PBM audits may provide an opportunity for providers to significantly reduce potential liability to government payors using OIG’s Self-Disclosure Protocol (SDP). The process, however, is not straightforward, and involves a number of complex considerations.
OIG’s Self-Disclosure Protocol is Limited to Certain Types of Conduct
The SDP applies broadly to participants across the healthcare spectrum, including pharmaceutical manufacturers, distributors, and individual healthcare providers. On the other hand, the SDP limits the type of conduct that is eligible for disclosure.
Specifically, the SDP applies only to potential violations of criminal, civil and administrative laws, including false billing and violations of the Anti-Kickback Statute. Put differently, mere overpayments or mistakes are not eligible for disclosure.
In short, OIG's program is available to all healthcare entities and providers, but the disclosure must specifically identify the criminal, civil or administrative laws that potentially were violated.
OIG’s Self-Disclosure Protocol Requires Full Disclosure of Relevant Facts
A disclosure will not be accepted by OIG unless all required details are included in the submission. For example, if the conduct at issue involved false billing, OIG expects the disclosing party to provide an estimate of the amount improperly paid by government programs through a review of (1) all the claims affected by the disclosed matter; or (2) a statistically valid random sample of at least 100 claims that can be projected to the population of claims affected by the matter.
Similarly, if the conduct disclosed involves a potential violation of the Anti-Kickback Statute, the submission must include an analysis of why each disclosed arrangement potentially violates the law, including the participants' identities, their relationship to one another, the payment arrangements, and the dates during which each suspect arrangement existed.
Finally, the disclosing party must submit an estimate of the amount paid by federal healthcare programs for the items or services associated with potential violations of the Anti-Kickback Statute, and the dollar amount of the remuneration or "kickback" involved in the suspect arrangement.
OIG’s Self-Disclosure Protocol Limits Liability for False Claims Act Damages
Under the False Claims Act, which penalizes the submission of false claims, the government is entitled to recover triple the amount it paid, plus mandatory civil penalties per claim. For example, if the government paid $2,000 on an invalid claim, it would be entitled to recover $6,000 plus additional penalties.
OIG's SDP, however, permits parties to resolve claims liability for 1.5X the amount paid. In other words, in our example, if the government paid $2,000 on an invalid claim, under the SDP a disclosing party would be permitted to resolve that liability for $3,500.
OIG therefore incentivizes parties to self-report potential violations through a 50% or greater reduction in the amount of any penalty imposed.
OIG’s Self-Disclosure Protocol Includes Additional Incentives for Providers to Self-Report
In negotiated settlements with the government, the "repayment" portion for the claims at issue may constitute "restitution" for purposes of a deduction against business income depending on the disclosing party's tax filing circumstances.
OIG also permits settlement based on an "ability to pay" analysis, which requires the submission of additional information, including tax returns and bank account statements. An "ability to pay" settlement with OIG, however, often can be reached at a substantial discount, and does not implicate bankruptcy considerations.
OIG’s Self-Disclosure Protocol Involves a Number of Complex Considerations
Finally, the determination whether to file a self-report under OIG's SDP is incredibly complex and should not be attempted without the assistance of healthcare defense counsel. The number of considerations, and nuances involved, are highly fact-dependent and must be fully vetted.
For example, what if a self-report is made that involves potential violations of criminal law and OIG rejects the submission? In many circumstances, OIG's SDP can be extremely helpful to resolve potential liability, but the process may not be available or advisable given the specific facts and circumstances at issue.
OIG’s Self-Disclosure Protocol May Facilitate Resolution of PBM Audit Referrals
PBM audits often result in referrals for further investigations to government agencies or government contractors such as Qlarant, which was selected by CMS to serve as the Investigations Medicare Drug Integrity Contractor (I-MEDIC) to detect, prevent, and proactively deter fraud, waste, and abuse in Medicare programs.
Accordingly, in the event of a discrepant PBM audit, providers should consider whether an OIG self-disclosure would be effective to limit exposure for claims arising from potential violations of criminal, civil and administrative laws.
First, proactive resolution of claims liability under OIG’s Self-Disclosure Protocol is likely to result in reduced liability in contrast to a False Claims Act lawsuit.
Second, resolution of claims liability through OIG’s Self-Disclosure Protocol is unlikely to draw the attention of state or Board licensing authority.
Finally, although a criminal resolution may not always be granted, the likelihood of a subsequent criminal prosecution following a full and complete OIG self-disclosure is greatly reduced.
HLA Routinely Guides Clients through OIG’s Self-Disclosure Protocol
Here, at the Health Law Alliance, our attorneys previously served as federal and state prosecutors, and routinely use that deep background and expertise to determine whether an OIG self-disclosure is recommended. In short, our mission is simple: We used to work for them. Now let us fight for you.
Telehealth in 2025: What Medicare Providers Should Know
During COVID-19, Medicare expanded telehealth access by waiving geographic restrictions, broadening provider eligibility, and covering more services. These temporary flexibilities are set to expire at the end of 2024, requiring providers to adjust to stricter pre-pandemic rules unless Congress intervenes.
Read More >>DEA Inspections Overview: What to Expect and How to Prepare for a DEA Inspection
Learn what to expect during DEA inspections and how to protect your practice with proactive preparation strategies.
Read More >>Establishing and Documenting Patient-Provider Relationships in Telehealth
Actionable steps to properly establish, document, and maintain these relationships, minimizing risks and enhancing compliance.
Read More >>Top 10 Telehealth Compliance Mistakes You Might Be Making Right Now (and How to Fix Them)
Top 10 list of common telehealth compliance mistakes, with practical advice on how to identify and correct each issue.
Read More >>