The healthcare enforcement landscape is shifting quickly. This issue of McDermott’s Healthcare Enforcement Quarterly examines emerging trends and key issues for organizations that may become subject to enforcement scrutiny, and offers practical strategies for ensuring compliance and minimizing risk.
For example, healthcare organizations facing the prospect of False Claims Act (FCA) investigations and qui tam suits have a strengthened defense tool in their arsenal, thanks to the US Court of Appeals for the Fourth Circuit’s recent ruling in Allergan. Companies that can demonstrate objectively reasonable interpretations of ambiguous laws should emphasize this argument in discussions with the Department of Justice and, if the case moves into litigation, seek early dismissal. The importance of this decision will likely become more pronounced since the federal government has repeatedly signaled its intention to increase pandemic-related enforcement activity, which we expect will implicate programs with complex, ambiguous, and frequently changing program rules.
Relatedly, in this issue we also examine recent cases that seek to distinguish what Medicare guidance is enforceable and what is not, and review the CDC’s much-anticipated draft revision of its Clinical Practice Guideline for Prescribing Opioids. These timely updates should help healthcare organizations continue to develop their compliance programs and internal controls.
When a Law is Ambiguous and a Defendant’s Interpretation Makes Sense: Fourth Circuit Rejects FCA “Liability Through Ambush”
Dana M. McSherry
If an interpretation of a law is objectively reasonable, a defendant’s actual state of mind is irrelevant. This is what the majority of a US Court of Appeals for the Fourth Circuit panel held when affirming dismissal of a relator’s False Claims Act (FCA) qui tam suit alleging Medicaid fraud in United States ex rel. Sheldon v. Allergan Sales, LLC. With this decision, the Fourth Circuit joined five other appeals courts in applying the Supreme Court of the United States’ decision in Safeco Insurance Co. of America v. Burr  to FCA cases and holding that a defendant cannot act with the requisite state of mind, or scienter (which can be satisfied through showing knowledge, deliberate ignorance or recklessness), when the defendant is acting under an “objectively reasonable” reading of a statute and was “not warned away from that interpretation by authoritative guidance.” 
The ruling, and the similar rulings that preceded it, are important for subjects of FCA investigations and defendants in qui tam litigation who have operated under objectively reasonable interpretations of statutes and regulations. It has broad implications across an array of healthcare topics governed by laws that are ambiguous or subject to multiple reasonable interpretations, including topics discussed later in this report. For example, statutes and regulations aimed at responding to the COVID-19 pandemic are sure to be the source of enforcement activity and qui tam litigation for years to come, but many of those laws were hastily drafted and contain unclear requirements. Allergan will prove to be an important check on COVID-19 enforcement overreach.
The Relator’s “Best Price” Theory in Allergan
In Allergan, the relator, a former employee of Forest Laboratories, LLC (subsequently merged with Allergan Sales, LLC), alleged that Forest participated in a fraudulent reporting scheme under the Medicaid Drug Rebate Statute by purportedly failing to aggregate discounts provided to separate customers for purposes of “best price” reporting obligations.  Under the Rebate Statute, drug manufacturers must provide quarterly rebates to states on Medicaid sales of covered drugs. The Centers for Medicare and Medicaid Services (CMS) calculates these rebates based on reporting from the manufacturer. 
The relator alleged that Forest improperly failed to aggregate discounts given to every customer in the distribution chain, thereby leading to false pricing reports to CMS and reducing the amount of the state rebates Forest had to pay.  In one example given by the relator, Forest gave a 20% discount to a patient’s insurance company and a 10% discount to the same patient’s pharmacy. Forest reported a best price as having a 20% discount (the highest single discount it offered), but the relator alleged that the best price should have been a 30% discount (a combination of the two discounts in the same supply chain for the same drug).  The relator alleged that this practice reduced the rebates that Forest paid to participating states and resulted in the federal government paying at least $680 million more than it would have if Forest had accurately reported its best price. 
In seeking dismissal, Forest argued that the Rebate Statute and CMS’s regulations interpreting the statute were ambiguous regarding how best price should be calculated.  Neither the statute, the associated regulations nor the rebate agreement into which manufacturers must enter with the Secretary of Health and Human Services specified that discounts must be aggregated.  Forest therefore argued that CMS guidance could be interpreted as being the discount applied to any single entity. In fact, both the rebate agreement and CMS acknowledge the complexity of the program and therefore encourage manufacturers to simply make “reasonable assumptions” in preparing their calculations of “best price.”  Forest also relied on written comments it had submitted during CMS’s rulemaking process laying out its interpretation of the statute and urging CMS to provide clarity. CMS declined to offer clarification. 
The District Court and the Fourth Circuit Side with the Defendant
In affirming the decision from the US District Court for the District of Maryland, the Fourth Circuit applied the Supreme Court’s two-step analysis in Safeco to determine whether Forest acted knowingly under the FCA.  In Safeco, the Supreme Court interpreted the Fair Credit Reporting Act’s state of mind requirement, holding that the requirement cannot be satisfied if the defendant’s interpretation of a law is objectively reasonable, irrespective of the defendant’s subjective intent.  The Fourth Circuit in Allergan held that application of this standard “duly ensures that defendants must be put on notice before facing liability for allegedly failing to comply with complex legal requirements.”  Importantly, the FCA “does not assess liability through ambush.” 
