HHS OIG Provider Self Disclosure Protocol

The Office of Inspector General (OIG) for the U.S. Department of Health & Human Services (HHS) recently updated OIG’s Provider Self-Disclosure Protocol (SDP).  The revised protocol now supersedes and replaces the 1998 Federal Register Notice and the Open Letters, as described below (summarized from the new SDP).  In addition to the new protocol, OIG also posted a new video podcast about the SDP, given by a lawyer from OIG’s counsel.  These videos are part of OIG’s Health Care Fraud Prevention and Enforcement Action Team (HEAT) Provider Compliance Training initiative. 

We previously reported in July of 2012 that OIG was soliciting comments to change the SDP, which was first established back in 1998, to give health care providers a process to disclose potential fraud involving the Federal health care programs.  The Protocol provides guidance on how to investigate this conduct, quantify damages, and report the conduct to OIG to resolve the provider's liability exposure under OIG's civil money penalty (CMP) authorities.  Over the past 14 years, OIG has resolved over 800 disclosures, resulting in recovering over $280 million to the Federal health care programs. 

Disclosure is important from OIG’s perspective for several reasons.  First, “good faith disclosure of potential fraud and cooperation with OIG’s review and resolution process are typically indications of a robust and effective compliance program.”  As a result, OIG has instituted a presumption against requiring integrity agreement obligations (e.g., CIAs) in exchange for a release of OIG’s permissive exclusion authorities in resolving an SDP matter.  Since 2008, OIG has resolved 235 SDP cases through settlements. In all but one of these cases, we have released the disclosing parties from permissive exclusion without requiring any integrity measures. 

Second, individuals or entities that use the SDP and cooperate with OIG during the SDP process deserve to pay a lower multiplier on single damages than would normally be required in resolving a Government-initiated investigation. The specific multiplier that we accept may vary depending on the facts of each case. OIG’s general practice in CMP settlements of SDP matters is to require a minimum multiplier of 1.5 times the single damages, although we determine in each individual case whether a higher multiplier may be warranted. 

Third, “using the SDP may mitigate potential exposure under section 1128J(d) of the Act, 42 U.S.C. 1320a-7k(d).  Section 1128J(d)(2) of the Act requires that a Medicare or Medicaid overpayment be reported and returned by the later of (1) the date that is 60 days after the date on which the overpayment was identified or (2) the date any corresponding cost report is due, if applicable.”  Any overpayment retained by a “person,” as defined in section 1128J(d)(4)(C) of the Act after this deadline may create liability under the Civil Monetary Penalties Law (CMPL), section 1128A of the Act, and the False Claims Act (FCA), 31 U.S.C. 3729.  

In its Notice of Proposed Rulemaking, 77 Fed. Reg. 9179-9187 (February 16, 2012), the Centers for Medicare & Medicaid Services (CMS) proposes to suspend the obligation to report overpayments under section 1128J(d) of the Act when OIG acknowledges receipt of a submission to the SDP so long as the submission is timely made.  CMS also proposes to suspend the obligation to return overpayments until a settlement agreement is entered into, or the provider or supplier withdraws or is removed from the SDP. As necessary, OIG will provide additional guidance on OIG’s web site concerning section 1128J of the Act and the SDP after CMS issues its final rule. 

Who May Use the SDP 

All health care providers, suppliers, or other individuals or entities who are subject to OIG’s CMP authorities found at 42 C.F.R. Part 1003 are eligible to use the SDP.  The SDP is not limited to any particular industry, medical specialty, or type of service.  For example, a pharmaceutical or medical device manufacturer may use the SDP to disclose potential violations of the Federal anti-kickback statute (AKS), section 1128B(b) of the Act, because such violations trigger CMP liability under section 1128A(a)(7) of the Act, a provision of the CMPL.  For purposes of the SDP, OIG refers to all individuals or entities that make a submission to the SDP as “disclosing parties.”  

The disclosing party should disclose conduct for which it may be liable, including potential successor liability based on its purchase of another entity.  For example, a disclosing party could have liabilities as the result of a merger or an acquisition. However, disclosing parties should not use the SDP to disclose conduct of another, unrelated party—that should be reported through OIG’s hotline. 

