On the topic of human ambition, Ecclesiastes 1:9 is credited with the saying: “What has been will be again, what has been done will be done again; there is nothing new under the sun.” This was allegedly said in the mid-10th century B.C.
Healthcare fraud is certainly not new. However creative a fraud scheme may seem, chances are it’s been done. Healthcare fraud is a known high-risk area that affects the healthcare industry, government officials, taxpayers, insurers, premium-payers, and trusting patients who are at significant risk of injury in some fraud schemes. Healthcare attorneys, compliance officers, and operators around the nation have the insurmountable task of spotting what these fraud schemes look like and how they are being carried out so they can create and implement oversight processes to detect and prevent them. Additionally, if left unattended, healthcare fraud can potentially cause a healthcare institution’s financial demise due to the strength of federal laws surrounding this subject and the hefty penalties accompanying them.
Healthcare fraud, like any fraud, demands that false information be represented as truth. An all-too-common healthcare fraud scheme involves perpetrators who exploit patients by entering their medical records’ false diagnoses of medical conditions they do not have or more severe conditions than they actually have. This is done so fraudulent insurance claims can be submitted for payment. Unless and until this discovery is made, these false or inflated diagnoses become part of the patient’s documented medical history.
Upcoding
Probably the most common method of defrauding the government is upcoding. This involves billing for services that were either never rendered or billing for one service when a similar but cheaper service was actually provided. Perpetrators target vulnerable patients, and while in some ways every patient is somewhat vulnerable and could become a victim of fraud, a strong case can be made for psychiatric and mental health patients as being uniquely vulnerable—especially when dealing with Medicare or Medicaid as their health insurance.
Government enforcement authorities are paying extra attention to billing and payments after the passing of The Payment Integrity Information Act of 2019, which requires the Centers for Medicare & Medicaid Services (CMS) to periodically review programs it administers, identify programs that may be susceptible to significant improper payments, estimate the number of improper payments, and report on the incorrect payment estimates.[1]
The Center for Program Integrity (CPI)—CMS’s centralized entity for Medicare and Medicaid program integrity issues—has experienced an increase in its resources over time, and the agency has established work groups and interagency collaborations to extend its capacity. For example, CMS allocated additional staff to CPI after Congress provided additional funding. CPI’s full-time equivalent positions increased from 177 in 2011 to about 492 in 2021. In total, Medicare improper payments were estimated to be $43 billion in fiscal year 2020[2] compared to $57.4 billion for fiscal year 2019.[3]
A highly effective method to combat healthcare fraud is reporting suspicious activity to an insurer or government payer. Patients are notified by their insurers through the explanation of benefits statements about treatments received and instructed to communicate any discrepancies that may arise with them. But what happens when it is not the patient who notices the discrepancies but a current or former healthcare facility employee?
Whistleblowers
The term “whistleblower” refers to anyone who reports evidence or has reasonable suspicion of wrongdoing, including healthcare fraud, criminal activity, risk to patient safety, and/or corruption. Anyone in the healthcare system—including former and current employees—who has evidence of fraud or misconduct can be a whistleblower.
Whistleblowers are protected by the False Claims Act (FCA), the Whistleblower Protection Act, and qui tam (Latin for “in the name of the king”) law. These laws encourage individuals to blow the whistle and provide incentives to do so. Also, these laws have a retaliation action where the whistleblower could be entitled to all relief necessary to be made whole in the event of retaliation.
Under the FCA, qui tam allows whistleblowers with evidence of fraud against federal programs or contracts to sue the wrongdoer on behalf of the United States government. In qui tam actions, the government has the right to intervene and join the action. If the government declines, the private plaintiff may proceed on their own.
The FCA establishes liability for any person who knowingly submits a false claim to the government, causes another to submit a false claim to the government, or knowingly makes a false record or statement to get a false claim paid by the government. Currently, FCA penalties range from $12,537 to $25,076 plus three times the dollar amount the government is defrauded for each false claim. A qui tam plaintiff can receive between 15% and 30% the total recovery from the defendant—whether through a favorable judgment or settlement.
An effective compliance program has active policies and standard operating procedures for responding to internal whistleblowers. It also has a no-retaliation policy that prohibits the organization from taking adverse actions, such as demotion, termination, or creating a hostile work environment against employees who report wrongdoing. If your organization receives a whistleblower complaint, prepare a thorough, comprehensive plan for an internal investigation and consider using outside counsel. The scope of the inquiry will need to be determined, followed by considerations for the severity of the allegations, the financial cost, and the required resources.
