Current Trends in False Claims Act Enforcement, as appeared in The American Health Lawyers Association, Health Lawyers News

Current Trends in False Claims Act Enforcement Require More Robust Compliance Programs for Medicaid Providers and Payors

Clifford E. Barnes & Nisha P. Shah, Epstein Becker & Green PC, Washington, DC

Current False Claims Act (FCA) enforcement actions are focusing on Medicaid providers and payers and causing them to rethink the meaning of effective compliance. The enhanced enforcement activity can be traced to the enactment of the Deficit Reduction Act of 2005 (DRA). This article describes how the DRA and state FCAs are impacting enforcement, examines the trends of such enforcement with regard to Medicaid providers and payers, and explains why rethinking Medicaid compliance is necessary in today's heightened enforcement environment.

I. The Deficit Reduction Act

In 2005, the Government Accountability Office (GAO) published a report exposing a significant disparity between the resources allocated to combat fraud and abuse in the Medicaid system and the amount of Medicaid money at risk for such abuses.[1] In response to the GAO Report, Congress enacted the DRA, which became effective on January 1, 2007.[2] Among other things, the DRA grants oversight authority for Medicaid providers and payors to the Centers for Medicare and Medicaid Services (CMS), the Department of Health and Human Services Office of Inspector General (OIG), and individual states, with the goal of eliminating fraud, waste, and abuse in the Medicaid program. To accomplish this goal, the oversight authority is empowered with the ability to conduct investigations and audits by federal and state employees and private entities contracting with the federal and state governments. Moreover, the DRA transforms Medicaid enforcement in three critical ways through the enactment of provisions that:

A. Encourage promulgation of FCAs by the individual states;[3]

B. Require entities that receive or make annual payments of at least $5 million of Medicaid funds to develop compliance policies and programs;[4] and

C. Establish the Medicaid Integrity Program.[3]

A. Enactment of State False Claims Acts

To encourage Medicaid enforcement, the DRA created financial incentives for states to enact FCAs that mirror the federal FCA. Under the DRA, states that enact FCAs that meet certain statutory requirements gain an additional 10% of the federal medical assistance percentage (FMAP) on all recoveries collected pursuant to that state FCA.[6] To be eligible for the increased recovery rate, states must enact FCAs that:

(1) Establish the same liability to the state for fraudulent claims as described in the federal FCA with respect to expenditures related to the state Medicaid program;

(2) Contain provisions that are at least as effective in rewarding and facilitating qui tarn actions or false and fraudulent claims as described in the federal FCA;

(3) Contain a requirement for filing an action under seal for 60 days with review by the state Attorney General; and

(4) Contain a civil penalty that is not less than the amount of the civil penalty authorized under the federal FCA.[7]

These measures are designed to support state program integrity efforts and enhance the recovery of false and fraudulently obtained Medicaid dollars.

As of March 2009, the FCAs of 13 states have been reviewed and approved by the OIG as complying with these federal requirements.[8 ]As a result of the additional 10% of the FMAP, these states have an increased incentive to actively enforce the state FCA.

Whether state FCAs have or have not been approved by the OIG,[9] such Acts typically mirror the federal FCA in connection with how liability attaches. In that regard, state FCAs, at a minimum, prescribe liability for any person who: (a) knowingly presents or causes to be presented a false or fraudulent claim for payment or approval; (b) knowingly makes, uses, or causes to be made or used a false record or statement to get a false or fraudulent claim paid or approved; (c) conspires to defraud by getting a false or fraudulent claim paid or approved; or (d) knowingly makes, uses, or causes to be made or used a false record or statement to conceal or avoid or decrease an obligation to pay or transmit money or property.[10] Similarly, under federal and state FCAs, "knowing" or "knowingly" means a person that:

(1) Has actual knowledge of the information;

(2) Acts in deliberate ignorance of the truth or falsity of information; or

(3) Acts in reckless disregard of the truth or falsity of the incident.[11]

