Health Care Fraud Self Disclosure Protocol: You Discovered Misconduct… Now What?

When a company decides to self-disclose misconduct (or conduct that may be construed as such) to the government, that decision triggers a stream of additional questions. In the weighty deliberations about whether and what to disclose, entities often overlook another important decision: where to disclose.

On November 8, 2021, OIG-HHS updated its Provider Self Disclosure Protocol, including a name change to Health Care Fraud Self Disclosure Protocol (OIG-SDP or Protocol). The majority of the updates were technical in nature and did not change the substance of the Protocol. Foley’s top observations from the updated OIG-SDP can be found here.

The decision whether to self-disclose misconduct through the OIG-SDP is not to be taken lightly. Indeed, many providers, entities, suppliers, etc. are unaware there is another option: voluntary self-disclosure to the Department of Justice (DOJ). There are benefits and downsides to each self-disclosure avenue that should be considered when making this decision.

Benefits of voluntarily self-disclosing health care fraud matters directly to DOJ include:

Release from False Claims Act (FCA) Liability. An FCA liability release for disclosed conduct means the government will not sue the discloser for the conduct in scope, including for treble damages and penalties. DOJ routinely releases FCA liability. On the other hand, OIG does not provide the same comfort; the OIG-SDP instructions indicate a disclosing party may request a release under FCA, but its not a standard settlement term. To obtain the release, OIG must coordinate with DOJ, which may then decline the request. DOJ, on the other hand, obtains OIG concurrence and signature at the time the matter is resolved.

Potentially Lower Settlement Amount. While it is OIG’s general practice and preference to require a minimum multiplier of 1.5 times the single damages for settlement, DOJ does not settle self-disclosed cases for a defined multiplier. See e.g., DOJ Commercial Litigation Manual, Section 4-4.112 (“The maximum credit that a defendant may earn may not exceed an amount that would result in the government receiving less than full compensation for the losses caused by the defendant’s misconduct (including the government’s damages, lost interest, costs of investigation, and relator share”)). DOJ has published factors it considers when evaluating resolution, including cooperation and acceptance of responsibility worthy of a multiplier less than 1.5 times loss, and DOJ indeed has settled cases for less than a 1.5 multiplier. See Elberg, Jacob T., 5 Utah Law Review 2, “A Path to Data-Driven Health Care Enforcement” (2021).

Disclosers to DOJ may pay less (lower multiplier) and get more (FCA release). However, voluntarily self-disclosing health care fraud matters directly to DOJ (rather than to OIG-HHS) also carries certain risks and uncertainties, including:

The 60-day Report and Return Obligation is Not Automatically Tolled. Unlike the OIG-SDP, which automatically suspends the obligation to report and return an overpayment within 60 days after an overpayment is identified, voluntarily self-disclosing a matter to DOJ does not toll the obligation. See 81 Fed. Reg. 7653, 7678 (“We decline to extend this treatment to self-disclosure to entities outside of the SRDP and SDP in this final rule. The SRDP and SDP are both formal processes managed by agencies within the Department, CMS and OIG respectively. As such, we believe it is appropriate to include those processes in this rule. However, DOJ is a separate department and we are not aware of any formal self-disclosure process by DOJ that is analogous to the SRDP or SDP. Also, we are not aware of a similar MFCU process and, more importantly, Medicaid is not covered in this rulemaking.”). Instead, DOJ needs to seek approval from CMS/OIG to suspend the 60 day report and return obligation.

The OIG-SDP is a Formal Process Specific to Health Care Fraud. The OIG-SDP is a formal process uniquely tailored to the health care industry. Submissions to OIG-SDP are reviewed by individuals who understand the complexity and challenges faced by health care entities.

Under either consideration, where to disclose also should involve a consideration of where the conduct occurred and to whom the disclosure will be submitted. Some DOJ components themselves are more cooperative than others and will more readily work with a discloser on the scope of releases, the amount of loss, and any multiplier. Others are more rigid. Selecting a receiving agency more interested in negotiating will improve outcomes for the discloser.

Legal counsel—especially those familiar with OIG and DOJ—can play a pivotal role in advising a discloser on which disclosure route best fits individual circumstances and overall goals. Experienced and capable lawyers also can improve outcomes through familiarity with relevant government agencies and their components and also knowing how to strategically interact with and respond to government follow-up requests in the wake of a self-disclosure. All these special considerations inform whether identified conduct should be self-disclosed in the first instance, and of course, to whom.

Foley is here to help you address the short- and long-term impacts in the wake of regulatory changes. We have the resources to help you navigate these and other important legal considerations related to business operations and industry-specific issues. Please reach out to the authors, your Foley relationship partner, or to our Government Enforcement Defense and Investigations Group or Health Care Practice Group with any questions.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.