In May 2009, the Department of Justice (DOJ) and Department of Health & Human Services, Office of the Inspector General (HHS-OIG) announced, with great fanfare, a new initiative to combat health care fraud: the Health Care Fraud Prevention and Enforcement Action Team (HEAT). The Attorney General and Secretary of HHS claimed HEAT was a “cabinet-level priority,” designed to gather resources to prevent fraud, waste, and abuse; reduce health care costs; improve quality of care; and highlight best practices for health care delivery. The announcement was accompanied by an action plan that, in 2010 alone, has resulted in claims of credit for recovering more than $2.5 billion to the Medicare Trust Fund and the opening of more than 2,000 new civil and criminal health care fraud cases. HEAT is expanding to Chicago in 2011, and is likely to have staying power. How can you prepare yourself?

A Bold, Innovative, and Coordinated Attack

In December 2010, Attorney General Eric Holder reiterated one of HEAT's primary goals: “ensuring the strength of our health care system.” He further touted HEAT as a successful interagency task force which includes senior officials from DOJ and HHS who collaborate on data-driven efforts to combat health care fraud. A hallmark of HEAT's efforts was the formation of regional “strike force” teams led by a federal prosecutor from a local United States Attorney's Office or the DOJ, working together with a federal agent from HHS-OIG and an agent from the FBI. The first of these teams was formed in Miami, Florida, and has expanded to other regions, including Southern California, Detroit, and Brooklyn, among other locations. Chicagoland is another targeted location.

The strike force teams use cutting-edge technology to review claims data to identify and analyze potential fraud. Given the vast resources available to them, strike force teams can target an industry (e.g., home health agencies), a service (e.g., particular CPT codes or service descriptions), or a provider name or category (e.g., Dr. Jones, or nurse practitioners), and through sophisticated data mining, obtain accurate information identifying statistically significant outliers within the selected category. Armed with this data, federal prosecutors can serve civil or criminal subpoenas to targets and third parties to obtain supporting information, while HHS-OIG and FBI agents gather facts through more traditional investigative methods. Importantly, since the government knows the claims were submitted (and often paid), it also monitors when providers fail to maintain records sought, and may investigate contempt of court or obstruction charges. This coordinated effort was novel when announced, and continues to be a hallmark of Attorney General Holder's term.

Recent statistics published by HEAT demonstrate results. In fiscal year 2010, recoveries from health care fraud increased 60 percent, to $2.5 billion for the Medicare Trust Fund and $800 million to state Medicaid programs. HEAT prosecutors also opened an all-time high 2,000 new civil and criminal health care fraud investigations. As Mr. Holder stated in December, “This work continues to grow.” In fact, quarterly reports by both agencies identify home health agencies, DMEPOS providers, and pharmaceutical companies as targets for 2011 enforcement activities. Recent indictments reflect these priorities.

Five Tips to Avoid Government Scrutiny

The HEAT Web site acknowledges that most health care providers are honest and submit only valid claims. However, because the strike force investigations begin by analyzing data using predictive modeling, the teams often assume a provider with statistically significant claims submissions is an outlier because of fraud, and then it gathers information to be convinced otherwise. Health care providers can implement some simple internal controls to significantly decrease their chances of being snagged in the government's net:

  1. Monitor Claims Submissions and Payments

Data mining and predictive modeling software compares claims submission data within a provider's own practice as well as compared to other, similar practices. Most providers already track their own submissions and payment receipts, but do not monitor trends. This can be done simply by creating a spreadsheet that identifies a provider's submitted claims, paid claims, volume and hours of work as measured by CPT code guidelines (to identify days where the provider submitted claims in excess of 16 hours in a 24-hour period). Depending on your practice area, the spreadsheet also may track more specific data — for example, the type of medications prescribed, ordered and delivered, or the types of services rendered for which the provider billed “incident to” a physician's services or where a nurse practitioner saw a patient.

Once a system is in place, it is relatively easy for an employee to keep it current and share it with a decision-maker (such as a compliance officer) for review. At the first sign of any outliers, the compliance officer or provider should determine whether the anomaly is due to the nature of a provider's practice or another reason. For example, home health agencies may see a perfectly acceptable rise in submitted claims toward the end of the month, as patients' benefits expire. However, a three-month spike in one physician or nurse practitioner's claims should be immediately investigated internally to ensure it was appropriate, and if not, to take immediate action.

