FCA Enforcement & Compliance Digest — Summer 2024 False Claims Act Newsletter

Welcome to the Summer 2024 issue of “FCA Enforcement & Compliance Digest,” our quarterly newsletter in which we compile essential updates on False Claims Act (FCA) enforcement trends, litigation, agency guidance, and compliance tips. We bring you the most recent and significant insights in an accessible format, concluding with our main takeaways — aka “And the Fox Says…” — on what you need to know.

In this Summer 2024 edition, we cover:

Enforcement Trends: The government’s continued use of the AKS to prove FCA violations.
Enforcement Trends: Continuing government scrutiny of physician compensation arrangements and Stark Law compliance.
Litigation Developments: The First Circuit battle over the appropriate AKS causation standard.
Compliance Corner: What you need to know about BYOD policies.
ICYMI: Florida Lab Owner Agrees to Pay Over $27 Million to Resolve Three Whistleblower Lawsuits

1. Enforcement Trends

Health Care Fraud — and Kickback Schemes — Remain a Significant Source of False Claims Act Recoveries in 2023 and 2024

In Fiscal Year (FY) 2023, the US Department of Justice (DOJ) recovered $2.68 billion from FCA cases, up from $2.2 billion in FY22. The government was party to 543 FCA settlements and judgments, the highest number ever in a single year and a 54% increase from FY22. Health care fraud remained the primary source of settlements and judgments; of the nearly $2.7 billion in recoveries, nearly $1.8 billion related to matters involving managed care providers, hospitals, pharmacies, laboratories, long-term acute care facilities, physicians, and others in the health care industry.

Although the government’s major priorities include cybersecurity, pandemic fraud, and the role of private equity investors in health care entities, the government continues to heavily pursue violations of the Anti-Kickback Statute (AKS). FY23 saw multiple civil and criminal AKS recoveries over $20 million, a trend that continues into 2024:

In January, ChristianaCare agreed to pay $42.5 million to resolve FCA claims arising from illegal remuneration to physicians in the form of services from ancillary support providers (see the Stark Law enforcement section below for a more detailed summary of this case).
In February, Lincare, Inc., a durable medical equipment supplier, agreed to pay $25.5 million to resolve fraudulent billing claims as well as claims that it violated the AKS by waiving coinsurance payments to induce certain Medicare and TRICARE beneficiaries to rent non-invasive ventilators.
In April, a New York man who led a multi-million scheme to refer Medicare and Medicaid beneficiaries to clinics in Brooklyn and Queens in exchange for kickbacks was sentenced to nine years in prison and ordered to pay $39 million in restitution.
In July, a Texas pharmaceutical marketer was sentenced to two years and five months in prison and ordered to pay over $59 million in restitution for receiving illegal kickbacks in exchange for prescription referrals.

In addition, the government continues to enforce more “traditional” kickbacks:

In April, a laboratory marketer and three physicians agreed to pay a total of $1.3 million to resolve FCA claims arising out of alleged kickbacks disguised as office space rental and phlebotomy payments.
In May, Innovasis Inc., which manufactures spinal devices, agreed to pay $12 million to resolve allegations that it provided kickbacks in the form of consulting fees, licensing fees, and payments for intellectual property far exceeding fair market value, travel to a luxury ski resort, lavish dinners, and holiday parties.
In July, Guardian Health Care Inc., Gem City Care LLC, and Care Connection of Cincinnati LLC agreed to pay $4.5 million to resolve FCA claims for providing lease payments, wellness health services, sports tickets, and meals to assisted living facilities and physicians in exchange for Medicare referrals.

And the Fox Says … Given that the AKS (1) remains an important tool for the government to combat health care fraud and (2) can carry steep penalties, health care providers and life sciences companies should ensure that they have appropriate kickback protections in place, including policies and procedures designed to avoid improper interactions and financial transactions, review of financial arrangements for compliance with safe harbor requirements, regular training on the AKS, and internal auditing procedures and record-keeping practices to ensure ongoing compliance.

