An integral part of the Medicare provider/supplier enrollment process includes background checks of providers and suppliers applying for enrollment in the program.  The background checks for high risk providers/suppliers includes fingerprint based background screenings.

Fingerprint-based background checks are generally completed on individuals with a 5 percent or greater ownership interest in a provider or supplier that falls under the high risk category. A 5 percent or greater owner includes any individual that has any partnership (general or limited) in a high risk provider or supplier. Note that the high level of risk category applies to providers and suppliers who are newly enrolling Durable Medicare Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) suppliers or Home Health Agencies (HHA). It also applies to providers and suppliers who have been elevated to the high risk category. CMS may adjust a particular provider or supplier’s screening level from “limited” to “high” or “moderate” to “high” if any of the following occur:

  • CMS has imposed a payment suspension within the last 10 years;
  • Has been excluded from Medicare by the OIG;
  • Has had billing privileges revoked by CMS within the previous 10 years;
  • Has been excluded from any Federal Health Care program;
  • Has been subject to any final adverse action, in the previous 10 years;
  • Has been terminated or is otherwise precluded from billing Medicaid; or
  • CMS lifts a temporary moratorium for a particular provider or supplier type and a provider or supplier that was prevented from enrolling based on the moratorium, applies for enrollment as a Medicare provider or supplier at any time within 6 months from the date the moratorium was lifted.

CMS recently released an updated article to clarify language and to emphasize affected providers and suppliers that are impacted by the fingerprint background screening when undertaking the provider/supplier enrollment process.  See the complete article on the Medicare Learning Network here.

medicare provider enrollment
Fingerprint background screenings were implemented as part of the Affordable Care Act ((see enr.pdf).  The fingerprint based background checks are meant to detect bad actors who are attempting to enroll in the Medicare program and to remove those currently enrolled.  This background screening process took effect in 2014.

Affected providers and suppliers will receive notification of the fingerprint requirements from their MAC. The MAC will send a notification letter to the affected providers or suppliers listing all 5 percent or greater owners who are required to be fingerprinted. The notification letter will be mailed to the provider or supplier’s correspondence address and the special payments address on file with Medicare. Generally, an individual will be required to be fingerprinted only once, but CMS reserves the right to request additional fingerprints if needed.

The relevant individuals will have 30 days from the date of the notification letter to be fingerprinted. If the provider or supplier finds a discrepancy in the ownership listing, the provider or supplier should contact their MAC immediately to communicate the discrepancy and take the appropriate action to update the enrollment record to correctly reflect the ownership information.

The notification letter will identify contact information for the Fingerprint-Based Background Check Contractor (FBBC). The relevant individual(s) are required to contact the FBBC prior to being fingerprinted to ensure the fingerprints are accurately submitted to the Federal Bureau of Investigation (FBI) and results are properly returned to CMS. Providers/suppliers may contact the FBBC by telephone or by accessing the FBBC’s website. Contact information for the FBBC will be provided in the notification letter received from the MAC. Once contacted, the FBBC will provide at least three fingerprint locations convenient to the relevant individual’s location. One of these locations will be a local, state, or federal law enforcement facility.

The relevant individuals who are required to undergo the fingerprint-based background check will incur the cost of having their fingerprints taken, and the cost may vary depending on location. Once an individual has submitted his/her fingerprints, if that individual is subsequently required to undergo a fingerprint-based background check in accordance with 42 CFR 424.518(c), CMS will, to the extent possible, rerun the fingerprint-based background check rather than requiring resubmission of fingerprints. You can review 42 CFR 424.518(c) at

Fingerprinting can be completed on the FD-258 form or electronically at certain locations. CMS strongly encourages all required applicants to provide electronic fingerprints, but CMS will accept the FD-258 card instead. If the FD-258 form is submitted, the FBBC will convert the paper form to electronic submission to the FBI. You can review the FD-258 form at

Once the fingerprint process is complete, the fingerprints will be forwarded to the FBI for processing. Within 24 hours of receipt, the FBI will compile the background history based on the fingerprints and will share the results with the FBBC. CMS, through the FBBC, will assess the law enforcement data provided for the fingerprinted individuals. The FBBC will review each record and provide a fitness recommendation to CMS. CMS will assess the recommendation and make a final determination.
All fingerprint data will be stored according to:

  • Federal requirements;
  • FBI Security and Management Control Outsourcing Standards for Channelers and Non-Channelers; and
  • The FBI Criminal Justice Information Services (CJIS) Security Policy.

The FBBC will maintain Federal Information Systems Management Act (FISMA) certification and comply with the FBI (CJIS) Security Policy. All data will be secured in accordance with the Privacy Act of 1974 and the FBI CJIS Security Policy.
CMS will rely on existing authority to deny enrollment applications and revoke existing Medicare billing privileges per 42 CFR §424.530(a) and §424.535(a) cgi-bin/text-idx?SID=f14b263d1175a355d736e9f38f3a6baf&node=42: 15&rgn=div8 if an individual who maintains a 5 percent or greater direct or indirect ownership interest in a provider or supplier has submitted an enrollment application that contains false or misleading information. Providers or suppliers will be notified by CMS if the assessment of the fingerprint based background check results in the denial of its enrollment application or revocation of its existing Medicare billing privileges.

About nCred

nCred is a leading national provider of healthcare credentialing services.  nCred has assisted thousands of providers and healthcare organizations throughout the country with the payer provider enrollment process.  The successful implementation of leading technologies combined with experienced credentialing staff produce excellent results for nCred clients.  Contact us today at (423) 443-4525 or fill out our request for information form to discuss how our services can benefit your organization.