Liability of Managed Care Administrators and Network Providers
By: Shelley R. Slade - December 2000
This article explores the application of the federal False Claims Act (FCA) to managed care, with specific focus on situations faced by health care administrators. Perhaps unexpectedly, the remedies of this law can penetrate managed care notwithstanding the lack of traditional “fee-for-service” claims submitted to the federal government, and the lack of direct dealings between provider networks and the government.
In the fee-for-service context, the government’s use of the FCA is widely-accepted as an extremely effective tool to redress false claims submitted by medical providers to government health programs. This civil statute covers not only those intentionally cheating the government, but also those “turning a blind eye” to the accuracy of claims. The law provides for triple damages, civil penalties of up to $11,000 per false claim, and sizeable bounties (between 15 and 30 percent of the government’s recovery) for those blowing the whistle. In recent years, an increasing number of informants - - so-called “qui tam” plaintiffs - - have received awards exceeding $10 million. Moreover, the FCA has been the remedy of choice in a wide gamut of health care cases involving fee-for-service providers, including everything from kickbacks to upcoding, unbundling, and billing for ghost patients.
However, over the past two decades, the federal government has used managed care organizations (MCOs) to care for the health of an increasing number of beneficiaries. Medicare, Medicaid, the Federal Employees Health Benefits Program (FEHBP) [1] and TRICARE (a Department of Defense program) all utilize managed care. Is the FCA still viable in this changing environment?
Consider the following scenarios:
1) You work for an MCO managing a Medicare Plus Choice plan. You learn that the enrollment data that the MCO provides Medicare is flawed. Your bosses know of the problem, but decide that a fix should be put on the back burner in light of other pressing concerns. They also postpone efforts to determine how unreliable the data is, and what sort of effect it has had on their payments from Medicare, if any.
2) You are employed by a hospital as an administrator. The hospital has a contract with a Medicaid MCO to provide certain care on a capitated basis. You witness colleagues submitting patient encounter data to the MCO that overstates the care provided enrollees.
3) You manage the “gatekeepers” for a Medicare Plus Choice MCO. Before the MCO will authorize certain procedures, the MCO requires a number of confirming medical opinions. The MCO determines how many opinions to require primarily by examining empirical data on the number of patients that drop their demand for a procedure following the imposition of such a requirement. You learn that the MCO’s policy frequently results in patients not only neglecting to obtain care, but also (i) using personal funds to pay for the care, and (ii) disenrolling in order to have Medicare pay on a fee-for-service basis.
You undoubtedly recognize that these situations involve unethical conduct. But could you or your organization be liable under the civil FCA for false claims on the federal government? The answer is an unequivocal “yes.”
I. Scope of the FCA in the Managed Care Setting
The FCA is aimed at those who knowingly submit false claims to the federal government, or cause the submission of such claims. It also covers those who conspire to use false claims to defraud the government, or those who knowingly make or use, or cause the making or using, of false records or statements to get false claims paid or approved. The FCA is extremely adaptable to changes in the nature of government programs and the types of scams employed to cheat Uncle Sam. A review of the statute, its legislative history, and pertinent case law strongly suggests that the FCA would apply in the context of managed care.
A. The Act Covers All Efforts to Get
the
The FCA contains a broad definition of “claim” to reflect Congress’s desire that the Act be used to address all, non-tax related schemes to bilk the federal fisc -- regardless of whether a formal “invoice” is used, and regardless of whether the claim is submitted directly to the federal government. Thus, the Supreme Court has said that the FCA’s “provisions, considered together, indicate a purpose to reach any person who knowingly assisted in causing the government to pay claims which were grounded in fraud, without regard to whether that person had direct contractual relations with the government.” [2] The courts have applied the Act to cover all types of submissions to the government that result in payment. In 1986, Congress amended the Act to expressly define “claim” to include payment requests by third parties on federal contractors and grantees reimbursed or paid with federal funds. [3]
What this means in the managed care context, first and foremost, is that MCOs providing benefits under federal health programs likely are submitting “claims” subject to the FCA, even though they don’t bill the government on a fee-for-service basis. The Act’s broad definition of “claim” may well encompass MCO enrollment data submitted to Medicaid state agencies for use in determining the amount of capitated fees owed the MCO; certified cost or pricing data prepared by MCOs to obtain contracts with FEHBP; [4] and, certified requests for payment of capitated fees under contracts with the Medicare Plus Choice and TRICARE programs.” [5]
The FCA’s broad definition of “claim” also means that information and bills submitted by providers to government health plan MCOs are within the reach of the FCA, even though the providers don’t submit claims directly to the federal government. It is sufficient that a request for payment is made to an entity which, in turn, is paid with federal government funds. Indeed, the regulations governing the Medicare Plus Choice program affirmatively require Medicare MCOs to inform their subcontractors that they are subject to the laws governing federally-funded programs. [6] Likewise, since the federal government contributes to state Medicaid programs, a provider servicing a Medicaid MCO, such as the hospital with overstated encounter data in scenario two, faces potential FCA liability.
