Introduction
At the risk of stating the obvious, fighting and prosecuting health care fraud are top priorities for the Federal Government, and the False Claims Act ("FCA") is its weapon of choice in the battle. In a speech in June, Stuart Delery, the Acting Assistant Attorney General for the Department of Justice ("DOJ") Civil Division, stated the DOJ has recovered over $11 billion under the FCA, including over $7.4 billion in health care fraud.1 The Federal Government has a willing and motivated ally: more than 630 qui tam matters were filed with the DOJ, over two-thirds of which allege false claims to government health care programs.2 These numbers represent the greatest number of lawsuits ever filed within a year in the 150-plus year history of the FCA. In only the latest example of the Department's aggressive pursuit of FCA claims, on July 2, 2012, GlaxoSmithKline LLC ("GSK") agreed to pay $3 billion to the Federal Government to settle FCA allegations.
Recent legal developments highlight increased FCA risks for health care providers who receive Medicare and Medicaid payments from the Federal and state governments. The Supreme Court's June 28, 2012, decision upholding the Patient Protection and Affordable Care Act (the "Affordable Care Act" or "ACA") gave the green light for authorities to enforce the ACA provision that makes the failure to timely return Medicare and Medicaid overpayments an FCA violation. Furthermore, for those providers and other entities subject to a Corporate Integrity Agreement ("CIA"), the additional self-auditing requirements and truncated time frames for reporting overpayments can materially compound the risks of FCA liability. For example, in February, the United States Court of Appeals for the Eleventh Circuit's decision in U.S. ex rel. Matheny v. Medco Health Solutions, Inc. again made clear that the failure to repay overpayments in the face of a CIA can give rise to FCA liability.
In light of this rigorous enforcement environment, especially DOJ's focus on the health care industry, providers must ensure that they adopt and implement effective compliance programs aimed at preventing FCA violations, including the timely self-disclosure of overpayments and, as a consequence, avoiding a CIA.
A. The FCA
The FCA3 allows the government and private citizens to bring civil claims against individuals and entities who defraud the government.4 The FCA imposes per-claim penalties of between $5,500 and $11,000 plus treble damages on defendants found to have engaged in fraud.5
The FCA makes it illegal for anyone to knowingly submit a false claim to the government, or cause another to submit a false claim to the government, or to knowingly submit a false record or statement, for the purposes of receiving a payment from the government.6 The FCA also includes a "Reverse False Claim" provision which imposes liability on any person or entity who "knowingly makes, uses, or causes to be made or used, a false record or statement to conceal, avoid, or decrease an obligation to pay or transmit money to the government."7 In other words, "the defendant's action does not result in improper payment by the government to the defendant, but instead results in no payment to the government when a payment is obligated."8
To establish a Reverse False Claim, the DOJ or a qui tam relator must prove the following elements:
1. A false record or statement;
2. The defendant's knowledge of the falsity;
3. The defendant's purpose - to conceal, avoid, or decrease an obligation to pay money to the government - i.e., a duty to disclose created by statute, regulation, contract, judgment, or acknowledgment of debt to the government that defendant attempted to avoid;9 and
4. The materiality of the misrepresentation.10
B. The "Report and Refund Mandate" Provision of The Affordable Care Act
On June 28, 2012, the United States Supreme Court upheld much of the Affordable Care Act, including its most controversial provision: the Individual Mandate. In upholding the statute, however, the Court also did not disturb the "Report and Refund Mandate" embedded in the ACA.
This provision places an affirmative duty on any provider or other entity that has received a Medicare or Medicaid overpayment to report and return the overpayment as well as notify the governmental payor of the reason for the overpayment. A provider has a window of 60 days to selfreport an overpayment from the date the overpayment is "identified."
The 60-day Report and Refund Mandate is also linked to the Reverse False Claims provision through the Affordable Care Act. A Medicare or Medicaid overpayment retained by a provider for 60 days or more becomes an "obligation" under the FCA. In other words, if a provider fails to report and return an overpayment within the 60-day time frame, that provider becomes potentially liable under the FCA for avoiding an obligation to the government under a Reverse False Claims theory.
Notably, liability attaches regardless of whether the initial overpayment was the result of an intentional false claim or an innocent mistake. In other words, the overpayment may have been the result of an innocent mistake in the billing process, not fraud. But once the provider knows of or discovers the mistake, the 60-day deadline is triggered.