Applying Safeco’s test, the Court first analyzed whether Forest’s interpretation was objectively reasonable. The Court found that “Forest’s reading of the Rebate Statute was not only objectively reasonable but also the most natural,” given that the statute defined Best Price as the single lowest price available to any entity.  Second, the Court analyzed whether “authoritative guidance might have warned defendant away from that reading.” The Court found that “Forest was not warned away from its reading by authoritative guidance from CMS” because, despite being expressly asked to clarify the rule regarding discounts, CMS failed to do so and “thereby maintained strategic ambiguity.”  The Court further relied on the language of the rebate agreements, which provide that “in the absence of specific guidance,” manufacturers should “make reasonable assumptions in their calculations of . . . Best Price, consistent with the requirements and intent of [the Rebate Statute], Federal regulations and the terms of this agreement.” 
Judge Wynn wrote a strongly worded dissent expressing concern about the implications of the Court’s decision.  According to Judge Wynn, the Court’s decision would “effectively neuter” the FCA by eliminating the scienter standard altogether.  Even if application of Safeco here were wise, Judge Wynn concluded that Forest’s failure to aggregate the discounts could not have been the product of “honest mistakes” and therefore its interpretation could not be considered objectively reasonable. 
Allergan Represents a Decisive Trend, with Important Implications
With its Allergan decision, the Fourth Circuit joined the five other circuits that have addressed this issue and applied the Safeco two-step scienter test to FCA cases.  The Fourth Circuit’s Allergan decision has important implications for FCA cases moving forward:
- The decision provides defendants with an additional tool with which to defend FCA investigations and qui tam suits. In the first instance, it is an argument defendants should raise with DOJ in seeking declination. If a case proceeds to litigation, Allergan provides a framework through which FCA defendants can seek early dismissal on the grounds that the defendant’s conduct comported with an objectively reasonable interpretation of a law that did not conflict with any authoritative guidance.
- While important to all FCA defendants, the Allergan decision is especially significant to healthcare companies that are governed by complex regulations that can be subject to multiple interpretations. In the past two years in particular, healthcare institutions have navigated a barrage of evolving regulations and guidance in response to the COVID-19 pandemic. In the wake of Allergan, healthcare organizations should thoughtfully consider and document the bases for their interpretations of ambiguous statutes and regulations, in order to help demonstrate the objective reasonableness of those interpretations if enforcement activity should arise.
- In appropriate circumstances, it may be prudent for a company to seek clarification from the relevant payor or regulator, as Forest did in Allergan. Depending on the outcome of such a request, the fact that this request was made may be useful if the reasonableness of the defendant’s interpretation is later questioned. However, the benefits and risks of engaging with the regulator should be carefully evaluated in each situation.
- What constitutes “authoritative guidance” as used in Allergan and other cases likely will continue to be hotly contested in FCA cases. Courts will have to determine whether the guidance relied on by the government or a relator in an FCA case directly addresses the point of ambiguity in the statute or regulation, and whether sub-regulatory guidance such as manuals, opinions and policy statements that do not have the force of law should be considered in the Safeco analysis. The outcome of these future battles will determine just how much Allergan’s decision will impose a check on future FCA claims.
- While Allergan was decided based on the scienter element of an FCA claim, aspects of its reasoning are, as a logical matter, applicable to the “falsity” element of such a claim. If a statutory interpretation is objectively reasonable, a claim cannot be objectively “false” within the meaning of the FCA. In Allergan, the defendant advanced a falsity argument in addition to the scienter argument, contending that the relator failed to plausibly plead that the pricing submissions were objectively false.  The district court found its argument persuasive.  Indeed, if an interpretation of a law is objectively reasonable, it is difficult to see how a claim submitted in accordance with that interpretation could be “false,” much less knowingly so.
The relator in Allergan has filed a petition for rehearing en banc, which is pending as of the date of this publication.
 24 F.4th 340 (4th Cir. 2022).
 551 U.S. 47 (2007).
 Allergan, 24 F.4th at 348; see United States ex rel. Schutte v. SuperValu Inc., 9 F.4th 455, 459 (7th Cir. 2021); United States ex rel. Streck v. Allergan, Inc., 746 F. App’x 101, 106 (3d Cir. 2018); United States ex rel. McGrath v. Microsemi Corp., 690 F. App’x 551, 552 (9th Cir. 2017); United States ex rel. Donegan v. Anesthesia Assocs. of Kansas City, PC, 833 F.3d 874, 879–80 (8th Cir. 2016); United States ex rel. Purcell v. MWI Corp., 807 F.3d 281, 290–91 (D.C. Cir. 2015).
 24 F.4th at 345–46.
 Id. at 345 (discussing 42 U.S.C. § 1396r-8).
 Id. at 346.
 See id. at 346–47.
 See id. at 345 (discussing 42 U.S.C. § 1396r-8(c)(1)(C)(i), (ii) and 42 C.F.R. § 447.505(a) (2007)).
 Id. at 355.
 See id. at 354.
 Id. at 348.
 551 U.S. at 70.
 24 F.4th at 348–50.
 Id. at 356.
 Id. at 351–53.
 Id. at 353–56.
 Id. at 355 (internal quotations omitted).
 Id. at 357 (Wynn, J., dissenting).
 Id. at 358.
 See Schutte, 9 F.4th at 459; Allergan, 746 F. App’x at 106; Microsemi, 690 F. App’x at 552; Anesthesia Assocs., 833 F.3d at 879–80; MWI Corp., 807 F.3d at 290–91.
 United States ex rel. Sheldon v. Forest Laboratories, LLC, 499 F. Supp. 3d 184, 209 (D. Md. 2020).
