Prohibits the submission of false or fraudulent claims, false statements material to a false claim, and conspiracy to commit violation
Prohibits concealing or avoiding obligation to repay money to government (failure to return overpayments)
Claims that violate AKS or Stark can also be considered false claims
Common false claims include lack of medical necessity; quality of care; billing/coding issues; off-labeled marketing; retention of overpayments
EXCEPTIONS:
n/a
PENALTIES:
Treble damages and as of May 9, 2022 per claim penalties between $12,537 and $25,076
Regulated by the DOJ
Physician Self-Referral (Stark)
PROHIBITIONS:
Prohibits referrals of designated health services by a physician (or an immediate family member) if the physician has a financial relationship with the entity performing the designated health service
Regulates financial relationships with physicians (and physician’s immediate family members) only
EXCEPTIONS:
The arrangement must completely satisfy an exception or it violates the Stark law
PENALTIES:
No criminal enforcement; CMP enforcement for knowing violations: per violation penalties– 3x claims and/or per circumvention scheme penalties; Nonpayment of claims arising from prohibited arrangement; Recoupment of amounts received; Exclusion from federal health programs; FCA liability
Regulated by CMS
Anti-Kickback Statute (AKS)
PROHIBITIONS:
Prohibits offers of, solicitation of, or payment or receipt of remuneration intended to induce referrals for health care services covered by a government program
Covers provision of anything of value to a person who refers, orders/purchases or recommends
EXCEPTIONS:
Voluntary safe harbors exist, but arrangements are not required to fit within a safe harbors
PENALTIES:
Applies to either party involved in an arrangement that violates AKS; Criminal penalties $100,000 /violation, up to 10 years imprisonment); Civil penalties (CMP3x unlawful remuneration and $100,000/violation); Exclusion from federal health programs; FCA liability
Regulated by the OIG
Providers should also be aware of other enforcement statutes such as the Eliminating Kickbacks in Recovery (“EKRA”), the Civil Monetary Penalties Act (“CMP”), and the Travel Act, to name a few, in addition to being well versed in the relevant state health care fraud and abuse frameworks.
The U.S. Securities and Exchange Commission (“SEC”) Office of Investor Education and Advocacy (“OIEA”), which dates from last century, is concerned with explaining aspects of the capital markets for “Main Street” investors and warning them against potential risks and fraud schemes. On Sept. 25, 2017, the Commission announced the formation of the Retail Strategy Task Force (“RSTF”) in its Division of Enforcement. Its purpose is to consider and implement “strategies to address misconduct that victimizes retail investors,” according to the SEC Press Release issued that day. A primary focus area of the OIEA and RSTF is so-called “affinity investments,” i.e., investment offerings aimed at groups such as churches, ethnic communities, college alumni groups, etc.
On Wednesday, July 27, 2022, the SEC filed suit in the Federal Court for the Northern District of Ohio, Eastern Division, against Robert F. Murray, 42, a retired U.S. Navy Chief Petty Officer residing in North Canton, Ohio, for conducting an unregistered offering of securities in Deep Dive Strategies, LLC, an Ohio private pooled investment fund (the “Fund”). Murray controlled the Fund and acted as investment adviser, telling investors the fund would invest in publicly traded securities. Murray marketed the offering through a Facebook group “with over 3500 active duty, reservists and veterans of the U.S. Navy who shared an interest in investing,” according to the Complaint. Most certainly an “affinity” group. Murray also created “a channel on the Discord social media platform where he live-streamed his trading activity and posted trading advice with a focus on options.”
The Fund was organized in September 2020 and solicited investors through February 2021. Although Murray told investors they could change their minds within 15 days and get their money back, in fact he “almost immediately began spending Fund money on personal expenses.” He transferred monies to his personal checking account and even withdrew cash from the Fund, so by February 2021, $148,000, or approximately 42% of the $355,000 invested by the unsuspecting “Goats” (a nickname for the Navy affinity group), had been “misappropriated” (i.e., stolen) by Murray. By March 2021 he had ceased regular communication with the Goats and failed to respond to requests to redeem “invested” dollars. Some of that misappropriated money was lost gambling at casinos in Cleveland and elsewhere in the Midwest.
Murray provided potential investors with both a Disclosure Statement and a copy of the Fund’s Operating Agreement, and the Complaint identifies several material misstatements and omissions in the two documents. In addition, Murray made oral material misstatements and omitted material information when speaking with potential and actual investors. In fact, Murray lost most of the Fund’s brokerage account on Jan. 13, 2021, when GameStop options purchased in the account saw their value plummet. In that connection see my Feb. 2, 2021, Blog “Rupture Rapture: Should the GameStop?” When the SEC began investigating Murray and the Fund, he asserted his Fifth Amendment rights and declined to answer questions.
In the Complaint, the Commission charges Murray with seven different securities law violations, each set out in a separate Count as follows:
Violation of Section 10(b) of the Securities Exchange Act of 1934, as amended, and Rule 10b-5 thereunder by using devices, making untrue statements, and misleading omissions, and engaging in a business which operate as a fraud on securities purchasers.
