Although many enforcement targets will be familiar in 2022, with whistleblowers and the Department of Justice (DOJ) pursuing kickbacks, medical necessity cases, Medicare Advantage fraud and other violations, there will be another dimension, lawyers said. The use of COVID-19 relief funds will be part and parcel of many false claims investigations into other matters, and DOJ again is putting the spotlight on the people who pull the strings in a corporate fraud case.
“It is a more comprehensive approach rather than just paying money, settling and being done with it,” said Colette Matzzie, an attorney with Phillips & Cohen, a whistleblower firm in Washington, D.C. “It is requiring a greater level of corporate accountability and, at times, changes in corporate governance.” COVID-19 relief fraud, including abuse of the Provider Relief Fund and Paycheck Protection Program, is not just a target of the DOJ in and of itself. “It is an overlay on everything,” Matzzie said. “DOJ will look for misuse of COVID funds as an additional area of investigation on a case that might have originated based on different allegations.”
The COVID-19 waivers also are seen as ripe for False Claims Act (FCA) cases if they have been misused. “We will start to see fallout from things that happened during the public health emergency,” said attorney Judy Waltz, with Foley & Lardner LLP. She doesn’t expect DOJ to be forgiving of big mistakes because the pandemic is not breaking news anymore. As the cliché goes, it’s the new normal.
‘I Expect to See Real Momentum’
As the Biden administration enters its second year, “I expect to see real momentum in the priorities they have set forth,” said former U.S. Attorney Matthew Krueger, with Foley & Lardner LLP. “We have heard a pretty consistent message from DOJ” and the HHS Office of Inspector General (OIG). They’re focusing on fraud in telehealth, Medicare Advantage, prescription drugs, the Anti-Kickback Statute, COVID relief funds, cybersecurity, data privacy and electronic health records.
There’s also tremendous attention being paid to opioids and their interplay with the other targets. “Addressing the knowing decisions that led to the opioid epidemic is a very significant priority for enforcement for DOJ, HHS and other agencies,” Matzzie said. “Accordingly, when evidence of overutilization or abuse arises, whether with a pharmaceutical company, a Medicare Part C or D plan, a pharmacy, a skilled nursing facility, an addiction treatment or pain clinic, or with an individual provider, that case will receive significant investigation and likely be a priority.” It may lead to coordination with other agencies, such as the Drug Enforcement Administration, to remedy the underlying conduct (e.g., whether there were violations of the Controlled Substances Act), she noted.
Deputy Attorney General Lisa Monaco has been laying the groundwork for a more vigorous crusade against white-collar crime. In an October memo, she reinstated the 2015 Yates memo, also known as the Individual Accountability Policy, which had been scaled back by the Trump administration.[1] The Monaco memo requires corporations to disclose all “relevant facts about the individuals involved in corporate misconduct” if they want cooperation credit from DOJ when resolving fraud and other white-collar crime cases. Krueger believes that this and other policies announced by Monaco signal there will be “a more structured and skeptical review of corporate compliance programs and cooperation before DOJ is willing to give credit to corporations. It will be all the more important when engaged with DOJ or OIG to be able to tell the story of all the efforts the company is making, and especially to show the integrity of internal investigations.” If organizations want to earn cooperation credit, they need to inspire DOJ’s confidence that they’re disclosing all relevant facts about the misconduct and naming everyone who is potentially culpable, Krueger said. The misery of COVID-19, even with the Omicron setback, won’t be an excuse. “I don’t think there will be sympathy from OIG and DOJ on under-investments in compliance,” he noted.
