CMS' Self-Disclosure Protocol: Good Intent, Bad Process

When it comes to Medicare self-disclosure of potential wrongdoing, the two most important protocols to physicians are the Stark Law's self-referral disclosure protocol (SRDP) and the more general provider self-disclosure protocol (SDP). The Stark Law self-disclosure webpage explains that beginning in 2010, when Congress enacted the Affordable Care Act, the HHS secretary, in cooperation with the HHS Office of the Inspector General (OIG), was mandated to establish a SRDP, "to facilitate the resolution of only matters that, in the disclosing party's reasonable assessment, are actual or potential violations of the physician self-referral law."

The OIG webpage explains the more general provider SDP, "[P]roviders who wish to voluntarily disclose self-discovered evidence of potential fraud to OIG may do so under the Provider Self-Disclosure Protocol (SDP). . . To start the disclosure process moving quickly, submit your disclosure electronically using the online submission button below." Thus, CMS and the OIG websites declare these agencies stand ready, willing, and able to quickly discuss your self-disclosed evidence to quickly determine whether you have violated Stark Law or some other regulation.

Conceptually, the idea of voluntary self-disclosure, in exchange for lower penalties, is a solid one. Trouble is, it doesn't work; for anyone.  According to a 2013 OIG published a report on the SDP , here is how it works: "The SDP is available to facilitate the resolution of matters that, in the disclosing party's reasonable assessment, potentially violate federal criminal, civil, or administrative laws for which [civil monetary penalties] are authorized."   

In "making a disclosure, a disclosing party must acknowledge that the conduct is a potential violation.In making a self-disclosure, [di]sclosing parties must explicitly identify the laws that were potentially violated and should not refer broadly to, for example, 'federal laws, rules, and regulations' or 'the Social Security Act.'"

In reality, the OIG seems to find that disclosing physicians often avoid acknowledging that there is a potential violation and as a result, “are more likely to have unclear or incomplete submissions or unrealistic expectations about resolutions, which result in a lengthier review and resolution process."

Further, the same 2013 OIG report reveals: "statements such as 'the government may think there is a violation, but we disagree' raise questions about whether the matter is appropriate for the SDP." The OIG concludes, the "resulting back-and-forth over these issues can create unnecessary delays in reaching a resolution and may result in the disclosing party's removal from the SDP."

The delay is borne out by data. As of January 12, 2015, CMS has received 529 disclosures through the SDRP, 128 of which have been resolved through settlement or were otherwise closed. The OIG has proposed to Congress changes in the SDRP to limit disclosure protocol to cases of more clearly demonstrable fraud, which focus less upon common arrangements which might merely potentially involve a violation.

A fair read of the self-disclosure protocol's short history reveals that while the concept might appear valid on paper, in actual experience, it is more trouble that it is worth. The OIG's limited resources would be better spent on cases the OIG has identified as problematic, and less on merely potential violations which are self-reported by the most conscientious physicians.