The Genesis and Evolution of the False Claims Act
Born during the Civil War era, the False Claims Act (FCA) was the result of Congress's effort to stifle corruption in armament sales to the Union Army.[1] Known as "Lincoln’s Law," the FCA mostly laid dormant until significant modifications were made in 1986. These changes revamped the Act, enhancing its capacity to counter fraud, particularly in the defense and health care sectors.
At its core, the FCA is a civil statute designed to protect federal government payors such as Medicare and Medicaid from fraudulent claims. A central role of the FCA is to recover funds that have been inappropriately paid out due to fraudulent activities, waste, or abuse within the health care sector. In layman's terms, it's illegal under the FCA to knowingly submit false claims to government health care programs or dodge repayment obligations. Said more precisely, the Act makes it unlaw to knowingly submit a false claim, deliberately make a false statement, retain money that shouldn’t have been paid out, or conspire to engage in any of these activities. With its roots in the Civil War and its continuous evolution, the FCA remains a potent tool against fraud, protecting government interests and taxpayer dollars.
This Article presents an overview of the necessary elements of the FCA and highlights some key best practices for organizational compliance. A standout feature of the FCA is the "qui tam" provision. This provision allows private individuals to file claims on behalf of the government, significantly broadening the reach of the Act. While this discussion extends beyond the scope of this Article, it’s worth noting that there have been notable recent developments on this front.[2] This Article does, however, outline recent FCA developments relating to its core concepts of “knowledge” and “materiality.” This is the final piece in a trio of Articles focusing on the main facets of health care fraud and abuse, effectively closing the loop. Previous articles have explored the Stark Law and the Anti-Kickback Statute (AKS). Given the inherent overlap and similarities among the FCA, Stark Law, and AKS, these articles collectively provide a somewhat holistic view on health care fraud and abuse. Without more, let’s dive right in.
"Fraud and Abuse" Unpacked
The term "Fraud and Abuse" is a broad one. It generally refers to violations of the AKS, Stark Law, and the FCA. Under the umbrella of "fraud and abuse," FCA liability can arise from breaches of the AKS or Stark Law, or from improperly submitted claims. This highlights the interconnectivity of these laws in ensuring the integrity of our health care system. Occasionally, “fraud and abuse” is used synonymously with the FCA itself. But keep in mind that it's also a defined term under the FCA.
“Fraud and abuse” under the FCA are distinct terms. “Fraud” means knowingly and willfully executing or attempting to execute a scheme to defraud any health care benefit program or obtaining money or promises of money or other items of value through false or fraudulent pretenses, representations, or promises.
On the other hand, “abuse” is associated with practices relating to services that are not in line with providing medically necessary and fairly priced care to patients in accordance with professional standards. So, abuse includes acts that are inconsistent with sound medical or business practices. Unlike fraud, abuse is an unintentional practice that directly or indirectly results in an overpayment to a health care provider. The defining characteristic of abuse is its unintentional nature. When it comes to abuse, the investigator cannot establish that the act was committed knowingly, willfully, and intentionally. This emphasis on "intent" is crucial in distinguishing between fraud and abuse as well as in identifying ethical from unethical actions.
While this Article doesn't delve into all the innerworkings of the FCA, rest assured, more is yet to come. But for now, let’s focus on the big picture. To fully understand the FCA, one must start by understanding each one of its required elements:
1. A false statement was made, or fraudulent conduct was engaged in;
2. The person acted knowingly;
3. The statement or conduct was material; and
4. The government ended up paying money or forfeiting money due as a result.
Falsity or Fraudulent Conduct
False claims under the FCA can be grouped into three main categories: Factually False Claims, Legally False Claims, and Reverse False Claims.
1. Factually False Claims: These are claims where the services on the bill did not actually happen. They can manifest in different ways:
Billing for services that weren't provided;
Billing for higher-cost services than what were actually provided (known as "upcoding");
Billing separately for services or items that should be billed together at a lower overall rate (known as “unbundling”);
Double-billing for services; and
Billing for medically unnecessary services even if they were performed.
