06/19/2023

Anatomy Of A Government Investigation

Words by: Denise M. Leard, JD and Jeffrey S. Baird, JD

 

Source: Medtrade Monday 6/19/2023

The DME industry is highly regulated. This results from the fact that suppliers primarily serve the elderly…and payment for health care products and services for the elderly primarily comes from Medicare. The term “Medicare” includes (i) traditional Medicare fee-for-service and (ii) Medicare Advantage.

Other government programs are a source of payment to DME suppliers, including state Medicaid programs (traditional Medicaid fee-for-service and Medicaid Managed Care), TRICARE and the V.A. Because taxpayer money is used to pay for DME, there are myriad federal and state laws that govern what DME suppliers can…and cannot…do.

It is common for government agencies (including their private sector subcontractors) to audit claims submitted by DME suppliers. While annoying, such audits are normally not serious enough to threaten the existence of the DME supplier. It is less common for a DME supplier to be a target of a government investigation. An investigation is more serious than an audit. A civil investigation can result in (i) dollar-for-dollar recoupments, (ii) fines and penalties, and (iii) revocation of billing privileges. A criminal investigation can not only result in fines, penalties and revocation of billing privileges…but it can also result in (i) exclusion from participating in federal health care programs and (ii) incarceration.

Direct-to-Consumer Advertising, Telemarketing, and Telemedicine
Direct-to-consumer advertising, telemarketing, and telemedicine are highly scrutinized areas. However, if implemented correctly, these, either by themselves or together, are legally acceptable activities, and can meet the needs of an underserved portion of the population. At the same time, these types of activities are susceptible to abuse. Further, because many aspects of these arrangements involve work performed by third parties outside the view of the DME supplier, compliance may be difficult to confirm. The Government has cracked down on marketing/telemedicine arrangements in three significant investigations (“Operations”).

Operation Brace Yourself – This involves a criminal prosecution of 24 defendants and administrative actions against 130 DME companies related to over $1.2 billion in losses. The Government alleged that the defendants engaged in a scheme involving telemarketing and telemedicine to push medically unnecessary “off-the-shelf” orthotic braces.

Operation Double Helix – This involves criminal prosecution of 35 defendants related to over $2.1 billion in losses. The Government alleged that the defendants engaged in a scheme involving telemarketing and telemedicine to push medically unnecessary genetic testing.

Operation Rubber Stamp – This involves allegations of an additional $1.5 billion in fraudulent billing (again involving telemarketing and telehealth) for DME products, genetic testing, and pain medications.

In addition to the extensive criminal prosecutions that resulted from these operations, there have been civil investigations by the Department of Justice (“DOJ”). Further, CMS and its private sector contractors have been active in auditing companies engaged in telemarketing/telehealth. While these DOJ investigations demonstrate the level of scrutiny the Government can have for these types of business arrangements, these arrangements are not illegal or improper in every case.

Key Federal Laws and Regulations

Health Insurance Portability and Accountability Act (“HIPAA”)
HIPAA requires that covered entities protect the privacy and security of protected health information (“PHI”). A DME supplier is a “covered entity.” Covered entities are only permitted to disclose PHI to certain allowed persons or entities, including those with which they have a Business Associate Agreement (“BAA”). Covered entities are also required to make certain notification in the event of a data breach.

Telephone Consumer Protection Act (“TCPA”)
The TCPA is intended to protect consumers from abusive telemarketing activities, including calls using auto-dialing systems, prerecorded or artificial voices. The TCPA also requires companies to maintain do-not-call lists and authorizes the creation of a national do-not-call list. To be protected from TCPA liability, a company must receive prior consent. To be effective, the consent must be of sufficient specificity to be effective. However, what constitutes sufficient specificity is not always clear.

False Claims Act (“FCA”)
The FCA imposes civil liability on any person or entity that knowingly submits, or causes the submission of, a false or fraudulent claim to the federal government, including claims submitted to a Medicaid program. (31 United States Code (U.S.C.) Sections 3729–3733). The terms “knowing” and “knowingly” mean a person has actual knowledge of the information or acts in deliberate ignorance or reckless disregard of the truth or falsity of the information related to the claim. However, no specific intent to defraud is required to violate the FCA. Violation of the FCA can result in large damages and penalties.

