Changes to the CMS Self-Referral Disclosure Protocol: Continuing Challenges & Issues Providers Need to Address Before Disclosure

The Centers for Medicare & Medicaid Services recently revised the Voluntary Self-Referral Disclosure Protocol (SRDP) through which individuals may disclose actual or potential violations of the federal physician self-referral law (Stark Law). Beginning June 1, 2017, disclosing parties will be required to utilize and submit standardized SRDP forms. According to CMS, the forms are intended to reduce the burden on disclosing parties by providing a “streamlined and standardized” format for disclosing actual or potential violations. These forms present several new challenges, however, and do little to address the tremendous complexities endemic to the Stark Law and its numerous exceptions—such as the exceptions’ writing requirement. Despite CMS guidance and recent case law, the Stark Law continues to pose a web of compliance and disclosure challenges. The unwary risk further entanglement by the new SRDP format issued by CMS.

The Stark Law

The Stark Law prohibits physicians from making referrals for certain designated health services payable by Medicare to an entity with which he or she has a financial relationship, unless an exception applies. Providers who may have violated the Stark Law can use the SRDP to potentially limit liability exposure by disclosing their actual or potential noncompliance to CMS prior to any governmental investigation or enforcement action. Since the enactment of the Affordable Care Act, there has been a significant uptick in the collection of overpayments under the Stark Law. CMS has collected over $23 million from SRDP settlements since 2011, with almost half of all settlements occurring in 2016 alone.

In addition to such liability, the Stark Law can be used as a predicate for liability under the False Claims Act (FCA) and the federal Anti-Kickback Statute. Since 2011, there also has been a notable increase in government enforcement of the Stark Law particularly under the FCA. In 2013, the federal district court in Columbia, South Carolina imposed a landmark $237 million judgment against Tuomey Healthcare System in an FCA case predicated on violations of the Stark Law. Tuomey Healthcare System ultimately settled the case with the Department of Justice for $72.4 million. In 2014, Halifax Medical Center and Halifax Staffing Inc. agreed to pay $85 million to resolve an FCA case predicated on the Stark Law. The prospect of such punitive settlements has made it increasingly important for health systems to carefully craft its contracts with providers and to use the SRDP to resolve potential noncompliance under the Stark Law prior to any government investigation or enforcement.

The New SRDP Forms

Until now, the SRDP required a disclosing party to submit to CMS certain information but did not prescribe a strict format; disclosing parties had significant flexibility in how to package the information they disclosed to CMS.  In an effort to streamline the SRDP review process, however, CMS issued three new mandatory forms for SRDP submissions. Disclosing parties now will need to follow a more exacting format for SRDP submissions that may require the disclosure of greater detail.

Beginning June 1, 2017, in addition to other required information, disclosing parties will now need to submit: (1) the SRDP Disclosure Form; (2) the Physician Information Form(s); and (3) the Financial Analysis Worksheet.

SRDP Disclosure Form: This form requires information about the disclosing party, including information regarding the disclosing party’s history of abuse, the pervasiveness of noncompliance, and steps to prevent future noncompliance.

Physician Information Form: For each physician included in the disclosure, the disclosing party must submit a separate Physician Information Form detailing the noncompliant financial relationship(s) between the physician and the disclosing party.

Financial Analysis Worksheet: This form requires the disclosing party to quantify the overpayment for each implicated physician included in the disclosure who made referrals. The Worksheet must be submitted in Microsoft Excel-compatible format.

