Volume 16 | April 2021

NEWSLETTER

CONNECT WITH US ON LINKEDIN

‌

Patient Recruiter Slapped with 10-Year Prison Sentence for Conspiracy to Commit Healthcare Fraud  Ivan Scott, of Florida, was sentenced this week to 10 years in prison for his involvement in a conspiracy to submit fraudulent claims to Medicare for genetic testing.  Scott was the owner of Scott Global, an Orlando telemarketing call center. Through his company, Scott targeted Medicare beneficiaries with telemarketing calls that induced beneficiaries to take expensive genetic cancer screening tests by falsely claiming such tests were covered by Medicare. Each genetic test costs approximately $6,000.  After beneficiaries agreed to take the test, Scott paid bribes and kickbacks to telemedicine companies to obtain doctors’ orders authorizing the tests. The telemedicine doctors approved the tests even though they were not treating the beneficiaries for cancer or symptoms of cancer. In some cases, the doctors never even spoke to the beneficiary.  Scott then sold the genetic tests and doctors’ orders to labs in exchange for illegal kickbacks. Scott concealed these illegal kickbacks with invoices that appeared as if Scott was being paid for hourly marketing services, rather than receiving fees based on referral volume.  In less than 6 months, labs submitted more than $3.3 million in claims to Medicare for the genetic tests that Scott had referred. Medicare reimbursed the labs over $1.3 million. Scott personally received nearly $200,000 for his role in the conspiracy.   On January 8, 2021, Scott was convicted by a federal jury on one count of conspiracy to commit healthcare fraud, three counts of healthcare fraud, one count of conspiracy to pay and receive unlawful healthcare kickbacks, and three counts of receiving unlawful kickbacks. On April 14, 2021, Scott received a 10-year prison sentence for his involvement in the conspiracy.  The government was keenly focused on the misuse of telemedicine to carry out the criminal acts: “The defendant used telemarketing and telemedicine to defraud Medicare of more than a million dollars for unnecessary genetic screening tests[.] The department will continue working with our law enforcement partners to bring to justice those who seek to use new technologies to plunder our government healthcare programs.”

Gensler Sworn in as SEC Chairman On April 17, Gary Gensler was sworn in as Chair of the Securities and Exchange Commission (SEC). After being nominated by President Biden on February 3, 2021, Gensler was confirmed by the Senate in a 53-to-45 vote on April 14. Gensler is a non-attorney, and will be the sole non-attorney serving on the Commission. According to his MIT faculty profile, Gensler earned his MBA from The Wharton School, University of Pennsylvania, and is a former partner at Goldman Sachs. Gensler’s career includes multiple forays into public service, including serving as senior advisor to Senator Paul Sarbanes in drafting the Sarbanes-Oxley Act (2002) and as chairman of the U.S. Commodity Futures Trading Commission (CFTC) under President Barack Obama. After his years on Wall Street, Gensler is not viewed as an enemy to business by businesspeople or conservative politicians, and his reputation as a reformer and champion of investor protection helped him garner the support he needed from the Democratic Caucus to be confirmed.   Gensler’s leadership is likely to lead to a transformative period for the SEC, as it did for the CFTC. As head of the CFTC, he led the enforcement effort in the LIBOR manipulation investigation, which may inspire an increased focus at the SEC on market manipulation. We are likely to see the impact of this priority early on in Gensler’s tenure with investigations and potential enforcement actions for market manipulation in connection with the recent GameStop stock trading controversy. Also notable is Gensler’s most recent position as a professor teaching courses on Financial Technologies at MIT, which will likely inspire an increased emphasis at the SEC on the use of Big Data and artificial intelligence. Gensler’s role in drafting the Sarbanes-Oxley Act demonstrates that he expects a lot of publicly traded companies, and he is likely to use the vast tools at his disposal as Chairman of the SEC to ensure that those companies promote fair and transparent markets.

Chilivis Grubman News

FREE Webinars   Chilivis Grubman offers FREE on-demand webinars on various legal and compliance matters. Access the free webinars here. New Publication Chilivis Grubman partner Scott Grubman's latest article, entitled "Reading the Tea Leaves: False Claims Act Enforcement Under the Biden-Harris Administration," was published in March in the ABA Health eSource. You can read the article here.

