In response to an uptick in fraudsters adapting known healthcare and health-insurance fraud schemes to take advantage of the COVID-19 pandemic, last week the Financial Crime Enforcement Network (FinCEN) issued an advisory (the Advisory) identifying red flags to assist financial institutions detect, prevent, and report potentially fraudulent transactions. The Advisory emphasizes that financial institutions are positioned to spot claims for unnecessary services, dishonest billing practices, kickback payments, technological and telehealth fraud connected to COVID-19 care, false applications for federal relief funds, and identity theft.

FinCEN illustrates the Advisory's red flags list with two case studies representative of the types of fraud currently conducted in the industry. In the first, two New York pharmacy owners were indicted for a sophisticated healthcare fraud and money-laundering operation to the tune of $30 million. The indictment alleged that the owners deceptively arranged to obtain pharmacy licenses and claimed millions of dollars in Medicare funds by using COVID-19 emergency override billing codes. They then purportedly grew the sham operations into an overseas money-laundering conspiracy. In the second, the president of a California-based medical technology company allegedly paid kickbacks for unnecessary allergy tests, later abusing the current health crisis by bundling those tests with COVID-19 testing. The president of the company faces additional charges for making false claims to investors regarding the company's ability to provide effective and cheap COVID-19 tests.

FinCEN identifies several red flags that financial institutions should watch out for. These red flags can be grouped into four general buckets:

  1. Unnecessary medical services or billing schemes. These flags include instances in which healthcare service providers continue to receive normal payments even when activity should have diminished during the public-health emergency (e.g., a non-emergency medical transport company receiving higher-than-expected payments during stay-at-home orders). The same is true for healthcare service provider accounts that receive payments beyond the expected amount of a given service (e.g., processing COVID-19 tests when the facility does not offer diagnostic services, or only employs a few medical personnel). And as always, any transactions that may be unusual for a healthcare provider's business account, like payments for personal or medically irrelevant expenses, are red flags.
  2. Potentially fraudulent businesses. Financial institutions should be on alert if personal or business accounts suddenly started receiving steep increases in healthcare benefit programs or health-insurance payments after the COVID-19 pandemic was declared a public-health emergency. Similarly, the absence of small-dollar check deposits or payments from merchant-fee servicers might be a sign that patients are not actually making copayments, which in turn signals an absence of legitimate business activity. Other signs to beware include if the physical location of a medical facility that receives reimbursements for COVID-19-related funds does not exist, is a residential or commercial address, or is located far from the physical location of the majority of its patients; or if laboratories, healthcare service providers, or personnel receiving such benefits or payments have a minimal internet presence that only dates to after the COVID-19 public-health emergency was declared.
  3. Kickbacks and money laundering. Signs that kickbacks may be occurring include if a healthcare service provider's account starts showing overly complex, medically related transactions involving multiple parties. Another is if an account starts making frequent or unusually large payments and recording them as advertising or marketing expenses. Recurring round-dollar payments to one or multiple individuals in a manner inconsistent with their normal payroll withdrawals are often highly suspicious, particularly if they reference "director fees," "consulting fees," "marketing," or "business process outsourcing." Payments from laboratories or healthcare services companies without financial documentation showing the legitimacy of the provided services are also suspicious, especially if the payments are explained as dividends from investments in the laboratory or healthcare services company.
  4. Fraudulently obtaining COVID-19 relief funds. Additional evidence of fraud may include signs that an account that did not previously provide healthcare services, or did once but does no longer, has received or is receiving unexpected or excessive payments apparently connected to the CARES Act's Provider Relief Fund, the Paycheck Protection Program, or the Health Care Enhancement Act. The same is true for an account holder receiving reimbursements from these programs while also receiving COVID-19-related unemployment insurance payments, which is a flag that the account holder may be participating in both healthcare and unemployment insurance fraud.

Financial institutions with questions about the Advisory and these COVID-19-related red flags, or individuals or entities that believe they may have been the victim of fraud, can reach out to the authors or any of their colleagues in Arnold & Porter's White Collar Defense & Investigations practice group.

*Sahrula Kubie contributed to this blog post. Ms. Kubie is a graduate of Yale Law School and is employed at Arnold & Porter's New York office. She is not admitted to the practice of law in New York.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.