OIG Final Rule Expands OIG Enforcement Authority to Grant and Contract Fraud - McDermott Will & Emery

OIG Final Rule Expands OIG Enforcement Authority to Grant and Contract Fraud

Overview


On June 27, 2023, the US Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a final rule amending OIG’s civil money penalty (CMP) regulations implementing the 21st Century Cures Act (Cures Act) amendment to the CMP Law (CMPL), which, among other things, authorizes HHS to impose CMPs, assessments and exclusions upon individuals and entities that engage in fraud and other misconduct related to HHS grants, contracts and other agreements (42 USC 1320a-7a(o)-(s)). OIG’s final rule also addresses the Cures Act amendment to the Public Health Services Act (42 USC 300jj-52) authorizing OIG to investigate claims of information blocking and providing the Secretary of HHS authority to impose CMPs for information blocking, as well as Bipartisan Budget Act of 2018 increases to penalty amounts in the CMPL. We will be issuing a separate Special Report on the information blocking portion of OIG’s final rule.

In Depth


This On the Subject discusses key provisions of OIG’s final rule involving the Cures Act CMP authorities for grant, contract and other agreement-related fraud or misconduct.

The Basis for Liability

OIG finalized its proposal to add a new section 1003.700 that lists the new CMP offenses created by the Cures Act related to fraud and other misconduct involving grants, contracts and other agreements for which the Secretary of HHS provides funding when a person, excluding a program beneficiary:

  • Knowingly presents or causes to be presented a specified claim under such grant, contract or other agreement that a person knows or should know is false or fraudulent.
  • Knowingly makes, uses, or causes to be made or used any false statement, omission or misrepresentation of a material fact in any application, proposal, bid, progress report or other document that is required to be submitted in order to directly or indirectly receive or retain funds provided in whole or in part [by such Secretary] pursuant to such grant, contract or other agreement.
  • Knowingly makes, uses, or causes to be made or used false records or statements material to false or fraudulent specified claims under such grant, contract or other agreement.
  • Knowingly makes, uses or causes to be made or used false records or statements material to an obligation to pay or transmit funds or property to [such Secretary] with respect to such grant, contract or other agreement, or knowingly conceals or knowingly and improperly avoids or decreases an obligation to pay or transmit funds or property [to such Secretary] with respect to such grant, contract or other agreement.
  • Fails to grant timely access upon reasonable request to OIG personnel who are carrying out audits, evaluations, investigations and other statutory functions related to such grants, contracts and other agreements.

Key Definitions

OIG finalized, without change, several key definitions for the terms “obligation,” “recipient,” “specified claim,” “reasonable request” and “other agreement.” Notably, OIG adopted the statutory definition of “other agreement,” which remains quite broad. The definition includes a non-exhaustive list of arrangements that could constitute “other agreements”: cooperative agreements, scholarships, fellowships, loans, subsidies, payments for a specified use, donation agreements, awards and subawards (regardless of whether one or more of the persons entering into the agreement are a contractor or subcontractor).

As noted in the final rule preamble, OIG received comments requesting more detail on which arrangements could constitute “other agreements” under the regulations. But OIG declined to modify the definition, stating “[i]t is not possible to identify with specificity all the various types of agreements that may fall under the definition […].” And OIG continues to take the “know it when we see it” approach, referencing in the final rule preamble its statement in the proposed rule preamble that “when OIG investigates potential misconduct and decides whether to impose sanctions, it will evaluate matters on a case-by-case basis to determine whether the funding arrangement at issue constitutes an ‘other agreement’ […].”

Further, OIG appears to maintain a view that the statutory authorities related to grant CMPs as broadly expanding OIG’s CMP jurisdiction beyond federal healthcare programs, such as Medicare and Medicaid, to many other HHS programs, such as National Institutes of Health or Centers for Disease Control and Prevention grants or any number of contracts that HHS enters into to manage its programs. Specifically, OIG stated in the final rule preamble that “[a]ny person that receives HHS funding directly or indirectly through an agreement is potentially subject to liability under the CMPL if they engage in any of the improper conduct identified in the regulation […].” Given OIG’s apparent interpretation of the authority and the current focus on COVID-19 funding, it would not be surprising to see OIG attempt to apply this authority to Provider Relief Fund payments, which HHS administered as a grant through the Health Resources and Services Administration.

