Important Clarifications on Self-Disclosure for Health Care Providers
On April 15, 2008, an important addendum to the Provider Self-Disclosure Protocol (SDP) was issued in the form of an Open Letter to Health Care Providers (the Open Letter).
A Look Back
Since the unveiling of the original SDP in 1998, the Department of Health and Human Services, Office of Inspector General (OIG), has gradually bolstered and clarified its policies for voluntary reporting of fraudulent conduct that affects federal health care programs. The last such expansion took place in April 2006, when the OIG issued an Open Letter encouraging providers to disclose improper arrangements under the physician self-referral (Stark) law (42 U.S.C. § 1395nn). The 2006 Open Letter also announced the OIG’s intention to settle self-disclosure cases at the low end of the damages continuum. Consistent with this tradition, the 2008 Open Letter attempts to promote greater participation in the SDP by providing additional assurances.
Refinements to the SDP
The Open Letter does four main things to refine and clarify the SDP. First, it compresses the phases in the SDP process. Second, it mandates that the provider complete its investigation and damages assessment in a timely fashion. Third, the OIG clarified what conduct is eligible for the SDP process. Finally, the Open Letter encourages providers to implement an effective compliance program by stating that providers demonstrating effective compliance measures will not be required to enter into one of OIG’s onerous Corporate Integrity Agreements.
The first refinement of the SDP clearly indicates that the OIG is requiring more information from providers at the outset. The original SDP lists the following five steps for self-disclosure:
- Initial Self-Disclosure Submission,
- Investigation and Report,
- Monetary Impact Report,
- OIG Verification and Validation, and
- Negotiation of Resolution.
The 2008 Open Letter compresses steps one through three. It specifically requires providers to submit the following information with the initial self-disclosure submission:
- complete description of the conduct being disclosed,
- description of provider’s internal investigation,
- an estimate of damages and the calculation methodology, and
- a statement of the laws violated by the conduct.
The front-loading of the SDP process places a heavy burden on health care providers to conduct a timely and accurate investigation that fully analyzes the improper conduct. Providers who desire to use the SDP should conduct the first three steps of the SDP and submit the initial submission to OIG timely.
The second refinement of the SDP is the OIG’s emphasis on a timely resolution of any liability. To this end, the OIG claims that it has streamlined its internal processing. In turn, it requires providers to complete the balance of their investigation and damages assessment within three months after the initial submission and acceptance into the SDP. Further, a failure to provide timely responses to OIG requests for additional information may result in removal from the SDP.
The third refinement, and perhaps the most important, is the OIG’s clarification that self-disclosure under the SDP is limited to instances where fraud against the federal health care programs is implicated. The OIG’s Open Letter in 2006 on Stark self-disclosure left many providers wondering when to use the SDP and when to simply adjust billing errors or overpayments. This recent Open Letter makes it clear that mere billing errors and overpayments are not to be resolved through the SDP process. Health care providers should consult counsel to assist with assessing the difference between violations that should be disclosed using the SDP and those that should be adjusted using an appropriate claims-process entity.
The final refinement by the OIG encourages providers to implement effective compliance programs. The Open Letter states that complete disclosure submissions, quick responses to OIG inquiries, and accurate audits are strong indications of robust compliance programs. Thus, providers making self-disclosures that satisfy these requirements will not be required to enter into Corporate Integrity Agreements as they had been in the past. Corporate Integrity Agreements are extremely onerous and tie a provider to regular reporting and benchmark requirements. Corporate Integrity Agreements typically require the OIG to be extremely involved in the provider’s compliance program and the OIG often exerts rigorous oversight. In the absence of this additional supervision, the OIG hopes to expedite the SDP.
Deciding when, and to whom, to make a self-disclosure is often the most difficult ethical and business decision a health care provider will face. Self-disclosure can be an important part of a working relationship with government regulators, but it can also be an expensive and disruptive undertaking for the health care provider. Providers should consult an attorney to:
- discuss whether or not a self-disclosure is warranted,
- conduct or advise about the provider’s internal investigation, and
- review a provider’s existing compliance program for efficacy.