Bracing for the Next Wave of Health Care Enforcement

12 May 2021 Blog
Authors: Matthew D. Krueger Pamela L. Johnston Michelle A. Freeman
Published To: Health Care Law Today Coronavirus Resource Center:Back to Business

This article was originally published in Law360 on May 11, 2021. Click here to view that post.

Many predict a significant wave of health care enforcement during the Biden Administration. And for good reason: Federal health care spending nearly doubled to $2.4 trillion due to the COVID-19 relief bills, including $178 billion in Provider Relief Funds. That funding surge adds to regulators’ separate concerns about the telehealth boom, increasing cyberattacks, the well-being of elderly patients, opioid misuses, and the costs of health care and prescription drugs. But just how will those regulator concerns result in enforcement? This article briefly notes the Biden Administration’s enforcement priorities and then discusses what to watch in anticipating the coming enforcement wave. In the absence of more enforcement resources, agencies will increasingly rely on data analytics and specialized task forces to focus their efforts. At the same time, the funding surge will likely result in even more qui tam actions. Taken together, those dynamics call for health care compliance programs to improve their own data analytics and handling of internal complaints.

Enforcement Priorities

Although the Biden Administration is still working to fill numerous key positions in the two main enforcement agencies (the U.S. Department of Justice (DOJ) and the U.S. Department of Health and Human Services, Office of Inspector General (HHS OIG)), their current leadership have signaled similar enforcement priorities. They include:

  • COVID-19-related funding, including misuse of Provider Relief Funds.
  • Telehealth-related fraud and kickback schemes.
  • Prescription drugs, including opioid-related cases and schemes that lead to rising drug prices, such as kickbacks and improper coverage of patient co-pays.
  • Electronic health records, such as kickback schemes and misrepresentations of capabilities that cause providers to submit false claims for incentive payments.
  • Cybersecurity, such as submitting claims for payment while failing to meet material cybersecurity requirements.
  • Elder fraud, including cases involving long-term care facilities.
  • Medicare Part C managed care, such as submission of improper diagnosis codes that manipulate the risk adjustment process.

The Mandate: Do Lots More, With a Little More

Congress has failed to fund the enforcement agencies to the same degree that it funded the COVID-19 relief efforts. Although the COVID-19 relief bills gave HHS OIG and DOJ modest funding bumps, those increases were not remotely proportionate to the increases in funding for health care programs and providers.

In recent years, HHS OIG’s budget has ranged from around $370 million to $390 million, to oversee approximately $1.3 trillion in federal health care spending. The COVID-19 relief packages added another $1 trillion in federal health care spending, yet HHS OIG received only approximately $17 million in additional funding. It bears noting, however, that $5 million of those additional funds were directed specifically toward HHS OIG’s oversight of Provider Relief Funds.

The story for DOJ is similar. For the current fiscal year (2021), the U.S. Attorney’s Offices and Main Justice litigating divisions received increases of just 3-4% from fiscal year 2020, plus a small increase for U.S. Attorney’s Offices in the COVID-19 relief bills.

It is no exaggeration to say that HHS OIG and DOJ now face a far larger and more complex enforcement challenge than any time in history. These realities suggest several factors to watch in the coming months, as the Administration’s health care enforcement agenda moves into implementation.

Increased Use of Data Analytics

First, the surge of new federal spending will likely accelerate DOJ and HHS OIG’s use of data analytics to prioritize the limited enforcement resources. For some years now, DOJ and HHS have collaborated on mining Medicare provider and claims data, along with other public data sources. Many State Medicaid Fraud and Control Units (MFCUs) likewise receive federal funding to conduct data mining in HHS OIG-approved programs. The need to triage new COVID-19-related funding will only increase that trend.

The agencies seek to use data analytics to focus their resources on the areas that the agencies perceive as highest risk, whether determined by dollar amounts or red flags, rather than by what tips they receive. The head of DOJ’s Commercial Litigation Branch recently claimed that “sophisticated use of data analytics allow” it to see where the “highest fraud risk physicians are located in each state and federal district, and how much they are costing the Medicare program.” In fact, each U.S. Attorney’s Office, along with its local HHS OIG and FBI agents, now regularly receives data sets unique to their specific region.

As a top priority, data mining efforts will focus on COVID-19 relief funds. For example, HHS OIG is matching data sources to identify potential “double-dipping” of multiple COVID-19 relief funds, such as receipt of both Provider Relief Funds and PPP loans for the same expenses. Separately, outlier analysis recently led HHS OIG to investigate a provider’s treatment claims paid under the COVID-19 Uninsured Program, administered by the Health Resources and Safety Administration.

