Outsourcing Sanction Screening

One of the most significant trends in business over the last decade has been the movement to outsourcing as many functions not directly involved in the core business activities as possible. This is being done to save staff time and costs and to gain access to better expertise. Compliance programs have also followed this trend, most notably in outsourcing the hotline. Another area that comes to mind for outsourcing is the rapidly growing cost and time commitment in meeting the requirements relating to sanction-screening.

Sanction-screening obligations began with the DHHS Office of Inspector General (OIG). Under my direction, the List of Excluded Individuals and Entities (LEIE) was created, initially called the Cumulative Sanction List. The OIG compliance guidance called for screening of employees, physicians, vendors, and contractors against not only the LEIE, but also the General Services Administration (GSA) debarment database called the Excluded Parties List System (EPLS), now a part of the System for Awards Management (SAM).

Failing to screen out excluded or debarred individuals or entities could result in all claims and costs associated with that excluded party being viewed as false and fraudulent, resulting in significant financial penalties. From the CMS perspective, sanction and exclusion not only play a role in terms of payment, but also enrollment. Federal regulations state “To obtain/maintain active enrollment status, providers may not employ or contract with individuals/entities excluded from participation in any federal health care program or debarred by the GSA from any other executive branch program or activity.”1

Over the years, additional federal sanction databases have been identified as useful for screening, including that maintained by the Drug Enforcement Administration (DEA) and Food and Drug Administration (FDA).

New impetus was added to the equation when CMS sent letters to the State Medicaid Directors, calling on them to screen their enrolled providers for exclusions on a monthly basis. This was followed with another letter emphasizing that directors should remind providers of their obligation to screen all their employees and contractors against the OIG LEIE monthly. Since then, about half of the states have already moved to establish their own Medicaid sanction list, with more on the way. Many states now mandate monthly screening against their list, as well as the LEIE. This has increased the sanction screening burden exponentially, not only for the compliance office, but also human resource management, since new hires and current employees have to be screened periodically. Procurement is affected by the number of vendors and contractors that also have to be screened, whose numbers are a multiple of the other parties that need to be screened. Medical credentialing is involved as a result of having to screen physicians granted staff privileges, as well.

Today, it is common for organizations to use a vendor’s search engine tools to assist in sanction screening. This saves an organization from downloading the sanction databases of all the entities and developing its own search engine. Using a vendor for this purpose is a step in the right direction; however the bulk of the screening work remains with the organization and resolving potential “hits” remains with the organization. Altogether this can be a considerable effort and many organizations have to dedicate one or many employees to meet all these obligations.

For those that manage the entire sanction screening process in-house, consideration should be given to using a vendor’s sanction screening search engine service. The following suggestions are offered for those trying to find the right service, as well as those that already are using one:

1. Make sure the service is fixed rate and not one that charges on a per-click or volume of screening. That can run up the costs to a prohibitive level.
2. Ensure the contract permits cancelling without cause at any time. A client should be held to a company by good service and not by contract.
3. Determine if the vendor provides any other services or support in addition to its tool; for example, providing policy templates, regulatory updates, advisory notifications, help desk, etc.

Consideration may also be given to outsourcing the entire process to a vendor, including conducting the screenings, resolving the potential “hits”, and providing a certified report of the results that can be made part of the compliance office records. Such services exist and the cost of full outsourcing may not be much more than what organizations are already paying a vendor to just gain access to the search engine tools.

1. 42 C.F.R. §424.516

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 2,000 health care organizations and entities in developing, implementing and assessing compliance programs.