Recently, a federal agency, the Centers for Medicare and Medicaid Services (CMS), released the Voluntary Self-Referral Disclosure Protocol (SRDP) to permit providers and suppliers who believed that they are or might be providing services in violation of the federal Stark physician self-referral law (42 U.S.C. § 1395nn) to disclose such actual or potential violation to CMS in the hopes of resolving the matter as favorably as possible.
What is the Voluntary Self-Referral Disclosure Protocol for Stark Violations and how does it relate to the Office of Inspector General Self-Disclosure Protocol?
The Voluntary Self-Referral Disclosure Protocol issued by CMS is not the same protocol as the Self-Disclosure Protocol (SDP) issued by the Office of Inspector General (OIG) of the United States Department of Health and Human Services. The SRDP is specifically limited to reports of actual or potential violations of the Stark self-referral law, so-called “Stark-only” violations. In contrast, the SDP should be used to disclose potential violations based on other federal laws, which can also include a Stark violation but is not a Stark-only violation. The SRDP is a creation of the 2010 health care reform. The Patient Protection and Affordable Care Act (PPACA) signed into law on March 23, 2010 required the CMS to develop a process for providers to self-disclose violations of the Stark self-referral law within six months. On September 23, 2010, CMS released the SRDP, which has many features in common with the SDP, but also contains some significant differences. Whether you or your business should ever make use of this voluntary disclosure protocol depends on a multitude of factors and your particular circumstances.
What Are the Common Features of the Stark-Only SRDP and the OIG’s SDP?
The common features of the two self-disclosure protocols include:
- Disclosure of all relevant information: names, dates, identification numbers, details of the alleged violation (including its discovery, investigation, resolution and corrective action);
- Notification of any known ongoing governmental inquiry or investigation (this doesn’t preclude disclosure, but notice is required) and description of any notice provided to any government agency;
- Agreement not to appeal any overpayment assessed as part of the settlement agreement; Mitigation factors may reduce penalties depending on the facts and circumstances of the violation, but CMS is not bound to resolve a disclosed violation or reduce the penalties associated with the same under the SRDP. Some identified mitigation factors are: Identified mitigating factors include: the nature and extent of the violation; the timeliness of disclosure; the cooperation of the disclosing party in providing additional information to the government; the litigation risk associated with the disclosed violation; and the financial position of the disclosing party.
- Treatment of discovered additional violations as outside the scope of the SRDP;
- Expectation of full cooperation of the disclosing party while CMS verifies the disclosed information;
- Repayments must be made with CMS’s permission, and generally not until CMS has verified the amount owed, however, disclosing party is encouraged to place reserved payments in an interest bearing escrow account to ensure the availability of funds
What Are the Differences Between the Disclosure Protocols?
The Stark SRDP differs from the OIG’s SDP in the following ways:
- Method of Filing: Disclosure must be filed electronically via email, along with a mailed original and file copy. CMS’s email acknowledgement of the filing marks the tolling of the 60-day repayment period under PPACA for the duration of the investigation and process as to disclosed violations, but there is no required time frame for CMS to provide notice of acceptance or rejection.
- Complete Legal and Financial Analyses: The disclosure must include a detailed description of the violation and applicability of the Stark law to the matter disclosed (lack of applicability of any Stark law exception). In addition, the disclosing party must provide a detailed financial analysis with the initial disclosure for the period of noncompliance, including a final amount, itemization by year, and methodology.
- Past Conduct: The disclosing party must disclose past similar conduct and any prior enforcement actions (civil, criminal, regulatory, or payment suspensions).
- No Claims of Privilege or Limits on Documents Disclosed: Cooperation means no limits on supporting documentation.
- Separate from Advisory Opinion Process: Disclosing party is limited to one or the other, but not both simultaneously.
- Required Use for Parties under CIAs: The SRDP must be used by parties with CIAs or certification of compliance agreement to report Stark-only violations, with a copy of the disclosure sent by the disclosing party to the OIG.
What Should I Consider before Self-Disclosing an Actual or Potential Violation?
The decision of whether to disclose an actual or potential violation of any federal law is one that should be made in consultation with qualified legal counsel after a full internal investigation of the facts and circumstances giving rise to a disclosure. A few points to consider before disclosing a matter are:
- Will the disclosure resolve all of the potential fraud and abuse violations involving the disclosing party? If all of the potential violations will not be resolved through the disclosure, what other laws and regulations are implicated and how can these be resolved? Disclosure may give other agencies a heads up that they ought to take a closer look at you and your business partners.
- Have you thoroughly investigated your business’s compliance with applicable laws and regulations to ferret out all potential issues? Have you implemented corrective action for any areas of noncompliance and are you monitoring continued compliance?
- Disclosing actual or potential violations means facing substantial civil penalties and fines, even if the final settlement amount is reduced from treble damages (to some other agreed upon amount), and you have invited the government in to your home to have a look around.
- Voluntary disclosures may lead to other suits from business partners or health plans asserting damages from the illegal conduct, as well as potentially resulting in termination from the state Medicaid program and/or termination of business agreements with for cause termination provisions.
- Voluntarily providing otherwise privileged or confidential information undermine the protection of this information in other contexts and then be discoverable by competitors and even qui tam relators. Could disclosing earlier privileged conversations with legal counsel regarding the reported violations have an aggravating effect to the extent that counsel advised the provider of non-compliance and recommended action was not taken? Substantial expenses are involved in the disclosure process separate and apart from any fines and penalties. These expenses include gathering all necessary documents, having such documents analyzed, developing a disclosure strategy, and coordinating a disclosure with the government, among others. Additional expenses associated with monitoring and compliance may arise after disclosure if the settlement includes execution of a corporate integrity agreement (CIA).
- A provider must consider whether the provider or medical practice has (or can obtain) the financial and other records (going back six years or as far as required) to do the analysis necessary to determine the extent of violations and damages (or penalties) owed.
- Further complexities are added to the decision when members of the practice or provider have left and new members have joined as disclosure implicates a privilege waiver and other serious considerations. Can the remaining members make a decision that may potentially impact former members of the practice and new members (who may not have been involved in any violation)?
The determination that a disclosure is or is not in the best interest of you and your business requires careful and deliberate analysis of the benefits and the risks involved. Disclosure is a process that once begun, cannot be undone and requires a detailed legal and financial picture of your business.