Both the federal Food and Drug Administration (FDA) and Office of the Inspector General (OIG) have authority to seek personal consequences against corporate officers deemed responsible for federal health care violations. For example, the FDA has the power to exclude officers from federal health care programs and seek debarment of corporate officers. The power to punish individuals, however, goes beyond sanctions. Recent developments demonstrate that individual criminal liability is a distinct possibility.
More importantly, these developments have expanded the ranks of corporate owners, officers and managers who face criminal liability—and have also expanded the nature of that liability itself. Individuals who have no actual knowledge of wrongdoing can still face criminal consequences merely as a result of their position within a company. This expansion of prosecutorial authority promises to have an immediate impact on corporate compliance programs. Whether it encourages managers to become more actively involved—or to avoid involvement altogether—remains to be seen.
The Evolving Standard of Individual Criminal Liability
The FDA has the authority to investigate criminal conduct arising under a number of statutes, including the federal Food, Drug and Cosmetic Act (FDCA) and laws regulating mail fraud and counterfeit goods or services. Essentially, the FDA can investigate misbranding of products as well as the promotion, manufacture and sale of unapproved products. The OIG has similar jurisdiction to investigate FDA-regulated activities.1
The FDCA has, for decades, prohibited the introduction of a misbranded drug into interstate commerce; it also imposes criminal consequences upon violators.2 Criminal prosecutions can be, and have been, brought against corporate officials over the years, with prosecutions becoming more prevalent in recent years.
This is best exemplified by the decision in United States v. Park, in which a corporation’s chief executive officer was found criminally liable for inadequate warehouse sanitation.3 In reaching that conclusion, the court emphasized two points: First, a corporation can only act through the individuals who act on its behalf; and second, the liability of people serving in managerial positions does not depend on their knowledge of the criminal acts but, rather, can be predicated on the individual’s power to prevent the prohibited acts.4 Stated differently, the court concluded that those who have a duty to implement measures to avoid violations, or who have some responsible relationship to the offending situation, could be criminally liable—and that such persons bore the burden of proving that they were powerless to prevent or correct a violation.5
Since the Park decision, this “responsible corporate officer” concept of strict liability—the fact that a violation can result in a conviction even without proving actual knowledge—has been continually expanded. It now threatens each and every owner, officer and manager in the health care and pharmaceutical industries.
Recent Developments Expand Prosecutorial Powers
After receiving criticism about lax criminal enforcement in a report authored by the Government Accountability Office,6 the FDA announced in 2010 that it would revitalize its approach to corporate officers by both increasing the use of misdemeanor prosecutions and enhancing its debarment and disqualification actions.7
The Patient Protection and Affordable Care Act (PPACA)8 also expanded prosecutorial authority by revising the Anti-Kickback Law (42 U.S.C. §§ 1320a- 7b) to strengthen the government’s powers. Today, claims submitted in violation of the Anti-Kickback Law are automatically deemed violations of the False Claims Act (31 U.S.C. §§ 3729 to 3733), and prosecutors no longer need to prove that a defendant had actual knowledge of the Anti-Kickback Law or a specific intent to violate the statute.9
The liability scheme of the False Claims Act itself was also recently clarified so that now, among other things, it is a violation to knowingly present or cause to be presented a false or fraudulent claim for payment or approval, knowingly make or use a false record or statement material to a payment of a false or fraudulent claim, or conspire to defraud the government by getting a false or fraudulent claim paid or allowed.10 Notably, liability under the False Claims Act can also include a penalty of $5,000 to $10,000 per claim, as adjusted by inflation, plus treble damages.11
In 2010, the False Claims Act’s concept of a qui tam action, in which a relator (i.e., a whistleblower) can bring a fraud action on behalf of the government,12 was changed to narrow a prohibition against certain actions. Specifically, relators can now sue based upon a broader class of publicly disclosed information and a broader class of original source information.13
The Government’s Administrative Powers Have Been Expanded
The government also has other methods of making things difficult for corporate owners, officers and managers. Medicare payments can be suspended if a pending investigation has shown credible allegations of fraud.14 Also, the PPACA provides for the enhanced exclusion of individuals who own, control or manage an entity that is suspended or excluded.15 Government debarment, or exclusion from participation in federal health care programs, comes in several forms.
