The Sunshine Act and Data Mining

By Joseph Gregorio, DePaul University College of Law-

On September 30, 2014, CMS released the data collected under the Physician Payment Sunshine Act (Sunshine Act), as mandated by the Patient Protection and Affordable Care Act (ACA), through its online Open Payments system. Any member of the public can now access and view reported transfers of value from manufacturers and group purchasing organizations to physicians and teaching hospitals involved with Federal Health Care Programs (FHCPs), such as Medicare and Medicaid. The Sunshine Act was intended to give transparency to the financial relationships between doctors and manufacturers. An expected consequence of enacting the Sunshine Act is the increase of civil and criminal actions brought under the False Claims Act (FCA) and other health care fraud statutes.

Data Mining to Detect Fraud

Data mining is particularly applicable in the health care industry due to the massive amount of electronic data it generates from protected health information, drug and device manufacturers, and from private insurance and FHCPs. Before data mining gained popularity in detecting health care fraud, it was utilized for more benevolent applications in healthcare, and still is today. Hospitals use data mining to increase administrative efficiency and physicians use it to aid decision-making. Pharmaceutical companies use data mining to monitor the efficacy of new drugs and detect adverse drug-drug interactions. Similarly, the Centers for Disease Control (CDC) and other health care programs use it to track the spread of diseases and viruses and monitor general health and wellness.

Currently, HHS/OIG and DOJ now utilize data analysis and mining techniques to detect and prosecute health care fraud. The DOJ and HHS cooperate under their joint Health Care Fraud and Abuse Control Program (HCFAC) by sharing known patterns of fraud and collections of raw data. HCFAC uses suspected patterns of fraud to guide further investigations, and as evidence in prosecutions and leveraging settlements. The agencies can detect “outlier” physicians or hospitals that bill for a suspiciously high number of certain drugs, devices, or services, well above national averages. Such outliers indicate potential fraud, such as overbilling, up-coding, or billing for services not rendered.

HCFAC Over-reliance on Data Mining

With the help of data mining, the government has been increasingly successful in prosecuting fraud in FHCPs. HFAC announced record recoveries in 2013 of $2.6 billion from settlements and judgments, equating to roughly $8 for every $1 spent on prosecutions. HCFAC has attributed some of this success to its cooperative data mining, and has stated that it will continue to use it to detect and prosecute fraud. Despite this success, some have criticized the government’s overzealous use of data mining in bringing actions under the FCA, and leveraging settlements. Despite data mining’s remarkable ability to detect patterns of fraud in massive and incomprehensible amounts of information, there are several limitations.

These limitations are particularly relevant to health care fraud due to the serious penalties violations can carry. Data pools, collected by data mining, are limited by the inherent nature of errors. This is not a new issue for health care data.  Even CMS had problems with inaccurate Sunshine Act data before the Open Payments system was launched. Another issue is that suspicious or anomalous trends may be the result of naturally occurring random fluctuations or patterns in the data. Furthermore, because a variety of patterns and trends can indicate fraud, over-analysis of any data set can generate certain patterns or suspicious trends that may be false positives of fraud. These erroneous patterns could lead to unnecessary investigations into the suspected physician or company, which could uncover actual violations.

These limitations lead to criticisms of HCFAC’s over-reliance on data mining.   Critics allege data mining has gone from one of HFAC’s fraud detection tools, to becoming its primary tool for detecting fraud, bringing claims, and leveraging settlements. Actions based on fraud indicating patterns can be troubling due to the complexities of health care fraud and abuse laws, and the difficulty in defending such a claim.

It is indeterminable how many actions come from data mining alone, but qui tam relators mining data released by the government may also be a large contributor to false claim actions. There are also concerns that the HCFAC’s expanded interest in prosecuting more subjective violations, such as substandard provisions of care, will soon be led by data mining.

New Data, New Concerns

Qui tam relators and their attorneys were given a windfall when CMS released the Medicare Provider Utilization and Payment Data dataset April 9, 2014, which contained the billing information for Medicare procedures and services. Many feared the release would generate a flood of qui tam suits. It is too early to determine the impact on FCA actions, but there were certainly parties analyzing the data. On September 30, 2014, CMS launched its Open Payments system under the Sunshine Act covering payments between August and December 2013. This release has generated similar concerns of data mining.

The Sunshine Act requires device and drug manufacturers, as well as group purchasing organizations, to report any payments or transfers of value made to physicians and teaching hospitals. Mining this kind of data could uncover Anti-Kickback Statute violations, which prohibits parties involved in FHCP’s from making offers, payments, solicitations, or receiving anything of value in return for referrals, or other reimbursable services under FHCPs. Manufacturers must also report any financial ownership interests physicians hold in the company, which could lead to Stark Law violations, or prohibited self-referrals. Reports to CMS must also include the name of the drug or device that forms the basis of the payments. Payments to physicians specializing in areas outside the drug’s general application could raise suspicions of off-label marketing, in which drug or device manufacturers promote uses unapproved by the FDA for marketing, or by CMS for FHCP coverage.

The FCA, however, provides a safeguard for public disclosures that prevents qui tam relators from bringing claims based upon information publicly disclosed in hearings, government investigations and reports, or news media. 31 U.S.C. § 3730(e)(4)(A) (2012). Actions may still be brought by the Attorney General, or by the relator if they are an “original source” of the information by having “direct and independent knowledge” of the violation. § 3730(e)(4)(B).  It is unclear whether deriving previously “hidden” information by mining publicly released CMS data constitutes publicly disclosed information. The ACA may have loosened the public disclosure bar by giving courts discretion in claims “opposed by the government.” § 3730(e)(4)(A).

The Sunshine Act was intended to provide greater transparency to the health care system by disclosing financial conflicts of interest between providers and manufacturers. Nevertheless, there are many negative consequences to consider. The potential wave of FCA litigation from data mining could significantly drain the financial resources of providers. While this will lead to more recoveries by HCFAC, manufacturers may stop providing payments for research or training in order to avoid onerous reporting requirements and potential litigation. Physicians may also refuse these payments to avoid being put in the database. Litigation may also increase the earliest feared consequence of the Sunshine Act, the undermining of patient’s trust in doctors.

Maximizing the utility of the Sunshine Act will require balancing the desired transparency of manufacture-provider financial relationships with the need to preserve trust within the physician-patient relationship. This will require physicians to review any information reported on them, and adequate administrative procedures to ensure data is collected accurately and any errors are corrected promptly. Not only could inaccurate data leave physicians vulnerable to FCA violations, it could undermine their patients’ trust in the care they provide. Even accurate reporting under the Sunshine Act could weaken one of the oldest relationships in the United States health care industry, that between manufacturers and physicians.

Joseph Gregorio is a student at DePaul University College of Law and is expected to graduate in May of 2016. Previously he studied psychology at Western Illinois University. He is a staffer for the DePaul Law Review and a contributor to the DePaul Health Law Institute’s E-Pulse blog.