On June 2, 2015, Center for Medicare & Medicaid Services (CMS), provided direction to state Medicaid Directors on the implementation of Section 6401 of the Affordable Care Act, Provider Screening and Other Enrollment Requirements under Medicare, Medicaid and the Children’s Health Insurance Program (CHIP).

By March of 2016, all of a state’s Medicaid and CHIP providers must be ranked as having a “high,” “moderate,” or “limited” risk of defrauding the program.  If deemed a “high” risk, the provider and any person with 5 percent direct or indirect ownership interest in the provider, must submit fingerprints and undergo a criminal background check.  42 CFR 455.434(b).

The CMS action has an across the board implication for a wide variety of providers.  It is significant since it is indicative of other measures that are expected to be unveiled in the future as an ongoing effort to combat Medicaid and CHIP fraud.

State Medicaid agencies are given discretion in making determinations as to which providers and which categories of providers pose a “high” risk of fraud, waste, or abuse to the Medicaid program.  However, certain providers and categories of providers must be designated as “high” risk.

One category designated as “high” risk are newly enrolled home health agencies, newly enrolled durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) suppliers.  42 CFR 424.518(c).

A Medicaid agency is required to adjust a provider’s “screening level” to “high” risk when: (1) the agency imposes a payment suspension; (2) the provider has an existing overpayment; (3) the provider has been excluded by the Office of Inspector General (OIG) or another state’s Medicaid program; (4) the agency or CMS in the previous 6 months lifted a temporary moratorium for a certain provider type and a provider that was prevented from enrolling during the moratorium applies for enrollment within six months from the date the moratorium was lifted.  42 CFR 455.450(e).

A state Medicaid agency must terminate or deny enrollment of a provider if the provider, or any person with a 5 percent or greater direct or indirect ownership interest, who is required to submit fingerprints has been convicted of a criminal offense related to that person’s involvement in Medicare, Medicaid or CHIP program in the last 10 years.

CMS recommends the Medicaid state agencies implement elements of the Medicare process in conducting criminal background checks such as: (1) providing written notification to “high” risk providers of the requirement to submit fingerprints, listing all of those required to be fingerprinted and the steps to be followed; (2) identifying locations for fingerprinting; (3) setting a deadline for compliance no later than 30 days from the request for fingerprints; (4) transmittal of the fingerprints to the FBI or state law enforcement agency for processing; (5) making enrollment, denial, or termination determinations upon receipt of the criminal background results; (6) store all fingerprint data consistent with security and privacy requirements.