December 8, 2022

Volume XII, Number 342


December 07, 2022

Subscribe to Latest Legal News and Analysis

December 06, 2022

Subscribe to Latest Legal News and Analysis

December 05, 2022

Subscribe to Latest Legal News and Analysis

Health and Human Services Office of Inspector General (HHS OIG) Issues Revised Self-Disclosure Protocol

OIG touts substantial benefits of disclosing, provides greater detail for different types of disclosures, and captures 15 years of OIG Self-Disclosure Protocol experience.

On April 17, the Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) posted a new Provider Self-Disclosure Protocol (SDP) as well as a related video podcast.[1] The updated SDP follows OIG's solicitation of public comments on the SDP it first issued nearly 15 years ago in October 1998. The updated SDP supersedes and replaces the 1998 guidance and subsequently issues Open Letters in their entirety. While the SDP retains many of its basic elements, some notable new features include the following:

  • Minimum settlement amounts of at least $50,000 for self-disclosures involving kickback-related submissions and $10,000 for all other disclosures to reflect minimum civil monetary penalty (CMP) amounts for such violations
  • Suspension of the obligation to report overpayments under section 1128J of the Social Security Act
  • Waiver of statute-of-limitations defenses by disclosing parties
  • Calculation of damages within 90 days of initial self-disclosure (formerly within 90 days of OIG's acceptance of submission)
  • Minimum sample size of 100 units and the use of a mean point estimate for billing-related disclosures
  • Express clarification that manufacturers may use the SDP if at least one of OIG's CMP authorities is implicated by the conduct
  • Express recognition of the various damage calculation methodologies that OIG has often used in resolving different types of disclosures (e.g., different damage calculation methodologies for excluded individual disclosures versus kickback-related disclosures)

In the updated SDP, OIG emphasizes the benefits of a self-disclosure. Specifically, OIG touts the following: (1) exclusion releases without integrity agreement obligations (all but one of the 235 SDP cases were resolved without imposing integrity obligations); (2) lower multipliers, typically 1.5 times actual damages; and (3) suspension of provider obligations under the 60-day rule for reporting and returning overpayments, pending settlement, withdrawal, or removal from the SDP. Additionally, OIG will coordinate with the Centers for Medicare & Medicaid Services (CMS) to suspend the provider's obligation to report and return overpayments until a settlement agreement is reached to resolve the self-disclosure.[2]

Significant New Changes

Streamlined Resolution Process with Expedited Timeline for Disclosing Entities

In the updated SDP, OIG acknowledges what many have experienced firsthand when submitting self-disclosures in the past—the process has sometimes been slow. OIG has worked to streamline the resolution process so that settlement is usually reached less than 12 months from acceptance of the self-disclosure. To further expedite resolution, OIG is requiring disclosing entities to complete their internal investigation and damages calculation within 90 days of an initial disclosure (i.e., preliminary disclosure), rather than within 90 days of acceptance of the disclosure. While this change should not alter OIG's statistics on how long it takes the agency to resolve self-disclosures from the time of acceptance, it will place additional time pressure on organizations that self-disclose to complete their investigations and analyses. In the past, it was not uncommon for organizations to submit a preliminary self-disclosure to OIG, with those organizations struggling to quickly complete a thorough investigation and calculation of actual or estimated damages.

The updated SDP also clarifies OIG's position that providers may not offset underpayments from overpayments. OIG notes that the SDP does not supplant procedures and time lines (e.g., reopening of determinations and timely filing requirements) for resubmission of corrected claims. The Affordable Care Act's requirement to identify and refund within 60 days of identifying an overpayment has also required disclosing parties to devote additional investigative, legal, and, as appropriate, billing department resources in the early phase of their identification of potential billing problems.

Acknowledgment of Possible Law Violations

Notably, OIG has made explicit that it will not allow self-disclosing entities to make general references to "federal laws and regulations" or the "Social Security Act" in reporting the actions giving rise to the SDP. Rather, disclosing entities will be required to acknowledge and describe with specificity the possible violation of civil, criminal, or administrative law that is the basis of the SDP. As the new protocol states, "statements such as, 'the Government may think there is a violation, but we disagree' raise questions about whether the matter is appropriate for the SDP." While this is consistent with OIG's long-standing policy that the SDP should not be used to disclose matters involving only errors and overpayments (with no CMP implications), it is a step further in terms of what OIG will now require with respect to identifying and describing the possible violation.

OIG's updated SDP will also now require, as a "condition precedent" of self-disclosure, that the disclosing parties will try to resolve all CMP liability within the law's six-year statute of limitations and will waive and not plead statute of limitations, laches, or similar defenses to any administrative action filed by OIG that is related to the disclosed conduct, except to the extent that these defenses would have been available at the time of the SDP submission.

