On December 21, 2018, the Department of Justice (“DOJ”) announced in a press release the recoveries obtained in settlements and judgments from civil matters involving fraud and those brought under the False Claims Act (“FCA”) for the fiscal year (“FY”) ending September 30, 2018. While total recoveries were $2.88 billion—the ninth consecutive year exceeding $2 billion—this was down almost $600 million from FY 2017, the lowest level since 2009 and the second year in a row that total recoveries fell.

However, and of particular note to those involved in the healthcare and life sciences industries, over $2.5 billion—$329 million more than in FY 2017, and almost 88 percent of all recoveries—were generated from healthcare-related matters. Notably, recoveries in such cases brought by the DOJ directly rose to $568 million, the second-highest level since 1987. And, while more than 50 percent of the recoveries are identified as attributable to a finite number of matters, pharmaceutical and medical device companies, managed care providers, hospitals, pharmacies, hospice organizations, laboratories, and physicians all continued to be enforcement targets.

Qui Tam Cases: A Concentration on Healthcare

The statistics also reflect that cases filed by qui tam relators are a principal driver of DOJ’s FCA enforcement efforts. While the number of qui tam cases filed dropped in FY 2018, 645 matters were brought last year, representing almost 85 percent of all new matters. Relative to the healthcare industry, 446 new qui tam cases were brought in FY 2018, a drop from FY 2017 but the fifth highest number since 1987. About 88 percent of all new FCA matters pursued against entities involved in the healthcare industry were brought by relators.

The greatest risk to entities continues to be qui tam matters in which the United States elects to intervene. More than 90 percent of all dollars recovered from qui tam cases in FY 2018 were from cases in which the government elected to intervene. However, relators continue to pursue matters post-declination. In FY 2018, almost $120 million was recovered from such matters; while a sharp decline from the $445 million collected in FY 2017, almost 70 percent of all recoveries in cases pursued post-declination were from the healthcare industry.

Although plainly not a record year, expect that these statistics will still serve to encourage new filings. In FY 2018, more than $300 million was paid out in relators’ share awards; more than $266 million of which came from matters involving the healthcare industry. While these were the lowest levels since 2009, since 1988 relators have been paid over $5 billion for matters brought involving the healthcare industry alone (total payments, all industries, exceed $7 billion). The potential for a major reward—as supported by these numbers—clearly continues to drive the filing of new cases.

Individuals in Focus

DOJ’s announcement also emphasized its effort in holding individuals accountable. The press release lists multiple examples of individual enforcement, whether pursued through joint and several liability along with corporate defendants, or otherwise. Significantly, multimillion-dollar recoveries were generated this year from individuals involved in the healthcare industry.

Recent announcements from the DOJ reflecting revisions to the “Yates Memo” suggest that senior corporate management, as well as members of boards of directors, continue to face enforcement risk.

*************

While overall recoveries dropped, the dollars generated from enforcement in the healthcare space grew and remain staggering. The statistics will only serve to encourage the government and qui tam relators to continue to pursue corporations and individuals involved in the healthcare and life sciences industries. They are also a strong reminder of the importance of the development and maintenance of programs designed to deter improper conduct and promote compliance across all organizational levels.

 

The Federal Trade Commission’s (“FTC”) recently submitted Congressional Budget Justification and Annual Performance Plan and Report contains helpful insight into the FTC’s focus and expectations for the coming fiscal year.  Of particular note, is a slight shift of funds from activities designed to “protect consumers” to activities intended to “promote competition.”  High on the FTC’s list of actions designed to promote competition is continued scrutiny of the health care industry.  And to that end, the FTC reiterated its intention to, among other things:

Take action against anticompetitive agreements among health care providers and to challenge anticompetitive mergers of hospitals, medical device manufacturers, pharmaceutical companies, and other health care providers that contribute to the rising cost of health care. The FTC will also continue to advance its health care enforcement program by challenging anticompetitive conduct in the pharmaceutical industry that delays the introduction of generic drugs and costs consumers and governments enormous sums of money each year. The agency also will continue its vigorous advocacy for health care competition by advising local, state, and federal entities, upon request, on the competitive implications of pending government actions.

