CMS Announces Final Rule Risk Category
on December 28, 2022
On Nov. 23, 2022, CMS passed a final rule [87 FR 722931] that significantly changed the risk categories for certain providers and suppliers (including DMEPOS) when they initiate enrollment actions. These changes will be effective on Jan. 1, 2023.
“I will review the provider and supplier types affected (collectively “providers”), the fingerprinting process involved, and the effects these changes will have on these providers as they attempt to enroll new entities or undergo change of ownership (CHOW) applications,” said Mark Higley, VP of Regulatory Affairs, VGM Government Relations.
As required by the Affordable Care Act, CMS established risk categories identifying what level of scrutiny to apply to new enrollment applications, CHOWs, and revalidations by provider type. The risk categories are “limited,” “moderate,” and “high.”
Providers in the high-risk categories are subject to additional requirements that include fingerprint-based criminal background checks as part of the enrollment process. A provider type can be in different categories depending on the enrollment action being requested. For example, a provider can be in the high-risk category when attempting to enroll a new entity and in the moderate-risk category when seeking to revalidate that same entity. In addition, providers of any type can be elevated to a high-risk category and subject to fingerprinting-based background checks if certain sanctions have been imposed on the provider, such as a CMS payment suspension or OIG exclusions.
Provider Types Affected:
- Durable Medical Equipment, Prosthetics, and Orthotics (DMEPOS) suppliers
- Home Health Agencies (HHAs)
- Medicare Diabetes Prevention Program suppliers (MDPP)
- Opioid Treatment Program providers (OTP)
DMEPOS suppliers, HHAs, MDPP suppliers, and OTP providers will be considered high-risk and subject to intense scrutiny when attempting to report a change of ownership with CMS. These providers were previously considered high-risk for a new CMS enrollment, but not for CHOW applications.
Effective Jan. 1, 2023, DMEPOS suppliers, HHAs, MDPP suppliers, and OTP providers that were certified by the Substance Abuse and Mental Health Services Administration after Oct. 24, 2018, submitting either: (1) a change of ownership application or (2) an application to report any new owner must have the new owner submit to fingerprint-based criminal background check requirements. In either scenario, the new owner must have a 5% or greater interest.
- Skilled Nursing Facilities (SNF)
Since the regulation requires CMS to place providers in categories, skilled nursing facilities (SNFs) were categorized as a limited risk for all enrollment actions. However, with the implementation of this final rule, SNFs will be considered high risk and subject to intense scrutiny when attempting to initially enroll or report a CHOW with CMS. In addition, SNF revalidations will be processed under a moderate level of scrutiny.
The most burdensome part of this change for SNFs will be the fingerprint-based criminal background check requirements. When a SNF initially enrolls, then anyone who owns 5% or more of the SNF must submit fingerprints and undergo a criminal background check in connection with the enrollment application. Fingerprint-based background checks will also be required if an enrolled SNF reports a change of ownership with a new 5% or more owner.
Fingerprinting and Background Check Procedures
CMS has contracted with Accurate Biometrics to conduct a fingerprint-based background check on all individuals with a 5% or greater ownership in a provider or supplier that falls under the high-risk category for purposes of enrollment screening. If a provider is required to process fingerprints through Accurate Biometrics, they will receive a letter from the Medicare Administrative Contractor.
Click here for more information.
Then, the provider must print the fingerprint and affidavit forms available on the Accurate Biometrics website and take them to a law enforcement agency or fingerprint vendor to have the fingerprints done. Then, the form and affidavit must be mailed to Accurate Biometrics. There is a link on the website to check the status of the fingerprint and background check processing.
Effects of These Changes on Providers
The fingerprinting process will slow down initial enrollment applications and CHOWs when these affected providers are forming a new entity or undergoing a change of ownership transaction. To complicate the process further for DMEPOS suppliers, CMS recently eradicated the National Supplier Clearinghouse for Medicare enrollment applications for DMEPOS suppliers. Effective on Nov. 7, 2022, there is now a National Provider Enrollment East administered by Novitas Solutions and a National Provider Enrollment West administered by Palmetto GBA. DMEPOS suppliers will now process Medicare enrollments through one of these National Provider Enrollment contractors depending on state location. As these contractors transition to their new roles, pending enrollment applications for DMEPOS suppliers are likely to be affected.
Another interesting aspect of the increased scrutiny will be how CMS will enforce the fingerprinting-based criminal background checks for affected provider types when the owners or new owners with 5% or more interest are corporations or private entity firms. The statute designates that “individuals” who maintain a 5% or greater direct or indirect ownership interest in the provider or supplier are subject to the high screening requirements. As private equity firm’s involvement in the healthcare system continues to increase, CMS will have to determine how to screen owners who are not individuals.
We will keep you updated when we learn more.
- vgm government