Congress Acts on the Stark Disclosure Dilemma: Federal Health Reform Authorizes New Stark Self-Disclosure Protocol
Authors: Robert D. Belfort | Emily Lee
On March 23, 2010, President Obama signed into law the Patient Protection and Affordable Care Act, H.R. 3590 (“PPACA”). In addition to enacting a myriad of health care reform provisions, Section 6409 of the PPACA requires the Centers for Medicare and Medicaid Services (“CMS”) to create a self-disclosure protocol under which healthcare providers may voluntarily report potential Stark Law violations. This is a welcome development for hospitals and other health care providers that discover unintentional or “technical” violations of Stark and face potentially massive exposure to liability for such violations without any clear mechanism to fairly resolve these claims.
Background. Stark prohibits physicians from referring Medicare patients for certain designated health services (“DHS”) to any entity with which the referring physician (or an immediate family member) has any direct or indirect financial relationship, unless an exception applies. 42 U.S.C. § 1395nn(a)(1)(A). In addition, Stark prohibits entities from billing Medicare for services provided pursuant to a prohibited referral. Stark regulations further require the entity that collects payment for DHS performed in connection with a prohibited referral to refund all collected amounts on a timely basis. 42 C.F.R. § 411.353(d).
Because Stark is a strict liability statute, failure to comply with its many technical requirements can result in significant penalties regardless of a provider’s lack of intent to violate the statute. For example, if a lease agreement between a hospital and a physician expires and is not renewed within six months of the expiration date, all referrals of Medicare patients by the physician to the hospital after such period violate Stark. The hospital may not have learned of this lapse in paperwork until years have passed. By then, the hospital may have received payment of millions of dollars for services attributable to referrals from that physician, all of which are subject to recoupment by the government. This liability attaches even if the physician continued to pay rent that was consistent with fair market value.
Reporting such technical violations to CMS has been problematic for providers because CMS has historically taken the position that it does not have the authority to negotiate a settlement less than the full value of the Medicare billings resulting from the tainted referrals.
Use of OIG Self-Disclosure Protocol. In April 2006, the U.S. Department of Health and Human Services Office of Inspector General (“OIG”) announced an initiative to promote disclosure of potential Stark and/or Anti-Kickback Law violations under the OIG’s Self-Disclosure Protocol (“SDP”). See OIG Open Letter to Health Care Providers (April 24, 2006). In the letter, OIG indicated that monetary settlements in SDP cases would generally be for amounts near the lower end of the damages spectrum. To avoid the problems raised by disclosure to CMS, many providers opted to disclose technical Stark violations through the SDP, as such disclosures could result in settlements for less than the full value of Medicare billings and protection from potential qui tam lawsuits under the False Claims Act (“FCA”).
However, in March 2009, OIG announced that it would no longer accept disclosure of a Stark violation in the absence of a “colorable” violation of the Anti-Kickback Statute. See OIG Open Letter to Health Care Providers (March 24, 2009). Further, OIG announced that it would accept only matters involving a settlement of at least $50,000. OIG indicated that its decision to narrow the scope of the SDP was based partly on lack of resources.
The OIG’s exclusion of Stark Law violations from the SDP left health care providers with limited and unappealing options for addressing inadvertent Stark violations. Those options consisted of reporting to CMS, the Medicare payment contractors (fiscal intermediaries and carriers), or to the U.S. Department of Justice (through the local U.S. Attorney’s Office). None of those approaches gave providers comfort that they could negotiate a reasonable settlement commensurate with the nature of the violation.
To complicate matters, the Fraud Enforcement and Recovery Act of 2009 (“FERA”) amended the FCA in a manner that increased the risk of FCA exposure for health care providers that discover technical Stark violations. Post-FERA, the FCA imposes civil penalties of up to $11,000 for each claim -- plus treble damages -- on any person who “knowingly and improperly avoids or decreases an obligation to pay or transmit money or property to the Government,” even in the absence of an affirmative false statement. 31 U.S.C. § 3729(a)(1)(G). Thus, a provider that discovers an inadvertent Stark Law violation, and does not repay Medicare for payment collected for DHS performed under a prohibited referral, theoretically could be exposed to massive penalties under the FCA for knowingly avoiding an “obligation” to repay the government.
Creation of a Stark Self-Referral Disclosure Protocol under the PPACA. Congress has taken an important step in addressing the current predicament faced by health care providers by establishing a new process for reporting Stark violations:
- Establishment of an SRDP. Section 6409 of the PPACA requires the U.S. Department of Health and Human Services (“HHS”) to work with OIG to establish a protocol for self-disclosure of actual and potential Stark violations (“SRDP”) by September 23, 2010. The SRDP must include direction to healthcare providers on i) a specific person, official, or office to whom such disclosures shall be made; and ii) instruction on the implication of the SRDP on corporate integrity agreements and corporate compliance agreements.
- CMS authority to negotiate settlements of Stark violations. Significantly, Section 6409 expressly authorizes HHS to reduce amounts due and owing for Stark Law violations. In determining amounts owed for a violation, HHS may consider factors such as i) the timeliness of the self-disclosure; ii) the provider’s cooperation in providing more information related to the disclosure; iii) the nature and extent of the improper or illegal practice; and iv) any other factors HHS considers appropriate. This is an important development as it gives CMS explicit authority to compromise repayment amounts to less than the full value of Medicare billings at issue.
- Relationship to Stark Advisory Opinion Process. Section 6409 also clarifies that the SRDP process is to be separate from the Stark advisory opinion process established under 42 U.S.C. § 1395nn(g).
- Publication of SRDP information. HHS must issue instructions on how to disclose actual or potential violations pursuant to an SRDP on CMS’s website.
- Report to Congress. No later than 18 months after the date on which the SRDP protocol is established, HHS must provide Congress with a report on i) the number of health care providers making disclosures pursuant to the SRDP; ii) the amounts collected pursuant to the SRDP; iii) the types of violations reported under the SRDP; and iv) such other information as may be necessary to evaluate the impact of the SRDP legislation.
There are several issues that are not addressed in the legislation. For one, it is unclear how the SRDP will relate to OIG’s SDP when the conduct at issue potentially implicates both the Stark and Anti-Kickback Laws. Moreover, the legislation does not address how disclosure through the SRDP will affect the operation of a separate provision in the PPACA that requires the reporting and returning of an identified Medicare overpayment by a specified deadline. An earlier version of the legislation passed by the House included a provision providing that disclosure through SRDP extended the deadline for return of an overpayment under that section. Nonetheless, the legislation is a favorable development for hospitals and other health care entities that face enormous potential exposure to liability for largely technical Stark violations, and should provide a more equitable and reasonable means for resolving provider liability for such violations.
back to top
For additional information on this issue, contact:
Robert D. Belfort Mr. Belfort has extensive experience representing healthcare organizations on regulatory compliance and transactional matters. His clients include hospitals, community health centers, mental health providers, pharmacy chains, health insurers, IPAs, pharmaceutical manufacturers, pharmacy benefit managers, information technology vendors and a variety of other businesses in the healthcare industry. He has also worked extensively with healthcare industry trade associations.
Emily Lee Ms. Lee’s practice focuses on a wide variety of healthcare regulatory and transactional issues.