Withdrawal of Brand Memo, GGP Will Play Out
The impact of two other policy moves will be felt this year. Attorney General Merrick Garland rescinded the 2018 Brand memo, which stated that “the Department should not treat a party’s noncompliance with an agency guidance document as presumptively or conclusively establishing that the party violated the applicable statute or regulation.”[2] In a new memo, Garland gave prosecutors the green light to incorporate subregulatory guidance, such as Medicare manuals, into their enforcement actions (e.g., FCA lawsuits), although he reiterated that guidance doesn’t have the force of law, and “enforcement actions must be based on the failure to comply with a binding obligation, such as one imposed by the Constitution, a statute, a legislative rule, or a contract.”[3] In a conceptually similar move, the Biden administration proposed to withdraw the Good Guidance Practices (GGP) and enforcement regulations, which were published in the waning days of the Trump administration.[4] They required HHS to put “significant” guidance through notice and comment rulemaking and limited the use of subregulatory guidance in administrative enforcement actions. “2022 will give us a clue as to how subtle or significant a change in how false claims and overpayments are pursued” without the Brand memo and GGP rules, said attorney Dan Hettich, with King & Spalding.
Look for Antitrust Violations as an FCA Predicate
It may take time for DOJ’s plans to fall into place because nominees for some of the top spots haven’t been confirmed or people haven’t been nominated, said Pam Johnston, with Foley & Lardner LLP. Action can be found, however, where there are confirmed appointments. For example, the antitrust division, which is led by Assistant Attorney General Jonathan Kanter, “is on a tear. They are looking at health care. It’s a little bit counter to what CMS wants to see in the health care world. They want cooperation and continuity of care.” One focus of the antitrust division is no-poach agreements (i.e., companies illegally promise not to recruit each other’s employees), but Johnston cautioned that “it’s just the tip of the iceberg.” And surprise: “we will see DOJ leveraging antitrust violations as the basis for FCA violations,” said attorney Brenna Jenny, with Sidley Austin LLP. There’s precedent for this; DOJ has settled false claims cases with pharmaceutical manufacturers for price fixing. For example, in October, Taro Pharmaceuticals USA Inc., Sandoz Inc. and Apotex Corporation agreed to pay $447 million to settle false claims allegations “arising from conspiracies to fix the price of various generic drugs,” according to DOJ.[5]
Jenny sees no reason why DOJ wouldn’t pursue other antitrust violations as a predicate for False Claims Act violations. In the same vein, OIG explained concerns about competition and fraud and abuse in a recent unfavorable advisory opinion (21-18). “This highlights the fact that the government increasingly is perceiving competition as linked with fraud and abuse concerns,” Jenny said. “As providers explore joint ventures and other arrangements with competitive concerns, they should also keep in mind False Claims Act risks.”
Although the pandemic affected enforcement, when, for example, witnesses couldn’t be interviewed in person, the volume of false claims cases has increased, said attorney Gabriel Imperato, with Nelson Mullins Broad and Cassel. He has heard as many as 900 new cases were filed in 2021, up from the usual 650 to 700 cases a year. “These cases may not have been worked as quickly, but they’re definitely queued in the inventory,” Imperato said. Kickbacks and medical necessity are still the highest risk areas, with telemedicine and COVID-19-related fraud the variations to watch.
More Federal Money for OCR Enforcement
That ties into DOJ’s continued focus on electronic health records (EHRs). The first generation of FCA cases against certain EHR vendors alleged their software didn’t qualify for the Medicare EHR incentive payment program and therefore caused their hospital clients to collect millions of dollars improperly, and “the government is keenly aware there are kickback schemes within the industry,” Matzzie said. The vendors aren’t always the only ones on the hook. Coffey Health System, a critical access hospital in Burlington, Kansas, agreed to pay $250,000 in 2019 to settle false claims allegations “that it falsely attested that it conducted and/or reviewed security risk analyses in accordance with requirements under a federal incentive program for the reporting periods of 2012 and 2013.”[6] That’s how DOJ made the connection between the FCA and cybersecurity, Matzzie said. DOJ in October pledged to use the FCA against government contractors and grant recipients for cybersecurity-related fraud.[7] They won’t be easy cases to make, however, Matzzie said. “It can’t just be that you’re a victim. It has to be that you knowingly left your institution vulnerable.”
