When healthcare providers and other government contractors are subject to scrutiny for bills submitted to the government, it is often the result of a whistleblower complaint filed under the qui tam provisions of the False Claims Act.

But what if the healthcare provider or government contractor identifies potential fraud against the government on its own – for example, through an internal compliance audit or hotline call?

In that scenario, the company may be well advised to consider a self-disclosure. This post provides a primer on the various self-disclosure options and how they work.

Repayment to an Agency or Program

Perhaps the most straightforward way to address potential billing misconduct is to repay or refund the affected funds to the relevant government agency or program. For example, a healthcare provider might refund Medicare payments directly to a Medicare Administrative Contractor. Participants in the Medicare program are required to return identified overpayments within 60 days under 42 U.S.C. § 1320a-7k(d).

While this option has the benefit of simplicity and may allow a company to avoid providing detailed information about why it believes a repayment is necessary, it does little to resolve potential liability. For example, a repayment will not affect potential liability for treble damages and civil monetary penalties under the False Claims Act. Nor does it preclude administrative liability under the Civil Monetary Penalties Law. Repayment also does little to prevent a would-be whistleblower from filing a qui tam lawsuit.

That said, simply repaying the funds at issue leaves an entity with the flexibility to aggressively defend against a qui tam lawsuit or government enforcement action down the road. That is because a repayment does not require the repaying entity to acknowledge liability or violations of law. So, when a contractor has reason to believe it should not have been paid, but it is not clear that the payments resulted from violations of the False Claims Act or other laws, making a repayment to the agency or program may be a prudent middle ground.

Self-Disclosure to the Department of Justice

When identified misconduct carries a significantly higher risk of triggering False Claims Act liability, a more practical step may be to disclose the issue directly to the U.S. Department of Justice (DOJ). Such a disclosure will usually be made to the local U.S. Attorney’s Office with jurisdiction over the relevant conduct. Making a self-disclosure to DOJ has several potential benefits.

First, DOJ possesses settlement authority on behalf of the United States. Only DOJ, therefore, can provide a False Claims Act release and a release of any related common law liability on the government’s behalf. Obtaining a release in connection with a self-disclosure is important because it precludes future liability for the conduct at issue and future whistleblower lawsuits based on that conduct.

Second, DOJ’s usual practice is to provide substantial cooperation credit to companies that voluntarily disclose potential False Claims Act violations. As explained in Section 4-4.112 of the Justice Manual, “[e]ntities or individuals that make proactive, timely, and voluntary self-disclosure to [DOJ] about misconduct will receive credit during the resolution of a [False Claims Act] case.” In practical terms, this cooperation credit typically takes the form of the government applying only a 1.5x multiplier to its single damages estimate when negotiating a settlement amount.

In contrast, when DOJ negotiates settlements of False Claims Act violations identified on its own initiative or brought to its attention by a whistleblower, it typically applies a 2x damages multiplier. In light of the large single-damages sums often involved in False Claims Act cases, that difference can be significant. In addition to lower financial penalties, a company’s self-disclosure may also lessen the risk that the government will insist on imposing burdensome collateral remedies, such as a Corporate Integrity Agreement. And DOJ investigations of self-disclosed conduct are often less onerous and far-reaching than investigations of potential misconduct brought to its attention in other ways.

But disclosure to DOJ also poses downside risks—particularly when there are questions about the scope or existence of any liability. For an entity to obtain “maximum credit” in a False Claims Act matter, the Justice Manual provides that the entity’s disclosure must include “identifying all individuals substantially involved in or responsible for the misconduct,” “full[y] cooperating with the government’s investigation,” and taking “remedial steps designed to prevent and detect similar wrongdoing in the future.” Providing this degree of cooperation can be burdensome and costly, and also risks turning up evidence of other, previously unknown (and unrelated) misconduct. While these burdens and risks are inherent features of any government investigation, the posture of an investigation initiated by a self-disclosure may limit an entity’s ability to push back against aggressive liability theories or investigative overreach—at least if the entity hopes to retain credit for its self-disclosure and cooperation.

Still, at least when a False Claims Act violation is relatively straightforward, disclosure to DOJ usually offers the most efficient path toward a timely resolution and at as little cost as possible. As an added incentive for companies considering a self-disclosure, DOJ resolutions reached through self-disclosures typically result in government press releases extolling the entity’s cooperation and commitment to compliance, not criticizing the defendant for committing fraud against the government.

