Health care fraud enforcement continues to be a priority for the federal government and is poised to expand even more. As a result, health care providers and suppliers should anticipate greater oversight activities from auditors and investigators. Ensuring that your compliance program is up-to-date and up-to-task in proactively identifying problems and making timely decisions about corrective actions and potential disclosures is key to protecting the organization.
BIGGER BUDGETS FOR LAW ENFORCEMENT AND PROGRAM INTEGRITY
In the fiscal 2015 budget, Congress more than doubled the appropriation to the Health Care Fraud and Abuse Control (HCFAC) program to $672 million. This means that the U.S. Centers for Medicare and Medicaid Services (CMS), the U.S. Department of Justice (DOJ), and the Office of Inspector General (OIG) for the U.S. Department of Health and Human Services (HHS) received a large infusion of new funding at a time when many agencies continue to face flat or declining appropriations. CMS program integrity functions received more than $477 million for Medicare oversight, including Parts C and D. OIG and DOJ received more than $67 million and $60 million, respectively, from HCFAC.
Congress’ action reflects the high level of bipartisan support for HHS and DOJ fraud prevention and enforcement efforts. The Appropriations Committee shed light on another reason this new funding was able to pass: it was scored by the Congressional Budget Office as a saver because of the return on investment (ROI) figures for HCFAC. In the latest HCFAC report, the ROI for every $1 spent on fraud and abuse control activities was $8.10 in recoveries. This was the highest three-year average ROI in the 17-year history of HCFAC. The Appropriations Committee expects the HCFAC appropriation to generate more than $5.4 billion.
The industry should expect new agency hiring and expanded fraud enforcement and prevention activities in order to achieve the ROI that Congress expects.
ACTION ITEM: Ensure you have a robust compliance program to mitigate risk, to be prepared for government auditors or investigators, and to have a thoughtful disclosure strategy and plan. With increasing law enforcement activities and changes in care delivery models and payment rules, it has never been more important to have a comprehensive compliance program that systematically re-evaluates itself to change as the risk environment changes. Key issues to consider include the following:
- Effective training for staff not only on payment rules and internal reporting mechanisms, but also on what to do if contacted by a government auditor or investigator
- An internal auditing program that is right-sized for the organization and periodically re-evaluates risk areas
- A thoughtful and timely process for evaluating issues identified in the compliance program, including effective corrective action and potential disclosure to the government
DATA ANALYTICS AND TRANSPARENCY
CMS’s additional funding will likely be used in part to improve its recoveries and ROI under the Fraud Prevention System (FPS), the predictive data analytics program started by the Small Business Jobs Act of 2010. In 2014, OIG certified $54.2 million of savings in the Medicare fee-for-service program, with an ROI of $1.34 for every dollar spent on the FPS. As CMS builds new and more sophisticated data models to analyze claims data, FPS will grow in importance to various program integrity functions, from identifying contractor audit targets to making decisions about imposing payment suspensions or creating new moratoria.
Continued CMS and OIG investment in predictive data analytics, as well as the publicity of Medicare claims data and the Open Payments database under the Sunshine Act, will likely further increase the number of criminal and False Claims Act (FCA) investigations.
Many enforcement cases are based on billing controlled or influenced by physicians, either through their own practices or their relationships with other entities. More people now can find out who the “outlier” physicians are—which means you need to find out who yours are first.
ACTION ITEM: Know your data before the government does. Effective internal auditing is critical for ensuring compliance and identifying potential problems before they escalate. Regardless of whether physicians are employed or independent, hospitals can become caught up in an investigation of physicians who are high utilizers of the hospital. Compliance programs also play a key role in monitoring physician relationships to ensure compliance with the Anti-Kickback and Stark Laws.
MORE CRIMINAL ACTIONS, FCA LITIGATION AND CMP ACTIVITY
The year 2015 will continue to see increasing numbers of criminal actions and FCA cases filed and litigated, either by the relator or the government. FCA settlements and judgments totaled $5.7 billion for fiscal year 2014 (compared to $3.8 billion in fiscal year 2013), with $2.3 billion from the health care sector. While much of the health care sector amount came from pharmaceutical defendants, cases involving hospitals resulted in $333 million. The number of qui tam suits continues to rise, from 30 in 1987, to 300 to 400 a year from 2000 to 2009, to more than 700 for each of the last two fiscal years.
Increased scrutiny is already underway at Main Justice. In fall 2014, DOJ announced that both the criminal and civil divisions will automatically review all new FCA qui tam complaints to decide whether to conduct a parallel investigation. This policy is a change from the criminal division waiting to receive a referral for potential prosecution from civil.
In the past, if the United States declined a case, the relator would usually not continue to pursue it. Now, as relators (and relator law firms) have seen the amount of money paid to relators increase, and have seen DOJ’s resources being stretched thin over the past sequester years, they are becoming more motivated to actively assist in the investigation and to continue to pursue a case if the government declines.
The Affordable Care Act created an express requirement to return and report overpayments received from the Medicare or Medicaid program within 60 days of identifying the overpayment (the 60-day rule). While the regulation interpreting this rule is still pending with CMS, not following the statute has the potential to result in FCA liability. Now that the 60-day rule has existed for a few years, it is likely that failure to report and return identified overpayments will be increasingly cited as a claim in new FCA complaints.
While most of law enforcement’s action is on the criminal and civil sides, OIG’s administrative recoveries under the Civil Monetary Penalties Law (CMPL) have increased significantly in the last three years. Starting from less than $2 million in fiscal year 2011, OIG obtained more than $14.4 million in fiscal year 2014. These numbers come from OIG-initiated investigations, not from the Self-Disclosure Protocol. OIG reported that self-disclosure settlements brought in an additional $23 million.
Improved data analytics capabilities and increased funding of OIG should lead to more affirmative investigations and settlements. OIG also looks at FCA cases as a source for additional CMPL and exclusion proceedings—either against another entity implicated in the conduct or a senior executive who OIG believes has culpability for the conduct. One result of OIG’s increasing interest in examining individual corporate executives for potential “spin-off” administrative cases may be that companies are less inclined to enter into a settlement unless they obtain some comfort concerning OIG’s intentions to pursue executives.
- Develop a thoughtful disclosure strategy if you discover a potential issue.
- Effective compliance programs will find problems. It is critical to conduct a thorough and timely analysis of the facts and law to confirm the nature of the issue and what to do about it.
- The key to success is having a process in place to ensure potential issues are appropriately reviewed and acted upon. In particular, if the problem resulted in receiving an overpayment from a federal health care program, providers must ensure that the issue is fully examined to confirm the problem and determine the best way to inform the government, as well as who should do so.
- Seek clarity from OIG at the time of settlement on potential future actions.
- The time to obtain an understanding from OIG about its intentions to pursue other targets, including executives, is when you are negotiating a settlement.