White gift box wrapped with vibrant red bow and ribbon isolatedOn Dec. 7, 2016, the U.S. Department of Health & Human Services Office of Inspector General (OIG) released an update to its 2000 policy regarding gifts of nominal value given to a Medicare or Medicaid beneficiary. The update increases the nominal value of gifts given to a Medicare or Medicaid beneficiary to $15 per occurrence and $75 in the aggregate for a year (the previous limit was $10 per occurrence and $50 in the aggregate). If a gift complies with these limits, the arrangement does not need to fit within a “safe harbor” to 42 U.S.C. §1320a-7b(b) (the federal anti-kickback statute). Continue Reading OIG updates policy regarding gifts of nominal value

Due diligence is often perceived as a mundane part of the mergers & acquisitions (M&A) process, but its importance in healthcare transactions is critical. Due diligence is one of the first steps of any transaction and involves a buyer undertaking an in-depth examination of the target to evaluate the business and uncover potential issues or liabilities. In the healthcare industry, diligence is especially important considering the heavy regulation of the industry, the unique areas of risk, and the significant liabilities that could be imposed upon a buyer if issues and liabilities are not identified before the transaction closes. Continue Reading Unique Considerations in Healthcare M&A Part 1 – Due Diligence

Under HIPAA rules, covered entities are required to report breaches of unsecured protected health information (PHI) to the Secretary of the Office of Civil Rights (OCR). The deadline for reporting breaches of PHI discovered during 2014 that affected fewer than 500 individuals is March 1, 2015. Continue Reading Deadline for HIPAA breach notification approaching

The jury in the Tuomey case (U.S. ex rel. Drakeford v. Tuomey Healthcare Systems, Inc.) returned a verdict in favor of the government yesterday, May 8, 2013.  As is well known, this is the re-trial of a case centered on a series of employment agreements that Tuomey Healthcare entered to allegedly capture referrals from a number of physicians to the hospital’s ambulatory surgery center.  The jury found the hospital liable for violating both the Stark Law and the False Claims Act.  The jury further found that 21,730 claims were filed by the hospital in violation of the False Claims Act and the total monetary value of those claims was $39,313,065.  Under the False Claims Act, the federal government can recover from $5,500 up to $11,000 per false claim and up to 3 times the monetary value of those claims.  That results in potential liability for Tuomey ranging from $119,515,000 to $239,030,000 on the per claim penalty plus up to $117,939,195 under the treble damages provision.  In other words, Tuomey faces potential penalties of up to $356,969,195 on this verdict.  To put this in perspective, Tuomey Healthcare’s Form 990 for the fiscal year ending September 30, 2011 showed net assets of $123,540,611.

This verdict has significant implications not only for Tuomey Healthcare, but also for the entire healthcare industry.  Look for additional posts examining the details of the case and the implications of this decision in the coming weeks. For additional information, please contact David Pursell or Brian Bewley.

You can access the Jury Verdict Form here: Tuomey Verdict.

On April 17, 2013, the Office of Inspector General (OIG) updated the OIG’s self-disclosure protocol (SDP).  This update significantly revises the SDP first published in 1998, and supersedes the OIG’s related open letters to providers from 2006, 2008 and 2009. To date, the OIG has processed 235 settlements and monetary recoveries in excess of $280 million under the SDP.

The SDP instructs healthcare providers and suppliers how to self-report upon discovery of any actions that potentially violate federal fraud and abuse laws.  Some of the most common issues providers disclose include:

  1. billing for items or services furnished by excluded individuals.
  2. upcoding Evaluation & management services (E/M) and DRG services
  3. billing multiple times for services
  4. altering or  falsifying medical records.
  5. receiving kickbacks and Stark Law violations.

Among the previous changes, the OIG narrowed the SDP’s scope regarding Stark, the physician self-referral law, established a minimum settlement amount and established guidelines for providers’ initial submissions in the disclosure process.