Medical necessity is a critical term in determining whether a service is necessary. Medicare.gov defines services or supplies as "medically necessary" if (1) they're needed to diagnose or treat a disease, condition, illness, or its symptoms; and (2) they align with accepted medical standards. According to federal statutes, it’s also important to ensure that services are provided economically.[3]
There are two types of medical necessity. One is clinical and the other is document and coding. Both types can raise potential safety concerns for patients and implicate FCA liability. Clinical includes medical appropriateness, medical complexity, and medical judgment. Document and coding medical necessity drives the level of service by accurately documenting the services provided. Also, there are various sources to refer to when determining medical necessity including National and Local Coverage Determinations, Medical and Association Guidelines, expert opinions, and others; and
“Worthless Services” claim where the service performed is so substandard that it's practically the same as if no service was provided at all.[4]
2. Legally False Claims: These claims arise when a claim or the circumstances of the services reflected in the claim violate an underlying law or regulation. Even if the provider has not explicitly stated that the claims are legally compliant, the mere submission of these claims is generally seen as a knowing misrepresentation under the FCA. An example of this would be if a physician provides services under an arrangement that violates the AKS or Stark Law or is otherwise illegal.
3. Reverse False Claims: The Department of Justice (DOJ) has somewhat recently started prosecuting these types of claims, which involve failing to return overpayments by the federal government within a mandated timeframe. The Affordable Care Act (ACA) requires overpayments to be returned within 60 days of either the date the overpayment was identified or the date a corresponding cost report is due. Overpayment is further discussed below.
Knowledge
An essential aspect of the FCA is the knowledge requirement.[5] It's not enough to merely submit or cause to submit a false claim or statement to the government. The person who submitted it must have knowledge of the falsity. Also, note that it's not necessary to prove there was intent to defraud. "Knowledge" under the FCA can take either one of three forms:
1. Actual knowledge of the information being false;
2. Deliberate ignorance of the truth or falsity of the information. This would be choosing to ignore the reality even if the truth was available; or
3. Reckless disregard of the truth or falsity of the information. This would be acting very carelessly or unreasonably in not determining the truth or falsity of the claim or information.
To be in violation of the FCA, a person must submit, or cause the submission of, a false claim (or make a false statement or record) with one of the above types of knowledge about its falsity. Importantly, there are recent notable case law developments on the knowledge requirement. A recent Supreme Court decision relating thereto is highlighted immediately below.
In the joined cases of U.S. ex rel. Schutte v. SuperValu Inc. and U.S. ex rel. Proctor v. Safeway, Inc., the U.S. Supreme Court reached a unanimous decision emphasizing that a defendant's personal belief is crucial when determining if the FCA’s scienter (knowledge) standard is met.[6] The relators claimed that the nationwide grocery store and pharmacy chains contravened the FCA by notifying the Centers for Medicare & Medicaid Services (CMS) about the "usual and customary" prescription prices based on the standard retail price rather than the discounted one. They insisted that both companies were aware that under federal law, the "usual and customary" price was the discounted price and should have been reported as such. According to the relators, by reporting standard retail prices instead of discounted ones, the defendants "knowingly" submitted false claims to CMS. The district court’s ruling, which the Seventh Circuit upheld, determined that the scienter element of the FCA was not satisfied because the defendants had provided a way to interpret "usual and customary" as referring to the typical retail price, making their personal intent irrelevant.
The Supreme Court, in a unanimous decision, reversed the Seventh Circuit's ruling, stating that "the FCA’s scienter requirement pertains to [a defendant’s] awareness and individual beliefs—not what an objectively reasonable person may have understood or believed." The Supreme Court specified that the FCA defines "knowingly" to include three mental states regarding the alleged false information— “actual knowledge,” “deliberate ignorance,” and “reckless disregard.”
Accordingly, the Supreme Court decided that FCA plaintiffs can establish scienter by demonstrating that defendants (1) “actually knew” their interpretation was wrong when making the claim, (2) “recognized a significant risk that” their interpretation was wrong and “purposely refrained from confirming its accuracy” or (3) “knew of a considerable and inexcusable risk but submitted the claims nonetheless.” In making this ruling, the Court dismissed SuperValu and Safeway’s arguments supporting the “objectively reasonable” standard including their reliance on the objective standard under the Fair Credit Reporting Act (FCRA) used in Safeco, stating that the Safeco ruling was specific to the particular language of the FCRA, and thus irrelevant to the FCA's interpretation.
