Sorett, Fuller author Law360 Article on False Claims Act Lessons Health Care Companies Can Learn From Recent Escobar RulingPublications | January 24, 2017
Kutak Rock attorneys Steve Sorett and Joseph Fuller published "Escobar's FCA Compliance Lessons For Health Care Companies" in the January 20, 2017 edition of the Law360 online newsletter.
The article appears below it its entirety:
Escobar's FCA Compliance Lessons For Healthcare Companies
It seems that not a day goes by that there isn’t another case reported where a company or individual in the healthcare delivery business has been tagged with criminal or civil liability under the False Claims Act (FCA). For those of us in the public contract law world, we are accustomed to the FCA and its reach; but for those in the health care delivery business it frequently comes as a surprise that they are considered to be no different than any other government contractor or grantee. So while aerospace and defense firms long ago became aware of the need to set up systems and safeguards to minimize or eliminate exposure to the FCA, healthcare delivery businesses, including hospitals, nursing homes, doctors, clinics and the like, have been slow to do the same.
The Escobar Case
The recent U.S. Supreme Court decision in Universal Health Services Inc. v. United States ex rel. Escobar is by now well known to public contract law practitioners for adopting the “implied false certification” theory of knowingly fraudulent representation under the FCA, but for the healthcare industry Escobar is yet another reminder of the dire consequences that can result from failing to set up effective compliance programs to protect against FCA claims and ensure the safe and secure delivery of health care under federal contracts and grants.
The FCA prohibits a person or entity from knowingly submitting a claim for payment to the federal government that is false or fraudulent or that includes a false statement that is material to the claim. The FCA applies to health care providers who make claims for payment to Medicare or Medicaid. While much of the focus of the Escobar decision has been the Supreme Court’s adoption of the implied false certification theory, the Escobar case centers on health care delivery services and the invoicing of such services under Medicaid.
In Escobar, United Health Systems (UHS) provided mental health services to a young girl who ended up dying in its care. After the young girl’s death, her parents discovered that several of the mental health professionals treating the girl were not licensed and were not qualified under Massachusetts regulations to provide the treatment. Further, the UHS caregiver who diagnosed the girl was not licensed to make the diagnosis, and UHS caregivers were prescribing medication to the girl without being authorized to write prescriptions. In spite of these violations of state regulations, UHS submitted numerous Medicaid reimbursement claims to MassHealth coded for the services provided to the young girl. Her parents brought an action under the FCA alleging that the claims for payment were false and fraudulent because submission of the claims by UHS implied that the personnel providing the treatment for which reimbursement was claimed were qualified to do so. UHS argued that its invoices were submitted properly and that no false statements were made even though their people were not properly credentialed, thereby taking a narrow view of the FCA. Some circuit courts took similar positions whereas others took a more expansive view.
In a unanimous decision, the Supreme Court in Escobar adopted the more expansive view of the FCA, finding that there likely was implied certification by UHS but remanded the case back to the U.S. Court of Appeals for the First Circuit for a determination of whether the FCA relator’s complaint sufficiently alleged that the violations of state regulations were material to the government’s decision to pay the claims. On Nov. 30, 2016 the First Circuit found again that UHS’ misrepresentations were material and that the relator’s complaint sufficiently states a claim under the FCA. The ramifications of the Escobar case in government contracts generally and the health care industry specifically are yet to be fully appreciated, but all agree that there has been a significant change that increases risk of FCA suits against companies who do business in these areas.
Healthcare providers are rightly focused on the hands-on delivery of healthcare and may treat the reimbursement of healthcare services as a secondary matter. Although violations of state regulations may be an obvious concern to any healthcare provider from a credentialing, licensing and certification standpoint, having such violations result in an FCA complaint with significant financial repercussion is much less obvious. In the case of UHS, UHS participated in the MassHealth Medicaid system and submitted claims for reimbursement using numerical codes corresponding to the particular services that were rendered. The UHS billing people may have been unaware of any credentialing issues that placed UHS in violation of state regulations. Nevertheless, the Supreme Court and the First Circuit found UHS to have submitted false claims based on the implied certification standard laid out in the Escobar decision. This means that companies like UHS cannot assert lack of knowledge by billing and payment personnel as a defense. Instead, companies now need to be proactive in examining areas where they may be in noncompliance with federal, state and local rules that govern their operations.