What is more, "knowing" does not necessarily mean actual knowledge, but can include the "reckless disregard" or the "deliberate ignorance" of a mistake that resulted in the overpayment. Citing this broader standard, the Centers for Medicare and Medicaid Services of the U.S. Health and Human Services ("CMS"), in its proposed rule promulgated February 16, 2012, indicates that when a provider receives information about a potential overpayment, due to mistake or otherwise, the provider is expected to make "reasonable inquiry" - "with all deliberate speed" âÆ' to ascertain whether it was in fact overpaid. In this way, the Refund and Report Mandate equates "knowledge," as broadly defined, of even a mistaken bill if not reported within 60 days, with an actual fraudulent bill, making even the innocent receipt of an overpayment a potential FCA violation.
C. Corporate Integrity Agreements
A CIA is an agreement negotiated between the U.S. Department of Health and Human Services Office of Inspector General ("OIG") and a health care provider as part of a settlement of a federal health care program investigation. A CIA is often required when the Federal Government believes that a health care provider has engaged in fraudulent or abusive practices. A CIA typically remains in effect for 5 years. Over 250 entities are currently operating under CIAs, including providers, pharmaceutical manufacturers, and durable medical equipment suppliers.
Under a CIA, the entity agrees to comply with provisions aimed at remedying the issues that prompted investigation as well as preventing fraudulent behavior from occurring in the future. Obligations in CIAs can include the following:
1. Appointing a compliance officer and a compliance committee which typically consists of the Chief Compliance Officer and other members of senior management;
2. Preparing and implementing specific standards and policies of compliance;
3. Implementing comprehensive employee training, especially in billing and reimbursement;
4. Engaging an independent review organization ("IRO") to conduct annual reviews;
5. Establishing a procedure for employees to anonymously report fraudulent activities;
6. Ensuring that employees are not "ineligible persons," i.e., currently excluded, debarred, suspended, or otherwise ineligible to participate in federal health care programs, as well as those convicted of certain criminal offenses;
7. Reporting to the government, including the primary regulatory agency, adverse events and ongoing investigations within a certain time frame after identification;
8. Providing implementation and annual reports certifying the provider's state of compliance; and
9. Expressly imposing on the provider's Board or Audit Committee the affirmative duty to make "reasonable inquiry" into the provider's compliance with the CIA and to provide a certification as to the effectiveness of the company's compliance program.
Overpayments. CIAs also frequently contain another provision that presents a substantial FCA risk - the requirement that a provider report overpayments to the OIG within a short time frame after identification (a "CIA Overpayment Provision").
Earlier this year, the U.S. Court of Appeals for the Eleventh Circuit again made clear that the failure to comply with a CIA Overpayment Provision can give rise to FCA liability. U.S. ex rel. Matheny v. Medco Health Solutions, Inc. In Medco, the FCA qui tam relators (plaintiffs) were former employees of Medco subsidiaries who alleged that defendants had concealed overpayments by Medicare, Medicaid, and other federal health care programs, in violation of a CIA. According to the relators, the defendants hid the overpayments in several ways, including attributing the payments to bogus patient accounts. The district court dismissed the relators' complaint, finding that they failed "to establish the existence of an obligation that was knowingly unpaid." Relying on the CIA Overpayment Provision, however, the Court of Appeals reversed the dismissal, reasoning that the "Complaint contains detailed allegations relating to the Defendants' contractual obligation to identify, report, and remit excess government money in accordance with the CIA's instructions." The Court also explained that FCA liability could arise when the defendant submits to the OIG a false "Certificate of Compliance" with the CIA, in turn premised on the failure to comply with the CIA Overpayment Provision, as relators had alleged. That is, the certification, if shown to be false, could serve as an additional basis for a Reverse False Claim.
The Twain Shall Meet. Notably, there are important parallels as well as distinctions between the Report and Refund Mandate in the Affordable Care Act and the reporting requirements imposed by CIAs. Beginning with some of the differences, the over 250 health care providers that are currently operating under CIAs must comply with even more stringent self-reporting deadlines than 60 days. Although varied from CIA to CIA, some CIAs require repayment to the payor to be made within 30 days of identification âÆ' half the time frame allotted by the Affordable Care Act. A health care provider subject to a CIA is also already subject to enhanced self-auditing and compliance obligations to ferret out potential overpayments. As such, those providers are likely to identify overpayments notwithstanding (or rather because of) the improved compliance processes imposed under the CIA. On the other hand, such self-auditing and compliance requirements can also make it more difficult for providers to challenge whether they possessed the requisite intent under the FCA if they fail to identify overpayments. The providers then have an abbreviated time-frame in which to report once an overpayment is identified in order to avoid exposure to potential FCA liability.
Turning to the parallels, those health care providers who are not under the yoke of a CIA also need to be aware of the adverse consequences that come with the failure to timely report an overpayment. First, the failure to report an overpayment within the 60-day window - now a potential FCA violation âÆ' may raise a "red flag" and prompt an OIG or other agency investigation that could lead the OIG down the path to imposing a CIA, with its more onerous compliance obligations and governmental oversight. Second, the Affordable Care Act has now extended to all Medicare and Medicaid providers the "obligation" to report and refund overpayments, with risks of FCA liability similar to the reporting obligations created contractually by a CIA.