Key Changes in the Revised SRDP

• The revised SRDP requires the disclosing party to provide information about the pervasiveness of noncompliance, which it defines as “how common or frequent the disclosed noncompliance was in comparison with similar financial relationships between the disclosing party and physicians.” It provides examples of pervasiveness, including a percentage estimate of the noncompliance across all financial relationships. This may present an added burden for disclosing parties in interpreting “pervasiveness” and evaluating the pervasiveness of noncompliance within their institutions.
• For disclosures of potentially noncompliant financial relationships involving more than one physician, the disclosing entity must submit a separate Physician Information Form for each physician. This may be burdensome for hospitals and other large providers that often have financial relationships involving numerous physicians.
• The revised SRDP requires submissions to include a Financial Analysis Worksheet in which each physician’s overpayments must be quantified. Previously, the SRDP required financial analyses but did not prescribe a specific format.
• The revised SRDP establishes a new ongoing obligation of the disclosing party to update CMS of any changes in ownership of the disclosing entity.
• The revised SRDP requires the disclosing party to certify for each disclosed noncompliant financial relationship that either: (a) the applicable financial relationship was noncompliant; or (b) that because it cannot confirm that the financial relationship complied with the Stark Law, the party certifies noncompliance with the law. This is a departure given that previously, a disclosing party only needed to certify potential noncompliance.
• The revised SRDP also eliminates a requirement: that the disclosing party include a description and evaluation of its pre-existing compliance program.
• The revised SRDP incorporates the 6-year lookback period set forth in the final overpayment rule. All providers and suppliers submitting self-disclosures on or after March 14, 2016 are subject to the 6-year lookback period for reporting and returning overpayments.

Continuing Challenges Under the Stark Law and the SRDP

These changes, although intended to streamline the SRDP submission process, present several new challenges and do not address the difficulties disclosing parties already face in meeting exceptions under the Stark Law. For example, many hospitals and other entities encounter difficulties when financial arrangements are not formalized in a written contract. In order to meet certain exceptions, financial arrangements must be “set out in writing.” In November 2015, CMS issued a final rule in which it stated that a “collection of documents” may be sufficient to satisfy the writing requirement. While this guidance was helpful,  a health system may still need to compile and review myriad documents including emails, invoices, copies of checks, and other information dating back years before a disclosure can be made to CMS under the revised SRDP. This search and review of documents is often time-consuming and costly.

A March, 15, 2017 ruling in a False Claims Act qui tam case, United States ex rel. Emanuele v. Medicor Assocs, sheds some light on the specific documents required to satisfy the writing requirement; however, the clarification provided by the court does little to alleviate the document collection burden faced by providers under the SRDP. In the case, a collection of emails, an internal summary, an unsigned draft agreement, and a letter identifying a three-year term for the arrangement at issue were presented by the defendants as a “collection of documents.” The court found that “[w]hile these kinds of documents may generally be considered in determining whether the writing requirement is satisfied, it is essential that the documents outline, at an absolute minimum, identifiable services, a timeframe, and a rate of compensation.” After determining that such critical elements were missing from the collection of documents, the court found that the documents did not establish a writing for purposes of Stark Law. While this ruling helps to clarify the content necessary to form a collection of documents that meets the writing requirement, hospital systems are still left with the onerous task of collecting and analyzing countless documents to meet this standard.  Further, as noted above, the revised SRDP does nothing to alleviate the burdens associated with these document collection efforts.

The writing requirement highlights just one element of the Stark Law and the associated challenges providers face in determining whether to disclose under the SRDP. Other elements of the Stark Law exceptions with which parties continue to struggle while preparing disclosures include assessing fair market value, commercial reasonableness, and the timing at which an agreement was formed. The complexity of requirements under the Stark Law exceptions require providers and hospital systems to expend substantial resources on administrative tasks compiling and reviewing documents—resources that could be better used serving patients and administering health care.

Even so, the SRDP remains a valuable path to resolution of potential violations under the Stark Law. We expect that the revised SRDP, with its new standardized forms, will streamline the review process for CMS. Speeding up the review process will be a welcome result and will allow health systems to resolve their SRDP disclosures quicker once submitted. Though the forms associated with the SRDP present new challenges and do not simplify the complex analysis required for compliance with the Stark Law, health systems should expect that once they decide to disclose to CMS, the process to prepare a disclosure will remain largely unchanged.   Given the complexity of the Stark Law and the legal risk exposure it often presents, it is important for hospitals, group practices, and other providers to vigilantly monitor compliance and assess whether a disclosure under the SRDP is advisable.