• Home
• |
• Professionals
  • Attorneys
  • Management
• |
• Practice Areas
• |
• News
  • Firm News
  • Recent Cases
  • Upcoming Events
• |
• Resources
  • Publications
  • HIPAA Resources
  • Practice Technology
• |
• Diversity
• |
• Contact
  • Offices
  • Directions
• |
• Search

Publications

Print

• Publications
• Health Care Updates
• HIPAA Resources
• Practice Technology

In an April 15, 2008 Open Letter (the "Letter") to Health Care Providers, the Department of Health and Human Services Office of Inspector General (OIG) revised the requirements of the OIG Provider Self-Disclosure Protocol (SDP), under which health care providers can voluntarily report fraudulent conduct affecting Medicare, Medicaid, and other federal health care programs. The Letter adds four new criteria to its basic disclosure requirements for participation in the SDP, and announces a presumption against requiring corporate integrity agreements or corporate compliance agreements for SDP participants.

OIG Rationale for Changes to the Self-Disclosure Protocol

The OIG refined the SDP and clarified the submission requirements "to provide an opportunity for providers to work with the OIG to more efficiently and fairly resolve matters appropriately disclosed under the SDP." In the Letter, the OIG revised its position on the use of Corporate Integrity Agreements to "reward the provider's commitment to integrity" while advancing the OIG's goal of resolving self-disclosures in a timely manner. These changes were designed by the OIG to promote cooperative self-disclosure involving compliance violations related to Medicare, Medicaid and other governmental health care programs.

History and Background of the OIG Self-Disclosure Protocol

The SDP was developed in 1998 as a mechanism for health care providers to voluntarily report fraudulent conduct affecting Medicare, Medicaid, and other Federal health care programs. The SDP is open to all health care providers, whether individuals or entities, and is not limited to any particular industry, medical specialty or type of service. It is intended to facilitate the resolution of matters that, in the provider's reasonable judgment, are potentially violative of federal criminal, civil or administrative laws. The OIG is not bound by any findings made by the disclosing provider under the SDP, and is not obligated to resolve the matter in any particular manner. Nevertheless, the OIG will work closely with providers that structure their disclosures in accordance with the SDP in an effort to coordinate any investigatory steps or other activities necessary to reach an effective and prompt resolution.

Once the provider has discovered fraudulent conduct and decides to voluntarily disclose such conduct under the SDP, the initial submission to the OIG must include: (1) the name, address, provider number and tax identification number of the disclosing provider, and a point of contact, including the type of health care provider implicated, any provider billing numbers associated with the matter disclosed; (2) the Federal health care programs affected, including government contractors such as carriers, intermediaries and other third party payers; (3) whether the matter being disclosed is under current inquiry by government agency or contractor; (4) a full description of the matter including the nature of the potential misconduct involved, the names of entities and individuals believed to be implicated, an explanation of their roles in the matter, and the period involved; (5) an explanation of why the matter disclosed may involve a violation of federal, criminal, civil or administrative law; and (6) a statement describing how the problem was discovered or identified, the efforts to investigate and document the problem, and applicable synopses of interviews with personnel along with names of any individuals who refused to be interviewed.

After submitting the initial voluntary disclosure, the health care provider is required to conduct an internal investigation and audit to quantify the compliance violations, and then report its findings and other related information to the OIG. The internal investigation must meet certain self-assessment criteria identified in the SDP. The disclosure must be certified by a representative of the disclosing provider that, to the best of the individual's knowledge, the submission contained truthful information and is based on a good faith effort to bring the matter to the government's attention for resolving any potential liabilities for the government. Providers must also agree to cooperate fully with the OIG and disclose in good faith as a condition of participation in the voluntary disclosure process. Upon receipt of the provider's report, the OIG will conduct a "verification" of the facts in the report. Following this verification, the OIG admits the provider into the voluntary disclosure program and works with the provider to resolve the matter.

The OIG refined the SDP in 2001 and in 2006 through prior Open Letters that encouraged providers to disclose improper arrangements under the physician self-referral (Stark) law and committing to settling liability under the OIG's authorities generally for an amount near the lower end of the damages continuum.

Types of Matters that Should be Considered for the Self-Disclosure Protocol

In order to utilize the SDP, a provider must have made a good faith determination that the conduct in question involves potential fraud against Medicare, Medicaid, or another federal health care program. The OIG excludes two types of transactions from its SDP: (1) those involving ongoing fraud; and (2) those "exclusively involving overpayments of errors that do not suggest that violations of law have occurred." For example, if billings that result in overpayments could reasonably be viewed as mistakes or negligence (as opposed to fraud), a provider should simply reimburse the government and/or report the overpayment to the Medicare carrier or intermediary, rather than the OIG or Department of Justice. Likewise, a good faith interpretation of ambiguous regulatory guidance would also be a matter that is not appropriate for voluntary disclosure.

New Submission Requirements for the OIG Self-Disclosure Protocol

The Letter provides greater clarification as to what is expected in an initial disclosure. All voluntary disclosures to the OIG must include the following information, in addition to the basic information specified on the previous page: (1) a complete description of the conduct being disclosed; (2) a description of the provider's internal investigation or a commitment regarding when it will be completed; (3) an estimate of the damages to the federal health care programs and the methodology used to calculate that figure or a commitment regarding when the provider will complete such estimate; and (4) a statement of the laws potentially violated by the conduct.

