The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established a national Health Care Fraud and Abuse Control Program (HCFAC or Program) under the joint direction of the Attorney General and the Secretary of the Department of Health and Human Services (HHS), acting through the Inspector General. HCFAC was designed to coordinate federal, state, and local law enforcement activities with respect to health care fraud and abuse. In its 25th year of operation, the Program’s continued success confirms the soundness of a collaborative approach to identifying and prosecuting the most egregious instances of health care fraud, preventing future fraud and abuse, and protecting program beneficiaries.
Comparison of HCFAC Performance in Recent Years
As noted below, HCFAC’s performance continues reflect its successes through the collaborative work of the DOJ, HHS-OIG, the FBI and other agencies. A comparison of the last three fiscal years’ performance is illustrative. One striking statistic for this work: The return on investment (ROI) for the HCFAC program over the last three years (2019–2021) is $4.00 returned for every $1.00 expended.
| 2019 | 2020 | 2021 | |
|---|---|---|---|
| Metrics | |||
| Health Care Fraud Judgements & Settlements (J&S) | >$2.6 billion | >$1.8 billion | >$5.0 billion |
| Return to Feds (from current and prior years’ J&S) | $3.6 billion | $3.1 billion | $1.9 billion |
| Enforcement Actions | |||
| DOJ | |||
| New Criminal Health Care Fraud Investigations | 1060 | 1,148 | 831 |
| Criminal Cases Filed | 485 | 412 | 462 |
| Criminal Convictions | 528 | 440 | 312 |
| New Civil Health Care Fraud Investigations | 1,112 | 1,079 | 805 |
| Pending Civil Health Care Fraud Investigations at YE | 1,343 | 1,498 | 1,432 |
| FBI | |||
| Operational Disruptions of Criminal Fraud Orgs | 558 | 407 | 559 |
| Dismantled Criminal Enterprises | 151 | 101 | 107 |
| HHS-OIG | |||
| Criminal Actions related to Medicare/Medicaid Fraud | 747 | 578 | 504 |
| Civil Actions related to Medicare/Medicaid Fraud | 684 | 781 | 669 |
| Exclusions | 2,640 | 2,148 | 1,689 |
| Crimes related to Medicare or Medicaid | 1,194 | 891 | 569 |
| Crimes related to other health care programs | 335 | 316 | 267 |
| Crimes related to beneficiary abuse or neglect | 238 | 230 | 145 |
| Exclusion due to state licensure revocations | 576 | 509 | 536 |
OIG Enforcement Highlights from 2021 Related to COVID-19
The COVID-related waivers and flexibilities necessitated to ease care delivery challenges in 2020 also created new fraud risks in federal health programs. Using fraud, waste, and abuse mitigation strategies including data analyses and studies, targeted investigations, and the development of new fraud prevention models and edits, CMS, DOJ, HHS-OIG, and other law enforcement agency partners worked together to investigate and prosecute frauds from identified risks and related schemes. The influx of new fraud schemes included:
- Additional, unnecessary services: Offering COVID-19 tests to Medicare beneficiaries in exchange for personal details, including Medicare information, when the services are unapproved and illegitimate. The personal information collected can be used to fraudulently bill federal health care programs and commit medical identity theft.
- Telehealth fraud: Fraudsters are targeting beneficiaries in a number of ways, including telehealth for Evaluation and Management up-coding or services not rendered, telemarketing calls, text messages, social media platforms, and door-to-door visits. Telemedicine has been used to facilitate fraud schemes for unnecessary services.
- Unnecessary laboratory testing: Performing additional tests when conducting COVID-19 tests, such as expensive tests or services that may or may not be related to COVID-19. For example, some laboratories are billing a COVID-19 test with other far more expensive tests, such as Respiratory Pathogen Panels (RPP), which test for a variety of respiratory infections along with COVID-19, and antibiotic resistance tests. Other potentially unnecessary tests being billed along with COVID-19 tests include allergy, genetic and cardiac panel testing. Some laboratories are also billing respiratory, gastrointestinal, genitourinary, and dermatologic pathogen code tests.
- Health care technology schemes: False and fraudulent representations about COVID-19 testing, treatments, or cures that are used to defraud federal health programs.
The National Rapid Response Strike Force (NRRSF) has led the Department’s efforts to combat health care fraud arising from the COVID-19 pandemic. The NRRSF leads the COVID-19 Working Group, which is chaired by the Criminal Division’s HCF Unit, and comprised of leadership from over 10 key government agencies, including the FDA, HHS, CMS, the Small Business Administration (SBA), the VA, FBI, the DEA, and Homeland Security Investigations (HSI). The purpose of the Working Group is to identify, investigate, and prosecute COVID-19 health care fraud schemes, and enable coordination, deconfliction, and efficient staffing of COVID-19 health care fraud investigations. The work of the Strike Force and the Working Group included the 2021 COVID-19 Health Care Fraud Enforcement Action, which resulted in charges against 14 defendants in seven federal districts across the United States for their alleged participation in various health care fraud schemes that exploited the COVID-19 pandemic and resulted in over $143.0 million in false billings.
