MEDICARE PROVIDERS TAKE NOTE: CMS Streamlines the Stark Law Voluntary Self- Referral Disclosure Protocol, Updates the DHS Code List and Provides Clarification on Providers’ Ability to Cure Noncompliance
Friday, April 14, 2023
Stark Law Voluntary Self Referral Disclosure Protocol
Print Mail Download i

Highlight

In the last few months, the US Centers for Medicare & Medicaid Services (CMS) has made several noteworthy changes and provided a material clarification for providers and suppliers who are subject to the federal physician self-referral law (commonly referred to as the Stark Law). First, recognizing that certain aspects of the submission protocol have been identified as burdensome by stakeholders, CMS streamlined its voluntary self-disclosure process for certain disclosing parties, significantly reducing the number of forms needed to comply with the Stark Law Voluntary Self-Referral Disclosure Protocol (SRDP). Additionally, CMS updated and created new forms under the SRDP, the use of which, effective as of March 1, 2023, is now required. Separately, CMS also recently revised its process for updating its Stark Law code list, which formally defines certain service codes within four categories as designated health services (DHS) under the Stark Law. While updates to the DHS code list are generally released without much fanfare, CMS’s regular annual updates to the Stark Law code list have also changed the scope of services and providers who are subject to the Stark Law. Finally, CMS provided an important clarification that may affect the ability of providers and suppliers to reconcile payment discrepancies more than 90 days after a compensation arrangement has ended.

Background 

At its core, the Stark Law is a technical Medicare payment rule limiting the types of financial relationships that are permissible between entities that furnish DHS (DHS Entities) and physicians. Specifically, unless an exception applies and is satisfied, a physician who has a financial relationship with a DHS Entity may not make a referral for DHS, and the DHS Entity may not submit a claim to Medicare or bill for improperly referred DHS. Violations of the Stark Law, if unaddressed, can lead to False Claims Act (FCA) liability and the concomitant penalties associated with FCA litigation and settlements. Providers may be liable under the FCA for up to three times the value of the claims submitted and per-claim penalties that increase annually with inflation, among other potential civil monetary penalties. The Stark Law’s strict liability nature and the potentially caustic financial penalties associated with the FCA have made Stark Law compliance a primary concern for any entity that bills Medicare for DHS. Considering the potential ramifications for noncompliance, CMS’s voluntary SRDP process continues to be an important and economically viable safety valve for providers to disclose actual or potential Stark Law violations.

In Depth

SRDP Updates

Given the strict liability and technical nature of the Stark Law’s requirements for financial relationships between DHS Entities and physicians, violations are relatively common. Recognizing that the penalties were punitive and steep, the Affordable Care Act (ACA) required CMS to establish a process for providers to self-disclose identified noncompliance with the Stark Law, and take advantage of resulting reduced penalties for noncompliance. In 2017, in an attempt to streamline the self-disclosure process, CMS required the use of new specific forms and a financial worksheet when an entity discloses noncompliant conduct. On June 9, 2022, CMS solicited comments related to proposed revisions to the SRDP. On December 28, 2022, CMS revised the SRDP to further streamline the disclosure process for physician group practices and for entities disclosing multiple financial relationships with physicians when the physician is deemed to “stand in the shoes” of their physician organization. CMS noted in its supporting statement that it received only two comments regarding the proposed changes. Many of the requirements under the revised SRDP forms mirror historical requirements. However, the revised SRDP forms differ in several material respects.

What Has Changed?

  • Group Practice Form. The revised SRDP incorporates a new Group Practice Form that permits physician group practices to report, under a single consolidated form, noncompliance with the Stark Law arising from the failure to qualify as a “group practice” under 42 C.F.R. § 411.352. Prior to this change, a physician practice reporting noncompliance with the group practice requirements was required to complete a Physician Information Form for each individual physician member of the practice who made prohibited referrals to the practice, even when the noncompliance was similar or identical to that of the noncompliance with respect to other physicians in the group (e.g., an issue with the physician practice’s ability to qualify as a “group practice” or a single physician compensation methodology). This process was extremely cumbersome for large physician practices that were required to reproduce the same general narrative description regarding the noncompliance, but with specific information and sometimes very slight tweaks for each single physician member. Under the revised protocol, physician practices may submit the information requested under a less laborious process using a single Group Practice Form.

