HHS-OIG Updates Self Disclosure Protocol

On April 17, 2013, the United Department of Health and Human Services Office of Inspector General (OIG) issued an updated version of the OIG's Self-Disclosure Protocol (SDP). The SDP was originally promulgated in 1998 to establish a process for health care providers to voluntarily identify, disclose, and resolve instances of potential fraud involving federal health care programs. After issuing three Open Letters to Health Care Providers and soliciting comments on proposed changes to the SDP, OIG decided to revise and update the SDP in its entirety.

Who may use SDP?
All health care providers, suppliers, or other individuals who are receiving funds from or submitting claims to Medicare, Medicaid, or any other federal health care program subject to OIG's Civil Monetary Penalties authority found at 42 C.F.R. Part 1003. Entities already subject to a government inquiry or corporate integrity agreement are not precluded from using the SDP so long as the disclosure is made in good faith and is not an attempt to circumvent an ongoing inquiry.

Conduct Eligible for SDP

  • The SDP is available for any matters in the disclosing party's "reasonable assessment" that potentially violate federal criminal, civil, or administrative laws for which Civil Monetary Penalties are authorized, including but not limited to the False Claims Act and Anti-Kickback Statute. In making a disclosure, the disclosing party must acknowledge the conduct is a potential violation and identify the laws that were potentially violated.
  • The SDP is not available for matters where Civil Monetary Penalties are not authorized such as matters exclusively involving overpayments or errors. In such excluded situations, parties should use the voluntary refund process of the appropriate CMS contractor, The SDP also may not be used to obtain advisory opinions regarding whether an actual or potential violation has occurred. Finally, the SDP may not be used to disclose an arrangement that involves only liability under the physician self-referral law (Stark law) without potential liability under the Anti-Kickback Statute for the same arrangement. To disclose such arrangements, the disclosing party should utilize the separate Self-Disclosure Referral Protocol (SRDP) promulgated by the Centers for Medicare & Medicaid Services (CMS).

Why use SDP?

  • OIG considers good faith disclosure of potential fraud and cooperation with OIG as "indications of a robust and effective compliance program." As a result, OIG has instituted a "presumption" against requiring corporate integrity agreements as part of the resolution of an SDP matter.
  • OIG will likely apply a lower multiplier on single damages for SDP matters than would normally be required in resolving a government-initiated investigation.
  • Self-disclosure may mitigate potential exposure under the civil and criminal False Claims Acts for overpayments.

What Should Be Included in the Disclosure?

  • It is very important that the disclosure communicates not only the information about the potential violation, but also sets forth the good faith efforts that have been taken to investigate the matter and corrective steps that have been taken to cease the current violation and prevent future violations from occurring.
  • The general requirements for all disclosures include:
    • Contact information for the entity including provider identification number(s), and tax identification number(s) and the government payors (including Medicare contractors) to which the disclosing party submits claims or a statement that the disclosing party does not submit claims. If the disclosing party is an entity that is owned or controlled by, or is otherwise part of a system or network, it should provide an organizational chart and a brief description of the pertinent relationships between the entities.
    • The contact information for the disclosing party's designated representative for purposes of the voluntary disclosure. This should ordinarily be an entity's compliance officer and/or outside counsel. The disclosing party should also identify an individual authorized to enter into a settlement agreement on its behalf.
    • A brief description of all details relevant to the conduct disclosed, including the types of claims, transactions, or other conduct involved; the period during which the conduct occurred; and the names of entities and individuals believed to be implicated and their respective roles.
    • Identification of the specific federal laws that may have been violated and the federal health care programs affected by the disclosed conduct. The disclosing party must also provide an estimate of the damages (or actual damages if they are available) or a certification that the estimate will be completed and submitted to OIG within 90 days of the date of submission.
    • A description of any remedial or corrective action taken upon discovery of the conduct. This may include changes to policies and procedures or providing additional education to staff regarding the particular regulation or practice at issue.
    • A statement about whether the disclosing party has knowledge that the matter is under current inquiry by a government agency or contractor. An entity should also provide information about any other investigation or inquiry taking place even if unrelated to the disclosed conduct.
    • A certification by the disclosing party that the submission contains truthful information and is based on a good faith effort to bring the matter to the Government's attention for the purpose of resolving potential liability.
  • In addition to the general requirements, more specific information is required for conduct involving false billing, excluded persons, the anti-kickback statute and physician self-referral law. These specific requirements all involve a requirement that the disclosing party calculate damages and/or estimated damages in a particular fashion, including through the use of a statistically valid random sample of claims. Disclosing parties should consult with an attorney and/or statistician familiar with these methods of calculating damages before attempting to provide this information in a disclosure in order to avoid over (or under) estimating potential damages.

How are SDP matters resolved?

  • Cooperation is essential. OIG expects entities participating in SDP to conduct a thorough investigation, submit all necessary information, communicate through a consistent point of contact, be responsive to OIG requests for additional information, and be willing to pay a penalty or multiplier of damages for the self-disclosed conduct.
  • In return for cooperation, OIG will coordinate with other agencies, including the Department of Justice on civil and criminal matters and advocate for the disclosing party to receive a benefit for participating in SDP.
  • Where OIG is the only entity involved, OIG will generally require the disclosing party to pay a minimum of 1.5 times the single damages. The multiplier is determined by a number of factors pertinent to the particular circumstances – with payments of two times the single damages calculation being typical in cases involving the hiring of excluded individuals. For smaller matters, OIG requires minimum settlement amounts of $50,000 for kick-back related submissions and $10,000 for all other matters accepted into SDP.

If you have any questions about the SDP or any other government health care investigation matters, please contact John Doyle in our Portland office at 207-791-3208; Brian Quirk, Peter Callaghan, or Nathan Fennessy in our Concord, NH office at 603-410-1500; or Charlie Dingman in our Augusta office at 207-791-3288.