By: Pamela Coyle Brecht , Marc Stephen Raspanti
Part 1 of this article series, published in the November 2021 issue of Compliance Today, outlined in general the American and Italian healthcare systems. Part 2 outlines America’s primary healthcare fraud laws. Part 3 of this series, to be published in the January 2022 issue of Compliance Today, will outline Italy’s fraud and abuse laws.
In America, the enforcement landscape is ever evolving. Compliance within this thicket of criminal, civil, and administrative laws and regulations can prove especially challenging. The most used fraud and abuse prevention tools include the federal Anti-Kickback Statute (AKS), the federal False Claims Act (FCA), state false claims acts (FCAs), Stark Law, and more recently the Physician Payments Sunshine Act. In addition to these laws, there are two important industry codes of conduct that govern behavior: the PhRMA Code on Interactions with Health Care Professionals, which covers the pharmaceutical industry, and the AdvaMed Code of Ethics, which covers the medical device industry.
The AKS is a powerful federal law that seeks to prevent financial considerations from interfering with the independent medical judgment and purchasing decisions of healthcare providers.[1] In general, this law prohibits a company or individual from offering a healthcare provider, such as a doctor or hospital, incentives (referred to as “inducements”) to encourage use of its products or services.More specifically, the AKS imposes criminal penalties on any person who knowingly and willfully solicits, receives, offers, or pays any “remuneration” (including any kickback, bribe, or rebate) directly or indirectly, in cash or in kind, to any person to induce that person to either:
Prohibited “remuneration” under the AKS can include prizes, gifts, coupons, discounts, and other goods or services offered to physicians or suppliers. Additionally, a violation of the AKS can occur even if a kickback does not actually result in a referral or a purchase as the statute prohibits the mere offer or request for something of value with the intent of inducement.American courts have found that the intent requirement of the AKS is met where “one purpose” of a payment is to induce referrals for, or purchases of, an item or service covered under a federal health program. The “one purpose” test was established in the landmark case United States v. Greber.[2] The presence of other good intentions or other purposes for offering, paying, or receiving the payment does not reduce liability.
Given its broad scope, the AKS potentially implicates nearly every financial relationship between American healthcare providers, suppliers, and manufacturers and healthcare professionals. U.S. Department of Health & Human Services Office of Inspector General (OIG) has the authority to establish regulatory safe harbors, which are explicit exceptions to the AKS as written. The safe harbors describe activities, which would implicate the AKS but are deemed by the government unlikely to be abusive. If an arrangement falls squarely within one of these safe harbors, it is fully protected from potential AKS exposure. The failure to comply with a safe harbor does not render a practice violative but means only that the practice or arrangement does not have absolute assurance of protection from AKS liability.[3]Some of the most commonly used AKS safe harbors provide exceptions for investment interests, space or equipment rental, personal services and management contracts, sale of a practice, referral services, warranties, and discounts.[4] AKS safe harbor protection mandates that the payments involved are fair market value, the transactions are commercially reasonable, and they are based on a written agreement signed by the parties or other documented records of the transaction.As the American healthcare delivery framework becomes more complex and entities seek new and creative ways to conduct business, the OIG will continue to issue guidance beyond the safe harbor regulations. Primary sources for administrative guidance include: (1) OIG guidance on developing compliance programs for pharmaceutical manufacturers, (2) administrative bulletins or OIG special fraud alerts, and (3) advisory opinions. These sources either identify areas of concern or indicate how the OIG would apply the AKS to the particular circumstances of each request.Special fraud alerts issued by the OIG specifically describe conduct that the OIG views as problematic or impermissible. They put healthcare entities and providers on notice that practices addressed in the alert pose a risk for AKS liability. The OIG also issues advisory opinions upon request when the requesting party provides the OIG with detailed background information on the circumstances of the transaction or other conduct. Essentially, the requestor seeks the “blessing” of the OIG to ensure that they are not engaging in prohibited conduct. OIG must formally “accept” the request before it will render an opinion, the requesting party must reimburse the OIG for the costs of processing the request, and the opinion technically protects only the requestor.