Consistent with prior requirements under the SRDP, which require the submission of a financial analysis worksheet in Excel format that details, on a year-by-year basis, the overpayments associated with each individual physician’s prohibited DHS referrals, CMS has now implemented a similar requirement for group practice SRDP submissions. The physician practice must submit a financial worksheet that includes each physician’s name, national provider identifier (NPI), relationship to the group (i.e., owner, employee or contractor), a statement of whether the physician received compensation in a manner that was inconsistent with the group practice requirements, and a description of the period of noncompliance. The requested information must be submitted in a consolidated Excel-compatible file and can be submitted as a separate tab of the group’s financial analysis worksheet as part of the SRDP filing. With respect to both the financial analysis and the group practice supplemental information required in Excel format, CMS has clarified that such spreadsheets should be submitted in a form that prevents editing.

Of note, the Group Practice Form cannot be used to report noncompliance arising solely from the failure of an entity to satisfy all the requirements of the Stark Law exceptions for ownership or investment interests, or compensation under 42 C.F.R. § 411.355. For example, a physician practice that both fails to qualify as a group practice and fails to satisfy a requirement of the in- office ancillary services exception, which is not uncommon, must use both the Group Practice Form and separate individual Physician Information Forms for each physician in the practice who made prohibited referrals.

Also of note, the new Group Practice Form contains an updated interpretation of the “date of discovery” for SRDP purposes and requires groups to newly disclose the “approximate date that the party discovered the actual or potential noncompliance.” While CMS’s old language required the date the party “determined that it received an overpayment” and directed filers to “see § 401.305(a)(2),” the updated language specifically notes that this new date of discovery “is not the same date as the date the overpayment was identified under § 401.305(a)(2).” These changes also are mirrored in the updated Physician Information Form template, although the financial analysis worksheet instructions continue to require disclosure of the “date that the overpayment associated with the physician was identified.”

  • Use of a single Physician Information Form. The revised SRDP instructions permit a disclosing party to submit a single Physician Information Form for all physicians who stand in the shoes of the physician organization. Specifically, when a disclosing party discloses multiple compensation arrangements with physicians solely because the individual physicians are deemed to “stand in the shoes” of a physician organization that is party to a noncompliant arrangement, the disclosing party may submit a single Physician Information Form along with a list of (i) each physician who is deemed to have the same noncompliant compensation arrangement as the physician organization, (ii) the impacted physicians and (iii) the period of noncompliance for each physician. This is particularly important for hospitals and other entities that may have a noncompliant financial relationship with a physician-owned group practice. In this situation, the individual physician owners of the group practice are deemed to “stand in the shoes” of the group practice. Accordingly, a hospital submitting an SRDP for a noncompliant relationship with a group practice may now submit a single Physician Information Form for the physician-owners of the group practice.

  • Certification. Going forward, disclosing parties may submit electronic certification statements. Previously, hard-copy, signed certification statements had to be physically mailed to CMS’ Division of Technical Payment Policy, separate from the electronic filing. Disclosing parties now have the option to either mail the certification or submit it electronically with the SRDP. While not a major change, obtaining and submitting signed paper certification forms was an extraneous step in the SRDP process.

What Remains the Same?

  • Group Practice Form. The revised SRDP incorporates a new Group Practice Form that permits physician group practices to report, under a single consolidated form, noncompliance with the Stark Law arising from the failure to qualify as a “group practice” under 42 C.F.R. § 411.352. Prior to this change, a physician practice reporting noncompliance with the group practice requirements was required to complete a Physician Information Form for each individual physician member of the practice who made prohibited referrals to the practice, even when the noncompliance was similar or identical to that of the noncompliance with respect to other physicians in the group (e.g., an issue with the physician practice’s ability to qualify as a “group practice” or a single physician compensation methodology). This process was extremely cumbersome for large physician practices that were required to reproduce the same general narrative description regarding the noncompliance, but with specific information and sometimes very slight tweaks for each single physician member. Under the revised protocol, physician practices may submit the information requested under a less laborious process using a single Group Practice Form.

Consistent with prior requirements under the SRDP, which require the submission of a financial analysis worksheet in Excel format that details, on a year-by-year basis, the overpayments associated with each individual physician’s prohibited DHS referrals, CMS has now implemented a similar requirement for group practice SRDP submissions. The physician practice must submit a financial worksheet that includes each physician’s name, national provider identifier (NPI), relationship to the group (i.e., owner, employee or contractor), a statement of whether the physician received compensation in a manner that was inconsistent with the group practice requirements, and a description of the period of noncompliance. The requested information must be submitted in a consolidated Excel-compatible file and can be submitted as a separate tab of the group’s financial analysis worksheet as part of the SRDP filing. With respect to both the financial analysis and the group practice supplemental information required in Excel format, CMS has clarified that such spreadsheets should be submitted in a form that prevents editing.

