact on a relatively small proportion of small
businesses in terms of restrictions on Federal health monies paid to
small businesses participating in the Medicare or Medicaid programs or
CHIP. Clearly, imposition of an enrollment moratorium would have an
impact on a small business that is attempting to do business with any
of the Federal health programs. Similarly, suspension of payments to
any small entity could create a significant impact on that entity. We
have, however, no basis for estimating how many entities might be
affected by these provisions. Finally, we believe that this proposed
rule will reduce fraud and abuse among potential providers. Clearly,
there will be a significant impact on their ability to defraud the
taxpayer in several ways. First, closer screening of certain high-risk
providers and suppliers will better enable CMS to detect those
individuals and entities that pose a risk to the Medicare program.
Preventing unqualified providers and suppliers from enrolling in
Medicare will protect the Medicare Trust Fund and save the taxpayers
millions of dollars. Second, an application fee will help reduce the
costs of administering the Medicare program. Third, the temporary
moratoria provisions will enable CMS to restrict the entry of certain
providers and suppliers into Medicare in order to prevent or combat
fraud, waste, and abuse, thus, again, saving millions of Federal
dollars. While we cannot quantify with exactitude the amount of money
that the Medicare program will save as a result of these measures, we
do believe that the figure will exceed the costs outlined in this RIA.
We are seeking comment on the overall proposed screening processes
described in section II.A. of this proposed rule, including how the
risk of fraud is determined, the administrative interventions proposed
to address the risk, and the criteria for exceptions to the enrollment
application fee and any temporary enrollment moratoria. We ask small
businesses to comment on these provisions and offer suggestions about
how to mitigate what they might see as adverse administrative or
financial impacts. This RIA, taken together with the remainder of the
preamble, constitutes an Initial Regulatory Flexibility Analysis under
the RFA.
In addition, section 1102(b) of the Act requires us to prepare a
regulatory impact analysis if a rule may have a significant impact on
the operations of a substantial number of small rural hospitals. This
analysis must conform to the provisions of section 603 of the RFA. For
purposes of section 1102(b) of the Act, we define a small rural
hospital

[[Page 58233]]

as a hospital that is located outside of a Metropolitan Statistical
Area and has fewer than 100 beds. We are not preparing an analysis for
section 1102(b) of the Act because we have determined that this final
rule will not have a significant impact on the operations of a
substantial number of small rural hospitals.
Section 202 of the Unfunded Mandates Reform Act of 1995 also
requires that agencies assess anticipated costs and benefits before
issuing any rule that may result in expenditure in any 1 year by State,
local, or tribal governments, in the aggregate, or by the private
sector, of $135 million. This rule does mandate expenditures by State
and local governments, in order to enforce the Medicaid-related
provisions, but we believe that those expenditures will be relatively
minor. The mandated costs on providers--primarily for application
fees--may approach or exceed the threshold for the private sector.
Accordingly, this RIA constitutes the required assessment of costs and
benefits under UMRA.
Executive Order 13132 establishes certain requirements that an
agency must meet when it promulgates a proposed rule (and subsequent
final rule) that imposes substantial direct requirement costs on State
and local governments, preempts State law, or otherwise has Federalism
implications. Since this proposed rule would not impose any substantial
direct requirement costs on State or local governments, preempt State
law, or otherwise have Federalism implication, the requirements of E.O.
13132 are not applicable.

B. Anticipated Effects

1. Medicare
a. Enhanced Screening Procedures--Medicare
Based on statistics obtained from PECOS and our Medicare
contractors, there are approximately 400,000 providers and suppliers
currently enrolled in the Medicare program. (This does not include
eligible professionals.) This figure includes ambulance service
suppliers; ambulatory surgical centers; community mental health
centers; comprehensive outpatient rehabilitation facilities; suppliers
of DMEPOS; end-stage renal disease facilities; federally qualified
health centers; histocompatibility laboratories; home health agencies;
hospices; hospitals, including physician-owned specialty hospitals;
critical access hospitals; independent clinical laboratories;
independent diagnostic testing facilities; Indian health service
facilities; mammography centers; mass immunizers (roster billers);
medical groups/clinics, including single and multi-specialty clinics;
organ procurement organizations; outpatient physical therapy/
occupational therapy/speech pathology services; portable X-ray
suppliers; skilled nursing facilities; radiation therapy centers;
religious non-medical health care institutions; and rural health
clinics. We note the following in section III. of this proposed rule:
Based on 2009 experience we estimate that there will be
7,000 DMEPOS suppliers and HHAs that will submit an application to
become a new Medicare enrolled provider in 2011. We would require
approximately 35,000 individuals (7,000 providers/suppliers x 5
individuals per applicant) to undergo fingerprinting to participate in
the Medicare program as an owner, authorized official, delegated
official, or managing employee of an HHA or supplier of DMEPOS. We have
found that the cost of having a set (two prints) of fingerprints done
through a local law enforcement office is approximately $50.00 per
individual. The cost of this fingerprinting requirement would therefore
be $1.75 million per year (35,000 individuals x $50).
We estimate that 10,000 individuals (2,000 providers or
suppliers x 5 individuals per applicant) would undergo fingerprinting
following the lifting of a moratorium on a particular provider or
supplier type, at a cost of $500,000 per year (10,000 x $50). Should
requests be made of 5,000 providers or suppliers, the annual figure
would be $1,250,000 (5,000 x 5 individuals per applicant x $50). Should
requests be made of 10,000 providers or suppliers, the annual figure
would be $2.5 million (10,000 x 5 x $50).
We estimate that 500 physicians would undergo
fingerprinting per year, at a cost of $25,000.
This results in a total cost of the fingerprinting requirement of
$2,275,000 per year ($1,750,000 + $500,000 + $25,000), or $11,375,000
over 5 years. If 5,000 post-moratorium requests are made, the annual
cost is $3,025,000, with a 5-year cost of $15,125,000. Should 10,000
post-moratorium requests be made, the annual cost is $4,275,000, with a
5-year cost of $21,375,000.
As we believe that 2,000 post-moratorium requests is the most
likely scenario, we will hereafter use the $2,275,000 amount as the
annual cost of this requirement. This results in an estimated 5-year
cost of $11,375,000.
b. Application Fee--Medicare
The Secretary shall impose an application fee on each institutional
provider. The amount of the fee is $500 per provider or supplier for
2010. For 2011 and each subsequent year, the fee amount will be
determined by the statutorily-required formula using the consumer price
index for all urban consumers (CPI-U). The enrollment application fee
does not apply to individual eligible professionals (for example,
physicians). The fee is to be paid by institutional providers only. The
new screening provisions are applicable to new and revalidating
providers and suppliers effective March 23, 2011, and to currently
enrolled providers and suppliers as of March 23, 2012. We intend to
begin collecting the enrollment application fee for new providers and
suppliers and for currently enrolled providers revalidating enrollment
effective March 23, 2011.
c. General Enrollment Framework
(1) New Enrollment
Medicare contractors report that over the last several years,
approximately 32,000 is the annual number of newly enrolling providers
and suppliers that would--without accounting for the possible granting
of waivers--be subject to the enrollment application fee--
(approximately 20,000 for Medicare Part B, approximately 7,000 DMEPOS
suppliers and HHAs (as explained in the Collection of Information
section above), and approximately 5,000 non-HHA Medicare Part A
providers).
We assume that no more than 2.5 percent of these 32,000 providers
and suppliers--or 800--will receive a hardship exception; as indicated
earlier, exceptions will only be approved infrequently.
In FY 2011, we reduced the estimate number of institutional
providers subject to the application fee by 25 percent because the
application fee will not begin until March 23, 2011. Accordingly, the
number of institutional providers that we anticipate paying the
application fee will be 23,400 (or 31,200 X .75) in FY 2011. In FY
2011, we reduced the estimate number of institutional providers subject
to the application fee by 25 percent because the application fee will
not begin until March 23, 2011. Accordingly, the number of
institutional providers that we anticipate paying the application fee
will be 24,000 in FY 2011.
Therefore, the impacts of the enrollment application fee are as
follows. If we use 23,400 as the number of newly enrolling providers
and

[[Page 58234]]

suppliers in 2011, multiply this number by the $500 application fee, we
get $11,700,000 collected for the first year (that is, CY 2011). If we
assume that the number of newly enrolling providers and suppliers will
remain constant at 31,200 for years 2012 through 2015, then the cost to
the number of newly enrolling providers and suppliers would be
approximately $78.87 million. These estimates are displayed in the
table below, and account for a projected annual CPI-U rate increase of
3 percent from FY 2012 to FY 2015--knowing, of course, that this figure
could fluctuate significantly based on national economic conditions.
Although we have no way to predict that the number of new
enrollments will change in future years, it is possible that the number
of enrolling providers and suppliers vary from what has been the norm.
If our estimate of the number of newly enrolling providers is
inaccurate and we enroll a different number of providers and suppliers
after the effective date of the new screening and other provisions
contained in the ACA, we estimate based on the $500 enrollment
application fee--a rough difference of $1 million for each increment of
2000 new enrollments, whether fewer or greater.

Table 7--Cumulative Application Fees for Newly Enrolling Medicare Providers and Suppliers for the First 5 Years
of the Provision
----------------------------------------------------------------------------------------------------------------
Newly
enrolling
institutional Consumer price
providers and index
Newly suppliers adjusted fee
enrolling paying the in dollars Total fees for Cumulative
Year institutional application (estimated 3% each year in fees in
providers and fee (based on annual dollars dollars
suppliers a 2.5% increase in
hardship CPI)
exception
rate)
----------------------------------------------------------------------------------------------------------------
2011............................ 24,000 23,400 $500 $11,700,000 $11,700,000
2012............................ 32,000 31,200 515 16,068,000 27,768,000
2013............................ 32,000 31,200 530 16,536,000 44,304,000
2014............................ 32,000 31,200 546 17,035,200 61,339,200
2015............................ 32,000 31,200 562 17,534,400 78,873,600
-------------------------------------------------------------------------------
Total....................... .............. .............. .............. 78,873,600 78,873,600
----------------------------------------------------------------------------------------------------------------

(2) Revalidation
There are approximately 100,000 currently enrolled suppliers of
DMEPOS who are required to revalidate their enrollment every 3 years
and 300,000 additional providers and suppliers that do not provide
DMEPOS that are required to revalidate their enrollment every 5 years.
On a yearly basis, we estimate that approximately 33,000 DMEPOS
suppliers (one-third of the total) and 60,000 other, non-DMEPOS
providers/suppliers (one-fifth of the total) would revalidate their
enrollment in Medicare, for an annual total of 93,000. Since, as
explained earlier, we estimate that no more than 2.5 percent of these
providers and suppliers will receive a waiver from the application fee,
we project that 90,675 such providers and suppliers will be subject to
the fee.
This proposed rule contemplates collecting the application fee for
currently enrolled providers that revalidate their enrollment on or
after March 23, 2011--almost 3 months into CY 2011. Therefore, we have
adjusted the number of existing Medicare institutional providers
subject to an application fee by 25 percent, from 90.675 to 68.006 (or
90.675 x .75) in FY 2011. Further accounting for: (1) A projected
annual CPI-U rate increase of 3 percent, as stated above; and (2) our
assumption that the number of revalidating providers and suppliers will
remain at 90,675 between CY 2012 and 2015, the cost associated with
these fees for revalidating providers and suppliers would be
approximately $183,548,740 over the first 5 years that the ACA
provisions are in effect, as shown in Table 8 below.

