April 25, 2008Client Alert

OIG Issues Additional Guidance for the Provider Self-Disclosure Protocol

On April 15, 2008 the Department of Health and Human Services Office of Inspector General ("OIG") issued an Open Letter to Health Care Providers (the "Letter"). The Letter discusses additional submission requirements for the Provider Self-Disclosure Protocol ("SDP") and provides additional guidance as to the benefits of complying with the SDP, including avoidance of Corporate Integrity Agreements and fewer monetary penalties.


The SDP was introduced in 1998 after a two-year pilot program. The purpose of the SDP is to encourage health care providers to voluntarily report fraudulent conduct relating to Medicare, Medicaid and other Federal health care financing programs. While disclosure under this program does not result in protection from prosecution, often providers find that by utilizing the SDP they receive more favorable treatment. According to the Letter, the "OIG has returned approximately $120 million to the Medicare Trust Fund through the SDP and participating providers have avoided the costs and disruptions often associated with a Government-directed investigation."

Revisions to a Provider's Initial SDP Submission

The SDP requires that once a provider has discovered fraudulent conduct and decides to voluntarily disclose such conduct under the SDP, the initial submission to OIG should: (1) contain the provider's name, address, provider identification number(s) and tax identification number(s); (2) indicate if the provider knows whether the matter is currently under inquiry or whether the provider is under investigation for other matters involving the Federal health care programs; (3) contain a description of the nature of the matter being disclosed; (4) identify the type of health care provider implicated; (5) disclose the reasons why the violation occurred; and (6) certify that the provider's submission is truthful.

The Letter creates a few more reporting requirements. In addition to the aforementioned items, under the SDP, the provider's initial submission to OIG must contain: "(1) a complete description of the conduct being disclosed; (2) a description of the provider's internal investigation or a commitment regarding when it will be completed; (3) an estimate of the damages to the federal health care programs and the methodology used to calculate that figure or a commitment regarding when the provider will complete such estimate; and (4) a statement of the laws potentially violated by the conduct." Of these additions, item three is particularly notable as it obligates a provider following the SDP to provide its own calculation of estimated damages.

Further Guidance from OIG

In addition to refining the contents of a provider's initial disclosure to OIG, the Letter further clarifies that a provider must be capable of completing an investigation and damage assessment within three months of being accepted into the SDP. Further, providers that the OIG determines are not acting in good faith and/or are not responding to OIG requests for additional information in a timely fashion will be removed from participation in the SDP. The Letter also reasserts OIG's position that the SDP is not appropriate for "mere billing errors or overpayments" and that such disclosures should be made directly to the "appropriate claims-processing entity" and not to OIG. The Letter also states that OIG has refined its internal process for dealing with SDP submissions. This internal streamlining, coupled with prompt, cooperative provider responses, should hasten the SDP process and resolve the fraudulent conduct in a timely manner.


According to the Letter, a provider has much to gain from participating in the SDP. The costs and disruptions to the provider may be minimized when the provider directs the investigation, rather than having to accommodate a Government-directed investigation. Further, participation in the SDP may result in fewer monetary penalties than by ignoring and/or covering up the fraudulent conduct and subsequently being audited by OIG. "A provider's submission of a complete and informative disclosure, quick response to OIG's requests for further information, and performance of an accurate audit are indications that the provider has adopted effective compliance measures. Accordingly, when we negotiate the resolution of the OIG's applicable administrative monetary and permissive exclusion authorities in exchange for an appropriate monetary payment, we generally will not require the provider to enter into a Corporate Integrity Agreement or Certification of Compliance Agreement. We believe that this presumption in favor of not requiring a compliance agreement appropriately recognizes the provider's commitment to integrity and also advances our goal of expediting the resolution of self-disclosures."

back to top