January 14, 2015
It is no secret to those in the health care industry that since the U.S. Department of Justice ("DOJ") and Department of Health and Human Services ("HHS") joined forces to create the Health Care Fraud Prevention and Enforcement Action Team ("HEAT") in 2009, government enforcement actions against health care providers have boomed. In 2014, that trend continued, as HHS recovered nearly $5 billion in government health program funds. As usual, False Claims Act ("FCA") recoveries factored significantly into that sum. Providers in particular felt the full impact of FCA enforcement in 2014, paying more than $1.2 billion to settle 77 separate FCA actions. The HEAT task force also actively enforced criminal laws against providers, notching a high-profile multi-state takedown and numerous other widespread investigations that netted both convictions and hundreds of millions of dollars in recoveries. And, not to be left out, HHS’s administrative enforcement actions kept pace, with a historically high number of exclusions taking effect in 2014.
With such high stakes, 2014 showed that compliance with the shifting landscape of government health program rules is more important, and requires more vigilance, than ever. This past year saw more Patient Protection and Affordable Care Act ("PPACA") initiatives begin to come into play, adding a wide variety of new or changed rules for health care providers. And with even more attention paid to estimates of improper government payments to providers, HHS and the Centers for Medicare & Medicaid Services ("CMS") continued to develop approaches to monitor, limit, and remediate such payments, adding yet more complex rules for providers in the process.
This update first addresses 2014 enforcement activity against health care providers by the DOJ, specifically in civil FCA and criminal cases, and HHS. It also summarizes this year’s key substantive developments in three areas of critical importance to providers considering their ongoing compliance with government health program rules: the Anti-Kickback Statute ("AKS"), the Stark Law, and government health program payment and reimbursement.
A. False Claims Act
The FCA has become one of the government’s most important tools–if not the most important tool–for recovering overpayments from health care providers and policing compliance with certain government health program requirements. FCA liability can bring not only mandatory treble damages, but also a civil penalty of $5,500 to $11,000 imposed for each claim for payment by a government health program that is found to be false or fraudulent. Because many providers submit thousands of claims to government payors every year, the potential exposure for health care providers in FCA cases is enormous. With the potential bounty afforded to qui tam whistleblowers–or "relators"–for initiating these cases, it is no wonder that the number of FCA cases has exploded in recent years. And many providers have borne the brunt of that increase in FCA litigation.
Moreover, the government and relators continue to push the legal limits of which health program regulations can provide the basis for FCA liability. Because the FCA is about billing the government, and not about regulatory compliance in itself, most would agree that a health program rule must be connected to government payment in order for a violation to be actionable under the FCA. But FCA relators continue to allege theories that ignore that concept, and courts continue to wrestle with where to draw the line on which regulatory violations can support FCA claims.
Below, we analyze this year’s FCA settlement activity involving different types of health care providers and the most prevalent legal theories presented in these cases. We then briefly highlight several 2014 developments in the way relators and the government pursue FCA cases in the health care arena. For more information on the past year in FCA enforcement, including more detailed information on the year’s FCA settlement and case law developments, please see our 2014 False Claims Act Year-End Update.
1. 2014 FCA Recoveries from Providers
The past year was a blockbuster year for civil fraud and false claims recoveries. The government’s 2014 Fiscal Year resulted in nearly $5.7 billion in FCA recoveries, of which $2.3 billion involved federal health care programs. These gaudy numbers have become almost routine for the DOJ: this marks the fifth straight year that more than $2 billion has been recovered in FCA cases involving allegations of health care fraud. Since 2009, more than $22.4 billion has been recovered under the FCA, with more than $14.2 billion involving federal health care programs.
Health care providers were at the heart of the FCA action in the 2014 calendar year; providers shelled out more than $1.2 billion in 77 announced FCA settlements ranging up to the hundreds of millions of dollars. The largest single provider settlement of the year, involving a dialysis service provider, resulted in a government recovery of $350 million. The high number and value of settlements this past year are hardly surprising given the focus on providers by HEAT, a Cabinet-level priority strike force between the DOJ and HHS, which has recovered $14.5 billion in federal health care costs since its inception in 2009. In 2014, DOJ press releases credited HEAT’s efforts in 46% of its provider FCA settlements, accounting for nearly 87% of total dollars recovered. It is clear that the DOJ and HHS continue to prioritize these cases, and they show no signs of letting up.
The ever-increasing number of qui tam cases also has contributed to the eye-popping recoveries from providers. The DOJ reported that the number of lawsuits filed by qui tam relators exceeded 700 for the second year in a row, and total recoveries in cases initiated by relators amounted to more than $3 billion. Indeed, in the 2014 calendar year, 69% of FCA settlements with health care providers initially began as qui tam actions, accounting for 92% of the amounts recovered from this group. With relators bringing so many new cases, 2015 and beyond will surely be active for providers defending against FCA allegations.
In 2014, FCA activity seemed to touch every corner of the health care provider industry: settlements in 2014 included those with hospitals, home health providers, clinics, single providers, skilled nursing and rehabilitation facilities, pharmacies, and billing service providers. Other cases resolved in 2014, grouped as "Other Medical Services" in the chart below, involved diagnostic imaging services, clinical laboratory services, dialysis services, medical transport, and municipalities that provide health care services.
Setting aside the largest settlement, hospitals and home health services categories were the provider categories that paid the most to resolve FCA cases in 2014. Overall, these two groups constituted 39% of the total number of FCA settlements with providers, and 45% of the dollar value of these settlements. The biggest settlements in these groups were:
Hospitals and Hospital Systems
Home Health Providers
Community Health Systems
Halifax Hospital Medical Center
Visiting Nurse Network
King’s Daughters Medical Center
The types of allegations involved in these cases were nearly as varied as the types of providers they were levied against. Issues related to billing for medically unnecessary or unreasonable services led the way, with twenty-five settled cases in 2014 involving this allegation. This was followed by alleged violations of the AKS and the Stark Law. Other common allegations included: billing for services not provided, billing for unlicensed personnel performing procedures, billing under another’s National Provider Identifier number, and providing grossly sub-standard (or "failed") care. The chart below shows these major categories:
a) Medical Necessity Cases
The most prevalent legal theory asserted against providers in cases settled this past year was billing for medically unnecessary or unreasonable services. More than a third of provider settlements involved this allegation. The providers involved in these settlements ranged from single providers to hospitals and home health services, with the biggest settlements coming from large hospital systems and home health providers. In April, one of the nation’s largest providers of home health services paid $150 million to resolve allegations that, between 2008 and 2010, it billed for nursing and therapy services that were medically unnecessary and misrepresented patients’ conditions to increase reimbursements. In August, the nation’s largest acute hospital operator paid more than $98.1 million to resolve allegations that it billed for inpatient services that should have been treated on a less-expensive outpatient basis. The alleged conduct took place over a period of five years and spanned across 119 hospitals.
b) Sub-standard or "Failure" of Care Cases
One of the most aggressive theories of FCA liability is the "worthless services" theory, which underpins claims that a defendant received government reimbursement even though it provided services so deficient that they were effectively worth nothing to the recipient. Some plaintiffs seek to employ this theory to support FCA allegations even where the services were allegedly flawed, but still provided some value to the government program beneficiaries. But, as the Seventh Circuit confirmed this year in United States ex rel. Absher v. Momence Meadows Nursing Center, Inc., discussed in more detail below in Section A.I.2.c., this legal theory is only tenable where the defendant’s services provided no value at all to the government health program beneficiary.
Despite this precedent, a 2014 settlement involving Extendicare Health Services may indicate that the DOJ’s interest in pursuing quality-of-care cases has increased. In October, the DOJ announced a $38 million settlement with Extendicare Health Services, noting that it was the largest settlement involving failure of care at a skilled nursing facility that the government had ever reached. The government alleged that Extendicare Health Services failed to have sufficient staff on hand to care for its residents, failed to provide appropriate catheter care to residents, and failed to follow protocols to prevent pressure ulcers or falls.
Although the allegations against Extendicare Health Services also included purported false claims based on regulatory violations, the government held a press conference to tout the case as a victory for quality-of-care standards. Notably, Acting Associate Attorney General Stuart F. Delery warned that "[o]perators who bill Medicare and Medicaid while failing to provide essential services or bill for services so grossly substandard as to be effectively worthless will be pursued for false claims." The government’s emphasis on this settlement may foreshadow future efforts to police regulatory issues, such as staffing regulations, under the guise of an amorphous "failure of care" FCA theory.
c) Anti-Kickback Statute Cases
Under the PPACA, a claim for payment by a federal health program that "includes items or services resulting from" an AKS violation "constitutes a false or fraudulent claim" for FCA purposes. Actions involving the AKS comprised the second largest type of allegation leading to settlements by providers in 2014, with one of the year’s largest FCA settlements coming in this category.
In June, Omnicare agreed to pay $124 million to resolve allegations of "swapping" discounts on Medicare Part A prescriptions in exchange for nursing home service contracts. Relators alleged that a supplier is improperly enriched when it provides discounts to nursing homes on Medicare Part A prescriptions in exchange for a guarantee that the nursing home will use the supplier for its Medicare Part D and Medicaid prescriptions. Because the guaranteed business under Part D and Medicaid offsets the awarded discounts, relators argued that this commercially benefits the supplier and thus constitutes an illegal kickback. As discussed further in Section III below, whether these arrangements involve "remuneration" subject to the AKS continues to be litigated in the courts. But recent plaintiffs’ victories in the courts on this issue, along with settlements such as the Omnicare case in 2014, could spur even more scrutiny of similar practices.
The past year’s settled cases focused on various types of remuneration that allegedly triggered AKS-based FCA liability, including discounted patient care coordination services, percentages of revenue from referrals, and, of course, old-fashioned cash payments. One particularly high-profile practice that continues to result in alleged AKS violations in the FCA context is providing gift cards to beneficiaries. In December, Rite Aid Corporation paid $3 million to resolve allegations that it provided kickbacks to Medicare patients by providing gift cards for transferring their prescriptions to Rite Aid. The government alleged that giving gift cards was an improper inducement under the AKS.
Finally, the DOJ kicked off its 2015 Fiscal Year with its October announcement that a nationwide provider of dialysis services agreed to pay $350 million to settle allegations that it violated the AKS and the FCA. The settlement, which included a corporate integrity agreement ("CIA"), stemmed from allegations that the company participated in a scheme to enter into joint ventures with physicians to induce them to refer patients to the provider’s dialysis centers. According to the DOJ, the dialysis services provider strategically targeted financially vulnerable physicians who were in positions to refer business to the dialysis services provider, and then offered those physicians lucrative deals to participate in joint ventures with the provider, often as co-owners or owners of the clinics. The DOJ also alleged that the dialysis services provider entered into secondary agreements with physicians that precluded them from referring their patients to the provider’s competitors.
Key substantive developments in AKS policies and regulations are discussed in Section III, below.
d) Stark Law Cases
Alleged Stark Law violations were common in FCA cases that settled this past year. For example, 2014’s second-biggest FCA settlement with a hospital involved Stark Law issues. In United States ex rel. Baklid-Kunz v. Halifax Medical Center, the complaint alleged that the defendant hospital system violated the FCA and Stark Law by entering into agreements with physicians that based incentive bonuses on the value of the prescription drugs and tests that the physicians ordered. The DOJ also alleged that the hospital paid three neurosurgeons over fair market value for their work. As part of the settlement, Halifax agreed to hire a monitor as well as a compliance expert, who will report to HHS.
In addition to providing a stand-alone theory of FCA liability, the Stark Law frequently supplemented other theories of wrongdoing. In nine cases, both the Stark Law and the AKS were noted as bases for the settlement of FCA. In seven FCA cases, the government alleged that the defendant violated the Stark Law and provided medically unnecessary or unreasonable care. Those seven included the year’s two largest settlements concerning billing for medically unnecessary procedures. That Stark Law allegations are so often paired with other types of alleged misconduct demonstrates how often physician contracts generate, or at least factor into, the government’s scrutiny of a provider’s practices.
Key substantive developments in 2014 relating to Stark Law compliance are discussed in Section IV, below.
2. Case Law Developments in 2014
In addition to extensive FCA settlement activity, 2014 saw significant case law developments affecting the DOJ’s ability to bring certain types of FCA enforcement actions against health care providers, including cases addressing the use of statistical sampling to prove expansive liability, which regulatory violations can lead to FCA liability, and the limits on FCA theories based on a provider’s quality of care.
a) Use of Statistical Sampling
Because FCA cases increasingly target large-scale providers, the government often faces a significant challenge in proving the extent of the false claims allegedly submitted. In such cases, rather than showing that each claim that the defendant provider submitted was false, the government attempts to prove the falsity of just a sample of claims, and extrapolates to a larger universe of potential damages. Through this practice, the government could seek to prove many millions of dollars in damages and civil penalties without establishing the falsity of each claim at issue.
In two 2014 decisions, courts sanctioned the government’s approach. In United States ex rel. Martin v. Life Care Centers of America, the government alleged that the defendant, a skilled nursing facility operator, submitted claims that were medically unnecessary and unreasonable. According to the government, Life Care also pressured its therapists to maximize revenues by targeting reimbursement through higher Resource Utilization Groups and by extending patient stays. As proof of the number of alleged false claims, the government sought to use a sample of 400 patient admissions to extrapolate liability for a total of 54,396 admissions during the same time period. Life Care objected to this methodology, explaining that each patient’s clinical needs are different, requiring a necessarily individualized and subjective assessment by physicians and therapists. But the Life Care court concluded that the inferential samples would be both reliable and relevant and that they were not inadmissible simply because there could have been a better or more accurate means of determining the number of overpayment claims.
A federal district court in Alabama came to the same conclusion more recently in United States ex rel. Richardson v. AseraCare Inc., et al., where the government’s proof of the number of false claims in a universe of 2,181 claims was a sample of just 233 claims. AseraCare objected that there was no proof that any of the unexamined 1,948 claims were actually false. The court, however, stated that "[s]tatistical evidence is evidence," citing a 28-year old Supreme Court case involving statistical sampling for purposes of proving a Title VII race discrimination claim as its sole source of authority for the decision. Although the court’s decision was recently certified for interlocutory appeal in the Eleventh Circuit, the statistical sampling issue will not be considered on appeal.