Table 8--Cumulative Application Fees for Revalidating Medicare Providers and Suppliers for the First 5 Years of
the Provision
----------------------------------------------------------------------------------------------------------------
Revalidating
institutional
providers & Consumer price
Revalidating suppliers index adjusted
institutional paying fee in dollars Total fees for Cumulative fees
Year providers and application (estimated 3% each year (in (in dollars)
suppliers fee (based on annual dollars)
2.5% hardship increase in
exception CPI)
rate)
----------------------------------------------------------------------------------------------------------------
2011.......................... 69,750 68,006 $500 $34,003,000 $34,003,000
2012.......................... 93,000 90,675 515 46,697,625 80,700,625
2013.......................... 93,000 90,675 530 48,057,750 128.758,375
2014.......................... 93,000 90,675 546 49,508,550 178,266,925
2015.......................... 93,000 90,675 562 50,959,350 229,226,275
---------------------------------------------------------------------------------
Total..................... .............. .............. .............. 229,226,275 229,226,275
----------------------------------------------------------------------------------------------------------------

[[Page 58235]]

Therefore, we estimate that the total impact of the proposed
provisions for the application fee to be approximately $308,099,875
over the next 5 years. This number was approximated by adding the
cumulative application fees for newly enrolling providers and suppliers
($78,873,600 as shown in Table 6) to the cumulative application fees
for revalidating providers and suppliers ($229,226,275).
2. Medicaid
a. Enhanced Screening Procedures
Although our data on Medicaid provider enrollment at the national
level is very limited, we do collect annual data on State Medicaid
program integrity activities. This annual data collection, known as the
State Program Integrity Assessment (SPIA) program, consists of self-
reported data by States regarding a variety of program integrity
related activities. The information is self-reported and has not been
independently verified by CMS, and it undoubtedly represents some
unknown degree of duplication among providers across States.
Consequently, the estimated number of Medicaid providers nationally is
likely overstated. According to SPIA data for FFYs 2007 and 2008, there
has been an average of 1,855,070 existing Medicaid providers nationally
over the 2-year period of FFY 2007 and FFY 2008. This universe of
Medicaid providers includes all provider types, both institutional
providers and individual practitioners. In the Medicare program,
eligible practitioners make up approximately 70 percent of the total
universe of providers, suppliers, and eligible practitioners. Because
we do not have detailed information regarding the breakdown of Medicaid
providers by type nationally, we will apply the same ratio to determine
the percentage of institutional Medicaid providers. Therefore, we
estimate that there are approximately 556,521 Medicaid-only providers
nationally that are not individual practitioners.
We also estimate almost all CHIP providers are also Medicaid
providers. So, for purposes of this section, we are considering CHIP
providers to also be Medicaid providers and will subsequently refer to
them only as Medicaid providers.
As previously stated in the Medicare section of the analysis, we
estimate that we would require the following:
Approximately 35,000 individuals will undergo
fingerprinting to enroll in the Medicare program as owners, authorized
officials, delegated officials, or managing employees of a home health
agency or supplier of DMEPOS. Based on data collected as part of the
State survey and certification activities for home health agencies,
less than 1 percent of home health agencies are Medicaid-only. And,
although there is no data available on the number of Medicaid-only
suppliers of DMEPOS, we estimate that the number is minimal as well, as
a number of States require suppliers of DMEPOS to be enrolled in
Medicare prior to enrolling in Medicaid. Therefore, we estimate that
States may require approximately 1,000 additional individuals with
ownership or control interests in the suppliers of DMEPOS, or home
health agencies, or persons who are agents of or managing employees of
the suppliers of DMEPOS, or home health agencies, to undergo
fingerprinting for enrollment in the Medicaid program. The cost of this
fingerprinting requirement would be approximately $50,000 (1,000 x $50
= $50,000), though we seek comments on the accuracy of this figure.
We anticipate that Medicare contractors will perform the
screening activities for the overwhelming majority of providers
following the lifting of a Secretary-imposed temporary moratorium and
for the limited circumstances in which physicians may be fingerprinted.
However, given that States may also classify certain Medicaid-only
providers as ``high'' categorical risks, we are estimating that States
may require approximately 25,000 additional individuals to undergo
fingerprinting prior to enrolling in a State's Medicaid program, at a
cost of $1,250,000 (25,000 x $50 = $1,250,000).
Consequently, we estimate that fingerprinting individuals for
purposes of Medicaid enrollment will cost $1,300,000.
When averaged across 50 States, the District of Columbia and Puerto
Rico, the annual cost of fingerprinting per State will be $26,000.
b. Application Fee--Medicaid
For those providers not screened by Medicare, the State may impose
a fee on each institutional provider being screened. The amount of the
fee is $500 per provider for 2010. For 2011 and each subsequent year,
the amount will be determined by the statutorily-required formula using
the consumer price index for all urban consumers (CPI-U).
c. General Enrollment Framework
For purposes of this section, we assume that 80 percent of
institutional Medicaid providers will be dually participating in both
Medicare and Medicaid, and thus will be subject to the application fee
as part of the Medicare screening and enrollment. Therefore we estimate
that 20 percent, or 111,304 (556,521 x 20 percent), of the
institutional Medicaid-only providers will not be screened by Medicare
and thus will be subject to the application fee under Medicaid. We
project that a significant number of existing and future Medicaid
providers will request a hardship exception, or that a State will
request a waiver of the application fee for certain Medicaid provider
types of the application fee on the basis of ensuring access to care.
For purposes of this section, although we have no way to estimate the
exact number of providers that will ultimately request and be approved
for a hardship exception, or the number of States that will request a
waiver of the fee for certain Medicaid provider types, we predict that
25 percent of all Medicaid providers subject to the fee will receive
the hardship exception or be granted a waiver of the fee on the basis
of ensuring beneficiary access to care. We recognize that this 25
percent figure is significantly higher than the 2.5 percent waiver rate
we are using for Medicare application fees. Yet we believe the
difference is justified because of the greater access to care issues
that may arise in Medicaid. Consequently, we estimate that 83,478
existing Medicaid providers will be required to pay the application fee
(111,304 existing Medicaid providers that are not dually enrolled less
25 percent or 27,826 existing providers).
(1) New Enrollments
We apply the 80 percent rate for newly-enrolling Medicaid
institutional providers that will be dually participating in both
Medicare and Medicaid and thus not subject to the fee under Medicaid,
and 25 percent hardship exception rate to the annual number of newly-
enrolling Medicaid institutional providers not dually enrolled. The
45,000 newly-enrolling Medicare institutional providers annually
represent 80 percent of the total newly-enrolling Medicaid
institutional providers annually. Therefore, we estimate that there
will be 11,250 newly-enrolling Medicaid institutional providers
annually that are subject to the application fee under Medicaid (45,000
providers divided by 80 percent, -45,000 = 11,250). We project another
25 percent will be exempted for hardship or be granted a waiver of the
fee on the basis of ensuring beneficiary access to care, resulting in
8,438 newly-enrolling Medicaid institutional providers being

[[Page 58236]]

subject to the application fee each year nationally.
Consistent with the Medicare analysis, in FY 2011, we reduced the
estimated number of institutional providers subject to the application
fee by 25 percent because the application fee will not begin until
March 23, 2011. Accordingly, the number of institutional providers that
we anticipate paying the application fee will be 6,329 in FY 2011.
Consequently, we project the dollars due from application fees for
newly-enrolling Medicaid institutional providers who are not dually
enrolled to be $21,331,514 for the first 5 years in total. When
averaged across 50 States, the District of Columbia and Puerto Rico,
the total application fees for the 5 years in total per State will be
approximately $410,221.
---------------------------------------------------------------------------

\5\ After the first year, the CPI-U is applied to the base fee
of $500.

Table 9--Cumulative Application Fees for Newly Enrolled Medicaid Providers for the First 5 Years of the
Provision
----------------------------------------------------------------------------------------------------------------
Consumer Price
New Medicaid Index adjusted
providers not fee \5\ (in
exempted from dollars) Total fees for Cumulative
Fiscal year the (estimated 3 each year (in fees (in
application percent annual dollars) dollars)
fee increase in
CPI)
----------------------------------------------------------------------------------------------------------------
2011............................................ 6,329 500 3,164,500 3,164,500
2012............................................ 8,438 515 4,345,570 7,510,070
2013............................................ 8,438 530 4,472,140 11,982,210
2014............................................ 8,438 546 4,607,148 16,589,358
2015............................................ 8,438 562 4,742,156 21,331,514
---------------------------------------------------------------
Total....................................... .............. .............. 21,331,514 21,331,514
----------------------------------------------------------------------------------------------------------------

(2) Re-Enrollment
This proposed rule contemplates that States would require Medicaid
providers to re-enroll every 5 years. On a yearly basis, we estimate
that approximately 16,696 Medicaid institutional providers (one fifth
of the total) would re-enroll with the State Medicaid agency.
We contemplate collecting the application fee for currently
enrolled providers beginning on March 24, 2011. States would not
collect an application fee with any re-enrollments until that time--
almost 3 months into CY 2011. Therefore, we have adjusted the number of
existing Medicaid institutional providers subject to an application fee
by 25 percent, from 16,696 to 12,522 in FY 2011. Consequently, we
project the dollars due from application fees for currently-enrolled
Medicaid institutional providers who are not dually enrolled is
$42,207,488 for the first 5 years in total. When averaged across 50
States, the District of Columbia and Puerto Rico, the total application
fees for the 5 years in total per State will be approximately $811,682.

