By James J. McGrath IV, Esq.
Featured in Compliance Today, a publication of the Health Care Compliance Association
April 2010
Download a PDF of this article here.
“You can pay me now, or you can pay me later.” That tag line uttered by a cigar-chomping mechanic was at the heart of a commercial for FRAM® Oil Filters that ran in the 1980s and presented stark alternatives to the question of vehicle engine maintenance. But, just as you can change your oil and filter regularly and still suffer viscosity or thermal breakdown in the automotive world, so too, can you put quality compliance and ethics programs in place in the health care industry and still have breaches. When that happens, your organization or client has to decide who to call, and whether to call them sooner or later.
Some months ago, I was having a cup of coffee with a long-lost friend who has spent the last 20 years investigating insurance fraud. I brought my companion up to speed on how I had left my own 16-year stint in government as a prosecutor and as the chief legal officer of a federally-funded narcotics task force in order to start a specialized corporate investigations practice. Then, I asked for a handicapping of its offering. My friend’s immediate response: “Physician practice groups.”
Subsequent anecdotal evidence seemed to substantiate my friend’s belief that office and support staffs not infrequently use their knowledge of the accounting and billing systems to embezzle money from the physicians they work for or to commit insurance fraud. Not surprisingly, doctors were being pulled into the investigative snare and feeling the sting of criminal or administrative sanctions. A rudimentary example of how this could happen is illustrative.
Say that over the course of five years, an office manager has been drawing cash advances of $200 per month for her own benefit on the practice group’s VISA card that she uses to purchase medical and other supplies. With financial woes and bills to pay, the cash advance scam is easy. The office manager takes the monies, upcodes fictional or extra services and supplies on patient bills, submits them to carriers, receives and deposits the payments, and balances the monthly books. No one is the wiser.
The insurance fraud pass-through works well until a claim audit for one of the patients raises questions as to why he is being charged for a streptococcus swabbing and tongue depressors when his diagnosis is a broken fibula. A call to the state investigators produces an official inquiry with very serious implications for the treating physician and the entire practice group. After all, the doctor and the group have been executing and submitting falsified claim forms for the past 60 months and have received $12,000 in improper insurance payments.
Under federal law, health care fraud is committed by:
[w]hoever knowingly and willfully executes, or attempts to execute, a scheme or artifice (1) to defraud any health care benefit program; or (2) to obtain by false or fraudulent pretenses, representation or promises, any of the money or property owned by, or under the custody or control of, any health care benefit program, in connection with the delivery of or payment for health care benefits, items, or services, shall be fined under this title or imprisoned not more than 10 years or both.1
The term “health care benefit program” means:
any public or private plan or contract, affecting commerce, under which any medical benefit, item, or service is provided to any individual, and includes any individual or entity who is providing a medical benefit, item, or service for which payment may be made under the plan or contract.2
Whether styled “health care fraud,” presentation of a “false claim,” or other offense, each state has analogous provisions in its criminal code. In HCCA’s home state of Minnesota, the law provides that:
[w]hoever with the intent to defraud for the purpose of depriving another of property or for pecuniary gain, commits, or permits its employees or its agents to commit any of the following acts (emphasis added), is guilty of insurance fraud and may be sentenced as provided in subdivision 3:
(a) Presents, causes to be presented, or prepares with knowledge or reason to believe that it will be presented, by or on behalf of an insured, claimant, or applicant to an insurer, insurance professional, or premium finance company in connection with an insurance transaction or premium finance transaction, any information that contains a false representation as to any material fact, or that conceals a material concerning any of the following: ....
(2) a claim for payment or benefit under an insurance policy....3
As to punishment, incarcerations ranging from maximums of 90 days to 20 years, and fines ranging from maximums of $1,000 to $100,000, or both, depending on the amounts of money fraudulently obtained, are prescribed.4
Although the desire for judicial economy usually results in either federal or state court proceedings being brought against accused offenders (but usually not both), they are nonetheless subject to separate prosecutions for the same offense in both forums without running afoul of the double jeopardy clause. Welcome to the prosecutorial crosshairs.