The use of statistical extrapolation to determine liability in cases like Life Care and AseraCare is troubling given the potential claim-to-claim variation in applying the "medically necessary and reasonable" standard, where each patient’s needs and situations are different. It may be some time before the federal appellate courts scrutinize this issue again.
b) Developments in the Legal Bases for FCA Cases Against Providers
Perhaps the most common FCA battle fought by health care providers is against claims of FCA liability predicated on regulatory violations that have little, if any, apparent connection to government payment. That battle dragged on in 2014, with the courts continuing to provide disappointing variability in how they approach plaintiffs’ (typically relators’) theories.
Most courts recognize that some violations of health care program regulations can make reimbursement claims false if the defendant made a false express or implied certification of compliance with those regulations. And many courts have held that for such liability, the regulation in question must itself demonstrate that compliance is a requirement for payment, even in claims based on express false certifications. But courts in 2014 varied in how they applied this requirement for "false certification" liability.
For example, several district courts held that a company’s general agreement in the Medicare provider enrollment documents to comply with "all applicable conditions of participation," among other general references to legal requirements, can provide the basis for FCA liability in connection with later claims for payment. Taken to its absurd conclusion, this reasoning would mean that all regulatory violations could lead to FCA liability–a frightening thought for providers, which must comply with hundreds or even thousands of federal and state regulatory requirements.
Numerous other courts, however, have held that such "general sweeping language" in the provider enrollment documents cannot form the basis of FCA liability unless the regulation that the defendant allegedly violated is a condition of payment. And some courts faced with alleged false certification liability in health care cases this year conducted similar analyses and concluded that the claims at issue were not false. For example, two courts in 2014 held that provisions of the Federal Food, Drug, and Cosmetic Act ("FDCA") addressing misbranding through off-label promotion and good manufacturing practices were not conditions of payment and thus could not serve as the basis of false claims liability. Several other district courts in 2014 also dismissed complaints against providers after finding the relators had not adequately alleged that compliance with the law that the defendant allegedly violated was a prerequisite to payment. One such court noted that the relevant provision was "a component of the regulatory framework," but did not self-identify as an express condition of payment–in contrast to other provisions entitled, "Certification of data that determine payment."
In the absence of further clarity from the appellate courts or guidance from the Supreme Court, we expect that it will continue to be difficult for providers to navigate this area of law, especially those with facilities in numerous jurisdictions and those subject to multiple regulatory regimes.
c) Rejection of the "Diminished Value" Theory of FCA Liability
In United States ex rel. Absher v. Momence Meadows Nursing Center, Inc., the Seventh Circuit declined an invitation from the relators and the government to expand the "worthless services" theory of FCA liability to situations in which the government allegedly does not receive the "benefit of the bargain" with a defendant because of its failure to provide quality health care to government beneficiaries. At trial, relators alleged in part that Momence Meadows’ nursing facility provided deficient care to residents because it was understaffed and did not provide adequate blankets or clothing. On appeal of a jury verdict for the plaintiffs, the Seventh Circuit rejected relators’ theory that FCA liability could be predicated on the "diminished value" of services provided and billed. The court confirmed that the worthless services theory of FCA liability applies only when patient care is "so deficient that for all practical purposes it is the equivalent of no performance at all." In the words of the Seventh Circuit, services that are "’worth less’ are not ‘worthless’." Thus, the court held that the jury instructions given in the case, which explained that liability could be imposed for the provision of deficient services, were invalid as a matter of law, and vacated the judgment.
B. Criminal Prosecutions
Thanks largely to the government’s continued HEAT efforts, 2014 saw much criminal health care fraud enforcement activity against health care providers. There were also indications that providers–particularly larger corporate providers–could face increased criminal scrutiny in 2015. In her remarks to the Taxpayers Against Fraud Education Fund Conference on September 17, 2014, Assistant Attorney General for the DOJ Criminal Division Leslie Caldwell announced that all new qui tam civil complaints will be shared with the Criminal Division for review to determine whether parallel criminal proceedings will be opened. Given the proliferation of qui tam actions noted above, the prospect that prosecutors will scrutinize relators’ allegations for potential criminal investigation is a significant development.
Several criminal actions from the past year merit discussion. For example, in May, the Medicare Fraud Strike Force announced a nationwide takedown of ninety defendants across six cities for fraudulent health care billing schemes that cost government payors approximately $260 million. Specifically, the government accused the defendants, who include physicians, home health care providers, physician’s assistants, pharmacy owners, and medical supply company executives, of billing for medically unnecessary services and paying kickbacks to a pharmacy to obtain Medicare beneficiary information. In addition to the investigation’s formidable size and scope–nearly 400 law enforcement agents from various federal, state, and local agencies participated–the investigation also was notable for its use of data mining to identify potential targets. In his remarks on the investigation, Acting Assistant Attorney General David A. O’Neil stressed, "[t]he foundation for the success of the Medicare Fraud Strike Force is data. Cold, hard data." The physician billing data, he noted, enabled the Strike Force to identify billing anomalies and pinpoint schemes as they occur.
As with the civil FCA recoveries, criminal health care fraud actions in 2014 targeted a variety of conduct. Most notably, the Strike Force charged many multi-defendant cases near "hot spot" zones in which the Strike Force operates that involved billing for services that were unnecessary or not provided, and for giving or receiving kickbacks for providing Medicare beneficiary information that was then allegedly used to bill Medicare.
In September, for example, seven defendants were charged by a New Orleans grand jury with submitting more than $56 million in claims to Medicare over a seven-year period. In December, the "mastermind" of the scheme pleaded guilty to conspiracy to commit health care fraud and conspiracy to falsify records in a federal investigation. The defendant was the owner of several companies that allegedly submitted false claims and also paid kickbacks for Medicare beneficiary numbers. Four other defendants also have pleaded guilty to conspiracy to commit health care fraud.
In Houston, another HEAT task force site, the president of Riverside General Hospital, the operator of one of Riverside’s satellite locations and two others were convicted for a seven-year scheme that totaled $158 million in fraudulent Medicare claims. The evidence at trial showed that the defendants submitted false claims for partial hospitalization program ("PHP") services, claiming that services were provided when, in reality, the beneficiaries for whom services were billed either did not qualify for or need PHP services. The former president also paid kickbacks to a patient recruiter, who was also found guilty, to deliver ineligible recipients for PHP services.
In 2014, Miami retained its reputation as a health care fraud "hot spot." More than half of the ninety defendants caught in the May Strike Force takedown were in the Miami area. In April, ten individuals were indicted in another case on fifty-nine counts alleging the submission of fraudulent claims and the payment and receipt of kickbacks. Two of the individuals allegedly offered and paid kickbacks to patient recruiters; three of the individuals were Medicare beneficiaries who allegedly solicited and accepted kickbacks for referring patients; and five other individuals were Medicare beneficiaries who allegedly agreed to act as sham patients so that the defendants could claim medically unnecessary home health services. The scheme allegedly caused $12.5 million in fraudulent Medicare payments.
Quality-of-care theories also featured in criminal cases in 2014, as the courts weighed in on the limits of the "worthless services" theory in the criminal context. In United States v. Houser, the Eleventh Circuit affirmed the criminal conviction of George Houser on such a basis. At trial, the government presented evidence that Houser and his wife "routinely failed to pay the expenses of [their] nursing facilities, including bills for clinical laboratory services, physical therapy, transport services, telephone service, mobile x-ray services, pharmacy services and various medical, nursing, and cleaning supplies, as well as repair costs for washing machines and dryers, dishwashers, air conditioners and heaters, medical equipment, and leaking roofs." Houser and his wife were found guilty of, among other things, conspiracy to commit health care fraud against Medicare. On appeal, Houser argued that the district court erred in using a "worthless services" concept to evaluate his guilt under the FCA because of the difficulty in drawing the line between poor and "worthless" care. The Eleventh Circuit refused to "draw the proverbial line in the sand," but nevertheless concluded that it was clear from the indictment and evidence at trial that Houser was convicted for failing entirely to provide services for which he had billed federal health programs.
In addition to partnering with the DOJ in the enforcement efforts described above, HHS continued its recent use of its own resources to enforce federal health care program rules governing providers. HHS’s enforcement activities were remarkably varied in 2014. This past year saw HHS collect more than $4 billion from fraud investigations, launch new tools to promote transparency in Medicare reimbursement, and enforce Health Insurance Portability and Accountability Act ("HIPAA") requirements against providers, resulting in the largest HIPAA settlement ever recorded (among other resolutions). HHS’s primary enforcement components, including the Office of the Inspector General ("HHS OIG"), CMS, and the Office for Civil Rights ("OCR") led the enforcement charge in 2014.
A. HHS OIG Activity
1. 2014 Developments and Trends
HHS OIG’s efforts to identify and prevent fraud, waste, and abuse over the past year is evident from its increasingly numerous enforcement actions. HHS OIG enforcement activities led to the filing of 971 criminal actions and 533 civil actions involving health program-related allegations, both increases from 2013.
Source: U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Semiannual Report to Congress (April–September 2014)
HHS OIG excluded more than 4,000 individuals and entities from participation in federal health care programs this past year. And, during Fiscal Year 2014, HHS OIG reported $4.9 billion in expected recoveries, including $4.1 billion from investigative activities. Although down from their historic peak in Fiscal Year 2012, which included several massive recoveries from pharmaceutical manufacturers, recoveries in Fiscal Year 2014 were in line with those in recent years.
Source: U.S. Dep’t of Health & Human Servs., Office of Inspector Gen., Semiannual Report to Congress (April–September 2014)
a) HHS OIG Reports, Advisories, and Bulletins
During the course of the past year, HHS OIG issued a series of reports and advisories intended to clarify its position on enforcement of certain federal health program rules and initiatives.
To encourage increased monitoring and prevent overbilling, HHS OIG released a series of reports analyzing and identifying problematic practices and billing patterns. In April, HHS OIG identified billing for diagnostic tests as a particular area of concern, reporting that nearly 5,000 doctors had suspicious billing patterns for diagnostics. Potential red flags included coding practices that tacked on extra fees, substantial distances between the patients and the billing physician’s home base, and large numbers of tests ordered for a single patient on a single day. Based on these concerns, HHS OIG scrutinized nearly $140 million in billed tests for potential enforcement or other recovery actions.
Similarly, a July 2014 HHS OIG report raised questions about $1.7 billion in payments to one thousand laboratories, which had at least five questionable billing patterns. Half of the identified laboratories were located in California and Florida, states named by HHS OIG as frequent hot spots for fraud.
Among other concerns, HHS OIG focused on inadequate documentation of services provided in 2014. HHS OIG reports documented $2 billion in improper payments for home health care visits that lacked adequate documentation that a face-to-face encounter had occurred (as required by PPACA), and $7 billion in improper payments for doctor’s office visits with insufficient documentation or improper coding.
Other HHS OIG advisories focused on potential AKS violations, as described in Section III, below.
b) Proposed Rule Changes to Exclusion and Civil Monetary Penalties ("CMPs") Powers
HHS OIG announced two rule proposals in 2014 that could strengthen the agency’s ability to exclude individuals and entities from participation in federal health care programs and to assess civil monetary penalties.
In May 2014, HHS OIG proposed a new rule that would expand its authority to exclude an individual or entity for failing to supply payment information to Medicare and for making false statements or misrepresentations in connection with a provider application to Medicare. Although one of the bases for permissive exclusion in the current rules is obstruction of a criminal investigation in connection with a federal health care program, the proposed rule also would cover obstruction of audits. Moreover, under the proposed rule, HHS OIG would have the authority to issue subpoenas while pursuing exclusions. The comment period for the proposed rule closed in July, but HHS OIG has taken no final action yet.
Shortly after proposing the rule change for exclusions, HHS OIG proposed additional changes to another tool in its enforcement arsenal–the CMPs. Under this proposal, HHS OIG could impose CMPs on an individual or entity for refusing to provide HHS OIG with quick access to documents, failing to report and return overpayments, and making a false statement as part of a fraudulent claim. The proposed rule also would limit penalties for partially fraudulent billing. Under HHS OIG’s current approach, when an excluded staff member is one of several individuals who provide services that are not separately billable, HHS OIG assesses as a penalty the entire value of all services provided. Under the new rule, HHS OIG would determine penalties as a function of the excluded employee’s compensation, rather than the total billing. As with the proposed exclusion rule, comments were due in early July, but there has been no final action.
2. Significant Administrative Enforcement Activity
During 2014, HHS OIG actively employed its administrative mechanisms for policing providers’ compliance with federal health program rules. In particular, HHS OIG invoked its statutory exclusion authority, assessed CMPs for violations, and entered into CIAs.
For most providers, exclusion from government health programs is the most dire consequence that HHS OIG can impose. Even the possibility of exclusion can change the tenor of any government enforcement action. HHS OIG’s statutory authority provides for both mandatory and permissive exclusion, and it can also exclude providers by agreement if, for example, a provider agrees to exclusion as a consequence for breaching a CIA. Mandatory exclusion occurs primarily when a business or individual is convicted of: a health program-related or patient abuse-related crime; a felony charge of health care fraud; or a crime involving the use, manufacture, distribution, or prescription of controlled substances. As referenced above, HHS OIG also has permissive exclusion authority, giving it the discretion to exclude an entity or individual for a wide range of reasons, including unlawful fraudulent conduct, license revocation or suspension, or submitting claims for unnecessary services.
As noted above, HHS OIG reported that it excluded more than 4,000 entities and individuals during its Fiscal Year 2014. In the 2014 calendar year, HHS OIG excluded more than 3,700 entities and individuals–a new record for the agency. This included 2,120 mandatory and 1,639 permissive exclusions. Notably, this past year saw two exclusions for CIA breaches: Church Street Health Management, the operator of the national chain of Small Smiles Dental Centers, and home health provider Kai Heart, Inc. Church Street Health Management’s corporate predecessor had entered into a CIA in 2010, and Kai Heart entered into a CIA in 2012. This was the first time since 2007 that HHS OIG based exclusions on breaches of a CIA or settlement agreement.
