On September 23, 2010, the Centers for Medicare and Medicaid Services ("CMS") promulgated the Medicare Self-Referral Disclosure Protocol ("Protocol"). The Protocol was issued as part of the Patient Protection and Affordable Health Care Act of 2010, as amended by the Health Care and Education Reconciliation Act of 2010 (collectively referred to as the "Health Reform Bill"). The Heath Reform Bill required CMS to establish "a protocol to enable health care providers of services and suppliers to disclose an actual or potential violation of Section 1877 of the Social Security Act (42 U.S.C. 1395nn)."
The Stark Law prohibits physician referrals of Medicare or Medicaid patients for designated health services, as defined by the statute, to any entity with which the physician, or an immediate family member of the physician, has a financial relationship (both ownership/investment interests and compensation arrangements). It also prohibits an entity from making a claim for payment under the Medicare or Medicaid programs for the provision of a designated health service referred by a physician with a financial interest in the entity. If a financial arrangement violates the Stark Law, the otherwise prohibited physician referral is permissible if an appropriate statutory or regulatory exception is fully satisfied.
The new Protocol allows a health care provider to self-disclose to CMS when it believes a Stark Law violation has occurred. If a health care provider makes such a disclosure, CMS may, but is not required to, reduce the overpayment owed by the health care provider upon consideration of the following facts:
- The nature and extent of the improper or illegal practice;
- The timeliness of the self-disclosure;
- The cooperation in providing additional information related to the disclosure;
- The litigation risk associated with the matter disclosed; and
- The financial position of the disclosing party.
CMS has made it clear that the Protocol is not designed to seek whether a Stark Law violation has actually occurred (which is what the advisory opinion process is designed for), but rather is designed to resolve matters that have already been deemed by the disclosing party to be actual or potential Stark Law violations.
In order to make the self-disclosure under the Protocol, providers must submit the following information to CMS, both electronically and in written form:
- Certain identifying information.
- A description of the matter being disclosed, including the nature of the financial relationship, the parties involved, the type of the designated health service at issue, and the specific time periods the disclosing party was not in compliance.
- A complete legal analysis from the disclosing party as to why it believes that a Stark Law violation has occurred and the potential causes of the violation.
- A description of the circumstances under which the disclosed matter was discovered and the remedial actions taken to restructure the non-compliant relationship.
- Statements regarding whether the disclosing party has a history of similar conduct or any other prior criminal, civil, or regulatory enforcement actions.
- A description of the existence and adequacy of the provider's compliance program and the efforts taken to prevent a repeat of the incident.
- A description of other notices, if any, provided to other government agencies.
- A statement as to whether the disclosing party has knowledge that the matter being disclosed is under current investigation or inquiry by a government agency.
- A financial analysis that sets forth the potential repayment amount and the methodology used to calculate that amount.
- Certification by an authorized representative that the information provided is truthful and is based on a good faith effort to bring the matter to the attention of CMS.
Following the self-disclosure, CMS will notify the disclosing party of its acceptance or rejection. However, a time frame for such notification is not set forth in the Protocol. If accepted, providers are expected to cooperate in good faith and within thirty (30) days with requests for documents and additional information. If additional Stark Law violations are uncovered by CMS during the investigation, those violations will be treated as new matters outside of the Protocol.
Under applicable law, overpayments should be reported and returned by the later of sixty (60) days after identification or the date a corresponding cost report is due. However, if a party submits a disclosure under the Protocol, the obligation to return the overpayment is suspended until a settlement agreement is entered into, the disclosing party withdraws from the Protocol, or CMS removes the disclosing party from the Protocol. Nonetheless, the disclosing party is encouraged to place funds covering the overpayment in an interest-bearing escrow account in order to ensure that adequate resources are available.
Disclosing parties must agree to drop appeal rights pertaining to claims related to conduct resolved through a settlement agreement at the close of the Protocol. The government may accept payment to resolve the matter, but will not waive or relieve the disclosing party of any criminal, civil, or CMP liability. In that regard, CMS may coordinate with the Office of Inspector General ("OIG") and the Department of Justice ("DOJ") and when appropriate, make recommendations regarding violations of the False Claims Act, civil monetary penalties provisions, or other potential sources of liability.
With the passage of the new Protocol, providers should seriously consider whether to disclose or not to disclose Stark Law violations. While the facts of each situation may vary, in all cases, providers will need to carefully weigh the benefits of disclosing (e.g., reduced overpayments) against the risks of disclosing (e.g., referrals to the DOJ).
Kelli Fleming is an associate with Burr & Forman LLP and practices exclusively within the firm's Health Care Practice Group.