The recent updates include:

  1. Availability of the SDP.  The OIG clarified that the SDP is also available to drug and device manufacturers, not just traditional health care providers.  In the current SDP, OIG refers to “disclosing parties” rather than to “providers,” as had been the previous case in the 1998 SDP and subsequent open letters.  OIG reiterated that disclosing parties may use the SDP even if they are already subject to a government inquiry, so long as the disclosure is made in good faith. In those cases (as it may do otherwise), OIG would coordinate with the Department of Justice (“DOJ”). Significantly, OIG stated that it “will advocate that the disclosing party receive a benefit from disclosure under the SDP” in any matter in which DOJ is involved.

The updated protocol also confirmed that the SDP is available for matters subject to civil monetary penalties under federal criminal, civil, or administrative law, but not matters violating only the Stark Law, which must be processed through the CMS Self-Referral Disclosure Protocol, or that exclusively involve overpayments and errors, which remain subject to the voluntary refund process dictated by a provider’s or supplier’s local Medicare Administrative Contractor.

  1. Relationship Between Identified Overpayments and the SDP.  The Affordable Care Act required providers and suppliers to report and repay overpayments within 60 days of their identification. In 2012, CMS issued a proposed rule to implement that requirement; however the proposed  rule has not been finalized.  Although CMS has not finalized that rule, OIG indicated (i) that it expects self-disclosure under the SDP to satisfy a party’s compliance with the 60-day requirement and (ii) that a provider or supplier can toll the running of the 60-day time limit and avoid conversion of an identified overpayment into a potentially actionable claim under the False Claims Act by making a disclosure to OIG under the SDP. The initial submission does not need to include the complete findings from the provider’s or supplier’s internal review nor contain a calculation of overpaid amount, but the provider or supplier will have only an additional 90 days to complete these tasks or risk being rejected under the SDP.

OIG noted that providers and suppliers must also show “good faith willingness” to resolve all liabilities within the six-year Civil Monetary Penalties Law statute of limitations in order to be accepted into the SDP and deemed to satisfy the 60-day requirement.

  1. Additional Requirements for SDP Submissions.   To be eligible for the SDP, disclosing parties must complete an internal investigation within 90 days of their initial submission to OIG. Disclosing parties also must “acknowledge” that the conduct involves a potential violation of Federal criminal, civil, or administrative laws, and identify with specificity the laws potentially violated.  OIG cautions that failure to make a clear acknowledgment will result in the rejection of a submission under the SDP.
  2. Calculation of Damages.  The updated SDP provides a detailed methodology for calculation of damages from false billing, conduct involving excluded persons, and Federal Anti-Kickback Statute (“AKS”) violations.  For billing matters, OIG incorporated sampling and extrapolation principles and requirements similar to those found in Corporate Integrity Agreements (“CIAs”). For conduct involving excluded persons whose services are not separately billed to Federal health care programs (e.g., a hospital’s employment of a nurse who has been excluded from participation in Federal health care programs), OIG will use the disclosing party’s total costs of employment or contracting during the period of exclusion (e.g. salary, fringe benefits and taxes), multiplied by the disclosing party’s revenue-based Federal health care payor mix for the relevant time period. For AKS violations, while OIG requires parties to calculate the claims affected by the violation, OIG indicated that civil monetary penalty damages generally will be based on a multiple of the total amount of remuneration involved in the arrangement(s).

Significantly, OIG reaffirmed that its “general practice . . . is to require a minimum multiplier of 1.5 times the single damages,” although noted that it will “determine in each individual case whether a higher multiplier may be warranted.”

  1. Resolution of a SDP Submission.  As incentive for self-disclosure, OIG reaffirmed its presumption against requiring parties who disclose noncompliance to enter a CIA, stating that, in the 235 cases settled through the SDP, only one settlement imposed ongoing integrity measures on a provider in exchange for a release of OIG’s permissive exclusion authorities.
  2. Expectation for Resolution.  The updated SDP advises that the average time for a pending case is twelve months from acceptance into the SDP.  OIG repeated its expectation of a $50,000 minimum settlement for AKS-related submissions and added a $10,000 minimum settlement amount for all other matters resolved through the SDP.

The updated SDP is found at http://oig.hhs.gov/compliance/self-disclosure-info/

In its Semi-Annual Report to Congress, OIG announced that expected recoveries for FY 2012 are $6.9 billion.  The $6.9 billion consists of $923.8 million in audit receivables and $6 billion in investigative receivables.  The investigative receivables include criminal restitution, settlements pursuant to False Claims Act (FCA) cases and Civil Monetary Penalty (CMP) actions, and other administrative recoveries related to provider self-disclosure matters.  In addition to the monetary recoveries, OIG excluded 3,131 individuals and entities from participating in Federal health care programs.