2. Enforcement Trends

The Risk of FCA Liability Based on Stark Law Violations: The DOJ’s Continued Scrutiny of Physician Compensation Arrangements

Demonstrating the DOJ’s ongoing interest in enforcing the Physician Self-Referral Law (Stark Law), recent DOJ cases and settlements have focused on hospital and health system payments to physicians, alleging that certain providers’ payments violate the Stark Law because they are above fair market value (FMV) or tied to the volume or value of the physicians’ referrals. In light of the DOJ’s ongoing interest in this area, hospitals and health systems should evaluate their compensation arrangements with physicians and ensure that they fully comply with the Stark Law.

The federal Stark Law prohibits physicians from making referrals to entities with which they have a financial relationship, unless an exception applies. Recently, the DOJ has pursued multiple health systems across the country through Stark-based FCA lawsuits, alleging that the physician compensation arrangements at issue violated the Stark Law. Any claims submitted by a health system to Medicare or Medicaid for designated health services referred by physicians that are parties to arrangements that do not meet a Stark Law exception are “false” for purposes of the FCA. These FCA cases and settlements demonstrate that Stark Law enforcement remains a key priority for the DOJ.

The most notable Stark-based enforcement action this past year involved the Indiana-based health system Community Health Network , which paid a historic $345 million to settle the suit. After intervening in an FCA lawsuit brought by Community’s former CFO/COO, the DOJ alleged that Community engaged in a scheme to employ physicians for the purpose of obtaining their referrals. Community allegedly paid the physicians salaries that were significantly higher than FMV, and awarded bonuses tied to the number of the physicians’ referrals to Community’s network. Community also allegedly hired a valuation firm to examine the compensation arrangement, but provided the firm false compensation figures so that the firm would render a favorable opinion regarding FMV and ignored the firm’s repeated warnings about the legal consequences of overcompensating the physicians. Community’s settlement payment of $345 million is the largest settlement amount to date for a Stark-based FCA suit.

Other examples of recent enforcement actions include:

Bon Secours’ South Carolina branch paid $36.5 million in June 2023 to settle an FCA lawsuit centered on payments to orthopedic surgeons that allegedly were tied to the volume or value of referrals.
ChristianaCare paid $42.5 million in January 2024 to settle an FCA suit filed by its former chief compliance officer, contending that the health system violated both the Stark Law and AKS by providing a neonatology group with free services from hospital-employed support providers. Under the alleged scheme, the neonatology group’s physicians billed a 24-hour CPT code for services provided in the hospital’s NICU that were mostly performed by the hospital-employed support providers.
In December 2023, the DOJ filed a complaint against Steward Health, alleging that one of its Boston-based hospitals violated the Stark Law by paying a cardiac surgeon compensation that exceeded fair market value and was based on the volume or value of the surgeon’s referrals. This case is ongoing.
In May 2024, the DOJ announced that it will intervene in part of an ongoing Stark-based FCA case against Tennessee-based Erlanger Health System. The lawsuit was filed by former hospital executives, who claim that Erlanger paid physicians above fair market value, and ignored concerns raised by internal compliance personnel.

Given these recent cases and settlements, providers are well-advised to reexamine their own physician compensation arrangements. When evaluating their compensation practices, hospitals and health systems should keep in mind the following:

Retain a valuation firm to provide an FMV opinion. Make sure to provide the firm with accurate, up-to-date figures related to your physician compensation arrangements. If the firm finds that the arrangement is above or below FMV, take the steps necessary to correct the arrangement so that it is consistent with FMV and otherwise fits a Stark exception. The Stark Law is a complex regulatory scheme that can be confusing and difficult to navigate. Legal counsel can assist with finding an appropriate evaluator, presenting the facts accurately, and, if needed, ensuring that the compensation arrangement fits a Stark exception.
Document the compensation arrangements as well as any changes to the arrangements. A key part of complying with the Stark Law is proper documentation and records related to financial relationships with physicians. The documentation and records should clearly show that compensation is consistent with FMV and is not tied to the amount or value of the physician’s referrals. If any aspect of the compensation arrangement changes, such changes should also be noted in the appropriate documents and records.
Cultivate a strong compliance culture. Develop policies and trainings regarding legal compliance and whistleblower protections. These measures lay the foundation for a workplace culture that encourages employees to report potential compliance issues so they can be addressed in an expedient manner mitigating risk to an organization. They also protect whistleblowers from retaliation or discrimination.
Listen to warnings from compliance personnel and whistleblowers. When compliance personnel or other employees raise concerns regarding an arrangement with physicians, develop rules and systems to address the concerns. Follow up and ensure the rules are effectively implemented. In the recently settled suit against ChristianaCare, the DOJ alleged that the health system’s compliance team raised concerns about a problematic remuneration scheme for neonatologists and surgeons, and top executives developed rules to put an end to the problematic practices, but the rules were never put into practice.

