The 21st Century Cures Act (the “Cures Act”) amended the Civil Monetary Penalty Law (“CMPL”) to expand the authority of the U.S. Department of Health and Human Services Office of Inspector General (“OIG”). On April 14, 2020, OIG proposed a regulation to amend the regulations implementing the CMPL to: (1) incorporate new authorities for civil monetary penalty (“CMPs”), assessments, and exclusions related to HHS grants, contracts, and other agreements pursuant to the Cures Act; (2) incorporate new CMP authorities for information blocking; and (3) increase the maximum penalties for certain CMP violations. The proposed changes arise in part from the expanded authority of HHS under the Cures Act to assess CMPs against individuals and entities that engage in fraud and other misconduct related to HHS grants, contracts, and other agreements. According to the press release issued by the OIG, entities subject to the CMPs would have a period of time to come into compliance. At a minimum, enforcement would not begin any earlier than November 2, 2020.1
CMPs, Assessments, and Exclusions Relating to HHS Grants, Contracts, and Other Agreements
Pursuant to the proposed rule, if finalized in its current form, HHS will be granted broad, new authority to impose CMPs, assessments, and exclusions relating to fraud and other misconduct involving grants, contracts, and other agreements within the existing regulatory framework for the imposition of these penalties. Specifically, the OIG could impose CMPs, assessments, and exclusions against an individual or entity for:
- Knowingly presenting or causing to be presented a specified claim under a grant, contract, or other agreement that a person knows or should know is false or fraudulent;
- Knowingly making, using, or causing to be made or used, any false statement, omission, or misrepresentation of a material fact in any application, proposal, bid, progress report, or other document that is required to be submitted in order to directly or indirectly receive or retain funds provided in whole or in part by HHS pursuant to a grant, contract, or other agreement;
- Knowingly making, using, or causing to be made or used, a false record or statement material to a false or fraudulent specified claim under a grant, contract, or other agreement;
- Knowingly making, using, or causing to be made or used, a false record or statement material to an obligation to pay or transmit funds or property to HHS with respect to a grant, contract, or other agreement;
- Knowingly concealing or knowingly and improperly avoiding or decreasing an obligation to pay or transmit funds or property to HHS with respect to a grant, contract, or other agreement; and
- Failing to grant timely access, upon reasonable request, to OIG, for the purposes of audits, investigations, evaluations, or other statutory functions of OIG in matters involving grants, contracts, or other agreements.
Penalties for violations would range from $10,000 to $50,000 per offense, and OIG may, if finalized, impose an assessment of not more than three times the amount involved with the improper conduct. Individuals and entities that are sanctioned pursuant to this regulation would have appeal and procedural rights.
Importantly, the proposed rule proposes a definition of “recipient” that includes “all persons” (excluding program beneficiaries) “directly or indirectly receiving money or property under a grant, contract, or other agreement funded in whole or in part by the Secretary, including subrecipients and subcontractors.” According to this definition, CMPs could be assessed against any downstream entity that receives funds from a grant either directly or indirectly.
Factors that the OIG may consider when imposing these penalties and exclusions include the following: (a) if all violations included in the action were of the same type and occurred within a short period of time; (b) the number of violations; (c) whether the total amount claimed was less than $5,000, and (d) if the violation resulted in physical harm to any individual. The OIG did not create an exhaustive list of factors, but rather a framework for OIG to use in assessing CMPs.
The proposed regulations will likely apply to providers that accept funding provided by HHS under the CARES Act and other sources of HHS funding in connection with the COVID-19 pandemic and public health emergency. For example, HHS conditioned retention of funding by hospitals and other eligible providers on such providers signing an attestation agreeing to certain Terms and Conditions which include a requirement that the provider submit quarterly reports regarding the funding. Consequently, this proposed rule, if finalized in its current form, would potentially allow the OIG to impose a CMP, assessment or exclusion on a provider based on any alleged false statement, omission or misrepresentation of a material fact in any quarterly report arising from the CARES Act provider funding and filed after the effective date of the final rule. We recommend that providers use great care in their reporting related to the use of COVID-19-related relief funding. We additionally recommend providers carefully consider and understand their obligations associated with the use of any federal funding, whether related to the public health emergency or otherwise.
NewAuthority to Impose Penalties for Information Blocking
The proposed regulation also proposes to add authority for the OIG to penalize individuals and entities for information blocking pursuant to the amendment under the Cures Act to the Public Health Service Act (PHSA). According to the press release issued by the OIG, the proposed rule is intended to help improve coordination within the health care system and patients’ access to their health care data by addressing the negative effects of information blocking. The rule proposes that CMPs could be imposed for information blocking which is:
“Any practice that is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information if this practice is conducted by a developer of certified health information technology (health IT), an entity offering certified health IT, a health information exchange, or a health information network, and the developer of certified health IT, entity offering certified health IT, health information exchange, or health information network knows or should know that this practice is likely to interfere with, prevent, or materially discourage the access, exchange, or use of electronic health information.”2
The rule also proposes to codify the maximum penalty OIG can impose for information blocking violations as $1,000,000 per violation. A violation is defined as each practice that constitutes information blocking. However, the OIG is seeking comments on this definition of “violation.” Individuals and entities subject to enforcement would have procedural and appeal rights.
The proposed rule would codify the requirement that the OIG consider the nature and extent of the information blocking, the resulting harm, including the number of affected patients and providers, and the number of days the violations persisted. In addition, the OIG is also seeking comments on factors that would be considered when imposing a CMP for information blocking violations.
Increase in Certain Civil Money Penalties
Finally, the regulation proposes to increase the amounts of certain civil money penalties pursuant to the Bipartisan Budget Act of 2018. Penalties are proposed to be increased to no more than $20,000 (up from $10,000) for the following violations:
- Each individual violation of false or fraudulent claims and other similar misconduct relating to grants, contracts, and other agreements.
- Participation in a Federal health care program when the individual or entity knows, or should know that it is excluded from participation and retains a direct or indirect ownership or control interest of 5% or more in an entity that participates in a Federal health care program. The penalty can be assessed each day the relationship continues.
- Contracting with an individual or entity that the person or entity knows, or should know is excluded from participation in Federal health care programs. The penalty can be imposed for each separately billable or non-separately-billable item or service provided by an excluded individual or entity.
- Not reporting and returning known overpayments.
- Beneficiary inducement violations.
Furthermore, penalties are proposed to be increased to no more than $30,000 (up from $15,000) for each determination that false or misleading information has been given relating to discharging a person from the hospital and for each day of continuing failure to grant timely access to records requested by the OIG for audits and investigations.
Penalties are also to be increased to no more than $100,000 (up from $50,000) for each false statement, omission, or misrepresentation of a material fact relating to any application, bid, or contract to enroll as a provider of services or a supplier under a Federal health care program; for each false record or statement made seeking payment for items and services furnished under a Federal health care program; and for each offer, payment, solicitation, or receipt of remuneration. The increase in these penalties is significant and will give the OIG additional leverage in enforcement proceedings and investigations.
1 “OIG proposes rule for civil money penalties for information blocking”, HHS Office of Inspector General (last visited Apr. 27, 2020), https://oig.hhs.gov/newsroom/news-releases/2020/infoblocking.asp.