July 3, 2020

Volume X, Number 185

July 02, 2020

Subscribe to Latest Legal News and Analysis

July 01, 2020

Subscribe to Latest Legal News and Analysis

June 30, 2020

Subscribe to Latest Legal News and Analysis

Healthcare Providers: When In Doubt, Self-Report!

Did you know that failing to report and return discovered overpayments to Medicare or Medicaid within 60 days can lead to False Claims Act liability and potentially $11,000 in penalties for claims left unreported or unreturned? Did you know that federal law gives financial incentives for disgruntled employees to report any violations of healthcare law to the government? Protect your organization from this liability by understanding the Voluntary Self-Disclosure Protocol.

The False Claims Act (“FCA”)1 imposes liability on healthcare providers who:

  • knowingly2 present to Medicare or other governmental healthcare programs, a false or fraudulent claim3 for payment or approval; or
  • knowingly make, use, or cause to be made or used, a false record or statement to get a false or fraudulent claim paid or approved by a healthcare program.4

If an overpayment is made, the Patient Protection and Affordable Care Act (“PPACA”)5 passed in 2010 mandates that a medical provider give written notice to the government as to why the overpayment occurred and return the overpayment within 60 days of discovery by the healthcare provider. Should the overpayment report and return not occur within 60 days of discovery, the healthcare provider faces large penalties under the FCA. FCA violations sometimes warrant monetary penalties up to $11,000 per violation plus treble damages.6

The FCA also gives monetary incentives for individuals to file suit on behalf of Medicare, Medicaid, and other governmental healthcare entities to report any such fraud. These actions are known as qui tam suits. Individuals filing qui tam suits stand to recover a percentage of damages assessed against the liable party—the healthcare provider. Individuals bringing qui tam suits span the range of former and current employees, former business associates, competitors, and patients.

Violating the FCA can result in significant civil and criminal penalties and exclusion from participating in Medicare or other governmental healthcare programs.

If you are concerned that your organization has violated the FCA or other federal healthcare laws, your window of opportunity is short. To avoid or minimize liability, providers must self-report. Not only does the PPACA mandate disclosure, but voluntary disclosure shows a commitment to integrity and responsibility for this conduct and it becomes a factor considered by the government in determining charging and sentencing for a liable organization. Self-disclosure also gives healthcare providers the opportunity to avoid the costs and disruptions associated with government-directed investigations and litigation.7

Healthcare Providers Have Notice of Disclosure Requirements

The government has put healthcare providers on notice that self-reporting is not just preferred, but is expected. In a series of “Open Letters to Healthcare Providers,” the Department of Health and Human Services’ Office of Inspector General (“OIG”) encourages healthcare providers to self-disclose conduct that violates the healthcare laws and attempt to resolve these violations. Starting as early as 1997 and bolstering its directive in the following years, the OIG aggressively promotes self-disclosure to resolve liability for healthcare fraud.

Factors to Consider in Making a Voluntary Disclosure

Before self-disclosure can occur, a rigorous internal investigation must be conducted. The internal investigation must detail the organization’s compliance program, the triggering events, and finally, the results of the investigation. After the internal investigation is completed, the organization must evaluate the pros and cons of self-disclosure.


  • While voluntary self-disclosure may factor into the government’s decision to bring charges or weigh in determining the amount of civil penalties assessed against providers, it will not insulate providers from liability by a different governmental entity—i.e. disclosure to OIG does not preclude actions by the Department of Justice (“DOJ”) or private litigants pursuing qui tam suits.
  • Documents provided to a government agency lose any claim of privilege and once disclosure is made, continued cooperation and disclosure is expected until the issue is completely resolved. Cooperation often includes waiving attorney-client and work product privileges.8


  • Employees may withhold information during the internal investigations to bring a future qui tam actions, and if a qui tam plaintiff is an “original source of information,” the plaintiff can still bring suit under the FCA regardless of an organization’s disclosure.9 Making full disclosure, however, will reduce the risk of qui tam suits even if it may not bar them altogether.
  • The OIG stated that it will disclose any cooperation and self-disclosure to the DOJ. 
  • Resolution through disclosure and cooperation can help providers avoid more serious criminal and civil penalties, including exclusion from continued participation in Medicare, Medicaid, and other healthcare programs. 
  • Providers will be able to control information. To have an initial chance to review internal records, consult with general and outside counsel, and present your case to the OIG or DOJ with the appropriate documentation, will serve the organization better. This will allow providers to revise internal procedures and correct any mistakes to potentially limit liability. 
  • Participating in the SDP may subject your organization to lower monetary damages.10