Disclosing parties already subject to a Government inquiry (including investigations, audits, or other oversight activities) are not automatically precluded from using the SDP. The disclosure, however, must be made in good faith and must not be an attempt to circumvent any ongoing inquiry.  Disclosing parties under Corporate Integrity Agreements (CIA) with OIG may also use the SDP in addition to making any reports required in the CIA. 

Conduct Eligible for the SDP 

The SDP is available to facilitate the resolution of matters that, in the disclosing party’s reasonable assessment, potentially violate Federal criminal, civil, or administrative laws for which CMPs are authorized.  In making a disclosure, a disclosing party must acknowledge that the conduct is a potential violation.  Disclosing parties must explicitly identify the laws that were potentially violated and should not refer broadly to, for example, “Federal laws, rules, and regulations” or “the Social Security Act.”  OIG has

found that disclosing parties who avoid acknowledging that there is a potential violation are more likely to have unclear or incomplete submissions or unrealistic expectations about resolutions, which result in a lengthier review and resolution process.  In addition, statements such as “the Government may think there is a violation, but we disagree” raise questions about whether the matter is appropriate for the SDP.  The resulting back-and-forth over these issues can create unnecessary delays in reaching a resolution and may result in the disclosing party’s removal from the SDP.

Conduct Ineligible for the SDP 

First, the SDP is not available for a matter that does not involve potential violations of Federal criminal, civil, or administrative law for which CMPs are authorized, such as one exclusively involving overpayments or errors.  In this situation, the matter should be disclosed directly to the appropriate CMS or other responsible contractor under the payor’s voluntary refund process.  

Second, the SDP is not available to request an opinion from OIG regarding whether an actual or potential violation has occurred.  The Advisory Opinion process is the only vehicle to obtain an OIG opinion.  Third, the SDP is not available for disclosure of an arrangement that involves only liability under the physician self-referral law, section 1877 of the Act (the Stark Law), without accompanying potential liability under the AKS for the same arrangement.  Disclosing parties must analyze each arrangement involving a physician to determine whether it raises potential liability under the AKS, the Stark Law, or both laws.  Stark-only conduct should be disclosed to CMS through its Self-Referral Disclosure Protocol (SRDP).  OIG reserves the right to determine whether an arrangement is appropriate for resolution in the SDP. 

Tolling the Statute of Limitations  

By entering into the SDP, OIG expects disclosing parties to disclose with a good faith willingness to resolve all liability within the CMPL’s six year statute of limitations as described in section 1128A(c)(1) of the Act.  Accordingly, the disclosing party must agree, as a condition precedent to the OIG’s acceptance into the SDP, to waive and not to plead statute of limitations, laches, or any similar defenses to any administrative action filed by OIG relating to the disclosed conduct, except to the extent that such defenses would have been available to the disclosing party had an administrative action been filed on the date of submission. 

Corrective Action  

Prior to disclosure, the disclosing party should ensure that the conduct has ended or, at least, in the case of an improper kickback arrangement, that corrective action will be taken and the improper arrangement will be terminated within 90 days of submission to the SDP.  Additionally, all other necessary corrective action should be complete and effective at the time of disclosure. 

Requirements for All Disclosures 

The updated SDP provides a detailed explanation of what providers or entities must submit to OIG.  A few highlights of the narrative submission that must be included are: 

• A concise statement of all details relevant to the conduct disclosed, including, at minimum, the types of claims, transactions, or other conduct giving rise to the matter; the period during which the conduct occurred; and the names of entities and individuals believed to be implicated, including an explanation of their roles.
• An estimate of the damages, as described in the applicable section below, to each Federal health care program relevant to the disclosed conduct, or a certification that the estimate will be completed and submitted to OIG within 90 days of the date of submission.  When a disclosing party can determine the amount of actual damages to Federal health care programs, the actual damages amount must be provided instead of an estimate.
• A description of the disclosing party’s corrective action upon discovery of the conduct. 

Requirements for Conduct Involving False Billing 

OIG established separate requirements for disclosures involving the submission of improper claims to Federal health care programs.  In such cases, the disclosing party must conduct a review to estimate the improper amount paid by the Federal health care programs (referred to as “damages”) and prepare a report of its findings that follows the requirements in this section.  OIG will verify a disclosing party’s calculation of damages. 

