Catching flies with vinegar: a critique of the centers for Medicare and Medicaid self-disclosure program.
This Article argues that the current approach of the Department of Health and Human Services and the Centers for Medicare and Medicaid Services (CMS) to enforcement of the Ethics in Patient Referrals Act (the "Stark Law") is unnecessarily punitive and discourages health-care providers from self-disclosing even very minor violations of the Stark Law. This Article suggests a number of specific changes to encourage provider self-disclosure and proposes that CMS create a demonstration project under the authority of the Patient Protection and Affordable Care Act to test the reforms. A demonstration project provides the perfect vehicle to prove that increased self-disclosure protocols for the Stark Law can decrease the government's costs of enforcement, improve program integrity, and encourage providers to deal responsibly with the inevitable minor lapses in compliance that arise in such an enormous government program as Medicare.
TABLE OF CONTENTS Introduction I. Background on the Stark Law A. Basic Provision B. Application of the Stark Law C. Stark and Intent D. Penalties under Stark E. Qui Tam Actions and the Stark Law F. "Technical" v. "Substantive" Stark Issues G. CMS's Authority to Settle Cases II. The Self-Disclosure Protocol A. Providers' Legal Obligation to Self-Disclose B. Self-Referral Disclosure Protocol Basics C. Revisions of the SRDP D. Results of the SRDP to Date III. The Honey and the Vinegar: Incentives and Disincentives to Disclosure in the SRDP A. Importance of Incentives in a Decision to Disclose B. Incentives to Disclosure under the SRDP C. Disincentives to Disclosure in the SRDP 1. Identification of an Overpayment 2. CMS's Position on Financial Settlements 3. Failure to Distinguish Between Procedural and Substantive Violations 4. Deadline for Disclosure 5. Determining To Which Agency Disclosure Is Best Made 6. The "Look Back" Period 7. Waiver of Attorney Client Privilege 8. Statement Regarding Past Conduct 9. Lack of Appeal Rights 10. Implications for the Provider's Compliance Plan IV. A Proposal for A Demonstration Project to Test Modifications A. Benefits of a Demonstration Project B. Past Demonstration Projects 1. CMS Projects . 2. OIG Pilot Project on Self-Disclosure C. Proposed Provisions of a Stark Self-Disclosure Demonstration Project 1. Two-Track Process 2. Flat Penalty for Procedural Violations 3. Explicit Statements Offering Tangible Benefits Self-Disclosure D. Measuring Results of a Demonstration Project Conclusion
Benjamin Franklin, that astute observer of nature and humanity, once described his approach to making difficult decisions in terms that sound quite modern. He said that when he had a difficult decision to make, "[t]o get over [any uncertainty] ... my way is to divide half a sheet of paper by a line into two columns; writing over the one Pro, and the other Con. Then ... I put down under the different heads short hints of the different motives.., for and against the measure ... " (1) Mr. Franklin further opined that other people using a similar approach are more likely to take a particular action once they see clearly how they would benefit from taking the action. Before the complexity of the formulas, graphs, and charts of modern cost-benefit analysis, Franklin summed it up quite simply: "[A] spoonful of honey will catch more flies than [a] [g]allon of [v]inegar." (2)
This Article argues that the Department of Health and Human Services (HHS) and its constituent agency, the Centers for Medicare and Medicaid Services (CMS), are using vinegar instead of honey in CMS's current approach to enforcement of the Ethics in Patient Referrals Act of 1988, commonly referred to as the "Stark Law," or simply "Stark," in honor of its author, Representative Pete Stark. (3) The Stark Law prohibits physicians from referring Medicare patients for certain services to entities in which the physician has a financial interest, unless an exception applies. (4) Stark is extremely detailed and does not require the element of intent to trigger legal liability. As a result, it is quite easy for health-care providers to unwittingly run afoul of the law, leaving them liable to repay fees earned for patient care, in addition to civil penalties.
