For centuries, health care providers have enlightened patients with the well-known adage: “an ounce of prevention is worth a pound of cure.”1 A recent set of cases involving a durable medical equipment company and its employees illustrate that health care providers can benefit from the same wisdom. The cases involving Orthofix, Inc. and its employees serve as cautionary tales that emphasize the need for an effective compliance program. Having an effective compliance program can be that “ounce of prevention” that can aid a company in warding off costly federal civil and criminal prosecutions and the potential damage to an entity’s reputation and financial well-being that may result from those prosecutions.
Case Study: Orthofix, Inc. False Claims Act and Criminal Cases
Orthofix, Inc. (Orthofix), a U.S.-based subsidiary of Orthofix International, N.V, manufactures commercial medical devices including bone growth stimulators. In 2005, Jeffrey Bierman, the owner of a company that provides billing services to providers, filed a qui tam2 action under seal, in which he alleged that Orthofix had committed Medicare fraud. Bierman made multiple allegations, including that between approximately 1999 until 2010, Orthofix submitted fraudulent Medicare billings for its bone-growth stimulator products. According to Bierman, Orthofix routinely falsified certificates of medical necessity (CMNs) for its products and relied upon those false certificates to support its claims for reimbursement from the government. In addition, Orthofix allegedly offered kickbacks and other incentives to health care professionals, staff, and patients in order to induce the promotion, prescription, and/or purchase of bone growth stimulators in violation of the Federal Anti-Kickback Statute.3
In addition to the qui tam suit, the U.S. Attorney’s Office for the District of Massachusetts criminally investigated Orthofix for potential Medicare violations related to the CMNs it was required to maintain for bone growth stimulator products. As a result of its investigation, on June 7, 2012, the government charged Orthofix via a felony Information with obstruction of a federal audit, in violation of 18 U.S.C. §1516.4 The government alleged that Orthofix failed to disclose material information during a Medicare audit of its practices related to CMNs5, including that some Orthofix territory managers: completed entire CMNs rather than the treating physicians who were required to complete portions of the form; coached physicians or their staff to falsify portions of the CMNs; and forged physicians’ signatures on the CMNs. The government maintains that Orthofix’s failure to disclose its conduct to the federal auditor led the auditor to falsely conclude that Orthofix complied with Medicare regulations.
In June 2012, Orthofix attempted to globally resolve the criminal and civil cases. On June 7, 2012, the U.S. Department of Justice (DOJ), the U.S. Attorney’s Office for the District of Massachusetts, and Orthofix signed a civil settlement agreement. Orthofix agreed to pay $34 million to resolve the False Claims Act allegations. Orthofix also agreed to enter into a Corporate Integrity Agreement (CIA) with the Department of Health and Human Services (HHS), Office of the Inspector General (OIG), whereby it agreed to establish and maintain a compliance program.6 In order to resolve the criminal case, Orthofix agreed to plead guilty to the felony obstruction offense and to pay a $7.7 million criminal fine.
On September 6, 2012, the federal judge assigned to the criminal case informed Orthofix and the government that he would not accept Orthofix’s guilty plea, opining that he had “extreme unease of treating corporate criminal conduct like a civil case.”7 During a subsequent criminal hearing, the judge initially rejected Orthofix’s attempt to plead guilty, and later appeared to conditionally accept the plea and schedule a sentencing hearing for December 2012.8 In the civil case, a status conference has been scheduled for December 20, 2012, after the criminal hearing, to address the potential resolution of the False Claims Act allegations.
Even though the corporate criminal and civil cases against Orthofix remain pending, the government’s investigation of the company has resulted in several felony charges against former Orthofix employees, executives, and contractors for their criminal conduct. The criminal prosecutions include actions against a former Orthofix Vice President of Sales, who pled guilty to violating the Federal Anti-Kickback Statute9 for scheming to pay a doctor and physicians’ assistant to induce others to purchase Orthofix products, and two former Orthofix territory managers who pled guilty to health care fraud for falsifying patients’ medical records and prescriptions to make it appear that the physicians’ orders met Medicare guidelines for payments related to bone growth stimulators.10 These individuals have not yet been sentenced.
An Effective Compliance Program and Its Benefits
The Orthofix cases raise questions about how this type of serious misconduct could have occurred: Were employees aware of wrongdoing, yet the company lacked effective mechanisms to encourage reports of misconduct? For instance, did the company maintain an anonymous complaint hotline? What, if any, incentives did employees have to report misconduct? What policies and procedures did the company have in place to deter employees, including senior-level managers and executives, from engaging in criminal fraud? A reasonable reading of the publicly available documents about this case suggests that Orthofix did not have an effective compliance plan in place to both detect and deter the types of fraud investigated by the government and unearthed by the whistleblower.11
The OIG has published on its website guidelines for voluntary compliance programs and compliance resources directed at various segments of the health care industry, including medical device manufacturers.12 An effective compliance plan must be specifically tailored to a provider’s operations, bearing in mind the particular risks that the provider confronts in operating its business. At minimum, a compliance plan should contain elements related to education, oversight, and mitigation (internal reporting mechanisms and discipline).13
A health care provider can substantially minimize the risk of prosecution by taking affirmative steps to encourage employees and others, including third-party vendors and contractors, to promptly and fully report wrongdoing. A robust compliance program should require employee and officer training and education sufficient to ensure that everyone has a clear understanding of the relevant state and federal laws potentially implicated by that company’s business practices. Moreover, a truly effective compliance program will require prompt investigation of reported bad acts, and the swift undertaking of corrective actions, including appropriate discipline of wrongdoers, if warranted. Furthermore, independent of any compliance program, a health care provider should have safeguards in place to protect employees who come forward to report malfeasance, including a non-retribution/non-retaliation policy. These steps may seem like large and costly undertakings, but the associated costs pale in comparison to the harsh criminal and/or civil penalties that a company might face because it failed to institute an effective compliance system.
