What about OIG self-disclosure requirements? The Office of the Inspector General (OIG) created a Self-Disclosure Protocol (SDP) to give healthcare providers the opportunity to disclose when they have uncovered evidence of potential fraud in their federal programs. The OIG self-disclosure requirements reveal that voluntary self-disclosure of wrongdoing before an outside investigation occurs may result in less severe penalties in many cases.
Yet, the OIG self-disclosure requirements are extensive, and only certain instances warrant its use.
A brief history of the OIG self-disclosure requirements
The SDP was published by the OIG in 1998 and has been updated several times since then. The OIG issued three open letters in 2006, 2008, and 2009 to clarify Self-Disclosure Protocol implementation. On April 17, 2013, it issued an updated SDP that added significant new guidance and superseded the original guidance.
The purpose of OIG self-disclosure requirements is to provide specific steps for healthcare organizations to designate, report, and resolve potential occurrences of fraud. The potential fraud must involve federal healthcare programs, such as Medicare and Medicaid. And the definition of fraud also includes intent to deceive to secure unfair or unlawful gain. It does not include mistakes or errors not made in bad faith.
- The Self-Disclosure Protocol (SPD) gives healthcare providers the following guidance regarding federal healthcare programs:
- A process to identify and voluntarily disclose potential fraud.
- A method to resolve occurrences of fraud when they are discovered.
- A process to investigate potential fraud and determine damages.
- An opportunity to reduce or eliminate penalties by self-disclosing and resolving overpayments.
- The categories of SDP settlements include:
- False and fraudulent claims.
- Stark Law and the Anti-Kickback Statute.
- Employing excluded individuals.
- Cases involving the Emergency Medical Treatment and Labor Act (EMTALA).
- Who is eligible to submit an SDP?
- All healthcare providers.
- Pharmaceutical manufacturers.
- Medical device manufacturers.
The OIG self-disclosure requirements have benefits
In the 2013 update, the OIG provides a list of benefits to using the Self-Disclosure Protocol. You can read the full text here:
- Avoidance of (corporate) integrity agreement obligations. The OIG believes self-disclosure indicates an effective compliance program. For this reason, it doesn’t require integrity agreement obligations to resolve SDP cases. Instead, they are typically resolved through settlements.
- Reduced penalties. Cooperating with the OIG self-disclosure requirements results in lower penalties. Each case is different, but generally, during an SDP disclosure case, the organization will pay 1.5 times the single damages. This is a lower multiplier than would most likely be the case if the investigation was initiated by the government.
- Suspension of the 60-day rule. Submitting an SDP suspends the 60-day rule for refunding overpayments. This rule comes from the Affordable Care Act, which requires organizations to report and return an overpayment from Medicare, Medicaid, or other federal healthcare programs within 60 days.
- Demonstration of good faith and cooperation with the government. The OIG states, “We commit to working with individuals and entities that use the SDP in good faith and cooperate with OIG’s review and resolution process.” Although the OIG gives no promise of reduced penalties and states that each instance is a case by case decision, being in “good faith” with the OIG is always preferable to a government-instigated investigation.
- A streamlined process. The OIG has committed to shortening the time a case is pending to less than 12 months.
- Avoidance of a Corporate Integrity Agreement and having to engage an Independent Review Organization (IRO). Often a corporate integrity agreement lasts typically five years and includes reporting and audit obligations. They also specify automatic monetary penalties for non-compliance. Failing to comply can also result in exclusion from federal healthcare programs.
There are also some disadvantages, which include (1) no guarantee of lesser penalties, and (2) the OIG refers criminal conduct to the Department of Justice.
When should the Self-Disclosure Protocol be used?
The Self-Disclosure Protocol (SDP) is used for matters that violate federal criminal, civil and administrative laws involving civil monetary penalty authorities.
- Fraudulent claims. This is when the patient is charged for a service that was knowingly not provided, a service that was already entered under another claim, an intentionally improperly coded service, or one that wasn’t supported by the patient’s medical records – but was billed anyway.
- Drug price reporting. Drug manufacturers need to submit pricing information and pay rebates to the Medicaid programs.