Significantly, under the "knowing" standard, no proof or specific intent to defraud is required. In fact, the enforcement agency is not required to demonstrate that the provider or payor actually knew its claims were false upon submission. Instead, under federal and state FCAs, the enforcement agency prevails by showing that a provider or payor acted in deliberate ignorance of or in reckless disregard of the truth or falsity of the information or documentation. Enforcement agencies typically interpret reckless disregard to mean that the provider or payor knew or should have known that the information is false,[12] which effectively amounts to a "repeated negligence" standard. Under both federal and state FCAs, statutory penalties are significant and include civil monetary penalties of at least $5,500 per claim,[13] treble damages, potential program exclusion, and compliance obligations under corporate integrity agreements. Moreover, some states have enhanced their ability to impose such penalties by extending the statutes of limitations to 10 years.[14] Other states have made significant commitments to achieve fraud and abuse recoveries in specific dollar amounts. For instance, New York committed to recover a total of $1.6 billion over five years from Medicaid providers and payors, amounting to the following recovery schedule: $215 million in fiscal year (FY) 2008, $322 million in FY 2009, $429 million in FY 2010, and $644 million in FY 2011.[13] For FY 2008, New York more than doubled its targeted recovery by retrieving $551 million dollars from Medicaid providers and payors.[16] The net effect of the DRA's incentives for states to enact FCAs is to dramatically increase not only state enforcement efforts but also qui tarn actions against and recoveries from providers and payors.[17]

B. Mandatory Compliance Programs

The DRA also requires any entity receiving or making at least $5 million annually from a state's Medicaid program to establish a compliance plan and to self-detect potential fraud, waste, and abuse in connection with the Medicaid program. Pursuant to the DRA, such compliance plan must satisfy the following conditions:

(1) Develop written policies and procedures for all employees, including management, and for contractors and agents that explain the federal FCA and any applicable state laws pertaining to civil or criminal penalties for false claims and statements, and whistleblower protections under such laws;

(2) As part of the written policies, include detailed provisions regarding the entity's policies and procedures for detecting and preventing fraud, waste, and abuse; and

(3) Include in the employee handbook a specific discussion of federal and state FCA rights and of an employee as a whistleblower, and the compliance plan's policies and procedures for detecting and preventing fraud, waste, and abuse.18

[]

The first condition for mandatory compliance plans not only obligates entities to write and adopt policies and procedures for their employees but also requires them both to disseminate such policies and procedures to contractors or agents involved in providing Medicaid items or services and to monitor that such policies and procedures are followed. Additionally, to fulfill their monitoring obligations, these entities should provide for reviews or audits of claims submitted or services performed by contractors or agents in connection with the Medicaid program. Effectively, these dissemination and monitoring requirements significantly increase the burden on Medicaid providers and payors to coordinate with downstream contractors and agents. Failure to fulfill these requirements can be a contributing factor in any allegation of FCA violation.

Just as significant, the types of entities that must implement the mandatory compliance plan will be interpreted broadly. Under the DRA, the obligated entity includes not only organizational units (corporations, partnerships, and other business arrangements) but also individuals, as long as the organizational unit or individual receives or makes Medicaid payments of at least $5 million annually.19 For health systems where all units are integrally involved in furnishing Medicaid items or services, the entire organization is considered the "entity." Thus, even if any one organizational unit of the health system does not meet the $5 million threshold, as long as the entire system meets the threshold, every organizational unit must comply with the DRA obligations. Where organizational units are not health systems, each such unit is a separate "entity" for purposes of determining whether the $5 million threshold is fulfilled.20 However, where an organizational unit that provides Medicaid items or services has subsidiaries, the subsidiaries will be aggregated with the organizational unit to determine whether the $5 million threshold is met. Nevertheless, for individuals or organizations with contracts with Medicaid managed care organizations (MCOs), the $5 million threshold only applies to amounts received from the state Medicaid program and does not include amounts received from a Medicaid MCO.

Medicaid providers and payors should determine whether the DRA's mandatory compliance provisions apply and the status of affiliated entities. For entities that do not meet the Medicaid threshold, downstream contractor or vendor compliance requirements under the DRA should not apply. For health systems and entities with or without subsidiaries that meet the $5 million threshold, the downstream dissemination and monitoring requirements must be added to the compliance program.