Table 10--Cumulative Application Fees for Re-Enrolling Medicaid Providers for the First 5 Years of the Provision
----------------------------------------------------------------------------------------------------------------
Consumer Price
Existing index adjusted
Medicaid fee (in
providers not dollars) Total fees for Cumulative
Year exempted from (Estimated 3 each year (in fees (in
the percent annual dollars) dollars)
application increase in
fee CPI)
----------------------------------------------------------------------------------------------------------------
2011............................................ 12,522 0 6,261,000 6,261,000
2012............................................ 16,696 515 8,598,440 14,859,440
2013............................................ 16,696 530 8,848,880 23,708,320
2014............................................ 16,696 546 9,116,016 32,824,336
2015............................................ 16,696 562 9,383,152 42,207,488
---------------------------------------------------------------
Total....................................... .............. .............. 42,207,488 42,207,488
----------------------------------------------------------------------------------------------------------------

[[Page 58237]]

3. Medicare and Medicaid
a. Moratoria on Enrollment of New Medicare Providers and Suppliers and
Medicaid Providers
Although we have no way of predicting the exact cost savings
associated with enrollment moratoria, we expect there will be program
savings achieved by implementation of this section. As stated
previously, these provisions will enable CMS to restrict the entry of
certain providers and suppliers into Medicare in order to prevent or
combat fraud, waste, and abuse. However, there are no cost burdens to
the public or to the provider community. Therefore, we have not
estimated the cost impacts of this provision.
b. Suspension of Payments in Medicare and Medicaid
As with payment moratoria, although we have no way of predicting
the exact cost savings to Medicare and Medicaid associated with
implementation of the provisions contained in this proposed rule, we
certainly expect that there will be program savings that result from
implementation of this provision. CMS and its law enforcement partners
already have a process for payment suspension when possible fraud is
involved. The changes proposed in this rule will strengthen the
existing process and its applicability to Medicaid, but it will not
create any different impact or burden on the provider community in
circumstances of payment suspension. There are no new cost burdens to
the public or the provider community associated with this provision.

C. Accounting Statement and Table

As required by OMB Circular A-4 (available at http://www.whitehouse.gov/sites/default/files/omb/assets/omb/circulars/a004/a4.pdf), we have prepared an accounting statement. This statement only
addresses: (1) The costs of the fingerprinting requirement, and (2) the
monetary transfer associated with the application fee. It does not
address the potential financial benefits of these two requirements from
the standpoint of their possible effectiveness in deterring certain
unscrupulous providers and suppliers from enrolling in or maintaining
their enrollment in Medicare and Medicaid. This is because it is
impossible for us to quantify these benefits in monetary terms.
Moreover, we cannot predict how many potentially fraudulent providers
and suppliers will be kept out of the Medicare and Medicaid programs
due to these proposed requirements.
1. Medicare
As stated previously, we estimate a total cost of the
fingerprinting requirement of $2,275,000 per year ($1,750,000 +
$500,000 + $25,000), or $11,375,000 over 5 years, if 2,000 post-
moratorium requests are made. If 5,000 post-moratorium requests are
made, the annual cost is $3,025,000, with a 5-year cost of $15,125,000.
Should 10,000 post-moratorium requests be made, the annual cost is
$4,275,000, with a 5-year cost of $21,375,000. We also stated in the
RIA that the expected total application fees:
For newly enrolling providers and suppliers would be $11.7
million in 2011, $16,068,000 in 2012, $16,536,000 in 2013, $17,035,200
in 2014, and $17,534,400 in 2015. This results in a 5-year total of
$78,873,600.
For revalidating providers and suppliers would be
$34,003,000 in 2011, $46,697,625 in 2012, $48,057,750 in 2013,
$49,508,550 in 2014, and $50,959,350 in 2015. This results in a 5-year
total of $229,226,275.
The accounting statement reflects the: (1) Annual cost of the
fingerprinting requirement, and (2) the application of the 3 percent
and 7 percent discount rate to the combined amounts of the application
fees for FY 2015--that is, $17,534,400 plus $50,959,350
(revalidations), for a total of $68,493,750; this constitutes a
transfer of funds to the Federal government. We chose the FY 2015
figures so as to reflect the maximum amount of transferred funds in a
given year during the initial-5 year period.
2. Medicaid
As stated in the RIA, we estimate that the annual cost of the
fingerprint requirement for Medicaid will be $1,300,000, or $6,500,000
over a 5-year period. We also stated in the RIA that the expected total
application fees:
For newly enrolling providers and suppliers would be
$3,164,500 in 2011, $4,345,570 in 2012, $4,472,140 in 2013, $4,607,148
in 2014, and $4,742,156 in 2015. This results in a 5-year total of
$21,331,514. For revalidating providers and suppliers would be $0 in
2011; $6,448,830 in 2012; $8,448,880 in 2013; $9,116,016 in 2014; and
$9,383,152 in 2015. This results in a 5-year total of $33,796,878.
The accounting statement reflects: (1) The annual cost of the
fingerprinting requirement, and (2) the application of the 3 percent
and 7 percent discount rate to the combined amounts of the application
fees for FY 2015--specifically, $4,742,156 (new applicants) plus
$9,383,152 (revalidations), for a total of $14,125,308. This
constitutes a transfer of funds to the Federal government. As with the
Medicare figures, we chose to use those from FY 2015 for Medicaid so as
to reflect the maximum amount of transferred funds in a given year
during the initial-5 year period.

[[Page 58238]]

Accounting Statement: Classification of Estimated Expenditures and Costs From FY 2011 to FY 2015
[In millions]
----------------------------------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------------
Medicare Fingerprint Requirement COSTS
----------------------------------------------------------------------------------------------------------------
3 percent Discount Rate 7 percent Discount Rate
Annualized Monetized Costs
(2,000 post-moratorium requests) $2.275 $2.275
----------------------------------------------------------------------------------------------------------------
Annualized Monetized Costs
(5,000 post-moratorium requests) $3.025 $3.025
----------------------------------------------------------------------------------------------------------------
Annualized Monetized Costs
(10,000 post-moratorium requests) $4.275 $4.275
----------------------------------------------------------------------------------------------------------------
Who is Affected? Providers and Suppliers
----------------------------------------------------------------------------------------------------------------
Medicare Application Fee TRANSFERS
----------------------------------------------------------------------------------------------------------------
3 percent Discount Rate 7 percent Discount Rate
Annualized Monetized Transfers $48.2 $47.3
----------------------------------------------------------------------------------------------------------------
From Whom to Whom? Providers and Suppliers to Federal Government
----------------------------------------------------------------------------------------------------------------
Medicaid Fingerprint Requirement COSTS
----------------------------------------------------------------------------------------------------------------
3 percent Discount Rate 7 percent Discount Rate
Annualized Monetized Costs $1.3 $1.3
----------------------------------------------------------------------------------------------------------------
Who is Affected? Providers and Suppliers
----------------------------------------------------------------------------------------------------------------
Medicaid Application Fee TRANSFERS
----------------------------------------------------------------------------------------------------------------
3 percent Discount Rate 7 percent Discount Rate
Annualized Monetized Costs $10.1 $10.0
----------------------------------------------------------------------------------------------------------------
From Whom to Whom? Providers and Suppliers to Federal Government
----------------------------------------------------------------------------------------------------------------
BENEFITS
----------------------------------------------------------------------------------------------------------------
Qualitative: The above-referenced requirements will: (1) Allow CMS to more closely screen providers and
suppliers that pose risks to the Medicare and Medicaid programs, and (2) help offset the costs of administering
the Medicare and Medicaid programs. We believe these and other financial benefits outlined in this proposed
rule will exceed the costs outlined above.
----------------------------------------------------------------------------------------------------------------

D. Conclusion

This proposed rule contains provisions that are of critical
importance in the transition of CMS' antifraud activities from ``pay
and chase'' to fraud prevention. ``Pay and chase'' refers to the
traditional approach under which CMS met its obligations to provide
beneficiaries access to qualified providers and suppliers and to pay
claims quickly by making it relatively easy for providers to sign up to
bill Medicare, Medicaid or CHIP, paying their claims rapidly, and then
detecting overpayments or fraudulent bills and pursuing recoveries of
overpayments after the fact. That system functions reasonably well when
the problems arise with legitimate providers and suppliers that will be
solvent and in business when CMS seeks to recover overpayments or law
enforcement pursues civil or criminal penalties. It is not adequate
when the fraud is committed by sham operations that provide no services
or supplies and exist simply to steal from Medicare or Medicaid and
thrive on stealing or subverting the identities of beneficiaries and
providers.
This proposed rule strikes a balance that will permit CMS to
continue to assure that eligible beneficiaries receive appropriate
services from qualified providers whose claims are paid on a timely
basis while implementing enhanced measures to prevent outright fraud.
The new and strengthened provisions in the ACA that are the subject of
this proposed rule will help assure that only legitimate providers and
suppliers are enrolled in Medicare, Medicaid, and CHIP, and that only
legitimate claims will be paid. These provisions are applied according
to the level of risk of fraud, waste, and abuse posed by different
provider and supplier types. CMS will use screening tools for a
particular provider or supplier type based on 3 distinct categories of
risk: (1) Limited; (2) moderate; and (3) high. Limited risk providers
will have enrollment requirements, license and database verifications;
moderate risk will have those verifications plus unscheduled site
visits; high risk will have verifications, unscheduled site visits,
criminal background check and fingerprinting. CMS and the States will
impose moratoria on the enrollment of new providers in situations when
doing so is necessary to protect against a high risk of fraud. Working
in conjunction with the OIG, CMS, and States will suspend payments
pending an investigation of a credible allegation of fraud. And
legitimate providers will be assisted in avoiding problems by
implementing effective compliance programs.
This proposed rule is an essential tool in protecting public
resources and assuring that they are devoted to providing health care
rather than enriching fraudulent actors.
In accordance with the provisions of Executive Order 12866, this
regulation was reviewed by the Office of Management and Budget.

[[Page 58239]]

List of Subjects

42 CFR Part 405

Administrative practice and procedure, Health facilities, Health
professions, Kidney diseases, Medical devices, Medicare, Reporting and
recordkeeping requirements, Rural areas, X-rays.

42 CFR Part 424

Emergency medical services, Health facilities, Health professions,
Medicare, and Reporting and recordkeeping requirements.

42 CFR Part 438

Grant programs--health, Medicaid, Reporting and recordkeeping
requirements.

42 CFR Part 447

Accounting, Administrative practice and procedure, Drugs, Grant
programs--health, Health facilities, Health professions, Medicaid,
Reporting and recordkeeping requirements, and Rural areas.