The Affordable Care Act of 2010 (ACA) (5) required CMS to develop a procedure by which health-care providers could self-disclose violations of the Stark Law. (6) The statute also explicitly gave CMS the authority to reduce the financial penalties for Stark violations as a way to encourage providers to self-disclose violations. (7) Congress included these provisions in the ACA in response to providers' requests. Indeed, before the self-disclosure protocol was released, many healthcare providers were hopeful that CMS would create a protocol that would provide relief from the draconian penalties that can result from very minor infractions of the Stark Law. For example, the American Hospital Association (AHA) wrote a letter to HHS Secretary Kathleen Sebelius urging that HHS use the discretion given it under the ACA to "offer providers a clear and understandable process for presenting and resolving disclosed issues--a framework that is fair; adjusts repayments to the harm, if any, to patients and the program; takes [the] financial condition of the provider into account; and offers reasonable certainty or predictability of outcomes.' (8)
In September 2010, CMS released its Self-Referral Disclosure Protocol (SRDP), with a slightly revised version released on May 6, 2011. (9) Unfortunately, the SRDP is so punitive and difficult to navigate that very few health-care providers have made disclosures, despite specific legal requirements to do so. As will be detailed in this Article, the program takes a harder line, provides less guidance, and offers fewer incentives to use the protocol than similar self-disclosure protocols, such as those employed by HHS's Office of Inspector General for the Anti-Kickback Statute and by New York State for its Medicaid program. (10)
As of July 2011, only seventy providers had taken advantage of the SRDP. (11) CMS has stated that it is pleased with the numbers to date. (12) However, when those seventy disclosures are viewed in the context of the Medicare program as a whole, it is difficult to understand why CMS is happy with those numbers. There are over 6,100 hospitals and 932,700 physicians participating in the Medicare program. (13) Hospitals are the focus of this Article, as physicians are rarely prosecuted under Stark (14)
Consider the number of potential Stark issues at those 6,100 hospitals. Even the smallest hospital has numerous contracts with physicians that create potential Stark issues. (15) But assume for a moment that each hospital has a few hundred to a thousand or more such arrangements. Kevin McAnaney, a former CMS official now in private practice, has estimated that 95 percent of hospitals have "technical" violations of Stark arising out of their arrangements with physicians. (16) McAnaney did not define a "technical," as opposed to a substantive, violation. It is likely he was referring to a violation of the regulations that specify exactly how an arrangement can fall under a Stark exception. For example, one exception to Stark permits self-referrals by physicians if the remuneration is at fair market value. (17) For an arrangement to jump that hurdle, it must meet several procedural requirements, including that the arrangement be set out in a written document signed by the parties, and specify the compensation in advance. (18) Failure to follow those steps probably constitutes the sort of "technical" violation to which McAnaney refers.
Even if McAnaney's estimate is largely hyperbole, it is clear that thousands of hospitals, each with thousands of physician relationships, should generate many more than seventy self-disclosures. The former New York State Medicaid Inspector General, James Sheehan, said that he considers the number and extent of disclosures a good outcome measure of his agency's effectiveness in running the New York State Medicaid self-disclosure program. (19) Applying that measure to the CMS program, it is a dismal failure.
The fact that providers are, by and large, not choosing to self-disclose Stark violations to CMS, despite the enormous penalties for nondisclosure, (20) should cause CMS to rethink the current SRDP. Providers do have other options for self-disclosure of various fraud and abuse issues. These include (1) simple refunds to the appropriate fiscal intermediary, (2) self-disclosure of an issue involving the Anti-Kickback Statute to the HHS Office of the Inspector General (OIG), or, for the most serious matters, (3) a report to the Department of Justice (DO J) through the local Assistant U.S. Attorney. For Stark-only issues, however, CMS has stated that providers should use its protocol, the SRDP. If providers choose not to take advantage of this opportunity to come forward voluntarily, the government fails to recover money that the Medicare program is owed. Costs of enforcement are then unnecessarily high, and providers who might voluntarily return overpayments if the incentives were properly aligned choose instead to roll the dice and hope they do not get caught.
HHS is under tremendous pressure to recover program dollars lost to fraud. The National Health Care Anti-Fraud Association, an organization of private insurers and public agencies, conservatively estimates that some $60 billion (about 3 percent of total annual healthcare spending) is lost to fraud every year. (21) During the congressional debate on the ACA, proponents of the bill touted fraud recovery as an important source of funding to counterbalance the costs of extending insurance coverage to millions of new people. (22) During fiscal year 2010, the federal government won or negotiated approximately $2.5 billion in health-care fraud judgments and settlements, and attained additional administrative settlements or penalties. (23) In an attempt to raise that number even higher, the ACA increased the budget of the Health Care Fraud and Abuse Control Program by $10 million per year for 2011-2019, and increased funding for the OIG, FBI, and Medicare Integrity Program by the rate of increase in the Consumer Price Index over the previous year for 2011-2019. (24)
However, as Professor Joan Krause pointed out in a recent article, while billions of dollars in fraud recovery may seem like a lot of money, it pales in comparison to estimates of money lost each year to fraud. (25) Krause also makes the point that more resources allocated to prosecution will not necessarily result in increased fraud recovery:
If it were really that easy to recover hundreds of billions of dollars through anti-fraud efforts, chances are we would have made more progress by now. It is easy to blame our failure on the refusal to invest sufficient resources, or our blind adherence to outdated detection strategies. But that doesn't account for the fact that legions of very bright, dedicated, well-intentioned policymakers and prosecutors have been doing the best they can for many years, with only limited success. Assuming that now we will be able to find the key to health care fraud enforcement--and that the recoveries will be enough to fund a large chunk of the health care reform effort--simply strains credulity. (26)
While it is undoubtedly important for CMS to protect the public fisc generally, and the tremendously expensive Medicare program in particular, this Article argues that more provider-friendly rules and procedures would encourage provider self-disclosure of improper practices, thus improving the government's recovery of health-care program dollars more effectively than pouring larger and larger amounts of money into increasing enforcement efforts.
