2024 U.S. Health Care Fraud, Waste & Abuse Trends (Part III): Enforcement Actions

April 2, 2024
28:36 minutes

In this third and final installment of Ropes & Gray’s three-part podcast series exploring recent regulatory, compliance, and enforcement developments in the fraud, waste, and abuse space and the potential implications for health care and life science companies in 2024, health care partners Devin Cohen and Michael Lampert reunite with litigation & enforcement partner Andrew O’Connor for a conversation on key enforcement developments concerning the Medicare Advantage (“MA”) program, as well as the Department of Justice’s (“DOJ’s”) current enforcement trends regarding providers, labs, and electronic health record (“EHR”) companies. Additionally, their discussion covers two recent Supreme Court cases under the False Claims Act (“FCA”) and explores their potential impact on the health care industry moving forward.


Devin Cohen: Hello, and welcome to today’s podcast—part three of this three-part series reviewing recent developments in fraud, waste, and abuse. My name is Devin Cohen, and I’m a partner in Ropes & Gray’s health care practice group. My practice includes a broad range of regulatory and transactional matters, with a focus on insurance requirements and payor-provider alignment. With me today are Michael Lampert and Andrew O’Connor, both who are partners at Ropes & Gray. Michael is a partner in the health care practice group, whose work centers around providing strategic, regulatory, and transactional advice to clients in all sectors of the health care industry, and co-heads our Chambers Band 1-Ranked False Claims Act (“FCA”) practice. Andrew helps lead the health care and life sciences industry group, and with Michael, co-heads that False Claims Act practice, and he focuses on the high-stakes litigation and investigations area in the health care and life sciences space. I’m excited to get both of their inputs today on some important enforcement topics.

As I mentioned in our introduction, this podcast is the third installment in a series focused on reviewing recent developments in fraud and abuse. The first program focused on recent U.S. Department of Health and Human Services Office of Inspector General (“HHS-OIG”) advisory opinions relating to patient inducements. In the second program, we discussed advisory opinions reviewing clinical laboratory arrangements. Today, we will be discussing enforcement trends, specifically, Department of Justice (“DOJ”) settlements involving fraud, waste, and abuse concerns. Let’s dive in.

Andrew O’Connor: In terms of enforcement actions, we saw DOJ continue its focus on the False Claims Act and Anti-Kickback Statute (“AKS”). We saw some old-school kickback cases involving entertainment events and tickets, but some new and more subtle theories as well. One of the things we wanted to flag is DOJ’s expansion beyond some of the more traditional providers, pharmaceutical, and med device company cases to cases that target vendors and other third parties that are involved in the provision of care, but don’t necessarily fit the historical mold as targets of an FCA case. Just to take one example from late in 2023, BioTelemetry settled a case for $14.7 million. They’re a company that deals with cardiac monitoring, and one of the allegations was actually that their website or their portal for physicians led providers to prescribe a higher degree of monitoring than maybe that provider actually wanted to have, and that allegedly led to false claims on the government. This is one of a series of several cases we’ve seen involving electronic health records (“EHR”) and practice support systems that the government alleged didn’t submit itself false claims but caused providers to submit false claims.

Devin Cohen: We’ve also really seen trends on those same themes through the year. For example, DOJ entered into a $75 million settlement agreement with a PET scan provider, and another $10.5 million settlement with the company’s founder in connection of allegations that both the company and founder knowingly paid above fair-market value fees to referring cardiologists and compensated services that were never provided. Interestingly, DOJ also criticized in this specific case the fair-market value assessment methodology utilized by the company, emphasizing that the valuation was based on a number of incorrect assumptions given the nature of the work being done, reiterating, as we’re seeing across these cases a question of: “What is the value of the services being rendered?”

Michael Lampert: Andrew, to pick up on what you said and give one example of it, there was a settlement involving NextGen Healthcare—it was one of the EHR technology vendors you had mentioned. It was a really traditional set of facts, if you will—allegations of very basic, banal marketing kickbacks around tickets for sporting and entertainment. Nothing really special there. Over the last couple of years to see that arising, though, in the EHR space, it was a little bit of a surprise to some. It was certainly a development, at any rate, thinking of EHR technology—the technology that goes into hospital health system computers—as being an item or service reimbursable by a federal health care program, and the hospitals’ and health systems’ submission of claims for reimbursement, including meaningful use enhancements, being claims that could be false as a result of alleged kickbacks involving the EHR vendor itself. And so, I think it’s a good illustration, Andrew, of the point that you made—a broader view of items or services that could be reimbursed beyond the traditional view, sweeping in a broader set of defendants on what otherwise may be seen as typical kickback-type scenarios.

