April 2001, Vol. 30, No. 4, Page 41
By Kenneth F. Eichner
The past decade has seen a proliferation of health care fraud involving every type of medical provider, from individual physicians and hospitals to medical equipment dealers and ambulance companies. Health care fraud includes such activities as billing for services not rendered or not medically necessary, double billing for services provided, up-coding (billing for a more highly reimbursed service or product than the one provided), unbundling (billing separately for laboratory tests performed together to get a higher reimbursement), and fraudulent cost reporting by institutional providers. Health care fraud takes billions of dollars from federal health care programs that provide essential health care services for millions of Americans.
The detection and elimination of health care fraud has become a top priority of the government, which has developed a complex mix of statutory remedies and penalties to address the problem. Agencies often use a mix of these penalties to convict persons and corporations that deceive federal agencies, recoup civil damages, and exclude physicians from using Medicaid or Medicare insurance. These penalties are pursued on a number of different fronts—criminal, civil, federal, and state.
This article surveys the different federal and state remedies and penalties addressing health care fraud and explores the options available to defendants who may face health care fraud prosecution. The article also considers the factors involved in whether or not health care providers should self-disclose.
There are five major federal statutes in place designed to combat health care fraud: the False Claims Act, Medicare Medicaid AntiFraud and Abuse Amendments, Health Insurance Portability and Accountability Act ("HIPAA"), Stark legislation, and Civil Monetary Penalty Act ("CMPA").
False Claims Act and Corporate Liability For False Claims
The government has both criminal and civil remedies that may be applied to defendants who make or present false, fictitious, or fraudulent claims. Congress passed the original false claims statute in 1863 as a result of contractor fraud perpetuated on the Union during the Civil War. The current criminal statutes bar false claims, false statements, and conspiracy to submit false claims.
To sustain a false claim prosecution, the government must prove that the defendant: (1) made or presented a claim that is false, fictitious, or fraudulent; (2) to a U.S. department or agency; and (3) knew that the claim was false, fictitious, or fraudulent. Some circuits, excluding the Tenth Circuit Court of Appeals, also require proof of materiality. A defendant who is found guilty of making or presenting false statements will be imprisoned for no more than five years and may be fined up to $10,000.
The civil counterpart is the False Claims Act. The False Claims Act is available as a cause of action for the government, and private individuals may use the Act under its qui tam provisions. Originating from the same legislation as the criminal statutes, the civil False Claims Act shares many of the same elements contained in the criminal elements of the offense.
Under the False Claims Act, a plaintiff bringing suit must prove that the defendant: (1) knowingly presented, or caused to be presented, a false claim to the government for payment; or (2) made a false statement or representation to obtain payment from the government. The statute defines "knowingly" as having actual knowledge of the information, acting in deliberate ignorance of the truth or falsity of the information, in reckless disregard to the truth or falsity of the information. The statute states, "no proof of specific intent to defraud is required." However, courts have often validated the defenses of innocent mistake and negligence. Disagreement centers on establishing when or if a defendant is acting with "deliberate ignorance" or "reckless disregard" rather than being "merely negligent."
Individuals found guilty of violating the False Claims Act face "a civil penalty of not less than $5,000 and not more than $10,000 per claim," plus an assessment of triple the amount of damages wrongly claimed. Courts have interpreted this language as creating a mandatory formula to be applied after finding a violation of the Act. As an incentive, the government encourages and rewards individuals for reporting fraudulent behavior by allowing those who do come forward to share in the recovery after a successful prosecution or settlement. Individuals who come forward under the qui tam provisions are called "relators" because they inform the government of potential fraud.
The statute also outlines the limitations on standing to bring suit. No person may bring suit when the allegations of the matter pertain to a proceeding in which the government is a party. Suits may not be brought when allegations stem from secondhand information. Finally, once the government or qui tam plaintiff files an action, a third party may not bring a case based on the prior plaintiff’s facts.
Parallel civil and criminal proceedings against a corporation may present different issues. Statements made during civil discovery can incriminate a defendant in a parallel criminal case. However, if a defendant refuses to testify in the civil case by asserting the Fifth Amendment, courts permit the civil finder of fact to "infer by such refusal that the answers would have been adverse to the witness’ interest."
