Health Care Regulation

Health Care’s Growing Threat

The False Claims Act has opened a hornet’s nest of new exposures for health care providers across the country.
By: and | February 18, 2014 • 4 min read

Health care organizations are facing an unprecedented increase in liability risk as government agencies aggressively use the False Claims Act (FCA) to enforce the exhaustive and complex regulations governing insurance programs.

Under the FCA, government agencies are empowered to seek civil and criminal penalties to redress false claims for federal money or property, such as Medicare benefits. The government’s unrelenting enforcement led to its second largest annual recovery of $3.8 billion. This marks the fourth straight year of recoveries exceeding $3 billion.

In light of the government’s emphasis on enforcement of the FCA, health care organizations participating in Medicare, Medicaid or other government-sponsored insurance programs must take steps to develop their enterprise risk management programs to address this evolving exposure.

Growing Scrutiny

With health care reform a top priority under the current administration, the government continues to execute the aggressive strategy put in place four years ago to combat health care fraud and abuse.


The National Health Care Anti-Fraud Association conservatively estimates that at least 3 percent of health care spending is lost to fraud. The Institute of Medicine estimates that, in one year, the U.S. health care system wasted $750 billion on unnecessary and overpriced medical tests and treatments, administrative fees, medical fraud and missed prevention opportunities.

Results of these investigations, amongst countless other private and government sponsored studies, have led to considerable resources being dedicated to support new anti-fraud efforts. The Patient Protection and Affordable Care Act, for instance, provides $350 million in new funding to fight fraud and abuse over the next 10 years.

To support the Office of Inspector General (OIG) and the Department of Justice (DOJ) in their efforts to crack down on fraud and abuse, other recent anti-fraud enforcement initiatives include the creation of the Health Care Fraud Prevention and Enforcement Action Team, formed in 2009, and the Medicare Fraud Strike Force, launched in March 2007.

However, perhaps the most aggressive initiative was the Centers for Medicare and Medicaid’s passage and expansion of audit programs. Run by third party contractors, the auditors’ sole purpose is to identify, correct and collect improper overpayments.

Since its national roll-out in 2010, the number of targeted organizations and medical records reviewed by Recovery Audit Contractors (RAC) has dramatically increased, according to an American Hospital Association RACTrac survey. For the first six months of 2013, nine out of 10 hospitals reported experiencing RAC activity. Since the fourth quarter of 2012, medical record requests have increased by 47 percent, which makes it worth noting that RAC compensation is directly tied to recovered funds. In a recent hearing, a senator noted that the relatively high rate of successful provider appeals — about 50 percent — “raises questions as to whether RACs are being too aggressive or do not understand current medical practice.”

In addition to RAC audits, health care providers also face the possibility of audits by Zone Program Integrity Contractors and Medicaid Integrity Contractors.

Whistleblowers Encouraged Under the FCA

The False Claims Act also encourages whistleblowers, under its qui tam provisions, to expose an organization’s fraudulent practices. The qui tam provisions permit private parties to file suits seeking recovery under the FCA on behalf of the United States.

In qui tam actions, the whistleblower receives between 15 percent and 30 percent of the recovery. In 2013, the Justice Department saw 752 qui tam suits filed, and recovered a record $2.8 billion in suits filed by whistleblowers.

Billions of dollars have been collected under the FCA. The government’s unrelenting enforcement led to recoveries of more than $5 billion in 2012 and another $4.3 billion in 2013, with recoveries for health care fraud totaling more than $6 billion. Recoveries dating from 2009 to 2013 totaled $17 billion.

In addition to forfeited payments, those found to have violated the FCA could also be subjected to significant damages and per-claim penalties between $5,500 and $11,000.

Recent settlements include:

  • A South Carolina nonprofit hospital system was ordered to pay $273 million to resolve violations of the FCA and the Stark Law. The jury found the system entered into employment agreements with physicians that were not consistent with fair market value or commercially reasonable.
  • A Florida dermatologist agreed to pay $26.1 million to settle allegations that he accepted kickbacks from a pathology laboratory and billed Medicare for unnecessary services. The settlement is one of the largest ever involving an individual under the FCA.

The cost of a FCA action, however, goes beyond damages and penalties. Senior executives may even face criminal charges as a result of the investigations, and publicity from a FCA case can harm an organization’s credibility and reputation. These costs can even put an organization’s future into question.

A Proactive Risk Management Strategy

It’s important that in-house counsel, risk managers and compliance teams work together to develop a proactive enterprise risk management strategy to mitigate these exposures.


One important loss mitigation strategy should be to develop a comprehensive self-audit program, inclusive of a dedicated audit team and compliance committees to oversee the audit process. Recent guidance from the OIG suggests that an organization’s compliance program should also include the following:

  • Conducting internal monitoring and auditing
  • Implementing compliance and practice standards
  • Designating a compliance officer or contact
  • Conducting appropriate training and education
  • Responding appropriately to detected offenses and developing corrective action
  • Developing open lines of communication
  • Enforcing disciplinary standards through well-publicized guidelines

Providers who wish to voluntarily disclose self-discovered evidence of potential fraud to the OIG may do so under the OIG’s Provider Self-Disclosure Protocol. Self-disclosure gives providers the opportunity to avoid the costs and disruptions associated with a government-directed investigation and civil or administrative litigation.