C. Creation of the Medicaid Integrity Program

The DRA also obligates CMS to establish and staff a new Medicaid Integrity Program (MIP) similar to the Medicare Integrity Program. As part of the MIP's required five-year plan for combating fraud, waste, and abuse and ensuring the integrity of the Medicaid program, CMS must satisfy the following:

(1) Enter into contracts with qualified entities to perform reviews of providers that furnish items or services;

(2) Audit claims made under state Medicaid programs including risk contracts;

(3) Identify overpayments; and

(4) Educate providers and MCOs with respect to payment integrity and quality of care.21

According to the Director of the CMS Medicaid Integrity Group, David Frank, Medicaid audits began in September 2007 and became fully operational in Spring 2008 on a nationwide level. During the first period, audits will focus on fee-for-service providers and then progress to MCOs that serve the Medicaid population.22 To this end, commencing FY2009, Congress is obligated to contribute $75 million annually to support the MIP's initiatives, including increasing the number of federal employees dedicated to the effort by 100.23 As a result, the MIP will engage in expanded data collection efforts and coordination with the states. Such coordination will enable state Attorneys General and the Medicaid Fraud Control Units (MFCUs), which also conduct audits, to become more effective.

The DRA dramatically increases the resources and incentives in the Medicaid program to combat fraud, waste, and abuse. For that reason, Medicaid providers and payors need to prepare for the increased oversight and enforcement that the DRA creates. Significantly, that new oversight and enforcement capability will not only begin to review current conduct but also will review conduct that occurred at least three years ago, and in some instances up to ten years ago, based upon the applicable federal or state statutes of limitations. Consequently, providers and payors will now be held accountable for the certifications they make as enforcement agencies are using such certifications as a basis for FCA liability.

II. Federal Certification Requirements for Medicaid Providers and Payors

Providers and payors are required to certify that program integrity requirements have been met as a condition of receiving payment under the Medicaid program. Focusing first on provider certification, federal regulations mandate that states include on their Medicaid provider claim forms a certification statement printed in boldface type that the information on the forms are "true, accurate, and complete."24 The certification statement also maintains that any falsification or concealment of material facts may be prosecuted under federal and state laws.23

Switching focus to payor certification, federal regulations require states to have certifications concerning all data submitted by the Medicaid MCO to the state as a basis of the capitation payments from the state.26 As a consequence, all data submitted to the state by the Medicaid MCO that is the basis of the state's premium payment, including, but not limited to, encounter data and enrollment data is subject to certification. Pursuant to such federal regulations, data submitted to the state must be certified by the MCO's Chief Executive Officer (CEO), Chief Financial Officer (CFO), or an individual with delegated authority and who reports directly to the CEO or CFO.27 The certification by these individuals must attest, based upon their best knowledge, information, and belief to the accuracy, completeness, and truthfulness of both the data and documents provided.

Providers and payors may not be aware that the certification they routinely provide is an important building block for not only the allegation that state or federal FCAs have been violated but also for liability. When enforcement agents become aware of information they believe to be incorrect, the certification provides the basis for the allegation that the provider or payor submitted incorrect claims or data and certified to their accuracy and truthfulness, and as a consequence, "knowingly" made false records and statements to get a false or fraudulent claim paid or approved. Moreover, by submitting and certifying to incorrect information, the provider or payor received payments that were inflated, which would not have been paid if it was known that the information submitted was not correct and that the certification was false. Such allegations become the basis of alleging violations of the FCA entitling the government to treble damages and civil penalties of at least $5,500 per claim or false statement.

III. Sentencing Commission Guidelines

The recent changes in the Federal Sentencing Guidelines for Organizations emphasize the need for compliance programs to document the standards and to test whether conduct is consistent with the standards.28 Under § 8B2.1(a) of the new Sentencing Guidelines, an effective compliance program must:

(1) Exercise due diligence to prevent and detect criminal conduct; and

(2) Promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.