For more on the US Supreme Court’s recent decision to overturn its ruling in Chevron USA, Inc. v. Natural Resources Defense Council, Inc., which marks a significant shift in federal agency rulemaking and actions, and our thoughts on how it may impact the Stark Law, see our recent alert here. This development is set to have a notable impact, especially within the health care industry.

And the Fox Says … Given the ongoing scrutiny of physician compensation arrangements, health care providers should ensure arrangements with physicians comply with the Stark Law by: (1) retaining a valuation firm to provide an FMV opinion and structuring the compensation to be consistent with the opinion, (2) appropriately documenting all compensation arrangements with physicians, and (3) cultivating a strong culture of compliance that encourages employee reporting when potential issues are identified and taking appropriate remedial steps in response to reported issues. Providers that have identified compensation arrangements that may violate the Stark Law should consider what steps need to be taken to mitigate a potential Stark Law violation including whether the arrangement needs to be modified or terminated, and whether voluntary self-disclosure to the appropriate agency is the right path forward.

3. Litigation Developments

First Circuit Oral Arguments on False Claims Act Causation Standard

The First Circuit heard arguments on July 22 in a closely watched case, United States v. Regeneron Pharmaceuticals Inc., on the appropriate causation requirement in FCA cases arising out of violations of the AKS. As we’ve previously reported here and here, the interlocutory appeal arises out of two decisions by the Massachusetts District Court — Regeneron and United States v. Teva Pharmaceuticals USA Inc. et al. — where the courts disagreed on the appropriate standard for establishing that a false claim “result[ed] from” an AKS violation, as required by US Congress’s 2010 amendment to the AKS.

Teva involved claims that the defendant donated 10s of millions of dollars each year to two patient assistance charities to cover the Medicare copay obligations of patients taking its drug, Copaxone. On summary judgment, Teva argued that the 2010 amendment to the AKS required the government to prove that “but for” these payments to the charities, the claims would not have been submitted for reimbursement. The court rejected Teva’s argument, holding that the government need only show a “sufficient causal connection” between the claim for payment and the AKS violation. The Teva decision follows an earlier First Circuit ruling in Guilfoile v. Shields (establishing the appropriate causation standard for an FCA retaliation claim), as well as the Third Circuit’s ruling in United States ex rel. Greenfield v. Medco Health Solutions, Inc., where the court held that the government need only show a “link” between the alleged kickbacks and the Medicare received.

Regeneron involved similar allegations that the defendant improperly subsidized copays through a sham charity. Like Teva, Regeneron argued that the government could not show that the donations resulted in the submission of any false Medicare claims. Contrary to the court in Teva, however, the Regeneron court held that the “resulting from” language in the AKS requires the government to show that “but for” the kickbacks, the claims would not have been submitted to federal health care programs. Rejecting the Third Circuit’s standard articulated in Greenfield as “fraught with problems,” the Regeneron court emphasized the need to articulate a standard consistent with the “actual language of the statute,” “basic principles of statutory interpretation,” and “long-standing common-law principles of causation.” No. CV 20-11217-FDS, 2023 WL 6296393, at *10 (D. Mass. Sept. 27, 2023). The Regeneron decision aligns with the Sixth Circuit’s decision in United States ex rel. Martin v. Hathaway and the Eighth Circuit’s decision in United States ex rel. Cairns vs. D.S. Medical LLC.

The First Circuit was originally scheduled to hear arguments in both Regeneron and Teva on July 22, however Teva recently filed a motion to hold the appeal in abeyance pending settlement discussions with the government. Thus, the First Circuit only heard arguments in Regeneron. The panel, consisting of Judges O. Rogeriee Thompson, William Kayatta, Jr., and Lara Montecalvo, appeared skeptical of the government’s assertion that it need only show that a claim was the intended outcome of the kickback, questioning why Congress would create a wholly new causation standard applicable only to FCA claims arising out of AKS violations, rather than adopting the well-established “but-for” standard. Regeneron, represented by Paul Clement of Clement & Murphy PLLC, disputed that the government’s standard is actually not a causation standard at all, but is “hoped-for correlation.” Regeneron also contended that even if a but-for standard may, in some cases, make it more difficult for the government to establish an FCA violation, the government would still have the ability to pursue criminal liability under the AKS.