42 CFR Part 455

Fraud, Grant programs--health, Health facilities, Health
professions, Investigations, Medicaid, and Reporting and recordkeeping
requirements.

42 CFR Part 457

Administrative practice and procedure, Grant programs--health,
Health insurance, and Reporting and recordkeeping requirements.

42 CFR Part 498

Administrative practice and procedure, Health facilities, Health
professions, Medicare, Reporting and recordkeeping requirements.

42 CFR Part 1007

Administrative practice and procedure, Fraud, Grant programs--
health, Medicaid, and Reporting and recordkeeping requirements.

For the reasons set forth in the preamble, the Centers for Medicare
& Medicaid Services proposes to amend 42 CFR chapters IV and V as set
forth below:

PART 405--FEDERAL HEALTH INSURANCE FOR THE AGED AND DISABLED

1. The authority citation for part 405 continues to read as
follows:

Authority: Secs. 205(a), 1102, 1861, 1862(a), 1869, 1871, 1874,
1881, and 1886(k) of the Social Security Act (42 U.S.C. 405(a),
1302, 1395x, 1395y(a), 1395ff, 1395hh, 1395kk, 1395rr and
1395ww(k)), and sec. 353 of the Public Health Service Act (42 U.S.C.
263a).

Subpart C--Suspension of Payment, Recovery of Overpayments, and
Repayment of Scholarships and Loans

2. The authority citation for subpart C is revised to read as
follows:

Authority: Secs. 1102, 1815, 1833, 1842, 1862, 1866, 1870, 1871,
1879 and 1892 of the Social Security Act (42 U.S.C. 1302, 1395g,
1395l, 1395u, 1395y, 1395cc, 1395gg, 1395hh, 1395pp and 1395ccc) and
31 U.S.C. 3711.
3. In subpart C, remove the phrase ``intermediary or carrier'' and
add the phrase ``Medicare contractor'' in its place.
4. Section 405.370 is amended as follows:
A. In paragraph (a), adding the definitions of ``Credible
allegation of fraud,'' ``Medicare contractor,'' and ``Resolution of an
investigation'' in alphabetical order.
B. In paragraph (a), revising the definitions of ``Offset,''
``Recoupment,'' and ``Suspension of payment''.
The additions and revisions read as follows:

Sec. 405.370 Definitions.

(a) * * *
Credible allegation of fraud. A credible allegation of fraud is an
allegation from any source, including but not limited to the following:
(1) Fraud hotline complaints.
(2) Claims data mining.
(3) Patterns identified through provider audits, civil false claims
cases, and law enforcement investigations. Allegations are considered
to be credible when they have indicia of reliability.
Medicare contractor. Unless the context otherwise requires,
includes, but is not limited to the any of following:
(1) A fiscal intermediary.
(2) A carrier.
(3) Program safeguard contractor.
(4) Zone program integrity contractor.
(5) Part A/Part B Medicare administrative contractor.
Offset. The recovery by Medicare of a non-Medicare debt by reducing
present or future Medicare payments and applying the amount withheld to
the indebtedness. (Examples are Public Health Service debts or Medicaid
debts recovered by HCFA).
Recoupment. The recovery by Medicare of any outstanding Medicare
debt by reducing present or future Medicare payments and applying the
amount withheld to the indebtedness.
Resolution of an investigation. An investigation of credible
allegations of fraud will be considered resolved when legal action is
terminated by settlement, judgment, or dismissal, or when the case is
closed or dropped because of insufficient evidence to support the
allegations of fraud.
Suspension of payment. The withholding of payment by a Medicare
contractor from a provider or supplier of an approved Medicare payment
amount before a determination of the amount of the overpayment exists,
or until the resolution of an investigation of a credible allegation of
fraud.
5. Section 405.371 is revised to read as follows:

Sec. 405.371 Suspension, offset, and recoupment of Medicare payments
to providers and suppliers of services.

(a) General rules. Medicare payments to providers and suppliers, as
authorized under this subchapter (excluding payments to beneficiaries),
may be--
(1) Suspended, in whole or in part, by CMS or a Medicare contractor
if CMS or the Medicare contractor possesses reliable information that
an overpayment exists or that the payments to be made may not be
correct, although additional information may be needed for a
determination;
(2) In cases of suspected fraud, suspended, in whole or in part, by
CMS or a Medicare contractor if CMS or the Medicare contractor has
consulted with the OIG, and, as appropriate, the Department of Justice,
and determined that a credible allegation of fraud exists against a
provider or supplier, unless there is good cause not to suspend
payments; or
(3) Offset or recouped, in whole or in part, by a Medicare
contractor if the Medicare contractor or CMS has determined that the
provider or supplier to whom payments are to be made has been overpaid.
(b) Good cause not to suspend payments. CMS may find that good
cause exists not to suspend payments or not to continue to suspend
payments to an individual or entity against which there are credible
allegations of fraud if--
(1) OIG or other law enforcement agency has specifically requested
that a payment suspension not be imposed because such a payment
suspension may compromise or jeopardize an investigation;
(2) It is determined that beneficiary access to items or services
would be so jeopardized by a payment suspension in whole or part as to
cause a danger to life or health;
(3) It is determined that other available remedies implemented by
CMS or a Medicare contractor more effectively or quickly protect
Medicare

[[Page 58240]]

funds than would implementing a payment suspension; or
(4) CMS determines that a payment suspension or a continuation of a
payment suspension is not in the best interests of the Medicare
program. CMS will--
(i) Evaluate whether there is good cause not to continue a
suspension of payments under this section every 180 days after the
initiation of a suspension based on credible allegations of fraud; and
(ii) Request a certification from the OIG or other law enforcement
agency that the matter continues to be under investigation warranting
continuation of the suspension.
(c) Steps necessary for suspension of payment, offset, and
recoupment.
(1) Except as provided in paragraph (d) of this section, CMS or the
Medicare contractor suspends payments only after it has complied with
the procedural requirements set forth at Sec. 405.372.
(2) The Medicare contractor offsets or recoups payments only after
it has complied with the procedural requirements set forth at Sec.
405.373.
(d) Suspension of payment in the case of unfiled cost reports. (1)
If a provider has failed to timely file an acceptable cost report,
payment to the provider is immediately suspended in whole or in part
until a cost report is filed and determined by the Medicare contractor
to be acceptable.
(2) In the case of an unfiled cost report, the provisions of Sec.
405.372 do not apply. (See Sec. 405.372(a)(2) concerning failure to
furnish other information.)
6. Section 405.372 is amended as follows:
A. Remove the phrase ``intermediary, carrier'' wherever it appears
and adding the phrase ``Medicare contractor'' in its place.
B. Revising paragraphs (a)(4) and (d)(3).
C. In paragraph (e), removing the cross-reference ``Sec.
405.371(b)'' and adding the cross-reference ``Sec. 405.371(a)''.

Sec. 405.372 Proceeding for suspension of payment.

(a) * * *
(4) Fraud. If the intended suspension of payment involves credible
allegations of fraud under Sec. 405.371(a)(2), CMS--
(i) In consultation with OIG and, as appropriate, the Department of
Justice, determines whether to impose the suspension and if prior
notice is appropriate;
(ii) Directs the Medicare contractor as to the timing and content
of the notification to the provider or supplier; and
(iii) Is the real party in interest and is responsible for the
decision.
* * * * *
(d) * * *
(3) Exceptions to the time limits. (i) The time limits specified in
paragraphs (d)(1) and (d)(2) of this section do not apply if the
suspension of payments is based upon credible allegations of fraud
under Sec. 405.371(a)(2).
(ii) Although the time limits specified in (d)(1) and (d)(2) do not
apply to suspensions based on credible allegations of fraud, all
suspensions of payment in accordance with Sec. 405.371(a)(2) will be
temporary and will not continue after the resolution of an
investigation, unless a suspension is warranted because of reliable
evidence of an overpayment or that the payments to be made may not be
correct, as specified in Sec. 405.371(a)(1).
* * * * *

PART 424--CONDITIONS FOR MEDICARE PAYMENT

7. The authority of citation for part 424 continues to read as
follows:

Authority: Secs. 1102 and 1871 of the Social Security Act (42
U.S.C. 1302 and 1395hh).

8. Section 424.57 is amended by revising paragraph (e) to read as
follows:

Sec. 424.57 Special payment rules for items furnished by DMEPOS
suppliers and issuance of DMEPOS supplier billing privileges.

* * * * *
(e) Revalidation of billing privileges. A supplier must revalidate
its application for billing privileges every 3 years after the billing
privileges are first granted. (Each supplier must complete a new
application for billing privileges 3 years after its last
revalidation.)
* * * * *
9. Section 424.502 is amended by adding the definition of
``Institutional provider'' in alphabetical order to read as follows:

Sec. 424.502 Definitions.

* * * * *
Institutional provider means any provider or supplier that submits
a paper Medicare enrollment application using the CMS-855A, CMS-855B
(not including physician and nonphysician practitioner organizations),
CMS-855S or associated Internet-based PECOS enrollment application.
* * * * *
10. Section 424.514 is added to read as follows:

Sec. 424.514 Application fee.