So where does an internal investigation figure into such a scenario, and how does it benefit the physician practice group or other health care provider on the hot seat? To answer those questions, and assuming only federal prosecution, it is instructive to review the applicable provisions of the Federal Sentencing Guidelines Manual and a practical application of its mandates to the fraud scenario set forth.
In the federal criminal justice system, punitive treatment of corporate and other business defendants, regardless of their size, had its origins in the Sentencing Reform Act of 1984. That act was amended by the addition of Chapter Eight to the Federal Sentencing Guidelines Manual in 1991, in order to achieve uniform criminal sentencing of business organizations. These provisions were again revised in 2004, and continue to be revised, to keep them dovetailed with evolving or amended statutory and regulatory provisions applicable to corporations and business entities that take other forms.
Under the Guidelines, favorable sentencing treatment is afforded to companies that police themselves by implementing corporate codes of conduct and other internal standards to ensure lawful operation of their business and other units. Chapter Eight specifically encourages the same by setting forth the framework for computing organizational sentences. Its method is the tried and true “carrot and stick” approach.
Prescribed in Chapter Two is a scoring system whereby all crimes are assigned a Base Offense Level according to the type of criminal conduct, severity, and harm. Additional points are either added for aggravating factors or subtracted for mitigating factors, until a final sentencing total is obtained. These computations are made applicable to business organizations in Chapter Eight, and the final point tally translates into specific incarceration times, fines, and other punitive and remedial measures that are imposed upon those who find themselves convicted in a federal court. As to businesses, effective compliance and ethics efforts are of particular importance in computing this critical sum.
Willful ignorance of an offense is an aggravating factor of no small import, and avoidance of the same requires internal investigation as a part of a larger compliance and ethics effort. This is explicitly set forth in the Commentary to § 8B1, “Remedying Harm from Criminal Conduct,” which states, in pertinent part, that:
(j) An individual [is] “willfully ignorant of the offense” if the individual did not investigate the possible occurrence of unlawful conduct despite knowledge of circumstances that would lead a reasonable person to investigate whether unlawful conduct had occurred (emphasis added).
The avoidance of willful ignorance requires the conducting of an internal investigation, self-reporting (as applicable), cooperation with government investigators and prosecutors, and acceptance of responsibility. In determining whether these criteria have been met, the Commentary to § 8C2.5, “Culpability Score” states, in pertinent part, that:
10. Subsection (f)(2) contemplates that the organization will be allowed a reasonable period of time to conduct an internal investigation. In addition, no [self-] reporting is required by subsections (f)(2) if the organization reasonably concluded, based on the information then available, that no offense had been committed (emphasis added).
Based upon the foregoing, it is plain that not conducting an internal investigation has tremendous potential to hurt the targeted business organization, while doing so certainly cannot hurt – and will likely help – the same company. For all intents and purposes, government has compelled management to conduct internal investigations when the possibility of organizational criminal conduct comes to its attention.
And how does a thorough and accurate internal investigation translate in practice to the sentencing bottom line? A penalty calculation under the Guidelines for the simplified fraud example given above will show this.
First, suppose that the practice group takes no pro-active investigative or self-reporting steps, purposefully under-bills the defrauded insurance companies to make up for their losses and clear its own conscience, and hopes not to be pursued by law enforcement. Now suppose that the practice group loses that bet and the United States Attorney’s Office in Minnesota indicts it on one count of health care fraud. Treated in this fashion, the group would already be receiving a significant and unlikely break, as prosecutors normally charge defendants with as many different crimes as fit the underlying conduct, and in multiple counts for each separate instance of criminal activity. In so doing, the offense levels and resulting penalties can grow arithmetically. Although the conduct described above could easily generate in excess of fifty counts, the single count example keeps the addition and subtraction easier.
Health care fraud is a theft offense and/or an offense involving fraud or deceit. As such, it is scored as a Level 6 offense. Because the loss to the insurance companies exceeded $10,000.00, four points are added to the initial offense score, now making it a Level 10 offense. Assuming that the fraudulent billings went to ten or more insurance companies, two additional points are added to the total, resulting in a Level 12 offense score.5
A Level 12 offense translates into possible incarceration for 10 to 16 months6 (probably for the CEO or managing partner) and a baseline for fine computation of $40,000.7 But that is not the end of the mathematics.