In a worst-case scenario where a corporate health care provider faces criminal charges, having a meaningful compliance program in place can make a significant difference at sentencing. The Federal Sentencing Guidelines provide for a lower potential sentence and ultimately lower fines where a company has an “Effective Compliance and Ethics Program”14 in place. In addition, the health care corporation that promptly reports wrongdoing to the government, cooperates with a government investigation, and demonstrates “recognition and affirmative acceptance of responsibility,” will be eligible for a lower penalty.15
Because the federal government has an arsenal of tools both to detect fraud and to prosecute health care providers, an effective compliance program is indispensable. While it may be unrealistic to expect to prevent all instances of non-compliance, an effective compliance program can help to mitigate potential criminal exposure. The Orthofix criminal case may forecast increasing resistance from courts to allowing companies to simply enter a guilty plea and pay a fine. In this landscape, health care providers should be introspective and try to determine how best to prevent and/or mitigate potential civil and criminal wrongdoing. And it must be remembered that an organization is the sum of its parts - therefore, it takes effort on all levels to create a successful compliance system. While an effective compliance program has many components, they are indeed, the ounce of prevention worth a pound of cure.
The authors extend their thanks to Christian F. Henel for his contributions to this article.
1 Benjamin Franklin, as quoted in The Electric Ben Franklin: A Quick Biography of Benjamin Franklin, http://www.ushistory.org/franklin/info/index.htm (last visited Nov. 26, 2012).
2 See 31 U.S.C. § 3729 et. seq. (2006), the False Claims Act.
3 See 42 U.S.C. § 1320a-7b(b). See also the Complaint filed in the case of U.S., ex rel. Jeffrey J. Bierman v. Orthofix Int’l, N.V., et al., Civil Action No. 05-10557-EFH (D. Mass. March 23, 2005).
418 U.S.C. § 1516 provides, in relevant part, that “whoever, with intent to deceive or defraud the United States, endeavors to influence, obstruct or impede a Federal auditor in the performance of official duties relating to a person, entity, or program . . ., shall be fined under this title, or imprisoned not more than 5 years, or both.”
5 See Information filed in the case of U.S. v. Orthofix, Inc., Crim No. 12-10169 (D. Mass.).
6 See Docket Entry No. 1-3, U.S. v. Orthofix, Inc., Crim No. 12-10169 (D. Mass.).
7 The Honorable William G. Young, District of Massachusetts, quoted by Jef Feeley & Janelle Lawrence, Orthofix’s Settlement of Medicare Probe Rejected by Judge (Sept. 6, 2012).
8 Regrettably, the docket entries for this case, U.S. v. Orthofix, Inc., Crim No. 12-10169 (D. Mass.), are not entirely clear. Because the case has been set for a sentencing hearing, the reasonable inference is that the court accepted a guilty plea.
9See 42 U.S.C. § 1320a-7(b)(2)(B), and the docket sheet in U.S. v. Guerrieri., Crim. No. 12-10061(D. Mass).
10 See docket sheets in U.S. v. Field, Crim. No. 12-CR-10057 (D. Mass.) and U.S. v. McKay, Crim. No. 12-CR-10129 (D. Mass.).
11See Corporate Integrity Agreement, appended to the plea agreement, Docket No. 1-3, in U.S. v. Orthofix, Inc., Crim No. 12-10169 (D. Mass.).
12 HHS-OIG Guidelines are available at: http://oig.hhs.gov/compliance/compliance-guidance/index.asp. See also Compliance Resources for Medical Device Manufacturers, Julie K. Taitsman, M.D., J.D., Chief Medical Officer, HHS-OIG (June 11, 2011).
13 The OIG identifies seven key elements for successful compliance: (a) the development and implementation of written policies and procedures, e.g., a code of conduct that sets forth a provider’s commitment to compliance with all federal health care program requirements; (b) designating a chief compliance officer and compliance committee responsible for implementing and enforcing ethics policies; (c) comprehensive training and education on ethics; (d) an effective communication framework that encourages a culture of disclosure; (e) internal monitoring and auditing focused on identifying high-risk practices; (f) enforcing standards through well-publicized disciplinary guidelines; and (g) responding promptly to detected problems and undertaking corrective action. See id.
14 See U.S.S.G. § 8C2.5(f)(2011). The Federal Sentencing Guidelines define Effective Compliance Program as one where an organization: (1)exercise[s] due diligence to prevent and detect criminal conduct; and (2) otherwise promote[s] an organizational culture that encourages ethical conduct and a commitment to compliance with the law. U.S.S.G. § 8B2.1.
15 See U.S.S.G. § 8C.2.5(g)(2).