Violation of Section 17(a)(1) of the Securities Act of 1933, as amended (the “33 Act”), by offering and selling securities by means of interstate commerce using devices to defraud. Violations of the 33 Act can be proven without the need to prove scienter (broadly, intent).
Violation of Section 17(a)(2) of the 33 Act by obtaining money or property in connection with the sale of securities by means of untrue statements of material facts and making misleading omissions, engaging in transactions which operate as a fraud on the purchaser, where Murray was at least negligent in engaging in these activities.
Violation of Sections 5(a) and 5(c) of the 33 Act by selling securities without the offering being registered (or exempt from registration), and with the use of a prospectus where the offering was not registered.
Violation of Section 206(1) of the Investment Advisers Act of 1940, as amended (the “40 Act”) by acting as an investment adviser using devices to defraud clients and prospective clients.
Violation of Section 206(2) of the 40 Act by acting as an investment adviser engaging in transactions which operate as a fraud on clients and prospective clients.
Violation of Section 206(4) of the 40 Act and Rule 206(4)-8 thereunder by acting as an investment adviser to a pooled investment vehicle, making untrue statements of material fact and making misleading omissions and engaging in acts that are fraudulent with respect to investors in the pooled investment vehicle.
The SEC seeks entry of findings by the Court of the facts cited in the Complaint and of conclusions of law that concur with the Commission’s assertions of violations. In addition, the SEC seeks entry of a permanent injunction against future violations of the cited securities laws; an order requiring disgorgement of all Murray’s ill-gotten gains plus prejudgment interest; an order imposing a civil penalty of $1,065,000; and an order barring Murray from serving as an officer or director of any public company.
Murray preyed on his fellow Naval servicemen in violation of the unspoken understandings of the “Goats,” that a fellow Navy NCO would not seek to take financial advantage of them. That is why the SEC’s July 28, 2022, Press Release reporting this matter includes an express warning from the OIEA and the RSTF not to make “investment decisions based solely on common ties with someone recommending or selling the investment.” One wonders whether, if the Goats were to catch up with Murray, he would be keelhauled.
Over the past sixty days, Ankura’s Cyber Threat Investigations & Expert Services (CTIX) Team of analysts has compiled key learnings about the latest global threats and current cyber trends into an in-depth report: The Cyber Threat Intelligence Bulletin. This report provides high-level executives, technical analysts, and everyday readers with the latest intel and insights from our expert analysts.
Download the report for an in-depth look at the key cyber trends to watch and help safeguard your organization from constantly evolving cyber threats with the latest cyber intelligence, ransomware, and threat insights.
Our latest report explains the following observations in detail:
Law Enforcement Works with Threat Intelligence to Prosecute Human Traffickers
In the age of high-speed internet and social media, criminals have evolved to use information technology to bolster their criminal enterprises and human traffickers are no different. Whether it be through the clearnet or dark web, human traffickers have leveraged the internet to scale their operations, forcing law enforcement to reevaluate how to best combat this problem. In response to the changes in trafficker tactics, techniques, and procedures (TTPs), governments across the world have responded with legislation and policies in an attempt to better thwart the efforts of these criminals. Researchers from Recorded Future’s Insikt Group have published compelling reports as a proof-of-concept (PoC) for a methodology on how law enforcement agencies and investigators can utilize real-time threat intelligence to leverage sources of data in order to aid in tracking, mitigating, and potentially prosecuting human sex traffickers. Download the full report for additional details on law enforcement efforts to prosecute human traffickers and more on the Insikt Group’s findings.
Emerging Threat Organization “MONTI”: Sister Organization or Imposter Threat Group?
Over the past several weeks a new, potentially imposter, threat organization has mimicked the tactics, techniques, procedures (TTPs), and infrastructure of the Conti Ransomware Group. Tracked as MONTI, this doppelganger organization emerged in the threat landscape in July 2022 after compromising a company and encrypting approximately twenty (20) hosting devices and a multi-host VMWare ESXi instance tied to over twenty (20) additional servers. While the July attack pushed the group into the limelight, analysts believe that attacks from the doppelganger organization go back even further into the early summer of 2022. Similarities discovered between Conti Ransomware and the alleged spinoff Monti Ransomware include attack TTPs alongside the reuse of Conti-attributed malicious payloads, deployed tools, and ransom notes. Additionally, the encrypted files exfiltrated by Monti contain nearly identical encryption, which could indicate code re-usage. Read the full report to find out what CTIX analysts expect to see from this group in the future.
Figure 1: Conti Ransom Note
Figure 2: Monti Ransom Note
Iranian State-Sponsored Threat Organization’s Attack Timeline Targeting the Albanian Government
In July 2022, nation-state Iranian threat actors, identified by the FBI as “Homeland Justice”, launched a “destructive cyber-attack” against the Government of NATO-member Albania in which the group acquired initial access to the victim network approximately fourteen (14) months before (May of 2021). During this period, the threat actors continuously accessed and exfiltrated email content. The peak activity was observed between May and June of 2022, where actors conducted lateral movements, network reconnaissance, and credential harvesting.
