In FY 2021, investigations led by the Department of Health and Human Services’ Office of Inspector General (OIG) resulted in 504 criminal actions against individuals or entities that engaged in crimes related to Medicare and Medicaid, and 669 civil actions, which included false claims and unjust-enrichment lawsuits filed in federal district court, and civil monetary penalty (CMP) settlements.
When a healthcare provider realizes the entity may have violated federal healthcare laws or requirements, it is often the best course of action to report the violation instead of waiting for the Government to potentially investigate the violation and bring criminal and/or civil action.
Health care providers, suppliers, or other individuals or entities subject to Civil Monetary Penalties can use the Provider Self-Disclosure Protocol (SDP) to voluntarily identify, disclose, and resolve instances of potential fraud involving the Federal health care programs (as defined in section 1128B(f) of the Social Security Act (the Act), 42 U.S.C. 1320a–7b(f)). The SDP provides guidance on how to investigate this conduct, quantify damages, and report the conduct to OIG to resolve the provider’s liability under the OIG’s CMP authorities. A large category of SDP submissions relates to potential violations of the Anti-Kickback Statute (AKS) (including conduct that violates both the AKS and the Stark law.) AKS compliance is a condition of payment of the Federal health care programs. Under section 1128B(g) of the Act, claims that include items or services resulting from an AKS violation constitute false or fraudulent claims for purposes of the False Claims Act (FCA). In its guidance on the SDP, OIG states that it generally settles AKS cases for an amount based upon a multiplier of the remuneration conferred by the referral recipient.
Benefits of Disclosure
Reporting a potential violation through the SDP can provide significant benefits to health care providers.
First, OIG believes that good faith disclosure of potential fraud and cooperation with OIG’s review and resolution process are typically indications of a robust and effective compliance program. As a result, OIG has a presumption against requiring integrity agreement obligations in exchange for a release of OIG’s permissive exclusion authorities in resolving an SDP matter.
Second, OIG believes that providers that use the SDP and cooperate with OIG during the SDP process deserve to pay a lower multiplier on single damages than would normally be required in resolving a government-initiated investigation. Accordingly, the OIG’s general practice in CMP settlements is to require a minimum multiplier of 1.5 times the single damages, although OIG can determine in an individual case that a higher multiplier may be warranted. It is interesting to note that the provider does not have to repay the imputed interest on the payments it received.
Third, using the Self-Disclosure Protocol may mitigate potential exposure under 42 U.S.C. 1320a-7k(d). That section of the Act requires that a Medicare or Medicaid overpayment be reported and returned by the later of (1) the date that is 60 days after the date on which the overpayment was identified, or (2) the date any corresponding cost report is due, if applicable. In its Final Rule, 81 Fed. Reg. 7654–7684 (February 12, 2016), the Centers for Medicare & Medicaid Services (CMS) agreed to suspend the obligation to report overpayments under section 1128J(d) of the Act when OIG acknowledges receipt of a submission to the SDP so long as the submission is timely made. CMS also agreed to suspend the obligation to return overpayments until a settlement agreement is entered into, or the provider withdraws or is removed from the SDP.
Other Considerations of Disclosure
The benefits of disclosure must also be weighed against potential risks and potential other remedial actions. First, OIG does not guarantee immunity under its SDP and a self-disclosure could lead to an additional Government-led investigation by the Department of Justice (DOJ). Upon receipt of a self-disclosure report, OIG will communicate with DOJ to determine if an investigation is already open or if DOJ is interested in assuming control of the matter. In our experience, we have seen DOJ choose to participate from the beginning in some cases, while waiting until the point of settlement to intervene in others. However, for most self-disclosures, DOJ will allow OIG to retain control over the matter through the settlement. If DOJ decides to assume responsibility for the matter, OIG will advocate that the disclosing party receive a benefit from having self-disclosed the matter. Nevertheless, DOJ will determine the terms of settlement in cases in which it is involved. While a decision by DOJ to become involved in a self-disclosure matter is seldom welcome news, it has the benefit of resulting in a broader release for the client in the settlement agreement and in our experience, DOJ considers the fact that the matter was voluntarily disclosed when determining the damages multiplier for the settlement.