When a company faces both civil proceedings and criminal charges, the company may be well advised to stay the civil action to avoid inferences that may be used by the prosecution in the criminal case. Also, seeking a stay of protective order from the court supervising the civil litigation may preserve a defendant’s right to appeal a subsequent criminal conviction based on incriminating statements made during discovery in the civil litigation.
Seeking a stay or protective order from the court supervising the civil litigation may preserve a defendant’s right to appeal a subsequent criminal conviction based on incriminating statements made during discovery in the civil litigation. A stay is most likely to be granted if the: (1) indictment has been returned against the defendant who is seeking the stay; (2) civil and criminal cases involve substantially the same facts; (3) civil action is not an enforcement action brought by the government to protect the public interest; (4) relief request is carefully circumscribed; and (5) two actions involve the same statutory or regulatory scheme. Unless most of these factors are present, a court is not likely to stay a parallel civil action.
The Medicare / Medicaid AntiFraud and Abuse Amendments
The MedicareMedicaid AntiFraud and Abuse Amendments impose criminal penalties on those who defraud the Medicare and Medicaid programs. Its purpose is not only to punish wrongdoers, but also to reduce the costs of these programs. The statute is composed of two parts. Part A covers the same conduct prohibited by the False Claims Act, punishing an individual who "knowingly and willfully makes or causes to be made a false statement or representation of any material fact in any application for any benefit or payment under a Federal health care program." Defendants found guilty of violating this portion of the statute may be fined up to $25,000, and, on the discretion of the program administrator, may be restricted from program eligibility.
Part B is the "anti-kickback" portion of the fraud and abuse statute. Generally, it prohibits transactions that are intended to induce patient referrals or other business, or those designed to compensate a party for making such referrals. The statute applies to all health care programs and to all types of referrals, including the sale of prescriptions. It also applies both to the payer and the recipient of the kickback.
The anti-kickback statute prohibits any person from: (1) knowingly and willfully soliciting or receiving "remuneration" directly or indirectly, overtly or covertly, in return for a referral for program-reimbursable items or services; or (2) knowingly and willfully offering or giving "remuneration" directly or indirectly, overtly or covertly, with the intent to induce referrals for program-reimbursable items or services. A defendant found guilty of violating this part of the statute may be imprisoned for up to five years and be fined up to $25,000.
The anti-kickback statute contains five statutory exceptions. The protected transactions are discounts; payments to employees; vendor payments to certain group purchasing organizations; selected waivers of patient copayments or deductible amounts; and payments under selected risk-sharing agreements. Therefore, the MedicareMedicaid Anti Fraud and Abuse Amendments provide the government with an additional mechanism to combat false claims and illegal physician referrals.
Congress amended the anti-kickback statute in 1996 through the HIPAA. HIPAA strengthened health care fraud investigations by expanding funding and allowing the Federal Bureau of Investigation ("FBI") to initiate and coordinate federal, state, civil, and criminal investigations of activities incident to Medicaid, Medicare, and other programs.
In adopting HIPAA, Congress also added five new criminal offenses and expanded the statute’s reach to include all health care benefit programs, including both public and private plans or contracts. The HIPAA amendments criminalize the act of knowingly and willfully defrauding a health care program and obtaining, by false pretenses, money or property of any health care benefit program. The amendments also criminalize theft or embezzlement in connection with health care, false statements relating to health care matters, obstruction of criminal investigations of health care offenses, and money laundering.
Moreover, Congress added a forfeiture penalty for violations of the health care fraud and money laundering offenses. A defendant convicted of a health care fraud offense will be required "to forfeit any and all property, real or personal that constitutes or is either directly or indirectly, from gross proceeds traceable" to the offense. Any and all recoveries received from the defendant will be deposited in the Federal Hospital Insurance Trust Fund, as created by HIPAA. Monies collected in the Fund are available to the Office of the Inspector General ("OIG") of the Department of Health and Human Services ("HHS") and the FBI for the administration and operation of the health care fraud and abuse control program. Thus, the HIPAA incorporates general criminal violations such as embezzlement and fraud in the health care setting and exposes the defendant to a forfeiture penalty.