This attack and eventual data dumps were targeted against the Albania-based Iranian dissident group Mujahideen E-Khalq (MEK), otherwise known as the People’s Mojahedin Organization of Iran. MEK is a “controversial Iranian resistance group” that was exiled to Albania and once listed by the United States as a Foreign Terrorist Organization for activity in the 1970s but was later removed in late 2012. Albania eventually severed diplomatic ties with Iran on September 7, 2022, and is suspected to be the first country to ever have done so due to cyber-related attacks. For a more detailed analysis of this attack and its ramifications, download our full report.
Figure: Homeland Justice Ransom Note Image
Banning Ransomware Payments Becomes Hot-Button Issue in State Legislature
There is a debate occurring in courtrooms across the United States regarding the ethics and impacts of allowing businesses to make ransomware payments. North Carolina and Florida have broken new ground earlier this year passing laws that prohibit state agencies from paying cyber extortion ransom demands. While these two (2) states have been leading the way in ransomware laws, at least twelve (12) other states have addressed ransomware in some way, adding criminal penalties for those involved and requiring public entities to report ransomware incidents. Download the full report to discover what experts think of government ransomware payment bans and the potential effects they could have on ransomware incidents.
Threat Actor of the Month: Worok
ESET researchers discovered a new cluster of the long-active TA428 identified as “Worok.” TA428 is a Chinese advanced persistence threat (APT) group first identified by Proofpoint researchers in July 2019 during “Operation LagTime IT”, a malicious attack campaign targeted against government IT agencies in East Asia. Download the full report for an in-depth look at Worok’s tactics and objectives, and insights from our analysts about the anticipated future impact of this group.
New List of Trending Indicators of Compromise (IOCs)
IOCs can be utilized by organizations to detect security incidents more quickly as indicators may not have otherwise been flagged as suspicious or malicious. Explore our latest list of technical indicators of compromise within the past sixty (60) days that are associated with monitored threat groups and/or campaigns of interest.
Many consulting firms provide fair market value opinions relying extensively on the application of benchmark data. Based upon CMS’s statements in the Stark Law Final Rules, although application of benchmark data is a resource that can be utilized, fair market value can and should include the application of market/service area issues (i.e., deficiency of specialty) or physician-specific issues (i.e., expertise, productivity).
Commercial reasonableness is a separate concept from fair market value under Stark/AKS. Commercial reasonableness also entails whether the application of benchmark/market factors are defensible.
When analyzing the defensibility of compensation arrangements, it is important to view fair market value and commercial reasonableness as if advocating the facts and circumstances of the proposed compensation arrangement before a governmental entity (i.e., CMS, OIG, DOJ). When an attorney is rendering a fair market value defensibility analysis, not only will the analysis be protected under the attorney-client privilege, but the analysis will also include references and attachments to all of the applicable documentation and relevant information in case the compensation arrangement is ever required to be defended.
On October 6, 2022, President Biden took a major step toward the decriminalization of marijuana, pardoning all prior federal offenses for simple marijuana possession. Although this pardon will affect only approximately 6,500 individuals who were convicted of simple marijuana possession under federal law before October 6, 2022, it does not affect the much larger number of individuals who have been convicted of a marijuana possession offense under state law. To the disappointment of immigration advocates, the pardon does not benefit non-U.S. citizens who were not lawfully present in the United States at the time of their conviction, even if their conviction was under federal law.
Moreover, because marijuana is still listed as a Schedule I drug under the federal Controlled Substances Act:
Non-U.S. citizens can still be denied entry to the country for use of marijuana or for working or actively investing in the marijuana industry;
Immigration authorities may deny a non-U.S. citizen’s application for lawful permanent residence (green card) or naturalization on the ground that they have a conviction for a marijuana-related offense, an admission by the non-U.S. citizen that they have used marijuana in the past, or that they have worked or is actively investing in the marijuana industry; and
The Department of Homeland Security can still place individuals, including green card holders, into removal proceedings (deportation) as a result of marijuana-related offenses, unless the conviction was for simple possession of less than 30 grams.
In his order, President Biden urged governors to consider similar state law pardons for simple marijuana possession charges, which might affect many more individuals. President Biden has also asked the Department of Health and Human Services to consider changing the current Schedule I classification for marijuana. If one of these changes occurred, non-U.S. citizens would substantially benefit, as their state convictions for marijuana-related offenses might be pardoned, thus lowering the negative consequences for immigration purposes.
For now, however, non-U.S. citizens should still be wary of marijuana use, or working or investing in the marijuana industry, even in places in the United States or abroad where those activities are legal. While there may not be federal prosecutions for the use and possession of marijuana, there may be severe immigration consequences for non-U.S. citizens, because the use and possession of marijuana remains illegal in certain states.
