CMS Medicare Self-Referral Disclosure Protocol

The Centers for Medicare and Medicaid Services (CMS) published the Medicare Self-Referral Disclosure Protocol (SRDP) pursuant to Section 6409(a) of the Patient Protection and Affordable Care Act (ACA). According to CMS, “[t]he SRDP sets forth a process to enable providers of services and suppliers to self-disclose actual or potential violations of the physician self-referral statute [Stark law].

The Stark law is designed to contain Medicare costs by preventing physicians from enriching themselves through referrals for services or to hospitals in which they have a financial stake. The law states that all Medicare money paid to a doctor under a noncompliant contract must be returned, even if it’s only a technical violation of the Stark law. Section 6409(b) of the ACA provides incentive for self-disclosure by giving the Secretary of Health and Human Services the authority to reduce the amount due for violations of the Stark law.

According to Modern Healthcare, “[a]t least 250 healthcare companies have self-reported wrongdoing involving the Stark law since the CMS’ Self-Referral Disclosure Protocol was authorized . . . So far, 29 hospitals have settled cases for a total of $3.3 million, averaging $114,000 per settlement. In response to a request under the Freedom of Information Act, the CMS released to Modern Healthcare copies of the first 11 settlements under the program. The documents support anecdotal accounts that the program is knocking down potentially large penalties to relatively modest amounts.”

The SRDP requires health care providers of services and suppliers to submit all information necessary for CMS to analyze the disclosed actual or potential violation of the physician self-referral law. Health Lawyers Weekly encouraged providers considering use of the SRDP to carefully review the SRDP itself, as well as all frequently asked questions (FAQs), to determine whether the SRDP is the appropriate path for resolving liability.

On October 21, 2013, to assist providers of services and suppliers to submit all information necessary and relevant to CMS’ analysis, CMS published an updated, consolidated list of its responses to 13 FAQs regarding the SRDP. The questions fall into four categories and are listed below. Questions related to these FAQs, or the SRDP, should be directed to the CMS Physician Self-Referral Call Center at (410) 786-4568.

FAQs on General Disclosure Issues

1. What is the preferred format for the initial submission to the CMS Voluntary Self-Referral Disclosure Protocol (SRDP)? Are examples of acceptable submissions available to the public?

   There is no preferred format for submissions to the SRDP. CMS accepts submissions under the SRDP that contain the required information, regardless of the format. However, disclosing parties should ensure that electronic submissions are in a readable format, such as Microsoft Word, Microsoft Excel, or PDF.

   At this time, CMS does not intend to provide examples or redacted copies of submissions to the public.

2. When preparing a submission to CMS under the CMS Voluntary Self-Referral Disclosure Protocol (SRDP), how much information should a disclosing party include and does CMS require the submission of compliance program documents, valuation opinions, and other supporting documents?

   Section IV.B.1.a-h of the SRDP requests information related to the description of the actual or potential violation. A disclosing party may include as much information as it deems necessary to show the severity and extent of the noncompliant conduct and how the noncompliant conduct was cured or the arrangement was otherwise brought into compliance with the law. The disclosing party may provide any additional information that it believes CMS should be aware of for settlement purposes, including pending sale, financial hardship, and rural provider status.

   A disclosing party may include in its submission to the SRDP any information regarding its compliance program, institutional history and mission, and compensation determinations that it believes CMS should be aware of when reviewing the disclosure and determining the appropriate reduction of the total amount due and owing to Medicare, if any. Disclosing parties are encouraged to be brief in their explanations and to include relevant supporting documents. However, a disclosing party’s submission of complex financial or other information supporting its assertions or conclusions should include a sufficient explanation of relevance.

   CMS does not require a disclosing party to submit copies of compliance programs, valuation opinions, or other supporting documents. However, CMS does request that disclosing parties submit copies of contracts used to bring a financial arrangement into compliance with the physician self-referral law, if applicable. Disclosing parties should be aware that CMS may request additional documentation if necessary to facilitate CMS’ review of a disclosure.

3. What type of narrative and/or documentation, if any, should a disclosing party include with a submission under the CMS Voluntary Self-Referral Disclosure Protocol (SRDP) to demonstrate that the arrangement at issue in the disclosure is currently in compliance with the physician self-referral law?

   As indicated in section IV.B.1 of the SRDP, a disclosing party should provide to CMS information sufficient to demonstrate that the disclosed noncompliant arrangement was terminated or otherwise brought into compliance with the physician self-referral law. If formal documentation (such as a written contract) was necessary to bring a noncompliant arrangement into compliance with the physician self-referral law, then the disclosing party should submit that documentation. Disclosing parties are reminded that CMS may require additional information or documentation to complete its review of disclosures under the SRDP.