Such compliance and ethics program shall be reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct.29

To accomplish these requirements, the Guidelines mandate, among other things, that the organization establishes standards and procedures to prevent and detect criminal conduct and to ensure that the standards and procedures are followed not only by monitoring and auditing to detect conduct inconsistent with the compliance program but also by evaluating its effectiveness.30 In other words, the Sentencing Guidelines require Medicaid providers and payors to ensure that the compliance program is followed and that a mechanism exists to evaluate its effectiveness in creating an organizational culture committed to compliance. No longer is the mere existence of good policies and procedures sufficient. Instead, Medicaid providers and payors will have to operationalize compliance so that the conduct of the organization is consistent with the standards set forth in its compliance plan. Indeed, conduct consistent with the compliance policy is now important because pursuant to the DRA and the certification by the CEO, CFO, or his/her delegatee, FCA violation allegations are generally successful when organizational conduct is not consistent with its compliance policies.

IV. Heightened Enforcement Under Federal and State FCAs

Since the DRA's enactment, federal and state governments have significantly increased their investigation and enforcement actions against Medicaid providers and payors. In some instances, the enforcement actions have resulted from whistle-blower claims. In other instances, enforcement activities have resulted from government audits. In either event, federal and state enforcement agents increasingly are presenting findings to Medicaid providers and payors alleging that their conduct has resulted in the submission of false claims.

Significantly, Medicaid providers and payors are equal targets of FCA enforcement. One state, New York, has been particularly aggressive in its efforts to combat fraud, waste, and abuse, in part, due to the Federal-State Health Reform Partnership.31 For example, the New York Office of the Attorney General (AG) investigated Healthfirst, the largest Medicaid MCO in the state, for allegedly compensating its marketing representatives based on productivity from 1999-2003, in violation of its Medicaid managed care contracts.32 Healthfirst's marketing plans filed with the state falsely represented that its representatives were compensated based solely on qualitative criteria. However, during its investigation, the AG found that Healthfirst had paid bonuses or other compensation incentives to its employees based on the number of beneficiaries enrolled, in violation of the Medicaid contract requirements and the state FCA.33 HealthFirst and the AG agreed to settle the investigation for a payment of $35 million.

In an example of a New York provider settlement, a qui tarn complaint was filed against Staten Island University Hospital and S.I.U.H. Systems Inc. for allegedly knowingly presenting, and/ or causing to be presented, false claims to the Medicaid program for reimbursement for inpatient detoxification treatment provided in a special unit within the hospital that had not obtained the appropriate certificate of operation from the state.34 A settlement, which was a result of a joint negotiation by the Office's MFCU and the U.S. Attorney's Office, was reached at $24.4 million. It should be noted that New York enforcement agencies have not restricted their investigations to hospitals. To the contrary, audits are being initiated across the provider spectrum, including home healthcare companies.33

The enforcement actions in other parts of the U.S. are consistent with the trendsetting enforcement in New York. For example, a whistleblower action was filed against Amerigroup, Inc. and Amerigroup Illinois, Inc., for allegedly avoiding enrollment of unhealthy patients and pregnant women, who were more costly to treat and would have eroded Amerigroup's profit margin.36 By avoiding enrollment of these patients, Amerigroup allegedly violated the FCA because it falsely promised not to discriminate in order to procure the Medicaid MCO contract with the State of Illinois, falsely assured the state of its continued compliance, falsely maintained that it complied with state anti-discrimination policies and statutes, and submitted false certifications.37 After a federal jury trial fined Amerigroup $334 million, Amerigroup settled with the federal and state governments for $225 million.38 Other examples of enforcement actions include investigations that have resulted in settlements in connection with related party transactions.39

Significantly, the FCA also has been used to prosecute alleged quality of care inadequacies.40 For example, the federal government and State of Colorado brought a FCA suit against a Colorado long term care facility for allegedly presenting claims to the Medicare and Medicaid programs for services that were "inadequate or worthless" as a result of systematic understaffing of the facilities, to the point that it was unable to provide basic nursing care required to maintain the health and well-being of its residents.41 The facility agreed to settle with the federal and Colorado governments for $1.9 million.42

Regardless of the state in which the Medicaid provider or payor provides services, a few lessons can be learned from the current enforcement trends. First, the enforcement actions are typically settled. As a result, the issues raised in the enforcement action are not always fully litigated and the nuances and subtleties are not decided by an impartial trier of fact. Instead, the provider or payor negotiates with the very party that believes that the provider or payor's actions are illegal. Moreover, because the plaintiff is often the state, which is alleging fraud, providers and payors are typically loath to maintain long term litigation. Indeed, for Medicaid MCOs, the state is a primary client or customer—the party with which the MCO contracts. As long as such MCO desires to contract with that state for Medicaid beneficiaries, supporting ongoing fraud litigation will typically be viewed as inconsistent with the MCO's best interests. Similarly with providers, although the state is merely a payor, and not the primary customer or client of the provider, public accusations of fraud are typically resolved as quickly as possible.

