Proposed CMS Rule Increases OIG and FCA Focus on Fraud on The Medicare Part D Prescription Drug Benefit

The Medicare Part D Prescription Drug Benefit (“Part D”) has dramatically increased the role of private government contractors in the delivery of pharmaceutical drugs to government healthcare program beneficiaries. In order to deliver pharmaceutical drugs to Part D beneficiaries, the federal government typically contracts with managed care organizations known as Prescription Drug Plan Sponsors (“PDPs”), which in turn, contract with “first tier,” “downstream” and other entities such as Pharmacy Benefit Managers (“PBMs”) and pharmacies. The primary functions of PDPs are to share risk with government payors, to serve as intermediaries between the government and other stakeholders in the pharmaceutical supply chain, and to help contain prescription drug costs. In its first year of implementation, Part D covered 28 million beneficiaries at a cost of $47.4 billion – almost 12 percent of all Medicare spending . Those numbers have grown substantially in the years since.

By many accounts, Part D has been successful. And, in comparison to other government health programs, Part D is less often the subject of fraud investigation and prosecution. These achievements notwithstanding, Part D has not been immune to healthcare fraud. Largely in response to concerns raised by the Department of Health and Human Services Office of Inspector General (“OIG”), this past January the Centers for Medicare and Medicaid Services (“CMS”) proposed a new rule designed, in part, to curtail fraud and abuse in the Part D program (the “Proposed Rule”) . In its current form, the Proposed Rule may expose PDPs and other Part D contractors to increased fraud investigation by CMS and OIG, as well as increased liability under the federal False Claims Act, and similar state statutes (the “FCA”).

Recent OIG and FCA Focus on Part D Fraud

In the years following the implementation of Part D, OIG has released several reports describing flaws in the compliance provisions of the program . In its Work Plan for Fiscal Year 2014 , OIG listed several areas of anticipated investigation into the practices of Part D contractors. And just this month, OIG released a report criticizing CMS’s Part D Fraud Voluntary Reporting Program . The report disapproved of the voluntary nature of the program, noting that no more than half of PDPs reported any fraud, and that CMS had neither sufficiently analyzed the data, nor shared it with law enforcement officials. While CMS did not concur with all the recommendations, this series of OIG reports has drawn increased attention to Part D fraud and abuse.

Additionally, anti-fraud efforts of the Department of Justice (“DOJ”), state Attorneys General, and private whistleblowers have focused largely on pharmaceutical supply chain stakeholders. The FCA has been particularly instrumental in combating healthcare fraud. Since 1987, FCA lawsuits have returned over $55 billion to federal and state governments6 , a large proportion of which derived from healthcare fraud, including Medicare fraud. Nearly all of DOJ’s Medicare recoveries have involved Parts A and B, but recently DOJ has directed more of its efforts towards prosecuting Part D fraud.

While there have been a handful of modest FCA settlements against Part D contractors, the FCA action Spay v. CVS, presently in active discovery, is the first to examine closely the nature of FCA liability premised upon Part D fraud . In that case the whistleblower, a pharmacy auditor, alleged that Part D contractors CVS Caremark Corporation (“CVS”) and Silverscript, LLC fraudulently submitted and certified the accuracy of false information in Part D Prescription Drug Event (“PDE”) submissions to CMS, resulting from failures to implement certain required Drug Utilization Reviews. DOJ did not intervene in the case, but did file a Statement of Interest in opposition to the defendants’ motion to dismiss. The court allowed the allegations to go forward, denying the motion to dismiss in its entirety. Most significantly, the court found that “[a]lthough CMS provides prospective payments to the Part D sponsor, who in turn prospectively pays the PBM, the PDE records are prerequisites to obtaining additional payments and to reconcile the accuracy of any previous payments already made. Thus [....], a PDE is a claim or demand for payment under the FCA .” The Spay ruling significantly increased FCA exposure of Part D contractors that are responsible for populating the PDE with data for submission to CMS.

In October, 2012, DOJ intervened in and settled another Part D fraud case under the FCA against the PDP RxAmerica, LLC (“RxAmerica”) and CVS. In that case, the government alleged that RxAmerica misrepresented certain drug prices in its submission of pricing data to CMS, and charged Part D and its beneficiaries substantially higher prices at the point of sale. Additionally, RxAmerica allowed its sister company pharmacy, CVS, to charge significantly higher prices than other in-network pharmacies. The case settled for $5.25 million.

Implications of CMS’s Proposed New Rule upon Efforts to Combat Part D Fraud

In January 2014, CMS published the Proposed Rule for public comment. Among other key provisions, the Rule would empower CMS to request and collect information directly from first-tier, downstream, or related Part D entities. OIG had previously raised concern that CMS’s Medicare Drug Integrity Contractor (“MEDIC”) had encountered obstacles when seeking information from Part D contractors. This objective of easing the flow of information to CMS from Part D contractors signals an increase in CMS’s and OIG’s focus on Part D fraud. Notably, MEDICs routinely work with law enforcement, including the referral of cases and provision of data to DOJ.

If implemented, the Proposed Rule has the potential to expose Part D contractors to further FCA liability. In Spay, the court found that even PDE data that is not directed to payment may be treated as actionable FCA “claims.” Under Spay, PBMs may also be held liable for PDE data submissions used to set rates for future reimbursements. PBM or pharmacy submissions of data to MEDIC, if false, may give rise to FCA liability as well. And, should a Part D contractor be required to certify compliance with the Proposed Rule, that contractor may be held liable for having submitted, or caused the submission, of false PDE data to CMS.

