Assistant Attorney General Leslie R. Caldwell Delivers Remarks at the American Bar Association’s 25th Annual National Institute on Health Care Fraud

Good morning, and thank you, Willy [Wifredo A. Ferrer], for that kind introduction.  Thank you to the American Bar Association for hosting this important conference.  I am honored to be opening this 25th anniversary conference in the city that has been the birthplace of many of the Criminal Division’s modern health care fraud enforcement efforts.  And, I am delighted to be here with Willy Ferrer, whose office has been a real force in the fight against health care fraud for many years. 

In keeping with the theme of today’s anniversary conference, I would like to discuss the Criminal Division’s efforts against health care fraud over the past 25 years, where we are now and where we are headed in the near future.  We have a remarkable success rate and effective strategies in our health care fraud prosecutions.  But these days, it’s not only our investigations and prosecutions that are bringing health care providers to the attention of the Criminal Division – it’s also the cybersecurity challenges faced by the industry.

For the past year—almost to the day, in fact—I have had the pleasure of leading the Justice Department’s Criminal Division, which includes approximately 600 smart, hard-working prosecutors from 17 varied sections. 

Among the sections that I oversee, one section—the Fraud Section—has a unit of approximately 40 specialized prosecutors dedicated exclusively to health care fraud investigations and prosecutions.  Those prosecutors often partner with U.S. Attorneys’ Offices, who dedicate even more prosecutors to health care fraud prosecution.  Stamping out Medicare fraud and holding those who commit this fraud accountable are core missions of the Criminal Division and the Justice Department.

Many of you have been practicing long enough to recall the days when the Criminal Division and its law enforcement partners were essentially reactive in health care fraud cases.  Prosecutors relied primarily on the Centers for Medicare and Medicaid Services—or CMS—to refer cases for investigation and prosecution.  CMS maintained control of the health care billing data, and prosecutors relied upon CMS to both provide and analyze it.  At the time, the Criminal Division was focused primarily on “storefront cases,” or cases in which businesses billed Medicare, but were not actually providing services or equipment.

We have come a long way since those days.

The Criminal Division began its intensive health care fraud enforcement efforts in 2007 with the creation of the Medicare Fraud Strike Force, which began right here in Miami, in partnership with the FBI and the Department of Health and Human Services’ Office of the Inspector General (HHS-OIG). 

In its infancy, the Strike Force targeted Medicare billing categories known to be rife with fraud, such as billing for durable medical equipment.  Within one year, the Criminal Division’s enforcement efforts, along with administrative actions taken by HHS, contributed to a one billion dollar drop in durable medical equipment billings in the Miami area.

Since those early successes, we have expanded the Strike Force to eight additional cities that are “hot spots” for Medicare fraud—Tampa, Florida; Baton Rouge, Louisiana; Dallas; Houston; Brooklyn, New York; Detroit; Chicago; and Los Angeles.  The Strike Force focuses exclusively on one thing—prosecuting Medicare fraud—and has developed successful partnerships with law enforcement and a proven model for investigations and prosecutions.  Since its inception in 2007, the Medicare Fraud Strike Force has charged more than 2,100 defendants who had collectively billed the Medicare program for more than $6.5 billion. 

In the last fiscal year alone, the Strike Force charged 353 defendants, who had collectively billed the Medicare program approximately $830 million.  Of those 353 defendants charged, 304 pleaded guilty and 41 were convicted at trial.  The Strike Force has an overall conviction rate of 95 percent—a spectacular rate of success considering the volume and the complexity of the prosecutions—and secures prison sentences averaging more than 50 months.   

In May of last year, Strike Force prosecutors in all nine cities executed a nationwide operation that resulted in charges against 90 individuals, including doctors, nurses and other medical professionals, for their participation in Medicare fraud schemes involving approximately $260 million in false billings.  This was the seventh nationwide takedown of its kind, and it will by no means be the last.

Targeting areas of the country with high amounts of Medicare fraud is only one of the successful strategies employed by the Strike Force.  In another successful shift in focus, the Medicare Fraud Strike Force obtained billing data from CMS in close to real time, and the Strike Force analyzed that data and used it as a key part of its prosecutions. 

This change has had several significant benefits.  First, access to real-time data enables us to bring cases more quickly, rather than having to wait for CMS to provide historical billing data to support an investigation.  Second, we can identify emerging fraud schemes and new types of Medicare fraud.  We are analyzing the data to stay ahead of the curve and stop fraud schemes at the development stage.  And third, we can find existing fraud schemes that move to new geographic areas.  The Strike Force pioneered this use of cutting-edge data analysis, and it has revolutionized our heath care fraud prosecutions.