Among the exclusions in the 2014 calendar year, there were fifty-three involving businesses–roughly in line with recent years–but a new high of 326 exclusions of individuals identified as business owners or executives.
b) Civil Monetary Penalties
HHS OIG made frequent use of its power to assess CMPs in 2014, assessing approximately $30 million in penalties against 100 different individuals and entities. Self-disclosed violations often lead HHS OIG to assess CMPs. Of the penalties imposed, more than 80% were in response to false or fraudulent billing. More than half of those CMPs were assessed because an entity employed an individual that the entity knew or should have known was excluded from participation in a federal health care program. Patient dumping (violations of the Emergency Medical Treatment and Labor Act) and kickback violations accounted for most of the remaining penalties, but the fines assessed for violations in these areas tended to be less costly than the penalties for false and fraudulent billing.
HHS OIG assessed the five largest CMPs, ranging from $2 million to $5 million, for false or fraudulent billing practices. By contrast, the highest fine assessed for patient dumping was $75,000. HHS OIG issued that penalty in response to a hospital’s failure to accept the transfer of two patients in need of specialized treatment. Some notable examples of CMPs assessed in 2014 are discussed below:
c) Corporate Integrity Agreements
In keeping with recent trends, HHS OIG’s use of CIAs to ensure provider compliance with Medicare rules and regulations continued in 2014. Indeed, 70 of the 200 currently operative CIAs took effect in 2014. CIAs have gone hand in hand with other notable enforcement activity from this year: DaVita Healthcare Partners, Inc. agreed to a CIA as part of its $350 million settlement regarding alleged kickbacks in exchange for referrals to its dialysis clinics; Ashland Hospital Corp. entered into a CIA as part of its $41 million settlement regarding alleged fraudulent billing and kickback claims; Saint Joseph Health System, a division of KentuckyOne Health, did the same as part of a $16.5 million settlement over alleged unnecessary invasive heart procedures; and Medicus signed a five-year CIA in addition to agreeing to pay a $5 million civil penalty.
The DaVita CIA demonstrates how rigorous such an agreement’s requirements can be for companies. The CIA requires, among other things, that DaVita (1) establish a compliance and training program, (2) retain an Independent Monitor to oversee the provider’s agreements with other health care providers for the next five years (and to conduct periodic audits of certain high-risk business arrangements), (3) unwind eleven joint ventures involving twenty-six clinics within a year of the agreement (and on terms approved by the Independent Monitor), (4) restructure some of its other business ventures, and (5) retain an independent compliance advisor who will assess the effectiveness of the provider’s compliance program. The requirement to unwind joint ventures and the scope of the Independent Monitor’s mandate are particularly notable–and burdensome. It remains to be seen whether HHS OIG will insist on, and whether companies will accept, similarly onerous terms in the future.
As noted above, this past year also saw HHS OIG’s enforcement of a CIA involving Church Street Health Management LLC ("Church Street"). In 2010, the corporate predecessor for Church Street, a management chain for pediatric dentists, entered into a CIA with HHS OIG based on allegations that it had provided and charged Medicare for medically unnecessary dental procedures and procedures that failed to meet federal standards of care. In March 2014, Church Street received a notice from HHS OIG announcing the company’s exclusion from federal health care programs for a period of five years based on repeated "flagrant" violations of its CIA, even after it hosted more than ninety visits from independent monitors. The episode marked a rare exercise of HHS OIG’s exclusion power to enforce a CIA, as opposed to use of the standard stipulated fines.
3. Advisory Opinions
To facilitate good-faith compliance efforts, HHS OIG has statutory authority to issue advisory opinions at the request of health program participants regarding whether HHS OIG believes that certain arrangements or activities comply with the law. HHS OIG issued ten advisory opinions in 2014, half of which addressed the use of a "preferred hospital" network as part of the Medicare Supplemental Health Insurance policies.
In one notable opinion, HHS OIG indicated that a laboratory testing company would potentially violate the AKS and the civil anti-kickback statute by paying an electronic health records ("EHR") vendor a fee each time a physician opted to use the laboratory testing company’s services based on a request through the EHR vendor’s interface. Under the arrangement at issue, the EHR vendor integrated laboratory results into physicians’ EHR systems and also allowed physicians to transmit lab orders. When a physician sought to order laboratory work, the EHR vendor either charged the physician a fee (if the laboratory offering the tests was "out of network") or assessed the laboratory a fee (if the laboratory was "in network"). Thus, by paying a per-transaction fee directly to the EHR vendor, the laboratory testing company became an "in network" provider of laboratory tests, such that physicians did not have to pay any fee to use the EHR vendor’s application when they ordered tests. HHS OIG recognized the very minimal incentive this arrangement likely offered to physicians and also recognized the value of having laboratory tests seamlessly integrated into electronic health records. Nevertheless, HHS OIG determined that the arrangement allowed the laboratory company "to pay compensation to the Referring Physicians, by relieving them of a financial obligation, in return for the Referring Physicians’ laboratory test referrals." Thus, HHS OIG advised that the arrangement likely violated the AKS.
Taken with the other nine advisory opinions, this opinion is a reminder that compliance with the AKS and the civil monetary penalties anti-kickback law requires highly fact-intensive analysis, and nearly every incentive, discount, and third-party agreement in the health care industry may raise the specter of a kickback arrangement.
4. Priorities for 2015
There can be little doubt that as government health care expenditures continue to strain budgets, the government’s enforcement efforts will remain strong in 2015. In the fall of 2014, HHS OIG released its Work Plan for Fiscal Year 2015 in which it lists its priorities for the upcoming year as well as the reviews and audits it plans to undertake. In the 2015 Work Plan, HHS OIG estimated that it will complete 135 reports over the coming year and announced approximately twenty-five new areas of review. This is a notable departure from the 2014 Work Plan, in which HHS OIG announced three times as many new reports, suggesting that much of HHS OIG’s work in 2015 will be a continuation of reviews already underway. Of the new reports announced in the 2015 Work Plan, half will review the implementation of the PPACA.
Hospitals can expect to be the focus of several new HHS OIG reviews. One of the new areas of scrutiny will be the national incidence of adverse events in long-term care hospitals. Another new review will assess the accuracy of wage data that hospitals report to CMS. HHS OIG also plans to review the billing practices of off-campus clinics owned by hospitals. Because these hospital-owned clinics, known as provider-based clinics, often receive higher payments for certain services than freestanding clinics, HHS OIG plans to review and compare Medicare payments for physician office visits in each "to determine the difference in payments made to the clinics for similar procedures and assess the potential impact on the Medicare program of hospitals’ claiming provider-based status for such facilities." And even though a report is not expected until 2016, HHS OIG will begin review of the "two midnight" policy recently adopted by CMS governing inpatient admissions (discussed further below, in Section III.A.3).
Another area in which HHS OIG plans to increase scrutiny is compliance with certain HIPAA requirements. HHS OIG intends to focus on whether hospitals and other entities have created contingency plans for the storage of protected information in the event of an emergency. This review will likely connect with one begun in 2014 to assess the security of electronic health records and defenses against hacking or data breach. These priority areas are consistent with HHS’s broader focus on reducing overbilling and addressing issues pertaining to data security.
1. 2014 Developments and Trends
While criticized in 2014 by lawmakers and HHS OIG regarding wasteful and unnecessary Medicare and Medicaid spending, CMS announced a number of new technological solutions to assist in identifying fraud and promoting transparency.
a) Critiques of CMS and Areas for Improvement
On several occasions in July 2014, Congress harshly criticized CMS for failing to prevent an estimated $60 billion in improper payments. CMS was also criticized for its backlog of over one million audit appeals (as of May 2014), which one Congressman estimated would take ten years for CMS to work through at the current rate. In response to legislators’ criticism, CMS proposed a landmark billing settlement for outstanding audit appeals; specifically, CMS offered acute care and critical access hospitals 68 cents on the dollar of the maximum potential recovery to resolve disputed inpatient claims. Although it is unknown how many hospitals have applied to settle pending billing disputes, a high degree of participation will be critical if CMS hopes to reduce the massive backlog of audit appeals.
b) New Technology and Tools
CMS also spent much of 2014 focusing on the role of technology in shedding light on potential fraud, waste, and abuse. Two new tools have played a central role.
First, CMS’s Fraud Prevention System, which uses advanced analytics to evaluate billing patterns and claims, is now a key element in CMS’s approach to identifying and preventing improper payments. From June 2013 to June 2014, the Fraud Prevention System identified $210 million in improper Medicare payments, which led to CMS enforcement actions against more than 900 health care providers and suppliers. Although HHS OIG estimates that only $54 million of the $210 million identified by the system will be recovered, CMS has calculated that every dollar spent on the Fraud Prevention System will yield a return of $1.34.
Second, the latter half of 2014 saw the long-awaited launch of the "Open Payments" database, which tracks payments made by drug and device companies (among others) to physicians and teaching hospitals. Regulations promulgated under the Physician Payments Sunshine Act provisions of the PPACA require drug and device companies to self-report annually any payments made to a physician or teaching hospital. Those payments, ranging from multimillion dollar grants to $11 plates of pasta, are cataloged in a searchable database available to the public online.
The self-reporting obligations require manufacturers of covered drugs, devices, biologics, and medical supplies that participate in U.S. federal health care programs to report to CMS certain payments or transfers of value to physicians and teaching hospitals. The regulations also require such manufacturers and group purchasing organizations to report to CMS certain ownership interests or investment interests held by physicians or their immediate family members. Certain products, such as drug samples intended exclusively for distribution to patients, are excluded from the reporting requirements. Moreover, manufacturers that had less than 10% gross revenue from covered products during the fiscal year preceding the reporting year are only required to report payments or other transfers of value related to covered products, not all products.
CMS released the first round of data, encompassing payments from August through December 2013, in September 2014. The data offered a glimpse into the breadth and scope of payments made by drug and device companies to providers. All told, the first report showed that almost 1,400 companies made nearly 4.4 million payments totaling approximately $3.5 billion to more than 545,000 physicians and teaching hospitals. Notably, the publicly released data does not include details regarding many of those payments. Under the regulations, if payments are made in connection with research and development or clinical trials, publication of those payments can be delayed for up to four years to help protect sensitive business information. The CMS data shows that companies are making good use of that provision: companies have sought delayed publication for at least 190,000 payments worth more than $550 million.
With the reporting requirements now in place, companies can expect that the government closely monitor their compliance with the regulations in 2015 and beyond. Penalties for violations of the reporting requirements–even for unintentional mistakes–can be stiff: up to $10,000 for each payment that is not reported timely, accurately, or completely, with an annual maximum of $150,000; and up to $100,000 for each instance where a company "knowingly fails to timely, accurately or completely report the information required in accordance with the rules . . . ," with an annual maximum of one million dollars.
Companies also can expect that the government and potential qui tam relators will sift through the payment data to identify potential AKS violations, which may have resulted in the submission of false claims that trigger liability under the FCA. Although CMS recognizes that "[d]isclosure of the financial relationships between the medical industry and healthcare providers is not intended to signify an inappropriate relationship," providers can safely assume that the government and potential relators will take a hard look at the data.
2. Major Enforcement Activity
The PPACA granted CMS one of its most powerful fraud prevention tools: the moratorium. Using the moratorium, CMS has the power to designate fraud "hot spots" and block any new provider enrollments in that geographic area. CMS first issued moratoria in July 2013, identifying three metropolitan areas that would be subject to these strict limits: Chicago and Miami for extended home health programs, and Houston for ground ambulance services. In January 2014, CMS extended the three original moratoria for an additional six months. The agency also added four new home health care moratoria zones–Fort Lauderdale, Detroit, Dallas, and Houston–and one additional ground ambulance moratorium in Philadelphia. CMS based these moratoria primarily on an analysis of Medicare and Medicaid data from these locales. For the home health care moratoria, CMS cited high ratios of providers to beneficiaries and higher payments to those providers as compared to other areas of the same state.
C. OCR and HIPAA Enforcement
1. 2014 Developments and Trends
HIPAA enforcement is assigned to the OCR, which was involved in noteworthy enforcement efforts and recoveries in 2014. The largest settlement for HIPAA violations in history took place in 2014. In addition, significant state-level decisions expanded health care providers’ liability for failing to take adequate precautions with private patient information. In a trend that is likely to continue, OCR subjected providers to particular scrutiny for their HIPAA compliance with respect to electronic records.
a) Aggressive Enforcement
In November 2013, HHS OIG sharply criticized OCR’s HIPAA enforcement efforts. OCR responded by taking swift action with respect to provider responsibility for data protection. The first sign of a new era of HIPAA enforcement came in late December 2013, when OCR levied the first fine against an entity for failing to implement policies to address a data breach. The fine was issued even though there was no evidence that any individuals had been harmed (or even that any patient files had been accessed).
OCR carried its momentum into 2014. In March, Skagit County, Alaska, became the first local government to be fined for HIPAA violations. And, in May, OCR reached a settlement for almost $5 million with Columbia University and New York and Presbyterian Hospital to resolve HIPAA claims–by far the largest HIPAA settlement to date. As these cases illustrate, OCR has been increasingly proactive in enforcing HIPAA obligations.
b) State-Level Expansion of Liability
A recent Connecticut state court decision could signal an expansion in provider liability for HIPAA violations. Although HIPAA itself provides no private right of action, the Supreme Court of Connecticut recently held in Byrne v. Avery Center for Obstetrics & Gynecology that a private plaintiff can bring a claim for negligence against a defendant that fails to secure private data and can use HIPAA as evidence of the steps the provider should have taken. The court concluded that HIPAA was not intended to preempt state tort actions when a health care provider fails to secure private health information. The availability of state tort claims effectively based on HIPAA violations increases the exposure of health care providers who do not take appropriate steps to protect their data. Although the Connecticut court’s holding has not yet been widely accepted, courts have previously reached similar outcomes in West Virginia, Missouri, Minnesota, Tennessee, and North Carolina.
c) New Risk Assessment Tool
OCR released a new security risk assessment tool in the spring of 2014 that may mitigate some risks for providers. Designed for small- to medium-sized entities, the risk assessment tool is an application that guides users regarding HIPAA requirements and provides them with information about the standards, potential threats or vulnerabilities, and suggestions for effective safeguards. Users can add and store notes regarding the policies and safeguards they currently have in place with respect to each HIPAA standard in order to perform self-assessments regarding data management controls. The tool then generates a report characterizing the entity’s risk level based on the information submitted. The tool can be accessed at this webpage: http://www.healthit.gov/providers-professionals/security-risk-assessment.