If disclosure is recommended after considering these factors, the organization should report these results and the details of how the internal investigation was conducted to the government. The internal investigation report submitted to the government must:

  1. Locate the possible causes of the problem; 
  2. Describe how this problem arose; 
  3. Identify the employees (including management) who participated in the problem or should have detected it but failed to do so; 
  4. Detail the problem’s impact on quality of care; and 
  5. Describe any disciplinary and corrective measures taken.11


(1) 31 U.S.C. §§ 3729-3733. 

(2) To act “knowingly” and suffer liability under the FCA, the health care provider must have (1) actual knowledge of the information; (2) act in deliberate ignorance of the truth or falsity of the information; or (3) act in reckless disregard of the truth or falsity of the information. Further, no specific intent to defraud is required to find liability. 

(3) To be “false” or “fraudulent” the claim, record, or statement must be factually or legally false. A false claim is a request or demand for payment submitted to the government for services provided that were not in accordance with program requirements, or for services that were not provided at all. 31 U.S.C. §3729(a). 

Proving falsity requires showing that a healthcare provider submitted an incorrect description of goods or services provided, and requested payment from the government for such goods. To be legally false requires either an express false certification of compliance with a statute or regulation as a condition to payment, or an implied false certification. An express false certification will result in liability when payment of the claim is conditioned on certification of compliance with a specific requirement in a contract or with a statute or regulation. An implied false certification claim is based not on a health care provider’s actual affirmative certification of compliance, but instead occurs when the act of submitting a claim for reimbursement itself implies compliance with governing federal rules that are a precondition to payment. 

(4) 31 U.S.C. § 3729(a). 

(5) Pub. L. No. 111-148, § 6402(d)(3). 31 U.S.C. § 3729(b). 

(6) For more information on the PPACA and FCA, refer to http://www.dinsmore.com/ppaca_increases_qui_tam_suits_under_fca/  

(7) http://oig.hhs.gov/compliance/self-disclosure-info/index.asp

(8) The government may not insist on waivers of attorney-client or work product privileges, but whether a provider chooses to disclose such information factors into the government’s decision to aggressively pursue certain information and can benefit the provider in having the matter resolved faster. For example, if a provider gives the government copies of interviews it already conducted, this will save the government time and resources and allow the parties to come to a quicker resolution. 

(9) 31 U.S.C. § 3730(e)(4). 

(10) Apr. 24, 2006 Open Letter to Health Care Providers. 

(11) Leniency on personnel who either violated the law or failed to discover the violation may be viewed as a failure of the compliance program.

© 2020 Dinsmore & Shohl LLP. All rights reserved.National Law Review, Volume I, Number 345


About this Author

D Michael Crites, white collar criminal defense lawyer, Dinsmore Shohl, law firm

D. Michael Crites’ practice focuses exclusively on white collar criminal defense and complex business litigation. As the former United States Attorney for the Southern District of Ohio and an Assistant United States Attorney for the Southern District of Ohio, he has years of grand jury and litigation experience in federal court and regularly litigates and negotiates global settlements of criminal, civil and regulatory matters on behalf of corporations and businesses throughout the United States. He also serves as Special Counsel to the Ohio Attorney General.

Stacey A. Borowicz, Regulatory, Health care industry, attorney, Dinsmore Shohl,

Stacey Borowicz is an accomplished attorney who dedicates the majority of her business and regulatory practice to health care providers. Stacey brings with her more than a decade of front line experience in the health care industry as she acquired a rare set of skills as a medical researcher/scientist prior to entering the practice of law.

Stacey's experience in the healthcare representation is diverse and includes Medicare/Medicaid audit and overpayment appeals, voluntary disclosures and refunds. Stacey also brings a wealth of experience in regulatory compliance (HIPAA, Stark, anti-kickback, anti-markup rule), analyses, investigations and mitigation. Additionally, healthcare clients look to Stacey for advice on joint ventures (including hospital-physician joint ventures), mergers, acquisitions and employment-related transactions.