This shift away from the "objectively reasonable" standard will likely necessitate a more detailed investigation into a defendant's awareness and could necessitate litigation beyond summary judgment. It could also prompt FCA plaintiffs to seek discovery into the defendant's internal legal considerations as these could be relevant to whether the defendants "subjectively knew" at the time that their interpretation was incorrect.
Materiality
For a claim to be considered "false" under the FCA, the information in the claim or related regulatory violations must be material enough to impact the government's decision to pay the claim. What does it mean to be material to the government’s decision to pay a particular claim or group of claims? The issue of materiality is not black and white. Case law sets the parameters. Because case law requires proper interpretation and application of both the rules and facts, you should consider reaching out to your preferred health care lawyer for advice on your specific situation. Let’s discuss the general framework though.
In a 2016 case, Universal Health Services v. United States ex rel. Escobar, the U.S. Supreme Court held that omitting material fact(s) when submitting claims can be the basis for FCA liability if at least two conditions are satisfied: 1) the claim goes beyond a mere request for payment by making specific representations about the goods or services provided; and 2) the defendant fails to disclose noncompliance with material statutory, regulatory, or contractual requirements making those representations misleading partial truths.[7]
Materiality is judged by an objective test that asks if the false information could potentially influence the payment or receipt of money or property.[8] This evaluation takes into account multiple factors including, but not limited to, interpretations of the information, actions taken by the government like paying claims despite known regulatory violations, and statements made by government officials. But these factors are not the only considerations, nor do they conclusively determine materiality.[9]
The Court decided that materiality is not established simply by showing that a defendant has violated certain laws, regulations, or contract terms tied to payments.[10] Similarly, it is not defined by the idea that the government would have withheld payment if it knew about the defendant's non-compliance.[11] On the other hand, materiality can be proven by showing that the defendant knew the government consistently denies claims due to noncompliance with specific laws, regulations, or contractual requirements.[12] It can also be proven if the government continues to pay a claim despite the defendant knowing that certain requirements were violated.[13]
The U.S. Court of Appeals for the Fifth Circuit further defined materiality in United States ex rel. Harman v. Trinity Indus.[14] Here, the court held that evidence showing noncompliance with statutory, regulatory, or contractual obligations for payment alone was not enough to satisfy materiality under the FCA. The court found that the Government’s persistent and continuous reimbursement weighed heavily in favor of the defendant “showing that the Government did not find Trinity Industries’ omission of drawings as material.”[15]
These cases confirm that the materiality requirement under the FCA is not straightforward and that undisclosed violations don't automatically lead to liability. They also show that the government's reaction to a violation can play a significant role in determining materiality.
More recently, in U.S. ex rel. Montcrieff v. Peripheral Vascular Associates, P.A., the U.S. District Court for the Western District of Texas held that a false claim may be material even when damages are minimal or nonexistent.[16] The court rejected the defendant’s position that the continued payment of claims after a meeting with the government on whether it would intervene in the qui tam matter showed a lack of materiality. It held that courts “routinely exclude” communications on the government’s intervention decision from any materiality analysis. The court further highlighted that materiality is based on the information and conduct existing that the time of the payment decision.