Andrew O’Connor: Yes, I think that’s right, Michael. And we’re actually seeing this beyond the FCA space. Last year, the Federal Trade Commission (“FTC”) actually brought its first enforcement action against GoodRx, which is a telemedicine platform and app where patients can go and get coupons and discounts. They brought the case under the Health Breach Notification Rule (“HBNR”), essentially alleging that the company promised users that it would keep their personal and health information secure and confidential, but instead, they shared that information with third-party advertisers. This was not a DOJ action—it was the Federal Trade Commission alleging unfair and deceptive trade practices. But it still led to a $1.5 million penalty, and, I think, fits in with this trend that we’re seeing of the vendors, and, in many cases, technology providers in the health care space, being targeted by enforcement as well.

Devin Cohen: I think that’s right, Andrew. The area where I think all of these stakeholders, vendors, providers, and payors are really focusing increasingly is the Medicare Advantage (“MA”) space and the risk-scoring practices required for Medicare Advantage plans in their first-tier, downstream, and related-entity contractors. We’ll discuss in just a moment two notable health plan settlements here from 2023, but it may be helpful to orient. Medicare Advantage Organizations (“MAOs”) are paid capitated rates to cover expected medical costs of their members. However, a number of payment factors impact the capitation rate, including the sickness or acuity of the plan’s enrollees. Plans are compensated based upon the risk scores attributed to their enrollees, and risk scores are, in turn, based on the medical records compiled in the course of care by the provider network of a given plan. DOJ has focused closely—and as we’ll see from these cases, is really increasingly doing so—on gamesmanship in the risk-scoring process, or alleged gamesmanship, particularly when clinical services are being said not to have been provided or rendered, required, or documented accurately in order to produce higher capitation rates for plans. Coincidentally enough, increasingly, plans are also sharing this benefit with providers who are assuming full risk.

Michael Lampert: Twenty years ago, there were cases we certainly saw around hospitals upcoding–documenting that patients were sicker than they otherwise were, than was supported, to draw down higher reimbursement under the Inpatient Prospective Payment System (“IPPS”). This is the same concept, just moved over into the Medicare Advantage space. Obviously, there’s a financial incentive to document greater acuity—sicker patients, more diagnoses, to be quite specific, to support higher reimbursement coming through the MA program, and that’s an area that, not surprisingly, has gotten scrutiny. Devin, do you want to move to one of the cases?

Devin Cohen: Absolutely—let’s start with the first. The first one was Cigna settled with DOJ with a series of settlements, for a little over $172 million to resolve False Claims Act allegations on this very topic, and specifically, with respect to its Medicare Advantage plans. Specifically, the government there argued that Cigna did not withdraw unsupported HCC codes, or diagnoses codes, for its Medicare Advantage plan enrollees, even after learning that they were either unsupported or inaccurate, and otherwise failed to implement adequate compliance oversight structure to further identify inaccurate or unsupported claims. Now, really, as in a number of past cases that we’ve seen, DOJ honed in on one-way chart reviews to increase or boost risk adjustment scores, but failure to implement similar types of reviews to remove unsupported diagnoses codes that may have been artificially increasing payments otherwise. Here, Cigna entered into a five-year Corporate Integrity Agreement (“CIA”), which requires annual certifications across executives, and an independent review of the organization’s audit risk-adjustment data.

Michael Lampert: Yes, and another similar one was up in Maine: Martin’s Point settled, I think it was about $22.5 million. There, the allegations, at least as published, were focused a little bit more simply just on the submission of diagnosis codes that weren’t supported by medical records. So, in a way, a simpler point, not focusing so much on the one-way reviews you were talking about, Devin, but nonetheless, clearly focusing on whether there was support in the medical records for those diagnoses being submitted in order to support the higher reimbursement.

