Health Care Providers in Receipt of Provider Relief Funds: What You Need to Know and Do to Mitigate Fraud Risk

While the Provider Relief Fund payments sent to health care providers under the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) have provided a lifeline to compensate for increased expenses and lost revenues stemming from the pandemic, they also present a risk for fraud claims down the road. Recipients of these funds may become targets of False Claims Act (FCA) allegations, which can be made not only by the government, but also by individual whistleblowers.  We discuss below this increased risk and how recipients can mitigate that risk.

The Provider Relief Fund and the FCA

At a very high level, the FCA is what the government uses each year to recover billions of dollars from individuals and companies that defraud the government. Not only are the fraudulently received funds recovered, but the damages can be up to triple the amount the government paid, and there are also very high monetary penalties for each false claim that is submitted. The aggregate amount of damages and penalties can quickly add up resulting in exposure to potential liability that is many times more than the amount initially received from the government. 

Because the FCA imposes civil liability, the standard for proving fraud under the FCA is significantly lower than the requirement in criminal cases to prove intentional fraud. Under the FCA, “actual knowledge, deliberate ignorance or reckless disregard of the truth or falsity of information” is enough to prove fraud.

Acceptance of payment from the Provider Relief Fund subjects the recipient to various requirements that cover the use of the funds, documentation, and reporting. Recipients are required to sign an attestation certifying the funds “will only be used to prevent, prepare for, and respond to [the] coronavirus,” and that the funds “shall reimburse the [r]ecipient only for health care related expenses or lost revenues that are attributable to [the] coronavirus." Further, the attestation requires the recipient to certify  that it will not use the funds “to reimburse expenses or losses that have been reimbursed from other sources or that other sources are obligated to reimburse.”

The attestation also states the recipient “must comply with any other relevant statutes and regulations,” and must ensure the accuracy and completeness of any submissions to HHS associated with the relief funds. If the recipient retains the funds “for at least 90 days without contacting HHS regarding remittance of those funds,” even if the attestation is not completed, it will be deemed that the recipient has accepted all of the terms and conditions contained in the attestation, including that the recipient certifies the accuracy and completeness of future reports and other documentation to be submitted to HHS. All of the certifications and Terms and Conditions contained in the attestation may become the basis for FCA liability.

While government scrutiny should always be expected when accepting government funds, the government has clearly specified that it will be carefully reviewing various aspects related to providers’ acceptance and use of the funds and has allotted specific funding under the CARES Act to conduct these audits. Recipients of these funds are especially susceptible to FCA risk. Indeed, it appears the government had the FCA in mind when it included a statement in the attestation to specifically note that a provider's "commitment to full compliance with all Terms and Conditions is material to the . . . decision to disburse these funds to you." This is a direct reference to the materiality standards for FCA allegations established by the Supreme Court.

History Repeats Itself

In addition to FCA liability, which will be spearheaded by the plaintiffs’ bar, government enforcement typically intensifies during times of crisis that are accompanied by significant government outlays. Taxpayers also want accountability for fraud that occurs in connection with government programs, especially those related to stimulus efforts.

The past is a clear indicator that recovery from crisis-related fraud will be significant. The most recent financial crisis in 2008 led to the creation of the Troubled Asset Relief Program. As of last year, fraud under this program was still being prosecuted, with $900 million recovered in 2019 and more than $11 billion recovered to date.

How to Protect Yourself and Mitigate Risk

Now is the time to act. Taking the time now to document and establish controls will likely save you money in the long run. Below are some immediate steps that can be taken.

1. Document the rationale and support for each certification now. It could be years before allegations of wrong doing come to light. As time passes, memory fades. Having documentation made now that explains how decisions were made to support the basis for each certification will be invaluable.
2. Implement controls to ensure the funds received are deployed as specifically required under the Provider Relief Fund.
3. Implement controls to ensure reporting deadlines and specific reporting requirements are met.
4. If you become aware of an issue, either through a whistleblower or through a government investigation, immediately retain experienced counsel to conduct an independent, internal investigation and represent the company through the life of the matter. If the recipient of Provider Relief Funds becomes the subject of a FCA inquiry by the DOJ or other government agency, or is alerted by a whistleblower of potential wrongdoing, the initial response is critical and has long-lasting consequences to the entire life of the investigation or lawsuit.

Next week we will provide a deeper dive into best practices for mitigating risk and responding to fraud allegations.