HHS-OIG Healthcare Fraud Self Disclosure Protocol

For healthcare fraud concerns, in particular, companies may also consider disclosing potential misconduct through the Health Care Fraud Self Disclosure Protocol (SDP) offered by the Department of Health and Human Services Office of Inspector General (HHS-OIG). Established in 1998 and recently revamped in 2021, the SDP outlines a process for entities “to voluntarily identify, disclose, and resolve instances of potential fraud involving federal healthcare programs.” The SDP may be used to disclose any potential violation of federal criminal, civil, or administrative law for which civil monetary penalties are authorized. Notably, however, violations of the Stark Law are not eligible for disclosure through the SDP without accompanying violations of the Anti-Kickback Statute.

Making a disclosure through the SDP requires a healthcare provider to conduct at least a preliminary investigation and estimate the damages to the affected federal healthcare program. Only violations involving damages of at least $20,000 (and $100,000 for violations of the Anti-Kickback Statute) are eligible for disclosure through the SDP. As with disclosures to DOJ, disclosures through the SDP require the disclosing party to commit to full cooperation with HHS-OIG, acknowledge liability, and take all necessary corrective actions.

The SDP expressly provides three benefits to entities making disclosures that meet all of the relevant requirements:

  • HHS-OIG will apply a presumption against requiring an integrity agreement as a component of any settlement.
  • HHS-OIG will typically resolve liability for civil monetary penalties using a multiplier of only 1.5x single damages.
  • Disclosure through the SDP tolls the 60-day clock for returning identified overpayments pursuant to 42 U.S.C. § 1320a-7k(d).

Disclosures made through the SDP often are resolved more quickly than disclosures to DOJ and some parties may find that the relevant HHS-OIG officials have more healthcare subject-matter expertise than their DOJ counterparts.

It is important to note, however, that disclosing misconduct to HHS-OIG through the SDP cannot directly provide an entity with a release of potential False Claims Act liability. Unlike DOJ, HHS-OIG has settlement authority on behalf of the United States only as to liability for civil monetary penalties. That said, HHS-OIG has committed to “coordinat[ing]” with DOJ “in resolving SDP matters” and will usually “advocate that the disclosing party receive a benefit from disclosure under the SDP” in connection with any separate False Claims Act resolution. But HHS-OIG has cautioned that “DOJ determines the approach in cases in which it is involved,” and that False Claims Act liability will ultimately be resolved “as DOJ determines is appropriate.” Consider, as well, that HHS-OIG does not commit to “advocating” for disclosing parties in connection with related DOJ criminal matters.

CMS Voluntary Self-Referral Disclosure Protocol

The Centers for Medicare and Medicaid Services (CMS) maintains its own program for disclosures of Stark Law violations, which are not eligible for disclosure through the SDP. The CMS program, known as the Voluntary Self-Referral Disclosure Protocol (SDRP), operates similarly to the SDP and provides specific instructions for identifying, disclosing, and resolving potential Stark Law violations.

Like with SDP disclosures, SDRP disclosures toll the 60-day clock for returning overpayments. While parties disclosing violations through the SDRP must commit to cooperating with CMS—including by providing detailed factual and financial information—successful use of the SDRP may result in financial resolutions well below the potential exposure. Again, however, an SDRP resolution with CMS cannot itself release related False Claims Act liability, as that authority belongs exclusively to DOJ. Resolving matters disclosed through the SDRP can also be a slow process, as the program has typically maintained a significant backlog of pending matters.

Other OIG Self-Disclosure Programs

 In addition to the programs described above, Offices of Inspector General of many other federal agencies maintain their own self-disclosure programs that government contractors may use to report misconduct.

For example, the Department of Defense Office of Inspector General (DOD-IG) maintains a contractor disclosure program through which defense contractors may disclose violations of law consistent with their obligations under FAR Clause 52.203-13, which requires “timely disclos[ure]” of “violations of the criminal law [and] violations of the civil False Claims Act.” The Special Inspector General for Pandemic Recovery also has recently instituted a hotline through which entities and individuals can voluntarily disclose misconduct related to CARES Act funding.

As with the HHS and CMS protocols discussed earlier, however, parties considering disclosures through these other outlets must keep in mind that only DOJ has the authority to resolve False Claims Act liability. When the risk of False Claim Act liability is high, a direct disclosure to DOJ may be the best option.

For more information about the False Claims Act, or for assistance with a matter that may require a self-disclosure, please contact a member of the Bass, Berry & Sims Healthcare Fraud & Abuse Task Force or one of our Procurement Fraud attorneys.