 Id. at 212 (holding that the defendant’s interpretation “cannot quality as objective falsehoods or constitute false statements under the FCA” when it was not objectively unreasonable).
COVID-19 Healthcare Enforcement Actions to Increase in 2022 and Beyond
Julian L. André
Dawn R. Helak
“The Department remains committed to using every available federal tool—including criminal, civil, and administrative actions—to combat and prevent COVID-19 related fraud. We will continue to hold accountable those who seek to exploit the pandemic for personal gain, to protect vulnerable populations, and to safeguard the integrity of taxpayer-funded programs”
US Attorney General Merrick Garland – March 10, 2022, Remarks
The Biden Administration, US Department of Justice (DOJ), US Department of Health and Human Services Office of Inspector General (HHS-OIG), and other federal agencies have prioritized prosecuting COVID-19-related fraud since the pandemic began. Although the United States appears to be finally emerging from the pandemic, the government’s pandemic-related enforcement actions are here to stay for the foreseeable future. DOJ has made clear that the government’s COVID-19 enforcement efforts will accelerate, with a more significant focus on complex healthcare fraud cases and civil actions under the False Claims Act (FCA). As the federal government continues to devote additional resources towards its pandemic-related enforcement efforts, healthcare companies, hospital systems and providers should prepare for increased scrutiny.
Additional Resources Devoted to COVID-19 Fraud Enforcement Efforts
DOJ and other federal agencies have already devoted an unprecedented amount of resources to investigating and prosecuting pandemic-related fraud cases. These extensive efforts have led to immediate results. To date, DOJ has brought pandemic-related criminal charges against more than 1,000 individuals with the total alleged fraud losses exceeding $1 billion, and has seized more than $1.2 billion in fraudulently obtained relief funds.
DOJ’s pandemic-enforcement efforts show no sign of slowing down anytime soon. Less than a year after US Attorney General (AG) Merrick Garland established the COVID-19 Fraud Enforcement Task Force, the Biden administration announced that DOJ would appoint a chief prosecutor to expand on the Task Force’s “already robust efforts,” to focus on “most egregious forms of pandemic fraud” and to target particularly complex fraud schemes.
On March 10, 2022, DOJ announced that Kevin Chambers has been appointed as DOJ’s director for COVID-19 fraud enforcement. During his introductory remarks, Chambers said that DOJ would be “redoubling [its] efforts to identify pandemic fraud, to charge and prosecute those individuals responsible for it and whenever possible, to recover funds stolen from the American people.” He also indicated that DOJ would use “new tools” it has developed since the start of the pandemic to investigate such fraud.
In a March 2, 2022, speech before the American Bar Association’s Annual National Institute on White Collar Crime, AG Garland also announced that the Biden Administration will seek an additional $36.5 million in the 2022 budget for DOJ to “bolster efforts to combat pandemic-related fraud.” As evidence of this point, DOJ plans to hire 120 new prosecutors and 900 new Federal Bureau of Investigation agents who will focus on white-collar crime.
DOJ and HHS-OIG to Increasingly Focus on FCA Cases
For the past two years, officials from DOJ and HHS-OIG have identified civil and criminal healthcare fraud relating to COVID-19 as a high priority. As the effects of the pandemic subside, COVID-19-related civil enforcement actions targeting healthcare providers and healthcare companies seem set to increase.
During remarks at the Federal Bar Association’s annual Qui Tam Conference in February 2022, Gregory Demske, chief counsel to the inspector general for HHS-OIG, emphasized that COVID-19 remains a key enforcement priority. Demske indicated that HHS-OIG is focused on the use of COVID-19 to bill for medically unnecessary services, and fraud in connection with HHS’s Provider Relief Fund (PRF) and Uninsured Relief Fund. Demske also confirmed that HHS-OIG remains intensely focused on fraud in connection with telehealth services, the use of which increased exponentially during the pandemic. And, in March 2022, AG Garland reiterated that DOJ will use “every available federal tool—including criminal, civil, and administrative actions—to combat and prevent COVID-19 related fraud.”
The majority of pandemic-related healthcare enforcement actions to date have been criminal prosecutions involving truly blatant instances of fraud and abuse. Going forward, civil and administrative actions likely will be used to pursue cases that turn on lower mens rea requirements or involve more complex regulatory issues. These civil actions will include qui tam actions filed by whistleblowers, as well as FCA cases initiated directly by the DOJ.
In 2021, DOJ recovered more than $5 billion in connection with FCA cases involving the healthcare industry. Given the unprecedented amount of government funds expended to combat the COVID-19 pandemic, DOJ and HHS-OIG will undoubtedly rely on the FCA to maximize the government’s financial recovery. DOJ has already reached FCA settlements in several Paycheck Protection Program cases. It is only a matter of time before we see similar FCA investigations, complaints and settlements focused on relief funding to healthcare providers.
Pandemic-Related Healthcare Priorities
The PRF was created as part of the Coronavirus Aid, Relief and Economic Security (CARES) Act to provide direct payments to “eligible health care providers for health care-related expenses [and] lost revenues that are attributable to coronavirus.” More than $140 billion has been disbursed to hospitals and healthcare providers under the PRF, which is administered by the Health Resources & Services Administration (HRSA).
Payments under the PRF are subject to specific terms and conditions. To retain PRF disbursements, providers must attest to “ongoing compliance” with these requirements and acknowledge that their “full compliance with all Terms and Conditions is material to the Secretary’s decision to disburse funds.” Notwithstanding ongoing concerns and confusion regarding the PRF program requirements, any noncompliance with the terms and conditions could result in criminal, civil and administrative enforcement actions. As recently as March 3, 2022, AG Garland identified fraud in connection with the PRF as a key DOJ enforcement priority.
