America and France share many common ideals. The American Constitution is founded on the principle of government “of the people, by the people, and for the people.” The French Constitution embodies this same principle in the ideals of “liberté, égalité, fraternité.” Based upon these shared values, our two countries have forged an indelible alliance through which we have triumphed together side-by-side in the American War of Independence, two World Wars, and even the Cold War. Now, our two nations work together as allies to lead the world in responding to a wide variety of economic, political, medical, technological, and scientific challenges that confront a rapidly changing world.
The US and France participate in a truly global network of healthcare providers, with significant economic and scientific dependence between these two countries. Hundreds of biotech companies are based in France, many of which also do business with American-based companies. For example, in the medical device sector alone, in France this year, revenues from medical device sales are expected to reach €31.2 billion (more than $35.2 billion). Sales from device exports from France are expected to account for €8.9 billion (almost $9.8 billion), which is 26% of the total market. Of the 1,300 medical device firms operating in France, one-third of these are based outside of France. Foreign medical device companies generate two-thirds of the device sales revenues in France, with American companies accounting for the largest share, 22% of the total revenues.
One major challenge confronting both America and France is developing and implementing a healthcare system that can provide life-extending care in a way that is effective, innovative, and cost efficient. Although the healthcare systems in America and France differ in many respects, there is one challenge that confronts both countries: the problem of fraud, waste, and abuse. Both countries take this problem seriously. For example, in America the federal government recovered more than $2.5 billion in 2018 alone from healthcare fraudsters, while in France estimates indicate that at least one in five emergency room visits in 2017 was deemed “inappropriate.”
This article will focus on myriad statutes and regulations enacted in America and France to combat fraud, waste, and abuse. It will highlight some of the important similarities as well as differences between these laws. Given the close historical and commercial ties between America and France, particularly healthcare companies that operate regularly in both countries, it is essential that all players involved in healthcare (e.g., businesses, manufacturers, providers, and attorneys) have a working understanding of the fraud, waste, and abuse laws of both countries.
There is no dispute that the United States and France both invest tremendous public resources in their healthcare systems. In America, which has a population of over 326 million, estimates indicate that more than $3.5 trillion was spent on healthcare in 2017. This represents an expenditure of $10,739 per citizen in the United States. By comparison, in France, which has a population of over 67 million, estimates indicate that more than $328 billion dollars was spent on healthcare in 2017. This represents about $4,902 per person in France. There are many complicated reasons for the differences in healthcare spending. However, there is little doubt that both America and France commit an extraordinary amount of their public wealth to delivering healthcare to their citizens. One obvious and primary difference between the healthcare in America and France is that the American system is made up of a hybrid of public and private payers, but France has a publicly run “universal” health insurer. These differences are examined further below.
It is a misnomer to label healthcare in America as one “system.” Rather than a singular system, healthcare in America is delivered through a hybrid of two different, but interrelated healthcare systems: (1) the government-funded or “public” health system, and (2) the numerous for-profit and nonprofit private health insurers. This hybrid system provided some measure of healthcare to 91.2% of Americans in 2017.
The first part of the American hybrid health system is government-funded public insurance. The main pillars of government-funded insurance are the giant Medicare and Medicaid systems. The Medicare system was created in 1965 to provide government-funded healthcare to millions of Americans older than age 65. Over time, Medicare has been expanded to now include: Part A (hospital insurance); Part B (medical insurance); Part C (Medicare Advantage Plans, which are “managed care” alternatives to Parts A and B); and most recently, the massive Part D prescription drug coverage program. Additionally, Medicare has been expanded to now cover individuals older than 65, disabled individuals, and individuals with end-stage renal disease or those requiring a kidney transplant. By 2017, 58.5 million people were enrolled in Medicare, and Medicare spending reached $705 billion (20% of the total spending on healthcare in America). This behemoth government-funded healthcare program is run by the Centers for Medicare & Medicaid Services (CMS), a division of the United States Department of Health and Human Services (HHS).
The other main pillar of American government-funded insurance is the Medicaid system. Medicaid, also created in 1965, was set up to provide government-funded healthcare for poor and low-income families. Like Medicare, the Medicaid program has been expanded over time, and now covers low-income families, pregnant women, people of all ages who have long-term disabilities, and people who need long-term care. Also, like Medicare, the Medicaid program provides hospital insurance, medical insurance, “managed care,” and prescription drug coverage. However, unlike Medicare, the Medicaid program is not funded solely by the federal government. Rather, the Medicaid program is jointly funded by the federal government and each of the 50 states (plus territories including Puerto Rico, Guam, and the District of Columbia). Moreover, unlike Medicare, the Medicaid program is run by each individual state, and thus the program can vary significantly from state to state. In terms of size, the Medicaid program covers more than 73 million Americans. Medicaid spending nationwide grew to $581 billion in 2017.
Medicare and Medicaid are the two main pillars of the American public health system, but there are other significant, publicly funded health insurance programs, including, but not limited to: the Children’s Health Insurance Program (CHIP), TRICARE (the health system for the US military), the Department of Veterans Affairs (the health system for US military veterans), and the Federal Employees Health Benefit (FEHBP) program.
The second part of the American hybrid health “system” is the private health insurance market. In 2017, an estimated 67.2% of Americans had private health insurance. Private insurance spending has grown to more than $1.1 trillion per year. The most common form of private insurance is employer-based insurance in which nongovernment employers offer their employees group insurance plans, typically administered by private, for-profit insurance companies. Additionally, about 16% of Americans received private insurance by purchasing coverage directly from insurance companies, rather than through their employers. Private insurance companies are, as the name suggests, privately run. However, they are regulated at the state level by individual state insurance departments that guard against fraud, waste, and abuse through their own sophisticated internal fraud monitoring and special investigations units, often directed by former law enforcement personnel.
