FALSE CLAIMS ACT & HIPAA
2014 UPDATE
Presented for
January 14, 2014
• Department of Justice FY 2013-2014 Priority Goals
• National Security
• Violent Crime
• Vulnerable People
• Financial Fraud
• “Protect the American People from financial and health care fraud” is stated as a priority goal
3
“The Department of Justice will not tolerate those
who abuse the public health care programs to which
we all contribute and on which we all depend.”
- Stuart F. Delery, Principal Deputy Assistant Attorney General for the Civil Division of the DOJ (Feb 2013)
Enforcement Landscape
• Department of Justice Budget for FY 2014 increased by 3.1% to $27.6 billion
• 2014 budget for health care fraud resources is $299.4 million
• Includes new funding for Health Care Fraud & Abuse Control program (HCFAC) of $72.94 million for criminal and civil enforcements
• Includes mandatory HIPAA funding to support FBI investigations into health care fraud
• Continues funding for Health Care Fraud Prevention and Enforcement Action Team (HEAT)
• Average 3 year return on DOJ investment is $7.90 for every $1 spent on health care fraud enforcement
5 • Centers for Medicare & Medicaid Services (CMS) - The Recovery Audit
Program
– Mission is to identify and correct Medicare improper payments through the efficient detection and collection of overpayments made on claims
– A successful demonstration program that utilized Recovery Audit Contractors (RAC) to identify Medicare overpayments and underpayments from 2005 – 2008
returned over $900 million to the Medicare Trust Fund
– As a result, Congress required the Secretary of the Department of Health and Human Services to institute (under Section 302 of the Tax Relief and Health Care Act of 2006) a
permanent and national Recovery Audit Program
Enforcement Landscape
– All Medicare providers are subject to RAC audits
• RACs identify overpayments and underpayments through review of all claim and provider types that have a high propensity for error based on the Comprehensive Error Rate Testing (CERT)
• Improper payments may result from
– Incorrect payment amounts
– Non-covered services
– Incorrectly coded services
7 • CMS – RAC Audit Questionnaire
9
• CMS reports nearly $2.4 billion in
corrections have been identified between January – June 2013
– Region 3 which includes Florida accounts for $767 million in
corrections during the same time period
• RACs are paid on a contingency fee basis
– The contingency fees have ranged from 9% - 12.5% and are not paid until the funds are recouped by Medicare
Enforcement Landscape
11 • Increased funding will permit DOJ to expand
Medicare Fraud Strike Force operations to new locations
• Target investigations in the criminal hubs where health care fraud activities occur
• Additional funding will be focused on civil enforcement of False Claims Act matters and others alleging fraudulent or false claims submitted to the government by health care providers or those caused by pharmaceutical manufacturers
Enforcement Landscape
• Dodd/Frank Whistleblowers
• In FY 2012 the DOJ reports
• 135 Non-Qui Tam
• $1.6 billion in settlements/judgments
• 647 Qui Tam
• $3.3 billion in settlements/judgment where U.S. intervened
• $29.3 million in settlements/judgments where U.S. declined intervention
13 • From January 2009 – February 2013, the government
has recovered over $14 billion – the largest four-year total in the DOJ’s history
– More than a third of the total recoveries since the act was amended in 1986
– Helped in recent years by increasingly aggressive relators, the DOJ has accelerated its efforts and shown dramatic results.
• Tony West, Assistant Attorney General for the Civil Division, explained:
– Twenty-eight percent (28%) of the recoveries in the last 25 years were obtained since President Obama took office. These record-setting results reflect the determination
and effort that this administration, and Attorney General Eric Holder, have put into rooting out fraud, recovering taxpayer money and protecting the integrity of government programs
Enforcement Landscape
• May 2009 Department of Health and Human Services (HHS) and Department of Justice (DOJ) created the Health Care Fraud Prevention and Enforcement Action Team (HEAT).
• HEAT’s mission is to prevent waste, fraud, and abuse in the Medicare and Medicaid programs.
• HEAT is a multi-agency team of federal, state and local investigators who use Medicare data analysis techniques and an increased focus on community policing to combat fraud.
15 • HEAT reported that they deposited
$4.2 billion to Department of Treasury and CMS accounts, and from that amount awarded more than $284 million to
relators under the qui tam provisions of the FCA
• Medicare Trust Fund received more than $2.4 billion, including $935 million in civil recoveries ($332.5 million of which was
“restitution/compensatory,” the remainder in “penalties and multiple damages”), $1.4 billion in criminal fines, and $89.7 million in HHS audit disallowances for the Medicare program
• U.S. recovered $835.7 million of the federal share of Medicaid, and TRICARE, the Department of Veterans Affairs, and the Office of Personal Management obtained $360 million in recoveries.