The disclosing party’s estimation of damages must consist of a review of either: (1) all the claims affected by the disclosed matter or (2) a statistically valid random sample of the claims that can be projected to the population of claims affected by the matter.  A disclosing party may not extend the time to resubmit claims to Federal health care programs through the SDP; therefore, the damages estimation must not include a reduction, or “netting” for any underpayments discovered in the review. 

When using a sample to estimate damages, the disclosing party must use a sample of at least 100 items and use the mean point estimate to calculate damages.  If a probe sample was used, those claims may be included in the 100-item sample if statistically appropriate.  To avoid unreasonably large sample sizes, the SDP does not require a minimum precision level for the review of claims.  As a result, the disclosing party may select an appropriate sample size to estimate damages as long as the sample size is at least 100 items.  

As a general rule, smaller sample sizes (closer to 100) will suffice where the population has a high level of homogeneity, and larger sample sizes will be necessary where the population contains a more diverse mixture of claim types.  The disclosing party should keep in mind that a careful and complete definition of the population will assist in making accurate findings.  OIG also lists several requirements for the report (p. 7-8) and the financial review (p. 8-9) submitted by the disclosing party.  

Requirements for Conduct Involving Excluded Persons 

OIG established separate requirements for disclosures involving the employment of, or contracting with, individuals who appear on OIG’s List of Excluded Individuals and Entities (LEIE).  In addition to the general information noted above, the disclosure must provide the following information:  

1. The identity of the excluded individual and any provider identification number.
2. The job duties performed by that individual.
3. The dates of the individual’s employment or contractual relationship.
4. A description of any background checks that the disclosing party completed before and/or during the individual’s employment or contract.
5. A description of the disclosing party’s screening process (including any policy or procedure that was in place) and any flaw or breakdown in that process that led to the hiring or contracting with the excluded individual.
6. A description of how the conduct was discovered.
7. A description of any corrective action (including a copy of any revised policy or procedure) implemented to prevent future hiring of excluded individuals. 

In addition, before disclosing the employment of an excluded individual, a disclosing party must screen all current employees and contractors against the LEIE.  Once this has been done, the disclosing party should disclose all excluded persons in one submission. 

Federal health care programs may not pay, directly or indirectly, for items or services furnished, ordered, or prescribed by excluded individuals or entities.  If a disclosing party employed or contracted with an excluded person who was a direct provider, such as a physician or a pharmacist, and the items or services furnished, ordered, or prescribed by that person were separately billed to Federal health care programs, the disclosure must include the total amounts claimed and paid by the Federal health care programs for those items or services. 

OIG recognized, however, instances when an excluded individual provided items or services that are not billed separately to Federal health care programs, such as many items or services furnished by nurses, respiratory therapists, and billing and other administrative personnel, the damages amounts can be difficult to quantify.  For purposes of resolving SDP matters involving such non-separately-billable items or services, OIG uses the disclosing party’s total costs of employment or contracting during the exclusion to estimate the value of the items and services provided by that excluded individual.  

The costs of employment or contracting include, but are not limited to, all salary and benefits and other money or items of value, health insurance, life insurance, disability insurance, and employer taxes paid related to employment of the individual (e.g., employer’s share of FICA and Medicare taxes). T his total amount should be multiplied by the disclosing party’s revenue-based Federal health care program payor mix for the relevant time period. (If a disclosing party can measure the Federal payor mix for the department or unit in which the excluded person worked, it is appropriate to apply that payor mix. If the departmental payor mix cannot reasonably be measured, the disclosing party must apply the payor mix for the whole entity.)

The resulting amount will be used, for purposes of compromising OIG’s CMP authorities in a settlement, as a proxy for the amount paid and the single damages to the Federal health care programs resulting from the employment of the excluded individual. When the disclosing party is using a Federal payor mix, the disclosure must include a separate calculation for each Federal health care program.  For example, if the disclosing party’s Federal payor mix is 60 percent, the disclosure should break down how the Federal health care programs make up that 60 percent, such as 40 percent Medicare, 10 percent Medicaid State A, 5 percent Medicaid State B, and 5 percent TRICARE. 

Requirements for Conduct Involving the Anti-Kickback Statute and Physician Self-Referral Law 

Any disclosure must clearly acknowledge that in the disclosing party’s reasonable assessment of the information available at the time of the disclosure, the subject arrangement(s) constitute potential violations of the AKS and, if applicable, the Stark Law.  OIG will not accept any disclosing party into the SDP that fails to acknowledge clearly that the disclosed arrangement constitutes a potential violation of the AKS and, if applicable, the Stark Law. OIG needs to understand the precise nature of the disclosed conduct that creates potential AKS liability or both AKS and Stark Law liability.  