This Article sets out in Part I an overview of the Stark Law, explaining how it applies to physicians, hospitals, and other health-care entities. Part II summarizes the SRDP requirements and process for disclosure of Stark issues, and the results of the SRDP to date. Part III details why certain SRDP provisions make it difficult for providers to self-disclose even minor violations of Stark without paying large fines and/or risking exclusion from the Medicare or Medicaid program. Finally, Part IV proposes a demonstration project to test possible improvements to the SRDP.
HHS has used demonstration or pilot projects in the past, and the ACA specifically directs HHS to create projects that offer the possibility of reducing Medicare and Medicaid expenditures while preserving or enhancing the quality of care provided in the programs. (27) Using the demonstration project format to test changes to the SRDP in a few states will allow CMS to determine whether it could relax the protocol's current requirements, making it more "provider-friendly" without increased risk of abuse. If the test is successful in terms of revenue raised and increased provider compliance with the law, CMS could then revise the SRDP through the normal regulatory process. A demonstration project provides the perfect vehicle to prove that improved self-disclosure protocols for the Stark Law can decrease enforcement costs, improve program integrity, and encourage providers to deal responsibly with the minor lapses in compliance that inevitably arise in such an enormous government program as Medicare.
I. BACKGROUND ON THE STARK LAW
A. Basic Provisions
The Stark Law limits a physician's ability to refer patients for certain services to entities in which the physician or an immediate family member has a financial interest, unless an exception applies. (28) It was originally enacted to curb rampant Medicare abuse by physicians and hospitals, particularly in the 1980s. Physicians referred patients to facilities they owned or otherwise had a financial interest in, regardless of whether patients actually needed the tests or services for which they were being referred. (29) The purpose of the law, as Rep. Stark described it, was threefold: (1) assure that physicians refer patients to the highest quality provider available rather than to a provider with whom the physician has a financial relationship, (2) prevent overutilization of Medicare and Medicaid, and (3) promote legitimate competition among providers. (30) Rep. Stark hoped that the law would provide a "bright line rule" and "unequivocal guidance" for providers. (31)
The Stark Law prohibits physician referrals to an entity for "designated health services" if the physician (or a member of the physician's immediate family) has a "financial relationship" with that entity. (32) The term "financial relationship" is defined very broadly. It includes ownership and any type of compensation arrangement. (33) "Designated health services" include lab, radiology, inpatient, and outpatient hospital services, among other things. (34) The Stark Law prohibits any entity from billing government payment programs, such as Medicare, for services provided pursuant to a noncompliant referral during the "period of disallowance." (35)
The Stark Law applies to both Medicare (36) and Medicaid; (37) however, due to hospitals' and physicians' particular dependence on Medicare as a source of revenue, most commentators refer to the Stark Law's application only in connection with Medicare. Additionally, although the Stark Law addresses physician referrals, enforcement of the statute has generally focused on hospitals' submissions of claims resulting from physician referral because hospitals are seen as having "deeper pockets" than physicians. (38) As the American Health Lawyers Association (AHLA) White Paper on Stark Enforcement stated, "Stark enforcement against physicians is almost nonexistent and there is little reason to believe that will change. Given this, it is not surprising the physicians often view Stark compliance as the hospital's problem." (39) So as not to contribute to this misperception, this Article uses the term "provider" to reference physicians, hospitals, nursing homes, laboratories, medical device manufacturers, pharmaceutical companies, and any other provider of health-care services to recipients of federal government health-care program benefits.
B. Application of the Stark Law
Some of the common practices and arrangements that implicate Stark are referrals within a group practice, medical director agreements and physician part-time employment or independent contractor agreements. (40) Other situations in which Stark issues arise are physician investment in hospitals or ambulatory surgical centers, and arrangements between physicians and other designated health service providers such as clinical laboratories, diagnostic imaging centers, physical therapy companies, durable medical equipment companies, and lease agreements for space or equipment. (41) Other types of agreements that raise Stark issues are hospital-physician recruitment agreements, marketing agreements with entities owned by physician or hospital investors that do not reflect fair market value for necessary services, and practice compensation programs that reward shareholders or employee-physicians based on orders of designated health services. (42)
The reason that these practices and arrangements often pass muster is that Stark contains numerous exceptions, covering the most common types of financial relationships between hospitals and physicians. For example, exceptions are made for fair market value compensation, employment agreements, personal services arrangements, and office space rental. (43) There are also numerous exceptions applicable to physicians practicing in groups, (44) as well as an exception for services personally performed by a physician. (45) Each of these exceptions has very specific requirements, and failure to meet those requirements will result in a Stark violation. For example, the employment exception requires that there be a written agreement for a term of at least one year that is signed by both parties. The agreement must set out the compensation formula, which cannot change during the term of the agreement. The compensation must be at fair market value, and may not be determined in a manner that takes into account the volume or value of referrals generated by the physician. (46)
An example will help illustrate the interplay of these various provisions. Suppose the fictional infectious disease specialist, Dr. Gregory House, (47) has a thriving private practice in addition to his employment at the Princeton-Plainsboro Teaching Hospital. He refers many patients to the hospital each year for inpatient admission or for various diagnostic or treatment services. Absent an exception in the Stark Law, Dr. House's employment relationship with the hospital would "taint" his referrals to the hospital. However, as long as the hospital and Dr. House meet all the technical requirements of the employment exception, Dr. House can refer patients to the hospital without triggering either the referral or billing prohibitions of the Stark law.