Federal Anti-Kickback Statute (“AKS”)
It is a federal crime to knowingly and willfully offer, pay, solicit, or receive any remuneration, directly or indirectly, to induce or reward patient referrals or the generation of business involving any item or service reimbursable by a federal health care program. (42 U.S.C. § 1320a-7b(b)). When a DME supplier offers, pays, solicits, or receives unlawful remuneration, the supplier violates the AKS. Renumeration is “anything of value.” Claims resulting from an arrangement involving an illegal kickback scheme are considered false claims for purposes of the FCA.

Physician Self-Referral Statute (“Stark”)
Stark prohibits a physician from referring patients to receive “designated health services” payable by Medicare or Medicaid to an entity with which the physician or a member of the physician’s immediate family has a financial relationship. The penalty for each violation of the Stark Law can include fines and exclusion from participation in federal health care programs. Claims resulting from an arrangement involving a Stark violation are considered false claims for purposes of the FCA.

State Anti-Fraud Statutes
Each state has an anti-kickback statute that is similar to the federal AKS. The following are examples of some specific anti-kickback statutes:

• Stat. Ann. § 817.505(1)(a)-(c) (criminal liability for offering/paying or soliciting/receiving any benefit for referral of a patient); Fla. Stat. Ann. § 395.0185 (professional liability for kickback for referral of patients to a licensed facility)
• Welf. & Inst. Code § 14107.2(a)-(b) (criminal liability for paying for referral of claims reimbursable by state health care system); Cal. Health & Safety Code § 445 (criminal liability for referring patient to health care facility for profit)
• Occ. Code Ann. § 102.001(a) (criminal liability for soliciting/accepting or offering/paying for the referral of patients)

The DOJ pursues purely state law violations through the Federal Travel Act. Furthermore, each state can independently decide to prosecute companies that violate that state’s AKS law.

How Does the Government Select Its Targets?
The Government targets suppliers and providers for investigations through the following means:

• Data analytics
• Complaint by patient or family member
• Report by a whistleblower
• Complaint by competitor regarding unfair business practices
• Testimony or evidence obtained in the investigation of another medical provider or supplier

Data Analytics
Federal health care programs analyze claims and related data to detect aberrant trends, outliers, and unusual billing patterns. Arrangements targeted by the Government have some key factors.

• A significant increase in claims for certain products with high reimbursement rates (increase in the number of companies billing for these claims and the volume of claims being submitted by these companies). These have included the following:
• Off-the-shelf orthotics
• Genetic testing
• Glucose monitoring
• Pain creams
• The number of claims being submitted per beneficiary (a result of “upselling” the beneficiary”

Result of Another Audit or Investigation
In a number of Government investigations, there has been overlap in the people involved in marketing and telehealth. Many defendants operate multiple marketing and telehealth companies. It is a common practice for these individuals to shut down a company once it is under scrutiny, only to open another company implementing the same practices. Similarly, many of the physicians providing telehealth services are involved with multiple telehealth companies and DME companies. As these companies and individuals are investigated, additional DME companies they work with come under scrutiny.

CMS Audits
CMS and its private sector contractors scrutinize arrangements, paying particular attention to companies engaged in marketing and selling certain product types (e.g., orthotics and genetic tests). Fortunate DME companies only have a temporary payment suspension that is possibly accompanied by a recoupment. The less fortunate DME companies have their Medicare supplier number revoked due to allegations and findings of fraud, waste, and abuse. The even less fortunate DME companies have their cases referred to the DOJ for further investigation.

Civil DOJ Investigations
In addition to the criminal actions the DOJ has prosecuted, the DOJ’s civil division pursues civil investigations. These often involve allegations of violation of the FCA due to kickbacks in violation of the AKS.

Red Flags

Problems with the Agreements
In many cases, the DME supplier’s problems start with the marketing and call-center service agreements. These agreements usually follow one of a handful of forms that generally create significant risk of violating the AKS. In effect, these agreements arrange for payment in exchange for qualified leads and physician’s orders.

Problems with the Marketing Calls
The arrangements have issues related to whether express written consent was actually acquired prior to contacting the beneficiary. Additionally, these calls generally follow the same basic script that have several serious defects.

Problems with the Physician’s Order
The physician’s order and clinical notes are usually from a handful of templates that are essentially fill-in-the blank forms.

The Type and Number of Claims
The claims are for one or more of a highly suspect product type—e.g., off-the-shelf orthotics. The claims may be for multiple product types per beneficiary.

Red Flagged Medical Providers
Certain DME suppliers have been flagged as being significantly involved in questionable arrangements. Orders and notes signed by these suppliers will be more highly scrutinized.

