How healthcare providers can manage compliance risk in the COVID-19 crisis Insight Article - May 11, 2020 Compliance Regulations Federal Compliance Sign in to save Dan Martin JD Michael J. O’Brien JD With great crisis comes great compliance risk. The COVID-19 pandemic is no exception. The Coronavirus Aid, Relief, and Economic Security (CARES) Act is infusing an initial $2.2 trillion in government funds to mitigate the economic effects of COVID-19. Healthcare providers — from large hospitals to small practices — are receiving portions of these federal funds. Former crises teach us that even before the dust begins to settle, government enforcement actors will aggressively search for fraud in the form of any misrepresentations made to the government to receive these funds, invoking the federal False Claims Act (FCA) and seeking treble damages, fines and criminal referrals where appropriate. There also remains the potential for individuals to report potential false claims as a whistleblower. Healthcare providers who submitted information to the government in connection with getting any type of claim paid (e.g., emergency Medicare relief, a Paycheck Protection Program (PPP) loan, a bill for medical services) will face enhanced compliance risk in connection with the FCA and potential criminal enforcement. But there are steps that can be taken to help mitigate this risk. The False Claims Act in times of emergency public healthcare spending The FCA is the federal government’s primary tool for combating fraud on the public purse. It presents substantial compliance risk from two directions. First, it provides government enforcement officials with a remedy for treble damages and civil penalties against businesses and individuals who submit materially false claims for payment to the government — whether they do so knowingly or act in deliberate ignorance or reckless disregard of the falsity of the claims. Second, it deputizes private plaintiffs to bring qui tam suits as “relators” (whistleblowers) standing in the government’s shoes, sometimes incented by receiving a share of any recovered government funds.1 Crises typically beget heightened government spending, with increased FCA enforcement activity following closely on its heels. The COVID-19 crisis is already on track to follow the same pattern on a larger scale. The CARES Act set aside $100 billion in emergency relief administered by the U.S. Department of Health & Human Services (HHS) through the Public Health and Social Services Emergency Fund. The fund — allocated to providers proportionately based on how much a given provider billed Medicare fee-for-service in 2019 — can be utilized to support COVID-19-related expenses or lost revenue due to the cancelation of non-essential elective procedures. In addition, the $350-billion PPP adds an additional $75 billion to the fund. The Department of Justice has already begun “urging the public to report suspected fraud schemes related to COVID-19” and “directed all U.S. Attorneys to prioritize the investigation and prosecution of Coronavirus-related fraud schemes.”2 Plaintiffs’ law firms who represent whistleblowers can be expected to follow suit on the whistleblower front.3,4,5 In short, the COVID-19 crisis and CARES Act provide fertile ground for FCA enforcement actions and criminal referrals, heightening healthcare organizations’ associated compliance risk. Measures to minimize FCA exposure amid the COVID-19 crisis Many healthcare providers will understandably be interested in participating in one or more of the relief programs established by the CARES Act. These programs, however, are conditioned on various eligibility requirements and approved uses of program funds. Compliance with those and other requirements is critical for minimizing exposure to FCA enforcement actions by the government, qui tam suits by private whistleblowers and potential criminal referrals. Follow these steps to make safe decisions: Review program rules carefully and develop reasonable and defensible interpretations Generally speaking, a company or individual cannot be held liable under the FCA unless there has been a violation of a material “statutory, regulatory, or contractual requirement.”6 The first step in FCA compliance is reviewing all applicable requirements in connection with a claim for payment from the government to ensure that one’s certifications of compliance are accurate. That task, however, can be complicated in the face of ambiguity. For instance, healthcare providers that receive emergency relief from the Public Health and Social Services Emergency Fund must certify that the payments will “only be used to prevent, prepare for, and respond to coronavirus, and [will] reimburse the Recipient only for healthcare related expenses or lost revenues that are attributable to coronavirus.”7 Ascertaining exactly what the government will later apply as its test for the required connection between a payment’s use and the coronavirus is no easy task. Likewise, it is not yet entirely clear what the government might ultimately say constitutes a false certification in an application for PPP loan funds that “current economic uncertainty makes this loan request necessary to support the ongoing operations of the Applicant.” Fortunately, the FCA provides a defense for such cases: when a payment recipient’s conduct is based upon a reasonable interpretation of an ambiguous requirement, and