Further, OIG notes that corrective actions "should" be implemented and misconduct should be stopped by the time of the disclosure or within 90 days of submission. This may create additional timing and resource challenges for organizations as it may compress significantly the time that is often necessary to consider appropriate compliance or other operational enhancements.

Estimates for Damages

If the disclosing party is not auditing 100% of its affected claims to estimate damages, the updated SDP requires the party to use samples consisting of at least 100 items and to use the mean point estimate to calculate damages, even if a prior probe sample was used. The likely effect of this new requirement is that more self-disclosures involving billing matters will involve samplings of 100 items to estimate damages. Use of the mean point estimate allows OIG to dispense with minimum precision levels for the sample. The SDP also provides additional details on the calculation of damages and personnel that the disclosing party is required to use to prepare the assessment. Any prior refund of the calculated or estimated overpayment involved in the self-disclosure will be credited as part of an SDP settlement.

Excluded Person Self-Disclosures

A high percentage of prior self-disclosures received by OIG have related to the employment of excluded persons. The updated SDP provides additional details regarding such excluded person self-disclosures, with a goal of expediting resolution. One of the thorniest issues in those self-disclosures relates to calculating federal program damages related to excluded persons, particularly individuals who are not direct providers who bill, such as physicians. For excluded persons who furnish items or services that are not billed separately to federal healthcare programs (e.g., a nurse involved in furnishing items billed under a bundled or prospective payment system), regardless of whether the entity files cost reports or other statements, the SDP clarifies that it will use the total cost of employment or contracting as a proxy to estimate the value of the items and services provided by the excluded individual. While this approach embraces a legal fiction (that this cost will approximate the amount federal healthcare programs paid for the items and services furnished by the excluded individual), this settlement approach has been used by OIG for some years to resolve such matters.

Anti-Kickback Statute and Stark Law Self-Disclosures

The SDP now provides more extensive details on what it expects to see in Anti-Kickback Statute (AKS) and Stark Law self-disclosures. Specifically, OIG wants more details on the underlying arrangements, more context, and more legal analysis by disclosing parties. In its updated SDP, OIG also takes the opportunity to stress that AKS compliance is a condition of payment of the federal healthcare programs (a legal conclusion that was hotly disputed until the Social Security Act was amended in 2010 by section 6404 of the Affordable Care Act). Although the AKS is a criminal statute, the SDP now requires a clear acknowledgment from disclosing parties that in their "reasonable assessment of the information available at the time of the disclosure, the subject arrangement(s) constitute potential violations of the AKS and, if applicable, the Stark Law." OIG also acknowledges that "[g]iven the various legal authorities at issue, OIG has broad discretion in determining an appropriate resolution in these cases," noting that it "generally" settles for an amount "based upon" a multiplier of the remuneration conferred to the source of referrals. The SDP also cautions that exercise of such discretion does not govern OIG's position in other government-initiated investigations where it may assert that damages are based upon the amount of program payment and not the amount of the alleged kickback.

[1]. View the updated SDP here and the video podcast here.

[2]. CMS expects to issue a final rule on the reporting and refunding of identified overpayments (implementing section 1128J(d) of the Social Security Act) and expects to include a provision for staying of this obligation.

Copyright © 2022 by Morgan, Lewis & Bockius LLP. All Rights Reserved.National Law Review, Volume III, Number 109

About this Author

Howard Young, Morgan Lewis, Healthcare lawyer

A nationally recognized leader in healthcare fraud and abuse and regulatory issues, Howard J. Young leads the Morgan Lewis healthcare practice and co-leads the healthcare industry initiative where he advises a range of healthcare clients on government investigations, regulatory, and transactional matters. Healthcare organizations turn to Howard to address their most critical legal, compliance and strategic business issues and to assist with internal and government investigations and self-disclosures. Howard regularly advises investors, including private equity firms, on...

Albert Shay, Morgan Lewis, Healthcare attorney

Albert W. Shay focuses his practice on counseling healthcare companies of all types on regulatory, fraud and abuse, Stark law, Medicare reimbursement, and transactional matters. Al devotes a substantial portion of his practice to corporate compliance issues, including internal and government investigations, and has experience representing clients before regulatory agencies such as the Centers for Medicare and Medicaid Services (CMS), the US Department of Health and Human Services’ Office of Inspector General, and the Provider Reimbursement Review Board.

Holly Barker, Healthcare Attorney, Morgan Lewis

Holly C. Barker counsels clients on US federal and state healthcare fraud and abuse enforcement and regulatory matters, primarily defending companies in False Claims Act (FCA) actions. Holly represents pharmaceutical and medical device manufacturers, hospital systems, long–term care facilities, clinical laboratories, physicians, and senior healthcare executives in complex criminal, civil and administrative fraud and abuse matters before US Attorneys’ Offices, the HHS Office of Inspector General, and state MFCUs.