To date, the Healthcare Fraud Unit of DOJ’s Criminal Division has already brought criminal charges against nine individuals for fraud relating to the PRF. These criminal cases, however, have almost exclusively focused on egregious allegations of fraud and abuses, such as misappropriating PRF disbursements and using the money for personal expenses. For example, in September 2021, DOJ charged five individuals with using PRF payments to gamble at Las Vegas casinos and purchase luxury cars.
DOJ, however, has long indicated that the FCA will also play a “significant role” in DOJ’s PRF enforcement efforts. It is now just a matter of time before such civil investigations and settlements emerge.
HRSA’s stated oversight plan includes post-payment analysis and review to determine whether HHS distributed PRF payments to eligible providers in the correct amounts; audits to assess whether recipients used the funds in accordance with laws, guidance, and terms and conditions; and the recovery of overpayments and unused or improperly used payments. Among other things, HRSA and HHS-OIG likely will evaluate ownership changes, double counting reimbursed expenses and losses, and compliance with the balanced billing requirements.
PRF oversight and enforcement actions have been delayed partly because of program complexities and extended reporting timelines. For example, the first report from PRF recipients on use of funds was not due until the end of 2021. Depending on the date funds were received, PRF recipients may have no reporting obligations through 2023. Entities that expended more than $750,000 in federal awards, including PRF payments, also must obtain an independent audit examining their financial statements; internal controls; and compliance with applicable statutes, regulations and program requirements. These independent audits of PRF payments must be submitted to the Federal Audit Clearinghouse, for nonprofit organizations, or the HRSA Division of Financial Integrity, for for-profit “commercial” organizations. Recipients also may be subject to separate audits by HHS, HHS-OIG or the Pandemic Response Accountability Committee to review copies of records and cost documentation and to ensure compliance with the applicable terms and conditions.
Finally, DOJ and HHS-OIG have increasingly relied on sophisticated data analytics to drive their healthcare enforcement efforts generally. Now that the first round of reports containing specific PRF data certifications are available to HRSA and HHS-OIG, we expect to see the use of such analytics, in conjunction with all the other available information, in connection with PRF enforcement.
Telehealth use expanded exponentially during the pandemic. A March 2022 HHS-OIG report showed that during the first year of the pandemic, more than 28 million Medicare beneficiaries (approximately 43% of all Medicare beneficiaries) used telehealth services—a “dramatic increase from the prior year” in which only 341,000 beneficiaries used telehealth. This increase was largely the result of HHS temporarily waiving statutory and regulatory requirements related to telehealth to allow Medicare beneficiaries to obtain expanded telehealth services.
Telehealth has been at the forefront of DOJ’s healthcare enforcement efforts for years now. For example, DOJ’s 2021 nationwide healthcare enforcement action included criminal charges against dozens of individuals for telehealth fraud schemes involving more than $1.1 billion in alleged loses. The majority of these telehealth enforcement actions to date have involved the use of telehealth to engage in traditional fraud healthcare schemes, such as illegal kickbacks and billing for medically unnecessary services and equipment.
DOJ, however, has increasingly pursued criminal enforcement actions directly related to the telehealth waivers HHS issued in response to the pandemic. For example, in November 2021, a defendant was sentenced to 82 months in prison for participating in a $73 million telehealth fraud scheme. The defendant owned laboratories that provided genetic testing and had paid his coconspirators to arrange for telehealth providers to order medically unnecessary genetic tests. The telehealth providers were not actually treating the beneficiaries, did not use the test results and often never even conducted the telemedicine consultation. Although this was primarily a traditional Anti-Kickback Statute/medical necessity case, DOJ also charged the defendant with using the COVID-19-related telehealth waivers to submit more than $1 million in false claims for sham telemedicine visits.
Similar criminal prosecutions and civil actions relating to the expanded telehealth waivers and sham telehealth encounters can be expected in the future. DOJ and HHS-OIG will likely focus on telehealth visits that resulted in claims for services and equipment with particularly high reimbursement rates, such as genetic testing and durable medical equipment. DOJ and HHS-OIG likely will use data analytics to focus on instances in which telehealth services were billed by providers with whom the beneficiary did not previously have a relationship.
Improper Billing Schemes
DOJ has also pursued criminal cases involving traditional healthcare fraud schemes that sought to take advantage of the COVID-19 pandemic. For example, in May 2021, DOJ announced criminal charges against numerous individuals who were improperly bundling COVID-19 tests with other more expensive laboratory tests, such as genetic testing, allergy testing and respiratory pathogen panel testing. DOJ has likewise pursued criminal cases in which defendants improperly used COVID-19 “emergency override” billing codes to circumvent preauthorization requirements and bill Medicare for expensive medications and treatments. Any improper billing schemes that relate to the pandemic will continue to be a focus of criminal and civil enforcement efforts going forward.
Key Takeaways and Recommendations
DOJ, HHS-OIG and other federal agencies remain focused on pursuing healthcare fraud relating to the COVID-19 pandemic. The best way for hospitals, health systems and other healthcare companies and providers to prepare for this increased enforcement activity and scrutiny is to ensure that they have a robust compliance program in place.
