This article has been saved to your Favorites!

Bracing For The Next Wave Of Health Care Enforcement

By Matthew Krueger, Pamela Johnston and Michelle Freeman · 2021-05-11 18:12:59 -0400

Matthew Krueger
Pamela Johnston
Michelle Freeman
Many predict a significant wave of health care enforcement during the Biden administration, and for good reason: Federal health care spending nearly doubled to $2.4 trillion due to the COVID-19 relief bills, including $178 billion in provider relief funds.[1]

That funding surge adds to regulators' separate concerns about the telehealth boom, increasing cyberattacks, the well-being of elderly patients, opioid misuses, and the costs of health care and prescription drugs. But just how will those regulator concerns result in enforcement? This article briefly notes the Biden administration's enforcement priorities and then discusses what to watch in anticipating the coming enforcement wave.

In the absence of more enforcement resources, agencies will increasingly rely on data analytics and specialized task forces to focus their efforts. At the same time, the funding surge will likely result in even more qui tam actions. Taken together, those dynamics call for health care compliance programs to improve their own data analytics and handling of internal complaints.

Enforcement Priorities

Although the Biden administration is still working to fill numerous key positions in the two main enforcement agencies for this area — the U.S. Department of Justice and the U.S. Department of Health and Human Services' Office of Inspector General — their current leadership has signaled similar enforcement priorities.[2] They include:

  • COVID-19-related funding, including misuse of provider relief funds;

  • Telehealth-related fraud and kickback schemes;

  • Prescription drugs, including opioid-related cases and schemes that lead to rising drug prices, such as kickbacks and improper coverage of patient co-pays;

  • Electronic health records, such as kickback schemes and misrepresentations of capabilities that cause providers to submit false claims for incentive payments;

  • Cybersecurity, such as submitting claims for payment while failing to meet material cybersecurity requirements;

  • Elder fraud, including cases involving long-term care facilities; and

  • Medicare Part C managed care, such as submission of improper diagnosis codes that manipulate the risk adjustment process.

The Mandate: Do Lots More, With a Little More

Congress has failed to fund the enforcement agencies to the same degree that it funded the COVID-19 relief efforts. Although the COVID-19 relief bills gave the HHS OIG and the DOJ modest funding bumps, those increases were not remotely proportionate to the increases in funding for health care programs and providers.

In recent years, the HHS OIG's budget has ranged from around $370 million to $390 million, to oversee approximately $1.3 trillion in federal health care spending.[3]

The COVID-19 relief packages added another $1 trillion in federal health care spending, yet the HHS OIG received only approximately $17 million in additional funding.[4] It bears noting, however, that $5 million of those additional funds were directed specifically toward the HHS OIG's oversight of provider relief funds.

The story for the DOJ is similar. For the current fiscal year, the U.S. attorney's offices and Main Justice litigating divisions received increases of just 3%-4% from fiscal year 2020, plus a small increase for U.S. attorney's offices in the COVID-19 relief bills.[5]

It is no exaggeration to say that the HHS OIG and the DOJ now face a far larger and more complex enforcement challenge than any time in history. These realities suggest several factors to watch in the coming months, as the administration's health care enforcement agenda moves into implementation.

Increased Use of Data Analytics

First, the surge of new federal spending will likely accelerate the DOJ and the HHS OIG's use of data analytics to prioritize the limited enforcement resources. For some years now, the DOJ and HHS have collaborated on mining Medicare provider and claims data, along with other public data sources.

Many state Medicaid fraud and control units likewise receive federal funding to conduct data mining in the HHS OIG-approved programs. The need to triage new COVID-19-related funding will only increase that trend.

The agencies seek to use data analytics to focus their resources on the areas that the agencies perceive as highest risk, whether determined by dollar amounts or red flags, rather than by what tips they receive.

The head of the DOJ's commercial litigation branch recently claimed that "sophisticated use of data analytics allow" it to see where the "highest fraud risk physicians are located in each state and federal district, and how much they are costing the Medicare program."[6] In fact, each U.S. attorney's office, along with its local HHS OIG and Federal Bureau of Investigation agents, now regularly receives datasets unique to their specific region.

