|
|
||||||
|
03/29/1999 |
||||||
|
Sanford V. Teplitzky Appeared in The National Law Journal In October, 1998, the Office of Inspector General of the Department of Health and Human Services (OIG) issued a document entitled Provider Self-disclosure Protocol. According to the OIG, the Protocol is intended to "implement specific procedures and mechanisms to examine and resolve instances of non-compliance with program requirements." The OIG also stated that "[i]n establishing this new guidance, we are renewing our commitment to promote an environment of openness and cooperation." It is simply too early to conclude whether this development will be viewed by the provider community as a significant step in the right direction or simply another hollow and nonbelievable version of the old adage "I'm from the government, and I'm here to help you." Clearly, a number of significant questions surround the Protocol. Although the Protocol purports to address all situations of "non-compliance," the language used in the Protocol is heavily weighted toward an assumption of wrongful or illegal conduct. For example, the first paragraph of the OIG's news release announcing the new program characterizes the Protocol as "an expanded and simplified program for health care providers to voluntarily report fraudulent conduct" (emphasis added). Further, the elements of the Protocol require a provider to submit a substantial amount of detailed information, including statements as to which laws have been violated and why the provider believes such violations have occurred. The elements also place the provider in the position of investigator, judge, and jury by requiring the provider to identify not only those individuals who participated in the wrongful conduct, but also those who "should have known of, but failed to detect" the inappropriate activity. Disciplinary actions must also be disclosed. Thus, the Protocol arguably pits the provider against its employees by requiring, or at least appearing to require, that the provider not only investigate potential inappropriate activity, but also convince the OIG that swift and severe punishment has been imposed. It is important to note that the OIG refused to provide any assurances or guarantees as to how a provider who self-reports will be treated. In fact, the OIG specifically reserved the right to forward the self-report, where appropriate in the view of the OIG, to the Department of Justice "for consideration under its civil and/or criminal authorities." At the same time, however, the document specifically indicates that a voluntary disclosure will be viewed as a "mitigating" circumstance to be considered by the OIG when imposing any penalties on the provider. Further the Protocol indicates that where the matter appears to involve only "overpayments or errors that do not suggest that violations of law have occurred," the provider should report the overpayments or errors directly to the entity, such as the carrier or intermediary, that processes claims and issues payments on behalf of the relevant health care program. That entity will have the authority to resolve the matter, or where further investigation identifies "concerns about the integrity of the provider," the matter may be referred once again to the OIG. The Protocol acknowledges the existence of a prior "voluntary disclosure program" which was piloted by the OIG as part of Operation Restore Trust (ORT). That program was quite narrow, both in its scope and effect. The OIG limited participation in the program to corporate entities doing business in one of the five states in which ORT was piloted, and to only four types of providers. Also, the pilot disclosure program excluded providers who were presently subject to government investigations, audits, or other oversight activities. Not surprisingly, participation in the prior voluntary disclosure program was extremely limited. The pilot disclosure program under ORT required the execution of a formal voluntary disclosure agreement that defined the parties' participation in the program, including the provider's commitment to fully cooperating with the OIG's disclosure verification. According to the OIG, the new Provider Self-disclosure Protocol includes "no pre-disclosure requirements, applications for admission or preliminary qualifying characteristics that must be met." The program is also open to all health care providers, including individuals, and is not limited to any particular industry, medical specialty, or type of service. Further, the Protocol does not require a written agreement describing the terms of the self-assessment required under the Protocol, which again is a change from the earlier program. Of particular note, the Protocol "has no rigid requirements or limitations." However, the OIG indicated that "[p]roviders that follow the Protocol expedite OIG's verification process and thus diminish the time it takes before the matter can be formally resolved." At the center of the new Protocol is the OIG's belief that "health care providers have an ethical and legal duty to ensure the integrity of their dealings" with federal health care programs. This obligation, according to the OIG, "encompasses the need to implement specific procedures and mechanisms to examine and resolve instances of non-compliance with program requirements." Although the OIG stops short of requiring a provider to implement a corporate compliance program, the Protocol clearly favors such activities. In other words, the OIG has renewed its position that