The government is using the False Claims Act (FCA) as an important tool to combat COVID-19 healthcare fraud. Healthcare companies and providers should take a close inventory of their practices, and structure a proactive approach to compliance with the False Claims Act at a time when mitigating risk is more important than ever.
Expect Aggressive False Claims Act Enforcement After COVID-19
On March 10, 2022, the Justice Department announced the appointment of a director of COVID-19 Fraud Enforcement to lead the department’s criminal and civil enforcement efforts to combat COVID-19-related fraud. Attorney General Merrick B. Garland made clear that the department will take decisive action against COVID-19-related fraud: “The Justice Department remains committed to using every available federal tool — including criminal, civil, and administrative actions — to combat and prevent COVID-19 related fraud.”
The Justice Department’s efforts to combat COVID-19 fraud include cases and investigations involving pandemic relief programs such as the Paycheck Protection Program (PPP); Economic Injury Disaster Loan (EIDL) program; Unemployment Insurance (UI) programs; and the Coronavirus Aid, Relief, and Economic Security (CARES) Act, including the Provider Relief Fund (PRF).
To date, the Justice Department’s efforts have resulted in criminal charges against over 1,000 defendants with alleged losses exceeding $1.1 billion; the seizure of over $1 billion in Economic Injury Disaster Loan proceeds; and over 240 civil investigations into more than 1,800 individuals and entities for alleged misconduct in connection with pandemic relief loans totaling more than $6 billion.
As such, companies that do business with the government, especially those in healthcare, need to protect themselves against FCA liability. Healthcare companies and providers will need to take a close inventory of their practices, and structure a proactive approach to compliance at a time when mitigating risk is more important than ever.
What is the False Claims Act?
The civil False Claims Act (31 U.S.C. §§ 3729 – 3733) is a federal statute that forbids submitting false claims to the government.
Under the civil FCA, it is illegal to:
- Knowingly file a false or fraudulent claim for payment; or
- Knowingly make a false statement or use a false record material to the claim for payment.
“Knowingly” can be a deceptive term, as it includes acting with actual knowledge, as well as acting in deliberate ignorance or reckless disregard to the truth or falsity of information. If you knew or should have known of a false claim or statement, for example, you can be liable under the FCA. The term “knowingly” does not require proof of specific intent to defraud.
Civil FCA violations may result in fine of up to three times the government’s loss plus penalties per false claim (based on current adjustments for inflation). As of the date of this article, the minimum and maximum per claim penalties are $11,181 and $22,363 respectively. There is also a criminal FCA that can result in imprisonment and criminal fines. Providers have gone to prison for submitting false health care claims.
The FCA Is a Tool to Fight Healthcare Fraud
The federal False Claims Act is perhaps the federal government’s most salient tool for fighting fraud against government programs, including Medicare, Medicaid, and Tricare. Private citizens (whistleblowers) can file “qui tam” suits on behalf of the government and claim a share of any money recovered, or the Department of Justice (DOJ) can file claims directly.
Although the FCA applies to all kinds of false claims, the government typically uses this statute to fight health care fraud, combat the opioid epidemic, and protect the Medicare and Medicaid programs. Of the Justice Department’s more than $5.6 billion of judgments and collections reported in 2021, more than $5 billion was related to the healthcare industry, including drug and medical device manufacturers, managed care providers, hospitals, pharmacies, hospice organizations, laboratories, and physicians.
Examples of recent enforcement actions include:
- Through Operation Rubber Stamp, telehealth executives were penalized for paying medical professionals to order fraudulent testing and pain medications.
- A California-based health care services provider paid $90 million for submitting unsupported diagnosis codes and inflating payments.
- A holding company for fake DME supply companies paid $20.3 million for allegedly billing federal healthcare programs for medically unnecessary medical equipment.
- A physician practice headquartered in Tampa agreed to pay a $24.5 million settlement in April 2022 to resolve FCA charges that they billed federal healthcare programs for medically unnecessary evaluation appointments to compensate for lost revenue when Florida suspended all non-emergency medical procedures during the COVID-19 pandemic.
- A lab owner pled guilty in January 2022 to a conspiracy to defraud Medicare by bundling COVID-19 testing with other, medically unnecessary tests.
- An Arkansas man who owned or managed numerous diagnostic testing laboratories was indicted for health care fraud in connection with over $100 million dollars in false billings for urine drug testing, COVID-19 testing, and other clinical laboratory services.
- A Missouri state representative who operates for-profit and non-profit clinics was charged for fraudulently requesting and receiving federal relief funds for COVID-19 testing that did not take place.
Potential False Claims Act Pitfalls
Though there are effective ways to navigate an FCA investigation, wage a defense, and improve outcomes through strategies like cooperation credits, it is always better to prevent, than to cure.
