The current False Claims Act (“FCA”) enforcement actions are focusing on Medicaid providers and payers. The dramatically increased enforcement activity, to a great extent, arises out of the enactment of the Deficit Reduction Act of 2005 (“DRA”). You can be assured that once the enforcement and collection actions and procedures are solidified, they will be expanded to Medicare providers and payers as well as, eventually, private providers and payers.
The DRA became effective on January 1, 2007. The DRA grants oversight authority for Medicaid providers and payers to the Centers for Medicare and Medicaid Services (“CMS”), the Department of Health and Human Services Office of Inspector General (“OIG”), and individual states. The goal is to eliminate fraud, waste and abuse in the Medicaid program. Authority is granted to both federal and state agencies and employees, and to private companies contracting with the federal and state governments, to conduct investigations and audits.
The DRA has created financial incentives for individual states to enact false claims acts that are equal to or exceed the federal False Claim Act (“FCA”). Those financial incentives to the states include the providing of an additional 10% of the Federal Medical Assistance Percentage (“FMAP”) on all recoveries collected by a state pursuant to their own individual FCA.
The state FCA provisions must be at least as effective and rewarding in facilitating actions for false and fraudulent claims as is described in the federal FCA, including a civil penalty that is not less than the federal penalty.
As of March 2009, 22 states and the District of Columbia have developed state FCAs, with 13 of those states having been provided certification by the Department of Justice and the OIG. As of March 2009, Ohio has not been granted such a certification but you can be assured that, by reason of the federal incentives to the states, Ohio will be obtaining that certification in the near future.
State FCAs, at a minimum, must set forth liability for any person who: (a) knowingly presents or causes to be presented a false or fraudulent claim for payment or approval; (b) knowingly makes, uses, or causes to be made or used a false record or statement to get a false or fraudulent claim paid or approved; (c) conspires to defraud by getting a false or fraudulent claim paid or approved; or (d) knowingly makes, uses, or causes to be made or used a false record or statement to conceal or avoid or decrease an obligation to pay or transmit money or property. “Knowing” or “knowingly” means a person that has actual knowledge of the information, acts in deliberate ignorance of the truth or falsity of the information or acts in reckless disregard of the truth or falsity of the incident.
Under the “knowing” standard, no proof or specific intent to defraud is required. In fact, the enforcement agency is not required to demonstrate that the provider or payer actually knew its claims were false upon submission. The federal or state enforcement agency need only show that a provider or payer acted in deliberate ignorance of or in reckless disregard of the truth or falsity of the information or documentation. “Reckless disregard” is generally considered to mean that the provider or payer knew or should have known that the information is false. Generally speaking, one act of reckless disregard will not result in severe penalties, but repeated submissions of information or documentation when the provider or payer knew or should have known that the information was false will result in the severest of penalties.
Monetary penalties of at least $5,500 per claim, with treble damages (3 times the actual proved damages) plus federal program exclusion are the standard. Some states have even gone so far as to extend their ability to oppose such penalties by providing that the statutes of limitations that limit these actions for recovery have been extended to 10 years.
The State of New York, for example, has committed to recover a total of $1.6 billion over five years from Medicaid providers and payers alone.
You might recall that in 2000 and 2001 voluntary compliance plans for false claims and fraud and abuse situations were being recommended and developed. Those plans included guidelines for educating employees and healthcare providers by providing informational sessions on a regular basis. Included in many voluntary compliance plans was a program both for in-house review of coding and external review by independent coding experts. The plans also named a compliance officer and established a procedure whereby employees could submit questions as well as provide information regarding apparent coding, billing, or documentation violations.
Although those compliance plans were voluntary, and in fact remain, in most cases, voluntary today, many of our clients elected to have compliance plans prepared for them, submitted them to their employees, including physicians and dentists, and held annual information and update sessions for their employees. Unfortunately, as the years have passed by and the compliance plans remain voluntary, many healthcare providers have failed to update the plan in accordance with law and regulation changes, have failed to continue to distribute the plans to new employees, and have suspended both annual information sessions and annual reviews of coding by independent certified coding experts.
In our opinion, the current actions to uncover fraud and abuse in the Medicaid programs are simply a precursor to expansion to Medicare and private providers and expansion of what previously were voluntary compliance plans to make them mandatory.