Enforcement Landscape
• It is illegal to submit claims for payment to Medicare or Medicaid that you know or should know are false or fraudulent
• False claims may result in fines up to 3 times the program’s loss plus $11,000 per claim filed
• Under civil FCA, no specific intent to defraud is required
• Civil FCA contains a whistleblower provision that allows a private individual to file a lawsuit on behalf of the United States – also known as a qui tam
– Whistleblowers are entitled to a percentage of any recoveries
– Whistleblowers could be current or ex-business partners, hospital or office staff, patients, or competitors
False Claims Act
17
• Person knowingly presents, or causes to be presented, to the U.S. government a false or fraudulent claim for payment or approval (31 USC § 3729(a)(1))
• Person knowingly makes, uses or causes to be made or used, a false record or statement to get a false or fraudulent claim paid or approved by the government
(31 USC § 3729(a)(2))
• Person conspires to defraud the government by getting a false or fraudulent claim allowed or paid
(31 USC § 3729(a)(3))
• A “claim” must be submitted to
the government for payment or approval
• Claim must be “false or fraudulent”
• Person must “know” the claim is false
False Claims Act – Elements
19
•
A “claim” includes:
– Any request or demand, whether under a contract or otherwise, for money or property which is made to a
contractor, grantee, or other recipient if the U.S. government provides any portion of the money or property which is requested or demanded, or if the government will reimburse such contractor, grantee, or other recipient for any portion of the money or property which is requested or demanded 31 USC § 3729(c)
– Any kind of document or other communication that
reasonably could be expected to cause the government to make or approve a payment
– Claims to third parties who are paid/reimbursed by the government
21
• Person who “causes” a false claim to be presented, even if not the actual presenter of the claim, may be liable
• Person actually presenting claim need not know it is false
– Physician may be liable for false claims submitted to
Medicare by a hospital even though physician did not submit the claim
– Medical facility may be liable for false claims submitted to Medicare by a third party payer contracted to manage and control all Medicare billing
Claim
• Billing for services that were never delivered or rendered, either at all, or in the manner documented
• Performing inappropriate or unnecessary medical procedures
• Unbundling– using multiple billing codes instead of the correct bundled code in order to increase payment
• Bundling– billing more for a panel of tests when a single test was asked for
• Double billing – charging more than once for the same goods or service
• Upcoding– inflating bills by using diagnosis billing codes that suggest a more expensive illness or treatment
• Billing for brand – billing for brand-named drugs when generic drugs are actually provided
False/Fraudulent Examples
23
• Prescribing a medicine or recommending a type of treatment or diagnosis regimen in order to win kickbacks from hospitals, labs or pharmaceutical companies
• Billing for unlicensed or unapproved drugs
• Forging physician signatures when such signatures are required for reimbursement from Medicare or Medicaid
• Billing for services that are too advanced for patient needs
25
• Qui Tam provision of the False Claims Act affords the right of federal prosecution to anyone who knows of false or fraudulent claims being submitted to the government
• An individual who hands this information over to the government becomes a qui tam “relator” or whistleblower
• Government must decide to “intervene” and prosecute the case or defer to the relator, who may opt to pursue on his own
• If government intervenes, the relator will share the financial recovery as a reward and will be reimbursed for attorneys’ fees and costs
Qui Tam
• If government defers to the relator and the case resolves successfully, relator gets a larger portion of the recovery
• Qui Tam relator need not come forward with “clean hands” – he may have been an active participant in the fraudulent activity
• Furthermore, he can be a “parasitic relator,” meaning his action may be based on information from a government audit or investigation as yet undisclosed to the public
27
• Under § 3729(a)(1):
– Specific intent to defraud?
• Not Necessary
– Mere negligence in submission (e.g., typo)?
