What triggers a government healthcare fraud investigation?

Investigations can be triggered by whistleblower qui tam lawsuits, data analysis of billing patterns by the OIG or CMS, patient complaints, referrals from other government agencies, tips from former employees, and routine audits that uncover irregularities. The government uses sophisticated data analytics to identify statistical outliers in billing patterns that may indicate fraudulent practices.

Can a compliance program protect an organization from government enforcement?

While no compliance program can guarantee immunity from enforcement, an effective program can significantly reduce the risk of violations occurring, facilitate early detection and correction of problems, and demonstrate good faith to regulators. The DOJ considers the existence and effectiveness of a compliance program as a factor in charging decisions, and the OIG considers compliance efforts when determining penalties.

What is the difference between mandatory and permissive exclusion?

Mandatory exclusion from federal healthcare programs is required by law for individuals convicted of certain offenses, including healthcare fraud, patient abuse, felony convictions related to controlled substances, and certain felony financial crimes. Permissive exclusion is discretionary and may be imposed by the OIG for various other reasons, including misdemeanor drug convictions, license revocation, and fraud in non-healthcare programs.

Should we self-disclose compliance violations to the government?

Self-disclosure is a significant decision that should be made with the advice of experienced healthcare counsel. The benefits include potentially reduced penalties, the ability to control the narrative, and demonstration of organizational integrity. However, self-disclosure brings the matter to the governments attention and requires careful preparation. The OIG Self-Disclosure Protocol and CMS Voluntary Self-Referral Disclosure Protocol provide structured processes for reporting different types of violations.

How does the False Claims Act whistleblower process work?

A private individual (the relator) files a qui tam complaint under seal in federal court. The government has at least 60 days, often extended to years, to investigate and decide whether to intervene. If the government intervenes, it takes over primary prosecution and the relator receives 15-25% of any recovery. If the government declines, the relator can proceed independently and may receive 25-30% of any recovery. Whistleblowers are protected from employer retaliation.

Healthcare Compliance Attorneys

Experienced legal representation for healthcare compliance matters across all 50 states.

Request a Consultation Call: 1-844-6-NWIND-1 (1-844-669-4631)

$2.68 billion

DOJ Healthcare Fraud Recoveries (FY 2023)

Source: U.S. Department of Justice

~2,800

Individuals Excluded from Federal Programs (2023)

Source: HHS OIG Exclusions Database

712 new cases

False Claims Act Qui Tam Suits Filed (FY 2023)

Source: DOJ Civil Division Fraud Statistics

$100 billion+

Estimated Annual Healthcare Fraud Losses

Source: National Health Care Anti-Fraud Association

About Healthcare Compliance

Healthcare compliance encompasses the systems, processes, and procedures that healthcare organizations implement to ensure adherence to the complex web of federal and state laws, regulations, and ethical standards governing the healthcare industry. The regulatory landscape includes the Anti-Kickback Statute, the Stark Law (Physician Self-Referral Law), the False Claims Act, HIPAA, Medicare and Medicaid conditions of participation, state licensure requirements, and numerous other rules that touch virtually every aspect of healthcare operations. The Office of Inspector General (OIG) of the Department of Health and Human Services has published compliance program guidance for various healthcare sectors, establishing the framework that most compliance programs follow.

A robust healthcare compliance program typically includes seven core elements as outlined by the OIG: written policies and procedures, designation of a compliance officer and committee, effective training and education, open lines of communication for reporting concerns, internal monitoring and auditing, enforcement through disciplinary guidelines, and prompt response to detected offenses with corrective action. These elements work together to create a culture of compliance that permeates every level of the organization.

The stakes for compliance failures are extraordinarily high. The False Claims Act, the governments primary tool for combating healthcare fraud, imposes penalties of roughly $11,000 to $23,000 per false claim plus treble damages. Qui tam provisions allow whistleblowers to file suits on behalf of the government and receive a percentage of any recovery. In recent years, the Department of Justice has recovered billions of dollars annually through healthcare fraud enforcement, with pharmaceutical companies, hospital systems, and physician practices all facing significant enforcement actions.