In United States v. American Health Foundation, the U.S. District Court for the Eastern District of Pennsylvania decided that a reasonable person would believe that the defendants' allegedly substandard care would be material to the government's decision to pay for that care and goes to the “very essence of the bargain” between the government and defendant. In addressing the "worthless services" theory of liability, the court firmly disagreed with the idea that the government must show that every single service in a bundle was worthless to avoid having a case dismissed.[17]
Overpayment
Overpayment plays a critical role in FCA violations. It refers to any funds received or retained under programs like Medicare or Medicaid that, after appropriate reconciliation, a person or entity isn't entitled to keep. Several factors can heighten the risk of overpayment under the FCA. These overpayment risk factors include:
1. The size (magnitude) of the overpayment;
2. The timing of repayment;
3. The potential for qui tam relators (whistleblowers);
4. The potential for patient harm;
5. The status of data mining and outlier detection: health care entities should data mine their own data to detect any overpayment issues beating the government to the punch;
6. Perceived conflicts of interest: if the person who ordered the service benefits financially, for example, then the government may consider that more heavily in imposing FCA liability than seeing it as a simple overpayment refund scenario;
7. Past knowledge of overpayment: whether through prior internal audit activities or repayment via a prior contractor auditor, the government can more easily claim knowledge under FCA;
8. Widespread behavior (no strength in numbers): just because a provider down the street or others in the area happen to build procedures in the same way, that does not effectively protect your organization from potential FCA liability; and
9. Retention Risks: retaining an overpayment that has been identified for more than 60 days can itself lead to an FCA violation. Organizations should conduct reasonable investigations as per regulatory requirements to identify and return overpayments. The investigations should consider if they need to be performed under attorney-client privilege due to the high-stakes and risks associated with failure to fully refund overpayments. Several methods can be used to address overpayment issues. Refund options include online claim adjustments, voluntary refunds to government payors, the OIG Self-Disclosure Protocol (a predictable and timely way to address high-risk overpayment situations), and the DOJ self-report (particularly useful where a provider has a strong relationship with the office and wants to go through a known source).
Organizations should select the most suitable process that aligns with their overpayment situation. A key consideration is whether the organization wants the process to conclude with a written settlement agreement and release from the government. If this is a concern based on risk factors, it might be more appropriate to opt in for the OIG Self-Disclosure Protocol or DOJ self-report. In essence, organizations should aim to address and rectify overpayment issues proactively before they catch the government's attention, thereby minimizing the risk of FCA penalties.
Penalties Under the False Claims Act
Penalties under the FCA are significant and severe, marking it as a tool for imposing some of the largest fines and settlements within the health care industry. A person or entity found to have violated the FCA is liable for a civil penalty for each false claim of not less than $10,781 and not more than $21,563, in addition to three times the amount of damages sustained by the federal government–a provision known as "treble damages." This provision can rapidly escalate the overall penalty, especially when coupled with the cumulation of each fine per claim. Given the high volume of Medicare claims a healthcare provider can submit within a period, the cumulative monetary value can be enormous, leading to potentially colossal penalties that can dramatically the hinder operations of any organization.
Beyond the monetary consequences, violators could also face severe sanctions including exclusion from participating in federal health care programs, exclusion from employment by entities receiving federal funds, sanctions on professional licenses, and loss of accreditation for the entity involved.
Enforcement of the FCA
The enforcement of the False Claims Act (FCA) largely falls under the responsibility of several federal and state agencies. Leading the charge is the U.S. Attorney/Department of Justice (DOJ), which is the principal federal agency entrusted with enforcing the FCA including conducting criminal prosecutions. The Office of Inspector General (OIG) also plays a crucial role, particularly in the sphere of health care where it is deeply involved in investigating and enforcing FCA violations. In addition to these federal entities, there are state units such as Medicaid Fraud Control Units, which serve to enforce state-level fraud and abuse statutes. An array of other federal agencies including the Centers for Medicare & Medicaid Services (CMS), the Department of Veterans Affairs (VA), the Department of Defense, and the Food and Drug Administration (FDA) also contribute to the enforcement of the FCA.
There can be parallel civil and criminal investigations, or one or the other, based on the nature and severity of the violation. It's worth noting that the federal government, primarily through the DOJ, demonstrates a strong commitment to investigating and targeting fraud in federal programs and government contracts. When necessary, they pursue criminal charges against individuals involved in the fraudulent conduct, such as a company's President, CEO, CFO, or a medical director in the case of a health care facility, given that corporations themselves cannot be imprisoned.
Defenses to the False Claims Act
Various defenses can be invoked against allegations under the FCA:
1. Negating the Allegations: A common defense is to refute the allegations made in the claim directly. This can be achieved by showing that there were no false statements or claims made, or if there were, they were not made with the necessary state of mind or "knowledge" required by the FCA. The FCA requires the defendant to have acted with actual knowledge, deliberate ignorance, or reckless disregard of the truth. Providing evidence of due diligence, compliance efforts, or a lack of intent can help negate these allegations.