The Stark Legislation
In 1989, Congress passed the Ethics in Patient Referrals Act as an amendment to the Omnibus Budget Reconciliation Acts of 1989 and 1990. The Act is better known as the "Stark" legislation and prohibits physicians from referring Medicare and Medicaid patients to an entity where the physician or an immediate family member has a financial relationship with the entity. Stark I became effective on January 1, 1992. It prohibits physician self-referral for Medicare-covered clinical laboratory services and self-referral to clinical laboratories with which the physician or a member of the physician’s immediate family has a financial relationship. If a financial relationship exists, the physician cannot make a referral to the laboratory. Further, the laboratory cannot present or cause to be presented a claim for payment of the service furnished pursuant to the prohibited referral. If a claim for service is presented pursuant to a prohibited referral, it is subject to a civil money penalty not to exceed $15,000.
Although Stark II became effective January 1, 1995, the HHS has not issued final regulations implementing the statute. It expands the self-referral prohibition to include Medicaid services. Also, it expands the scope of services to cover various physician services. This amendment created a per se prohibition on physician Medicare and Medicaid referrals for designated health services to entities with which physicians have a financial relationship. Penalties include a $15,000 fine per violation, a $100,000 fine per circumvention scheme, and exclusion from Medicaid and Medicare.
To avoid a violation of Stark II, a referral must fall within one of the following exceptions to prohibited compensation discussed in the statute:
1. The group practice exception allows physician groups who meet the requirements of the "group practice" definition to qualify for exceptions that permit them to selfrefer patients under certain circumstances.
2. Prohibited compensation does not include payments to a physician by an employer, if the employment is for identifiable services and payment is for fair market value without reference to any referrals by the physician to the employer.
3. Prohibited compensation does not include onetime transactions (for example, the sale of a practice) as long as the amount is for fair market value without reference to referrals by the physician.
4. Prohibited compensation does not include compensation arrangements between entities and physicians that could limit services provided to enrollees, such as bonus pools for gatekeeper primary care physicians based on their referrals to specialists. This exception is contingent on a showing that no individual payment is an inducement to decrease medically necessary services, that the plan provides the Health Care Financing Administration with information regarding the risk shifting program, and that the payment otherwise complies with the law. Thus, the Stark legislation prohibits financial relationships between a physician and a referring entity, namely to discourage potential conflicts of interest between the entities.
Under the CMPA, the HHS has authority to impose administrative penalties and assessments against health care providers who file false or improper claims for payment in selected health care programs. To be liable for violating the statute, a defendant must have had "knowledge" or should have knowledge of the falsity of a particular claim to a government program. HIPAA clarified the intent requirement by adding that a person should know of the falsity of the claim if the person "acts in deliberate ignorance of the truth or falsity of the information," or "acts in reckless disregard of the truth or falsity of the information and no proof of specific intent is required."
The HHS, under the CMPA, may impose a civil penalty of up to $10,000, or as much as $100,000 in some circumstances, for each improper claim filed under Medicaid, Medicare, or pursuant to the Maternal and Child Health Services Block Grant program. The provider also may be assessed triple the amount of damages wrongly claimed.
If providers commit certain health care offenses, they also will be subject to mandatory exclusion from Medicaid, Medicare, and all other federal health care programs. A provider will be excluded from participation if the individual has been convicted of a criminal offense: (1) that relates to the delivery of an item or service under Medicare or a state health care program; (2) under federal or state law that relates to the neglect or abuse of a patient; or (3) that is a felony under federal or state law, after August 21, 1996, which relates to fraud, embezzlement, breach of fiduciary duty, or other misconduct. No exclusion will be for a period of less than five years for these violations. A provider who is found guilty of misdemeanor fraud, theft, embezzlement, breach of fiduciary responsibility, or other financial misconduct in connection with the delivery of health care will be subject to exclusion for a period of three years, at the discretion of the OIG. The CMPA not only imposes a civil penalty on providers, but it also subjects defendants to mandatory exclusion.