- Kickbacks. The Anti-Kickback Statute (AKS) prohibits an exchange of something of value for a referral, which results in a claim being submitted to a federal healthcare program.
- Physician self-referral. This is also called the Stark Law. The Stark Law generally forbids Designated Health Services (like hospitals) from billing for services to Medicare patients based on referrals from physicians with which they have a financial arrangement.
- Grants and contracts. The OIG penalizes providers for engaging in fraud related to grants and contracts, such as knowingly submitting a false claim under a grant.
- Patient dumping This means that anyone coming into a hospital emergency department has the right to a medical screening examination and possibly be treated, even if they have no insurance or ability to pay.
If your organization is already subject to an inquiry from the federal government, you may still be able to submit an SDP. However, the OIG points out that this must be in good faith and not an attempt to avoid the federal inquiry.
- Your organization can’t use the OIG self-disclosure protocol to obtain an opinion from the federal government about whether or not a violation has occurred.
- The OIG does offer an Advisory Opinion process in which you may ask for advice about a potential violation. At the same time, these opinions are legally binding, and if you receive advice that indicates a potential violation, you will need to act on it.
- An SDP is not accepted when the liability is only under the Stark Law. “Stark-only” violations need to be reported to the Centers for Medicare and Medicaid Services.
- It should not be used exclusively for overpayments or errors when a civil monetary penalty is not involved. These errors should be reported to the Centers for Medicare and Medicaid Services or other responsible contractors, and overpayments promptly refunded.
- The minimum payment amount required when using the SDP is $10,000 If an Anti-kickback statute claim is involved, the minimum amount is $50,000.
The (shortened) time period for submission of self-disclosures
In the 2013 update, the OIG gave providers a shortened time in which to complete their internal investigations. Previously, disclosing parties could submit their findings within 90 days of acceptance into the SDP.
But since the update, the OIG requires investigations to be completed within 90 days of the initial submission, not the acceptance. It may be possible to negotiate the deadline, but the updated SDP does not discuss this. Calculations of the damages must also be determined during the 90 days.
This shortened time period requires organizations to be prepared to quickly submit the findings of their investigation to the OIG. However, in doing so, they leave themselves open to greater penalties if the government opens an investigation before they can self-disclose.
How to submit under the Self-Disclosure Protocol (SDP)
When an organization has submitted an SDP, it must follow the rules that the OIG has laid out carefully. Failing to align with these protocols could result in higher penalties. The OIG is clear that when an SDP is submitted, it will act. It’s not a road for negotiation or speculation about whether a violation has occurred.
Due to the short time frame discussed above, before submitting an SDP, an organization should have gathered the appropriate information and determined the exact cause of the violation.
When self-disclosing, organizations should do the following:
- Complete a thorough investigation first. Don’t submit until you have a clear picture of the violation.
- Determine the amount of monetary damages resulting from fraudulent activity. If the amounts are less than the minimums, consult an attorney on how to proceed.
- Choose the SDP process that applies to your organization, either the Provider SDP or the Contractor SDP.
- Provide a narrative of the important details and the identities of the participants, their relationships, payment arrangements, and dates of arrangements.
- Identify and list the specific laws that have been violated. Don’t just refer to them as “federal laws,” for example.
- Never state in the submission that the case of fraudulent behavior has not occurred. In the updated guidelines, the OIG recommends that organizations do not make statements such as “the government thinks this is a violation, but it is not.” The OIG makes it clear that this may result in delays or even removal from the SDP process.
- Be prepared to accept and pay the damages assessed by the OIG.
- Provide complete cooperation with the OIG after making your submission. This is not the venue for litigation or arguments. The OIG advises that “back-and-forth” arguments can result in delays or removal.
How effective is your corporate compliance program?
Although you may be able to claim that you were unaware a violation existed, it becomes harder to argue, whether or not you should have known about the violation. And this is why it is so critical in the healthcare industry to measure the effectiveness of your compliance program that is led by either an in-house compliance officer or an expert third party consultant. You may want to consider outsourcing your corporate compliance program.
The time period for self-disclosing violations is short and the penalties are high. A good corporate compliance officer, whether managed by an employee or outsourced, has the skills and abilities to help an organization determine when submitting an SDP is the best recourse.