
PBM audits may provide an opportunity for providers to significantly reduce potential liability to government payors using OIG’s Self-Disclosure Protocol (SDP). The process, however, is not straightforward, and involves a number of complex considerations.
OIG’s Self-Disclosure Protocol is Limited to Certain Types of Conduct
The SDP applies broadly to participants across the healthcare spectrum, including pharmaceutical manufacturers, distributors, and individual healthcare providers. On the other hand, the SDP limits the type of conduct that is eligible for disclosure.
Specifically, the SDP applies only to potential violations of criminal, civil and administrative laws, including false billing and violations of the Anti-Kickback Statute. Put differently, mere overpayments or mistakes are not eligible for disclosure.
In short, OIG's program is available to all healthcare entities and providers, but the disclosure must specifically identify the criminal, civil or administrative laws that potentially were violated.
OIG’s Self-Disclosure Protocol Requires Full Disclosure of Relevant Facts
A disclosure will not be accepted by OIG unless all required details are included in the submission. For example, if the conduct at issue involved false billing, OIG expects the disclosing party to provide an estimate of the amount improperly paid by government programs through a review of (1) all the claims affected by the disclosed matter; or (2) a statistically valid random sample of at least 100 claims that can be projected to the population of claims affected by the matter.
Similarly, if the conduct disclosed involves a potential violation of the Anti-Kickback Statute, the submission must include an analysis of why each disclosed arrangement potentially violates the law, including the participants' identities, their relationship to one another, the payment arrangements, and the dates during which each suspect arrangement existed.
Finally, the disclosing party must submit an estimate of the amount paid by federal healthcare programs for the items or services associated with potential violations of the Anti-Kickback Statute, and the dollar amount of the remuneration or "kickback" involved in the suspect arrangement.
OIG’s Self-Disclosure Protocol Limits Liability for False Claims Act Damages
Under the False Claims Act, which penalizes the submission of false claims, the government is entitled to recover triple the amount it paid, plus mandatory civil penalties per claim. For example, if the government paid $2,000 on an invalid claim, it would be entitled to recover $6,000 plus additional penalties.
OIG's SDP, however, permits parties to resolve claims liability for 1.5X the amount paid. In other words, in our example, if the government paid $2,000 on an invalid claim, under the SDP a disclosing party would be permitted to resolve that liability for $3,500.
OIG therefore incentivizes parties to self-report potential violations through a 50% or greater reduction in the amount of any penalty imposed.
OIG’s Self-Disclosure Protocol Includes Additional Incentives for Providers to Self-Report
In negotiated settlements with the government, the "repayment" portion for the claims at issue may constitute "restitution" for purposes of a deduction against business income depending on the disclosing party's tax filing circumstances.
OIG also permits settlement based on an "ability to pay" analysis, which requires the submission of additional information, including tax returns and bank account statements. An "ability to pay" settlement with OIG, however, often can be reached at a substantial discount, and does not implicate bankruptcy considerations.
OIG’s Self-Disclosure Protocol Involves a Number of Complex Considerations
Finally, the determination whether to file a self-report under OIG's SDP is incredibly complex and should not be attempted without the assistance of healthcare defense counsel. The number of considerations, and nuances involved, are highly fact-dependent and must be fully vetted.
For example, what if a self-report is made that involves potential violations of criminal law and OIG rejects the submission? In many circumstances, OIG's SDP can be extremely helpful to resolve potential liability, but the process may not be available or advisable given the specific facts and circumstances at issue.
OIG’s Self-Disclosure Protocol May Facilitate Resolution of PBM Audit Referrals
PBM audits often result in referrals for further investigations to government agencies or government contractors such as Qlarant, which was selected by CMS to serve as the Investigations Medicare Drug Integrity Contractor (I-MEDIC) to detect, prevent, and proactively deter fraud, waste, and abuse in Medicare programs.
Accordingly, in the event of a discrepant PBM audit, providers should consider whether an OIG self-disclosure would be effective to limit exposure for claims arising from potential violations of criminal, civil and administrative laws.
First, proactive resolution of claims liability under OIG’s Self-Disclosure Protocol is likely to result in reduced liability in contrast to a False Claims Act lawsuit.
Second, resolution of claims liability through OIG’s Self-Disclosure Protocol is unlikely to draw the attention of state or Board licensing authority.
Finally, although a criminal resolution may not always be granted, the likelihood of a subsequent criminal prosecution following a full and complete OIG self-disclosure is greatly reduced.
HLA Routinely Guides Clients through OIG’s Self-Disclosure Protocol
Here, at the Health Law Alliance, our attorneys previously served as federal and state prosecutors, and routinely use that deep background and expertise to determine whether an OIG self-disclosure is recommended. In short, our mission is simple: We used to work for them. Now let us fight for you.
MORE ARTICLES BY CATEGORY
How DME Suppliers Can Maintain Compliance with Medicare Enrollment Requirements
If you are a Durable Medical Equipment (DME) supplier and you are fearful of being scrutinized by CMS or the National Provider Enrollment contractors for violating the onerous Medicare enrollment standards, we hope this article will help. It lays out the essential steps to maintain compliance with Medicare's enrollment requirements. We break down the complex regulations surrounding Medicare enrollment standards, covering everything from initial enrollment and accreditation to revalidation and reporting changes, and tells providers to reach out to Health Law Alliance if they are seeking advice.
Read More >>OIG Issues Advisory Opinion 25-03, A Roadmap for Compliant Telehealth Staffing Models
On June 6, 2025, the US Department of Health and Human Services’ Office of the Inspector General issued Advisory Opinion 25-03, offering key compliance guidance for telehealth arrangements involving the leasing of health care providers and other administrative services to a physician-owned professional corporation (PC). Learn more about the opinion and what it tells us about the future of telehealth regulatory compliance.
Read More >>HLA Wins Full Reversal of PBM Audit Findings for Maryland Pharmacy
Health Law Alliance achieved full reversal of final audit findings for a Maryland pharmacy—just one of numerous victories our attorneys has achieved for our clients. Learn more about the stunning reversal and how Health Law Alliance’s tenacious advocacy can help your pharmacy in PBM disputes.
Read More >>HLA Attorney Anthony Mahajan Secures Major Victory Over Cardinal as Federal Court Dismisses Lawsuit Against Independent Pharmacies
Health Law Alliance secured a major win for independent pharmacies with the dismissal of Cardinal Health’s lawsuit, exposing it as a baseless attempt to intimidate smaller providers. This outcome reinforces the firm’s commitment to protecting healthcare businesses from corporate overreach.
Read More >>