With the COVID lockdown, the law enforcement agencies, including the United States Department of Justice (DOJ), the local US Attorneys’ Offices, and the state enforcement agencies worked on a limited basis for much of 2020 and 2021 to present date. The slowdown in enforcement in 2020 due to the pandemic was reflected in the civil fraud recoveries for that year. The DOJ reported $2.2 billion in settlement and judgments for civil cases in the fiscal year 2020 (from October 1, 2019, to September 30, 2020), which was down from the over $3 billion recovered in the fiscal year 2019 and was the lowest civil fraud recovery in a decade. The percentage of healthcare recovery was higher, totaling approximately $1.8 billion in 2020, or over 80% of the recovery of all civil fraud cases.
This dip in civil fraud recovery is likely a thing of the past. Now that most of the agencies have gone back to full staff, at least in Louisiana and in other states, we can expect an all-out effort to make up for work that was slowed during the lockdown. We can also expect to see more actions related to the enforcement initiatives of the new administration. Such initiatives include:
- Pandemic-related fraud. This is the obvious enforcement priority. The range of pandemic fraud includes COVID testing and reimbursement, CARES Act fraud, Paycheck Protection Program (PPP) loan fraud, and other pandemic-related false billing. Criminal indictments for PPP and CARES Act fraud have been steady since the programs were implemented. More recently, on May 26, 2021, the Criminal Fraud Division announced indictments of multiple individuals and entities nationwide, which included allegations ranging from improper COVID testing and billing, telehealth-related fraud, misappropriation of CARES Act funds, and the fraudulent use of COVID-19 “emergency override” billing codes.
Although the majority of cases seen thus far involve criminal actions, the number of civil enforcement actions will increase as the criminal enforcement actions increase, since a fair number of civil fraud cases will likely begin as criminal investigations. This being said, the DOJ has already settled at least one False Claims Act case involving pandemic-related fraud. In that settlement, SlideBelts, a fashion accessories internet retailer, admitted that it made false statements to federally insured banks that it was not in bankruptcy in order to influence those banks to approve, and the Small Business Administration (SBA) to guarantee, a PPP loan. Although SlideBelts ultimately paid back the $350,000 it received to the lender upon a demand by the United States, it also entered into a settlement agreement to pay double damages (i.e., another $350,000) as well as substantial fines. Expect to see more fraud cases involving misrepresentations in the application for, retention of, and/or failure to properly account for the use of funds from the CARES Act and PPP loan program.
- Telehealth fraud. Although telehealth fraud preceded the pandemic, reports of fraud increased during the pandemic with the relaxing of the government’s requirements for telehealth. Expect to see more cases involving telehealth fraud under the relaxed regulations. The extent of the fraud discovered will likely impact the government’s future regulations regarding the use of telehealth and the continuation, or discontinuation, of the broader scope of telehealth.
- Protection of the Elderly. The new administration continues the efforts of the last administration in making the protection of the elderly a priority. Expect to see more investigations into facilities providing elder care, such as skilled nursing, rehabilitation facilities, and nursing homes. As a harbinger of things to come, earlier this month, the U.S. Attorney’s Office for the Southern District of New York brought a civil complaint against the owners and managers of eleven skilled nursing facilities, alleging that the facilities systematically kept patients at the facilities longer than necessary and ordered higher levels of rehabilitation therapy than necessary in an effort to maximize Medicare billing. Further, although this case arose from pre-COVID billings, the number of elderly patients who were admitted into rehabilitation and long-term care facilities during COVID will likely serve to drive up the number of investigations into these facilities’ billing practices. Finally, expect to see the DOJ crackdown on fraudsters who obtain and sell the elderly citizens’ information in return for referral fees as part of the DOJ’s effort to thwart the exploitation of the elderly.
- Hospital Cybersecurity. With recent significant ransomware attacks, the need for strong cybersecurity measures is particularly important, and an organization’s reaction to cybersecurity threats will come under increased scrutiny. On June 21, 2021, the Office of Inspector General (HHS–OIG) issued a report outlining its finding that Medicare lacks consistent oversight of cybersecurity for networked medical devices in hospitals. The Centers for Medicare & Medicaid Services (CMS) found that its survey protocol did not include requirements for networked device cybersecurity, and the Medicare accreditation organizations (AOs) do not use their discretion to require hospitals to have a cybersecurity plan. HHS-OIG has recommended that CMS identify and implement a way to address cybersecurity in the quality oversight of hospitals. It is unknown at this juncture what such a plan will look like, but, given the ever-present danger of hackers, hospitals should be focused on improving their cybersecurity measures before CMS implements its oversight plan.
- Electronic Health Records (EHR). Not only is protecting patient information from cyberattacks a priority, making sure that the use of EHR systems is free from fraud is also a priority for the DOJ. Commons areas for fraud involving EHR include false claims for electronic health records incentive payments as well as kickbacks from vendors in exchange for the use of their software. Expect the continued scrutiny of electronic health record systems.
- And the Rest… The list above is not exclusive. Expect to see enforcement actions related to the ongoing opioid epidemic, such as the DOJ’s False Claims Act settlement with Purdue Pharma for $2.8 billion for its role in the diversion of opioid medications, which occurred in late 2020. Further, as always, the government will investigate conduct brought by a whistleblower, and the claims brought to DOJ by whistleblowers cover the gamut of all areas of healthcare. Thus, expect to see more of the same sorts of actions we have seen from the DOJ in recent years.
Although we are hopefully entering the post-pandemic world, the pandemic will continue to affect the government’s enforcement and rulemaking for the foreseeable future. It is thus important that institutions ensure that their compliance programs identify and correct any issues as they may arise, both in the context of pandemic-related administrative and billing issues, as well as the traditional areas of concern for facilities, such as the Anti-Kickback Statute and the Stark law.