C. Stark and Intent
The Stark Law overlaps significantly the Anti-Kickback Statute, (48) a criminal law which prohibits the knowing offering of any remuneration in order to secure referrals to federal health-care programs, including Medicare. (49) Similar to Stark, the Anti-Kickback Statute is aimed at financial relationships that potentially influence physicians to refer patients inappropriately for the physicians' own financial gain. (50) So why was the Stark law necessary? Rep. Stark described it this way:
One of the most serious shortcoming[s] of current law is the enormous difficulty involved in proving to the satisfaction of a judge in a criminal or civil enforcement action that a particular arrangement is deliberately structured to induce referrals. A successful prosecution requires a lengthy investigation of the business records to prove unequivocally that dividend payments to physicians were intended as disguised payment of a referral fee. The enforcement resources simply aren't there. There is no way that the Inspector General--with fewer than 500 investigators nationwide, can adequately police the complex business arrangements that underpin the $100 billion a year Medicare program. (51)
While the lack of an intent requirement certainly achieves Rep. Stark's goal of making a Stark violation easier to prove than a violation of the Anti-Kickback Statute, it also makes it very easy for providers to unintentionally, or even unknowingly, run afoul of the statute. In fact, it is so easy to do so that the Stark Law is often referred to as a "strict liability" statute. (52) For example, if Dr. House forgot to sign the employment contract between himself and Princeton-Plainsboro, any referrals he made to the hospital would be improper, even if the failure to sign was merely an oversight. This would be true even if the hospital signed the agreement, paid Dr. House according to its terms at fair market value, and made sure that Dr. House performed the duties set out in the contract. Dr. House and the hospital would also be liable for Stark violations if both parties had properly signed the agreement but its initial term had lapsed, and the parties inadvertently failed to renew the agreement, but continued to perform according to its terms.
The lack of an intent requirement coupled with the complexity of the law has caused Stark to be criticized as inflexible and excessively punitive almost since its passage. (53) Numerous amendments and HHS regulatory changes have only made the Stark Law more difficult for providers to interpret and follow. (54) The AHA recently described the Stark Laws as "increasingly complex, confusing and continually changing.... " (55) Though the AHA had originally supported the Stark Law when it was introduced by Rep. Stark, as CMS was preparing to release the SRDP, it asked CMS for changes and clarifications in the proposed disclosure protocol, because it had seen the "unintended consequences of the current rules" and wanted CMS to "restore fairness" to the law. (56)
D. Penalties under Stark
If the penalties under Stark were inconsequential, the strict liability aspect of the law would not be so significant. As it is, however, Stark can result in "ruinous financial liability." (57) Penalties include denial of payment for claims submitted as a result of an unlawful relationship, (58) mandated refunds of amounts collected in violation of Stark, (59) and fines assessed by the OIG. (60) The total penalty amounts in Stark cases are often in the millions of dollars. (61)
If providers exhibit intent to violate Stark, they can be liable for additional fines through the application of civil monetary penalties (CMPs). HHS has the authority to impose CMPs up to $15,000 per claim, depending on the specifics of the offense, and up to $100,000 per arrangement which the physician or entity knew or should have known had the principal purpose of assuring referrals which, if made directly, would violate the Stark Law. (62) Providers may also be permanently excluded from participation in federal health-care programs, meaning that no goods or services furnished by an excluded provider are reimbursable under federal health-care programs. Furthermore, other providers may not employ or contract with excluded providers. (63) The ACA extended CMPs to any person who "knows of an overpayment ... [and] does not report and return the overpayment ...." (64)
A Stark violation can also trigger the application of the False Claims Act (FCA). The FCA is not specifically a health-care statute; instead, it prohibits the knowing submission of "false or fraudulent" claims for payment to the federal government. (65) Violations of the FCA are punishable by up to treble damages and an $11,000 per-claim penalty. (66) Prior to the 2009 passage of the Fraud Enforcement and Recovery Act (FERA), a Stark violation would trigger the FCA if a provider submitted claims for payment that had arisen out of an illegal financial relationship under Stark. The FCA stated that any person who "knowingly makes, uses, or causes to be made or used, a false record or statement to conceal, avoid, or decrease an obligation to pay or transmit money or property to the [g]overnment" had violated the FCA. (67) Providers had to engage in an affirmative act intended to avoid or conceal the obligation to repay. (68)
With the passage of the FERA, providers became liable not only for affirmative acts that conceal overpayments, but also for the failure to repay an identified overpayment. (69) No attempt to conceal is required. Simply avoiding the obligation to repay is enough to trigger the FCA. Anyone who "knowingly makes, uses, or causes to be made or used, a false record or statement material to an obligation to pay or transmit money or property to the Government, or knowingly conceals or knowingly and improperly avoids or decreases an obligation to pay or transmit money or property to the Government..." has violated the FCA. (70)
In addition to creating an affirmative obligation for providers to "report and return" overpayments, the ACA made another significant change to the FCA. It established a sixty-day window within which an "identified" overpayment must be reported and returned to the government. (71) The statute starts tolling on either the day that the claim is submitted or the day that a corresponding cost report is due, whichever is later. (72) Prior to the ACA, HHS regulations had used sixty days as the definition of a "prompt refund" required for proper handling of incorrect collections. (73) The ACA simply applied that time limit to the FCA.
