More than four years after the Centers for Medicare & Medicaid Services' (CMS) issuance of the Stark Self-Referral Disclosure Protocol (SRDP), it's time to assess the results. The SRDP was designed by Congress to resolve longstanding tensions between CMS and the Office of Inspector General (OIG) over the agencies' respective authority to resolve Stark violations. It accomplished that, but has it resolved the dilemma health care providers face when they discover a Stark problem? As in the parable of the Lady or the Tiger, have providers found gentility or sharp claws when they open the door on the SRDP?
No doubt the SRDP is a compelling compliance option. It tolls the 60-day reporting requirement under Section 6402 of the Affordable Care Act (ACA). It offers the likelihood of settlement for amounts less than—sometimes far less than—the draconian recoupment value of providers' Stark-tainted referrals. And it may even provide an effective defense against subsequent government or whistleblower claims under the False Claims Act (FCA).
But the SRDP also poses its challenges. Submissions under the protocol require a detailed analysis of all Stark exception elements. The estimation of the government's "damages" can entail painstaking calculations of the referral value and must be assembled year by year. Disclosing parties must respond to candid and sometimes uncomfortable questions regarding the existence and adequacy of their compliance programs, and how their reported violation came about. And all of this must be certified by an executive or other "responsible authority" of the submitting provider.
A significant number of SRDP settlements have involved critical access hospitals (CAHs), whose cost-based reimbursement creates even greater challenges in calculating the government's damages as required by the SRDP. In order to arrive at a true estimate of the tainted reimbursement received by these facilities, one needs to multiply the charges submitted for referred items or services by the CAH's cost-to-charge ratio, and then multiply the result by 101 percent (the cost report payment formula used for CAHs). Different cost centers of a CAH will have different cost-to-charge ratios, making this calculation all the more challenging.
Most challenging of all, while settlements through the OIG's Self-Disclosure Protocol average less than 12 months in duration, the queue for the SRDP is much longer. Reports of SRDP submissions languishing for three years or more are not uncommon, particularly if they disclose multiple arrangements. Perhaps CMS' proposed "expedited process," noticed in the Federal Register on May 2, 2014, will help speed things along.
As to whether providers have encountered the Lady or the Tiger, the 53 SRDP settlements as of this writing suggest something in between. The most costly settlement was entered into by a North Carolina hospital in October 2012, which resolved 19 violations for a total of $584,000. On the low side, in September 2012, a physician practice in Ohio resolved a slip-up under the in-office ancillary services exception for a mere $60.
The average of all settlements to date is approximately $110,000. The median is just over $67,000—indicating that a majority of the settlements have been well below the average. Nevertheless, statistics like these can be misleading since CMS' cryptic descriptions on its website seldom reveal the number of violations each settlement resolved, or whether there may have been aggravating factors such as fair market value issues.
Quite intentionally, CMS' assignment of settlement values remains a black box process. Nevertheless, while CMS has staunchly refused to disclose its settlement formulae, the figures to date show that so-called "technical" violations are settling for nominal sums—oftentimes less than $15,000 per violation. Technical violations include missing signatures, expired (but otherwise compliant) contracts, or the lack of written agreements documenting otherwise compliant arrangements. Clearly, CMS' resolution of these matters has borne little relation to the dollar value of the tainted referrals at issue. While good news, the huge discrepancy between a disclosing provider's statutory exposure versus the likely settlement amount under the SRDP can give CFOs headaches when attempting to set financial reserves on Stark liabilities awaiting settlement.
A final factor to bear in mind is that while many settlements under the SRDP have seemed quite reasonable, providers are only getting what they pay for. The releases they receive are quite narrow. CMS' form release (typically not negotiable) expressly reserves claims under the FCA, the Civil Monetary Penalties (CMP) statute, the CMP provisions of the Stark statute, the Program Fraud Civil Remedies Act, OIG's mandatory and permissive exclusion authorities, common law claims, and the possible reopening of paid claims or prior cost reports. Arguably, the mere disclosure of a problematic arrangement under the SRDP—assuming the disclosing party is fully transparent—bleeds accusations of fraudulent or criminal intent under one or more of these statutes, thereby providing a stronger defense if not a rock solid release. Nevertheless, parties seeking greater absolution than the SRDP can provide should consider confessing their sins to the OIG, or perhaps even to their local U.S. Attorney.
Four years down the road, the SRDP remains a promising option for resolving Stark Law violations—especially technical Stark violations. Settlement values may be all over the map, but one thing is certain: they're less than average recoveries in whistleblower and government FCA cases, and oftentimes less than what the lawyers will cost just to defend those cases.