Quick Guide to the OIG Self-Disclosure Protocol

person typing on computer

You found an excluded employee in your organization, now what? Likely, your first thought is a bit of panic and a lot of questions. How long has this person worked for us? How did we miss this? What position did they hold? Did we receive federal funds for the job this person held? What do I do now? If there is any good news in this scenario, perhaps it is that the Office of Inspector General (OIG) has given providers direction on how to prepare for a self-disclosure to the OIG via the OIG’s Provider Self-Disclosure Protocol (SDP) document.

The OIG Self-Disclosure Protocol (SDP) is a sixteen-page document which contains background information and “how to’s” of reporting an exclusion. It contains the following sections:

  1. Background
  2. Eligibility Criteria and Guidance
  3. Submission Content
  4. Resolution

In Section, I B, it discusses four benefits of disclosure. The OIG states that the good faith disclosures and cooperation with the OIG’s review and resolution process are typically indications of a robust and effective compliance program, and therefore deserves some penalty relief.  This relief could include the following:

  • Release of the OIG’s permissive exclusion authority (In all but one settlement the OIG has released the disclosing parties from permissive exclusion without any integrity measures)
  • Reduction in the multiplier from treble damages to a 1.5 multiplier
  • May mitigate potential exposure related to the 60 day overpayment requirement. CMS proposes to suspend the obligation to return overpayments until a settlement agreement is entered into or the provider or supplier withdraws or is removed from the SDP
  • A streamlined process to reduce the settlement process to less than 12 months

So who can use the SDP? The answer is almost anyone in healthcare. It is all “healthcare providers, suppliers, or other individuals or entities who are subject to OIG’s CMP authorities found at 42 C.F.R. Part 1003.”

What Conduct Should be Reported Using the SDP?

In section II B and C, it outlines the conduct that is and is not eligible to be reported via the SDP.  The Self- Disclosure Process should be used if you believe after a reasonable assessment that there is a potential violation of Federal criminal, civil, or administrative law for which a CMP may be authorized. When self-disclosing, you must acknowledge that the conduct is a potential violation and you must identify which law or laws were potentially violated.  

The third section relates to the submission content and is broken into four sections based on the following requirements:

  • All disclosures
  • Conduct involving false billing
  • Conduct involving excluded persons 
  • Conduct involving the anti-kickback statutes and physician self-referral law  

Self-Disclosure Process

For the purpose of this blog, we will focus on the requirements involving excluded persons; these can be found in Section III. To better illustrate the process, let’s walk through a hypothetical scenario.

For example, suppose you find an excluded person, and you have to decide what to do. We will use the SDP for Excluded Persons (Page 9)  as our guide, but there may be some basic pieces of information to gather or steps to take before you can begin drafting your self-disclosure.  

Typically, you would start with suspending the individual pending investigation. At that time, you would likely gather necessary information regarding dates of employment, the position with the company, any changes in job responsibilities over time, salary, cost of benefits, and total hours worked. In addition, you will need to know the payor mix of government reimbursement for the location this person worked. For example, 60% Medicare, 40% Medicaid. This information will be needed later to calculate the estimated damages.  

While you or someone is gathering all of this background information, you will likely conduct an interview with the employee presenting them with the exclusion information you have acquired. In my experience, if you have an exclusion match, the person is typically aware of the situation and will have a story or a reason for not telling you, but in the end, termination will result.  

However, there are times when an employee was excluded and failed to follow-up with the OIG after their 5 year exclusion ended and assumed that they were “off the list” not realizing that it requires action on the part of the excluded person to remove themselves from the OIG LEIE.  Unfortunately, if they are still on the OIG’s excluded list, they are still excluded and cannot work for you. At some point, you may be able to bring them back if they cooperate with the OIG and have their previous exclusion closed, but you will still need to complete your investigation and determine your liability.

Once you have interviewed the person, you will likely have a better understanding whether or not false information was provided, whether you had a system breakdown, or what may have happened that resulted in your hiring of an excluded person. If you still don’t know the cause, you will need to continue to conduct an investigation into your practices and see where there may have been a breakdown or a faulty procedure. Remediate as necessary; updating of procedures and education are typical forms of remediation.

After completing your investigation and pulling together some basic information, let’s look at what the self-disclosure protocol for excluded persons requires:

  1. Identify the excluded individual and the provider identification number
  2. Job duties of the individual
  3. Dates of the individual’s employment or contractual relationship
  4. Description of any background checks completed before and/or during employment/contract
  5. Description of the screening process (including P&Ps) and any flaw or breakdown in the process that led to the hiring of the excluded individual
  6. Description of how the conduct was discovered
  7. Description of any corrective action (including any revised P&P) implemented to prevent the future hiring of excluded individuals

In addition to gathering the information listed above, you also have to screen all current employees and contractors against the OIG’s List of Excluded Individuals and Entities (LEIE) before submitting your information to the OIG.

Calculating Damages

The final step in preparing your self-disclosure information is calculating damages. There are two types of calculations based on whether or not the healthcare program paid directly or indirectly for the services provided by the excluded person. If the excluded person was a direct provider (such as a physician or pharmacist) and the services were billed separately, it is a little easier to calculate the damages. The SDP states that if services were billed – you must include the total amounts claimed and paid by the Federal healthcare program.  

If the services were not billed separately, you must calculate the company’s total costs of employment to estimate damages. Examples include services provided by nurses, respiratory therapists, or administrative personnel. During this stage, you will use some of the information gathered during your investigation. The requirements are as follows:

  • Cost of Employment (salary, benefits and other items of value, health insurance, life insurance, disability insurance, employer paid taxes)
  • Multiply the Cost of Employment by the company’s revenue based Federal healthcare program payor mix

The SDP notes that “general practice” is to require a minimum multiplier of 1.5 times the single damages, although a higher multiplier may be used if appropriate. The minimum settlement amount is $10,000. This amount is consistent with the OIG’s statutory authority to impose a penalty of at least $10,000 for each improper claim submitted.


At this point, you should have a good idea of the impact to your organization for hiring an excluded person and be ready to make decisions regarding next steps. Remember to include in-house or outside counsel throughout your investigation – they are a great resource to lean on.

Monitoring is always a tough process. That’s why our team is dedicated to providing quality automated solutions with exceptional service. Have any questions? Please comment below or don’t hesitate to give us a call to discuss!


Written by Donna Thiel, Director of Compliance Integrity Team

Donna Thiel is the Director of our Compliance Integrity team, a consulting division of ProviderTrust. Donna works with compliance officers across the country to help reduce the stress and anxiety of this very difficult role.
Connect with Donna on LinkedIn

Stay Up-to-Date

Subscribe and get the latest news and advice from industry experts delivered straight to your inbox.

Related Resources

Never miss an update

Get the latest healthcare news, advice from industry experts, and all things related to monitoring solutions delivered straight to your inbox.