As a top priority, data mining efforts will focus on COVID-19 relief funds. For example, the HHS OIG is matching data sources to identify potential double-dipping of multiple COVID-19 relief funds, such as receipt of both provider relief funds and Paycheck Protection Program loans for the same expenses.[7]

Separately, outlier analysis recently led the HHS OIG to investigate a provider's treatment claims paid under the COVID-19 Uninsured Program, administered by the Health Resources and Services Administration.[8]

The DOJ and HHS OIG also use data analytics to look for potentially improper relationships. For example, data mining can reveal providers who make a high percentage of orders or referrals to particular ancillary providers, like labs, hospices or pharmacies. Likewise, open payments data are correlated with providers' orders of durable medical equipment and expensive prescription drugs.

The opioid crisis led DOJ components (including the Drug Enforcement Administration) and HHS to intensify their focus on prescribing data, obtained both from Medicare claims data and state prescription drug monitoring programs. These are just some of the ways enforcement agencies are seeking to use analytical tools to focus their investigative efforts.

Of course, data can never tell the whole story. Often there are legitimate explanations for what may seem suspicious in a dataset. As enforcement agencies initiate more investigations based on data analytics, it will be critical to check against confirmation biases and hold regulators to their burdens of proof.

Specialized Enforcement Units

A second factor to watch is the organization of specialized enforcement units. Without an overall influx of more agents and prosecutors, the DOJ, the HHS OIG and partner agencies will continue to rely on interagency teams tasked with specific health care fraud issues targeting the worst offenders.

This is a long-standing method, which has already led to task forces focused on the misuse and exploitation of COVID-19 relief funds, elder fraud and prescription opioids, to name a few.

In addition to its regional strike forces, the DOJ created a National Rapid Response Strike Force in September 2020 that led to the DOJ's largest telemedicine and opioid enforcement action.[9] The mission of that national strike team and other specialized units will give strong indications of likely enforcement priorities.

Another important factor to watch is how U.S. attorney's offices choose to allocate their resources in the Biden administration. USAOs play a lead role in enforcing the False Claims Act, the Controlled Substances Act and criminal health care fraud offenses.

Each U.S. attorney has broad latitude to assign prosecutors to different enforcement units, and even to move prosecutors between the civil and criminal divisions. In the last administration, USAOs received historic increases in prosecutors, many of whom were assigned to combat violent crime.

It is entirely conceivable that the presidentially appointed U.S. attorneys who will be confirmed in the coming year will move more resources to combat health care fraud, cybercrime, PPP loan fraud, misapplication of provider relief funds and other complex white collar offense.

A Wave of Qui Tams

A final factor to watch is how the Biden administration approaches qui tam suits. In the last fiscal year, qui tam filings rebounded from a small dip in prior years: 672 actions were filed, an average of 13 new actions every week, and the largest number filed since 2017.[10]

The sheer volume of new COVID-19 relief funds, combined with their wide distribution through numerous programs, means that qui tam suits will probably continue to increase in the coming years. The DOJ uses data analytics and other screening tools to prioritize qui tam suits; suits lacking sufficient loss amounts or signs of fraud are unlikely to undergo a deep investigation.

That raises the critical question of whether the current administration will continue the somewhat more aggressive willingness to move to dismiss qui tam suits. In the 30 years before the January 2018 Granston memo, the DOJ moved to dismiss only about 45 qui tam actions.[11] In the three following years, the DOJ moved to dismiss approximately 50 more actions in recognition that many False Claims Act suits lack any merit.[12]

Even that number undercounts the Granston memo's significance because the DOJ's newfound appetite to dismiss qui tams undoubtedly led many more relators to dismiss their suits voluntarily. Consequently, the tone set by DOJ Civil Division and USAO leadership will have an outsized impact on qui tam practice going forward.

