With the publication of a rule finalizing financial penalties for grant fraud and related violations of U.S. law, the HHS Office of Inspector General (OIG) has a renewed weapon at the ready. Federal awardees should see this as a reminder to ensure their compliance programs are in top shape.
The final rule published in the July 3 Federal Register is a broad civil money penalty (CMP) regulation that follows OIG’s April 2020 proposed rule, as called for under the 2016 Cures Act and related provisions in the 2018 Bipartisan Budget Act (BBA).[1] It is in effect as of Aug. 2.
In addition to describing “penalties, assessments and exclusions” related to HHS-funded awards, contracts and “other agreements,” the rule addresses OIG’s fines and enforcement approach to a regulation prohibiting information blocking in health care. However, the information blocking provisions in this rule are limited to information technology vendors; HHS is still developing a separate regulation for providers.
Health care attorney Mark Barnes told RRC the new regulation confirms OIG’s penalty authority and could increase the possibility of enforcement.
“The CMP portion of this rule as applied to grants would seem to make more direct the ability of HHS OIG to extract both funding amounts and penalties on institutions that OIG believes have made false claims or have understated amounts to be reimbursed to funding agencies,” said Barnes, a partner with Ropes & Gray LLP. “These powers have been implicit, but the rule simply gives those powers a firm and explicit regulatory basis.”
With the Cures Act, OIG gained the authority to enter into settlements or assess penalties without the involvement of the Department of Justice for actions that do not violate relevant federal criminal law—specifically activities not related to fraud, bribery or gratuity violations. Prior to the act, institutions and individuals were prosecuted or entered into settlements for these violations of the False Claims Act.
Four years ago, OIG issued grant-disclosure guidance to encourage organizations to contact OIG with misconduct by themselves or by “any recipient, sub-recipient, applicant, or anyone else who may have criminal, civil, or administrative liability related to any HHS grant, contract, or other agreement.”[2] Some violations must be reported, while others are voluntary. The 2019 guidance marked the first time OIG specifically addressed grantee self-disclosures, adding to its existing formal procedure for other health care entities, such as hospitals and providers.
The rule amends HHS CMP regulations to “incorporate new authorities for CMPs, assessments, and exclusions related to HHS grants, contracts, other agreements; and increase[s] the maximum penalties for certain CMP violations.”
The authority is incorporated “into the existing regulatory framework for the imposition and appeal of CMPs, assessments, and exclusions,” according to the rule. “The additions: (1) expressly enumerate in the regulation the grant, contract, and other agreement fraud and misconduct CMPL [Civil Money Penalty Law] authority; and (2) give individuals and entities sanctioned for fraud and other misconduct related to HHS grants, contracts, and other agreements the same procedural and appeal rights that currently exist under 42 CFR parts 1003 and 1005 for those sanctioned under the CMPL and other statutes for fraud and other misconduct related to, among other things, the Federal health care programs.”
List of Violations Inumerated
As the rule explains, OIG may take action against a person or organization that it finds engaged in:
-
“knowingly presenting or causing to be presented a specified claim under a grant, contract, or other agreement that a person knows or should know is false or fraudulent;
-
“knowingly making, using, or causing to be made or used any false statement, omission, or misrepresentation of a material fact in any application, proposal, bid, progress report, or other document that is required to be submitted in order to directly or indirectly receive or retain funds provided in whole or in part by HHS pursuant to a grant, contract, or other agreement;
-
“knowingly making, using, or causing to be made or used, a false record or statement material to a false or fraudulent specified claim under a grant, contract, or other agreement;
-
“knowingly making, using, or causing to be made or used, a false record or statement material to an obligation to pay or transmit funds or property to HHS with respect to a grant, contract, or other agreement;
-
“knowingly concealing or knowingly and improperly avoiding or decreasing an obligation to pay or transmit funds or property to HHS with respect to a grant, contract, or other agreement; and
-
“failing to grant timely access, upon reasonable request, to OIG for the purposes of audits, investigations, evaluations, or other statutory functions of OIG in matters involving grants, contracts, or other agreements.”
OIG also noted that it has the authority to impose sanctions on subrecipients and others that indirectly receive HHS funds by submitting payment requests to an HHS awardee. The CMPL applies to any entity (or person) that “among other things, creates false documents” used to request funds,” the rule states.
Those receiving HHS funds “directly or indirectly through an agreement [are] potentially subject to liability under the CMPL if they engage in any of the improper conduct identified in the regulation including but not limited to making misrepresentations in applications for the funding, presenting false or fraudulent specified claims related to the funding, and creating false records related to the funding.”
The final rule adopted the proposed regulation’s definition of “other agreement,” which OIG acknowledged is “broad.” An “other agreement” can be, but is not limited to, “a cooperative agreement, scholarship, fellowship, loan, subsidy, payment for a specified use, donation agreement, award, or subaward (regardless of whether one or more of the persons entering into the agreement is a contractor or subcontractor).”
As proposed, the final regulation restates that “when OIG investigates potential misconduct and decides whether to impose sanctions, it will evaluate matters on a case-by-case basis to determine whether the funding arrangement at issue constitutes an ‘other agreement’ under the statute and whether the conduct at issue violates the statute.”
Mitigating, Aggravating Circumstances Detailed
The BBA doubled the fines for infractions. They now range from $20,000 to $100,000. In addition, the maximum penalty is $50,000 for “each false statement, omission, or misrepresentation of a material fact” and for “each false record or statement.” OIG may not impose a fine exceeding $10,000 “for each day that the person knowingly conceals or knowingly and improperly avoids or decreases an obligation to pay.” Other infractions have a daily maximum of $15,000.