(a) Application fee requirements for prospective institutional
providers. Beginning on or after March 23, 2011, prospective
institutional providers who are submitting an initial application or an
application to establish a new practice location must submit either of
the following:
(1) The applicable application fee.
(2) A request for a hardship exception to the application fee at
the time of filing a Medicare enrollment application.
(b) Application fee requirements for revalidating institutional
providers. Beginning March 23, 2011, institutional providers that are
subject to CMS revalidation efforts must submit either of the
following:
(1) The applicable application fee.
(2) A request for a hardship exception to the application fee at
the time of filing a Medicare enrollment application.
(c) Hardship exception for disaster areas. CMS will assess on a
case-by-case basis whether institutional providers enrolling in a
geographic area that is a Presidentially-declared disaster under the
Robert T. Stafford Disaster Relief and Emergency Assistance Act, 42
U.S.C. 5121-5206 (Stafford Act) should receive an exception to the
application fee.
(d) Application fee. The application fee and associated
requirements are as follows:
(1) For 2010, $500.00.
(2) For 2011 and subsequent years--
(i) Is adjusted by the percentage change in the consumer price
index for all urban consumers (all items; United States city average)
for the 12-month period ending with June of the previous year;
(ii) Is effective from January 1 to December 31 of a calendar year;
(iii) Is based on the submission of an initial application,
application to establish a new practice location or the submission of
an application in response to a Medicare contractor revalidation
request;
(iv) Must be in the amount calculated by CMS in effect for the year
during which the application for enrollment is being submitted;
(v) Is nonrefundable;
(vi) Must be resubmitted with an enrollment application that was
previously denied or rejected; and
(vii) Must be able to be deposited into a Government-owned account
and credited to the United States Treasury.
(e) Denial or revocation based on application fee. A Medicare
contractor may deny or revoke Medicare billing privileges of a provider
or supplier

[[Page 58241]]

based on noncompliance if, in the absence of a written request for a
hardship exception from the application fee that accompanies a Medicare
enrollment application the bank account on which the check that is
submitted with the enrollment application is drawn does not contain
sufficient funds to pay the application fee.
(f) Information needed for submission of a hardship exception
request. A provider or supplier requesting an exception from the
application fee must include with its enrollment application a letter
that describes the hardship and why the hardship justifies an
exception.
(g) Failure to submit application fee or hardship exception
request. A Medicare contractor must--
(1) Reject an enrollment application from a provider or supplier
that, with the exceptions described in Sec. 424.514(b), is not
accompanied by the application fee or by a letter requesting a hardship
exception from the application fee.
(2) Revoke the billing privileges of a currently enrolled provider
or supplier or deny the application to enroll and establish billing
privileges in the case of providers or suppliers not currently
enrolled, with the exceptions noted in Sec. 424.514(b), if an
enrollment application, including revalidation, is received that is not
accompanied by the application fee or by a letter requesting a hardship
exception from the application fee.
(h) Consideration of hardship exception request. CMS has 60 days in
which to approve or disapprove a hardship exception request.
(1) A Medicare contractor does not--
(i) Begin processing an enrollment application that is accompanied
by a hardship exception request until CMS has made a decision to
approve or disapprove the hardship exception request; and
(ii) Deny an enrollment application that is accompanied by a
hardship exception request unless the hardship exception request is
denied by CMS and the provider or supplier fails to submit the required
application fee within 30 days of being notified that the request for a
hardship exception was denied.
(2) A hardship exception determination made by CMS is appealable
using Sec. 405.874.
11. Section 424.515 is amended by adding a new paragraph (e) to
read as follows:

Sec. 424.515 Requirements for reporting changes and updates to, and
the periodic revalidation of Medicare enrollment information.

* * * * *
(e) Additional off-cycle revalidation. On or after March 23, 2012,
Medicare providers and suppliers, including DMEPOS suppliers, may be
required to revalidate their enrollment outside the routine 5-year
revalidation cycle (3-year DMEPOS supplier revalidation cycle).
(1) CMS will contact providers or suppliers to revalidate their
enrollment for off-cycle revalidation.
(2) As with all revalidations, revalidations described in this
paragraph are conducted in accordance with the screening procedures
specified at Sec. 424.518.
12. Section 424.518 is added to read as follows:

Sec. 424.518 Screening categories for Medicare providers and
suppliers.

A Medicare contractor is required to screen all initial
applications, including applications for a new practice location, and
any applications received in response to a revalidation request based
on a CMS categorical risk level of ``limited,'' ``moderate,'' or
``high.''
(a) Limited categorical risk--(1) Limited categorical risk:
Provider and supplier types. CMS has designated the following providers
and suppliers as ``limited'' categorical risk:
(i) Physician or nonphysician practitioners and medical groups or
clinics.
(ii) Ambulatory surgical centers.
(iii) End-stage renal disease facilities.
(iv) Federally qualified health centers.
(v) Histocompatibility laboratories.
(vi) Hospitals including critical access hospitals.
(vii) Indian Health Service facilities.
(viii) Mammography screening centers.
(ix) Organ procurement organizations.
(x) Mass immunization roster billers.
(xi) Portable x-ray suppliers.
(xii) Religious non-medical health care institutions.
(xiii) Rural health clinics.
(xiv) Radiation therapy centers.
(xv) Public or government-owned or -affiliated ambulance services
suppliers.
(xvi) Skilled nursing facilities.
(2) Limited categorical risk: Screening requirements. When CMS
designates a provider or supplier as a ``limited'' categorical level of
risk or the provider or supplier is publicly traded on the New York
Stock Exchange (NYSE) or the National Association of Securities Dealers
Automated Quotation System (NASDAQ), the Medicare contractor does all
of the following:
(i) Verifies that a provider or supplier meets any applicable
Federal regulations, or State requirement for the provider or supplier
type prior to making an enrollment determination.
(ii) Conducts license verifications, including licensure
verifications across State lines for physicians or nonphysician
practitioners and providers and suppliers that obtain or maintain
Medicare billing privileges as a result of State licensure, including
State licensure in State other than where the provider or supplier is
enrolling.
(iii) Conducts database checks on a pre- and post-enrollment basis
to ensure that providers and suppliers continue to meet the enrollment
criteria for their provider/supplier type.
(b) Moderate categorical risk--(1) Moderate categorical risk:
Provider and supplier types. CMS has designated the following providers
and suppliers as ``moderate'' categorical risk:
(i) The following prospective providers and suppliers that are not
publicly-traded on the NYSE or NASDAQ:
(A) Community mental health centers.
(B) Comprehensive outpatient rehabilitation facilities.
(C) Hospice organizations.
(D) Independent diagnostic testing facilities.
(E) Nongovernment-owned or -affiliated ambulance service suppliers.
(F) Independent clinical laboratories.
(ii) The following revalidating providers and suppliers that are
not publicly-traded on the NYSE or NASDAQ:
(A) Community mental health centers.
(B) Comprehensive outpatient rehabilitation facilities.
(C) Home health agencies.
(D) Hospice organizations.
(E) Independent diagnostic testing facilities.
(F) Nongovernment-owned or -affiliated ambulance service suppliers.
(G) Independent clinical laboratories.
(iii) Re-enrolling suppliers of DMEPOS that are not publicly-traded
on the NYSE or NASDAQ.
(2) Moderate categorical risk: Screening requirements. When CMS
designates a provider or supplier as a ``moderate'' categorical level
of risk, the Medicare contractor does all of the following:
(i) Performs the ``limited'' screening requirements described in
paragraph (a)(2) of this section.
(ii) Conducts an on-site visit.
(c) High categorical risk--(1) High categorical risk: Provider and
supplier types. CMS has designated home health agencies or suppliers of
DMEPOS that are not publicly-traded on the NYSE or NASDAQ as ``high''
categorical risk:
(A) Prospective providers or suppliers enrolling in the Medicare
program.
(B) Providers or suppliers establishing a new practice location.

[[Page 58242]]

(2) High categorical risk: Screening requirements. When CMS
designates a provider or supplier as a ``high'' categorical level of
risk, the Medicare contractor does all of the following:
(i) Performs the ``limited'' and ``moderate'' screening
requirements described in paragraphs (a)(2) and (b)(2) of this section.
(ii)(A) Conducts a criminal background check; and
(B) Requires the submission of sets of fingerprints using the FD-
258 standard fingerprint card.
(3) Adjustment in the categorical risk. CMS adjusts the categorical
risk level from ``limited'' or ``moderate'' to ``high'' if any of the
following occur:
(i) CMS or its Medicare contractor has information from a physician
or nonphysician practitioner that another individual is using their
identity within the Medicare program.
(ii) CMS imposes a payment suspension on a provider or supplier.
(iii) The provider or supplier--
(A) Has been excluded from Medicare by the OIG; or
(B) Had its billing privileges denied or revoked by a Medicare
contractor within the previous 10 years and is attempting to establish
additional Medicare billing privileges by--
(1) Enrolling as a new provider or supplier; or
(2) Billing privileges for a new practice location.
(C) Has been terminated or is otherwise precluded from billing
Medicaid.
(iv) CMS lifts a temporary moratorium for a particular provider or
supplier type.
(d) Fingerprinting requirements. An individual subject to the
fingerprints requirements specified in paragraph (c)(2)(ii)(B) of this
section--
(1) Must submit a set of fingerprints using the FD-258 standard
fingerprint card--
(i) With the Medicare enrollment application; or
(ii) Within 30 days of a Medicare contractor request.
(2) Who does not submit a set of fingerprints in accordance with
paragraph (d)(1) of this section will have his or her Medicare billing
privileges--
(i) Denied under Sec. 424.530(a)(1); or
(ii) Revoked under Sec. 424.535(a)(1).
13. Section 424.525 is amended by revising paragraph (a) as
follows:
A. Revising paragraph (a) introductory text.
B. Adding a new paragraph (a)(3).
The revision and addition read as follows:

Sec. 424.525 Rejection of a provider or supplier's enrollment
application for Medicare enrollment.

(a) Reasons for rejection. CMS may reject a provider or supplier's
enrollment application for any of the following reasons:
* * * * *
(3) The prospective institutional provider or supplier does not
submit the application fee in the designated amount or a hardship
waiver request with the Medicare enrollment application at the time of
filing.
* * * * *
14. Section 424.530 is amended by adding new paragraphs (a)(8) and
(a)(9) to read as follows:

Sec. 424.530 Denial of enrollment in the Medicare program.

(a) * * *
(8) Application fee/hardship exception. An institutional provider
or supplier's ``hardship exception'' request is not granted.
(9) Temporary moratorium. A provider or supplier submits an
enrollment application for a practice location in a geographic area
where CMS has imposed a temporary moratorium.
* * * * *
15. Section 424.535 is amended as follows:
A. Revising paragraph (a)(6).
B. Adding a new paragraph (a)(11).
C. Revising paragraph (c).

Sec. 424.535 Revocation of enrollment billing and billing privileges
in the Medicare program.

(a) * * *
(6) Grounds related to provider and supplier screening
requirements. (i)(A) An institutional provider does not submit an
application fee or ``hardship exception'' request that meets the
requirements set forth in Sec. 424.514 with the Medicare revalidation
application; or
(B) The ``hardship exception'' is not granted and the institutional
provider does not submit the applicable application form or application
fee within 30 days of being notified that the hardship exception
request was denied.
(ii)(A) The Medicare contractor is not able to either of the
following:
(1) Deposit the full application amount into a government-owned
account.
(2) The funds are not able to be credited to the U.S. Treasury.
(B) The provider or supplier lacks sufficient funds in the account
at the banking institution whose name is imprinted on the check or
other banking instrument to pay the application fee; or
(C) There is any other reason why CMS or its Medicare contractor is
unable to deposit the application fee into a government-owned account.
* * * * *
(11) Medicaid termination. Medicaid billing privileges are
terminated or revoked by a State Medicaid Agency, not withstanding
anything to the contrary in this section, must not apply unless and
until a provider or supplier has exhausted all applicable appeal
rights.
* * * * *
(c) Reapplying after revocation. (1) After a provider, supplier,
delegated official, or authorizing official has had their billing
privileges revoked, they are barred from participating in the Medicare
program from the effective date of the revocation until the end of the
re-enrollment bar.
(2) The re-enrollment bar is a minimum of 1 year, but not greater
than 3 years depending on the severity of the basis for revocation.
(3) CMS may waive the re-enrollment bar if it has revoked a
provider or supplier under Sec. 424.535(a)(6)(i) based upon the
failure of the provider or supplier to submit an application fee or a
hardship exception request with an enrollment application upon
revalidation.
* * * * *
16. A new Sec. 424.570 is added to read as follows:

Sec. 424.570 Moratoria on newly enrolling Medicare providers and
suppliers.

