Webinar provides multiple perspectives on FCA cases

To avoid federal False Claims Act (FCA) (31 U.S.C. §3729 et seq.) liability, providers should implement an effective compliance program, stay ahead of the government’s investigation of possible FCA violations, and fix problems first. In a Health Care Compliance Association (HCCA) webinar entitled, “False Claims Act Cases—Perspectives from Both Sides of the Aisle,” Rachel V. Rose, principal at Rachel V. Rose—Attorney at Law, PLLC, and Sean McKenna, shareholder at Greenberg Traurig LLP, provided an overview of the process for filing federal FCA complaints and how to respond to investigations and lawsuits under the FCA.


Qui tam relators file their complaints under seal, on behalf of the government. The Department of Justice (DOJ) has 60 days to investigate and decide whether to intervene, which happens only about 10 percent of the time. Even then, the government will prosecute only the strongest aspects of the case. The presenters warned that relators should use “an abundance of caution” when discussing an FCA case or the underlying allegations with anyone other than the whistleblower’s attorney or the government agents assigned to the case, as “breaking the seal” can result in dismissal or sanctions.

False claims

The type of false claim that most frequently leads to FCA liability is a claim for services not provided. Other categories of false claims include legally false claims (express), legally false claims by implied certification, and reverse false claims. In United Health Services, Inc. v. United States ex rel. Escobar, (2016), the U.S. Supreme Court upheld the implied certification theory and relied on whether the claim was material to payment, what McKenna called a “groundbreaking approach” (see Implied certification liability confirmed, limited to material compliance violations, Health Law Daily, June 16, 2016).

Since November 2, 2015, the range of penalties for violating the FCA increased from $5,500-$11,000 to $10,781-$21,562, plus treble damages and the relator’s attorney fees. FCA violations can also lead to exclusion, “the death penalty for health care providers.” Exclusion applies only to conduct from the past 10 years (42 C.F.R. Sec. 1001.901(c); see HHS OIG’s exclusion authority loosens, allows more discretion, Health Law Daily, January 12, 2017).

In parallel proceedings, simultaneous civil/criminal/administrative investigation of the same defendants occurs. It can be federal and state/local or multi-district. Not every case is appropriate for parallel proceedings, however. Examples of common parallel matters include procurement and government program fraud, health care fraud, internet pharmacies, and antitrust investigations.

Yates memo

The past several years in health care fraud and abuse prosecutions have seen an increased focus on individual actors such as executives, as reflected in a September 9, 2015 memo from former acting attorney general Sally Yates, known as the “Yates Memo.” The Memo emphasized the DOJ’s commitment to combat fraud “by individuals” and recommended that: (1) to qualify for a cooperation credit, a corporation must provide facts relating to the individuals responsible for the misconduct; (2) investigations should focus on individuals from the inception of the investigation; (3) culpable individuals should not be released from liability absent extraordinary circumstances; and (4) DOJ attorneys should not resolve matters with a corporation without a clear plan to resolve related individual case.

Best practices

If an FCA investigation occurs, providers should evaluate all liability (civil, criminal, administrative, state, licensure, and private), determine if anyone needs separate counsel or has talked to the government, preserve documents, and compile the right team, including consultants, billing and coding experts, and statisticians.

CIAs contain lessons for compliance professionals & board members

The typical obligations contained in a corporate integrity agreement (CIA) overseen by the HHS Office of Inspector General (OIG) can be implemented by compliance programs to drive accountability and improve effectiveness. In a webinar titled Compliance Accountability: Lessons Learned from Implementing Corporate Integrity Agreements, Tom Herrmann, JD, and Carrie Kusserow, MA, CHC, CHPC, CCEP, both of Strategic Management Services, LLC, provided an overview of the standard obligations in a CIA, including recent changes, and provided tips to listeners on how to effective oversight and organizational controls for health care organizations.

CIAs are typically included as part of a “global settlement” of criminal, civil, and administrative charges against a health care provider or entity. The CIA, which usually lasts for five years, allows the provider to remain a participant in federal health care programs in exchange for compliance responsibilities. These responsibilities include oversight by the compliance officer, executive-level compliance committee, and board, but also written guidance, mandatory trainings, screening for excluded providers, and regular reports to the OIG. Recently, the OIG has made some changes to CIA obligations, including requirements for management including certifications, minutes from executive-level compliance committee meetings, and obligations for the board.

To avoid entering into a CIA, or to survive one that has already been implemented, organizations should have a compliance officer who is a member of senior management. The compliance officer should report to the CEO, and is neither responsible for serving as legal counsel, nor subordinate to general counsel or the CFO. The compliance officer should chair the executive-level compliance committee, which should include senior management from relevant departments, and meet at least quarterly. Certain senior executives, including the CEO, COO, CFO, and CMO have obligations to monitor and oversee activities within their areas of authority. Lastly, the board of directors, made up of independent, non-executive board members, should be specifically trained on corporate governance and its responsibilities for compliance program oversight.

All compliance programs should have updated written policies and procedures, a disclosure mechanism like a hotline, provide annual training, and should include compliance as an element of performance review for all employees.

Compliance program effectiveness requires annual measurement of risks and identification of trends

Annual measurement and proactive evaluation of program elements and risks through reports and metrics is necessary to routinely determine the effectiveness of a compliance program, according to Bret S. Bissey, Senior Vice President, Compliance Services MediTract. Bissey presented practical suggestions and best practices for evaluating a compliance program in a webinar sponsored by the Health Care Compliance Association (HCCA) on March 21, 2017.


