Health care fraud.

• Author: Colbert, Daniel
• Position: II. Statutes Addressing Medicare and Medicaid Fraud C. Self-Referral/Stark Amendments through IV. Enforcement, with footnotes, p. 1348-1376 - Annual Survey of White Collar Crime

3. Self-Referral/Stark Amendments

   Congress enacted the Omnibus Budget Reconciliation Act of 1989 (containing "Stark I") (221) to counteract the burgeoning cost of health care resulting from physician self-referrals. (222) Stark I prohibits physicians from referring Medicare patients to clinical laboratories in which the physician has a financial interest, absent a safe harbor provision. (223) When Stark I proved insufficient to curtail the continuing abuses of self-referrals, Congress enacted the Omnibus Reconciliation Act of 1993 (containing "Stark II"), (224) which significantly expanded the scope of Stark I. (225)

   1. Elements of the Offense

      To establish a Stark violation, the government must show: (a) a financial relationship between a health care entity and physician; (b) a referral by the physician to the entity for designated health services; and (c) the submission of a claim for services. (226)

      a. Financial Relationship

      A financial relationship includes an ownership or investment interest in an entity by a physician or his immediate family member, or a compensation arrangement between a physician or his immediate family member and the entity. (227)

      b. Referral

      A referral includes a request for any designated health service payable under Medicare or Medicaid. (228) Because Stark II does not have an intent requirement, strict liability is imposed for referrals if a financial relationship exists. (229)

      c. Submission of a Claim for Services

      An entity receiving a prohibited referral may not make a Medicare claim. (230) Such an entity is also forbidden from billing any individual, third party payer, or other entity for designated health services (231) for which the physician made the referral. (232)

   2. Absence of an Exception or Safe Harbor

      Once the government demonstrates that an individual or entity has violated the Stark statute, the burden shifts to the defendant to establish that the defendant's conduct falls within one of the established exceptions. (233) The Stark amendments contain several exceptions for certain financial arrangements. (234) These exceptions fall into three categories: (i) exceptions applicable to both physician ownership or investment interests and compensation arrangements; (ii) exceptions for ownership or investment interests only; and (iii) exceptions for compensation arrangements only. (235) The Secretary of HHS is authorized to make additional exceptions by regulation where the "financial relationship ... does not pose a risk of program or patient abuse." (236) The amendments also contain several important safe harbor provisions. (237) A medical entity must also recognize that in some circumstances a transaction might comply with the Stark rules while falling outside any of the anti-kickback safe harbors. (238)

   3. Penalties

      Section 1395nn provides four sanctions. First, claims filed for services in violation of the self-referral laws will result in non-payment. (239) Second, if a person collects money in violation of Stark II, that person is liable for and must refund the money on a timely basis. (240) Third, civil monetary penalties and exclusion from participation in Medicaid and Medicare programs may result from improper claims. (241) The civil penalty applies if the person who bills or presents the claim "knows or should know" that the bill or claim violates the statute; the penalty may not exceed $15,000 per violation. (242) In addition, a civil penalty not to exceed $100,000 applies to circumvention schemes, such as cross-referral arrangements, when a physician or entity "knows or should know" that the arrangement has a principal purpose of assuring referrals by the physician to the entity, which if the physician made directly would violate the statute. (243) Fourth, any person who is subject to and fails to meet the reporting requirements faces a civil penalty not to exceed $10,000 per day in which reporting was required. (244)

4. The Health Insurance Portability and Accountability Act of 1996

   In 1996, Congress enacted the Health Insurance Portability and Accountability Act ("HIPAA"). (245) HIPAA is the most comprehensive attempt to fight fraud in federal health care programs,246 and it expands the scope of health care fraud and abuse prevention in several ways.