In order to accomplish its goals, the FTC has proposed a budget for its Fiscal Year 2018 of $306,317,000, which is on par with its current annual budget.  The amount requested would be offset by filing fees submitted pursuant to the Hart-Scott-Rodino Antitrust Improvements Act (“HSR”) by parties to transactions (mergers, joint ventures, etc.) meeting the HSR filing thresholds.  Filing fees are split with the Department of Justice, and the budget justification notably projects a reduction in anticipated filings resulting in a drop of approximately $15 million in expected fees.

The FTC’s budget justification also forecasts a slight drop in staff from 1,161 to 1,140 FTEs.  However, this reduction is not a consequence of diminished enforcement expectations but rather the effect of balancing out staff raises from the prior year with an effort to meet the President’s current budget request.  The reduction in staffing levels is expected to be accomplished through attrition and an adjusted hiring strategy rather than personnel layoffs.  Significantly, staffing levels for activities designed to promote competition are only nominally affected, and the FTC has actually asked for an increase in funding (approximately $1 million) associated with competition promoting activities.

Metrics from the prior year are also worth noting.  In particular, the FTC brought 29 enforcement actions in fiscal year 2016 of which 22 were merger related.  The FTC identifies mergers that raise potential antitrust concerns through the HSR filing process, as well as through “consumer and competitor complaints, referrals from other government agencies, and trade press.”  The FTC estimates that it saved consumers over $2.1 billion dollars in fiscal year 2016 as a result of its merger enforcement activities.

Overall, the FTC returned approximately $50.3 million dollars to consumers, and $7.3 million to the U.S. Treasury as a result of its enforcement actions in fiscal year 2016.  In addition, the FTC made a number of criminal referrals to the Department of Justice, resulting in 56 separate actions brought from FTC related matters.

The U.S. Department of Health and Human Services, Office of Inspector General (“OIG”), has made pursuing fraud in the personal care services (“PCS”) sector a top priority, including making it a focus of their FY2017 workplan.

Last week, OIG released a report, Medicaid Fraud Control Units Fiscal Year 2016 Annual Report,  which set forth the number and type of investigations and prosecutions conducted nationwide by the Medicaid Fraud Control Units (“MFCUs”) during FY 2016.  Overall, the MFCUs reported 1,564 convictions, over one-third of which involved PCS attendants; fraud cases accounted for 74 percent of the 1,564 convictions.[1]

Looking at data released by HHS, PCS was the largest category of convictions reported in FY 2016. Thirty-five percent (552 of 1,564) of the reported convictions were of PCS attendants, representatives of PCS agencies, or other home care aides. Of these 552 reported convictions, 500 involved provider fraud and 52 involved patient abuse or neglect.[2] Of the reported fraud convictions, PCS attendants accounted for the greatest number of fraud convictions (464 of 1,160).[3]

The emphasis on PCS is likely to not only continue, but increase in 2017.  Notably, recent high-profile investigations and prosecutions this year include the following cases:

  • Six Missouri home health and personal care aides and patients were charged on April 4, 2017, with making false statements to Medicaid. The aides and patients allegedly falsified documentation that claimed the aides were providing services to the patients at particular times when, in fact, no such services occurred. According to the indictments in the case, one defendant patient was vacationing in New Orleans and on a cruise during the times she supposedly received services. One aide was found gambling at a casino during the same time period she claimed to be providing services. The investigation was led by the Kansas City, Missouri office of the OIG and the MFCU of the Missouri Attorney General’s Office.
  • On March 30, 2017, Godwin Oriakhi, the owner and operator of five Texas-based home health agencies pleaded guilty to conspiring to defraud Medicare and Texas Medicaid programs. Oriakhi, along with his co-conspirators, pleaded to defrauding the state and federal governments of over $17 million, the largest home services-based (including both home health services and PCS) fraud in Texas history. Oriakhi admitted that he and several co-conspirators, including his daughter, paid illegal kickbacks to physicians and patient recruiters in exchange for patient referrals. The defendants also paid patients to receive services from Oriakhi’s agencies and in exchange for the use of the patients’ Medicare and Medicaid identification numbers to bill for home health and PCS services.

