2011: Issue 1 - Focus on Fraud and Abuse
By: Julie E. Kass and *Joshua J. Freemire
The first Stark settlement since the publication of the CMS Voluntary Self-Referral Disclosure Protocol (SRDP) was announced on February 10, 2011. Saints Medical Center in Lowell, Massachusetts settled with CMS for alleged violations relating to issues with night coverage, medical directorships, and stipends. CMS settled the issues for $579,000, and while CMS won’t reveal the initial overpayment calculation amount, CMS has reported the settlement to be substantially less. A statement released by the hospital as well as local media reports indicate that the hospital’s Stark violations could have triggered a potential repayment amount between $785,000 and $14.5 million.
CMS has revealed very little about the settlement. During a speech at the AHLA Physician’s Organization and Hospital and Health Law meeting in February, Troy Barsky, Director, Technical Payment Policy, announced the settlement and stated that future settlements would be issued on a regular basis and would likely be announced quarterly. Mr. Barsky also announced at the meeting that, to date, approximately 50 self-disclosures have been submitted through the SRDP. A handful have been accepted; for others, CMS has requested additional information. Until more settlements are issued, and with minimal details disclosed by CMS, it will remain difficult to predict the outcome of disclosures for providers contemplating use of the Stark Self-disclosure Protocol for correcting Stark violations. Accordingly, providers should carefully consider their various options for correcting Stark issues, including filing a self-disclosure under the SRDP.
The SRDP was posted to the CMS website on September 23, 2010 and shares a general structure and many specific features with the existing OIG Self-Disclosure Protocol (OIG Protocol). Importantly however, the SRDP also contains provisions that depart from the OIG Protocol, as described below, and leaves providers and suppliers with tough decisions regarding self-disclosure.
History and Notable Points
CMS was obligated to create the SRDP by section 6409 of the Affordable Care Act (ACA). Section 6409 required HHS to inform providers and suppliers as to how to disclose actual or potential violations of the Stark law – an open question after the OIG announced (March 24, 2009) that it would no longer accept “Stark only” disclosures. In addition, section 6409(b) of the ACA provided HHS the authority to compromise amounts owed due to a violation of the Stark Self-Referral Statute, providing providers and suppliers an important incentive to undertake the substantial commitment of preparing a self-disclosure.
The SRDP provides yet another incentive. Section 6402 of the ACA requires that all overpayments be reported and returned by the later of: (i) 60 days after the date on which the overpayment was identified; or (ii) the date any corresponding cost report is due. The SRDP suspends this timeframe, allowing disclosing parties additional time to investigate potentially complicated issues. When a disclosure made according to the SRDP has been received by CMS (and confirmed via return email) obligations under section 6402, if applicable, will be suspended until a settlement agreement is reached or a disclosing entity is removed (or removes itself) from the SRDP.
What the SRDP does not provide, however, is a bifurcated disclosure process advocated by various trade groups and others – a traditional route for complex disclosures and a “fast track” with set dollar repayment obligations for certain, more procedural, violations. CMS neither explained, nor noted, the absence of the bifurcated disclosure track; it remains an open question whether the SRDP may be modified in the future to provide an additional route for purely procedural violations.
Another somewhat surprising feature of the SRDP is its immediate application to parties under OIG corporate integrity agreements (CIAs). Under the SRDP, disclosing parties with CIAs or certification of compliance agreements must use the SRDP to report Stark-only, reportable events as of September 23, 2010. Parties reporting such events under the SRDP should also send a copy of the disclosure to their OIG monitor.
Additionally, CMS makes clear that it will coordinate with the OIG and the DOJ. CMS does not specify what that coordination will entail, but past experience with the OIG Protocol indicates it is likely that CMS will check to see if any ongoing investigations or other actions currently are being undertaken with respect to the disclosing party. Through the interaction with OIG and DOJ, CMS may conclude that the matters disclosed should be referred to either of those two entities. Further, as it deems appropriate, CMS may use the submission by a party to make recommendations to the OIG or DOJ to resolve False Claims Act, Civil Money Penalty or other liability. In a break from the familiar OIG caveats, however, CMS notes that it reserves the right to refer matters to “law enforcement for its consideration under its civil and/or criminal authorities.”
Finally, the SRDP specifically includes a provision requiring that it be granted access to all “supporting documents” without the assertion of privileges. Although the SRDP takes pains to qualify that requirement (noting, for instance, that attorney/client privileged communications will not be requested in the “normal course of verification,” and that CMS will be “willing to discuss” means of obtaining information without a waiver of privilege), this requirement may cause parties to pause and consider potential ramifications when choosing how to deal with potential violations.
The Disclosure Protocol
Generally, the SRDP mirrors the well-known OIG Protocol. Although it is specifically limited to "actual or potential violations of the self-referral law 1" the SRDP has many familiar features:
- Disclosing parties must provide CMS all relevant information, including names, dates, identification numbers, and a detailed description of the issue, its discovery, investigation, resolution, and any corrective actions (including the restructuring of the disclosed arrangement).