Perhaps the most significant recent trend in the American private insurance market is the rapid consolidation of mega insurance companies, driven (among other reasons) by increased competition and an aging American population.
The French healthcare system is primarily a government-funded, single-payer system known as l‘assurance maladie, or the sécurité-sociale (Sécu). The Sécu system picks up most healthcare costs, but French citizens can also voluntarily purchase private insurance (assurance complèmentaire or the mutuelle santé) to cover those medical costs that are not covered by the state Sécu. This voluntary health insurance is provided through mutual organizations and private insurers, and it is not always compulsory.
Historically, l’assurance maladie comprised a number of private or mutual insurance carriers that collected insurance premiums from their clients, which were then used to pay for the costs of healthcare. Today, health insurance is a public organization and operates under the supervision of the government, which has ultimate financial responsibility. The funds are committed through legislation enacted each year by the French Parliament, which covers the financing of the Sécu.
The main health insurance fund is a general fund called the Régime Général. This fund covers about 85% of the population working in industry and commerce, as well as the unemployed and those retired or not covered by another fund. Within the Régime Général, the Protection Universelle Maladie (PUMA) guarantees permanent health coverage for all persons who are legal residents in France, whether they are employed or not. This universal system of healthcare has been in place in France since January 2016.
At the national level, healthcare strategy in France is the responsibility of the Ministry of Social Affairs, Health, and Women’s Rights. At a local level, the General Fund is administered by a health authority, called the Caisse Primaire d’Assurance Maladie (CPAM). For self-employed workers in France, there is a separate state-controlled insurance scheme called Régime Social des Indépendants (RSI). However, since 2018, the RSI has been in the process of being dismantled, and all those affiliated with it will be transferred to their local CPAM in the future.
In America, the task of preventing and combating fraud, waste, and abuse in the hybrid healthcare system is spread among a complex patchwork of actions: federal and state law enforcement agencies and investigators, private insurance company fraud investigations/monitoring departments, and private-citizen whistleblowers. Adding to this complexity are the numerous federal and state criminal and civil laws and regulations that apply to combat fraud, waste, and abuse in the healthcare system. Untangling this web is essential to understanding the American healthcare system, and to avoid the worst effects of being caught up in a potentially devastating healthcare fraud investigation and/or civil or criminal prosecution.
Although the various groups responsible for healthcare enforcement in the US often work together, or at least cooperatively, it would be an overstatement to call them a unified team. However, each of the government agencies, private organizations, and individuals plays a key role in reducing fraud in the multitrillion-dollar American healthcare system. Any practitioner involved in this area should understand the various duties and responsibilities of the members of America’s highly diversified healthcare fraud prevention team.
The first part of the American healthcare enforcement team is the government (federal and state) law enforcement agencies and investigators who are primarily responsible for policing the American system. At the federal level, these duties are shared by several agencies, including: (a) the Office of Inspector General for the United States Department of Health and Human Services (HHS-OIG), which, among other things, investigates allegations of fraud against the Medicare and Medicaid programs; (b) the United States Food and Drug Administration’s Office of Criminal Investigations (FDA-OCI), which investigates alleged illegal practices by pharmaceutical and medical device manufacturers; and (c) the United States Department of Justice (DOJ), and its 93 separate United States attorneys, who initiate and prosecute criminal and civil healthcare fraud cases on behalf of the federal government. The 93 United States attorneys are appointed by the president of the United States and are subject to confirmation by the Senate. Each US attorney serves as the chief federal prosecutor for a specific geographic area of the United States (referred to as federal districts). Although the US attorneys often change with the election of a new president, the individual prosecutors who work for the US attorney (known as assistant United States attorneys, or AUSAs) typically remain on the job through multiple administrations as career prosecutors.
At the state level, the duties of combating healthcare fraud are shared among 50 individual state attorneys general, 50 individual state Medicaid Fraud Control Units (MFCUs), and hundreds of local prosecutors within each state (often referred to as district attorneys). The individual state MFCUs work together through the National Association of Medicaid Fraud Control Units (NAMFCU), which promote efficiency in healthcare fraud prosecutions by sharing information and dividing responsibility for investigating and prosecuting fraud cases on behalf of all member states. The task of coordination among these many government efforts is neither simple nor straightforward.
Although these federal and state law enforcement agencies often focus on individual cases, they have become increasingly more aggressive and coordinated. For example, in July 2017, the DOJ announced a national healthcare fraud takedown, which was the largest ever healthcare fraud enforcement action. It involved 412 charged defendants across 41 federal districts, including 115 doctors, nurses, and other licensed professionals. The alleged healthcare fraud schemes totaled approximately $1.3 billion in false billings to federal and state agencies. Thirty state MFCUs also participated in these arrests, and HHS-OIG initiated suspension actions against 295 providers, including doctors, nurses, and pharmacists. These coordinated government takedowns dramatically demonstrate the escalating sophistication and coordination among the federal and state law enforcement agencies charged with combating healthcare fraud, waste, and abuse in the US.
The second part of the American healthcare enforcement team comprises the fraud investigations/monitoring departments of large private insurance companies. These departments often employ sophisticated claims monitoring programs and medical chart review teams to identify any outliers or anomalies in healthcare claims data. Former law enforcement agents are often hired to fill these roles. Although these private insurance company investigation departments cannot institute criminal fraud prosecutions, they frequently refer cases of suspected fraud to United States attorneys and state attorneys general for investigation and prosecution. Additionally, these private investigation departments frequently make repayment demands from healthcare providers and file civil lawsuits against providers who submit improper healthcare claims. Providers and manufacturers that operate in America would be wise to deal carefully with private insurance company auditors and investigators, because a small case regarding private insurance claims can easily become a full-blown federal or state criminal and/or civil fraud investigation.