E. Qui Tam Actions and the Stark Law
The FCA rewards whistleblowers who report suspected violations of the FCA. A whistleblower can file suit as a qui tam relator. (74) If the government decides to intervene in the qui tam action and ultimately reaches a cash settlement or prevails in court, the qui tam relator can receive up to one-fourth of the government's recovery as a reward for alerting the government to the false claims. (75) Qui tam relators therefore have every incentive to push for prosecution of even the most minor Stark violation. In addition, relators are unaffected by the counterbalancing policy concerns that normally restrain prosecutors in situations where the government has not truly been harmed by an inadvertent violation. (76)
Most Stark-related legal action arises in the form of suits by qui tam relators rather than prosecutors. (77) Between 1986 and 2008, 62 percent of FCA cases were initiated and filed by qui tam relators. (78) These relators have no incentive to take a provider's record of overall compliance with Medicare into consideration, and every incentive to seek the maximum penalty. The prominent role of qui tam relators in health-care fraud cases has led to a situation where many Stark enforcement actions fail to assess the seriousness of an offense or prioritize prosecutorial resources. (79)
The linkage between Stark and the FCA provides most of the teeth for Stark enforcement. Consider our example involving Dr. House and his unsigned agreement. Assume the unsigned agreement was not discovered for several years after the omission occurred. All claims that Dr. House or the hospital made to government payers, such as Medicare, for services provided by either party over the year in which the agreement was in place are overpayments. This is true regardless of whether or not the patients needed the services or the services were provided appropriately. The government's position is that the contract between the doctor and the hospital was improper. As a result, all services provided under that contract were improperly provided. Therefore, any money the government paid on any of the claims constitutes an overpayment that must be repaid. Even if the hospital was not aware of the oversight, the strict liability aspect of Stark means that the hospital and Dr. House are now liable for repayment of all the claims made for care of patients that Dr. House admitted to the hospital or otherwise referred there for services.
In addition, the hospital and Dr. House are liable for CMPs under the FCA if they become aware of the overpayments and do not repay them within sixty days. These penalties generally consist of a per-claim penalty of $11,000 plus three times the amount of the overpayment (in other words, the total value of referrals made in the case of a Stark violation). (80) Depending on how many referrals Dr. House has sent to the hospital during the applicable time period, the amount of the potential penalties could add up to millions of dollars--all for a lapsed agreement with no harm to the government or patients.
It is important to note that, due to the strict liability nature of Stark, most of the penalties that could be assessed against a provider in a situation such as the one involving Dr. House would be identical to the penalties in a situation in which Dr. House and the hospital entered into a covert scheme to pay Dr. House kickbacks for referring patients to the hospital (with the exception of penalties requiring actual or constructive knowledge). The obligation to return overpayments resulting from a relationship that violated Stark would be the same in both situations. If the government took the position that the providers had "identified" the overpayments and failed to return them, the additional penalties possible under the CMP statute and FCA penalties for failure to return those when discovered would also be the same. (81) To add to Dr. House and the hospital's woes, a disgruntled clerk who learns of Dr. House's failure to sign the agreement can also pursue a qui tam action against Dr. House and the hospital.
The stringent penalties possible under Stark are exacerbated by the possibility that qui tam relators can use the facts revealed by providers in self-disclosures to the government as the basis for their qui tam action. Providers may actually be giving qui tam relators ammunition when the providers voluntarily step forward to acknowledge violations of the law that would have otherwise been unknown to the relators or the government. The FCA generally bars private parties from bringing qui tam suits based on the public disclosure that is part of a criminal, civil or administration hearing; a congressional, administrative, or Government Accounting Office report, hearing, audit, or investigation; or from the news media. (82)
Some courts have taken the position that voluntary disclosures made to the government on a party's own initiative rather than in response to a government inquiry do not constitute a "public disclosure." For example, in United States ex. rel. Liotine v. CDW Gov't Inc., the court determined that the plaintiff's qui tam allegation was not "publically disclosed" by the defendant's voluntary disclosure of similar information to the government, when that information was uncovered by the defendant's internal audit and not as a result of an audit "'undertaken by authorized government officials with official purposes."' (83)
Other courts have held that voluntary disclosure does bar an FCA qui tam action. For example, a district court in United States ex rel. Cosens v. Yale-New Haven Hospital held that statements to Medicare investigators were a "public disclosure." (84) Although this question is beyond the scope of this Article, these cases suffice to illustrate the point that providers have reason to be concerned that their voluntary disclosures may subsequently be used against them by qui tam plaintiffs.
