Kusserow on Compliance: DOJ reports 2019 False Claims Act Recoveries of over $3B

The DOJ obtained more than $3 billion in settlements and judgments from civil cases involving fraud and false claims against the government in fiscal year 2019. Recoveries since 1986, when Congress substantially strengthened the civil False Claims Act, now total more than $62 billion. Of the more than $3 billion in settlements and judgments recovered, $2.6 billion related to the health care industry.

This was the tenth consecutive year that health care fraud settlements and judgments have exceeded $2 billion. Whistleblower, or qui tam, actions comprise a significant percentage of the False Claims Act cases that are filed. Of the $3 billion in settlements and judgments reported by the government in fiscal year 2019, over $2.1 billion arose from lawsuits filed under the qui tam provisions of the False Claims Act.

During the same period, the government paid out $265 million to the individuals who exposed fraud and false claims by filing these actions. The number of lawsuits filed under the qui tam provisions of the Act has grown significantly since 1986, with 633 qui tam suits filed this past year—an average of more than 12 new cases every week. In its news release, the DOJ noted that it had increased holding individuals accountable and cited examples of actions taken against responsible executives.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: OIG program exclusions reported for second half of 2019

Total of 2640 new exclusions added to the LEIE in 2019

Under the Social Security Act, the HHS Office of Inspector General (OIG) is able to exclude individuals and entities from participation in Medicare, Medicaid, and other Federal health care programs. Exclusions are required (mandatory exclusion) for individuals and entities convicted of the following types of criminal offenses: (1) Medicare or Medicaid fraud; (2) patient abuse or neglect; (3) felonies for other health care fraud; and (4) felonies for illegal manufacture, distribution, prescription, or dispensing of controlled substances. The OIG is also authorized (permissive exclusion) to exclude individuals and entities on several other grounds, including misdemeanors for other health care fraud (other than Medicare or Medicaid); suspension or revocation of a license to provide health care for reasons bearing on professional competence, professional performance or financial integrity; provision of unnecessary or substandard services; submission of false or fraudulent claims to a federal health care program; or engaging in unlawful kickback arrangements. The Patient Protection and Affordable Care Act (ACA) added another basis for imposing a permissive exclusion, that is, knowingly making, or causing to be made, any false statements or omissions in any application, bid, or contract to participate as a provider in a federal health care program, including managed care programs under Medicare and Medicaid, as well as Medicare’s prescription drug program.

During this semiannual reporting period, the OIG excluded 1,347 individuals and entities from Medicare, Medicaid, and other federal health care programs. Most of the exclusions resulted from convictions for crimes relating to Medicare or Medicaid, patient abuse or neglect, financial misconduct, controlled substances, or as a result of license revocation. The OIG completed the deployment of a new service for State Medicaid Fraud Control Units (MFCUs) to report convictions through a central web-based portal for exclusion. This improved reporting from those agencies. A list of excluded individuals and entities can be found at https://exclusions.oig.hhs.gov/.

 

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: Health care remains a top target for cyber-criminals

Data has value and businesses and individuals rely upon imperfect systems to store their information. Those committing fraud focus on sensitive data and targets with weak controls. For these reasons, data breaches are becoming more common in the health care sector where sensitive data can be found. Thus, organizations which have yet to protect themselves need to take proper cautionary steps to control access to that information. Among the best targets are hospitals and other health care institutions that are dependent on immediate access to their data in order to provide necessary treatment for their patients. They also have a treasure chest of data about their patients, including addresses, date of birth, Social Security numbers, family members, phone numbers, contact details, and more. Once obtained, this information can be sold on the “black market.” Gaining access to this valuable data can be extremely profitable, but locking the entity out of access to their information, as in the case of ransomware, can be a calamity for providers that must have immediate access to their patient data. A further attraction to cyber-criminals is the fact that many health care entities have weak controls. In this regard, entities’ major weakness is their employees, who through ignorance or carelessness open the door to cyber-attacks. With that in mind, health care firms should put more resources into proper training for their employees.

Cyber-Attack Prevention Tips

  1. Implement policies and procedures for taking precautions against malware
  2. Provide training on recognizing phishing and the danger of malicious links and attachments
  3. Ensure everyone creates complex passwords that are difficult to penetrate
  4. Conduct regular systems tests to help flag vulnerabilities before a hacker can gain access
  5. Limit employee access to systems on a need to know standard.
  6. Review/restrict privilege by limiting the people accessing files on a single server
  7. Monitor email carefully and don’t open email attachments from unknown parties
  8. Train employees (the weak link) to recognize and prevent cybercrimes
  9. Train against clicking email links/attachments, or responding to “pfishing” inquiries
  10. Ensure employees don’t leaving the workplace with data and files
  11. Monitor external exchanges
  12. Continuously monitor employee and vendor networks
  13. Establish an aggressive patching schedule for all software
  14. Update software to include improved controls
  15. Establish and monitor the use of encryption of transmitted information
  16. Regularly test users to make sure they are on guard
  17. Configure email servers to block zip or other files that are likely to be malicious
  18. Focus security efforts on those files that are most critical—patient records

For more information on this subject, contact Dr. Cornelia Dorfschmid at cdorfschmid@strategicm.com

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: False Claims Act settlements on the risk spectrum

OIG reported results of action taken in FY2019

The government’s primary civil tool for addressing health care fraud is the False Claims Act (FCA) and most of these cases are resolved through settlement agreements in which the government alleges fraudulent conduct and the settling parties do not admit liability. Based on the information it gathers in an FCA case, the OIG assesses the future trustworthiness of the settling parties (which can be individuals or entities) for purposes of deciding whether to exclude them from the federal health care programs or take other action. The OIG applies published criteria to assess future risk and places each party to an FCA settlement into one of five categories on a risk spectrum. OIG bases its assessment on the information OIG has reviewed in the context of the resolved FCA case and does not reflect a comprehensive review of the party.

The OIG published its FCA risk spectrum report for 2019. The amount of settlements was not part of this report but will be provided separately later. There were fifteen entities excluded based on FCA violations. Another 40 entities entered into Corporate Integrity Agreements (CIAs), which was at about the same rate as in recent past years. Also reported were two cases where the entity was placed on Heightened Security, rather than signing a CIA. In addition there were twelve self-disclosures related to FCA violations reported.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.