The third part of the American enforcement team are the private-citizen whistleblowers (also known as relators) whose role in combating healthcare fraud in America is truly unprecedented and extraordinary. Although members of the public are frequently told, “If you see something, say something,” the reality is that private citizens are loath to blow the whistle on suspected fraud. It is simply easier to turn a blind eye, rather than get personally involved. That certainly was the case in America when it came to healthcare fraud, at least until Congress amended the federal False Claims Act (FCA) in 1986. Through those amendments, Congress deputized citizens, with the help of their private counsel, to file lawsuits on behalf of the government against anyone who presented, or caused to be presented, a false or fraudulent claim for payment to the United States, including through any federally funded healthcare program like Medicare and Medicaid.
These private-citizen whistleblower lawsuits are called “qui tam” actions, after the Latin phrase “qui tam pro domino rege quam pro se ipso in hac parte sequitur,” meaning “he who sues in this matter for the king as well as for himself.” The FCA enables any “person” to file a qui tam lawsuit. The person can be an individual or a corporation (e.g., a competitor).
Whistleblowers do not need to be US citizens or even live in the United States. They can live anywhere in the world, including France. The primary requirement is that the whistleblower have specific, credible information that the defendant presented false or fraudulent claims for payment of US government funds. Given that the US government spends money throughout the world, and that businesses across the globe receive US government funds, the number of qui tam lawsuits filed under the FCA by whistleblowers located outside of America has increased in recent years. In fiscal year 2018 alone, the US government awarded more than 110,000 prime contracts that were either performed outside the US or were awarded to businesses located outside the US—including 1,179 prime contracts in France.
Since 1986, private whistleblowers have filed more than 7,600 qui tam lawsuits involving alleged healthcare fraud, and those lawsuits have recovered more than $32 billion for federal taxpayers. Through the qui tam provisions in the FCA, the government can now reach every healthcare provider, hospital, and manufacturer whose products or services are funded by the Medicare and Medicaid programs.
Private-citizen whistleblowers expose fraud schemes that otherwise would have gone unpunished. Qui tam whistleblowers have exposed a wide array of illegal practices, such as bribes and kickbacks paid to physicians, illegal marketing of pharmaceuticals and medical devices, medically unnecessary services, and dangerous treatment within nursing homes. Moreover, qui tam whistleblowers have come from every level of healthcare entities, including the boardroom, the C-suite, the emergency room, and the sales/marketing team. As a result, the FCA has been widely recognized as the US government’s most effective tool in combating fraud, waste, and abuse in the American healthcare system.
In America, there is a large body of often-changing federal and state statutory, regulatory, and decisional case law governing healthcare providers, physicians, insurers, hospitals, pharmaceutical manufacturers, and medical device manufacturers. For healthcare providers and businesses, compliance with this thicket of criminal, civil, and administrative laws and regulations is especially challenging. The most used fraud and abuse tools include the federal Anti-Kickback Statute (AKS), the federal FCA, state FCAs, the Stark Law, and, more recently, the Physician Payments Sunshine Act. In addition to these laws, there are two important industry codes of conduct that govern relationships and behavior: the PhRMA Code of Ethics, which covers the pharmaceutical industry, and the AdvaMed Code of Ethics, which covers the medical device industry.
The AKS is a powerful federal law that seeks to prevent financial considerations from interfering with the independent medical judgment and purchasing decisions of healthcare providers. In general, this law applies when a company or individual offers incentives, referred to as inducements, to encourage a healthcare provider, such as a doctor or hospital, to purchase its products.
More specifically, the AKS imposes criminal penalties on any person who knowingly and willfully solicits, receives, offers, or pays any “remuneration” (including any kickback, bribe, or rebate), directly or indirectly, in cash or in kind, to any person, in return for or to induce one to do either of the following:
A key development in the strengthening of the AKS occurred in 1977. After realizing that the AKS needed more teeth in order to be an effective tool, Congress broadened the language of the AKS to include “any remuneration” and made violations of the AKS a felony punishable by up to five years’ imprisonment. With a heightened punishment and a broader category of conduct covered by the law, it became easier to prosecute people and entities engaged in kickback schemes.
Remuneration can include prizes, gifts, coupons, discounts, and other goods or services offered to physicians or suppliers. Additionally, a violation of the AKS can occur even if a kickback doesn’t actually result in a referral or a purchase. The offer or request for anything of value with the intent of inducement is enough to violate the law.
Many American courts have found that the intent requirement of the AKS is met where “one purpose” of a payment is to induce referrals for, or purchases of, an item or service covered under a federal health program. Under the “one purpose” test, established in the landmark case United States v. Greber, if any one purpose of remuneration is to induce referrals, then the AKS has been violated. The fact that the parties may have had other good intentions or other purposes for paying or receiving the payment is irrelevant.
Given the broad scope of the law, nearly every financial relationship between American healthcare providers, suppliers, and manufacturers and healthcare professionals potentially implicates the AKS. Recognizing a need to create exceptions, HHS-OIG has the authority to establish regulatory “safe harbors” that are explicit exceptions to the AKS as written. If a provider falls squarely within one of these safe harbors, a potential exposure is minimized.
