September 27‚ 2010
CMS Implements Self-Referral Disclosure Protocol Process to Self-Disclose Stark Law Violations
Based on a Congressional mandate included in the Patient Protection and Affordable Care Act (ACA),1 the Centers for Medicare & Medicaid Services (CMS) published a document entitled “CMS Voluntary Self-Referral Disclosure Protocol” (the SRDP) on its website on September 23, 2010.2 Establishment of the SRDP, which sets forth a process for self-disclosure of actual or potential violations of the Stark Law, is significant because CMS previously had no such protocol or process in place.3 Congress presumably intervened because the Office of Inspector General for the Department of Health and Human Services (OIG) had announced that it would not accept Stark Law disclosures under its Self-Disclosure Protocol unless there was a “colorable Anti-Kickback Statute Violation.”4
Specifically, the ACA requires the Secretary of the Department of Health and Human Services, in cooperation with the OIG, to establish the SRDP pursuant to which affected providers and suppliers can self-disclose actual or potential violations of the Stark Law. A key enticement of the SRDP is that providers who use it may be eligible, under another ACA provision that clarifies existing CMS authority,5 for reductions in overpayments and penalties resulting from Stark Law violations.
Mintz Levin has learned through unofficial channels that CMS intends to publish the SRDP in the Federal Register at a later date. CMS presumably will offer the public the opportunity to comment at that time. Providers, suppliers, and other affected parties likely will have a number of concerns.
Specifics of the SRDP
The SRDP is open to all providers and suppliers, labeled “disclosing parties,” and “[t]he fact that a disclosing party is already subject to Government inquiry (including investigations, audits, or routine oversight activities) will not automatically preclude a disclosure.”6 Because the SRDP is not a mechanism for seeking an advisory opinion, CMS expects disclosing parties to use the SRDP “with the intention of resolving its overpayment liability exposure for the conduct it identified.”7 As the following discussion makes clear, the SRDP provides no mechanism to address a common situation: the need to make an initial, preliminary disclosure of a Stark Law violation while an internal investigation is still ongoing.
Description of Actual or Potential Violation
The SRDP requires the disclosing party to furnish the following detailed information about the actual or potential violation:8
- The identification of the disclosing party. If the disclosing party is owned, controlled, or part of a system or network, then a description of the “pertinent relationships” and any related entities must be included.
- A description of the nature of the matter being disclosed, including the type of financial relationship(s), the specific time periods the disclosing party may have been out of compliance, and the type of designated health service claims at issue.
- The names of all entities and individuals believed to be implicated and an explanation of their roles in the matter.
- A statement from the disclosing party regarding why it believes a violation of the physician self-referral law may have occurred, including a complete legal analysis (emphasis added) of the application of the Stark Law to the conduct and any exception to the Stark Law that applies to the conduct and/or that the disclosing party attempted to use.
- The circumstances under which the disclosed matter was discovered and the measures taken upon discovery to address the issue and prevent future abuses.
- A statement identifying whether the disclosing party has a history of similar conduct, or has any prior criminal, civil, and regulatory enforcement actions against it.
- A description of the existence and adequacy of a pre-existing compliance program that the disclosing party had, and all efforts by the disclosing party to prevent a recurrence of the incident or practice in the affected division as well as in any related health care entities.
- An indication of whether the disclosing party has knowledge that the matter is under current inquiry by a Government agency or contractor.
A full explanation of the financial analysis also must be provided.9 It must include:
- The total amount, itemized by year, that is actually or potentially due and owing based upon the applicable “look back” period (the time during which the disclosing party may not have been in compliance with the Stark Law).
- The methodology used to set forth the amount that is actually or potentially due and owing. Indicate whether estimates were used, and if so, how they were calculated.
- A summary of auditing activity undertaken and a summary of the documents relied upon.
CMS Verification of Disclosures
After receiving a disclosure, CMS will go through a verification process. CMS stated that it must “have access to all financial statements, notes, disclosures and other supporting documents” and may request access to materials protected by the attorney work product doctrine.10 Full cooperation during CMS’s verification process will be essential to resolution of the issue.