Presentations Scott Grubman presented at the Healthcare Compliance Association (HCCA)'s 25th Annual Compliance institute, and the 2021 National Bar Association's Midyear Conference. Lauren Warner presented at the 2021 Ohio Collaborative Laboratory Conference. Scott Grubman and Christian Dennis presented to the American Society of Interventional Pain Physicians (ASIPP).  Christian Dennis served as a panelist discussing telehealth during the North Carolina Bar Association's Health Law Section Annual Continued Legal Education Program.

FTC Proceeds with Physician Group and Healthcare Facility Merger Study Consolidation in the healthcare industry continues, however the Federal Trade Commission ("FTC") is paying close attention (and not just to large health system mergers). As Chilivis Grubman discussed previously, the FTC has been particularly active in the healthcare industry in 2020 and moving into 2021.   On April 14, 2021, the FTC released a summary on its ongoing research into physician group and healthcare facility mergers. As explained by Michael G. Vita, the Deputy Director of Research and Management with the Bureau of Economics ("BE"), the FTC seeks to further understand how consolidation in physician and clinical services has affected competition. The FTC announced the study in January, 2021, alongside orders to six insurance companies to provide information to allow for the FTC’s retrospective review.  Notably, this study focuses on physician group and outpatient facility consolidation, but not inpatient hospital facility mergers (as was the focus of eight prior studies). This shift is one of many signals from the FTC indicating an increased focus on physician group mergers.  The current project includes a retrospective review of claims data received from six insurance companies (Aetna, Anthem, Cigna, Florida Blue, Health Care Service Corporation, and United Healthcare) across fifteen states (including Georgia), regarding certain physician group and healthcare facility mergers that occurred between 2015 and 2020. Specifically, the FTC’s project aims to examine the following through analysis of the acquisition of physician practices by hospitals and mergers of multi-specialty physician practices:  How horizontal mergers have affected provider prices and whether price effects have been more pronounced for mergers involving certain medical specialties; How horizontal mergers affect non-price outcomes, including health outcomes for patients of merged providers; and How vertical mergers in provider markets have affected competition. Separately, the project will also review horizontal non-inpatient healthcare facility mergers between competing healthcare facilities (such as imaging or dialysis centers), to evaluate how such mergers impact prices paid by commercial payers, patient outcomes, and measurable efficiencies.  The summary did not provide an expected date for the results of the study, though it is expected to take several years to complete and the BE intends to release a series of research papers throughout the course of the study.

Largest Urgent Care Provider in South Carolina Settles False Claim Act Allegations for $22.5 Million On April 8, 2021, the U.S. Department of Justice issued a press release announcing a $22.5 million settlement with South Carolina’s largest urgent care provider – Doctors Care, P.A. (d/b/a/ “Doctors Care”) – and its management company, UCI Medical Affiliates of South Carolina, Inc. (“UCI”). The settlement resolves alleged False Claims Act ("FCA") violations.   The federal FCA imposes liability on “any person who [among other things] … knowingly presents, or causes to be presented, a false or fraudulent claim for payment” to the federal government or who “knowingly makes, uses, or causes to be made or used, a false record or statement material to a false or fraudulent claim.” 31 U.S.C. § 3729(a). Those who violate the FCA are liable for civil penalties of over $23,000 per claim, plus treble damages.  Id. at §3729(a)(1)(G). The case against Doctors Care was brought under the qui tam provisions of the FCA, which allows a whistleblower (known as a “relator”) to initiate an FCA action on behalf of the government and to receive a portion of the recovery.   According to the press release, Doctors Care allegedly committed an unfortunately all-too-common violation – submitting claims under the billing credentials of a provider that did not provide services to the patient or did not provide services as detailed in the submitted claim. Such submissions may violate the FCA. CG attorneys discussed a federal case with similar facts that resulted in over $1.1 million in damages and penalties.  For a period of over five years (as early as 2013 and continuing to 2018), UCI allegedly could not secure and maintain necessary billing credentials for most of Doctors Care’s providers. The press release notes that UCI knew that federal insurance programs would not pay claims submitted with the billing number of an uncredentialed provider and developed a scheme to link uncredentialed providers with credentialed providers. Claims of uncredentialed providers were allegedly submitted using the billing number of the linked credentialed provider, who did not render the care described in the submitted claim. The government alleges the existence of email evidence memorializing the linking scheme and cheat sheets used to track properly credentialed providers.   In addition to the $22.5 million settlement, Doctors Care and UCI entered into a Corporate Integrity Agreement, which includes claim reviews for five years by an Independent Review Organization and monitoring. While the press release did not provide the whistleblower’s share of the qui tam action, the potential recovery for whistleblowers presents a lucrative opportunity. Whistleblowers of a successful case are entitled to 15% to 30% of the money the government recovers, depending on whether the government intervened.   The press release also provides two important notes about the investigation. First, the settlement occurred after a three-year investigation, which is consistent with FCA cases and investigations that are notorious for lasting many years. Second, the investigation was a cross-agency coordinated effort that included the U.S. Department of Health and Human Services Office of Inspector General (“HHS-OIG”) and the United States Department of Defense Criminal Investigative Service (“DCIS”) and its law enforcement partners.