Colorado Statutory Scheme
In Colorado, the agency in charge of detecting, investigating, auditing, and prosecuting all types of Medicaid fraud is the Colorado Medicaid Fraud Control Unit ("Unit"), a division of the Colorado Attorney General’s Office. The Unit’s objective is "to protect, from fraud and abuse, the state and federal funds that are designed to provide necessary medical services and health care to the poor." The Unit’s seven criminal investigators "use standard and specialized law enforcement investigative techniques, including undercover operations, seized computer analysis, medical records review, interviewing, and analysis of claims data to detect Medicaid Fraud."
In addition to prosecuting defendants under conspiracy and mail wire fraud statutes, the Unit’s attorneys prosecute defendants under the Colorado Fraudulent Act statute. The statute prohibits obtaining, or willfully aiding or abetting another in obtaining, public assistance, vendor payments, or medical assistance to which that person is not entitled or in an amount greater than that to which he or she is justly entitled, by willful false statement or by any other fraudulent device. Defendants also may lose their license to practice medicine if convicted of a crime relating to health care fraud.
First, if a health care provider or counsel believes that fraud has occurred in the provider’s practice, providers should conduct an internal investigation. An internal investigation may be necessary to adhere to the duties and standards imposed by the OIG’s Provider self-disclosure Protocol ("Protocol"). The internal investigation will assist health care providers in fulfilling the Board of Directors’ fiduciary duty to investigate allegations or suspicions of fraud; discovering any fraud before a government investigation begins; remedying the problem to cease the continuation of fraud; preparing a defense to potential criminal, civil, and administrative penalties; and minimizing punishment if there is a conviction.
Second, it is important to advise the client on the individuals or agencies that are represented by counsel, the scope of the attorney-client privilege, and the consequences of committing fraud. Counsel also should warn clients that they may be subject to criminal and civil liability, in addition to administrative monetary fines, exclusion from participation in federal health care programs, and license suspension. Thus, counsel should advise clients not to: (1) speak with state or federal officials without the presence of counsel; (2) talk to friends or relatives about the investigation; (3) destroy documents; and (4) interfere with the execution of search warrants.
Third, counsel should advise the client about the ramifications of pleading guilty to health care fraud. A plea of guilty automatically will subject the client to civil fines and penalties, suspension of the participant’s license to practice, and exclusion from participation in federal health care programs. When heads of corporations plead guilty, the corporation may be subject to the same fines and penalties. Additionally, pleas of guilty serve only to bind the agencies that are a party to the plea agreement. Thus, additional prosecution by other state and federal agencies may occur.
Lastly, counsel should advise clients on the risks and benefits to self-disclosure under the Protocol. The Protocol is intended to encourage providers to make voluntary disclosures because they "have an ethical and legal duty to ensure the integrity of their dealings" with health care programs. However, before making a disclosure under the Protocol, counsel should note that the OIG recommends that a provider not follow the Protocol if it uncovers an ongoing fraud scheme within its organization, but should contact the OIG directly. The OIG expects a provider to make an initial assessment that substantiates the existence of a compliance problem prior to using the Protocol. Moreover, the Protocol should be used only to disclose matters that violate federal criminal, civil, or administrative laws, not applicable state law.
Under the Protocol, participants must disclose substantial information regarding the incident. The provider must provide the OIG with basic information, including the participant’s contact information, the nature and description of the matter, and the reasons why the provider believes the federal laws are being violated. Providers also must conduct an internal investigation of the incident and provide the OIG with the findings and a self-assessment of the incident. Finally, participants must report to the OIG the nature and the extent of the improper or illegal practice and identify persons involved, note the relevant time periods, and provide a detailed examination of the practice.
Technically, self-disclosure may be considered mandatory because it is a felony to conceal or fail to disclose the knowledge of fraud. However, if an individual or company decides to voluntarily disclose the fraud, the OIG states that voluntary disclosure may not bestow any "specific benefit" to the disclosing entity. On the other hand, the OIG also states that opening the "lines of communication" with the OIG "at the early stage generally benefits the individual or company." self-disclosure may minimize the potential costs and disruption of a full-scale investigation and audit by the OIG. self-disclosure also may be seen as a mitigating factor in a criminal prosecution.
