Earlier this month, the federal District Court for the Northern District of Illinois, in U.S. ex rel. Derrick v. Roche Diagnostics Corp., sustained a whistleblower, or qui tam, complaint under the False Claims Act filed by a discharged employee of a manufacturer of glucose-testing products, and brought against the manufacturer and a Medicare Advantage (managed care) plan, asserting violations of the anti-kickback statute. The whistleblower alleged that the manufacturer (Roche Diagnostics) had compromised an earlier claimed debt owed to it by the Medicare Advantage plan (Humana)  – the so-called “remuneration” or kickback – in exchange for being restored to the plan’s formularies for glucose-testing products covered by Medicare.

Significantly, Medicare paid the managed care plan a fixed, or capitated, monthly amount for all covered health and medical services provided or arranged for each plan enrollee, and no allegation was made that the alleged kickback arrangement with the manufacturer had increased costs to the Medicare program or resulted in the over-utilization of the blood-testing products at the expense of the program.  Rather, the whistleblower, or “relator,” essentially alleged that the claims for monthly capitation payments submitted by the Medicare Advantage plan “were tainted by the alleged fraud” associated with the arrangement.

Key Takeaways

  1. The court’s decision is a stark reminder that health care transactions in managed care programs under Medicare or Medicaid can present risks under the anti-kickback statute and False Claims Act, and the risks are not limited to alleged upcoding of risk-adjustment scores to secure higher capitation payments for the managed care plan.  Nor does an alleged kickback arrangement have to result in overutilization of services or increased costs to the Medicare or Medicaid programs – a scenario more typical in the traditional fee-for-service environment.  Rather, the alleged fraud can be premised on the allegation that the “kickback” unduly influenced or steered the managed care plan to select a particular manufacturer’s products or provider’s services covered by the plan’s capitation payments.  That same risk could arise in  the context of other “all-inclusive” pricing or bundled payment models, where the selection of a particular vendor or participating provider might be similarly tainted by an improper inducement.
  2. The managed care “safe harbor” under the anti-kickback statute, the court held, did not immunize the alleged kickback arrangement to secure the manufacturer’s products on the plan’s formularies. Extending the logic of that holding, the managed care safe harbor would not protect any other improper remuneration or kickbacks offered by providers seeking to participate in a managed care plan’s network, or by suppliers wishing to secure contracts to sell their products, utilized by plan enrollees.
  3. The forgiveness of debt from an earlier or unrelated transaction may be deemed a form of “remuneration”, as broadly defined under the anti-kickback statute to include anything of value. In this case, the managed care plan had actually disputed the manufacturer’s claim, and the manufacturer and the plan then engaged in negotiations to resolve the dispute – what the manufacturer characterized as “simply a routine, arms-length compromise involving a disputed  contractual obligation.”  Nevertheless, the court found the whistleblower’s allegation – that the manufacturer’s willingness to compromise the claimed debt was intended to induce the managed care plan to restore the manufacturer’s products on the plan’s formularies – was sufficient, as a matter of law, to allow the False Claims Act case to go forward into the discovery phase.
  4. The former employee’s claim of retaliatory discharge  under the False Claims Act, asserted against the manufacturer employer, was also sustained based on the asserted nexus – in this case, the coincidence of timing – between the employee’s raising concerns to her supervisors about a potential anti-kickback violation and her termination shortly afterwards.

The U.S. Attorney for the Southern District of Florida recently intervened in a whistleblower lawsuit brought under the federal False Claims Act, alleging fraudulent billing by a pharmacy reimbursed by the federal government. (U.S. ex rel. Medrano v. Diabetic Care Rx, LLC, No. 15-cv-62617, S.D. Fla.)

What makes this case significant is that the U.S. Attorney has also named a private equity (PE) firm as a defendant. This attempted extension of False Claims Act liability to a PE firm should serve as a cautionary tale about the risks to private equity invested in the health care space, for a portfolio company’s management decisions and business operations implicating the fraud and abuse statutes applicable to the Medicare, Medicaid and TRICARE programs.

Read more.

After years of defrauding the U.S. government and taxpayers, Mylan, the maker of EpiPen, last week resolved allegations that it profited at the expense of Medicaid.

On August 17, Mylan and its subsidiaries agreed to pay $465 million to resolve claims they violated the False Claims Act (“FCA”) for knowingly misclassifying its lifesaving EpiPen product as a generic drug to avoid paying rebates owed to the U.S. government.  In a press release, the Department of Justice (“DOJ”) stated, “this settlement demonstrates the DOJ’s unwavering commitment to hold pharmaceutical companies accountable for schemes to overbill Medicaid, a taxpayer-funded program whose purpose is to help the poor and disabled.”

The settlement was first announced in October 2016, amidst fierce public criticism of Mylan’s triple-digit price hikes for the EpiPen, but the settlement agreement, and the fact that Sanofi was the whistleblower, was just released last week.  It is rare for one health care company to blow the fraud whistle on another health care company.

