On March 28, 2017, the Centers for Medicare & Medicaid Services (CMS) issued a new voluntary self-referral disclosure protocol (SRDP) for disclosing actual or potential violations of the Stark Law. The Stark Law prohibits physicians from making referrals for designated health services (DHS) payable by Medicare to an entity with which the physician (or an immediate family member) has a financial relationship, unless an exception applies. 42 U.S.C. 1395nn(a)(1)(A). The Stark Law also prohibits billing for DHS provided as a result of an improper referral. 42 U.S.C. 1395nn(a)(1)(A) Id.

Background on the Self-Referral Disclosure Protocol

The SRDP was established in 2010 pursuant to Section 6409 of the Affordable Care Act. Section 6409 requires CMS to develop a protocol for self-disclosure of actual or potential violations of the Stark Law and authorizes the agency to reduce the amount owed for such violations. Providers and suppliers self-disclose actual or potential Stark violations under the SRPD with the hope of resolving their potential liability at reduced settlement amounts. CMS determines whether to offer a disclosing entity a reduced settlement and, if so, in what amount, based on a number of factors, including the nature and extent of the violation, the timeliness of the self-disclosure and the entity's cooperation in providing additional information requested by CMS in relation to the disclosure.

Changes Under the New Protocol

The key difference between the previous protocol and the new protocol is that the new protocol requires entities to make their disclosures by filling out and submitting a single set of fillable forms that CMS provides. Under the previous protocol, entities typically provided the information required by the SRDP in the form of a letter. Beginning June 1, 2017, entities must submit disclosures under the SRDP using the forms provided by CMS.1 Entities submitting self-disclosures prior to June 1, 2017 are encouraged, but not required, to use the new forms.

The forms provided under the new SRPD require much of the same information that was required under the previous protocol, including the nature of the violations being disclosed, the entity's history of similar noncompliance, the action the entity has taken to remedy the violation and prevent future noncompliance, and a financial analysis of the potential overpayment.

In addition to mandating use of the forms, the other major changes in the new protocol include requirements to:

  • Describe how common or frequent the disclosed noncompliance was in comparison with similar arrangements between the disclosing entity and physicians;2  
  • Submit a separate physician information form for each physician included in the disclosure, detailing the terms of his or her noncompliant compensation arrangement with the disclosing entity; and  
  • Use a specific financial analysis worksheet to quantify and report the potential overpayment. The calculation must be based on the six-year look-back period for reporting and returning overpayments in effect as of March 14, 2016. See 42 C.F.R. 401.305(f).

The new protocol is available at https://www.cms.gov/medicare/fraud-and-abuse/physicianselfreferral/self_referral_disclosure_protocol.html.