The Strike Force is a model of 21st Century data-driven policing.  And it is has had an undeniable impact.  Data from our partners at HHS-OIG shows that Medicare spending in service areas we have targeted, such as community mental health and home health fraud schemes, has plummeted, decreasing by hundreds of millions of dollars.  For example, after the Strike Force targeted group psychotherapy fraud in Detroit, the billings to Medicare in that treatment category dropped by more than 70 percent.  I already mentioned our success in decreasing false billings for durable medical equipment.  And, just two years after the Strike Force in Miami identified and targeted widespread fraud in the home health industry, Medicare billings for home health services in Florida dropped by more than $1 billion and payments to health care providers fell by roughly $500 million.

It’s not only the high number of prosecutions that demonstrate the Strike Force’s success, but also the level and sophistication of the individuals who are prosecuted.  Since 2007, the Strike Force has charged over 140 licensed doctors.  These are individuals who have breached the public trust and their professional duties of care, selling out their medical licenses for the lure of easy money, and oftentimes preying on vulnerable Medicare beneficiaries.  Cases involving fraud by health care executives are also a high priority for us, and a growing part of our Strike Force docket.

As just one example of the complex and high-impact cases we are bringing, American Therapeutic Corporation (ATC) and its executives—here in Miami—were prosecuted for a $205 million fraud scheme.  ATC purported to operate partial hospitalization programs in seven locations throughout Orlando, Florida, and south Florida, but in reality, its employees paid tens of millions of dollars in kickbacks in exchange for the names and identification numbers of Medicare beneficiaries so that ATC could fraudulently bill Medicare for services that were never provided.  When all was said and done, more than 20 individuals were convicted, including ATC’s owners, and both ATC and an associated management company pleaded guilty to criminal charges.  The mastermind of the scheme was sentenced to 50 years in prison.

Notably, the ATC investigation started with a False Claims Act qui tam filing in the Southern District of Florida.  The Criminal Division coordinates with the Civil Division and the U.S. Attorneys’ Offices to ensure that experienced prosecutors from the Criminal Division’s Fraud Section review qui tam complaints and supporting evidence early on to determine whether there is, or is likely to be, evidence of criminal conduct.  If so, the Criminal Division will open a parallel investigation.

During this initial review, prosecutors consider whether the facts and circumstances support criminal investigation and possible prosecution.  In particular, among other factors, we look at the severity or pervasiveness of any compliance failures, the involvement and culpability of individuals, and the availability and appropriateness of regulatory or civil enforcement action, as opposed to criminal prosecution.

Of course, the burden of proof in criminal cases is different than in civil cases, since we need to prove crimes beyond a reasonable doubt instead of by a preponderance of evidence.  And the level of scienter is different too - generally we need to show a “specific intent to defraud” to secure a criminal conviction, whereas that is not required under the False Claims Act.

Although both the Civil Division and the Criminal Division are committed to fighting health care fraud, we have different law enforcement missions and different law enforcement tools at our disposal.  While our civil colleagues are committed to securing restitution and financial penalties, federal prosecutors are focused on identifying, punishing and deterring criminal conduct.

Parallel investigations maximize the department’s ability to secure the appropriate outcome in each matter – whether it be financial penalties, restitution, federal program exclusion or criminal prosecution of both corporations and individuals.  Civil litigators and criminal prosecutors coordinate with each other as appropriate and with other executive branch agencies to protect and advance the government’s overall interests.

In addition to bringing sophisticated cases involving complex schemes, the Criminal Division is also pursuing multi-district cases.  As an example, last year, the last of 17 defendants were convicted at trial for their involvement in a quarter-billion dollar Medicare fraud scheme, involving three community mental health centers located in Baton Rouge and Houston.  The fraud scheme spanned seven years and involved over $258 million in Medicare billings for psychotherapy services that were medically unnecessary or not provided at all.  To date, an owner of the centers has been sentenced to almost nine years in prison, and the medical director was sentenced to seven years in prison.

Despite our successes, Medicare Fraud remains a serious drain on our health care system.  In fiscal year 2014, the Justice Department recovered over $3 billion of fraudulent Medicare billings through civil, criminal and administrative actions.

So, where are we headed now?

The Strike Force is looking at emerging fraud trends, and we are seeing those in areas including Medicare Part D, laboratory services, hospital-based services and hospice care.  These are the latest frontiers in Medicare fraud.  Our prosecutors and in-house analysts and our law enforcement partners have become expert fraud investigators, fluent in the complexities of Medicare billing, and we are working hard to identify those engaged in these new schemes and to bring them to justice.

While many of our case have focused—and will continue to focus—on individual physicians, home health care providers, pharmacy owners and medical supply company executives, the Strike Force will follow evidence of health care fraud wherever it leads, including into corporate boardrooms and executive suites.  The Criminal Division has a long record of holding executives responsible for their criminal wrongdoing in cases involving financial fraud.  You should expect to see us building on that record in the field of health care fraud.

When I spoke about our efforts in this regard just seven months ago at another conference, we had only a handful of open corporate investigations.  We now have over a dozen active corporate investigations, and we are steering additional prosecutorial resources to this area.