Physician Indicted After Allegedly Defrauding Three COVID-19 Relief Programs On April 8, 2021, the U.S. Department of Justice issued a press release regarding a Colorado physician who is accused of stealing nearly $300,000 from three COVID-19 relief programs – the Accelerated and Advance Payment Program (“AAPP”), the Provider Relief Fund (“PRF”), and the Paycheck Protection Program (“PPP”). The AAPP provides necessary funds when there is a disruption in claims submission and/or claims processing. CMS generally offers the funds through the AAPP during select national emergencies and natural disasters to accelerate cash flow for affected healthcare providers and suppliers. The PRF, with billions in allocations, reimburses eligible providers for healthcare-related expenses and lost revenue attributable to COVID-19. And under the PPP, loans are available to cover salaries and other expenses and are government-backed, low-interest (1%), and forgivable if certain criteria are met.  According to the press release, the physician allegedly stole approximately $118,000 in COVID-19 related government relief funds from the AAPP and the PRF. As part of the theft, the physician allegedly transferred the $118,000 from a medical clinic to his bank account. Some of the money transferred was used on travel and home improvements. After being terminated from his practice, the provider allegedly applied for a $179,999 loan under the PPP on behalf of his former employer’s practice. He diverted the PPP funds to his bank account. Unbeknownst to his former employer, the provider then filed bankruptcy on behalf of the clinic.  The provider was charged with theft in connection with healthcare, theft of government property, wire fraud, and making a false statement in a bankruptcy proceeding, according to the press release. The provider’s charges also mark what could be the second criminal case related to the PRF. While some may consider the provider’s alleged actions as unusually brazen, such alleged activities are more common than some may assume. Medical practices and their leadership should implement proper policies, procedures, and systems to reduce the impact that a rogue employee/former employee can inflict upon a medical practice. Medical practices should also be prepared to respond appropriately, with advice and assistance of counsel, to any government investigation that may arise from nefarious actions of employees/former employees, as the identity of the target and the victim may not be distinguishable or initially clear to government investigators.

CMS Directs Hospital Surveys to Resume This past January, and in the middle of a winter surge in COVID-19 hospitalizations, the Centers for Medicare and Medicaid Services (“CMS”) released a Quality, Safety & Oversight Group (“QSOG”) and Survey & Operations Group (“SOG”) memorandum addressed to state survey agency directors that severely limited hospital survey activity for a thirty-day period. CMS later extended the hospital surveys suspension through March 22, 2021. As part of the suspension, CMS limited any on-site surveys to complaint surveys involving allegations of immediate jeopardy and noncompliance with Medicare hospital conditions of participation requiring immediate action. Recertification surveys were also suspended but for a limited number of hospital reaccreditation surveys, and hospital enforcement actions (excluding those that represented immediate jeopardy) were extended for at 30 thirty days.    On March 26, 2021, CMS released a new QSOG and SOG memorandum, effective immediately upon release, that lifted the surveys suspension and indicated to state survey agencies that on-site activity may resume in accordance with survey guidance that CMS released in August, 2020. Further, CMS directed that the following actions be taken: Any complaint surveys received during the suspension period that were delayed because of the suspension must be investigated within 45 days. Any hospitals that were permitted to delay submission of a Plan of Correction (“POC”) because of the suspension must submit their POC within 10 calendar days, though any providers experiencing a COVID-19 outbreak in their area and therefore having difficulty implementing a POC may reach out to their state survey agency or CMS and request an extension. State survey agencies may resume offsite “desk reviews” for any open surveys citing any level of noncompliance for the period between January 20, 2021, and March 22, 2021, except for cases involving immediate jeopardy requiring onsite revisits.   For any onsite revisits that are authorized to resume, state survey agencies must ask facilities to submit evidence that supports correction of noncompliance so that a desk review can be performed. State survey agencies may, at their discretion, include the clinical area of concern cleared during a desk review in the next onsite survey. Hospitals with open enforcement actions (excluding those that constitute immediate jeopardy) have at least 60 and up to 90 days to demonstrate compliance.  Despite the ongoing vaccine distributions, the COVID-19 pandemic continues to be a public health emergency and CMS maintains authority to further modify hospital survey procedures (or even suspend surveys again).

