United States: What OIG Self-Disclosure Guidance Means For HHS Grantees

Federal research awardees — universities, academic medical centers, companies and others — and their subawardees face significant regulatory oversight aimed to ensure that taxpayer dollars are expended consistent with law and for the purposes for which they are given.

In 2016, as part of the 21st Century Cures Act, and parallel with increasing the extramural budget of the  National Institutes of Health, Congress expanded the penalties for grant and contract fraud through additions to the Civil Monetary Penalties Law. Specifically, it authorized the Office of Inspector General of the  U.S. Department of Health and Human Services to impose civil monetary penalties and exclusion for false or fraudulent conduct in connection with applications and funded awards.

In June, the OIG issued guidance on mandatory and voluntary self-disclosure actions, the HHS OIG Grantee Self-Disclosure Program, that grant recipients need to understand in order to take corrective action and reduce their liability risks as the OIG's enforcement calendar remains aggressive.

Awardees and sub-awardees must self-disclose to the OIG, and separately to the HHS funding component, conduct involving certain criminal offenses. Reporting is required for violations or potential violations of criminal laws relating to fraud, bribery or gratuity violations. HHS grant regulations at 45 CFR 75.113 identify the specific offenses for which disclosure is mandated. The grantee self-disclosure guidance, as described below, provides a framework and key details about what needs to be included in a self-disclosure report.

By contrast, voluntarily disclosure to the OIG is available, and encouraged, for activities giving rise to potential civil liability. Under the CMP Law, at 42 U.S.C. §§ 1320a‐7a(o)(1)‐(5), the OIG may impose civil monetary penalties, assessments, and exclusion from receipt of federal funds or participation in federal health care programs for a number of actions, including false or fraudulent claims, as well as making or causing to be made false statements, omissions or misrepresentations of material facts, in connection with applications and funded awards.

Awardees may voluntarily report violations or potential violations of the CMP law and any other conduct that may violate civil or administrative law that is not included within the scope of offenses listed at 45 CFR 75.113. As with other long-standing the OIG voluntary disclosure programs, such as health care providers' self disclosure for possible Medicare billing violations, voluntary disclosure for research awardees offers the prospect of direct benefit to the discloser but also may invite more government scrutiny and oversight.

The OIG sanctions can be high and the possibility of reduced penalties offers a significant incentive for disclosure. Fines under the law can include penalties in the amount of $0 to $10,000 or $50,000 per individual offense or $10,000 for each day certain offenses are concealed, depending on the circumstances, and additional damages of up to three times the government's actual losses for some claims. The OIG may also exercise its administrative federal health care program exclusion authority, which is often the more significant threat to awardees' operations. For a university, academic medical center or investigator, the prospect of exclusion from receiving federal awards, even if temporary, can be devastating.

Voluntary disclosure offers the possibility of mitigating and minimizing these risks. It can yield lower monetary penalties, often half or two-thirds of the treble damages the OIG is authorized to seek. Benefits also include a presumption against an integrity agreement (and its often increased compliance, auditing and disclosure duties) in exchange for the OIG's releasing its exclusion authority; and the prospect of support to reach a global settlement of any related claims with the  U.S. Department of Justice and the HHS funder, e.g., for potential False Claims Act and/or criminal claims.

As an added incentive, voluntary disclosers may be better positioned to manage the process and narrative as regards any particular conduct concerns rather than entirely responding to claims made first by whistleblowers or government investigators. Additionally, self-disclosure and a negotiated settlement may help to raise the profile of certain issues across an institution and, thereby, reduce the probability of more significant, future errors or misconduct.

Voluntary disclosure also carries risks. For example, following disclosure the government may ask for additional investigation, including expansion to other awards involving the same personnel or research team members, as well as deeper investigation into the individuals involved in the reported conduct. The OIG will want to know details about the process and scope of review undertaken to identify the reportable conduct and what corrective actions have been planned, undertaken and completed. After disclosure, the OIG typically will seek to resolve most cases through a negotiated settlement with the discloser. Success will depend upon the severity and scope of misconduct at issue, as well as the adequacy of the review and corrective action plan.

Before making a disclosure, and after a reportable event is identified, the institution is expected to investigate and assess potential government losses, undertake corrective action and prepare a written report in accord with the requirements the OIG has set forth in the grantee self-disclosure guidance and the checklist the OIG provides with it. For example, disclosures should include:

• Descriptions of the recipient and the disclosing party, the award or awards at issue, the funding agency or agencies, including whether disclosure has been or will be made to them and names of grant officers, and the funds involved, including costs to the government and methodology for determining them.

• A description of the conduct at issue and corrective actions taken, with specifics relating to who, what, when and where, as well as the criminal, civil or administrative laws potentially violated. This should include any known investigations or inquiries into the matter from other federal, state or local government agencies, with contact information for those agencies where applicable.

• A list of all federal agencies providing any support to the discloser.

• The name of an individual authorized to enter into a settlement agreement on behalf of the discloser and a certification by the discloser, or their authorized representative that the disclosure "contains truthful information and is based on a good faith effort to bring the matter" to the OIG.

A self-disclosure report needs to identify the legal obligation and potential violation or violations giving rise to the report. Additionally, in preparing an investigation plan of possible misconduct and reportable events, as well as subsequent corrective actions, awardees need to be complete and anticipate the questions the OIG may have in its effort to assure that the covered conduct has been thoroughly investigated and remediated. Disclosers must be willing to cooperate with the OIG as the review process unfolds. While there may be some room to negotiate, awardees and sub-awardees preparing disclosures must be able to demonstrate their commitment to compliance as well as the objectivity and thoroughness of their review.

With research grant issues being a relatively new category of compliance concerns for the OIG to address through its CMP arsenal, it is too soon to assess how effective and useful the self-disclosure program will be. At present, the OIG's grantee self-disclosure website lists only three grantee self-disclosure settlements, beginning in December 2018 and most recently in June 2019.¹ Two of these cases involve relationships with excluded or debarred individual, including one for penalties of less than $50,000 to a university in connection with an NIH award. The third involves penalties of less than $5000 for drawing down funds for mileage reimbursement in conflict with the grant terms and conditions.

While these cases are too few to draw a clear picture of how the OIG will enforce its CMP authorities for research grants, the OIG's FY2020 congressional justification for funding once again includes grant and contract programs among its "key oversight" areas for the coming year. It describes the OIG's plans to undertake enforcement actions that will "include growing its grants and contracts CMP program," which, in turn, will be based at least in part on expanded data analytics tools to detect oversight problems.²

The OIG's emphasis on data tools, as well as the preponderance of known cases involving debarred or excluded individuals, highlights that awardees' risks for grant fraud and misconduct may sometimes be "hiding in plain sight." This means that awardee institutions need to continue to monitor the field for best practices and, upon identification of a possibly reportable event or events, evaluate voluntary self-disclosure as an opportunity to manage and mitigate risk.

As federal research funding increases in 2020, with the NIH expected to receive again significant extramural award monies, attention on these issues is not likely to recede. Voluntary self-disclosure remains both a legal and a business decision that needs to be weighed carefully in light of both the underlying legal obligation, as well as the risks and benefits it presents for the institution.

Footnote

See grantee self-disclosure settlements, https://the OIG.hhs.gov/fraud/enforcement/cmp/grantee.asp.

See https://the OIG.hhs.gov/reports-and-publications/archives/budget/files/2020budget.pdf

This article by counsel Valerie Bonham and partners Kirsten Mayer and Mark Barnes was published by Law360 on August 8, 2019. 

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.