F. "Technical" v. "Substantive" Stark Issues
As noted earlier, Rep. Stark's purpose in proposing this law was to target intentional activity without saddling administrative agencies with the difficulties of proving intent. While it makes sense to relax the standard of proof in order to assure that providers cannot easily avoid the purpose of the statute, if the statute is blindly applied without any consideration for proportionality between the violation and punishment, the public policy rationale behind the statute may be undermined. This problem is especially acute in situations of so-called "technical" violations of Stark. Providers contend that these "technical" violations should be treated differently from substantive violations, both in terms of the process the government uses to resolve overpayment issues and the penalties assessed.
Most issues that arise under Stark are matters relating to compliance with the specific requirements for meeting the language of various exceptions rather than any more substantive problem. Strict enforcement of technical violations with application of the same penalties as are used for more serious issues produces potentially unjust penalties. Kevin McAnaney, Chief of the OIG's Industry Guidance Branch from its creation in 1997 until May 2003, has stated that most of the issues under Stark relate to these technical violations rather than anything more substantive. He has written that "[t]he Stark statute is so potentially unfair--the rules have gotten increasingly more technical and penalties are draconian--and even though CMS has never gone after hospitals, the potential liability is a Damocles sword over them." (85) McAnaney's sentiments were echoed in the AHLA White Paper on the Stark Law, which was based on two Convener Sessions held in April and June 2009. (86) The participants in the sessions included in-house counsel to health-care providers, academics, attorneys in firms representing providers and qui tam relators, and former government attorneys. Attorneys currently serving the government observed but did not participate in the sessions. The AHLA White Paper concluded that "innocent or highly technical violations [of the Stark law] can result in ruinous liability," and "technical violations that cause no harm to the federal program can trigger huge penalties." (87)
Two practitioners recently noted that, because of the Stark law, the health-care industry is in a particularly difficult situation when simple mistakes are made:
Such mistakes occur in every corner of every industry of a modem, fast-paced economy. But in every other industry, the law provides the parties with options to resolve compliance problems uncovered from their internal reviews--to execute contract amendments or new contracts with retroactive effective dates, to enter into repayment arrangements, or to reform their contracts based on the doctrines of mutual mistake or course of dealing. If they uncover minor compliance violations, they have a means of fixing them and putting them to rest. This is not the case for healthcare providers trapped by the highly technical requirements of the Stark law. (88)
Social science research supports the notion that if providers believe the law punishes minor procedural failings in the same way as it punishes intentional attempts to improperly influence referral patterns, the providers will be less likely to comply with the law. Professor Paul Robinson has written about the importance of the government having "moral credibility" when attempting to convince people to obey the law. (89) He argues that simply enacting a statute is not enough to persuade individuals and companies to obey the law. People must see the law as having moral credibility. Robinson goes on to define "moral credibility" as the law's reputation for punishing those who deserve it, under rules perceived as just. Furthermore, he says, the law must protect from punishment those who do not deserve punishment and assure that any punishment levied is in the amount deserved--"no more and no less." (90) In his book, Why People Obey the Law, sociologist Tom Tyler states, in a similar vein, that "[i]t is interesting that people appear to connect the obligations of authorities to issues of fair procedure, not to outcomes. It is being unfairly treated that disrupts the relationship of legitimacy to compliance, not receiving poor outcomes." (91)
In 2007, CMS seemed on the verge of recognizing that some types of Stark violations are less serious than others. CMS proposed regulations that would create new criteria by which providers could satisfy Stark exceptions in situations where the failure to satisfy the exception was merely "procedural." (92)