the government has not provided any contrary official alternative interpretation, there is no FCA “knowledge” of falsity as a matter of law.8 Healthcare providers should read program rules and certifications carefully and develop reasonable, defensible interpretations of them, consulting counsel as necessary in the process. Keep a record Hospitals and healthcare practices can further reduce exposure to FCA liability by documenting their understanding of the underlying rules, communicating that understanding to the government and tracking their fund expenditures. This includes ensuring that any specific directions from the government are committed to writing, as well as documenting the following: Any government modification or waiver of requirements (especially if the government deviation is informal, such as an oral representation) The services and items provided by a healthcare provider fund-recipient that are in direct response to the COVID-19 pandemic (to justify reimbursement). In fact, any healthcare organization receiving more than $150,000 in CARES Act relief is required to submit to HHS and the Pandemic Response Accountability Committee a report outlining and documenting how those funds were utilized.9 All providers should keep a record of their communications with the government and their utilization of federal funds. Careful documentation reduces compliance risk. For example, keeping a record as to the government’s knowledge of how a fund-recipient would use federal funds can defeat an FCA case by showing that the recipient did not knowingly defraud the government or that the way the funds were utilized were not material to the government’s payment or lending decision.10 Evaluate compliance and reporting programs and adopt best practices Throughout the COVID-19 crisis and recovery, healthcare organizations should continue to review existing compliance programs and risk-management procedures, and adopt supplemental compliance practices where appropriate to shore up heightened risks posed by the pandemic. As a starting point, catalogue all statutory, regulatory and contractual requirements governing providers’ claims for government funds, and implement policies and controls around any certifications of compliance with such requirements made to the government. Healthcare entities should then ensure that they have proper accounting and billing procedures in place to track expenditures and services from federal funding for approved purposes. Separately, companies should intensify their efforts to maintain effective internal reporting and compliance certification systems. Finally, healthcare providers should be wary of business relationships in which there is a heightened risk of fraud, waste or abuse, and should conduct due diligence before entering into new business relationships. Failure to perform basic due diligence on business partners could subject companies’ conduct to government scrutiny. The risk is not hypothetical. Just recently, the DOJ indicted an individual who ran a marketing company that generated leads to testing companies, alleging that he conspired with other healthcare providers to receive kickbacks for COVID-19 tests, provided that those tests were bundled with a much more expensive test that does not identify or treat COVID-19.11 Committing to an effective compliance and reporting regime on the front-end helps mitigate such risks. Notes: 1. The False Claims Act (FCA). 31 U.S.C. §§ 3729–3733. 2. Office of Public Affairs. “Attorney General William P. Barr Urges American Public to Report COVID-19 Fraud.” U.S. Department of Justice. March 20, 2020. Available from: bit.ly/2WqyBMl. See also: “Memorandum from Attorney General William P. Barr,” March 16, 2020. Available from: bit.ly/2Tbatv9. 3. Wheeler L. “Coronavirus False Claims Task Force Urged at Justice Department,” Bloomberg Law, March 17, 2020. Available from: bit.ly/2WnPIOL. 4. “What Laws Protect Coronavirus Whistleblowers? Whistleblower Attorneys Publish FAQs for Coronavirus Whistleblowers and Qui Tam relators.” Kohn, Kohn & Colapinto LLP. March 16, 2020. Available from: bit.ly/2zsVQfs. See also: bit.ly/35OzL7j. 5. “Whistleblower advocate urges formation of coronavirus task force.” Beasley Allen Law Firm. March 19, 2020. Available from: bit.ly/2SSXe1M. See also: “Whistleblower Lawyers Call for DOJ Coronavirus Fraud Task Force.” Whistleblower Law Collaborative. Available from: bit.ly/3dBmUrQ. 6. Universal Health Services. v. United States ex rel. Escobar, 136 S. Ct. 1989, 1996 (2016). 7. “Relief Fund Payment from Initial $30 Billion General Distribution Terms and Conditions.” HHS. Available from: bit.ly/35TJIQL. 8. See, e.g., U.S. ex rel. Purcell v. MWI Corp., 807 F.3d 281, 289 (D.C. Cir. 2015). 9. HHS. 10. See, e.g., Escobar, 136 S. Ct. at 2003–04 (explaining that if “the Government pays a particular claim in full despite its actual knowledge that certain requirements were violated, that is very strong evidence that these requirements are not material”); Kelly v. Serco, Inc., 846 F.3d 325, 334 (9th Cir. 2017); U.S. ex rel. Becker v. Westinghouse Savannah River Co., 305 F.3d 284, 289 (4th Cir. 2002). 11. U.S. Attorney’s Office, District of New Jersey. “Georgia Man Arrested for Orchestrating Scheme to Defraud Health Care Benefit Programs Related to COVID-19 and Genetic Cancer Testing.” U.S. Department of Justice. March 30, 2020. Available from: bit.ly/2LkPXDS.