To Fight the Pandemic, Health Care Companies Face New Opportunities But Old Legal Risks
As many companies potentially rush into the government contracting space to fill gaps in medical equipment and services, and even experienced contractors find themselves navigating unchartered (and evolving) waters concerning the provision of medical care, heightened risks under the FCA may follow. William Harrington, Annie Railton and Courtney Orazio discuss some of those risks in this edition of their Federal Civil Enforcement column.
April 09, 2020 at 12:00 PM
8 minute read
The federal False Claims Act (FCA) is likely already on the radar of health care companies doing business with the government: It is a powerful tool for the DOJ (or private whistleblowers standing in the DOJ's shoes) to seek recompense for false claims or false statements made in order to receive federal funds, authorizing treble damages and potentially sweeping penalties. It may not be top of mind during the current COVID-19 pandemic, but in fact the FCA has its origins in policing fraud in times of crisis. Consistent with that history, on March 20, 2020, Attorney General William Barr issued a press release underscoring the DOJ's focus on combatting COVID-19-related fraud, including fraudulent billing in violation of the FCA.
As many companies potentially rush into the government contracting space to fill gaps in medical equipment and services, and even experienced contractors find themselves navigating unchartered (and evolving) waters concerning the provision of medical care, heightened risks under the FCA may follow. Below, we discuss some of those risks—in particular, those that may emerge due to a potential surge in telehealth services during this crisis—and steps that companies can take to mitigate potential FCA exposure as they provide critical goods and services in these uncertain times.
|The FCA's Application in Crises, Past and Present
Originally enacted in response to defense contractor fraud during the American Civil War, the FCA has long been used to police fraud in times of crisis.
As a recent example, in December 2018, the DOJ formed the Appalachian Regional Prescription Opioid Force (ARPO) to combat the opioid epidemic. Just four months later, ARPO had already brought enforcement actions across 11 federal districts against at least 60 charged defendants for their alleged participation in illegally prescribing and distributing opioids. And two of the largest FCA recoveries in fiscal 2019 came from opioid manufacturers Insys Therapeutics and Reckitt Benckiser Group, which paid $195 million and $1.4 billion, respectively, to resolve criminal and civil claims against them.
Recent DOJ guidance underscores the heightened scrutiny and enforcement risk likely to result from the COVID-19 pandemic, and the unprecedented federal economic response to the crisis. On March 16, 2020, the National Whistleblower Center penned a letter to AG Barr, calling for the formation of a nationwide task force to investigate COVID-related fraud under the FCA. That same day, AG Barr issued a memorandum directing prosecutors to "prioritize the detection, investigation, and prosecution of all criminal conduct related to the current pandemic." And on March 20, 2020, as noted above, AG Barr issued a press release reiterating the DOJ's heightened focus on fighting COVID-related fraud, including against medical providers who fraudulently bill for tests and procedures in violation of the FCA.
|Potential Areas of FCA Risk in Light of COVID-19
With all that in mind, there are several areas of particular risk for companies involved in providing goods and services to aid in the response to COVID-19. Among other things, companies must ensure compliance with rules and regulations concerning:
- Billing in the telehealth setting, or other scenarios when medical personnel do not actually see the patient;
- Licensing and credentialing requirements for providers;
- Privacy laws under the Health Insurance Portability and Accountability Act of 1996 (HIPAA); and
- Pricing issues and representations by vendors concerning the efficacy of personal protective equipment (e.g., masks, gowns, gloves) and medical devices and equipment (e.g., ventilators).
These risks may be especially acute for companies that receive funds through the Coronavirus Aid, Relief and Economic Security (CARES) Act, which was signed into law on March 27, 2020. Enforcement agencies will no doubt be paying close attention to how recipients use federal dollars they obtain—via contract, grant, or otherwise—as part of this $2 trillion stimulus package. Given this, companies should take care to ensure that they accurately represent their qualifications for relief funds and that they comply with any regulatory requirements attached to those funds.
|A Closer Look at FCA Risk in Connection With Telehealth
Of the areas identified above, telehealth in particular has garnered attention in light of widespread distancing efforts. President Trump even touted its utility in a recent briefing. The federal government has expanded coverage and reduced barriers to telehealth services in response to the COVID-19 pandemic—but with increased access (and perhaps also increased funding) may come increased risks. Companies should be cognizant of those risks, and how to mitigate them, especially as practitioners that traditionally rely on in-person visits (e.g., primary care physicians, therapists, dermatologists, and other specialists) enter the telehealth arena for the first time.
