On April 17, 2013, the Office of Inspector General (OIG) of the United States Department of Health and Human Services (HHS) published the revised Provider Self-Disclosure Protocol (SDP), which replaces and supersedes the original SDP issued in 1998, as well as the three Open Letters providing additional guidance in 2006, 2008, and 2009.1 The SDP establishes a process for health care providers to voluntarily identify, disclose, and resolve instances of potential fraud involving federal health care programs, including guidance on how to investigate the conduct, quantify damages, and report the conduct. The revised SDP, which comes after the OIG’s June 18, 2012 solicitation for public comments, clarifies the eligibility requirements for participation in the process, sharpens the requirements for the disclosure submission, outlines methods of calculating damages, and expedites the time frame for the disclosing party to complete its internal investigation and damages calculation.

Among the "significant benefits" to an organization that self-discloses fraudulent conduct to the OIG, the revised SDP lists: (1) an institutional presumption against requiring integrity agreement obligations in exchange for a permissive exclusion release; (2) a lower multiplier (typically, 1.5 times) on single damages than would normally be required in resolving a government-initiated investigation; and (3) based on anticipated rule changes to be made by the Centers for Medicare & Medicaid Services (CMS), suspension of the obligation under Section 1128J of the Social Security Act to report overpayments so long as the SDP submission is timely made, and suspension of the obligation to return overpayments until the disclosure matter has been resolved.2

Including a streamlined process and timely resolution of SDP events among the benefits of the program, the revised SDP shortens the time period for disclosing parties to complete their internal investigations and damages calculations. Under the new SDP, disclosing parties must submit their investigative findings and estimated damages within 90 days of making their initial submission under the SDP, instead of within 90 days of acceptance into the SDP.

Eligibility for the SDP

The revised SDP clarifies that the SDP is not limited to any particular industry, medical specialty, or type of service. All individuals or entities subject to the OIG’s Civil Monetary Penalties (CMP) authority, including pharmaceutical or medical device manufacturers, are eligible to use the SDP. If a disclosing party is already the subject of a government investigation, the party may still use the SDP, as long as the disclosure is made in good faith and is not an attempt to circumvent any ongoing inquiry. Parites under Corporate Integrity Agreements (CIA) may also use the SDP in addition to making any reports required in the CIA.

The SDP may be used to resolve liability for potential violations of federal criminal, civil, or administrative laws for which CMPs are authorized. The revised SDP specifies, however, that a disclosing party must acknowledge that the conduct is a potential violation, and explicitly identify the laws that were potentially violated. Conduct that is not eligible for the SDP includes: (1) matters exclusively involving overpayments or errors; (2) requests for OIG opinions as to whether actual or potential violations may have occurred; and (3) arrangements that involve only liability under the physician self-referral law (the Stark Law) and do not also include liability under the Anti-Kickback Statute (AKS).3

As a condition for acceptance into the SDP, the disclosing party must agree to waive any statute of limitations defenses to any administrative actions related to the disclosed conduct (unless that defense would have been available on the date of submission). The disclosing party is also required to ensure that the conduct has ended and/or that corrective action will be taken.

The SDP Submission

In order to be considered for admission to the SDP, the disclosing party must now include the following information in its submission:

  • Identifying information, including an organizational description of the disclosing party;
  • A "concise statement of all details relevant to the conduct disclosed;"
  • A statement of the federal criminal, civil, or administrative laws potentially violated by the disclosed conduct;
  • The federal health care program affected by the disclosed conduct;
  • An estimate of the damages , or a certification that the estimate will be completed and submitted within 90 days of the date of submission;
  • A description of the disclosing party’s corrective action upon discovery of the conduct;
  • A statement of whether the disclosing party has knowledge that the matter is under current inquiry by a government agency or contractor;
  • The name of an individual authorized to enter into a settlement agreement; and
  • A certification.

Disclosures of Conduct Involving False Billing

When a disclosure involves false or fraudulent billings, the disclosing party must conduct a review to estimate the improper amount paid by the federal health care programs, and prepare a report of its findings.

