The Law Review: The Self-Referral Disclosure Protocol
The newest component to the Stark equation
Topics: Stark, Standards and Regulatory Policy, Information Technology, Health Care Reform, Market Trends, Strategy
December 02, 2011
The Health Care Law Roundtable is pleased to present the Law Review. Authored exclusively by Law Roundtable members, this biweekly column covers legal topics of interest to the Advisory Board’s hospital membership. This edition, authored by attorneys from Foley & Lardner LLP, summarize each element of Stark Law and focus on its newest component — the Self-Referral Disclosure Protocol (SRDP).
Donald H. Romano, Of Counsel, Foley & Lardner LLP. dromano@foley.com
Torrey K. Young, Associate, Foley & Lardner LLP. tyoung@foley.com
Understanding a complex statute
The Physician Self-Referral Law (Stark) is the sum of a complex statute, strict liability, potentially catastrophic penalties, and (until recently) a limited capability to compromise claims.
Stark prohibits physicians from referring a patient to an “entity” with which the physician (or an immediate family member) has a “financial relationship.” An entity is a person or facility that furnishes Medicare designated health services (DHS), which, among other things, includes inpatient and outpatient hospital services. CMS is responsible for interpreting Stark.
Stark does not require intent to violate the statute as a prerequisite for liability. Thus, if the financial arrangement is within the scope of Stark and does not fall within one of the specifically defined exceptions, strict liability will be imposed.
Stark liability results in the denial of Federal Health Program claims, and the refund provision holds the violator liable to the individual for refunding any amounts billed in violation of Stark. Moreover, a knowing violation carries with it the possibility of civil monetary penalties (CMPs) and assessments; exclusion under the CMP Statute; penalties under the civil False Claims Act (FCA); penalties under certain criminal statutes; and exclusion from all Federal Healthcare Programs. These are harsh and potentially debilitating penalties. For many hospitals, exclusion from the Medicare program would result in closure.
Negotiating liability by compromising claims
Given the potential draconian punishment that accompanies a Stark violation, providers and suppliers are interested in addressing ways to negotiate liability. Prior to the Patient Protection and Affordable Care Act (PPACA), CMS had limited authority to compromise Stark violations. The government’s claim to a full refund could only be compromised for specified reasons, and Stark violations were unlikely to fit within the purview of CMS’ restricted authority to compromise. Thus, entities likely faced full liability when a financial relationship did not fit neatly within an exception.
In contrast to CMS’ limited authority, HHS’ Office of Inspector General (OIG) had broad discretion to compromise CMP liability and knowing Stark liability. In 1998, OIG formalized the process by which it could exercise its power to compromise liability by implementing a self-disclosure protocol. Under the OIG Protocol, OIG had authorization to impose the amount of CMP and assessment and to enforce exclusion from Federal Health Programs. Although OIG possessed authority to resolve kickback violations and knowing Stark violations, the OIG was also taking "technical" Stark violations into the OIG Protocol. Consequently, Stark violations became part of the OIG’s dominion; however, this changed in March of 2009, when OIG announced that it would no longer accept Stark-only violations.
Understanding the self-referral disclosure protocol
PPACA established a new procedure for disclosing and compromising Stark violations. Section 6409 of PPACA required the Secretary of HHS to establish within six months of enactment an SRDP that allows providers and suppliers to disclose actual or potential violations of the Stark rules.
In addition to requiring an SRDP, PPACA established a mandatory return of overpayments provision. Section 6402 of PPACA requires that all overpayments be reported and returned by the later of sixty days after the date the overpayment was identified or the date any corresponding cost report is due. Failure to report and return exposes entities to potential FCA and CMP Statute liability. However, when a disclosure is received by CMS for submission to the SRDP, reporting obligations under Section 6402 are suspended.
Accordingly, Section 6402 adds another layer of analysis for entities that are considering whether to submit a disclosure under the SRDP. The entity must now decide between, potential liability under section 6402 if it makes no disclosure or almost certain liability (albeit likely compromised) if it submits a disclosure under the SRDP.