(a) Temporary moratoria. CMS may impose a moratorium on the
enrollment of new Medicare providers and suppliers of a particular type
or the establishment of new practice locations of a particular type in
a particular geographic area or nationally if--
(1) CMS determines that there is a significant potential for fraud,
waste or abuse with respect to a particular provider or supplier type
or particular geographic area or both. CMS's determination is based on
its review of existing data, and without limitation, identifies a trend
that appears to be associated with a high risk of fraud, waste or
abuse, such as a--
(i) Highly disproportionate number of providers or suppliers in a
category relative to the number of beneficiaries; or
(ii) Rapid increase in enrollment applications within a category;
(2) A State Medicaid program has imposed a moratorium on a group of
Medicaid providers or suppliers that are also eligible to enroll in the
Medicare program;

[[Page 58243]]

(3) A State has imposed a moratorium on enrollment in a particular
geographic area or on a particular provider or supplier type or both;
or
(4) CMS, in consultation the HHS OIG or the Department of Justice
or both and with the approval of the CMS Administrator identifies
either or both of the following as having a significant potential for
fraud, waste or abuse in the Medicare program:
(i) A particular provider or supplier type.
(ii) Any particular geographic area.
(b) Duration of moratoria. A moratorium under this section may be
imposed for a period of 6 months and, if deemed necessary by CMS, may
be extended in 6-month increments.
(c) Denial of enrollment: Moratoria. A Medicare contractor denies
the enrollment application of a provider or supplier if the provider or
supplier is subject to a moratorium as specified in paragraph (a) of
this section.
(d) Lifting moratoria. CMS may lift a temporary moratorium in a
specific geographic area or nationally if--
(1) The President declares an area a disaster under the Robert T.
Stafford Disaster Relief and Emergency Assistance Act, 42 U.S.C. 5121-
5206 (Stafford Act); or
(2) Circumstances warranting the imposition of a moratorium have
abated or CMS has implemented program safeguards to address the program
vulnerability;
(3) In the judgment of the Secretary, the moratorium is no longer
needed.

PART 438--MANAGED CARE

17. The authority for part 438 continues to read as follows:

Authority: Sec. 1102 of the Social Security Act (42 U.S.C.
1302).

18. Section 438.6 is amended by adding new paragraph (c)(5)(vi).

Sec. 438.6 Contract requirements.

* * * * *
(c) * * *
(5) * * *
(vi) Contracts with MCOs, PIHPs, and PAHPs must require all
ordering or referring network providers to be enrolled as participating
providers with the Medicaid program.
* * * * *

PART 447--PAYMENT FOR SERVICES

19. The authority citation for part 447 continues to read as
follows:

Authority: Sec. 1102 of the Social Security Act (42 U.S.C.
1302).

20. A new Sec. 447.90 is added to read as follows:

Sec. 447.90 FFP: Conditions related to pending investigations of
credible allegations of fraud against the Medicaid program.

(a) Basis and purpose. This section implements section
1903(i)(2)(C) of the Act which prohibits payment of FFP with respect to
items or services furnished by an individual or entity with respect to
which there is pending an investigation of a credible allegation of
fraud except under specified circumstances.
(b) Denial of FFP. No FFP is available with respect to any amount
expended for an item or service furnished by any individual or entity
to whom a State has failed to suspend payments in whole or part as
required by Sec. 455.23 unless:
(1) The item or service is furnished as an emergency item or
service, but not including items or services furnished in an emergency
room of a hospital; or
(2) The State determines and documents that good cause as specified
at Sec. 455.23(e) or (f) exists not to suspend such payments, to
suspend payments only in part, or to discontinue a previously imposed
payment suspension.

PART 455--PROGRAM INTEGRITY: MEDICAID

21. The authority citation for part 455 continues to read as
follows:

Authority: Sec. 1102 of the Social Security Act (42 U.S.C.
1302).

22. Section 455.2 is amended by adding the definition of ``Credible
allegation of fraud'' to read as follows:

Sec. 455.2 Definitions.

* * * * *
Credible allegation of fraud. A credible allegation of fraud is an
allegation from any source, including but not limited to the following:
(1) Fraud hotline complaints.
(2) Claims data mining.
(3) Patterns identified through provider audits, civil false claims
cases, and law enforcement investigations. Allegations are considered
to be credible when they have indicia of reliability.
* * * * *
23. Section 455.23 is revised to read as follows:

Sec. 455.23 Suspension of payments in cases of fraud.

(a) Basis for suspension. (1) The State Medicaid agency must
suspend all Medicaid payments to a provider when there is pending an
investigation of a credible allegation of fraud under the Medicaid
program against an individual or entity unless it has good cause to not
suspend payments or to suspend payment only in part.
(2) The State Medicaid agency may suspend payments without first
notifying the provider of its intention to suspend such payments.
(3) A provider may request, and must be granted, administrative
review where State law so requires.
(b) Notice of suspension. (1) The State agency must send notice of
its suspension of program payments within the following timeframes:
(i) Five days of taking such action unless requested in writing by
a law enforcement agency to temporarily withhold such notice.
(ii) Thirty days if requested by law enforcement in writing to
delay sending such notice, which request for delay may be renewed in
writing up to twice and in no event may exceed 90 days.
(2) The notice must include or address all of the following:
(i) State that payments are being suspended in accordance with this
provision.
(ii) Set forth the general allegations as to the nature of the
suspension action, but need not disclose any specific information
concerning an ongoing investigation.
(iii) State that the suspension is for a temporary period, as
stated in paragraph (c) of this section, and cite the circumstances
under which suspension will be terminated.
(iv) Specify, when applicable, to which type or types of Medicaid
claims or business units of a provider suspension is effective.
(v) Inform the provider of the right to submit written evidence for
consideration by State Medicaid Agency.
(c) Duration of suspension. (1) All suspension of payment actions
under this section will be temporary and will not continue after either
of the following:
(i) The agency or the prosecuting authorities determine that there
is insufficient evidence of fraud by the provider.
(ii) Legal proceedings related to the provider's alleged fraud are
completed.
(2) A State must document in writing the termination of a
suspension including, where applicable and appropriate, any appeal
rights available to a provider.
(d) Referrals to the Medicaid fraud control unit. (1) Whenever a
State Medicaid agency investigation leads to the initiation of a
payment suspension in whole or part, the State Medicaid Agency must
make a fraud referral to either of the following:

[[Page 58244]]

(i) To a Medicaid fraud control unit established and certified
under part 1007 of this Title; or
(ii) In States with no certified Medicaid fraud control unit, to an
appropriate law enforcement agency.
(2) The fraud referral made under paragraph (d)(1) of this section
must meet all of the following requirements:
(i) Be made in writing and provided to the Medicaid fraud control
unit not later than the next business day after the suspension is
enacted.
(ii) Conform to fraud referral performance standards issued by the
Secretary.
(3)(i) If the Medicaid fraud control unit or other law enforcement
agency accepts the fraud referral for investigation, the payment
suspension may be continued until such time as the investigation and
any associated enforcement proceedings are completed.
(ii) On a quarterly basis, the State must request a certification
from the Medicaid fraud control unit or other law enforcement agency
that any matter accepted on the basis of a referral continues to be
under investigation thus warranting continuation of the suspension.
(4) If the Medicaid fraud control unit or other law enforcement
agency declines to accept the fraud referral for investigation the
payment suspension must be discontinued unless the State Medicaid
agency makes a fraud referral to another law enforcement agency. In
that situation, the provisions of paragraph (d)(3) of this section
apply equally to that referral as well.
(5) A State's decision to exercise the good cause exceptions in
paragraphs (e) or (f) of this section not to suspend payments or to
suspend payments only in part does not relieve the State of the
obligation to refer any credible allegation of fraud as provided in
paragraph (d)(1) of this section.
(e) Good cause not to suspend payments. A State may find that good
cause exists not to suspend payments, or not to continue a payment
suspension previously imposed, to an individual or entity against which
there is an investigation of a credible allegation of fraud if any of
the following are applicable:
(1) Law enforcement officials have specifically requested that a
payment suspension not be imposed because such a payment suspension may
compromise or jeopardize an investigation.
(2) Other available remedies implemented by the State more
effectively or quickly protect Medicaid funds.
(3) The State determines that payment suspension is not in the best
interests of the Medicaid program.
(4) Recipient access to items or services would be jeopardized by a
payment suspension because of either of the following:
(i) An individual or entity is the sole community physician or the
sole source of essential specialized services in a community.
(ii) The individual or entity serves a large number of recipients
within a HRSA-designated medically underserved area.
(5) Law enforcement declines to certify that a matter continues to
be under investigation per the requirements of paragraph (d)(3) of this
section.
(f) Good cause to suspend payment only in part. A State may find
that good cause exists to suspend payments in part, or to convert a
payment suspension previously imposed in whole to one only in part, to
an individual or entity against which there is an investigation of a
credible allegation of fraud if any of the following are applicable:
(1) Recipient access to items or services would be jeopardized by a
payment suspension in whole or part because of either of the following:
(i) An individual or entity is the sole community physician or the
sole source of essential specialized services in a community.
(ii) The individual or entity serves a large number of recipients
within a HRSA-designated medically underserved area;
(2) The State determines that payment suspension only in part is in
the best interests of the Medicaid program.
(3)(i) The credible allegation focuses solely and definitively on
only a specific type of claim or arises from only a specific business
unit of a provider; and
(ii) The State determines and documents in writing that a payment
suspension in part would effectively ensure that potentially fraudulent
claims were not continuing to be paid.
(4) Law enforcement declines to certify that a matter continues to
be under investigation per the requirements of paragraph (d)(3) of this
section.
(g) Documentation and record retention. State Medicaid agencies
must meet the following requirements:
(1) Maintain for a minimum of 5 years from the date of issuance all
materials documenting the life cycle of a payment suspension that was
imposed in whole or part, including the following:
(i) All notices of suspension of payment in whole or part.
(ii) All fraud referrals to the Medicaid fraud control unit or
other law enforcement agency.
(iii) All quarterly certifications of continuing investigation
status by law enforcement.
(iv) All notices documenting the termination of a suspension.
(2)(i) Maintain for a minimum of 5 years from the date of issuance
all materials documenting each instance where a payment suspension was
not imposed, imposed only in part, or discontinued for good cause.
(ii) This type of documentation must include, at a minimum,
detailed information on the basis for the existence of the good cause
not to suspend payments, to suspend payments only in part, or to
discontinue a payment suspension and, where applicable, must specify
how long the State anticipates such good cause will exist.
(3) Annually report to the Secretary summary information on each of
following:
(i) Suspension of payment, including the nature of the suspected
fraud, the basis for suspension, and the outcome of the suspension.
(ii) Situation in which the State determined good cause existed to
not suspend payments, to suspend payments only in part, or to
discontinue a payment suspension as described in this section,
including describing the nature of the suspected fraud and the nature
of the good cause.
24. Section 455.101 is amended as follows:
A. Adding introductory text.
B. Adding the definitions of ``Health insuring organization
(HIO),'' ``Managed care entity (MCE),'' ``Prepaid ambulatory health
plan (PAHP),'' ``Primary care case manager (PCCM),'' ``Prepaid
inpatient health plan (PIHP),'' and ``Termination'' in alphabetical
order to read as follows:

Sec. 455.101 Definitions.

