ABA Health eSource
October 2010 Volume 7 Number 2

CMS Promulgates Self-Referral Disclosure Protocol: Provider Beware?

By Brian D. Nichols, Robinson & Cole LLP, Hartford, CT

AuthorOn March 23, 2010, President Barack Obama signed into law the Patient Protection and Affordable Care Act of 2010 (“PPACA”). While PPACA received extensive press coverage for its provisions that were intended to improve access to healthcare and to incentivize better quality of healthcare, one provision that received very little mainstream press was the new Medicare self-referral disclosure protocol (the “Protocol”). 1 The Protocol will not have a direct impact on either access to, or quality of, healthcare, but has been anxiously awaited by healthcare providers. On September 23, 2010, the Centers for Medicare and Medicaid Services (“CMS”) officially promulgated the Protocol by publishing a seven page guidance document on CMS’ website. 2

The physician self-referral law, otherwise known as the Stark law, prohibits physicians from referring patients for certain designated health services payable by Medicare to a person or entity with which the physician has a financial relationship, unless the arrangement satisfies a Stark exception. 3 There are several detailed statutory and regulatory exceptions to the Stark law related to certain business arrangements, such as space and equipment leases, service agreements and physician employment arrangements. 4 Since Stark is a per se law (i.e. no intent is required), a violation can occur if an arrangement does not comply with a specific exception, even if the noncompliance is unintentional.

In 1998, the Office of the Inspector General (“OIG”) promulgated its Provider Self-Disclosure Protocol (“SDP”) to allow providers to remedy violations of “Federal criminal, civil or administrative laws.” 5 On April 24, 2006, the OIG issued an Open Letter to Health Care Providers that stated that the SDP could be used to remedy both anti-kickback statute and Stark violations. However, on March 24, 2009, the OIG issued another Open Letter to Health Care Providers that reduced the scope of the SDP to only anti-kickback statute violations. After the March 24, 2009 Open Letter, the OIG refused to accept any submission to the SDP that did not contain a “colorable” AKS violation. The OIG would continue to accept submissions that contained both Stark and AKS violations, but pure Stark violations would not be accepted into the SDP.

Moreover, prior to PPACA, the only way to cure a Stark violation was to make a full repayment of all reimbursement received from the federal government due to referrals from the physician with the financial relationship. In most situations, such a repayment could be millions of dollars and would be financially devastating for a health care provider. 6 While failure to make the repayment could potentially bring additional liability under the federal False Claims Act (“FCA”), 7 many providers were faced with the difficult decision of either making the necessary repayment or risking future discovery of the violation by the OIG and liability under the FCA. Either option could potentially force a provider into bankruptcy.

Fortunately, PPACA created the Protocol. Section 6409 of PPACA requires the Secretary of Health and Human Services (the “Secretary”) to establish “a protocol to enable health care providers … to disclose an actual or potential violation of [Stark].” 8 This protocol was published by the Secretary on September 23, 2010, as noted above. Similar to the SDP, CMS is authorized to reduce an overpayment owed by a healthcare provider if the provider participates in the Protocol, based on the facts and circumstances that are disclosed to CMS. The Protocol dictates that CMS may consider the following factors in determining an appropriate reduction , if any, to an overpayment:

CMS makes clear that the Protocol is separate and distinct from CMS’ physician self-referral advisory opinion process. If a healthcare provider is looking for a determination whether a Stark violation has occurred or will occur, the Protocol would be an improper forum to seek this determination. The Protocol is intended to resolve matters that have been deemed by the disclosing party to be actual or potential Stark violations. 10 The Protocol also makes clear that “[d]isclosing parties should not disclose the same conduct under both the [Protocol] and [the SDP].” The Protocol should be utilized to resolve Stark-only violations. For AKS-only violations or violations that combine elements of Stark and AKS, healthcare providers should utilize the SDP. 11 CMS also clarifies that, upon receipt of a submission under the Protocol, CMS will “coordinate” with the OIG and the Department of Justice with respect to other potential violations of federal authority. 12

In order to participate in the Protocol, healthcare providers must submit certain information electronically to CMS, with an original and one copy also submitted through the mail. This information includes:

  • A detailed financial analysis that sets forth the potential repayment amount and the methodology used to calculate this amount.

After this initial submission, the healthcare provider must cooperate in good faith with CMS with respect to subsequent requests for documents or information. CMS has stated that it will require access to “all financial statements, notes, disclosures, and other supporting documents without the assertion of privileges or limitations on the information produced.” 13 The Protocol also states that CMS will typically not require providers to produce materials that are covered by the attorney-client privilege, but may work with providers to “gain access to the underlying information without the need to waive the protections by an appropriately asserted claim of privilege.” 14

CMS will review all information provided by the provider as part of the Protocol and, if any additional Stark violations are uncovered during the course of this review, these violations will be treated as “new matters outside the [Protocol].” 15 Given this, providers should conduct a thorough review of their operations and disclosure materials prior to making a submission to CMS under the Protocol to avoid creating additional financial and legal burden that cannot be resolved through the Protocol.

It is also important for healthcare providers to remember that, although the Protocol authorizes CMS to reduce an overpayment amount, CMS is not required to do so. The Protocol states that “CMS will make an individual determination as to whether a reduction is appropriate based on the facts and circumstances of each disclosed actual or potential violation. The nature and circumstances concerning a physician self-referral violation can vary given the scope of the physician self-referral law and the health care industry. 16 This statement serves as fair warning to healthcare providers: submitting a violation to the Protocol does not necessarily result in a financially palatable result.

Much remains to be determined with respect to the actual impact that the Protocol will have on the business operations of healthcare providers. Even though the Protocol has been officially released by CMS, much will remain unknown until CMS actually starts handling disclosures through the Protocol and determining repayment amounts. One thing, however, seems almost certain at this point: healthcare providers now have an alternative for dealing with Stark violations that is potentially less devastating than the alternatives that previously existed.


PPACA was modified on March 30, 2010 by the Health Care and Education Reconciliation Act of 2010.



3 42 U.S.C. §1395nn.
4 42 C.F.R. §411.350 et seq.
5 63 Fed. Reg. 58,399 (October 30, 1998)
6 If a lease agreement between a referring physician and a hospital was not properly executed (e.g. missing a signature), all of the referrals by the physician to the hospital during the term of the lease would be in violation of Stark and would need to be repaid.
7 After the Fraud Enforcement and Recovery Act of 2009 (“FERA”), the FCA states that it is a violation of the FCA to “improperly” avoid or decrease “an obligation to pay or transmit money or property to the Government.” 31 U.S.C. §3729(a)(1)(G). An “obligation” is defined to include “an established duty … arising from … the retention of an overpayment…” 31 U.S.C. §3729(b)(3).
8 PPACA, Section 6409(a)(1).
9 CMS Protocol, pg. 6.

Id, at pg. 2.

11 Id.
12 Id.
13 Id, at pg. 5.
14 Id.
15 Id.
16 Id., at pg. 6.

The ABA Health eSource is distributed automatically to members of the ABA Health Law Section . Please feel free to forward it! Non-members may also sign up to receive the ABA Health eSource.