Fraud self-disclosure requires careful strategy
Nobody wants to run afoul of the Stark law or other fraud prevention regulations, but it happens. You analyze a complex interaction between healthcare providers and realize that you have violated the law, perhaps in some highly technical manner. What now?
Self-disclosure might be your best option. Go ahead and confess to your error and hope the government regulators go easy on you. But even if that is the best path, you must tread carefully, cautions Jeffrey E. Rogers, JD, a partner with the law firm of McGuire Woods in Chicago. The first step is to be certain you actually have violated the law before you invite regulators inside. (See the story below for more on ensuring you have a violation to report.)
The Department of Health and Human Services (HHS) Office of the Inspector General (OIG) and Congress have altered the Provider Self-Disclosure Protocol to make it easier and more beneficial, Rogers notes, but at the same time they broadened the OIG's ability to punish those who do not report. One change was especially significant for providers: In the updated Provider Self-Disclosure Protocol, OIG states that self-reporting will presumptively indicate an effective compliance program and that no corporate integrity agreement (CIA) is needed.
Complying with a CIA can be onerous for a healthcare provider, so the ability to avoid one with self-disclosure is a major incentive, Rogers says. OIG also announced that it will impose penalties of only 1.5 times the damages in self-disclosure cases, which is much less than the amounts sometimes sought by the government.
OIG also created an online submission process for self-disclosure in hopes of streamlining the disclosure process, Rogers notes. The changes already are having the desired effect: HHS officials have said they expect to receive about 100 self-disclosures of Stark violations in 2013. There have been almost 300 self-disclosures since the 2010 passage of the Affordable Care Act, which also contained incentives for self-disclosure. However, the OIG is way behind in resolving those cases.
With the government continuing to aggressively prosecute fraud in healthcare, self-disclosing can look increasingly attractive, Rogers says. Prosecution can result in treble damages under the False Claims Act, civil monetary penalties, and even criminal prosecution. However, self-disclosure is not without its own risks.
One potential risk relates to how the OIG shortened the time period for completion of the disclosing party's investigation from 90 days following acceptance into the program to 90 days following initial submission.
"That change apparently was intended to be a benefit for healthcare providers, but it can cause problems," Rogers explains. "Changing the term from acceptance to initial submission means a shorter timeframe, and that could force the disclosing party to rush through an investigation that really needs more time to be thorough and accurate."
In addition, risk managers should be concerned that the disclosure could be made available to private litigants, including existing or potential qui tam relators. The recent update to the protocol requires that the healthcare provider detail what civil and criminal laws were violated, which potentially provides a more detailed guide for plaintiffs' attorneys than they ever had so easily available, Rogers says.
The OIG has clearly stated that it will coordinate with the Department of Justice in the resolution of self-disclosure cases, Rogers notes. The worst part is that the OIG made clear it will defer to the DOJ if the two agencies disagree on how to resolve a case.
Still, Rogers says self-disclosure is almost always the best choice. Trying to lay low and hope the government doesn't discover your violation is an increasingly big risk, he says.
"You've got more whistleblowers than ever before and more qui tam cases than ever before. We're also seeing more competitors complaining because your arrangement might be driving them out of business," Rogers says. "It used to be that if the government didn't intervene, the relator just went away. But now the qui tam bar is so much more sophisticated and aggressive that they will be willing to run with the thing even if the government doesn't."
The government also is conducting more audits that can detect these violations, and self-disclosing could fend off an audit that might uncover additional problems, Rogers notes.
That assessment is seconded by Karl A. Thallner Jr., JD, a partner with the law firm of Reed Smith in Philadelphia. He says that once you determine a violation has occurred, a first priority should be determining the most painless way to resolve it.
"Was this a Stark-only problem, a technical violation like an agreement expired or was it signed after the relationship began?" he says. "Or was there a reason to believe this problem is more serious, that someone was intending to contend a benefit on the physician to induce referrals?"
A technical violation can be easier to address than the other, Thallner says. Both might have to be disclosed, but a technical violation can be reported in much more straightforward way with an explanation and evidence of repayment, if necessary. A scheme to induce referrals is far more serious. (See the story below for more on how to disclose violations.)
"The days of sweeping these violations under the rug are over," Rogers says. "The other advantage to self-reporting is that you have the opportunity to paint the picture of the situation in the manner most favorable to yourself. You get to frame it, narrow the issues, phrase things certain ways so that it doesn't look like the worst thing the government's ever seen."
• Jeffrey E. Rogers, JD, Partner, McGuire Woods, Chicago. Telephone: (312) 750-8686. Email: firstname.lastname@example.org.
Slow down and be sure you have violated law
If you think your helathcare organization has violated the Stark law or other fraud prevention measures, the very thought of treble damages (triple the actual monetary loss) from a government prosecution could prompt you to self-disclose as soon as possible in hopes of a lesser punishment. However, you should wait before you do anything, legal experts advise.
Before you do anything hasty, make absolutely sure that you have a violation to report, advises Karl A. Thallner Jr., JD, a partner with the law firm of Reed Smith in Philadelphia. He has seen healthcare providers come to him with what they thought were violations of the law that should be self-disclosed, but on further investigation they determined otherwise.
"Stark is extraordinarily complicated, and people sometimes make assumptions about the existence of a violation," Thallner says. "If you parse through it all in a technical way, you can find that there may be an argument, if not some certainty, that there was no violation."
Thallner recalls one instance in which a hospital leased office space to a nephrologist. The hospital inadvertently failed to renew the lease agreement. That put them out of compliance with the office rental exception under Stark, but on further review the attorney realized that the dialysis services ordered by the hospital were furnished by a dialysis center and those services are not designated health services under the Stark law.
"People were assuming we had a violation with the lease exception, and on that count alone it seemed something to disclose," Thallner says. "But because the services were not covered under Stark, there was in fact no problem. It's worth spending some real time to figure out if there is a legitimate basis for concluding there was no violation."
If double- and triple-checking yields the same conclusion that you have violated the law, Thallner says self-disclosure usually is going to be the way to go.
"Doing nothing is usually the worst thing to do," he says.
• Karl A. Thallner Jr., JD, Partner, Reed Smith in Philadelphia. Telephone: (215) 851-8171. Email: email@example.com.