DOJ Charges Georgia Tech Professor with Visa Fraud In a March 24 press release, the U.S. Attorney’s Office for the Northern District of Georgia announced that it had charged a professor at the Georgia Institute of Technology with conspiracy to commit visa fraud, conspiracy to commit wire fraud, and wire fraud. The government alleges that Gee-Kung Chang, a Georgia Tech professor, and Jianjun Yu, a research director at ZTE USA—a subsidiary of ZTE Corporation, a partially state-owned Chinese telecommunications and information technology company—conspired to improperly bring Chinese nationals to the United States to serve as researchers at the company. The government alleges that Chang deceived both the United States and Georgia Tech in submitting visa applications as part of the scheme. The United States permits entry to researchers around the world via the J-1 visa program. The program allows participants to engage in work-and-study-based exchange programs with sponsor institutions, such as Georgia Tech. J-1 visas are sought after around the world, and the government alleges that Chang and Yu’s actions prevented deserving candidates from participating in the program. Instead of participating meaningfully in the program, the government alleges that the Chinese nationals who entered the United States performed work in the company’s New Jersey location that would have required a work visa rather than a J-1 visa. The government further alleges that some of the Chinese nationals were even paid salaries by Georgia Tech while working in New Jersey. Visa fraud is a form of immigration enforcement that remains consistent between administrations. Regulations governing visas impact nearly every industry in the United States. Companies and individuals that engage in unlawful conduct run the risk of criminal enforcement by the Department of Justice. However, one aspect of these investigations that is often overlooked is the potential for civil False Claims Act enforcement against companies and individuals. Different visas require different fees to be paid to the U.S. government in order to obtain the visa. Defendants engaging in visa fraud often fail to pay the fees mandated for the type of visa that should have been obtained. That failure can form the basis of a reverse False Claims Act action against the defendant. So along with potential criminal liability, defendants could face treble damages stemming from their failure to pay.

QUOTE OF THE [EARTH] MONTH "[T]he care of the earth is our most ancient and most worthy, and after all our most pleasing responsibility. To cherish what remains of it and to foster its renewal is our only hope." Wendell Berry

