Action Items for Recipients of Provider Relief Funds to Mitigate Risk Related to Fraud Allegations

In our last article, we discussed how recipients of payments from the Provider Relief Fund are at risk for allegations of fraud and specifically addressed how these recipients may become targets of False Claims Act (FCA) allegations. We now take a more in-depth look at best practices for mitigating risk and responding to fraud allegations in connection with the Provider Relief Fund.

First, a brief refresher: Acceptance of payment from the Provider Relief Fund subjects the recipient to various requirements that cover the use of the funds, documentation, and reporting. Recipients are required to sign an attestation certifying various aspects of the recipient’s use of the funds, compliance with relevant statutes and regulations, and accuracy and completeness of future reports and documentation to be submitted to HHS. These certifications can become the subject of fraud allegations under the FCA and result in civil liability with significant monetary penalties. The government has already said that investigating and prosecuting allegations of pandemic-related fraud will be a top priority.

Fortunately, there are actions you can and should take now to not only mitigate the risk of future fraud allegations, but also ensure you are armed to defend against these allegations, should they ever arise.

1. Keep Detailed Records

Allegations of fraud in connection with the Provider Relief Fund may not arise for a number of years. Keeping detailed records now will establish the facts that may not be easily recalled as time passes and the events and decisions you previously made become foggy. You should maintain complete and accurate records related to the Provider Relief Fund, including any correspondence with the government and any financial institutions providing the funds. These records should be updated regularly and reviewed to ensure nothing is missing or unclear.

Documentation today will create an audit trail for the future and help defend against any allegations of fraud or misconduct that may arise. Ideally, the records should be maintained to a level where an unrelated party could review them and know exactly 1) how much was received, 2) how much was spent and on what, 3) the content of every communication with the government or any financial institutions regarding the payments, and 4) the rationale for any decisions made or interpretations of guidance in connection with the payments.

2. Ensure Document Retention

In addition to keeping detailed records related to the Provider Relief Fund payments, you should ensure all documents related to the payments, including the underlying documents that support the company’s various certifications, are retained and maintained in a separate, easily accessible file. This should include all paper and electronic documents, including any handwritten notes.

You should identify who are the key custodians of the information related to the Provider Relief Fund payments across all stages from application (where applicable), to receipt, to use of the funds. If any of these employees are voluntarily leaving, terminated, or moved to a new role, it is critical that their email and other data related to the Provider Relief Fund payments are preserved for future reference.

3. Separately Document Government Guidance and Reasonable Interpretations

While guidance and FAQs have been issued and provide some clarity, this guidance is changing regularly and there are still unanswered questions. Document the guidance and FAQs on which you relied, noting the date of any such guidance. Although receipt of any individualized guidance is rare, if you happen to be the lucky recipient of it, you must ensure you document it and retain it.

In addition, it is equally, if not more important, that you document your interpretations of the guidance on which you relied, including any ambiguities and demonstrate your interpretations are reasonable. It is also critical to ensure your interpretations are not in conflict with any interpretive guidance. 

4. Have A Response Plan

Create a plan for how you will respond to reports or allegations of fraud related to the Provider Relief Fund payments and how you will respond to government inquiries.  The plan should complement other internal governance and compliance procedures. Once the plan is established, it should be disseminated to key employees in roles likely to be the subject of these allegations or inquiries.

The plan should establish:

• Steps to ensure prompt communication with a potential whistleblower or government regulator;
• Criteria for conducting an internal investigation and criteria for determining if allegations or inquiries rise to the level of necessitating an independent, internal investigation conducted by outside counsel;
• A single point of contact within the company who will be responsible for all company communications with the government or whistleblower; and
• A data collection plan and an individual within the company who will be responsible for ensuring the data is retained and segregated until the conclusion of the matter.

If the recipient of payments from the Provider Relief Fund becomes the subject of a FCA inquiry by the DOJ or other government agency, or is alerted by a whistleblower of potential wrongdoing, the initial response is critical and has long-lasting consequences to the entire life of the investigation or lawsuit. As noted above, if allegations or inquiries rise to the level that merits an independent, internal investigation, you should retain experienced counsel to ensure you respond appropriately and effectively. Use of outside counsel also helps protect the attorney-client privilege, which is most critical as privilege claims involving in-house counsel or compliance officers are increasingly scrutinized and denied. Retention of counsel also sends a clear message to the government/whistleblower that the company is taking the matter very seriously.