Healthcare investigations and enforcement trends

No industry is more acquainted with the concept of "compliance" than the healthcare industry… probably because no other industry is more bombarded by whistleblower complaints, payer audits or government inquiries. Even providers making good faith judgment calls may find themselves subjected to costly government inquiries by regulators armed with statutes providing draconian monetary, exclusion or even criminal penalties. Often, rather than recognize the critical importance of providers, government regulators and whistleblowers skeptically second-guess them and speculate that providers bilk the system for financial gain. Still, compliance guidance from the US Department of Justice (DOJ) remains opaque and even the well-intentioned become ensnared in the web of regulatory complexity. However, in welcome news for healthcare providers, the courts appear to be raising the bar for enforcement actions, both criminal and civil, involving providers.

As we turn the page to 2023, here are a couple of important developments that providers should consider in operationalizing and updating their compliance programs.

Compliance guidance from the DOJ: Too much stick and not enough carrot

This fall, the DOJ updated its guidance for corporate compliance programs, but it still presents too much stick and not enough carrot. Critically, it shows waning patience for ineffective (in its view) compliance programs. For providers looking to tighten their compliance program, we suggest the following "big picture" points be addressed:

• Incentivize compliance. Make compliance a part of performance reviews (and compensation/bonus structures). Disincentivize compliance risks through clawback agreements and negative performance reviews, especially executives and sales staff.
• Integrate compliance. Compliance programs must be integrated into the provider's structure. Undercapitalized, siloed, voiceless programs will not cut it. A paper-only policy without executive buy-in and proper tone-at-the-top will not be persuasive. Part of this integration is the organization's ability to quickly collect corporate records, including emails, instant messages and texts, to facilitate internal investigations and government inquiry responses. Impediments here will be viewed as impediments to compliance.
• Identify compliance shortfalls. Where compliance failures are identified, the DOJ demands timely self-reporting, cooperation and identification of responsible individuals. (Nevertheless, the decision to self-report is never simple and remains fraught with penalties wielded by government agents with 20/20 hindsight.)

The Courts: Raising the bar for enforcement actions

We are increasingly seeing federal appellate courts (and, hopefully, as a result, federal district courts) paying closer attention to the actual intent of providers, which should help to insulate most good faith actors from criminal accusations and civil False Claims Act (FCA) liability. A few recent cases are worth mentioning here:

"We expect, and indeed usually want, doctors to prescribe the medications that their patients need"

Earlier in 2022, the US Supreme Court in Ruan v. US overruled the criminal convictions of two physicians who prescribed large amounts of opioids to patients who didn't need them. Importantly, the Supreme Court concluded that the standards used to convict the physicians were too loose. Now, with regard to prosecutions under the Controlled Substances Act, the government must go beyond simply showing that no reasonable physician would have so prescribed those drugs but must now prove beyond a reasonable doubt that a physician had the subjective intent to prescribe drugs that had no genuine medical necessity.

"Causation … must be proven, not presumed"

In a ruling that sent shockwaves through the FCA practitioner community in 2022, the Eighth Circuit Court of Appeals reversed a jury verdict and FCA judgment against a neurosurgeon and other providers because the liability standards were overly broad. In Cairns, it was held that FCA cases based upon Anti-Kickback Statute (AKS) violations require that government prove kickbacks were the "but for" cause of the offending claims, not that the claims were "tainted" by kickbacks that did not cause the claims. In other words, it's not enough for the government to prove that kickbacks may have been a contributing factor to the falsity of claims; rather, the kickbacks must have caused the false claims. Where accepted by other courts, the Cairns decision narrows the scope of the FCA's application and requires stricter evidence from the government and/or qui tam whistleblowers that an FCA violation didn't simply taint the provider's claims but actually caused them to be false.

"Everyone knew" is not enough

Ruan and Cairns are reminiscent of the Fifth Circuit Court of Appeals' Nora decision overruling the healthcare fraud and AKS convictions of an office manager and requiring more than mere "speculation" or conclusory testimony that "everyone knew" about the misconduct.

Providers without "corrupt intent" should be spared from enforcement

And all of these cases foreshadow Pfizer's current attempt to have the US Supreme Court require proof of "corrupt intent" for any violation of the AKS, criminal or civil, in Pfizer Inc. v. US Department of Health and Human Services. The briefing in Pfizer's appeal presents compelling points to clarify the seemingly amorphous and standardless enforcement of the AKS by heightening the proof required of the government (and qui tam whistleblowers).

Providers deserve certainty in law and regulation, not enforcement via imprecise, vague standards or the use of hired experts to second-guess otherwise valid provider decisions or conduct. Hopefully, this trend will continue.

In conclusion

Norton Rose Fulbright's Healthcare Investigations group helps providers engage with government investigators (and whistleblowers) effectively and efficiently. Sometimes, an issue can be concluded with an early, proactive engagement to address misconceptions. On the other end of the spectrum, where litigation and potentially a trial is necessary, no one presents a better team of former government attorneys and trial lawyers, including a former federal healthcare fraud prosecutor and a former attorney for the US Department of Health and Human Services. Please let us know if we can help.

Contacts

Jay Dewald is Norton Rose Fulbright's Head of Healthcare Investigations. He is a former management-level federal prosecutor and Health Care Fraud Coordinator where he led the rollout of Dallas' Medicare Fraud Strike Force, also known as the Healthcare Fraud Prevention and Enforcement Action Team (HEAT)—a partnership between the US Attorney's Office, the Department of Justice's Fraud Section, the Federal Bureau of Investigation, the US Department of Health and Human Services and the Texas Attorney General's Office's Medicaid Fraud Control Unit. His practice is focused on government investigations, crisis management, internal investigations, whistleblower/qui tam lawsuits and trial work.

Jeff Wurzburg previously served as an attorney in the US Department of Health and Human Services Office of the General Counsel in Washington, DC, where he advised the Centers for Medicare & Medicaid Services and the Center for Medicare and Medicaid Innovation regarding Affordable Care Act regulations and innovative healthcare payment and service delivery models. He regularly advises clients on federal healthcare program reimbursement, compliance, state and federal fraud and abuse laws, government investigations, delivery system reform, reimbursement, telehealth, licensure and COVID-19.