2. HIPAA Enforcement Actions
This past year saw the following notable actions and settlements, including the largest HIPAA settlement ever:
3. Priorities for 2015
OCR’s aggressive enforcement of HIPAA security requirements is expected to continue into 2015. In June 2014, an OCR Chief Regional Counsel, Jerome Meites, warned at an American Bar Association conference that the previous twelve months’ enforcement efforts–through which OCR collected more than $10 million in HIPAA fines–would "be low in comparison to what’s coming up." He stated that OCR intended to focus on "high impact cases" to send strong messages about the importance of data security. Mr. Meites observed that a common thread in the cases identified by OCR was the failure to conduct a thorough risk analysis. Additionally, he noted that portable media have become a particular vulnerability for health care providers.
One area to watch in 2015 will be OCR’s approach to cyberattacks that lead to the disclosure of private health information. Tennessee-based Community Health Systems announced in a regulatory filing in August that it had been hacked by a group believed to be based in China. The hackers stole identification data for 4.5 million patients. How OCR assesses a case such as Community Health Systems will provide guidance to health care providers on what steps they need to take to prepare for a massive and sophisticated cyberattack on their servers.
In another collision between modern technology and HIPAA requirements, lawmakers asked HHS and OCR in September to clarify how HIPAA regulations apply to mobile health applications. HHS’s website detailing the requirements for compliance with HIPAA had not been updated since 2006–long before mobile health applications were common. Lawmakers added that OCR should provide guidance on requirements for storing private health information and other sensitive data on shared-server cloud computing.
Finally, OCR has been part of the trend toward federal interagency cooperation. In a complaint against LabMD, the Federal Trade Commission ("FTC") asserted overlapping jurisdiction over HIPAA issues based on its authority to prohibit "unfair or deceptive acts or promises affecting commerce" under the FTC Act. Because unfair or deceptive practices have been defined as a practice that causes or is likely to cause substantial injury to consumers and that consumers could not reasonably avoid, the FTC argued that data security can fall within its reach and successfully defeated LabMD’s motion to dismiss. The FTC observed that it has worked jointly with OCR in the past to investigate situations in which both HIPAA and the FTC Act may have been violated.
The AKS prohibits companies and individuals from offering, paying, soliciting, or receiving "remuneration" to induce or reward referrals of business that will be paid for by Medicare, Medicaid, or other federal health care programs. The government has interpreted "remuneration" to cover "the transferring of anything of value in any form or manner whatsoever." The stakes for compliance with the AKS could not be higher, as the statute imposes criminal liability, and under the PPACA, a violation triggers automatic FCA liability–with its treble damages and penalties–for associated claims for government payment.
As noted in Section I, enforcement of the AKS was particularly robust in 2014, with both criminal enforcement activity and more than 20% of the government’s recoveries in FCA cases against providers involving alleged AKS violations. Given the statute’s breadth and its severe penalties, adherence to the AKS remains a critical component of any provider’s compliance program. But developments over the past year, including interpretive case law, comments on particular types of lab payments to physicians, and proposed revisions to the safe harbors promulgated by HHS OIG, confirm that compliance with the AKS requires constant vigilance.
A. AKS-Related Case Law Developments
The past year saw several FCA cases that included AKS components, but very few decisions addressed the bounds of the AKS. One notable decision is United States v. Shoemaker, in which the Fifth Circuit evaluated a district court’s conclusion that an AKS conviction may stand only if the defendants provided remuneration to a "relevant decisionmaker" for the referral or business at issue. A jury found the owner and operator of a nurse staffing business and the chief operating officer of a local hospital guilty of, among other things, violations of the AKS. The jury concluded that the two defendants participated in a wide-ranging kickback scheme relating to contracts between the nurse staffing business and the hospital. After the jury’s verdict, the district court granted judgments of acquittal for both defendants on the grounds that (1) the chairman of the local hospital–who received many of the kickbacks–was not a "relevant decisionmaker" with sufficient control over contracting decisions for purposes of the AKS, and (2) the evidence against the chief operating officer was insufficient. The Fifth Circuit reversed and held that there was no requirement in the AKS that payments be made to a "relevant decisionmaker" so long as the requisite intent to induce referrals was present, and that the evidence was otherwise sufficient to sustain the jury verdicts as to both executives.
B. HHS OIG Special Fraud Alert on Laboratory Payments to Referring Physicians
In June 2014, HHS OIG issued a special fraud alert describing "two specific trends" involving suspect transfers of value from laboratories to referring physicians. The alert focused on (1) "arrangements under which clinical laboratories . . . provid[e] remuneration to physicians to collect, process, and package patients’ [blood and other] specimens," and (2) "arrangements under which clinical laboratories . . . establish, coordinat[e], or maintain databases . . . purportedly to collect data on the demographics, presentation, diagnosis, treatment, outcomes, or other attributes of patients" who undergo certain tests.
With regard to the first practice, HHS OIG listed several factors indicating that such arrangements may be unlawful, including: payments above fair market value; payments for services compensated by a third party such as Medicare; payments directly to an ordering physician (as opposed to his or her group); per-specimen, per-test, or per-patient payments; and payments conditioned on a certain volume of tests. "Carve outs" of federal program patients do not alleviate HHS OIG’s concerns about such arrangements because physicians often limit the number of laboratories to which they refer patients. HHS OIG also noted that Medicare already permits physicians to bill for the collection and packaging of certain blood specimens. Accordingly, when laboratories consider the fair market value of a physician’s services in handling these same tasks, they should consider whether the physician will receive "double payment."
As to the second practice, HHS OIG acknowledged that the AKS "does not prohibit laboratories from engaging in, or paying compensation for, legitimate research activities." But HHS OIG was skeptical of many arrangements that purportedly are "intended to advance clinical research," especially where they may induce physicians to order unnecessary or duplicative tests or pay physicians more than fair market value for their services.
C. HHS OIG Proposed Rule Relating to AKS Safe Harbors
In recognition that the AKS, as written, would criminalize a vast amount of innocuous conduct, Congress directed HHS OIG to promulgate safe harbors that would protect from prosecution individuals or entities that make certain types of payments and/or engage in certain types of business practices. Safe harbors have existed under the AKS since 1991, but the PPACA and other recent laws have necessitated updates to the existing regulations. In October, HHS OIG published a proposed rule that would create additional safe harbors to the AKS. As in the past, HHS OIG intended the new and revamped safe harbors "to limit the reach of the [AKS] somewhat by permitting certain non-abusive arrangements, while encouraging beneficial or innocuous arrangements."
The proposed rule, published by HHS OIG on October 3, 2014, could give formal legitimacy to a host of provider practices by (1) bringing them under a safe harbor, (2) excluding them from the definition of "remuneration," or (3) formally recognizing beneficial gainsharing. Although still early in the rule-making process, HHS OIG’s proposals are a helpful indication of the future contours of AKS compliance.
1. Proposed Safe Harbors
Among the new or revamped safe harbors proposed by HHS OIG are four that may impact health care providers’ efforts to comply with the AKS. The proposed regulations are sweeping when it comes to how health care providers work together to control costs and create savings, including: (a) provisions regarding certain free or discounted local transportation to federal health program beneficiaries; (b) provisions that would protect certain cost-sharing waivers for pharmacies and medical transport companies; (c) provisions regarding transactions between Federally Qualified Health Centers and Medicare Advantage Organizations; and (d) provisions that would change the existing the safe harbor for referral services. These new regulations, if they become final, could have far-reaching effects on the types of incentives and discounts that are permissible under the AKS.
a) Free or Discounted Local Transportation
If finalized, the proposed rule would allow certain health care providers to provide "free or discounted local transportation services" to patients (including federal health program beneficiaries) if they comply with certain conditions. Currently, health care providers may provide transportation that is of "nominal value," which HHS OIG has interpreted to mean no more than $10 per item or service or $50 in the aggregate over the course of a year. With the proposed rule, HHS OIG expressed concern that its interpretation of "nominal value" is "overly restrictive" and recognized that allowing health care providers to provide transportation to federal health care beneficiaries could both save the government money and promote increased access to health care.
Under the proposed rule, "Eligible Entities" could provide transportation within a twenty-five-mile radius to established patients or to persons that assist the patient, if needed. According to HHS OIG, these conditions are "intended to reduce the risk that a health care provider or supplier could use a transportation program" to increase its own business, either by inducing new patients to choose the provider or supplier, or by "inappropriately inducing referrals from other providers or suppliers by transporting patients to theirs."
In addition, the proposed transportation safe harbor has limits to prevent abuse, and HHS OIG sought comment on how they should be construed. For example, the proposed definition of "Eligible Entities" excludes laboratories and health product suppliers such as DME and pharmaceutical companies, because of the potential risk that these kinds of entities would use their transportation arrangements to steer patients toward those who order their products. HHS OIG has sought comment on other proposed limitations as well: the transportation cannot be contingent on the patient being treated by providers or suppliers who could be referral sources for the Eligible Entity; it cannot be based on the type of treatment a patient would receive; and any transportation agreement must not be tied to referrals.
b) Cost-Sharing Waivers for Emergency Ambulance Services
In keeping with favorable advisory opinions on the topic, HHS OIG proposed to allow "the reduction or waiver of coinsurance or deductible amounts owed for emergency ambulance services to an ambulance supplier that is owned and operated by a State or a political subdivision of a State." To qualify for the proposed safe harbor, an ambulance provider must be "owned and operated by a State, a political subdivision of a State, or a federally recognized Indian tribe and be the Medicare Part B provider or supplier of the emergency ambulance services." The proposal also contained technical limitations on which HHS OIG sought comment.
c) Transactions Between Federally Qualified Health Centers and Medicare Advantage Organizations
By statute, Medicare Advantage beneficiaries "may receive services from a federally qualified health center ("FQHC") that has a written agreement with the [Medicare Advantage] plan." HHS OIG proposes to incorporate into the safe harbor regulations the AKS exemption for "any remuneration between a federally qualified health center (or an entity controlled by such a health center) and [a Medicare Advantage] organization pursuant to a written agreement described in section 1853(a)(4) [of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003]". Such written agreements must specifically provide that the Medicare Advantage organization will pay the FQHC the same amount it would pay another entity for the same services.
d) Technical Change to the Safe Harbor for Referral Services
Lastly, HHS OIG proposed to correct an inadvertent error in the language of the safe harbor for referral services. As HHS OIG explained, the safe harbor permits referral services to charge fees based on the costs of operating the referral services (and not on the volume of referrals generated for either party through the arrangement). The amended safe harbor would effectively revert the safe harbor to the language of the 1999 version, which "clarif[ied] that the safe harbor precludes protection for payments from participants to referral services that are based on the volume or value of referrals to, or business otherwise generated by, either party for the other party." In its current form, the italicized language reads "either party for the referral service."
2. Proposed Rules Regarding Scope of CMPs for AKS Violations
The CMPs law proscribes the offer or transfer of remuneration to Medicare or Medicaid beneficiaries that may induce the beneficiaries to order or receive items or services paid for by federal or state health care programs.
In addition to the proposed changes to the scope of the AKS safe harbors, the proposed rule also would implement sections of the PPACA that set forth exceptions to the definition of "remuneration" under the CMPs law and codify the statutory gainsharing CMPs and interpret certain provisions thereunder.
a) Exclusions from the AKS Definition of "Remuneration"
Of the four exclusions from the definition of "remuneration" set forth in the PPACA, three are particularly relevant to providers. Each is "intended to protect certain arrangements that offer beneficiaries incentives to engage in their wellness or treatment regimens or that improve or increase beneficiary access to care." The proposed rule implements these exceptions, while also attempting to prohibit arrangements that could encourage patients to seek Medicare or Medicaid billable services "that may be unnecessary, too expensive, or of poor quality."
(1) Exception for remuneration that "promotes access to care and poses a low risk of harm to patients and federal health care programs"
Payments that promote access to care fall within a key exception to the CMP law’s definition of improper remuneration. In the proposed rule, HHS OIG recommended interpreting remuneration that "promotes access to care" as remuneration that "improves a particular beneficiary’s ability to obtain medically necessary health care items and services." But HHS OIG asked for input on whether this phrase should be interpreted even more broadly and requested comment on a variety of potential formulations. In proposing this interpretation of the exception, HHS OIG also underscored that remuneration that does not encourage beneficiaries to seek medical care from a specific provider already was not subject to penalty.
To fall within the proposed exception, the remuneration must also pose a "low risk of harm" to federal health care programs. According to HHS OIG’s proposed interpretation, that means remuneration that: "(1) Is unlikely to interfere with, or skew, clinical decision-making; (2) is unlikely to increase costs to Federal health care programs or beneficiaries through overutilization or inappropriate utilization; and (3) does not raise patient-safety or quality-of-care concerns." One example of a "low risk" practice is the provision of "lodging assistance to patients and their families when the assistance was necessary for the patient to obtain appropriate care" provided by certain specialized hospitals.
(2) Retailer Rewards Programs
The proposed rule also seeks to implement a PPACA provision that excluded from the definition of "remuneration" certain rewards provided through "retailer rewards programs." Many retailers now offer rewards programs, but some exclude federal program beneficiaries for fear of government AKS action such as the case described in Section I, above. But the PPACA provides that rewards are excepted from the definition of remuneration if they: (1) "consist of coupons, rebates, or other rewards from a retailer"; (2) "are offered or transferred on equal terms available to the general public, regardless of health insurance status"; and (3) are "not tied to the provision of other items or services reimbursed in whole or in part by" Medicare or Medicaid. According to HHS OIG, retailers should be more willing to include federal program beneficiaries in their rewards in light of this new exception.
