OIG Issues Updated Provider Self-Disclosure Protocol

May 30, 2013

On April 17, 2013, the Office of Inspector General of the U.S. Department of Health & Human Services (OIG) released an update to its Provider Self-Disclosure Protocol (SDP). The original SDP had been published in October 1998 (63 Fed. Reg. 58399) (Oct. 30, 1998)) for the purpose of providing a process by which healthcare providers could voluntarily report and resolve instances of potential fraud involving federal healthcare programs. According to the release, the OIG has resolved more than 800 disclosures over the last 15 years, with recoveries exceeding $218 million, including the settlement of 235 cases since 2008.

In 2006, 2008 and 2009, the OIG issued open letters to healthcare providers regarding various aspects of the 1998 SDP, and in June 2012 the OIG solicited public comments about the SDP. This recent update is a result of the OIG’s consideration of those comments and its reevaluation of the 1998 SDP. The updated SDP completely supersedes the 1998 SDP and the open letters.

The updated SDP addresses the following areas: (1) the benefits of disclosure; (2) eligibility criteria and guidance; and (3) requirements of provider submissions, including specific requirements for submissions involving false billing, excluded persons, the Anti-Kickback Statute and the Stark Law.

Benefits of Disclosure

In this update, the OIG again emphasizes the importance of integrity when dealing with federal healthcare programs and it identifies certain specific benefits of disclosure. First, the update recognizes the OIG’s belief that a good faith disclosure typically indicates an effective compliance plan. In furtherance of this recognition, the OIG has instituted a presumption against the requirement of corporate integrity agreements in exchange for a release of the OIG’s permissive exclusion authority.

Second, the update recognizes the OIG’s general practice of imposing a minimum multiplier of 1.5 times single damages to dispose of civil monetary penalty matters, rather than higher multipliers, which are normally used in resolving government-initiated investigations.

Third, use of the SDP may mitigate potential exposure for failure to return a Medicare or Medicaid overpayment within 60 days after the date on which the overpayment is identified or any corresponding cost report is due. According to the update, CMS proposes to suspend a provider’s obligation to return overpayments until such time as a settlement agreement is reached or the provider withdraws or is removed from the SDP. This constitutes an extension of the position the OIG announced in February 2012, which was to suspend the obligation to report overpayments only to the time that the OIG acknowledged the provider’s submission to the SDP.

Fourth, the OIG commits to continue to reduce the time for its processing of SDP submissions. In furtherance of this commitment, the OIG is reducing the time in which a provider must complete its internal investigation and damages calculation time from 90 days of a provider’s acceptance into the SDP to 90 days from the date of the provider’s initial submission. While perhaps well intentioned, the shortening of this period could provide challenges for providers where the circumstances of misconduct are far reaching or otherwise less than clear.

Eligibility Criteria and Guidance

The update restates that the SDP is not limited to any particular industry but is available to all segments, including, for example, pharmaceutical and medical device manufacturers. The update reiterates that the SDP should not be used to report mere overpayments, and that it is intended to address only those matters potentially involving federal criminal, civil or administrative laws for which civil monetary penalties are authorized. The update also reiterates that the SDP is not available for conduct that is solely violative of the Stark Law. Rather, Stark Law violations should be disclosed pursuant to CMS’s Self-Referral Disclosure Protocol . As a corollary to CMS’s proposal that the 60-day time period for repayment of an identified overpayment be tolled, the OIG expects that disclosing parties have a good faith willingness to resolve liability within the six-year statute of limitations of the civil monetary penalty law. Thus, as a condition of the OIG’s acceptance into the SDP, the OIG will require parties to waive and not plead the statute of limitations or similar defenses to any administrative action filed by the OIG. In addition, the update admonishes disclosing parties to ensure that the conduct has ended and corrective action has been taken prior to submission of the SDP. With respect to improper kickback arrangements, the provider should ensure that such arrangements are terminated prior to or no later than 90 days of submission.

Content of SDP Submissions

Under the revised SDP, providers who are unable to complete their internal investigations prior to submission must certify that they will complete it within 90 days of the date of initial submission. This is a shorter than the original time provided in the SDP, which required completion within 90 days of acceptance by the OIG of the provider into the SDP program. The updated protocol describes 11 specific areas that are required to be included in the provider’s submission. These include a concise statement of all details of relevant conduct and transactions; identification of the relevant federal criminal, civil and administrative laws; identification of the healthcare programs affected by the conduct; an estimate of damages; a description of any corrective action that was undertaken upon discovery of the conduct; and a statement as to whether the particular matter is currently being investigated by any government agency or contractor.

The update also addresses certain specific areas such as false billing, excluded persons, kickbacks and physician self-referrals. Specifically, the update changes the requirements for damage estimates in false billing matters, including an increase in the sample size from 30 units to at least 100 items. With respect to matters involving excluded persons, the update requires that the provider identify the excluded individual, the individual’s provider number and the individual’s job duties. The provider is also required to summarize the background checks that had been completed during the period of employment, the provider’s screening process and any corrective action. In addition, the update provides a specific method for calculating damages involving excluded individuals.

With respect to antikickback violations, the updated SDP provides examples of the types of information it is looking for, including how fair market value was determined, why payments were made from referral sources and whether payments were made for services not performed. The submission also requires that the provider submit an estimate of the amount paid for services associated with violations of the antikickback statute, and the disclosing party must also include the amount of remuneration involved in each arrangement. The updated SDP reiterates that it is not available for violations that are solely of the Stark Law, but is available for conduct that implicates both the antikickback statute and the Stark Law.


The updated SDP stresses that cooperation from the reporting provider is critical to a speedy resolution and beneficial result. It encourages disclosing parties to address potential criminal conduct, and it advises that as in civil cases, the OIG will advocate for a disclosing party when the Department of Justice is considering whether to prosecute. The updated SDP requires a minimum settlement amount of $50,000 for antikickback-related matters, and a minimum of $10,000 for all other matters. If the disclosing party maintains that it is financially unable to pay a settlement, the OIG will require the provider to submit and certify to the truthfulness of extensive financial information, including audited financial statements and tax returns.

As the government continues to significantly expand its fraud-fighting efforts, the SDP protocol becomes an increasingly important alternative to treble damages under the False Claims Act, penalties under the civil monetary penalties laws and criminal prosecution. Providers should seek out experienced and skilled counsel to deal with the OIG and, when appropriate, the Department of Justice. Prompt evaluation of the circumstances, assessment of potential liabilities and well-planned communication with the OIG can help mitigate these substantial risks.

McGuireWoods LLP’s Life Sciences, Healthcare and Government, Regulatory and Criminal Investigations attorneys have significant experience representing companies in these matters. If you have any questions or would like to discuss any aspect of this article, please contact the author or any attorneys practicing in these areas.