An Ounce of Prevention Is Worth a Pound of Cure Why You Need an Effective Compliance Program

by Baker Donelson

[authors: Gina L. Simms and Amy E. Garber]

For centuries, health care providers have enlightened patients with the well-known adage: “an ounce of prevention is worth a pound of cure.”1 A recent set of cases involving a durable medical equipment company and its employees illustrate that health care providers can benefit from the same wisdom. The cases involving Orthofix, Inc. and its employees serve as cautionary tales that emphasize the need for an effective compliance program. Having an effective compliance program can be that “ounce of prevention” that can aid a company in warding off costly federal civil and criminal prosecutions and the potential damage to an entity’s reputation and financial well-being that may result from those prosecutions.

Case Study: Orthofix, Inc. False Claims Act and Criminal Cases

Orthofix, Inc. (Orthofix), a U.S.-based subsidiary of Orthofix International, N.V, manufactures commercial medical devices including bone growth stimulators. In 2005, Jeffrey Bierman, the owner of a company that provides billing services to providers, filed a qui tam2 action under seal, in which he alleged that Orthofix had committed Medicare fraud. Bierman made multiple allegations, including that between approximately 1999 until 2010, Orthofix submitted fraudulent Medicare billings for its bone-growth stimulator products. According to Bierman, Orthofix routinely falsified certificates of medical necessity (CMNs) for its products and relied upon those false certificates to support its claims for reimbursement from the government. In addition, Orthofix allegedly offered kickbacks and other incentives to health care professionals, staff, and patients in order to induce the promotion, prescription, and/or purchase of bone growth stimulators in violation of the Federal Anti-Kickback Statute.3

In addition to the qui tam suit, the U.S. Attorney’s Office for the District of Massachusetts criminally investigated Orthofix for potential Medicare violations related to the CMNs it was required to maintain for bone growth stimulator products. As a result of its investigation, on June 7, 2012, the government charged Orthofix via a felony Information with obstruction of a federal audit, in violation of 18 U.S.C. §1516.4 The government alleged that Orthofix failed to disclose material information during a Medicare audit of its practices related to CMNs5, including that some Orthofix territory managers: completed entire CMNs rather than the treating physicians who were required to complete portions of the form; coached physicians or their staff to falsify portions of the CMNs; and forged physicians’ signatures on the CMNs. The government maintains that Orthofix’s failure to disclose its conduct to the federal auditor led the auditor to falsely conclude that Orthofix complied with Medicare regulations.

In June 2012, Orthofix attempted to globally resolve the criminal and civil cases. On June 7, 2012, the U.S. Department of Justice (DOJ), the U.S. Attorney’s Office for the District of Massachusetts, and Orthofix signed a civil settlement agreement. Orthofix agreed to pay $34 million to resolve the False Claims Act allegations. Orthofix also agreed to enter into a Corporate Integrity Agreement (CIA) with the Department of Health and Human Services (HHS), Office of the Inspector General (OIG), whereby it agreed to establish and maintain a compliance program.6 In order to resolve the criminal case, Orthofix agreed to plead guilty to the felony obstruction offense and to pay a $7.7 million criminal fine.

On September 6, 2012, the federal judge assigned to the criminal case informed Orthofix and the government that he would not accept Orthofix’s guilty plea, opining that he had “extreme unease of treating corporate criminal conduct like a civil case.”7 During a subsequent criminal hearing, the judge initially rejected Orthofix’s attempt to plead guilty, and later appeared to conditionally accept the plea and schedule a sentencing hearing for December 2012.8 In the civil case, a status conference has been scheduled for December 20, 2012, after the criminal hearing, to address the potential resolution of the False Claims Act allegations.

Even though the corporate criminal and civil cases against Orthofix remain pending, the government’s investigation of the company has resulted in several felony charges against former Orthofix employees, executives, and contractors for their criminal conduct. The criminal prosecutions include actions against a former Orthofix Vice President of Sales, who pled guilty to violating the Federal Anti-Kickback Statute9 for scheming to pay a doctor and physicians’ assistant to induce others to purchase Orthofix products, and two former Orthofix territory managers who pled guilty to health care fraud for falsifying patients’ medical records and prescriptions to make it appear that the physicians’ orders met Medicare guidelines for payments related to bone growth stimulators.10 These individuals have not yet been sentenced.

An Effective Compliance Program and Its Benefits

The Orthofix cases raise questions about how this type of serious misconduct could have occurred: Were employees aware of wrongdoing, yet the company lacked effective mechanisms to encourage reports of misconduct? For instance, did the company maintain an anonymous complaint hotline? What, if any, incentives did employees have to report misconduct? What policies and procedures did the company have in place to deter employees, including senior-level managers and executives, from engaging in criminal fraud? A reasonable reading of the publicly available documents about this case suggests that Orthofix did not have an effective compliance plan in place to both detect and deter the types of fraud investigated by the government and unearthed by the whistleblower.11

The OIG has published on its website guidelines for voluntary compliance programs and compliance resources directed at various segments of the health care industry, including medical device manufacturers.12 An effective compliance plan must be specifically tailored to a provider’s operations, bearing in mind the particular risks that the provider confronts in operating its business. At minimum, a compliance plan should contain elements related to education, oversight, and mitigation (internal reporting mechanisms and discipline).13

A health care provider can substantially minimize the risk of prosecution by taking affirmative steps to encourage employees and others, including third-party vendors and contractors, to promptly and fully report wrongdoing. A robust compliance program should require employee and officer training and education sufficient to ensure that everyone has a clear understanding of the relevant state and federal laws potentially implicated by that company’s business practices. Moreover, a truly effective compliance program will require prompt investigation of reported bad acts, and the swift undertaking of corrective actions, including appropriate discipline of wrongdoers, if warranted. Furthermore, independent of any compliance program, a health care provider should have safeguards in place to protect employees who come forward to report malfeasance, including a non-retribution/non-retaliation policy. These steps may seem like large and costly undertakings, but the associated costs pale in comparison to the harsh criminal and/or civil penalties that a company might face because it failed to institute an effective compliance system.