Devin Cohen: I think they all kind of go back to the same place, Michael: A question of the voracity of the underlying record in support of this, and what clinical decision-making should be made by the individual clinicians rather than imposed upon by the plans. I think in both of these cases, we really saw the settlements emphasize importance of compliance infrastructure in any regard, but really with respect to in-home risk assessments, utilizing vendors to identify diagnostic information and performing chart reviews. However, the compliance structure required to effectively mitigate risks, or try to effectively mitigate risk of fraud and abuse, must be refined for the specific work force members at play, and potentially to the needs of individual patients, particularly in the Cigna settlement, interestingly. Allegations included use of standardized forms to identify complex medical diagnoses. Here, DOJ found that to be problematic in the absence of necessary testing, imaging or other types of clinical assessments that would be required to establish the diagnosis in the first place. Only a warning that was raised from here on unifying compliance infrastructure across plan operations may not, in fact, effectively mitigate False Claims Act risk without sufficient additional contours and safeguards.

Michael Lampert: I think you’re right, Devin, to focus on some of those last points around compliance. Look, the bottom line is the Medicare Advantage program funds plans based on the acuity of their members, which it should—it makes complete sense, and it’s what’s written into the program. There’s no indication that that’s changing at any rate, given that, obviously, there should be a focus by plans on accurately reporting the diagnoses of their members, so that the reimbursement comes through and appropriately supports the care that those plans coordinate. So, two bottom-line points there coming out of these settlements. One, a basic point: make sure that there is appropriately support in the medical record for the diagnoses being supported. Have an auditing or a monitoring process, or both, that is focusing on validating the medical record support for diagnoses on an appropriate basis. Two: it comes, and it goes—the door swings both ways. Make sure that the process both eliminates diagnoses that aren’t supported, as well as adding diagnoses that are supported. Don’t turn a blind eye to the eliminations and focus only on the increases, because that may be something that is seen, at the end of the day, or alleged, at least, at the end of the day, to yield false claims, because there would not be a similarly robust process to assure the validity of those claims going through.

Devin Cohen: It’s the validity of those claims, and also, interestingly, in the eyes of DOJ in these cases, consistency of those claims and the records supporting those claims consistent with ICD-10 requirements. This goes back to, I think, what you were noting earlier, Michael, that DOJ’s looking past the payment methods into the care and into the patient experience to identify what care was needed and what care was rendered, and identifying ICD-10 standardized requirements that need to be complied with across a provider network has become an area that a number of plans have increasingly audited and monitored, and increasingly implemented that dual review, Michael, that you were suggesting.

Michael Lampert: Maybe we should turn to a couple of other areas where settlements focused recently. One of them focused on the Stark Law was Community Health Network, a health network out of Indiana. For those who, like me, suffer being born under a weird star that they find the Stark Law interesting and focus on it, this was at least touted as the largest Stark settlement to date—it was $345 million. Obviously, Stark Law penalties can accumulate pretty quickly. This one came out of some not-complicated facts. They were facts around the compensation paid to physicians, and specifically, whether that compensation (a) was fair-market value (it was alleged to be above fair-market value), and (b) whether the compensation took into account the physicians’ referrals (it was alleged to take into account the physicians’ referrals). What those who plough the Stark fields, if you will, know is that if you have a doctor and if that doctor refers a lot of designated health services (“DHS”), particularly as a proceduralist, and if that doctor’s financial relationship is non-compliant, it can yield really big numbers really quickly because it’s just binary. The Stark Law causes the orders for DHS just to become prohibited and the Medicare reimbursement to be prohibited, which is therefore, perhaps, not surprising that you can yield these big numbers, and this was a big one. So, nothing particularly novel or exciting, but certainly a reminder of what the Stark Law can do.

Devin Cohen: There’s another area, I think, we’ve seen focus pivoting from Stark into the clinical lab space, particularly involving free testing in exchange for referrals. We saw that in the Labcorp context, where there was allegedly unnecessary testing at play. And then, another laboratory settlement where a lab, Genotox, was alleged to have been paying volume-based commissions to third-party marketers in violation of the AKS. There, the submission of the tests to the government were not covered or were argued not to have been reasonably necessary—were really identified to help drive the commissions. That case, unsurprisingly, and, I think, consistent with a number of advisory opinions and ongoing developed case law, really did hone in on commission structures and the ability of those structures to incentivize bad conduct. So, as with many other trends, the scope of the regulatory oversight here is just increasing by the day.

