Timing key for internal audits, self-disclosure

There is an art to conducting internal compliance audits and determining when to begin a self-disclosure protocol—the ideal compliance program should promote prevention, detection, and resolution of any conduct that fails to comply with the requirements of state and federal health care programs. Knowing when to perform an internal investigation or audit to encourage a healthy program is key, according to Leia C. Olsen, shareholder, Hall Render, who was presenting at a Health Care Compliance Association (HCCA) webinar.

Olsen noted that many qui tam actions arise when employees do not feel as though their concerns are being heard and taken seriously. She stressed the importance of having a mechanism for reporting incidents, and timely monitoring identified issues and implementing remedial measures. However, she noted that qui tam suits can potentially be prevented not only by conducting an internal investigation, but also by self-disclosing, which can trigger the public disclosure bar. Self-disclosure of identified wrongdoing is encouraged by the Department of Justice and HHS, but, per the Yates memorandum, all relevant facts must be provided by a company before it can receive credit for cooperating and voluntary self-disclosure. Therefore, it is important to conduct a thorough investigation, collecting all available information and documentation, before self-disclosing.

The 60-day refund rule, promulgated under Sec. 6402 of the Patient Protection and Affordable Care Act (ACA) (P.L. 111-148), together with the Fraud Enforcement and Recovery Act of 2009 (FERA) (P.L. 111-21), creates False Claims Act (FCA) liability for providers who fail to report and return identified overpayments within 60 days of identifying the overpayment. Therefore, Olsen said, the time to meet the reasonable diligence standard after learning of a potential overpayment is limited. Having a protocol in place to quickly decide whether to self-disclose is critical in securing the greatest amount of cooperation credit.

Kusserow on Compliance: OIG reports nearly $50M in recoveries from self-disclosures in first half of 2016

The HHS Office of Inspector General (OIG) issued its semi-annual report for the first half of fiscal year (FY) 2016 (October-March) and summarized key accomplishments. One area included in the report concerned the Provider Self-Disclosure Protocol (SDP) and the results from this program. The OIG reported during the reporting period, self-disclosure cases resulted in more than $48.1 million in HHS receivables. This is a program that the OIG has been promoting since 1998. It has published comprehensive guidelines describing the protocol for providers to voluntarily submit to OIG self-disclosures of fraud, waste, or abuse. It guides providers and suppliers through the process of structuring a disclosure to the OIG about matters that constitute potential violations of federal laws. The carrot offered to organizations and entities to self-disclose is that it gives them an opportunity to minimize the potential costs and disruption that a full-scale OIG audit or investigation might entail if fraud were uncovered. It also allows the provider to negotiate a fair monetary settlement and potentially avoid being excluded from participation in federal health care programs.

The ACA mandates timely reporting overpayments

The Patient Protection and Affordable Care Act (ACA) contains a mandate to disclose and return an overpayment within 60 days after identification or the date any corresponding cost report is due, whichever is later. Overpayment is defined under the law as any funds that a person receives or retains from Medicare or Medicaid to which the person, after any applicable reconciliation, is not entitled. This includes any Medicare or Medicaid payments received by a hospital or other provider in violation of the Stark Law or the Anti-Kickback Statute (AKS). The CMS Final rule requires Medicare Parts A and B health care providers and suppliers to report and return overpayments within 60 days it was identified. This should not be confused with the Final rule published in 2014 that addresses Medicare Parts C and D overpayments. The OIG has reported on many occasions the need for the rule to force providers to more timely report and repay overpayments. Now CMS has clarified the requirements for the reporting and returning of self-identified overpayments. It made it clear that failure to meet the standards may result in enforcement actions under the False Claims Act (FCA) liability, Civil Monetary Penalties liability, and exclusion from federal health care programs. Increasingly the DOJ is employing False Claims Act (FCA) liability for failing to meet this obligation.

Prompt and complete investigation of potential overpayment is critical

This 60-day window for repayment represents a serious problem for providers as to when overpayments have been identified. Providers have had a difficult time determining when the clock starts ticking because the word “identified” was not defined in the law. In 2012, CMS issued a Proposed rule stating that a provider has “identified” when it has “actual knowledge of the existence of the overpayment or acts in reckless disregard or deliberate ignorance of the overpayment,” no Final rule still has been issued. The rule remained unclear as to how to determine when the “clock” began and left interpretation by providers, until last summer when the U.S. District Court for the Southern District of New York made their decision in the case of Kane v. Healthfirst, Inc. The court ruled an overpayment must be reported, explained, and returned within 60 days after the date it was “identified,” noting the failure to timely return an overpayment constitutes a “reverse false claim.”

Those making the disclosure are expected to thoroughly investigate the nature and cause of the matters uncovered and make a reliable assessment of their economic impact. The OIG evaluates the reported results of each internal investigation to determine the appropriate course of action. Those intending to make a self disclosure should carefully read and follow all submission requirements. In 2013, the OIG posted a revised SDP that retained many of the original elements of the initial protocol, but included new notable features including requiring minimum settlement amounts of at least $50,000 for self-disclosures involving kickback-related submissions and $10,000 for all other disclosures. Importantly, the revised SDP also provides much more detail on the OIG’s review and resolution process, and the benefits providers obtain from disclosing through the SDP.

The SDP has evolved into well-established process that has resulted in more than 1,000 disclosures being resolved with recoveries approaching a half billion dollars. The new requirements for overpayment return, along with increasing enforcement, are making self- disclosure a critical tool for providers and their compliance officers. All of this activity is driving more and more providers to self disclose, so the new trend for increased recoveries from this process is likely to continue, and actually accelerate over the coming year. Even an organization with an “effective” compliance program may find that it has received an overpayment. Recent cases and settlements are making it clear that returning any overpayment received is essential, and self- disclosure is often the best (and sometimes only) way to accomplish this.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2016 Strategic Management Services, LLC. Published with permission.