RELATED UPDATE: CMS Streamlines Stark Law Self-Disclosures (March 8, 2023)
The Patient Protection and Affordable Care Act (PPACA) requires the Secretary of the Department of Health and Human Services (HHS), with the Office of the Inspector General (OIG) of HHS, to establish a protocol for healthcare providers and suppliers to disclose actual or potential violations of Section 1877 of the Social Security Act (Stark Act). Under the Stark Act, healthcare providers and suppliers may not refer patients to any entity for certain services if the physician has a financial relationship with that entity, unless an exception for such referral applies.
On Sept. 23, 2010, the Center for Medicare and Medicaid Services (CMS) released its self-referral disclosure protocol (SRDP). The SRDP provides guidance for healthcare providers and suppliers to self-report actual or potential violations of the Stark Act in exchange for potentially (although not guaranteed) informal and more lenient settlement proceedings. Providers and suppliers should be cautious in self-disclosing through the SRDP. This article highlights nine key concepts and considerations regarding the SRDP.
- SRDP for Stark Violations Only: CMS points out that the SRDP is only to address actual or potential Stark Act violations; if the disclosing party’s conduct raises potential liabilities under other federal criminal, civil or administrative laws, the provider or supplier should self-disclose through the OIG’s Self-Disclosure Protocol. If CMS reviews an SRDP and determines that other violations in addition to the Stark Act may be implicated, CMS will refer the matter to the appropriate law enforcement agency (i.e., the OIG or the Department of Justice).
- Conduct an Internal Investigation Before Filing an SRDP: It is vital to conduct a thorough internal investigation of all related compliance issues prior to filing an SRDP, because violations other than the one being reported that are discovered by CMS through the SRDP may be used by the appropriate government agency to bring charges against the disclosing party. Thus, it is important to have a full picture of all potential compliance problems or risks before opening the door to government scrutiny of an organization’s operations.
- Good Faith Cooperation Necessary: An SRDP must be made in good faith, meaning that a disclosing party that attempts to circumvent an ongoing investigation or fails to fully cooperate in the self-disclosure process will be removed from the SRDP, and as noted above, information learned in an SRDP that is terminated for any reason may be used by CMS or another law enforcement agency to pursue legal action against the disclosing provider or supplier.
- SRDP Is Distinct from the Stark Advisory Opinion Process: A disclosing party may not use the SRDP to obtain a CMS determination as to whether an actual or potential violation of the Stark Act occurred. An SRDP is only appropriate where the disclosing party is prepared to accept responsibility for a violation or potential violation of the Stark Act, and is prepared to work with CMS to come to a resolution regarding such violation.
- Participation in SRDP Conditioned on Certain Terms; Waiver of Appeal Rights: One condition of disclosing a matter pursuant to the SRDP is that the party waives all appeal rights attached to claims relating to the conduct, and agrees to have the reopening rules (i.e., rules pertaining to remedial actions to change a final determination that resulted in either an overpayment or an underpayment) apply from the date of the initial disclosure to CMS. Similarly, although CMS has the authority to reduce the overpayment amount owed by the disclosing party as a result of the Stark violation, CMS has no obligation to reduce any amounts due and owing. As CMS states:
- Other Discovered Violations in CMS Verification Process of SRDP Fair Game: Any matters uncovered during CMS’s verification processes and investigation pursuant to the SRDP which are outside of the scope of the matter disclosed to CMS may be treated as new matters outside of the SRDP and prosecuted accordingly. In other words, self-reporting a Stark Act violation could potentially lead to additional criminal, civil or administrative liabilities under statutes such as the False Claims Act or the Anti-Kickback Statute.
- Need to Act Quickly: Given the 60-day time limit to return or report potential overpayments pursuant to Section 6402 of PPACA, providers and suppliers need to act quickly in order to get an SRDP on file, if the provider or supplier believes he or she has violated the Stark Act or has potentially violated the Stark Act. Note, however, that the 60-day period to return or report overpayments is tolled once a valid SRDP is filed.
- Complex Disclosure Requirements: The SRDP submission is a tedious process requiring complete legal and financial analyses related to the violation or potential violation. Some of the components of the SRDP submission include:
- A detailed description of the actual or potential violation, including a complete legal analysis of the application of the Stark Act to the conduct and any exceptions to the Stark Act that may apply;
- A description of all past, present and future compliance programs that the disclosing party has implicated, why such programs failed in preventing the violation, and what efforts have been taken to avoid violations going forward;
- A detailed financial analysis of the violation, itemized by year, for the entire period of non-compliance (referred to by CMS as the “look back” period), as well as a description of the methodology used for the financial analysis; and
- Certification by an authorized representative of the disclosing party that all information contained in the SRDP is truthful and based on a good faith effort to bring CMS’s attention to the Stark Act violation.
- Secure Appropriate Representation and Counsel: Because an SRDP is a tedious process involving careful legal and financial analyses of a provider or supplier’s business, providers and suppliers are urged to seek immediate counsel if they suspect they have violated the Stark Act.