Every healthcare provider involved in billing federal healthcare programs knows healthcare reform is a reality. The Patient Protection and Affordable Care Act (PPACA) and the Healthcare and Education Reconciliation Act of 2010 (HCERA) were signed into law by President Obama in March 2010. What providers may not be fully aware of is the number of significant fraud changes included in both statutes that will increase potential fraud exposure for them in the months and years ahead. This article summarizes some of the most significant fraud changes included in these reform statutes.

A. Increased Funding for Fraud and Enforcement Efforts

The Omnibus Appropriations Act of 2009 provided for a one-time, $198 million enhancement in fraud enforcement-related spending. The 2010 federal budget adds another $311 million in funding over a two-year period, amounting to a 50% increase over the FY09 funding level. The proposed 2011 budget would add another $250 million for the DOJ/HHS joint enforcement effort known as the Health Care Fraud and Prevention Enforcement Action Team (or “HEAT”).

The HEAT program was announced in May 2009 as a Cabinet-level effort by DOJ, HHS-OIG, and the Centers for Medicare and Medicaid Services (CMS) designed specifically to combat Medicare fraud. The program created strike forces across the country in cities identified as high-volume fraud locales. By the end of 2009, those strike forces had generated some 222 cases.¹ In addition to the extra funding for the HEAT program, PPACA increases funding to the Health Care Fraud and Abuse Control Program (HCFAC) for FY11 through FY20 by $10 million per year. The HCFAC Program is a funding mechanism for federal healthcare fraud enforcement efforts through dedicated healthcare fraud agent positions and attorney positions. Along with the PPACA increases, HCERA adds another $250 million to HCFAC between 2011 and 2016. Thus, the proposed overall additional spending amounts devoted to fraud and abuse enforcement efforts, if they make their way into each of the budgets in future years, could total almost $1 billion over the next 10 years.

B. Expansion of the Recovery Audit Contractor Program

Providers may be familiar already with the Recovery Audit Contractor Program (or “RAC program”) which was included initially in the Medicare Modernization Act of 2003 as a demonstration project for New York, California, and Florida — and later, South Carolina, Massachusetts, and Arizona. The demonstration project lasted three years and used private recovery firms on contingent fee contracts to conduct post-payment reviews/audits. Between March 2005 and March 2008, the contractors identified some $1.03 billion in overpayments and collected over $980 million from providers. The Tax Relief and Healthcare Act of 2006 authorized the expansion of the RAC program nationwide by January 2010. To accomplish that goal, CMS divided the country into four RAC regions and awarded contracts to four companies to implement and manage the RAC program.²

The healthcare reform legislation expands the RAC program to cover Medicare Parts C and D (the existing program only covered Medicare Parts A and B). Medicare Part C is the HMO/PPO version or option of Medicare, and Medicare Part D is the prescription drug program. The reform statutes also expand coverage of the program to include Medicaid. These sweeping changes in the program are to take place on a fairly short timeline, with all the additional coverage to have been in place no later than December 31, 2010. While the majority of RAC recoveries have been from inpatient hospitals, this expanded coverage will broaden significantly the circle of healthcare providers subject to the RAC audit process.

C. Overruling the Hanlester Decision on Anti-Kickback Statute Intent Requirement

In Hanlester Network v. Shalala, 51 F.3d 1390 (9th Circ. 1995), the Ninth Circuit ruled that the Anti-Kickback Statute’s “willfully” language required the government to prove that a defendant subjectively knew that the Anti-Kickback Statute prohibited the conduct in question. This narrow reading of the statute impacted DOJ use of the statute in criminal cases, although other circuits had not read the language as narrowly.

In § 6402 of PPACA, Congress legislatively overruled Hanlester by including language which makes clear that the Anti-Kickback Statute does not require this heightened scienter standard. The statutory change resolves the split among the federal circuits and restores to federal prosecutors the ability to charge criminal violations of the Anti-Kickback Statute based on a lower evidentiary threshold. This change could also lead to increased use of the Anti-Kickback Statute generally in fraud cases.

D. Jurisdictional Changes to the False Claims Act That Benefit Relators

The majority of False Claims Act cases originate from whistleblowers, or relators, who bring actions on behalf of the government and then encourage the government to intervene in those actions. For many years, a qui tam relator or whistleblower plaintiff had to meet a two-part test under 31 U.S.C. § 3730(e) (4): (1) a qui tam plaintiff must have provided information which has not been publicly disclosed; and (2) if the information had been publicly disclosed, then the qui tam plaintiff/relator must have been an “original source” of the information. A large number of False Claims Act cases have been dismissed in prior years under both the public disclosure bar and the original source doctrine. PPACA significantly amends both these prongs of the False Claims Act in ways which will benefit relators, expand the potential pool of qui tam plaintiffs, and likely increase the number of qui tam cases filed.