Second, the settlement amounts are large. The typical settlement amounts are in the range of millions of dollars to resolve Medicaid FCA violation allegations. While one recent case settled for $225 million, our research revealed that the vast majority of the settlements range from $20 million to $50 million.43

Third, providers and payors must evaluate the quality of services as part of their compliance program. Failure to provide adequate care or providing unnecessary care44 is a potential basis for FCA enforcement actions. Significantly, although many enforcement actions for "failure of care" have been brought against the long term care industry, the same analysis could be applied to other providers, especially providers receiving capitated payments.

Finally, thinning financial margins dictate that providers and payors wisely invest in avoiding FCA liability rather than attempting to negotiate a "good settlement" after liability is alleged.

V. Building a Defense to Federal and State False Claims Act Allegations

The marketplace effect of the combination of the DRA requirements, the certification obligation, and the revised Sentencing Commission Guidelines is to create a new enforcement environment that requires enhanced compliance practices for Medicaid providers and payors. As a result, compliance programs must be revised not only to develop policies that comply with the recognized rules and standards but also to document that the organization's operations comport with these standards and result in the desired conduct and outcomes. In the new environment, an effective compliance program must ferret out conduct and activities that would be inconsistent with a defense to the "reckless disregard" standard of the FCA. In other words, relying on a standard because "that is the way we do it" or trusting that employees will do the "right thing" will not protect the provider or payor from this new Medicaid enforcement juggernaut.

It cannot be overemphasized that the "reckless disregard" or "knowledge" standard of the FCA is a low threshold for fraud liability. Indeed, because the computerized systems of Medicaid providers and payors typically repeat their billing, claims, and other data processes, mistakes embedded in such processes can become the basis for allegations of FCA violations. Because such liability could be raised in a settlement context based upon repeated negligent activities, documentation demonstrating that operations are consistent with a standard based upon a rule, regulation, or advice of counsel is now required. When providers or payors document that the alleged activities are consistent with a recognized standard, the reckless disregard or knowledge allegation that is necessary for any FCA claim may be negated.

To maintain a defensible standard, the compliance program should document the applicable rule, regulations, or other standard43 or the advice of counsel that underlies the policy or procedure.46 In this regard, when the rules, regulations, or other standards are not clear, good faith reliance on counsel advice also may protect the provider or payor against allegations of submitting false claims.47 To establish the reliance on counsel as a defense, the provider or payor "must show (i) full disclosure of all pertinent facts to an expert, and (ii) good faith reliance on the expert's advice."48 In other words, the provider or payor must seek advise of counsel in good faith, provide counsel full accurate information, receive advice that can be reasonably relied upon, and follow this advice. If the provider or payor "faithfully follows [counsel's] advice, it cannot be said that the [provider or payor] knowingly submitted false information or acted with deliberate ignorance or reckless disregard of its falsity, even if that advice turns out in fact to be false."49

Monitoring the operations to ensure conduct is consistent with the selected standard also enables providers and payors to negate the inference of reckless disregard. Indeed, a federal court recently recognized that a provider's "compliance efforts may be relevant to the question of whether [a provider] acted with reckless disregard or deliberate indifference" in FCA investigations.30 In the current enforcement environment, an effective compliance program requires documentation sufficient to negate any inference of repeated negligence. As a result, Medicaid providers and payors must test the compliance program's policies and procedures and document the results. Testing compliance practices, documenting the results, and addressing any mistakes demonstrate an outcome of proactive vigilance. Without such proactive vigilance, inadvertent repeated mistakes may be sufficient for enforcement agents to allege reckless disregard and seek damages and penalties in settlement discussions.