Second, the OIG’s SDP results only in a release under the civil monetary penalties law, not a release from liability under the FCA. In most instances, a provider will find this type of release to be sufficient because for practical purposes, a follow-on whistleblower suit seems very unlikely when the OIG has entered into a settlement of the same matter. In fact, we are not aware of any such cases. But in instances where the claims at issue are for a particularly large amount, involvement of DOJ may be preferred result. One alternative that we consider in those instances is using the OIG SDP as the framework for disclosure, but requesting that DOJ participate in the settlement as well.
Third, if potential Stark violations are at issue, providers need to decide whether CMS’ Self-Referral Disclosure Protocol is more appropriate. There is much less transparency as to how CMS calculates settlement amounts, but as a practical matter, CMS appears to typically apply lower than a 1.5 multiplier to the value of the claims involved. For that reason, the CMS protocol might seem advantageous, but CMS does not grant a release, and the provider runs the risk of CMS referring the provider to OIG regardless.
Counsel’s Role in the Self-Disclosure Process
The Self-Disclosure Protocol process begins as soon as a provider discovers potential fraud involving Federal health care programs. It is important for the provider to determine the scope of the problem quickly and take immediate action to preserve all potentially relevant documents and communications.
When contacted by a provider, Powers first works to determine if the problem affects payment and if so, the amount at issue and how long the issue has been ongoing. During this stage, we review relevant federal healthcare laws to determine if a potential violation has occurred, and then evaluate the options for resolution:
- If the issue does not affect payment, we evaluate options to resolve the issue moving forward.
- If the issue does affect payment, the options are a repayment to the Government (through a contractor) or a self-disclosure (options include the OIG Self-Disclosure Protocol, CMS Self-Referral Disclosure Protocol, or a voluntary disclosure to the DOJ.)
Our role is to assist the client in weighing these options. In most instances, repayment costs less and avoids the need for an extensive internal investigation, but it does not provide the client with any certainty that the matter has been finally resolved. The contractor will accept payment but will not inform the provider that the matter is closed. The risk of the matter being referred to OIG or DOJ or a whistleblower suit remains. In contrast, disclosure to OIG will cost more than repayment, but the process provides a useful framework for making a disclosure and the end result has a greater degree of certainty that the matter has been resolved.
If a client wishes to consider applying to the OIG Self-Disclosure Protocol, the first step is to develop an investigative plan. The OIG expects the disclosing party to conduct an internal investigation and report its findings to OIG. This involves first reviewing and evaluating documents and interviewing relevant stakeholders to gain further insight into the potential violation and how and why it occurred.
If an investigation confirms a finding of non-compliance, Powers works with the provider to form a remediation plan tailored to the conduct at issue. This plan includes taking immediate steps to stop the conduct at issue, calculating damages, submitting a report through the Self-Disclosure Protocol, and creating compliance policies to prevent future occurrences. After drafting and submitting a self-disclosure report detailing the investigation, findings, and remedial action, we work with OIG to negotiate a favorable settlement. We find that the more thorough the investigation and the more comprehensive the report, the less time it takes for OIG to resolve the case. After the conduct is settled, Powers continues to work with providers to develop and maintain meaningful compliance programs to prevent future issues.
For questions about this article, please contact Natalie Lorenz at Natalie.Lorenz@PowersLaw.com. If you would like assistance with a potential OIG Self-Disclosure, Civil Monetary Penalties Law violations, or other fraud and abuse matters, please contact Natalie Lorenz at Natalie.Lorenz@PowersLaw.com, Mark Fitzgerald at Mark.Fitzgerald@PowersLaw.com, Christina Hughes at Christina.Hughes@PowersLaw.com, or the Powers attorney with whom you normally work with.