To arrive at a fine range for use in sentencing, a culpability score must first be obtained and then applied to obtain the minimum and maximum [fine] multipliers.To arrive at the culpability score, the organization starts with 5 points. If it can be said that the CEO or managing partner was willfully ignorant of the ongoing fraud or condoned it by not taking reactive steps after its discovery (in accordance with an effective compliance and ethics program), another point is added. Assuming that the organization “clearly demonstrated recognition and affirmative acceptance of responsibility for its criminal conduct” (i.e., pleaded guilty), one point would be deducted.8 The practice group’s culpability score would be 5.
A culpability score of 5 yields a minimum fine multiplier of 1.00 and a maximum fine multiplier of 2.00.9 These two numbers are multiplied by the fine baseline, resulting in a fine sentencing range between $40,000 and $80,000. Whatever the fine from that range ultimately is, it will no doubt have to be paid in addition to restitution of $12,000 plus interest.
Now suppose that the practice group had an effective compliance and ethics program that included the conduct of internal investigations. Although the base offense level would remain at Level 12 and the base fine at $40,000.00, the culpability score would change significantly and with resulting benefit to the organization.
Starting with the 5 baseline culpability score points, the practice group would not accumulate an additional point for willful ignorance and would subtract 3 points for having an effective compliance and ethics program.10 If, as a result of the internal investigation, it was deemed advisable for the organization to self-report and accept responsibility for the criminal conduct (i.e., plead guilty), 2 additional points would be deducted. Under such a best-case scenario, the practice group’s culpability score would be 0, resulting in a minimum fine multiplier of 0.05 and a maximum fine multiplier of 0.200.11 This would translate into a fine sentencing range between $2,000 and $8,000. Again, this would have to be paid in addition to $12,000 of restitution, plus interest, but the difference to the bottom line is significant. And this does not even take into account the possibility of the government being satisfied with the practice group’s response to this crisis and deferring (foregoing) prosecution altogether in return for agreed penalties and recompense similar to that computed above.
Therefore, conducting an internal investigation under such circumstances clearly has Business Judgment Rule and resulting fiscal benefits. But whether to conduct an internal investigation with in-house or outside personnel is largely dependent upon the size of the organization and/or the nature and scope of the inquiry. For critical ones, the Association of Corporate Counsel and the American College of Trial Lawyers12 recommend, as a leading practice, the use of outside specialized counsel that does not regularly perform work for the company.
The rationale behind their respective white papers on this issue is twofold: (a) the unbiased yield of such an independent investigator is more likely to be beyond government reproach and, therefore, more credible; and (b) the attorney-client privilege and work-product doctrine allow the corporate client to hold those investigative results close to the vest and control the timing and extent of disclosure, if at all. As to this latter component, the United States Supreme Court has upheld the protection of investigative results in the corporate setting.13
With respect to physician practice groups or similar-sized health care providers, the use of specialized counsel to conduct an insurance fraud investigation provides the business with critical advantages. First, most smaller- to mid-sized providers do not have in-house staff available to conduct such inquiries. As a result, the option is to go outside or not go at all.
Second, as an internal investigation conducted without bias weighs heavily on a government agency’s decision whether to charge a crime, bring a civil or administrative enforcement action, or defer prosecution, it is indeed likely that the most credence is given one conducted by independent counsel. The same is true in mitigation of punishment. A neutral, detached investigation that results in self-imposed sanctions and remedial measures by the company normally goes far in lessening the incarceration times, fines, judgments, and other punitive measures imposed by courts and regulatory agencies.
Just as vital is the fact that the methodology and results of an independent internal investigation conducted under the direction of an attorney or law firm are protected. The attorney-client privilege and work-product doctrine protections belong to the client. The truth, the whole truth, and nothing but the ugly truth can be ferreted out and remedial and preventative steps taken, and no one, in government or otherwise, need know these details unless the company deems it in its best interest to disclose the same. These are tremendous bangs for the buck.