Given that HHS is securing large monetary recoveries in this space, there is clearly an incentive for HHS to focus on the PCS sector. Indeed, the recent HHS report notes that MFCUs recovered an average of over $7 for every dollar spent towards investigation and prosecution of healthcare fraud cases, including PCS cases, in FY2016.

EBG has been watching this trend and will update this blog with the status of OIG’s and DOJ’s continued focus on home health and PCS prosecutions. For more information on OIG’s investigations into PCS aides, please see our Law360 article “HHS Has Its Eye on Medicaid Personal Care Service.”

Endnotes:

[1] https://oig.hhs.gov/oei/reports/oei-09-17-00210.asp (hereinafter “Report”)

[2] Report at 6.

[3] Report at 7.

The federal government continues to secure significant recoveries through settlements and court awards related to its enforcement of the False Claims Act (FCA), particularly resulting from actions brought by qui tam relators. In fiscal year (FY) 2016, the federal government reported that it recovered $2.5 billion from the health care industry. Of that $2.5 billion, $1.2 billion was recovered from the drug and medical device industry.  Another $360 million was recovered from hospitals and outpatient clinics.

Government Intervention Drives Recoveries

The FY 2016 FCA statistics reflect that more than 97% of the recoveries from qui tam cases resulted from matters in which the government elected to intervene and pursue directly. Government intervention remains a real danger to health care entities.

However, more than 80% of new FCA matters were filed by qui tam relators; relator share awards reached almost $520 million in FY 2016. The financial incentives to pursue these matters are significant and well recognized; last year, the number of new qui tam FCA cases was the second highest since 1987.

Enforcement Climate Became Worse for Individuals in FY 2016—and Will Likely Continue

The government’s focus on individual liability, as reflected in the “Yates Memo,” is expected to continue. This focus on individual accountability has recently resulted in substantial FCA recoveries from physicians, a former hospital CEO, a nursing home CFO, and even the Chair of a board of directors.[1]  On the administrative side, such focus has resulted in the 20-year exclusion of a physician specializing in urogynecology whom the government alleged billed for services not performed or not medically necessary. Indeed, this focus continues: just last week, the government filed a FCA complaint against a mental health and substance abuse clinic and its owner in his individual capacity.

Regulatory Changes in 2016 Created More Financial Exposure

The monetary exposure faced by health care industry participants under the FCA is increasing. In June, the Department of Justice released an interim final rule increasing the minimum per-claim penalty under Section 3729(a)(1) of the FCA from $5,500 to $10,781 and increasing the maximum per-claim penalty from $11,000 to $21,563.

The Government’s Use of Technology

The use of technology has markedly enhanced the government’s recovery efforts. Federal and state governments, along with some commercial insurers, are investing in the use of predictive analytics that can analyze large volumes of health care data to identify fraud, waste, and abuse. Notably, the government reportedly enjoyed an $11.60 return for each dollar it spent on its investment in these technologies in 2015.  The use of such technology is expected to continue under the new administration.

The Risk of Enforcement Is Real

The FY 2016 FCA statistics reflect the government’s belief that devoting time and resources to FCA cases makes “good business sense.” This realization is very unlikely to change. Health care entities—as well as individuals—must be alert to potential violations and have strong compliance functions to deal with compliance-related matters in a way that prevents claims and litigation.

Enforcement in a Trump Administration and Opportunities to Reshape the Landscape

Enthusiasm for efforts to curb fraud, waste, and abuse is bipartisan. As a result, government enforcement is likely to stay on its present course with the incoming administration, in good part due to the high return on investment in government fraud investigations and no public policy outcry to reduce such enforcement efforts.

While the growth of the federal government’s investment in enforcement efforts might slow due to both the anticipated federal worker hiring freeze and President-elect Trump’s pledge to reduce regulations, health care entities should not ignore the real risk that they face in this area.