DOJ and HHS OIG also use data analytics to look for potentially improper relationships. For example, data mining can reveal providers who make a high percentage of orders or referrals to particular ancillary providers, like labs, hospices, or pharmacies. Likewise, Open Payments data are correlated with providers’ orders of DME and expensive prescription drugs.

The opioid crisis led DOJ components (including DEA) and HHS to intensify their focus on prescribing data, obtained both from Medicare claims data and state Prescription Drug Monitoring Programs. These are just some of the ways enforcement agencies are seeking to use analytical tools to focus their investigative efforts.

Of course, data can never tell the whole story. Often there are legitimate explanations for what may seem suspicious in a data set. As enforcement agencies initiate more investigations based on data analytics, it will be critical to check against confirmation biases and hold regulators to their burdens of proof.

Specialized Enforcement Units

A second factor to watch is the organization of specialized enforcement units. Without an overall influx of more agents and prosecutors, DOJ, HHS OIG, and partner agencies will continue to rely on interagency teams tasked with specific health care fraud issues targeting the worst offenders. This is a longstanding method, which has already led to task forces focused on the misuse and exploitation of COVID-19 relief funds, elder fraud, and prescription opioids, to name a few. In addition to its regional Strike Forces, DOJ created a National Rapid Response Strike Force, in September 2020, that led DOJ’s largest telemedicine and opioid enforcement action. The mission of that national strike team and other specialized units will give strong indications of likely enforcement priorities.

Another important factor to watch is how U.S. Attorney’s Offices (USAOs) choose to allocate their resources in the Biden Administration. USAOs play a lead role in enforcing the False Claims Act, the Controlled Substances Act, and criminal health care fraud offenses. Each U.S. Attorney has broad latitude to assign prosecutors to different enforcement units, and even to move prosecutors between the Civil and Criminal Division. In the last Administration, USAOs received historic increases in prosecutors, many of whom were assigned to combat violent crime. It is entirely conceivable that the presidentially appointed U.S. Attorneys who will be confirmed in the coming year will move more resources to combat health care fraud, cybercrime, Paycheck Protection Program (PPP) loan fraud, misapplication of Provider Relief Funds, and other complex white collar offense.

A Wave of Qui Tams?

A final factor to watch is how the Biden Administration approaches qui tam suits. In the last fiscal year, qui tam filings rebounded from a small dip in prior years: 672 actions were filed, an average of 13 new actions every week, and the largest number filed since 2017. The sheer volume of new COVID-19 relief funds, combined with their wide distribution through numerous programs, means that qui tam suits will probably continue to increase in the coming years. DOJ uses data analytics and other screening tools to prioritize qui tam suits; suits lacking sufficient loss amounts or signs of fraud are unlikely to undergo a deep investigation.

That raises the critical question of whether the current administration will continue the somewhat more aggressive willingness to move to dismiss qui tam suits. In the 30 years before the January 2018 Granston Memo, DOJ moved to dismiss only about 45 qui tam actions. In the three following years, DOJ moved to dismiss approximately 50 more actions in recognition that many False Claims Act suits lack any merit. Even that number undercounts the Granston Memo’s significance because DOJ’s newfound appetite to dismiss qui tams undoubtedly led many more relators to dismiss their suits voluntarily. Consequently, the tone set by DOJ Civil Division and USAO leadership will have an outsized impact on qui tam practice going forward.

How to Prepare for the Wave

These unique dynamics — massive new federal funding, a broad set of complex enforcement priorities, increased use of data analytics, and a likely rise in qui tam suits — suggest that health care companies should take several steps to protect themselves. Protective measures are particularly important in this moment when enforcement agencies feel pressure to show the public they are safeguarding COVID-19 relief funds.

First, compliance personnel should consider performing audits, now, of Provider Relief Funds, PPP funds, and other COVID-19 relief funding they have received. To be effective, this analysis needs to be ongoing, particularly in light of the evolving (and sometimes conflicting) guidance provided by agencies throughout the pandemic.

Second, compliance personnel should consider enhancing their own use of data analytics in risk assessment and monitoring. Indeed, DOJ’s most recent guidance in evaluating the effectiveness of compliance programs expressly addresses use of data for timely and effective monitoring.

Finally, to reduce the risk of becoming a qui tam defendant, companies are well-advised to revisit their policies, trainings, and practices for encouraging and responding to complaints by employees, patients, and others. To the extent that resources were pared back during the pandemic’s first year, it would be prudent to reinvest in compliance and due diligence now.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.