Other Highlights of HHS-OIG 2021 Enforcement Activities
Exclusion from Federal Health Care Program Participation. The HHS-OIG has been actively engaged in many inter-agency activities, including the Strike Forces noted above. HHS has also pursued other enforcement activities to assure that the providers, suppliers and entities who participate in federal health care programs meet the high standards required to serve Medicare and Medicaid patients. One mechanism that HHS-OIG uses to safeguard program beneficiaries and help ensure the quality of care provided to them is excluding providers and suppliers who have engaged in crimes related to Medicare or Medicaid, patient abuse or neglect, financial misconduct, controlled substances, or as a result of license revocation. In FY 2021, HHS-OIG excluded a total of 1,689 individuals and entities.
The effect of an HHS-OIG exclusion is that no federal health care program payment may be made for any items or services furnished: (1) by an excluded person or (2) at the medical direction or on the prescription of an excluded person. HHS-OIG completed the deployment of a new service for MFCUs to report convictions through a central web-based portal for exclusion. HHS-OIG is also responsible for reinstating providers who apply and have met the requirements of their exclusions.
Civil Monetary Penalties. HHS-OIG has the authority to seek CMPs, assessments, and exclusions under the Civil Monetary Penalties Law (CMPL) against an individual or entity based on a wide variety of prohibited conduct. In FY 2021, HHS-OIG closed cases involving more than $79.9 million in CMPs and assessments.
HHS-OIG brings CMP cases to emphasize HHS-OIG guidance, enhance HHS-OIG work such as audits and evaluations, and fill enforcement gaps. HHS-OIG uses its CMP authorities in three common ways: (1) false claims and kickback affirmative enforcement, (2) Emergency Medical Treatment and Labor Act (EMTALA) enforcement, and (3) the Self-Disclosure Protocol.
Affirmative Litigation and Exclusion. HHS-OIG may seek a CMP or exclusion against an individual or entity that presents claims to federal health care programs that the individual or entity knows or should know are for items or services that were not provided as claimed or were false or fraudulent. HHS-OIG may also seek a CMP or exclusion against an individual or entity that knowingly and willfully violates the Anti-Kickback Statute by: (1) offering or paying remuneration, directly or indirectly, to induce referrals of federal health care program business; or (2) soliciting and receiving remuneration, directly or indirectly, in return for referrals of federal health care program business. In FY 2021, HHS-OIG recovered more than $9.2 million in false claims and kickback affirmative enforcement actions. HHS-OIG also excluded 39 individuals and entities from participation in federal health care programs based on allegations of false claims and kickbacks.
Recoveries Following Self-Disclosure. The HHS-OIG maintains the Self-Disclosure Protocol (the Protocol) whereby providers may voluntarily identify, disclose, and resolve instances of potential fraud involving federal health care programs for resolution under the CMPL. The Protocol incentivizes persons to detect and prevent fraud internally and to bring potential fraud to HHS-OIG’s attention. Under the Protocol, HHS-OIG provides these persons with speedy resolutions, reduced CMPs, and other benefits compared to affirmative cases brought by HHS-OIG or DOJ for similar conduct. HHSOIG collected $70.5 million under the Protocol in FY 2021.
Corporate Integrity Agreements. Many health care providers elect to settle their cases before litigation. HHS-OIG provides information on its website that identifies how it evaluates future risk to federal health care programs from providers who settle health care fraud cases (called the Fraud Risk Indicator). As part of the settlements, providers often agree to enter into CIAs with HHS-OIG to avoid exclusions from Medicare, Medicaid, and other federal health care programs. Under a CIA, a provider commits to establishing a compliance program and taking other specified steps to ensure future compliance with federal health care program rules. The compliance programs are designed, in part, to prevent future fraud. HHS-OIG monitors providers’ compliance with these agreements. Parties to CIAs are required to disclose certain “reportable events” which may implicate HHS-OIG’s CMP authorities. HHS-OIG may impose penalties on entities that fail to comply with the requirements of their CIAs, as shown below. HHS-OIG collected more than $500,000 through CIA enforcement.
Conclusion
In its 25th year, the HCFAC continues to be a vital part of the federal fraud prevention, detection and enforcement infrastructure that supports the work of both state and federal regulatory agencies.
The table above only reflects the high-level outcomes of the work of many agencies. This article highlights only selected areas of work in 2021. The 2021 HCFAC report provides a summary of that work but cannot reflect the detail and the many hours and resources expended to combat fraud in its myriad of forms. To fully understand the work of the HHS and CMS, FDA and other agencies in 2021 to prevent fraud, and to support state Medicaid programs’ efforts to detect and address fraud in state programs, as well as the work of other agencies, a full review of the report is required.