The Proposed Rule further requires PDPs to return overpayments within 60 days of “identification” of the overpayment15 . Particularly significant is this provision’s broad definition of “identification,” to include “action in reckless disregard or deliberate ignorance of the overpayment16.” The 2009 amendments to the FCA included expansion of the reverse-false claims provision of the statute, to attach liability to a defendant who “knowingly and improperly avoids or decreases an obligation to pay or transmit money or property to the Government,” even in the absence of any false statement made to the government. The FCA defines an “obligation” as “an established duty, whether or not fixed, arising from . . . statute or regulation, or from the retention of an over payment.” In view of these provisions of FCA, the Proposed Rule signals that PDPs should take active steps to return not only Part D overpayments of which they have actually become aware, but overpayments of which they would have become aware had they been more vigilant.

PDPs’ Incentive to Combat Part D Fraud

Perhaps by design, the Proposed Rule increases the incentive of PDPs to monitor PDE data that is submitted by Part D contractors for submission to CMS. As previously noted, OIG has admonished PDPs for having been neither sufficiently vigilant in their oversight of fraud, nor active in their reporting of it. As the primary Part D contractor, however, PDPs and their employees are particularly well-positioned to assist the government in its fraud-prevention efforts, whether to fulfill their contractual and regulatory obligations, or as FCA whistleblowers themselves.

The False Claims Act embodies the principle that a public-private partnership, among prosecutors, regulators, government contractors and whistleblowers alike, will be best equipped to uncover government fraud and maximize the return of taxpayer funds to federal and state treasuries. As emphasized by the Proposed Rule, PDPs have both the means and the incentive to participate in these efforts.

1.See http://www.gao.gov/assets/100/95817.pdf at 1.

2. See Medicare Program; Contract Year 2015 Policy and Technical Changes to the Medicare Advantage and the Medicare Prescription Drug Benefit Programs , 79 Fed. Reg. 7 (proposed Jan. 10, 2014). While CMS has since stated that it will not finalize many portions of the rule, it declared that it does plan to finalize the anti-fraud provisions. Ltr. From M. Tavener to S. Levin, http://democrats.waysandmeans.house.gov/sites/democrats.waysandmeans.house.gov/files/Levin.pdf

3. See, e.g., Retail Pharmacies with Questionable Part D Billing (May 2013) ̧ https://oig.hhs.gov/oei/reports/oei-02-09-00603.pdf; Medicare Drug Integrity Contractors’ Identification of Potential Part D Fraud and Abuse (Oct 2009), http://oig.hhs.gov/oei/reports/oei-03-08-00420.pdf; Prescribers With Questionable Patterns in Medicare Part D (Jun 2013) https://oig.hhs.gov/oei/reports/oei-02-09-00603.pdf.

4. See OIG Work Plan for Fiscal Year 2014, https://oig.hhs.gov/reports-and-publications/archives/workplan/2014/Work-Plan- 2014.pdf

5. See Less Than Half of Part D Sponsors Voluntarily Reported Data on Potential Fraud and Abuse (Mar. 2014), https://oig.hhs.gov/oei/reports/oei-03-13-00030.asp

6. See http://www.taf.org/resource/fca/faq#faq6

7. Spay v. CVS Caremark Corporation, Case No. 2:09−cv−04672−RB, Doc. 15

8. Id. at Doc. 73

9. Spay v. Caremark Corp, 913 F. Supp. 2d 125, 168 (E.D. Pa. 2012)

10. Doe v. RxAmerica, Case:1:08-cv-04742-CBA-VVP, Doc. 10

11. DOJ Press Release, CVS Subsidiary, RxAmerica, Reaches $5 Million Settlement with US for Allegedly Submitting False Pricing Relating to the Company’s Medicare Part D Plan, http://www.justice.gov/opa/pr/2012/October/12-civ-1238.html

12. Medicare Program; Contract Year 2015 Policy and Technical Changes to the Medicare Advantage and the Medicare Prescription Drug Benefit Programs , 79 Fed. Reg. 7 (proposed Jan. 10, 2014) p. 1992.

13. Among other things, CMS’s MEDIC program enlists private contractors to receive and investigate complaints of Medicare fraud from the public.

14. Medicare Drug Integrity Contractors’ Identification of Potential Part D Fraud and Abuse (Oct 2009), http://oig.hhs.gov/oei/reports/oei-03-08-00420.pdf.

15. Medicare Program; Contract Year 2015 Policy and Technical Changes to the Medicare Advantage and the Medicare Prescription Drug Benefit Programs , 79 Fed. Reg. 7 (proposed Jan. 10, 2014) p. 1997

16. Id.

17. 31 U.S.C. § 3729(a)(1)(G)

18. 31 U.S.C. § 3729(b)(3)

********

Ross Brooks is a Partner in the New York office of Sanford Heisler, LLP, a national law firm with offices in Washington, D.C., New York and California. He received his law degree from The University of Chicago Law School in 1997. Mr. Brooks leads Sanford Heisler’s whistleblower practice, currently representing whistleblowers in numerous sealed and unsealed False Claims Act/Qui Tam and other whistleblower suits under investigation by the United States and other governmental stakeholders, or in active litigation.

Inayat Ali Hemani is a Litigation Fellow at the New York office of Sanford Heisler, LLP, a national law firm with offices in Washington, D.C., New York, and San Francisco. He received his Bachelor’s degree from George Washington University in 2008 and his law degree from New York University.