The alternative method for compliance with the physician self-referral prohibition would provide that, if an arrangement does not meet all of the existing prescribed criteria of an exception, the arrangement nevertheless would meet the exception if: (1) The facts and circumstances of the arrangement are self-disclosed by the parties to us; (2) we determine that the arrangement satisfied all but the prescribed procedural or "form" requirements of the exception at the time of the referral for DHS at issue and at the time of the claim for such DHS; (3) the failure to meet all the prescribed criteria of the exception was inadvertent; (4) the referral for DHS and the claim for DHS were not made with knowledge that one or more of the prescribed criteria of the exception were not met (consistent with other exceptions, we would apply the same knowledge standard as that applicable under the False Claims Act); (5) the parties have brought (or will bring as soon as possible) the arrangement into complete compliance with the prescribed criteria of the exception or have terminated (or will terminate as soon as possible) the financial relationship between or among them; (6) the arrangement did not pose a risk of program or patient abuse; (7) no more than a set amount of time had passed since the time of the original noncompliance with the prescribed criteria; and (8) the arrangement at issue is not the subject of an ongoing Federal investigation or other proceeding (including, but not limited to, an enforcement matter. (93)
CMS specified that the alternative method was not intended to be used in situations where there was a question of whether the compensation was at "fair market value, not related to volume or value of referrals, or set in advance." (94) This sort of exception was to be reserved for procedural issues such as a missing signature or an expired employment agreement still being followed by the parties. (95)
CMS received thousands of comments about the proposed regulation. While most of the comments applauded CMS's goal of setting aside non-substantive violations, many were skeptical of the approach. Commenters expressed concern about the amount of discretion CMS would have to assess a provider's motivation. (96) CMS specified that it would retain sole discretion to determine whether the relationship met the terms of the exception. Parties had no right to an administrative or judicial review of this determination. (97)
Rather than decrease the scope of the agency's discretion in response to these concerns, CMS chose instead to greatly narrow the scope of the exception. The final version was limited to situations in which providers comply with all Stark requirements other than the signature requirement, and only for very limited time periods. (98) The final rule eliminated most of the eight criteria originally proposed, including the requirements that parties self-disclose a noncompliant relationship, and that CMS determine the relationship satisfactory in all areas but the procedural criteria. Instead, CMS chose to allow providers to take advantage of this alternative policy for compliance only when the relationship in question fulfills all criteria of an exception except for the signature requirement. (99)
Unfortunately, those limitations are so narrow as to make the exception practically irrelevant for most providers. The real problem for a provider is a lapsed agreement or a missing signature that goes undiscovered for years, potentially racking up huge CMP and FCA penalties. Some have argued for a new Stark exception for procedural violations as a means of mitigating Stark's harshness in this regard, (100) but CMS does not seem to be considering any such exception.
G. CMS's Authority to Settle Cases
Prior to the enactment of the ACA, CMS had little or no authority to compromise or waive any claims liability under Stark or other statutes. Thus, "prosecutorial discretion" was simply not available. (101) OIG, by contrast, did not have this limitation. When OIG announced that it would no longer take Stark-only disclosures so that it could focus on criminal activity under other statutes, providers lost their best avenue for negotiating settlements. However, as noted above, this situation was remedied by the ACA's explicit grant of authority to CMS to compromise on penalty amounts in Stark cases, (102) creating significant opportunities for improving the administration of the Stark Law, as will be discussed below. (103)
II. THE SELF-DISCLOSURE PROTOCOL
A. Providers' Legal Obligation to Self-Disclose
When a provider discovers a Stark violation that has resulted in overpayments (as defined by FERA and the FCA), the clock begins ticking on the provider's obligation to report and return the overpayment to the government within sixty days. (104) An overpayment retained past the deadline is an "obligation" for purposes of the reverse false claims provision of the FCA. (105) Self-disclosure under SRDP tolls the sixty-day requirement. (106) Also, a provider may be eligible for a reduction in penalties if the overpayment is self-reported rather than discovered by the government in some other manner. (107)
A protocol has been in place since 1998 for self-disclosure of issues related to Stark and the Anti-Kickback Statute. (108) The OIG Self-Disclosure Protocol (SDP) is based on a Department of Defense self-disclosure program from the 1980s. (109) The SDP requires that the provider describe the problem, including the scope and results of its internal investigation, an assessment of the financial impact on government health programs, and an explanation of the likely cause of the problem. (110) The SDP is administered by the OIG, which has jurisdiction over actions arising under the Anti-Kickback Statute.
