OIG Releases Revised Policy Statement on Exclusion Authority

On April 18, 2016, the Office of Inspector General of the Department of Health and Human Services (OIG) released a revised policy statement on its exclusion authority, entitled Criteria for Implementing Section 1128(b)(7) Exclusion Authority (the “Criteria Statement”). The Criteria Statement, which replaces OIG’s 1997 policy statement, identifies the non-binding criteria to be used by OIG when determining whether to pursue exclusion against a provider or other individual. In contrast to the 1997 policy, the Criteria Statement begins with a presumption of exclusion, and includes a “risk spectrum” for OIG’s use in considering whether that presumption can be rebutted in a particular matter.

OIG’s Exclusion Authority

Briefly, Section 1128 of the Social Security Act (42 U.S.C. § 1320a-7) provides for mandatory and permissive exclusion from participation in federal healthcare programs as a result of certain occurrences. Exclusion is mandatory in instances of a provider or individual’s conviction for: (i) fraud or abuse related to Medicare, Medicaid, or another federal or state healthcare program, (ii) a crime involving patient abuse, or (iii) a felony-level crime involving controlled substances.

Exclusion is permissive in instances of, among other things: (a) engaging in improper kickback arrangements, (b) certain misdemeanor healthcare fraud or controlled substance-related convictions, (c) a conviction for obstruction of an investigation or audit, (d) revocation or suspension of a license or permit to provide health care, (e) filing improper, false, or fraudulent claims, (f) defaulting on student loans, or (f) providing medically unnecessary or substandard services. In the Criteria Statement, OIG indicates that the question of permissive exclusion most often arises in the context of False Claims Act matters.

The effects of an OIG exclusion are devastating. No federal healthcare program payment may be made for any items or services furnished by, at the medical direction of, or pursuant to an order from, an excluded person. As a domino-effect, civil monetary penalties and False Claims Act liability may fall on providers that employ or contract with excluded providers/persons to provide items or services payable by federal healthcare programs. As such, avoiding permissive exclusion is critical. The Criteria Statement provides insight to providers on how OIG might approach permissive exclusion.

OIG’s New Presumption of Exclusion

The Criteria Statement indicates that OIG will presume that some period of exclusion should be imposed against a provider/person who has defrauded Medicare or another federal healthcare program. This presumption may be in place because of OIG’s expectation that providers have developed more sophisticated compliance programs and increased their awareness of compliance matters in the nearly twenty years since the 1997 policy statement.

OIG acknowledges that the exclusion presumption may be rebuttable in certain situations. The Criteria Statement identifies a new spectrum to be used to rate the risk a provider/person poses to the federal healthcare programs and the factors that OIG will consider when evaluating whether exclusion is indeed the appropriate response to that measured risk.

The New Risk Spectrum

In the Criteria Statement, OIG identifies a “risk spectrum” that it uses to predict the future risk to the federal healthcare programs; based on that prediction, OIG determines whether the presumption of exclusion may be rebutted.

Not surprisingly, OIG pursues exclusion when the risk is highest (i.e., in cases of patient harm, refusal to enter into a corporate integrity agreement, and/or knowing fraud), and provides a release of its exclusion authority when the risk is lowest (i.e., in cases involving self-disclosure coupled with high levels of cooperation and relatively low financial harm as measured in proportion to the size of the entity, and/or willingness to accept robust integrity obligations vis-à-vis the Department of Justice).

Of greater interest is the area in between. OIG identifies the range of administrative options at its disposal for matters that fall in the middle of the risk spectrum. The range of options is as follows, listed as responsive to the highest risk first: (1) exclusion; (2) heightened scrutiny; (3) integrity obligations; (4) take no further action but reserve exclusion authority; or (5) provide a release with no integrity obligations. Placement on the spectrum and the responsive option elected by OIG in any specific matter is determined by OIG’s consideration of a number of factors.

The Factors for Consideration

The factors considered by OIG when determining where to place a matter on the risk spectrum, and whether to pursue exclusion or another option for that matter, fall in four categories:

Category One – The nature and circumstances of the conduct. Here, OIG considers, among other things, any adverse impact on patients, the financial loss to federal healthcare programs as a result of the conduct, whether the conduct constituted a pattern and practice or occurred over a substantial period of time, involvement of persons with a leadership role, and the provider’s/person’s history of prior fraudulent conduct.

Category Two – The provider’s/person’s conduct during the government’s investigation. OIG will consider if the government’s investigation was hindered or impeded, whether the provider/person attempted to conceal the conduct, any failure to timely respond to a subpoena or other request, whether the provider/person conducted an internal investigation, and cooperation levels.

Category Three – Whether the provider/person engaged in significant ameliorative efforts. OIG will review whether the provider took appropriate disciplinary action against the individuals responsible for the conduct, whether the provider/person devoted significantly more resources to the compliance function after the conduct was discovered, and whether training efforts increased.

Category Four – The provider’s/person’s history of compliance. OIG will consider whether the provider/person has a history of making overpayments and self-disclosures where applicable, and whether the provider/person has a robust compliance program.

Outside of these four categories, OIG also gave a nod to its consideration of whether a provider/person is the sole source of essential services in a community. OIG further indicated that it may be inclined to assess a lower risk level if the provider is sold to a successor entity and the new owner does not have a prior history of wrong-doing and has an existing compliance program.


The Criteria Statement provides helpful information for providers, both those involved in active matters with OIG and those looking to position themselves in the best light for the future. We have already engaged in discussions with OIG representatives in which they cited and relied upon the Criteria Statement in order to identify where on the new “risk spectrum” they were placing a particular matter, as well as the factors supporting that placement. In that regard, it seems as if the Criteria Statement may become a “Yates Memo” of sorts for OIG.

To review the entire document and formatting for this alert (e.g., footnotes), please access the original below:

Related Services