On September 30, 2022, the U.S. Financial Crimes Enforcement Network (“FinCEN”) published its final rule implementing Section 6403 of the Corporate Transparency Act (“CTA”). The final rule, which will take effect on January 1, 2024, will require “tens of millions” of companies doing business in the U.S. to report certain information about their beneficial owners. The reporting companies created or registered before January 1, 2024, will have until January 1, 2025, to file their initial beneficial ownership reports with FinCEN. Reporting companies created or registered on or after January 1, 2024, will be required to file initial beneficial ownership reports within 30 days of formation.
The CTA was passed by Congress on January 1, 2021, as part of the Anti-Money Laundering Act of 2020 in the National Defense Authorization Act for Fiscal Year 2021. After publishing a Notice of Proposed Rulemakingand receiving public comments, FinCEN adopted the proposed rule largely as proposed, with certain modifications intended to minimize unnecessary burdens on reporting companies.
What Entities are Reporting Companies? The final rule describes two types of reporting companies: domestic and foreign.
A domestic reporting company is any entity that is a corporation, a limited liability company, or other entity (such as limited liability partnerships, limited liability limited partnerships, business trusts, and most limited partnerships and business trusts) created by the filing of a document with a secretary of state or any similar office under the law of a state or American Indian tribe.
A foreign reporting company is any corporation, limited liability company, or other entity formed under the law of a foreign country and registered to do business in any state or tribal jurisdiction by the filing of a document with a secretary of state or any similar office under the law of a state or American Indian tribe.
What Entities are Exempt? The final rule exempts twenty-three separate categories of entities from the definition of the reporting company. Many of the exempted entities are already subject to federal or state regulations requiring disclosure of beneficial ownership information, such as banks, credit unions, depositary institutions, investment advisors, securities brokers and dealers, accounting firms, governmental entities, tax-exempt entities, and entities registered with the SEC under the Exchange Act of 1934. Additionally, the rules set forth an exemption for “large operating companies” that can demonstrate each of the following factors:
Employ more than 20 full-time employees in the U.S.
Have an operating presence at a physical office within the U.S.
Filed a federal income tax or information return in the U.S. for the previous year demonstrating more than $5 million in gross receipts or sales (excluding gross receipts or sales from sources outside the U.S.)
Finally, under the so-called “subsidiary exemption,” entities whose ownership interests are controlled or wholly owned by one or more exempt entities may also qualify for exemption. If a reporting company was formerly exempt but loses its exemption, it must file an updated report that announces the change and includes all the information required in a reporting company’s initial report.
Who are Beneficial Owners? The final rule requires reporting companies to report each individual who is a beneficial owner of such reporting company. A “beneficial owner” is any individual who, directly or indirectly, either exercises substantial control over the reporting company or owns or controls at least 25 percent of the ownership interests of the reporting company. An individual exercises “substantial control” if such individual:
Serves as a senior officer (except for corporate secretary or treasurer)
Has authority over the appointment or removal of any senior officer or a majority of the board of directors (or similar body)
Directs, determines, or has substantial influence over important decisions made by the reporting company
Has any other form of substantial control over the reporting company
Additionally, an individual may exercise substantial control over a reporting company, directly or indirectly, including as a trustee of a trust or similar arrangement, through:
Board representation
Ownership or control of a majority of the voting power or voting rights of the reporting company
Rights associated with any financing arrangement or interest in a company
Control over one or more intermediary entities that separately or collectively exercise substantial control over a reporting company
Arrangements or financial or business relationships, whether formal or informal, with other individuals or entities acting as nominees
Any other contract, arrangement, understanding, relationship, or otherwise
The final rule exempts five categories of individuals from the definition of beneficial owner: (i) minors, (ii) nominees, intermediaries, custodians, and agents, (iii) certain employees who are not senior officers, (iv) heirs with a future interest in the company, and (v) certain creditors.
Who are Company Applicants? In addition to the beneficial owner information, the final rule requires reporting companies created or registered on or after January 1, 2024, to report identifying information about each “company applicant.” A “company applicant” is:
Any individual who directly files the document to create a domestic reporting company or register a foreign reporting company with a secretary of state or similar office in the U.S.
Any individual who is primarily responsible for directing or controlling such filing if more than one individual is involved in the filing
The final rule provides further clarification as to certain individuals who, by virtue of their formation roles, fall under the definition of “company applicants.” For example:
If an attorney oversees the preparation and filing of incorporation documents and a paralegal files them, the reporting company would report both the attorney and paralegal as company applicants.
If an individual prepares and self-files documents to create the individual’s own reporting company, the reporting company would report the individual as the only company applicant.
The final rule removes the requirements that i) entities created before the effective date report company applicant information and ii) reporting companies update their company applicant information (except to correct inaccuracies), each of which were set forth in the proposed rules.