Why You Need a Healthcare Compliance Attorney

Healthcare fraud costs the United States an estimated $100 billion or more annually, driving up insurance premiums and diverting resources from patient care. Effective compliance programs protect organizations from devastating financial penalties, exclusion from federal healthcare programs, criminal prosecution of executives and employees, and the reputational damage that accompanies public enforcement actions. For healthcare providers, exclusion from Medicare and Medicaid is effectively a death sentence for the business, as these programs represent the single largest payer in most healthcare markets. Beyond financial protection, compliance programs improve the quality of patient care by ensuring that medical decisions are made based on clinical need rather than financial incentives. They create safer workplaces by establishing clear reporting channels for concerns, and they strengthen organizational culture by demonstrating that ethical behavior is valued at every level.

Common Healthcare Compliance Cases

Anti-Kickback Statute Violations

Arrangements that involve remuneration in exchange for referrals of patients covered by federal healthcare programs. Common examples include excessive compensation in medical director agreements, free office space or equipment, and improper consulting arrangements designed to reward referrals.

Stark Law Self-Referral Violations

Physician referrals for designated health services to entities with which the physician or an immediate family member has a financial relationship, unless a specific exception applies. Violations can result in refund obligations, False Claims Act liability, and exclusion from federal programs.

False Claims Act Cases

Submitting false or fraudulent claims to Medicare, Medicaid, or other federal healthcare programs. This includes upcoding, unbundling, billing for services not rendered, and certifying medical necessity when criteria are not met.

Billing and Coding Fraud

Systematic errors or intentional manipulation of billing codes to increase reimbursement, including upcoding to higher-paying procedure codes, unbundling services that should be billed together, and billing for services at a higher complexity level than documented.

Corporate Integrity Agreement Compliance

Organizations that have settled fraud cases with the OIG are often required to enter Corporate Integrity Agreements imposing rigorous compliance obligations for five years, including independent review organization audits and regular reporting.

EMTALA Violations

Failure to provide emergency medical screening and stabilization treatment to patients regardless of ability to pay, as required by the Emergency Medical Treatment and Labor Act. Violations can result in civil penalties and termination of Medicare provider agreements.

Prescription Drug and Controlled Substance Compliance

Violations related to prescribing practices, including inappropriate prescribing of opioids, failure to maintain adequate prescription records, and violations of the Controlled Substances Act involving healthcare prescribers.

Typical Healthcare Compliance Case Timeline

Compliance Risk Assessment

2-4 months

Comprehensive evaluation of the organizations operations, contracts, billing practices, and existing compliance infrastructure to identify risk areas and gaps in compliance.

Program Design and Policy Development

3-6 months

Developing written compliance policies and procedures, establishing a compliance committee, creating reporting mechanisms, and designing training programs tailored to the organizations specific risks.

Implementation and Training

3-6 months

Rolling out the compliance program through organization-wide training, establishing hotline and reporting systems, implementing monitoring protocols, and integrating compliance into daily operations.

Internal Auditing and Monitoring

Ongoing quarterly reviews

Conducting regular audits of billing practices, referral arrangements, documentation, and other high-risk areas. Monitoring compliance metrics and investigating reports of potential violations.

Government Investigation Response

1-3 years if triggered

If a government investigation is initiated, the response process includes document preservation, internal investigation, negotiation with government agencies, and potential settlement or litigation.

Corrective Action and Remediation

6-18 months

Implementing changes identified through audits, investigations, or enforcement actions, including revised policies, additional training, enhanced monitoring, and potential voluntary self-disclosures.

Know Your Rights

Healthcare organizations have the right to self-disclose potential violations to the OIG through the Self-Disclosure Protocol, which can result in reduced penalties and more favorable resolution terms.
Whistleblowers are protected from retaliation under the False Claims Act, and employees who report compliance concerns internally should be protected by the organizations non-retaliation policy.
Providers have the right to appeal Medicare and Medicaid coverage and payment determinations through administrative processes and, in some cases, federal court.
Organizations under government investigation have the right to legal counsel and are not required to make self-incriminating statements to investigators.
Healthcare providers have the right to request advisory opinions from the OIG regarding whether proposed business arrangements may violate the Anti-Kickback Statute.
Individuals proposed for exclusion from federal healthcare programs have the right to a hearing before an administrative law judge and subsequent appeals.