For the purposes of this part--
* * * * *
Health insuring organization (HIO) has the meaning specified in
Sec. 438.2.
Managed care entity (MCE) means managed care organizations (MCOs),
PIHPs, PAHPs, PCCMs, and HIOs.
* * * * *
Prepaid ambulatory health plan (PAHP) has the meaning specified in
Sec. 438.2.
Primary care case manager (PCCM) has the meaning specified in Sec.
438.2.
Prepaid inpatient health plan (PIHP) has the meaning specified in
Sec. 438.2.

[[Page 58245]]

Termination means--
(1) For a--
(i) Medicaid provider, a State Medicaid program has taken an action
to revoke the provider's billing privileges, and the provider has
exhausted all applicable appeal rights; and
(ii) Medicare provider, supplier or eligible professional, the
Medicare program has revoked the provider or supplier's billing
privileges.
(2)(i) In both programs, there is no expectation on the part of the
provider or supplier or the State or Medicare program that the
revocation is temporary.
(ii) The provider, supplier, or eligible professional will be
required to reenroll with the applicable program if they wish billing
privileges to be reinstated.
25. Section 455.104 is revised to read as follows:

Sec. 455.104 Disclosure by Medicaid providers and fiscal agents:
Information on ownership and control.

(a) Who must provide disclosures. The Medicaid agency must obtain
disclosures from disclosing entities, fiscal agents, and managed care
entities.
(b) What disclosures must be provided. The Medicaid agency must
require that disclosing entities, fiscal agents, and managed care
entities provide the following disclosures:
(1)(i) The name and address of any person (individual or
corporation).
(ii) Date of birth and social security number (in the case of an
individual).
(iii) Other tax identification number (in the case of a
corporation) with an ownership or control interest in the disclosing
entity (or fiscal agent or managed care entity) or in any subcontractor
in which the disclosing entity (or fiscal agent or managed care entity)
has a 5 percent or more interest.
(2) Whether the person (individual or corporation) with ownership
or control interest in the disclosing entity (or fiscal agent or
managed care entity) or in any subcontractor in which the disclosing
entity (or fiscal agent or managed care entity) has a 5 percent or more
interest is related to another as a spouse, parent, child, or sibling.
(3) The name of any other disclosing entity (or fiscal agent or
managed care entity) in which an owner of the disclosing entity (or
fiscal agent or managed care entity) has an ownership or control
interest.
(4) The name and address of any managing employee of the disclosing
entity (or fiscal agent or managed care entity).
(c) When the disclosures must be provided--(1) Disclosures from
providers. Disclosure from any provider is due at any of the following
times:
(i) Submits the provider application.
(ii) Executes the provider agreement.
(iii) Re-enrolls under Sec. 455.12.
(iv) Within 35 days after any change in ownership of the disclosing
entity.
(2) Disclosures from fiscal agents. Disclosures from fiscal agents
are due at any of the following times:
(i) That the fiscal agent submits the proposal in accordance with
the State's procurement process.
(ii) The fiscal agent executes the contract with the State
(iii) Upon renewal or extension of the contract.
(iv) Within 35 days after any change in ownership of the fiscal
agent.
(3) Disclosures from managed care entities. Disclosures from
managed care entities (MCOs, PIHPs, PAHPs, and HIOs), except PCCMs are
due at any of the following times:
(i) The managed care entity submits the proposal in accordance with
the State's procurement process.
(ii) The managed care entity executes the contract with the State.
(iii) Upon renewal or extension of the contract.
(iv) Within 35 days after any change in ownership of the managed
care entity.
(4) Disclosures from PCCMs. PCCMs will comply with disclosure
requirements under (c)(1) of this section.
(d) To whom must the disclosures be provided. All disclosures must
be provided to the Medicaid agency.
(e) Consequences for failure to provide required disclosures.
Federal financial participation (FFP) is not available in payments made
to a disclosing entity that fails to disclose ownership or control
information as required by this section.
26. A new subpart E is added to part 455 to read as follows:
Subpart E--Provider Screening and Enrollment
Sec.
455.400 Purpose.
455.405 State plan requirements.
455.410 Enrollment and screening of providers.
455.412 Verification of provider licenses.
455.414 Reenrollment.
455.416 Termination or denial of enrollment.
455.418 Deactivation of provider enrollment.
455.420 Reactivation of provider enrollment.
455.422 Appeal rights.
455.432 Site visits.
455.434 Criminal background checks.
455.436 Federal database checks.
455.440 National Provider Identifier.
455.450 Screening categories for Medicaid providers.
455.452 Other State screening methods.
455.460 Application fee.
455.470 Temporary moratoria.

Subpart E--Provider Screening and Enrollment

Sec. 455.400 Purpose.

This subpart implements sections 1866(j), 1902(a)(39), 1902(a)(77),
and 1902(a)(78) of the Social Security Act. It sets forth State plan
requirements regarding the following:
(a) Provider screening and enrollment requirements.
(b) Fees associated with provider screening.
(c) Temporary moratoria on enrollment of providers.

Sec. 455.405 State plan requirements.

A State plan must provide that the requirements of Sec. 455.410
through Sec. 455.450 and Sec. 455.470 are met.

Sec. 455.410 Enrollment and screening of providers.

(a) The State Medicaid agency must require all enrolled providers
to be screened under to this subpart.
(b) The State Medicaid agency must require all ordering or
referring physicians or other professionals providing services under
the State plan or under a waiver of the plan to be enrolled as
participating providers.
(c) The State Medicaid agency may rely on the results of the
provider screening performed by any of the following:
(1) Medicare contractors.
(2) Medicaid agencies or Children's Health Insurance Programs of
other States.

Sec. 455.412 Verification of provider licenses.

The State Medicaid agency must--
(a) Have a method for verifying that any provider purporting to be
licensed in accordance with the laws of any State is licensed by such
State.
(b) Confirm that the provider's license has not expired and that
there are no current limitations on the provider's license.

Sec. 455.414 Reenrollment.

The State Medicaid agency must screen all providers regardless of
provider type at least every 5 years.

Sec. 455.416 Termination or denial of enrollment.

The State Medicaid agency--
(a) Must terminate the enrollment of any provider where any person
with an ownership or control interest or who is an agent or managing
employee of the provider did not submit timely and

[[Page 58246]]

accurate information and cooperate with any screening methods required
under this subpart.
(b) Must deny enrollment or terminate the enrollment of any
provider where any person with an ownership or control interest or who
is an agent or managing employee of the provider has been convicted of
a criminal offense related to that person's involvement with the
Medicare, Medicaid, or title XXI program in the last 10 years, unless
the State Medicaid agency determines that denial or termination of
enrollment is not in the best interests of the Medicaid program and the
State Medicaid agency documents that determination in writing.
(c) Must deny enrollment or terminate the enrollment of any
provider that is terminated on or after January 1, 2011, under title
XVIII of the Act or under the Medicaid program or CHIP of any other
State.
(d) Must terminate the provider's enrollment or deny enrollment of
the provider if the provider or a person with an ownership or control
interest or who is an agent or managing employee of the provider fails
to submit timely or accurate information, unless the State Medicaid
agency determines that termination or denial of enrollment is not in
the best interests of the Medicaid program and the State Medicaid
agency documents that determination in writing.
(e) Must terminate or deny enrollment if the provider, or any
person with an ownership or control interest or who is an agent or
managing employee of the provider, fails to submit sets of fingerprints
in a form and manner to be determined by the Medicaid agency within 30
days of a CMS or a State Medicaid agency request, unless the State
Medicaid agency determines that termination or denial of enrollment is
not in the best interests of the Medicaid program and the State
Medicaid agency documents that determination in writing.
(f) Must terminate or deny enrollment if the provider fails to
permit access to provider locations for any site visits under Sec.
455.432, unless the State Medicaid agency determines that termination
or denial of enrollment is not in the best interests of the Medicaid
program and the State Medicaid agency documents that determination in
writing.
(g) May terminate or deny the provider's enrollment if CMS or the
State Medicaid agency--
(1) Determines that the provider has falsified any information
provided on the application; or
(2) Cannot verify the identity of any provider applicant.

Sec. 455.418 Deactivation of provider enrollment.

The State Medicaid Agency must deactivate any provider enrollment
number that has been inactive as a result of having submitted no claims
or making no referrals that resulted in Medicaid claims for a period of
12 months.

Sec. 455.420 Reactivation of provider enrollment.

After deactivation of a provider enrollment number for any reason,
before the provider's enrollment may be reactivated, the State Medicaid
agency must re-screen the provider and require payment of associated
provider application fees under Sec. 455.460.

Sec. 455.422 Appeal rights.

The State Medicaid agency must give providers terminated under
Sec. 455.416, and with respect to enrollment, any appeal rights
available under procedures established by State law or rule.

Sec. 455.432 Site visits.

The State Medicaid agency--
(a) Must conduct pre-enrollment and post-enrollment site visits of
providers who are designated as ``moderate'' or ``high'' categorical
risks to the Medicaid program. The purpose of the site visit will be to
verify that the information submitted to the State Medicaid agency is
accurate and to determine compliance with Federal and State enrollment
requirements.
(b) Must require any enrolled provider to permit CMS, its agents,
its designated contractors, or the State Medicaid agency to conduct
unannounced on-site inspections of any and all provider locations.