When are Initial Reports Due? When an initial report must be filed depends on the status of the reporting company as of January 1, 2024:
If Created or Registered on or after January 1, 2024 – It must file a report within 30 calendar days from the earlier of: i) the date on which the company receives actual notice that its creation or registration has become effective, or ii) the date a secretary of state or similar office first provides public notice, such as through a publicly accessible registry, that the company has been created or registered.
If Created or Registered Prior to January 1, 2024 – It must file a report not later than January 1, 2025.
What Information Must be Reported? An initial report must include the following information with respect to the reporting company:
The full legal name of the reporting company
Any trade name or “doing business as” name of the reporting company
The street address of the principal place of business of the reporting company (if outside the U.S., the street address of the primary location in the U.S. where it conducts business)
The state, tribal, or foreign jurisdiction of formation of the reporting company (a foreign reporting company must also report the state or tribal jurisdiction where it first registers)
The IRS Taxpayer Identification Number (“TIN”) of the reporting company (including the EIN of the reporting company, or if a foreign reporting company without a TIN, a tax identification number issued by a foreign jurisdiction and the name of such jurisdiction)
For each company applicant (of a reporting company registered or created on or after January 1, 2024) and each beneficial owner of a reporting company, the following information must be reported:
The full legal name of the individual
The date of birth of the individual
The current business street address (for a company applicant who forms or registers an entity in the course of such company applicant’s business) or residential street address (for all other individuals including beneficial owners)
A unique identifying number from, and image of, an acceptable identification document (e.g., a passport)
If a reporting company is directly or indirectly owned by one or more exempt entities and an individual is a beneficial owner of the reporting company exclusively by virtue of such individual’s ownership interest in the exempt entity, the reporting company’s report may list the name of the exempt entity in lieu of the beneficial ownership information set forth above.
When do Companies have to Report Changes? If there is any change with respect to required information previously submitted to FinCEN concerning a reporting company or its beneficial owners, including any change with respect to who is a beneficial owner or information reported for any particular beneficial owner, the reporting company is required to file an updated report within 30 calendar days of when the change occurred.
What are the Penalties for Violations? The final rule provides for a fine of up to $10,000.00 and/or imprisonment of up to two years for any person who willfully: (i) provides or attempts to provide false or fraudulent beneficial ownership information, or (ii) fails to report complete or updated beneficial ownership information to FinCEN. The penalties may also extend to individuals causing a reporting company’s failure to report or update information and senior officials of a reporting company at the time such failure occurs.
What is Coming Next from FinCEN? FinCEN is expected to publish the forms and instructions to be used for reporting beneficial ownership information well in advance of the effective date. FinCEN will further establish a secure nonpublic database for storage of the beneficial ownership information. Finally, FinCEN will issue rules on who may access the information (a limited group of governmental authorities and financial institutions), under what circumstances, and how the parties would generally be required to handle and safeguard the information.
What Should Reporting Companies be Doing Now? Existing companies should begin evaluating whether they are a “reporting company” and if so, determining who are their beneficial owners. Such reporting companies, including any other reporting companies that may be created or registered before the effective date, will have until January 1, 2025, to file an initial report. As noted, reporting companies created or registered on or after the effective date will have 30 calendar days after the date of creation or registration to file an initial report.
Because this is such a novel issue in the medical field, lots of healthcare providers have questions about it. Some want to know how they can defend themselves if they get accused of wrongdoing for their activity with an MSO.
Dr. Nick Oberheiden is an MSO investigation lawyer at Oberheiden P.C. Here are some questions that he frequently gets asked and a few defense strategies that can help.
FAQs About MSO Investigations
1. What are MSOs?
An MSO is a company that provides administrative services to medical professionals. They can help healthcare providers with their:
Human resources
Operations
Coding and billing services
Office space management
Compliance
Contract management
Healthcare companies can either contract with an MSO to provide these services or can outright sell the administrative wing of their practice to an MSO so they can focus on the medical side of their business.
2. Why are MSOs Problematic?
MSO arrangements can become legally problematic when they act as an investment tool for medical professionals. Physicians could buy an ownership stake in an MSO that provided services to, say, a pharmacy. Those physicians could then begin referring patients to that same pharmacy.
In theory, that referral is going to a company – the pharmacy – that neither the physician nor his or her immediate family members have a financial interest in. In reality, though, the distinction gets blurred if the MSO – and therefore the physician – makes money off the referral. This can arguably amount to a kickback, which is unlawful.
3. Is Law Enforcement Actually Looking Into MSOs?
Yes, the justice department or the U.S. Department of Justice (DOJ) has recently begun investigating MSOs that appears to be a medium for illegal kickbacks from one healthcare provider to a referring physician.
However, not all MSOs have come under the scrutiny of federal law enforcement. The DOJ has not declared a blanket rule that all MSOs are unlawful. Instead, it is only targeting those that show the signs of potential healthcare fraud.
4. What are the Potential Penalties for Investing in the Wrong MSO?
At this stage, it is hard to tell. MSOs are still a new development, and we are only seeing the very first charges getting filed against physicians who invest in the “wrong” MSOs. Courts have not yet ruled whether MSOs can facilitate a kickback or amount to a false claim.