What to Look for in a Healthcare Compliance Attorney

When selecting a healthcare compliance attorney, prioritize experience with the specific regulatory framework affecting your type of healthcare organization. An attorney advising a hospital system faces different issues than one advising a physician practice, pharmacy, or medical device company. Look for attorneys who have experience working with or against government enforcement agencies such as the OIG, DOJ, CMS, and state Medicaid fraud control units. Board certification in health law, if available in your jurisdiction, can indicate specialized expertise. The ideal attorney should have experience conducting internal investigations, negotiating with government agencies, and developing practical compliance programs that work within the realities of clinical operations. Ask about their experience with False Claims Act defense, self-disclosure protocols, and corporate integrity agreement compliance.

Questions to Ask Your Healthcare Compliance Attorney

1Does our current compliance program address the seven elements identified in the OIG compliance program guidance for our type of healthcare entity?
2Are our physician compensation arrangements and referral relationships structured to comply with the Anti-Kickback Statute and Stark Law, including applicable safe harbors and exceptions?
3Should we conduct a voluntary self-disclosure to the OIG or CMS for the issues we have identified, and what are the risks and benefits of doing so?
4What is the statute of limitations for the potential violations we have discovered, and what is our exposure under the False Claims Act?
5How should we structure our internal investigation to maintain attorney-client privilege while still obtaining the information needed for compliance purposes?
6What monitoring and auditing procedures should we implement to detect and prevent the types of violations most common in our practice setting?
7Are there state-level compliance requirements that impose additional obligations beyond the federal requirements?

Understanding Healthcare Compliance Legal Costs

Healthcare compliance legal work is billed at hourly rates typically ranging from $350 to $800 per hour, with partners at major healthcare law firms often exceeding this range. Building a comprehensive compliance program for a small to mid-size practice may cost $25,000 to $100,000, while enterprise-wide programs for hospital systems can cost significantly more. Government investigation defense can range from $100,000 to several million dollars depending on the complexity and scope of the investigation. Some firms offer fixed-fee compliance assessments or subscription-based compliance advisory services that provide ongoing access to legal guidance. Internal investigations may cost $50,000 to $500,000 or more. The investment in compliance should be measured against the potential cost of enforcement actions, where False Claims Act settlements alone frequently reach tens of millions of dollars.

Key Legal Terms

Video Resources

These videos are provided for informational purposes only. The attorneys and organizations featured are not affiliated with or endorsed by Northwind Law.

Healthcare Compliance 101: What You Need to Know

Compliance.ai

The False Claims Act Explained

The National Law Review

Anti-Kickback Statute and Stark Law: Understanding the Difference

HCCA Official

Frequently Asked Questions About Healthcare Compliance

The OIG identifies seven core elements: written policies and procedures; designation of a compliance officer and compliance committee; effective training and education programs; open lines of communication for reporting concerns; internal monitoring and auditing; enforcement through well-publicized disciplinary guidelines; and prompt response to detected offenses with corrective action. These elements should be tailored to the specific risks and operations of your organization.

Citations & Sources

[1]
The Department of Justice recovered $2.68 billion in healthcare fraud settlements and judgments in fiscal year 2023, continuing a trend of multibillion-dollar annual recoveries. — U.S. DOJ Civil Division Fraud Statistics, FY 2023
[2]
The OIG has published compliance program guidance for hospitals, physician practices, nursing facilities, pharmaceutical manufacturers, and other healthcare sectors establishing the seven core compliance program elements. — HHS OIG Compliance Program Guidance
[3]
Under the False Claims Act, penalties range from $11,803 to $23,607 per false claim (adjusted for inflation), plus three times the amount of damages sustained by the government. — 31 U.S.C. § 3729, as adjusted by 28 CFR § 85.5
[4]
The National Health Care Anti-Fraud Association estimates that healthcare fraud costs the United States tens of billions of dollars each year, with some estimates exceeding $100 billion annually. — National Health Care Anti-Fraud Association

Ready to Discuss Your Healthcare Compliance Case?

Speak with a experienced healthcare compliance attorney. Free consultations available.

Request a Consultation 1-844-6-NWIND-1 (1-844-669-4631)