In a worst-case scenario where a corporate health care provider faces criminal charges, having a meaningful compliance program in place can make a significant difference at sentencing. The Federal Sentencing Guidelines provide for a lower potential sentence and ultimately lower fines where a company has an “Effective Compliance and Ethics Program”14 in place. In addition, the health care corporation that promptly reports wrongdoing to the government, cooperates with a government investigation, and demonstrates “recognition and affirmative acceptance of responsibility,” will be eligible for a lower penalty.15

Because the federal government has an arsenal of tools both to detect fraud and to prosecute health care providers, an effective compliance program is indispensable. While it may be unrealistic to expect to prevent all instances of non-compliance, an effective compliance program can help to mitigate potential criminal exposure. The Orthofix criminal case may forecast increasing resistance from courts to allowing companies to simply enter a guilty plea and pay a fine. In this landscape, health care providers should be introspective and try to determine how best to prevent and/or mitigate potential civil and criminal wrongdoing. And it must be remembered that an organization is the sum of its parts - therefore, it takes effort on all levels to create a successful compliance system. While an effective compliance program has many components, they are indeed, the ounce of prevention worth a pound of cure.

The authors extend their thanks to Christian F. Henel for his contributions to this article.

1 Benjamin Franklin, as quoted in The Electric Ben Franklin: A Quick Biography of Benjamin Franklin, (last visited Nov. 26, 2012).
See 31 U.S.C. § 3729 et. seq. (2006), the False Claims Act.
See 42 U.S.C. § 1320a-7b(b). See also the Complaint filed in the case of U.S., ex rel. Jeffrey J. Bierman v. Orthofix Int’l, N.V., et al., Civil Action No. 05-10557-EFH (D. Mass. March 23, 2005).
418 U.S.C. § 1516 provides, in relevant part, that “whoever, with intent to deceive or defraud the United States, endeavors to influence, obstruct or impede a Federal auditor in the performance of official duties relating to a person, entity, or program . . ., shall be fined under this title, or imprisoned not more than 5 years, or both.”
See Information filed in the case of U.S. v. Orthofix, Inc., Crim No. 12-10169 (D. Mass.).
See Docket Entry No. 1-3, U.S. v. Orthofix, Inc., Crim No. 12-10169 (D. Mass.).
The Honorable William G. Young, District of Massachusetts, quoted by Jef Feeley & Janelle Lawrence, Orthofix’s Settlement of Medicare Probe Rejected by Judge (Sept. 6, 2012),
Regrettably, the docket entries for this case, U.S. v. Orthofix, Inc., Crim No. 12-10169 (D. Mass.), are not entirely clear. Because the case has been set for a sentencing hearing, the reasonable inference is that the court accepted a guilty plea.
9See 42 U.S.C. § 1320a-7(b)(2)(B), and the docket sheet in U.S. v. Guerrieri., Crim. No. 12-10061(D. Mass).
10 See docket sheets in U.S. v. Field, Crim. No. 12-CR-10057 (D. Mass.) and U.S. v. McKay, Crim. No. 12-CR-10129 (D. Mass.).
11See Corporate Integrity Agreement, appended to the plea agreement, Docket No. 1-3, in U.S. v. Orthofix, Inc., Crim No. 12-10169 (D. Mass.).
12 HHS-OIG Guidelines are available at: See also Compliance Resources for Medical Device Manufacturers, Julie K. Taitsman, M.D., J.D., Chief Medical Officer, HHS-OIG (June 11, 2011).
13 The OIG identifies seven key elements for successful compliance: (a) the development and implementation of written policies and procedures, e.g., a code of conduct that sets forth a provider’s commitment to compliance with all federal health care program requirements; (b) designating a chief compliance officer and compliance committee responsible for implementing and enforcing ethics policies; (c) comprehensive training and education on ethics; (d) an effective communication framework that encourages a culture of disclosure; (e) internal monitoring and auditing focused on identifying high-risk practices; (f) enforcing standards through well-publicized disciplinary guidelines; and (g) responding promptly to detected problems and undertaking corrective action. See id.
14 See U.S.S.G. § 8C2.5(f)(2011). The Federal Sentencing Guidelines define Effective Compliance Program as one where an organization: (1)exercise[s] due diligence to prevent and detect criminal conduct; and (2) otherwise promote[s] an organizational culture that encourages ethical conduct and a commitment to compliance with the law. U.S.S.G. § 8B2.1.
15 See U.S.S.G. § 8C.2.5(g)(2).


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Baker Donelson | Attorney Advertising

Written by:

Baker Donelson

Baker Donelson on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.