The federal self-referral statute, commonly referred to as the Stark Law—originally a part of Section 1877 of the Social Security Act—prohibits a physician from referring any “designated health services” payable by a federal healthcare program to an entity with which the physician, or an immediate family member, has a “financial relationship,” unless all the requirements of an “applicable exception” are met.[5] The Stark Law also prohibits claims for designated health services that are furnished as a result of a prohibited referral. The main purpose of the Stark Law is to prevent conflicts of interest from interfering with healthcare decisions.
Several factors are critical to understanding the Stark Law. First, there is a defined list of 10 designated health services to which the Stark Law applies. They are clinical laboratory services; physical therapy; occupational therapy and speech-language pathology services; radiology and certain other imaging services; radiation therapy services and supplies; durable medical equipment and supplies; parenteral and enteral nutrients and equipment; prosthetics, orthotics, and prosthetic devices and supplies; home health services; outpatient prescription drugs; and inpatient and outpatient hospital services. Second, “financial relationships” are defined very broadly to include compensation arrangements, investment interests, and ownership interests. Both direct and indirect relationships are covered by the law. The exchange of anything of value, in cash or in kind, may create a financial arrangement to which the Stark Law applies.
Third, there are nearly 20 exceptions to the Stark statute, but only arrangements that fall squarely into the exceptions are exempt from liability under the law. Like the safe harbors to the AKS, many of the Stark exceptions require the financial relationship to reflect fair market value. The mere negotiation of financial terms between the parties is not sufficient. Fair market value must be established by reference to other financial terms for the same goods or services in the community, agreed upon in an arm’s-length transaction, and, critically, without regard to the volume or value of referrals.
Unlike the AKS, the Stark Law is not a criminal statute but a potent civil law. Violations can result in civil liability and penalties of up to $15,000 for each violation. Additionally, the Stark Law is a strict liability statute, which means that proof of specific intent to violate the law is not required. Providers who make prohibited referrals for designated health services may violate the Stark Law—regardless of potentially good intentions.
As discussed above, the federal FCA[6] is widely regarded as the United States’ single-most important tool to combat healthcare fraud, waste, and abuse. Often referred to as “Lincoln’s Law,” the FCA was originally enacted in the 1860s to combat fraud against the Union Army during the American Civil War. There is no Italian corollary. Despite existing for more than 150 years, the FCA was largely unused until its 1986 amendments, which permitted private-citizen whistleblowers to file qui tam lawsuits on behalf of the government against those who presented false or fraudulent claims for payment to the United States. Essentially, the FCA applies whenever the government pays for an item or service.The FCA does not require proof of specific intent to defraud the government because it is a civil, not criminal, statute.The penalties for violating the FCA are severe. The FCA provides for treble damages (three times the actual damages) plus civil monetary penalties of between $11,665 and $23,331 per individual claim[7] —few laws, if any in the world, pack such a penalty per claim. In healthcare fraud cases, this combination of treble damages and civil monetary penalties can transform a relatively small case into one that poses substantial financial consequences for the provider, hospital, or manufacturer.The FCA has been used to combat a wide variety of healthcare fraud schemes. To illustrate this point, during 2018 alone, qui tam whistleblowers and the government used the FCA to secure $2.5 billion in recoveries in cases, well known to the authors, that included:
These cases illustrate the depth and breadth of FCA enforcement actions, as well as the central role the FCA plays among American healthcare enforcement tools, including the AKS and the Stark Law. Moreover, the 2018 healthcare-based recoveries under the FCA are by no means an anomaly. In fact, the FCA has been the source of more than $2 billion in recoveries annually in healthcare fraud cases since 2009 and has netted more than $64 billion since 1986.[13]The FCA, unique in its qui tam or whistleblower provisions, creates unique opportunities unavailable in Italy and throughout Europe to combat healthcare fraud, waste, and abuse. Under the FCA, a whistleblower or “relator” must perfect their claim on behalf of the government, including retaining an attorney to file their qui tam lawsuit ex parte, under seal in an appropriate federal court. Then, the statute affords the Department of Justice (DOJ) time to investigate the whistleblower’s claims and gather additional evidence. Following the government’s sealed investigation, DOJ must inform the relator whether it intends to join in the lawsuit—a decision referred to as “intervening,” which occurs in approximately 20% of the cases.[14] When the government intervenes, it takes over the lawsuit and prosecutes the case against the defendant. The whistleblower and their private attorney remain involved meaningfully in the litigation. The DOJ, for any reason, can also elect to partially intervene or decline intervention. If the government declines to intervene, the whistleblower, through counsel, has the right under the FCA to continue the case in the name of the US taxpayers.If the whistleblower brings a successful claim (meaning there is a recovery either through settlement or trial), they are rewarded by receiving 15%–30% of the government’s recovery, called the “relator’s share.” From 1986 to 2020, qui tam whistleblowers in healthcare cases have been paid more than $7.8 billion in rewards for blowing the whistle.[15] Of that, approximately $5.3 billion was paid between 2010, when the FCA and its anti-retaliation provisions were strengthened, through the end of fiscal year 2020.This financial incentive for relators has driven the success of the FCA for several reasons. First, whistleblowers assume great professional and personal risk to report fraud. Often, the conduct involves their current or former employers and colleagues and could lead to being blackballed in an industry. Relators’ awards can counteract some real perils of whistleblowing.
In addition to the financial reward, the FCA contains strong anti-retaliation provisions to protect whistleblowers. Specifically, Section 3730(h)(1) of the FCA provides that “any employee, contractor, or agent shall be entitled to all relief necessary to make that employee, contractor, or agent whole, if that employee, contractor, or agent is discharged, demoted, suspended, threatened, harassed, or in any other manner discriminated against in the terms and conditions of employment because of lawful acts done by the employee, contractor, agent or associated others in furtherance of an action under this section or other efforts to stop 1 or more violations” of the FCA.[16] Importantly, protected whistleblower conduct is not limited to filing a case under the FCA. Internal reporting itself serves both as the effort to stop the FCA violation and provides notice to the employer that the employee is engaging in protected activity. Even whistleblowers who are unsuccessful in their underlying qui tam action can still bring a retaliation claim under 31 U.S.C. § 3730(h)(1). The whistleblower must prove (1) they engaged in protected activity, (2) the employer took an adverse employment action against them, and (3) the adverse employment action was taken because of the whistleblower’s protected activity.
The FCA’s potential monetary awards, in combination with individual protection, incentivize whistleblowers to come forward and assist the United States government in its efforts to detect and prevent fraud, as well as to recover improperly paid funds. These incentives and protections, however, are not limited to American citizens, and whistleblowers living and working outside the United States, both citizens and noncitizens, have used the FCA.
For example, in United States ex rel. Epp v. Supreme Foodservice, A.G., a German citizen who worked in Dubai for defendant Supreme Foodservice, a privately held Swiss company, brought a qui tam action under the FCA.[17] Michael Epp, working through US counsel, alleged that Supreme submitted false claims to the US in connection with a contract to provide food and water to US troops serving in Afghanistan. Following a lengthy investigation, Supreme agreed to pay $389 million to resolve criminal and civil claims. The whistleblower received more than $16 million for bringing the lawsuit and assisting the government in its investigation.
While the federal FCA combats fraud against US government funds, it does not protect state government funds. Based on the FCA’s success, 30 states (as well as the District of Columbia and Puerto Rico) have enacted their own false claims laws, largely mirroring the federal FCA. These state FCAs are intended, predominantly, to protect the state funds, and in healthcare, this would be the state portion of healthcare claims for Medicaid beneficiaries (a program jointly funded by federal and state taxpayers).