There is no one-size-fits-all approach to compliance, but companies can take several proactive and practical steps to minimize their enforcement risk:
- Monitor federal and state regulatory and statutory changes. The rules, regulations and guidance relating to the COVID-19 pandemic, including for the PRF and expanded telehealth waivers, have repeatedly changed over the past two years and continue to evolve. Monitoring such changes will not only help prevent enforcement actions, but a company’s reasonable and good faith efforts to interpret and follow such rules and regulations can be a powerful defense should an investigation arise, as discussed in connection with the Allergan case, above. Further to that point, where regulatory requirements and associated guidance is ambiguous, a good documentary record of the basis for your entity’s interpretation of the rules is critical.
- Incorporate data analytics into your compliance program. DOJ and HHS-OIG continue to rely heavily on sophisticated data analytics, including artificial intelligence, to identify and prosecute fraud. In March 2022, AG Garland emphasized DOJ’s use of “big data” to identify payment anomalies that are indicative of fraud. Healthcare companies already have access to vast amounts of data that they can and should use to proactively identify errors, monitor risk areas and address any potential misconduct.
- Adapt your compliance program and internal controls, as appropriate, to support PRF compliance, reports and audits. Recipients should continue to practice good compliance hygiene and maintain contemporaneous records regarding the receipt and spending of federal funds. Doing so may involve implementing additional systems to track spending, recovery and relief to avoid overlapping use of funds among relief programs, or consulting with grant accounting and compliance advisors to augment existing infrastructure. Recipients also should periodically review policies, procedures and controls, particularly following major updates to program requirements and interpretations.
- Ensure the accuracy of required PRF reports, certifications and submissions. Particularly in light of ongoing political pressure, HRSA and HHS-OIG likely will conduct extensive oversight of the PRF to identify potential errors, overpayments and improper use of funds. Recipients should carefully review guidance and instructions to avoid inadvertent errors and misstatements on all submissions. Recipients may consider revisiting prior submissions underlying significant disbursements to identify interpretative issues or compliance concerns that warrant additional supporting documentation or disclosure.
- Carefully consider the implications before entering into arrangements with other parties. The biggest risk to healthcare companies often comes from those with whom they do business. Compliance programs should focus heavily on reducing the risk of entanglement with bad actors.
- Be diligent in the design and oversight of marketing strategies. Healthcare companies and providers should regularly review their marketing strategies to ensure total transparency and compliance (both historic and prospective) with applicable state and federal anti-kickback statutes. Companies should confirm that patients are reached through appropriate channels. Although issues relating to COVID-19 may be the impetus for a government investigation, violations of the Anti-Kickback Statute frequently result in larger recoveries for the government.
- Proactively examine coding and billing practices. Providers should immediately review and revisit their coding and billing practices to determine if their practices involved bundling COVID-19 testing with other claims, the use emergency override billing codes or billing for other COVID-19 related services with high reimbursement rates. There is a strong likelihood that the DOJ will review the claims data for any providers with statistically significant use of these billing and coding practices, particularly when the providers are located in geographical areas where the DOJ’s Healthcare Fraud Strike Force and HHS-OIG’s Medicare Fraud Strike Force operate.
Spotlight on Sub-Regulatory Guidance: Applying Agency Guidance to an Allergan Framework
One emerging key issue is whether “authoritative guidance might have warned defendant away from” their interpretation. Squaring Allergan’s “authoritative guidance” requirement with other Supreme Court precedent on the enforceability of Medicare sub-regulatory guidance will be the subject of more litigation in the future.
Azar v. Allina Health Services
The US Department of Health and Human Services (HHS) began an examination of its guidance practices, and use of guidance, following the Supreme Court’s’ June 2019 decision in Azar v. Allina Health Services, et al.  The Court held that agency guidance that represents a change in a “substantive legal standard” within the meaning of Section 1871(a)(2) of the Social Security Act (SSA) must be issued through notice-and-comment procedures. The Court explained that the “substantive legal standard” under Section 1871(a)(2) means any legal standard or determination that creates rights and obligations, such as the scope of benefits; payment for services; eligibility of individuals to receive benefits; or eligibility of individuals, entities or organizations to furnish services.
Since the Court’s decision, lower courts have attempted to distinguish what Medicare guidance is enforceable and what is not. Four recent cases have weighed in on this question:
- The US District Court for the Central District of California held in Agendia, Inc. v. Azar that a local coverage determination (LCD) and related policy articles by a Medicare Administrative Contractor (MAC) were not enforceable. According to the court, those guidance documents constituted “substantive legal standards” that were “unlawfully promulgated without notice and comment.”  The Ninth Circuit reversed, holding 2–1 that the Medicare Act’s notice-and-comment requirements at 42 USC § 1395hh do not apply to LCDs because they do not “establish or change a substantive legal standard.”  The court held that LCDs only bind the MACs’ coverage determinations, whereas qualified independent contractors, administrative law judges (ALJ)s and the Medicare Appeals Council remain obligated to apply the reasonable and necessary statutory standard in adjudicating appeals. 
- The US District Court for the Middle District of Tennessee declined to hold that all LCDs are unenforceable. In United States v. Anesthesia Servs. Assocs., PLLC, defendants were accused of not complying with an LCD and sought dismissal of the False Claims Act (FCA) claim by arguing that the LCD was “not promulgated in accordance with notice and comment procedures.”  Noting that the parties did not fully brief the issue, the court nonetheless held that “an LCD may give rise to an FCA claim” and refused to dismiss.  Given the lack of briefing, the court may not have known that LCDs are not binding on HHS, and that the HHS Office of the General Counsel (OGC) Memo, discussed below, instructed CMS that LCDs do not establish or change substantive legal standards and therefore cannot support enforcement actions.
