Key Highlights:
1. The United States Supreme Court will weigh in on the government’s authority to dismiss cases brought by whistleblowers as well as a case that could bolster or erode the attorney-client privilege.
2. United States federal government scrutiny is heating up in areas that heavily impact healthcare, including as to private equity, data security, antitrust, telehealth, and COVID-19 relief and services – and the government is aided by the increasingly-sophisticated use of data analytics.
3. The United States federal government has announced new corporate enforcement policies.
4. The dust hasn’t settled as to where the Dobbs decision leaves the legal state of affairs regarding abortion.
Here is our selection of the top 10 government enforcement-related updates impacting the health care industry in the United States:
1. This Case Is Mine: The Supreme Court to Weigh in on DOJ’s Authority to Dismiss Cases Brought by Whistleblowers.
On December 6, 2022, the United States Supreme Court will hear oral argument on a case seeking Supreme Court input on the government’s authority to dismiss False Claims Act (FCA) lawsuits brought by relators (“qui tam cases”). Qui tam cases are brought by relators on behalf of the government. Under the FCA, the government may choose to intervene in a qui tam case (thus taking over the litigation), decline to intervene but permit the relator to litigate the case on the government’s behalf, or move to dismiss the case. The Supreme Court has been asked to weigh in regarding the standard of review courts should use when ruling on a government motion to dismiss. In our view, because qui tam cases are brought on behalf of the government, we believe the D.C. Circuit’s standard providing the government virtually unfettered discretion in dismissal decisions is the proper one. The standard is not merely academic: whether the Supreme Court empowers or chills the government from moving to dismiss FCA suits—many of which are meritless or harassing—could have a major impact, particularly in the health care industry, whose members comprise the vast majority of False Claims Act defendants.
Meanwhile, a bill was introduced in the Senate last year to amend the FCA, including proposing that, in moving to dismiss an FCA case, the government must identify “a valid government purpose and a rational relation between dismissal and accomplishment of the purpose, and the [relator] shall have the burden of demonstrating that the dismissal is fraudulent, arbitrary and capricious, or illegal.” The bill has stagnated in Congress.
2. They’re Watching You: DOJ is Using Data Analytics More Than Ever.
The United States Department of Justice (DOJ) and Department of Health & Human Services (HHS) collaborate on mining Medicare provider and claims data, and data from other public sources, and many State Medicaid Fraud and Control Units likewise conduct data mining. This data mining is growing increasingly systemized and sophisticated. Each U.S. Attorney’s Office, along with its local HHS-Office of Inspector General (HHS-OIG) and Federal Bureau of Investigations (“FBI”) agents, now regularly receives data sets unique to their specific region. The agencies use data analytics to identify trends and outliers. Agencies can use data analytics to look for unusually voluminous billing of complex office visits or expensive procedures, or to pair Open Payments data with providers’ orders of Durable Medical Equipment (DME) and prescription drugs. Data analytics enables these agencies to target areas the agencies perceive as highest risk, leading to less agency reliance on whistleblower tips and qui tam suits to dictate agency resource spend. Of course, data cannot tell the whole story, and providers with outlier data may soon find themselves with the need to defend the numbers.
3. Post-Dobbs: A Gray New World.
In the wake of the Supreme Court’s decision in Dobbs v. Jackson Women’s Health, abortion providers throughout the country face an ever-evolving legal landscape. In Dobbs, the Supreme Court ruled that the United States Constitution does not confer a right to abortion and directly overturned Roe v. Wade and Planned Parenthood v. Casey. Many health care industry participants—not only abortion providers, but also hospitals, pharmacies, insurance plans, pharmaceutical companies, and others—are left figuring out what this means for them, especially in states that have existing legislation or that will likely pass legislation that restricts abortion beyond the Roe landscape. Vague and untested legislation imposing abortion restrictions means new risk areas for much of the health care industry, and it portends voluminous litigation and enforcement clashes, which already have begun.
