Exclusions Due to Overpayments – Cautionary Tales

Posted by Joe Stefansky on October 25, 2021 in Exclusion Screening,

While it seems unlikely that an organization’s mail management can result in exclusion from a federally funded program, many errors seem to be causing major headaches for well-intentioned, high- performing organizations participating in Medicare and Medicaid and programs across the U.S.  The lesson here is that any organization can find itself excluded for reasons that are avoidable. This article will provide examples of these recent overpayment woes and recommendations on how to avoid making “The List”.

Exclusion in a Nutshell

Any health care organization (health plan, hospital, supplier or provider group) receiving reimbursement from a federally funded health care program can be excluded from participation in those programs for failure to meet contractual obligations to repay the state or CMS for overpayments made for contracted services or supplies. Under the 60-day Rule set forth in the Affordable Care Act, if an individual or organization receives a Medicare overpayment, it must be reported and returned within 60 days after the overpayment is identified.   Any payment that is not returned within that window may subject whoever retained the overpayment to criminal prosecution under the False Claims Act, and civil monetary penalties.  A similar standard is found in state Medicaid contracts.

Failure to repay can also result in exclusion at the state and ultimately the federal level.  If a state Medicaid plan notifies the OIG of an overpayment due and not timely addressed by a health care organization, that organization can find itself on the federal List of Excluded Individuals/Entities (LEIE). Under the Affordable Care Act section 6501, exclusion by one state Medicaid program requires reciprocal exclusion by all state Medicaid programs. Therefore, the downside of exclusion or overpayments disputes is considerable for any organization.

Recent Examples of Overpayment Snafus

Below are several examples of avoidable overpayment errors that are cautionary tales:

  1. An organization found itself on a state exclusion list for failure to repay an overpayment of less than $100.00.  The state regulator had reached out repeatedly to the correct address but their notices failed to reach the senior leadership due to a mailroom error. Once the organization was made aware, the matter was addressed promptly and the exclusion removed but not before it was a source of some public embarrassment.
  2. As part of a Medicaid health plan audit, state auditors noted that no overpayment information had been reported during the previous 12-month period. The health plan determined that due to a lack of clarity on reporting responsibilities and then a change in staff, overpayment information which the organization intended to report had not been communicated to Medicaid regulators. There was a formal audit finding and penalty but the plan avoided further adverse action due to correcting the oversight immediately and taking decisive corrective action to avoid future lapses. 
  3. A large managed care organization was sued by several whistleblowers who asserted that CMS was over-billed by the use of improper diagnosis codes for patients enrolled in one of its Medicare plans. The DOJ intervened in the suit, claiming that that organization took deliberate steps to boost patient risk scores which in turn increased reimbursement. The organization disputes the allegations, stating that

“Our policies and practices represent well-reasoned and good-faith interpretations of sometimes vague and incomplete guidance from CMS.”

This case remains in play but provides an example of how rational minds may differ on what actions result in an actionable overpayment. 

How Health Care Organizations Can Avoid These Errors

There are several ways to avoid these contractual and regulatory errors:

  1. Assure that the contact information on file with state and federal regulators is up to date. As Medicare and Medicaid contracts roll forward through renewal processes, it is easy to overlook whether the most recent contract accurately reflects who in senior management should get official notice of any potential contractual errors or breaches that could result in a serious outcome such as exclusion.
  2. When conducting your monthly or routine exclusion screening, broaden your search. In addition to screening your employees, providers, vendors and suppliers against federal and state lists, add your organization, your dbas and subsidiaries to the search. Because the LEIE is notoriously rigid in its search parameters, screen against all possible permutations of your organization’s name to cast a wide net. If there has been regulatory activity of which you are unaware, this process will identify actions recently taken. 
  3. Tighten up your communication practices internally.  In fairness to mailroom staff in health care organizations, they regularly handle thousands of letters and notifications that can have legal implications.  Also, mailrooms can have high turnover as staff move into higher-paid roles. Therefore, it is absolutely mission-critical that every staff member is trained during on-boarding to pay special attention to any communication from any state, federal or regulator office and to assure that these communications receive special handling instructions that are clearly set forth in a mailroom policy and procedure. This P&P should include an escalation process to assure that any ambiguous notice or mail recipient issue be reviewed and addressed by management so that these notifications do not slip through the corporate cracks.
  4. Develop overpayment detection processes with a clear line of reporting authority. As noted in the 60-day Rule, an organization must report and repay within 60 days of an overpayment being “identified”. Due to a Finance or Rev Cycle departments’ practices and expertise, identification of an overpayment is not always easy, especially in cases where a patient has secondary insurance and/or the number of claims processed may include many edits and corrections.  Also, the complexity of Medicare coverage and payment rules can result in differing opinions whether an overpayment even exists. Therefore, a thorough review of an organization’s overpayment process (which may reside in finance, rev cycle and/or claims departments) is essential to develop a clear and defensible P&P regarding management and resolution of potential government overpayments.
  5. Stay up to date on judicial and regulatory overpayment decisions.  Overpayment cases against health insurers and providers result in increasingly nuanced interpretations of both legal requirements and regulatory expectations.