Of note, the Group Practice Form cannot be used to report noncompliance arising solely from the failure of an entity to satisfy all the requirements of the Stark Law exceptions for ownership or investment interests, or compensation under 42 C.F.R. § 411.355. For example, a physician practice that both fails to qualify as a group practice and fails to satisfy a requirement of the in- office ancillary services exception, which is not uncommon, must use both the Group Practice Form and separate individual Physician Information Forms for each physician in the practice who made prohibited referrals.

Also of note, the new Group Practice Form contains an updated interpretation of the “date of discovery” for SRDP purposes and requires groups to newly disclose the “approximate date that the party discovered the actual or potential noncompliance.” While CMS’s old language required the date the party “determined that it received an overpayment” and directed filers to “see § 401.305(a)(2),” the updated language specifically notes that this new date of discovery “is not the same date as the date the overpayment was identified under § 401.305(a)(2).” These changes also are mirrored in the updated Physician Information Form template, although the financial analysis worksheet instructions continue to require disclosure of the “date that the overpayment associated with the physician was identified.”

  • Use of a single Physician Information Form. The revised SRDP instructions permit a disclosing party to submit a single Physician Information Form for all physicians who stand in the shoes of the physician organization. Specifically, when a disclosing party discloses multiple compensation arrangements with physicians solely because the individual physicians are deemed to “stand in the shoes” of a physician organization that is party to a noncompliant arrangement, the disclosing party may submit a single Physician Information Form along with a list of (i) each physician who is deemed to have the same noncompliant compensation arrangement as the physician organization, (ii) the impacted physicians and (iii) the period of noncompliance for each physician. This is particularly important for hospitals and other entities that may have a noncompliant financial relationship with a physician-owned group practice. In this situation, the individual physician owners of the group practice are deemed to “stand in the shoes” of the group practice. Accordingly, a hospital submitting an SRDP for a noncompliant relationship with a group practice may now submit a single Physician Information Form for the physician-owners of the group practice.

  • Certification. Going forward, disclosing parties may submit electronic certification statements. Previously, hard-copy, signed certification statements had to be physically mailed to CMS’ Division of Technical Payment Policy, separate from the electronic filing. Disclosing parties now have the option to either mail the certification or submit it electronically with the SRDP. While not a major change, obtaining and submitting signed paper certification forms was an extraneous step in the SRDP process.

What Remains the Same?

  • SRDP Disclosure Form. Individuals must still use the general SRDP Disclosure Form and provide background information about the disclosing party, designated representative, pervasiveness of the noncompliance, resolution, and other compliance issues and activities.

  • Physician Information Form. Disclosing parties must continue using the Physician Information Form for all forms of noncompliance other than the failure of a physician practice to qualify as a group practice. CMS also continues to require a Physician Information Form for each noncompliant physician arrangement, except for physicians who stand in the shoes of their physician organization as described above. As noted above, CMS updated its date-of-discovery definition in the Physician Information Form to conform with its new language in the Group Practice Form.

  • Financial Analysis Worksheet. Disclosing parties must provide a financial analysis of the potential overpayment using a six-year lookback period from the date an overpayment was “identified” under applicable law. CMS reiterates that the SRDP process only applies to reports of Medicare Parts A and B overpayments and that the SRDP is not the appropriate administrative remedy for overpayments related to Medicare Parts C or D or to Medicaid. CMS has newly requested that all Excel worksheets submitted under the SRDP be locked for editing.

CODE LIST UPDATES

CMS generally expects providers and suppliers to monitor which of services they provide that are considered to be DHS. While six categories are defined by regulation (without regard to the specific code), CMS annually publishes a code list specifying the Current Procedural Terminology (CPT) / Healthcare Common Procedure Coding System (HCPCS) codes that it considers DHS (the Code List) for four DHS categories: (1) clinical laboratory services; (2) therapy (including physical therapy (PT), occupational therapy (OT) and speech-language pathologist (SLP) services; (3) radiology and other imaging services; and (4) radiation therapy services and supplies. The Code List also lists codes for tests that qualify for the “preventative screening tests and vaccines” exception (if performed for screening purposes, among other requirements). The published Code List does not define DHS codes associated with durable medical equipment, prosthetics, orthotics and supplies, parenteral and enteral nutrition, home heath, outpatient drug, and inpatient and outpatient hospital services categories. The Code List can be a source of frustration for entities attempting to comply with the Stark Law, as the list only covers four DHS service categories, incorporates certain entire ranges of codes by reference, and counterintuitively references certain codes that should not be DHS. As a result, administrators of physician practices can easily miss large swaths of DHS codes or inappropriately flag non-DHS codes.

