The 21st Century Cures Act (the “Cures Act”) amended the Civil Monetary Penalty Law ‎‎(“CMPL”) to expand the authority of the U.S. Department of Health and Human Services Office ‎of Inspector General (“OIG”).  On April 14, 2020, OIG proposed a regulation to amend the ‎regulations implementing the CMPL to: (1) incorporate new authorities for civil monetary penalty ‎‎(“CMPs”), assessments, and exclusions related to HHS grants, contracts, and other agreements ‎pursuant to the Cures Act; (2) incorporate new CMP authorities for information blocking; and (3) ‎increase the maximum penalties for certain CMP violations.  The proposed changes arise in part ‎from the expanded authority of HHS under the Cures Act to assess CMPs against individuals ‎and entities that engage in fraud and other misconduct related to HHS grants, contracts, and ‎other agreements. According to the press release issued by the OIG, entities subject to the CMPs ‎would have a period of time to come into compliance.  At a minimum, enforcement would not ‎begin any earlier than November 2, 2020.‎¹ 

CMPs, Assessments, and Exclusions Relating to HHS Grants, Contracts, and Other ‎Agreements

Pursuant to the proposed rule, if finalized in its current form, HHS will be granted broad, new ‎authority to impose CMPs, assessments, and exclusions relating to fraud and other misconduct ‎involving grants, contracts, and other agreements within the existing regulatory framework for ‎the imposition of these penalties. Specifically, the OIG could impose CMPs, assessments, and ‎exclusions against an individual or entity for:‎

1. Knowingly presenting or causing to be presented a specified claim under a grant, ‎contract, or other agreement that a person knows or should know is false or fraudulent;‎
2. Knowingly making, using, or causing to be made or used, any false statement, omission, ‎or misrepresentation of a material fact in any application, proposal, bid, progress report, or ‎other document that is required to be submitted in order to directly or indirectly receive ‎or retain funds provided in whole or in part by HHS pursuant to a grant, contract, or other ‎agreement;‎
3. ‎Knowingly making, using, or causing to be made or used, a false record or statement ‎material to a false or fraudulent specified claim under a grant, contract, or other ‎agreement;‎
4. Knowingly making, using, or causing to be made or used, a false record or statement ‎material to an obligation to pay or transmit funds or property to HHS with respect to a ‎grant, contract, or other agreement;‎
5. Knowingly concealing or knowingly and improperly avoiding or decreasing an obligation ‎to pay or transmit funds or property to HHS with respect to a grant, contract, or other ‎agreement; and
6. Failing to grant timely access, upon reasonable request, to OIG, for the purposes of ‎audits, investigations, evaluations, or other statutory functions of OIG in matters ‎involving grants, contracts, or other agreements.

Penalties for violations would range from $10,000 to $50,000 per offense, and OIG may, if ‎finalized, impose an assessment of not more than three times the amount involved with the ‎improper conduct. Individuals and entities that are sanctioned pursuant to this regulation would ‎have appeal and procedural rights.‎

Importantly, the proposed rule proposes a definition of “recipient” that includes “all persons” ‎‎(excluding program beneficiaries) “directly or indirectly receiving money or property under a ‎grant, contract, or other agreement funded in whole or in part by the Secretary, including subrecipients and subcontractors.”  According to this definition, CMPs could be assessed against ‎any downstream entity that receives funds from a grant either directly or indirectly.‎

Factors that the OIG may consider when imposing these penalties and exclusions include the ‎following: (a) if all violations included in the action were of the same type and occurred within a ‎short period of time; (b) the number of violations; (c) whether the total amount claimed was less ‎than $5,000, and (d) if the violation resulted in physical harm to any individual. The OIG did ‎not create an exhaustive list of factors, but rather a framework for OIG to use in assessing CMPs.‎

The proposed regulations will likely apply to providers that accept funding provided by HHS ‎under the CARES Act and other sources of HHS funding in connection with the COVID-19 ‎pandemic and public health emergency. For example, HHS conditioned retention of funding by ‎hospitals and other eligible providers on such providers signing an attestation agreeing to certain ‎Terms and Conditions which include a requirement that the provider submit quarterly reports ‎regarding the funding. Consequently, this proposed rule, if finalized in its current form, would ‎potentially allow the OIG to impose a CMP, assessment or exclusion on a provider based on any ‎alleged false statement, omission or misrepresentation of a material fact in any quarterly report ‎arising from the CARES Act provider funding and filed after the effective date of the final rule.  ‎We recommend that providers use great care in their reporting related to the use of COVID-19-‎related relief funding. We additionally recommend providers carefully consider and understand ‎their obligations associated with the use of any federal funding, whether related to the public ‎health emergency or otherwise.

