It’s official. Beginning on August 1, 2015, providers considered at “high risk” for defrauding state Medicaid programs will undergo a criminal background check that includes fingerprinting. In a June 1, 2015 letter, the Centers for Medicare & Medicaid Services (CMS) issued guidance as part of the implementation of Section 6401 of the Affordable Care Act, Provider Screening and Other Enrollment Requirements under Medicare, Medicaid, and the Children’s Health Insurance Program (CHIP).

As the deadline of August 1st approaches, here are a few things to keep in mind from the recent CMS guidance.

Deadlines for Implementing the Fingerprint-Based Criminal Background Checks

Although states must begin implementation of the fingerprinted-based criminal background check requirements by August 1, 2015, they have 10 more months to complete implementation of the requirement. In order to comply with the requirement, CMS defines “implementation” as meaning that the state Medicaid agency has conducted a fingerprint-based criminal background check with respect to each provider that the agency has designated as “high” risk.

New Requirements for Terminating Providers

Under 42 CFR 455.416, state Medicaid agencies are required to terminate or deny enrollment of a provider if they, or any person with a 5 percent or greater direct or indirect ownership interest, have been convicted of a criminal offense related to that person’s involvement with the Medicare, Medicaid or CHIP program in the last 10 years. The types of convictions that warrant denial of enrollment are at discretion of each state agency. Under the guidance, agencies may allow the provider to enroll if it determines that termination of denial of enrollment is not in the best interests of the Medicaid program. In this event, however, the agency is required to document such determination in writing that is available to CMS or the OIG upon request.

State Medicaid Agencies Responsible for Rescreening of Physicians

According to 42 CFR 455.460(a), state Medicaid agencies are required to collect application fees prior to executing a provider agreement with a prospective or re-enrolling institutional provider, unless the provider is enrolled in Medicare or another state’s Medicaid or CHIP program. 42 CFR 455.414, however, requires that states revalidate the enrollment of all providers, regardless of provider type, every 5 years. Revalidation includes rescreening as well as the collection of disclosure information. Therefore, institutional providers seeking revalidation are subject to an application fee. The application fee is intended to cover the costs associated with a states’ Medicaid provider screening program, including the costs of conducting a fingerprint criminal background check on “high” risk providers.

Providers to Be Ranked on Risk Level by 2016

By March 2016, all of a states’ Medicaid and CHIP providers must be ranked as having a “limited,” “moderate” or “high” risk level of defrauding the program. When the agency determines that a provider’s categorical risk level is “high,” or when otherwise required to do so under State law, the agency must require providers to consent to criminal background checks, including fingerprinting. The requirement to submit fingerprints applies to both the “high” risk provider and any person with a five percent or more direct or indirect ownership interest in the provider.

While I applaud CMS’ efforts to protect Medicare patients from harm, the background check requirement relies on fingerprint-based background checks, which experts agree should never be the gold standard in the industry. The FBI’s fingerprint database has been found to be highly inaccurate. Federal agencies and lawmakers, therefore, should look to more accurate and effective background check methodologies when implementing these types of measures.