VI. Conclusion

Armed with new legal authority, federal and state governments have enhanced their arsenal of allegations of FCA violations against Medicaid providers and payors. In this new environment, an effective compliance program must be able to generate an appropriate defense to any allegation that conduct exhibited reckless disregard under the FCA. Without such a compliance plan, Medicaid providers and payors increase their risk of FCA liability.

Clifford Barnes is a Partner in the Health Care and Life Science practice of Epstein Becker & Green PC in Washington, DC. Mr. Barnes has been practicing healthcare law for Epstein Becker & Green for more than 25 years, representing providers and payors in compliance and other transactional issues. Mr. Barnes has a national practice and can be reached at cbarnes® ebglaw.com or (202) 861-1856.

Nisha P. Shah is an Associate in the Health Care and Life Sciences of Epstein Becker & Green PC in Washington, DC. Ms. Shah works on False Claims Act and internal investigations and compliance matters. Ms. Shah can be reached at [email protected] or (202) 861-1385.


1 U.S. Gov't Accountability Office, Medicaid Fraud and Abuse: CMS's Commitment to Helping States Safeguard Program Dollars Is Limited, GAO-05-855T. (June 28, 2005).

2 Deficit Reduction Act of 2005, Pub. L. No. 109-171, (hereinafter referred to as the DRA), §§ 6031, 6032, 6034, 120 Stat. 72-78 (2006).

3 DRA, § 6031, 120 Stat. 73 (codified at 2 U.S.C. §1396h(b)) (2009).

4 DRA, § 6032, 120 Stat. 73-74 (codified at 42 U.S.C. § 1396a(a)(68) (2009)).

5 DRA, § 6034, 120 Stat. 74-78 (codified at 42 U.S.C. § 1396u-6 (2009)).

6 DRA, § 6031, 120 Stat. 73 (codified at 42 U.S.C. §1396h(a) (2009)).

7 DRA, § 6031, 120 Stat. 73 (codified at 42 U.S.C. § 1396h(b) (2009)).

8 The 13 States include California, Georgia, Hawaii, Illinois, Indiana, Massachusetts, Nevada, New York, Rhode Island, Tennessee, Texas, Virginia, and Wisconsin. These states were notified in writing that the Department of Health and Human Services OIG, in consultation with the Department of Justice, has determined that the state FCA meets the requirements of the DRA, available at: www.oig.hhs.gov/fraud/falseclaimsact.asp (last visited Mar. 11, 2009). States whose FCAs have been denied include Florida, Louisiana, Michigan, New Hampshire, New Jersey, New Mexico, and Oklahoma.

9 Currently, 22 States and the District of Columbia have promulgated state FCAs. See Taxpayers Against Fraud, State False Claims Acts, available at: www.taf.org/statefca.htm (last visited Mar. 11, 2009).

10 See, e.g., Cal. Gov't Code § 12651 (2008); Fla. Stat. § 68.082(2) (2008); N.J. Stat. Ann. § 2A:32C-3 (2009); N.Y. State Fin. Law § 189 (2009).

11 See 31 U.S.C. §3729 (b) (2007); see e.g., Cal. Gov't Code § 12650(2); Fla. Stat. § 68.082(l)(c); N.J. Stat. Ann. § 2A:32C-2; N.Y. State Fin. Law § 188(3).

12 See Minnesota Ass'n of Nurse Anesthetists v. Allina Health Sys. Corp., 276 F.3d 1032, 1053 (8th Cir. 2002).

13 See 31 U.S.C. § 3729(a), 28 C.F.R. § 85.3(a)(9) (assessing between $5,500 and 11,000 per claim); see e.g., Fla. Stat. § 68.082(2)(g), N.J. Stat. Ann. § 2A:32C-3 (assessing between $5,500 to $11,000 per claim); N.Y. State Fin. § 189(l)(g) (assessing between $6,000 to $12,000 per claim).

