On April 6, 2018, the U.S. Department of Health and Human Services (“HHS”) and the Department of Justice (“DOJ”) released the Health Care Fraud and Abuse Control Program (the “Program”) Report for Fiscal Year 2017 (the “Report”), which details the comprehensive efforts to combat fraud and abuse against health plans during the previous fiscal year and the associated actions and recoveries associated with such efforts. Although many providers are familiar with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) for its privacy and security elements, HIPAA also strengthened the Program under the dual direction of the Attorney General and the Secretary of HHS (acting through the HHS Inspector General) (the “Secretary”), to coordinate federal, state and local law enforcement activities to create an expansive program to combat health care fraud and abuse.
The Report details that the Program, through the Attorney General and Secretary, is designed to:
1. To coordinate federal, state and local law enforcement efforts relating to health care fraud and abuse with respect to health plans;
2. To conduct investigations, audits, inspections, and evaluations relating to the delivery of and payment for health care in the United States;
3. To facilitate enforcement of all applicable remedies for such fraud; and
4. To provide education and guidance regarding complying with current health care law.
Thus, The Report demonstrates the government’s proactive pursuit of expending resources to identify fraud and abuse and recover Medicare Trust Funds. In fact, the Report is the twenty-first (21st) report that has been issued since 1996. In fiscal year 2017, the Program expended approximately $1 billion and recovered $2.6 billion (which was returned to the federal government or returned to private persons). In fiscal year 2016, the Program expended approximately $963 million and recovered approximately $3.3 billion. Comparatively, from fiscal year 2016 to fiscal year 2017, the Program increased expenditures by approximately 4%, but recoveries decreased by over 20%. However, although expenditures slightly increased, and recoveries decreased from fiscal year 2016 to fiscal year 2017, some fluctuation can be attributed to the timing of recoveries (as some cases take years to investigate and resolve). Given these fluctuations, the overall return on investment (“ROI”) is analyzed over a rolling three (3) year average. The Program, over the last three (3) years (i.e., 2015-2017), returned $4.20 for every $1.00 expended.
In addition to the financial recoveries identified above, the Report details that the DOJ and HHS’ Office of Inspector General (“HHS-OIG”) conducted the following enforcement actions in fiscal year 2017:
- The DOJ opened 967 new criminal health care fraud investigations;
- Federal prosecutors filed criminal charges in 439 cases (involving 720 defendants);
- 639 defendants were convicted of health care fraud-related crimes;
- The DOJ opened 948 new civil health care fraud investigations (1,086 civil health care fraud matters were pending at the end of fiscal year 2017);
- The FBI investigative efforts resulted in over 674 operational disruptions of criminal fraud organizations (and the disrupted more than 148 health care fraud criminal enterprises);
- HHS-OIG conducted investigations that resulted in:
- 788 criminal actions against individual and entities that engaged in crimes related to Medicare and Medicaid; and
- 818 civil actions, which include false claims and unjust-enrichment lawsuits filed in federal district court, civil monetary penalties (CMP) settlements, and administrative recoveries related to provider self-disclosure matters;
- HHS-OIG excluded 3,244 individuals and entities from participation in Medicare, Medicaid, and other federal health care programs.
As detailed above, the government expends great financial and other investigative and prosecutorial resources to recoup funds that were inappropriately paid to providers/suppliers and to prevent fraud, waste and abuse. In connection with such efforts, the government utilizes various resources and strategies, such as (but not by way of limitation) the Health Care Fraud Prevention and Enforcement Action Team (“HEAT”), Healthcare Fraud Prevention Partnership (“HFPP”) (which is CMS’ partnership among government and state agencies, law enforcement, private payors, employer organizations, and anti-fraud associations to exchange data to improve efforts to mitigate fraud, waste, and abuse), the Medicare Fraud Strike Force (which combines investigators and prosecutors whom focus on egregious offenders in regions that have high concentrations of fraudulent activities)(it should be noted that a Strike Force uses data analytics to identify billing practices (compared to industry trends) to identify suspicious billing patterns and a Strike Force operates in Detroit due to the fact that the Detroit area is considered a healthcare fraud hot spot), and the newly created Opioid Fraud and Abuse Detection Unit (which is a new DOJ program that focuses on opioid-related health care fraud (and among other locations, the Eastern District of Michigan is an area of focus for the Opioid Fraud and Abuse Detection Unit), in addition to numerous other investigative and prosecutorial resources.
The Report is a helpful reminder to health care providers that, although health care is clinical in nature, health care is a highly-regulated industry, and providers and suppliers must comply with applicable laws. In connection therewith, health care business and operational relationships must be analyzed for compliance with applicable laws and regulations (some of which have intent-based elements while other laws can be violated without an intent requirement). Although many physicians (and their physician groups) understand that physician groups should implement a compliance program, some physicians remain unaware that the Patient Protection and Affordable Care Act of 2010, as amended by the Health Care and Education Reconciliation Act of 2010 (collectively, the “Affordable Care Act”) requires providers to establish a compliance program as a condition of enrollment. The Office of Inspector General and Centers for Medicare & Medicaid Services expect physician practices to implement a compliance program and view the implementation of a robust compliance program as a baseline tool to help identify and mitigate the risk or improper conduct. Thus, physician practices are well advised to implement an effective and customized compliance program (if a compliance program is not already implemented). Failure to have an effective compliance program can be viewed unfavorably.
Given the fact that the government proactively analyzes internal and coordinated data to determine trends and investigates other sources of information related to alleged misconduct, payments, and arrangements, physician practices should consider whether the practice has invested sufficient attention to overall compliance. Simply having a template compliance program (that was downloaded off the internet) will likely be viewed unfavorably (in the event of an audit or investigation) and demonstrate the practice’s lack of commitment to compliance. Moreover, a compliance program that does not reflect the practice’s actual operations will demonstrate that the practice merely implemented a template plan. An effective and custom-tailored compliance program can help the practice mitigate the risk of fraud and abuse. It should be noted that compliance programs are scalable, and not all organizations will require the same compliance program.
Health care is a complex, highly-regulated industry, that implicates many different laws. A custom-tailored and effective compliance program is the foundation upon which the practice’s compliance operations should be built. Additionally, all current and future business relationships should be analyzed by health care counsel for compliance with applicable federal and state laws.
This bulletin is for general informational purposes only, and does not constitute legal advice.