The safe harbor regulations describe various payment and business practices that, although they potentially implicate the federal AKS, are not treated as offenses under the statute. The safe harbors describe activities that the government will not prosecute, because these activities are unlikely to be abusive. The failure to comply with a safe harbor means only that the practice or arrangement does not have absolute assurance of protection from anti-kickback liability.
Some of the most commonly used safe harbors are exceptions for investment interests, space rental, equipment rental, personal services and management contracts, sale of a practice, referral services, warranties, and discounts. One of the ways to remain within a safe harbor when payments are exchanged is to ensure that transactions are commercially reasonable and are done at fair market value (FMV) or at actual costs. Additionally, a written agreement or written record of the transaction is extremely helpful in demonstrating that activities fall within a safe harbor.
As the healthcare delivery framework becomes more complicated and entities are seeking new and creative ways to conduct business, the OIG has and will continue to issue guidance beyond the established safe harbors. The primary sources of administrative guidance for healthcare practitioners on analyzing arrangements under the AKS, other than the regulations and commentary on the regulations, include: (1) OIG guidance on developing compliance programs for pharmaceutical manufacturers, (2) administrative bulletins or OIG Special Fraud Alerts, and (3) advisory opinions. The guidance either identifies areas of concern or indicates how the OIG would apply the AKS to particular circumstances.
Special Fraud Alerts issued by the OIG specifically describe conduct that the OIG views as problematic or impermissible. The alerts are meant to put healthcare entities and providers on notice that the type of transactions or conduct addressed in the alert poses a risk for AKS liability. Advisory opinions, on the other hand, are issued upon request. To obtain an advisory opinion, the requesting party must submit to the OIG detailed information on the circumstances of the transaction, including a great deal of background information. Essentially, the requesting party is looking to get the “blessing” or approval of the OIG to ensure that they are not engaging in prohibited conduct. The OIG must formally “accept” the request before it will endeavor to render an opinion. Additionally, the requesting party is responsible for reimbursing the OIG for costs in processing the request.
The federal physician self-referral statute, commonly referred to as the Stark Law, prohibits a physician from referring any “designated health services” (DHS) payable by a federal healthcare program to an entity with which the physician, or an immediate family member, has a “financial relationship,” unless all the requirements of an “applicable exception” are met. The Stark Law also prohibits the submission, or causing the submission, of claims for DHS that are furnished as a result of a prohibited referral. The Stark Law is a part of Section 1877 of the Social Security Act, and it was first passed in 1989 (Stark I) before it was expanded in 1993 (Stark II) and modified further by CMS in 2002, 2004, and 2007. The main purpose of the Stark Law is to prevent conflicts of interest from interfering with healthcare decisions.
There are several critical aspects to understanding the Stark Law. First, there is a defined list of 10 DHS:
Next, “financial relationships” are defined very broadly to include compensation arrangements, investment interests, and ownership interests. The exchange of anything of value, in cash or in kind, may give rise to a compensation arrangement. Both direct and indirect relationships are covered by the law.
Finally, there are almost 20 exceptions to the Stark statute. Arrangements that fall squarely into the exceptions are exempt from liability under the law. Like the AKS Safe Harbors, many of the Stark exceptions require that whatever financial relationship exists reflects FMV. Financial terms that are negotiated between the parties would not necessarily meet this standard. FMV must be established by reference to other prices for the same services in the community and agreed upon by both parties in an arm’s-length transaction, without regard to the value of referrals.
Unlike the AKS, the Stark Law is not a criminal statute but a potent civil law. Nevertheless, Stark Law violations can result in civil liability and penalties of up to $15,000 for each service that a person provided in violation of the law. Additionally, the Stark Law is a strict liability statute, which means that proof of a provider’s specific intent to violate the law is not required. As such, providers who make prohibited referrals for DHS violate the Stark Law regardless of potentially good intentions.
As discussed above, the federal FCA is widely regarded as the United States’ government’s single-most important tool to combat healthcare fraud, waste, and abuse. Often referred to as “Lincoln’s Law,” the FCA was originally enacted in the 1860s to combat fraudulent claims submitted to the Union Army during the American Civil War. Despite being on the books for more than 150 years, the FCA was largely unused until it was amended in 1986 to permit private citizen whistleblowers to file qui tam lawsuits against those who presented false or fraudulent claims to the United States, including to the Medicare and Medicaid programs.
The FCA primarily imposes liability against any entity that (1) knowingly presents, or causes to be presented, to an officer or employee of the United States government a false or fraudulent claim for payment or approval; (2) knowingly makes, uses, or causes to be made or used, a false record or statement to get a false or fraudulent claim paid or approved by the government; (3) conspires to defraud the government by getting a false or fraudulent claim paid or approved by the government;…or (7) knowingly makes, uses, or causes to be made or used, a false record or statement to conceal, avoid, or decrease an obligation to pay or transmit money or property to the government.
Under the FCA, a claim that is submitted to a government payer can be “false” in two primary ways: factually false or legally false. A claim is factually false when the claimant misrepresents the goods or services that it provided to the government. A claim is legally false when the provider knowingly falsely certifies that it has complied with a statute or regulation, and the compliance with that regulation is a condition for government payment. Additionally, “knowing” or “knowingly” as used in the FCA means that a person has actual knowledge of the information, acts in deliberate ignorance of the truth or falsity of the information, or acts in reckless disregard of the truth or falsity of the information. There is no requirement to demonstrate proof of specific intent to defraud, since it is a civil statute and not a criminal statute.