The government also argued that even if the First Circuit adopted a “but-for” causation standard, the government could still proceed on an implied certification claim, for which it would have to prove materiality. Regeneron disagreed, arguing that Congress articulated the standard it wanted in the 2010 amendment, and therefore no other theory for establishing an AKS-based FCA claim exists. The oral argument is available here.

And the Fox Says … A First Circuit ruling establishing a “but-for” standard would be a victory for defendants, making it more difficult for the government to prevail on AKS theories. However, if the First Circuit rules consistently with Guilfoile and Teva, we will continue to see significant judgments at trial, and defendants will be forced to weigh potential settlement against the possibility of high damages. Whatever the First Circuit’s decision in Regeneron, the outcome will further the existing circuit split, making the issue ripe for Supreme Court review. We will continue to monitor developments in FCA litigation to help our clients navigate the ever-changing judicial landscape.

4. Compliance Corner

Bring Your Own Device Policies: What You Need to Know

With the continued acceptance of hybrid work arrangements and industries continuing to be increasingly reliant on technology, Bring Your Own Device (BYOD) policies are becoming a growing trend. A BYOD policy, as opposed to a dual device policy, allows employees to use their personal devices, such as smartphones, for work purposes. These policies offer numerous benefits, including increased flexibility, administrative efficiency, enhanced productivity, and cost savings. However, they also come with their share of risks, especially for heavily regulated and monitored industries such as health care, energy, and banking.

The primary risk associated with BYOD policies revolves around data security and confidentiality. Personal devices used for work purposes can become gateways for data breaches, leading to the potential exposure of sensitive company information or client and patient data. Regulatory non-compliance is also a significant concern, as failure to protect client or patient data can result in substantial penalties under the Health Insurance Portability and Accountability Act or Fair Credit Reporting Act. Mitigating these risks require that BYOD policies align with industry-specific regulations concerning data protection. This will involve collaborating with legal and compliance counsel to understand the applicable rules and how they apply to a specific organization.

BYOD policies can also complicate data preservation due to limited company control over devices. In the event of suspected misconduct, or in response to a government demand, when business is conducted on company phones, responsive data can be obtained by merely mirroring the data on the phone and filtering for relevancy. A BYOD policy, however, means potentially collecting entire personal devices and relying on employees’ honest reporting of business contacts for search and review, a complex and costly endeavor. Personal devices for business also necessitate careful handling to prevent disclosure of personal, health care, or banking information. To mitigate these risks, a BYOD policy should specify which types of data can be accessed on personal devices and how data should be secured. It should also outline the circumstances under which the employer can require the employee to have their device collected or imaged, usually in response to a subpoena or litigation. A Mobile Device Management solution can help simplify these issues by allowing company information technology teams to enforce security policies, manage device settings, and even separate work and personal data.

But considering preservation and control in a BYOD policy is not only a matter of convenience and cost. The DOJ makes it clear in its Evaluation of Corporate Compliance Programs that it will closely scrutinize “the corporation’s policies and procedures governing the use of personal devices, communications platforms, and messaging applications, including ephemeral messaging applications.” According to the DOJ, a company’s effort to preserve business-related electronic data and communications before misconduct occurs is key to demonstrating the quality of a compliance program and its ability to detect and deter misconduct. Furthermore, the DOJ’s Principles of Federal Prosecution of Business Organizations illustrates that company cooperation and willingness to assist the DOJ investigation is crucial to minimize financial liability and future oversight. A BYOD policy that does not contemplate preserving company data is, therefore, likely a bellwether for future liability.

And the Fox Says … Keeping in mind the compliance risks associated with BYOD policies, companies should ensure that their BYOD policy is part of their overall goal of identifying, reporting, and remediating potential misconduct and violations of law. While BYOD policies offer several benefits, they also come with significant compliance risks. By carefully crafting and implementing these policies with the help of legal and compliance teams, companies can maximize the benefits of a BYOD policy while also minimizing potential hazards.