providers who learn that they are in receipt of funds from any federal health care program to which they are not entitled (even if they believed that they were entitled to such funds at the time they obtained them) have an affirmative duty to report the receipt of these funds to an agent of the federal government. According to an introductory statement, the decision to follow any or all of the OIG's suggested Protocol "rests exclusively with the provider." However, of particular note, the Protocol states that "a provider that uncovers an ongoing fraud scheme within its organization immediately should contact OIG, but should not follow the Protocol's suggested steps to investigate or quantify the scope of the problem." The OIG takes the position that failure to consult with the OIG before conducting the internal assessment may result in "a substantial risk that the Government's subsequent investigation will be compromised." The OIG does believe, however, that the procedures of the Self-disclosure Protocol are useful to providers because "opening lines of communication with, and making full disclosure to, the investigative agency at an early stage generally benefits the individual or company." The document provides substantial detail regarding the Protocol. However, even with this detailed guidance, the OIG retains the discretion to reject any findings made by the disclosing provider under the Protocol and "is not obligated to resolve the matter in any particular manner." The Protocol does offer useful guidance and, to some extent, cooperation which heretofore, at least in the view of the provider community, has not existed. The Protocol itself is divided into the following five categories:
Each of these categories provides both the parameters and critical elements of the overall Protocol. Again, the OIG notes that a provider need not follow all of these elements. However, determinations regarding the good faith of the provider and the credibility of the information presented to the OIG will most assuredly be based, in large part, upon a provider's compliance with the elements of the Protocol. It should be expected that the details of the Protocol will be developed over time. It is also likely that experience with the Protocol will result in either increased or decreased confidence in the integrity of the process and the value of voluntary self-disclosure. The following is a summary of the elements of the Protocol. Voluntary Disclosure Submission The Protocol requires that the disclosure be made in writing and contain certain "basic information," including:
The Protocol also requires that the provider, after completing its internal investigation and self-assessment of the disclosed matter, include a report of certain "substantive information" from its findings. In other words, the provider is required to submit sufficient information to enable the OIG to assess the self-disclosure and ultimately to verify the disclosure's conclusions. Of particular note, the Protocol indicates that the "OIG will generally agree, for a reasonable period of time, to forego an investigation of the matter" (emphasis added), while the provider concludes its own review in accordance with the Internal Investigation Guidelines and Self-assessment Guidelines discussed below. Internal Investigation Guidelines The Protocol sets forth specific criteria that must be addressed in the provider's report of its internal investigation. The criteria is divided into two sections: the nature and extent of the improper or illegal practice, and the provider's discovery and response to the matter. The report of the nature and extent of the matter must demonstrate that a full examination of the inappropriate practice has been conducted, with a written narrative addressing:
The disclosure document must also include a report of the circumstances under which the practice was discovered and the provider's response, including efforts to investigate the practice. This element of the self-disclosure report should include:
Finally, the internal investigation report must include a certification that the report contains truthful information and "is based on a good faith effort to assist OIG in its inquiry and verification of the disclosed matter." Self-Assessment Guidelines The Protocol requires the provider to estimate the monetary impact of the disclosed matter and prepare a report containing a detailed review of the provider's approach in conducting the assessment, which can include either a review of all claims affected by the disclosed matter or a statistically valid sample of those claims. The provider also must submit a detailed proposed work plan to the OIG describing the self-assessment process. The Protocol commits the OIG to review the proposal and "where appropriate, provide comments on the plan in a timely manner." In any case, the proposal should include identification of the objective of the self-assessment, the population about which information is needed, the sources of data used for the self-assessment, and the qualifications of the personnel who will conduct the self-assessment. Additionally, if the review is based upon a sample, the work plan should include a detailed description of the manner in which the sample was identified and a statement as to how the results of the sample review will be reported at the conclusion of the review. The Protocol requires that the disclosing health care provider submit a certification to the OIG upon completion of the self-assessment, again indicating that