From the Contributor’s Corner: OIG Updates Its Self Disclosure Protocol

In February 1998, when the OIG released its Compliance Program Guidance for Hospitals, it included an explanation of its voluntary Self Disclosure Protocol (SDP).[1]  Its purpose was to encourage providers to report and resolve potential violations of the federal Anti-Kickback Statute (AKS) and resolve civil monetary penalty (CMP) liability that might arise under the AKS, False Claims Act (FCA), or other statutes. Since its inception, over 800 disclosures were resolved under the SDP, amounting to more than $280 million in recoveries for federal health care programs.

On April 17, 2013, the OIG superseded the original SDP with additional guidance and clarification of the process, as well as new requirements for those making self disclosure.[2] This was designed to streamline the internal process for disclosures “to reduce the average time a case is pending with OIG to less than 12 months from acceptance into the SDP.”  The SDP does not include reporting overpayments, errors, or violations solely of the Stark Law that should be addressed through repayment to the provider’s fiscal intermediary rather than through the SDP. Among the significant changes to the SDP are the following:

  1. Those using the SDP will likely avoid having to enter into a corporate integrity agreement with the OIG;
  2. Disclosing parties must acknowledge reported conduct is a potential violation of federal law;
  3. Disclosing parties must complete internal investigations within 90 days of submitting a matter to the OIG, rather than  from the date of acceptance into the protocol;
  4. Elimination of certain reporting requirements;
  5. New  guidance involving false billing, excluded persons, and AKS and Stark violations;
  6. Adoption of lower multipliers, usually 1.5 times single damages, rather than two times;
  7. Updating the minimum settlement amount for non-AKS violations;
  8. Requirement to waive  statute of limitations defense, or any similar defense in a subsequent OIG administrative action; and
  9. Clarification that the OIG will coordinate with the DOJ and the CMS in resolving criminal and civil liability under those agencies’ statutory authorities.

There are a number of other highlights in the new SDP:

  • Those disclosing claims fraud still must conduct a review of claims data using a statistically valid random sample of claims and describe the characteristics used to determine when a claim is an improper claim.
  • The SDP increases sample size requirements from 30 items to a minimum of 100 items (or more than 100 items for diverse claim populations).
  • The sample design, the sampling unit and frame must be defined.
  • Prior to disclosing the employment of an excluded individual, disclosing parties must screen all current employees and contractors against the List of Excluded Individuals/Entities (“LEIE”) and disclose all excluded persons in one submission.
  • The disclosing party must provide the total amounts improperly claimed and paid by federal health care programs for those items or services.
  • Disclosures relating to the AKS or both AKS and Stark Laws must acknowledge the arrangement was a potential violation of those laws and report the total remuneration provided under the agreement.

The OIG also clarified the interaction between the SDP and the 60-day overpayment rule (the “60-Day Rule”), which requires Medicare/Medicaid overpayments being reported to be returned by the later of 60 days after the date on which the overpayment was identified or the date any applicable corresponding cost report is due. Previously, providers were not required to return overpayments subject to a self-disclosure. It stated that CMS intends to suspend notice and repayment obligations under the 60-Day Rule when the OIG has acknowledged receipt of a timely submission to the SDP.

Providers interested in submitting a SDP may wish to consider the following:

  1. The SDP provides little tolerance when submitting incomplete or untimely disclosure.
  2. A thorough internal investigation should be made prior to entering the SDP process.
  3. Providers need to meet timeframes for submitting required reports and damage estimates.
  4. Providers must acknowledge, in writing, potential violations of specific federal law(s) and fully describe the relevant conduct.
  5. Disclosures limited solely to potential Stark Law liability should be referred to the CMS Self-Referral Disclosure Protocol (SRDP), not the OIG.
  6. Potential AKS liability, either alone or coupled with Stark Law liability, should be disclosed to the OIG through its SDP.
  7. OIG will use a 1.5 multiplier and provide a presumption against corporate integrity agreements.

[1] The text of the OIG’s hospital compliance program guidance may be found on the OIG website.

[2] See Office of Inspector General, Dep’t of Health & Human Serv., Updated OIG’s Provider Self-Disclosure Protocol (Apr. 17, 2013).

Richard P. Kusserow was the DHHS Inspector General for over eleven years.  He is the author of nine books related to compliance.  He is the founder and CEO of Strategic Management, a firm that has been providing specialized compliance advisory services since 1992 to 2,000 clients. For more information, contact him at

Connect with Richard Kusserow on Google+ or LinkedIn.

Copyright © 2013 Strategic Management Services, LLC.  Published with permission.