- Parties who are already subject to a government inquiry (including investigations, audits, or routine oversight activities) are not automatically precluded from the SRDP, although they must notify CMS of any ongoing investigations of which they are aware.
- As a condition of remaining in the SRDP, disclosing parties must agree not to appeal any overpayment assessed as a part of a settlement agreement.
- CMS is not bound to resolve a disclosure in any particular fashion or for any specific amount (CMS will not, for instance, agree to reduce a claimed overpayment by any specified percentage) although it will look to the mitigation factors provided in the Accountable Care Act:
- The nature and extent of the improper legal practice;
- The timeliness of self-disclosure;
- The cooperation in providing additional information relating to the disclosure;
- The litigation risk associated with the matter disclosed; and
- The financial position of the disclosing party.
Any reduction based on these factors will be based on an individual appraisal of the facts and circumstances of each disclosed violation.
- CMS may treat matters discovered outside the scope of the matter initially disclosed as outside the SRDP.
- To remain in the SRDP, parties are expected to cooperate fully with CMS’s verification process.
- Parties must provide a description of any notices, if applicable, provided to other government agencies (such as the SEC or IRS).
- Parties may not include any repayments as part of their SRDP submission, and may not make repayments during CMS’s verification without CMS’s permission. Parties are encouraged, however, to place reserved payments in an interest bearing escrow account to ensure adequate resources remain available at settlement. CMS also notes that amounts collected from individuals billed in violation of Stark must be refunded to those individuals on a timely basis. The SRDP does not explicitly state how such repayment will occur in connection with a compromised settlement.
CMS has also added some requirements which break with the OIG format:
- Disclosures under the SRDP must be filed electronically, via email to 1877SRDP@CMS.HHS.GOV. In addition, an original and one copy must be mailed to the Division of Technical Payment Policy. Following receipt of an electronic submission, CMS will send an email acknowledgement. (It is this email acknowledgement that begins the tolling of the 60-day repayment period in section 6402 of the ACA). CMS will then review the submission and send a letter to the disclosing party either accepting or rejecting the disclosure. Notably, there is no time frame for CMS to provide notice of acceptance or rejection.
- A disclosing party must provide a detailed description as to why the party believes a violation of Stark has occurred, including a “complete legal analysis” of the application of the Stark law to the matter being disclosed. This analysis should also include a description of any exception the party believes is, or may be, applicable and which elements of that exception are and are not met.
- A disclosing party must provide a statement as to whether the party has a “history of similar conduct, or…any prior criminal, civil, and regulatory enforcement actions (including payment suspensions)….”
- A disclosing party must provide details regarding the existence and “adequacy” of any pre-existing compliance plan.
- As noted above, the SRDP notes specifically that cooperation with CMS will require access to all “supporting documents without the assertion of privileges or limitations….”
- The SRDP also requires that a detailed financial analysis be submitted along with the initial disclosure (this varies from the OIG Protocol, which provides for a self-assessment after the scope of the non-compliance has been identified). This financial analysis must include the full amount, itemized by year, that is actually or potentially due and owing based upon the applicable look back period. The SRDP defines the look back period as the “period of non-compliance.” In addition, the financial analysis must include a description of the calculation methodology used and an explanation as to whether, and how, estimates were used.
- Finally, the SRDP notes specifically that it is separate from the Advisory Opinion process, and that parties may not use both processes simultaneously.
Following submission (and acceptance) of a disclosure into the SRDP, CMS will begin its verification process. As noted above, parties are required to fully cooperate with CMS during the verification process in order to remain in the SRDP. Specifically, CMS notes that it expects to receive documents and information requested “without the need to resort to compulsory methods.” Where CMS determines it needs new information, however, it will provide a disclosing party at least 30 days in which to produce it. Failure to cooperate could lead to removal from the SRDP. Where a party is removed, removes itself, or is initially rejected from the SRDP, CMS notes the reopening rules at 42 C.F.R. §§ 405.980 through 405.986 “shall” apply.
The SRDP is simple enough on its face but raises serious questions for parties weighing the risks of disclosure, whether they are considering disclosing simple procedural violations or more complex arrangements. Although the program structure is similar in many ways to the OIG Protocol, it also differs in important ways and, on the whole, is potentially more onerous to the disclosing party. The decision to disclose has always been a difficult one and, while the SRDP fills a necessary gap in the voluntary disclosure system, some of its more surprising additions (and omissions) may render it less attractive than many providers and suppliers had hoped.
1 As an important aside, the SRDP notes that any conduct that raises potential liabilities under other laws (such as the anti-kickback statute) should be reported to the OIG, and not to CMS (entities may not disclose to both). In conjunction with the OIG’s letter regarding its unwillingness to accept disclosures absent a “colorable anti-kickback violation,” this may raise questions regarding the correct disclosure avenue for more complex or uncertain situations where it is unclear whether, or to what extent, the anti-kickback statute is implicated. The SRDP explains that any implication of the anti-kickback statute should direct parties to the OIG’s protocol, but “any” is not the same as “colorable.” CMS, naturally, cautions that the initial decision as to where a disclosure should be filed should be “made carefully.”
*Joshua J. Freemire is a former member of Ober|Kaler's Health Law Group.