In April, the Office of Inspector General of the HHS issued an updated provider self-disclosure protocol, revised from the SDP published in 1998. The updated protocol instructs healthcare providers on what to do if they discover actions violate federal fraud and abuse laws, including false billings, activity involving potential violations of the Anti-Kickback Statute or potential violations of the Stark Law.
Updating the 1998 SDP was a multi-year process, as the OIG issued open letters to healthcare providers in 2006, 2008 and 2009 for suggestions on how to improve the SDP. It also solicited comments on the SDP in June 2012, receiving "numerous helpful comments" from the public.
"Since the original publication [of the SDP], we identified areas where additional guidance would be beneficial to the healthcare community and would improve the efficient resolution of SDP matters," the OIG wrote when announcing the updated protocol.
The OIG said some of the most common issues providers disclose include:
• Billing for items or services furnished by excluded individuals.
• Evaluation and management services and DRG upcoding.
• Duplicate billing.
• Alteration or falsification of records.
• Kickbacks and Stark Law violations.
The updated SDP reiterates that the OIG will require a minimum settlement of $50,000 for anti-kickback statute-related disclosures made pursuant to the SDP, and it also states that the OIG requires a minimum settlement of $10,000 for all other matters. The OIG describes self-disclosure as a "significant decision" for healthcare providers, but one that can also yield significant benefits.
Holly Carnell, JD, and David Pivnick, JD, both attorneys with McGuireWoods LLP in Chicago, explain some of the key considerations for healthcare providers in deciding whether to self-disclose false billings, activity involving potential violations of the Anti-Kickback Statute or potential violations of the Stark Law.
What are some of the main benefits of self-disclosure?
1. The risk of a whistleblower action is going to decrease if providers self-disclose. "The government has increased its healthcare fraud enforcement budget in recent years by huge proportions and is intervening in more whistleblower cases, and the number of qui tam cases that have been filed has nearly doubled in the last six years," says Mr. Pivnick, noting that the number of qui tam cases that have been filed has swelled from approximately 379 cases in 2008 to 647 in 2012 and that the government has intervened in an increasing number of cases. "There is a huge amount of risk to consider. Looking at the False Claims Act, all of a sudden you have a significant financial incentive to use the self-disclosure protocol and avoid or reduce that risk."
2. Providers that use the SDP and cooperate with the OIG during the process pay a lower multiplier on single damages than would otherwise be required in a government-initiated investigation. Although the government reserves the right to assess higher damages, in general, the OIG requires a minimum multiplier of 1.5 times the single damages for self-disclosing entities. In other contexts, the damages will be 1.5 times the reimbursement amount. Under the False Claims Act, that amount would be treble damages, plus a per-claim penalty of $5,500 to $11,000, plus attorneys' fees. Mr. Pivnick says penalties in a government-initiated investigation are a huge risk. Although each individual claim may be inexpensive on its own, "the volume of claims may be huge — providers may submit hundreds of claims per year," says Mr. Pivnick.
3. Although there are exceptions, the government generally does not require self-disclosing entities to enter corporate integrity agreements. In the updated SDP, the OIG reiterated its stance from its 2009 open letter, in which the agency states that when negotiating the resolution of conduct disclosed pursuant to the SDP, the OIG will generally not require the disclosing entity or individual to enter into a CIA to waive the OIG's permissive exclusion authority. Ms. Carnell and Mr. Pivnick say this is a definite advantage for healthcare providers. "CIAs place a lot of obligations on the company and set expectations for what their compliance plans need to look like," says Mr. Pivnick. "They involve substantial obligations, monitoring and costs." In all but one of the resolved disclosures since 2008, the OIG did not require the disclosing party satisfy integrity measures to avoid a permissive exclusion action.
4. The OIG will coordinate with the Department of Justice and other government agencies. "The OIG will advocate that the disclosing party receive a benefit from disclosure under the SDP and the matter be resolved consistent with the OIG's approach in similar cases," the OIG wrote. This does not immunize the self-disclosing entity from potential civil or criminal penalties, but it is still a benefit under SDP, says Ms. Carnell. "When you self-disclose, the DOJ could still decide they'll take up the case and come after you. The SDP doesn't mean the DOJ is barred from doing that, even if providers disclose to the OIG. But self-disclosing entities are less likely to be pursued by another agency if they successfully emerge from the SDP," she says.
