Forbes magazine has dubbed 2014 “The Year of the Whistleblower.”  For healthcare providers, this designation has translated into millions of dollars in fines and penalties and the initiation of criminal investigations. 

Just last month, the Health Care Fraud Prevention and Enforcement Action Team (HEAT), settled a whistleblower-initiated lawsuit filed against a healthcare provider for $350 million to resolve claims that it violated the False Claims Act by paying physicians kickbacks to induce the referral of patients to its dialysis clinics. The provider also agreed to forfeit $39 million based on conduct related to two transactions of its joint venture.  

Healthcare providers are under growing scrutiny as government regulators become more aggressive in their pursuit of healthcare fraud.  Headlines spouting promises of increased criminal prosecutions of individuals, commitments to protect taxpayer dollars and changes to the laws making it easier for whistleblowers to bring healthcare fraud claims have become the norm. 

The regulators’ enforcement tool of choice?  The federal False Claims Act. 

Recent activity

In 2013, the Department of Justice recovered $2.6 billion for violations of the FCA relating to healthcare fraud, making it the fourth consecutive year in which the DOJ has collected over $2 billion from organizations and individuals in the healthcare industry.  FCA settlements involving alleged violations by hospitals, nursing homes, skilled care facilities, physician practices or other healthcare providers totaled more than 40, with individual settlement amounts reaching as high as $48 million.  The DOJ also obtained a $237 million judgment against a healthcare system after a four-week trial for violating the Stark Law and the FCA.  

The government HEAT

HEAT, a joint initiative between the DOJ and US Department of Health and Human Services, leads the government’s investigation of Medicare and Medicaid financial fraud.  On the federal level, HEAT acts through its Medicare Fraud Strike Force, which analyzes Medicare claims data to target geographic areas showing unusually high levels of Medicare billing. In 2013, the Strike Force filed 137 cases, charged 345 individuals, secured 234 guilty pleas and won 46 jury trial convictions.

HEAT is also assisted by state Medicaid Fraud Control Units (MFCUs), which are charged with investigating and prosecuting Medicaid fraud, as well as patient abuse and neglect in healthcare facilities. The MFCUs are made up of attorney-led teams of investigators and auditors. 

Increased FCA risks for healthcare providers

Traditionally, FCA actions have been brought against healthcare providers for allegedly engaging in the following actions:

  • Upcoding
  • Unbundling/bundling
  • Performing inappropriate or unnecessary medical procedures in order to increase reimbursement
  • Outpatient claims billed as inpatient
  • Kickbacks
  • Submitting false billing cost reports or certifications to the government
  • Red-lining: limiting acceptance or discouraging admission of patients who suffer from or are at risk of developing serious illnesses
  • Performing procedures without the requisite level of physician supervision
  • Billing for services not performed, failing to provide the full service billed for, or doubling billing

Healthcare providers’ risk of violating the FCA, however, significantly increased after the enactment of the Patient Protection and Affordable Care Act of 2010.  Under the ACA and its implementing regulations, an FCA violation can be based on a violation of the Anti-Kickback Statute and a failure to return Medicare overpayments within 60 day of identifying them.  The ACA also limited the scope of the “public disclosure” defense to FCA claims, making it easier for whistleblowers and the government to avoid a jurisdictional bar to their lawsuit.

The HHS Office of Inspector General Work Plan for Fiscal Year 2015, which summarizes new and ongoing reviews and activities it plans to pursue, shows that OIG will be increasing its scrutiny and review of ACA spending and Medicare billing.  Among other things, the 2015 Work Plan calls for at least 5-10 additional reviews addressing ACA programs and the review of the billing and payment policies and procedures used by healthcare providers. 

Individuals also face an increased risk of violating the FCA.  Cases involving fraud by executives at healthcare providers are now a high priority for the DOJ’s Criminal Division, which is now reviewing quitam complaints as soon as they are filed to determine whether or not to bring parallel criminal proceedings.

State false claims statutes – often as strong as the federal FCA

Healthcare providers must also be wary about violating individual state false claims statutes.  In 2013, states recovered $443 million for violations of state Medicaid programs.  To date, 30 states, among them New York, California and Virginia, have false claim statutes, and the number of states FCAs are expected to grow.  Eighteen states have been deemed by HHS to have false claims statutes at least as strong as the FCA because they (1) contain provisions rewarding and facilitating qui tam actions, (2) allow actions to be filed under seal for 60 days with review by the State Attorney General and (3) contain civil penalties equal to or greater than the FCA.

What can healthcare providers do about their FCA risk? 5 action steps

Under section 6401(a) of the ACA, compliance programs that contain certain “core elements” are a condition of participation in Medicare, Medicaid and Children’s Health Insurance Program. Below are key steps healthcare providers can take to minimize their FCA risks:

1. Identify the risk areas

  • Target activities most at risk for fraud, such as:
    • Coding and billing
    • Government program documentation
    • Referrals and physician financial arrangements

2. Establish internal controls

  • Establish internal controls relating to fraud prevention, such as:
    • Policies and procedures for coding
    • Standards for inpatient versus outpatient care
    • Internal audits and random testing of identified risk areas
    • Periodic reviews of financial agreements with physicians and healthcare partners
  • Establish and implement controls regarding corrective action, such as:
    • Return of overpayments
    • Submitting corrected reports
    • Matter referral to law enforcement
    • Termination of physician agreements

3. Conduct trainings

  • Educate and train employees on fraud risk
  • Develop training to fit employee job-specific responsibilities

4. Utilize internal whistleblowers

  • Establish policies and procedures to encourage internal whistleblowing
  • Develop and publicize procedures for reporting, elevating and assessing fraud complaints
  • Reward accurate internal reporting
  • Establish a strict anti-retaliation policy

5. Partner with outside counsel

  • Partner with outside counsel specializing in fraud prevention to support in-house knowledge and training and ensure latest information on anti-fraud policies and controls