The penalties for violating the FCA are severe, and some have even challenged them as being “excessive.” The FCA provides for treble damages (three times the actual damages) plus civil monetary penalties (CMPs) of between $11,181 and $22,363 per individual claim. In 2018, the minimum per claim penalty increased from $10,957 to $11,181, and the maximum per claim penalty increased from $21,916 to $22,363. Few laws, if any in the world, pack such a penalty per claim. In healthcare fraud cases, this combination of treble damages and civil monetary penalties can transform a relatively small case into one that presents substantial financial consequences for the provider, hospital, or manufacturer.
The FCA has been used to combat a wide variety of healthcare fraud schemes. To illustrate this point, during 2018 alone, the FCA was used by qui tam whistleblowers and the government to secure $2.5 billion in recoveries in cases that included:
These examples show the diversity of FCA enforcement actions, the substantial recoveries it has netted the government, and the intersection between the FCA and other American healthcare fraud laws, such as the AKS and the Stark Law. Moreover, the 2018 healthcare fraud recoveries under the FCA are by no means an anomaly. In fact, the FCA has been used to recover more than $2 billion per year in healthcare fraud cases since 2010 and has netted more than $38 billion since 1986.
As mentioned above, one of the most unique aspects of the FCA is that it includes qui tam or whistleblower provisions. This statute is very different from laws currently on the books throughout Europe and the United Kingdom. In general, the qui tam provisions in the FCA permit any private person or entity, located in the US or anywhere in the world, to file an FCA case on behalf of the federal government. The motivation behind the qui tam provisions of the FCA was the recognition that the government lacks the access, inside information, and resources to pursue those who submit false and fraudulent claims to the government.
There are specific steps that the whistleblower or relator must take to bring a claim on behalf of the government. The whistleblower must retain an attorney to file their qui tam lawsuit ex parte, under seal in the appropriate federal court. Then, the DOJ is given time to investigate the whistleblower’s claims and to gather evidence. Although the DOJ has 60 days to do so by statute, the DOJ usually requests extensions and takes significant time to investigate a potential claim. After the government’s investigation, the DOJ must inform the relator whether it intends to join in the lawsuit—a decision which is referred to as “intervening.” The DOJ can, for any reason, also elect to partially intervene or decline intervention. The government intervenes in approximately 20% of the cases. If the government intervenes, it takes over the lawsuit and prosecutes the case against the defendant. The whistleblower and their private attorney remain meaningfully involved in the litigation. If the government declines to intervene, the whistleblower, through counsel, has the right to pursue the case in the name of the US taxpayers.
If the whistleblower brings a successful claim, he or she is rewarded by receiving 15%–30% of the government’s recovery, called the “relator’s share.” Since 1986, qui tam whistleblowers in healthcare cases have been paid more than $5.3 billion in rewards for reporting cases of fraud. This financial reward has been the driving force behind the success of the FCA. The reality is that whistleblowers assume great professional risk when they report fraud, most often involving their current or former employers.
In addition to the financial reward, the FCA contains strong anti-retaliation provisions to protect whistleblowers. Specifically, Section 3730(h)(1) of the FCA provides that “[a]ny employee, contractor, or agent shall be entitled to all relief necessary to make that employee, contractor, or agent whole, if that employee, contractor, or agent is discharged, demoted, suspended, threatened, harassed, or in any other manner discriminated against in the terms and conditions of employment because of lawful acts done by the employee, contractor, agent or associated others in furtherance of an action under this section or other efforts to stop 1 or more violations” of the FCA.
Importantly, a whistleblower does not have to necessarily bring a fraud case under the FCA action to be protected from retaliation. The act of internal reporting itself suffices as both the effort to stop the FCA violation and the notice to the employer that the employee is engaging in protected activity. Even if a whistleblower is unsuccessful in their underlying qui tam action, they can still bring a retaliation claim under 31 U.S.C. § 3730(h)(1). The whistleblower must prove that (1) the whistleblower engaged in protected activity, (2) the whistleblower’s employer took an adverse employment action against them, and (3) the adverse employment action was taken because of the whistleblower’s protected activity.
The potential monetary awards, in combination with individual protection, serve to incentivize whistleblowers with valuable information to come forward and assist the United States government in their efforts to both stop fraud and abuse and recover monies improperly paid. The FCA is unique from all other European statutes in a number of powerful and unprecedented ways. A whistleblower does not even need to be an American citizen to use the act. A potential whistleblower can live and work outside of the United States and still make use of the law.
For example, in United States ex rel. Epp v. Supreme Foodservice, A.G., the whistleblower was a German citizen who worked in Dubai for the defendant, Supreme Foodservice, a privately held Swiss company. Epp, working through U.S. counsel, alleged that Supreme submitted false claims to the US government in connection with a contract to provide food and water to US troops serving in Afghanistan. Following a lengthy investigation, Supreme agreed to pay $389 million to resolve criminal and civil claims, and the whistleblower was paid more than $16 million for filing the qui tam lawsuit and assisting the government’s investigation. The Supreme case is just one example of how the FCA can be used by whistleblowers located outside America to combat fraud, waste, and abuse involving US government funds.
The federal FCA combats fraud against US government funds, but it does not protect money spent by state governments. Based on the FCA’s record of success, 31 states have enacted their own false claims laws, most of which mirror the federal FCA. These state FCAs protect state funds, including the state share of payments for healthcare claims submitted to the Medicaid program, which, as noted above, is jointly funded by federal and state taxpayers.
These 31 states have devoted increasing resources to investigating and prosecuting qui tam whistleblower lawsuits under their state FCAs. For example, Texas, New York, Massachusetts, and California all have substantial investigation and prosecution teams, and they have recovered billions of dollars on their own from whistleblower claims. Importantly, most of the state FCAs, like the federal FCA, permit “anyone,” including persons outside the US, to file a qui tam lawsuit and share in any recovery that may result from their lawsuit.
