Supreme Court Says Lying Or Misleading Responses To Certifications Or Claims Could Cost Providers Big
- For providers who participate in federal health programs but lack robust compliance programs, BEWARE!
- For Medicaid providers who will re-certify in September and simply check the box that they have a compliance program but really don’t, BEWARE!
- For providers who received or will receive Meaningful Use incentive payments without conducting a risk assessment, BEWARE!
On June 21, 2016, and in a rare unanimous decision, the United States Supreme Court upheld the legal theory of implied certification under the False Claims Act.
Implied certification means that when a provider submits a claim for reimbursement, the provider implicitly certifies that the claims complies with any applicable laws or regulations.
In other words:
- If a regulation imposes certain requirements in order for a provider to participate in a program
- If a program requires a provider to certify to certain activities and conditions
- AND, the providers fails to meet the requirements and/or certifies that the requirements and/or conditions have been satisfied when in fact they have not
- THEN, the provider will be subject to fines and penalties under the False Claims Act.
The federal Civil and Criminal False Claims Act imposes liability on any person who:
- Knowingly bills for services not rendered
- Knowingly includes improper entries on cost reports
- Knowingly assigns incorrect codes to secure higher reimbursement for services rendered
- Knowingly characterizes unallowable services or costs in a way that secures reimbursement
- Does not seek payment from beneficiaries who may have other primary payment sources
- Knowingly falsifies, forges, alters, or destroys documents to secure payment
- Knowingly conceals, avoids or decreases an obligation to pay money to the government
Specifically, a defendant who fails to disclose noncompliance with material statutory, regulatory, or contractual requirements could be subject to treble damages plus civil penalties of up to $10,000 per false claim.
In order to be liable under the False Claims Act, a person must:
- Have “actual knowledge of the information,”
- Act in “deliberate ignorance of the truth or falsity of the information,” or
- Act in “reckless disregard of the truth or falsity of the information.”
The Act defines “material” to mean “having a natural tendency to influence, or be capable of influencing, the payment or receipt of money or property.”
In the Supreme Court case in question, the defendant submitted claims and made representations that the people developing the services were qualified to develop those services. The case is the result of a qui tam action wherein the provider’s patients alleged that the misdiagnosis and improperly prescribed prescription by unqualified personnel attributed to the death of a Massachusetts Medicaid patient.
The Court held “that the implied certification theory can be a basis for liability, at least where two conditions are satisfied: first, the claim does not merely request payment, but also makes specific representations about the goods or services provided; and second, the defendant’s failure to disclose noncompliance with material statutory, regulatory, or contractual requirements makes those representations misleading half-truths.”
Compliance Mandates
One of the most significant compliance mandates the Affordable Care Act imposed upon health care providers was that it required providers to, “as a condition of enrollment” in Medicare and Medicaid programs, have a compliance program. Many states have adopted similar requirements that providers must follow in order to participate in their respective Medicaid programs. Prior to this requirement, compliance programs for most providers were recommended but optional.
For example, the Affordable Care Act requires state Medicaid agencies to revalidate the enrollment of all providers in state Medicaid programs. For Texas, the original re-validation deadline was March 24, 2016. However, the Centers for Medicare and Medicaid Services (CMS) extended the deadline for re-enrollment and gave providers until Sept. 24, 2016 to meet all Affordable Care Act revalidation requirements.
Texas Administrative Code 352.5(b) requires health care providers enrolling or re-enrolling in Medicaid and CHIP to have a compliance program containing the core elements as established by the Secretary of HHS. In fact, as part of the Texas Medicaid Provider Enrollment Application, providers must certify that they have a compliance program.
Additionally, one of the components for receiving payment under the Meaningful Use program requires providers to conduct a risk assessment to ensure adequate protections for patient data. Given that the 2012 Health and Human Services Office of Civil Rights HIPAA audits found that many audited and particularly smaller and independent providers failed to conduct risk assessments, there is a strong possibility that many of those same provider types who received payment under Meaningful Use engaged in “reckless disregard of the truth or falsity of the information.”
Prosecutorial Incentives/Provider Tragedy
For a cash strapped government agency or an aggressive prosecutor seeking to make a name for him or herself, this Supreme Court ruling could be the equivalent of winning the lottery. For providers, this case could be a nightmare. Most providers agree to settle these types of cases. These types of cases don’t cost the government anything; they have fixed costs and recyclable pleadings, complaints and other documents at its disposal. This gives the government a significant advantage. It has nothing to lose. It generates more experience for its staff, creates high dollars settlements and positive press clippings and resume boosting opportunities. Also, fines and penalties for these types of cases are enormous, further incentivizing the providers to settle.
Let’s do the math:
- Consider that two years equals 520 days, if the practice is open only 5 days per week
- If a practice has only 20 claims per day that are subject to the requirement and/or certification
- Fines and penalties under the False Claim Act could be as high as $104,000,000 (520 days x 20 claims per day x $10,000 per claim)
What Does This Mean
The Affordable Care Act and its associated compliance requirements have been in effect since 2010. State Medicaid agencies and other programs require compliance programs and risk assessments. Failing to perform required activities such as instituting a robust compliance plan or conducting a risk assessment but claiming otherwise on claims or program attestations falls squarely under the implied certification under the False Claims Act.
Under these circumstances, it wouldn’t be too hard for a prosecutor to argue a provider:
- Had “actual knowledge of the information,”
- Acted in “deliberate ignorance of the truth or falsity of the information,” or
- Acted in “reckless disregard of the truth or falsity of the information.”
Also, a court could say that these types of misleading statements and/or omissions could have “a natural tendency to influence, or be capable of influencing, the payment or receipt of money or property.”
Under those circumstances, the lack of a compliance program could mean that audits aren’t being conducted to ensure accurate billing, or that employees feel comfortable bringing potential violations to management.
The lack of a risk assessment means that a practice cannot know its vulnerabilities and therefore increases the risk of data breaches.
As a consumer, would you share your personal data with someone who you know lacks the appropriate protections? Would you want someone to bill you for services when no one is checking the billing to ensure accuracy? I know these factors would influence my business decisions.
Under the False Claims Act’s implied certification theory, providers could be subjected to treble damages plus civil penalties of up to $10,000 per false claim for “misleading half-truths.”
In short, if a law or regulation requires a provider to have a compliance program or a risk assessment and the provider misleads about having or performing certain activities and programs, then the implied certification theory may apply and the physician may be subject to fines and penalties.
Providers should ensure that they have meaningful compliance programs in place and conduct risk assessments on a regular basis. Providers should consider engaging compliance professionals to address their needs if their practices have limited resources and expertise in this area. The requirements aren’t going away and the government will continue to be aggressive in its enforcement activities.