At least half of the $6 billion in investigative receivables stems from the government’s $3 billion settlement with GlaxoSmithKline for alleged off-label marketing and promotion of several drugs.  Other notable FCA settlements include:

  • McKesson Corporation – $187 million FCA settlement for alleged inflation of prescription drug prices;
  • AmMed Direct, LLC – $18 million FCA settlement for allegedly fraudulent practices with its diabetic testing supplies;
  • AHS Hospital Corporation et al. – $8.9 million FCA settlement for allegedly improper admission of patients to the hospital rather than placing them on observation and evaluation status;
  • Walgreens – $7.9 million FCA settlement for alleged kickbacks to beneficiaries to induce them to transfer their prescriptions to Walgreens; and
  • Hospice Care of Kansas – $6.1 million FCA settlement for alleged submission of false claims for services provided to beneficiaries that did not meet hospice eligibility criteria.

OIG also noted that during this reporting period it settled several cases under its CMP authority, which essentially mirrors the FCA, for a total recovery of $6.7 million.  Additionally, OIG recovered $53.3 million through its self-disclosure protocol, most of which is attributed to one settlement with Tenet Healthcare Corporation for $42,750,000.

Our Insight. Your Advantage.  On page 38 of this report, OIG displays two charts that summarize the investigative outcomes over the last five years.  The first chart shows that OIG’s civil and criminal actions went from a total of 917 in FY 2008 to 1,145 in FY 2012.  The second chart shows that total receivables in FY 2008 were $3.2 billion, compared to total projected receivables in FY 2012 of $6 billion.  Clearly, the government’s civil and criminal enforcement efforts are not subsiding and its audit activities are also on the rise.  Most likely, monetary recoveries for FY 2013 will be greater than this year’s projected recoveries of $6 billion.

At a recent conference, Greg Demske, the new Chief Counsel to the OIG, said that his office will be issuing new guidance explaining how OIG will resolve cases where an entity hires or contracts with an excluded individual.  Given that the last guidance on this topic was issued in 1999, this should be a welcome update from the government.  The OIG has long had the authority under its Civil Monetary Penalties law to assess penalties and damages against an entity that employs or contracts with an individual that has been excluded from participating in federal health care programs, including Medicare and Medicaid.  This authority, found at 42 U.S.C. § 1320a‐7a(6), allows the government to assess damages of up to 3 times the amount paid for claims submitted by the entity, or penalties up to $10,000 for each items or service provided.  A quick look at OIG’s website and you can see that it has pursued several cases against entities that employ or contract with an excluded individual, and the damages for non-compliance can be quite high.  For example, just in the last six months, OIG has settled some of these cases for the following amounts:  $73,428, $83,481, $121,010, $200,812, $207,440, and $831,871.  OIG has even settled cases based on this authority for amounts over $1 million.

Our Insight. Your Advantage.  As a former Senior Counsel in the OIG and Special Assistant U.S. Attorney who knows Mr. Demske, and personally handled some of these cases for the OIG, I can attest to the fact that the government will continue to ramp up its enforcement efforts on this front.  To diminish potential liability, every entity that receives Medicare or Medicaid reimbursements should review its policies and procedures for screening individuals it employs or contracts with to determine if they are excluded from participating in federal health care programs.  If your policies and procedures are not up to date, they may expose your organization to liability and you should consider revising these policies.  Keep in mind, adequate policies and procedures should include screening at initial hire or contracting, and then on periodic or annual intervals.  Also, this authority does not enable the OIG to assess penalties in every situation where you employ or contract with an excluded individual.  Exclusion from Medicare or Medicaid does not necessarily mean that the individual can’t work for a health care entity, it just means that they cannot do certain things.  If you do find that an individual you have employed or contracted with is excluded, you should consider what steps you need to take, including whether the situation warrants a voluntary disclosure to the government.  As mentioned in a previous posting, voluntary disclosure can be appropriate in some cases to lessen the financial impact on your organization for a momentary period of non-compliance.