14 See, e.g., Wis. Stat. § 893.981 (2008).

15 Letter from Ctrs. for Medicare and Medicaid Servs. to Kathleen Shure, Office of Managed Care, New York Dep't. of Health (Sept. 29, 2006), available at: http://www.cms.hhs.gov/MedicaidStWaivProgDemoPGI/MWDL/itemdetail.asp?filterType=dual,%20data&filterValue=New%20York&filterByDID=2&sortByDID=2&sortOrder=ascending&itemID=CMS1187486&intNumPerPage=10. The Partnership was developed as a section 1115 Demonstration Project by New York State in collaboration with the Department of Health and Human Services. Under the Partnership, the federal government can invest up to $1.5 billion over five years in exchange for the state generating federal savings sufficient to offset the federal investment and meeting a series of established performance milestones. The milestones include: (1) increasing fraud and abuse recoveries to 1.5% of the state's FFY 2005 total Medicaid expenditures by the end of the Demonstration; (2) implementing a preferred drug program for the Medicaid program; (3) implementing an employer-sponsored insurance program; (4) implementing one new Medicaid reform initiative; and (5) implementing a single point-of-entry system for long term care service assessment.

16 Press Release, New York State Governor's Site, Governor Paterson announces $551 million in Medicaid recoveries for
New York State (Dec. 12, 2008), available at: www.ny.gov/governor/press/press_1212081.html. According to Medicaid Inspector General, James G. Sheehan, "To understand the significance of this success, consider this, the total that all 50 States recovered in 2007 was $305 million. New York is leading the way in fighting not only against Medicaid fraud but waste and abuse of the system as well."

17 Most state FCAs authorize the state Attorney General to bring civil actions for treble damages and civil penalties against violators.

18 DRA, § 6032, 120 Stat. 73-74 (codified at 42 U.S.C. § 1396a(a)(68)(2009)). Significantly, the requirements of § 6032 of the DRA are applicable to entities whether or not a FCA has been enacted by a state.

19 Ctrs. for Medicare and Medicaid Servs., DRA 6032 - Employee Education About False Claims Recovery — Frequently Asked Questions (2007), available at: www.cms.hhs.gov/smdl/downloads/SMD032207Attl.pdf.

20 Id.

21 DRA, § 6034, 120 Stat. 74-75 (codified at 42 U.S.C. § 1396u-6 (2009)).

22 David Frank et al., The Medicaid Integrity Program, National Association for Medicaid Program
Integrity, presented on August 25, 2008, available at: www.nampi.org/members/2008presentations/MIGPresentation.pps.

23 DRA, § 6034, 120 Stat. 74-75 (codified at 42 U.S.C. § 1396u-6(e)(l)(c) (2009))

24 42 C.F.R. § 455.18(a) (2009).

25 Alternatively, the state Medicaid agency may print a certification statement above the provider's endorsement on the reverse of provider checks. Id. § 455.18 (b).

26 Id. §438.604.

27 Id. §438.606.

28 U.S. Sentencing Comm'n, Guidelines Manual, § 8B2.1 (Nov. 2008).

29 However, the Sentencing Guidelines emphasize that the failure to prevent or detect the instant offense does not necessarily mean that the program is not generally effective in preventing and detecting criminal conduct.

30 See Sentencing Guidelines, supra note 28.

31 See Federal-State Health Reform Partnership, supra note 15.

32 Press Release, N.Y. Office of Attorney Gen., Attorney General Cuomo Announces $35 Million Settlement with Managed Care Provider Healthfirst (Sept. 3, 2008), available at: www.oag.state.ny.us/media_center/2008/sep/sep3a_08.html.

33We also believe the compensation initiatives violated Healthfirst's compliance plan, but we have not been able to confirm it.

34Press Release, N.Y. State Attorney Gen., Attorney General Cuomo Announces $24.8 Million Settlement with Staten Island University Hospital to Resolve Allegations of Medicaid Fraud (Sept. 15, 2008), available at: www.oag.state.ny.us/media_center/2008/sep/sep15a_08.html.

35See N.Y. State Medicaid Fraud Control Unit, 2007 Annual Report (37% of the $112.5 million in Medicaid restitution obtained by the Medicaid Fraud Control Unit stemmed from cases involving home healthcare), available at www.oag. state.ny.us/media_center/2008/apr/apr30a_08.html.