Sec. 455.434 Criminal background checks.

The State Medicaid agency--
(a) As a condition of enrollment, must require providers to consent
to criminal background checks including fingerprinting when required to
do so under State law or by the level of risk determined for that
category of provider.
(b) Must establish categorical risk levels for providers and
provider types who pose an increased financial risk of fraud, waste or
abuse to the Medicaid program.
(1) Upon the State Medicaid agency determining that a provider, or
a person with an ownership or control interest or who is an agent or
managing employee of the provider, meets the State Medicaid agency's
criteria hereunder for criminal background checks as a ``high'' risk to
the Medicaid program, the State Medicaid agency will require that each
such provider or person submit fingerprints.
(2) The State Medicaid agency must require a provider, or any
person with an ownership or control interest or who is an agent or
managing employee of the provider, to submit two sets of fingerprints,
in a form and manner to be determined by the State Medicaid agency,
within 30 days upon request from CMS or the State Medicaid agency.

Sec. 455.436 Federal database checks.

The State Medicaid agency must do all of the following:
(a) Confirm the identity and determine the exclusion status of
providers and any person with an ownership or control interest or who
is an agent or managing employee of the provider through routine checks
of Federal databases.
(b) Check applicable databases maintained by the Social Security
Administration, the National Plan and Provider Enumeration System
(NPPES), the List of Excluded Individuals/Entities (LEIE), the Excluded
Parties List System (EPLS), and any such other databases as the
Secretary may prescribe.
(c)(1) Consult appropriate databases to confirm identity upon
enrollment and reenrollment; and
(2) Check the LEIE and EPLS no less frequently than monthly.

Sec. 455.440 National Provider Identifier.

The State Medicaid agency must require all claims for payment for
items and services that were ordered or referred to contain the
National Provider Identifier (NPI) of the physician or other
professional who ordered or referred such items or services.

Sec. 455.450 Screening categories for Medicaid providers.

A State Medicaid agency must screen all initial applications,
including applications for a new practice location, and any
applications received in response to a re-enrollment request based on a
categorical risk level of ``limited,'' ``moderate,'' or ``high.'' If a
provider could fit within more than one risk category described in this
section, the risk category with the highest level of screening is
applicable.
(a) Screening for providers designated as limited categorical risk.
When the State Medicaid agency designates a provider as a ``limited''
categorical risk or the provider is publicly traded on the New York
Stock Exchange (NYSE) or National Association of Securities Dealers
Automated Quotation System (NASDAQ), the State Medicaid agency must do
all of the following:

[[Page 58247]]

(1) Verify that a provider meets any applicable Federal
regulations, or State requirements for the provider type prior to
making an enrollment determination.
(2) Conduct license verifications, including State licensure
verifications in States other than where the provider is enrolling, in
accordance with Sec. 455.412.
(3) Conduct database checks on a pre- and post-enrollment basis to
ensure that providers continue to meet the enrollment criteria for
their provider type, in accordance with Sec. 455.436.
(b) Screening for providers designated as moderate categorical
risk. When the State Medicaid agency designates a provider as a
``moderate'' categorical risk, a State Medicaid agency must do both of
the following:
(1) Perform the ``limited'' screening requirements described in
paragraph (a) of this section.
(2) Conduct on-site visits in accordance with Sec. 455.432.
(c) Screening for providers designated as high categorical risk.
When the State Medicaid agency designates a provider as a ``high''
categorical risk, a State Medicaid agency must do both of the
following:
(1) Perform the ``limited'' and ``moderate'' screening requirements
described in paragraphs (a) and (b) of this section.
(2)(i) Conduct a criminal background check; or
(ii) Require the submission of set of fingerprints in accordance
with Sec. 455.434.
(d) Denial or termination of enrollment. A provider, or any person
with an ownership or control interest or who is an agent or managing
employee of the provider, who is required by the State Medicaid agency
or CMS to submit a set of fingerprints and fails to do so may have
its--
(1) Application denied under Sec. 455.434; or
(2) Enrollment terminated under Sec. 455.416.
(e) Adjustment of risk level. The State agency must adjust the
categorical risk level from ``limited'' or ``moderate'' to ``high''
when any of the following occurs:
(1) The State Medicaid agency imposes a payment suspension on a
provider based on credible allegation of fraud, waste or abuse, the
provider has an existing Medicaid overpayment, or the provider has been
excluded by the OIG or another State's Medicaid program within the
previous 10 years.
(2) The State Medicaid agency or CMS lifts a temporary moratorium
for a particular provider type.

Sec. 455.452 Other State screening methods.

Nothing herein must restrict the State Medicaid agency from
establishing provider screening methods in addition to or more
stringent than those required by this subpart.

Sec. 455.460 Application fee.

(a) Beginning on or after March 23, 2011, States may collect the
applicable application fee prior to executing a provider agreement from
prospective or re-enrolling providers other than--
(1) Individual physicians or nonphysician practitioners.
(2) (i) Providers who are enrolled in either--
(A) Title XVIII of the Act; or
(B) Another State's title XIX or XXI plan.
(ii) Providers that have paid the applicable application fee to--
(A) A Medicare contractor; or
(B) Another State.
(b) If the fees collected by a State agency in accordance with
paragraph (a) of this section exceed the cost of the screening program,
the State agency must return that portion of the fees to the Federal
government.

Sec. 455.470 Temporary moratoria.

(a)(1) The Secretary consults with any affected State Medicaid
agency regarding imposition of temporary moratoria on enrollment of new
providers or provider types prior to imposition of the moratoria, in
accordance with Sec. 424.570.
(2) The State Medicaid agency will impose temporary moratoria on
enrollment of new providers or provider types identified by the
Secretary as posing an increased risk to the Medicaid program.
(3)(i) The State Medicaid agency is not required to impose such a
moratorium if the State Medicaid agency determines that imposition of a
temporary moratorium would adversely affect beneficiaries' access to
medical assistance.
(ii) If a State Medicaid agency makes such a determination, the
State Medicaid agency must notify the Secretary in writing.
(b)(1) A State Medicaid agency may impose temporary moratoria on
enrollment of new providers, or impose numerical caps or other limits
that the State Medicaid agency identifies as having a significant
potential for fraud, waste, or abuse and that the Secretary has
identified as being at ``high'' risk for fraud, waste, or abuse.
(2) Before implementing the moratoria, caps, or other limits, the
State Medicaid agency must determine that its action would not
adversely impact beneficiaries' access to medical assistance.
(3) The State Medicaid agency must notify the Secretary in writing
in the event the State Medicaid agency imposes such moratoria,
including all details of the moratoria.
(c)(1) The State Medicaid agency must impose the moratorium for an
initial period of 6 months.
(2) If the State Medicaid agency determines that it is necessary,
the State Medicaid agency may extend the moratorium in 6-month
increments.
(3) Each time, the State Medicaid agency must document in writing
the necessity for extending the moratorium.

PART 457--ALLOTMENTS AND GRANTS TO STATES

27. The authority for part 457 continues to read as follows:

Authority: Section 1102 of the Social Security Act (42 U.S.C.
1302).
28. Section 457.900 is amended by adding a new paragraph (a)(2)(x)
to read as follows:

Sec. 457.900 Basis, scope and applicability.

(a) * * *
(2) * * *
(x) Sections 1902(a)(77) and 1902(ii) relating to provider and
supplier screening, oversight, and reporting requirements.
* * * * *
29. A new Sec. 457.990 is added to subpart I to read as follows:

Sec. 457.990 Provider and supplier screening, oversight and reporting
requirements.

The following provisions and their corresponding regulations apply
to a State under title XXI of the Act, in the same manner as these
provisions and regulations apply to a State under title XIX of the Act:
(a) Part 455 Subpart E of this chapter.
(b) Sections 1902(a)(77) and 1902(ii) of the Act pertaining to
provider and supplier screening, oversight, and reporting requirements.

PART 498--APPEALS PROCEDURES FOR DETERMINATIONS THAT AFFECT
PARTICIPATION IN THE MEDICARE PROGRAM AND FOR DETERMINATIONS THAT
AFFECT THE PARTICIPATION OF ICFs/MR AND CERTAIN NFs IN THE MEDICAID
PROGRAM

30. The authority citation for part 498 continues to read as
follows:

Authority: Secs. 1102 and 1871 of the Social Security Act (42
U.S.C. 1302 and 1395hh).

[[Page 58248]]

31. Section 498.5 is amended by adding a new paragraph (l)(4) to
read as follows:
* * * * *
(l) * * *
(4) Scope of review. For appeals of denials based on Sec.
424.530(a)(9) related to temporary moratorium, the scope of review will
be limited to whether the temporary moratoria applies to the provider
or supplier appealing the denial. The agency's basis for imposing a
temporary moratorium is not subject to review.

PART 1007--STATE MEDICAID FRAUD CONTROL UNITS

32. The authority for part 1007 continues to read as follows:

Authority: 42 U.S.C. 1320 and 1395hh.
33. Section 1007.9 is amended by adding paragraphs (e) through (g)
to read as follows:

Sec. 1007.9 Relationship to, and agreement with, the Medicaid agency.

* * * * *
(e)(1) The unit may refer any provider with respect to which there
is pending an investigation of a credible allegation of fraud under the
Medicaid program to the State Medicaid agency for payment suspension in
whole or part under Sec. 455.23.
(2) Referrals may be brief, but must be in writing and include
sufficient information to allow the State Medicaid agency to identify
the provider and to explain the credible allegations forming the
grounds for the payment suspension.
(f) Any request by the unit to the State Medicaid agency to delay
notification to the provider of a payment suspension under Sec. 455.23
of this Title must be in writing.
(g) When the unit accepts or declines a case referred by the State
Medicaid agency, the unit notifies the State Medicaid agency in writing
of the acceptance or declination of the case.

(Catalog of Federal Domestic Assistance Program No. 93.778, Medical
Assistance Program) (Catalog of Federal Domestic Assistance Program
No. 93.773, Medicare--Hospital Insurance; and Program No. 93.774,
Medicare--Supplementary Medical Insurance Program)

Dated: September 13, 2010.
Donald Berwick,
Administrator, Centers for Medicare & Medicaid Services.
Approved: September 15, 2010.
Kathleen Sebelius,
Secretary.
[FR Doc. 2010-23579 Filed 9-17-10; 11:15 am]
BILLING CODE 4120-01-P