On April 17, 2013, the Health and Human Services Office of Inspector General (OIG) released an Updated Provider Self-Disclosure Protocol (SDP), which replaces the original SDP published in 1998. The SDP is used by providers and suppliers to voluntarily disclose violations of the fraud and abuse laws. According to the OIG, it has received more than 800 disclosures since the SDP’s inception, resulting in more than $280 million in recoveries. The Updated SDP formalizes many policies that the OIG had adopted in practice, including that disclosing parties will likely pay less in penalties and avoid costly integrity agreements in exchange for their cooperation.
Provisions of the Updated Protocol
The OIG outlined four significant benefits to disclosing potential fraud through the SDP. First, the OIG explained that it has “instituted a presumption against requiring integrity agreement obligations,” which can be incredibly expensive for providers to implement. According to the OIG, in all but 1 of the 235 SDP settlements since 2008, it released the disclosing party from permissive exclusion without requiring an integrity agreement. Second, the OIG explained that its general practice was to require a 1.5 multiplier for single damages calculations. Under the civil monetary penalties law, however, the OIG may assess up to three times the single damages. Third, the OIG stated that self-disclosure may mitigate potential exposure for “overpayments” under the Affordable Care Act. See 42 U.S.C. § 1320a-7k(d). According to the OIG, timely submission to the SDP may toll the Affordable Care Act’s 60-day repayment obligation. Finally, the OIG explained that the SDP provides for a streamlined resolution of potential liability.
The Updated SDP included several other provisions of note, including:
- The disclosing party must acknowledge that the conduct at issue is a potential violation of law and specifically identify the laws potentially violated.
- The disclosing party has 90 days from the date of the initial submission to the SDP – rather than 90 days from acceptance into the SDP – to complete any internal investigations and damages calculations.
- The disclosing party agrees to resolve all liability within the civil monetary penalty law’s six-year statute of limitations.
- The OIG lays out specific requirements for disclosures involving false billing, excluded individuals, and Anti-Kickback Statute or Stark Law violations.
- The OIG will require a minimum $50,000 settlement for kickback-related submissions, and a minimum $10,000 settlement for all other matters.
- For kickback settlements, the OIG exercises broad discretion and “generally” calculates damages “based upon a multiplier of the remuneration conferred by the referral recipient to the individual or entity making the referral.”
- If the disclosing party refunds an overpayment related to conduct disclosed under the SDP, the OIG will credit that amount but is not bound by any amount repaid outside the SDP process.
- Disclosing parties should clearly identify any portion of the submission potentially exempt from disclosure under the Freedom of Information Act.
The Updated SDP formally adopts many practices that have become fairly standard throughout the 15-year history of the self-disclosure program. Although the information may not be entirely new, the SDP more clearly outlines the OIG’s expectations for self-disclosing potential fraud. Importantly, the OIG openly acknowledged three key points for disclosing providers – (1) settlement agreements generally do not require an admission of liability, (2) the OIG will likely impose a 1.5 multiplier for single damages, and (3) the OIG is unlikely to require an integrity agreement as part of a SDP settlement.