Before these amendments, the failure of a qui tam plaintiff to meet the statutory requirements of the public disclosure bar and original source doctrine deprived the court of jurisdiction. PPACA changes the rules in two crucial aspects: (1) Failure to meet the public disclosure language will no longer serve as a jurisdictional bar to bringing a lawsuit, and (2) even if the qui tam relator completely fails to meet the public disclosure language of the statute, dismissal may be opposed by the government, in which case the False Claims Act case may proceed. Similarly, if the relator’s lawsuit is based upon publicly disclosed information of which the relator is not an original source, the relator may still qualify to participate in a False Claims Act matter if he/she shares with the government “knowledge that is independent of and materially adds to the publicly disclosed allegations […].” Students of False Claims Act jurisprudence know the courts have been struggling for years with the notion of materiality. No one can predict how the courts will interpret the phrase “materially adds to the publicly disclosed allegations,” but the relator/plaintiff’s bar unquestionably now has a much lighter burden for initiating a False Claims Act lawsuit.

E. New Grounds for Imposing Civil Monetary Penalties

Civil monetary penalties have been an arrow in the government’s fraud enforcement quiver for some time. PPACA adds new grounds for imposition of civil monetary penalties. These new grounds include:

(a) knowingly making false statements in an application, bid, or contract to participate in or enroll as a supplier or provider;

(b) failing to report or return a known overpayment;

(c) ordering or prescribing items or services during a period when the prescriber was excluded from a federal healthcare program and the person knows or should know that a claim will be made for the item or service;

(d) failing to grant HHS-OIG timely access for audits, investigations, evaluations, and the like;

(e) making false statements material to a false or fraudulent claim for payment for an item or service furnished under a federal healthcare program.

These new grounds for imposing civil monetary penalties “ratchet up” the risks involved in doing business under any federal healthcare program.

F. Mandatory Compliance Programs

Given the enhanced fraud and abuse enforcement efforts under these various amendments, it should come as no surprise that PPACA also introduced mandatory compliance programs. While the law prior to PPACA did not require providers to adopt formal compliance programs, healthcare lawyers have been encouraging and advising their clients for years to adopt voluntary compliance programs. Section 6004 of PPACA provides that the Secretary of HHS may now require a compliance program as a condition precedent to enrollment. No specific providers are listed in the language of the statute; rather, the Secretary of HHS is directed to establish a timeline, in consultation with HHS-OIG, for implementing mandatory compliance programs within a particular healthcare industry or supplier category.

As these guidelines are developed in future months and years, healthcare providers will be well advised to make known to the Secretary of HHS and to the Inspector General the terms and conditions providers believe are appropriate and necessary.

G. Changes to the Stark Law and the New Self-Referral Disclosure Protocol

1. New Freedom of Choice Rules for In-Office Ancillary Services

Subject to various exceptions or safe harbors, the Stark Law prohibits a physician from referring a Medicare or Medicaid beneficiary to an entity in which the referring physician, or members of his/her immediate family, have a financial relationship.³ Unlike the Anti-Kickback Statute, which applies to anyone providing services or supplies under a federal healthcare program, the Stark Law is addressed to physicians only.

The so-called In-Office Ancillary Services (or “IOAS”) exception is one of the major exceptions to the Stark Law. It allows individual physicians in solo practice and in physician practice groups to self-refer patients for most designated health services if they meet certain additional requirements relating to who performs the service, the location of services, and the billing. Section 6003 of PPACA adds a new “Freedom of Choice” notification requirement for certain imaging services when a physician or practice group is seeking this “in-office” protection under the IOAS exception.

Here’s how the statutory amendment works: (1) The physician must inform a patient, in writing, that the patient may obtain the designated health service (DHS) from another entity outside the physician’s office or outside the referring physician’s group practice. (2) The amendment applies to MRI, CT scans and PET scans, and to “any other DHS specified under [42 U.S.C. § 1395nn](h)(6)(D) that the Secretary determines appropriate.” This reference to § (h)(6)(D) is to radiology services. (3) The amendment requires the referring physician to provide a written list of other physicians, durable medical equipment providers, or other suppliers who furnish the imaging service in the area where the beneficiary resides. (4) The Secretary may use rulemaking to impose similar Freedom of Choice requirements on referrals of other designated imaging services such as radiology services and ultrasound. (5) The Freedom of Choice notices are not required to comply with other Stark Law exceptions or for in-office services other than the imaging services designated by PPACA. (6) CMS will promulgate regulations to implement this new requirement.

2. Limits on Physician-Owned Hospitals

Another Stark Law exception amended by PPACA is the so-called “whole hospital” exception. This exception allows physicians to refer for designated health services to hospitals owned, in whole or in part, by the referring physician or an immediate family member, so long as the physician’s ownership interest is in the entire (or “whole”) hospital and not in merely a distinct part or department of the hospital. Stark also permits physician referrals to “rural” hospitals where substantially all of the designated health services furnished by the entity are furnished to individuals residing in a rural area. Section 6001 of PPACA essentially prevents the formation of new physician-owned hospitals, limits service expansions at existing physician-owned hospitals, and freezes the amount of physician ownership in existing hospitals as of March 23, 2010, the effective date of PPACA (i.e., physicians may not acquire greater ownership interests in hospitals than what they already owned as of March 23, 2010). The language effectively prohibits physician ownership in any hospital that does not have a Medicare provider agreement in effect as of December 31, 2010. CMS may grandfather-in existing hospitals with provider agreements in place as of that date. The reform statute requires written annual reports to HHS regarding the identity of owners and ownership interests (and these reports will be posted on an HHS website). These new physician-ownership limitation rules are also extended to physician ownership of rural hospitals. CMS is to promulgate regulations on these physician-ownership amendments by January 1, 2012.

