Disclose or Not Disclose: That is the Question

Richard P. Kusserow | July 2009

Our firm has been engaged to review claims and arrangements for a great many of hospitals.  Invariably, we find errors, omissions, and other irregularities.  Always the question is raised with trepidation as to whether the findings should result in disclosure to the OIG.  In only a handful of cases have the answer been in the affirmative.   It is clear from our experience that many do not fully understand the guidance offered by the Department of Health and Human Services Office of Inspector General (OIG) on the subject and have been self disclosing when it was not necessary.  The purpose of this article is to help provide better understanding of when disclosure should or should not be made to the OIG.

For a number of years, the OIG has sought to encourage health care provider voluntary disclosure of improper conduct.  They have done this through a variety of written guidance designed to clarify when self referrals are appropriate, and when they are not. The primary guidance document on this was through the Self Disclosure Protocol (SDP) issued by the OIG in 1998.  It stated (See 63 Fed. Reg. 58399 (October 30, 1998)):

The OIG has long stressed the role of the health care industry in combating health care fraud, and believes that health care providers can play a cooperative role in identifying and voluntarily disclosing program abuses.  The OIG’s use of voluntary self-disclosure programs, for example, is premised on a belief that health care providers must be willing to police themselves, correct underlying problems and work with the Government to resolve these matters.

Since first published its SDP, it has been used by a significant number of providers who discover compliance problems and want to correct the problems, repay any overpayment, and move forward with a clean slate. This process can provide the provider with an effective and relatively efficient means of resolving liabilities and avoiding becoming a defendant in a future False Claims Act (“FCA”) case.  The OIG has stressed that voluntary self disclosure would result in a payment that would be less than those where the government found the problem independent of the entity.   They have remained faithful to that promise in that payments have been at a far lower rate for those parties engaged in the SDP as opposed to the alternative.

Disclosures have fallen into two broad categories, those involving overpayments arising from violations of law or regulations; and improper arrangements with referral sources. The OIG suggested that the SDP is to be used after a provider conducts an internal review indicating that a problem exists that may implicate violations of federal criminal, civil, or administrative laws.  In the last ten years the OIG has accepted upward to 500 disclosures, but about half of the disclosures for overpayments were not resolved through the SDP process but were referred to the Medicare contractors for resolution.   When making a decision as to whether to self disclose overpayments, it is advisable to look to the OIG guidance on the subject.   They stated that its SDP is not to be used to report routine overpayments or errors (See 63 Fed. Reg. at 58400):

Matters exclusively involving overpayments or errors that do not suggest violations of law have occurred should be brought directly to the attention of the entity (e.g., a contractor such as a carrier or an intermediary) that processes claims and issues payment on behalf of the Government agency responsible for the particular Federal health care program (e.g., [CNS] for matters involving Medicare).  The program contractors are responsible for processing the refund and will review the circumstances surrounding the initial overpayment. 

The second general category where the OIG has accepted and resolved matters brought to their attention under SDP involved matters involving potential violations of the Anti-Kickback Statute (AKS) and the Stark Laws.   This category is likely to be much more serious, especially when involving the AKS, a criminal statute.   It is also an area where the OIG and DOJ receive predicating case information through the qui tam provision of the FCA (so called Whistleblower Act). Complicating matters is that a self-disclosure does not necessarily bar a relator, or even DOJ from pursuing an FCA action.

Anyone reviewing the DOJ settlement agreements in health care or the OIG Corporate Integrity Agreements (CIA) and Certificate of Compliance Agreements (CCA) will notice that the great majority if them are under the FCA but predicated by the violations of the AKS.  Often Stark law violations are coupled with the AKS in a case. 

When a provider discovers compliance problems involving the Stark Law alone, the Protocol has not worked as well as other forms of SDP.  The fact is that so many providers have self disclosed Stark violations, that the OIG felt the need to clarify the SDP in that context.  On March 24, 2009, the OIG issued an Open Letter to Health Care Providers providing further clarification regarding the use of its SDP.  Due to resource constraints, the OIG advised that its SDP will no longer be available to solely report violations of the Stark Law.  It will only accept future self disclosures under the Stark Law where they also involve a “colorable anti-kickback statute violation.”   Further, the OIG advised that for “kickback-related submissions accepted into the SDP . . . , [and those coupled with Stark Law violations], we will require a minimum $50,000 settlement amount to resolve the matter” (See  Thus, with respect Stark Law technical violations, the OIG will no longer accept self disclosures.

It is worth noting that at the present point in time, there is no office within either HHS or CMS specifically charged with accepting and resolving self disclosures of potential Stark Law technical violations.  However, before anyone comes to the conclusion that they can ignore the Stark Laws, keep in mind that CMS continues in its intention to audit hospitals for Stark Law compliance. Pending are plans to survey hospitals on their physician relationships through the Disclosure of Financial Relationships Report (DFRR) to be certified by senior hospital management.  These reports are designed to examine financial relationships between hospitals and referring physicians.  Should this plan proceed to execution it will place hospitals with improper physician arrangements in a difficult position.  As such, hospital should continue as part of auditing and monitoring, the review of all their physician relationships not only in connection with the AKS but also the Stark Laws.

The answer to the question, disclose or not disclose, is to make careful reading of the guidance offered by the OIG.  For overpayments and errors that do not suggest violations of law, SDP is not the answer, instead it should be brought directly to the attention of the contractor that processes claims.   For self-disclosures under the AKS, keep in mind that this is a specific intent crime requiring evidence of willful violation.   This means that one of the purposes of the arrangement was to provide a flow of benefit in return for expected business.  Evidence that this exists requires disclosure.  For self disclosures under the Stark Law ensure there is evidence of a “colorable” AKS violation. 

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 3,000 health care organizations and entities in developing, implementing and assessing compliance programs.