- In Polansky v. Exec. Health Res., Inc., the US District Court for the Eastern District of Pennsylvania granted summary judgment in favor of the defendants.  The relator alleged that, for periods before October 1, 2013, defendants failed to comply with guidance published in the Medicare Hospital Manual that instructed physicians to admit individuals as inpatients only if the physician believes a patient would be in the hospital for longer than 24 hours, known as the “two-midnight” rule.  The court determined that the Medicare Hospital Manual guidance, which did not go through formal notice-and-comment rulemaking, was a “substantive legal standard” under the SSA because the guidance “affects a hospital’s right to payment.”  The court granted defendants’ summary judgment motion, and the Third Circuit affirmed.  A petition for a writ of certiorari has been docketed at the Supreme Court, and a response is due on May 3, 2022.
- In Dobson v. Azar, the US District Court for the Southern District of Florida ruled that the Medicare Appeals Council may uphold an ALJ decision to deny a Medicare beneficiary drug coverage based in part on subregulatory guidance from the Prescription Drug Benefit Manual (PDBM).  The court held that the PDBM “does not carry the force of law but still clarified what ‘medically accepted indication’ entails.”  The court also found that “[a]lthough the PDBM does not bind ALJs and the Council, they must be accorded substantial deference if they are applicable to a particular case.”  In an unpublished per curiam opinion, the Eleventh Circuit vacated the district court’s ruling and held that the statutory term “medically accepted indication” includes off-label drug uses that are supported by a medical compendium establishing the “efficacy and safety of the prescribed off-label use.” 
In November 2019, the CMS OGC released a memo (that was made public) to instruct the department on how to interpret and implement Azar v. Allina Health Services, et al. The memo describes CMS guidance documents that set forth interpretive payment rules, such as the Medicare Internet-Only Manuals, as legally nonbinding and states that they may not be used as the basis of an enforcement action. However, according to the memo, CMS guidance documents that are “closely tied to a statutory or regulatory requirement” may provide additional clarity, and enforcement actions implicating the guidance can still be brought. Further, even if the subregulatory guidance is not specifically enforceable as a substantive legal standard, it can be used for other purposes, such as scienter or materiality, as stated in the US Department of Justice (DOJ) Brand Memo.
Good Guidance and Civil Enforcement Rules Creation and Proposed Repeal
In December 2020, at the end of the Trump Administration, HHS issued two final rules that attempted to further regulate and curtail HHS guidance practices: the Good Guidance Practices Rule (Good Guidance Rule) and the HHS Transparency and Fairness in Civil Administrative Enforcement Actions Rule (Civil Enforcement Rule).
The Good Guidance Rule included four major changes to HHS’s previous approach to guidance documents. First, the rule imposed a requirement that each guidance document issued by HHS include a statement that the guidance document does not have the effect of law and does not impose a binding obligation unless included in a contract. Second, the Good Guidance Rule created new procedures for what HHS classified as “significant guidance documents.” These procedures include notice-and-comment rulemaking, a requirement that the HHS Secretary approve the guidance, and submission to the Office of Information and Regulatory Affairs for review under Executive Order 12866.  Third, the Good Guidance Rule required that HHS create a repository for all guidance documents, and required that any guidance document not located in the repository be considered rescinded. Finally, the Good Guidance Rule established a process by which the public could petition HHS to withdraw or revise a particular guidance document.
HHS issued the Civil Enforcement Rule without notice and comment as a procedural rule, whereas the Good Guidance Rule was promulgated following notice-and-comment rulemaking. The Civil Enforcement Rule included several provisions, including the following requirements:
- HHS may only apply standards and practices in civil enforcement actions that have been publicly announced.
- HHS must publish in the Federal Register or the HHS guidance document repository any assertions of new or expanded jurisdiction before asserting such jurisdiction over regulated parties’ conduct in a civil enforcement action.
- HHS must provide regulated parties with written notice of its initial legal and factual determinations, an opportunity to respond to the same, and, if requested, a written response to the parties’ response, all before initiating a civil enforcement action.
On October 20, 2021, HHS issued a proposed rule to repeal both of these rules, citing concerns that they created “unnecessary hurdles” that would make it more difficult for HHS to issue guidance, bring enforcement action or take actions to advance its mission. 
DOJ’s Garland Memo
On July 1, 2021, US Attorney General Merrick Garland issued a memorandum on the “Issuance and Use of Guidance Documents by the Department of Justice” (Garland Memo). The Garland Memo reemphasized that guidance documents issued by an agency “do not have the force and effect of law.”  The Garland Memo rescinded two memoranda issued by the Trump Administration, which limited the DOJ’s ability to issue and utilize guidance documents. The Garland Memo stated that the DOJ should clearly label guidance documents as such and should cite to the binding legal authority that serves as the legal basis for a guidance document. The Garland Memo also explained that enforcement actions cannot be based on guidance documents alone because such documents do not create binding obligations.
Amid these developments, agencies continue to use sub-regulatory guidance documents to state their legal interpretations of the statutes governing their programs. While guidance documents are not legally binding and do not impose obligations on regulated parties, these documents can help inform the regulated community about how the agency views a particular issue, which can improve clarity and efficiency for parties aiming to comply with often complex regulatory requirements.
That said, if a statute has multiple interpretations, it is not obvious that the agency’s guidance interpreting the statute is the only interpretation permitted, or whether an organization could also have a different yet still objectively reasonable interpretation. What qualifies as authoritative guidance, and how to marry the “substantive legal standard” and “authoritative guidance” tests is likely be a focus of debate and litigation in future FCA cases. The pending repeal of the Good Guidance Rule and the Civil Enforcement Rule does not change judicial decisions that have interpreted when HHS is required to use notice-and-comment rulemaking under the SSA. Defendants in healthcare enforcement actions should continue to challenge such actions where the liability theory is based on subregulatory guidance documents.