The estimation of damages must consist of a review of either: (1) all the claims affected by the disclosed matter or (2) a statistically valid random sample of the claims that can be projected to the population of affected claims. Where a sample is used, the disclosing party must use a sample of at least 100 items and the mean point estimate to calculate damages. The revised SDP also clarifies that, in calculating the damages estimate, the disclosing party may not include an offset for any underpayments discovered during the review.

The report of the damages estimate must include:

  • A statement clearly articulating the objective of the review;
  • A description of the group of claims, an explanation of the methodology used to develop the population, and the basis for this determination;
  • A full description of the source of the data;
  • The names, titles, and qualifications of the individuals who conducted the review; and
  • The characteristics used for testing each item.

If the estimation of damages was based upon a sample, the review report must also include a description of the sampling plan that was followed, and the sampling plan must meet the minimum requirements listed in the revised SDP.

Disclosures of Conduct Involving Excluded Persons

In addition to providing the detailed information required in the original submission, disclosures involving excluded persons must include:

  • Identifying information of the excluded individual;
  • The job performed by the excluded individual;
  • The dates of the individual’s employment;
  • A description of the background checks that were completed before and/or during the individual’s employment;
  • A description of the screening process and any flaws or breakdowns that led to the hiring of the excluded individual;
  • A description of how the conduct was discovered; and
  • A description of any corrective action to prevent future hiring of excluded individuals.

Before making the disclosure, however, the disclosing party must also screen all current employees and and contractors against the OIG’s List of Excluded Individuals and Entities. The revised SDP also provides guidance for calculating damages in cases involving excluded individuals.

Disclosures of Conduct Involving the Anti-Kickback Statute and Physician Self-Referral Law

For disclosures under the AKS and the Stark Law, the revised SDP reiterates the requirement that the disclosing party must acknowledge that the subject arrangement(s) constitute potential violations of the AKS and, if applicable, the Stark Law. ("OIG will not accept any disclosing party into the SDP that fails to acknowledge clearly that the disclosed arrangement constitutes a potential violation of the AKS and, if applicable, the Stark Law.") The disclosing party must include in its narrative submission "a concise statement of all details directly relevant to the disclosed conduct and a specific analysis of why each disclosed arrangement potentially violate the AKS and Stark Laws." The revised SDP also requires more information on the parties’ relationships to one another, the payment arrangements, and the dates of the arrangements – as well as an explanation of the context and features of the arrangements that raise potential liability under the statutes.

While the determination of the settlement amount depends on the individual facts and circumstances of each matter, for matters involving AKS and potential Stark Law liability, the OIG typically uses an amount based upon a multiplier of the remuneration provided under the suspect arrangement. The damages estimate, therefore, must include the total amount of remuneration involved in each arrangement without regard to whether the disclosing party believes that some of the remuneration involved a lawful purpose. The revised SDP emphasizes, however, that, although the OIG generally uses the remuneration-based methodology as an incentive to encourage disclosure of potential AKS violations, this does not govern its position in other situations where another measure may be used.


OIG will coordinate with the Department of Justice (DOJ) civilly and criminally in resolving SDP matters, and advocate, in both instances, that the disclosing party receive a benefit from disclosure under the SDP.

Although OIG does not require an admission of liability in settlement agreements, the revised SDP warns that disclosing parties should expect to pay above single damages, and states that OIG’s "general practice" is to require a minimum multiplier of 1.5 times the single damages. While the multiplier is applied to the amount paid by the federal health care program, not to the amount claimed, OIG does require minimum settlement amounts for self-disclosed matters. For kickback-related matters, OIG will now require a minimum $50,000 settlement; for all other matters accepted into the SDP, OIG will require a minimum $10,000 settlement amount.


While the revised SDP offers more explicit guidance to disclosing parties, the changes – notably in the required content and acknowledgements in the submission – place greater burdens on disclosing parties. Similarly, to the extent that the revised SDP clarifies the benefits of self-disclosure, it makes clear that those those benefits must be earned by the disclosing party. Individuals and entities planning to self-report actual or potential violations may expect a faster and more consistent process, but will have to do a great deal more work themselves.