Historically, the U.S. Centers for Medicare and Medicaid Services (CMS) has restricted coverage of telehealth services—including limiting its applicability to patients in more remote locations, requiring that a provider be licensed in the state where the patient is located, and requiring that the provider and patient have an existing relationship at the time of service. But on March 13, 2020, in response to the COVID-19 pandemic, the U.S. Department of Health and Human Services (HHS) waived each of these requirements. As a result, health care providers may now be reimbursed under Medicare for providing covered telehealth services to Medicare patients located in their homes, regardless of where the patient is located, regardless of where the provider is licensed, and regardless of what (if any) relationship exists between the provider and patient prior to the time of service. But by its terms, HHS's waiver applies "only to the extent necessary," as determined by CMS, to (1) "ensure that sufficient health care items and services are available to meet the needs of individuals enrolled in the Medicare, Medicaid, and CHIP programs," and (2) to reimburse providers who "furnish such items and services in good faith, but are unable to comply with one or more of these requirements as a result of … the 2019 Novel Coronavirus … pandemic" "absent any determination of fraud or abuse."
On March 17, 2020, the OIG also announced that—for the time period that the COVID-19 public health emergency is effect—health care providers will not face administrative sanctions for reducing or waiving any cost-sharing obligations that federal health care program beneficiaries may owe for telehealth services, such as copayments, coinsurance, and deductibles. Ordinarily, such routine reductions or waivers could implicate the Anti-Kickback Statute—a frequent source of alleged FCA violations. For free or reduced-cost telehealth services furnished during the COVID-19 public health emergency, however, OIG "will not view the provision of [those] services alone to be an inducement or as likely to influence future referrals." But nothing in the OIG's statement otherwise relieves providers of their responsibility to only bill for services performed and to comply with applicable laws related to claims submission and cost reporting.
Finally, also on March 17, OIG's OCR division similarly announced that, in its "enforcement discretion," it will not impose penalties for noncompliance with HIPAA against covered health care providers in connection with the good faith provision of telehealth services during the COVID-19 public health emergency. As a result, providers may offer telehealth services via non-public-facing platforms such as FaceTime, Skype, and Facebook Messenger. Health care providers are nonetheless encouraged to inform patients that the use of such non-HIPAA compliant third-party applications may introduce privacy risks.
Despite expanded coverage and increased access to telehealth services in response to the COVID-19 pandemic, however, questions and risks remain. For example, where and when should providers apply waivers or reduce cost-sharing obligations in this rapidly-changing situation, and how can providers determine what services qualify as "necessary" to "meet the needs" of Medicare beneficiaries. While CMS has not limited "necessary" services to the treatment of COVID-19 itself, CMS's announcement does not identify what specific services will, in fact, be deemed "necessary." Companies must also still be cognizant of other applicable federal and state laws, including those related to establishing the requisite physician-patient relationship and obtaining information sufficient to make a diagnosis or treatment recommendation in order to issue a prescription via telehealth.
Bearing in mind that the government will be scrutinizing telehealth services administered during and after the current crisis—especially those rendered by CARES fund recipients—companies should consider adopting strategies to mitigate potential FCA risk, which may include:
- Documenting the rationale for decisions concerning CARES relief funds, including government guidance or regulation(s) being relied on for a particular decision;
- Updating internal policies and procedures, especially if entering telehealth as a new business line, or deviating from preexisting practices due to COVID-19 circumstances;
- Keeping careful records that establish the medical necessity for all services rendered;
- Training (or re-training) the company's billing team on key FCA issues; and
- Closely monitoring waivers and reductions of cost-sharing obligations, and new patient relationships, to reduce the risk that steps taken post-pandemic could be viewed as potential kickbacks.
Finally, in addition to internal measures, companies should also be diligent in monitoring CMS and OIG guidance, and should promptly revise their policies and procedures as necessary to comply with that guidance in these uncertain and unprecedented times.
William Harrington and Annie Railton are partners at Goodwin in New York and Courtney Orazio is an associate in Boston.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllTrump Picks Personal Criminal Defense Lawyers for Solicitor General, Deputy Attorney General
SEC Under Trump 2.0 Likely to Take More 'Measured' Enforcement Approach, Observers Say
Decision of the Day: Attorney in Social Security Case Awarded Fees, But Must Pay Client Refund Under Equal Access to Justice Act
Trending Stories
- 1Elon Musk Names Microsoft, Calif. AG to Amended OpenAI Suit
- 2Trump’s Plan to Purge Democracy
- 3Baltimore City Govt., After Winning Opioid Jury Trial, Preparing to Demand an Additional $11B for Abatement Costs
- 4X Joins Legal Attack on California's New Deepfakes Law
- 5Monsanto Wins Latest Philadelphia Roundup Trial
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250