4. Caveat Emptor: Private Equity in Health Care Presents New Risks.
Over the last few years, the presence of private equity (PE) investment in health care has become increasingly evident. In 2021 alone, approximately $151 billion of PE funds went to health care investment across the globe, with the number of deals increasing 36%. The presence of PE in health care opens doors for much needed innovations and non-traditional care delivery models. However, in President Biden’s March 2022 State of the Union Address, he announced “Wall Street takeover of nursing homes” has decreased the quality of care while raising prices—something he stated will end under his Presidency. We can expect that government focus on PE investment in the health care space will increase, including government enforcement actions against investors themselves and against providers backed by investors. Already there have been DOJ and state attorney general settlements with PE funds that have waded into allegedly questionable regulatory territory. Well-meaning investors are sometimes not aware of all the complexities of the health care regulatory landscape. When seeking to add a health care company to their portfolio, investors must fully appreciate the complex regulatory scheme, including fraud and abuse risks, or they may find themselves subject to unexpected and unwanted government attention.
5. The Security of PHI/PII has 99 Problems and HIPAA is Only One.
The government has been increasingly focused on data security, no doubt spurred by the rise of cyber-attacks and cyber-espionage. Some may recall DOJ’s announcement last year of a Cyber-Fraud Initiative where DOJ declared it would use the FCA to pursue government contractors and grant recipients who fail to follow cybersecurity standards. Deputy Attorney General Lisa Monaco announced, “For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it. . . . That changes today.” She elaborated, “The [cyber-fraud] initiative will hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”
The escalating focus of DOJ on cybersecurity heightens the risk that Health Insurance Portability and Accountability Act (HIPAA) violations—or other data security and breach issues—may be pursued not just administratively but also as fraud under the FCA. For example, in March 2022, an entity providing medical support services at government-run facilities abroad agreed to pay almost a million dollars to resolve allegations that it violated the FCA including by allegedly failing to disclose that it had not consistently stored patients’ medical records on a secure system, and that personnel allegedly saved and left scanned copies of some records on an internal network drive that was accessible to non-clinical staff.
Given the government’s cybersecurity focus, it is only a matter of time before we see a surge in enforcement like this against other health care providers, both within and without the national security realm. Providers would do well to kick the tires of their current data security measures and breach protocols, and to proceed with any new arrangements with caution.
6. When Two Become One: Ever-Increasing Antitrust Interest in Healthcare.
The current Administration’s antitrust enforcers are not shy. Particularly notable is the anticipated overhaul of federal merger guidelines. In January, the Federal Trade Commission and DOJ sought public comments on ways to modernize federal merger guidelines. The request included specific questions for multiple areas of interest, including whether “traditional distinctions” between horizontal and vertical mergers should be reevaluated and whether it is “necessary to precisely define the market in every case.” The impending revamp of merger guidelines is a plain attempt to loosen restrictions on antitrust enforcement and enhance the government’s power to take action against perceived threats to competition. The agencies received 5,825 comments.
Moreover, this summer, in a speech entitled “The Importance of Vigorous Antitrust Enforcement in Health Care,” Deputy Assistant Attorney General Andrew Forman delivered remarks that affirmed healthcare “merger and acquisition enforcement will remain a top priority” for DOJ. According to Forman, healthcare “consolidation has resulted in the reduction of research, staffing shortages, and decreased quality of care.”
7. Can I Have Your Attention? DOJ Announces New Corporate Enforcement Policies.
On September 15, 2022, DAG Monaco announced significant changes to DOJ’s approach to corporate criminal enforcement, including revised and new policies and an accompanying memorandum with directives to DOJ components (“Monaco Memo”). These changes follow from DAG Monaco’s earlier announcements and memorandum in connection with the Biden Administration’s corporate criminal enforcement strategy unveiled last fall. The Monaco Memo set forth new and revised policies in five key areas: (1) voluntary self-disclosure (each DOJ component must adopt a formal, written policy which incentivizes self-disclosure); (2) individual accountability (full cooperation credit will only be awarded to corporations if they timely produce all relevant, non-privileged facts about individual misconduct); (3) corporate compensation and communications (prosecutors to consider whether a company’s compensation systems reward compliance and penalize misconduct and a company’s approach to employee use of personal devices and third-party apps for business-related communication); (4) how to consider and weigh a corporation’s history of misconduct; and (5) independent compliance monitors (providing a list of non-exhaustive factors used to evaluate whether to impose a monitorship).
Key implications of these policies announced in the Monaco Memo include that: (i) compensation systems will come under heightened scrutiny; (ii) companies may need to reevaluate how they respond to complaints and alleged misconduct; (iii) companies may need to reboot their approaches to voluntary self-disclosure and cooperation considerations.
8. All About That Business: The Supreme Court is Considering the Application of the Attorney-Client Privilege to Dual-Purpose Communications.
