What you need to know:

Healthcare providers can now self-report violations of the Stark law using a protocol issued this month by CMS.

What you need to do:

Although the mechanics of the protocol are relatively straightforward, providers need to consider the implications of unresolved issues in the protocol, including whether settlements will be reduced for violations that are merely technical, how quickly matters will be settled and whether settlements will be publicly reported.

On September 23, the Centers for Medicare and Medicaid Services published its longawaited Self-Reporting Disclosure Protocol for providers seeking to resolve actual or potential violations of the physician self-referral statute, commonly known as the “Stark law.” Although this new SRDP fills the void left when the Department of Health and Human Services Office of Inspector General ceased accepting Stark law self-disclosures early in 2009, a number of practical concerns and unanswered questions remain.

Procedural Details

The procedural details of the SRDP are not surprising. Providers must submit to CMS, both electronically and in hard copy, all relevant information necessary for CMS to consider and evaluate the potential violations, including:

  • a description of the nature of the matter being disclosed, including the parties involved, the types of financial relationships, the time periods at issue and the type of designated health service claims at issue;  
  • any analysis of the application of the Stark law to the conduct;  
  • an explanation of the potential causes of the incident or practice;  
  • a description of how the matter was discovered by the provider and what steps the provider has taken to resolve the issue and prevent future occurrences;  
  • a statement identifying whether the provider has a history of non-compliance;  
  • a description of any existing compliance program; and  
  • a financial analysis of the amount potentially due and owing as a result of the incident and an explanation of the methodology used to calculate such amount.

This information must be accompanied by a certification from the provider that the information provided is truthful and is based on a good faith effort to resolve the matter.

CMS reserves the right to request additional information and will afford providers at least 30 days to respond to such requests. The agency has also been upfront in saying it will work with providers to resolve any conflict between its need for information and a provider’s claim that certain information or documentation is protected by the attorney-client privilege.

The Good News

In general, the mere publication of the SRDP is positive because it provides a process in the increasingly common event that a provider discovers and wishes to resolve potential violations of the Stark law at the administrative level.

Disclosure under the SRDP stays the deadline for reporting and returning overpayments (60 days after which the overpayment is identified or the date any corresponding cost report is due, whichever is later) for so long as the matter remains in the SRDP. In fact, CMS will not accept payments related to the disclosed relationships until its inquiry is complete.

The SRDP also makes clear that CMS has the authority to settle disclosed matters for less than the full amount of the Medicare claims at issue, though it is not obligated to settle matters for a lesser amount.

While not particularly enlightening, the SRDP outlines those general factors which it will consider when deciding whether to reduce the amount otherwise owed for a Stark law violation:

  • the nature and extent of the problematic relationship;  
  • the timeliness of the self-disclosure;  
  • the provider’s cooperation in the process;  
  • the litigation risk associated with the matter disclosed;  
  • the financial position of the disclosing party; and  
  • other factors at the agency’s discretion.  

Unresolved Issues and Concerns to Keep in Mind  

  • One of the biggest disappointments with the SRDP is its failure to adopt a stipulated penalty approach to resolve matters involving only technical noncompliance (i.e., those matters where there is no evidence of fraud or abuse or other substantive program concerns). Such an approach was advocated by many in the industry, including the American Hospital Association. It remains to be seen how far CMS is willing to “discount” settlements where mere technical violations are at issue.  
  • CMS has not provided any estimates or guidance as to how quickly they anticipate being able to resolve these matters – a crucial factor for providers who need resolution in order to consummate transactions, satisfy bond covenants or other financial requirements, or meet other obligations.  
  • The SRDP’s definition of “look back period,” for which providers must calculate potential amounts due and owing because of a noncompliant relationship, appears to require providers to disclose information for periods beyond any Medicare reopening rules or applicable statute of limitations. This could add to the pressure on providers to gather information in a timely way to satisfy their desire to avoid any potential False Claims Act liability associated with a failure to disclose within 60 days of determining there is an overpayment.  
  • It remains unclear whether settlements reached under the SRDP will be publicly reported in some identifiable fashion and/or posted in redacted form by CMS, merely available via FOIA request, or subject only to aggregate reporting mandated by Congress (e.g., the number of settlements, the degree of compromise in each, etc.). As a result, it is unclear whether the SRDP will provide greater clarity to the industry regarding what conduct or documentation CMS considers compliant or noncompliant with Stark.  
  • The SRDP provides no assistance to providers seeking to confirm a reasonable belief that a particular relationship fits into a Stark exception or otherwise complies with the Stark law.  
  • Providers need to keep in mind that CMS will still refer matters to the OIG or Department of Justice if it believes the conduct also may trigger liability under the Anti-Kickback Statute, the False Claims Act or the civil monetary penalty provisions. As a result, providers need to think carefully about whether electing to proceed under the SRDP is likely to result in a better outcome than going directly to either OIG or DOJ.