Beware of these potential pitfalls that may catch the attention of qui tam whistleblowers and the government’s own analysis of billing data:
- Billing errors, including upcoding for testing or treatment of different types or amounts than those provided (the Centers for Medicare & Medicaid Services (CMS) has developed two HCPCS codes that can be used to bill for certain COVID-19 diagnostic tests)
- Failure to exercise care in selecting diagnostic codes, including billing for unsupported diagnostic codes, or billing for every possible patient diagnosis
- Billing for testing or treatment that is not medically necessary, including treatments with unsupported safety or efficacy
- Substandard, untested, or unapproved treatments for COVID-19
- False or misleading marketing statements to government-insured patients
- False claims submitted by newly or provisionally licensed providers or contractors
- Misrepresentations or omissions material to obtaining government relief
- Falsely certifying service or product compliance provided to government
- Exploiting expanded telehealth policies (billing for telemedicine appointments that never happened or ordering unnecessary testing, treatment, or medication).
- Failing to comply with cybersecurity standards and promptly report suspected breaches
Given the demands on the health care system, the bar for pursuing providers on the front lines of COVID-19 may be set higher. In fact, provisions of the CARES Act provide immunity to certain providers with claims for emergency COVID-19 services and recognize liability immunity for certain respiratory protective devices deemed a priority during the public health emergency.
Still, providers in the trenches may face allegations that emergency care was not provided in good faith. Similar risks exist for providers who operate under CMS’ blanket waiver of Stark Law sanctions.
A Violation of Stark Law May Also Be a Violation of the FCA
The Stark Law prohibits physicians from referring Medicare and Medicaid patients to an entity for “designated health services” (also called ancillary services) if the physician has a prohibited financial relationship with the entity. If a physician “knows” of a substantial risk that his or her referrals for “designated health services” may violate Stark Law, the physician may be subject to penalties for submitting false claims under the FCA. This burden does not require actual knowledge but can be met by showing that the physician acted in deliberate ignorance or reckless disregard of information regarding the legality the referral relationship.
In March 2020, CMS waived certain requirements in Medicare, Medicaid, and CHIP under section 1135 emergency authority of the Social Security Act. The waivers protect providers from certain Stark Law sanctions to allow hospitals and physicians to structure more flexible relationships during the COVID-19 national emergency.
To extend this flexibility to False Claims Act liability, CMS has stated that it will work with the Department of Justice to “address False Claims Act relator suits where parties using the blanket waivers have a good faith belief that their remuneration or referrals are covered by a blanket waiver.”
This is significant because the Stark Law is a strict liability statute, which means violations can occur even when the parties intended to comply with the law but failed to comply with a technical element of an applicable exception.
By considering the physician’s good faith beliefs, the Department of Justice has added an element of intent to the fraud determination. In other words, a technical violation of the law may not result in enforcement action if the physician had a good faith belief that the referrals were covered by a Temporary Stark Law Blanket Waiver. As a reminder, the Temporary Stark Law Blanket Waivers only apply to arrangements that are solely related to a COVID-19 purpose.
Review Your Practices and Take a Proactive Approach to FCA Compliance
False Claims Act enforcement continues in 2022. Legal experts predict that FCA cases will keep climbing, triggered by both whistleblowers and government data analytics. The health care industry is still receiving the most scrutiny, especially in telehealth, Medicare Advantage, medically unnecessary procedures (elective surgeries), and alleged kickbacks. Providers should also be careful to comply with cybersecurity standards. Any outlying data could trigger an FCA investigation.
Protect your practice or business from FCA liability with these best practices:
- Keep detailed records of all transactions and correspondence; document any waivers of requirements or modifications authorized by officials or agencies
- Develop, audit, and update comprehensive compliance plans, and implement effective reporting systems to identify potential compliance issues
- Be alert to anti-competitive conduct and collusive practices, including price fixing, that may form the basis of FCA claims
- Educate employees of noncompliance risks, and train accordingly
- Have a response plan in place in the event of an audit, investigation, or enforcement action that requires corrective action
- Designate a compliance officer (or outsource) who will be responsible for leading compliance efforts, enforcing standards, and response initiatives in your medical compliance program
- Review and understand all conditions of payment, and adopt best practice to ensure compliance with requirements
- Be vigilant about billing and documentation for telehealth services. Be cautious when ordering testing, treatment, and/or medication without an in-person appointment, particularly for Medicare Beneficiaries.
- Take accountability for your cybersecurity, document your security controls and practices, and report suspected breaches immediately. This is especially important for providers with sensitive government information.
Avoid False Claims Act Enforcement Actions
As a powerful enforcement tool, the FCA has been used heavily following times of crisis and corresponding financial relief. With $2 million allocated by the CARES Act to the HHS’ Office of Inspector General (OIG) for oversight activities, the post-COVID-19 environment will likely be shrouded by increased enforcement and FCA claims.
To avoid enforcement actions, health care providers, especially telehealth companies, durable medical equipment (DME) companies, home health agencies, and medical testing companies and labs need to take a close inventory of their practices and structure a proactive approach to FCA compliance.
Hendershot Cowart P.C. can help you update your practices and avoid enforcement actions.
Call us at (713) 909-7323 to protect your practice or healthcare business.