Bissey noted specific guidance that compliance officers should refer to when evaluating their compliance programs, Office of Inspector General (OIG) Compliance Program Guidance for Hospitals, OIG Supplemental Compliance Program Guidance for Hospitals and the Department of Justice’s (DOJ’s) Compliance Program Guidance on Evaluation of Corporate Compliance Programs published in February 2017. Bissey pointed out that the OIG guidance recommends benchmarking compliance program progress and provides two examples, claims processing evaluation and surveys. Claims processing evaluation requires a benchmark for error rates and standards that include sample size net dollar value, and consistency of universe.

Although not specific to the health care industry, the DOJ guidance identifies elements that can be used to evaluate a compliance program. The guidance consists of compliance-focused questions that the DOJ Fraud Division might consider when evaluating a corporate compliance program, including such topics as analysis and remediation of underlying misconduct, conduct of senior and middle management, autonomy of the compliance function, and compliance program funding and resources.

Surveys to measure effectiveness

Bissey stressed the importance of measuring organizational compliance culture to provide evidence of the effectiveness of the compliance program. He said that surveys can provide evidence of program effectiveness and recommended using surveys to measure covered persons’ attitudes regarding the organization’s commitment to compliance. Through surveys compliance officers can determine how well the operations of the compliance program are understood and the obligations of the people involved. Surveys and questionnaires are important to measure whether organizational culture encourages ethical conduct and a commitment to compliance with the law. Surveys also should be used to measure employee compliance knowledge. He added that both types of surveys allow the compliance professional to benchmark and measure compliance effectiveness over time.

Elements of evaluations

To begin to evaluate compliance performance, Bissey emphasized the importance of measurement and defining expectations of performance. He suggested identifying a set number of elements, some of which should be kept from year to year to measure trends. Compliance officers should identify metrics that are available, develop a score card, and report achievements, including any reasons for variance and year to year comparison of results. Trending data is the key, he said.

Bissey identified the following elements with suggested standards to consider in an evaluation:

  • hotline calls, including logging, investigations, disciplinary action;
  • education provided to staff, physicians, board of directors, and executives; establish standards for different groups and obtain board support;
  • audit/monitoring results; potential areas of trending coding and billing results; including consistent measurement, annual reviews, random samples, and net dollar value error rate;
  • potential areas of trending billing and coding results, including short stays, observation, evaluation and management, research billing, diagnosis related groups;
  • audit benchmarking scorecard, can be part of annual review and built into the work plan;
  • annual audit work plan completion based on an approved annual work plan by the compliance committee or board; use trends to explain need for resources and make future plans;
  • budget analytic, identify trends of budget and actual expenses over several years; and
  • other data points to trend year to year, such as focus arrangements, payments made to nonemployed physicians without evidence of time and effort for approval, quality improvement.

Other considerations

Bissey stressed the importance of the independence of the chief compliance officer independence as well as ensuring that the chief compliance officer has the knowledge and experience necessary for the role. Finally, Bissey recommended that the organization consider an independent external review at some predetermined interval of time such as every two or three years.

Gatekeeping vital to a best practice organization

Gatekeeping should be viewed as a first line of defense, protecting not only a healthcare organization, but the patients as well. In a Health Care Compliance Association (HCCA) webinar titled “Gatekeeping & Monitoring – Developing Sound Processes for Screening, Removal & Reinstatement,” Amy Andersen, Director of Operations at Verisys Corp., noted that every organization can be sorted to a risk aversion spectrum. On one end, the most risk-averse organizations use best practice compliance to achieve stellar outcomes. On the other end, non-compliant organizations risk fines and loss of reputations. The greatest cost to organizations in terms of monetary impact to establish gatekeeping measures is the change management and system implementation. Regardless, best practices organizations need to be proactive about gatekeeping and monitoring, not after the fact.


The best way to protect organizations is to implement a gatekeeping strategy. Gatekeeping is ensuring that information is properly disseminated among an organization and its association. Thus, the first consideration for an organization is which parties are being let into the organization. Organizations should not only focus on the healthcare professionals within their organizations, but the vendors and contractors employed by the organization. Andersen noted that the vendor space was one of the most overlooked areas in protecting an organization.

Secondly, once an organization permits vendors or individuals into the organization, it must readily identify any gaps. In essence, Andersen said that the organization should understand what it knows and does not know about the admitted vendor or individual.

Finally, the organization should establish criteria for admittance of these vendors or individuals. Thus, an organization’s gatekeeping strategy should include three parts: (1) identification, (2) communication, and (3) remediation.

Identification, communication, and remediation

At a most basic level, identification starts with screening and monitoring. Some barriers to gatekeeping include data “hoarders,” those entities who do not share what they know or require you to go through a gate itself. These entities can be threats to the organization.

Andersen advised that organizations should examine and avoid unconsidered risks. In terms of credentialing, Andersen stressed “verify, verify, verify.” These risks are created when an organization silos information within itself. She cautioned against this, noting that organizations should do holistic reviews to determine whether the departments within the organization are communicating any risks effectively.

Access to information is vital. Once identification generates data for the organization, relevant information must be made visible. After policy and procedure access occurs, the organization must take action in a consistent manner. This is includes removal of individuals from the organization or vendor from a business relationship, expectations should be laid out clearly. Any auditing that is done should be unbiased and adhere to industry standards.