Home / Insights / The New Stark Self-Disclosure Protocol

Insight The New Stark Self-Disclosure Protocol

On September 23, 2010, CMS published its much anticipated self-referral disclosure protocol (“SRDP”) for voluntarily self-reporting federal Stark law violations. The SRDP was mandated by § 6409 of the Affordable Care Act (“ACA”). Providers who properly use the SRDP may receive–but are not guaranteed–a reduction in penalties that might otherwise be imposed under Stark.

The Stark Law. The federal Ethics in Patient Referrals Act (“Stark”) generally prohibits physicians from referring certain designated health services to entities with which the physician, or a member of the physician’s family, has a financial relationship unless the arrangement is structured to fit within specific regulatory exceptions. (42 U.S.C. § 1395nn; 42 C.F.R. § 411.350 et seq.). It also prohibits entities from billing Medicare for items or services provided pursuant to an improper referral. (Id.). Stark is a strict liability statute: even technical violations trigger the statutory penalties regardless of the physician’s or entity’s intent; there is no “good faith” compliance.

Penalties for Stark Violations. Entities that violate Stark must refund any payments received from Medicare or patients for items or services improperly referred by the subject physician during the period of the Stark violation. (42 C.F.R. § 411.353(d)). Per Stark, the refund must be made within 60 days after the covered entity receives the Medicare payment; entities that fail to return the repayment within the 60-day window may be subject to a $15,000 civil penalty. (Id. at § § 1001.102(b)(9), 1001.103(b), and 1003.101). As discussed in our earlier Health Law Updates, the ACA contains a separate requirement that entities report and repay any Medicare overpayments by the later of 60 days after the overpayment was identified or the date any corresponding cost report is due; failure to do so violates the federal False Claims Act and Civil Monetary Penalties Law. (ACA § 6402). The net result is that failing to timely report and repay amounts due because of Stark violations could also expose the physician or billing entity to False Claims Act penalties and Civil Monetary Penalties, including fines ranging from $5,500 to $11,000 per violation; treble damages; exclusion from the Medicare and Medicaid programs; and qui tam lawsuits by employees or others who may be aware of the violations.

The SRDP. The new Stark SRDP is located at here. The SRDP contemplates the following activities:

1. The Provider’s Disclosure. Under the SRDP, the provider must submit its disclosure electronically and by mail to the addresses identified in the SRDP. The provider must include the following information when making a disclosure:

  • Description of the actual or potential violations. Among other specified items, the provider must disclose the financial relationships and parties involved; the time periods of non-compliance; “a complete legal analysis” of the relevant issues; the circumstances surrounding discovery of non-compliance, steps taken to prevent further abuses; and whether the entity is under investigation by other government agencies.
  • Financial analysis. Among other specified items, the analysis should state the amount that is actually or potentially due; describe the methodology for calculating the amount due; and summarize the auditing activity and documents upon which the provider relied in calculating the amount due.
  • Certification. An authorized representative must certify that, to the best of the individual’s knowledge, the information disclosed is true and is based on a good faith effort to bring the matter to CMS’s attention.

2. CMS Verification. Upon receipt of a disclosure, CMS will determine whether the provider will be allowed to participate in the SRDP. If the disclosure is accepted, CMS will verify the information disclosed. Matters uncovered during the verification which were outside the scope of the initial disclosure may not be subject to the SRDP, thereby exposing the provider to the full range of statutory penalties. The disclosing party generally must grant CMS access to relevant information and documents and waive associated privileges, with the possible exception of the attorney-client privilege.

3. Payments. Significantly, the obligation under ACA to repay amounts due within 60 days is suspended upon submission of a disclosure as part of the SRDP. CMS advises providers not to make repayments until completion of CMS’s inquiry; instead, entities should place affected funds in an interest-bearing escrow account. If CMS consents, the disclosing provider may make payments, but such payments will not relieve the party from criminal or civil liability. CMS confirmed that, in addition to government payors, the provider must repay individuals who were billed for improperly referred items.

4. Cooperation. Providers are expected to make the disclosure within the time period required for reports under the ACA, i.e., by the later of 60 days after an overpayment was identified or the date the corresponding cost report is due. In addition, providers must fully cooperate with CMS’s investigation. Failure to cooperate may adversely affect the provider when CMS assesses penalties. As with the OIG’s self-disclosure protocol, submitting false information or omitting relevant information may subject the provider to additional liability for criminal or civil penalties.

5. Factors in Reducing Amounts Due. Assuming a provider complies with the SRDP, CMS will consider the following factors in assessing the amounts due: (1) the nature and extent of the improper practice; (2) the timeliness of the self-disclosure; (3) the cooperation in providing additional information relating to the disclosure; (4) the litigation risk associated with the matter disclosed; and (5) the financial position of the disclosing party. Significantly, CMS is not obligated to reduce the amount due, leaving providers at the mercy of CMS.

Relation to the OIG Self-Disclosure Protocol. The SRDP parallels the OIG’s separate self-disclosure protocol (“SDP”) that has been in effect for years. The OIG self-disclosure protocol is not available for Stark law violations; however, because Stark violations may also violate other statutes, providers should carefully consider whether to use the Stark SRDP or the OIG’s SDP. In general, the OIG SDP may be more appropriate if the provider believes the Stark violation resulted from intentional, knowing, or criminal conduct. In the SRDP, CMS warned providers that it may refer cases submitted under the SRDP to law enforcement and/or the OIG to prosecute under other federal statutes if the facts and circumstances warrant.

Net Effect of the SRDP. Although participation in the SRDP provides no guarantees, it gives providers a chance to reduce the otherwise substantial penalties that may attach to Stark violations. In addition, it gives the provider additional time beyond the ACA deadlines for investigating, reporting and repaying overpayments. Because the obligation to report and repay exists even if the SRDP is not invoked, providers probably have little to lose and much to gain by participating in the SRDP. If they participate, however, they must fully and timely cooperate or they may be exposed to additional civil and criminal liability.

Prevention – Still the Best Medicine. Although the SDRP provides a mechanism for reducing Stark penalties, the best course is to avoid Stark law violations in the first place. Providers should carefully analyze Stark implications before entering any financial arrangement with a referring physician or their family members, including any ownership, investment, joint venture, compensation, or other contractual arrangement, or any deal in which physicians provide or receive free or discounted items or services. In addition, providers should periodically review such arrangements to ensure ongoing compliance during the term of the arrangement. Given the complexity of Stark as well as the potential consequence for violations, providers should seriously consider consulting with experienced health care attorneys who understand and can identify and respond to actual or potential Stark issues.

If you have questions about these or other legal issues, please contact a member of our Health Law group call 208.344.6000.

Related Insights

Corporate Transparency Act - Beneficial Ownership Information Reporting Requirement

The Corporate Transparency Act requires certain entities to disclose the beneficial ownership information from people who own or control a company. We're here to help…


Finding Investment Opportunities in the Modern Zoning Code

The Boise City Council unanimously approved a new zoning code, known as the Modern Zoning Code (MZC), that will go into effect on December 1,…


SECURE 2.0 Update

It has been almost six months since “SECURE 2.0” was enacted as part of the Consolidated Appropriations Act, 2023. There has been no shortage of…


Idaho Liquor License Update

During the final days of the 2023 term of the Idaho legislative session, Senate Bill 1120 (“SB1120”) was passed and signed into law. SB1120 makes…