Andrew O’Connor: Alright, now on to some other DOJ news. DOJ continues its steady drumbeat of encouragement to companies to voluntarily self-disclose misconduct, and we’ll talk about a few of those programs here in a minute. But even just in the last couple of weeks, the Deputy Attorney General Lisa Monaco announced a new whistleblower program that would provide financial rewards to people who bring to the DOJ’s attention criminal violations. It’s not clear yet how much this will really move the needle in the health care and life sciences space, because the False Claims Act, of course, already provides for ample financial incentives for whistleblowers to bring cases forward, but it is consistent with DOJ’s efforts to get more conduct voluntarily reported. We’ll talk about some of the specific programs they’re using to incentivize companies to do that, although candidly, I’ll tell you most defense lawyers and defendants, I think, remain a bit skeptical about the upsides of disclosing conduct that DOJ may view as problematic, even when the company feels it has defenses. I’d love to hear from you, Devin.

Devin Cohen: I would say that DOJ took an encouraging and enthusiastic tone, though, understanding the difference which litigators may take this. With Deputy Attorney General Lisa Monaco, she was encouraging companies to self-report, seeing it as a virtuous cycle—by giving a path of resolution and declination to companies trying to do the right thing, we are incentivizing the ability to identify and prosecute the individuals who are not. We saw this in the October 2023 announcement from the DOJ’s new Mergers & Acquisition Safe Harbor policy, where acquiring companies that promptly and voluntarily disclose criminal misconduct within the safe harbor period, and cooperate with the investigation, they receive presumption of a declination when they also were timely and appropriate in remediation, restitution, and disgorgement. Now, the intent of this policy, it is a bit of a glass-half-full view of the world—I will say that, Andrew—but I do think the intent of this policy is really to encourage not just implementation of an effective program, but encouraging reports when the program is actually successful in identifying misconduct or finding misconduct related to routine ongoing operations in the course of M&A.

Andrew O’Connor: Thanks, Devin. I know you do a lot more M&A than I do, but I am interested to see how that may impact the diligence process and the incentives of acquirers to identify potentially problematic practices early and remediate them. Under a similar initiative, though, DOJ is also providing credit and incentives for voluntarily self-disclosure under the Criminal Division’s Corporate Enforcement Policy. Under that policy, companies that come forward voluntarily and disclose suspected misconduct will be eligible for declinations as well—at least a presumption of a declination—even when there’s other aggravating circumstances that might ordinarily warrant the Department bringing a case. Companies that don’t voluntarily disclose but still engage in extraordinary cooperation in DOJ’s view will still be eligible for a fine reduction up to 50% from the low end of the guidelines’ range. Companies that fully cooperate and timely disclose and remediate, DOJ will actually recommend a reduction, not just of 50%, but of 50-75% from the low end of the range. Now, what remains to be seen is whether those incentives will be sufficient to get a company that’s otherwise not in DOJ’s crosshairs to come forward and report its own alleged misconduct.

Michael Lampert: Here’s an example, at any rate, of one point where it came up. In October of last year, DOJ indicted and then made an announcement regarding HealthSun. This gets back, actually, Devin, to something we were talking about a little bit earlier around risk adjustment. HealthSun is a Medicare Advantage plan, paid based on the acuity of its members. My guess is, based on the facts, that it paid some of that money, then, down to participants in its provider network. So, if providers were taking care of members with higher acuity, and probably doing so under risk-based contracts, I’d guess, who got more money, or were eligible, at least, for more money, based on patients’ acuity. What happened was that HealthSun acquired a clinic, that clinic had an employee, and—according to the press release and the grand jury indictment—that employee had been participating in some sort of a process to up-code, fundamentally, to record diagnoses that were incorrect. So, HealthSun acquired that clinic, I think it was either in 2016 or 2017.

Then, in 2020, HealthSun self-disclosed that that employee had been, in both the pre-acquisition period and in the post-acquisition period, essentially engaging in dastardly deeds that were yielding some inappropriate risk adjustments. The grand total dollar amount that seemed to be affected here was $53 million, and HealthSun, the Medicare Advantage plan, as part of its disclosure, agreed to repay that dollar for dollar, but just on a singles basis. The individual was indicted—a criminal indictment. I don’t know what’s happening on that, but the government, at any rate, declined prosecution of HealthSun. And that’s all recorded in a webpage that Department of Justice has called their Corporate Enforcement Policy (“CEP”) declinations, where they list a bunch of instances in which the Department has declined prosecution, presumably based on facts like this. What I found as interesting is that in that grand list, which looks like it goes back to 2016, there are a grand total of 19 declinations in that eight years that have since passed. And so, Andrew, what should we take of that?

