chevron-down Created with Sketch Beta.
    July 18, 2013 Articles

    The Updated Provider SDP: To Disclose or Not to Disclose?

    A provider should engage counsel early on to perform an appropriate risk-benefit analysis before making any disclosures to the OIG.

    By Ardith Bronson and Pravin Patel

    On April 17, 2013, the Department of Health and Human Services (HHS) Office of the Inspector General (OIG) released its revised provider self-disclosure protocol (Updated SDP). There are a few key points providers should consider before making disclosures to the OIG.

    Brief History
    In 1998, after operating a three-year voluntary-disclosure pilot program, the OIG published the first provider self-disclosure protocol (SDP). The SDP originally was designed to provide "a process for health care providers to voluntarily identify, disclose, and resolve instances of potential fraud involving the Federal health care programs[.]" Updated OIG's Provider Self-Disclosure Protocol,U.S. Department of Health & Human Services, Office of Inspector General, at 1 (Apr. 17, 2013).

    The SDP is available to all health-care providers and offers a step-by-step framework for disclosure, which involves an internal investigation in addition to other disclosure requirements. Id.; see also Publication of the OIG's Provider Self-Disclosure Protocol, 63 Fed. Reg. 58,399–58,403 (Oct. 30, 1998). The SDP "provides guidance on how to investigate this conduct, quantify damages, and report the conduct to OIG to resolve the provider's liability exposure under OIG's civil monetary penalty (CMP) authorities." Solicitation of Information and Recommendations for Revising OIG's Provider Self-Disclosure Protocol, 77 Fed. Reg. 36,281 (June 18, 2012).

    Since its inception, the OIG has issued three open letters revising and expanding the SDP. Initially, the SDP was directed at "matters that potentially violate Federal criminal law, civil law, or administrative laws for which exclusion or civil monetary penalties are authorized" and specifically targeted the submission of false claims, which violated the False Claims Act (FCA). Open Letter to Health Care Providers,U.S. Department of Health & Human Services, Office of Inspector General (Apr. 15, 2008).

    In 2006, the OIG announced an initiative to use the SDP "to resolve civil monetary penalty (CMP) liability under the physician self-referral and anti-kickback statutes for financial arrangements between hospitals and physicians." Open Letter to Health Care Providers, U.S. Department of Health & Human Services, Office of Inspector General (Apr. 24, 2006). In 2008, the OIG announced that, in general, it no longer would require providers to enter into corporate integrity agreements (CIAs) or Certification of Compliance Agreements (CCAs) as part of a negotiated resolution. Open Letter to Health Care Providers,U.S. Department of Health & Human Services, Office of Inspector General (Apr. 15, 2008). Then, in 2009, the OIG narrowed the SDP by (1) requiring that use of the SDP be based on a "colorable anti-kickback statute violation," regardless of whether the disclosure also contained a violation of the physician self-referral law, and (2) stating that disclosure required a minimum settlement amount of $50,000. Open Letter to Health Care Providers,U.S. Department of Health & Human Services, Office of Inspector General (Mar. 24, 2009).

    Benefits of the Updated SDP
    The Updated SDP replaces, supersedes, and consolidates the original SDP and the OIG's open letters. Significantly, the Updated SDP highlights the benefits of provider participation as

    • the suspension of a provider's obligation to return overpayments as long as the SDP submission is made on a timely basis, coupled with the provider's waiver of any statute of limitations or similar defenses to any administrative action filed by OIG related to the disclosed conduct;
    • a streamlined internal review process reducing the average time a case is pending to less than 12 months;
    • OIG' s continuation of its general practice of requiring a minimum multiple of 1.5 times the single damages amount with OIG's acknowledgement that the 1.5 multiplier is lower than what would be required if the government had initiated an investigation; and
    • a reiteration of the policy against requiring providers to enter into CIAs and CCAs as a condition for a release of OIG's permissive exclusion authority.

    See Updated OIG's Provider Self-Disclosure Protocol,U.S. Department of Health & Human Services, Office of Inspector General, at 2–4 (Apr. 17, 2013).

    Open Issues
    While the Updated SPD aims to remedy many of the perceived deficiencies in the SPD and the open letters, various outstanding issues draw into question whether a provider's participation in the protocol is ultimately beneficial. There are three main areas that should cause concern for health-care providers deciding whether to utilize the OIG's process.

