Changes in the OIG Self-Disclosure Protocol

Someone performing OIG self-disclosure protocol

Eight years after the last revision, the Office of Inspector General (OIG) of the Health and Human Services Department has updated the OIG Self-disclosure Protocol. The update was issued on November 8, 2021. There were several changes made to important provisions such as the minimum settlement amounts. However, several other provisions remain unchanged.

In this Article …


A brief history of the OIG Self-disclosure Protocol

The SDP was published by the OIG in 1998 and has been updated several times since then. The OIG issued three open letters in 2006, 2008, and 2009 to clarify the Self-Disclosure Protocol implementation. On April 17, 2013, it issued an updated SDP that added significant new guidance and superseded the original guidance. In the November 2021 update, it has now changed the name of the protocol to OIG “Health Care Fraud Self-Disclosure” protocol (SDP).

The purpose of OIG self-disclosure requirements is to provide specific steps for health care organizations to designate, report, and resolve potential occurrences of fraud. The potential fraud must involve federal health care programs, such as Medicare and Medicaid.  And the definition of fraud also includes intent to deceive in order to secure unfair or unlawful gain.  It does not include mistakes or errors not made in bad faith.

The type of matters that are subject to the Self-Disclosure Protocol has changed

There is still a long list of conduct that is appropriate for disclosure via the self-disclosure program. They range from False Claims Act (FCA) violations to violations of the Anti-Kickback Statute (AKS) to patient dumping, all related to federal health care programs. Reports about conduct with HHS grants should be made through OIG’s Grant Self-Disclosure Program. Disclosures related to federal contractors must be reported through OIG’s Contractor Self-Disclosure Program.

Another change clarifies things for health care entities subject to a corporate integrity agreement (CIA) with the OIG. These entities can utilize the SDP to self-report potential violations, possibly avoiding the expense associated with a government investigation. They may also avoid new civil monetary penalties. Of course, OIG considers such disclosure as a reportable event under the terms of the CIA.

Changes to the method used to report potential violations

Under the previous self-disclosure process, a disclosing party could submit reports online via the OIG’s website, or via U.S. mail. Now, any submission by a disclosing provider must be sent to the Office of Inspector General using the website (see a sample of the web interface in the image below). And self-disclosures should not be reported via the OIG Hotline.

Screenshot of OIG self-disclosure web-form.
Provider self-disclosure form on OIG website.


Minimum Settlement Amounts have also changed – dramatically!

Previously, the minimum payment amount required when using the SDP was $10,000  If an Anti-kickback statute claim was involved, the minimum amount was $50,000. These amounts have now doubled!

Even if health care providers think the potentially false claims fraud has resulted in less than $20,000 in damages, the minimum amount to settle with the OIG under the SDP will be $20,000. The advantage of using the SDP is the benefit the disclosing provider may receive. If the submission is accepted as sent in by the provider, the exposure to further civil action by the OIG is reduced or even eliminated.

Settlements of conduct involving AKS and the Stark Law require the submission of detailed information on the nature of the arrangement, the potential benefit to the designated health service, and any amounts of payments the disclosing provider believes should not be considered in determining a settlement amount. And of course, the minimum settlement amount has been increased to $100,000.

The new update goes into considerable detail on calculating damages for conduct involving the False Claims Act, the AKS, and the employment of excluded persons. In all cases, providers using the provider self-disclosure protocol must itemize the individual damages suffered by all federal health care programs affected by their conduct. The OIG has historically applied a multiple of 1.5 times the single damages, but there is no assurance it will not apply a higher minimum multiplier in the future.

How do the OIG and DOJ settle SDP Submissions?

Settlements with the Office of Inspector General typically include a release of claims to civil monetary penalties. While the OIG states it will advocate that a disclosing party receive a benefit from disclosure under the SDP for civil claims, only the DOJ can settle issues identified as related to the False Claims Act. In the Health Care Fraud self-disclosure protocol update, the OIG removed a statement advocating that persons disclosing criminal conduct receive a benefit for using the SDP.

What about the timelines for the submission of disclosures?

The OIG has consolidated the timelines for completing and reporting the results of the provider’s investigation and damages calculation from 90 days from the date of acceptance by the OIG into the SDP process, to 90 days from the date of initial submission of the report.

What are other issues not changed by the Health Care Fraud self-disclosure protocol?

Several aspects of the self-disclosure program have not changed:

  • The methods to calculate damages to federal health care programs have not changed.
  • Health care entities can’t use the OIG self-disclosure protocol to obtain an opinion from the federal government about whether or not a violation has occurred. (They can utilize the legally binding Advisory Opinion process on a practice, however.)
  • And Designated Health Services cannot utilize the self-disclosure process to report Stark-only violations. Those must be reported to the Centers for Medicare and Medicaid (CMS). But Stark violations that also implicate the AKS should be reported using the provider self-disclosure protocol.
  • The fraud self-disclosure protocol should not be used to return overpayments or other errors when a civil monetary penalty is not involved. These errors should be reported to CMS or other responsible contractors, and overpayments promptly refunded.

Is it still beneficial to consider using the Health Care Fraud self-disclosure protocol?

In a word, yes. Although the minimum damages amounts have changed, the potential to avoid a government investigation of potential conduct involving violations of the False Claims Act or the AKS will almost always make submitting a report under the SDP attractive. Providers have to be more organized when contemplating a submission, but that is not impossible.

When you need proven expertise and performance

Jim Hook, MPH

Mr. James D. Hook has over 30 years of healthcare executive management and consulting experience in medical groups, hospitals, IPA’s, MSO’s, and other healthcare organizations.