The health care reform legislation enacted by Congress earlier this year directed the Secretary of the U.S. Department of Health and Human Services to develop a protocol for voluntary disclosures of actual or potential violations of the federal physician self-referral prohibition, commonly known as the Stark law. On Sept. 23, 2010, the Centers for Medicare and Medicaid Services (CMS) released the much-anticipated Voluntary Self-Referral Disclosure Protocol.

For the past several years, the question of how a provider should respond to the discovery of a Stark violation has generated considerable angst and much confusion in the industry. The Protocol is noteworthy in that it represents the first concrete guidance from CMS addressing this common, but difficult, situation.

Providers considering a voluntary disclosure under the Protocol should fully understand their options. Set forth below is a description of the Protocol, including the submission requirements, the verification process, the factors CMS has identified as relevant to its decision whether to compromise the overpayment liability associated with a Stark violation, and some of the possible consequences of voluntary disclosure.

Voluntary disclosure instructions

The Protocol includes detailed submission instructions. The voluntary disclosure must be submitted both electronically to a designated CMS website, as well as in hard copy by mail. The initial disclosure must include the following information:

  • Details regarding the identity of the disclosing party
  • A description of the nature of the matter being disclosed, including the parties involved, their financial relationships, and the specific conduct, designated health service, and time periods at issue
  • A statement explaining why the disclosing party believes a violation of Stark has or may have occurred, including a complete legal analysis of the application of the Stark law to the conduct at issue
  • A description of how the matter was identified and investigated
  • A statement as to whether the disclosing party has a history of similar conduct or any other prior criminal, civil, or regulatory enforcement actions against it
  • A description of the existence and adequacy of any compliance program charged with overseeing the operations that gave rise to the disclosed conduct, including any efforts to improve the compliance program in order to prevent any recurrence of the disclosed conduct
  • A description of other notices, if any, provided to other government agencies as a result of the disclosed conduct
  • A statement as to whether the disclosing party has knowledge that the matter being disclosed is under current investigation or inquiry by a government agency or contractor
  • A detailed financial analysis of the disclosed conduct, including the total amount of money actually or potentially subject to repayment, the methodology used to compute the amount, and the auditing activity undertaken  

An authorized representative of the disclosing party must certify in writing the truthfulness of the information being disclosed. Immediately upon receipt of the disclosure, CMS will acknowledge receipt by e-mail.

After the disclosure has been made, CMS will engage in a verification process. This process may result in the agency requesting additional information from the disclosing party. The Protocol provides that CMS must have access to all financial statements, notes, disclosures, and other supporting documents. Although CMS will not request information subject to the attorney-client privilege, it does anticipate that some materials may be covered by the attorney work product doctrine, and it may seek to obtain otherwise privileged information in a manner that would not require a waiver of the privilege. The Protocol requires the “diligent and good faith cooperation” of the disclosing party “without the need to resort to compulsory methods.”

CMS will not accept repayments prior to completion of its verification process. The disclosing party, however, is encouraged to place funds designated for repayment in an escrow account.

The art of compromise?

The health care reform legislation grants CMS the explicit authority to compromise the overpayment obligations resulting from a Stark violation. The industry strongly supported giving the agency this power so that it could apply some measure of common sense to the grossly disproportionate financial consequences of a completely innocent Stark violation. Many in the industry were hoping that CMS would articulate in the Protocol how it intends to exercise its authority in the context of procedural or technical Stark violations, e.g., the failure to obtain a signature on a contract.

Disappointingly, the Protocol does not provide any specifics as to how the agency will address “technical” or other Stark violations. Rather CMS simply recites a few of the factors it will consider in deciding whether to reduce the amount of money otherwise owed by the disclosing party. These factors include:

  • The nature and extent of the improper or illegal practice
  • The timeliness of the self-disclosure
  • The cooperation of the disclosing party in providing additional information, if requested
  • The litigation risk associated with the matter disclosed
  • The financial position of the disclosing party  

The Protocol specifies that CMS is under no obligation to reduce any amounts to be repaid. Instead, it states that the agency will make an individual determination regarding whether any reduction is appropriate, based on the facts and circumstances of each matter disclosed.

Consequences of voluntary disclosure

The health care reform legislation also includes a provision requiring providers to disclose and repay known overpayments within 60 days. The Protocol suspends this 60-day deadline. Once the voluntary disclosure is electronically submitted to CMS and the e-mail confirmation is received, the duty to repay is suspended until the disclosed matter has been resolved. This suspension of the deadline is significant, given the fact that failure to meet it might otherwise create potential exposure under the False Claims Act.

Surprisingly, the Protocol states that it cannot be used to obtain a determination as to whether a Stark violation has occurred. CMS considers the voluntary disclosure protocol separate and apart from the Stark advisory opinion process, and both procedures cannot be pursued simultaneously regarding the same conduct. However, the fact that a disclosing party is already subject to other government inquiry—such as investigations, audits, or routine oversight activities—does not preclude voluntary disclosure.

Disclosures under the Protocol must be limited to “actual or potential violations” of the Stark law. Conduct that may represent potential violations of both Stark and the Anti-Kickback Statute should be disclosed under the separate Self-Disclosure Protocol of the Office of Inspector General.

If the voluntary disclosure leads to a settlement agreement, the disclosing party waives all appeal rights. If the voluntary disclosure is denied, withdrawn, or otherwise removed from the Protocol, then the disclosing party retains appeal rights, but the reopening rules apply from the date of the initial disclosure.

Wait and see?

It is not clear how useful or efficient the Protocol will be to the industry. CMS’s reaction to the disclosures, its willingness to compromise overpayments, and the flexibility of the process will emerge slowly as the agency begins processing voluntary disclosures over the coming months. Providers who are considering whether to use the voluntary disclosure protocol should carefully assess their options and discuss the Protocol’s requirements with a knowledgeable health care attorney.