In addition to the 31 state FCAs, seven municipalities also have their own false claims acts (i.e., Broward County, Florida; Chicago, Illinois; Allegheny County, Pennsylvania; District of Columbia; Miami-Dade County, Florida; New York City, New York; and Philadelphia, Pennsylvania). These counties and cities have created mechanisms by which they can recover fraudulently paid funds.
In 2010, the US Congress enacted the Physician Payments Sunshine Act (Sunshine Act), a law intended to increase transparency of financial relationships between healthcare providers and pharmaceutical manufacturers. The Sunshine Act was born out of competing concerns. First, the recognition that “collaboration among physicians, teaching hospitals, and industry manufacturers contributes to the design and delivery of life-saving drugs and devices.” Second, “payments from manufacturers to physicians and teaching hospitals can also introduce conflicts of interest that may influence research, education, and clinical decision-making in ways that compromise clinical integrity and patient care, and may lead to increased healthcare costs.” The Sunshine Act focuses on the second concern by increasing transparency on the nature and extent of relationships, hopefully discouraging the development of inappropriate relationships, and helping to prevent the unnecessary healthcare costs that can arise from such conflicts.
The Sunshine Act requires manufacturers of drugs, medical devices, and biological and medical supplies covered by Medicare, Medicaid, and CHIP to track all financial relationships with both physicians and teaching hospitals. Payments that are required to be reported include consulting fees, research fees, and related expenses. Financial relationships include payments and any other “transfers of value” provided to the provider by the manufacturer. Transfers of value include in-kind items such as meals, airfare, and educational materials that a manufacturer would provide to a medical professional.
Applicable manufacturers are required to disclose the data in the form of a transparency report to CMS. Although the law was passed in 2010, payments made prior to August 1, 2013, are explicitly excluded from reporting. CMS even excludes stock options granted prior to August 1, 2013. Providers and teaching hospitals are not required to report, but rather, are encouraged to review the data reported about them in order to ensure that information is accurate and to prepare for possible questions from patients.
In 2012, Congress and CMS publicly acknowledged the substantial challenges that manufacturers would face in implementing the Sunshine Act’s reporting requirements. Moreover, these challenges were particularly acute for small manufacturers with international operations. As one executive from an international life science provider told Congress and CMS in September 2012 (in preparation for the first reporting to CMS), “As a global company with sales in more than 100 countries, we needed to develop systems to merge data from different financial reporting systems around the world to ensure that if any of our global operations incur an expense related to a U.S. physician, we are able to accurately capture and report that information. This presented many challenges.”
As a part of The Sunshine Act, CMS developed the Open Payments Program to track and eventually publish the reports received from manufacturers. The Open Payments website allows the public to view the reports. Since 2014, after a manufacturer submits their transparency reports, CMS publishes the data on its website (www.cms.gov/openpayments/). Patients are encouraged to look up their treating providers to learn about the relationships that these providers may have with manufacturers. One of the primary purposes of the Open Payment data is to help prevent the inappropriate influence of financial benefits on research, education, and clinical decision-making. CMS considers their role in the Open Payments Program to be impartial. CMS collects and publishes the information, but they do not make determinations about which payments may cause conflicts of interest.
The Pharmaceutical Research and Manufacturers of America (PhRMA) is a powerful trade group representing companies in the pharmaceutical industry. PhRMA represents researched-based pharmaceutical and biotechnology companies. Membership in the trade association is completely voluntary, but most of the leading American pharmaceutical companies opt to join the association to become involved in the advocating for public policy changes and in the lobbying activities of the group.
PhRMA first established its own voluntary code of ethics, known simply as the “PhRMA Code,” in 2002. Members adopt the code and agree to follow its principles. In light of PhRMA’s prominent stature, the PhRMA Code establishes a de facto benchmark for industry practices. The PhRMA Code provides a series of articulated rules for particular activities. Specifically, it gives guidance on interactions between companies and their providers with respect to marketed products and related prelaunch activities. Among other things, the PhRMA Code makes suggestions for appropriate promotional materials, limits informational presentations to valuable scientific and clinical information, prohibits members from providing gifts of entertainment and recreation to providers, and sets guidelines for consulting relationships. Although members certainly endeavor to comply with the PhRMA Code, the most notable feature of the code is that it is voluntary.
The OIG has stated that the PhRMA Code is a good starting point for questions regarding appropriate relationships between pharmaceutical companies and providers. The OIG has also emphasized that compliance with the PhRMA Code alone will not protect a manufacturer as a matter of law from AKS liability, but it will substantially reduce the risk of fraud and abuse. The OIG has noted that compliance with the PhRMA Code demonstrates a good-faith effort to comply with the applicable healthcare program requirements.
The Advanced Medical Technology Association (AdvaMed) is an American medical device trade association. It is the largest medical device association in the world. Membership is voluntary, and AdvaMed’s members are primarily medical device companies, diagnostic product companies, and health information system companies. In fact, their members are said to produce 90% of the medical products sold annually in the United States.
Like PhRMA, AdvaMed established its own voluntary code of ethics. The AdvaMed Code of Ethics on Interactions with Health Care Professionals (AdvaMed Code) facilitates ethical interactions between medical technology (medtech) companies and healthcare professionals to ensure that medical decisions are based on the best interests of the patient. The AdvaMed Code shares some, but not all, provisions of the PhRMA Code. AdvaMed’s Code identifies seven categories of typical company/healthcare professional interactions and provides guidance on:
Members of AdvaMed agree to follow its principles, but adherence to the rules is voluntary.