Sanofi’s Qui Tam Suit

Inquiries into Mylan’s misconduct started when rival Sanofi-Aventis US LLC (“Sanofi”) filed a qui tam lawsuit against Mylan under seal in 2016, in the District of Massachusetts, under the whistleblower provisions of the FCA.  The government then intervened in the case.

Sanofi, which had been selling a competing product to Mylan’s EpiPen, alleged that Mylan knowingly misclassified EpiPen as a generic drug, or “non-innovator” product, even though it was marketed and priced as a brand-name product.  Under the Medicaid program, manufacturers must pay higher rebates for brand-name drugs, i.e. drugs only available through a single source.  To avoid price gouging, Medicaid receives a 23 percent discount on brand-name drugs but only a 13 percent discount on generics.  The intentional misclassification of the EpiPen as a generic allowed Mylan to underpay hundreds of millions of dollars in rebates to Medicaid sold through its health coverage program from 2010 to 2016.  During that timeframe, the company increased the price of the EpiPen by 400% but paid the lesser rebate for generic drugs.

Mylan’s $465 Million Settlement

Mylan’s August 17 settlement agreement with DOJ and the Office of the Inspector General of Health and Human Services (“OIG-HHS”) resolves Sanofi and the government’s allegations that Mylan knowingly skirted its rebate obligations under the FCA.

Without admitting any wrongdoing, effective retroactive to April 1, 2017 Mylan reclassified EpiPen as a brand-name product for rebate purposes and Mylan entered into a corporate integrity agreement.  The company’s five year corporate integrity agreement with OIG-HHS requires that Mylan fulfill numerous obligations, including: (1) retain an independent review organization to assess annually whether Mylan is complying with the Medicaid program, and (2) hold executives and board members individually accountable for the company’s compliance with the corporate integrity agreement and federal health care programs.

As the whistleblower, Sanofi was awarded $38.7 million as its share of the federal recovery for alerting the government about Mylan’s misconduct.  Sanofi also stands to recover some money state Medicaid programs will receive under the settlement.

Public Outcry – Mylan’s Settlement “Shortchanges” Taxpayers

Both Republican and Democratic Senators have issued statements showing disapproval with Mylan’s settlement with DOJ.  Senator Chuck Grassley (R-IA) spoke out against the settlement, calling it a “disappointment.”  Senator Grassley continued, “the government’s own watchdog said the taxpayers may have overpaid for EpiPen by as much as $1.27 billion over 10 years.  Did the Justice Department consider the inspector general estimate?  If not, why not?”  Senator Richard Blumenthal (D-CT) also issued a fiery response, saying, “quite simply, the Department of Justice is letting this deceptive pharmaceutical behemoth off the hook.  Absolving Mylan from a finding of wrongdoing has cleared the way for the company to pocket the money it embezzled from an American public in desperate need of lifesaving and affordable medications.”

Mylan is not completely off the hook, at least to other private actions – it still faces Sanofi’s separate antitrust suit in New Jersey federal court.  There, Sanofi alleges that Mylan, to preserve its monopoly over EpiPen-like injectors, offered large rebates to insurers that did not cover competing products.

Yes, you read the title of this post correctly.  Under the False Claims Act, a whistleblower is not required to report compliance concerns internally through a company’s internal reporting system before filing a “qui tam” court action.  Indeed, the False Claims Act — with its potential “bounty” of 15 to 30 percent of the government’s recovery — may actually encourage employees to file suit in the first instance, to qualify as an “original source,” and bypass the organization’s reporting system altogether, thereby frustrating a key component of an effective compliance program.  Whistleblower organizations have recently gone so far as to discourage individuals employed by health care providers from bringing compliance concerns directly to their employer so that they can get a share of the government’s recovery.

A provider or other entity participating in the Medicare or Medicaid programs, however, can mitigate that risk through, among other things, employee training and disciplinary policies encouraging good-faith reporting and the promotion of a culture of compliance, including setting the right “tone from the top.”

Internal Reporting System.  The cornerstone of any effective compliance program is developing and implementing a robust internal reporting system that employees can use to raise any compliance concerns on an anonymous basis.  Among other things, when compliance concerns are brought to the attention of the organization’s compliance personnel, the organization can investigate the issue and take appropriate steps to prevent or remediate any continued potential misconduct.  Likewise, having such a system in place may serve as a defense to liability under the False Claims Act.  Even if improper billing is found to have taken place, evidence that the organization has an effective, anonymous internal compliance reporting system may show that the improprieties were not the result of deliberate indifference or reckless disregard for such practices.

False Claims Act.  Plainly, the risk of treble damages and per claim penalties under the False Claims Act is a powerful incentive for a health care organization to implement an effective compliance program.  What is more, the provision for whistleblower awards under the False Claims Act can be an effective tool to aid the government in detecting and preventing overpayments by Medicare and Medicaid to fraudulent operators and other bad actors.  By allowing whistleblowers to file relator actions under seal and potentially share in any of the government’s recovery — as well as to seek damages for any retaliatory employment action — the False Claims incentivizes employees in the health care industry to come forward with information about fraudulent billing, without the fear of reprisal.