Application Deadline for PPP Loans Extended Through May 31, 2021 Many healthcare providers have already taken advantage of the significant funds that the federal government has distributed over the past year to assist businesses during the pandemic. For any small businesses that have not yet applied for a Paycheck Protection Program (“PPP”) loan through the Small Business Administration (“SBA”) – and for a certain limited number of small businesses who are eligible for a second draw – there’s still time. On Tuesday, March 30, President Biden signed an extension for the SBA’s PPP loans, moving the deadline to apply for a PPP loan from March 31, 2021, to May 31, 2021, and extending the period for authorizing the PPP loans through June 30, 2021. PPP loans, originally introduced by the CARES Act in April 2020, are government-backed, low-interest (1%) private loans for which certain eligible small businesses may apply. PPP loan funds may be used to assist with payroll, rent, utilities, and other eligible expenses (1) , and mature after two years (if issued before June 5, 2020) or five years (if issued after June 5, 2020), though it is anticipated that most PPP loans will be partially or fully forgiven if the loan recipient complies with loan forgiveness terms. The primary forgiveness requirement is for the loan recipient to maintain employee and compensation levels during the 8–24-week covered period following the loan disbursement. Since the CARES Act became law, PPP loan eligibility requirements and application periods have been modified multiple times. Most recently (and in addition to last Tuesday’s application period extension), the American Rescue Plan Act of 2021 expanded eligibility for PPP loans to include certain types of non-profit, tax exempt organizations.   Currently, first draw PPP loans are available to the following businesses, if they have been affected by COVID-19: (i) sole proprietorships, independent contractors, and individuals who are self-employed; (ii) certain small businesses that meet the SBA’s size standards (2); (iii) certain 501(c)(3) and 501(c)(19) non-profits and tribal business concerns; and (iv) businesses in the accommodations and food services industries that have more than one physical location but employ less than 500 individuals per location. Businesses may apply for a second PPP loan if they will have used all funds from their first PPP loan by the time they receive the second PPP loan, employ less than 300 individuals, and have experienced a decline in gross receipts of at least twenty-five percent (25%) in any quarter of 2020 compared to the same quarter in 2019. Businesses interested in applying for a first or second PPP loan should visit the SBA website to be matched with a lender and to download and begin preparing borrower application forms. Practice Tips for PPP loan recipients: Any entity that receives PPP funds should keep diligent and detailed documentation on how the funds are used and should focus spending on “eligible expenses” to maximize the percentage of the PPP loan that is ultimately forgiven. As mentioned above, the terms around the PPP loan eligibility requirements and loan forgiveness requirements have been modified multiple times, so business entities should be careful to revisit the SBA PPP loan requirements regularly to ensure they are updated on the current definition of an “eligible expense.” PPP loan recipients should also carefully consider PPP loan forgiveness requirements before making any change in employee retention or compensation levels. In the event of an employee or compensation change – document, document, document.  Note that currently, loan recipients must spend at least 60% of the loan on employee payroll costs to qualify for loan forgiveness, however this percentage has been modified over time, and PPP loan recipients should revisit and track the correct minimum percentage to be spent on payroll costs during their applicable covered period.   Small business size regulations can be found at 13 CFR Ch. 1, Pt 121, et seq.

HHS Updates FAQs Related to Terms and Conditions of Provider Relief Fund During the early days of the COVID-19 pandemic, the government enacted the CARES Act. The CARES Act includes a Provider Relief Fund ("PRF”) of more than $100 billion. The PRF reimburses eligible providers for healthcare-related expenses and lost revenue attributable to COVID-19. CG attorneys have cautioned CARES Act and PRF recipients about the government’s strict oversight of Cares Act funds.   There are a host of applicable terms and conditions with which all PRF recipients must attest to complying. One example of such a condition is the requirement that PRF recipients submit documentation to substantiate that PRF funds received were used for healthcare-related expenses or lost revenue attributable to COVID-19.  To assist recipients with compliance, HHS maintains a webpage dedicated to frequently asked questions (“FAQs”) on various compliance-related issues. HHS’ responses to the FAQs provide recipients and compliance professionals with valuable insight on HHS’ interpretation of PRF provisions and expectations of PRF recipients. However, HHS frequently modifies its responses to FAQs, so vigilance is key.   On March 31, 2021, HHS modified several responses to its FAQs related to the following terms and conditions of PRF funds:   1.Whether HHS intended to recoup payment made to providers not tied to specific claims for reimbursement. Response: HHS noted that PRF terms and conditions require that recipients can demonstrate that lost revenues and expenses are attributable to COVID-19, not including expenses reimbursed by or reimbursable from other sources. HHS noted that it may audit recipients to ensure compliance with PRF requirements. PRF payments made in error, that exceed lost revenue or expenses due to COVID-19, or that do not otherwise meet PRF requirements must be returned and HHS may recoup improper funds.  2. Whether there is a deadline for providers to use PRF funds. Response: HHS noted that PRF funds “must be expended no later than June 30, 2021.” HHS acknowledged that it has not provided PRF recipients instructions on returning funds, but explained that such instructions would be provided in the future.    3. Whether a provider must have incurred eligible expenses and losses higher than PRF payment received to accept a payment.  Response: HHS explained that when a provider accepts PRF funds, the provider need not be able to provide that lost revenues and expenses from COVID-19 met or exceeded their PRF payment (excluding those expenses reimbursed or reimbursable by other sources). However, HHS cautioned that it may perform audits and recoup funds.  4. What oversight and enforcement mechanisms will HHS use to ensure providers meet the Terms and Conditions of the Provider Relief Fund?  Response: HHS explained that it monitors and oversees the PRF funds and disbursement of such funds. HHS’s Office of the Inspector General, which investigates fraud, waste, and abuse, may also review PRF funds disbursements.  HHS also recently modified responses to FAQs related to ownership structures, financial relationships, and the use of funds. PRF recipients should carefully monitor HHS guidance and resources, including the FAQs section of the website for important compliance information related to PRF.

