HHS OIG Offers Guidance, Form to Encourage Grantee Self-Disclosure of Possible Wrongdoing

By Theresa Defino

Some parents mete out a weaker punishment when their children admit to misbehaving, as opposed to catching them in the act. So, too, does the federal government—at least it has that option.

Federal law allows the government to collect up to triple damages for amounts of federal dollars considered misspent, but, as an incentive to self-disclose, it can drop that down to one-and-a-half times.

Organizations are required to self-disclose some actual or potential violations of law, such as bribery, but they may choose to report others, including research misconduct. The HHS Office of Inspector General (OIG) would like to encourage both mandatory and voluntary self-disclosures, and has newly released guidance it hopes will help that occur. At the same time, OIG is reminding entities that it has fairly recently gained expanded authority to impose civil monetary penalties (CMPs) when there are false statements or other violations involving federal grants and contracts.

While the 21st Century Cures Act may be best known for calling for the creation of a Research Policy Board (which has yet to be formed), the 2016 law also gave OIG expanded authority under the civil monetary penalty law (CMPL), as OIG senior counsel Geeta Taylor explained to RRC.

Specifically, OIG can now enter into settlements or assess penalties without the involvement of the Department of Justice (DOJ) for actions that do not violate relevant federal criminal law (are not related to fraud, bribery or gratuity violations). “We were taking actions in concert with DOJ and [under] other False Claims Act authority or working with the awarding agency to take appropriate action,” Taylor explained. “This provide[s] us an opportunity to impose penalties on our own.”

Announced July 12, OIG’s new Grant Self-Disclosure Guidance addresses “sanctions for improper conduct related to HHS awards,” stating that, “OIG may sanction anyone that engages in fraud or certain other improper conduct related to HHS grants, contracts, and other agreements.”

Under the Cures Act expansion, CMPs are imposed or agreed to as part of administrative actions OIG may undertake, in contrast to criminal prosecutions and lawsuits stemming from False Claim Act (FCA) violations, which also remain available. (Organizations and individuals can also be banned from participation in federal programs under the FCA.)

Conduct that may now trigger the amended CMPL include:

  • “Knowingly presenting a specified claim under a grant, contract, or other agreement that is false or fraudulent” and

  • “Knowingly making or using any false statement, omission, or misrepresentation of a material fact in any application, proposal, bid, progress report, or other document submitted to HHS in order to receive funds under an HHS grant, contract, or other agreement.”

Perhaps lesser known is an additional circumstance that can also trigger the CMPL: failure to “grant timely access to OIG” when it pursues an audit, investigation or other activity related to violations of grants, contracts or other agreements. (For exact language, see box, p. 9.)

Greg Demske, chief counsel for HHS OIG, recently discussed OIG’s oversight of grant fraud and its role in research compliance at HCCA’s conference in Orlando. He noted that submitting false claims could violate the new CMPL.

Examples of activities considered in the category of submitting false claims, he said, include charging for costs not incurred; charging for unallowable costs; charging personal expenses against a grant; “charging more than one grant for the same work”; and “in some cases, drawing down funds when not in compliance with grant terms.”

In addition, conflicts of interest could trigger the new CMPL, such as engaging in “less-than-arm’s-length transactions,” making improper subawards, or choosing inappropriate consultants, he said.

Mandatory vs. Voluntary Disclosures

Recipients and subrecipients of federal awards are required to disclose certain conduct pursuant to 45 C.F.R. § 75.113 (2018), Taylor explained, namely “violations of certain federal criminal law. We generally refer to those as mandatory disclosures.”

In addition, actions “that don't cleanly fall into that or if entities are unsure if it falls into that category, they can otherwise disclose to us,” Taylor said.

Optional disclosures include “conduct that might violate our civil money penalty law or other conduct that might cause liability under federal law.”

An activity warranting self-disclosure might come to light after an internal audit uncovers potential violations of law, Taylor said.

“The self-disclosure is meant for entities that have identified potential misconduct and would like to come forward with that misconduct and resolve it,” said Taylor.

Incentives to Self-Disclose

As noted earlier, self-disclosure may benefit organizations in the long run. “When you self-report to OIG, we provide a lessened penalty amount…we impose a lower multiplier than in a government-initiated investigation,” she explained.

The multiplier is 1.5 times the questioned amount compared to up to three times. Self-disclosure may be beneficial in another way as well.

“A lot of times in government-initiated actions, we require an integrity obligation, or other administrative action,” said Taylor. “But in a self-disclosure situation, we apply a presumption against those,” meaning they are not mandatory nor standard as part of a settlement.

Taylor added that specific terms are the result of a “case-by-case analysis.”

Corporate integrity agreements (CIA) can be many years long and obligate organizations to certain corrective actions and monitoring activities that can be quite costly over the long term.

Taylor emphasized that it is “OIG’s position that entities that receive HHS funds should be good stewards of those funds,” said Taylor. “Part of that means investigating potential violations, trying to quantify any federal losses that have been suffered, and taking corrective action to prevent that from happening, including reporting to OIG and to the awarding agencies and appropriate authorities. We think that self-disclosure is a part of a good compliance program.”

OIG Saw Gap in Disclosure Info

The new guidance notes that it is encouraging voluntary and mandatory self-disclosure by the award recipient, but also by “any recipient, sub-recipient, applicant, or anyone else who may have criminal, civil, or administrative liability related to any HHS grant, contract, or other agreement.”