Nonetheless, there are some disadvantages to self-disclosure: (1) self-disclosure may alert the authorities to an activity of which they may not be aware; (2) the Protocol requires that providers analyze all of the information they present to the OIG, which may be time consuming; (3) self-disclosure requires the waiver of the attorney work product privilege and, perhaps, the attorney-client privilege, thus disclosing conversations and material that may otherwise be privileged; and (4) disclosing improper activity may lead to subsequent civil lawsuits. Counsel should discuss such factors with clients when considering whether or not to self-disclose under the Protocol.
ConclusionHealth care fraud has grown dramatically in the last decade. As a result, federal and state governments have created a broad statutory framework to eliminate and deter actions qualifying as fraud, including criminal, civil, and administrative penalties. The Colorado Medicaid Fraud Control Unit was established to prevent and prosecute Medicaid fraud. Further, the Protocol aids participants in disclosing the occurrence of fraud and may "expedite the OIG’s verification process" and diminish the total time of the OIG investigation. Counsel should discuss the advantages and disadvantages of disclosing the incidence of fraud with clients faced with a possible prosecution or government investigation, before deciding how to handle health care fraud.
1. Dept. of Justice, Health Care Fraud Report (1997).
2. Dept. of Justice, Health Care Fraud Report (1999).
3. See 18 U.S.C. § 287.
4. 42 U.S.C. § 1320a7b(a).
5. Pub. L. No. 104191, 1996 U.S.C.C.A.N. 241 (110 Stat. 2016) (amendments are codified in scattered sections of 18 U.S.C.).
6. 42 U.S.C. § 1395nn. Defendants in health care fraud cases also may be prosecuted for mail fraud and wire fraud (18 U.S.C. §§ 1341 and 1343), money laundering (18 U.S.C. §§ 1956 and 1957), and under the Racketeer Influenced and Corrupt Organizations ("RICO") statute (18 U.S.C. §§ 1961 et seq.).
7. 42 C.F.R. § 13207a, as amended by HIPAA, Pub. L. No. 104191, §§ 231 and 232. Implementing regulations are at 42 C.F.R. §§ 1003.101 et seq.
8. See supra, note 5.
9. 18 U.S.C. § 287.
10. U.S. v. Irwin, 654 F.2d 671, 682 (10th Cir. 1981), cert. denied, 455 U.S. 1016 (1982). But see U.S. v. Pruitt, 702 F.2d 152, 153 (8th Cir. 1983) (requiring element of materiality in a § 287 claim under the False Claims Act). The court defined materiality as a statement having "a tendency to induce the government to act by placing the claimant in a position to receive government benefits."
11. 18 U.S.C. § 287.
12. 31 U.S.C. § 3729.
13. 31 U.S.C. § 3729(b).
14. 31 U.S.C. § 3729(a)(7).
16. 31 U.S.C. § 3730.
17. Brink’s Inc. v. City of New York, 717 F.2d 700, 707 (2d Cir. 1983).
18. 42 U.S.C. § 1320a7b(a).
21. 42 U.S.C. § 1320a7b(b)(1) and (b)(2).
23. 42 U.S.C. § 1320a7b(b)(1)(B).
24. 42 C.F.R. § 1001.952.
25. Supra, note 5. See also Murray and O’Rourke, "Confidentiality of Medical Records and the Health Insurance Portability and Accountability Act of 1996," 30 The Colorado Lawyer 65 (Mar. 2001).
26. Hilder and Mullen, "HIPAA: Time for a Health Care Corporate Compliance Program," 45 APR Fed.Law. 34 (1998).
27. See supra, note 5.
28. 18 U.S.C. § 24. HIPAA does not apply to the Employee Retirement Income Security Act of 1974 ("ERISA"), 29 U.S.C. § 1136 nt.
29. 18 U.S.C. § 1347.
30. 18 U.S.C. § 669.
31. 18 U.S.C. § 1035.
32. 18 U.S.C. § 1518.
33. 18 U.S.C. § 1956.
34. 18 U.S.C. § 982.
36. 42 U.S.C. § 1395i nt.