(3) Financial Need-Based Exception
The PPACA added another statutory provision, which excludes from the definition of "remuneration" items or services that are not offered as part of an advertisement or solicitation when such items or services have a "reasonable connection to the medical care of" a recipient that is in financial need (so long as those items or services are not tied to the provision of services reimbursable under a federal or state health care program). In addition to opening for comment the definition of "financial need," HHS OIG proposed that "items or services" may not include cash or instruments convertible to cash, may not be provided as part of an advertisement or solicitation, and may not be "be tied to the provision of other reimbursed services." The existence of a "reasonable connection" triggering the exclusion from the statute would depend on whether the items or services would advance the patient’s medical care, and whether the value of the items or services is proportional to the value of care needed by the patient. HHS OIG stated that the safe harbor would apply only to items or services reasonably connected to treatments that are "medically indicated," and solicited comments regarding the proper definition of the term.
3. Gainsharing CMPs
Under the CMPs law, hospitals are prohibited from knowingly paying physicians to "reduce or limit services" provided to Medicare or Medicaid beneficiaries that those physicians are treating. In the preamble to the proposed rule, HHS OIG recognized that gainsharing arrangements can often reduce costs without sacrificing patients’ medical care and noted that it has "never pursued any gainsharing civil monetary penalties case." Thus, HHS OIG proposed not only to codify the gainsharing civil monetary penalty, but also to evaluate potential definitions for the phrase "reduce or limit services" that would permit hospitals to take innovative measures to improve care while reducing costs. HHS OIG posed a series of questions in the proposed rule for commentary on the scope of potentially beneficial gainsharing programs.
The proposed rule attracted more than 100 comments from organizations and individuals, and there may be significant changes before HHS OIG promulgates the final rule. Overall, however, the proposed regulations reveal that HHS OIG recognizes that health care policy is changing in fundamental ways and will therefore take a more nuanced approach to fraud and abuse enforcement in federal health care programs.
Outside of the DOJ settlements of related FCA cases described in Section I above, 2014 saw several interesting developments in the federal physician self-referral law, or Stark Law, including: proposed legislation to apply the Stark Law explicitly to the Medicaid program, regulatory developments regarding the scope of the "whole hospital" Stark Law exception, and new developments in an important Stark Law case now before the Fourth Circuit.
A. Proposed Legislation
1. Medicaid Physician Self-Referral Act of 2014, H.R. 4676
Recent cases targeting Medicaid claims have illustrated the DOJ’s desire to extend the Stark Law beyond its traditional application to Medicare alone. Earlier this year, Representative Jim McDermott (D-WA) revealed that there is some congressional support for this idea when he introduced the Medicaid Physician Self-Referral Act of 2014. The bill, introduced in May, would eliminate any lingering doubts about the Stark Law’s reach by explicitly extending it to the Medicaid program. However, no action has been taken on the bill since it was referred to the Subcommittee on Health on May 23, 2014. Given the midterm election cycle in November 2014 and its dramatic effect on the political composition of Congress, it is unknown whether this bill will be an agenda item in 2015.
2. Promoting Integrity in Medicare Act of 2013 ("PIMA"), H.R. 2914
Proposed by Representative Jackie Speier (D-CA) last year, PIMA would remove the Stark Law exemption for four "in-office ancillary services": advanced imaging, radiation therapy, anatomic pathology, and physical therapy. Although the bill has been stalled in committee since its introduction, it received a boost on December 16, 2014 with an endorsement from the American Association of Retired Persons. This endorsement followed President Obama’s efforts to support such reform by including similar measures in his Fiscal Year 2015 budget proposal. As with the Medicaid Self-Referral Act discussed above, the newly elected Congress may not take up this legislation.
B. Regulatory Developments
The Stark Law has long included an exception for self-referrals when a physician holds an ownership interest related to the "whole hospital," as opposed to a division or practice alone. Since the Stark Law’s passage, Congress has repeatedly narrowed this exception. Most recently, the PPACA "generally prohibited [hospitals covered under the exception] from expanding facility capacity." However, it left open a window for certain hospitals to submit exception requests for proposed expansions.
Lake Pointe Medical Center ("Lake Pointe"), a physician-owned hospital in Rowlett, Texas, became the first hospital to test the boundaries of this exception when it submitted an exception request to CMS on December 11, 2013. Lake Pointe’s request was premised on its status as a "high Medicaid facility," which meant the hospital had to prove: (1) it was not the only hospital in the county; (2) it did not discriminate against patients covered by federal health care programs; and (3) its percentage of Medicaid inpatient admissions was higher than any other facility in the same county. After notice and comment, CMS issued a final decision in October, granting Lake Pointe’s request to add thirty-six beds.
C. Case Law Developments
The long history of United States ex rel. Drakeford v. Tuomey Healthcare Systems, Inc. may be nearing its concluding chapter, potentially resulting in a significant impact on Stark Law liability with respect to arrangements between hospitals and physicians. Tuomey, which involves allegations of both Stark Law and FCA liability, initially went to trial in 2010 in the U.S. District Court of South Carolina. Tuomey entered into exclusive part-time employment contracts with nineteen doctors for outpatient procedures to be performed at Tuomey Hospital. The compensation system combined a base salary (that would change based on the doctor’s previous years’ collections for his or her personally performed services), a productivity and incentive bonus based on the doctor’s own collections, and certain benefits. The government intervened in the underlying qui tam suit, alleging that the contracts exceeded fair market value, were commercially unreasonable, and illegally accounted for the referral volumes in violation of the Stark Law.
The first trial concluded in 2010, and the jury found that Tuomey had not violated the FCA, though it did find a Stark Law violation–an interesting distinction because the FCA requires proof of culpable scienter, while the Stark Law is a strict liability statute. The district court granted a new trial on the FCA claims but entered judgment on the government’s equitable claims for $48 million based on the jury’s Stark Law findings.
Tuomey appealed and the Fourth Circuit overturned the judgment in 2012. In addition to tossing out the judgment for the government on its equitable claims, the court’s 2012 decision discussed the Stark Law and suggested that facility fees generated from a physician’s personally performed services could constitute prohibited referrals if it was apparent on the face of the agreement that the contracts took those dollars into account. The case was remanded and went to trial in 2013. This time, the jury found that Tuomey violated not only the Stark Law, but also the FCA. Jurors found that the company submitted 21,370 Medicare claims that were affected by the prohibited compensation agreements, resulting in a $237 million judgment, including treble damages and civil penalties. That judgment is on appeal before the Fourth Circuit.
CMS announced a 1.4% increase for inpatient hospital reimbursement rates for Fiscal Year 2015. But, as a result of new payment penalty triggers for failing to comply with such programs as the Hospital Inpatient Quality Reporting Program, the Hospital Readmissions Reduction Program, and the Electronic Health Records program, CMS anticipates overall Inpatient Prospective Payment System operating payments will decrease around 0.6% for Fiscal Year 2015. That projection is emblematic of HHS’s evolving approach to provider reimbursement, which calls for careful compliance efforts by program participants. Indeed, as described below, 2014 saw important developments in this area regarding: the proposed "two-midnight" rule for inpatient reimbursement, the sixty-day overpayment rule, public release of provider payment data, the Hospital-Acquired Condition ("HAC") Reduction Program, the 340B program, and litigation challenging the government’s reimbursement rate-setting activity.
A. Developments in Two-Midnight Rule
In August 2013, CMS adopted a policy that, among other things, redefined "inpatient" reimbursement to require that the patient be expected to need care in a hospital for a period that includes at least two midnights. The so-called "two-midnight rule" generated immediate controversy and public debate among health care providers, which came to a head in April 2014 when the American Hospital Association and eight providers sued HHS to obtain a declaratory judgment and order vacating the rule on the basis that it is arbitrary and capricious. The primary bases for plaintiffs’ complaint were that "CMS is not at liberty to redefine commonly-understood terms to save money," and that the rule is likely to "cost hospitals millions" in lost reimbursements while possibly undermining proper patient care."
In August, plaintiffs filed a motion for summary judgment, arguing that the term "inpatient" has an established meaning, both generally and within Medicaid regulations, because every "definitional source" describes the term as referring to a patient who spends at least one night at the hospital. Thus, Plaintiffs argued, even under the deferential Chevron standard, the definitional change was arbitrary and capricious, and the two-midnight rule violates the Administrative Procedure Act. HHS has filed a motion to dismiss for lack of jurisdiction, which has had the effect of staying a ruling on the summary judgment motion. Regardless of the outcome of this litigation, this challenge figures to be an important factor in the development of CMS reimbursement policies and their impact on providers.
B. Developments in Sixty-Day Medicare Overpayment Rule
It is now well-known that the PPACA requires any overpayment of Medicare or Medicaid funds be reported and returned within sixty days after the date on which it was "identified" or any corresponding cost report was due, whichever comes first. That requirement is a crucial consideration for providers, especially given that the FCA imposes liability if a provider knowingly retains such overpayments.
1. Developments in Defining When an Overpayment is "Identified"
In 2012, CMS issued a proposed rule for Medicare Parts A and B construing "identify" to mean having "actual knowledge of the existence of the overpayment or acts in reckless disregard or deliberate ignorance of the overpayment." In January 2014, CMS proposed the same definition for Medicare Advantage Organizations ("MAOs" – i.e., Part C) and Part D sponsors. However, in May CMS issued a final rule revising the definition, such that a MAO or Part D sponsor is deemed to have "identified" the overpayment–and triggered the 60-day repayment deadline–whenever it "has determined, or should have determined through the exercise of reasonable diligence, that [it] has received an overpayment." Although CMS declined to specify what constitutes "reasonable diligence," it observed that, "at a minimum," it would include "proactive compliance activities conducted in good faith by qualified individuals to monitor for the receipt of overpayments."
The government’s revised interpretation of the sixty-day rule applied only to Parts C and D. Nevertheless, it stands to reason the same revision may be applied in the Part A and Part B contexts as well. Under the Medicare Modernization Act, CMS must publish its final Part A/B rule within three years of the date of the proposed rule. Accordingly, further clarification of the 60-day rule is expected by February 2015.
2. Developments in Potential Sanctions for Sixty-Day Rule Violations
When the sixty-day repayment clock begins is a key compliance question because of the potentially large monetary sanctions for failing to reimburse an "identified" overpayment. In May, HHS OIG proposed a rule that would allow it to assess CMPs of $10,000 per day when a provider or supplier fails to report and return an overpayment past the sixty-day period.
As noted above, the FCA also threatens harsh punishment for failure to comply with the sixty-day repayment rule. In theory, a provider could incur "reverse false claims" liability on the sixty-first day after it has "identified" an overpayment but not yet returned it to the government.
For the first time, the government recently intervened in an FCA case involving alleged violations of the sixty-day overpayment rule in State of New York ex rel. Robert P. Kane v. Healthfirst. In its complaint against several affiliated New York hospitals operated by Continuum Health Partners ("Continuum"), the government alleged that, due to a coding error in the remittances produced by Healthfirst, a Medicaid managed care plan, Continuum erroneously billed New York Medicaid as a secondary payor even after it had already been paid in full by Healthfirst. After the state identified a small number of erroneously paid claims in September 2010, the then-employee relator allegedly determined that up to 900 claims representing payments in excess of $1 million may have been wrongly submitted by Continuum. According to the complaint, Kane reported his findings to Continuum in February 2011, but Continuum did not complete repayments to New York Medicaid until March 2013.
This is sure to be just the first in a line of "reverse false claims" cases that will push development of the sixty-day rule’s meaning.
C. Medicare Provider Utilization and Payment Data Release
In April, CMS released millions of billing records detailing nearly $80 billion of Medicare payments made to 880,000 health care practitioners in 2012. The Medicare program had long been prohibited from publicly releasing physician-specific billing records by a permanent injunction issued in Florida Medical Association Inc. v. Department of Health, Education, & Welfare, but a federal judge lifted the ban in 2013. Media outlets immediately began reporting on the small number of doctors that account for a disproportionately large share of Medicare costs, while physicians expressed concerns that CMS did not adequately provide context for the data’s limitations by indicating, for example, that higher payments could reflect higher expenses or that one National Provider Identifier could be used by an entire practice, instead of a single physician.
In 2015, public availability of such data may expose more providers to risk of investigation by regulators and whistleblowers. And releases of this sort may continue in 2015 and beyond; in April 2014, CMS Administrator Marilyn Tavenner indicated her desire to compile a comprehensive database that includes billings to Medicare Advantage, Medicaid, and private insurance companies.
D. Phase-in of Hospital-Acquired Condition Reduction Program
The end of 2014 also saw the phase-in of a PPACA-mandated program designed to tie payments more closely to the quality of patient care. The HAC Reduction Program will require CMS to reduce hospital payments by one 1% in Fiscal Year 2015 for approximately 724 hospitals that comprise the lowest-performing 25% with respect to HACs. CMS also will post HAC Reduction Program scores to Hospital Compare, CMS’s website that publicizes patient survey, timely and effective care, complications, readmissions, payment, and value of care information for hospitals. Although specific information about HAC incidents is not included on Hospital Compare, a hospital’s publicized HAC Reduction Program score may provide still further material for probing regulators and whistleblowers.
E. 340B Program Developments
2014 was a tumultuous year for the 340B pricing program, which requires drug manufacturers to provide drugs to certain health care entities at reduced prices. First, section 7101 of the PPACA expanded the types of health care entities that are eligible to receive 340B drug pricing. Second, the Health Care and Education Reconciliation Act implemented additional changes, which included preventing those newly added entities from obtaining 340B pricing for drugs used to treat rare diseases or conditions, (called "orphan drugs"). Third, and most controversially, in response to these developments, the Health Resources and Services Administration ("HRSA") promulgated a legislative rule stating that the orphan drug exclusion from 340B discount requirements applied only when the orphan drugs were actually used for a rare disease or condition, such that a health care entity could obtain 340B pricing on the orphan drug if it was used instead for a more common ailment.