Of course, in tough economic times, there is always the temptation to save the money that an internal investigation would cost while hoping to fly under the enforcement radar. If the office manager is stealing, he or she can be terminated and sweat equity can pay back the claim money wrongly received. As in the scenario given above, the practice group can eat the loss, chalk the lesson up to experience, and move forward with a clear conscience. After all, what are the odds of getting caught? Better than one might think.
Pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Department of Justice (DOJ) and the Department of Health and Human Services (HHS), established the Health Care Fraud and Abuse Control Program (HCFAC) to investigate and prosecute health care fraud and abuse. Under HCFAC, enforcement actions may be brought as criminal prosecutions, civil actions, or both.
Since 1997, HCFAC has recovered and turned over $10.4 billion to the Medicare Trust Fund as a result of such efforts. In fiscal year (FY) 2006 alone, the federal government won or negotiated approximately $2.2 billion in judgments and settlements, in addition to monies levied in administrative proceedings. On the criminal side of the ledger, there were 836 new health care fraud investigations that were opened by the U.S. Attorneys in FY 2006 to add to their existing 1,677 file caseload. These investigations involved 2,713 potential defendants and ultimately resulted in the conviction of 547 defendants for health care fraud-related crimes. At the same time, DOJ opened 915 new civil health care fraud investigations to augment the existing 2,016 already being undertaken.14
In addition to DOJ and HHS, the Internal Revenue Service (IRS) has independent authority to initiate health care fraud investigations as that conduct relates to under-reporting or non-reporting of income. In FY 2007, it commenced 184 investigations resulting in 68 convictions with a 91.2% rate of incarcerations for an average term of 42 months. In FY 2008, it was 85 investigations resulting in 56 convictions with an 83.9% rate of incarceration for an average term of 35 months, and in FY 2009 it was 67 investigations resulting in 68 convictions with a 79.4% rate of incarceration for an average term of 24 months.15
Factor in the criminal and civil investigations and prosecutions undertaken by each of the fifty states for violations of their several statutes, and there are a lot of chances to get noticed, even when it is the rogue employee, and not the employer, who steps out of bounds.
As in medicine, being proactive versus reactive with respect to compliance issues is an important decision. Like many treatment options, it is driven by a cost-benefit analysis; and “should have” is always a terrible pill to swallow. If securing an independent internal investigation can work to keep a health care organization from being charged with a crime, subjected to civil or administrative enforcement proceedings, or from being punished more severely than it might have otherwise been, then calling someone sooner is the better choice.
James McGrath is the Managing Partner of McGrath & Grace, Ltd., a law firm in Columbus and Cleveland, Ohio, that specializes in conducting independent corporate internal investigations and risk assessments for mid-sized and small businesses worldwide. He can be reached at (216) 378-1240 or at james. This e-mail address is being protected from spambots. You need JavaScript enabled to view it .
1. 18 USC § 1347
2. 18 USC § 24(b)
3. Minnesota Statutes, § 609.611 (Casemaker, 2009)
4. Minnesota Statutes, § 609.52, Subd. 3 (Casemaker, 2009)
5. USSG § 2B1.1(a)(2) through § 2B1.1(b)(2)(A)
6. USSG § 5A
7. USSG § 8C2.4(d)
8. USSG § 8C2.5(a) through § 8C2.5(g)(3)
9. USSG § 8C2.6
10. USSG § 8C2.5(b)(5) through § 8C2.5(f)(1)
11. USSG § 8C2.6
12. Association of Corporate Counsel: “Leading Practices in the Use of External Investigators to Aid in Corporate Investigations.” ACC InfoPAK (2007), and American College of Trial Lawyers: “Recommended Practices for Companies and Their Counsel in Conducting Internal Investigations.” Available at http://www.actl.com/AM/Template.cfm?Section=All_Publications&Template=/CM/ContentDisplay.cfm&ContentID=3390
13. Upjohn Co. v. United States, 449 U.S. 383 (1981)
14. U.S. Department of Health and Human Services and U.S. Department of Justice, The Department of Health and Human Services And The Department of Justice Health Care Fraud and Abuse Control Reporting Program Annual Report For FY 2006, (Washington, DC, 2007)
15. Internal Revenue Service, “Statistical Data – Health Care Fraud.” Available at http://www.irs.gov/compliance/enforcement/article/0,,id=118212,00.html