The OIG has been supportive of the AdvaMed Code and encourages companies and physicians to consult the code. Unfortunately, the OIG does not guarantee that compliance with the AdvaMed Code will protect an entity from liability under American healthcare fraud and abuse laws.
In France, the healthcare enforcement process was built through years and years of reacting to numerous healthcare scandals. For example, the primary law in France that is aimed at avoiding corruption in healthcare companies is known as the French Anti-Gift Law (AGL) or Diverses Mesures d’Ordre Social (DMOS) Law. It was enacted in three phases.
Originally, the DMOS Law of January 27, 1993, provided that only certain healthcare professionals could be punished for receiving illicit benefits from health industries. The law of March 4, 2002, extended the reach of the anti-gift prohibitions to benefits provided by the same healthcare companies to a broader spectrum of healthcare professionals. The AGL has been substantially amended by the 2017 Ordinance. However, these amendments will only be applicable on dates fixed by decree, which have not yet been published.
Finally, the Bertrand Law of December 29, 2011 (also known as the French Sunshine Act), strengthened the safety of medicines and healthcare products. It was modeled after the American Sunshine Act but widely extended. Of note, it has widened the scope of the ban to include associations representing health professionals and students. This special law is applicable and is reinforced by a general anti-corruption law, which will be examined under the developments below.
French Law No. 2016-1691(also known as the Sapin II Law), which was passed on November 8, 2016, was intended to increase transparency, fight corruption, and modernize the French economy. Although the Sapin II Law is not specific to the healthcare industry, both anti-corruption laws (anti-gift and Sapin II) could apply to the same healthcare company.
Indeed, the Sapin II Law applies to all commercial businesses or industrial and commercial bodies headquartered in France, or whose parent company is headquartered in France, with more than 500 employees, or belonging to a group with more than 500 employees, that has an annual turnover, or consolidated group turnover, of more than €100 million.
Companies falling under the scope of Sapin II have an obligation to implement anti-corruption compliance programs, including measures intended to prevent and detect corruption and influence peddling. Such programs include the implementation of a code of conduct prohibiting actions that are likely to constitute corruption or influence peddling.
Sapin II also requires that the framework for internal whistleblowing and reporting of suspected wrongdoing and violations of the company’s internal code of conduct include:
The Sapin II Law created an agency dedicated to the fight against corruption and to the modernization of economic life, the French Anti-Corruption Agency (AFA), which is charged with making recommendations to companies on the effectiveness of, and potential improvements to, their anti-corruption programs. Penalties imposed against companies by the AFA for failure to implement these anti-corruption measures can be severe.
The AFA also assists a number of stakeholders in preventing and detecting any corruption, trading of influence, favoritism, or other misappropriation of public funds. Their expertise may be sought by the courts, large companies, administrations, or communities. The AFA has replaced the Central Office for the Prevention of Corruption (SCPC) and benefits from increased regulatory powers.
The AFA has administrative powers to inspect the existence and efficiency of anti-corruption compliance mechanisms implemented, in particular by companies, state administrations, or local authorities. This control extends to both state or local entities, as well as economic actors (private or public companies). Notably, the AFA can issue pronouncements and order sanctions, including issuing warnings to company representatives. The sanctions commission may issue orders, including:
On July 4, 2019, AFA rendered its first decision since the French anti-corruption law was put into force.
In this recent case, AFA ordered a company to comply with the Sapin II Law before the end of 2019 by implementing:
Under its decision, AFA felt the company complied with such requests, so no financial penalties were ordered.
In addition to the general anti-corruption law explained above, France has adopted a special anti-corruption law specific to healthcare companies. Since its drafting, this law has been evolving in response to the recent healthcare scandals in France.
Per Ordinance 2017-49 (the Ordinance), adopted on January 19, 2017, the current anti-gift legislation will be largely modified to become stricter in the coming months. The Ordinance, which was to be in force no later than July 1, 2018, has yet to be fully implemented, because the implementing directives are still in the process of being drafted and negotiated. However, the relevant ministries in France have already indicated that such directives (i.e., a Decree and, two Arrêtés or regulations) should be published before the end of 2019.
It is more prudent to address the anticipated regulations to be implemented by September 2019, rather than just focusing on existing French anti-gift laws. The main principle will remain the same as the one provided under the original French AGL of January 27, 1993: The legislative intent is to prohibit all types of remuneration between healthcare companies and providers.
The French law, like the American AKS, prohibits both the offer, as well as the acceptance, of inducements. Actors on both sides of the “gift” are subject to liability. It prohibits persons manufacturing or commercializing health products or providing health services from promising or offering advantages. The future law does not distinguish between persons manufacturing or commercializing reimbursed health products (the current law targets only reimbursed products). The prohibition against receiving “advantages,” whether in cash or in kind, directly or indirectly, also extends to the persons who receive any such advantage or benefit (i.e., any healthcare professionals or students intending to practice any healthcare profession, any association of healthcare professionals, including those involved in medical training activities). Notably, it extends to “société savantes,” administration public servants and officials, local and regional authorities and their public establishments, and any other authority that designs or participates in public health or social security policies (with no legal exception).
Every law has at least one exception, and this is also the case with the French AGL. The law itself and years of practical experience have created some exclusions from the definition of advantages, as well as some exceptions to the statute prohibition.
For example, some items will be excluded from the application of the Ordinance, such as:
Figure 1 illustrates the French anti-gift regulation process.
Statutory exceptions are tightly regulated. Unless the arrangement to be put in place with the healthcare professional falls under one of these exceptions, or is excluded from the application of the Ordinance, it will be considered illegal.