CMS Overpayment Detection Failures 

CMS has also been found deficient in its detection of overpayments in recent OIG audits. While health plans, hospitals and providers have been taken to task for failures to repay, the OIG has turned its attention to the Medicare program and has identified significant deficiencies in how claims processes and prior authorization gaps have allowed overpayments to occur:

  • A recent OIG audit issued on August 21, 2021 found that Medicare has failed to exercise its due diligence in identifying overpayments for some services that have resulted in significant overpayment by chronic care management (CCM) patients.

    The audit report which found that not all payments made by CMS to providers for noncomplex and complex CCM services rendered during CYs 2017 and 2018 complied with Federal requirements, resulting in $1.9 million in overpayments associated with 50,192 claims. The OIG identified 38,447 claims resulting in $1.4 million in overpayments for instances in which providers billed noncomplex or complex CCM services more than once for the same beneficiary for the same service period. Auditors also identified 10,882 claims that resulted in $438,262 in overpayments for instances in which the same provider billed for both noncomplex or complex CCM services and overlapping care management services rendered to the same beneficiaries for the same service periods. Further, the OIG identified 863 claims that resulted in $52,086 in overpayments for incremental complex CCM services that were billed along with complex CCM services that were identified as overpayments. For these 50,192 claims, beneficiaries’ cost sharing totaled up to $540,680. CMS concurred with the findings and implemented claims processing controls, including system edits, to prevent and detect overpayment.            
  • The OIG issued an audit report on October 1, 2021 finding that more than 40 percent of the health care providers covered audited did not comply with Medicare requirements when they billed for neurostimulator implantation surgeries. On the basis of sample results, the OIG estimated that during calendar years 2016 and 2017 providers received $636 million in unallowable Medicare payments associated with neurostimulator implantation surgeries and beneficiaries paid $54 million in related unnecessary copays and deductibles. These unallowable payments occurred because of insufficient documentation in the medical records to support that Medicare coverage requirements were met and because claims for neurostimulator implantation surgeries did not require prior authorization and are not subject to prepayment review.

Therefore, while plans and hospitals may have process issues that result in a failure to note, report and reimburse overpayments which have resulted in exclusion, CMS has its challenges as well. 


Well-regarded health plans and systems have found themselves excluded or in the cross-hairs due to overpayments disputes with CMS and state Medicaid programs. CMS has also been found deficient in its identification and management of claims and service authorizations that resulted in overpayments and unnecessary copayments by Medicare beneficiaries. The lesson learned here is that seemingly small errors or misinterpretations can result in significant outcomes including exclusion from federally funded programs as well as reputational and financial damage.

About Joe Stefansky

About Joe Stefansky

Joe Stefansky has a keen sense of business opportunities in complex problems, using technology to transform difficulty into efficiency. The CEO and founder of Streamline Verify specializes in solving compliance, legal and administrative issues through intuitively designed software that reduces costs and saves time.

Related Articles

The Impact of the ACA’s “...

February 28, 2022

The Patient Protection and Affordable   Care Act of 2010 (the ACA) brought health care to millions of uninsured Americans. However, in addition to the creation of health coverage options, th...

ALERT: Data Discrepancies in GSA’s ...

August 16, 2021

The regular screening of federal lists for individuals who are ineligible to participate in federal contracts is required of all federal healthcare contractors. The OIG and SAM lists, as they are comm...

Fraud on the Move – Medical Transportation

October 4, 2021

Medical transportation companies have been on federal and state regulatory radar for decades, for program integrity concerns such as fraudulent billing practices and patient safety concerns. Currently...

Understanding OIG Exclusions

OIG Exclusions Screening Process

Exclusion FAQS

Quick OIG Exclusion Basics

Employing Excluded Individuals

Consequences to Employing an Excluded Individual

OIG Compliance Law

Laws and Publications on OIG Compliance

More Compliance Resources

Our Culture

We build the best, so you can perform at your best.

Trusted for Good Reason

  • ✓ Guaranteed accurate
  • ✓ Certified Secure
  • ✓ Audit Proof
  • ✓ Feature-rich reporting
  • ✓ Round the clock real-time-data
  • ✓ Processing fully automated

Security First

  • ✓ Cloud hosted
  • ✓ Encrypted data
  • ✓ Real-time backups

Trusted for Accuracy

  • ✓ Physical security
  • ✓ Restricted access
  • ✓ Single sign-on
  • ✓ Password security
  • ✓ Certified secure
  • ✓ Cross checking




Average workload reduction by implementing the Streamline Verify program



Establishments trust Streamline Verify nationwide



Serving the healthcare industry’s unique compliance needs since 2011



Setting standards with hourly synchronization to primary source data