Debarment can be permissive (i.e., discretionary) or mandatory. With respect to the former, OIG guidance confirms the discretionary nature of the OIG’s power to debar owners and those who have a controlling interest when they knew, or should have known, of the offending conduct; but it goes much further. The OIG has also indicated it will more actively pursue corporate officers and managing employees of entities who were excluded or convicted of certain crimes solely based upon those persons’ position within the entity. The main point, which cannot be emphasized enough, is that the owner liability standard is higher than that set for officers and managers, putting the latter persons at much greater risk.16
In all situations, there is a presumption favoring exclusion—making debarment a considerable weapon—but the OIG has also stated it did not intend to exclude all persons falling within the OIG guidance. To that end, the OIG has developed nonbinding factors concerning the use of its power, including:
- The nature of the offense itself; for example, whether it caused harm;
- The degree of managerial control or authority possessed by the person in question and whether the person was in the “chain of command;”
- Whether any mitigating steps were taken by the person in question; and
- If a timely disclosure was made by the individual in question.16
- Similar factors are contained within the FDA’s Regulatory Procedures Manual.17
With respect to mandatory exclusion, Section 1128 of the Social Security Act states the Department of Health and Human Services shall exclude four classes of people: those convicted of programrelated crimes, those with a conviction relating to patient abuse, those convicted of a felony relating to health care fraud and those convicted of a felony relating to a controlled substance.18
Debarment is also allowable under federal procurement regulations, which provide that a contractor may be suspended based upon adequate evidence of fraud in, among other things, obtaining a contract. This includes a violation of the False Claims Act.19
Since 1996, the OIG has used its exclusion authority in more than 30 cases, but until recently, had not used it against executives of large and complex corporations. The OIG stated it would not seek to exclude all officers and managers of a company convicted of health care fraud, but it will nevertheless seek exclusion if the officer or employee knew or should have known of the criminal misconduct. For example, the OIG obtained a federal felony conviction against a corporation for failing to inform the FDA about production problems and excluded the owner for a period of 20 years.20
Recent History of Corporate Officer Liability
The recent history of prosecutions tells a deeply troubling story for corporate officials. The government’s use of the responsible corporate officer doctrine in the post-Park era has been gaining steam in recent years. In 2007, for example, three executives pled guilty to misbranding a drug and received sentences involving probation, community service and disgorgement of millions of dollars.21 In 2010, four corporate officers pled guilty to misdemeanors concerning the alleged unapproved use of a medical device, among other violations.22
A slew of government press releases in 2011 indicate that the trend is not only continuing but increasing. Consider the criminal liability imposed upon the following corporate officials for health care fraud:
• The former president of a physical therapy company was sentenced to 24 months in prison for defrauding Medicare by submitting claims for services not provided and for paying kickbacks to obtain the billing information utilized in the scheme.23
• The owner of a mental health company was sentenced to 35 years in prison for a fraud and kickback scheme that resulted in Medicare bills exceeding $200 million.24
• The owner of a durable medical equipment company was sentenced to 66 months in prison for fraud, kickbacks and the obstruction of justice.25
In order to enhance the government’s criminal enforcement, many of these cases are the result of coordinated efforts between government agencies. The Department of Health and Human Services reported that the government collected more than $4 billion in fiscal year 2010 as a result of the health care fraud prevention and enforcement efforts. In that fiscal year, 284 defendants were indicted, 217 guilty pleas were negotiated and 146 defendants were sentenced to prison time (averaging 40 months of incarceration).26
Based on the enhanced power to pursue responsible corporate officials and the sums involved in the fraudulent schemes, the government’s criminal enforcement efforts can be expected to rise.
Impact on Corporate Compliance
Recent developments have certainly expanded government power to exclude individuals and to charge them with a crime and, by extension, prosecutorial discretion. It is not clear, however, how this discretion will be exercised and how many people will face these draconian sanctions. But it is clear that the potential adverse exposure to executives, officers and managerial employees has vastly increased. It is also clear these persons can be charged with a criminal offense, even when actual knowledge of a violation does not exist.
To complicate an assessment of the new liability scheme even further, corporations with an adequate compliance program have additional defenses to government enforcement and, thus, so do the individuals involved in such a compliance program. The government has recognized the perverse incentives in assessing personal liability and has attempted to deflect those incentives by a full examination of all factors surrounding corporate compliance programs.
Simply put, the risk of criminal liability will prove too great to suggest that a hands-off approach to compliance is the “right” approach. Thus, lack of knowledge and lack of an ability to correct adverse situations should not be viewed as a defense to criminal charges. In fact, they are not.
The government’s increasing use of criminal liability—and individual exclusion—should, if anything, be considered yet another reason to stay involved and heavily focused on compliance. Implementation, continual monitoring and “pressure-testing” of stringent compliance programs should be at the top of the corporate priority list. Wholesome compliance programs remain the only tried and true responsible approach to avoiding personal criminal liability.