In addition, organizations or trade associations should consider submitting comments to HHS that explains an interpretation of a particular ambiguous issue and ask for clarity. The Allergan court found it relevant that Forest submitted comments to CMS during rulemaking on the rebate issue and CMS declined to provide more clarity in finding that there was no authoritative guidance contradicting Forest’s interpretation. There are plenty of other places in CMS guidance where intentional ambiguity exists, which opens the door for organizations to construct an objectively reasonable alternative interpretation. One way to document that interpretation is to submit comments to CMS during rulemaking or, even if the Good Guidance Rule is repealed, on existing guidance. Of course, this could result in CMS taking a position that is different from one advocated by the organization. As a result, this strategy should be thoughtfully considered depending on the organization’s particular circumstances.
 Several other hospital and health systems were also parties in filing this lawsuit.
 420 F. Supp. 3d 985, 998 (C.D. Cal. 2019).
 Agendia, Inc. v. Becerra, 4 F.4th 896, 900 (9th Cir. 2021)(quoting 42 U.S.C § 1395hh).
 No. #:16-cv-0549, 2019 WL 7372510, at *15 (M.D. Tenn. Dec. 31, 2019).
 Id. at *16
 422 F.Supp.3d 916 (E.D. Pa. Nov. 5, 2019).
 78 Fed. Reg. 50496 (Aug. 19, 2013) (codified as amended at 42 C.F.R. § 412.3(d)(1)).
 Id. at 935 (quoting Allina, 139 S. Ct. at 1811).
 Polansky v. Executive Health Resources, Inc.,17 F.4th 373 (3d Cir. 2021).
 451 F.Supp.3d 1346 (S.D. Fla. Mar. 31, 2020).
 Id. at 1357.
 Dobson v. Sec’y of Health & Human Servs., 2022 WL 424813 (3d Cir. Feb. 11, 2022).
 This executive order requires significant regulatory actions to be submitted to the Office of Management and Budget (“OMB”) for review.
 86 Fed. Reg. 58043 (Oct. 20, 2021).
 Garland Memo, citing Perez v. Mortgage Bankers Ass’n, 575 U.S. 92, 97 (2015) (quoting Shalala v. Guernsey Mem’l Hosp., 514 U.S. 87, 99 (1995)).
Revised CDC Guideline for Prescribing Opioids Emphasizes Physician Judgment, Reflects Concerns About Misapplication of Earlier Guidance
Matthew L. Knowles
Paul M. Thompson
Conscientious medical providers face difficult tradeoffs when deciding whether to prescribe opioid medications to treat patients with chronic pain. For patients who have failed other therapies, opioids can offer powerful pain relief and restore quality of life. But these drugs come with substantial and well-documented regulatory and patient-safety risks because of their potential for abuse.
On February 10, 2022, the Centers for Disease Control and Prevention (CDC) published in draft form a revised version of its Clinical Practice Guideline for Prescribing Opioids, and requested public comments. Once finalized, the 2022 Guideline will replace the CDC’s 2016 Guideline for Prescribing Opioids for Chronic Pain, which many commentators argue is clinical guidance that has been misapplied and misunderstood to be regulatory dictates.
The CDC’s draft guidance moves away from suggested dosage ranges (which regulators have heavily relied on for enforcement purposes) and emphasizes provider discretion when balancing the benefits and risks of opioids. An approach grounded in recognition of the need for provider discretion in medicine will certainly have implications for healthcare enforcement actions that seek to question the reasonableness of medical decisions.
Criticism of the 2016 Guideline
The CDC’s draft 2022 Guideline arrived in the wake of widespread confusion regarding the intent and implications of the CDC’s 2016 Guideline. Perhaps the most frequently commented-upon issue was the proper application of the CDC’s maximum recommended dose of 90mg MME (morphine milligram equivalent units) for primary care and general practitioners. Indeed, in the years after the CDC issued the 2016 Guideline, many regulators, prosecutors and courts have insisted that the CDC’s guidance set out limits or caps as to dosage, above which prescriptions were presumed to be improper and even illegal.
The concerns over the role of the practitioner guidelines in enforcement actions are well founded. For example, in June 2018, the Office of Inspector General (OIG), published a report based on the 2016 Guideline in which it identified almost 300 prescribers that OIG believed required further investigation because of their pattern of prescribing opioids.  Likewise, on November 19, 2021, the US District Court for the District of Maryland permanently enjoined a physician assistant from prescribing opioids, as well as other controlled substances, because the physician assistant prescribed opioids to patients above the 90 MME dosage recommended by the 2016 Guideline.  In a similar case, two doctors from Tennessee pled guilty to unlawful distribution of a controlled substance for prescribing opioids at doses that exceeded the 2016 Guideline. 45] On October 4, 2021, the government reached a civil settlement with Olive Street Pharmacy and its owner in connection with allegations of violating the False Claims Act and the Controlled Substances Act for dispensing prescriptions of opioids in dosage amounts that exceeded the CDC’s recommendations, among other claims. 