If courts do go along with the DOJ’s interpretation of the law, then physicians can face steep penalties for sending business to another healthcare facility that contracts with an MSO that they own or invest in.
The Anti-Kickback Statute is a criminal law that carries up to five years in prison for a conviction, as well as fines of up to $25,000 and program exclusion. The Stark Law is a civil law that, while it does not carry criminal sanctions or jail time, does impose:
Denial of payments provided
Disgorgement of ill-gotten gains
Civil penalties of up to $15,000 for each violation
Treble damages
Program exclusion
Defense Strategies for Investigations into Your MSO
If you do have an ownership stake in an MSO and are concerned about a potential investigation, or if you are interested in investing in one of these new companies and want to do it right, there are several things that you can do. While every case is unique, here are three defense strategies and compliance procedures that MSO investigation attorney Dr. Nick Oberheiden often recommends considering.
1. Look for Signs That an MSO is Problematic
Not all MSOs are attracting the attention of federal law enforcement. Instead, it is the ones that do not comply with the requirements of anti-kickback statutes and illegal referrals.
Some signs that an MSO is lacking in that department include:
A lack of a compliance officer in the company
No training regarding important laws like HIPAA, the Stark Law, or the Anti-Kickback Statute
The MSO is paid on a percentage basis, rather than through a flat fee (payments should be at fair market value rates)
The MSO charges unreasonably high service fees
There are incentives for investing physicians to refer clients to the company
All of these are strong signs that the MSO is at risk of civil or even criminal action for healthcare fraud and illegal referrals. Unfortunately, many of these signs also give an investing physician the power to increase his or her return on the investment – a feature that makes the investment seem especially lucrative.
2. Tighten Up the Compliance
If you are invested in an MSO and suddenly see proof that it was too good to be true, you are not powerless. You are a partial owner, after all. You can push the company to tighten up its compliance with anti-kickback laws. In the best cases, this can successfully protect you and avoid scrutiny from law enforcement. Even if it does not, though, it can reduce the restitution that you can be made to pay, and the efforts to fix the MSO can be used to show your good intentions.
3. Stress the Distance Between an MSO’s Ownership and Its Clients
At this point, we still have not seen whether law enforcement’s interpretation of the law will get adopted by a court. Until we know for sure that an indirect payment is enough for anti-kickback liability, a strong defense should be that the MSO’s ownership was too far removed from the MSO’s clients to amount to a violation of the law.
As Dr. Nick Oberheiden, an MSO investigation attorney at Oberheiden P.C., says, “The law is still very much in flux at this point. Kickbacks are generally seen to be direct payments for referrals, and the whole point of the MSO investment opportunity was to avoid that exact setup.”
In a historic move, today, President Joe Bidenannounced a three-step program to bring broad changes to federal cannabis policy. As an initial step towards reform, President Biden will pardon all federal offenders convicted of simple marijuana possession. According to administration officials, the pardons will be issued through an administration process overseen by the Department of Justice. Those eligible for the pardons will receive documentation showing they were officially forgiven for their crime.
“No one should be in jail just for using or possessing marijuana,” Biden said in a video announcing his executive actions. “It’s legal in many states, and criminal records for marijuana possession have led to needless barriers to employment, housing, and educational opportunities. And that’s before you address the racial disparities around who suffers the consequences. While white and Black and brown people use marijuana at similar rates, Black and brown people are arrested, prosecuted, and convicted at disproportionate rates.”
“Too many lives have been upended because of our failed approach to marijuana. It’s time that we right these wrongs,” the President said.
As a second step in the program, Biden also encouraged Governors to take similar steps to pardon state simple cannabis possession charges.
And as the last step in this program, President Biden directed the Department of Health and Human Services and Attorney General Merrick Garland to “expeditiously” review the cannabis’s status as a Schedule I controlled drug pursuant to the federal Controlled Substances Act.
According to the allegations, the pharmaceutical company was paying kickbacks to healthcare providers to “induce them to utilize the drugs Trasylol and Avelox, and also marketed these drugs for off-label uses that were not reasonable and necessary.” This lawsuit was filed in the District of New Jersey and alleged that the because of these kickbacks, the pharmaceutical company caused submission of false claims to Medicare and Medicaid. The lawsuit that was transferred to the District of Minnesota entailed the pharmaceutical company knowingly misrepresenting the safety and efficacy of Baycol, a statin drug, and also renewing contracts with the Defense Logistics Agency based on these misrepresentations. To settle these allegations, Bayer paid $38,860,555 to the United States and $1,139,445 to the Medicaid Participating States. The Principal Deputy Assistant Attorney General remarked about this settlement, “Today’s recovery highlights the critical role that whistleblowers play in the effective use of the False Claims Act to combat fraud in federal healthcare programs.”
The False Claims Act incentivizes private citizens to report fraud against the government and holds accountable companies that financially benefit from participation in government contracts and government-sponsored programs. The Department of Justice needs whistleblowers to the be the antidote to pharmaceutical fraud.
