For a variety of reasons, providers are facing with increasing frequency the need to assess the option of making a voluntary disclosure to the government. Whether the issue is triggered by a systemic billing and coding error, an excluded provider or a lurking Stark Law violation, self-disclosure is one of the options to be considered.
This is an area fraught with both risk and ambiguity. Providers can disclose to a variety of agencies and in a variety of different ways. In general, as the seriousness of the potential infraction increases, the venue for disclosure rises in kind to a higher authority. Providers must weigh the time, expense and consequences of the disclosure at various levels: carrier, intermediary, Centers for Medicare and Medicaid Services (CMS), Office of Inspector General or U.S. Attorney. No one size fits all.
This advisory is intended to assist healthcare providers in evaluating and, if appropriate, making a voluntary disclosure. In addition to offering a list of five steps to consider before making any disclosure, the advisory includes some background on the self-disclosure process and a short description of the results of a recent American Health Lawyers Association (AHLA) voluntary disclosure survey.
Self-Disclosure Protocol: background and improvements
The Department of Health and Human Services Office of Inspector General (OIG) has been encouraging the healthcare provider community to use the Provider Self-Disclosure Protocol (SDP) since 1998. Although many providers have successfully used the SDP to disclose errors and repay the Medicare and Medicaid programs, the decision whether to pursue the lengthy and complicated SDP process is often a difficult one.
On April 15, 2008, the OIG issued an Open Letter to the provider community to announce two significant improvements in the SDP process. First, responding to past criticism that the OIG frequently took too long to resolve self-disclosures, the OIG announced it will give priority to the resolution of self-disclosures within the SDP process. Second, responding to criticism that providers were often no better off pursing the SDP process, the OIG announced it will apply a presumption that no corporate integrity agreement will be required for providers that disclose under the SDP process.
AHLA voluntary disclosure survey insights
The AHLA recently released the results of a voluntary disclosure survey. Although survey participation was voluntary, and the results therefore unscientific, the June 2008 AHLA survey report tabulates responses from 195 providers who made voluntary disclosures to a governmental agency, including the OIG, the Department of Justice, local U.S. Attorneys Offices and Medicare contractors.
Almost half of the voluntary disclosures were resolved within a year of disclosure, although nearly a quarter of them took longer than two years to resolve. Twenty percent of the respondents were required to enter into a corporate integrity agreement. Almost three-quarters of the voluntary disclosures were made through outside legal counsel.
Factors in the equation
There are many variables to consider when deciding whether to disclose an overpayment, potentially fraudulent conduct or other violation of law. It is also challenging to determine whether the disclosure should be made to the OIG, the U.S. Attorney, a state enforcement authority or a program contactor. Every situation is different, and the circumstances of each must be carefully analyzed.
The answers are almost never black-and-white. On one hand, a misunderstanding of coding requirements that caused a systemic coding error resulting in an overpayment may lead to the decision to disclose either to the Medicare contractor or to the OIG under the SDP depending on the specific facts. On the other hand, a possible Stark violation for which there exists a reasonable, although untested, theory of compliance may result in a determination that there is nothing to disclose to the government.
Five steps to consider
Although the process is complicated, there are some common-sense principles that can help guide the decision. More specifically, we think the following five steps should at least be considered by healthcare providers and their legal counsel before embarking upon a voluntary disclosure:
- Be sure of your position. Healthcare regulatory requirements and billing rules are notoriously complex. Even seasoned coders and compliance officers can conclude mistakenly that the law has been violated or that an overpayment has occurred. Before going down the tortuous path of an SDP or other disclosure, take a step back, carefully assess all the circumstances, and analyze in detail the relevant laws, regulations, CMS or state manual provisions, policy and coding interpretations, Stark and Anti-Kickback exceptions and safe harbors, and other authorities.
- Be an advocate. This step is closely related to the first one. Healthcare regulatory requirements are frequently ambiguous or at least subject to more than one interpretation. Moreover, the government's interpretation of a law or regulation may not have been considered by any court, and may or may not be upheld if challenged. In assessing whether to make a disclosure to the government, make sure you carefully consider alternative interpretations of the legal requirements potentially at issue and understand the level of certainty of the potential violation, given the specific facts.
- Be far-sighted. Once you start the disclosure process, you are no longer in control. Carefully consider the range of consequences that could be triggered, and make sure that the appropriate decision-makers within the organization are fully informed and support the decision to disclose. It may be appropriate to involve the CEO and the board if the issue is significant. Developing an internal communications strategy about the disclosure is also a prudent step.
Considering the both the logistics and the potential “parade of horribles”—including the prospect of government investigation in areas beyond the subject of the disclosure, in addition to press inquiries—may not alter the decision to disclose, but it will certainly help the organization to make a more informed decision and to be prepared for the events that may follow from the disclosure.
- Be complete. If you are going to tell the government about your misdeeds, then be sure to tell the whole story. It is both naïve and dangerous to disclose half the story and expect the government not to learn the other half. We are not necessarily suggesting that you waive attorney-client privilege or that you admit legal wrongdoing or concede the most damaging interpretation of the facts. We are suggesting that you ask yourself the questions one would expect the government to ask and prepare your disclosure accordingly.
- Be strategic. The identification of which branch or agency within the government to approach for a disclosure is part legal analysis, part strategic calculation and part visceral judgment. As noted above, disclosures can be made to a U.S. Attorney's Office, the OIG, a Medicare contractor, the state Medicaid Fraud Control Unit , the state Medicaid program or another state enforcement agency. The arguments for and against each available option should be carefully considered.