Lessons in Compliance

Compliance Touches Everything
Arrangements must comply with numerous laws and regulations at all points in their structure and execution. This includes compliance with HIPAA, the TCPA, the AKS, Stark, and the FCA. It is not enough that arrangements are originally structured to be compliant. More importantly, they must be executed in a compliant fashion. Failure to comply at any of these points opens the door to potential civil or criminal liability.

Accountable for the Sins of Another
A DME supplier that submits claims for payment is responsible for compliance with the law. This is the case even if the supplier has contracted with another party to perform certain duties … and even for acts that, by necessity, are performed by another. This duty ranges from issues as significant as determining medical necessity to as seemingly inconsequential as obtaining signed proof of delivery.

There Are No Silver Bullets
Arrangements must comply with multiple laws. Each law has different objectives in mind. Consequently, the steps and safeguards needed to ensure compliance with each law will be different—i.e., each law requires its own solution. For example, a marketing arrangement can comply with one of the AKS’s safe harbors, but this does not protect the arrangement from potential TCPA violations.

Tips to Consider

Tip No. 1 – Hire an Attorney
The DME supplier should retain an experienced health care attorney to develop a compliance program that addresses all applicable compliance issues. Equally as important, the supplier must adhere to its compliance program. The supplier should have a health care attorney assist in preparing its marketing, lead generation and qualification agreements.

Tip No. 2 – Limit Your Marketing to Just Your Company
The DME supplier should require that the beneficiary “opt-in” language be specific to the supplier and its products. For marketing calls, the supplier should require the following:

• The marketer should clearly identify your company and your company only—i.e., do not allow your marketer to make calls on behalf of groups of companies.
• Limit the calls to only those products the beneficiary “opted in” for.
• Prohibit upselling for additional products.
• Clearly inform the beneficiary that the call is simply to confirm the beneficiary’s eligibility, and that the beneficiary will only receive the product based on an order written by a medical provider after an examination.

Tip No. 3 – Be Wary of Telemedicine
Preferably, only accept an order written by the beneficiary’s primary care provider. If possible, the supplier should prohibit the discussion of telemedicine by its marketing service providers with beneficiaries. If telemedicine is necessary, the supplier should require the following criteria to be met:

• The supplier should be informed in writing, with an explanation, of any decision to use telemedicine.
• The telemedicine provider should provide the supplier with supporting documentation showing why telemedicine was necessary, and how the encounter was compliant.
• The supplier should require the telemedicine provider to be paid by the beneficiary or the beneficiary’s insurance.

Tip No. 4 – Structure Protection into Agreements
The supplier should structure marketing agreements to conform to an applicable safe harbor to the AKS. The supplier should split up marketing and call-service duties among multiple, unrelated entities to avoid the risk that the supplier is paying for qualified leads. The supplier should require marketing service providers to agree to be audited and to maintain records demonstrating their compliance with the DME supplier’s standards and with applicable laws.

Tip No. 5 – Conduct Periodic Review
The DME supplier should regularly review its marketing company’s work including the advertisements, opt-in language, and marketing calls. The supplier should review the physician’s orders and supporting documentation for compliance with the supplier’s standards and with applicable laws. If an investigation ensues, the supplier should document the reason for the investigation, the steps taken in the investigation, and the results of the investigation.

Tip No. 6 – Maintain Clear and Organized Records
The DME supplier should document supporting medical necessity and physician compliance. The supplier’s files should support the submission of claims. The supplier should maintain records detailing the reviews. The supplier’s records should discuss compliance issues, including what issues were identified and what steps were taken to correct the issues. 

--------------------------------------------

Denise M. Leard, Esq., is an attorney with the Health Care Group of Brown & Fortunato, a law firm with a national health care practice based in Texas. Leard represents HME companies, pharmacies, and other health care providers throughout the United States.  Mrs. Leard has authored numerous articles and is a frequent lecturer throughout the country. She is licensed in Idaho, Oklahoma, Oregon, Texas, and Washington and is Board Certified in Health Law by the Texas Board of Legal Specialization.  Mrs. Leard earned a B.A. from the University of Washington and received her law degree from the University of Oklahoma College of Law.

Jeffrey S. Baird, Esq., is chairman of the Health Care Group at Brown & Fortunato, a law firm with a national health care practice based in Texas. He represents pharmacies, infusion companies, HME companies, manufacturers and other health care providers throughout the United States. Baird is Board Certified in Health Law by the Texas Board of Legal Specialization and can be reached at (806) 345-6320 or jbaird@bf-law.com.