Thought Leadership

On November 8, the U.S. Department of Health & Human Services Office of the Inspector General (OIG) updated and renamed its Provider Self-Disclosure Protocol the Health Care Fraud Self-Disclosure Protocol (SDP) to reflect a broader application. These revisions are the first changes to the SDP since 2013.

The SDP is used by healthcare providers, related entities and any individual subject to civil monetary penalties (CMPs) to submit a voluntary report of self-discovered noncompliance or potential fraud involving federal healthcare programs. Some examples where the OIG may impose CMPs are: (1) false and fraudulent claims; (2) Anti-Kickback Statute violations; and (3) physician self-referrals under the federal Stark law. Of note, updated guidance states that the SDP is not applicable to potential violations involving simple overpayments, as those are to be disclosed directly to the Centers for Medicare & Medicaid Services, or another responsible contractor, under the payor's voluntary refund process.

Between 2016 and 2020, 330 SDP cases were resolved and the parties were released from permissive Medicare exclusion without requiring further integrity measures. The SDP indicates that its streamlined process has reduced the average time for resolution to less than 12 months following acceptance into the SDP of a self-disclosure.

What Has Changed?

As detailed below, revisions to the SDP include:

Increased Minimum Penalties. For anti-kickback matters, the minimum settlement amount is now $100,000. For all other matters, the minimum settlement amount is increased to $20,000.

Damage Specification Requirements. The OIG updated the SDP to require that submissions include estimates of damages for each affected federal healthcare program as well as total aggregate damages for all affected federal healthcare programs.

Requirements for Providers with CIAs. The updated SDP allows providers under a corporate integrity agreement (CIA) to self-disclose conduct through the SDP by sending a copy of the disclosure to the OIG monitor assigned to them under their CIA. If the disclosed issue rises to the level of a reportable event under the CIA, the disclosure must state this fact.

Submission Only Through OIG's Website. The OIG now requires that the SDP be submitted through the OIG's website; the SDP may no longer be submitted by U.S. mail.

Voluntary disclosures have the potential to help healthcare providers resolve matters more efficiently and cost-effectively. Providers that voluntarily disclose through the SDP and cooperate with the OIG during the SDP process, are more likely to have their matter resolved in less than one year, as shown by the available data. Additionally, voluntary disclosure has been shown to result in a lower multiplier penalty than in an instance where an investigation is prompted by the government. Likewise, entities that voluntarily disclose benefit from a presumption against requiring them to enter into a CIA with the OIG.

The use of the SDP, however, is not completely without risk. For example, documents prepared in connection with internal investigations required under the SDP can lose their attorney-client privilege status, and the investigation may alert the OIG about other potential violations by the disclosing party. The SDP can only be used to settle matters under the OIG's CMP authority and does not insulate a disclosing party from liability under the False Claims Act or other potential criminal penalties enforced by the Department of Justice (DOJ). Perhaps to address such concerns, the SDP includes a section noting that the OIG no longer encourages disclosure of potential criminal conduct through the SDP process and will not advocate to the DOJ for leniency in criminal cases.

While the SPD process can be very helpful in resolving certain situations, healthcare providers should consult with counsel when deciding whether to make a disclosure to the OIG.

Would you like to receive our Day Pitney C.H.A.T. Newsletter? Sign up here.