By Jed Morrison and Barron Bogatto

Until now, health care providers have had an ability to self-disclose anti-kickback and false claims violations and receive some benefit in doing so, but not “Stark” anti-referral violations under section 1877 of the Social Security Act.  The OIG-approved self disclosure process (the “OIG Self Disclosure Protocol”) has been in place for anti-kickback and false claims violations for more than a decade, but it did not apply to Stark violations.  The recently enacted health reform legislation (in section 6409 of the Patient Protection and Affordable Care Act aka PPACA) required the Secretary of Health and Human Services (HHS), in cooperation with the OIG, to establish a Medicare self-referral disclosure protocol (SRDP) setting forth a process for providers of services and suppliers to self-disclose actual or potential violations of the Stark physician self-referral statute. 

Although the Stark statute focuses primarily upon the conduct of physicians, the SRDP is open to all health care providers of services and suppliers, whether individuals or entities, and is not limited to any particular industry, medical specialty, or type of service.  For purposes of the SRDP, “providers of services” and “suppliers” are referred to as “disclosing parties.”

Notably, the SRDP cannot be used to obtain a CMS determination as to whether an actual or potential violation of the Stark law occurred.  PPACA provides that the SRDP is separate from the CMS physician self-referral advisory opinion process, and is intended to facilitate the resolution only of matters that, in the disclosing party’s reasonable assessment, are actual or potential violations of the physician self-referral law.

Relationship to OIG Self Disclosure Protocol

One confusing aspect of the SRDP is how it relates to the OIG Self Disclosure Protocol.  CMS reminds providers that participation in the SRDP is limited to actual or potential violations of the Stark statute and notes that the OIG Self-Disclosure Protocol is available for disclosing conduct that raises potential liabilities under other federal criminal, civil, or administrative laws.   CMS further states that disclosing parties should not disclose the same conduct under both the SRDP and OIG Self-Disclosure Protocol.  However, certain conduct—say a below-market office lease from a hospital to a physician—may violate both the Stark and anti-kickback statutes.  So it is not clear how the provider should proceed with such a disclosure.  Somewhat ominously, CMS warns providers:

“When appropriate, CMS may use a disclosing party’s submission(s) [under the SRDP] to prepare a recommendation to OIG and DOJ for resolution of False Claims Act, civil monetary penalty, or other liability. Accordingly, the disclosing party’s initial decision of where to refer a matter involving non-compliance with section 1877 of the Social Security Act should be made carefully.”

Thus, further guidance is definitely needed for providers with matters involving both potential Stark and anti-kickback or false claims violations.

Disclosure Procedures

The SRDP sets forth a number of required elements for disclosure of actual or potential Stark violations (e.g., specific identifying information, detail regarding the actual or possible violation, how the matter was discovered and remedied, etc.), which must be submitted electronically to CMS.  CMS will reply electronically to tell the provider whether the disclosure has been “accepted” into the SRDP program.  Thereafter, CMS will also coordinate with the DOJ and OIG in handling the SRDP disclosure.

An important, but difficult, required element is that the disclosing party must conduct and include a financial analysis in the disclosure to CMS setting forth the total amount, itemized by year, that is actually or potentially due and owing based upon the applicable “look back” period.  The “look back” period is the time during which the disclosing party may not have been in compliance with the Stark law.  The disclosing party must describe its methodology used to calculate the amount potentially due and owing, including indicating whether estimates were used, and, if so, how they were calculated.

Payments

The SRDP specifically provides that the sixty (60) day return of overpayments window enacted by PPACA will not apply to a provider participating in the SRDP.  That is, at the time the provider or supplier electronically submits a disclosure under the SRDP (and receives email confirmation from CMS that the disclosure has been received), the obligation to return any potential overpayment within 60 days will be suspended until a settlement agreement is entered.  Even further, the SRDP provides that while the matter is under CMS inquiry, the disclosing party must refrain from making payment relating to the disclosed matter to the Federal health care programs or their contractors without CMS’ prior consent.  However, escrow of repayment funds is encouraged.

Penalties

The Stark statute provides for civil penalties up to $15,000 per improper claim.  Under PPACA, CMS has authority to compromise amounts owed for Stark violations under the SRDP.  Factors CMS may consider in reducing the amounts otherwise owed include: (1) the nature and extent of the improper or illegal practice; (2) the timeliness of the self-disclosure; (3) the cooperation in providing additional information related to the disclosure; (4) the litigation risk associated with the matter disclosed; and (5) the financial position of the disclosing party.  However, CMS reminds providers that it is under no obligation to reduce any amounts owed to the Medicare program.

Whether the new SRDP will result in a flood of self disclosures remains to be seen.  Whether it now is the only avenue to report Stark violations also is unclear.  But for now, providers for the first time have an “official” avenue to self report Stark violations.

For more information, contact Jed Morrison at jmorrison@jw.com or 210.978.7780 or Barron Bogatto at bbogatto@jw.com or 713.752.4355.