Therefore, the disclosing party must include in its narrative submission (not by reference to attachments or other documents) a concise statement of all details directly relevant to the disclosed conduct and a specific analysis of why each disclosed arrangement potentially violates the AKS and Stark Laws.  The description should include  

• the participants’ identities,
• their relationship to one another to the extent that the relationship affects their potential liability (e.g., hospital-landlord, referring physician-tenant);
• the payment arrangements;
• the dates during which each suspect arrangement occurred; and
• the relevant context and the features of the arrangement that raise potential AKS or both AKS and Stark Law liability.  

OIG gave several examples of the type of information it finds helpful in assessing and resolving disclosed conduct involving potential AKS and, if applicable, Stark Law violations.  These illustrations are by no means comprehensive or exclusive; rather, they reflect some common issues that have arisen in SDP submissions.  For example:  

1. How fair market value was determined and why it is now in question.
2. Why required payments from referral sources, under leases or other contracts, were not timely made or collected or did not conform to the negotiated agreement and how long such lapses existed.
3. Why the arrangement was arguably not commercially reasonable (e.g., lacked a reasonable business purpose).
4. Whether payments were made for services not performed or documented and, if so, why.
5. Whether referring physicians received payments from Designated Health Service entities that varied with, or took into account, the volume or value of referrals without complying with a Stark Law exception. Finally, the submission must describe the corrective action taken to remedy the suspect arrangement(s), as well as any safeguards implemented by the disclosing party to prevent the conduct from reoccurring. 

AKS compliance is a condition of payment of the Federal health care programs.  Under section 1128B(g) of the Act, claims that include items or services resulting from an AKS violation constitute false or fraudulent claims for purposes of the FCA.  Stark Law compliance is also a condition of payment under section 1877 of the Act.  Thus, a disclosing party must submit an estimate of the amount paid by Federal health care programs for the items or services associated with potential violations of the AKS and, if applicable, the Stark Law.  A disclosing party may use the methodology OIG provided or may identify another reliable methodology to calculate this claims-based estimate and explain that methodology in its submission.  

Consistent with OIG’s CMPL authorities, a disclosing party must include the total amount of remuneration involved in each arrangement without regard to whether the disclosing party believes a portion of the total remuneration was offered, paid, solicited, or received for a lawful purpose.  A disclosing party may also explain what it believes is the value of the financial benefit conferred under the arrangement and whether it believes any portion of the total remuneration should not be considered by OIG in determining an appropriate settlement of OIG’s CMP authorities.  Given the various legal authorities at issue, OIG has broad discretion in determining an appropriate resolution in these cases.  

For purposes of resolving SDP matters, OIG generally exercises this discretion by compromising it’s CMP authorities for an amount based upon a multiplier of the remuneration conferred by the referral recipient to the individual or entity making the referral.  While this is OIG’s general approach, their determination of the appropriate settlement amount depends on the facts and circumstances of each matter.  OIG generally uses this remuneration-based methodology in the SDP as an incentive to encourage disclosure of potential AKS violations.  OIG’s use of a remuneration-based methodology in the SDP settlement context does not govern OIG’s position in other situations, such as Government-initiated investigations, in which the Government may use any legally supportable measure of damages, multipliers, and penalties. 

Resolution 

OIG emphasized the importance of cooperation, including conducting a thorough investigation, submitting all necessary information, communicating through a consistent point of contact, being responsive to OIG requests for additional information, and being willing to pay a penalty or multiplier of damages for self-disclosed conduct.  Disclosing parties who fail to cooperate with OIG in good faith will be removed from the SDP. 

In addition, OIG will coordinate with the Department of Justice (DOJ) in both the Civil and Criminal Division on resolving SDP matters.  If OIG is the sole agency representing the Federal Government, the matter will be settled under OIG’s applicable CMP authorities.  In some cases, disclosing parties may request release under the FCA, and in other cases, DOJ may choose to participate in the settlement of the matters.  If DOJ participates in the settlement, the matter will be resolved as DOJ determines is appropriate consistent with its resolution of FCA cases, which could include a calculation of damages resulting from violations of the AKS based on paid claims.  OIG will advocate that the disclosing party receive a benefit from disclosure under the SDP and the matter be resolved consistent with OIG’s approach in similar cases. However, DOJ determines the approach in cases in which it is involved. 