The trade group Pharmaceutical Research and Manufacturers of America ("PhRMA") sued, arguing that the rule was invalid because it contradicted the statute’s plain language. In May, the U.S. District for the District of Columbia granted PhRMA’s motions for injunctive relief and summary judgment, holding that HRSA’s issuance of the rule was beyond the bounds of its authority. The court noted that even though it "finds the agency’s proactive, prophylactic rule to be the most reasonable way of administering the statute, Congress has not given HHS the broad rulemaking authority to do so."
HRSA then issued an interpretive rule containing the very same non-orphan use exception to discount pricing that had been implemented by the legislative rule vacated by the court. The interpretive rule states, in part, that "HHS interprets section 340B(e) of the Public Health Service Act as excluding drugs with an orphan designation only when those drugs are . . . used for the rare condition or disease for which the drug was designated under section 526 of the FFDCA." Further, HRSA has warned manufacturers that it considers the interpretation when deciding whether to take enforcement action, potentially rendering meaningless the shift from a regulation to an agency interpretive rule. PhRMA, for its part, filed a new complaint in the D.C. District Court in October 2014, seeking declaratory and injunctive relief to prevent HHS from effectively reissuing a binding rule under an "interpretive" heading.
In January 2014, HRSA announced that it was planning to issue a so-called 340B "mega rule," which aimed to formalize existing guidance on a number of different 340B issues into regulation. The effort was abandoned, however, most likely as a result of the recent Pharmaceutical Research decision and the accompanying controversy about the scope of the agency’s authority. HHS may choose to advance the mega rule’s policy goals through guidance rather than rulemaking, as it has done in the past, but the lines between these avenues may continue to be blurred by the litigation over HRSA’s orphan drug rule.
F. Causes of Action to Challenge Rate Cuts or Increase Reimbursement Rates
Finally, the developing jurisprudence around providers’ ability to challenge Medicaid reimbursement rates took another step forward in 2014. In recent years, a number of federal courts have recognized a private right of action to challenge rates under section 13(A) of the Medicaid Act, which requires states to set reimbursement rates using a procedure akin to notice-and-comment rulemaking. Several federal courts have held, or at least observed, that facilities may privately enforce section 13(A)’s requirement of notice and an opportunity to comment prior to a change in reimbursement rates.
However, section 13(A) is not the only method by which private entities have sought to increase reimbursement rates. Health care entities seeking to obtain rate increases to sustain their business in certain areas have also sought to use the equal access provision of the Medicaid Act, section 30(A), which does not provide a private right of action by its own terms. That provision requires that reimbursement rates be "sufficient to enlist enough providers so that care and services are available under the plan at least to the extent that such care and services are available to the general population in the geographic area." In October, the Supreme Court of the United States granted certiorari to determine whether, under the Supremacy Clause of the U.S. Constitution, Medicaid providers could sue states to pursue higher rates under Section 30(A) of the Medicaid Act.
The underlying case, Armstrong v. Exceptional Child Center, Inc., was brought by Idaho Medicaid providers against Idaho Medicaid officials in an effort to challenge insufficient reimbursement rates. The Ninth Circuit held that the health care providers had the right to challenge reimbursement rates under the Supremacy Clause. Twenty-seven states filed an amicus brief in the Supreme Court arguing that the Ninth Circuit’s decision is "untenable," in part because it "allows private litigants to make an end-run" around Supreme Court decisions protecting state sovereignty.
Interestingly, the Court has granted certiorari to review this question before but declined to rule on the Supremacy Clause issue, noting that the "relevant circumstances," and therefore the question to be decided, had changed. Nevertheless, in a dissent authored by Chief Justice Roberts, four of the justices addressed the Supremacy Clause issue and concluded that a private right of action was not available: "[T]he Supremacy Clause does not provide a cause of action to enforce the requirements of § 30(A) when Congress, in establishing those requirements, elected not to provide such a cause of action in the statute itself." That opinion strongly suggests that Justice Kennedy will provide the deciding vote to determine whether health care providers may sue under the Supremacy Clause to increase Medicaid reimbursement rates.
Spurred by the HEAT task force and relators filing FCA suits, enforcement actions targeting health care providers continued to surge in 2014. The torrid pace of civil and criminal investigations against providers looks likely to continue in 2015, as the DOJ and HHS signaled their steadfast commitment to enforcing laws and regulations that govern the conduct of providers. In the meantime, those laws and regulations–and related interpretive documents and case law–evolved and proliferated in 2014, as the PPACA and other laws altered the legal landscape for federal health program participants. As always, compliance is critical–but it is no easy task in light of this past year’s developments. We will continue to monitor and report on these issues and developments when we return in July with our 2015 Mid-Year Update.
 Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Justice Department Recovers Nearly $6 Billion from False Claims Act Cases in Fiscal Year 2014 (Nov. 20, 2014), http://www.justice.gov/opa/pr/justice-department-recovers-nearly-6-billion-false-claims-act-cases-fiscal-year-2014.
 Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Manufacturer of Spinal Devices and Surgeon to Pay United States $2.6 Million to Settled Alleged Kickback Scheme (Aug. 29, 2014), http://www.justice.gov/opa/pr/manufacturer-spinal-devices-and-surgeon-pay-united-states-26-million-settle-alleged-kickback.
 Data gathered through DOJ press releases and publicly available information.
 Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, DaVita to Pay $350 Million to Resolve Allegations of Illegal Kickbacks (Oct. 22, 2014), http://www.justice.gov/opa/pr/davita-pay-350-million-resolve-allegations-illegal-kickbacks.
 Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Justice Department Recovers Nearly $6 Billion from False Claims Act Cases in Fiscal Year 2014 (Nov. 20, 2014), http://www.justice.gov/opa/pr/justice-department-recovers-nearly-6-billion-false-claims-act-cases-fiscal-year-2014.
 Figure determined by the number of DOJ press releases that mentioned this type of allegation as a contributing cause to the settlement. Many cases involved multiple types of allegations–e.g., violations of both the AKS and Stark Law. In these instances, the settlement was noted in both categories.
 Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Amedisys Home Health Companies Agree to Pay $150 Million to Resolve False Claims Act Allegations (Apr. 23, 2014), http://www.justice.gov/opa/pr/amedisys-home-health-companies-agree-pay-150-million-resolve-false-claims-act-allegations.
 Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Community Health Systems Inc. to Pay $98.15 Million to Resolve False Claims Act Allegations (Aug. 4, 2014), http://www.justice.gov/opa/pr/community-health-systems-inc-pay-9815-million-resolve-false-claims-act-allegations.
 See, e.g., United States ex rel. Mikes v. Straus, 274 F.3d 687, 702-03 (2d Cir. 2001); United States ex rel. Lee v. SmithKline Beecham, Inc., 245 F.3d 1048, 1053 (9th Cir. 2001).
 Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Extendicare Health Services Inc. Agrees to Pay $38 Million to Settle False Claims Act Allegations Relating to the Provision of Substandard Nursing Care and Medically Unnecessary Rehabilitation Therapy (Oct. 10, 2014), http://www.justice.gov/opa/pr/extendicare-health-services-inc-agrees-pay-38-million-settle-false-claims-act-allegations.
 42 U.S.C. § 1320a-7b(g).
 Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Nation’s Largest Nursing Home Pharmacy Company to Pay $124 Million to Settle Allegations Involving False Billings to Federal Health Care Programs (June 25, 2014), http://www.justice.gov/opa/pr/nation-s-largest-nursing-home-pharmacy-company-pay-124-million-settle-allegations-involving.
 Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Rite Aid Corporation Pays $2.99 Million for Alleged Use of Gift Cards to Induce Medicare and Medicaid Business (Dec. 3, 2014), http://www.justice.gov/opa/pr/rite-aid-corporation-pays-299-million-alleged-use-gift-cards-induce-medicare-and-medicaid.
 Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, DaVita to Pay $350 Million to Resolve Allegations of Illegal Kickbacks (Oct. 22, 2014), http://www.justice.gov/opa/pr/davita-pay-350-million-resolve-allegations-illegal-kickbacks.
 No. 6:09-cv-1002, 2012 WL 921147 (M.D. Fla. Mar. 19, 2012); Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Florida Hospital System Agrees to Pay the Government $85 Million to Settle Allegations of Improper Financial Relationships with Referring Physicians (Mar. 11, 2014), http://www.justice.gov/opa/pr/florida-hospital-system-agrees-pay-government-85-million-settle-allegations-improper.
 The seven cases are: Amedisys, Inc. ($150 million); Community Health Systems ($98 million); Ashland Hospital Corporation d/b/a King’s Daughters Medical Center ($40.1 million); Saint Joseph Health System ($16.5 million); SelfRefind and PremierTox ($15.75 million); Optim Healthcare ($4 million); One Step Diagnostic, Complete Imaging Solutions d/b/a Houston Diagnostics, et al. ($2.66 million). See http://www.justice.gov/opa.
 These Stark Law claims appeared in the case of Amedisys, Inc., see Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Amedisys Home Health Companies Agree to Pay $150 million to Resolve False Claims Act Allegations (Apr. 23, 2014), http://www.justice.gov/opa/pr/amedisys-home-health-companies-agree-pay-150-million-resolve-false-claims-act-allegations, and Community Health Systems, see Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Community Health Systems Inc. to Pay $98.15 Million to Resolve False Claims Act Allegations (Aug. 4, 2014), http://www.justice.gov/opa/pr/community-health-systems-inc-pay-9815-million-resolve-false-claims-act-allegations.
 No.1:08-cv-251, 2014 WL 4816006 (E.D. Tenn. Sept. 29, 2014).
 Id. at *4-6.
 Id. at *17-18.
 No. 12-cv-245, 2014 WL 6879254, at *3 (N.D. Ala. Dec. 4, 2014).
 Id. at *10 (citing Bazemore v. Friday, 478 U.S. 385, 400 (1986)) (emphasis in original).
 See, e.g., United States ex rel. Wilkins v. United Health Grp., Inc., 659 F.3d 295, 305 (3d Cir. 2011).
 See United States ex rel. Greenfield v. Medco Health Sys. Inc., No. 12-522, 2014 WL 4798637, at *10 (D.N.J. Sept. 26, 2014); United States ex rel. Kester v. Novartis Pharms. Co., et al., No. 11-8196, 2014 WL 4230386, at *12 (S.D.N.Y. Aug. 7, 2014); United States ex rel. Ruscher v. Omnicare, Inc., No. 08-cv-3396, 2014 WL 2618158, at *19-20 (S.D. Tex. June 12, 2014).
 See, e.g., United States ex rel. Conner v. Salina Reg’l Health Ctr., Inc., 543 F.3d 1211, 1218-20 (10th Cir. 2008); United States ex rel. Gonzalez v. Planned Parenthood, No. 05-cv-8818, 2012 WL 2412080, at *7 (C.D. Cal. June 26, 2012).
 United States ex rel. Simpson v. Bayer, No. 05-3895, 2014 WL 1418293, at *7 (D.N.J. Apr. 11, 2014) reconsideration denied, 2014 WL 2112357 (May 20, 2014); United States ex rel. Rostholder v. Omnicare, Inc., 745 F.3d 694, 702 (4th Cir. 2014).
 United States ex rel. Troxler v. Warren Clinic, Inc., No. 11-cv-808, 2014 WL 5704884, at *4 (N.D. Okla. Nov. 5, 2014) (describing the "materiality" requirement for false certification claims); United States ex rel. Fox Rx., Inc. v. Omnicare, Inc., F. Supp. 2d __, No. 12-cv-275, 2014 WL 3928780, at *9 (S.D.N.Y. Aug. 12, 2014) [hereinafter Fox Rx.] (reimbursement not conditioned on specified state pharmacy or federal Part D rules); United States ex rel. Williams v. McKesson Corp., No. 12-cv-371, 2014 WL 3353247, at *6 (N.D. Tex. July 9, 2014) (reimbursement not conditioned on a dentist’s licensure to provide non-dental anesthesiology services).
 Fox Rx., supra note 33, at *9-10.
 764 F.3d 699 (7th Cir. 2014).
 Id. at 704-05.
 Id. at 710.
 Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Remarks by Assistant Attorney Gen. for the Criminal Division Leslie R. Caldwell at the Taxpayers Against Fraud Education Fund Conferences (Sept. 17, 2014), http://www.justice.gov/criminal/pr/speeches/2014/crm-speech-140917.html.
 See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Medicare Fraud Strike Force Charges 90 Individuals for Approximately $260 Million in False Billing (May 13, 2014), http://www.justice.gov/opa/pr/medicare-fraud-strike-force-charges-90-individuals-approximately-260-million-false-billing.
 David A. O’Neil, Acting Assistant Attorney Gen., U.S. Dep’t of Justice, Remarks by Acting Assistant Attorney Gen. David A. O’Neil for the Medicare Fraud Strike Force Takedown (May 13, 2014), http://www.justice.gov/criminal/pr/speeches/2014/crm-speech-140513.html.
 Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Seven Defendants Indicted and Three Other Defendants Plead Guilty for Their Roles in $56 Million Medicare Fraud Scheme (Sept. 25, 2014), http://www.justice.gov/opa/pr/seven-defendants-indicted-and-three-other-defendants-plead-guilty-their-roles-56-million.
 Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Mastermind of $56 Million Medicare Fraud Scheme and Doctor Plead Guilty (Dec. 17, 2014), http://www.justice.gov/opa/pr/mastermind-56-million-medicare-fraud-scheme-and-doctor-plead-guilty.
 Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, President of Houston Hospital and Three Others Convicted in $158 Million Medicare Fraud Scheme (Oct. 20, 2014), http://www.justice.gov/opa/pr/president-houston-hospital-and-three-others-convicted-158-million-medicare-fraud-scheme.
 See Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Medicare Fraud Strike Force Charges 90 Individuals for Approximately $260 Million in False Billing (May 13, 2014), http://www.justice.gov/opa/pr/medicare-fraud-strike-force-charges-90-individuals-approximately-260-million-false-billing.
 Press Release, Office of Pub. Affairs, U.S. Dep’t of Justice, Ten Individuals Indicted For Medicare Fraud Scheme (Apr. 8, 2014), http://www.justice.gov/usao/fls/PressReleases/140408-01.html.