These 32 places—as well as nine municipalities with their own false claims acts that have created mechanisms by which they can recover fraudulently paid funds—are devoting increased resources to investigating and prosecuting whistleblower lawsuits.[18] For example, Texas, New York, Massachusetts, and California all have substantial investigation and prosecution teams, which have recovered billions of dollars as a result of whistleblower-instituted cases. Importantly, most of the state FCAs, like the federal FCA, permit anyone, including persons outside the US, to file a state-based qui tam lawsuit and share in any recovery from their lawsuit.
In 2010, the U.S. Congress enacted the Physician Payments Sunshine Act (Sunshine Act), a law to increase transparency of financial relationships between healthcare providers and pharmaceutical manufacturers. The Sunshine Act was born out of competing concerns. First, the recognition that “collaboration among physicians, teaching hospitals, and industry manufacturers contributes to the design and delivery of life-saving drugs and devices.”[19] Second, “payments from manufacturers to physicians and teaching hospitals can also introduce conflicts of interest that may influence research, education, and clinical decision-making in ways that compromise clinical integrity and patient care, and may lead to increased health care costs.” The Sunshine Act focuses on the second concern by requiring manufacturers to collect data and report on the nature and extent of financial relationships with healthcare providers.
Manufacturers of drugs; medical devices; and biological and medical supplies covered by Medicare, Medicaid, and the Children’s Health Insurance Program must track all payments or other transfers of value with both physicians and teaching hospitals. Consulting fees, royalties, research fees, and related expenses must be reported as payments. “Transfers of value” include meals, airfare, and educational materials that a manufacturer provides to a medical professional. Affected manufacturers must disclose the payment data through a transparency report to the Centers for Medicare & Medicaid Services (CMS). While the law was passed in 2010, payments made prior to August 1, 2013, were explicitly excluded from reporting. Even benefits conferred that have a deferred delivery (i.e., stock options) granted prior to August 1, 2013, were excluded from reporting.[20]
In 2012, Congress and CMS publicly acknowledged the substantial challenges that manufacturers would face in implementing the Sunshine Act’s reporting requirements. Moreover, these challenges were particularly acute for small manufacturers with international operations. In keeping with these realities, the Sunshine Act allows for amendment for erroneous submissions, with specific remedies when violations are known.[21]
As a part of the Sunshine Act, CMS developed the Open Payments Program to first track and then publish the manufacturer’s reports. After a manufacturer submits their transparency reports, CMS publishes the data on its website.[22] Patients are encouraged to review their treating providers to learn about any financial relationships between those providers and manufacturers. Although a primary purpose of the Open Payments data is to prevent the inappropriate influence of financial benefits on research, education, and clinical decision-making, CMS considers itself an impartial participant. While it collects and publishes the information, it makes no determinations about conflicts of interest. This statute is still evolving in America—there have been at least three settlements involving alleged violations of the Sunshine Act.[23]
Another weapon in the United States’ arsenal against healthcare fraud is the PhRMA Code.[24] The Pharmaceutical Research and Manufacturers of America (PhRMA) is a powerful trade group representing researched-based pharmaceutical and biotechnology companies. Membership is completely voluntary, but most leading American pharmaceutical companies have joined the association to advocate for public policy changes and to lobby government decision-makers.
PhRMA first established its own voluntary code of ethics, the “Code on Interactions with Healthcare Professionals” (PhRMA Code), in 2002. Members adopt the code and agree to follow its principles. Given PhRMA’s prominence, the PhRMA Code establishes a de facto benchmark for industry practices. The PhRMA Code provides a series of articulated rules for particular activities. Specifically, it provides evidence to companies and their providers’ customers for marketing and pre-launch activities. Among other things, the PhRMA Code suggests appropriate promotional materials, limits informational presentations to valuable scientific and clinical information, prohibits the provision of entertainment and recreation, and sets guidelines for consulting relationships.
It is important to note that the PhRMA Code provides important guidance, but little protection, to manufacturers. OIG has stated that the PhRMA Code is a good starting point for questions regarding appropriate relationships between pharmaceutical companies and providers.[25] OIG also has noted that compliance with the PhRMA Code demonstrates a good faith effort to comply with the applicable healthcare program requirements. OIG has emphasized, however, that compliance with the PhRMA Code alone will not protect a manufacturer as a matter of law from AKS liability, but adherence will substantially reduce the risk of fraud and abuse.
