CMS Revises the Self-Referral Disclosure Protocol Requiring the Use of Prescribed Forms for Disclosure of Stark Law Violations

The Centers for Medicare and Medicaid Services (CMS) recently posted revisions to the Voluntary Self-Referral Disclosure Protocol (SRDP), which provides a process for the disclosure of potential or actual violations of the federal physician self-referral law (the Stark Law) (42 U.S.C. § 1395nn). In an attempt to streamline the self-disclosure process, CMS requires the use of new forms and a financial worksheet when an entity discloses noncompliant conduct.

According to CMS’s SRDP web page, all voluntary Stark Law self-disclosures made on or after June 1, 2017, other than those by physician-owned hospitals that failed to disclose physician ownership on a hospital’s public website or in any public advertisement, must be submitted using the new forms and financial worksheet. Physician-owned hospitals are required to continue to report noncompliant conduct referenced above under separate special instructions issued by CMS, which are available on the SRDP web page.

Under the revised SRDP, the required elements of a voluntary self-disclosure will now consist of: (1) the SRDP Disclosure Form, which collects information about the disclosing party, the pervasiveness and history of the noncompliant conduct and steps taken to prevent future noncompliance; (2) the Physician Information Form, which is required for each physician included in the disclosure and which collects details of the noncompliant financial relationship(s) between the physician and the disclosing party; (3) a Financial Analysis Worksheet in a specified format that quantifies the overpayment associated with each physician’s referral(s); and (4) a certification of the truthfulness of the information contained in the disclosure. In addition, a disclosing party may (but is not obliged to) submit a cover letter that includes information that it believes may be relevant to CMS’s evaluation of the disclosure.

Most of the elements of the required disclosure mirror those required under the previous version of the SRDP. However, the revised SRDP differs from the previous version in the following ways:

• The revised SRDP includes an explicit obligation to inform CMS by email if the disclosing party files for bankruptcy, undergoes a change of ownership or changes designated representative.
• The revised SRDP does not require the disclosure of some information that is required under the previous version of the SRDP, such as a description and evaluation of the disclosing party’s pre-existing compliance program. In addition, a disclosing entity is not required to submit information regarding the financial benefit of a noncompliant relationship to the applicable physician(s).
• The SRDP Disclosure Form requires information regarding the pervasiveness of the noncompliance, so as to characterize how common or frequent the disclosed noncompliance was in comparison with similar financial relationships between the disclosing party and physicians or similar services furnished.
• The revised SRDP includes guidance not included in the previous version of the SRDP regarding how to determine and report noncompliant conduct. For example, instructions included in the SRDP Disclosure Form related to determining the pervasiveness of the disclosing entity’s noncompliance provide detailed examples of the application of the “stand in the shoes” provisions of the Stark Law and how to report noncompliance when a physician group fails to qualify as a group practice.
• As one Physician Information Form is required for each physician included in a disclosure, a disclosing entity may be required to complete and submit multiple Physician Information Forms if, for example, all physician owners must stand in the shoes of the disclosing entity or a physician practice fails to meet the definition of a group practice under the Stark Law.
• As CMS noted in a supporting statement to the revised SRDP posted on September 9, 2016, where the most recent version of the SRDP “requires detailed explanations of noncompliance,” the revised Physician Information Form provides checkboxes that “allow parties to quickly identify those elements of an applicable exception that a financial relationship satisfied and those elements that the relationship failed to satisfy.” However, the Physician Information Form continues to require a detailed narrative explanation of the noncompliant conduct and provides prompts for specific details depending upon the nature of the relationship, i.e., whether it involves a compensation or ownership relationship or results from the provision of prohibited services, such as a failure to satisfy the in-office ancillary services exception to the Stark Law’s referral prohibition. Disclosing entities are not required to describe compliant elements of the applicable exception(s).
• In describing the nature of the noncompliance for each Physician Information Form, a disclosing entity must either “(a) certify that the applicable financial relationship was noncompliant (or that the services failed to satisfy an applicable exception at 45 C.F.R. § 411.355), or (b) state that, because it cannot confirm that the financial relationship complied with the physician self-referral law, it is certifying noncompliance with the law.”
• The revised SRDP acknowledges CMS’s expansion of the lookback period for which a party must provide a financial analysis of actual or potential overpayments arising from a violation of the Stark Law to six years. The six-year period runs from the date that the disclosing entity “identified” the overpayment, which is now, by regulation, “when the person has, or should have through the exercise of reasonable diligence, determined that the person has received an overpayment and quantified the amount of the overpayment.” 42 C.F.R § 401.305(a) (2).

The revised SRDP, like the previous version, reminds disclosing parties that the Stark Law statute requires the refund on a timely basis of any payments collected from individuals that were billed in violation of the Stark Law.

CMS solicited comments related to the proposed revisions to the SRDP on May 16, 2016, and noted in its September 2016 supporting statement that it received no comments regarding the revisions. CMS anticipates that the revised SRDP and its required forms will “reduce the burden on disclosing parties by reducing the amount of information that is required for submissions to the SRDP and providing a streamlined and standardized format for the presentation of the required information.”

The self-disclosure reporting protocol program has been increasingly active since its inception in 2011. According to CMS’s Lisa Ohrin Wilson, as of February 28, 2017, CMS has received 882 disclosures under the program, including 82 disclosures reporting noncompliance with website and advertising disclosure requirements. A total of 99 of the disclosures were withdrawn or closed without administrative resolution, 143 disclosures are currently under active review and 9 are on hold. In all, 38.9 percent of all disclosures have been settled, closed or withdrawn and 26.5 percent are under active review. CMS settled a total of 233 disclosures from 2011 through 2016 and has collected $23,209,222 in settlements ranging from $60 to $1,195,763.