The Stark self-referral law can be
unforgiving. Unintentional minor technical
violations can result in severe penalties and
staggering refund liabilities. Until recently,
there was no way a physician or provider
could come forward and voluntarily disclose
such violations to the enforcement agencies,
and in an Open Letter dated March 24,
2009, the Office of Inspector General
announced it will no longer accept
disclosure of a matter that involves only
liability under the physician self-referral law
in the absence of a colorable anti-kickback
statute violation under its 1998 Provider
Self-Disclosure Protocol
. This policy left
providers with limited options when a Stark
violation was discovered. The Patient
Protection and Affordable Care Act (PPACA)
changed all that, up to a point.

On September 23, 2010, six months after the
enactment of health reform under the
PPACA, the Centers for Medicare and
Medicaid Services (CMS) published a
Voluntary Self-Referral Disclosure Protocol,
which can be found at
. This
protocol allows any physician or provider to
disclose actual or potential Stark violations.

More good news under the PPACA: the new
law grants the Secretary of Health and
Human Services discretion to reduce the
amounts due for Stark violations and directs
the Secretary to consider as mitigating
factors the nature and extent of the improper
or illegal practice; the timeliness of such
disclosure; the cooperation in providing
additional information related to the
disclosure; and such other factors as the
Secretary considers appropriate. The CMS protocol adds two more factors: the litigation
risk associated with the matter disclosed and
the financial position of the disclosing party.

Currently, a provider must refund all
Medicare payments for designated health
services referred by a physician where a nonexempt
financial relationship with the
physician (or a family member) exists. The
new protocol does not guarantee leniency,
either with regard to the refund obligations
or with regard to any Stark or False Claims
Act penalties.

All disclosures must be made electronically
and include the following information:

  • The name, address, national provider identification numbers (NPIs), CMS
    Certification Number(s) (CCN) and tax
    identification number(s) of the disclosing
  • A description of the nature of the matter
    being disclosed, including the type of
    financial relationship(s), parties involved,
    specific time periods the disclosing party
    may have been out of compliance; type of
    designated health service claims at issue;
    type of transaction or other conduct
    giving rise to the matter; and the names
    of entities and individuals believed to be
    implicated and an explanation of their
    roles in the matter.
  • A statement from the disclosing party
    regarding why it believes a violation of
    the physician self-referral law may have
    occurred, along with a description of the
    potential causes of the incident or
    practice (e.g., intentional conduct, lack of
    internal controls, circumvention of
    corporate procedures or government
  • The circumstances under which the
    disclosed matter was discovered and the
    measures taken upon discovery to address
    the issue and prevent future abuses.
  • A statement identifying whether the
    disclosing party has a history of similar
    conduct or has any prior criminal,
    civil and regulatory enforcement actions
    (including payment suspensions) against it.
  • A description of the existence and
    adequacy of any pre-existing compliance
    program and the measures or actions
    taken by the disclosing party to
    restructure the arrangement or noncompliant
  • A description of appropriate notices, if
    applicable, provided to other government
    agencies, (e.g., Securities and Exchange
    Commission and Internal Revenue
    Service) in connection with the disclosed
  • An indication of whether the disclosing
    party has knowledge the matter is under
    current inquiry by a government agency
    or contractor.
  • A full financial analysis must also be
    completed for the applicable “look-back

CMS makes it clear this protocol is not to be
used to elicit advisory opinions about Stark
compliance, and such requests should go
through the existing Advisory Opinion
process, which has been less than robust to
date when compared to OIG’s Advisory
Opinion process.

Don’t try this without help. Because of the
volume of information required, providers
and physicians who become aware of Stark
violations should consult with experienced
health law counsel before approaching CMS
under the self-disclosure protocol.