5. Self-disclosing demonstrates an organization's commitment to compliance. Mr. Pivnick and Ms. Carnell also say there is an inherent benefit in self-disclosing, as it is likely to foster a culture of compliance within the organization. "The goal at any organization is to have rigorous compliance training and to send the message that compliance is taken seriously. Following through after learning of improper conduct instills the value that compliance really does matter — it's not just words on a page," says Mr. Pivnick. "Also, you potentially reduce or avoid liability." When a hospital employee reports potential misconduct, noncompliance or fraudulent activity, hospital management needs to respond promptly and appropriately.
Organizations should also keep in mind that the first people to report misconduct — whether current employees, former employees, patients or any other member of the public — may very well be the government's first witness for a federal investigation or may be the person who files a qui tam lawsuit. How a hospital or health system handles compliance concerns today can affect how people report misconduct in the future. Employees who are dissatisfied with their employer's response may be more likely to file whistleblower suits with the government.
Other considerations
While healthcare providers should strive for compliance and report potential issues to the government, there are a few caveats organizations may want to consider before doing so. Many providers are faced with the decision to self-report technical errors in their billing process. This may not the sign of a bad actor or bad intent, but human error, and there are some repercussions of self-disclosure that are worthy of discussion beforehand.
If providers disclose these issues to the government, they are hoping the penalty will be minimal and they will benefit from reporting rather than correcting the error internally and moving along. Private payors may also make note of providers' self-disclosures to the government and exert more scrutiny, which could expose providers to other liabilities. Finally, another consideration is that self-reporting often occurs in an acquisition context. A buyer may not want to acquire a hospital until any and all compliance concerns have been addressed. New leaders will not want any errors or improper conduct from the previous administration on their watch.
Conclusion
Since SDP was established in 1998, monetary recoveries have exceeded $280 million. Ms. Carnell and Mr. Pivnick both say they expect an increase in the number of healthcare providers using the self-disclosure protocol to report potentially improper activity or fraud. "The rules and processes are gaining more definition," says Mr. Pivnick. "I think people will be in the position where they want to do their best to be compliant, and then if they discover potential issues, they will take the best approach to fully resolve the issues and to minimize downside liability and expense."
Privacy and HIPAA: What Executives Need to Know Now
OIG Releases Updated Provider Self-Disclosure Protocol
Updating the 1998 SDP was a multi-year process, as the OIG issued open letters to healthcare providers in 2006, 2008 and 2009 for suggestions on how to improve the SDP. It also solicited comments on the SDP in June 2012, receiving "numerous helpful comments" from the public.
"Since the original publication [of the SDP], we identified areas where additional guidance would be beneficial to the healthcare community and would improve the efficient resolution of SDP matters," the OIG wrote when announcing the updated protocol.
The OIG said some of the most common issues providers disclose include:
• Billing for items or services furnished by excluded individuals.
• Evaluation and management services and DRG upcoding.
• Duplicate billing.
• Alteration or falsification of records.
• Kickbacks and Stark Law violations.
The updated SDP reiterates that the OIG will require a minimum settlement of $50,000 for anti-kickback statute-related disclosures made pursuant to the SDP, and it also states that the OIG requires a minimum settlement of $10,000 for all other matters. The OIG describes self-disclosure as a "significant decision" for healthcare providers, but one that can also yield significant benefits.
Holly Carnell, JD, and David Pivnick, JD, both attorneys with McGuireWoods LLP in Chicago, explain some of the key considerations for healthcare providers in deciding whether to self-disclose false billings, activity involving potential violations of the Anti-Kickback Statute or potential violations of the Stark Law.
What are some of the main benefits of self-disclosure?
1. The risk of a whistleblower action is going to decrease if providers self-disclose. "The government has increased its healthcare fraud enforcement budget in recent years by huge proportions and is intervening in more whistleblower cases, and the number of qui tam cases that have been filed has nearly doubled in the last six years," says Mr. Pivnick, noting that the number of qui tam cases that have been filed has swelled from approximately 379 cases in 2008 to 647 in 2012 and that the government has intervened in an increasing number of cases. "There is a huge amount of risk to consider. Looking at the False Claims Act, all of a sudden you have a significant financial incentive to use the self-disclosure protocol and avoid or reduce that risk."