The hotline: A short story
An employee logs a complaint into a hospital’s hotline. The caller advises of suspicious activity related to a psychiatrist billing for multiple services not performed in the hospital’s inpatient mental health facilities. The doctor allegedly admitted patients who did not meet the appropriate admissions criteria to “fill beds.” The doctor was also mandating staff to increase the number of days for each patient with federal benefits available regardless of medical necessity. The employee has firsthand knowledge of the potential fraud and wants to alert the institution. The compliance department launched a two-week investigation which concluded with some version of the following: pursuant to the investigation performed on such and such date, and the concerns raised in the complaint, we reviewed X number of cases and interviewed staff and were not able to substantiate any pattern of impropriety for that particular physician reviewed. Therefore, we conclude that the complaint is unsubstantiated.
The compliance officer’s investigation was cut short when an executive advised not to ruffle too many feathers because the doctor in question is one of the hospital’s top income generators. The relator’s supervisor was interviewed, and five cases were reviewed before closing the complaint. By closing the investigation rapidly, the compliance officer missed corroborating vital information from the relator and/or other staff. The investigation lacked structure, and the compliance officer did very little to verify the issues. At the very least, an audit of the doctor’s patients from the last six to 12 months should have been conducted and reviewed through a case management and utilization lens.
After receiving notice of closure to the complaint, the relator brings the issue to an attorney friend who works at the U.S. Department of Health & Human Services Office of the Inspector General (OIG). The relator shares the hospital’s closure and response to the original complaint. The attorney advises on a potential qui tam action and a possible violation of the FCA. The attorney explains the protections provided to whistleblowers under the FCA and the confidentiality of the process. The relator decides to move forward. The OIG investigates the case over an eight-month period and refers the case to the U.S. Department of Justice on the merits of “reasonable grounds to believe that a violation of Federal Law has occurred.” When the dust settles, it is discovered that “Defendants were engaged in a continuous cycle of fraudulent conduct aimed at maximizing the financial return from these mental health patients by employing unscrupulous psychiatrists to admit patients into the defendant facilities who are not otherwise qualified for admission and, once admitted, to maximize the patient’s length of stay regardless of medical need. In exchange, the doctors are rewarded with paid medical directorships at the defendant facilities. In addition, these doctors are further rewarded because the patient is then ‘steered’ to that doctor for treatments. These doctors then engage in systematic phantom visits and false billing with these patients.” As such, the court awarded three times the amount of actual damages, civil penalties for each claim, reimbursements, and restitution.
In the fictional example above, we could be describing a small unit inpatient mental health facility with 20 beds or a larger facility with 1,000 beds; it makes no difference. It only takes one person to bring forward a false claim lawsuit that can potentially cause great damage to a healthcare institution.
Developing effective lines of communication is one of the fundamental elements of an effective compliance program, according to the OIG.[4] A compliance hotline offers employees a secure, trustworthy channel through which they can report potential compliance concerns directly to the organization. Employees and workforce members are also more likely to report possible or actual compliance violations if they know that the hotline is anonymous and confidential.
However, suppose complaints are not investigated properly. In that case, employees could inquire about legal remedies and become whistleblowers, or they can go to the press—which will undoubtedly result in a financial and reputational hit. Having a hotline is not enough to ensure its effectiveness. The way we handle the investigations will prove to be key.
Conclusion
When working through a complaint, it behooves us to have a robust policy on compliance investigations. For instance, if we have a defined process for investigating thoroughly and addressing each issue with sufficient evidence to decide, all our investigations should be conducted with the same standard.
The compliance community in this healthcare space is tasked with guidance, first to ensure our entities remain compliant with laws and regulations and second to advise on business decisions that have the potential for misconduct. That is why our investigative efforts are of the utmost importance. We should treat each internal investigation with the same level of urgency and document, as much as possible, the allegations. This will be a major factor in minimizing any qui tam exposure.
Takeaways
-
Psychiatric and mental health patients are uniquely vulnerable to healthcare fraud. Criminal referrals, lack of medical necessity, and improper length of stay are common findings in qui tam cases.
-
Centers for Medicare & Medicaid Services has allocated additional staff to The Center for Program Integrity—which increased from 177 in 2011 to 492 in 2021.
-
Healthcare providers should be mindful of all the laws and regulations that govern the business and divert an appropriate amount of time and energy in the company’s surveillance of them to ensure compliance.
-
Having a hotline is not enough to ensure its effectiveness. Interview, document, audit, uncover, and understand the allegations and communicate with the relator.
-
Compliance officers should take every complaint seriously and investigate appropriately since every employee—or former employee—has the potential to become a whistleblower.