The enforcement of white-collar crime laws in the healthcare sector is likely to expand under the Biden administration, particularly regarding fraud associated with the billions of dollars in grants Congress allocated to hospitals and other health providers for pandemic relief.
Healthcare organizations should plan now for increased scrutiny, says John Kihlberg, senior director for engagement and client management with H5 in San Francisco. The Coronavirus Aid, Relief, and Economic Security (CARES) Act funds are likely to be supplemented by additional money from Congress — and it comes with a lot of strings attached.
“A lot of different offices were created along with the CARES Act to audit and investigate how that money was used. Fraud is going to be a big issue when that much money is pushed into the system,” Kihlberg says. “The government is likely to use the False Claims Act to look into those areas. If you look at the False Claims Act over the past 10 years, it’s been multibillion-dollar recoveries that the government has obtained. In each of those years, $2 billion of that has been healthcare-focused.”
Past targets have included hot issues such as opioids and upcoding. Now, Kihlberg says fraud related to COVID-19 will take center stage. Recipients of those funds might face many more compliance obligations than they expected, and much closer oversight.
“When this help was initially announced, it was ‘no strings attached.’ That’s really never the case,” he says. “You do have to document how that money was used and have controls around how you’ve audited that, so that when the government comes and asks about that, you have a good story.”
Similar advice relates to the relaxation of some rules regarding telehealth and licensing during the pandemic, Kihlberg says. Although the government made it easier to accommodate those needs during the crisis, investigators may one day want to see justification for those actions, and that providers did not take advantage of those relaxed rules.
Documentation of actions and reasoning will go a long way toward preventing problems in those areas, he says. For instance, if a facility changed its telehealth requirements, document why this was necessary and the understanding at that time of how the changing government regulations made this possible.
Frontline healthcare workers have been pushed to extremes during the epidemic, but administrative staff also have been asked to do more, says Jeffrey Grobart, associate director for professional services at H5 in Chicago. Risk managers should not assume that administrative operations have proceeded normally and that all compliance issues have been addressed.
“Obviously, frontline workers were burdened with an overwhelming crush of demands and needs, but I think that was passed on to the back office folks as well, in terms of keeping track of things and being able to duly record all of the transactions and information that must be accounted for,” Grobart says. “That includes the normal metrics that hospitals are accustomed to tracking, and the new and novel things that came into play. People are working at home where it is harder to put into the typical controls you might use. Layer on to that an influx of new challenges, and you create a prime scenario for lost information.”
Self-audits are more challenging under those circumstances, Grobart says, but government regulators will expect the same level of compliance.
“There is a greater risk when you partner that with an administration that is already showing signs of returning to business as usual after four years of slowly dismantling many aspects of government oversight across many organizations,” he says. “The level of scrutiny from regulators is going to inevitably increase in many industries. It is important for healthcare groups to take stock of what they’ve done over the past year from a financial perspective and every other compliance perspective you can conceive of.”