On November 8, 2021, the United States Department of Health and Human Services ("HHS") amended its provider self-disclosure protocol (the "SDP") which was originally published in 1998 to establish a process for health care providers to voluntarily identify, disclose and resolve instances of potential fraud involving federal healthcare programs. The November 8, 2021 amendment (the "Amendment") increases the minimum amounts required to settle self-disclosed instances of potential fraud and makes other changes that provide additional guidance for provider self-disclosures.
In addition to emphasizing the obligation of healthcare providers to detect and prevent fraudulent and abusive activities, the Amendment discusses the benefits of self-disclosure of potential fraud to the OIG. One of these benefits is the OIG's presumption against requiring integrity agreements in self-disclosure cases. Another benefit is that entities that self-disclose and cooperate with the OIG during the self-disclosure process are expected to pay a lower multiplier of damages than would be required in the case of a government-initiated investigation. The OIG's general practice in self-disclosure cases is to require a minimum multiplier of 1.5 times single damages, whereas up to triple damages may be assessed in cases of government-initiated investigations. A third benefit is suspension of the obligation to report and return overpayments within 60 days of identification, or the day upon which a corresponding cost report is due, when a timely self-disclosure has been made to the OIG. CMS has agreed to suspend the obligation to return overpayments until a settlement agreement is entered into under the SDP or the disclosing party withdraws or is removed from the SDP. Finally, the OIG has committed to working with those self-disclosing and, as part of that commitment, has streamlined its internal process to reduce the average time an SDP case is pending to less than 12 months. Further, the OIG has changed the timeframe for entities to submit the findings of their completed internal investigations and damage calculations from 90 days from acceptance into the SDP, to 90 days from the date of the initial submission.
All healthcare providers, suppliers, or other entities that are subject to the OIG's civil monetary penalty ("CMP") authorities are eligible to use the SDP. Entities making disclosures under the SDP should disclose conduct for which it may be liable, including potential successor liability based on the purchase of another entity. Disclosing parties should not, however, use the SDP to disclose the conduct of another unrelated party. Entities that are already subject to a government inquiry, such as an investigation audit, etc., are not automatically precluded from using the SDP. Even entities under corporate integrity agreements may use the SDP.
The SDP may be used to disclose and facilitate the resolution of conduct that in the disclosing party's reasonable assessment, potentially violates laws for which CMPs are authorized. Importantly, when making a disclosure, the disclosing party must acknowledge that the conduct is a potential violation of federal criminal, civil, or administrative laws. The disclosing party must specifically identify the laws that may have been violated and should not refer generally to federal laws, rules and regulations, or other similarly broad language. Statements such as "the government may think there is a violation, but we disagree" may create questions about the matter whether the matter is appropriate for the SDP and may result in the disclosure being removed from the SDP.
The SDP is not available to address potential violations of law for which CMPs are not authorized, such as routine overpayments or errors. Such situations should be disclosed directly to CMS or the appropriate contractor under the voluntary refund process. The SDP is also not appropriate for the purpose of requesting an opinion from the OIG regarding whether a violation has occurred.
Where the arrangement in question only involves potential liability under the Stark law, without potential liability under the anti-kickback statute ("AKS"), the arrangement should be disclosed to CMS through its self-referral disclosure protocol ("SRDP"), not the OIG's SDP. Before making a disclosure under the SDP, the entity should correct the conduct in question or, at least, ensure that corrective action will be taken and the improper arrangement will be terminated within 90 days after submission under the SDP. Addressing the conduct in question prior to submitting a disclosure under the SDP necessarily requires that the entity conduct an internal investigation prior to the disclosure. The results of the investigation should be submitted as part of the disclosure. If the entity is unable to complete its internal investigation prior to submitting the disclosure, the disclosing entity must certify that it will complete its internal investigation within 90 days of the date of submission.
Disclosures under the SDP are submitted to the OIG's website at https:\\OIG.HHS.gov\compliance\self-disclosure-info\provider-self-disclosure-protocol\. Details necessary for the disclosure include, but are not limited to (1) identifying information about the disclosing party; (2) an organization chart and description of pertinent relationships and identifying information regarding a related entity; (3) contact information for the disclosing entity's designated representative; (4) concise statement of the details of the conduct being disclosed; (5) identification of the federal criminal, civil, or administrative laws that have been potentially violated by the disclosed conduct; (6) the federal healthcare programs affected by this disclosed conduct; (7) an estimate of damages; (8) the corrective action taken by the disclosing entity; (9) whether the disclosing entity is aware of any current inquiry by a government agency or contractor into the disclosed conduct; (10) identification of the individual who is authorized to enter into a settlement agreement on behalf of the disclosing entity; and (11) certification that the submission is truthful and based on a good faith effort to bring the matter to the government's attention for the purpose of resolving potential liability to the government.
