The Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) has issued a revised version of its Provider Self-Disclosure Protocol (Updated SDP), dated April 17, 2013, which established a process for health care providers to voluntarily identify, disclose, and resolve instances of potential fraud involving federal health care programs.  Specifically, this protocol is intended to address:  (1) conduct involving potential false billings; (2) conduct regarding excluded persons; (3) conduct involving potential violations of the Anti-Kickback Statute (AKS); and (4) conduct involving potential violations of the AKS and the Stark Law.

The Updated SDP provides guidance on how to investigate the conduct described above, quantify damages, and report such conduct to OIG to resolve the provider’s liability under OIG’s civil monetary penalty authorities.  The document supersedes the previous OIG Provider Self-Disclosure Protocol issued in 1998 and three previous “Open Letters to Health Care Providers.”  The OIG notes that over the past 15 years, it has resolved over 800 disclosures, resulting in recoveries of more than $280 million to federal health care programs.  The Updated SDP reflects the OIG’s experience with the protocol since 1988, along with feedback it received from the public in response to a June 18, 2012 comment solicitation.  

In revising the OIG’s 1998 Provider Self-Disclosure Protocol, the Updated SDP combines information found in the three, previously published "Open Letters to Health Care Providers," sets forth requirements for specific types of disclosures (conduct involving false billing, conduct involving excluded persons, and conduct involving the anti-kickback statute and physician self-referral law), and explains certain internal practices the OIG utilizes in resolving disclosures made pursuant to the Self-Disclosure Protocol. Below we provide a brief summary of the Updated SDP, highlighting notable statements and requirements.

The OIG introduces the Updated SDP by providing the backdrop for the Updated SDP, explaining why disclosure is important, and discussing the benefits of self-disclosure. In its discussion regarding the benefits of disclosure, the OIG acknowledges that the decision to disclose potential fraud to the OIG is a "significant decision," but then emphasizes the "significant benefits" of disclosure. The OIG describes the benefits of disclosure, including the three benefits listed below.

First, the OIG reiterates a statement it made in the April 15, 2008 "Open Letter to Health Care Providers," explaining that when the OIG negotiates the resolution of conduct disclosed pursuant to the SDP, the OIG will generally not require the disclosing entity or individual to enter into a Corporate Integrity Agreement ("CIA") or Certification of Compliance Agreement ("CCA") in order to waive the OIG’s permissive exclusion authority. In other words, as a general matter, when an individual or entity submits a self-disclosure there is a presumption that a CIA or CCA will not be required to avoid a permissive exclusion action. The OIG previously stated in the 2008 letter that "this presumption in favor of not requiring a compliance agreement appropriately recognizes the provider's commitment to integrity and also advances our goal of expediting the resolution of self-disclosures." The OIG notes that in all but one of the resolved disclosures since 2008, it did not require that the disclosing party satisfy "integrity measures" in order to avoid a permissive exclusion action.

Second, the OIG states that individuals or entities self-disclosing potential fraud "deserve to pay a lower multiplier amount on single damages than would normally be required in resolving a Government-initiated investigation," and explains that the OIG requires a "minimum multiplier of 1.5 times the single damages." In contrast, pursuant to the civil monetary penalties law ("CMPL"), 42 U.S.C. § 1320a-7a, the OIG may seek an assessment of up to three times the amount at issue.

Third, the OIG points out that a disclosure made pursuant to the Updated SDP "may mitigate" potential federal False Claims Act exposure related to the obligation to report and return overpayments within 60 days after such overpayment is identified or the due date of any corresponding cost report. Note that in the proposed "Reporting and Returning of Overpayments" rule CMS issued in February 2012, CMS suggested the suspension of the reporting and repayment obligation imposed on providers and suppliers under 42 U.S.C. § 1320a–7k(d) once the provider or supplier has made a disclosure of the overpayment to the OIG pursuant to the SDP. While CMS has not finalized the "Reporting and Returning of Overpayments" rule, the OIG indicates in the Updated SDP that it will issue further guidance regarding the intersection of CMS’s final rule and the Updated SDP once the rule is finalized.

The Updated SDP includes other notable statements and provisions, including the items noted below:

  • The OIG explains its goal to reduce the processing time for a self-disclosure to less than 12 months from acceptance.
  • In furtherance of the goal described above, the OIG requires that the internal investigations and damages calculations portions of a self-disclosure be submitted within 90 days from the date of an initial self-disclosure submission. Note that previously such investigations and damages calculations were required to be submitted to the OIG within 90 days from the OIG’s acceptance of the SDP.
  • The Updated SDP clarifies that disclosure pursuant to the SDP is not limited to "any particular industry, medical specialty, or type of service," and notes that a pharmaceutical manufacturer or medical device manufacturer may disclose pursuant to the SDP. It also explains that individuals or entities currently under a CIA are not precluded from self-disclosure pursuant to the SDP, and may make a disclosure pursuant to the SDP in addition to making any reports required by the CIA.
  • Similar to the SRDP, the OIG explains both that a disclosing party must (1) acknowledge that the conduct being disclosed is a potential violation; and (2) specifically identify the law(s) potentially violated.
  • The Updated SDP emphasizes that any potential violations disclosed must trigger CMP liability, and explains that if an arrangement results in a potential violation of only the physician self-referral law ("Stark Law"), then the arrangement should be disclosed to the CMS under the SRDP.
  • The Updated SDP requires that disclosing parties agree to waive and not to plead statute of limitations, laches, or any similar defenses in any administrative action filed by the OIG relating to the conduct disclosed, unless such defenses were available to the disclosing party had an administrative action been taken prior to submission of the disclosure.
  • The Updated SDP describes the general content requirements for all disclosures as well as content requirements regarding to four specific types of potential violations: (1) conduct involving false billing; (2) conduct related to excluded persons; (3) conduct potentially violating the AKS; and (4) conduct potentially violation the AKS and Stark Law.
  • The Updated SDP states that in calculating damages for potential anti-kickback statute violations, the OIG generally determines the settlement amount based on a "multiplier of the remuneration conferred by the referral recipient to the individual or entity making the referral." This is consistent with prior guidance in the Open Letters and contrasts with a damage calculation that is based on the value of a tainted referral.
  • As explained in the March 2009 "Open Letter to Health Care Providers," the Updated SDP reiterates that the OIG will require a minimum settlement of $50,000 for anti-kickback statute-related disclosures made pursuant to the SDP. The Updated SDP also states that the OIG requires a minimum settlement of $10,000 for all other matters.