the report contains truthful information and is based upon a good faith effort "to assist OIG in its inquiry and verification of the disclosed matter." OIG Verification The Protocol provides that the OIG will begin its verification after receipt of the provider's disclosure submission. Not surprisingly, the verification effort "will depend, in large part, upon the quality and thoroughness of the internal investigative and self-assessment reports." Of particular note, the Protocol indicates that matters uncovered during the verification process which are outside of the scope of the matter disclosed to the OIG "may be treated as new matters outside the Provider Self-disclosure Protocol." In the past, providers have been particularly concerned with the confidentiality of the information voluntarily provided to the government and with the preservation of the attorney/client privilege when making disclosures to the OIG. Unfortunately, it appears that the information submitted by a provider will be subject to release pursuant to a Freedom of Information Act request. Additionally, the Protocol indicates that the OIG "must have access to all audit work papers and other supporting documents without the assertion of privileges or limitations on the information produced." Although the Protocol indicates that "[i]n the normal course of verification, OIG will not request production of written communications subject to the attorney-client privilege," the OIG reserves the right to request all documents which it believes are critical to resolving the disclosure. The Protocol indicates that the OIG "is prepared to discuss with provider's counsel ways to gain access to the underlying information without the need to waive the protections provided by an appropriately asserted claim of privilege." Obviously, this particular area will require continued monitoring by the provider community. Payments The OIG will not accept payments "of presumed overpayments" prior to the completion of the OIG's inquiry, including its verification of the self-assessment submitted by the provider. Further, the disclosing provider must not make payment related to the matter to any agent of the federal health care programs "without OIG's prior consent." Conclusion The OIG, in its news release, identified the benefits of self-disclosure, indicating that "[s]elf-reporting offers providers the opportunity to minimize the potential cost and disruption of a full scale audit and investigation, to negotiate a fair monetary settlement, and to avoid an OIG permissive exclusion preventing the entity from doing business with the Federal health care programs." Again, however, the OIG refused to provide any assurances or guarantees that self-disclosure will result in any favorable treatment, and instead referenced facts and circumstances of particular situations. The Protocol provides that "[t]he disclosing entity's diligent and good faith cooperation throughout the entire process is essential." To the extent that the OIG believes a provider is not working in good faith the "lack of cooperation will be considered an aggravating factor when OIG assesses the appropriate resolution of the matter." Further, if the OIG believes that the provider has intentionally submitted false or otherwise untruthful information, the matter will be referred to the Department of Justice or other federal agencies and the submission of such information "could, in itself, result in criminal and/or civil sanctions, as well as exclusion from participation in the Federal health care programs." The OIG has long indicated its desire for a voluntary disclosure program. The health care industry has sought a process by which providers could self-report both unintentional errors as well as their receipt of payments pursuant to activities which were inconsistent with corporate compliance efforts. Over the years, the lack of faith and trust in one another has certainly acted to delay, and in some instances derail, efforts to achieve these goals. The Provider Self-disclosure Protocol appears to be an attempt on the part of the OIG to establish a program which is both meaningful and credible. As noted above, a significant number of questions remain, most of which may not be resolved until there is some experience under the Protocol. Providers should not contact the OIG without first contacting and consulting with competent health care counsel. Self-disclosure can be a meaningful and important tool both for the federal health care programs and for providers acting in good faith. However, as always, caution is advised. Suggested Call Outs: Although the Protocol purports to address all situations of "non-compliance," the language used in the Protocol is heavily weighted toward an assumption of wrongful or illegal conduct. The Protocol does offer useful guidance and, to some extent, cooperation which heretofore, at least in the view of the provider community, has not existed. The Protocol requires the provider to estimate the monetary impact of the disclosed matter and prepare a report containing a detailed review of the provider's approach in conducting the assessment, which can include either a review of all claims affected by the disclosed matter or a statistically valid sample of those claims. Sanford V. Teplitzky is the department chair of Ober, Kaler, Grimes & Shriver's Health Law Department. He can be reached through e.mail at teplitzky@ober.com or 410-347-7364. |
||||||
|
Ober, Kaler, Grimes & Shriver Maryland
Washington, D.C. Virginia |
||||||
