Applying lessons learned when conducting FCA investigations after Escobar

The Supreme Court opinion in Universal Health Services v. U.S. ex rel Escobar established that the implied certification theory may be a basis for False Claims Act (FCA) (31 U.S.C. §3729) liability if allegations satisfy both the FCA’s materiality and scienter (knowledge) requirements, Joan W. Feldman, partner at Shipman & Goodwin LLP explained during a Health Care Compliance Association webinar on June 26, 2017. She noted that the focus in FCA cases going forward will be whether the government would have refused to pay the allegedly false claim if it had known of the information allegedly omitted or misrepresented.

The Supreme Court’s opinion and remand

The Supreme Court granted certiorari in Escobar to answer whether the implied certification theory was viable and if it could only apply when a provider violated a legal requirement that the government explicitly designated as a condition of payment. Although the Court determined that implied certification is a valid theory, it stated that the FCA should not be considered a vehicle for “punishing garden-variety breaches of contract or regulatory violations…” The Court further concluded that “a misrepresentation about legal compliance does not become material simply because the Government labeled the legal requirement as a ‘condition of payment,’ but whether the defendant knowingly violated a requirement the defendant knows is material to the Government’s payment decision.” The Court remanded the case to the First Circuit (see Implied certification liability confirmed, limited to material compliance violations, Health Law Daily, June 16, 2016).

Feldman pointed out that upon remand, the First Circuit identified three factors that had to be considered when evaluating materiality and knowledge: (1) was compliance a condition of payment, (2) was compliance with a specific regulation the essence of the agreement; and (3) did the government pay the claim even though it was aware of the issue?

The First Circuit concluded, if Medicaid’s decision to reimburse Universal Health Service would have been unaffected by knowledge of the regulatory violations, the violations would not be material, and the implied false certification lawsuit could not proceed. In this case, however, the complaint stated that regulatory compliance was a condition of payment, licensing and supervision requirements were central to the regulation of mental health treatment facilities generally, and the factual allegations were limited to reimbursement claims filed during treatment (see Implied false certification lawsuit under the FCA stated a valid cause of action, Health Law Daily, November 29, 2016).

Lessons from Escobar

The Escobar case illustrates that the FCA is nuanced and complex, Feldman said. She noted that courts will closely scrutinize and evaluate materiality on a fact specific, case-by-case basis to determine whether the alleged violations are sufficient to constitute a false claim. Although she said it is not clear how the Supreme Court’s opinion will play out in the courts, she stressed the importance of claimants clearly stating their materiality and knowledge claims under the implied certification theory. She also emphasized the importance of reacting appropriately and promptly to FCA complaints or concerns.

Investigations

Feldman provided the details of several steps in conducting an FCA investigation, including where to start, maintaining attorney client-privilege, working with the government, planning and conducting an investigation, and mitigating the risk of a FCA qui tam action. She emphasized the importance of maintaining confidentiality throughout the investigation. In addition, she

  • Where to start. When confronted with a false claim allegation, providers must respond promptly. The date and time that the allegation was made must be documented and the allegation must be communicated to leadership. Legal counsel experienced with false claims should be engaged and the Medicare administrative contractor or Medicaid agency must be notified. The compliance officer must assign responsibility for the investigation but must limit the number of individuals in the sphere of knowledge and communication. Accountability and follow-up are essential as well as the preservation of documents.
  • Maintaining attorney client privilege. Consult with counsel to protect the attorney-client privilege. Ensure document production is done with counsel who creates a privilege log for documents that will not be turned over to the government. Interview witnesses separately to protect communications.
  • Working with the government. When working with the government compliance officers must be cooperative, responsive, and timely; yet maintain an advocate position for the organization. They must understand the issue, facts, and relevant law as well as the settlement if there is one. Feldman encouraged compliance officers not to be intimated by the government or assume its position is correct. She explained that the government only knows the case from the qui tam relator. She told compliance officers to “push back” and advocate the organization’s position with facts and laws when presented with the government’s case.
  • Planning the investigation. An investigative plan must be developed, a timeline created, and records of the investigation must be maintained, including the process, interview notes, and witness log. Witnesses must be identified and interviews must be scheduled.
  • Conducting the investigation. The attorney should conduct the investigation and may have deputized staff to assist. When a complaint of subpoena is received, litigation hold must be communicated throughout the organization. Documents are reviewed and interviews conducted. When appropriate, engage auditors or experts. Leadership should be kept informed throughout the process.