The Deficit Reduction Act (“DRA) obligates Centers for Medicare and Medicaid Services (“CMS”) to establish and staff a new Medicaid Integrity Program (“MIP”) similar to the Medicare Integrity Program. The MIP has a required five-year plan for combating fraud, waste and abuse and ensuring the integrity of the Medicaid program. CMS is required to enter into contracts with independent qualified entities to perform reviews of providers, is required to audit claims made under state Medicaid programs, is required to identify over-payments, and is required to educate providers with respect to payment integrity and quality of care. Audits will initially focus on fee-for-service providers and then progress to Medicaid Managed Care Organizations (“MCO”). Commencing with the fiscal year 2009, Congress is obligated to contribute $75 million annually to support these incentives, including increasing the number of federal employees dedicated to the effort by 100.
The DRA also requires any entity receiving or making at least $5 million annually from a state’s Medicaid program to establish a mandatory compliance plan and to self-detect potential fraud, waste, and abuse. Such compliance plans must develop written policies and procedures for all employees, including management, and for contractors and agents, that explain federal FCA and any applicable state laws pertaining to civil or criminal penalties for false claims and statements and whistle-blower protections under such laws. The healthcare providers must also include in the employee manual a specific discussion of federal and state FCA rights and protections. Policies and procedures must be disseminated to contractors or agents involved in providing Medicaid items or services and must monitor that such policies and procedures are followed. Failure to fulfill these requirements can be a contributing factor in any allegations of FCA violations. An effective compliance program must exercise due diligence to prevent and detect criminal conduct and promote an organizational culture that encourages ethical conduct and commitment to compliance with the laws. Guidelines require Medicaid providers and payers to ensure that the compliance program is followed and that a mechanism exists to evaluate its effectiveness in creating an organizational culture committed to compliance.
As indicated above, enforcement under federal and state FCAs has risen dramatically. Civil and criminal penalties have been extensive and have ranged, in reported cases, from a $1.9 million settlement with the federal and Colorado governments by a long-term care facility for allegedly presenting claims to the Medicare and Medicaid programs for services that were inadequate or worthless, to a $225 million settlement arising out of a $334 million judgment against Amerigroup for allegedly avoiding enrollment of unhealthy patients and pregnant women who were more costly to treat and would have eroded Amerigroup’s profit margin.
The increased attention to Medicaid programs follows on the heels of the implementation by CMS and OIG of Medicare overpayment recoveries through the use of independent Recovery Audit Contractors (“RAC”). The use of the RACs started as a demonstration project limited to several states. The demonstration project, however, resulted in $900 million returned to the Medicare trust fund as recouped overpayments. By August 1, 2009, all states are to be added to the RAC program. Four independent RACs have been assigned to cover audits throughout the United States, with the RAC assigned to Ohio being CGI Technologies and Solutions, Inc., from Fairfax, Virginia. The RACs are paid on a contingency fee basis meaning that they get paid only if they have a recovery and, thus, their incentive for recovery is great.
In conclusion, it is clear that the federal government believes that there is significant fraud and abuse in both the Medicare and Medicaid programs and, as a natural extension, in submissions to private third-party providers. The Deficit Reduction Act is intended to do exactly that: to generate revenues in any manner to reduce the federal budget deficit. Certainly, the recent stimulus plans necessitated by our current economic crisis only increases that need for federal deficit reductions.
We strongly urge our clients to update their voluntary compliance plans if they have plans; to develop voluntary compliance plans if they have none; to disseminate the information among all employees, including professionals; to hold at least annual educational meetings with all employees to review the plans and to update them; and to ensure that a system of in-house coding review as well as at least annual independent coding review is in place. Remember, that even though in-house coding review can be very effective and certainly is essential, it is still being performed by employees of the healthcare provider and, therefore, will not avoid or provide a defense to fraudulent claim allegations. Review by independent certified coders, however, may put the healthcare provider in a position that, even if the coding used by them or, as is normally the case, the documentation supporting the coding, is incorrect or incomplete, when you have had your coding reviewed by an external independent coding expert, you are in a position to at least argue that you were reasonable and justified in following that independent direction and, therefore, even though you may owe funds for over coding, including interest, claims of fraud and abuse may be avoided, with their incidental criminal penalties and potential exclusion from federal provider programs.
If you wish to discuss any of these issues further or to arrange for the development of a compliance plan or independent coding review, please feel free to contact any of the members of the healthcare section of Krugliak, Wilkins, Griffiths & Dougherty Co., L.P.A. listed below.