Government Business Review
The first step to effective compliance for healthcare organizations providing services under federal contracts or grants is for healthcare organizations to consider themselves federal contractors for purposes of FCA compliance and review their relationships with state and federal agencies to understanding the full range of rules, regulations and related contract clauses that may apply to their business. An effective program can then be developed to address existing compliance issues and ensure continued compliance going forward. An effective compliance program should include the following attributes:
- Designated compliance officer
- Business code of ethics
- Compliance monitoring
- Reporting system
- Ongoing Training
Designated Compliance Officer
The compliance officer position should be a full-time job. Assigning management of a compliance program as a part-time job or as one of an employee’s “other duties as assigned” creates significant risk that compliance matters will be neglected and the entire program undermined by a lack of day-to-day management and program updating to keep up with changes in existing rules or new rules. Healthcare providers also should avoid designating any executive or management-level employee who may be presented with significant ethical conflicts that may impact their ability to remain impartial in the management of the compliance program. For example, a compliance officer who is also responsible for direct supervision of the staff members who prepare and submit proposals in response to government solicitations is one example of an assignment that should be avoided because the person who may be responsible for a program violation would be biased in determining the corrective action in response to the violation.
Business Code of Ethics
Every healthcare provider should create a written business code of ethics and, depending on the government contract, may be required to have a written business code of ethics that meets specific standards set forth in federal regulations.
A monitoring system that carefully maps risk at every stage of the government contracting process, from government solicitation/grant review, proposal preparation, delivery of healthcare, to preparation and submission of invoices to the government, is essential to maintaining compliance and avoiding FCA claims. Critical to the monitoring system for health care providers is a standardized process for reviewing and updating the organization’s service capabilities, maintenance and monitoring of employee qualifications and certifications, and a systematic cross-check of the coded services invoiced against the patient care for which reimbursement from the government is claimed.
When potential violations of government rules are identified, the compliance program should have an effective system for reporting mistakes and misconduct that incentivizes reporting at all levels and allows for disclosure to the government at the earliest opportunity where such disclosure is deemed appropriate by the organization.
Following reports of potential violations or identification of compliance concerns by the compliance officer, open and effective investigations are critical to identifying the appropriate response to reports and to violations when they are uncovered. Prior to conducting any investigation in response to a potential violation, the health care organization should evaluate the risks and benefits of conducting the investigation internally or using outside counsel to conduct the investigation.
When violations are confirmed, some form of corrective action will be necessary to demonstrate the effectiveness of the compliance program. The program should include mechanisms for disciplining employees for committing violations in order to prevent a repeat of the behavior that led to the violation.
The regulations associated with government contracting are diverse and complicated. Violations are often the result of innocent mistakes based on a lack of understanding of a particular regulation rather than intentional misconduct. Ongoing training is critical to ensuring that all new and existing employees stay informed about the organization's ethical standards as expressed in the business code of ethics as well as the regulations and related contractual obligations that apply to the performance of their work under government contracts.
In the case of UHS in Escobar, a carefully crafted compliance program would have caught the coding problem early and allowed for UHS to take corrective action to avoid potential FCA claims and, frankly, would have ensured appropriate care for the patient who died while under UHS’ care. Review and analysis by a compliance officer of each of the coded services and required licensing and qualifications under each code would have triggered a review of the performance of the services to ensure that delivery of services complied with applicable state regulations before UHS submitted the claims for reimbursement. To the extent violations were uncovered, they could have been addressed through an effective reporting and corrective action process that would have included correcting the coding of services and/or ensuring that only qualified employees provided the care to the patient.
Compliance programs can eliminate or minimize FCA risk of any number of potential false claims that are typical in the healthcare industry, including miscoding, unauthorized drug prescriptions, excessive or unnecessary testing, and affiliated entity referrals. The critical takeaway for any health care provider participating in Medicaid, Medicare or other federally funded health care program is to treat back-office operations and claims administration with the same level of importance and constant due diligence as the delivery of the health care services for which reimbursement is claimed. Creating, implementing and administering an effective compliance program gets the job done and frees up hospital administrators, doctors, nurses and other health care providers to focus on what they do best, treating patients.