CMS has recently changed its process for releasing its annual and other updates to the Code List. Its most recent Code List update for calendar year 2023 (CY 2023) has implications for several provider groups, including women’s health providers.

What Changed?

  • Code List publication process. On December 1, 2022, CMS released its proposed annual update to the Code List, identifying all the items and services included within certain DHS categories or that may qualify for certain exceptions for CY2023. Previously, CMS published this annual update in conjunction with its annual physician fee schedule updates. CMS advised that going forward, however, it planned to add codes or advise the public of Code List changes only via the Code List’s specific website. It is unclear if CMS will be making updates outside of its regular annual update using this new process.

  • Substantive codes. For CY2023, CMS made several additions to and deletions from the prior year’s Code List. Notably, CMS added several clinical laboratory HCPCS codes outside of the 80000-series CPT codes and added several codes to its radiology and radiation therapy categories. CMS also removed a handful of codes, including, most notably, two codes associated with mammography imaging that have historically been on the list impacting women’s health providers. (CMS acknowledged that these codes “did not meet the requirements of section 1861(s)(4) of the Act or [their] regulations at § 411.351.”) While these changes are not collectively groundbreaking, the last several years have seen significant updates to the scope of the code list. In 2022, CMS added certain 989-series telemedicine and remote monitoring CPT codes to its CY2022 code list for the first time. In 2021, CMS referenced “any future CPT or HCPCS code designated for a COVID-19 vaccine,” broadly capturing future COVID-related tests and vaccines under the umbrella of the Stark Law. These more recent substantive updates have the potential to subject a variety of new providers and suppliers to the Stark Law referral and billing prohibitions, including certain telehealth providers and those involved with COVID-19 vaccination efforts.

What Remains the Same?

  • Annual updates. CMS will continue to publish annual updates to the Code List “to account for changes in the most recent CPT and HCPCS Level II publications.” These updates will only be made via the Code List website and will be posted on or before December 2 for the following calendar year. These changes could also include new “clarifications” that CMS intends to make to incorporate or remove certain codes or sub- categories of services from the Code List.

  • Only four DHS categories on Code List. While stated in a footnote to the code list, many providers have historically relied on comparisons to the code list to attempt to identify all the DHS they provide. CMS has shown no inclination to publish a more fulsome list of codes or to reference certain fee schedules (e.g., DMEPOS) to define other DHS categories. This frequently causes confusion and issues for providers who may not capture all services that are reimbursed by Medicare in a certain DHS category.

  • Certain codes are incorporated by reference. CMS has also continued its long-standing process of including by reference 80000-series clinical laboratory CPT codes and, newly, COVID-19 vaccine codes. Confusingly, instead of listing the codes it considers DHS, as it does in other categories on the Code List, CMS in fact only lists the 80000-series CPT codes that it does not consider to be DHS. Historically, it has proved difficult for providers to fully utilize the Code List as a reference guide (as they are unable to cross check actual codes). In addition, as noted above, in recent years CMS has also incorporated “[a]ny future CPT or HCPCS code designated for a COVID-19 vaccine” by reference into the code list.

PERIOD OF DISALLOWANCE CLARIFICATION

On February 23, 2023, in an American Health Law Association webinar featuring CMS representatives discussing updates to the SRDP forms, CMS clarified that the special rule for reconciling compensation is a “deeming provision” and that compensation can still be reconciled after 90 days following the termination of a compensation arrangement, potentially avoiding noncompliance with the Stark Law. However, whether compensation can be reconciled to avoid a period of noncompliance will depend on the facts and circumstances of the arrangement.

As background, CMS formally updated its regulations surrounding the period of disallowance (or period of noncompliance) in the 2020 Final Rule intended to modernize and clarify the Stark Law regulations. In the 2020 Final Rule, CMS clarified its policy surrounding when a period of noncompliance can be avoided by providers or suppliers. CMS indicated that when payment discrepancies are identified and rectified in a “timely manner,” the discrepancies would not cause a compensation arrangement to be out of compliance with the requirements of the applicable exception. Further, in response to commenters requesting a “grace period” for correcting errors discovered after the termination or expiration of an arrangement, CMS agreed that a “limited” grace period would not pose a risk of program or patient abuse and finalized a special rule that permitted entities to submit claims for DHS if all payment discrepancies under the parties’ arrangement were reconciled within 90 consecutive calendar days of expiration or termination of the relevant compensation arrangement. CMS codified this policy in the 2020 Final Rule at 42 C.F.R. § 411.353(h).