On January 9, 2023, the Supreme Court will hear oral argument in the matter of In re Grand Jury, 23 F.4th 1088 (9th Cir. 2021). The Supreme Court will address whether a communication involving both legal and non-legal advice is protected by the attorney-client privilege when obtaining or providing legal advice was one of the significant purposes behind the communication. The Court’s opinion is expected to resolve a circuit split on the scope and application of the attorney client privilege. At least three circuits have announced different tests for these “dual purpose” communications. See e.g., In re Kellogg Brown & Root, Inc., 756 F.3d 754, 760 (D.C. Cir. 2014) (“In the context of an organization’s internal investigation, if one of the significant purposes of the internal investigation was to obtain or provide legal advice, the privilege will apply”); see also in re Thullen, 220 F.3d 568, 571 (7th Cir. 2000) (in a case involving tax returns, the Seventh Circuit held that “documents used in both preparing tax returns and litigation are not privileged”). In In Re Grand Jury, the Ninth Circuit expressly rejected the standard announced in Kellogg, finding the standard and reasoning in Kellogg could not be applied outside the internal investigation's context, and held that a “dual purpose” communication is privileged only where the predominate purpose of the communication is for legal advice. See In re Grand Jury, 23 F.4th at 1095. How the Supreme Court rules could have significant impact on how in-house legal departments are structured and how they operate, including as related to internal investigations and business advice furnished by in-house counsel, two hats frequently worn by healthcare in-house counsel.
9. As Telehealth Flourishes, DOJ and OIG Tighten their Grip (and Hope No One Slips Through).
In the wake of the explosion of telehealth during the COVID-19 Public Health Emergency (PHE), there have been numerous DOJ takedowns involving companies providing—or, in some cases, purporting to provide—telehealth, telemedicine, or telemarketing services. For example, on July 20, 2022, DOJ announced that it charged 36 individuals in 13 federal districts across the United States for alleged fraudulent telemedicine, cardiovascular and cancer genetic testing, and durable medicine equipment schemes totaling more than $1.2 billion. The coordinated federal investigations primarily targeted alleged schemes involving the alleged payment of bribes by laboratory owners and operators in exchange for the referral of patients by medical professionals working with telemedicine and digital medical technology companies.
Late this summer, HHS-OIG issued a Special Fraud Alert encouraging practitioners to exercise caution and heightened scrutiny when entering into arrangements with telemedicine companies. OIG identified a non-exhaustive list of “suspect characteristics” which, taken together or separately, could suggest an arrangement presents a heightened risk of fraud and abuse.
10. COVID-19 Anti-Fraud Enforcement: It’s Only Just Begun.
The government has pursued civil and criminal action against countless entities and individuals under the banner of COVID-19 fraud, including those who allegedly: received relief funds they were ineligible for or who misused relief funds; misused telehealth flexibilities and/or paid improper kickbacks associated with telehealth; submitted inflated claims for COVID-19 testing or other testing in conjunction with COVID-19 testing; forged vaccination cards; promised false cures; sold counterfeit Personal Protective Equipment (PPE); engaged in PPE hoarding and price gouging; and even against those who facilitated vaccinations for the ineligible.
It is logical that the government has generally pursued—and reached resolution in—the most obvious cases first. Higher risk for entities that generally operate in a compliant way are more nuanced, complex health care arrangements, where compliance risks may be lurking but non-obvious. If an entity believes it may face government enforcement, an evaluation of risk, including consideration of remediation and possible self-disclosure, may be warranted. The statute of limitations is far from running out on most causes of action for conduct arising from the PHE.
* * *
Always-evolving government priorities, increasing sophistication, variable resource allocation, and novel areas of law ensure that government enforcement is an ever-changing reality in the health law space. Counsel are wise to stay abreast of these changes.
Authors:
Lori Rubin, Government Enforcement Defense & Investigations Partner, Foley & Lardner LLP, LARubin@foley.com
Samantha Robbins Jamali, Health Care Practice Group Associate, Foley & Lardner LLP, SJamali@foley.com
Lauren Carboni, Health Care Practice Group Associate, Foley & Lardner LLP, LCarboni@foley.com
Additional Resources:
• “Health Care & Life Sciences Sector-Top Trends for 2022”
• “Healthcare Compliance Programs in the United States 101”
• “The Inflation reduction Act of 2022: Medicare Drug Pricing Provisions Will Change the Health Care Industry”
• Connect with peers, join the ACC Health Law Network and other ACC Networks (for ACC members only)