OCR’s Right of Access Initiative: OCR Announces More Settlements The HIPAA Right of Access Initiative by the U.S. Department of Health and Human Services’ ("HHS") Office of Civil Rights ("OCR") was first announced in 2019. Under the initiative, OCR is committed to vigorously enforce the HIPAA rules that allow patients to access their protected health information, as delineated in 45 C.F.R. § 165.524. Since the initiative’s announcement, there have been eighteen settlements related to patients’ right of access enforcement actions.   In February, CG attorneys wrote about the fifteenth and sixteenth settlements associated with the HIPAA Right of Access Initiative. Within the first six weeks of 2021, OCR secured three published HIPAA Right of Access Initiative settlements totaling nearly $350,000. Add two more to the list – OCR announced its seventeenth settlement on March 24, 2021, and its eighteenth settlement on March 26, 2021.   OCR’s Seventeenth Right of Access Initiative Settlement On July 5, 2019, OCR received a complaint alleging that Arbour Hospital did not timely respond to a record request made on May 7, 2019. OCR provided technical assistance to Arbour on the HIPAA right of access requirements. On July 22, 2019, the patient filed a second complaint with OCR alleging that Arbour had yet to provide the requested records.  OCR initiated an investigation and noted that Arbour provided the patient with a copy of the requested records in November 2019, six months after the original request and four months after the first complaint. OCR determined that Arbour potentially violated HIPAA’s right of access rules. Arbour agreed to pay $65,000 to settle the potential violation. Arbour also agreed to a corrective action plan with a one-year term. The settlement was not an admission of wrongdoing by Arbour, nor a concession by HHS that Arbour did not violate HIPAA.  OCR’s Eighteenth Right of Access Initiative Settlement On September 7, 2019, OCR received a complaint filed by a patient of Village Plastic Surgery (VPS). The patient alleged that VPS did not provide the patient a copy of his/her medical records, despite the patient requesting the records in August 2019. OCR initiated an investigation and determined that VPS did not timely provide the records, potentially violating HIPAA’s right of access requirements. Covered entities are generally required to act on an access request within 30 days of receiving the request, and within 60 days under certain circumstances. Ultimately, the patient’s records were sent to the patient because of OCR’s investigation.   VPS agreed to pay $30,000 to settle the potential violation and agreed to a corrective action plan with a two-year term. The settlement was not an admission of wrongdoing by VPS, nor a concession by HHS that VPS did not violate HIPAA.  In many of the HIPAA Right of Access Initiative settlements, OCR initially provides technical assistance and does not initiate a formal investigation until there is a second complaint against the covered entity related to that technical assistance. However, the VPS settlement appears to mark the second HIPAA Right of Access Initiative enforcement action resulting in a settlement without OCR providing prior technical assistance or subsequent to a second complaint. Neither the press release nor corrective action plan indicates whether technical assistance or a second complaint was made before OCR’s investigation.   OCR has secured five settlements in the first three months of 2021, totaling nearly $450,000. The HIPAA Right of Access Initiative shows no signs of slowing and enforcement actions likely will continue. Similar to his predecessor, Acting OCR Director Robinsue Frohboese’s stance on OCR enforcement actions related to HIPAA right of access is clear: “[c]overed entities must comply with their HIPAA obligations and OCR will take appropriate remedial actions if they do not.”  Covered entities should ensure familiarity and compliance with HIPAA requirements, including a patient’s right to access protected health information. Patients’ rights under HIPAA to access protected health information are located at 45 C.F.R. § 165.524 and there is HHS guidance on the topic. As demonstrated in VPS’ settlement, OCR may not always provide technical assistance or a second opportunity to comply with HIPAA’s right of access standards and covered entities should not expect nor rely upon OCR providing such opportunities.

To read all of this month’s client alerts, please visit our website blog by clicking our link below:

Read Our Client Alerts

CONNECT WITH US ON LINKEDIN

‌