With the additional recent clarification provided by CMS, parties to an arrangement that expired or was terminated more than 90 days prior to reconciliation of any payment discrepancies may still be able to reconcile compensation, potentially avoiding Stark Law noncompliance. While CMS did not provide the specific elements that should be considered allowing for reconciliation after the expiration of 90 days, it is likely arrangements that are close to the 90-day grace period have a greater chance of being deemed not to  create a period of disallowance under the Stark Law.

Takeaways

Given CMS’s recent SRDP and Code List updates, providers should remain alert to other Stark Law- related changes CMS may make in coming months. With respect to the Code List, entities should ensure they are periodically monitoring the CMS website and take the time to review their current fee schedule / charge master against the Code List on a regular basis to accurately identify DHS furnished by the DHS Entity. DHS Entities should also remember to check their services against CMS’s fee schedules more broadly or consult their attorneys to confirm the scope of their services in the other six DHS categories that are defined independent of the Code List.

The SRDP process is viewed by some providers and suppliers with a certain degree of trepidation. Many providers and suppliers have attempted to structure their operations and internal financial relationships in a manner that is intended to comply with the Stark Law but, for various reasons and upon a careful review (particularly in connection with a transaction), may be technically noncompliant with the Stark Law’s onerous requirements. Providers may be hesitant to notify CMS of a financial arrangement that was intended in good faith to comply with the law and is the result of a lack of clarity about the financial contours of an eventual settlement under the SRDP. The benefits of the SRDP process, however, can in most circumstances outweigh the disadvantages. Considering the potentially ruinous financial consequences of noncompliance, the SRDP provides the opportunity to settle actual or potential noncompliance through a relatively straightforward and commercial pathway. Indeed, and at least historically, most providers and suppliers that have submitted self- disclosures through the SRDP have settled potential violations with CMS for pennies on the dollar and immediately relieved actual or potential overpayment liabilities. The SRDP updates potentially offer providers and suppliers faster resolution of disclosures. This may be especially valuable for DHS Entities that submit disclosures as part of a transaction, and who thus may start to see a faster release of escrowed money and decreased legal costs surrounding SRDP submissions.

To date, many SRDP submissions have taken approximately six to seven years to achieve resolution. While such lengthy timelines are potentially advantageous from a time value of money perspective (CMS does not require submission of payment until resolution of the SRDP settlement process), many of the key individuals who were party to the original SRDP may no longer be easily accessible. Moreover, in the context of a transaction, holding an escrow account open for more than half a decade after closing can often cause consternation from selling parties who agree to make a disclosure through the SRDP. It is yet to be seen whether the new forms will materially decrease the timeframe for resolving disclosures, especially those related to the inability of a physician group to satisfy the group practice definition and physician compensation arrangement under the “stand in the shoes” provisions. However, it seems that CMS is listening to stakeholders and striving to make the SRDP process more efficient and less tedious.

CMS’s clarification regarding the ability of providers and suppliers to recoup and resolve payment discrepancies even after 90 days after the arrangement has ended (and avoid a period of Stark Law noncompliance) should be welcome news to stakeholders. Many providers and suppliers have been racing to rectify payment discrepancies after an arrangement was terminated—and others may have delayed terminating an arrangement to avoid triggering a period of Stark Law noncompliance. There are many circumstances in which a party to a compensation arrangement cannot resolve a payment discrepancy within 90 days after the expiration of an arrangement but is able to do so in a reasonable timeframe. Notwithstanding the flexibility clarified by CMS, parties should still work to rectify any payment discrepancies as soon as practicable to take advantage of the deeming provision and ensure there is no Stark Law noncompliance.

© 2024 McDermott Will & Emery

Current Legal Analysis

More from McDermott Will & Emery

McDermottPlus Check-Up: May 24, 2024
by: Debra Curtis , Kristen O’Brien
German Authorities Take Action to Accelerate Export Control Procedures
by: Dr. Alexa Ningelgen
Weekly IRS Roundup May 13 – May 17, 2024
by: Kevin Spencer , Evan Walters
The Domestic Content Bonus Credit’s Promising New Safe Harbor
by: Heather Cooper , Philip Tingle
Supreme Court: Pure Omissions Cannot Support Rule 10b-5(b) Liability
by: Paul M.G. Helms , Caitlyn M. Campbell
The Gopher State Goes for It: Minnesota Passes Consumer Data Privacy Law
by: David P. Saunders , James S. Mann
Pay for Delay is Sometimes Okay
by: Amol Parikh
Second Circuit Tells Rapper to Face the Music for Failing to Register the Work
by: Karen Gover
Testing Negative: Collateral Order Doctrine Precludes Appellate Jurisdiction
by: Connor M. Larson
Patent Thicket Avoidance: PTO Proposes Changes to Terminal Disclaimer Practice
by: Peter Brunovskis, PhD

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins