New DOJ Whistleblower Program Invites Greater Scrutiny of the Health Care Industry

Earlier this month, the Department of Justice (DOJ) launched its anticipated Criminal Division Corporate Whistleblower Awards Pilot Program (the “Pilot Program”), which went into effect on August 1, 2024, and will continue for three years. As Deputy Attorney General (DAG) Lisa Monaco explained earlier this year, the Pilot Program is intended to provide a monetary incentive for individuals with knowledge of nonpublic corporate wrongdoing to report the misconduct. It follows a series of recent policy changes announced by DOJ, including to its Corporate Voluntary Self Disclosure Policy (the “Corporate VSD Policy”) and Pilot Program on Voluntary Self Disclosures for Individuals, which have been described by DAG Monaco as “a mix of carrots and sticks to promote responsible corporate citizenship.” Notably, under the amended Corporate VSD Policy, companies are eligible for a presumption of a declination (i.e., no criminal charges) if they self-report information received by an internal whistleblower to DOJ within 120 days.

These programs reflect DOJ’s focus on combatting corporate crime and fraud across many industries and they supplement existing policies that address the health care industry, such as the DOJ’s False Claims Act Reporting Program, the Health and Human Services Office of Inspector General’s (OIG) Whistleblower Protection Program, and the Centers for Medicare & Medicaid Services’ (CMS) Self-Referral Disclosure Protocol. Given these recent pronouncements, companies—including those in the health care industry (and particularly those heavily serving commercially covered and private pay patients)—should consider adopting robust compliance programs to encourage identification and remediation of non-compliance and potential fraud and  create a culture of compliance within their organization.

1. The Focus of the Pilot Program

   During her keynote speech before the American Bar Association in March, DAG Monaco explained that one of the key purposes behind the new Pilot Program is to address areas of corporate misconduct not previously covered by other federal reporting programs. To that end, the Pilot Program focuses on receiving original information from four “programmatic areas” of corporate crime, including (i) crimes involving financial institutions, (ii) foreign corruption and bribery, (iii) domestic corruption and bribery; and (iv) health care fraud in the private sector. The Pilot Program Guidance describes health care fraud as follows:

   Violations related to (a) federal health care offenses and related crimes involving private or other non-public health care benefit programs, where the overwhelming majority of claims are submitted to private or other non-public health care benefit programs, (b) fraud against patients, investors, and other non-governmental entities in the health care industry, where the overwhelming majority of the actual or intended loss was to patients, investors, and other non-governmental entities, and (c) any other federal violations involving conduct related to health care not covered by the Federal False Claims Act, 31 U.S.C. § 3729, et seq.

   Reinforcing its gap filling purpose, the Pilot Program Guidance makes clear that would-be whistleblowers are not eligible for an award under this program if they “would be eligible for an award through another U.S. government or statutory whistleblower, qui tam, or similar program had they reported the same original information to that other program.”   

   This is particularly noteworthy for health care stakeholders who do not accept Medicare, Medicaid or other federal health care programs and who sat traditionally outside of CMS and OIG reporting and disclosure protocols. These health care stakeholders—particularly concierge medical practices, direct-to-consumer digital health solutions and point-of-care solutions offered only to employee-sponsored plans—should be aware that the Pilot Program will incentivize reporting of misconduct and DOJ has signaled they intend to hold these organizations accountable.

2. Pilot Program Eligibility Requirements

   Under the Pilot Program, to be eligible for an award, would-be whistleblowers must (i) “provide original, truthful information about criminal misconduct relating to one or more designated program areas,” discussed above, that (ii) “leads to forfeiture exceeding $1,000,000 in net proceeds.” 

   Information is considered “original,” under the program, if it (i) “is derived from the individual’s independent knowledge or independent analysis;” (ii) “is non-public and previously not known to the Department” and (iii) “materially adds to the information the Department already possesses.” Even if a whistleblower first reports this information through the company’s internal whistleblower or internal reporting process, the information is considered “original” and DOJ will treat the date that the individual provided this information to the company’s internal reporting structure as the date of original disclosure to the government.

   Importantly, information is not considered original under the program if the information is obtained “through a communication that was subject to the attorney-client privilege” or “is contained entirely in an allegation made in a judicial or administrative hearing, in a government report, hearing, audit, or investigation, or in the news media.” The Pilot Program Guidance further explains that information is not “original” if it is based on, among other things, information received as “an officer, director, trustee, or partner” or “an employee whose principal duties involve compliance or internal audit responsibilities.”

3. Whistleblower Communications & Cooperation with the Department

   Like other federal whistleblower programs, the Pilot Program provides confidentiality protections for information submitted by individuals. However, the program also raises questions about the lengths DOJ will go to obtain information from a whistleblower and encourage their cooperation. For example, the Pilot Program Guidance provides that if a director, officer or member of a company represented by counsel speaks with the Department about a possible criminal violation, the Department is authorized to speak with that individual “regarding the possible criminal violation without seeking the consent of the entity’s counsel.” That said, these communications may be further restricted based upon the applicable state’s no contact rule, which generally prohibits communications with represented persons or corporate parties about the subject of the representation. Likewise, the Pilot Program further warns companies that any actions taken to “impede” communications with the Department—including the enforcement of confidentiality agreements—could lead to obstruction charges.

4. Key Takeaways  

   Given the stated purpose of the Pilot Program is to generate more claims and create a “race to the door” between individuals and companies, companies should consider the following:

   • For health care stakeholders already submitting claims to government payors (i.e., Medicare and Medicaid programs), a system should already be established for overseeing internal compliance and identifying issues with government claims. Given the Pilot Program’s focus on health care fraud (and particularly in claims with private insurers), companies, if they have not already, should expand the scope of pre-existing policies to include submitting claims to commercial payors and self-pay patients.
   • A health care stakeholder should ensure that their auditing and monitoring program reviews coding and claims submission practices for all services, not just those billed to government payor programs, and remediate any non-compliance identified, including returning any overpayment received due to known error or fraud.
   • Health care stakeholders should review their marketing and advertising materials to ensure they are accurately representing their services to patients, investors and customers as intentional misrepresentation could be considered fraud.
   • Health care stakeholders should review their patient acquisition strategies for potential abuse and/or misconduct. Specifically, stakeholders should evaluate whether such strategies involve actions that could be perceived as bribes or kickbacks to third parties for referrals.
   • All health care stakeholders should have internal reporting processes, such as a compliance hotline or mailbox, which allow employees, contractors and patients to report non-compliance confidentially and anonymously so that the company has an opportunity to review and investigate the allegations before the individual reports it to DOJ. Individuals are less likely to report compliance concerns externally if they feel the concerns are sufficiently addressed by the company. Also, DOJ has been clear in its Corporate Compliance Guidance that an effective internal reporting process is a “hallmark” of an effective compliance program.
   • In light of the recent amendments to Corporate VSD Policy, companies should evaluate their internal investigation protocols and procedures to ensure they afford sufficient time to complete an internal risk assessment and determine whether to self-report to DOJ within the new 120-day window. Protocols should consider who, within the organization, will be responsible for overseeing the internal investigation and, if necessary, when to consult with outside counsel.