  1. Develop and Follow a Written Compliance Plan

The “Filip Memo” (http://tinyurl.com/6x4etya) establishes criteria used by federal prosecutors to decide whether to indict a corporation for criminal conduct, and by civil prosecutors to determine whether to intervene in a civil False Claims Act lawsuit. While the criteria do not directly apply to individuals, the government also considers the factors when deciding which entities and people to target when they suspect fraud. These factors include, among other things, an analysis of the “existence and effectiveness of the corporation's pre-existing compliance program” as well as whether the corporation took any remedial measures in the face of fraud, waste, or abuse, including “an effort to implement an effective corporate compliance program or to improve an existing one.” Further, in November 2010, the United States Sentencing Commission amended the Sentencing Guidelines applied in federal criminal cases to allow for a reduction in a recommended sentence if a defendant can demonstrate the existence of an effective compliance and ethics program at the time of the offense. To receive the benefit of a reduced sentence, an entity must demonstrate a program exists; individuals with operational responsibility for the program have direct reporting obligations to decision-makers; the program detected criminal conduct before it was likely to be discovered outside the company; the company promptly reported the conduct to the government; and no individual with compliance authority committed wrongdoing.

A provider entity may avoid being charged by a strike force team if it can convince the prosecutor there was an existing program designed to catch waste, fraud, and abuse and, to the extent any wrongdoing was discovered, it was committed by a rogue employee, and the provider responded to it immediately. Providers should reap additional significant internal benefits from successful compliance programs, namely, reduced instances of waste, fraud, and abuse and improved billing and delivery practices. Since the mere existence of an effective plan can have notable prophylactic results, all providers should — at a minimum — have a written compliance plan in place. Indeed, the lack of a plan may spur the government to adversely react, which is a big risk in a region with a HEAT strike force team.

  1. Conduct Due Diligence on Employees and Contractors

HHS-OIG has the authority to exclude officers and managers from federal health care programs if they were involved in certain unlawful activities. While still largely untested, HHS-OIG has signaled it is seriously targeting individuals as opposed to just organizations. Decision-makers can avoid being held responsible for the actions of rogue employees by conducting simple due diligence when hiring employees, accepting a relationship with a new practice group, or even contracting with a billing company or other contractor or vendor entity. If you learn anything that gives you pause, it is much better to be safe and refrain from entering into a relationship with the provider or contractor.

  1. Consult With Outside Counsel

Putting another lawyer, or team of lawyers, between in-house counsel and the government insulates in-house counsel and compliance officers from direct contact with the government and may significantly reduce the likelihood of any obstruction or false representation charges against in-house counsel. Additionally, outside counsel will generally be viewed as more objective because they do not have “a horse in the race”; therefore, if responding to a government request for information goes awry, the government is far less likely to view it as intentional concealment or obstruction.

Moreover, if a provider engages outside counsel early in the process, then it has a distinct advantage in responding to government inquiries because in-house lawyers will benefit from this insulation from the beginning. As seen in recent charges brought by DOJ against in-house counsel for a multinational pharmaceutical company, receiving the advice of outside counsel later in the process, after certain representations have already been made to the government by in-house counsel, can defeat the purpose of insulating in-house counsel from the government and potential criminal charges if — in the government's view — in-house counsel inadvertently over-promises or does not live up to its promises.

  1. Assume a Criminal Investigation Is Underway

When responding to any request for information by any government entity or individual, assume the civil agency may be working hand-in-glove with a criminal investigator. By doing so, an in-house attorney will likely think twice before deciding which information to provide, or withhold, from the government. In a civil case between private litigants, the price for withholding information is relatively low: a court may order production or the opponent may obtain sanctions. Rarely in a civil case is an attorney held in civil contempt for failure to comply with a subpoena. However, in a civil case between private litigants, neither an opponent nor the court has both propounded the request and holds the power to charge an attorney with a crime if an in-house lawyer makes a decision the government lawyer does not like or believes is obstruction.

In a criminal investigation, the stakes are even higher, because the government has much greater power. If an attorney or provider withholds material information, makes a material misrepresentation, or otherwise obstructs either a civil or criminal investigation, he may be indicted for the discovery decision. The government agency reviewing the response is the same agency deciding whether the provider has accurately and thoroughly responded; it alone has the power itself to recommend the return of criminal charges if it deems compliance unsatisfactory. Ignoring a government subpoena, or improperly withholding requested documents or other evidence, may lead to indictments. Even where there is no criminal case at the outset, every government agency can easily refer an instance of non-compliance with a request to a federal prosecutor to have an attorney charged.  

Conclusion

With the HEAT strike force team coming to Chicago, the number and size of both civil and criminal health care fraud cases should rise steeply. Advance preparation and internal controls could minimize risk of scrutiny, as well as adverse consequences.