Andrew O’Connor: I suspect the Department is going to be looking to expand that list quickly if it’s going to convince people that this is a good decision. I think it underscores that self-disclosure is still a very fraught, case-by-case determination. There may be an upside in certain circumstances, but there sure are a lot of risks around it. So, if there’s ever a question around this, my recommendation would be to talk to your favorite government enforcement lawyer who has experience dealing with the DOJ on these issues, because I do think it continues to be a very difficult decision.

Alright, turning to our last topic for today: the Supreme Court. 2023 was a huge year for developments in the False Claims Act space at the Supreme Court. In June, the Court issued a unanimous opinion in the closely watched case U.S. ex rel. Schutte v. SuperValu. It held that the FCA’s scienter requirement focuses on a defendant’s knowledge and subjective beliefs rather than exclusively on what an objectively reasonable person may have known or believed.

Michael Lampert: Look, the full implementations of this decision certainly are yet to be seen, but it arguably would seem to make it harder for defendants to get early dismissal of an FCA case because of scienter. And this could lead to additional discovery, one could tend to think, in FCA cases concerning defendants’ subjective beliefs at the time the claims were submitted.

Andrew O’Connor: I think that’s right, Michael. And last year, the Supreme Court issued another opinion in Polansky, in which the relators had argued that the government could not dismiss a qui tam when it had declined to intervene while the case was under seal. Now, the Court found that “the Government may seek dismissal of an FCA action over a relator’s objection, as long as [the DOJ] intervened at some point in the litigation, whether that’s at the outset or afterward.” The decision, which was written by Justice Kagan, held that when assessing the government’s motion to exercise its authority to intervene and dismiss, courts should be applying the ordinary voluntarily dismissal standard in Rule 41(a), which provides for a dismissal on the terms the Court considers proper. So, it’s a higher bar than complete, unfettered discretion for the government, but it’s still a very low bar, suggesting that really at bottom, cases brought in the name of the “United States” get to be controlled by the United States. I think it’ll be interesting to see, now that we have a clear rule on what the standard is, whether DOJ will be more willing than it has been in past cases, to exercise that authority, now that there’s not a risk of creating bad law. Stay tuned.

Michael Lampert: If you’re bringing a case in the name of the king, you’re still living in the king’s land, and so, it’ll be interesting to see what the king does with that, whether there are going to be really meaningful parameters on cases that enterprising relators and their lawyers might bring.

Andrew O’Connor: In addition to the Supreme Court’s work in the FCA space, there’s one other decision I wanted to highlight, and that’s in an immigration case U.S. v. Hansen. The reason I think it’s relevant here is in that case, the Court interpreted the term “to induce” in a very specific criminal-law sense, and the reason that phrase “to induce” is relevant is it’s the same one used in the federal Anti-Kickback Statute. Now, in the Hansen case, the Court explained that when that term is used in a criminal statute, the word “induce” is a term of art that reflects more of a specialized concept of solicitation or facilitation, as those terms have been used in the criminal law over centuries. We may now see the defendants in cases involving the Anti-Kickback Statute borrow that language from Hansen to push back against the persistently very broad interpretations that relators and DOJ tend to bring to the AKS, where in past cases, they’ve interpreted “to induce” as something akin to a mere influence. But the Supreme Court, in Hansen, seems to have made clear that “to induce” means something much different, and something that has a corrupt element to it, so I think we’ll be seeing more arguments from defendants, and hopefully, some decisions as well in the coming year or two.

Devin Cohen: Thank you all for tuning in for this final part of our review of fraud, waste, and abuse trends in health care podcast series. For those of you listening who’d like more information on the topics discussed today, or our health care group, or litigation & enforcement groups more broadly, please don’t hesitation to contact us. You can also, of course, subscribe and listen to other Ropes & Gray podcasts wherever you regularly listen to your podcasts, including Apple and Spotify. Thank you again for listening.

Subscribe to RopesTalk Podcast