If a disclosure involves a potential submission of improper claims, the disclosing entity must estimate the amount improperly paid and prepare a report of its findings. The improperly paid amount will be considered a measure of single damages and may either be calculated based upon all of the claims affected by the disclosed matter or based upon a statistically valid random sample of the claims that can be used to estimate the total population of the claims affected by the disclosed conduct. This damage calculation may not be reduced by underpayments discovered during the entity's investigation. If using a random sample to estimate damages, the sample must be at least 100 items and must use the arithmetic mean to estimate damages. The government will expect smaller sample sizes to be used where the claim population has a high level of homogeneity and larger sample sizes where the population contains a mixture of claim types. The report must include, at a minimum, the objective of the review, the population of claims examined, the source of the data, the qualifications of the individuals conducting the review, and the characteristics of the claim involved in the sample.
Where a disclosure under the SDP involves the employment of, or contracts with, persons who appear on the OIG's list of excluded individuals, the disclosure must identify (1) the excluded person; (2) the job duties performed by that person; (3) the dates of the person's employment or contractual relationship; (4) a description of any background checks completed before or during the person's employment or contract; (5) a description of the disclosing entity's screening process; (6) a description of how the conduct was discovered; and (7) a description of any corrective action taken.
If the disclosing entity either employed or contracted with an excluded person who separately submitted bills to federal healthcare programs, the disclosure must include the total amounts claimed and paid by the federal healthcare programs for such items or services. When a disclosed matter involves non-separately billed items or services, damages are estimated using the disclosing party's total costs of employment or contracting during the person's exclusion. Such costs include salaries and benefits related to employment of the person. The total cost should be multiplied by the disclosing entity's revenue-based federal healthcare program payor mix for the relevant time period. Where the disclosed conduct involves potential violations of the AKS, the disclosing entity must estimate the amount paid by federal healthcare programs for the items or services associated with the potential AKS violations and, if applicable, the Stark law. The amount must include the total amount of remuneration involved in the disclosed arrangement, without reductions for remuneration that the disclosing party believes was offered, paid, solicited, or received for a lawful purpose. The disclosing party may, however, explain what it believes to be remuneration that should not be considered fraudulent. The OIG has broad discretion to accept or deny such proposed reductions in damages.
In self-disclosures, the OIG coordinates with the Department of Justice ("DOJ") and, in some cases, the DOJ may choose to participate in the settlement. If so, the DOJ determines its approach for resolving the matter. The OIG will, however, advocate for the disclosing entity to receive a benefit from disclosure under the SDP.
Certain situations may raise questions about whether the disclosing entity should utilize the OIG's SDP or CMS's SRDP to resolve potential Stark law violations. Only one of the two protocols should be used. If the disclosed arrangement involves a potential violation of only the AKS or of both the AKS and the Stark law, the disclosing entity should utilize the OIG's SDP. If the arrangement only implicates a potential violation of the Stark law, the arrangement should be disclosed to CMS using its SRDP.
The OIG's general practice is to require a minimum multiplier of 1.5 times single damages, although it may determine that a higher multiplier is appropriate. Generally, the OIG applies the multiplier to the amount paid by healthcare programs, not the amount claimed. For self-disclosures involving potential violations of the AKS, the OIG will require a minimum settlement amount of $100,000, which is consistent with its statutory authority to impose a penalty of up to $100,000 for each transaction. For other matters accepted into the SDP, a minimum settlement amount of $20,000 will be required by the OIG. This amount was set to be consistent with the OIG's authority to impose a CMP of $20,000 for each improper claim submitted under the CMP law. If a disclosing entity thinks that it cannot pay a proposed settlement amount, the OIG will require the entity to submit extensive financial information, including audited financial statements, tax returns, asset records, etc. The inability to pay a proposed settlement should be disclosed to the OIG as early as possible during the self-disclosure process. In the event that the entity has previously refunded as an overpayment a portion of the calculated damages, the refunded amount will be credited against the total damages.
When making a submission under the SDP, disclosing entities should identify anything in the submission that it believes to constitute trade secrets or to be privileged and confidential, and therefore exempt from disclosure under the Freedom of Information Act. The OIG will make a reasonable effort to notify the disclosing entity prior to releasing information that has been identified as trade secrets or privileged and confidential.
Where a healthcare provider believes that its conduct may rise to the level of potential fraud involving federal healthcare programs, self-disclosure under the OIG's SDP should be carefully considered. When used properly, the SDP can serve to reduce the provider's liability to the government and promote a timely resolution of the matter.
James F. Henry is a partner with Phelps where he specializes in healthcare law.