Recent developments in the Department of Health and Human Services (HHS) Office of the Inspector General (OIG) and Congress have changed the calculus of healthcare providers by making self-disclosure easier and more beneficial, while simultaneously providing OIG with greater ability to punish companies and individuals who fail to report but then after a government investigation are found to have violated healthcare laws.

In April, OIG issued an updated Provider Self-Disclosure Protocol, which emphasized the advantages of disclosing violations. In the new protocol, OIG stated that self-reporting would presumptively indicate an effective compliance program and that no corporate integrity agreement (CIA) was needed. Given the burden that CIAs can impose, this is a significant incentive for individuals and entities to disclose. OIG also formalized its practice of generally requiring penalties that are only a 1.5 multiple of damages in self-disclosure cases, instead of the greater multiples sought in cases initiated by the government. OIG subsequently took steps to make disclosure easier, creating an online submission process for self-disclosure in July. OIG stated that it hopes the new form will streamline the disclosure process, which already helps to avoid the time and expense of a government-initiated investigation. Resolution of at least some reports may also become faster due to congressional action. In August, the ranking member of the House Ways and Means Committee Subcommittee asked HHS to submit a plan to resolve self-disclosures of violations of the physician self-referral (Stark) law. HHS expects to receive approximately 100 self-disclosures of Stark violations in 2013, and has received nearly 300 since the Affordable Care Act, which provides for that type of reporting, went into effect. The government has been able to fully resolve relatively few of the self-disclosures it has received, however, and there is a significant backlog.

As OIG formalizes and extends the incentives for self-disclosure, it has simultaneously reinforced the scope of potential sanctions for violations by individuals and entities. In May, OIG issued a special advisory bulletin discussing the broad reach of its decisions to exclude providers from federal healthcare programs, in some cases the decisions can encompass payment for administrative and management services that do not directly relate to patient care, as well as the potential civil liability that excluded providers can face from submitting claims to a federal healthcare program. OIG’s exclusion authority may also become greater by statute. In August, the chairman and ranking member of the Subcommittee on Health introduced a bill that would grant OIG expanded authority, including more ability to exclude those affiliated with a provider or other individual who was sanctioned by OIG for fraud. The bill is intended to grant the ability to punish executives of companies that have been excluded because of Medicare fraud. Similar legislation passed the House in 2010, but was never introduced in the Senate.

In combination, these changes highlight that self-disclosure should be viewed as an increasingly attractive option for healthcare providers who learn of violations and that the potential risks of a government-initiated investigation, including in particular exclusion, are very high and may become higher.