CMS Announces Self-Disclosure to CMS for Stark Violations

On September 23, 2010 the Centers for Medicare and Medicaid Services (CMS) released its Voluntary Self-Referral Disclosure Protocol (the SRDP), which sets forth a process for providers and suppliers to self-disclose actual or potential violations of the physician self-referral statute (the Stark Law). The Affordable Care Act enacted on March 23, 2010 (ACA) required CMS to develop the SRDP in cooperation with the Office of Inspector General (OIG) of Health and Human Services(HHS) The SRDP has been much anticipated, as there had been no formal method for self-disclosures of purely Stark Law violations following the OIG's March 2009 announcement that it would no longer accept Stark Law voluntary disclosures.

Incentives. There are two primary incentives to participate in the SRDP. First, ACA authorized HHS to compromise amounts owed for Stark Law violations. Second, when the self-disclosure is filed with CMS, the obligation imposed by ACA to repay any overpayments within 60 days of discovery is suspended until a settlement agreement is reached or the discloser is removed or removes itself from the SRDP.

The Process. Disclosures must be filed electronically (via email to 1877SRDP@CMS.HHS.GOV). In addition, one original and one copy must be mailed to the Division of Technical Payment Policy. Following receipt of an electronic submission, CMS will send an email acknowledgement, which begins the stay of the 60-day repayment period. After an initial review, CMS either accepts or rejects the disclosure. Below is a summary of the information required in the disclosure:

• A narrative with all relevant information, including names of involved individuals and entities, dates, identification numbers, and a detailed description of the issue, its discovery, investigation, resolution, and any corrective actions taken (including the restructuring of the disclosed arrangement).
• A detailed description as to why the party believes a violation of the Stark Law has occurred, including a complete “legal analysis” of the application of the Stark Law to the matter being disclosed, which should include a description of any exception that is, or may be, applicable and which elements of that exception are or are not met.
• A statement as to whether the party has a history of similar conduct, or any prior criminal, civil, or regulatory enforcement actions (including payment suspensions).
• Information regarding the existence and adequacy of any pre-existing compliance plan.
• A statement as to whether the disclosing party has knowledge that the matter is currently under inquiry by a government agency or contractor. Parties who are already subject to a government inquiry are not necessarily precluded from using the SRDP, although the disclosure must include information of any known ongoing investigations (including investigations unrelated to the disclosed conduct.) If the disclosing party is providing any notices to other governmental agencies relating to the disclosed conduct (e.g., the Securities and Exchange Commission or the Internal Revenue Service), a description of such notices must be included.
• A detailed financial analysis that includes the full amount, itemized by year, that is actually or potentially due and owing based upon the applicable look back period. The applicable look back period is defined as the period of non-compliance. The analysis must include a description of the methodology used and a summary of auditing activity undertaken and documents relied upon.
• A certification from the disclosing party’s CEO, CFO, or other authorized representative that all information included in the SDRP is true to the best of his or her knowledge and that the disclosure is made in good faith in order to bring the matter to the attention of CMS for the purpose of resolving potential liabilities.
• Disclosing parties should not include any repayments as part of their submission, and may not make repayments during the verification process without prior permission. Parties are strongly encouraged to deposit payments in an interest-bearing escrow account pending resolution of the settlement. In addition, amounts collected from individuals who were billed in violation of Stark must be refunded in a timely manner, but there are no listed requirements as to the appropriate time frame or how to handle repayments when individuals cannot be located or are deceased.
• Parties are expected to cooperate fully with CMS during the verification process. As part of this cooperation, CMS will require access to all supporting documentation without the assertion of privileges or limitations on the information produced. However, CMS does take pains to say that they will not ordinarily request production of documents that are subject to the attorney-client privilege, but may well request items that would otherwise be protected by the work product doctrine. CMS also states that they will discuss with counsel ways to gain access to underlying facts without the need to waive protections provided by privilege.

Mitigation and Reduction of Amounts Owed. It is important to note that CMS is not obligated to resolve a disclosure under the SDRP in any particular fashion or for any specific amount. CMS will, however, consider on a case-by-case basis the following mitigating factors:

1. The nature and extent of the improper legal practice;
2. The timeliness of self-disclosure;
3. The cooperation in providing additional information relating to the disclosure;
4. The litigation risk associated with the matter disclosed; and
5. The financial position of the disclosing party.

Limitations. Participation in the SRDP is limited to actual or potential Stark violations. The OIG’s Self-Disclosure Protocol is available for disclosing conduct that raises potential liabilities under other laws, and conduct that raises potential Stark liabilities in addition to other risks (for example, the same conduct may raise both Stark and anti-kickback issues) should be disclosed through the OIG’s Self-Disclosure Protocol. In addition, the process is separate from the Advisory Opinion process, and parties may not use both processes simultaneously for the same conduct.

The detailed nature of the information expected in an SDRP filing indicates that in practice, the SRDP may amount to a complete confession of wrongdoing, even where a violation is merely technical in nature. For example, if a provider finds during a contracts review that it has no written contract in place for a space lease, than all claims made during that period are to be included in the calculation of potential violations (even those that would not otherwise be subject to reopening under existing law).

A disclosing party must agree that no appeal rights attach to claims relating to the disclosed matter if the matter is settled. If a disclosing party is not satisfied, it may withdraw from the SRDP, but CMS may then reopen each of the affected claims and deny each claim (presumably limited to those claims subject to reopening under existing law). Appeal rights would then attach to those denials.

A disclosing party must agree that no appeal rights attach to claims relating to the disclosed matter if the matter is settled. If a disclosing party is not satisfied, it may withdraw from the SRDP, but CMS may then reopen each of the affected claims and deny each claim (presumably limited to those claims subject to reopening under existing law). Appeal rights would then attach to those denials.

CMS may treat matters discovered outside the scope of the initial disclosure as outside the SRDP. So, a thorough investigation of the matter before disclosing is essential, as a party will not necessarily receive self-disclosure credit for any conduct found to be outside the initially disclosed conduct.

Precautions and Risks. Options are limited for entities that have discovered inadvertent or technical Stark Law violations. Failure to disclose the problem and repay creates a risk of exposure to False Claims Act claims, yet employing the SDRP puts all (potentially) prohibited claims at risk, which could result in an exorbitant repayment obligation. Further, though the SRDP purports to apply to potential violations, the required information clearly assumes a violation has occurred. Thus, when a provider is uncertain whether an arrangement is a Stark Law violation, the SDRP may be unappealing—what is the likelihood that CMS will determine that no violation occurred?

Finally, CMS may refer disclosed conduct to the Department of Justice (DOJ) or the OIG for consideration under civil and criminal laws. CMS states that where the facts merit it, CMS will use the disclosure to recommend to the OIG and the DOJ resolution of False Claims Act, civil monetary penalty, or other categories of liabilities. The SDRP does little to elaborate on what such referrals or resolutions might mean, and does not state whether an SDRP settlement with CMS would include a release covering other potential liabilities for the same conduct. Accordingly, it remains difficult for an entity to determine whether participation in the SDRP is appropriate for its individual circumstances (particularly for technical violations). At the same time, the SDRP may be the provider’s best opportunity to achieve a favorable settlement for a Stark Law violation, and the referral from CMS could also be instrumental in obtaining a multi-agency settlement.

If you have any questions regarding the implications of the self-disclosure protocol, please contact your Baker Donelson attorney, or one of the Firm's Health Government Investigations attorneys or any other member of the Health Government Investigation group.