Reporting Misdeeds: How and When to Use Disclosure Protocol
Self-disclosure of healthcare fraud could prevent some problems. There are two primary routes for self-disclosure.
- The Department of Health and Human Services Office of Inspector General recently updated its Provider Self-Disclosure Protocol.
- Disclosure to the Department of Justice offers protection from the False Claims Act.
- Any disclosure must be fully transparent.
Once a risk manager realizes the organization may have violated laws or regulations, the best course of action might be to report the violation instead of hoping no one will discover it. Self-disclosure can offer many advantages that result in lesser penalties and other consequences. But it is important to know when to report and how to do it advantageously.
The Department of Health and Human Services Office of Inspector General (OIG) updated its Provider Self-Disclosure Protocol Nov. 8, 2021, says Lori A. Rubin, JD, partner with Foley & Lardner in Washington, DC. The name was changed to the Health Care Fraud Self-Disclosure Protocol (SDP).1
Most of the changes were technical, but the update provides an opportunity for healthcare risk managers to review the protocol and understand how to implement it when necessary.
In addition to disclosing through the OIG-SDP, healthcare organizations can disclose directly to the Department of Justice (DOJ), Rubin says. Each option presents pros and cons.
“This requires a very careful consideration of whether to disclose, what to disclose, and where to disclose,” Rubin explains. “You have to consider a lot of factors, including the complexity of the healthcare issues. Disclosing to the OIG might be more beneficial if it is a complex issue that OIG will have a better understanding of than DOJ. It’s also worth considering relationships with the U.S. Attorney’s office.”
The need for a speedy resolution is another concern, as OIG might move faster than DOJ.
An internal investigation is the first step to determining whether to report and how, Rubin says. For example, Stark violations should not be disclosed through the OIG-SDP because there is a separate Stark disclosure protocol. Some overpayments to the government may require only a repayment and not a fraud disclosure.
Higher Fines from OIG
One substantive change in the recent OIG-SDP revision involved the minimum amounts required to settle under that protocol. Since the minimum amounts were increased, kickback issues require a minimum settlement of $100,000. Other issues are $20,000. That is important because organizations sometimes think they should self-disclose in case an issue constitutes fraud, but it is not certain.
“The OIG has made clear that they don’t like wishy-washy statements about how the government might perceive this as fraud, but we don’t think it’s fraud. They don’t look kindly on those,” Rubin says. “If you’re going through self-disclosure with OIG, you should expect to settle the case. You should not expect to have to admit liability, but you should expect some settlement rather than a dialogue about the nature of the arrangements.”
Self-disclosing healthcare fraud directly to DOJ offers protection from False Claims Act (FCA) liability, Rubin notes. DOJ routinely releases FCA liability with self-disclosure, meaning the government will not sue the discloser for the conduct in scope, including for treble damages and penalties.
OIG disclosure does not provide the same level of assurance. OIG-SDP says a disclosing party can request a release under FCA, but it is not standard in settlements, Rubin says.
A DOJ disclosure also may result in a lower settlement amount. OIG typically uses a minimum multiplier of 1.5 times the single damages for settlement, but DOJ does not settle self-disclosed cases for a defined multiplier.
Downsides to DOJ Disclosure
One downside to DOJ disclosure is the 60-day report and return obligation is not automatically triggered, Rubin notes. The OIG-SDP automatically suspends the obligation to report and return an overpayment within 60 days after an overpayment is identified, but a DOJ disclosure does not. The DOJ must obtain approval from CMS and OIG to suspend the 60-day report and return obligation.
Rubin also notes the OIG-SDP is designed specifically to address healthcare fraud, so reports will be reviewed by professionals who understand the industry and the specific nature of healthcare regulations. The same may not occur with DOJ disclosures.
If you self-disclose through either path, it is important to cooperate with the investigations, Rubin says. Self-disclosing and then resisting or not cooperating with the investigation will encourage a poor outcome.
Can Avoid Whistleblowers
The FCA and the potential for whistleblowers spurred many more healthcare organizations to consider self-disclosure, says Gabriel L. Imperato, JD, partner with Nelson Mullins in Fort Lauderdale, FL. Self-disclosure epitomizes the idea of managing risk. He explains to clients that self-disclosure, when appropriate, can be a way to retain more control over the outcome of a fraud investigation.
“You determine a certain scope of conduct from which you negotiate a price to get a release from the government agency for False Claims Act liability,” Imperato says. “You don’t have to worry about a whistleblower raising that issue and you having to deal with it in an external way, which will involve greater risk, greater money, and greater ramifications for the organization.”
Once an organization decides to self-disclose through any route, it must be transparent, Imperato says. It is a terrible idea to confess to only a small part of the problem in hopes it will prevent investigators finding the total scope of the fraud.
“You don’t want to disclose information that is short of the total picture because you don’t want to be accused of concealing something that the enforcement agency or regulatory agency would consider to be relevant,” Imperato says. “You could turn a routine matter into something much bigger because now you have them suspicious of your methods and motives.”
- HHS Office of Inspector General. Health care fraud self-disclosure protocol. Nov. 8, 2021.
- Gabriel L. Imperato, JD, Partner, Nelson Mullins, Fort Lauderdale, FL. Phone: (954) 745-5223. Email: [email protected].
- Lori A. Rubin, JD, Partner, Foley & Lardner, Washington, DC. Phone: (202) 295-4760. Email: [email protected].
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.