The Tension Between The Two.  At the same time, a whistleblower’s potential recovery can operate as a countervailing disincentive for an employee to report compliance concerns internally.  That is because under the False Claims Act, a qui tam relator is entitled to a “bounty” only if the individual is the “original source” of information to the government about the improper billing practices that are the subject of the relator’s action.  On the other hand, if an employee does dutifully report a compliance concern internally through the organization’s reporting system, and the organization itself reports any overpayments to the government or remediates the misconduct itself, the whistleblower may be unable to sue and recover any “bounty.”  As noted earlier, this point is not lost on the relator bar.

Overcoming The Tension.  How does a provider overcome the entreaties of the relator bar, along with the incentives under the False Claims Act whistleblower provisions, to convince employees with compliance concerns to avail themselves of the company’s internal reporting system?  At the outset, the reporting system must be both effective and credible to instill  confidence in the system so that employees will take full advantage of it – that is, the organization must deliver on its promise of anonymity and protection of good-faith reporting and must follow through on a timely basis with a thorough investigation and meaningful corrective action, if indicated.  Further, a robust reporting system, standing alone, will not be effective unless all other elements of an organization’s compliance program are working effectively as well, starting with a “culture of compliance,” reinforced by the executive team and management, and continuing with inservice compliance training, underscoring the importance of timely reporting and the anonymity and other protections afforded to reporting employees.

Likewise, the organization must have personnel and disciplinary policies that reward good-faith reporting and punish compliance lapses, both for engaging in unlawful conduct as well as for failing to report it.  That said, taking any disciplinary action against an employee who files suit as a relator, without ever having reported the compliance concerns in breach of the employee’s duties, is fraught with the risk that the termination or other action will be challenged as retaliation for filing the False Claims Act action, and that the cited ground — failing to report   — is allegedly merely pretextual.

However, with the proper messaging and training, coupled with a robust anonymous reporting system, the company can give its employees good reason to “do the right thing” and report compliance concerns to the company in the first instance, despite the lure of a False Claims Act bounty.

DOJOn May 31, 2017, the Department of Justice announced a $155 million settlement with eClincialWorks (ECW), an electronic health records (EHR) software vendor, to resolve a whistleblower complaint that alleged violations of the False Claims Act and the Anti-Kickback Statute.  This settlement, the “largest financial recovery in the history of the State of Vermont,” should put EHR vendors on notice, as well as vendors that offer services or products to health care providers: providing misinformation to a government contractor or health care provider about their products or services, or furnishing nonconforming goods or services, may expose them to significant financial exposure under the False Claims Act, even if they do not themselves submit claims to the government.

Background:  Pursuant to the Health Information Technology for Economic and Clinical Health Act (HITECH Act) of 2009, the United States Department of Health and Human Services (HHS) established a program to provide incentive payments to health care providers who demonstrated “meaningful use” of “certified” EHR technology.  The incentive payments are to encourage health care providers to transition to using EHR.  To obtain the proper certification, EHR vendors are required to affirm that their products meet certain requirements adopted by HHS and then pass certain tests by a certifying agency approved by HHS.

Allegations:  The lawsuit, in which the federal government intervened, alleged that ECW falsely attested that its products met the applicable certification criteria and prepared its software to pass the certification testing without actually meeting the certification criteria.  Significantly, ECW was alleged to have violated the False Claims Act because it had “caused” the end user health care providers to submit inaccurate attestations concerning their use of “certified” EHR in support of their claims to the government for “meaningful use” incentive payments.

Settlement:  ECW agreed to pay $155 million to settle the complaint and entered into an onerous, five-year Corporate Integrity Agreement (CIA).  In what the DOJ described as “innovative,” the CIA requires, among other things, that ECW (a) retain an Independent Software Quality Oversight Organization to assess ECW’s software quality control systems, (b) provide prompt notice to its customers of any safety related issues, (c) maintain on its customer portal a comprehensive list of issues and steps users should take to mitigate potential patient safety risks, (d) provide its customers with updated versions of their software free of charge, (e) offer customers the option to have ECW transfer their data to another EHR vendor without penalties or charges, and (f) retain an Independent Review Organization to review ECW’s arrangements with health care providers to ensure compliance with the Anti-Kickback Statute.

Implications:  EHR and other health care vendors cannot assume that their liability is limited to breach of contract or indemnification of its customers.  Rather, the ECW case points to the risk of direct exposure under the False Claims Act, without ever submitting a single claim to the government.  In a similar vein, in the context of the Health Insurance Portability and Accountability Act (HIPAA), software and other vendors may also be directly subject to penalties under HIPAA for breaches of protected health information – as a business associate to their health care provider customers.