A new administration, however, may bring opportunities to reshape part of the enforcement landscape. President-elect Trump promised to repeal and replace the Affordable Care Act (“ACA”). Included within the ACA were several provisions that made it easier for qui tam relators to bring FCA cases.[2] While it is likely that such provisions—which plainly benefit the government—would be pressed for exemption from any repeal, this does present the potential for legislative changes beneficial to potential FCA defendants. Additionally, given the real likelihood of multiple U.S. Supreme Court appointments, along with the need to fill the more than 100 current federal district court vacancies, more legal challenges to efforts to expand the reach of the FCA can be anticipated.

____

[1] See Press Release, Department of Justice, North American Health Care Inc. to Pay $28.5 Million to Settle Claims for Medically Unnecessary Rehabilitation Therapy Services (Sept. 19, 2016), https://www.justice.gov/opa/pr/north-american-health-care-inc-pay-285-million-settle-claims-medically-unnecessary; Press Release, Department of Justice, Former Chief Executive of South Carolina Hospital Pays $1 Million and Agrees to Exclusion to Settle Claims Related to Illegal Payments to Referring Physicians (Sept. 27, 2016), https://www.justice.gov/opa/pr/former-chief-executive-south-carolina-hospital-pays-1-million-and-agrees-exclusion-settle.

[2] The ACA impacted the FCA by narrowing the Public Disclosure Bar (31 U.S.C. § 3730(e)(4)(A)), expanding the scope of the “original source” exception for the Public Disclosure Bar (31 U.S.C. § 3730(e)(4)(B)), relaxing intent requirement for violations of the Anti-Kickback Statute (42 U.S.C. § 1320a-7b(h)), and providing that claims resulting from Anti-Kickback Statute violations would also be considered false claims (42 U.S.C. § 1320a-7b(g)).

Healthcare Fraud and Abuse is an ever growing problem.  The Federal government has taken several steps in its enforcement efforts to cut down on health care fraud.  It is estimated that health care fraud costs the United States about $80 billion per year.  And it continues to rise in an alarming manner, as total U.S. health care spending continues to rise, currently topping $2.7 trillion.

In the last year, spending on home health care has increased over 5 percent from previous years.  Since 2000, the senior population has increased by 15.1% versus 9.7% for the population as a whole.  According to the 2014 FBI press release, these trends led to Medicare reimbursements for home-based care totaling $18.4 billion in 2011 and state Medicaid program reimbursements of $12.7 billion for beneficiaries’ personal-care services.  According to the Centers for Medicare & Medicaid Services (CMS), approximately 12 million individuals receive in-home care, much of which is provided by more than 11,600 Medicare-certified home health agencies.

In the past year, federal and state law enforcement officials have increased their efforts in combatting fraud and abuse in the home health industry.  This has included targeting providers referring patients for home care services, owners of home care agencies, nurse staffing agencies, and personal care aides across the country.  One of the largest enforcement efforts this year has been in the Washington, DC area, culminating in the arrest of over 20 individuals accused of fraudulently billing the District of Columbia’s Medicaid program.  Similarly, in Dallas, Texas, federal indictments were handed down against hundreds of home health agencies accused of Medicare Fraud that was mastered-minded by a single physician.  As noted in the indictment, the agencies wrote “visit notes to make it appear that they provided skilled nursing to the Recruited Beneficiaries when no skilled nursing was provided.”

Because fraud and abuse enforcement by both Federal and State agencies is increasing, effective compliance programs for home health companies are needed to better distance the home health company from the fraud activities.  At minimum, home health care agency’s compliance programs should include:

  • The development and distribution of written standards of conduct, as well as written policies and procedures that promote the home health agency’s commitment to compliance and address specific areas of potential fraud;
  • The designation of a compliance officer and other appropriate bodies, charged with the responsibility for operating and monitoring the compliance program;
  • The development and implementation of regular, effective education and training programs for all affected employees;
  • The creation and maintenance of a process, such as a hotline or other reporting system, to receive complaints, and the adoption of procedures to protect the anonymity of complainants and to protect whistleblowers from retaliation;
  • The development of a system to respond to allegations of improper/ illegal activities and the enforcement of appropriate disciplinary action against employees who have violated internal compliance policies, applicable statutes, regulations, or Federal health care program requirements;
  • The use of audits and/or other evaluation techniques to monitor compliance and assist in the reduction of identified problem areas; and
  • The investigation and remediation of identified systemic problems and the development of policies addressing the non-employment or retention of sanctioned individuals.