 754 F.3d 1335 (11th Cir. 2014).
 Id. at 1343.
 Id. at 1344.
 U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Semiannual Report to Congress (Fall 2014).
 See U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., OIG Report OEI-04-12-00420, Questionable Billing for Medicare Electrodiagnostic Tests (Apr. 4, 2014), http://oig.hhs.gov/oei/reports/oei-04-12-00420.asp.
 See U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., OIG Report OEI-03-11-00730, Questionable Billing for Medicare Part B Clinical Laboratory Services (Aug. 15, 2014), available at http://oig.hhs.gov/oei/reports/oei-03-11-00730.asp.
 See U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., OIG Report OEI-01-12-00390, Limited Compliance with Medicare’s Home Health Face to Face Documentation Requirements (Apr. 9, 2014), available at http://oig.hhs.gov/oei/reports/oei-01-12-00390.asp.
 See U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., OIG Report OEI-04-10-00181, Improper Payments for Evaluation and Management Services Cost Medicare Billions in 2010 (May 28, 2014), available at https://oig.hhs.gov/oei/reports/oei-04-10-00181.asp.
 See, e.g., U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Special Fraud Alert: Laboratory Payments to Referring Physicians (June 25, 2014), https://oig.hhs.gov/compliance/alerts/index.asp.
 OIG, Proposed Rule, Medicare and State Health Care Programs: Fraud and Abuse; Revisions to the Officer of Inspector General’s Exclusion Authorities, 79 Fed. Reg. 26,814.
 Id. at 26,819.
 Id. at 26,810.
 Id. at 27,081.
 Id. at 27,085.
 Id. at 27,080.
 See 42 U.S.C. § 1320a-7(a).
 See 42 U.S.C. § 1320a-7(b).
 News Release, U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., OIG Excludes Pediatric Dental Management Chain From Participation in Federal Health Care Programs (Apr. 3, 2014), https://oig.hhs.gov/newsroom/news-releases/2014/cshm.asp; Corporate Integrity Agreement Between the Office of Inspector General of the Department of Health and Human Services and Kai Heart, Inc. d/b/a Kai Heart Home Health Care (Nov. 5, 2012), https://oig.hhs.gov/fraud/cia/agreements/Kai_Heart_11052012.pdf.
 See OIG LEIE. Information on "business owner/exec" prior to 2011 is not available in OIG Exclusion Data.
 U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Civil Monetary Penalties and Affirmative Exclusions, False and Fraudulent Claims, https://oig.hhs.gov/fraud/enforcement/cmp/false_claims.asp.
 U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Civil Monetary Penalties and Affirmative Exclusions, Patient Dumping, https://oig.hhs.gov/fraud/enforcement/cmp/patient_dumping.asp.
 U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Civil Monetary Penalties and Affirmative Exclusions, False and Fraudulent Claims, supra note 75.
 News Release, U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., OIG Excludes Pediatric Dental Management Chain From Participation in Federal Health Care Programs (Apr. 3, 2014), https://oig.hhs.gov/newsroom/news-releases/2014/cshm.asp.
 U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen, Civil Monetary Penalties and Affirmative Exclusions, False and Fraudulent Claims, supra note 75.
 U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Civil Monetary Penalties and Affirmative Exclusions, Kickback and Physician Self-Referral, https://oig.hhs.gov/fraud/enforcement/cmp/kickback.asp.
 U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Corporate Integrity Agreement Documents, https://oig.hhs.gov/compliance/corporate-integrity-agreements/cia-documents.asp.
 Corporate Integrity Agreement Between the Office of Inspector General of the Department of Health and Human Services and DaVita Healthcare Partners, Inc., Oct. 22, 2014, available at https://oig.hhs.gov/fraud/cia/agreements/Davita_Healthcare_Partners_Inc_10222014.pdf.
 Corporate Integrity Agreement Between the Office of Inspector General of the Department of Health and Human Services and Ashland Hospital d/b/a King’s Daughters Medical Center, Apr. 22, 2014, available at https://oig.hhs.gov/fraud/cia/agreements/Kings_Daughters_Medical_Center_05272014.pdf.
 Corporate Integrity Agreement Between the Office of Inspector General of the Department of Health and Human Services and Saint Joseph Health System, Inc. d/b/a Saint Joseph London, Jan. 22, 2014, available at https://oig.hhs.gov/fraud/cia/agreements/Saint_Joseph_London_01222014.pdf.
 Corporate Integrity Agreement Between the Office of Inspector General of the Department of Health and Human Services and Medicus Laboratories, LLC, Feb. 14, 2014, available at https://oig.hhs.gov/fraud/cia/agreements/Medicus_Laboratories_02142014.pdf.
 See Corporate Integrity Agreement Between the Office of the Inspector General of the Department of Health and Human Services and DaVita Healthcare Partners, Inc., supra note 83 at 10–21, App. A, App. B, App. C, App. D, available at https://oig.hhs.gov/fraud/cia/agreements/Davita_Healthcare_Partners_Inc_10222014.pdf.
 News Release, U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., OIG Excludes Pediatric Dental Management Chain From Participation in Federal Health Care Programs, supra note 78.
 See 42 U.S.C. 1320a-7d(b).
 See U.S. Dep’t of Health and Human Servs., Office of the Inspector Gen., Advisory Opinions , https://oig.hhs.gov/compliance/advisory-opinions/index.asp.
 U.S. Dep’t of Health & Human Servs.. Office of the Inspector Gen., Advisory Op. 14-03 (Apr. 8, 2014), available at https://oig.hhs.gov/fraud/docs/advisoryopinions/2014/AdvOpn14-03.pdf.
 Id. at 4.
 Id. at 6.
 Id. at 6–7.
 See U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Work Plan, Fiscal Year 2015, https://oig.hhs.gov/reports-and-publications/archives/workplan/2015/FY15-Work-Plan.pdf.
 See U.S. Dep’t of Health & Human Servs., Office of the Inspector Gen., Work Plan for Fiscal Year 2014, http://oig.hhs.gov/reports-and-publications/archives/workplan/2014/Work-Plan-2014.pdf.
 See Work Plan, Fiscal Year 2015, supra note 97.
 Examining Solutions to Close to $106 Billion Improper Payments Gap: Hearing Before the Subcommittee on Government Operations, 113th Cong. 2 (2014) (Statement of John L. Mica, Chairman of the Subcommittee) available at http://oversight.house.gov/wp-content/uploads/2014/10/7-9-14-TRANSCRIPT-Examining-Solutions-to-Close-the-106-Billion-Improper-Payments-Gap.pdf.
 Press Release, Rep. Mark Meadows (R-NC), Video: Congressman Meadows Grills CMS Official on Massive Backlog (May 20, 2014), http://meadows.house.gov/media-center/press-releases/video-congressman-meadows-grills-cms-official-on-massive-backlog.
 Ctrs. for Medicare & Medicaid Servs., Inpatient Hosp. Reviews: Settlements, Updated 11/25/2014, http://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medicare-FFS-Compliance-Programs/Medical-Review/InpatientHospitalReviews.html.
 Press Release, Ctrs. for Medicare & Medicaid Servs., CMS Fraud Prevention System Identified or Prevented $210 Million in Improper Medicare Payments in 2nd Year of Operations (June 25, 2014), http://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2014-Press-releases-items/2014-06-25.html.
 Ctrs. for Medicare & Medicaid Servs., Medicare Provider Utilization and Payment Data: Physician and Other Supplier, http://www.cms.gov/Research-Statistics-Data-and-Systems/Statistics-Trends-and-Reports/Medicare-Provider-Charge-Data/Physician-and-Other-Supplier.html.
 See 42 C.F.R. § 403.900 et seq.
 See 42 C.F.R. § 403.904(c) (describing information that must be reported regarding payments); id. § 403.904(h) (setting de minimis thresholds for reporting); id. § 403.908 (detailing requirements for electronic submission of payment data); Ctrs. for Medicare & Medicaid Servs., Open Payments Data Fact Sheet (Oct. 1, 2014), https://www.cms.gov/OpenPayments/Downloads/Fact-Sheet-Sept-30-2014-Published-Data.pdf.
 Ctrs. for Medicare & Medicaid Servs., Open Payments Fact Sheet for Applicable Manufacturers, http://www.cms.gov/Regulations-and-Guidance/Legislation/National-Physician-Payment-Transparency-Program/Downloads/Applicable-Manufacturer-fact-sheet.pdf.
 Ctrs. for Medicare and Medicaid Servs., Open Payments Data Fact Sheet, supra note 113.
 42 C.F.R. § 403.910.
 Ctrs. for Medicare and Medicaid Servs., Open Payments Data Fact Sheet, supra note 113.
 42 C.F.R. § 403.912.
 See 42 U.S.C. § 1320(a)-7b(g).
 Ctr. for Program Integrity, Ctrs. for Medicare & Medicaid Servs., User Guide for Industry: Open Payments, Creating Public Transparency into Industry-Physician Financial Relationships (2013), http://www.cms.gov/Regulations-and-Guidance/Legislation/National-Physician-Payment-Transparency-Program/Downloads/Open-Payments-User-Guide-%5BAugust-2013%5D.pdf.
 The Patient Protection and Affordable Care Act of 2010, Pub. L. No. 111-148 § 6401(a).
 Press Release, Ctrs. for Medicare & Medicaid Servs., Second Wave of CMS’ Enrollment Moratoria Extended for Home Health and Ground Ambulance Suppliers; Four New Geographic Areas Added (Jan. 20, 2014), http://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2014-Press-releases-items/2014-01-30-2.html [hereinafter CMS Press Release, Second Wave].
 Ctrs. for Medicare & Medicaid Servs., Fact Sheet, CMS Imposes First Affordable Care Act Enrollment Moratorium on Chicago-area Home Health Agencies to Combat Fraud and Safeguard Taxpayer Dollars (July 26, 2013), ) http://www.cms.gov/Newsroom/MediaReleaseDatabase/Fact-sheets/2013-Fact-sheets-items/2013-07-26.html; Ctrs. for Medicare & Medicaid Servs., Fact Sheet, CMS Imposes First Affordable Care Act Enrollment Moratorium on Houston-area Ground Ambulance Suppliers to Combat Fraud and Safeguard Taxpayer Dollars (July 26, 2013) http://www.cms.gov/Newsroom/MediaReleaseDatabase/Fact-sheets/2013-Fact-sheets-items/2013-07-26-2.html; Ctrs. for Medicare & Medicaid Servs., Fact Shet, CMS Imposes First Affordable Care Act Enrollment Moratorium on Miami-area Home Health Agencies to Combat Fraud and Safeguard Taxpayer Dollars (July 26, 2013) http://www.cms.gov/Newsroom/MediaReleaseDatabase/Fact-sheets/2013-Fact-sheets-items/2013-07-26-3.html.
 Press Release, Ctrs. for Medicare & Medicaid Servs., Second Wave of CMS’ Enrollment Moratoria Extended, supra note 124.
 Press Release, U.S. Dep’t of Health & Human Servs, Dermatology Practice Settles Potential HIPAA Violations, (Dec. 26, 2013), http://www.hhs.gov/news/press/2013pres/12/20131226a.html.
 Resolution Agreement between the U.S. Dep’t of Health and Human Services Office for Civil Rights and Adult & Pediatric Dermatology, P.C., Dec. 24, 2013, available at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/apderm-resolution-agreement.pdf.
 Press Release, U.S. Dep’t. of Health & Human Servs, County Government Settles Potential HIPAA Violations, (Mar. 7, 2014), http://www.hhs.gov/news/press/2014pres/03/20140307a.html.
 Press Release, U.S. Dep’t. of Health & Human Servs., Data Breach Results in $4.8 Million in HIPAA Settlements (May 7, 2014), http://www.hhs.gov/news/press/2014pres/05/20140507b.html.
 314 Conn. 433 (2014).
 See, e.g., RK v. St. Mary’s Medical Center, Inc., 735 S.E. 2d 715 (Sup. Ct. App. W. Va. 2012); IS v. The Washington University, 2011 WL 2433585 (E.D. Mo. 2011); Yath v. Fairway Clinics NP, 767 N.W. 3d 34 (Ct. App. Minn. 2009); Acosta v. Byrum, 638 S.E. 2D. 246 (N.C. Ct. App. 2006); Harmon v. Maury County Tenn., 2005 WL 2133697 (M.D. Tenn. 2005).
 See HealthIT.gov, Security Risk Assessment Tool, http://www.healthit.gov/providers-professionals/security-risk-assessment-tool.
 Press Release, U.S. Dep’t of Health & Human Servs., Data Breach Results in $4.8 Million HIPAA Settlements, supra note 133.
 Press Release, U.S. Dep’t of Health & Human Servs., Stolen Laptops Lead to Important HIPAA Settlements, (Apr. 22, 2014, ) http://www.hhs.gov/news/press/2014pres/04/20140422b.html.
 Press Release, U.S. Dep’t of Health & Human Servs., $800,000 HIPAA Settlement in Medical Records Dumping Case (June 23, 2014), http://www.hhs.gov/news/press/2014pres/06/20140623a.html.
 Press Release, Dep’t of Justice, U.S. Attorney’s Office for the Eastern Dist. of Tex, Former Hospital Employee Pleads Guilty to Criminal HIPAA Charges (Aug. 29, 2014), http://www.justice.gov/usao/txe/News/2014/EDTX_HIPPA_Hippler082914.html.
 Jeff Overley, Big Year Ahead for HIPAA Fines, HHS Attorney Says, Law360 (June 12, 2014) http://www.law360.com/articles/547721/big-year-ahead-for-hipaa-fines-hhs-atty-says.
 Community Health Systems, Current Report (Form 8-K) (Aug. 18, 2014).
 See Letter from Tom Marino and Peter DeFazio, Members of Congress, to the Honorable Sylvia Matthews Burwell, Sec’y of Health & Human Servs. (Sept. 18, 2014) available at http://actonline.org/wp-content/uploads/2014/09/Letter-to-Secretary-Burwell-September-18-2014.pdf.
