The False Claims Act after ACA


Healthcare providers are confronted with a heighted regulatory landscape since the enactment of the Affordable Care Act. Congress has been patently devoted to prosecuting provider practices that conspicuously overbill Medicare or Medicaid. The ability to prosecute providers under the False Claims Act has significantly changed in recently years including recent legislation under the Fraud Enforcement and Recovery Act of 2009 and the formation by the Department of Justice and Health and Human Services of the Health Care Fraud Prevention and Enforcement Action Team (“HEAT”). On the State level, Section 6031 of the Deficit Reduction Act of 2005 created a financial incentive for States to establish legislation to prosecute individuals or entities who submit false or fraudulent claims to the Medicaid program.

In addition to these dramatic changes in the law, language in the Affordable Care Act ushered in a new era of enforcement against fraud, waste and abuse. This new era includes enhanced use of technology such as sophisticated data mining, and other fraud detection methods which has resulted in the Federal government becoming more efficient in identifying false claims. Nevertheless, the government still greatly depends on qui tam relators (private citizens who initiate false claim actions and report such claims to the government for investigation and possible prosecution). Provider liability under the Act can be massive, with penalties between $5,500 to $11,000 per false claim, plus three times the total loss to the government. Qui tam relators, can receive fifteen to thirty percent of the total recovery. Moreover, recent amendments to the False Claims Act enacted under the Affordable Care Act has widened the scope of potential claims that can be successfully initiated and sustained by qui tam relators, especially given the whistleblower protections afforded to these potential claimants. This means, in essence that there is a more definite probability of claims being initiated by past and present employees of health practices under the False Claims Act.

In the last couple of years, Congress has increased funding as part of its committed effort to fight fraud, waste and abuse in the Federal healthcare programs. Approximately $350 million through 2020 has been allocated under the Affordable Care Act toward investigation and prosecution of fraud, waste and abuse. To be found liable under the act, no proof of specific intent is required. Providers can be found liable under the act for knowingly making a false statement to have a Medicare or Medicaid claim paid or approved. The term “knowingly” can mean that the provider or entity acted in deliberate ignorance or reckless disregard of the truth of information submitted to receive payment. If a provider is accused of knowingly submitting a false claim, the provider could see all of  their Medicare and Medicaid payments for care suspended by CMS if there is deemed to be a “credible allegation of fraud” as defined by the Department of Health and Human Services.

What this means is that provider practices should be diligent in their billing practices and institute and evaluate periodically proper controls regarding their revenue cycle. The penalties are too severe not to have proper policies and procedures in place.  In addition, provider practices regardless of size should implement a compliance program in response to these changes in the law and heightened government enforcement actions.  For more information, please contact our firm at info@scottpractice.com.

What is HITECH?


We have found that some are unfamiliar with the Information Technology for Economic and Clinical Health Act also known as “HITECH”. Therefore, we hope this article provides helpful information. HITECH was enacted as part of the American Recovery and Reinvestment Act in 2009 (the “Stimulus Funds”). HITECH expanded the privacy and security rules under HIPAA, including extending liability for security and privacy breaches to the business associates of covered entities under HIPPA. As such, third parties who receive protected health information from a covered entity must execute a written agreement confirming its responsibility to appropriately protect health information from data breaches. The term business associate is broadly defined to include any third party who creates or receives protected health information from a covered entity. Thus, a business associate may include IT specialists, management consultants, accountants or attorneys. Under HITECH the penalties for noncompliance are also more severe than under the original enactment of HIPPA. Finally, HITECH is known for its incentives and penalties regarding electronic medical records and its meaningful use requirements. Requirements of HITECH were implemented on January 17, 2013 under the Omnibus Final Rule.  For more information, please contact our office at info@scottpractice.com.

Operational Risk – Risk of Nonpayment

OnRiske way to think about contract risk is that there are two veins: the likelihood of a breach and the impact of a breach. When a breach of contract occurs, it often requires significant of time, information-gathering, and negotiations in order to prosecute or defend the action.  The lost opportunity cost associated with a breach of contract dispute is in addition to actual costs due to lawyer fees, court cost and other litigation related expenses.  Therefore, it is to entities advantage to minimize the risk and costs associated with breach of contract.

There are risks involved in every agreement for performance of services.  On the buyer’s side there is the risk of nonperformance – meaning the buyer does not receive the services bargained for under the contract.  On the seller’s side there is a risk of nonpayment – meaning the seller does not receive payment for services rendered.  This article focuses on the risk of nonpayment and how to most effectively minimize such risks.

Unless the agreement you have with the other party requires all payment upfront – the contractor accepts some form a credit risks when he or she agrees to provide services to the buyer.  Credit risks is defined as the probability that a party will fail to meet his or her obligations in accordance with the agreed upon terms.  The level of inherent risk (level of risk before considering controls) that a service provider faces with respect to nonpayment for services may depend on a number of factors – but the largest factor will be the parties involved.

