skip to content
Beyond Fraud and Abuse

Beyond Fraud and Abuse

SML Perspectives
(April 2, 2012)

Why Health Care Mistakes Can Be So Costly

Discussions of combating fraud and abuse within the federal health care system are seemingly everywhere. The Centers for Medicare and Medicaid Services ("CMS") estimate that millions of dollars are lost each year to individuals who intentionally and unlawfully abuse the system for their own financial reward. Examples of fraud include physicians who bill for services that they never provided, pharmacists who fill prescriptions for deceased patients, or providers who bill Medicare for wheelchairs or other costly durable medical equipment ("DME") using false names or stolen social security numbers. As a result of the actions of these unscrupulous individuals, the federal government has empowered its various agencies to stop fraud in its tracks, prosecute the perpetrators, and recoup the monies lost. However, this kind of fraud is not the only focus of the federal government in its efforts to recapture funds already paid to providers.

After years of relatively ineffective oversight by the federal government, this renewed commitment to fighting fraud is commendable and likely is necessary to preserve the Medicare Trust Fund for future generations. The concern for health care providers, however, is that in today’s climate the line between "fraud and abuse" and "mistake" has blurred dramatically. The result for providers is that what used to be a routine billing mistake may now be "fraud" and may subject the providers to the same penalties and fines as an intentional and deliberate act to defraud the system. Therefore, health care providers, as participants in the federal health care programs, must be keenly aware of their obligations to ensure that they are fully in compliance with all rules and regulations or face the potential for the recoupment of monies paid or the assessment of civil monetary penalties ("CMPs"), additional fines, and in some cases, program exclusion.

The Legal Trifecta

For some time, the federal government has been working hard to recapture improperly paid Medicare and Medicaid funds. However, with the passage of the controversial Patient Protection and Affordable Care Act ("PPACA"), the federal government has created a trifecta of laws, the combined effect of which has significantly changed the landscape for all providers. The three important laws are PPACA, the False Claims Act ("FCA"), and the Fraud Enforcement and Recovery Act of 2009 ("FERA"). Historically, a key distinction between fraud and abuse and mistake has always been intent. However, for purposes of health care fraud, the distinction may no longer be a meaningful one with respect to Medicare claims submitted to the federal government.

Interestingly, the often mentioned Section 1501 of PPACA, titled the "Requirement to Maintain Minimum Essential Coverage," and commonly referred to as the "individual mandate" has largely been the source of PPACA’s controversial buzz. And most recently, Section 2713 titled, "Coverage of Preventive Health Services" sparked a stand-off between the Catholic Church and the Obama administration over issues of contraception and employer-sponsored health insurance. While the constitutionality of the individual mandate and other provisions of the law make their way through the courts or otherwise are resolved under a bright media spotlight, a few sections of PPACA have and will continue to have a far greater impact on health care providers.

Specifically, Section 6402 of PPACA creates an affirmative obligation for a health care provider to return an overpayment to CMS within 60 days of "identification" or the date any corresponding cost report is due, whichever is later. As a result, a seemingly innocuous billing error may quickly become a reverse false claim because the failure to timely refund an "identified" overpayment now creates an "obligation" under the FCA, potentially subjecting the provider to treble damages and additional fines. For over two years now providers have speculated about what precisely is meant by the term "identified" in the context of the 60-day requirement; on February 16, 2012, CMS provided its answer in proposed rules regarding the reporting and refunding of overpayments. See 77 FR 9179, February 16, 2012.

"A person has identified an overpayment if the person has actual knowledge of the existence of the overpayment or acts in reckless disregard or deliberate ignorance of the overpayment." Id. at 9182. CMS notes that providers must have an "incentive to exercise reasonable diligence" and to investigate any potential overpayments "with all deliberate speed." Id. CMS acknowledges, for example, that, upon learning of a billing error, a provider must have time to "make a reasonable inquiry." Id. Presumably, once the investigation, which is pursued "with all deliberate speed," is concluded and the overpayment amount identified, then the provider has 60 days to report and return the overpayment. However, the line is less clear when a provider learns of a billing error and fails to timely make such inquiries.