 In re LabMD, Inc., FTC No. 9357, dismissal denied 1/16/2014.
 42 U.S.C. § 1320a-7b(b).
 Medicare and State Health Care Programs: Fraud and Abuse: OIG Anti-Kickback, 56 Fed. Reg. 35,952 (July 29, 1991) (codified at 42 C.F.R. §§ 1001.1, 1001.951-.953).
 See 42 U.S.C. §§ 1320a-7a(a)(7), 1320a-7b(g).
 746 F.3d 614 (5th Cir. 2014).
 Id. at 626.
 Id. at 629.
 Id. at 3-5 & 3 n.5.
 Id. at 4-5.
 Id. at 5.
 Id. at 3-4.
 Id. at 7.
 Id. at 5-6.
 See 42 C.F.R. § 1001.952.
 Medicare and State Health Care Programs: Fraud and Abuse; Revisions to Safe Harbors under the Anti-Kickback Statute, and Civil Monetary Penalty Rules Regarding Beneficiary Inducements and Gainsharing, 79 Fed. Reg. 59,717 (proposed Oct. 03, 2014) (to be codified at 42 C.F.R. § 1001 and 42 C.F.R. § 1003).
 56 Fed. Reg. at 35,958.
 Medicare and State Health Care Programs: Fraud and Abuse; Revisions to Safe Harbors Under the Anti-Kickback Statute, and Civil Monetary Penalty Rules Regarding Beneficiary Inducements and Gainsharing, supra note 162.
 Id. (citing 65 Fed. Reg. 24,400, 24,411, Apr. 6, 2000) ("for purposes of consistency with the HCFA national marketing guidelines, we are interpreting nominal value to be no more than $10 per item, or $50 in the aggregate on an annual basis").
 Id. at 59,722.
 Id. at 59,724.
 Id. at 59,720 (to be codified at 42 C.F.R. § 1001.952(k)(4)).
 Id. at 59,721 (to be codified at 42 C.F.R. § 1001.952(z)).
 Id. (citing 42 U.S.C. § 1853(a)(4).
 Id. at 59,720 (to be codified at 42 C.F.R. 1001.952(f)(2)).
 42 C.F.R. § 1001.952(f)(2).
 42 U.S.C. § 1320a-7a(a)(5).
 79 Fed. Reg. at 59,718.
 79 Fed. Reg. at 59,725 (to be codified at 42 C.F.R. § 1003.110).
 Id. at 59,726 (to be codified at 42 C.F.R § 1003.110).
 42 U.S.C. 1320a-7a(i)(6)(G).
 79 Fed. Reg. at 59,726, supra note 183.
 42 U.S.C. 1320a-7a(i)(6)(H).
 79 Fed. Reg. at 59,728 (to be codified at 42 C.F.R. § 1003.110).
 42 U.S.C. § 1320a-7a(b).
 79 Fed. Reg. at 59,729.
 Id. at 59,5729-30.
 See, e.g., United States ex rel. Baklid-Kunz v. Halifax Med. Ctr., No. 6:09-cv-1002-Orl-31DAB, 2012 WL 921147 (M.D. Fla. Mar. 29, 2012); United States ex rel. Osheroff v. Tenet Healthcare Corp., No. 09-cv-22253, 2012 WL 2871264 (S.D. Fla. July 12, 2012)).
 See Press Release, Office of Congressman Jim McDermott, McDermott Introduces The Medicaid Self-Referral Act of 2014 (May 19, 2014), http://mcdermott.house.gov/index.php?option=com_content&view=article&id=760:mcdermott-introduces-the-medicaid-self-referral-act-of-2014&catid=25&Itemid=20.
 See Bill Summary: H.R. 4676–113th Congress (2013-2014), https://www.congress.gov/bill/113th-congress/house-bill/4676.
 H.R. 2914, 113th Cong. (2013).
 See Cong. Research Serv., Ctrs. for Medicare & Medicaid Servs.: President’s FY2015 Budget 18 (2014).
 Ctrs. for Medicare & Medicaid Servs., Physician-Owned Hospitals, http://www.cms.gov/Medicare/Fraud-and-Abuse/PhysicianSelfReferral/Physician_Owned_Hospitals.html.
 See Letter from Brett D. Lee, CEO, Lake Pointe Med. Ctr., to Kathleen Sebelius, Sec’y, U.S. Dep’t of Health & Human Servs. (Dec. 11, 2013), available at http://www.cms.gov/Medicare/Fraud-and-Abuse/PhysicianSelfReferral/Downloads/LakePointe.pdf.
 See 42 C.F.R. § 411.362 (2014).
 See Medicare Program; Approval of Request for an Exception to the Prohibition on Expansion of Facility Capacity Under the Hospital Ownership and Rural Provider Exceptions to the Physician Self-Referral Prohibition, 79 Fed. Reg. 64,801 (Oct. 31, 2014).
 U.S. ex rel. Drakeford v. Tuomey, No. 3:05-CV-02858-MFP, 2010 WL 4000188, at *1 (D.S.C. July 13, 2010).
 U.S. ex rel. Drakeford v. Tuomey Healthcare Sys., Inc., 675 F.3d 394, 407-09 (4th Cir. 2012).
 U.S. ex rel. Drakeford v. Tuomey, 976 F. Supp. 2d 776, 794 (D.S.C. 2013).
 Ctrs. for Medicare & Medicaid Servs., Fact sheets: Fiscal Year 2015 Policy and Payment Changes for Inpatient Stays in Acute-Care Hospitals and Long-Term Care Hospitals (Aug. 4, 2014), http://www.cms.gov/Newsroom/MediaReleaseDatabase/Fact-sheets/2014-Fact-sheets-items/2014-08-04.html.
 Ctrs. for Medicare & Medicaid Servs., Special Open Door Forum: CMS Rule 1599-F: Inpatient Hospital Admission and Medical Review Criteria (2-MidnightProvision) and Part B Inpatient Billing in Hospitals (Aug. 15, 2013), here.
 See Complaint at 15-16, Am. Hosp. Ass’n v. Sebelius, No. 1:14-cv-609, Dkt. No. 1 (D.D.C. Apr. 14, 2014).
 Motion for Summary Judgment at 10-12, Am. Hosp. Ass’n v. Sebelius, No. 1:14-cv-609, Dkt. No. 10 (D.D.C. Aug. 4, 2014).
 Id. at 14-16.
 42 U.S.C. § 1320a-7k (2010).
 31 U.S.C. § 3729(a)(1)(G) (2010) (imposing liability for a person who "knowingly conceals or knowingly and improperly avoids or decreases an obligation to pay or transmit money or property to the Government"). Section (b)(3) defines "obligation" as "an established duty, whether or not fixed, arising from . . . the retention of any overpayment."
 Ctrs. for Medicare & Medicaid Servs., Medicare Program; Reporting and Returning of Overpayments, 77 Fed. Reg. 9,179, at 9,179-9,187 (proposed Feb. 16, 2012).
 Ctrs. for Medicare & Medicaid Servs., Medicare Program; Contract Year 2015 Policy and Technical Changes to the Medicare Advantage and the Medicare Prescription Drug Benefit Programs, 79 Fed. Reg. 1918 (proposed Jan. 10, 2014).
 Id. at 79 Fed. Reg. 29,844, at 29,958, 29,963 (May 23, 2014) (to be codified at 42 C.F.R. pts. 422 and 423) (emphasis added).
 Id. at 29,923.
 Medicare Prescription Drug, Improvement, and Modernization Act of 2003, PL 108–173, 117 Stat 2066 (Dec. 8, 2003).
 Ctrs. for Medicare & Medicaid Servs., Medicare and State Health Care Programs: Fraud and Abuse; Revisions to the Office of Inspector General’s Civil Monetary Penalty Rules, 79 Fed. Reg. 27,080, at 27,086 (proposed May 12, 2014).
 Complaint-in-Intervention of the United States of America at 2, Kane v. Healthfirst, Inc. et al, No. 1:11-cv-02325-ER, Dkt. No. 20 (S.D.N.Y. June 27, 2014).
 Id. at 10-11.
 Id. at 11.
 Press Release, Ctrs. for Medicare & Medicaid Servs, Historic Release of Data Gives Consumers Unprecedented Transparency on the Medical Services Physicians Provide and How Much They Are Paid (Apr. 9, 2014), http://www.cms.gov/Newsroom/MediaReleaseDatabase/Press-releases/2014-Press-releases-items/2014-04-09.html.
 Fla. Med. Ass’n Inc. v. Dep’t of Health, Ed., & Welfare, 479 F. Supp. 1291, 1311 (M.D. Fla. 1979).
 Florida Med. Ass’n, Inc. v. Dep’t of Health, Ed., & Welfare, 947 F. Supp. 2d 1325, 1357 (M.D. Fla. 2013).
 CMS Releases Trove of Medicare Physician Billing Data, Kaiser Health News (Apr. 9, 2014), http://kaiserhealthnews.org/morning-breakout/medicare-billing-data.
 Press Release, Am. Med. Ass’n Press Release, Statement on CMS’ Medicare Data Release (, Apr. 9, 2014) http://www.ama-assn.org/ama/pub/news/news/2014/2014-04-09-ama-statement-cms-medicare-data-release.page (stating that "the AMA is disappointed that CMS did not include reasonable safeguards that would help the public understand the limitations of this data"); see also Letter from James L. Madara, MD, Executive Vice President and CEO, Amer. Med. Assn., to Marilyn B. Tavenner, Administrator, Ctrs. for Medicare & Medicaid Servs. (May 15, 2014), available at http://www.acro.org/Medicare%20Release%20Data%20Letter.pdf.
 Niall Brennan, Patrick H. Conway, & Marilyn Tavenner, The Medicare Physician-Data Release — Context and Rationale, New Eng. J. Med. (July 10, 2014), available at http://www.nejm.org/doi/full/10.1056/NEJMp1405026.
 Media Release, Ctrs. for Medicare & Medicaid Servs., Fiscal Year 2015 Results for the CMS Hospital-Acquired Condition Reduction Program and Hospital Value-Based Purchasing Program (Dec. 18, 2014), http://www.cms.gov/Newsroom/MediaReleaseDatabase/Fact-sheets/2014-Fact-sheets-items/2014-12-18-2.html.
 Pharm. Research & Mfrs. of Am. v. U.S. Dep’t of Health & Human Servs., No. 13-1501, 2014 WL 2171089, at *2 (D.D.C. May 23, 2014).
 See id. at *3, *12 (describing the HRSA’s non-orphan use regulation, and ultimately concluding that the HRSA lacked the authority to promulgate the regulation).
 See generally id.
 Id. at *12.
 Dep’t of Health & Human Servs., Interpretive Rule: Implementation of the Exclusion of Orphan Drugs for Certain Covered Entities Under the 340B Program 6 (2014); see also Health Res. & Servs. Admin., Orphan Drugs Exclusion, http://www.hrsa.gov/opa/programrequirements/orphandrugexclusion/ (noting that the district court’s decision in Pharmaceutical Research "did not invalidate HRSA’s interpretation of the statute," and that the department "continues to stand by the interpretation described in its published final rule").
 Health Res. & Servs. Admin., FAQs, http://www.hrsa.gov/opa/faqs/ (noting that the HRSA "will necessarily be required to interpret the statute" in connection with its decision of "whether and in what circumstances to take enforcement action," but acknowledging that any manufacturer subject to enforcement action "would have the opportunity to advocate for a different interpretation of the statute in defending against the enforcement action").
 Complaint at 2, Pharm. Research & Mfrs. of Am. v. U.S. Dep’t of Health & Human Servs. (D.D.C. Oct. 9, 2014) (No. 1:14-cv-01685), 2014 WL 5069095.
 Health Res. & and Servs. Admin, 340B Drug Pricing Program: Important Benefit, Significant Responsibility (Jan. 9, 2014) http://www.hrsa.gov/opa/update.html, (stating that HRSA is currently working to formalize existing program guidance through regulation, designed to cover a number of aspects of the 340B Program . . . We expect to publish this proposed regulation, which will be open for public comment, by June 2014").
 See Health Res. & Servs. Admin., 340B Drug Pricing Program, http://www.hrsa.gov/opa/ (noting that "in 2015, HRSA plans to issue a proposed guidance for notice and comment that will address key policy issues raised by various stakeholders committed to the integrity of the 340B program. HRSA is also planning to issue proposed rules pertaining to civil monetary penalties for manufacturers, calculation of the 340B ceiling price, and administrative dispute resolution").
 42 U.S.C. § 1396a(a)(13)(A).
 See, e.g., Long Term Care Pharmacy Alliance v. Ferguson, 362 F.3d 50, 54 (1st Cir. 2004); Dartmouth-Hitchcock Clinic v. Toumpas, 856 F. Supp. 2d 315, 323 (D.N.H. 2012) ("Section (13)(A),.by its terms, seems to unambiguously afford providers and beneficiaries a private right of action."); Am. Soc’y of Consultant Pharmacists v. Concannon, 214 F. Supp. 2d 23, 29 (D. Me. 2002).
 42 U.S.C. § 1396a(a)(30)(A).
 Armstrong v. Exceptional Child Ctr., Inc., No. 14-15 (U.S. Oct. 2, 2014) (granting certiorari on the question of whether Medicaid providers have a private right to enforce 42 U.S.C. § 1396a(30)(A)).
 Exceptional Child Ctr., Inc. v. Armstrong, 567 F. App’x 496, 497 (9th Cir. 2014).
 Brief of Texas, et. al. as Amici Curiae in Support of Petitioners at 6-11, Armstrong, No. 14-15.
 Douglas v. Indep. Living Ctr. of S. Cal., Inc., ___ U.S. ___, 132 S. Ct. 1204, 1207 (2012).
 Id. at 1212 (Roberts, C.J., dissenting) (joined by Scalia, Thomas, & Alito, JJ.).
Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work or any of the following:
Stephen C. Payne, Co-Chair, FDA and Health Care Practice Group (202-887-3693, email@example.com)
F. Joseph Warin (202-887-3609, firstname.lastname@example.org)
Jonathan M. Phillips (202-887-3546, email@example.com)
© 2015 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.