‎NewAuthority to Impose Penalties for Information Blocking

The proposed regulation also proposes to add authority for the OIG to penalize individuals and ‎entities for information blocking pursuant to the amendment under the Cures Act to the Public ‎Health Service Act (PHSA). According to the press release issued by the OIG, the proposed rule ‎is intended to help improve coordination within the health care system and patients’ access to ‎their health care data by addressing the negative effects of information blocking. The rule ‎proposes that CMPs could be imposed for information blocking which is:‎

“Any practice that is likely to interfere with, prevent, or materially discourage ‎access, exchange, or use of electronic health information if this practice is ‎conducted by a developer of certified health information technology (health IT), ‎an entity offering certified health IT, a health information exchange, or a health ‎information network, and the developer of certified health IT, entity offering ‎certified health IT, health information exchange, or health information network ‎knows or should know that this practice is likely to interfere with, prevent, or ‎materially discourage the access, exchange, or use of electronic health ‎information.”^‎2 

The rule also proposes to codify the maximum penalty OIG can impose for information blocking ‎violations as $1,000,000 per violation.  A violation is defined as each practice that constitutes ‎information blocking.  However, the OIG is seeking comments on this definition of “violation.”  ‎Individuals and entities subject to enforcement would have procedural and appeal rights.‎

The proposed rule would codify the requirement that the OIG consider the nature and extent of ‎the information blocking, the resulting harm, including the number of affected patients and ‎providers, and the number of days the violations persisted. In addition, the OIG is also seeking ‎comments on factors that would be considered when imposing a CMP for information blocking ‎violations.‎

Increase in Certain Civil Money Penalties

Finally, the regulation proposes to increase the amounts of certain civil money penalties pursuant ‎to the Bipartisan Budget Act of 2018.  Penalties are proposed to be increased to no more than ‎‎$20,000 (up from $10,000) for the following violations:‎

• Each individual violation of false or fraudulent claims and other similar misconduct ‎relating to grants, contracts, and other agreements.‎
• Participation in a Federal health care program when the individual or entity knows, or ‎should know that it is excluded from participation and retains a direct or indirect ‎ownership or control interest of 5% or more in an entity that participates in a Federal ‎health care program. The penalty can be assessed each day the relationship continues.
• Contracting with an individual or entity that the person or entity knows, or should know ‎is excluded from participation in Federal health care programs. The penalty can be ‎imposed for each separately billable or non-separately-billable item or service provided by ‎an excluded individual or entity.‎
• Not reporting and returning known overpayments.‎
• Beneficiary inducement violations.‎

Furthermore, penalties are proposed to be increased to no more than $30,000 (up from $15,000) ‎for each determination that false or misleading information has been given relating to discharging ‎a person from the hospital and for each day of continuing failure to grant timely access to records ‎requested by the OIG for audits and investigations.  ‎

Penalties are also to be increased to no more than $100,000 (up from $50,000) for each false ‎statement, omission, or misrepresentation of a material fact relating to any application, bid, or ‎contract to enroll as a provider of services or a supplier under a Federal health care program; for ‎each false record or statement made seeking payment for items and services furnished under a ‎Federal health care program; and for each offer, payment, solicitation, or receipt of remuneration.  ‎The increase in these penalties is significant and will give the OIG additional leverage in ‎enforcement proceedings and investigations.‎

---
_{1 ‎“OIG proposes rule for civil money penalties for information blocking”, HHS Office of Inspector General (last ‎visited Apr. 27, 2020), https://oig.hhs.gov/newsroom/news-releases/2020/infoblocking.asp.‎
2 https://www.federalregister.gov/d/2020-08451/p-31.‎}