OIG Issues Guidelines for Voluntary Disclosure of Health Care Fraud

On October 21, the Department of Health and Human Service's Office of Inspector General (OIG) released its Provider Self-Disclosure Protocol, a program for health care providers to voluntarily report fraudulent conduct affecting Medicare, Medicaid and other federal health care programs. This is not the first time the OIG has sponsored a voluntary disclosure program. In 1995, a pilot program was introduced as part of Operation Restore Trust. The pilot program, which lasted for two years, was available only to home health agencies, skilled nursing facilities, durable medical equipment suppliers and hospices in five states. The requirements for participation in the pilot program were very onerous and, as the OIG admits, there were very few takers. This time, the program is available to any health care provider, and the fact that the provider is already the subject of a government investigation or audit will not result in automatic disqualification.

THE PROTOCOL

The Protocol is intended to be followed only after an initial assessment substantiates that the provider has a problem with non-compliance. At that point, the Protocol provides for the following three-step process:

1. Written Submission of Basic Information to the OIG.

The provider must notify the OIG of the problem by making a written submission containing the following information:

• Name, address, provider identification and tax numbers, and a diagram or description of the pertinent relationships and the names and addresses of any related entities, as well as any affected corporate divisions, departments or branches.
• Whether the provider knows the matter is the subject of a current investigation.
• Full description of the matter to be disclosed.
• Type of health care provider involved (including billing numbers) and health care programs affected (including government contractors such as carriers, intermediaries and other third party payors.
• Reasons why the disclosing provider believes that a violation of law may have occurred.
• A certification that the submission is truthful and based on a good faith effort to resolve any potential liabilities.

2. Internal Investigation and Financial Self-Assessment.

The Protocol requires a very detailed investigation of all aspects of the matter and a financial self-assessment of the monetary impact pursuant to detailed guidelines set forth in the Protocol which include a review of either all of the claims submitted during the relevant period or statistically valid sample of such claims. The OIG will generally forego its own investigation of the matter for a reasonable period of time if the provider agrees to follow the internal investigation and self-assessment guidelines. Upon completion of the investigation and self-assessment, the provider must submit detailed reports to the OIG. The following is just some of the information that the guidelines state should be included in the report of the internal investigation:

• An identification of the cause of the incident or practice.
• The impact on, and risks to, health, safety, or quality of care posed by the matter disclosed.
• The names of the corporate officials, employees or agents who knew of, encouraged, or participated in, the incident or practice and any individuals who may have been involved in detecting the matter.
• The names of the corporate officials, employees or agents who should have known of, but failed to detect, the incident or practice.
• An estimate of the monetary impact on federal health care programs pursuant to the financial self-assessment guidelines.
• A detailed chronology of the investigation, including a list of all persons interviewed, a list of all persons who refused to be interviewed, and a description of files documents and records reviewed with sufficient particularity to allow their retrieval.
• A description of any disciplinary action taken against corporate officials, employees and agents.

3. Verification by the OIG.

The information reported by the provider must be verified by the OIG. The length and scope of the verification process will depend upon the extent to which the provider followed the guidelines set forth in the Protocol and upon the quality and thoroughness of the provider's internal investigation and self-assessment reports. During the verification process, the OIG must be given access to all audit work papers and other supporting documentation without any claim by the provider that such documents are privileged.

KEY POINTS

Will providers who self-disclose be treated more leniently? The OIG isn't making any promises but the guidelines state that, based on the OIG's experience, "opening lines of communication with, and making full disclosure to, the investigative agency at an early stage generally benefits the individual company." While each provider will have to make its own assessment of the potential benefits of the new program, the following key points should be of interest to all providers:

1. The program is completely voluntary.
2. It is not intended to address overpayments or errors not involving a violation of the law. These matters should be brought to the attention of the appropriate carrier or fiscal intermediary.
3. The program does not appear to be intended for situations where a provider discovers an ongoing fraud scheme. The OIG instructs providers not to follow the Protocol in such a situation without prior consultation with the OIG.
4. The decision of whether to participate in this new program raises complex and sensitive legal issues which should be carefully considered and discussed with experienced legal counsel.
5. The OIG is not bound by any findings made by the disclosing provider and is not obligated to resolve the matter in any particular manner. There are no guaranties of leniency and the OIG may conclude that the matter should be referred to the Department of Justice for consideration of criminal or civil proceedings. Penalties for violation of health care anti-fraud statutes include imprisonment, substantial monetary penalties and exclusion from participation in Medicare, Medicaid and other federal health care programs.
6. Participation in a voluntary self-disclosure program may result in a waiver of the Fifth Amendment protections against self-incrimination.
7. The guidelines contain no express promise of confidentiality for the reports submitted to the OIG, and it is not clear whether the reports may be obtained by a third party through a Freedom of Information Act request after the matter has been settled.
8. The OIG will not accept payments from the provider prior to the completion of the verification process and encourages providers to place the overpayment amount in an interest-bearing escrow account to minimize further losses. In addition, providers may not make payments to the federal health care programs or their contractors while the matter is under investigation without the OIG's prior consent.
9. The intentional submission of false information or the intentional omission of relevant information could result in criminal sanctions and exclusion from the Medicare, Medicaid or other federal health care programs.
10. Providers participating in the process should expect to be required to enter into a corporate integrity agreement with the OIG as part of any settlement. This agreement will require, among other things, that the provider establish and implement a corporate compliance program.

While it remains to be seen whether providers will find the new Protocol more attractive than the 1995 pilot program, the Protocol certainly provides detailed guidance from the OIG on what providers must do if they decide to make a voluntary disclosure. The OIG plans to issue additional compliance guidance in the next several months pertaining to independent third party billing companies, coordinated care plans in the Medicare + Choice program, and durable medical equipment companies.

A copy of the new Protocol may be obtained from Tom McGraw or any other member of the Dykema Gossett Health Care Group.