Inherent Risks – First step is to identify what is the inherent risk involved when you are contemplating entering into a relationship with the other party. What can go wrong with this relationship?  What could impede your business objectives if you engage with this entity or organization? You need to go through this exercise to better appreciate the risk involved.  Without acknowledging the inherent risk  it is difficult to create effective controls to mitigate risks.  Again, inherent risks is the level of risk prior to assessing the effectiveness of controls. It shows the level of risk that exists if no controls are present.

It is impossible to control for every risk, especially since certain risk remain unknown.  Therefore,  after we assess the risk – we may skew our controls toward those risks that are most probable and with the potential for the greatest lost.  The greater the risk- the more controls that may need to be implemented.

What is Unrelated Business Income?


A 501(c)(3) organization can lose its tax exempt status if earns excessive income from a regularly carried on trade or business that is not substantially related to its tax exempt purpose.   The controlling law for this is found under IRC Sections 511 through 515 and the applicable treasury regulations.  The treasury regulations provide good context regarding the primary objective of the applicable statutes and the definition of “trade or business”.

The primary objective of the unrelated business income tax is to eliminate a source of unfair competition by requiring the same tax basis as nonexempt businesses whenever a tax exempt entity engages in business activity defined under IRC Section 162. For purposes of IRC 513, the term “trade or business” has the same meaning it has in IRC 162.  “Trade or business” generally means any activity carried on for the production of income from (i) selling goods or (ii) performing services.

More simply, a tax exempt organization would be unfairly advantaged if it could engage in business activity and not be taxed in the same manner as a commercial business. Therefore a tax is imposed under IRC 513 when a nonprofit engages in commercial activity. There are also two IRS publications concerning the unrelated tax provisions.  Publication 598 discusses the applicable statutes on unrelated business tax and Publication 1018 provides guidance on how the unrelated business tax applies to churches and church organizations.

To determine whether a tax exempt organization is subject to the unrelated business income tax UBIT, a three part test is first applied.  Three conditions must be met before the tax exempt organization’s activity will be construed as unrelated business activity under IRC 513.

  • The activity must be a trade or business;
  • The trade or business must be regularly carried on; and
  • The trade or business must substantially unrelated to the entity’s tax exempt purpose.

If all three conditions are present, then under IRC 513(a) (1) we look to see an exception to the rule applies:

One exception involves volunteer labor. An unrelated trade or business does not include any trade or business where substantially all the work is performed for the organization by unpaid volunteers.  For example, in St. Joseph Farms of Indiana v. Commissioner, 85 T.C. 9 (1985), a religious organization operated a farm and sold the food commercially.  The farm was operated entirely by unpaid volunteers.  The court ruled that the farming operation was an unrelated trade or business, but because the farm was operated by persons who received no compensation for their farming services, there was no unrelated business tax liability.

Other exceptions to the rule include the “convenience exception” under IRC 513(a)(2) and Regs. 1.513-1(e)(2) which provides that any trade or business carried on by a 501(c)(3) organization for the convenience of its members is not an unrelated trade or business and donated merchandise that is sold by the tax exempt organization is another exception.

It is important that any organization that needs assistance on UBIT issues consult with a lawyer, accounting professional or tax advisor.  This information is not legal advice.  Please, contact our office at info@scottpractice.com if you request assistance.

Should We Outsource Our Healthcare Compliance Program?


It is no longer sufficient to simply have a compliance program.  Today’s federal enforcement landscape places higher demands on Privacy and Compliance Officers not envisioned in years prior.  For example, a more expansive application of HIPPA now includes severe penalties of up to $1.5 million for violations of the same HIPPA provision within a calendar year.   Also, under the Omnibus Final Rule, covered health organizations can be liable for business associates that violate privacy rules under HIPPA or the HITECH ACT.  Increased responsibilities of Compliance Officers reasonably include:

  • Internal Audits of Privacy, Security and Data Transfer Policies and Procedures
  • Review of Potential Data Transmission Vulnerabilities
  • Oversight of Business Associate Relationships and Business Associate Agreements
  • Management of Training and Educational Programs on privacy and security requirements under HIPPA and HITECH
  • Overseeing Enforcement of HIPPA and HITECH policies and procedures

Unfortunately, the responsibilities resulting from the Final Rule under HIPPA are in addition to the time required for proper review, analysis and compliance enforcement of rules concerning EMTALA, Fraud, Waste and Abuse, the False Claims Act, Stark, the Anti-Kickback statute, Conflict of Interest policies and other regulatory requirements.   For this reason, health organizations should explore cost effective alternatives such as outsourcing compliance needs to legal consultants.  The advantage of outsourcing compliance not only includes cost efficiency benefits, but also the ability to protect sensitive client communications through the attorney/client privilege.  Legal compliance firms are better equipped to provide the evaluation and training required under constantly changing regulations such as HIPPA.  For more information regarding HIPPA and HITECH please contact our legal compliance firm at info@scottpractice.com.