Cybersecurity and HIPAA also are enforcement targets for 2022, although how this plays out will depend on the funding, said former federal prosecutor Robert Trusiak, an attorney in Buffalo, New York. “A new administration always trots out its department heads or deputy department heads to publicize enforcement focus. Whether these prognostications are hot air or genuine areas of focus comes down to one thing: money for enforcement. HHS has funded cyber enforcement, which equates to increased cyber focus in the health care arena. This challenge is monetized in the 2022 initial HHS budget.” Among other things, the budget asks for $111 million for cybersecurity, an increase of $53 million from 2021, and $19 million for the HHS Office for Civil Rights (OCR) civil monetary penalty enforcement (bringing OCR’s total budget to $67 million). HHS also would add 39 employees to OCR. “The increased personnel equate to increased enforcement,” Trusiak observed.
Staying Current With PRF Deadlines, FAQs
Because pandemic-related fraud is a top DOJ enforcement priority, hospitals and other providers should stay current with the reporting deadlines and other requirements of the Provider Relief Fund, said attorney Ahsin Azim, with King & Spalding (see Dec. 9 updated FAQs).[8] The Health Resources and Services Administration recently announced a reconsideration process for phase 4 of the Provider Relief Fund/American Rescue Plan, which starts Feb. 1, Azim said. It’s for providers who think their Provider Relief Fund/American Rescue Plan amount was incorrectly calculated, as explained in another set of FAQs.[9]
Also stemming from the pandemic, telehealth is an enforcement draw. “It’s almost a perfect storm,” with providers struggling to keep pace with the dizzying expansion of telehealth in the past 18 months, its requirements for use and monitoring, and the government’s scrutiny because of telehealth’s perceived vulnerability to fraud, Hettich said. Medicare watchdogs will move beyond the big telemedicine cases—where criminal networks abuse Medicare provider numbers to order items like medically unnecessary durable medical equipment—to more universal risk areas, such as evaluation and management upcoding (e.g., audio-only telehealth billed as higher-paying audiovisual telehealth), Jenny predicted.
Sanctions for Corruption Will Rise
Managed care will continue to have a DOJ bullseye on its back. “We’re at the beginning of this trend, but if you’re a provider in the Medicare managed care system or an IPA [independent physician association] or a health plan, you need to up your compliance because they’re taking a broader look at this segment,” Johnston said. For example, Sutter Health in California and several affiliated entities agreed to pay $90 million to settle false claims allegations “by knowingly submitting inaccurate information about the health status of beneficiaries enrolled in Medicare Advantage Plans.”[10] The cases are expected to evolve. Insurers are now more involved with care being provided, Matzzie noted. “They are purchasing health systems and creating vertically integrated care, including hospitals and home health,” she said. “There are incentives for the plans to cheat both on the risk adjustment side, where we saw continued interventions and settlements this year, and the payment side, which considers outcomes in calculating HEDIS scores.”
Enforcement of the Foreign Corrupt Practices Act will be aggressive this year, and sanctions for violating it will rise, said attorney Jon Drimmer, with Paul Hastings in Washington, D.C. “There will be greater international enforcement generally,” he said, of human rights violations and environmental, social and governance factors, for example. “Health care companies with overseas activities, whether through subsidiaries, sourcing or otherwise, need to be mindful of these risks, as they can create legal, operational and reputational challenges,” Drimmer said.
The Biden administration also has pledged to push the fight against corruption, and although it’s coming from the state department, for the first time, Foreign Corrupt Practices Act enforcers will be able to tap into national security resources, Johnston said. “This is a big deal because there’s a tremendous amount of resources behind the national security barrier.”
Contact Matzzie at cmatzzie@phillipsandcohen.com, Trusiak at robert@trusiaklaw.com, Johnston at pjohnston@foley.com, Krueger at mkrueger@foley.com, Azim at aazim@kslaw.com, Waltz at jwaltz@foley.com, Jenny at bjenny@sidley.com, Imperato at gabriel.imperato@nelsonmullins.com, Drimmer at jondrimmer@paulhastings.com and Hettich at dhettich@kslaw.com.