   First, HIPAA established the first stable source of funding to fight health care fraud. (247) Second, HIPAA extended the scope of the Anti-Kickback Statute to cover all federal health care programs (248) and expanded the definition of "kickback." (249) Third, HIPAA was "the first federal statute to regulate private health care and markedly increased the government's power to prosecute health care fraud." (250) HIPAA increased the enforcement power of the federal government by establishing programs to coordinate efforts and facilitate prosecution of health care fraud at both state and federal levels. (251)

   For example, the Health Care Fraud and Abuse Control Program, under the direction of HHS, the Inspector General, and the Attorney General, coordinates anti-fraud and abuse efforts at federal, state, and local levels. (252) The program conducts investigations, audits, inspections, and evaluations of health care providers, (253) and maintains a national database of providers who have been sanctioned for health care fraud. (254) The program also establishes and modifies safe harbors, and issues advisory opinions. (255)

   HIPAA created two other notable programs. First, the Medicare Integrity Program ("MIP") authorizes HHS to enter into contracts with private agencies to carry out Medicare investigation activities. (256) This includes fraud and abuse detection, utilization review, education, audits, provider payment determinations, and recovery of improper payments. (257) MIP is also responsible for educating providers, beneficiaries, and the public. (258) From 2006 to 2010, CMS used increased funding to expand MIP, particularly the oversight of Medicare benefits managed through private plans ("Part C"), the outpatient prescription drug benefit ("Part D"), and agency efforts to examine claims of Medicare beneficiaries who also participate in Medicaid. (259) The Patient Protection and Affordable Care Act ("PPACA") requires CMS to report the use and effectiveness of MIP funds. (260) Further, because MIP will be central to reducing improper payments through Medicare, MIP staff must understand how their work supports these goals in the context of the PPACA. (261)

   Second, HIPAA created the Beneficiary Incentive Program, which offers incentives for beneficiaries to provide information that may lead to monetary recovery, criminal sanctions, or civil sanctions under the Medicare program. (262) An individual whose report leads to the recovery of over $100 (excluding criminal penalties) may receive a share of the recovery. (263)

   Under HIPAA, enforcement efforts are bolstered by giving the DOJ authority to issue administrative subpoenas for federal health care fraud investigations involving private or public sector fraud. (264) The DOJ may issue investigative demands for records relating to federal health care fraud offenses and exempt those records from the normal grand jury secrecy constraints of Federal Rule of Criminal Procedure 6(e). (265) Those who comply with the subpoenas in good faith are immune from related federal and state civil liability. (266)

   1. Offenses

      HIPAA federalized health care-related crimes by creating four new felonies and one new misdemeanor (267): (i) health care fraud; (268) (ii) theft or embezzlement in connection with health care; (269) (iii) false statements relating to health care matters; (270) and (iv) obstruction of criminal investigations of health care offenses. (271)

      a. Health Care Fraud

      To convict a defendant of health care fraud, the government must prove that the defendant knowingly and willfully (272) executed or attempted to execute a scheme (273) to defraud any health benefit program, (274) or obtained by false representations any property owned by a health benefit program in connection with the delivery or payment of health care benefits, items, or services. (275) This provision has been interpreted broadly to include a wide variety of fraud and is not limited to doctors, health care providers, or health insurance companies but applies to anyone who attempts to defraud a health benefit program. (276)

      b. Theft or Embezzlement in Connection with Health Care

      To convict an individual or entity of theft or embezzlement in connection with health care, the government must show that the individual knowingly and willfully (277) embezzled, stole, intentionally misapplied, or otherwise converted any of the property or assets of a health care benefit program. (278)

      c. False Statements Relating to Health Care Matters

      To convict someone of making false statements relating to health care matters, the government must show that "the defendant knowingly and willfully made false statements or representations 'in connection with the delivery of or payment for health care benefits, items, or services' and in a 'matter involving a health care benefit program.'" (279)

      d. Obstruction of Criminal Investigations of Health Care Offenses

      To convict someone of obstruction of criminal investigations of health care offenses, the government must prove that the defendant (280) willfully prevented, obstructed, misled, delayed, or attempted to prevent, obstruct, mislead, or delay, the communication of information or records relating to a violation of a federal health care offense to a criminal investigator. (281)

   2. Defenses

      In addition to the other defenses discussed in this article, organizations with an "effective" corporate compliance program in place may receive a reduced criminal penalty after a conviction for health care fraud, (282) or the DOJ may choose not to prosecute. (283) An effective compliance program includes at least five elements: (i) an internal audit of the current processes; (ii) a...