An emerging anti-kickback scheme to watch

© yurchello108 - stock.adobe.com

In today’s legal landscape, it should come as no surprise that the government and relators are increasingly considering a variety of healthcare and cybersecurity privacy and security laws in combination with traditional False Claims Act (FCA) and Anti-Kickback Statute (AKS) causes of action.

A recent opinion issued by the Seventh Circuit Court of Appeals highlights this combination. Stop Ill. Health Care Fraud, LLC v. Sayeed, Nos. 22-3295 and 23-1943 (7th Cir. May 2, 2024), found that data mining and client solicitation did not qualify for the well-known safe harbor – personal services and management contracts safe harbor, 42 C.F.R. § 1001.952(d). Fundamentally, the District Court found, and the Seventh Circuit found that three home health care companies and the owner violated both the AKS and FCA by remunerating to “data mine” a referral source’s patient records.

Fundamentally, Management Principles, Inc. (MPI), which is owned by Asif Sayeed, in turn manages two home health care agencies that provides services to Medicare beneficiaries in Illinois. In December 2010, MPI signed a management services agreement to pay the Healthcare Consortium of Illinois (HCofI), which assists in coordinating health care services for select seniors in Illinois. Between December 2010 and June 2015, MPI paid the HCofI $90,000 and the two home healthcare agencies which are managed by MPI billed the federal government in excess of $700,000. The District Court found liability under both the AKS and FCA and imposed approximately $5.9 million in damages, which represented a trebling of damages plus a per-claim penalty of $5,500 consistent with 31 U.S.C. §3729(a)(1).

Defendants appealed and the key take-aways from the Seventh Circuit’s Opinion are:

• Rejection of defendant’s improper reliance on United States ex rel. Shutte v. SuperValu, 143 S. Ct. 1391 (2023) and holding that the District Court’s analysis was consistent with SuperValu, which held that a defendant’s subjective knowledge that a claim is false cannot escape liability by stating that reasonable minds may disagree. “That holding does not help Sayeed. Indeed, it makes it harder - not easier – for him to avoid FCA liability,” the Seventh Circuit said.
• Sayeed testified that he has been in the healthcare industry for nearly three decades and knew that buying protected health information was illegally. Hence, he “knowingly and willfully” violated the AKS.
• The data mining by trolling through patient records and then soliciting patients directly, did not squarely fit within the AKS safe harbor for personal services and management contracts (42 C.F.R. § 1001.952(d)).
• The $5.9 million damages award did not violate the Eighth Amendment because it was not excessive.
• The only issue that the Seventh Circuit remanded was to parse out legitimate claims from the illegal claims concluding, “[i]f … the defendants provided services to patients that the Consortium assigned to the defendants through the course of its ordinary-course referral process, then Medicare claims for those services would bear no causal connection to the data-mining scheme.”

The intersection of HIPAA, the AKS, and the FCA are illustrated by the Seventh’s Circuit’s language,

“By any measure, Sayeed’s actions ‘affected more than just [him]self and the government.’ [citation omitted]. The defendants accessed the private health information of hundreds of vulnerable seniors in Illinois without their permission and exploited their records for profit through unsolicited marketing calls. These harms, which are not explicitly captured in the FCA’s loss calculation, further support the district court’s damages award. By no means was this a victimless fraud.” (emphasis added).

In sum, this is a case that in-house counsel and compliance persons should learn from and adapt training. As cybersecurity and patient privacy become more of a focus for a variety of government agencies and relators alike, being proactive can reduce the risk of a government enforcement action or FCA case.