36See United States ex rel. Tyson v. Amerigroup Inc.,488 F. Supp. 2d 719, 723-724(N.D. III. 2007); see also Press Release, Illinois Attorney Gen.'s Office, Amerigroup to End Appeal and Pay $225 Million to United States and Illinois to Settle Pregnancy Discrimination Case (Aug. 14, 2008), available at www.illinoisattorneygeneral.gov/pressroom/2008_08/20080814.html.

37See Press Release on Amerigroup, supra note 36.

38See Press Release on Amerigroup, supra note 36 (a federal jury fined Amerigroup $48 million, a penalty that was tripled to $144 million according to federal guidelines. The federal judge in the case imposed civil penalties of $190 million, which raised the total fines to $334 million. Amerigroup appealed the case to the U.S. Court of Appeals for the Seventh Circuit, but ended up settling the case in August 2008).

39See District of Columbia v. D.C. Chartered Health Plan, Inc., 2008 CA 0001976 B (D.C. Sup. filed June 5, 2008); WellCare Health Plans, Inc., Quarterly Report (Form 10-Q) (Mar. 2, 2009); Health Plan WellCare to Pay $32.5 Million for 'Ineligible' Expenses Under Medicaid, Health Care Daily Report (BNA) (Aug. 20, 2008) (on file with author).

40Owners of a Colorado LTC Facility Agree to Settle Medicare, Medicaid Charges, Health Care Daily Report (BNA) (Oct. 3, 2006) (on file with author).

41Id. (the provider also was excluded from participating in the federal healthcare programs).

42Id.

43See, e.g., Press Release on Healthfirst, supra note 32; Press Release on Staten Island University Hospital, supra note 34; Press Release on Amerigroup, supra note 36; Hospital to Pay $36 Million After Voluntary Disclosure of Certain Physician Arrangements, Health Care Daily Report (BNA) (Dec. 2, 2008) (on file with author) (parent corporation of Condell Medical Center made a voluntary disclosure regarding its relationships with its physicians in violation of Medicare and Medicaid regulations. By voluntarily disclosing the improper practices, the hospital avoided a lawsuit under the FCA and agreed to settle for approximately $36 million.)

44Abuse of Our Elders: How We Can Stop It: Hearings Before the Senate Special Comm. on Aging, 110th Cong. (2007) (testimony of Greg Demske, Assistant Inspector Gen. for Legal Affairs, Inspector Gen. of the Dep't of Health and Human Servs.) (stating that "Redding Medical Center in California and its corporate parent, Tenet Health care Corporation, paid a total of $59.5 million to settle False Claims Act allegations that the hospital inadequately performed credentialing and peer review of cardiologists on its staff who then performed medically unnecessary invasive cardiac procedures").

45While the source of the standard may not be readily available for all conduct, providers and payors should minimally document the source of the standard for recognized risk areas.

46Additionally, disclosure of practices by a provider or payor to the government may also negate the knowledge standard of the FCA. See United States v. Newport News Shipbuilding, Inc., 276 F. Supp. 2d 539 (E.D. Va. 2003). Disclosure of such practices may suggest "concerted and conscientious efforts to ensure compliance." Id. at 564. Indeed, when there is an interpretation of a disputed or ambiguous regulation, "the more questionable or tenuous the [provider's or payor's] interpretation appears, the more likely a failure to disclosure may serve as evidence that" the provider or payor acted with reckless disregard of the regulatory rules and standards. Id. Therefore, disclosure to the government of the Medicaid provider's or payor's compliance practices may shield a provider or payor from FCA liability. However, we suggest seeking counsel's advice before any making any disclosures to the federal or state government.

47See id. at 565.

48Id.

49Id.

50United States ex rel. Hefner v. Hackensack Univ. Med. Ctr., Civil Action No. 01-4078 (DMC) 2003 U.S. Dist. Lexis 15225 (D.N.J. 2003).

Copyright 2009 American Health Lawyers Association, Washington, D.C.
Reprint permission granted.
Further reprint requests should be directed to
American Health Lawyers Association
1025 Connecticut Avenue, NW, Suite 600
Washington, DC 20036
(202) 833-1100
For more information on Health Lawyers content, visit us at
www.healthlawyers

Resources