Jack Pirozzolo |
Doreen Rachal |
Yet, even though this represents a time of transition for the U.S. Attorney's Office, we expect that the office will continue to make civil and criminal health care enforcement a priority.
The office has always been a leader in both civil and criminal health care enforcement. It has aggressively used the False Claims Act to bring cases alleging violations of the Anti-Kickback Statute, the Food Drug and Cosmetic Act, and other statutes and regulations applicable to the various stakeholders in the health care industry.
The office has also been aggressive in the use of its criminal enforcement jurisdiction to target individuals, companies and entire industries the office may feel have played fast and loose in the highly regulated health care space.
We fully expect that the incoming U.S. attorney, whoever that eventually may be, will be authorized to continue aggressive enforcement of the health care laws in the areas on which the office has historically and traditionally focused.
The transition will also likely bring additional resources and focus on an emerging area of enforcement, namely pandemic-related fraud. The massive stimulus efforts dating back to last year that have continued into this month's $1.9 trillion COVID-19 relief legislation will come with extensive efforts to ensure that the funds are spent properly and as intended.
Last year, the office entered into a memorandum of understanding with the special inspector general for pandemic recovery. While the special inspector general does not have jurisdiction over all of the various stimulus programs flowing from COVID-19 relief, we nevertheless expect that this coordination signals future criminal and civil enforcement activity by the office in connection with the CARES Act, the Main Street Lending Program, the Paycheck Protection Program and the Provider Relief Fund.
We likely will also see enforcement activity related to identity theft matters, unemployment fraud connected with pandemic relief payments, telehealth services, and other potential billing fraud, price gouging and hoarding practices with critical medical supplies, and misbranding.
These areas of enforcement are likely to extend beyond large pharmaceutical companies and medical device manufacturers to providers, payers and research institutions.
Whistleblower activity in and around pandemic-related fraud also likely will increase. The office has openly encouraged whistleblowers who may be involved in the delivery of health care services to report individuals and companies that may be involved in wrongdoing in connection with pandemic-related services and products.
With additional resources and focus on pandemic-related fraud will come increased scrutiny of compliance programs. Both the office and the U.S. Department of Justice have been vocal about the importance of a strong culture of compliance within organizations.
Last year, the DOJ continued its process of augmenting and refining guidance to organizations regarding its evaluation of corporate compliance programs. While that guidance last year did not present any dramatic change from earlier guidance regarding corporate compliance programs, it did show an increased focus on a data-driven evaluation of compliance programs that we expect will continue in the new administration.
By now, most organizations of any size in the highly regulated heath care industry have adopted policies, procedures and training related to key areas of regulatory and enforcement risk, such as, where applicable, sales and marketing practices, pricing, financial relationships and interactions with healthcare professionals, and current good manufacturing practices compliance.
However, in situations in which an organizations faces scrutiny from the office, the fact that the organization may have issued those policies and procedures and conducted training will matter little if the organization cannot show through meaningful objective measurements that employees, in fact, understood those polices and complied with them.
The office will likely discount any organization's attempt to defend itself by pointing to policies and procedures and training if the organization cannot provide evidence that such policies, procedures and training modified behavior and that there were real consequences within the organization for noncompliance.
Another factor that the office and the DOJ will be examining is whether compliance functions have been adequately resourced. They will ask whether an organization has appropriately staffed its compliance department and, as importantly, whether the staff have the appropriate level of experience and expertise.
The office will be looking to determine whether the compliance staff has sufficient expertise to identify areas of risk, including, now, pandemic-related fraud.
As vaccines continue to roll out and we look forward to the day in the near future when the massive organizational disruption caused by the pandemic comes to an end, the prospect of increased enforcement activity still looms. Now would be a very good time for business leaders and in-house counsel to reexamine their compliance structure.
Organizations should ask (1) whether the compliance program adequately identifies and monitors new areas of potential risk; (2) whether the program can adequately measure the effectiveness of policies, procedures and training; (3) whether compliance tools, such as hot lines, are working as intended; and (d) whether the compliance staff has both the resources and expertise to oversee, identify potential areas of weakness and noncompliance, and, where necessary, take appropriate action.
Organizations should also consider implementing lessons learned or countermeasures so that the organization can demonstrate to the office that it appropriately followed up within the organization when confronted with compliance issues.
Committing resources to these areas ahead of time can often pay dividends for organizations that find themselves on the receiving end of a whistleblower complaint. One of the initial questions the office asks of any organization when it opens an investigation is what resources has the organization committed to the compliance function.
Increasingly, the office will be looking for meaningful data from the compliance function when evaluating an organization. An organization that can show, in an quantifiable way, a genuine commitment to providing adequate resources and expertise, as well as meaningful internal investigations when problems arise, will find itself in a far better position when the office begins asking questions.
Jack Pirozzolo is a partner and Doreen Rachal is counsel at Sidley Austin LLP.
This article has been prepared for informational purposes only and does not constitute legal advice. This information is not intended to create, and the receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this without seeking advice from professional advisers. The content therein does not reflect the views of the firm.
For a reprint of this article, please contact reprints@law360.com.