Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Updated OIG's Self-Disclosure Protocol

OIG reviews OIG's Self-Disclosure Protocol.

Podcast thumbnail image


I am Tony Maida with the Office of Inspector General and I am going to give you information on an important issue for healthcare providers - what to do when you discover conduct that may violate the federal fraud and abuse laws.

OIG has created a way for you to disclose that conduct to us, it's called the Provider Self-Disclosure Protocol. I am going to explain when self-disclosure can be the right decision for your organization and what to expect when you enter the Protocol.

OIG has long believed that timely corrective action, including self-disclosure, is a key element of an effective compliance program.

We recognize that disclosing issues to the Government is not an easy decision. But, when you disclose a problem in good faith, you are demonstrating that your organization has embraced a culture of compliance and is committed to dealing with the Federal health care programs with integrity. In a disclosure, you get to work collaboratively with the Government towards a resolution. It may sound odd to say providers disclosing fraud are able to work collaboratively with the Government, but it can happen when a provider self-discloses. That provider is in a very different position than one who is under investigation because of a whistleblower complaint or other leads.

Also, keeping Federal health care program payments that you should not have can create additional liability under the False Claims Act and the Civil Monetary Penalties Law.

What should you do when you find a problem? Here are three things to do:

First, clarify the issue and confirm that it is a potential fraud issue. Issues that are only overpayments or innocent mistakes can be reported to your Medicare contractor through the normal refund process.

Second, consult with a health care attorney who has experience dealing with the federal health care programs. They will be helpful in confirming that you in fact have a problem and what your options are for reporting it.

Third, decide where to disclose the conduct. Disclosure to your local US Attorneys' Office may be appropriate depending on the conduct. Also, CMS has created a disclosure process specifically for Stark Law violations. And OIG has its Protocol.

Here's how to self-disclose to the OIG:

OIG's website has instructions on how to submit a disclosure. Since we created the Protocol in 1998, many providers have used it. We revised the Protocol in 2013 to give more guidance on how to properly make a submission. To date, monetary recoveries have exceeded $280 million dollars.

The most common issues providers disclose include billing for items or services furnished by excluded individuals, evaluation & management services and DRG upcoding, duplicate billing, alteration or falsification of records, and kickbacks & Stark Law violations.

How can you make your Protocol resolution process go smoothly? Here are three pieces of advice:

Carefully think about the timing of a disclosure to avoid disclosing prematurely. Your internal investigation and damages calculation needs to either be finished or you need to commit to being done within three months of your submission.

We ask for a lot of specific information in the submission, including a full description of the conduct. Please provide it all. Incomplete submissions may be rejected and may otherwise delay our review process.

Please respond promptly to requests for more information. We need, and expect, your cooperation in reaching a resolution efficiently.

The plan is for all disclosures to end in a settlement agreement, either an FCA settlement with DOJ and OIG, or a CMP settlement with OIG.

In recognition of coming forward and disclosing conduct, OIG gives two important incentives. First, providers generally are permitted to pay a lower settlement amount as compared to providers who do not self-disclose. Second, the OIG does not require a Corporate Integrity Agreement as long as the provider has fully cooperated with the disclosure process.

Disclosing a problem and working with the Government to resolve it in a cooperative way shows that your compliance program is alive and well in your organization. The saying "actions speak louder than words" rings especially true here. That is why we have these two valuable incentives: a lower settlement amount and presumption against having a CIA, to recognize providers who do the right thing and have fully embraced a culture of compliance.

OIG is committed to working collaboratively with providers to resolve disclosed conduct. When we work together, we can strengthen the integrity of the federal health care programs.