How to Prepare for the Wave

These unique dynamics — massive new federal funding, a broad set of complex enforcement priorities, increased use of data analytics and a likely rise in qui tam suits — suggest that health care companies should take several steps to protect themselves. Protective measures are particularly important in this moment when enforcement agencies feel pressure to show the public they are safeguarding COVID-19 relief funds.

First, compliance personnel should consider performing audits, now, of provider relief funds, PPP funds and other COVID-19 relief funding they have received. To be effective, this analysis needs to be ongoing, particularly in light of the evolving and sometimes conflicting guidance provided by agencies throughout the pandemic.

Second, compliance personnel should consider enhancing their own use of data analytics in risk assessment and monitoring. Indeed, the DOJ's most recent guidance in evaluating the effectiveness of compliance programs expressly addresses use of data for timely and effective monitoring.[13]

Finally, to reduce the risk of becoming a qui tam defendant, companies are well advised to revisit their policies, trainings and practices for encouraging and responding to complaints by employees, patients and others. To the extent that resources were pared back during the pandemic's first year, it would be prudent to reinvest in compliance and due diligence now.



Matthew D. Krueger and Pamela L. Johnston are partners and Michelle A. Freeman is an associate at Foley & Lardner LLP.

The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.


[1] Lamar Johnson, Fed OIGs Leveraging Technology to Adjust to Pandemic Landscape (Apr. 14, 2021) (citing remarks by Renata Miskell, Senior Advisor to the Chief Data & Analytics Officer, HHS OIG).

[2] 10 Key Compliance Priorities, Principal Deputy Inspector General Christi A. Grimm, HCCA 25th Annual Compliance Institute (Apr. 2021); DOJ: No Enforcement for Small PRF Mistakes, 30 Report on Medicare Compliance 8 (Apr. 26, 2021); Remarks of Deputy Assistant Attorney General Michael D. Granston at the ABA Civil False Claims Act and Qui Tam Enforcement Institute (Dec. 2, 2020).

[3] HHS OIG, Fiscal Year 2021 Justification of Estimates for Appropriations Committee 2, 6, 31.

[4] Congressional Research Service, Overview of COVID-19 LHHS Supplemental Appropriations: FY2020 and FY2021 18 ($12 million appropriated to HHS OIG by P.L. 116-139 and P.L. 116-260); Congressional Research Service, American Rescue Plan Act of 2021 (P.L 117-2): Private Health Insurance, Medicaid, CHIP and Medicare Provisions 4 n.15 (Apr. 27, 2021) ($5 million appropriated to HHS OIG for Provider Relief Funds oversight).

[5] Compare U.S. Department of Justice, Summary of Budget Authority by Appropriation with Consolidated Appropriations Act, 2021, P.L. 116-260, Div. B, Title II.

[6] See Granston, supra.

[7] Lamar Johnson, Fed OIGs Leveraging Technology to Adjust to Pandemic Landscape (Apr. 14, 2021) (citing remarks by Renata Miskell, Senior Advisor to the Chief Data & Analytics Officer, HHS OIG).

[8] Melanie Evans, HHS Flags Covid-19 Aid Paid to California Clinic, Wall Street Journal (Mar. 29, 2021).

[9] U.S. DOJ, National Health Care Fraud and Opioid Takedown Results in Charges Against 345 Defendants Responsible for More than $6 Billion in Alleged Fraud Losses (Sept. 30, 2020).

[10] US DOJ, Fraud Statistics Overview, Fiscal Year 2020.

[11] US. DOJ, Dep. Assoc. A.G. Stephen Cox Provides Keynote Remarks at the 220 Advanced Forum on False Claims and Qui Tam Enforcement (Jan. 27, 2020).

[12] Remarks of Deputy Assistant Attorney General Michael D. Granston at the ABA Civil False Claims Act and Qui Tam Enforcement Institute (Dec. 2, 2020).

[13] Evaluation of Corporate Compliance Programs, U.S. DOJ, Crim. Div. (June 2020), at 3, 12.

For a reprint of this article, please contact reprints@law360.com.