The Department of Health and Human Services is making it easier for healthcare providers and drug and medical device companies to self-report instances of fraud in hopes enforcement agencies will go easier on them.  

The DHHS published updated guidance this month offering more clarity on how to self-disclose potential fraud and abuse involving federal healthcare programs. The updated Provider Self-Disclosure Protocol (SDP), issued April 17 by the department's Office of Inspector General, replaces the SDP first published in 1998.

“What is most significant [about the guidance] is that it pulls together in one location all of the processes and approaches for self disclosure that OIG has adopted over the last 15 years,” says Howard Young, a partner in the healthcare practice at law firm Morgan Lewis and former deputy branch chief at the OIG. 

The OIG has long touted the benefits of self disclosure. By voluntarily reporting potential fraud, companies are able to “work collaboratively with the government toward a resolution,” Tony Maida, OIG's deputy chief of the administrative and civil remedies branch, said when announcing the new protocol. “That provider is in a very different position than one who is under investigation because of a whistleblower complaint or other lead.”

According to the OIG, those who are eligible to use the new SDP process include healthcare providers, pharmaceutical and medical device suppliers, or other individuals or entities who are subject to OIG's Civil Monetary Penalty (CMP) authorities. “The SDP is not limited to any particular industry, medical specialty, or type of service,” the SDP reads.

Matters involving over-payments or errors should not be disclosed through the SDP. Additionally, the SDP is not for issues that are exclusively Stark Law violations, which must be processed through the CMS Self-Referral Disclosure Protocol, according to the guidance. The Stark Law prohibits physicians from making referrals of certain health services for Medicare and Medicaid patients if the physician or an immediate family member has a financial relationship with that entity.

The updated SDP further spells out certain eligibility requirements to participate in the self-reporting program. Disclosing companies must agree to waive the statute of limitations or similar defenses to any administrative action that the OIC could file, for example, before they can earn credit for self reporting. Disclosing companies must further “acknowledge” that the conduct constitutes a potential violation of federal criminal, civil, or administrative laws and specifically identify which laws were potentially violated.

According to the OIG, failure to acknowledge the potential violation may result in the rejection of a submission. “Incomplete submissions may be rejected and may otherwise delay our review process,” said Maida. He also called on participating companies to respond promptly to requests for more information. “We need, and expect, your cooperation in reaching a resolution efficiently,” he urged.

Companies may use the SDP even if they are already subject to a government inquiry, so long as the disclosure is made in good faith, the revised SDP stated. The OIG also noted that parties that are already subject to a corporate integrity agreement are also able to use the SDP process.

The new guidance also makes explicit that a disclosing party should disclose conduct for which it may be liable, including successor liability as a result of a merger or acquisition.

Shortened Timeframe

The updated SDP clarifies many of the OIG's existing policies and procedures and also makes a few significant changes. For one, the new guidance compresses the timeframe for disclosing parties to complete an internal investigation and calculate damages to 90 days following an initial submission, rather than within 90 days from the OIG's acceptance of the disclosure.

“What I think is most significant is that it pulls together in a one-stop shop location all of the processes and approaches for self disclosure that OIG has adopted over the last 15 years.”

—Howard Young,

Partner,

Morgan Lewis

The shortened timeframe will likely create additional timing and resource challenges for companies. “Entities considering self disclosure are going to have to get their ducks in a row earlier on, meaning more significant investment of audit and legal compliance sources at the front end,” Young says.

The new guidance makes it more important for companies to put in place a system for dealing with the discovery of fraudulent activity long before it happens. “Having your compliance officer, legal team, and operations folks come together quickly and identify the external resources available to them and then moving forward is going to be key in being able to meet that timeframe,” agrees Kenya Woodruff, of counsel in the healthcare practice group of Haynes and Boone.

To ensure a smooth resolution process, “think carefully about the timing of a disclosure to avoid disclosing prematurely,” advised Maida. “Your internal investigation and damages calculation either needs to be finished, or you need to commit to being done within three months of your submission.”

The SDP also provides greater clarification on how to calculate damages for improper claims, disclosures related to the employment of—or contracting with—excluded individuals and entities, and disclosures for violations of the Anti-Kickback Statute.

The updated SDP also imposes new minimum settlement amounts for self-disclosed matters. To resolve self disclosures involving a potential anti-kickback violation, the OIG will require a minimum settlement of $50,000, and a minimum settlement of $10,000 for all other disclosures.

The new SDP also adds a requirement that participating companies include a description of corrective action taken on discovery of the potentially fraudulent conduct and adds a new requirement that they identify an individual authorized to enter into a settlement agreement on the company's behalf.

Pros and Cons of Self Disclosure

The SDP also lists several incentives that result from full cooperation including:

TIPS FOR SUCCESS IN THE OIG SDP

Below are some tips on how to successfully navigate the OIG's self-disclosure protocol.

Follow ALL the requirements in the Federal Register AND the 2008 Open Letter in your written submission. Common mistake = missing contractor information.

Mail it to the address in the Federal Register: Assistant IG for Investigative Operations, HHS/OIG, 330 Independence Ave, SW, Room 5409, Washington, D.C. 20201

Don't disclose prematurely. Your investigation and damages audit either needs to be completed or you commit to completing within three months after acceptance.

Provide a complete description of the conduct and investigation:

What happened?

What is the time period?

Why did it happen?

Why is there potential legal liability for the conduct?

Who was involved?

How was the conduct discovered?

What corrective actions have been taken?

Identify the fraud laws at issue. Just “Federal laws, rules, and regulations” or “the Social Security Act” is not sufficient.

Pay attention to the sampling requirements in the Protocol at Section V.

Stark-only conduct that does not also have a colorable kickback claim is not eligible for OIG's protocol. CMS has created its own disclosure protocol for Stark-only conduct: http://www.cms.gov/PhysicianSelfReferral/

Expect that disclosure will result in a settlement agreement for an amount that is a multiplier of damages. Simple overpayments are not appropriate for the SDP.

Full cooperation is essential.

Source: HHS.

·         A lower settlement amount. Even though the OIG may assess civil penalties up to three times the single damages amount for violations, the OIG said it will typically impose a reduced multiplier of one and a half times the damages amount for disclosed violations.

·         The absence of a corporate integrity agreement. Such agreements typically are used in enforcement actions brought by the OIG and can be incredibly costly for companies to implement. In the 235 cases settled through the SDP since 1998, only one settlement imposed ongoing integrity measures.

·         A speedier resolution process. By streamlining its process, the OIG usually reaches a settlement resolution less than 12 months from acceptance of the self disclosure.

Disclosing parties should be aware, however, that any cases involving the Department of Justice, such as False Claims Act cases, will be resolved as the Justice Department sees fit, not necessarily within the confines of the SDP. “The plan is for all disclosures to end in a settlement agreement, either a FCA settlement with the Department of Justice and OIG, or a civil monetary penalty settlement with OIG,” said Maida.

Those deciding whether to self-disclose will need to weigh this factor carefully before electing to use the SDP. “For a compliance officer, that means there may well be additional pressure to not just find and fix an issue, but also to determine whether to report and disclose an issue to the government,” says Young.

Another factor to consider is that “you may to some extent be waiving attorney-client privilege in the process of self disclosing,” says Woodruff. While OIG has said there will be efforts to maintain that confidentiality, “that's something to keep in mind.”

“We recognize that disclosing issues to the government is not an easy decision,” Maida concluded. “But when you disclose a problem in good faith, you're demonstrating that your organization has embraced a culture of compliance and is committed to dealing with federal healthcare programs with integrity.”

Websites

We are not responsible for the content of external sites