3. A New Stark Self-Referral Disclosure Protocol

In 2009, HHS-OIG announced that its Self-Disclosure Protocol used by providers to report technical (and, often, unintentional) violations of various federal healthcare fraud and abuse laws was not available for use in disclosing Stark Law violations. This gap left providers with potential Stark issues in a quandary about how to approach the government in these circumstances, since Stark has some of the harshest penalties provisions — imposing a requirement that all payments for designated health services paid in violation of Stark are to be refunded to the government in addition to a $15,000 civil monetary penalty for each designated health service provided in violation of Stark.

In response to provider concerns, Congress added § 6409 to PPACA, which obligated the Secretary of HHS to develop and implement a disclosure protocol for actual and potential Stark violations within six months of the enactment of PPACA. CMS was instructed to publish the new Self-Referral Disclosure Protocol on its website within six months, with instructions to providers on how to access and use it. Right on schedule, the new Protocol was announced and appeared on the CMS website on September 23, 2010. The Protocol makes clear, as set forth in § 6409(a)(2) of PPACA, that it is separate and distinct from the existing CMS advisory opinion process used to determine whether a Stark violation exists.

The Protocol is not as clearly written as it might have been, and it appears to be limited solely to Stark issues, adhering specifically to the statutory language that mandated it. This means the new Protocol cannot be used for Anti-Kickback Statute issues or for other voluntary disclosures to the government. Too, while earlier voluntary disclosures might have generated a discounted fine for Stark violations, this new Protocol merely provides that CMS “may consider” reducing the amounts “otherwise owed” based upon five factors: (1) the nature and extent of the improper or illegal practice; (2) the timeliness of the self-disclosure; (3) the cooperation in providing additional information related to the disclosure; (4) the litigation risk associated with the matter disclosed; and (5) the financial position of the disclosing party.

H. Criminal Enhancements Included in the Reform Statutes

When Congress enacted the original HIPAA statute in 2003, it gave DOJ significant enhanced criminal authority in combating healthcare fraud (including the new healthcare fraud statute at 18 U.S.C. § 1347 and the ability to issue administrative sub­poenas known as authorized investigative demands under 18 U.S.C. § 3486). PPACA adds even more criminal healthcare fraud tools for DOJ to use, including:

(1) The U.S. Sentencing Commission is directed to update the Sentencing Guidelines to increase offense levels by 20-50% for crimes involving losses of more than $1 million;

(2) The definition of “healthcare fraud offense” under 18 U.S.C. § 24 is broadened to include Anti-Kickback Statute violations; Food, Drug and Cosmetic Act violations, and even certain ERISA reporting violations;

(3) PPACA provides DOJ with subpoena authority for investigations conducted pursuant to the Civil Rights of Institutionalized Persons Act (42 U.S.C. § 1997, et seq.), giving the government authority to seek to protect residents of nursing homes, mental health facilities, and similar institutions;

(4) PPACA amends the obstruction of justice statute, 18 U.S.C. § 1510, to provide that obstruction of criminal investigations involving HIPAA administrative subpoenas is treated the same as obstruction of investigations involving grand jury subpoenas; and,

(5) All of these offenses now become predicates for asset forfeiture proceedings and qualify as specified unlawful activities for money laundering charges. The separate healthcare obstruction of justice statute (18 U.S.C. § 1518) is extended to include these new offenses, and PPACA authorizes the use of administrative subpoenas in such investigations.

I. Conclusion

The healthcare fraud and abuse landscape has changed significantly as a result of the passage of both PPACA and HCERA. Not only has the scope of potential conduct subject to prosecution been broadened, but also the scope of potential liability under the False Claims Act has been expanded and the number of potential whistleblowers/relators bringing False Claims Act cases has been increased significantly. All healthcare providers must pay close attention to these changes in the coming months, as DOJ and HHS-OIG undoubtedly will be turning up the heat — through their new HEAT strike forces — on the entire healthcare industry.

---

[1] Thus far, HEAT strike forces have been formed in Miami, Tampa Bay, Los Angeles, Dallas, Houston, Detroit, and Brooklyn, with the most recent task force having been created in Baton Rouge, Louisiana. For more information on the HEAT strike forces, take a look at the website <www.stopmedicarefraud.gov>.

[2] See generally, <www.cms.hhs.gov/RAC>.

[3] See generally, 42 U.S.C. § 1395nn.

Finis