4. In a settlement under the CMS Voluntary Self-Referral Disclosure Protocol (SRDP), what is the scope of the release provide to disclosing parties?

   Under the CMS Voluntary Self-Referral Disclosure Protocol (SRDP), CMS may release the disclosing party from administrative liabilities and claims under section 1877(g)(1) of the Social Security Act (the Act). Settlements under the SRDP do not include releases for any other section of the Act, or other laws or regulations.

   Sections 1877(g)(3) and (g)(4) of the Act are authorities of the Department of Health & Human Services Office of Inspector General (OIG). The OIG is not a signatory to settlement agreements entered into under the SRDP. Similarly, the Federal Anti-kickback Statute and the False Claims Act are authorities belonging to the OIG and the Department of Justice, respectively. Liability under those laws is not released under the SRDP. Disclosing parties seeking a release of liability under other authorities should contact the appropriate law enforcement agency.

   FAQs related to the Required Financial Analysis

5. How is the “look back” period defined for purposes of disclosing actual or potential violations of the physician self-referral law under the CMS Voluntary Self-Referral Disclosure Protocol (SRDP)?

   Section IV.B.2.a of the SRDP defines the “look back” period as the time during which the disclosing party may not have been in compliance with the physician self-referral law. In accordance with section IV.B.1.b of the SRDP, each submission must specify the time period(s) the disclosing party’s arrangement may have been out of compliance with the physician self-referral law. Disclosing parties should also submit any supporting documentation regarding the identified dates of noncompliance and any cure of the noncompliance. We note that the period of noncompliance may be different from the time frame established for reopening determinations at 42 C.F.R. § 405.980(b). The disclosing party must specify the duration of any period of noncompliance, even when the period of noncompliance exceeds the time frame established for reopening determinations under 42 C.F.R. § 405.980(b).

6. Can a disclosing party submit a financial analysis that sets forth the total amount actually or potentially due and owing that is limited to the time frame established under the reopening regulations at 42 C.F.R. § 405.980(b) for actual or potential violations of the physician self-referral law disclosed under the CMS Voluntary Self-Referral Disclosure Protocol (SRDP)?

   Yes. A disclosing party will satisfy section IV.B.2.a of the SRDP by submitting a financial analysis setting forth the total amount actually or potentially due and owing for claims improperly submitted and paid within the time frame established for reopening determinations at 42 C.F.R. § 405.980(b). The disclosing party should calculate the applicable time frame, beginning with the date of claim payment and ending on date of submission of the disclosure to the SRDP. The disclosing party must also satisfy the other disclosure requirements of section IV.B.2 of the SRDP.

7. Can the time frame established under the reopening regulations at 42 C.F.R. § 405.980(b) limit the reporting requirement for the total amount of remuneration a physician received as a result of the actual or potential violation of the physician self-referral law disclosed under the CMS Voluntary Self-Referral Disclosure Protocol (SRDP) ?

   Yes. A disclosing party will satisfy section IV.B.2.c of the SRDP by disclosing the total amount of remuneration received by a physician as a result of the disclosed actual or potential violation based upon the time frame established for reopening determinations at 42 C.F.R. § 405.980(b). The disclosing party must also satisfy the other disclosure requirements of section IV.B.2 of the SRDP.

8. How does the obligation of a provider or supplier of services to report and return overpayments established by Section 6402(a) of the Affordable Care Act apply to disclosures of actual or potential or violations of the physician self-referral law under the CMS Voluntary Self-Referral Disclosure Protocol (SRDP) in the context of the reopening regulations at 42 C.F.R. § 405.980(b)?

   On February 16, 2012, CMS published a proposed rule (77 FR 9179) to implement this new statutory provision requiring providers and suppliers of services to report and return overpayments by the later of the date which is 60 days after the date on which the overpayment was identified or the date on which any corresponding cost report is due, if applicable. The rule also proposes certain changes to the reopening regulations. However, until the proposed rule is finalized, providers and suppliers of services disclosing actual or potential violations of the physician self-referral law under the CMS Voluntary Self-Referral Disclosure Protocol (SRDP) may perform the financial analyses required under section IV.B.2 of the SRDP using the applicable time frame and requirements for reopenings established in the existing reopening regulations at 42 C.F.R. § 405.980(b).

   FAQs related to Change of Ownership Issues

9. If a provider goes through a change of ownership, should the seller or the purchaser submit a disclosure under the CMS Voluntary Self-Referral Disclosure Protocol?

   Liability for overpayment refunds lies with the entity that is currently the party to the relevant Medicare provider agreement, regardless of when the noncompliance occurred. Therefore, the correct party to disclose noncompliance with the physician self-referral law under the SRDP depends on whether the purchaser accepted assignment of the seller’s Medicare provider agreement.