NAVEX’s 2022 Risk & Compliance Hotline & Incident Management Benchmark Report reveals an increase in internal reporting about misconduct and an increase in allegations of retaliation. The analysis of data from 3,470 organizations that received more than 1.37 million individual reports identified the following trends (see the full report for a discussion of additional trends and analysis of the data):
“More actual allegations of misconduct, rather than inquiries about policies or possible misconduct. Ninety percent of all reports in 2021 were allegations of misconduct, up from 86 percent last year and hitting an all-time high since our first benchmark report more than ten years ago.”
“Reports about retaliation, harassment and discrimination jumped – especially retaliation. In 2021, reports of retaliation nearly doubled . . . Taken altogether, these findings suggest employees are more attuned to workplace civility issues. That would fit with external trends such as more talk about systemic racism, income inequality and political divisions; as well as increasing protection for whistleblowers and employees’ awareness of those protections.”
“Substantiation rates continue to edge upward. Overall substantiation rates rose from 42 percent in 2020 to 43 percent in 2021, and up from 36 percent a decade ago. The reports substantiated most often were data privacy concerns (63 percent), environmental issues (59 percent), and confidential and proprietary information (54 percent). The reports substantiated least often were about retaliation (24 percent).”
“The substantiation rate for reports of retaliation also went up slightly, from 23 percent in 2020 to 24 percent in 2021 – the highest substantiation rate seen since 2016. While steady, this substantiation rate is significantly below the overall median case substantiation rate of 43 percent in 2021. These cases, though difficult to prove, warrant attention.”
“Reports of harassment exceeded levels from the height of the #MeToo movement.”
Corporate Whistleblower Protections
Whistleblower retaliation remains all too prevalent. A September 14, 2022 Bloomberg article titled Whistleblower retaliation remains all too prevalent discusses how “choosing to be a whistle-blower can also be a lonely, risky road” and identifies many deterrents to speaking up – “[t]hey may be afraid of litigation, ruining their reputations, losing security clearances or facing jail time.”
Fortunately, federal and state laws afford corporate whistleblowers remedies to combat retaliation, and whistleblower reward laws incentivize whistleblowers to take the considerable risks entailed in reporting fraud and other wrongdoing to the government. For example, the
SEC Whistleblower Program offers awards to eligible whistleblowers who provide original information that leads to successful SEC enforcement actions with total monetary sanctions exceeding $1 million. A whistleblower may receive an award of between 10% and 30% of the total monetary sanctions collected in actions brought by the SEC and in related actions brought by other regulatory or law enforcement authorities. The SEC Whistleblower Program allows whistleblowers to submit tips anonymously if represented by an attorney in connection with their tip.
What is Whistleblower Retaliation?
Whistleblower retaliation laws prohibit a broad range of retaliatory actions against whistleblowers, including any act that would dissuade a worker from engaging in protected whistleblowing. Examples of actionable whistleblower retaliation include:
Harassing a whistleblower or subjecting the whistleblower to a hostile work environment;
Reassigning a whistleblower to a position with significantly different responsibilities;
Issuing a performance evaluation or performance improvement plan that supplies the necessary foundation for the eventual termination of the whistleblower’s employment, or a written warning or counseling session that is considered discipline by policy or practice and is routinely used as the first step in a progressive discipline policy;
Discriminating against a whistleblower in the terms and conditions of employment because of whistleblowing.
The DOL Administrative Review Board has emphasized that statutory language prohibiting discrimination “in any way” must be broadly construed and therefore a whistleblower need not prove that a retaliatory act had a tangible impact on an employee’s terms and conditions of employment.
What Damages Can a Whistleblower Recover in a Whistleblower Retaliation Case?
Whistleblower retaliation can exact a serious toll, including lost pay and benefits, reputational harm, and emotional distress. Indeed, whistleblower retaliation can derail a career and deprive the whistleblower of millions of dollars in lost future earnings.
Whistleblowers should be rewarded for doing the right thing, but all too often they suffer retaliation and find themselves marginalized and ostracized. Federal and state whistleblower laws provide several remedies to compensate whistleblowers that have suffered retaliation, including:
back pay (lost wages and benefits);
emotional distress damages;
damages for reputational harm;
reinstatement or front pay in lieu thereof;
lost future earnings; and
punitive damages.
Combating Whistleblower Retaliation: How to Maximize Your Recovery
Whistleblower protection laws can provide a potent remedy, but before bringing a retaliation claim, it is crucial to assess the options under federal and state law and develop a strategy to achieve the optimal recovery. Key issues to consider include the scope of protected whistleblowing, the burden of proof, the damages that a prevailing whistleblower can recover, the forum where the claim would be litigated, and the impact of the retaliation claim on a whistleblower rewards claim.