Relationship to Requirement to Refund Identified Overpayments within 60 Days
The SRDP tries to reconcile its process with the ACA’s provision requiring providers and suppliers to report and repay Medicare and Medicaid overpayments within 60 days of the date the overpayments are first identified.11 This requirement conflicts with the well-established practice that providers and suppliers should not make repayments before or during the course of either a self-disclosure or a Department of Justice (DOJ) investigation. The SRDP states that “the obligation under Section 6402 of the ACA to return any potential overpayment within 60 days will be suspended until a settlement agreement is entered, the provider of services or supplier withdraws from the SRDP, or CMS removes the provider of services or supplier from the SRDP.”12 The SRDP creates confusion by further stating that:
CMS will not accept payments of presumed overpayments determined by the disclosing party prior to the completion of CMS’s inquiry. However, the disclosing party is encouraged to place the funds in an interest-bearing escrow account to ensure adequate resources have been set aside to repay amounts owed. While the matter is under CMS’s inquiry, the disclosing party must refrain from making payment relating to the disclosed matter to the Federal health care programs or their contractors without CMS’s prior consent. If CMS consents, the disclosing party will be required to acknowledge in writing that the acceptance of the payment does not constitute the Government’s agreement as to the amount of losses suffered by the programs as a result of the disclosed matter, and does not relieve the disclosing party of any criminal, civil, or civil monetary penalty liability, nor does it offer a defense to any further administrative, civil, or criminal actions against the disclosing party.13
Of note, the SRDP makes no promise that if a provider repays the overpayment to its Medicare contactor, such amounts would be credited against any penalty amounts CMS imposes in the self-disclosure settlement.
Agencies to Which a Self-Disclosure Should Be Made
Before making a disclosure, providers and suppliers should think carefully about to which government entities a self-disclosure should be made. CMS clearly states that “[d]isclosing parties should not disclose the same conduct under both the SRDP and OIG’s Self-Disclosure Protocol.”14 Surprisingly, the SRDP then goes on to say:
Upon review of the disclosing party’s disclosure submission(s), CMS will coordinate with the OIG and DOJ. CMS may conclude that the disclosed matter warrants a referral to law enforcement for consideration under its civil and/or criminal authorities. When appropriate, CMS may use a disclosing party’s submission(s) to prepare a recommendation to OIG and DOJ for resolution of False Claims Act, civil monetary penalty, or other liability.15
Possible Reduction in the Amount Owed
One potential benefit of making a self-disclosure through the SRDP is a possible reduction in overpayments liability and penalties. But CMS likely intends to proceed very cautiously in applying its discretionary authority created by the ACA, even though many already believed that CMS already had such authority. For example, CMS cautions that a self-disclosure will not guarantee a reduction in liability and makes clear that it “is not obligated to resolve the matter in any particular manner.”16 CMS goes on to cite the criteria Congress mandated in considering whether to compromise a provider’s liability:
- The nature and extent of the improper or illegal practice
- The timeliness of the self-disclosure
- The cooperation in providing additional information related to the disclosure
- The litigation risk associated with the matter disclosed
- The financial position of the disclosing party17
In the ACA, Congress directed the Secretary to develop a realistic mechanism to encourage providers to self-disclose Stark Law problems and provided for reduced financial penalties so that such problems can be appropriately addressed. Even so, CMS has offered little comfort to providers and suppliers; most notably, it failed to recognize that some infractions, such as a failure to have a written agreement, are highly technical and therefore do not warrant the imposition of the full level of statutory overpayments.
Further, the SRDP apparently does not allow for preliminary disclosures where a provider or supplier has identified a possible Stark Law problem and wishes to disclose that fact before the scope of the problem and its financial impact are fully known. Such preliminary disclosures are commonly welcome by other enforcement agencies, such as U.S. Attorneys’ Offices. Finally, providers and suppliers may find self-disclosing Stark Law problems only to CMS to be problematic because CMS will therefore have the authority to address these complicated issues with DOJ and the OIG without the benefit of input from the provider. This requirement will likely be one of the most controversial parts of the SRDP.
1 Pub. L. No. 111-148, § 6409(a).
2 CMS Voluntary Self-Referral Disclosure Protocol, available at http://www.cms.gov/PhysicianSelfReferral/65_Self_Referral_Disclosure_Protocol.asp
3 The Stark Law provides that no payment may be made for designated health services that are provided in violation of the Stark Law. Thus, payments received for such services are overpayments.
4 OIG’s Open Letter to Health Care Providers, March 24, 2009.
5 Pub. L. No. 111-148, § 6409(b).
6 SRDP, at 1.
7 Id. at 2.
8 Id. at 3-4.
9 Id. at 4-5.
10 Id. at 5.
11 Pub. L. No. 111-148, § 6402.
12 SRDP, at 1.
13 Id. at 5-6.
14 Id. at 2.
17 Id. at 6.
Click here to view Mintz Levin’s Health Care Reform attorneys.
* * *
For up-to-date information regarding health care reform‚ please
our Health Care Reform: Analysis & Perspectives page.
Please click here to learn more about our health care reform practice.