The new frontier of fraud, waste and abuse: COVID-related misconduct enforcement trends

March 27, 2023 - Although the federal COVID-19 Public Health Emergency (the "PHE") is set to end on May 11, 2023, the same cannot be said for related legal and regulatory risks related to pandemic relief funding, which appear likely to ramp up. Since the onset of the PHE in January 2020, the federal government has rapidly distributed about $5 trillion in pandemic relief programs, including Medicare's Advance Payment Program, the Provider Relief Fund, and the Paycheck Protection Program (the "PPP").

Now that the most immediate pandemic-related threats have abated, the U.S. Department of Justice ("DOJ"), private litigants, state attorneys general ("AGs"), and Congress are increasingly focused on identifying and punishing fraud arising out of the alleged misuse of these funds. The Biden administration put this issue front and center on March 2, 2023, by releasing a proposal to spend $1.6 billion to address pandemic-related fraud.

As we'll discuss, companies that have received such funds should be prepared to demonstrate that those funds were used appropriately and should consider whether and how to take corrective actions if there are outstanding questions regarding the use of such funds. For investors, this means being attuned to such risks in connection with both new and existing investments.

Government enforcement of COVID-related misconduct

Efforts to combat COVID-related fraud, waste, and abuse started as soon as relief money started flowing. Since the start of the pandemic, there have been over 1,000 criminal fraud convictions, with hundreds still pending. DOJ has allocated substantial resources towards these issues, including a multi-agency COVID-19 Fraud Enforcement Task Force and three "Strike Force" teams.

In August 2022, President Biden signed two bipartisan bills into law extending the statute of limitations related to PPP and COVID-19 Economic Injury Disaster Loan ("EIDL") fraud from five years to 10 years — meaning DOJ and other federal agencies have more time to investigate and pursue cases. The Biden administration's new initiative would enhance these measures by, among other things, tripling the number of DOJ strike forces addressing pandemic fraud and extending the statute of limitations for "serious, systemic pandemic fraud."

The False Claims Act

As DOJ's primary tool for combating alleged health care-related fraud, the False Claims Act (the "FCA") is a source of the greatest potential exposure for companies and their investors. It imposes civil penalties for knowingly (or with reckless disregard) submitting or causing others to submit false records, statements, or claims for payment to the federal government. The FCA may also apply where an entity wrongfully conceals or fails to return an overpayment.

FCA actions may be brought either by a private individual with nonpublic information about alleged misconduct or by DOJ itself. Private plaintiffs ("relators") are incentivized to bring FCA lawsuits on behalf of the government ("qui tam actions") because they will receive a significant share of any monetary recovery.

After a relator brings a suit, that suit remains under seal while the government investigates and decides whether to take part in the suit. If the government (or a relator acting on behalf of the government) prevails in an FCA action, the government can potentially recover treble damages and statutory fines of $25,000 per violation. FCA suits can remain under seal for months or years while the government investigation proceeds, rendering the scope of pandemic-related exposure difficult to discern. Accordingly, a company may be subject to an FCA action right now and still not know it.

The FCA is increasingly being used to combat pandemic-related fraud.

• In April 2022, Physician Partners of America LLC, its founder, and its former chief medical officer agreed to pay $24.5 million to resolve allegations that they violated the FCA by billing federal health care programs for unnecessary medical testing and services, paying unlawful remuneration to their physician employees, and making a false statement in connection with a loan obtained through the Small Business Administration's (the "SBA's") PPP. DOJ alleged that the company had represented to SBA that it was not engaged in unlawful activity in order to obtain a $5.9 million PPP loan — despite the fact that it was violating the FCA by instructing its physician employees to schedule unnecessary appointments and use inflated procedure codes.

• In September 2022, a federal jury convicted the president of a Silicon Valley-based medical technology company of misleading investors, committing health care fraud, and paying illegal kickbacks in connection with submitting over $77 million in false and fraudulent claims for COVID-19 and allergy testing. Through a deceptive marketing scheme that flourished during the pandemic, the president of Arrayit Corporation falsely claimed that the company had a COVID-19 test and that it was more accurate than a PCR test.

• Also, in September 2022, DOJ obtained its first-ever FCA settlement with a lender to resolve allegations that the bank processed a PPP loan on behalf of a customer it knew was ineligible.

• In February 2023, three California companies agreed to pay $530,000 to settle allegations that they knowingly violated the FCA by receiving and retaining more than one PPP loan prior to Dec. 31, 2020, in violation of PPP rules.

These are just a few of the dozens of public FCA claims brought in connection with pandemic relief funds. Any company that obtained pandemic relief funds for which it was not eligible or used funds for unauthorized purposes may be (depending on the circumstances) at risk of being targeted in an FCA action.

State-based enforcement

The majority of states have their own state-based analogs to the FCA, which allows relators to bring claims on behalf of the state. For example, in November 2022, New York Attorney General Letitia James filed a lawsuit against a nursing home in New York for allegedly diverting Medicaid and Medicare funds intended to support staffing and patient care to other companies under the control of the nursing home's owners. Management also allegedly sought to conceal positive cases of COVID-19 and either delayed or entirely neglected quarantine protocols.

Certain states have also enacted new laws aimed specifically at combatting COVID-related fraud. For example, New York has passed two laws increasing the penalties for fraud committed during a state of emergency — and the reward for a relator who brings a successful private action.

Congressional oversight

Congress has been increasing its focus on uncovering fraud, waste, and abuse in federal pandemic spending. The House Select Subcommittee on the Coronavirus Crisis, which was established on April 23, 2020, has been investigating the effectiveness, efficiency, and equity of the nation's response to the COVID-19 pandemic.

Through the issuance of investigative reports, other disclosures, hearings, and briefings, the Select Subcommittee has highlighted deficiencies in the government's administration of these federal relief programs. As the new Congress gets up and running, members of both political parties may see political advantage in holding sensationalist hearings regarding the use or misuse of pandemic funds.

For companies and their executives, congressional hearings can have high stakes because they create both a risk of adverse publicity and a perjury trap, i.e., members of Congress may ask hostile questions with the aim of trying to trip up a disfavored executive with the hopes that he or she will later be prosecuted for lying to Congress. Because congressional investigations can arise quickly, companies should be prepared to respond quickly and should not wait to receive a subpoena or request for information to begin working with counsel to prepare.

Takeaways

As the government continues to expand its focus on COVID-related fraud, entities that received pandemic relief aid should consider the following action items:

• Proactively conduct internal due diligence to ensure pandemic-related funds were appropriately received, used, and documented. With the passage of time, it will only become more challenging to reconstruct these facts;

• Implement and maintain an effective compliance program that includes policies and procedures, a monitoring and reporting system, risk management and auditing procedures, and training;

• Maintain effective recordkeeping procedures, including documentation of all funding; and

• Develop a media-response strategy.

Given the scope of potential liability for pandemic-related fraud, it is prudent to consider implementing the above steps long before an investigation or lawsuit is on the horizon. If a company is concerned that it cannot properly document use of certain funds — or is aware of affirmative misuse — it should consult counsel and discuss what corrective measures, if any, should be taken. In some circumstances, proactively reporting unlawful conduct and/or returning improperly obtained or misused funds may serve as a significant mitigating factor or potentially relieve liability altogether.

Additional Debevoise lawyers who contributed to this article include Mark Goodman, Jacob Stahl, and Hannah Levine.