In recent years Congress, law enforcement, administrative agencies, and the courts have all found ways to encourage the health care industry to disclose wrongful conduct or known overpayments. The Office of Inspector General of the Department of Health & Human Services (OIG) was a pioneer in facilitating self-disclosures. The OIG originally issued a Self-Disclosure Protocol (SDP or Protocol) in 1998 and over the years has periodically published “Open Letters” to provide additional guidance on its self-disclosure processes to the industry. On April 17 the OIG issued a new version of its Provider Self-Disclosure Protocol that attempts to both promote and clarify the process.

The Self-Disclosure Protocol is available to individuals or entities who are potentially subject to the OIG's civil monetary penalty (CMP) authority. These parties may use the SDP to resolve liability arising from the potential violation of federal criminal, civil, or administrative laws for which CMPs are authorized.

The updated Protocol includes guidance on reporting potential violations of the federal anti-kickback statute, conduct involving excluded individuals, and false billing. The OIG also reiterated that the SDP is not available if the nature of the underlying conduct does not give rise to CMP liability. For example, the SDP is not an appropriate mechanism for disclosing simple overpayments or errors or matters involving only potential liability under the Physician Self-Referral (Stark) Law.

False billing

Under the updated SDP, if the disclosure involves false billing the party submitting the disclosure must include an estimate of the “damages” to the government, meaning the amount of any overpayment. This estimate may be determined based on actual claims submitted or extrapolated from a statistically valid sample. Where the disclosing party uses a sample, the sample size must include at least 100 claims and use the mean point estimate to calculate the overpayment amount.

Excluded individuals

The updated Protocol explains the reporting process when a provider discovers that an employee has been excluded from the federal health care programs. In such instances the disclosure statement should include:

  • Identity and provider number (if applicable) of excluded individual
  • Excluded individual’s job duties and dates of employment
  • Description of the background checks performed by the provider before and during the excluded individual’s employment
  • Description of the provider’s screening processes and explanation of how such processes failed to detect the employee’s excluded status
  • Description of how the employee’s excluded status was discovered
  • Any corrective action taken to ensure that excluded individuals are not hired in the future

If an excluded employee provided separately billed items or services to federal program beneficiaries, the reimbursement received by the provider for such items or services may be recouped and, depending on the circumstances, the OIG may assess a multiplier. If the excluded employee did not provide separately billed services, the Protocol states that the OIG will generally determine single damages (subject to a multiplier) using the cost of employment (salary, benefits, and taxes) paid to the employee during the period that he/she was excluded.

The updated Protocol requires the provider to check all personnel, including independent contractors, before submitting a disclosure involving excluded individuals and submit a single disclosure including all excluded individuals identified by the provider.

Potential Anti-kickback/Stark violations

For disclosures relating to potential liability under both the Anti-Kickback Statute and the Stark Law, the disclosing party is required to acknowledge that the disclosed arrangements constitute potential violations.

The updated Protocol provides examples of the types of data that providers should include when disclosing potential anti-kickback violations (including kickbacks that may also include Stark violations). The examples are: the fair market value of the compensation paid or received; the explanation for any failure to make or collect payments; whether payments were made for services not performed; whether payments to referral sources varied based on volume or value of referrals; and any corrective action taken after the arrangement at issue was identified.

Settlements and multipliers

The updated Protocol also clarifies the OIG’s approach to calculating settlement amounts. The OIG acknowledges that it has typically applied a minimum multiplier of 1.5 times the single damages, but notes that it will continue to consider the specific facts of a disclosure and exercise its discretion as to whether a higher multiplier is appropriate. A minimum $50,000 settlement is required for kickback disclosures. For other matters accepted into the SDP, OIG requires a minimum $10,000 settlement.

60-day rule

The updated Protocol addresses the so-called 60-day rule, which requires that identified overpayments must be disclosed and repaid to the government within 60 days. Fortunately, the SDP provides that the 60-day period will be suspended once the OIG confirms timely entry into the SDP process. Therefore, by filing the disclosure with the OIG, the provider stops the 60-day clock and may negotiate a resolution with the OIG before making any repayment. The Protocol, however, requires disclosing parties to agree to waive statute of limitations, laches, and similar defenses to any administrative action relating to the disclosed conduct.