B. The Act Covers Claims that are Implicitly False Because of the Violation of Statutory, Regulatory, or Contractual Requirements
The FCA addresses much more than just claims with express misrepresentations, such as claims for “upcoded” services. In some circumstances, it also covers claims that are implicitly false, such as when a party seeks payment for services that fail to meet contractual standards, or under a contract that was obtained through fraud or other illegal means. In the words of the Senate Judiciary Committee:
a false claim may take many forms, the most common being a claim for goods or services . . . provided in violation of contract terms, specification, statute or regulation. . .
each and every claim submitted under a contract . . ., which was originally obtained by means of false statements or other corrupt or fraudulent conduct, or in violation of any statute or applicable regulation, constitutes a false claim. [7]
1. Violations of Contracts and Rules
While the courts debate the extent to which violations of contracts and legal requirements result in FCA violations, few, if any, courts have challenged the notion that, in at least some cases, knowingly billing the government for care that violates quality standards can result in a violation of the False Claims Act. Such claims can be false because the billed service was not in fact provided (e.g., the services provided were worthless), or because program rules preclude reimbursement for care that doesn’t meet the standard. [8] Using one or the other of these theories, several courts have extended the concept of “implicit falsity” under the FCA to cover claims for health care that fail to meet professional or other standards of care. [9]
In the managed care context, the Act consequently may be available as a remedy in cases involving knowing “underutilization,” i.e., the failure to provide required health care services in order to reduce costs. Indeed, Medicare Plus Choice specifically requires its contractors to provide all contractual benefits “in a manner consistent with professionally recognized standards of care,” and to provide access to those benefits as required by Medicare’s rules; an organization’s compliance with these requirements is considered “material” to its contractual performance. [10] Thus, the Medicare MCO in scenario three that knowingly places undue hurdles in the path of those needing care, while still seeking capitated fees from Medicare, may be at risk of an FCA violation.
The Act also may cover other types of underutilization, such as an MCO’s outright failure to provide a category of care to a group of patients, use of personnel lacking appropriate training or credentials, or inducement to network providers to deny needed care. It may cover other scams in which a MCO knowingly denies taxpayers the benefit of their bargain, such as “cherry-picking” among Medicare-eligible applicants to enroll only the most healthy.
To rise to the level of a FCA violation justifying law enforcement involvement, however, the contractual or regulatory violation would need to be accomplished through a policy or practice with significant impact. In this way, there would be a strong basis for asserting that the MCO satisfied the “knowing” element of the FCA.
2. Use of False Information, Bribes and Kickbacks to Obtain Federal Managed Care Contracts
The Act’s broad definition of “falsity” also means that liability can arise when an MCO obtains a federal contract through false data or the payment of bribes and kickbacks. Indeed, until recently, the government’s almost exclusive use of the FCA in the managed care arena was against contractors alleged to have misrepresented their private sector rate-setting methodology in negotiations with the FEHBP. [11]
C. The Act Covers Those “Turning a Blind Eye”
For a person to be liable under the FCA, the false claims or statements must have been “knowingly” made. The FCA defines “knowingly” so that the Act covers not only those acting with actual knowledge of the falsity of claims or statements, but also those acting with “reckless disregard” or “deliberate ignorance” of their truth or falsity. [12] As Congress has explained, the Act is intended to apply to the “ostriches with their heads in the sand.” [13] No showing of specific intent to defraud is required.
Hospitals, nursing homes and others submitting encounter and other patient data to government-funded MCOs or the government will need to pay particular attention to the “ostrich in the sand” standard. Since data such as encounter data ultimately can affect the level of federal payments, the reckless compilation or submission of data, later found inaccurate, could be deemed a “knowing” submission of false records to get false claims paid.
