Since the outset of the COVID-19 pandemic, the US Department of Justice (DOJ) has prioritized identifying and prosecuting COVID-related fraudulent conduct, including healthcare fraud. Most of the DOJ’s enforcement activity to date has focused on criminal prosecutions relating to the Paycheck Protection Program, Economic Injury Disaster Loans and unemployment insurance benefit claims. There has been relatively limited enforcement activity in specific to the healthcare arena—until now. A series of new healthcare fraud criminal indictments and the creation of the COVID-19 Fraud Enforcement Task Force demonstrate that healthcare fraud enforcement activity is ramping up and will continue to increase over the course of the next year. Providers can take a number of proactive steps now to prepare for and mitigate risks associated with the increased COVID-related enforcement activity.
2021 NATIONAL COVID-19 HEALTHCARE FRAUD TAKEDOWN
On May 26, 2021, the DOJ and US Department of Health and Human Services, Office of Inspector General (HHS-OIG) announced new criminal healthcare fraud charges against 14 defendants in nine different cases as part of a coordinated nationwide “takedown.” The 14 defendants are, collectively, alleged to have caused over $143 million in false Medicare and Medicaid billings.
In announcing these new charges, US Deputy Attorney General Lisa Monaco reaffirmed the DOJ’s commitment to investigating healthcare fraud schemes relating to the COVID-19 pandemic, stating:
- These medical professionals, corporate executives, and others allegedly took advantage of the COVID-19 pandemic to line their own pockets instead of providing needed health care services during this unprecedented time in our country. We are committed to protecting the American people and the critical health care benefits programs created to assist them during this national emergency, and we are determined to hold those who exploit such programs accountable to the fullest extent of the law.
The DOJ also announced that the Center for Program Integrity at the Centers for Medicare & Medicaid Services (CMS/CPI) has separately taken “adverse administrative actions against over 50 medical providers for their involvement in health care fraud schemes relating to COVID-19 or abuse of CMS programs that were designed to encourage access to medical care during the pandemic.”
These new criminal charges and the 50 CMS/CPI administrative actions constitute a significant escalation in COVID-related healthcare enforcement activity. Crucially, the charges also provide further insight into the DOJ’s current healthcare fraud priorities. The newly announced charges demonstrate that the DOJ remains focused on the following areas relating to the pandemic:
- Provider Relief Fund: The takedown included the third criminal case in the country involving the Provider Relief Fund, which was created as part of the Coronavirus Aid, Relief and Economic Security (CARES) Act to provide direct payments to “eligible health care providers for health care-related expenses [and] lost revenues that are attributable to coronavirus.” The DOJ alleges that the owner of a home health agency misappropriated Provider Relief Fund monies and used them for his own benefit. Although all three criminal cases filed to date have involved similar misappropriation allegations, the DOJ has indicated that it also will pursue civil Provider Relief Fund cases under the False Claims Act (FCA), likely under the FCA’s reverse false claims provision.
- Telehealth Waivers: As part of the response to the COVID-19 pandemic, US Secretary of Health and Human Services temporarily waived statutory and regulatory requirements related to telehealth to allow Medicare beneficiaries to obtain expanded telehealth services. The takedown included the first cases in the country involving the fraudulent use of temporary telehealth waivers to bill for services that were either medically unnecessary or never provided. Although telehealth was already a DOJ priority area, the DOJ’s scrutiny of telehealth is expected to further increase in the wake of the significant expansion in telehealth services during the pandemic associated with the waivers.
- Bundling COVID-19 Tests: Many of the newly-filed criminal cases involve allegations that defendants bundled COVID-19 testing claims with Medicare claims for other, more expensive, laboratory tests, such as genetic testing, allergy testing and respiratory pathogen panel tests, that were not medically necessary and often not even provided. HHS-OIG and the DOJ prioritized such bundling schemes at the outset of the pandemic and will likely continue to scrutinize healthcare providers that billed Medicare for COVID-19 testing and other tests or services.
- COVID-19 Emergency Override Billings: The DOJ also brought additional charges in a case alleging that pharmacy owners used COVID-19 “emergency override” billing codes to circumvent preauthorization requirements and bill Medicare for expensive cancer medication that was never purchased, prescribed or dispensed to patients. Providers who relied significantly upon such emergency override billing codes during the pandemic can likely expect additional scrutiny from the DOJ and HHS-OIG going forward.
One can also expect a significant increase in civil healthcare fraud actions under the FCA relating to COVID-19. While criminal prosecutions will continue to target the most egregious conduct, civil and administrative actions will be used to pursue cases that turn on lower mens rea requirements or involve more complex regulatory issues. These civil actions will include qui tam actions filed by whistleblowers, as well as FCA cases initiated directly by the DOJ. Such civil enforcement activity typically trails criminal prosecutions and will inevitably impact a much broader range of healthcare providers.
These healthcare fraud prosecutions are a sign of things to come. Similar healthcare fraud prosecutions, investigations and other enforcement activity will increase in scope and frequency over the course of the next year, particularly as the economy and health systems recover from the pandemic.