Originally, providers were expected to report Stark violations using the OIG SDP. However, in 2009, due to the large volume of disclosures it was receiving and its limited resources to process the disclosures, the OIG decided to focus on the more serious Anti-Kickback Statute situations and stop accepting disclosures of Stark-only violations. (111) As a result, providers complained about the lack of good options for Stark-only self-disclosures. Congress responded with the ACA provision requiring CMS to develop a protocol. (112)
B. Self-Referral Disclosure Protocol Basics
The SRDP provides that the disclosure must identify the disclosing provider (113) and describe the issue being disclosed, including the type of transaction or conduct giving rise to the issue; entities and/or individuals implicated and an explanation of their roles; financial relationship(s) involved, including specific periods during which the provider may have been out of compliance; any applicable date(s) by which the conduct was cured; and any type of designated health service claims involved. (114)
The disclosure must also include a complete legal analysis as to why the disclosing party believes a violation of the Stark law may have occurred; the application of Stark to the conduct, including any exceptions that may apply to the conduct; a description of the potential causes of the incident; (115) the circumstances surrounding the discovery of the matter and measures taken to address the issue and prevent future abuses; (116) and a statement concerning any history of similar conduct, or any prior criminal, civil and regulatory enforcement actions against the disclosing provider. (117)
The provider must describe the existence and adequacy of a preexisting compliance program and all actions taken to prevent a recurrence of the incident or practice, including any measures taken to restructure the noncompliant relationship or arrangement. (118) The provider must also describe any other federal health-care program investigations to which the provider is currently subject, including any other disclosures made by the provider to other government entities. (119)
The provider must also set out a full financial analysis, including a total amount, itemized by year, that is actually or potentially owed, back to the date of the initial noncompliance (or "look-back period"), (120) along with an explanation of the methodology used to calculate the amount. (121) The SRDP requires that the provider include in the financial analysis the total amount of remuneration the physician(s) received as a result of an actual or potential violation, based on the applicable "look-back period". (122) Finally, the provider must include a certification of the truthfulness of the information, based on a good faith effort to resolve the disclosed potential liabilities under Stark. (123)
After receiving the disclosure, CMS verifies the facts asserted in the disclosure. (124) The extent of CMS's verification effort depends, in large part, upon the quality and thoroughness of the submission received. (125) Matters uncovered during the verification process, which are outside the scope of the matter disclosed to CMS, may be treated as new matters outside the scope of the SRDP and thus proper subjects for governmental investigation and possible prosecution. (126)
Generally, CMS will not request information subject to the attorney-client privilege. (127) If there are documents that may be covered by the attorney work-product doctrine, but which CMS believes are critical to resolving the disclosure, CMS says it is prepared to work with the disclosing party's counsel to gain access to the underlying information without waiving privilege. (128)
Before any repayment is made, the disclosing party must acknowledge in writing that CMS's acceptance of the payment is not an agreement as to the amount of losses suffered by the government, and "does not relieve the disclosing party of any criminal, civil, or civil monetary penalty, nor does it offer a defense to any further administrative, civil, or criminal actions against the disclosing party." (129)
The disclosing party must exhibit good faith and full cooperation with CMS during the disclosure process. (130) This cooperation includes the provision of documents and materials without CMS having to resort to "compulsory methods." (131) CMS will consider a lack of good-faith cooperation on the part of the provider when it determines the appropriate resolution of the matter. (132) The intentional submission of false information, or the intentional omission of relevant information, will be referred to the DOJ or other appropriate federal agencies and may result in additional criminal and/or civil sanctions and exclusion from participation in federal health-care programs. (133)
CMS is not bound by any conclusions made by the disclosing party under the SRDP. (134) Furthermore, it is not obligated to resolve the matter disclosed in any particular manner and has no obligation to reduce any amounts owed. (135) A disclosing provider has no right of appeal for matters resolved through a settlement agreement. (136) If a provider's SRDP submission is denied acceptance, is removed, or withdrawn, the provider may appeal any overpayment demand letter. (137) However, CMS reserves the right to reopen any Medicare cost reports filed since the initial disclosure of Stark violations. (138)
C. Revisions of the SRDP
Since the initial release of the SRDP, CMS has received informal comments from providers and attorneys regarding unclear provisions. Agency representatives have informally commented that they learned about some items that needed clarification after reviewing the first SRDP submissions. (139) In May 2011, CMS released the latest version of the SRDP. This version specified that all physician fees related to a noncompliant arrangement needed to be calculated as part of the disclosing provider's financial analysis. (140) More recently, Lewis Morris, Chief Counsel at OIG, announced that the agency is preparing to release additional guidance regarding self-disclosure, although it has not announced specifically what that guidance will cover. (141) However, there is no indication that CMS is considering the type of significant changes to the SRDP proposed in this Article.
D. Results of the SRDP to Date
The ACA included a provision requiring CMS to report to Congress regarding disclosures by March 2012. (142) The report will include the number of health-care providers or suppliers making disclosures, the dollar amounts collected, and the types of violations reported. (143) CMS representatives have described some of the disclosures to date in very general terms, but have not issued any summaries in writing. (144) OIG's website provides information about its settlements, such as the general nature of the issue and the amount of the settlement. (145) Presumably, CMS's upcoming report to Congress will include similar information.
One hospital has been willing to publicly discuss the results of its self-disclosure to CMS. The settlement occurred prior to the release of the revised SRDP, but it at least provides some guidance as to how CMS conducts negotiations in these matters and on what terms it will settle. (146) That case involved Saints Medical Center in Lowell, Massachusetts. The settlement was for $579,000, an amount lower than the hospital's attorneys' lowest estimate of potential obligation. (147) Attorneys for the hospital said that they had not been given the opportunity to negotiate the settlement at all; nonetheless, they were pleased with the amount in light of potential penalties. (148)
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Introduction through II. The Self-Disclosure Protocol, p. 169-196|
|Author:||Veilleux, Jean Wright|
|Date:||Jan 1, 2012|
|Previous Article:||University opposition to unfettered research: a new bedfellow for biotech?|
|Next Article:||Catching flies with vinegar: a critique of the centers for Medicare and Medicaid self-disclosure program.|