As a home health agency do you know whether your compliance program is effective?  If you have questions regarding the effectiveness of your compliance program, please contact Clifford E. Barnes or Marshall E. Jackson, Jr.

 

By Adam Solander, Ali Lakhani and Wenxi Li

The increasing prevalence of mobile technology in the healthcare sector continues to create compliance concerns for physician practices and other health care entities.  While the Office of Civil Rights (OCR) of the Department of Health and Human Services, has traditionally focused on technology breaches within larger health systems, smaller physician practices and health care entities must also ensure that their policies and practices related to mobile technology do not foster non-compliance and create institutional risk.

Physicians Integrate Mobile Technology Into Daily Practice

The Physicians Practice’s 2014 Technology Survey found that only 31 percent of more than 1,400 survey respondents reported implementing policies and rules to address bring your own device (“BYOD”) practices.  With more than 80 percent of doctors using mobile devices at work and integrating their personal devices into their professional practice, these devices could potentially represent a significant privacy and security risk.

Traditional Safeguards Undermined By “Anywhere” Access

The HIPAA Security Rule applies when any protected health information (PHI) is accessed and communicated through a mobile device, such as texting a patient’s name and phone number for follow-up calls.  In the annual OCR report to Congress on breaches of unsecured PHI for calendar years 2011 and 2012, OCR reported that information loss or theft from mobile devices was among the top three sources of breached PHI in 117 of the 222 reported breaches in 2012. Additionally, the Physicians Practice’s 2014 Technology Survey indicated that only 61 percent of the respondents surveyed reported securely backing data on a second server or via another method, thereby not complying with the HIPAA Security Rule which requires covered entities to create and maintain retrievable copies of electronic protected health information (ePHI).

OCR Enforcement Areas, Especially Among Small Breaches, Continue to Grow

OCR officials routinely remind covered entities and business associates to understand their obligations with respect to mobile device security – obligations that continue to become more complex to satisfy as the use of mobile technology in the workplace proliferates.  Simultaneously, OCR continues to increase enforcement of data breaches by entities subject to the HIPAA Security Rule. Significantly, this enforcement expansion has included smaller entities and breaches affecting fewer than 500 individuals.  OCR expects HIPAA Security Rule enforcement to continue its trend and increase going forward in 2014

Be Prepared

Physician practices and health care entities should conduct a thorough risk assessment which addresses the use of mobile devices and storage of mobile device data in their environment.  Additionally, policies and procedures should be developed to manage the risk associated with mobile devices to a business tolerable level.  Risk management plans and security evaluations should be updated and conducted periodically.  Additionally, physician practices and health care entities must remember that their business associates must also comply with the HIPAA Security Rule.  Thus, some diligence on the use of mobile devices in their business associates environment is advisable.  In practice, over 20 percent of HIPAA data breaches have been traced to noncompliant business associates. While the risk may be significant, with proper staff training to identify and address questionable HIPAA behaviors, physician practices and health care entities can minimize the risk of OCR enforcement and large settlement costs associated with mobile devices.

 

According to a new report released in December 2011 by the Office of Inspector General (“OIG”), more than 25 percent of all durable medical equipment (“DME”) suppliers faced enforcement actions by the Centers for Medicare & Medicaid Services during their first year of participation in the Medicare program. In its report, the OIG reviewed a sample of 229 newly enrolled suppliers and examined multiple data sources in order to assess the extent, if any, that the suppliers in the sample had program integrity issues. According to the report, during the first year of participation in the Medicare program, 26 percent of those suppliers classified as medium or high risk by the National Supplier Clearinghouse (“NSC”) for committing fraud, and 2 percent of those deemed low-risk by the NSC, had their Medicare billing privileges revoked or were subjected to prepayment claims review. This Alert addresses why DME suppliers, being among those that are subject to the highest levels of screening and scrutiny, need to be aware of these finding and offers thoughts on what suppliers need to do now to prevent and detect potential fraud, avoid prepayment review, and/or revocation of Medicare billing privileges.

Read the full alert here