Skip to content

CMS Establishes “Guilt by Association” Rule:Providers to Face Penalties for the Acts of Others

September 26, 2019

CMS is increasing its regulatory arsenal by creating a new compliance rule that penalizes healthcare providers for the actions of others. Starting November 4, 2019, as part of ongoing adjustments to the provider enrollment process, CMS will add a provision that allows the government to bar individuals and organizations from enrollment if they “pose an undue risk of fraud, waste or abuse.” This undue risk will no longer be assessed by the actions of the enrolling provider alone, but can now be based on the provider’s relationships with others who have been the subject prepayment reviews, payment suspensions, corporate integrity agreements, or revocations.

This new rule will require providers participating in Medicare, Medicaid, and other federal programs to disclose any current or previous affiliation with an organization that: (a) has an uncollected debt; (b) has a payment suspension under a federal healthcare program; (c) has been excluded from those programs; or (d) has had billing privileges denied or rescinded. CMS can then use such an affiliation to deny enrollment or support the revocation of enrollment, without any evidence of fraud or abuse committed by the actual healthcare provider seeking enrollment.

Because of this new rule, healthcare providers will need to be vigilant when establishing relationships with each other. In evaluating its relationships, it will be even more vital for a healthcare provider to have a written compliance plan that addresses the seven elements of an effective compliance program as set forth in HHS-OIG’s Compliance Program Guidance (CPG) and in the United States Sentencing Commission (USSC) Guidelines.

The seven elements of an effective compliance program are:

  1. Assignment of Responsibility/Compliance Infrastructure (Board, Compliance Officer, Compliance Committee)
  2. Written Guidance (Code of Conduct and Compliance policies/procedures)
  3. Compliance Training & Education
  4. Effective Communication Channels (including Hotline)
  5. Internal Auditing & Monitoring, including specific and common risk areas:
    • Billing Activities
    • Contracting and Physician Arrangements (Stark & Anti-Kickback Statute)
    • Marketing Activities
  6. Systems of Responding to Reported Allegations of Violations/Misconduct
  7. Enforcement & Sanction Screening

If you have any questions regarding this new rule or need to develop or update your compliance plan, Clark Hill Strasburger’s Healthcare Team has attorneys who have in-depth experience developing compliance programs as well as former federal prosecutors who can help address healthcare regulatory enforcement actions.

Please contact us at to see how we may be of help.

Subscribe For The Latest