It is always important to consider how different parts of the government handle voluntary disclosures. The FCPA enforcement initiative has been largely the result of the voluntary disclosure process, and the government continues to urge companies to disclose potential violations. Other enforcement programs follow different voluntary disclosure protocols.
In the healthcare industry, the HHS-OIG has established its own voluntary disclosure process. Assuming a company has identified potential violations relating to billing errors, Medicare/Medicaid overpayments, there are certain steps which need to be taken. As usual, there are difficult balancing issues between potential benefits of disclosure and significant costs which may result.
Once a billing error is discovered, a provider has to decide whether to suspend billing, notify the payor, make or offer repayment, or take some other corrective action.
The OIG expect providers to find mistakes, report them and come forward on their own initiative. This all sounds familiar to those in the FCPA area. Voluntary disclosure can help a company avoid a criminal prosecution, significant penalties under the civil False Claims Act provisions.
Voluntary disclosures under the False Claims Act are usually made within 30 days of discover (at least an initial notification) and can significant reduce exposure from three times the amount of damages to less than two times.
Since a failure to return an overpayment within 60 days can create a False Claims Act liability, a provider may need to report and/or return the payment before an internal investigation has been completed. When focusing on billing errors, the investigation needs to quickly assess whether the billing errors were negligent or intentional.
Where there is just a negligent mistake, a provider can make an initial disclosure to a fiscal intermediary and/or insurance carrier, or Medicare contractor (overpayment) processes claims and issues payments on behalf of the government. The contractor will refer the matter to the OIG which if the overpayment raises concerns about the integrity of the provider. If there is potential civil or criminal exposure, a decision needs to be made whether to bring the matter to the attention of DOJ, OIG or a State Medicaid Fraud unit.
Under the OIG’s self-disclosure program, the OIG offers leniency when a provider identifies problematic conduct, remedies the conduct and prevents it from recurring and makes a full and timely disclosure. In such circumstances, the OIG may decline to impose a Corporate Integrity Agreement.
The OIG has encouraged self-reporting in the case of anti-kickback violations. For kickback violations, the OIG imposed a minimum $50,000 civil penalty. For years, the OIG declined to offer a self-disclosure process for Stark Act violations. Recently, the OIG announced a Stark Act voluntary disclosure program. The OIG has prescribed specific filing requirements for self-disclosures, including specific representations and certifications.
One thing is clear – the OIG has been overwhelmed by the voluntary disclosure process and there are significant delays in the processing of the cases. As time goes on, the process will develop more history and governing practices will become informal rules and expectations. It is something to keep in mind as the government continues to push voluntary disclosures across all enforcement programs.