Selecting the appropriate SRDP strategy
Entities that discover a potential Stark violation should consider the following strategies:
- First, the entity should attempt to ensure that the arrangement is brought into compliance as quickly as possible. This may entail having a physician sign an agreement, terminating any arrangement that cannot be made compliant, and considering an investigation to identify other instances of noncompliance.
- Second, the entity should determine the potential “period of disallowance,” i.e., the duration of the tainted financial relationship, and the amount of Medicare dollars associated with the arrangement during the potential period of disallowance.
- Third, the entity should consult outside counsel who is well versed in Stark to determine whether there is a problem. If outside counsel determines that there is a reasonable argument that the arrangement identified by the entity meets an exception (or does not implicate Stark in the first place), it is not necessary to disclose the arrangement. Section 6402 of PPACA requires only that entities disclose known overpayments – it does not require entities to disclose matters that may be an overpayment. Even where outside counsel is unable to determine that there is a reasonable basis for concluding that there was not a Stark violation, he or she may be able to narrow the period of disallowance.
- Finally, assuming that the entity is satisfied that there is (or likely is) a Stark violation, and the entity otherwise wishes to enter the SRDP, the last consideration is whether the amount of the overpayment is small enough that the entity would be better off foregoing entering into the SRDP and instead disclosing the overpayment to the appropriate contractor and repaying the full amount. Despite the likelihood of a settlement for a discounted amount of the overpayment, the entity may wish to save the time, effort, and expense of utilizing the SRDP, as well as keeping its record clean with CMS in case it has a large overpayment that it would want to compromise through the SRDP at some future point.
Assigning responsibility for response components
If outside legal review has confirmed that there is an overpayment due to a Stark violation and the amount is large enough to justify utilizing the SRDP, the entity needs to assemble a team for making the disclosure and responding to the specific questions that have been incorporated into the SRDP by CMS. Outside counsel should be responsible for drafting the legal analysis component, which should include a statement as to why the disclosing entity believes a violation may have occurred and which elements of an applicable exception were and were not met.
Outside counsel should also be responsible for coordinating the project, ensuring that all relevant documents are included, submitting the disclosure to CMS, and acting as the point of contact.
The entity and its billing, compliance, and legal staff should be responsible for the following:
- Supplying the explanation as to why the potential violation occurred and what steps have been taken to prevent a future occurrence of the same sort;
- Quantifying the amount of the overpayment and producing a spreadsheet with the DHS that was billed and received by the entity during the period of disallowance;
- Producing the relevant documents to accompany the disclosure;
- Answering the other questions required by the SRDP; and
- Supplying a signed certification from a senior official that, to the best of his or her individual’s knowledge, the information provided contains truthful information and is based on a good faith effort to bring the matter to CMS’ attention for the purpose of resolving the disclosed potential liabilities relating to the Physician Self-Referral Law. Note that the SRDP asks for a description of the existence and adequacy of a pre-existing compliance program, so if the entity does not have a compliance program at the time it first identified a potential Stark violation, it should implement one to be able to represent in the disclosure that it has one now.
Predicting the terms of a settlement agreement
At present, the CMS website contains information on only one settlement, although a few settlements have been reached. The information released on the one settlement is not particularly helpful. CMS reveals that the disclosing hospital failed to satisfy the requirements of the personal service arrangements exception but does not give any information regarding what elements of the exception were not satisfied. CMS states that the settlement amount was $579,000, but does not disclose the potential amount of liability (reportedly, it was approximately $14.5 million).
Obviously, it is difficult to draw any firm conclusions as to how CMS might settle other cases when there is only one reported settlement and few disclosed facts concerning the circumstances of the alleged Stark violation. One would hope that as more settlements are disclosed, and following CMS’ Report to Congress mandated by section 6409 of PPACA, the SRDP process will become less opaque, such that disclosing entities will have an idea of what to expect as a settlement offer prior to receiving it.
More from the Daily Briefing
View all
