Medicare and Medicaid program integrity efforts – coupled with complex coding and claiming procedures, ever-increasing program requirements, new payment methods, and the growing market share of taxpayer-funded programs – present significant compliance challenges for health plans, hospitals, physicians, pharmaceutical and biotechnology firms, medical device makers, and other providers and suppliers.

The HHS Office of Inspector General (OIG) encourages health care providers and suppliers to voluntarily disclose self-discovered evidence of potential Medicare or Medicaid fraud.  The OIG’s Self-Disclosure Protocol (SDP) can help providers avoid the costs and disruptions often associated with a government investigation and with civil or administrative litigation.

OIG verifies the information contained in a provider’s submission, evaluates the matter for potential fraud issues, and consults as appropriate with other officials, such as federal and state prosecutors, the Centers for Medicare and Medicaid Services (CMS), and state Medicaid agencies.

For health care providers, a key is to work cooperatively with the OIG and being timely, forthcoming, thorough, and transparent in disclosures.

Tips for Self Disclosures by Medicare and Medicaid Providers:

The OIG has several tips for success in the Self-Disclosure Protocol process:

1.  Follow ALL the requirements in the Federal Register AND the 2008 Open Letter in your written submission.  Common mistake = missing information.

2.  Mail it to the address in the Federal Register: Assistant IG for Investigative Operations, HHS/OIG, 330 Independence Ave, SW, Room 5409, Washington, DC 20201.

3.  Don’t disclose prematurely. Your investigation and damages audit either needs to be completed or you commit to completing within three months after acceptance.

4.  Provide a complete description of the conduct and investigation:

  • What happened?
  • What is the time period?
  • Why did it happen?
  • Why is there potential legal liability for the conduct?
  • Who was involved?
  • How was the conduct discovered?
  • What corrective actions have been taken?

5.  Identify the fraud laws at issue. Just “Federal laws, rules, and regulations” or “the Social Security Act” is not sufficient.

6.  Pay attention to the sampling requirements in the Protocol at Section V.

7.  Stark-only conduct that does not also have a colorable kickback claim is not eligible for OIG’s protocol.  CMS has created its own disclosure protocol for Stark-only conduct.

8.  Expect that disclosure will result in a settlement agreement for an amount that is a multiplier of damages. Simple overpayments are not appropriate for the SDP.

9.  Full cooperation is essential.

Resources on OIG Provider Self-Disclosure Protocol and Process:

Open Letter to Health Care Providers (March 24, 2009)

Provider Self-Disclosure Protocol Federal Register Notice (October 30, 1998 [63 Fed. Reg. 58,399])

Open Letter to Health Care Providers (April 15, 2008)

Open Letter to Health Care Providers (April 24, 2006)

Selected Settlements under the Provider Self-Disclosure Protocol