The U.S. Department of Justice (DOJ) recently announced a rare criminal indictment involving the Medicare Advantage program—a contrast from DOJ's more typical use of its civil enforcement authority to pursue similar issues under the False Claims Act. The indictment alleges that from 2015 to 2020 a former employee of a Florida company that administers Medicare Advantage plans falsified, and caused others to falsify, diagnoses that were submitted to the Centers for Medicare and Medicaid Services (CMS) and that resulted in millions of dollars in overpayments. This indictment comes as the DOJ has pledged to increase investigations related to fraud involving Medicare Advantage plans. Notably, consistent with the DOJ's recent pronouncements regarding self-disclosure, cooperation, and remediation, the DOJ declined to prosecute the former employee's company, HealthSun Health Plans, Inc. ("HealthSun").

Medicare Advantage

The alleged fraud in this case concerns false information that was the basis for payment to HealthSun's Medicare Advantage plans. The Medicare Advantage program (also known as Medicare Part C) allows seniors to receive their Medicare benefits by enrolling in private health care plans. In exchange for managing these beneficiaries' care, CMS prospectively pays plans a monthly amount for each enrollee. These monthly per-member payments to each plan are adjusted based on its enrollees' age, gender, and health status—a process known as "risk adjustment." To determine plan enrollees' health status, CMS relies on diagnoses reported from patient encounters. Those diagnoses are reported to CMS using a standard set of codes that trained medical coders assign based on the conditions documented by the provider in the medical record for the patient's visit. In short, Medicare Advantage plans receive more money for sicker patients who present a higher risk of greater future health care expenditures, and conversely, plans receive less money for healthier patients who present lower risk.

The Indictment

The indictment filed on October 26 accuses Kenia Valle Boza, a certified coder and former Director of Medicare Risk Adjustment Analytics at HealthSun, of participating in a scheme to defraud Medicare by falsifying diagnoses that were submitted to CMS and triggered higher risk-adjustment payments to HealthSun's Medicare Advantage plans. In particular, the government alleges that in 2015, Boza and other coders began falsely diagnosing Medicare Advantage plan members with various chronic risk-adjusting conditions that were not diagnosed by the doctors who saw the members. At the time, Boza and the other coders were working for Pasteur, a company that operates a chain of medical centers. They allegedly continued this scheme when HealthSun acquired Pasteur in 2016, causing CMS to overpay HealthSun millions of dollars. Boza and her co-conspirators carried out the scheme in part by obtaining Pasteur physicians' credentials to fraudulently add conditions to the members' electronic medical records days or weeks after the member was seen. CMS then relied on the codes for these fraudulent diagnoses to increase HealthSun's risk-adjustment payments. Boza was indicted on six related charges: one count of conspiracy to commit health care fraud and wire fraud, two counts of wire fraud, and three counts of major fraud against the United States government. Those charges carry potential penalties of decades in prison.

Declination to Prosecute HealthSun

One day after issuing its indictment against Ms. Boza, the DOJ announced it had declined to prosecute HealthSun and its parent company, citing the Criminal Division's newly revised Corporate Enforcement and Voluntary Self-Disclosure Policy. The revised policy is aimed at incentivizing companies to develop and maintain robust corporate compliance programs, to swiftly and voluntarily self-disclose suspected corporate misconduct, to cooperate fully with government investigations, and to take timely and appropriate remedial measures.

In its declination letter, DOJ explained that its decision was based on:

  1. the timely and voluntary self-disclosure of the misconduct;
  2. HealthSun's full and proactive cooperation in the matter and its ongoing agreement to cooperate with any related government investigations and any future prosecutions;
  3. the nature and seriousness of the offense;
  4. timely and appropriate remediation, including the termination of employees who were involved in the misconduct, reporting and correcting the false and fraudulent information submitted to CMS, and substantially improving their compliance program and internal controls; and
  5. the immediate return of the estimated $53 million overpayment HealthSun received as a result of the scheme.


The DOJ has rarely pursued criminal charges for fraud involving Medicare Advantage. Instead, the DOJ has historically relied on its civil enforcement authority under the False Claims Act to investigate and litigate potential fraud involving diagnosis codes submitted for payment by Medicare Advantage organizations. The last time DOJ appears to have filed criminal charges for similarly egregious conduct involving Medicare Advantage was in 2016, when a doctor pled guilty to fraudulently misdiagnosing over 300 patients with a spinal disorder in pursuit of higher capitation fees from the Medicare Advantage plan. He was sentenced to 46 months in prison and ordered to pay approximately $2.1 million in restitution.

While the gravity of the underlying allegations in this case may have contributed to DOJ's decision to charge Boza criminally, this indictment is a reminder that DOJ is able—and willing when it deems necessary—to bring criminal charges for fraud against those who participate in the Medicare Advantage program. Indeed, the DOJ has said recently that it will increase the number of investigations into Medicare Advantage fraud. Heightened scrutiny may result in additional criminal prosecutions of individuals and even companies alongside increased affirmative civil enforcement.

HealthSun is also the latest example of a company benefitting from declination under the DOJ's public commitment to providing incentives for voluntary self-disclosure and swift remediation. Corporations that proactively disclose employee misconduct and demonstrate extraordinary cooperation with the government in criminal enforcement matters stand to benefit from the Criminal Division's Corporate Enforcement and Voluntary Self-Disclosure Policy, which was revised earlier this year, as well as the DOJ's Voluntary Self-Disclosure Policy, which was issued in February and applies to U.S. Attorney's Offices nationwide. These policies encourage companies to self-disclose misconduct, maintain effective compliance programs to detect and ameliorate misconduct, and cooperate fully with any ensuing criminal investigations. Both policies specify that a disclosure must be truly voluntary and timely—in other words, it must be made in the absence of a preexisting duty to disclose the conduct and before the misconduct is publicly recorded, before an imminent threat of disclosure or investigation, and within a reasonably prompt time after the company becomes aware of the misconduct. The Criminal Division's Corporate Enforcement and Voluntary Self-Disclosure Policy provides additional guidance for companies that hope to earn cooperation credit.

The decision not to prosecute HealthSun after indicting Boza underscores the DOJ's commitment to promoting corporate self-disclosure, even as the DOJ targets fraud involving Medicare Advantage organizations and renews its focus on combating corporate misconduct by holding individuals accountable. Together, they signal the importance of functioning compliance programs and the ability to detect and address potential risks to the company, including employee misconduct, promptly and effectively.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.