• Not Actionable
• “False Certification” Theory
– Claim may be fraudulent even if the claim does not contain false information
• Government may allege that a violation of another federal statute, regulation, or contract serves as the basis for liability under the FCA
• For example, falsely certify that you are in compliance with Stark or Anti-Kickback Statute
– United States ex rel. Hobbs. v. MedQuest Associates, Inc., et al., F.3d,
2013 WL 1285590 (6thCir. 2013)
29
Knowing
Skilled Nursing Facilities:
• April 2013 public company,
The Ensign Group, Inc., announced
that it will pay the government up to $48 million as part of a settlement agreement with the DOJ to resolve allegations of overpayment by federal healthcare programs. Ensign expects to enter into a corporate integrity agreement with the Department of Health and Human Services’ Office of the Inspector General (OIG) and make a single lump-sum payment to the government to resolve overpayment allegations
• March 2013 Tennessee-based nursing home operator Grace Healthcare LLC will pay the
federal government more than $2.7 million, settling charges that Grace violated the False Claims Act by billing Medicare for unnecessary
31
Physicians Practices:
• Istiag Malik M.D., P.C. and Advanced Nuclear Diagnostics of Bethesda, MD was fined $17 million in July 2013 for double billing for nuclear stress tests
– His two practices submitted claims for services that were unrelated to patient treatment, double-billed for medical care and billed for services that never were provided
– The fine included $1.7 million in penalties and $15 million fine equaling three times the amount of fraudulent claims submitted
False Claims Act in 2013
• Dr. Steven J. Wasserman, a Venice, FL dermatologist agreed to pay $26.1 million in February 2013 for taking illegal kickbacks from a pathology laboratory
– Largest settlement ever with an individual in the Middle District of Florida and one of the largest in U.S. history
• The Scheme:
– Dr. Wasserman allegedly sent biopsy specimens for Medicare patients to Tampa Pathology Lab (TPL) and the lab provided a report with a line for Dr. Wasserman to sign to make it appear that he did the diagnostic work
– Dr. Wasserman received more than $6 million in Medicare payments for services he did not perform
33 – As part of his agreement with TPL, the doctor increased the number of
skin biopsies he performed on Medicare patients, thus increasing the referral business to TPL
– The government alleged procedures were performed that were not medically necessary in order to obtain Medicare reimbursement
• The lawsuit and penalty:
– Dr. Alan Freeman, a former TPL employee filed a qui tam lawsuit and the DOJ intervened in the action
• Dr. Freemen received $4,046,000 million
– DOJ settled with TPL for $950,000
– Dr. Wasserman is excluded from being paid under Medicare and Medicaid and all other federal health care programs
False Claims Act in 2013
• Cardiologist Dr. Elie H. Korban agreed to pay $1.15 million in December 2013 to resolve FCA allegations that he billed Medicare and Medicaid for unnecessary cardiac stent placements
• The alleged violations:
– Between 2005 – 2008 cardiac stents were placed in patients that were deemed not medically necessary
– Dr. Korban allegedly improperly billed Medicare for work performed by substitute doctors when he was available to perform the services himself
– The allegations were first raised in a whistleblower lawsuit filed by substitute, Dr. Wood M. Deming (his share of the settlement has not
35
• Abbott Laboratories agreed to pay $5.475 million to resolve
allegations it paid kickback to doctors to use the company’s carotid, biliary and peripheral vascular products
– The settlement reached on December 27, 2013, resolves allegations that Abbott knowingly paid prominent physicians for teaching assignments, speaking engagements and conferences
– Expectation was the physicians would arrange for their affiliated hospitals to purchase Abbott products
– Original lawsuit was filed by two former Abbott employees under the qui tam provision. The former employees will receive payment more than $1 million
False Claims Act in 2013
•
HIPAA Privacy Rule is a set of federal standards to protect
the privacy of patients’ medical records and health
information maintained by covered entities which are:
– Health plans
– Governmental health programs – Medicare, Medicaid, Veterans Health Administration
– Physicians
– Hospitals
• HIPAA contains a host of substantial fraud and abuse provisions that dramatically affect the health care industry
– Under HIPAA, health care fraud is a criminal offense
– Far-reaching provision is the expansion of exclusionary authority of DOJ and HHS OIG
• At their discretion, they may exclude directors, officers, and managing employees of a health care company that has been convicted or excluded from government programs,
notwithstanding their lack of direct knowledge of the fraud
HIPAA
37
• Numerous privacy-related rule changes became effective September 23, 2013 under the HIPAA Omnibus Rule
– Provision that will lower or eliminate “harm threshold” used to determine when a health care provider is required to report data breaches
– “Business Associates” (BA) and sub-contractors now must abide by some of same requirements as the covered entities they work with
• Includes encryption standards for patient data
• BA is a person or entity that provides services to or on behalf of a covered provider and in the course of providing services, has access to protected health information
• BA may include professional service providers, e.g. attorneys, accountants, marketers or software vendors