As part of their risk management strategy, providers need to understand the importance of a comprehensive insurance program and how insurance can help them work through the difficulties of FCA related matters.

Management liability insurance policies, specifically D&O policies, typically provide some level of protection against FCA liability, but it is essential that health care organizations ensure they have explicit and state-of-the-art coverage.

From RAC, ZPIC and MIC audits, to litigation filed by whistleblowers or the Department of Justice, health care providers are operating in a new risk environment. By implementing a proactive enterprise risk management strategy, health care providers can reduce the potential for damaging losses.

Keith Lavigne is SVP and national practice leader for the private and nonprofit division of ACE Professional Risk, a unit of ACE Group, New York. Scott Williams is assistant vice president and management liability counsel at ACE Group, New York. They can be reached at [email protected]

More from Risk & Insurance

More from Risk & Insurance

4 Companies That Rocked It by Treating Injured Workers as Equals; Not Adversaries

The 2018 Teddy Award winners built their programs around people, not claims, and offer proof that a worker-centric approach is a smarter way to operate.
By: | October 30, 2018 • 3 min read

Across the workers’ compensation industry, the concept of a worker advocacy model has been around for a while, but has only seen notable adoption in recent years.

Even among those not adopting a formal advocacy approach, mindsets are shifting. Formerly claims-centric programs are becoming worker-centric and it’s a win all around: better outcomes; greater productivity; safer, healthier employees and a stronger bottom line.


That’s what you’ll see in this month’s issue of Risk & Insurance® when you read the profiles of the four recipients of the 2018 Theodore Roosevelt Workers’ Compensation and Disability Management Award, sponsored by PMA Companies. These four programs put workers front and center in everything they do.

“We were focused on building up a program with an eye on our partner experience. Cost was at the bottom of the list. Doing a better job by our partners was at the top,” said Steve Legg, director of risk management for Starbucks.

Starbucks put claims reporting in the hands of its partners, an exemplary act of trust. The coffee company also put itself in workers’ shoes to identify and remove points of friction.

That led to a call center run by Starbucks’ TPA and a dedicated telephonic case management team so that partners can speak to a live person without the frustration of ‘phone tag’ and unanswered questions.

“We were focused on building up a program with an eye on our partner experience. Cost was at the bottom of the list. Doing a better job by our partners was at the top.” — Steve Legg, director of risk management, Starbucks

Starbucks also implemented direct deposit for lost-time pay, eliminating stressful wait times for injured partners, and allowing them to focus on healing.

For Starbucks, as for all of the 2018 Teddy Award winners, the approach is netting measurable results. With higher partner satisfaction, it has seen a 50 percent decrease in litigation.

Teddy winner Main Line Health (MLH) adopted worker advocacy in a way that goes far beyond claims.

Employees who identify and report safety hazards can take credit for their actions by sending out a formal “Employee Safety Message” to nearly 11,000 mailboxes across the organization.

“The recognition is pretty cool,” said Steve Besack, system director, claims management and workers’ compensation for the health system.

MLH also takes a non-adversarial approach to workers with repeat injuries, seeing them as a resource for identifying areas of improvement.

“When you look at ‘repeat offenders’ in an unconventional way, they’re a great asset to the program, not a liability,” said Mike Miller, manager, workers’ compensation and employee safety for MLH.

Teddy winner Monmouth County, N.J. utilizes high-tech motion capture technology to reduce the chance of placing new hires in jobs that are likely to hurt them.

Monmouth County also adopted numerous wellness initiatives that help workers manage their weight and improve their wellbeing overall.

“You should see the looks on their faces when their cholesterol is down, they’ve lost weight and their blood sugar is better. We’ve had people lose 30 and 40 pounds,” said William McGuane, the county’s manager of benefits and workers’ compensation.


Do these sound like minor program elements? The math says otherwise: Claims severity has plunged from $5.5 million in 2009 to $1.3 million in 2017.

At the University of Pennsylvania, putting workers first means getting out from behind the desk and finding out what each one of them is tasked with, day in, day out — and looking for ways to make each of those tasks safer.

Regular observations across the sprawling campus have resulted in a phenomenal number of process and equipment changes that seem simple on their own, but in combination have created a substantially safer, healthier campus and improved employee morale.

UPenn’s workers’ comp costs, in the seven-digit figures in 2009, have been virtually cut in half.

Risk & Insurance® is proud to honor the work of these four organizations. We hope their stories inspire other organizations to be true partners with the employees they depend on. &

Michelle Kerr is associate editor of Risk & Insurance. She can be reached at [email protected]