But as we have previously noted, the placement of this statute in the Social Security Act (SSA) (which governs the Medicare and Medicaid programs as well as grants to states for unemployment compensation and other programs and the Social Security income benefit) raises a question of how far these CMP authorities extend to other HHS programs that are not contained in the SSA. The Cures Act does not define “grant” or “contract” in its CMPL amendment, and neither does OIG in its final rule. The nature of the CMPL, including being part of the SSA, suggests that these CMPs could arguably be limited to the grants, contracts and other agreements governed by the SSA. OIG received limited comments on the CMP authority and commenters did not appear to raise this issue, based on OIG’s preamble summary of the comment letters.

Penalties, Assessments and Exclusion
The final rule also implements the statutory penalties for each of the five offenses, which range from a maximum of $10,000 to $50,000 per offense, as measured by the applicable offense trigger (such as each claim, each false record or statement, or each day an overpayment is retained or access is not granted). OIG also may impose an assessment of not more than three times the amount involved with the improper conduct and may impose an exclusion from federal healthcare programs.

The Cures Act includes federal and state healthcare program exclusion as a potential consequence of offenses involving grants, contracts or other agreements. Federal and state healthcare program exclusion is consistent with the traditional scope of the CMPL as pertaining to offenses involving the federal healthcare programs. There is, however, a disconnect in providing for exclusion as a consequence for an offense that was not connected to federal or state healthcare programs for which an HHS debarment could apply. OIG did not receive comments regarding exclusion from federal healthcare programs and did not address the topic in the final rule preamble.

Aggravating and Mitigating Factors
As under the proposed rule, OIG’s final rule lists factors for OIG to consider when determining the severity of penalties and assessments, as well as the period of exclusion. The factors are categorized into mitigating and aggravating factors. The list of aggravating factors is not all-inclusive, and both the aggravating and mitigating factors largely mirror the factors related to the fraudulent or false submission of healthcare claims.

The final rule provides that it is a mitigating factor if all of the following conditions are met:

  • All the violations included in an action were of the same type and occurred within a short period of time.
  • There were few such violations.
  • The total amount claimed or requested related to the violations was less than $5,000.

The final rule non-exclusive list of aggravating factors includes the following:

  • The violations were of several types or occurred over a lengthy period of time.
  • There were many such violations (or the circumstances indicate a pattern of false or fraudulent specified claims, requests for payment or a pattern of violations).
  • The amount requested, claimed or related to the violations was $50,000 or more.
  • The violation resulted, or could have resulted, in physical harm to any individual.

Although OIG received several comments requesting modification, OIG declined to modify the mitigating and aggravating factors lists in the final rule. Specifically, OIG noted that because the mitigating and aggravating factors listed in 42 CFR 1003.720 (related to grants, contracts and other agreements) and 1003.220 (related to federal healthcare programs) provide guidelines for OIG to evaluate the same factors, and relate to damages sustained by HHS, the dollar thresholds should be consistent. Additionally, OIG declined to add a good-faith assessment to the final rule’s mitigating factor. OIG noted it would account for a party’s good-faith effort to comply, consistent with 42 CFR 1003.140. Hence, OIG did not think it was necessary to explicitly include a good-faith effort factor.

OIG Enforcement
OIG emphasized the final rule is not limited to intentional or egregious wrongdoing. A commentor highlighted that grants and other agreements are complex and regulatory requirements change, which should be taken into consideration, and that, because of the complex nature of such arrangements, the scope should be limited to intentional or egregious wrongdoing. OIG said, however, that it will not limit the scope, but rather contemplate all relevant facts and circumstances surrounding allegations of wrongdoing in connection with the factors in the Cures Act and the final rule.

Recommendations for Recipients of HHS Funding
Given the broad scope of the final rule, it adds a new enforcement avenue applicable to stakeholders in the healthcare industry and potentially beyond to organizations not familiar with OIG’s CMPL process or enforcement activities. Grantees, contractors and other recipients of HHS funds should continue to carefully review the myriad grant and contracting-related rules and guidance to ensure compliance. Recipients of HHS funding should consider revisiting their internal compliance policies to ensure that they appropriately address arrangements that fall within the new CMPL scope. Additionally, entities should engage with, if applicable, technical assistance centers early on in the funding process regarding grant and other funding compliance. Leveraging such resources sooner rather than later can help manage risks.

If you have questions or would like assistance assessing potential exposure under these new CMP authorities, please do not hesitate to contact your regular McDermott lawyer or any of the authors of this On the Subject.

The final rule can be found here.