OIG’s self-disclosure program is not new; it has a Self-Disclosure Protocol that is routinely used, typically by health care providers, not universities and other recipients of research funds.

Taylor said OIG has “for some time” accepted disclosures from grantees and other entities that receive HHS funds regarding “any improper conduct or suspected improper conduct. But for grantees we didn’t really have any information out there about what to expect in terms of the process or what kinds of information we were looking for.”

In contrast, OIG did provide such information for health care providers and contractors, Taylor said. “What we’re trying to do here is to provide…information and some guidance to those entities” such as universities and other institutions affected by the provisions in the Cures Act.

Taylor said she could not comment on the volume of self-disclosures but said lack of specificity could “perhaps” have prevented or discouraged disclosures, Taylor said. With the guidance, more information and “assurances as to the process” are now available, she said. “For example, we made clear that we do have an email address that you can send information into, in addition to the [physical] address. So, hopefully, having the guidance out here will make it easier for entities who are wanting to disclose to do that.”

As the new guidance and the form OIG posted on its web page make clear, organizations that self-report will need to have completed their own investigations prior to a formal self-disclosure, as detailed information should be provided.

The form that OIG posted to use for reporting is a static PDF that is not fillable. But individuals can download it and use it as a guide to develop their report, Taylor said, providing information that corresponds to the numbers in the form.

Corrective Actions Should Be Listed

When making a self-disclosure of either the mandatory or voluntary type, OIG seeks basic information such as the principal investigator’s name (if applicable), type of award, date and amount of the award.

It also wants to know:

  • “The awarding operating division within HHS, the award program office within HHS, the name, email, and phone number of the grant officer, and whether the relevant HHS program office has been informed of the disclosed conduct.

  • “A full description of the conduct disclosed including, at a minimum, the date the discloser learned of the conduct, the types of conduct, transactions, or claims giving rise to the matter, the time period during which the conduct occurred, and the names of persons believed to be involved, including an explanation of their roles in the matter.

  • “A statement of the Federal criminal, civil, and administrative laws that are potentially violated by the disclosed conduct.

  • “A description of any corrective action or measures taken by the discloser upon discovery of the conduct.

  • “An estimate of the financial impact to the Federal government, and a description of the method for calculating the financial impact.

  • “A list of all Federal agencies from whom the discloser is currently receiving federal awards.”

Recent Case Involved Michigan State

In his presentation, Demske noted that the University of North Texas Health Sciences Center’s $13 million settlement over FCA violations began as a self-disclosure. This case involved “errors” in salaries that the center uncovered in 2015 and reported in 2017 regarding problems that had occurred from 2011 to 2016 (“U. of North Texas Pays $13 Million, Changes Effort Reporting Process After FCA Allegations,” RRC 15, no. 4).

OIG’s web page describes two settlements from this year that began as self-disclosures. Although not stated on the page, both were of the voluntary type, Taylor told RRC.

Of relevance to colleges and universities is the March settlement with Michigan State University (MSU), which self-disclosed to HHS that it had violated the CMPL. MSU agreed to pay $47,580 for using federal funds from a cooperative agreement awarded by the National Institute on Minority Health and Health Disparities “to reimburse a subrecipient who paid the subrecipient’s principal investigator for travel. OIG alleged this conduct violated applicable regulations restricting Federal award recipients from entering into covered transactions with debarred individuals, and the terms and conditions of the NIH award to MSU.”

The other settlement is more recent and also deals with debarment, but involves a federally qualified health center. On June 24, OIG reported that Total Health Care Inc. of Baltimore County, Maryland, agreed to pay $151,280 for employing “an individual that it knew or should have known was excluded from participation in Federal health care programs.”

Whistleblowers Also Encouraged

The self-disclosure program is for individuals who are authorized by their organization to report actual or potential violations, but OIG wants to hear from others as well. For these individuals, OIG provides a hotline and online submission form. Its website warns in large, bold type: “Self-disclosure should not be reported to the OIG Hotline.”

What should be reported: “OIG Hotline Operations accepts tips and complaints from all sources about potential fraud, waste, abuse, and mismanagement in the U.S. Department of Health and Human Services’ programs,” the website states. “Your information will be reviewed by a professional staff member. Due to the high volume of information that we receive, we are unable to reply to submissions except as required by law. However, Hotline tips are incredibly valuable, and we appreciate your efforts to help us stamp out fraud, waste, and abuse.”

Two separate complaint processes are available for whistleblowers depending on whether the person works for HHS, or for an HHS awardee or contractor, or is an applicant seeking an award, or whether the person is “not an HHS employee, contractor or grantee.”

Complaints may be submitted anonymously. “OIG may refer your concern to an Operating Division or Staffing Division for administrative review if deemed appropriate. To do so, OIG needs your permission to use your name and information,” the website states.

The agency adds that it also “accepts and investigates complaints from whistleblowers who are being retaliated against because of it,” and notes that the individual “must have previously reported wrongdoing at HHS, its agencies and some non-federal employers.”

Link to grantee self-disclosure guidance: http://bit.ly/2JIspbP

Link to report fraud: http://bit.ly/2M2yXnr

This publication is only available to subscribers. To view all documents, please log in or purchase access.
Purchase Login

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings