Skip to Main Content
Services Talent Knowledge
Site Search


Our attorneys stay on top of changes in legislation, agency regulations, case law, and industry trends—then craft timely legal alerts to keep clients up to date on legal developments important to their business.

February 24, 2010

Provider Self Disclosure

The issue of Self Disclosure continues to expand in importance for health care providers. In many situations, Self Disclosure is mandatory. In other circumstances, voluntary self disclosure can be an effective tool in managing compliance issues and minimizing adverse impacts for providers.

Failure to engage in a mandatory self disclosure can have severe adverse consequences for providers. These might include a more substantial audit recovery, exclusion from Medicaid and/or Medicare, and referral for criminal prosecution.

This Legal Alert discusses when to disclose, where to disclose, and how to disclose. There are three key agencies which providers must consider: The New York State Office of the Medicaid Inspector General; The New York State Deputy Attorney General For Medicaid Fraud Control (MFCU); and the United States Department of Health And Human Services, Office of the Inspector General (OIG).


On March 12, 2009, OMIG issued its guidance on self disclosure. OMIG requires providers to determine whether an inappropriate payment(s) warrants self disclosure, or administrative billing reversal. OMIG notes that the provider may want to consider seeking legal counsel to assist it in choosing a course of action. This guidance is offered because the self disclosure arena is complex, and fraught with risk.

The factors to consider when determining disclosure include:

  • the exact issue;
  • the amount involved;
  • any patterns or trends that the problem may demonstrate with the provider's system;
  • period of non-compliance;
  • the circumstances that led to the non-compliance problem;
  • the organization's history; and
  • whether or not the organization has a corporate integrity agreement in place.

OMIG further notes that some issues should be disclosed, including instances of:

  • substantial routine errors;
  • systematic errors;
  • patterns of errors; and
  • potential violation of fraud and abuse laws.

As can be seen from these standards, the determination of whether a matter requires self disclosure is not simple; and counsel fully familiar with this arena should be engaged at the outset.

Once an OMIG audit or investigation of the provider has begun, self disclosure for the matters encompassed by that audit/investigation is not available. Unrelated matters disclosed during an ongoing investigation may be eligible for self disclosure.

Once a provider has determined that it should disclose to OMIG, that provider must make an initial report containing as a minimum the following information:

  • the basis for the initial disclosure, how it was discovered, the approximate time period covered, and an assessment of the potential financial impact;
  • Medicaid program rules potentially implicated;
  • any corrective action taken, including date the correction occurred, and the process of monitoring to prevent reoccurrence; and
  • names and telephone numbers of individuals making the report on behalf of the provider. That person can be a senior official, outside consultant or counsel.

Following this initial report, provider counsel will consult with OMIG to determine the most appropriate process for proceeding. The provider, through counsel, should be prepared to present

  • a summary of the identified underlying cause of the issue(s) involved and corrective measures taken, if any;
  • detailed list of claims overpaid presented in electronic medium; and
  • names of individuals involved in any suspected improper or illegal conduct.

OMIG will determine the "need to pursue any further administrative action based on the nature of the problem, the effectiveness of the provider's compliance program, the dollar amount involved, the time period, thoroughness and timing of the provider's disclosure, any potential harm to the health and safety of Medicaid patients and the provider's efforts to prevent the problem from recurring." Thus, disclosure to OMIG does not necessarily prevent further administrative action against the provider.


The HHS Office of the Inspector General (OIG) seeks civil monetary penalties and assessments, and can seek exclusion from participation in all Federal health care programs. OIG regularly works with the FBI, and the Department of Justice for matters in which criminal prosecution is sought.

OIG introduced its provider Self Disclosure Protocol in 1998. The Provider Self Disclosure Protocol is open to all health care providers. The fact that a disclosing health care provider is already subject to Government inquiry including audits, investigations or routine oversight activities will not automatically preclude a disclosure. However, the disclosure must be made in good faith, not to circumvent an ongoing inquiry.

The Protocol is intended only to facilitate matters that are potentially violative of Federal criminal, civil or administrative laws. Matters exclusively involving overpayments or errors that do not suggest that violations of law have occurred should be brought to the attention of OMIG. OIG advises that the initial decision of where to refer a matter to should be made carefully. Once again, counsel should be engaged at the outset.

In an Open Letter to Health Care Providers dated April 15, 2008, OIG stated that the initial submission must contain:

  • a complete description of the conduct being disclosed;
  • a description of the provider's internal investigation or commitment regarding when it will be completed;
  • an estimate of damages to the Federal Health Care Programs and the methodology used to calculate it, or a commitment that the provider will complete the estimate; and
  • a statement of the laws potentially violated by the conduct.


The third agency which the provider should consider in regard to self disclosure is the Medicaid Fraud Control Unit (MFCU). MFCU is a unit within the Office of the New York State Attorney General. MFCU can criminally prosecute a provider as well as seek civil monetary recovery, depending on the circumstances. It can also refer a matter to OMIG for investigation, or recommend that OMIG exclude a provider from the Medicaid Program. MFCU also works together with OIG on investigations.

No official self disclosure guidelines have been issued by MFCU. However, MFCU is generally interested in self disclosures involving possible fraud or criminal activity, as opposed to billing errors and mistakes that do not rise to the level of implicating criminal activity.

The issue of Self Disclosure has become increasingly important recently. Determinations regarding when to self disclose, which agency to self disclose to, and how to self disclose are complex. Any decision on self disclosure should be carefully considered. Hiscock & Barclay's Health Care and Human Services Practice Area has substantial experience in assisting providers with self disclosure, whether it be to OMIG, OIG and/or MFCU. Our attorneys also have extensive experience in defending Medicaid and Medicare provider audits, and investigations.

If a provider has any concern in this arena, you should contact David P. Glasel (212-784-5803) or Melissa M. Zambri (518-429-4229).


Click here to sign up for alerts, blog posts, and firm news.

Featured Media


NYS Department of Health Publishes Amended Proposed Cybersecurity Regulations for Hospitals


FTC Noncompete Rule Survives—For Now


New York Trial Court Finds Uber Is Not Vicariously Liable for Driver's Negligence


ERISA Forfeiture Lawsuits: Navigating the Emerging Legal Landscape


EU Leads the Way on Artificial Intelligence Regulation


End of An Era: SCOTUS Overturns Chevron After 40 Years of Deference to Administrative Agencies

This site uses cookies to give you the best experience possible on our site and in some cases direct advertisements to you based upon your use of our site.

By clicking [I agree], you are agreeing to our use of cookies. For information on what cookies we use and how to manage our use of cookies, please visit our Privacy Statement.

I AgreeOpt-Out