Late last year, Fraud Section prosecutors convicted the former president of Riverside Hospital and three others following a jury trial in connection with a six-year, $158 million Medicare fraud scheme.  Ten defendants have been convicted as part of the Riverside fraud, and the investigation is not over.  As recently as last week, a doctor and group home owner were indicted for their alleged involvement in a $5.2 million fraud scheme related to Riverside.

This is but one of our recent demonstrated successes in investigating and prosecuting corporate health care fraud.  We expect to continue to build momentum in this area.

As our corporate investigations progress, health care companies, hospitals and their counsel should understand that we will be applying the very same Principles of Federal Prosecution of Business Organizations—also known as the Filip factors—that we apply in other corporate cases when we evaluate possible corporate criminal charges.  As seasoned practitioners—many of whom have served on both sides of the aisle—I know you are all well-versed in these factors.

I would, however, like to discuss one factor that has been the subject of recent discussion in financial fraud cases: corporate cooperation.  This is a key consideration expressly detailed in the Filip factors.  It is a recurring topic at conferences like this, and a subject that I have addressed in detail several times over the last year.  My comments in the context of financial fraud cases are equally applicable to our health care fraud prosecutions.

Put simply, companies seeking credit for cooperation must conduct a thorough internal investigation and turn over all available evidence of wrongdoing to our prosecutors in a timely and complete way.  And that evidence must include information about the individuals who committed the crimes, no matter how high those individuals might have been on the corporate ladder.

A company should not expect to receive cooperation credit for just producing documents in response to a grand jury subpoena.  That has never been considered cooperation in any other context, and it will not be recognized as cooperation in the health care fraud context either.  To the contrary, compliance with lawful process is a legal requirement, not voluntary cooperation.

Cooperation means that a corporation has made an affirmative effort to investigate potential wrongdoing, and that it has turned over the facts uncovered during that investigation in a timely way to our prosecutors.  In particular—and as I have said in other contexts over the last year—it is important that cooperating companies identify the culpable individuals.  Prosecuting individuals for their criminal wrongdoing, including for health care fraud, is a top priority for the Criminal Division.

We hope to see more corporations in the health care industry choosing to cooperate with government investigations in the future.  As in other areas, however, we will not sit back and rely upon corporate cooperation to make our cases.  While we encourage companies to cooperate with our investigations, we cannot require it and we will move forward without it.  We are increasingly applying traditional investigative techniques—including undercover officers, informants with body wires, bugs in offices, hidden cameras, GPS trackers and many other law enforcement tools—in health care fraud cases, including corporate health care fraud investigations.

Now let me briefly switch gears before I close.  I’ve talked about our health care fraud investigations and prosecutions, but I would like to address another way that your corporate clients might interact with the Criminal Division, and that is in the area of cybersecurity.  As you likely are aware, criminal attacks are the number-one cause of health care data breaches.  As the repositories of vast amounts of personal identifying patient information, health care companies are increasingly targeted by hackers and cyber thieves from around the globe.  And, we would like to work with you and your corporate clients to combat this growing problem.

In December, I announced the creation of the Cybersecurity Unit within our Computer Crime and Intellectual Property Section.  Responsible for a variety of efforts we are undertaking to enhance public and private cybersecurity, the Cybersecurity Unit is focusing the Criminal Division’s unique legal expertise and investigatory experience to help prevent data breaches before they occur.  As part of their mission, prosecutors from the Unit are actively engaging with the private sector and the public to address legal challenges related to cybersecurity.

We cannot do this alone or in a vacuum.  The Cybersecurity Unit would like to partner with your clients, and to engage in a mutual exchange of ideas and experiences.  In that regard, two weeks ago we hosted the first of what I hope to be many Cybersecurity Industry Roundtables to facilitate a cooperative relationship with the private sector.  As we learn lessons from our investigations into data breaches in the health care and related industries, our Cybersecurity Unit will work to convey those lessons back to affected industries.  And we are constantly looking to identify ways to protect this critical medical data and remove impediments to effective cybersecurity practices.

We also released new guidance providing best practices—in our view—for victims and potential victims to mitigate the risk of data breaches, before, during and after cyberattacks and intrusions.  The guidance is built on our experience prosecuting and investigating cybercrime, and incorporates knowledge and input from private sector entities that have managed cyber incidents.  It is a living document, which we will continue to update, and I recommend it to you and your clients.  The guidance document is accessible on the Criminal Division’s website.

The Cybersecurity Unit is also participating with other U.S. government agencies and private companies in cyber incident response simulations to increase coordination and enhance our response capabilities.  We are working with corporate counsel from various industries to address legal issues surrounding network defense and the response to cyber breaches.  And, we are encouraging companies to come forward, to report cyber breaches and to work with us in responding to them.

This is all to say that I invite you and your clients to join this collaborative effort.  I look forward to opportunities to hear thoughts and feedback from you and your clients on key cybersecurity issues and where the department and law enforcement can play key roles in the days ahead.

Thank you for inviting me to speak with you all today, especially on this milestone anniversary. 

I hope that you find the remainder of the conference informative, and I look forward to addressing any questions that you might have.