   If the purchaser accepted assignment of the seller’s Medicare provider agreement, the purchaser is liable for a Medicare overpayment (regardless of any contractual obligations of the seller and purchaser to the contrary) and is the correct party to submit a disclosure under the SRDP.

   If the purchaser did not accept assignment of the seller’s Medicare provider agreement, the seller is the correct party to submit a disclosure under the SRDP.

   However, if the purchaser did not accept assignment of the seller’s Medicare provider agreement, but the noncompliance continued after the change of ownership and the purchaser billed Medicare for designated health services provided under its Medicare provider number, the purchaser may also be in violation of the physician self-referral law and should consider whether a disclosure under the SRDP is appropriate.

10. If a purchaser takes assignment of a Medicare provider agreement from a seller who disclosed actual or potential noncompliance with the physician self-referral law under the CMS Voluntary Self-Referral Disclosure Protocol (SRDP) before the change of ownership, must the purchaser resolve the disclosure under the SRDP?

    No. Beginning on the effective date of the change of ownership, the purchaser is liable for overpayments related to noncompliance with the physician self-referral law that occurred prior to the change in ownership because the purchaser took assignment of the Medicare provider agreement. However, a party’s participation in the CMS Voluntary Self-Referral Disclosure Protocol is voluntary. The purchaser may decide whether to (1) resolve the disclosure under the SRDP, (2) withdraw the disclosure if it determines that a violation of the physician self-referral did not occur, or (3) withdraw the disclosure and repay the full amount of the overpayment to Medicare.

    If the purchaser elects to resolve the disclosed conduct under the SRDP, the purchaser must certify to CMS that to the best of the purchaser’s (or an authorized representative of the purchaser) knowledge, the information disclosed under SRDP is truthful, and is based on a good faith effort to bring the matter(s) disclosed to the attention of CMS for the purpose of resolving any potential liability under to the physician self-referral law for the matters disclosed. The purchaser must also acknowledge that it took assignment of the relevant Medicare provider agreement from the seller and agree to substitute itself as the disclosing party under the SRDP in a good faith effort to resolve any potential liability under the physician self-referral law.

11. Which party receives a release from section 1877(g)(1) of the Social Security Act if a purchaser takes assignment of a Medicare provider agreement from a seller that disclosed a violation of the physician self-referral law under the CMS Voluntary Self-Referral Disclosure Protocol (SRDP) before the change of ownership?

    Liability for an overpayment arising from noncompliance with the physician self-referral law lies with the entity that is the current party to the relevant Medicare provider agreement, regardless of when the noncompliance occurred. Therefore, only the entity that is a party to the relevant Medicare provider agreement at the time of settlement under the SRDP will receive a release of section 1877(g)(1) of the Social Security Act.

    FAQs related to Law Enforcement Interactions

12. Under the CMS Voluntary Self-Referral Disclosure Protocol (SRDP), should a disclosing party inform CMS of a contemporaneous disclosure to the Department of Health & Human Services Office of Inspector General (OIG) of arrangements related to, or involving the same parties as, the SRDP disclosure?

    Yes. Under Section IV.B.1.e of the SRDP, disclosing parties should include a statement identifying whether the disclosing party has a history of similar conduct, or has any prior criminal, civil, or regulatory enforcement actions (including payment suspensions) against it. Under this section of the disclosure, disclosing parties should inform CMS of a contemporaneous disclosure under the OIG’s Provider Self-Disclosure Protocol (SDP) that involves arrangements related to, or involving the same parties as, the SRDP disclosure.

    Disclosing parties are reminded to consult Section III (Cooperation with OIG and the Department of Justice (DOJ)) of the SRDP. In cases where the conduct implicates and potentially violates both the physician self-referral law and the Federal Anti-kickback Statute, the matter should be disclosed only to the OIG’s SDP. The disclosing parties should not disclose the same conduct under both CMS’ SRDP and the OIG’s SDP.

    For those parties that currently have corporate integrity agreements (CIAs) or certification of compliance agreements (CCAs) with OIG, the parties should comply with any disclosure or reportable event requirements under such agreements and should disclose this information in their submission to CMS as instructed in Section IV.B.1.e of the SRDP.

13. What procedures are in place to ensure that the government does not recover duplicate overpayments where a party discloses conduct under both the CMS Voluntary Self-Referral Disclosure Protocol (SRDP) and the Department of Health & Human Services Office of Inspector General (OIG) Provider Self-Disclosure Protocol (SDP), and the violations involve the same parties but different arrangements covering the same time period?

    Disclosing parties should notify CMS of a disclosure under the OIG’s SDP of related conduct to that disclosed under the SRDP. CMS will coordinate with OIG to appropriately resolve the disclosed conduct.