It is also worth noting that many states - including New York - have their own false claims act statutes modeled upon the federal FCA. Additionally, the State False Claims Act Requirements for Increased State Share of Recovery provides a financial incentive for states to enact false claims acts that are just as effective as the federal statute âÆ' a larger percentage or share of damages beyond the State share of Medicaid dollars - recovered in State FCA actions.11 With this incentive, many states have responded by enacting equally or more stringent false claims statutes than their federal counterparts. Thus, health care providers should recognize that they may face additional risk of FCA liability under state law for failing to return overpayments to the Medicaid program.12
D. Health Care Providers Should Be Proactive Against FCA Risks
The FCA is a powerful and aggressively enforced weapon in the government's arsenal for fighting fraud and abuse. The FCA now has even greater reach under the Affordable Care Act to include the untimely reporting and refunding of overpayments. Thus, health care providers should carefully assess their compliance programs to ensure they meet the required elements and components, and mitigate the risk of an FCA violation as well as the risk of the imposition of a CIA - with its even greater risks of FCA liability for untimely self-disclosures.
Some of the steps providers can take include -
1. Making sure they have an adequate compliance infrastructure, with a Compliance Officer and Compliance Committee responsible for developing, operating, and monitoring a compliance program, and a direct report to the provider's governing body and CEO periodically and on an as-needed basis;
2. Developing and distributing written compliance standards, procedures, and practices to guide employees on a day-to-day basis;
3. Implementing robust training and education on the importance of compliance and the prevention of fraud as well the provider's standards of conduct, Medicare and Medicare billing requirements, and proper documentation;
4. Incorporating compliance as an element or factor in the performance evaluation of employees;
5. Establishing effective lines of communications between the Compliance Officer and Committee and employees, and implementing procedures through which employees can anonymously report suspected overpayments, fraud, and other non-compliance, both internally and externally;
6. Establishing and implementing a system for routine identification of compliance risk areas such as the untimely reporting and refunding of overpayments;
7. Establishing and implementing a system that directly responds to compliance or billing issues as they are raised through prompt investigation, corrective measures, and the prevention of the recurrence of compliance issues;
8. Fostering a culture of compliance, starting at the executive suite, that includes policies that encourage good faith participation in the compliance program, as well as non-intimidation and non-retaliation, and that metes out discipline for those employees who violate compliance policies and procedures; and
9. Routinely assessing the effectiveness of the compliance program as a whole, including how it performs in practice to monitor the provider's day-to-day operations. If a provider discovers a potential failure to report and refund an overpayment or other FCA violation, providers should consider a number of steps (besides making prompt self-disclosure), including:
1. Carefully assessing any whistleblower risk;
2. Preserving and collecting any relevant documents or other materials;
3. Conducting an internal review to examine the full scope of the problem (such an internal review should be conducted by counsel to preserve the attorney-client privilege to the maximum extent possible);
4. Recognizing the possibility that an FCA issue presents both potential civil and criminal enforcement exposure and developing a strategy in light of such risks;
5. Considering challenges presented by historical conduct, including the role of employees who are no longer employed at the provider; and
6. Considering a public relations strategy in the event the allegations become public.
Footnotes
* Stephanie Maron, a 2012 Cadwalader summer associate, is a contributing author of this memo.
1 Stuart F. Delery, Assistant Att'y Gen., Address at the Am. Bar Association's Ninth Nat'l Inst. on the Civ. False Claims and Qui Tam Enforcement (June 7, 2012).
2 Id.
3 False Claims, 31 U.S.C. §§ 3729-3733.
4 Id. at § 3730.
5 Id. at § 3730.
6 Id. at §§ 3729(a)(1)(A), (B).
7 Id.
8 U.S. ex rel. Bain v. Ga. Gulf Corp., 386 F.3d 648, 653 (5th Cir. 2004).
9See U.S. v. Bourseau, 531 F.3d 1159, 1169 (9th Cir. 2008).
10 False Claims, 31 U.S.C. § 3729(a)(7).
11 State False Claims Act Requirements for Increased State Share of Recoveries, 42 U.S.C. § 1396H.
12 U.S. v. Dialysis Clinic, Inc., 2011 U.S. Dist. LEXIS 4862, 63 (N.D.N.Y. Jan. 19, 2011); U.S. ex rel. Lockyer v. Haw. Pac. Health, 490 F. Supp. 2d 1062, 1072 (D. Haw. 2007).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