As noted above, the reporting and returning of an overpayment is now expressly required—thus creating an "established duty" for purposes of FCA liability. Therefore, any overpayment retained beyond the 60 days from "identification" creates an "obligation" for purposes of the FCA and may result in FCA liability, with the possibility of treble damages and fines, if the provider demonstrates a "knowing and improper" failure to return the overpayment. To add further insult to injury, in addition to FCA penalties, which are mandatory, PPACA has added discretionary CMPs up to $10,000 for each item or service, plus treble damages. The voluntary and prompt refunding of overpayments is thus a significant obligation of providers.

PPACA and Compliance

Another critical change created by PPACA is with respect to mandatory compliance programs. While compliance programs have been incorporated as part of the Conditions of Participation ("COPs") for over a decade, they were perceived as voluntary in the past. Section 6401(a)(7) of PPACA, which applies to all Medicare providers, mandates that the Secretary of the Department of Health and Human Services ("HHS") promulgate regulations and establish "core elements" that must be included in all compliance programs.

In general, compliance programs must be formalized, robust, and appropriately funded and supported by the organization. This expectation stems from the Office of Inspector General’s earlier guidance regarding compliance programs for hospitals and small physician practices. While the final regulations are forthcoming, PPACA requires that all providers establish a robust and effective compliance program, specifically one that can proactively and efficiently respond to noncompliance issues in view of its other reporting requirements.

The ABC Auditors

While providers develop and implement these compliance programs to catch everything from simple billing errors to complex fraud schemes, the federal government continues to direct more and more resources to proactively combat fraud and abuse. The Obama administration has allocated record amounts of money to fight waste, fraud, and abuse. In the FY 2011 Budget, $1.7 billion alone was included to support a variety of programs. One uniquely positioned program has been the joint team of DOJ/HHS, known as the Health Care Fraud and Prevention Enforcement Action Team (or "HEAT"), which has received a large portion of the increased spending. The HEAT initiative has created multi-agency "strike force teams," which include DOJ prosecutors, HHS OIG and Federal Bureau of Investigation ("FBI") personnel, local law enforcement, and CMS data analysis teams.

Early reports indicate that these multi-agency efforts are paying off — the Health Care Fraud and Abuse Control ("HCFAC") Program report, which is a publication by the OIG, reports that for FY 2011, the Federal government recovered approximately $2.4 billion in health care fraud judgments and settlements. In addition, the DOJ opened approximately 1,100 new criminal health care fraud investigations and nearly 1,000 civil health care fraud investigations. As for program exclusions, in FY 2011, OIG excluded approximately 2,600 individuals and entities.

The OIG is one player in this fraud and abuse recovery game, but there are several others that have emerged in recent years. There are Recovery Audit Contractors ("RACs"), Medicare Administrative Contractors ("MACs"), Medicaid Integrity Contractors ("MICs"), and Zone Program Integrity Contractors ("ZPICs"), to name a few.


The PPACA, combined with other laws on the books, is a game changer. The federal government now has more resources at its disposal to combat fraud and abuse and to prosecute the perpetrators. While we all have an interest in protecting the Medicare Trust Fund, we must not lose sight of the distinction between well-intentioned and hard-working health care providers and outright criminals. The provider’s goal, of course, is to deliver high-quality, appropriate medical care to the individual patient and to be correctly reimbursed for doing so. The stakes are high, however, and the room for error is slim. Therefore, all providers must be aware of their legal obligations and the COPs that they’ve agreed to abide by as participants in the federal health programs to ensure that the services they provide are delivered, billed, coded, and reimbursed appropriately.

Click here to view the full digital version of the The Legal Business Guide edition of SML Perspectives.  

Associated Industries

Each of our lawyer's e-mail address is provided with his or her biography. If you are not a current client of our firm, you should not e-mail our lawyers with any confidential information or any information about a specific legal matter, given that our firm may presently represent persons or companies who have interests that are adverse to you. If you are not a current client and you e-mail any lawyer in our firm, you do so without any expectation of confidentiality. We will not establish a professional relationship with you via e-mail. Instead, you should contact our firm by telephone so that we can determine whether we are in a position to consult with you about any legal matters before you share any confidential or sensitive information with us.