The American Medical Association (AMA), which generally supported adoption of the 2016 Guideline, later adopted resolutions “that call[ed] for restraint in implementing the CDC guideline—particularly as it applies to the agency’s maximum recommended dose of 90mg MME. . . .”  One AMA resolution emphasized that patients can benefit from taking a higher dosage than that recommended by the CDC and that “AMA advocate[s] that no entity should use MME thresholds as anything more than guidance, and physicians should not be subject to professional discipline, loss of board certification, loss of clinical privileges, criminal prosecution, civil liability, or other penalties or practice limitations solely for prescribing opioids at a quantitative level above the MME thresholds” found in the 2016 Guideline. 
Draft 2022 Guideline for Prescribing Opioids Suggests More Deference to Physicians
The draft 2022 Guideline addresses many of the issues raised in criticism of the 2016 Guideline. The 2022 Guideline emphatically rejects any suggestion that its guidance is mandatory. In its request for public comments, the CDC emphasizes that “[t]his voluntary clinical practice guideline provides recommendations and does not require mandatory compliance; and the clinical practice guideline is intended to be flexible so as to support, not supplant, clinical judgment and individualized, patient-centered decision-making.”  Likewise, “[t]his clinical practice guideline is not intended to be applied as inflexible standards of care across patient populations by healthcare professionals, health systems, third-party payers, organizations, or governmental jurisdictions.” 
From a regulatory perspective, the most important change in the 2022 Guideline is likely the removal of language suggesting that primary-care physicians should “avoid increasing dosage” to 90 MME per day. The 2022 Guideline notes that “[t]hough not the intent of the 2016 CDC Guideline, design and implementation of new laws, regulations, and policies also drew from its recommendations.”  While these laws and regulations “might have had positive results for some patients, a central tenet of the 2016 CDC Guideline was that the recommendations are voluntary and are intended to be flexible to support, not supplant, individualized, patient-centered care… Such misapplication includes… rigid application of opioid dosage thresholds [and] patient dismissal and abandonment.” 
The revised CDC guidance also underscores concerns about penalizing good-faith prescribing. Critics have accused the government of “us[ing] legal ambiguity for tactical advantage” and noted that the government “will not readily clarify lines it expects doctors to follow at their peril.”  The strict enforcement of a voluntary guideline presents a due process concern for physicians because it does not provide clear notice as to what conduct would subject them to liability—even criminal liability. The revised 2022 Guideline appears to suggest more deference to physicians. Indeed, the CDC states expressly that “[t]he Guideline should not be used by payers and health systems to set rigid standards related to dose or duration of opioid therapy.” 
Practices and corporate entities that employ or credential providers who prescribe opioids should continue to track these developments. These entities—and the providers themselves—will continue to face difficult choices and tensions in ensuring that patients have access to appropriate medical care while managing the bundle of risks—including patient-safety and regulatory risks associated with opioid therapies. Thoughtful policies and practices for opioid prescribing must be provider-driven and focused on balancing the risks of opioids with the needs and circumstances of individual patients.
Healthcare organizations face a complex array of evolving regulations, guidance and case law. Staying abreast of the latest developments can help these organizations maintain a robust compliance program, minimize risk, and pursue their mission.
 Opioid Use in Medicare Part D Remains Concerning, US Department of Health & Human Services, Office of Inspector General (June 2018), https://oig.hhs.gov/oei/reports/oei-02-18-00220.pdf.
 Federal Court Enjoins Maryland Physician Assistant from Prescribing Opioids and Other Controlled Substances, DOJ Justice News (Nov. 19, 2021) https://www.justice.gov/opa/pr/federal-court-enjoins-maryland-physician-assistant-prescribing-opioids-and-other-controlled.
 Two East Tennessee Doctors Plead Guilty to Opioid Offenses, DOJ Justice News (Oct. 18, 2019) https://www.justice.gov/opa/pr/two-east-tennessee-doctors-plead-guilty-opioid-offenses.
 Creve Coeur pharmacy and owner agree to pay $1,507,808.50 to resolve lawsuit alleging dispensing of controlled substances with no legitimate medical purpose, DOJ News (Oct. 4, 2021), https://www.justice.gov/usao-edmo/pr/creve-coeur-pharmacy-and-owner-agree-pay-150780850-resolve-lawsuit-alleging-dispensing.
 See Pat Anson, AMA: ‘Inappropriate Use’ of CDC Guideline Should Stop, Pain News Network (Nov. 14, 2018), https://perma.cc/W6QE-XVZY.
 Proposed 2022 CDC Clinical Practice Guideline for Prescribing Opioids, Federal Register (Feb. 10, 2022), https://www.federalregister.gov/documents/2022/02/10/2022-02802/proposed-2022-cdc-clinical-practice-guideline-for-prescribing-opioids.
 Id. (emphasis in original).
 CDC Clinical Practice Guideline for Prescribing Opioids–United States, 2022, Regulations.gov (Feb. 10, 2022) at 11, https://www.regulations.gov/document/CDC-2022-0024-0002.
 Id. at 12.
 Julia B. MacDonald, “Do No Harm or Injustice to Them”: Indicting and Convicting Physicians for Controlled Substance Distribution in the Age of the Opioid Crisis, 72 Me. L. Rev. 197, 220 (2020), https://digitalcommons.mainelaw.maine.edu/cgi/viewcontent.cgi?article=1730&context=mlr (quoting Harvey Silverglate, When Treating Pain Brings a Criminal Indictment, The Wall Street J. (June 12, 2015), https://perma.cc/U66Y-GFLS).
 Draft CDC Clinical Practice Guideline for Prescribing Opioids – United States, 2022: Overview of Community Engagement and Public Comment Opportunities, Regulations.gov (Feb. 10, 2022), https://www.regulations.gov/document/CDC-2022-0024-0005.