Does your compliance function measure up? The OIG’s revised criteria for permissive exclusion


On April 18, 2016, the Department of Health and Human Services Office of Inspector General (OIG) issued new Criteria for implementing section 1128(b)(7) exclusion authority (the Criteria). Section 1128(b)(7) gives the OIG discretion to “permissively” exclude an individual or entity from the federal health care programs for fraudulent conduct. The Criteria replaces the OIG’s 1977 policy statement on the exercise of its permissive exclusion authority and reflects the OIG’s increasing emphasis on providers implementing robust internal compliance efforts and self-reporting noncompliance before the government investigates.


The OIG has a range of administrative options it can exercise in settling a civil or administrative health care fraud case, depending on the facts and circumstances. These include: 1) exclusion; 2) heightened scrutiny (e.g., implement unilateral monitoring); 3) integrity obligations; 4) taking no further action; or 5) releasing 1128(b)(7) exclusion with no integrity obligation if the person acts in good faith and cooperates to self-disclose the fraudulent conduct. 

How the OIG uses its exclusion authority is important because federal health care programs cannot pay for any items or services furnished, ordered or prescribed by an excluded individual or entity (collectively, a “person”). False Claims Act liability and civil monetary penalties may be imposed against providers that employ or contract with excluded persons to provide items or services payable by federal health care programs.

The OIG must exclude persons from participation in federal health care programs if they are convicted of fraud and certain Medicare offenses, patient abuse or neglect, felony convictions for health care-related fraud, unlawful manufacture, distributions, prescription or dispensing of controlled substances. However, in other circumstances, including misdemeanor convictions, suspension, revocation, or surrender of a license to provide health care, provision of unnecessary care, or substandard services, submitting false claims or engaging in unlawful kickbacks and other similar conduct, the OIG may exclude persons under section 1128(b)(7) if the OIG determines that a person’s continued participation in federal health care programs presents a risk.  The OIG will generally give a person a release of 1128(b)(7) permissive exclusion without requiring integrity obligations when the person 1) cooperatively self-discloses the fraudulent conduct and 2) agrees to robust integrity obligations. 

The Criteria

In a change from its 1977 guidance, in deciding whether to exclude a person using its section 1128(b)(7) authority, the OIG now presumes a person should be excluded for some period of time if the person has defrauded a federal health care program. The Criteria outlines the non-binding factors the OIG will use to decide if the presumption of exclusion should be rebutted. It also describes how the OIG evaluates risk to the federal health care programs in using other available remedies. 

Specifically, the Criteria describes a new “Risk Spectrum” the OIG uses to evaluate health care fraud cases on a continuum. 



Generally, the OIG evaluates future risk to the federal health care programs, with the “highest risk” cases suggesting exclusion, moderate risk cases indicating heightened scrutiny using monitoring and integrity obligations, or no further action, and lower risk cases suggesting an exclusion release without integrity obligations.


Exclusion may not be necessary if the person agrees to appropriate integrity obligations in exchange for a release of the OIG’s 1128(b)(7) authority. Neither exclusion nor integrity obligations may be necessary if a person is relatively low risk, which typically occurs in two situations: 1) there is relatively low financial harm to the federal healthcare programs in the absence of egregious conduct, such as patient harm or intentional fraud; and 2) the person is a successor owner after the fraudulent conduct occurred, has taken appropriate steps to address the prior misconduct, implemented a compliance program and has no history of fraud.

Applying the Risk Spectrum 

In determining where a person falls on the compliance “Risk Spectrum,” the OIG will weigh various factors across the following four broad categories:

Nature and Circumstances of Conduct

Factors include whether the conduct:

  • Has an adverse physical, mental, financial or other impact on federal health care program beneficiaries or other parties
  • Results in financial losses to federal health care programs
  • Is part of a pattern of wrongdoing
  • Occurs over a long period of time
  • Continues or is repeated
  • Is ongoing or is continued until or after the government’s investigation
  • Involved a person with a leadership, managerial or operational control role in the unlawful conduct

And a person’s history of prior fraudulent conduct, such as judgments, convictions, settlements or prior federal or state criminal, civil or administrative enforcement, a prior CIA or refusal to enter into a CIA, or breach of a CIA.

Conduct During Investigation    

Factors include whether the person:

  • Obstructed or impeded an investigation, audit or report of unlawful conduct or an attempt to do so
  • Took steps to conceal the conduct from the government or others
  • Failed to comply with a subpoena within a reasonable period of time
  • Self-disclosed the conduct cooperatively and in good faith after an internal investigation and prior to knowledge of the government’s investigation
  • Clearly demonstrated acceptance of responsibility for the conduct
  • Cooperated with the government, including whether such cooperation results in enforcement against others
  • Was unable to pay an appropriate monetary amount of damages, assessments, and penalties to resolve the fraud case

And whether the conduct resulted in an adverse licensure action or criminal resolution.

Significant Ameliorative Efforts   

Factors include whether the person:

  • Has made significant changes, such as appropriate disciplinary action against individuals responsible for the unlawful conduct, or dedicated more resources to compliance
  • Was sold to an unaffiliated, independent third party with a history of compliance
  • Has obtained appropriate additional training, retained a proctor or mentor, or taken other steps to improve if a licensed individual is involved

History of Compliance.    

Factors include whether the person:

  • Has a prior history of making significant self-disclosures in good faith to the OIG, CMS or CMS contractors prior to becoming aware of an investigation
  • Has not implemented a compliance program that incorporates the U.S. Sentencing Commission Guidelines Manual’s seven elements of an effective compliance program


Individuals and entities participating in federal health care programs can apply the above factors to evaluate their risk on the Risk Spectrum if they are involved in a government investigation that could result in permissive exclusion. In addition, in light of the OIG’s guidance, they should consider whether their current compliance efforts are consistent with the Criteria’s heightened focus on internal compliance monitoring and self-reporting fraud before the government investigates. Specifically, to minimize their risk, they should take certain steps including:

  • Establishing a robust compliance program incorporating the U.S. Sentencing Commission Guidelines Manual’s seven elements of an effective compliance program
  • Taking prompt action to respond to alleged unlawful conduct
  • Accepting responsibility for unlawful conduct
  • Self-disclosing unlawful conduct in good faith when appropriate
  • Cooperating with government investigators


Media Contact

Subscribe to Receive Updates
Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.