COVID-19 FRAUD ENFORCEMENT TASK FORCE AND INTER-GOVERNMENTAL COLLABORATION
On May 17, 2021, the DOJ also announced the formation of the COVID-19 Fraud Enforcement Task Force (Task Force). In announcing the Task Force, US Attorney General Merrick B. Garland reiterated that the DOJ “will use every available tool—including criminal, civil, and administrative actions—to combat and prevent COVID-19 related fraud.” The Task Force, which includes the DOJ, Federal Bureau of Investigation (FBI) and HHS-OIG, is designed to “augment and incorporate” the existing “whole-of-government” COVID-19 enforcement efforts that are already underway. The creation of the Task Force will ensure that the DOJ, HHS-OIG and other federal agencies remain focused on and have the resources necessary to pursue further criminal and civil COVID-related enforcement actions.
Additionally, HHS-OIG’s Principal Deputy Inspector General Christi Grimm has made clear that audits, evaluations and investigations examining COVID-19 relief will remain an HHS-OIG priority for several years to come. As it focuses on COVID-related fraud, HHS-OIG is coordinating with the Pandemic Response Accountability Committee (PRAC) and collaborating with other law enforcement and oversight agencies, “using every tool in [its] arsenal, pursuing criminal or civil charges, seeking exclusion or referring for suspension and debarment from programs to recover ill-gotten gains.” Presently, HHS-OIG has received more than 2,400 COVID-related fraud complaints to its hotline and has more than 50 COVID-related audits/evaluations underway, including the Provider Relief Fund audits on eligibility, supporting documentation and overpayments that were added to the HHS-OIG work plan on May 17, 2021.
PRACTICE POINTERS TO MITIGATE COVID-RELATED FRAUD RISK
There are a number of proactive steps healthcare providers can take now to prepare for potential government enforcement activity:
- Incorporate Data Analysis into Audit and Compliance Programs
- The DOJ and HHS-OIG are using increasingly “sophisticated data analytics” to identify trends and outliers and pursue healthcare fraud cases. The PRAC also recently formed a fraud task force that will use data analytics to support law enforcement investigations. Providers should incorporate data analytics into their own audit and compliance programs in an effort to proactively identify errors, monitor risk areas and address any potential misconduct.
- Monitor Provider Relief Fund Guidance Updates and Evaluate Corresponding Compliance Infrastructure, Audit Readiness and Supporting Documentation
- The Health Resources & Services Administration (HRSA) administers the Provider Relief Fund through the issuance of Frequently Asked Questions (FAQs) and other sub-regulatory guidance. The FAQs are the primary source of HRSA’s guidance to recipients on compliance with the Provider Relief Fund terms and conditions and are updated periodically. Recipients can reduce their enforcement risk by monitoring revisions to the FAQs and reporting guidance, assessing whether business changes may be appropriate and how to further document their good faith compliance efforts. While HRSA historically has not notified recipients of these updates, an easy way to stay ahead of the curve is to subscribe for free updates from McDermott+ Consulting and for updates from McDermott Will & Emery, subscribe here.
- Providers should work with legal and financial advisors to evaluate how guidance changes may impact prior data submissions and their interpretations or other assumptions regarding eligibility and use of funds. In preparation for upcoming reports and audits, providers also should reevaluate the controls implemented over relief program funds and the scope of their documentation supporting permissible uses, calculations and eligibility. Consider bolstering documentation related to higher-risk areas (e.g., transactions and complex organizational structures) and evaluate whether disclosures may be warranted to demonstrate compliance and transparency and mitigate FCA risk.
- Assess Telehealth System for Risks
- Improper marketing strategies (e.g., cold calls), illegitimate physician-patient relationships and improper bundling of services have all prompted telehealth enforcement. Regardless of the role you play in any telehealth system, look at the design of the system and conduct of other participants with the goal of reducing the risk of entanglement with unlawful actors. Providers should also review their existing telehealth relationships, contracts and marketing materials to ensure total transparency and compliance (both historic and prospective) with applicable state and federal anti-kickback statutes.
- Monitor Regulatory Changes on Telehealth
- Telehealth waivers will end once the public health emergency ends. Once that happens, providers must return to the telehealth regime that governed the industry before the pandemic. (Again, an easy way to stay ahead of the curve is to subscribe for free updates from McDermott+ Consulting and from McDermott Will & Emery here.)
- Proactively Review Coding and Billing Practices
- Providers should immediately review and revisit their coding and billing practices to determine whether their practices involved bundling COVID-19 testing claims with other claims or the use of emergency override billing codes. To the extent providers have engaged in such practices, they should confirm the propriety of their billing and coding practices with in-house or external counsel. There is a strong likelihood that the DOJ will be reviewing the claims data for any providers with statistically significant use of these billing and coding practices, particularly when the providers are located in geographical areas where the DOJ’s Healthcare Fraud Strike Force and HHS-OIG’s Medicare Fraud Strike Force operate.