Printer Friendly, PDF & Email

OIG's Fraud Risk Indicator: Strategic implications for resolving exclusion liability

Patrick Garcia ( is an attorney with Hall, Render, Killian, Heath & Lyman PC in Annapolis, MD.

The Office of Inspector General for the U.S. Department of Health and Human Services (OIG) recently unveiled the use of a new tool called the Fraud Risk Indicator. OIG’s stated purpose behind this new initiative is to provide more transparency to industry stakeholders (e.g., patients, family members, healthcare industry professionals) regarding OIG’s risk assessment of a party to a False Claims Act (FCA) settlement and where that particular party falls on the OIG exclusion risk spectrum in cases where there is no corporate integrity agreement (CIA).

OIG has the authority to exclude any individual or entity from participation in the federal healthcare programs if they engage in certain healthcare fraud conduct. The government’s primary tool for enforcing healthcare fraud violations is the FCA. Most FCA cases where the government alleges fraudulent conduct are resolved through settlement agreements in which the settling parties do not admit liability. OIG’s permissive exclusion authority under section 1128(b)(7) of the Social Security Act[1] is oftentimes implicated in the context of FCA healthcare fraud cases, because conduct that allegedly violates the FCA can also trigger exclusion liability. As a result, OIG is typically a party to FCA healthcare settlements in order to resolve its permissive exclusion authority. In determining whether it should exercise discretion under its exclusion authority, OIG evaluates future risk to the federal healthcare programs based on information gathered during the FCA case and applies certain factors and exclusion criteria[2] to assess where a settling party falls on the OIG risk spectrum (see Figure 1).

Figure 1: Risk spectrum

The OIG risk spectrum contains five different categories, and exclusion authority is resolved differently for each level of risk. OIG laid out the risk spectrum for the first time in its April 2016 exclusion authority criteria.[3] At the lowest level of risk, OIG releases its exclusion authority when a party self-discloses the conduct. The next category, in which OIG does not release its authority but takes no further action, is reserved for situations either involving successor liability or relatively low financial harm in the absence of egregious conduct. At a medium risk level, OIG determines that an integrity agreement (CIA) is appropriate to protect the federal healthcare programs and beneficiaries, and the party agrees to enter into a CIA in exchange for a release of OIG’s exclusion authority. At what OIG terms “High Risk – Heightened Scrutiny,” OIG determines that a CIA is necessary to protect the program, but the settling party did not agree to one. And finally, at the highest risk level, OIG will pursue exclusion.