On September 25, 2012, two members of the Husch Blackwell Healthcare team, Brian Bewley and David Pursell, presented a webinar discussing:

  • An overview of Stark
  • Stark overpayment reporting requirements
  • Steps to take after discovering a potential Stark violation

As former Senior Counsel in the Office of Inspector General for Health and Human Services and a Special Assistant U.S. Attorney, Brian provided a unique perspective on this issue.

To watch a recording of this webinar, click here.

If you have any questions regarding these materials, please contact Brian Bewley (816.983.8261 or brian.bewley@huschblackwell.com) or David Pursell (816.983.8190 or david.pursell@huschblackwell.com).


On June 18, 2012, the Office of Inspector General for the Department of Health and Human Services (OIG) published a notice in the Federal Register seeking comments and recommendations on how best to revise its self-disclosure protocol to make it more useful in today’s health care regulatory environment. This should come as welcome news to the healthcare provider community because OIG’s protocol was first established in 1998, when the healthcare fraud enforcement landscape was much different. Specifically, the government’s investigation and pursuit of health care fraud has substantially increased over the last 14 years. 1998’s total recoveries from health care fraud of under $500 million compared to last year’s total recoveries of $4.1 billion are good evidence of that change.

The Federal Register notice mentions that since 1998, OIG has resolved over 800 disclosures and recovered over $280 million to the Federal health care programs. These high numbers are likely due in large part to the benefits health care providers and practitioners derive from self-disclosing, namely a lower multiplier on damages (approximately 1.5) and no requirement for a Corporate Integrity Agreement (CIA) in exchange for OIG’s highly sought after exclusion release. For cases settled after an affirmative investigation by the government – rather than a voluntary disclosure – healthcare providers should expect OIG, usually in conjunction with the Department of Justice (DOJ), to demand at least a 2.0 multiplier on the single damages (overpayment) amount. As an example, if the government determines that you received $500,000 in reimbursement that you were not entitled to, OIG would likely settle the self-disclosed matter for a 1.5 multiplier, or $750,000.  However, if the settlement is pursuant to an affirmative investigation and not a voluntary disclosure, OIG and DOJ would likely demand at least “double damages,” or $1 million.

Continue Reading OIG-HHS Seeking to Improve Self-Disclosure Protocol

Another major drug company agreed to settle with the Department of Justice (DOJ). GlaxoSmithKline LLC (GSK) agreed to pay a historic $3 billion and plead guilty to resolve its alleged criminal and civil liability arising from the company’s promotion of certain prescription drugs, failure to report certain safety data, and its civil liability for alleged false price reporting practices.  GSK also entered into a Corporate Integrity Agreement (CIA) with the Office of the Inspector General (OIG).  While the settlement payment is the largest in history, the CIA contains provisions never before seen in such a settlement but may have far reaching repercussions for the health care industry.  The settlement agreement and five-year CIA require that GSK implement and/or maintain major changes to the way it does business.  According to the DOJ, this agreement is designed to increase accountability and transparency and prevent future fraud and abuse.  Included in the CIA are requirements that change the way GSK’s sales force is compensated – now by quality of service rather than based on sales goals for territories, which the DOJ asserts was one of the driving forces behind much of the conduct at issue in this matter.

The CIA also requires changes to GSK’s executive compensation program to permit the company to recoup annual bonuses and long-term incentives from covered executives (both current and former) if they, or their subordinates, engage in significant misconduct.  GSK must set up a deferred compensation plan that defers 10%-25% of the covered executives’ annual bonuses, to be matched 1:1 by GSK, and maintained for 3 years.  These funds will be available should there be a need to recoup funds as allowed and required under the CIA.  Other provisions require GSK to implement and maintain transparency in its research practices and publication policies and to follow specified policies in its contracts with various health care providers.

Our Insight.  Your Advantage.  In our experience, when new provisions are added to one CIA, they begin to be used in subsequent CIAs, thus becoming “boilerplate” language that is difficult, if not impossible, to remove.  We have seen more langague in CIAs directed to Boards of Directors for healthcare companies.  The GSK CIA expands those requirements to include recoupment of bonuses paid to corporate executives.  It is very likely that future CIAs will include similar language for providers with bonus packages for executives.