    Accepting liability. The Updated SDP requires a disclosing party to acknowledge that its conduct is possibly a violation of federal law for CMPs and to specifically identify the regulation the party thinks it may have violated. This is troubling because the provider may believe and have a legitimate argument that there is no violation. But the OIG disfavors disclosures that include statements such as “While the government may take the position that there is a violation, we disagree that there has been any such violation of the governing law.” This should concern providers because the Updated SDP explicitly states that there is a required minimum settlement amount for self-disclosed matters, and, thus, self-reporting will inevitably lead to some monetary payment.

    Therefore, before disclosing a potential violation to the OIG, a provider should consider whether it has truly committed a violation. Even if it believes it has not, it must carefully consider whether the OIG would believe it has committed a violation and whether the government is likely to bring suit against the provider. If the answer to the latter consideration is yes or likely yes, then the provider must determine whether it is better to disclose and try to settle with the OIG (taking into consideration the minimum settlement amounts) or expend the resources necessary to defend its position.

    Potential unforeseen liability. Even though the Updated SDP discusses the coordination between the OIG and the DOJ, it falls short in terms of guaranteeing providers with protections from the DOJ in related civil and/or criminal actions. When dealing with situations in which the DOJ participates in resolving SDP civil matters, the OIG only commits to advocating to the DOJ "that the disclosing party receive a benefit from disclosure under the SDP and the matter be resolved consistent with OIG's approach in similar cases." While only time will tell whether the DOJ adheres to the OIG's recommendations, a significant risk exists that the DOJ will not. Moreover, in terms of criminal matters, while the OIG again states that it will "advocate that the disclosing parties receive a benefit from disclosure under the SDP[,]" the DOJ is not bound by the Updated SDP and will likely make its own determinations regarding the disposition of criminal issues.

    An additional issue that should be considered is the possibility that the OIG could uncover unrelated fraudulent conduct through its submission-verification process. Any "[m]atters uncovered during [the OIG] verification process, which are outside of the scope of the matter disclosed to OIG, may be treated as new matters outside the [Updated SDP]." Publication of OIG's Provider Self-Disclosure Protocol,63 Fed. Reg. 58,399–58,403 (Oct. 30, 1998). For example, the OIG may uncover bribes made by the provider to foreign officials in violation of the Foreign Corrupt Practices Act. Because those types of violations do not fall within the purview of the Updated SDP, the OIG may provide the information to the DOJ for potential prosecution. This, of course, means that any disclosure carries an acute risk of uncertainty, coupled with the possibility of opening a disclosing party up to additional, unforeseen liability.

    Thus, before disclosing to the OIG, a provider must consider the likelihood that the DOJ will participate in resolving the SDP matter and whether the DOJ is likely to provide the same benefits that the OIG would provide to the disclosing party. Moreover, and more importantly, the disclosing party should consider the likelihood of the DOJ using the disclosures to the OIG to take additional action, including criminal action, against the disclosing party.

    Tricky scienter requirements. Generally speaking, the scienter requirement is often a very difficult element to prove when dealing with any violation of a statute or law. This is especially true when the scienter requirement is one of "knowledge." In any action involving a potential violation of the Anti-Kickback Statute (AKS), the government or qui tam relator must prove that the provider violating the AKS acted "knowingly." The Patient Protection and Affordable Care Act of 2010 clarified that the provider need not have actual knowledge that it violated the AKS or have specific intent to commit a violation of the AKS. See Pub. L. No. 111-48, 124 Stat. 759 (2010). Instead, the provider must only have knowledge that it is violating some law, making it easier to prove an AKS violation.

    Therefore, when a disclosing party makes a submission under the Updated SDP, there is a possibility that the disclosing party is providing the government with the scienter requirement not only to the OIG but also to the DOJ (in related matters for which the DOJ has the authority to go after the disclosing party for civil and/or criminal violations).

    To Disclose or Not to Disclose?
    The Updated SDP undoubtedly provides health-care providers with more guidance than the 1998 version and the open letters that followed. Equally true is that use of the Updated SDP could result in a number of possible benefits to a disclosing party. At the same time, disclosure to the OIG under the Updated SDP is not without risks that should give pause to any health-care provider deciding whether to use OIG's process. Keeping these considerations in mind, a provider should engage counsel early on to perform an appropriate risk-benefit analysis before making any disclosures to the OIG.

    Keywords: litigation, health law, OIG, HHS, Provider Self Disclosure Protocol, open letters, compliance, health care

    Ardith Bronson is of counsel and Pravin Patel is an associate in the Miami office of Well, Gotshal & Manges LLP.

    Copyright © 2013, American Bar Association. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association, the Section of Litigation, this committee, or the employer(s) of the author(s).