2. "First to File" Bar: The FCA includes a "first to file" rule. Once a whistleblower or "relator" brings a qui tam suit (a lawsuit brought by a private citizen on behalf of the government), no other parties can file subsequent claims based on the same fraudulent conduct. If another party attempts to file a suit based on the same allegations, the defense can assert the "first to file" rule to bar the subsequent action.
3. Statute of Limitations: The FCA has specific time limitations for filing a claim as mentioned above. Generally, a claim must be brought within six years of the violation or within three years of when the government discovered or should have discovered the violation. However, in any event, no claim can be brought more than ten years after the violation regardless of when the government discovered it. If a claim is filed outside of these time frames, the defendant can use this as a defense to seek dismissal of the claim.
Corporate Compliance Programs
Corporate compliance programs originated in 1991 as a part of the Federal Sentencing Guidelines. The central idea is that these programs should be driven from the top down, with a firm commitment from the board to ensure compliance. These programs aim to create awareness of compliance issues within the organization, facilitate the faster discovery of compliance problems, and demonstrate the organization's commitment to ethical conduct and compliance with the law.
Effective compliance programs exercise due diligence to prevent and detect misconduct and promote an organizational culture encouraging ethical conduct. It's also essential to remember the Conditions of Participation (COPs) and regulations like the Stark Law and the AKS because if an organization is noncompliant with these requirements and bills Medicare or Medicaid, it could result in FCA liability.
In the same vein, the investigation and corrective action process is central to compliance programs. It includes the following stages:
1. Capture: Complaints and potential compliance issues can be identified through various means, such as a hotline, routine audit, external audit, or even a government investigation. Data mining, DOJ settlements, and similar sources are crucial for identifying target areas for audits.
2. Triage: This is like a filtering system. It helps to assess whether a complaint is credible and specific, which informs the next steps. Maintaining attorney-client privilege during this stage can be critical. Usually, simply including an attorney in emails isn't enough.
3. Plan: The planning stage involves following policies, assigning responsibilities, and planning based on facts, circumstances, and the seriousness of the potential violation. It also involves identifying the investigation team and forming a concrete plan of action.
4. Investigate: During this stage, the team works to understand and confirm the facts, determine the scope of the investigation, and create a record of the investigation process. The investigation should reveal the cause of the incident and the harm to patients. A lookback period should extend to at least when the overpayment began, or if not known, a default period of 6 years should be used based on the limitations period.
5. Correct: This stage involves policy updates, education initiatives, disciplinary actions, fulfilling the 60-day obligation for repayment to the government, and potentially self-reporting the issue.
6. Monitor: Ongoing auditing and monitoring ensures the effectiveness of the corrective action.
There are several considerations in assessing compliance. The DOJ Policy Manual as amended by the "Garland Memo," states that guidance documents cannot create binding requirements that do not already exist by statute or regulation.[18] However, guidance can be used as evidence of knowledge or notice of the law. Additionally, coding issues can impact payment to facilities for inpatient and outpatient services, physician practices for technical components and professional services, and physician compensation based on the attribution of RVUs, making it essential to identify and address these issues. So, when a coding issue is identified, for example, you should confirm whether other payments are impacted.
Target Issues, FCA Settlements, & OIG Self-Disclosures
Several areas have been consistently targeted in FCA settlements and OIG self-disclosures. These include hospital inpatient admissions, appropriateness of therapy services, usage of stents and cardiac devices, opioid prescribing and pain management, hospice eligibility, behavioral health practices, ambulance transportation, physician conflicts of interest, and documentation of Evaluation & Management (E/M) services.
Electronic health records (EHRs) have transformed the field of medical documentation. However, they have also led to a new twist on an old saying. Previously, it was said, "if you didn't document it, you didn't do it." But now the mantra is, "you documented it, but did you do it?"[19] Cloning is one issue within this space. It refers to the duplication of information from one source to another within the EHR. It includes the use of "SMART TOOL" features that allow a user to copy and paste from a different record or note, carry forward prior content, insert pre-composed templates or content, automatically generate content based on a selection of available options, and invoke the "make me the author" function.
However, cloning can pose significant financial and patient safety risks. In recent years, it has attracted increased attention from government investigators and auditors. Over-documentation (inserting false or irrelevant documentation to support billing for higher-level services), inappropriate cloning, and cloned documentation that misrepresents the medical necessity for coverage of services are some examples of issues that have been highlighted by Medicare Administrative Contractors (MAC).