Indeed, the Department of Justice already has raised the specter of a FCA prosecution in a situation involving a health organization turning a blind eye to the accuracy of data. Thus, in a recent investigation of United Healthcare of Illinois, Inc., the Department alleged violations of the FCA because the company had “non-existent internal controls” over the verification and reporting of whether enrollees were institutionalized, submitted inaccurate information to Medicare as a result, and then received inflated per capita advance payments.” [14]
There is no question but that the federal government is focusing in on the veracity of the data that MCOs submit for the computation of their capitated fees. The recently-enacted rules of the Medicare Plus Choice program require contractors to certify the accuracy of such data. Recent OIG reviews have focused on MCO submissions on the number [15] , institutionalization, [16] and dual eligibility for Medicare and Medicaid (see discussion below) of current enrollees, and on adjusted community rates. [17]
II. Future Enforcement Activity
In the early 1990's, Attorney General Janet Reno announced that she was targeting health care fraud for special enforcement attention. Shortly thereafter, the Department of Justice (DOJ) set up an interagency, managed care fraud working group to coordinate enforcement activity in this area. While DOJ has taken action only in a few such cases to date, several factors indicate that law enforcement’s use of the FCA to remedy managed care schemes is likely to rise.
A. Expanding DOJ Use of FCA Against MCOs and Inadequate Care
First, in the past few years, DOJ has moved beyond the “cost or pricing” cases that arise within the context of FEHPB’s managed care program to use the FCA to address managed care fraud in the Medicare program as well. In 1997, Blue Cross/Blue Shield of Massachusetts paid $700,000, and agreed to implement a rigorous compliance program to settle FCA claims alleging that the company had misrepresented its provider network to HHS. On June 6, 2000, the government announced that Humana, Inc., had agreed to pay $14.5 million to settle allegations that the company had claimed that certain of its enrollees were eligible for both Medicare and Medicaid when they were not, and, by doing so, had bumped up the level of capitated payments for each such enrollee. In November 2000, the Department of Justice announced a $2.9 million settlement with United Healthcare of Illinois relating to the inaccurate data on institutionalization discussed above.
DOJ also has started to use the FCA aggressively to pursue inadequate care by nursing homes, which, like MCOs, are paid prospectively to deliver all needed, covered care. In the words of former Deputy Attorney General Eric Holder:
Unscrupulous practices - implemented solely to wring more money out of the health care system - can pose a direct threat to the lives and health of patients . . . These cases . . . will receive our utmost attention and all appropriate resources. [18]
B. Sustained Vigilance by Investigative Bodies
Second, government investigators are ramping up detection activities. Down the road, these activities may well spin off FCA investigations involving MCOs and their provider networks. [19]
For example, fueled by Congressional funding in the 1996 Health Insurance Accountability & Portability Act, HHS-OIG is scouring Medicare and Medicaid managed care for overpayments. HHS-OIG’s 2001 Work Plan cites 27 projects that will look into Medicare or Medicaid managed care, including reviews of adjusted community rate proposals; enhanced capitation payments based on special status; physician incentive payments; enrollment incentives and disincentives; and duplicate fee-for-service and managed care payments.
Moreover, certain states with large Medicaid populations in managed care, such as New York, Florida, and Texas, are accelerating investigative work. Illustrative of the fruits of this investigation are two larceny convictions recently obtained by New York’s Attorney General. In one case, a large Medicaid MCO had deleted enrollees from doctors’ rosters, and then billed Medicaid and pocketed the capitated fees for those patients nonetheless. [20] In a second case, a medical group improperly used unsupervised physician assistants and nurse practitioners to deliver primary care to Medicaid patients enrolled in Managed Healthcare Systems of New York, Inc –- the state’s largest Medicaid managed care plan. [21]
C. Publicity Concerning use of the FCA.
Third, as law enforcement has struggled with the issue of how to address the excesses of managed care, legal theories have been developed and expounded in conferences, court cases, and other fora, generating publicity concerning the potential applicability of the FCA. This publicity undoubtedly will encourage additional referrals, investigation and litigation in the area.
D. Qui tam Awards for Whistleblowers
Lastly, and perhaps most significantly, the FCA contains generous “bounty” provisions, offering up to 25 or 30% of the United States’ recovery to private persons who file FCA actions on behalf of the United States. [22] When combined with the news that the government is using the FCA in the managed care setting, these bounties will motivate insiders, such as MCO executives and network administrators, to come forward with evidence of fraud.
[1] The Federal Employees Health Benefits Program, administered by the United States Office of Personnel Management, pays for medical care for federal employees, their spouses, and dependants.
[2] United States ex rel. Marcus v. Hess, 317 U.S. 537, 544 (1943).
[3] 31 U.S.C. § 3729(c).