Additional tips

Other advice Feldman provided included circling back to complainant, avoiding whistleblower retaliation, and being mindful of the collateral effect of an investigation on employees. In addition, she emphasized that concerns raised by an individual must be taken seriously. Compliance officers should give them full attention and document the concern and how it was addressed. If the individual is not satisfied with the findings, the compliance officer should document why no further action will be taken and notify counsel. If attention is not given when a concern is raised, the individual may pursue an action.

340B a small program with tricky compliance field

Although drug spending under the 340B program is a small fraction of drug spending in the country overall, compliance remains important for all entities involved: hospitals, pharmacies, and manufacturers. In a Health Care Compliance Association webinar entitled “340B Program: Finding Clarity in Uncertain Times,” presenters Karolyn Woo and Tony Lesser, both from Deloitte & Touche LLP, advised listeners to allocate the necessary resources to ensure compliance in light of increased audit activity.

340B program

Created by section 340B of the Public Health Service Act (PHSA), the program requires drug manufacturers participating in the Medicaid program to provide outpatient drugs to participating health care organizations at reduced prices. These discounts allow providers to save between 25-50 percent on outpatient drug costs. However, for perspective, 340B spending only accounted for just over $12 billion of the $310 billion spent on drugs in 2015.

Oversight and audits

Despite the program’s relatively small size, Woo and Lesser underscored the necessity of compliance, noting the Health Resources and Services Administration’s (HRSA) increased oversight activity. The agency has recently contracted experienced auditors, who focus on eligibility, drug diversion, duplicate discounts, and billing accuracy. If issues are found during the audit, the HRSA Office of Pharmacy Affairs (OPA) will review these issues, present a corrective action plan to HRSA, and finalize its report. Drug diversion is the most common issue, and repayment to manufacturers was required in over half of the completed audits in fiscal years (FYs) 2015 and 2016. Although there has been no uptick in the number of manufacturer audits recently, HRSA may contact an entity to request certain information outside of an audit, which should be presented as clearly as possible. In addition, specialty pharmacies, which often represent a high percentage of a manufacturer’s 340B revenue, may fall under particular scrutiny.

Compliance plan

Repayment requires that the covered entity and the manufacturer work out a financial remedy in good faith. The process is hampered by outdated OPA information, lack of deadline guidance, and differing repayment calculations. To avoid being placed in this situation, covered entities should create a compliance plan that ensures close oversight of 340B activity, starting with educating staff and reviewing 340B policies and procedures. Entities should perform internal audits to find areas of non-compliance, and learn how to prevent and detect identified issues. When areas of non-compliance are found, they should be reported to manufacturers, HRSA, or other entities as required.

Webinar provides multiple perspectives on FCA cases

To avoid federal False Claims Act (FCA) (31 U.S.C. §3729 et seq.) liability, providers should implement an effective compliance program, stay ahead of the government’s investigation of possible FCA violations, and fix problems first. In a Health Care Compliance Association (HCCA) webinar entitled, “False Claims Act Cases—Perspectives from Both Sides of the Aisle,” Rachel V. Rose, principal at Rachel V. Rose—Attorney at Law, PLLC, and Sean McKenna, shareholder at Greenberg Traurig LLP, provided an overview of the process for filing federal FCA complaints and how to respond to investigations and lawsuits under the FCA.

Complaints

Qui tam relators file their complaints under seal, on behalf of the government. The Department of Justice (DOJ) has 60 days to investigate and decide whether to intervene, which happens only about 10 percent of the time. Even then, the government will prosecute only the strongest aspects of the case. The presenters warned that relators should use “an abundance of caution” when discussing an FCA case or the underlying allegations with anyone other than the whistleblower’s attorney or the government agents assigned to the case, as “breaking the seal” can result in dismissal or sanctions.