Organizations should take several measures to mitigate the risks associated with cloning and improve documentation. Firstly, it is crucial to develop a policy for the appropriate use of SMART TOOLS with adequate education provided to practitioners about this policy. Secondly, text that has been copied should be clearly distinguishable from manually entered text, potentially by using a different color or font. Thirdly, it should be ensured that users of the EHR can trace the origin, context, authorship, and date and time of the information copied; this could be achieved by inserting a link, for example. Fourthly, annual (or more frequent) audits should be conducted to assess the usage of SMART TOOLS, and to identify any outliers. Such audits could provide a benchmark as to how providers are using these tools. Finally, training should be given to clinicians about what information should be documented for the sake of compliance and reimbursement. This training should also cover information that is not necessary to document, helping to prevent over-documentation.
A compliant organization often displays certain distinct traits that serve as indicators of its healthy condition of compliance. First and foremost, the board members have a thorough understanding of the compliance program. They accept their role in overseeing the program, acknowledging their accountability for it. The administrative team is clearly assigned responsibility for running the program to ensure it functions effectively and efficiently.
Notably, compliance is not just a concept but is made tangible and measurable through robust monitoring and auditing mechanisms. As such, another key characteristic of a compliant organization is its agility in responding to detected problems. The adept organization can demonstrate swift and effective action in remedying any issues. This highlights its commitment to effectively maintain compliance at all times.
A Look Forward
Reflecting on the healthcare fraud enforcement actions taken in 2022, it's no surprise that the first half of 2023 has been quite active. The government continues to use the FCA as its primary method to fight against healthcare fraud, waste, and misuse. While there is understandably a lot to absorb in terms of understanding and complying with the FCA, you can do so with the right help. You should consider reaching out to your preferred health care lawyer or compliance professional with any questions. As always, we’re here to help.
[1] 31 U.S.C. §§ 3729-3733. [2] See e.g., U.S. ex rel. Polansky v. Executive Health Resources, Inc., No. 21- 1052, 2023 WL 4034314 (2023) (resolving a circuit split on the government’s authority to dismiss FCA litigation, articulating a deferential standard for government motions to dismiss so long as the government has intervened at some point in the case).
[5] 42 U.S.C. § 3729(b)(1). [6] U.S. ex rel. Schutte v. Supervalu Inc., et al., 143 S. Ct. 1391 (2023).
[7] Universal Health Servs., Inc. v. United States, ex rel. Escobar, 579 U.S. 176, 2001 (2016). [8] 31 U.S.C.A. § 3729 (b)(4). [9] Universal Health Servs. at 176, 194-95 (2016). [10] See id. at 2003. [11] See id. [12] See id. at 2003–2004. [13] See id. [14] United States ex rel. Harman v. Trinity Indus., 2017 U.S. App. LEXIS 18902, at *15 (5th Cir. 2017). [15] See id. at *54–55. [16] U.S. ex rel. Montcrieff v. Peripheral Vascular Assocs., P.A., No. SA- 17-CV-00317-XR, 2023 WL 139319 (W.D. Tex. Jan. 9, 2023). [17] United States v. Am. Health Found., No. 22-02344, 2023 WL 2743563, at *1 (E.D. Pa. Mar. 31, 2023).
[18] On December 16, 2022, United States Attorney General Merrick Garland issued two related memoranda (collectively, the “Garland Memo”) providing guidance to federal prosecutors regarding department policies for charging, pleas, and sentencing. Following the publication of the Garland Memo, on January 17, 2023, Assistant Attorney General for the DOJ’s Criminal Division Kenneth Allen Polite Jr. announced notable revisions to the Criminal Division’s Corporate Enforcement Policy (“CEP”), modifying how it will evaluate corporate criminal matters. The CEP was revised again in March of 2023. The Garland Memo can be accessed by clicking here and here. The CEP can be accessed here. [19] Sheehy, A., Weissburg, D., Dean, S., "The role of Copy-and-Paste in the Hospital Electronic Health Record," JAMA Internal Med, vol. 174, Number 8, Aug. 2014.
Comentarios