[4] In order to obtain a contract with the Office of Personnel Management to provide managed care benefits to FEHBP beneficiaries, a “community rated” carrier must submit certain data, such as capitation rates and benefits utilization. It then must submit a certificate attesting that its data are accurate, complete and current, and that the carrier’s methodology to determine the FEHBP rates is consistent with the methodology it used to determine rates for similarly-sized subscriber groups. See 48 C.F.R. §§ 1602-170-5 and 1615.804-70.
[5] For example, contractors participating in Medicare Plus Choice are required to “request payment under the contract” on a document on which they certify the accuracy, completeness, and truthfulness of certain data requested by HCFA, “as a condition for receiving a monthly payment” of capitated fees. 42 C.F.R. § 422.502(l).
[6] See 42 C.F.R. § 422.502(h)(2).
[7] S. Rep. No. 99-345, 99th Cong., 2d Sess., 9 (1986), reprinted in 1986 USCCAN 5266, 5274.
[8] See United States ex rel. Lee v. Smithkine Beecham, Inc., 245 F.3d 1048 (9th Cir. 2001); Mikes v. Straus, 274 F.3d 687 (2nd Cir. 2001); United States v. NHC Healthcare Corp., 115 F. Supp. 2d 1149 (W.D. Missouri 2000).
[9] See, e.g., United States ex rel. Lee v. Smithkine Beecham, Inc., supra; United States ex rel. Aranda v. Community Psychiatric Centers of Oklahoma, Inc., 945 F. Supp. 1485 (W.D. Ok. 1996), in which the federal district court said: “a problem of measurement should not pose a bar to pursuing a FCA claim against a provider of substandard health care services under appropriate circumstances.” See also United States v. NHC Healthcare Corp., supra, in which the court held that a nursing home’s billing for inadequate care could violate the FCA since the provider received per diem payments for Medicare-eligible residents in exchange for its agreement to “care for its residents in such a manner and in such an environment as will promote maintenance or enhancement of the quality of life.”
[10] See 42 C.F.R. § 422.502(a)(3).
[11] For example, in 1999, the Office of United States Attorney for the District of Columbia received $9 million and $6 million, respectively, from PacifiCare of Oklahoma, Inc. and Blue Choice Plan of St. Louis, Missouri, to settle, among other things, claims that the carriers had violated the False Claims Act by falsely certifying that the government was paying the same price as other similarly-sized subscriber groups.
[12] For example, in 1999, the Office of United States Attorney for the District of Columbia received $9 million and $6 million, respectively, from PacifiCare of Oklahoma, Inc. and Blue Choice Plan of St. Louis, Missouri, to settle, among other things, claims that the carriers had violated the False Claims Act by falsely certifying that the government was paying the same price as other similarly-sized subscriber groups.
[13] S. Rep. No. 99-345, 99th Cong., 2d Sess., 7(1986), reprinted in 1986 USCCAN 5266, 5272.
[14] “United Healthcare to Pay $2.9 Million to Settle Medicare Claims,” November 22, 2000, Press Release of the United States Attorney for the Northern District of Illinois.
[15] HHS-OIG-Audit, “Review of Payments to Medicare Managed Care Risk Plans for Deceased Beneficiaries,” (A-07-99-01283)(February 10, 2000); HHS-OIG-Audit, “Review of Medicare Managed Care Capitation Payments for Deceased Beneficiaries,” (A-07-99-01298) (May 1, 2001.)
[16] HHS-OIG-Audit, “Review of Medicare Managed Care Payments for Beneficiaries with Institutional Status,” (A-05-98-00046) (April 19, 1999.)
[17] See, e.g., HHS-OIG-Audit, “Review of Administrative Costs Included in the Adjusted Community Rate Proposal for a Missouri Medicare Managed Care Risk Plan, (A-07-00-00107) (February 20, 2001;) HHS-OIG-Audit, “Review of the Administrative Cost Component of the Adjusted Community Rate Proposal for a Northwest Medicare+Choice Organization for Contract Year 2000,) (A-10-00-00013) (May 11, 2001.)
[18] Remarks of Eric H. Holder, Jr., Deputy Attorney General, before the American Health Lawyers Association, October 22, 1998.
[19] For example, the HHS-OIG auditors publicly have stated that their audits of MCO disenrollments prior to expensive procedures have been stalled due to “discussions with investigative staff interested in pursuing some of these cases for improper disenrollment actions.” Audit Report No. A-07-98-01256, discussed above, at 5.
[20] See May/June 1999 issue of “Medicaid Fraud Alert,” a publication of the National Association of Medicaid Fraud Control Units.
[21] See the May 2000, July 2000, and February 2001 issues of “Medicaid Fraud Report,” a publication of the National Association of Medicaid Fraud Control Units.