2. Providers that use the SDP and cooperate with the OIG during the process pay a lower multiplier on single damages than would otherwise be required in a government-initiated investigation. Although the government reserves the right to assess higher damages, in general, the OIG requires a minimum multiplier of 1.5 times the single damages for self-disclosing entities. In other contexts, the damages will be 1.5 times the reimbursement amount. Under the False Claims Act, that amount would be treble damages, plus a per-claim penalty of $5,500 to $11,000, plus attorneys' fees. Mr. Pivnick says penalties in a government-initiated investigation are a huge risk. Although each individual claim may be inexpensive on its own, "the volume of claims may be huge — providers may submit hundreds of claims per year," says Mr. Pivnick.
3. Although there are exceptions, the government generally does not require self-disclosing entities to enter corporate integrity agreements. In the updated SDP, the OIG reiterated its stance from its 2009 open letter, in which the agency states that when negotiating the resolution of conduct disclosed pursuant to the SDP, the OIG will generally not require the disclosing entity or individual to enter into a CIA to waive the OIG's permissive exclusion authority. Ms. Carnell and Mr. Pivnick say this is a definite advantage for healthcare providers. "CIAs place a lot of obligations on the company and set expectations for what their compliance plans need to look like," says Mr. Pivnick. "They involve substantial obligations, monitoring and costs." In all but one of the resolved disclosures since 2008, the OIG did not require the disclosing party satisfy integrity measures to avoid a permissive exclusion action.
4. The OIG will coordinate with the Department of Justice and other government agencies. "The OIG will advocate that the disclosing party receive a benefit from disclosure under the SDP and the matter be resolved consistent with the OIG's approach in similar cases," the OIG wrote. This does not immunize the self-disclosing entity from potential civil or criminal penalties, but it is still a benefit under SDP, says Ms. Carnell. "When you self-disclose, the DOJ could still decide they'll take up the case and come after you. The SDP doesn't mean the DOJ is barred from doing that, even if providers disclose to the OIG. But self-disclosing entities are less likely to be pursued by another agency if they successfully emerge from the SDP," she says.
5. Self-disclosing demonstrates an organization's commitment to compliance. Mr. Pivnick and Ms. Carnell also say there is an inherent benefit in self-disclosing, as it is likely to foster a culture of compliance within the organization. "The goal at any organization is to have rigorous compliance training and to send the message that compliance is taken seriously. Following through after learning of improper conduct instills the value that compliance really does matter — it's not just words on a page," says Mr. Pivnick. "Also, you potentially reduce or avoid liability." When a hospital employee reports potential misconduct, noncompliance or fraudulent activity, hospital management needs to respond promptly and appropriately.
Organizations should also keep in mind that the first people to report misconduct — whether current employees, former employees, patients or any other member of the public — may very well be the government's first witness for a federal investigation or may be the person who files a qui tam lawsuit. How a hospital or health system handles compliance concerns today can affect how people report misconduct in the future. Employees who are dissatisfied with their employer's response may be more likely to file whistleblower suits with the government.
Other considerations
While healthcare providers should strive for compliance and report potential issues to the government, there are a few caveats organizations may want to consider before doing so. Many providers are faced with the decision to self-report technical errors in their billing process. This may not the sign of a bad actor or bad intent, but human error, and there are some repercussions of self-disclosure that are worthy of discussion beforehand.
If providers disclose these issues to the government, they are hoping the penalty will be minimal and they will benefit from reporting rather than correcting the error internally and moving along. Private payors may also make note of providers' self-disclosures to the government and exert more scrutiny, which could expose providers to other liabilities. Finally, another consideration is that self-reporting often occurs in an acquisition context. A buyer may not want to acquire a hospital until any and all compliance concerns have been addressed. New leaders will not want any errors or improper conduct from the previous administration on their watch.
Conclusion
Since SDP was established in 1998, monetary recoveries have exceeded $280 million. Ms. Carnell and Mr. Pivnick both say they expect an increase in the number of healthcare providers using the self-disclosure protocol to report potentially improper activity or fraud. "The rules and processes are gaining more definition," says Mr. Pivnick. "I think people will be in the position where they want to do their best to be compliant, and then if they discover potential issues, they will take the best approach to fully resolve the issues and to minimize downside liability and expense."
More Articles on Self-Disclosure and Healthcare Providers:
Stark Law, False Claims and HIPAA: Key Risk Areas for HospitalsPrivacy and HIPAA: What Executives Need to Know Now
OIG Releases Updated Provider Self-Disclosure Protocol