• May also include cleaning services, repairman, landlords if records are not secured
• Penalties per violation range from $100 to $50,000, with a maximum of $1.5 million – may also include significant prison terms
HIPAA – Business Associates (BA)
39
• Issues that will lead to investigation include:
– Impermissible uses and disclosures of protected health information (PHI)
– Lack of safeguards of PHI
– Lack of patient access to their PHI
– Uses or disclosures of more than the minimum necessary PHI
– Lack of administrative safeguards of electronic PHI
HIPAA
41
• There are now health care fraud offenses related to money laundering
• Attorney General may issue subpoenas for documents in connection with the investigation of any health care offense
• HIPAA authorizes the freezing of assets and forfeiture of real and personal property derived both directly and indirectly from the commission of the offense
•
Civil penalty provisions have been extended under HIPAA
including:
– Civil money penalties for those who influence individuals eligible for Medicare or Medicaid
– Unlike the anti-kickback statute, this provision does not require the government to establish intent; it provides that the offerer knew or should have known that the offering would influence the individual’s decision
HIPAA – Civil Penalty Provisions
43
• Finally, to encourage more qui tam actions the Secretary of HHS under HIPAA, is authorized to pay a reward to any individual who reports information that leads to the imposition of penalties under any health care fraud and abuse provisions (other than the anti-kickback statute)
45 • Former nursing assistant at Emerald Garden
skilled nursing facility in Clearwater, FL was sentenced to three years in prison and fined $12,000 in October 2013 for stealing and selling patient information
– Denetria Barnes and another individual
worked together to obtain patient data from Emerald Garden and Tampa General Hospital
– Undercover law enforcement officers purchased some of the information and discovered a trash barrel filled with data
– Even though the scheme produced very little financial gain, federal prosecutors sought stiff penalties and described the defendant as symbolic of an increasingly common type of criminal
HIPAA Criminal Enforcement
• OIG may exclude providers from participation in Federal health care programs
• Two categories of exclusions
– Mandatory exclusions – imposed on the basis of convictions for
• Medicare or Medicaid fraud
• Patient abuse or neglect
• Felony convictions for other health-care-related fraud, theft, or financial misconduct
• Felony convictions for unlawful manufacture, distribution, prescription,
47
– Permissive exclusions – based on sanctions by other agencies, such as state medical boards or misconduct including defaulting on health education loans or providing unnecessary or substandard care
• Excluded physicians may not bill Medicare or Medicaid, nor may their services be billed indirectly through an employer or group practice
• Employers are responsible for screening professionals and staff for exclusion status
Exclusion Statute
• OIG may seek civil monetary penalties for a wide variety of abusive conduct, including presenting a claim that is false or fraudulent because it is for a medically unnecessary procedure
• OIG may also impose penalties for violating the Medicare assignment agreement by overcharging or double billing Medicare patients
49
• Examples of misconduct include
– Violating FCA or Anti-kickback Statute
– Violating Medicare physician agreement
– Providing false or misleading information expected to influence a decision to discharge
– Failing to provide adequate medical screening for patients who present to a hospital emergency department with an emergency medical condition or in labor
– Making false statements or misrepresentations on
applications or contracts to participate in Federal health care programs
Civil Monetary Penalties Law
51
• Four compelling reasons to implement a compliance program
– Health Care Industry is a major enforcement priority for the Department of Justice (DOJ)
– Under the U.S. Sentencing Guidelines, a company that has an effective compliance program in place may be afforded a significant reduction in penalty
– An effective compliance program will provide multiple channels of communication, which should increase a company’s chances of addressing problems before they spark a qui tam lawsuit
– The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has enormous enforcement implications for the health care industry
Compliance Programs
• Seven components that provide a solid basis to create a
compliance program:
– Conduct internal auditing and monitoring
– Implement compliance and practice standards
– Designate a compliance officer or contact
– Conduct appropriate training and education
– Respond appropriately to detected offenses and develop corrective action
– Develop open lines of communication with employees
– Enforce disciplinary standards through well-publicized guidelines
53 • Patient Protection and Affordable Care Act of 2010 requires physicians
who treat Medicare and Medicaid patients to establish a compliance program
– Requires drug, device, and biologic companies to publicly report nearly all gifts or payments they make to physicians
Compliance Programs
• Reporting potential issues
– If evidence of misconduct from any source is discovered and it is believed the misconduct may violate criminal, civil or administrative law, the physician has a duty to report to the appropriate Federal and State authorities in a reasonable period, but not longer than 60 days
55