Reducing the Risk of a Government Enforcement Action

Jaime L.M. Jones , Jennifer Haney


December 10, 2020

Whether under a Republican or Democratic administration, the Department of Justice (DOJ) will use the False Claims Act (FCA) and other civil, criminal and administrative weapons to fight corporate fraud.  Over the last two decades, the vast majority of recoveries under the FCA have come from the coffers of drug and medical device manufacturers and healthcare providers. Against the backdrop of the COVID-19 pandemic, DOJ shifted some attention to rooting out and prosecuting fraud against the various pandemic stimulus programs across industries. This focus has not, however, detracted from DOJ’s continued focus on the life sciences and health care sectors. Indeed, in a speech earlier this year the then-acting head of DOJ’s Civil Division made clear that the Division’s enforcement priorities remain squarely and broadly focused on entities and investors in these sectors. Those responsible for identifying and managing risks within such organizations can take steps to reduce, though not eliminate, this enforcement threat.

Current Enforcement Priorities

Pandemic Fraud. Given the billions of dollars in federal funds that the CARES Act and other pandemic-related stimulus programs injected into the economy, it is hardly surprising that DOJ has moved swiftly to monitor for stimulus-related fraud through advanced data analytics and to prosecute bad actors. The complex and broad certifications, attestations and obligations to which entities are bound when accessing stimulus funds give rise to significant risk for companies that participate in the stimulus programs. This is particularly true for companies that do not have the systems and personnel in place to ensure that they understand the qualifications and restrictions on use of the funds and ongoing compliance. 

It is also not surprising that DOJ has aggressively pursued a wide range of entities alleged to have been involved in promoting and selling unauthorized or sham COVID tests and treatments. The range of targets has expanded beyond the direct makers and marketers of such products to include companies whose technologies are employed in such scams, such as the telemarketing companies, payment processors, and advertising agencies.

Private Equity Firms. Private equity (PE) firms and investors in the life sciences and health care sectors or other highly regulated industries are increasingly at risk of government enforcement actions. DOJ’s position is that PE firms have an obligation to come up to speed on the myriad and complex laws and regulations that are designed to prevent fraud in highly regulated industries. DOJ has already pursued an action under the FCA against a private equity fund owner of a compounding pharmacy alleged to have paid kickbacks, where that fund took an active role in the conduct of the pharmacy and allegedly ignored signs of the unlawful conduct. Whistleblowers and DOJ may also target other PE firms that actively manage their portfolio companies.  

cGMP Violations. DOJ and the Food & Drug Administration (FDA) have aligned their focus in recent years on issues of non-compliance with Current Good Manufacturing Practice (cGMP) regulations in the manufacture of drugs and dietary supplements. In particular, the government has focused on manufacturers that import ingredients or finished goods from markets such as China and India, with demonstrated failures in cGMP compliance. Among other factors that DOJ weighs when pursuing such cases is the risk (even if it does not materialize) of harm to patients that may result from lapses in manufacturing practices and gaps in quality systems.

Medicare Advantage Fraud. DOJ also has warned of continued FCA litigation and enforcement against providers and Medicare Advantage plans that submit unsupported diagnosis codes to increase reimbursement under the Medicare Advantage program. In recent years, DOJ and whistleblowers have pursued cases against such providers and plans based on various alleged practices that led to the submission of unsupported risk-adjusting codes, including the use of retrospective chart reviews, home health assessments, and incorrect clinical or coding guidelines. At the same time, OIG and CMS announced late last year commitments to taking more robust steps to monitor activities of Medicare Advantage organizations and root out overpayments.

Opioids. DOJ’s joint efforts with state attorneys general, the Drug Enforcement Administration and Customs and Border Patrol to stem the flow of opioids continues. Targets span the supply chain, from the manufacturers, sellers, and distributors of the equipment used to make illegal opioids, to the eCommerce companies whose technology is leveraged to buy and sell such equipment and drugs, to the physicians, pharmacies, wholesalers and distributors engaged in distributing legal drugs that are diverted and abused. Every participant in the opioid business is under a microscope, with the government leveraging data to detect and disrupt their role in problematic patterns. As a result, those companies are expected to be mining their own data for this purpose.

Steps to Mitigate Enforcement Risks

Entities that operate and invest in the health care and life sciences sectors and other highly regulated industries should ensure that they understand the specific enforcement priorities of DOJ and their relevant regulators, and orient their compliance programs and capabilities to best position them to withstand prolonged investigations and whistleblower litigation under the threat of the FCA’s treble damages provisions.

  • Understand the Regulatory and Enforcement Landscape. All entities operating in highly regulated spaces must come up to speed on the particular regulatory and fraud and abuse risks and regulatory and federal program contract requirements applicable to their operations. This is equally true of private equity funds that invest in such entities, and particularly so where the fund’s strategy does not involve separation from the day-to-day management of their portfolio companies. Such steps begin with ensuring the adequacy of systems and personnel capable of understanding the regulatory requirements.
  • Invest in Compliance. Companies that routinely enter into government contracts or whose products or services are reimbursed by federal programs should be building adequately robust compliance programs with staff experienced in understanding the regulatory risks. These companies should prioritize building a monitoring and auditing program informed by the latest relevant enforcement trends, internal reporting systems, and feedback from regulators. 
  • Leverage Your Data. If the government opens an investigation into your entity’s conduct, it will start by examining your data and relevant data collected by relevant federal agencies and programs. Companies that proactively mine their own data for signals of potentially problematic conduct are best prepared to avoid the scrutiny in the first instance or to bring it more swiftly to resolution. Risk and compliance organizations should understand what data their organizations collect and leverage and consider as part of their monitoring programs how those same data sets may be examined for risk mitigation purposes.
  • Take Special Care When Certifying Compliance. Accessing federal or state funds, whether through stimulus or other sponsored programs or government contracts, frequently comes with myriad qualifications and restrictions on the use of those funds, even on the operation of a business that receives funding. Such qualifications may be embodied in certifications and attestations that can be complex and nuanced, and do not provide an opportunity to qualify the response. These certifications can be used as the basis of a criminal fraud charge or FCA action if they are less than complete or materially misleading. Mitigating this risk requires careful coordination with regulatory and business subject matter experts before certification to ensure that the organization understands the qualifications and restrictions and can commit to prospective compliance. It is also wise to put in place systems to document the contemporaneous facts supporting the truthfulness of the certifications when they are made (in a non-privileged manner) and to track and trace funds in a manner which will facilitate establishing appropriate use. 
Jaime L.M. Jones is global co-leader of the Healthcare practice at Sidley Austin LLP and serves on the firm’s COVID-19 Task Force. She represents leading institutional healthcare providers and life sciences companies in civil and criminal government enforcement matters and False Claims Act litigation. Ms. Jones also leverages her enforcement and litigation experience to conduct confidential internal investigations, and helps clients design compliance program controls to address these risks.
Jennifer Haney is an associate in Sidley Austin LLP's Healthcare practice where she advises clients, including pharmaceutical and device manufacturers, large provider groups and pharmacies, on a range of regulatory and compliance matters, with an emphasis on government enforcement actions.