This is the seventh post in this year’s series examining important trends in white collar law and investigations. Our previous post discussed SEC Enforcement in 2022: A Look Ahead. Up next: ESG and the SEC: What’s Next on the Horizon.
Looking further ahead into 2023, we expect to see several trends in the DOJ’s enforcement of the False Claims Act:
- First, continuing a trend that began in the Trump administration, we expect the total number of cases brought under the False Claims Act to continue to climb, fueled in part by a continued focus on bringing cases directly rather than relying on whistleblowers—often as a result of the government’s increasing reliance on data analytics.
- Second, we expect the health care industry to continue to receive the lion’s share of enforcement scrutiny, with particular focus on telehealth services, Medicare Advantage fraud, medically unnecessary procedures, and alleged kickbacks.
- Third, we expect an increasing use of the False Claims Act to ensure compliance with cybersecurity standards and to stamp out alleged pandemic fraud.
Steady Flow Of New Matters Fueled By Data Analytics
As discussed in last year’s post, the period between 2017 and 2020 was the most active period of enforcement in the False Claims Act’s history as measured by the number of new matters opened. That increased activity was the result of sharp increases in the number of cases brought directly by the government rather than through qui tam relators, or whistleblowers. In contrast to the period 2013-2016, when the government brought an average of 118 cases per year, the government brought an average of 170 cases per year between 2017 and 2020, with a high of 259 cases in 2020. The first year of the Biden administration showed a continuation of that trend, with 203 government-brought cases—more than 25% of the total number of new matters brought in 2021.
In remarks delivered last year at the Federal Bar Association Qui Tam Conference, Principal Deputy Assistant Attorney General for the Civil Division, Brian Boynton, alluded to continued efforts by the DOJ to expand its role in identifying and bringing cases directly, including through the use of data analytics. According to Boynton, “our sophisticated data analytics allows us to identify patterns across different types of health care providers – giving us a way to identify trends and extreme outliers.” In addition to allowing the government to “see where the highest risk physicians are located in each state and federal district,” the data analytics also allows the government to “demonstrate and quantify sophisticated relationships, such as a physician offering controlled substance prescriptions to a patient who is likely to divert them” and, additionally, to target COVID-19 related misconduct.
Looking ahead, we expect the FCA enforcement landscape to be shaped by increasing numbers of cases brought by the government directly, and we expect this trend to continue as the government devotes more resources to the analysis of massive amounts of billing data at its fingertips.
Health care has been and almost certainly will remain the largest sector targeted by DOJ for FCA enforcement. Indeed, of the more than $5.6 billion in settlements and judgments reported by the DOJ in financial year 2021, over $5 billion related to cases involving the health care industry. We expect this trend to continue this year.
In particular, we expect continued focus in the area of telehealth. As a result of the COVID-19 pandemic and pandemic-related policies intended to improve access to care, telehealth services have expanded. This expansion has resulted in alleged abuses, and DOJ has targeted those abuses both criminally and civilly. For example, last May, the Department announced first-in-the-nation charges relating to the exploitation of the expanded telehealth policies arising from the submission of false and fraudulent claims for telemedicine encounters that allegedly did not occur.
Relatedly, we expect to see continued enforcement surrounding unnecessary medical services and services not rendered as billed. The Department has signaled a focus on schemes that target elderly patients by providing them poor or unnecessary care or no care at all. For example, in 2021, the Department reached an eight-figure settlement with a nursing home operator for alleged false claims relating to unreasonable and unnecessary rehabilitation therapy services and substandard skilled nursing services.
The Medicare Advantage Program, also known as Medicare Part C, has also been an important priority for the DOJ. Medicare Part C pays a capitated amount to private health insurance carriers for each patient enrolled in their plans. Those payments are adjusted for various risk factors such that plans receive higher payments for higher-risk enrollees. The DOJ has zeroed in on plans and providers that manipulate this risk adjustment process to increase payment amounts. For example, in August of last year, DOJ announced a $90 million FCA settlement with a California-based health care services provider to resolve allegations that it submitted inaccurate information about the health status of beneficiaries enrolled in Medicare Advantage Plans. We expect enforcement actions of this sort to continue this year.
Finally, we expect continued FCA enforcement targeting kickbacks. In 2021, the Department resolved matters relating to kickback violations involving companies across the health care industry, including an electronic health record vendor, home health care agencies, hospitals, substance abuse treatment facilities, pharmaceutical companies, diagnostic testing companies, and medical device companies. Given this breadth, companies across the health care sector should direct their attention towards compliance with the Anti-Kickback Statute.
Our prediction last spring that the DOJ would focus FCA enforcement efforts in the area of cybersecurity proved prescient. As we reported in October, the Department announced the launch of a new Civil Cyber-Fraud Initiative that will use the FCA to prosecute cyber vulnerabilities and incidents that arise with government contracts and grants. According to Deputy Attorney General Lisa Monaco, the Department aims to “drive cybersecurity accountability” through FCA enforcement. And while the Department “take[s] very seriously [its] mission to help victims of cyber intrusions,” victims who fail, for example, to timely report suspected breached may be punished with civil fines.
Indeed, in a speech at the Cybersecurity and Infrastructure Security Agency (CISA) Fourth Annual National Cybersecurity Summit, Mr. Boynton described three “common cybersecurity failures” that the Department views as “prime candidates” for potential FCA enforcement: (1) knowing failures to comply with cybersecurity standards; (2) knowing misrepresentations of security controls and practices; and (3) knowing failures to timely report suspected breaches. Importantly, the initiative will focus on cases affecting federal agencies and sensitive government information and systems. Entities that provide the government with cyber products and services should therefore take warning of DOJ’s new focus in this area, as FCA growth in this area is likely in the coming years.
Finally, we expect to see a continued emphasis on using the False Claim Act to curtail pandemic-related fraud. With the Attorney General having established a COVID-19 Fraud Enforcement Task Force in May of 2021, expect to see a steady stream of pandemic-related matters over the coming year. The AG’s announcement of the Task Force highlighted the variety of alleged frauds arising out of the pandemic and foreshadowed the areas of likely activity:
The pandemic has given rise to a variety of forms of fraud. Those intent on unlawfully profiting from the pandemic have capitalized on scarcity to peddle fake vaccines and sell millions of counterfeit N95 masks and other personal protective equipment to heath care facilities desperate to protect frontline workers. They have inflated their payrolls to obtain loans larger than they were eligible to receive. They have used shell companies and received assistance that they unlawfully diverted. They have set up operations to submit identical loans applications in the names of multiple companies. And they have fraudulently misrepresented the products or services they sold to the federal government.
Like the pandemic itself, which has dragged on for longer than many imagined, the DOJ’s efforts to pursue pandemic fraud through use of the FCA is likely to linger for years to come, with each new phase of the pandemic offering new opportunities for alleged fraud and abuse.