The Letter states that the OIG has streamlined its internal process for dealing with SDP submissions so that matters can be resolved in a timely fashion. In order to facilitate timely resolution, a provider must be able to complete the investigation and damages assessment in a timely fashion (generally within three (3) months after OIG acceptance of the self-disclosure).

The Letter reiterates that the SDP does not pertain to matters exclusively involving overpayments or errors that do not suggest that violations of law have occurred. Simple overpayments or errors are matters that should be brought directly to the attention of the intermediary or carrier that processes claims and issues payment on behalf of the government agency responsible for the particular Federal health care program.

Timing for Voluntary Disclosures and How Timing May Impact Provider Self-Disclosure

The OIG imposes no time limit on when such matters may be reported, and will even allow providers already under investigation to utilize the SDP. To qualify for the statutory limitation on liability under the False Claims Act, a provider must disclose all information concerning a violation of that statute to an appropriate government official within thirty (30) days of the provider obtaining the information. In prior OIG Compliance Guidance for Hospitals, the OIG indicated that the time frame for reporting is within sixty (60) days of a determination that there is credible evidence of a violation. However, in other Compliance Guidance (e.g. Laboratories, Hospices, Home Health Agencies, Medicare+Choice organizations, Durable Medical Equipment, Orthotics and Prosthetics, etc.) the OIG has stated that some violations may be so serious that they warrant immediate notification "prior to, or simultaneous with, commencing an internal investigation."

As a practical matter, a provider should not make a disclosure until it has conducted a review sufficient to know that is has identified the full extent of the problem(s) and taken effective measures to assure against any recurrence. Failure to timely report compliance violations may impact subsequent fines, penalties and other corrective actions imposed by the OIG.

Provider Self-Disclosure Incentives

It is a felony for a health care provider to "fail to disclose information with the fraudulent intent to secure an overpayment." 42 U.S.C. 1320a-7b(a)(3). The Letter states that providing complete and accurate disclosures, performing accurate audits, and quickly responding to OIG inquiries demonstrate that a provider has adopted effective compliance measures. The Letter promises providers that those who submit complete and informative disclosures, cooperate fully with the OIG and respond quickly to information requests will be treated favorably when negotiating resolution of any self-disclosure. For example, the OIG has indicated that it will likely forego its exclusion power in cases where providers use the SDP. The OIG has further indicated that if a provider self-discloses and meets the requirements set forth above, then there will be an explicit presumption in favor of not requiring the provider to enter into a Corporate Integrity Agreement or Certification of Compliance Agreement as a condition of settlement. Lastly, the OIG will seek to resolve self-disclosure financial penalties at a multiple of the amount the benefit conferred, as opposed to a multiple of per-claim statutory amounts, which would permit providers to self-disclose on favorable monetary terms near the lower end of the possible spectrum of civil monetary penalty liability These are important incentives that deserve serious consideration when a provider is trying to decide whether or not to self-disclose.

Self-Disclosure gives a provider more control over the investigation process and the possible business disruption that occurs during government investigations, provides greater financial certainty regarding the expected outcome, and will potentially expedite the time frame of case resolution. Publicity concerning the provider's self-reporting may deter potential whistleblowers from filing qui tam lawsuits.

Self-Disclosure Risks and Practical Considerations

Each voluntary disclosure needs to be judged on its own facts and involve a case-by-case determination as to whether or not to disclose, and the best approach for disclosure. When contemplating a voluntary disclosure, key facts to consider are the scope of the compliance problem and the cause of the compliance problem. Identification of the scope and cause of the compliance violation may impact the decision to voluntarily disclose as well as the formal resolution of the problem. A provider that uses the SDP may be disclosing a violation that would not have been discovered, thereby inadvertently providing the OIG with substantial evidence to utilize for civil or criminal prosecution. The OIG is not obligated to resolve the mater in a particular manner, and the OIG may still refer the matter to the Department of Justice for possible imposition of civil and/or criminal penalties under its separate authority. Reporting misconduct through the SDP may result in the provider making "admissions" that can be used against the provider in legal or administrative proceedings. Provider disclosures may also result in a waiver of privileges, and a compromised ability to defend against legal proceedings brought by the government or by private persons. Providers will be expected to cooperate and provide requested information without delay, including expedition of internal investigations and audits. The OIG will expect providers to have and maintain an effective compliance program as part of their internal operations. Even if the OIG agrees not to impose an exclusion or require a corporate integrity agreement or certification of compliance agreement as part of a settlement, a provider may still face substantial monetary fines and penalties if the disclosed matter violates other federal or state civil, criminal or administrative laws.

Conclusion

In certain circumstances, utilizing the SDP may be beneficial to a provider that discovers compliance violations. Health care providers should consult with health care law counsel to carefully analyze the advantages and disadvantages of self-disclosure, and give good faith consideration to using the SDP when addressing matters reflecting potential violations of fraud and abuse laws. Compliance program policies and procedures regarding voluntary disclosure should be revised to incorporate the new SDP submission requirements and to address the new incentives for self-disclosure. Our firm has worked with health care organizations on internal investigations and self-disclosures. If you require assistance in assessing whether voluntary disclosure is appropriate, or in reviewing compliance program policies and procedures related thereto, please contact Michael Dowell at mdowell@tocounsel.com or the lawyer in the firm who generally handles your health care legal matters.