Exceptions are now divided into categories depending on the nature of the interaction with the healthcare professional. Compensation, fees, and reimbursement of costs relating to research, development of research, scientific evaluation, advice, services, or commercial promotion are considered an exception and legal only if:
The compensation should be reasonable according to either the recommendations of the medical board or the relevant implementation provisions of the Ordinance (as soon as they are published).
Hospitality offered during professional or scientific events or during events promoting products or services is also governed by the Sapin II Law. Conditions apply to the coverage of hospitality fees. Not only should a written agreement between the company and the healthcare professional be signed, but the hospitality offered also must be reasonable, strictly limited to the main purpose of the event, and not extended to anyone other than the healthcare professional.
Other exceptions also apply to the financial support for professional training actions or continuing professional development, grants for research activities, or other similar activities.
In any case, any of these exceptions must receive prior authorization by the relevant French government authority when they exceed an amount set by Arrêté. Even if the amount is lower, the company would still have to declare and report expenditures to the relevant authority.
The delays in issuing the current regulations cause a number of problems for companies. The time needed to conform to new rules and procedures will be significant, particularly for companies that are subject to the implementation of the MedTech Code and other internal codes of conduct.
“Soft” laws are always an essential component of anti-corruption laws. Under French law, apart from the actual laws and orders, guidelines and regulatory memoranda drafted by important stakeholders are integrated and recognized by French judges as guideline tools. This is also the case for healthcare companies that have developed internal codes and trainings.
For example, some employee unions have worked together to regulate the interactions between healthcare companies and healthcare professionals. This is the case for medtech companies. The MedTech Code, which only applies to member companies, also significantly changed practices in the medical device industry regarding anti-corruption rules. It came into effect (partially) on January 1, 2017, and has been fully implemented since January 1, 2018.
Affected companies must take into account a pending essential change to the AGL: the prohibition against directly covering hospitality expenses for healthcare professionals during their participation in congresses (conferences) organized by a third party.
Healthcare companies can contribute financially to support such healthcare professionals by contributing to the third party organizing the conferences through educational grants. However, healthcare companies providing financial support cannot control the content of the event or the selection of invited healthcare professionals. This prohibition against promotion does not apply to events organized by healthcare companies themselves. Thus, during an event organized by a manufacturer for training on the use of its products, the manufacturer is authorized to directly cover the hospitality costs of the invited healthcare professionals and to select the attendees.
Grants may be awarded, and it is the responsibility of the organizer to disclose the existence of a company’s financial participation in the materials and publications about the congress. However, this disclosure can never be used directly or indirectly to promote the company’s products during the congress.
The MedTech Code similarly requires that congress venues and programs be meticulously vetted (i.e., the venue must be appropriate, close to a business or science center, not too touristy or luxurious, connected with the specialty of health professionals present, and sufficiently relevant to justify their presence). Similarly, the hospitality fees covered must be reasonable.
Finally, the implementation of the Conference Vetting System (CVS) procedure has been fully applicable since January 1, 2018. This procedure makes it possible to verify that congresses organized by third parties comply with the MedTech Code. Congresses not approved by CVS cannot be funded by medtech companies.
For companies subject to French law, new templates for agreements must be used, which include sections specifying how to transmit to the healthcare company all the information required to comply with the French anti-fraud laws and, more specifically, the anti-gift and transparency laws.
The French Agency for the Safety of Health Care Products (Agence Nationale de Sécurité du Médicament et des Produits de Santé, ANSM) or the French Food and Drug Administration (FDA), was created by law on December 29, 2011. This law aimed at strengthening the safety of medicines and healthcare products and to replace the Agence Française de Sécurité Sanitaire des Produits de Santé (AFSSAPS), which collapsed after a scandal involving a weight-loss drug called Médiator (benfluorex).
Since that time, ANSM has been endowed with new responsibilities and missions, powers, and strengthened means. ANSM may (and does) inspect pharmaceutical companies and medical devices manufacturers. ANSM recently implemented a new process allowing any person to voice any concern regarding healthcare or cosmetic products, such as noncompliance with regulatory rules on manufacturing processes.
ANSM encourages those with personal knowledge of any serious violation of a law or regulation, or any serious threat to the public interest, to come forward and report their concern. Such a report may include any noncompliant practices by a company or person operating on these products (e.g., manufacturer, distributor) or any serious threat to public health related to a health product; however, it does not apply to specific reports, such as reports of adverse reactions or out-of-stock events. This could be as simple as an email sent to ANSM. This development may encourage whistleblowers, including people who would report competitors. Through this reporting procedure, ANSM examines the report and an initial response is promptly given to the whistleblower.
The confidentiality of the information collected and the identity of the whistleblower will be strictly respected. This protection is aimed at ensuring that the whistleblower is shielded from retaliation as intended by the law. For example, should the alert be sent to the employer for a response?
However, in the interest of public safety, ANSM has requested that reports not be made anonymously. This way, ANSM can contact the whistleblower for further information on their concern. ANSM has made assurances that whistleblowers will be protected regardless of the final outcome of their reporting. That would be the case even if the facts subsequently prove to be inaccurate or do not give rise to any action.
American and French healthcare regulatory enforcement touches the broad scope of laws that affect global healthcare providers. The reality is that competent counsel, who are familiar with both countries’ laws, are best equipped to steer their clients through a complex patchwork of the two countries’ often changing legal and regulatory requirements. The delivery of quality healthcare remains a shared goal. The elimination of fraud in the delivery of healthcare services is an equally daunting task.
The authors would like to thank their partner, Michael A. Morse, Esq. (firstname.lastname@example.org) of Pietragallo Gordon Alfano Bosick & Raspanti LLP for his substantial assistance with this article.