A $20,000 cap will be applied “for each separately billable or non-separately-billable item or service provided, furnished, ordered, or prescribed by an excluded individual or entity.” Assessments cannot exceed more than three times the total amount of the funds subject to the false claims or fraud, according to the rule.
OIG will also consider mitigating and aggravating factors. A mitigating circumstance is when all “the violations included in the action brought under this part were of the same type and occurred within a short period of time, there were few such violations, and the total amount claimed or requested related to the violations was less than $5,000.”
“Aggravating circumstances include but are not limited to: (1) The violations were of several types or occurred over a lengthy period of time; (2) There were many such violations (or the nature and circumstances indicate a pattern of false or fraudulent specified claims, requests for payment, or a pattern of violations); (3) The amount requested or claimed or related to the violations was $50,000 or more; or (4) The violation resulted, or could have resulted, in physical harm to any individual.”
Previous Settlements Include MSU, UNLV, WSU
RRC asked Barnes if the new regulation raises the stakes for organizations.
“I think that there is a marginally higher risk of enforcement of the penalties, but the vast majority of major research universities and academic medical centers already have very robust compliance programs that try to detect and prevent grant problems, and that when problems occur, are well versed in repayment obligations,” Barnes said. “The truly higher risk here is probably to the universities and hospitals that still lack such robust compliance infrastructure.”
OIG’s history of CMP settlements shows it will take action. To date, it has posted six settlements stemming from self-disclosures involving grant-related fraud on its website, which date from December 2018 to February of this year.[3] But there have been other settlements, and some have been quite costly.
In March 2019, Michigan State University (MSU) self-disclosed to HHS that it had violated the CMPL and agreed to pay $47,580 for using funds from a cooperative agreement awarded by the National Institute on Minority Health and Health Disparities “to reimburse a subrecipient who paid the subrecipient’s principal investigator for travel.”
The agency “alleged this conduct violated applicable regulations restricting Federal award recipients from entering into covered transactions with debarred individuals, and the terms and conditions of the NIH award to MSU,” OIG said.
Another settlement also from 2019 involved Total Health Care Inc. of Baltimore County, Maryland, which agreed to pay $151,280 for employing “an individual that it knew or should have known was excluded from participation in Federal health care programs,” according to the website.
In February 2021, the University of Nevada Las Vegas (UNLV) entered into a settlement agreement to refund $1.07 million and pay a penalty of almost $400,000 for three NIH and one Health Resources and Services Administration awards, for a total of $1,450,947.81.[4]
OIG said the awards “were unallowable either because they were made to organizations without sufficient documentation of whether the activities were for the performance of the awards, or because they were made to entities with which the [principal investigator] had an undisclosed conflict of interest.”
Later that year, in September, Washington State University (WSU) signed an agreement with OIG to pay $824,208, of which $549,311 was restitution and $274,897 was a penalty, according to the agreement OIG provided to RRC.[5]
The settlement agreement indicated WSU exceeded NIH’s salary cap on 60 awards and one contract over a period of five years—Jan. 2, 2015, to Dec. 31, 2020.
Info Blocking May Bring $1M Fine
As noted earlier, the regulation also addresses penalties for information blocking. Individuals or entities found to have “committed information blocking…may be subject up to a $1 million penalty per violation.” It did not specify lesser amounts it may impose.
For groups subject to the information blocking rule enforcement under the new regulation (which does not include providers), OIG will begin enforcement Sept. 1 and “will not impose a penalty on information blocking conduct occurring” prior to that date, the agency said.
The rule maintains the enforcement priorities OIG laid out in the proposed regulation. OIG will pursue “conduct that: (1) resulted in, is causing, or had the potential to cause patient harm; (2) significantly impacted a provider’s ability to care for patients; (3) was of long duration; (4) caused financial loss to Federal health care programs, or other government or private entities; or (5) was performed with actual knowledge.”
OIG will “select cases for investigation based on these priorities and expect[s] that the enforcement priorities will evolve as OIG gains more experience investigating information blocking,” it said. Importantly, OIG stressed that it has to find an element of “intent” in an entity’s actions; otherwise, OIG lacks authority to impose a fine, according to the rule.
1 Grants, Contracts, and Other Agreements: Fraud and Abuse; Information Blocking; Office of Inspector General’s Civil Money Penalty Rules, 88 Fed. Reg. 42,820 (July 3, 2023), https://bit.ly/43dTrNP.
2 Theresa Defino, HHS OIG Offers Guidance, “Form to Encourage Grantee Self-Disclosure of Possible Wrongdoing,” Report on Research Compliance 16, no. 8 (August 2019), https://bit.ly/3Q79Vo4.
3 U.S. Department of Health & Human Services, Office of Inspector General, “Enforcement Actions,” accessed July 24, 2023, https://bit.ly/3Do7uGa.
4 Theresa Defino, “After Paying HHS $1.45M, UNLV Enhances Award Oversight; OIG Touts Self-Disclosure,” Report on Research Compliance 18, no. 6 (June 2021), https://bit.ly/3cA8Hg6.
5 Theresa Defino, “Two Washington Universities Ink Settlements For Exceeding Salaries, Falsified Application,” Report on Research Compliance 18, no. 12 (December 2021), https://bit.ly/3Dq8mtP.
[View source.]
