On September 23, 2010, the Centers for Medicare & Medicaid Services (CMS) released the much-anticipated Self-Referral Disclosure Protocol (the “SRDP”) which establishes a process to voluntarily self-disclose actual or potential violations of the Stark Law. In return, “disclosing parties” are eligible for potentially reduced penalties. All health care providers can participate, including physicians and hospitals. Notably, providers are not barred from participating even if they are currently subject to a government audit or investigation.

Benefits of Self-Disclosure

When determining whether to reduce penalties for disclosed Stark Law violations, CMS will consider the following factors:

  • The nature and extent of the violation;
  • The timeliness of disclosure;
  • The disclosing party’s diligent and good faith cooperation;
  • The litigation risk; and
  • The financial position of the disclosing party.

The SRDP offers the opportunity for decreased liability, but CMS is not obligated to reduce the amount owed. Each case will be analyzed based on its particular facts and circumstances. However, by disclosing a potential violation, all obligations to report and return overpayments (e.g. within 60 days after identifi cation) are suspended until the SRDP process is concluded.

Information Disclosed

To make a disclosure, participants must submit a detailed description of the actual or potential Stark Law violation and must provide a fi nancial analysis of any payments due and owing. The disclosure must include the following:

  • The disclosing party’s name, address, and additional identifying information, including a description/diagram of “pertinent relationships” and the names of related corporate divisions if the entity is part of a system or network;
  • A description of the type of fi nancial relationships involved, the transaction that gave rise to the violation, the names/roles of the entities and individuals implicated, the time period of noncompliance, and the type of services at issue;
  • A statement explaining why the disclosing party believes a violation has occurred and a “complete legal analysis” of the Stark Law and its exceptions;
  • A description of the cause of the violation, the violation’s discovery, the disclosing party’s history of similar conduct, and steps taken to remedy the violation through restructuring the fi nancial relationship and/or increasing internal audit efforts;
  • A description of the disclosing party’s pre-existing compliance program which details the program’s adequacy and internal controls;
  • A description of notices provided to appropriate government agencies such as the Securities and Exchange Commission and/or the Internal Revenue Service;
  • A statement noting whether the disclosing party is aware that the violation or any other matters relating to Federal health care programs are currently under investigation; and
  • A financial analysis which includes the total payments due and owing during the period of non-compliance - i.e., the “look back” period.

Fraud and Abuse Liability

The SRDP is limited to actual or potential violations of the Stark Law. In contrast, the OIG’s Self-Disclosure Protocol applies to violations of the Anti-Kickback Statute, the Civil Monetary Penalties Law, and the False Claims Act. Importantly, the same conduct should not be disclosed under both the SRDP and the OIG’s Self-Disclosure Protocol. Moreover, there may be other self-disclosure options, such as to the Department of Justice or state authorities.

Therefore, providers that decide to make a self-disclosure (which itself is potentially a complex strategic decision), must carefully decide whether to disclose via the SRDP, the OIG’s disclosure process or other self-disclosure options. In doing so, it is important to keep in mind that CMS has reserved the right to use the information disclosed via the SRDP to refer the matter to the OIG and/or the Department of Justice.

Practical Recommendations

  1. To disclose or not disclose?

As a threshold matter, a decision to self-disclose any matter to a governmental authority should only be made after careful consideration of all relevant facts and strategic legal issues.

  1. Thoroughly investigate violations before disclosure

Unlike other self-disclosure procedures, which require an initial disclosure followed by an investigation and report, the SRDP is not a two-step process. It requires disclosing parties to submit an extensive report at the same time as the initial disclosure.

  1. Obtain a “complete legal analysis”

Unlike other self-disclosure procedures, which require parties to disclose only pertinent factual matters, the SRDP requires a detailed, fact-intensive disclosure and a full legal analysis. Thus, providers must conduct (or obtain) a legal analysis before making a disclosure. CMS also reserves the right to request disclosure of attorney work-product information. 

  1. Identify Violations Early

The SRDP requires a fi nancial analysis of the liability going back to the date of the violation. This could be days, months or even years. If violations are fully investigated and identifi ed early, the SRDP may be a useful vehicle for limiting overall liability.

  1. Identify “Pure” Stark Violations

Because the SRDP leaves open the possibility of referral to the OIG and/or DOJ, providers should carefully analyze whether the fi nancial relationship is a “pure” Stark issue or whether it also implicates the fraud and abuse laws.

  1. Consider All Disclosure Options

The SRDP differs signifi cantly from the OIG Self-Disclosure Protocol and the practice of the DOJ and many U.S. Attorneys’ offi ces. It also differs signifi cantly from state self-disclosure protocols such as those of the New Jersey Medicaid Fraud Division and the New York State Offi ce of Medicaid Inspector General. Competent legal advice should be obtained as to which disclosure protocol would be the most advantageous under different circumstances.