The Advanced Medical Technology Association (AdvaMed) is an American medical device trade association and the largest medical device association in the world. Membership is voluntary, and AdvaMed’s members are primarily medical device companies, diagnostic product companies, and health information system companies. In fact, as of 2008, its members reportedly produced 90% of the medical products sold annually in the United States and 50% of the products sold globally.[26]
Like PhRMA, AdvaMed established its own voluntary code of ethics,[27] which facilitates ethical interactions between medtech companies and healthcare professionals to ensure that medical decisions are based on the best interests of the patient. The AdvaMed Code shares some, but not all, provisions of the PhRMA Code. AdvaMed’s Code identifies seven categories of typical company/healthcare professional interactions and provides guidance on member-sponsored product training and education, third-party educational conferences, sales and promotional meetings, arrangements with consultants, gifts, provision of reimbursement, and grants and other charitable donations. Members of AdvaMed agree to follow its principles, but adherence is voluntary.
OIG has been supportive of the AdvaMed Code and encourages companies and physicians to consult the code.[28] Again, the OIG does not guarantee that compliance with any soft code will protect an entity from liability under American healthcare fraud and abuse laws.
By mid-March 2020, the COVID-19 pandemic had clearly reached the American shores. The US response was multifaceted. Like most of the world, American government and private-sector leaders initially underestimated the threat and failed to fully comprehend its eventual impact on the American healthcare system. Next, the United States, under two presidents, issued unprecedented governmental monetary assistance to individuals and corporations. To date, more than $3.4 trillion has been distributed.[29] The American pharmaceutical industry, backed by the resources of the government, undertook a D-Day–like approach to creating a vaccine in record time. Together with leading European manufacturers, those efforts were largely successful, and the pharmaceutical industry is now helping to vaccinate the world. The emerging trend is the government’s pursuit and prosecution of COVID-19 fraudsters.
In May 2021, the DOJ formed its COVID-19 Fraud Enforcement Task Force to corral the full spectrum of government resources to hunt down fraud against the various COVID-19 relief programs.[30] Enforcement effects were already underway before the taskforce was created. By March of 2021, nearly 500 people had been criminally charged with fraud related to COVID-19 relief programs.[31] Given the trillions of dollars in COVID-19–related expenditures,[32] the frequency and size of these FCA cases are certain to increase over the next several years.
Fraud has afflicted the whole gamut of the various American pandemic relief programs, from the Paycheck Protection Program to the country’s various unemployment aid programs. These funds were made widely and easily available to businesses and individuals based on the concern that relief not be slowed by overly stringent oversight. The remarkable size of the relief effort coupled with the minimal controls over the initial distribution of funds created a perfect storm for fraud. For example, fraud on the unemployment program during the pandemic may reach $400 billion, with much of that money flowing to foreign criminal organizations.[33] If that proves true, then the criminal dragnet may well reach beyond America’s borders.
By Pamela Coyle Brecht, Esq.; Paola Sangiovanni; and Marc Stephen Raspanti, Esq.
Pamela Coyle Brecht (pcb@pietragallo.com) serves as Pietragallo Gordon Alfano Bosick & Raspanti LLP’s Practice Chair for the firm’s global Qui Tam/False Claims Act Practice Group in Philadelphia, PA. Paola Sangiovanni (paola.sangiovanni@grplex.com) is a life sciences lawyer and partner in the law firm of Gitti and Partners, which is located in Milan, Italy. Her clients include med tech, pharma, and healthcare providers. Marc Stephen Raspanti (msr@pietragallo.com) is a name partner of Pietragallo Gordon Alfano Bosick & Raspanti LLP, located in Philadelphia, PA. He is the founder of the firm’s White Collar Criminal Defense Practice Group as well as the firm’s Qui Tam/False Claims Act Practice Group.