37. 42 U.S.C. § 1395i(k).
38. 42 U.S.C. § 1395nn.
39. Pub. L. No. 101502 § 5(i) (1990).
40. 42 U.S.C. § 1395nn.
42. 42 U.S.C. § 1395nn(g)(3).
43. 42 U.S.C. § 1395nn.
45. See 42 U.S.C. § 1395nn(b)(e).
46. To qualify as a "group practice," members of the group personally must conduct at least 75 percent of the physician patient encounters; may not receive compensation based on the volume or value of referrals by the physician; and must be assigned a billing number, rather than simply billing the services in the name of the group. 42 U.S.C. § 1395nn(h)(4).
47. 42 U.S.C. § 1395nn(e)(2).
48. 42 U.S.C. § 1395nn(b)(6).
49. 42 U.S.C. § 1395nn(e)(3). The HCFA is the federal agency that administers Medicare, Medicaid, and the State Children’s Health Insurance Program at: www.hcfa.gov.
50. 42 U.S.C. § 1320a7a, as amended by HIPAA, supra, note 5 at §§ 231 and 232. Implementing regulations are at 42 C.F.R. §§ 1003.101 et seq.
51. Supra, note 5 at § 231.
52. Id. Civil monetary penalties may be imposed for false claims, claims for services rendered by an excluded provider, claims for services rendered by a deficient physician, claims for payment that violate an agreement, claims for payments violating the statutory freeze, improper claims for assistance during cataract surgery, false discharge information, failure to report information or improper disclosure of data to the National Practitioner Data Bank, and improper impression regarding coverage. See 42 C.F.R. §§ 1003.101 et seq.
53. Physicians may be subject to a penalty up to $100,000 if providers enter a cross-referral arrangement, as defined by 42 C.F.R. § 1003.102b(10), or any other arrangement or scheme where physicians know or should know that the arrangement circumvents the prohibitions outlined in 42 C.F.R. § 411.353, referring patients to entities with which the physician has a financial relationship.
54. 42 U.S.C. § 701.
55. See 42 U.S.C. § 1320a7a.
56. 42 C.F.R. §§ 1001.1 et seq.
57. 42 C.F.R. § 1001.101.
58. 42 C.F.R. § 1001.102.
59. 42 C.F.R. § 1001.201.
60. See the Colorado Medicaid Fraud Control Unit website at www.ago.state.co.us/mfcu/mfcu.htm.
63. See CRS § 261127.
65. Fabrikant et al., Health Care Fraud: Criminal, Civil and Administrative Law § 8.01 (New York, NY: Law Journal Press, 2000).
66. Id. at § 8.03.
68. Id. at § 8.09.
71. Office of the Inspector Gen., Provider self-disclosure Protocol, 63 Fed.Reg. 58399 (Oct. 30, 1998).
76. See 42 U.S.C. § 1320a7b(a)(3). See supra, note 65 at § 8.11 for a discussion of the advantages of self-disclosure.
77. See supra, note 71 at ¶ I.
79. Id. "Providers that follow the Protocol expedite the OIG’s verification process and thus diminish the time it takes before the matter can be formally resolved."
80. U.S. Sentencing Guidelines Manual § 8c2.5(f). However, the Protocol also states that if providers fail to work with the OIG in good faith, it will be considered an aggravating factor. Supra, note 71 at ¶ VIII.
81. See supra, note 65 at § 8.11.
82. See supra, note 71 at ¶ II. The Protocol states, "OIG anticipates that a provider will apply the Protocol’s suggested steps only after an initial assessment substantiates there is a problem with noncompliance with program requirements." Id.
83. See supra, note 65 at § 8.11. 84. See supra, note 71 at ¶ I.
Column Ed.: Patrick Furman, University of Colorado School of Law, Boulder, 303-492-8126
This newsletter is sponsored by the CBA Criminal Law Section. This month’s article was written by Kenneth F. Eichner, Denver, of The Eichner Law Firm, which specializes in civil and criminal trials, 303-837-9800. The author wishes to acknowledge the assistance of DU law student Svetlana Mosin for her assistance in the preparation of this article.