False claims

The type of false claim that most frequently leads to FCA liability is a claim for services not provided. Other categories of false claims include legally false claims (express), legally false claims by implied certification, and reverse false claims. In United Health Services, Inc. v. United States ex rel. Escobar, (2016), the U.S. Supreme Court upheld the implied certification theory and relied on whether the claim was material to payment, what McKenna called a “groundbreaking approach” (see Implied certification liability confirmed, limited to material compliance violations, Health Law Daily, June 16, 2016).

Since November 2, 2015, the range of penalties for violating the FCA increased from $5,500-$11,000 to $10,781-$21,562, plus treble damages and the relator’s attorney fees. FCA violations can also lead to exclusion, “the death penalty for health care providers.” Exclusion applies only to conduct from the past 10 years (42 C.F.R. Sec. 1001.901(c); see HHS OIG’s exclusion authority loosens, allows more discretion, Health Law Daily, January 12, 2017).

In parallel proceedings, simultaneous civil/criminal/administrative investigation of the same defendants occurs. It can be federal and state/local or multi-district. Not every case is appropriate for parallel proceedings, however. Examples of common parallel matters include procurement and government program fraud, health care fraud, internet pharmacies, and antitrust investigations.

Yates memo

The past several years in health care fraud and abuse prosecutions have seen an increased focus on individual actors such as executives, as reflected in a September 9, 2015 memo from former acting attorney general Sally Yates, known as the “Yates Memo.” The Memo emphasized the DOJ’s commitment to combat fraud “by individuals” and recommended that: (1) to qualify for a cooperation credit, a corporation must provide facts relating to the individuals responsible for the misconduct; (2) investigations should focus on individuals from the inception of the investigation; (3) culpable individuals should not be released from liability absent extraordinary circumstances; and (4) DOJ attorneys should not resolve matters with a corporation without a clear plan to resolve related individual case.

Best practices

If an FCA investigation occurs, providers should evaluate all liability (civil, criminal, administrative, state, licensure, and private), determine if anyone needs separate counsel or has talked to the government, preserve documents, and compile the right team, including consultants, billing and coding experts, and statisticians.

CIAs contain lessons for compliance professionals & board members

The typical obligations contained in a corporate integrity agreement (CIA) overseen by the HHS Office of Inspector General (OIG) can be implemented by compliance programs to drive accountability and improve effectiveness. In a webinar titled Compliance Accountability: Lessons Learned from Implementing Corporate Integrity Agreements, Tom Herrmann, JD, and Carrie Kusserow, MA, CHC, CHPC, CCEP, both of Strategic Management Services, LLC, provided an overview of the standard obligations in a CIA, including recent changes, and provided tips to listeners on how to effective oversight and organizational controls for health care organizations.

CIAs are typically included as part of a “global settlement” of criminal, civil, and administrative charges against a health care provider or entity. The CIA, which usually lasts for five years, allows the provider to remain a participant in federal health care programs in exchange for compliance responsibilities. These responsibilities include oversight by the compliance officer, executive-level compliance committee, and board, but also written guidance, mandatory trainings, screening for excluded providers, and regular reports to the OIG. Recently, the OIG has made some changes to CIA obligations, including requirements for management including certifications, minutes from executive-level compliance committee meetings, and obligations for the board.

To avoid entering into a CIA, or to survive one that has already been implemented, organizations should have a compliance officer who is a member of senior management. The compliance officer should report to the CEO, and is neither responsible for serving as legal counsel, nor subordinate to general counsel or the CFO. The compliance officer should chair the executive-level compliance committee, which should include senior management from relevant departments, and meet at least quarterly. Certain senior executives, including the CEO, COO, CFO, and CMO have obligations to monitor and oversee activities within their areas of authority. Lastly, the board of directors, made up of independent, non-executive board members, should be specifically trained on corporate governance and its responsibilities for compliance program oversight.

All compliance programs should have updated written policies and procedures, a disclosure mechanism like a hotline, provide annual training, and should include compliance as an element of performance review for all employees.