OIG encouraged disclosing parties to disclose potential criminal conduct though the SDP process.  OIG’s Office of Investigations investigates criminal matters, and any disclosure of criminal conduct through the SDP will be referred to DOJ’s Criminal Division for resolution.  As in civil cases referred to DOJ, OIG will advocate that the disclosing parties receive a benefit from disclosure under the SDP. 

Disclosing parties also need to decide whether OIG’s SDP or CMS’s SRDP is the appropriate protocol to disclose potential Stark Law violations.  Both protocols should not be used for the same arrangement.  If the arrangement raises a potential violation of only the AKS or of both the AKS and the Stark Law, the arrangement should be disclosed to OIG under the SDP. If the arrangement raises a potential violation of only the Stark Law, the arrangement should be disclosed to CMS under the SRDP.  

Settlement Amounts 

While OIG does not demand an admission of liability in settlement agreements, disclosing parties should expect to pay above single damages for disclosed conduct that potentially violates Federal law.  OIG’s general practice is to require a minimum multiplier of 1.5 times the single damages, although in each case, OIG determines whether a higher multiplier is appropriate.  As a general practice, for purposes of settlement in the SDP, OIG applies this multiplier to the amount paid by Federal health care programs, not the amount claimed.  

OIG requires minimum settlement amounts for self-disclosed matters. For kickback-related submissions accepted into the SDP, OIG will require a minimum $50,000 settlement amount to resolve the matter, which is consistent with OIG’s statutory authority.  For all other matters accepted into the SDP, OIG will require a minimum $10,000 settlement amount to resolve the matter, also consistent with OIG’s authority. 

In the unusual instance when OIG determines that no potential fraud liability exists for conduct disclosed under the SDP, OIG will refer the matter to the appropriate payor for acceptance of the overpayment and no CMP release will be provided. 

In some situations, disclosing parties may be unable to pay otherwise appropriate settlement amounts.  In preparing the disclosure, disclosing parties should determine whether an inability to pay may be an issue.  If a disclosing party asserts that it cannot pay a proposed settlement amount (i.e., damages plus a multiplier or penalty amount), OIG will require extensive financial information, including audited financial statements, tax returns, and asset records.  Disclosing parties must certify to the truthfulness and completeness of the financial disclosure.  In addition to submitting the financial forms, disclosing parties should include an assessment of how much they believe they can afford to pay.  Disclosing parties should raise potential inability-to-pay issues at the earliest possible time, preferably in the SDP submission.  

If, prior to resolving an SDP matter, a disclosing party refunds an overpayment related to the same conduct disclosed under the SDP, OIG will credit the amount paid toward the ultimate settlement amount.  However, OIG is not bound by any amount that is repaid outside the SDP process.  OIG may question the methodology of the overpayment calculation, particularly if the disclosing party estimated the overpayment amount by some method other than as described in the SDP.  If OIG disputes the methodology used to calculate the overpayment, OIG may require the disclosing party to redo the review or conduct an independent damages review, which may result in a damages or overpayment amount that is higher than the disclosing party’s estimate. Moreover, even if OIG agrees with the methodology used to calculate the overpayment, the disclosing party should expect to pay a multiplier on the damages under the SDP 

FOIA Implications of Disclosure 

Disclosing parties should clearly identify any portion of their submissions that they believe are trade secrets or are commercial, financial, privileged, or confidential and therefore potentially exempt from disclosure under the Freedom of Information Act (FOIA), 5 U.S.C. § 552. Information identified as exempt must meet the criteria for exemption from disclosure under FOIA as determined by an OIG FOIA officer. Consistent with HHS’ FOIA procedures, set forth in 45 C.F.R. Part 5, OIG will make a reasonable effort to notify a disclosing party prior to any release by OIG of information submitted by a disclosing party and identified upon submission by a disclosing party as trade secrets or as commercial, financial, privileged, or confidential under the FOIA rules.  With respect to such releases, a disclosing party will have the rights set forth at 45 C.F.R. § 5.65(d).