The Department of Health and Human Services Office of Inspector General (“OIG”) has published an updated Provider Self-Disclosure Protocol (the “Updated SDP”) that offers health care providers guidance on how to disclose potential fraud, avoid prosecution, and mitigate potential penalties under the OIG’s civil money penalty (CMP) authority.
The Updated SDP, first published in a 1998 notice, is a welcome, if long-overdue, comprehensive revision that combines information described in three OIG Open Letters to Health Care Providers (one of which notably explained that the OIG would no longer accept disclosures of a violation of the physician self-referral law (“Stark Law”) without a “colorable” violation of the Anti-kickback Statute), a 2012 solicitation for comments and recommendations (discussed in more detail here) about how to revise the SDP so that it provides “useful guidance to the health care industry,” as well as other informal internal procedures that have not yet been made publicly available. The Updated SDP supersedes and replaces the original SDP and the three Open Letters.
Among the many notable features of the Updated SDP are:
- Acknowledgment of the OIG’s long-standing practice of using a minimum penalty multiplier of 1.5 times single damages;
- Clarification that all providers subject to the OIG’s CMP authorities, including pharmaceutical and device manufacturers, are eligible for the SDP process;
- A reminder that potential successor liability can arise when one provider acquires another provider’s business;
- The requirement to acknowledge potential violations of law, and to identify the specific laws potentially violated (i.e., a general reference to federal law or the Social Security Act is insufficient);
- New requirement that as a precondition to acceptance by the OIG into the SDP, the provider waives the statute of limitations or similar defenses to any administrative action that the OIG could file;
- New content requirements for self-disclosures involving false billing, excluded persons, and Anti-kickback and Stark Law violations;
- Acknowledgment of the OIG’s long-standing practice to settle Anti-kickback violations based on a multiplier of the “remuneration conferred by the referral recipient to the individual or entity making the referral”; and
- A minimum settlement of $50,000 to resolve Anti-kickback-related disclosures (consistent with the information published in the OIG’s 2009 Open Letter) and a minimum settlement of $10,000 for any other disclosures.
In addition, the Updated SDP addresses the Centers for Medicare & Medicaid Services’ (“CMS”) proposed 60-day overpayment rule, which will require providers to notify and return an overpayment within 60 days of identifying the overpayment (the “Overpayment Rule”). The Overpayment Rule proposes to suspend overpayment reporting obligations “when OIG acknowledges receipt of a submission to the OIG SDP” and “until a settlement agreement is entered, or the provider or supplier withdraws or is removed from the OIG SDP.” The OIG states that additional guidance will be provided with respect to the Overpayment Rule after CMS publishes a final rule.
Among the disappointments in the Updated SDP is the OIG’s continued unwillingness to allow providers to net-out underpayments as part of the disclosing party’s calculation of damages. Presumably, the OIG will continue to be willing to receive this information separately as part of the settlement process.
Health care providers have long understood the significant challenges and risks presented by self-disclosure and thus should take some comfort in the OIG’s acknowledgement that self-disclosure is a “significant decision.” The Updated SDP provides greater procedural clarity but still raises the bar on submission requirements because it does not cure some existing flaws in the process.