Scope of Protected Whistleblowing
There is no federal statute that provides general protection to corporate whistleblowers. Instead, federal whistleblower protection laws protect specific types of disclosures, such as disclosures of securities fraud, tax fraud, procurement fraud, or consumer financial protection fraud. The main sources of federal protection for corporate whistleblowers include the whistleblower protection provisions of the following:
The False Claims Act (FCA) — protecting disclosures about fraud directed toward the government, including actions taken in furtherance of a qui tam action and efforts to stop a violation of the FCA;
The Defense Contractor Whistleblower Protection Act (DCWPA) — protecting whistleblowing about gross mismanagement of a federal contract or grant; a gross waste of federal funds; an abuse of authority relating to a federal contract or grant or a substantial and specific danger to public health or safety, or a violation of law, rule, or regulation related to a federal contract;
The Sarbanes-Oxley Act (SOX) — protecting disclosures about mail fraud, wire fraud, bank fraud, securities fraud, a violation of any SEC rule, or shareholder fraud;
The Dodd-Frank Act (DFA) — protecting whistleblowing to the SEC about potential violations of federal securities laws;
The Taxpayer First Act (TFA) — protecting disclosures about tax fraud or tax underpayment;
The Consumer Financial Protection Act (CFPA) — protecting disclosures concerning violations of Consumer Financial Protection Bureau rules or federal laws regulating unfair, deceptive, or abusive practices in the provision of consumer financial products or services; and
While most of these anti-retaliation laws protect internal disclosures (e.g., reporting to a supervisor), whistleblower protection under the DFA is predicated on a showing that the whistleblower disclosed a potential violation of federal securities law to the SEC prior to suffering an adverse action.
State law may also provide a remedy, including the anti-retaliation provisions in state FCAs. And approximately 42 states recognize a common law wrongful discharge tort action (a public policy exception to at-will employment), which generally protects refusal to engage in illegal activity and the exercise of a statutory right.
Burden of Proof
To maximize the likelihood of winning a case (or at least getting the case before a jury), it is useful to select a remedy with a favorable causation standard (the level of proof required to link the protected whistleblowing to the adverse employment action). SOX has a favorable “contributing factor” causation standard, i.e., the whistleblower prevails by proving that their protected whistleblowing affected in any way the employer’s decision to take an adverse action. In contrast, the FCA and DFA require the whistleblower to prove “but for” causation, i.e., the adverse action would not have happened “but for” the protected whistleblowing (albeit there is no need to prove that it was the sole factor).
Damages and Remedies in Whistleblower Retaliation Cases
Variations in the remedies available to whistleblowers under federal anti-retaliation laws may warrant bringing more than one claim. For example, the DCWPA authorizes an award of back pay (the value of lost pay and benefits), and the FCA authorizes an award of double back pay. If the whistleblower’s disclosures are protected under both statutes, then the whistleblower should bring both claims.
While a prevailing whistleblower can recover back pay under both the DFA and SOX (double back pay under the former and single back pay under the latter), the DFA does not authorize special damages, i.e., damages for emotional distress and reputational harm. In contrast, SOX authorizes uncapped compensatory damages. Therefore, a whistleblower protected under both statutes should bring the SOX claim within the much shorter SOX statute of limitations (180 days) to recover both double back pay and special damages.
State law may also provide a remedy, and if the whistleblower can pursue both a statutory remedy and a wrongful discharge tort, the latter may offer the opportunity to seek punitive damages.
Forum Selection and Administrative Exhaustion
When selecting the optimal remedy to combat retaliation, a whistleblower should consider the forum where the claim would be tried and determine whether the claim must initially be investigated by a federal agency before the whistleblower can litigate the claim. SOX provides an unequivocal exemption from mandatory arbitration, but Dodd-Frank claims are subject to arbitration. Accordingly, a whistleblower protected both by SOX and Dodd-Frank should file a SOX claim within the 180-day statute of limitations to preserve the option to try the case before a jury.
Several of the corporate whistleblower protection laws require that the whistleblower file the claim initially at a federal agency and permit the agency to investigate the claim before the whistleblower can litigate the claim. This is called administrative exhaustion, and failure to comply with that requirement can waive the claim. In contrast, the FCA and DFA do not require administrative exhaustion.
Impact of Whistleblower Retaliation Claim on Whistleblower Rewards Claim
Another important consideration is the potential impact of a retaliation case on a qui tam or whistleblower rewards case. Filing an FCA retaliation claim while a qui tam suit is under seal poses some risk of violating the seal, which could bar the whistleblower from recovering a relator share. Therefore, counsel should consider filing the FCA retaliation claim under seal along with the qui tam suit.
Further, whistleblowers pursuing rewards claims at federal agencies (e.g., SEC or IRS whistleblower claims) while simultaneously pursuing related retaliation claims (e.g., a SOX or TFA claim) should assess the potential impact of the retaliation claim and the potential discoverability of submissions to the SEC or IRS on the rewards claim(s).
Although the patchwork of whistleblower protection laws fails to protect disclosures about certain forms of fraud, there are important pockets of protection. To effectively combat retaliation, whistleblowers should avail themselves of all appropriate remedies.
