Making sense of today's health care enforcement landscape

Recent trends in enforcement activity

Medicare advantage. Recently, the government has begun to intervene in cases involving Medicare Advantage (MA) plans—both against MA plans and against providers. Areas of interest include false risk adjustment data and false certifications of the accuracy of claims.

Meaningful use payments. In May 2017, US Department of Justice (DOJ) announced a settlement agreement in a case against a vendor or electronic health record (EHR) software alleging that the vendor causes its customers to submit false claims for meaningful use payments by filing false certifications of compliance with requirements the CMS EHR Incentive Program.

Individual accountability. Recently, the DOJ reiterated its commitment to using the False Claims Act (FCA) and other civil remedies against individuals responsible for corporate wrongdoing. The policy applies even where the individual does not have the ability to pay the judgment. The purpose of this policy is to prevent corporations from failing to stem health care fraud by approaching payments as a cost of doing business. Underscoring that commitment, the past few years have seen a number of notable multimillion-dollar settlements and judgments involving individuals in life sciences and health care companies.

Non-intervened cases. Government intervention remains key to health care qui tam fraud recoveries. But the government intervenes in only a minority of cases filed, and historically—when the government decided not to intervene—the relator generally chose not to pursue the case on his or her own. That is starting to change, however, with a noticeable trend in non-intervened cases moving into active litigation with the relator and relator’s counsel.

Other developments. Other types of health care fraud—while not necessarily novel—continue to be enforced through the FCA. One area is drug pricing. Another one is kickbacks, where FCA cases continue to be filed involving such issues as below—and above—market rent, payments for sham services, sham speaker arrangements, and many different kinds of fee waivers. Cases involving Stark Law (physician self-referral) violations are also common. Further, the FCA’s per-claim penalties have dramatically increased, roughly doubling between 2015 and 2017.

Back to top

Prevention through compliance programs

Compliance programs must be designed and implemented to satisfy the government, in a tangible way, and demonstrate the organization is taking compliance seriously. Additionally, in a non-intervened qui tam suit, a company's program will often have to withstand the scrutiny of an expert witness who may be called to give an opinion about whether the company has an effective compliance program.

Analyzing the maturity of an organization's compliance program can help an organization set priorities as it enhances that program over time.

There are three stages in the evolution of compliance programs:

1. Foundation
   A foundational program focuses on basic compliance using the technology solutions the organization has already. The program includes an inventory of compliance policies plus basic training to maintain compliance with laws, rules, and regulations. Risk management is mostly reactive and focused on historical data, with some risk assessments plus compliance monitoring and testing.
2. Modernization
   A modernized program is more extensive. Compliance policies are new and refreshed, with updated requirements (linked to laws, rules, and regulations) and internal controls. Metrics help with monitoring and reporting. Training and communications integrated into daily business activities and relationships. A refined compliance risk governance structure has the support of the board and senior management. This type of program shows that team members are knowledgeable about compliance. To regulators, it also provides transparency plus evidence of the program's adequacy.
3. Value creation
   The value-creating program is the most sophisticated of all. It uses real-time data to analyze risk against key metrics, taking upcoming regulatory changes into account. Predictive analytics help with reporting, capacity and resource planning, and other decisions. The view of risk rolls up to the enterprise level. Overall, the program aims squarely at improving efficiency and outcomes.

An interesting aspect of value-creating programs is their emphasis on talent. They look for people with advanced data and analytics competencies. And the hiring techniques they use are specifically designed for compliance risk management.

Back to top

Bringing it all together

Despite shifting reform policies and a change in administration, health care enforcement and compliance continue to receive strong support in Washington. Authorities and relators alike are pursuing new avenues to surface fraud and abuse.

For organizations in the health care and—increasingly—life sciences industries, the logical course is to stay aware of recent developments and evaluate their significance to the business. A structured program of ongoing compliance is an effective way to take this knowledge and put it to work at mitigating risk. At the same time, a strong compliance framework provides ways to keep management, investors, regulators, and other stakeholders informed and engaged.

Back to top