Health-Care Employers Must Strengthen Internal Compliance Programs to Respond to DOJ and SEC Enforcement Initiatives

By Miles O. Indest


This article is a winning entry in the 2016 Bloomberg Law Write-On Competition for law students written by Miles O. Indest. He is a J.D./M.B.A. candidate who will graduate in May from Tulane University Law School and the Freeman School of Business. He has served three years as a member of Tulane Law Review and currently serves as the Writing Skills Chair of Tulane Moot Court. He can be reached at 504-810-5912 or

Health-care organizations, physicians, and counsel should carefully reflect on the year 2015 and its health-care fraud and abuse policy implications moving forward. Several important enforcement actions and policy announcements demonstrated the necessity of increasing attention to internal compliance programs, including self-policing and reporting to regulators.

First, the U.S. Department of Justice (DOJ) issued a memorandum requiring its prosecutors to identify and prioritize the criminal accountability of individual executives and employees in corporate misconduct cases. Under the policy, corporations must disclose all relevant facts about individual misconduct to be eligible for cooperation credit.

Second, the DOJ's stated enforcement priorities against certain health-care fraud schemes indicated that a company may benefit from an internal compliance program with similar priorities.

Third, the increased publicity of whistleblower awards under the Dodd-Frank Wall Street Reform and Protection Act (Dodd-Frank) for disclosure of securities law violations will likely have an impact on publicly traded health-care companies.

DOJ Yates Memo Emphasizes Individual Accountability for Corporate Wrongdoing

On Sept. 9, 2015, DOJ Deputy Attorney General Sally Yates issued a memorandum emphasizing increased attention to individual criminal accountability for corporate wrongdoing. The Yates memo outlined six measures to strengthen the DOJ's pursuit of individuals engaged in fraud, two of the most important being:

(1) to be eligible for any cooperation credit, corporations must provide the DOJ with all relevant facts about the individuals involved in corporate misconduct; and

(2) absent extraordinary circumstances, no resolution of allegations asserted against a corporation will be allowed to provide protection from criminal or civil liability for any individuals.


These two measures emphasize the importance of internal reporting and self-policing for health-care organizations.

First, health-care entities will want to ensure that they receive a cooperation credit, causing them to conduct internal investigations and separate themselves from individual wrongdoers. On October 22, 2015, at the 16th Pharmaceutical Compliance Congress and Best Practices Forum in Washington, D.C., DOJ Principal Deputy Assistant Attorney General Benjamin C. Mizer discussed the applicability of the Yates memo to health-care fraud. Mizer emphasized: “in order to qualify for the reduced multiples provision under the False Claims Act, the organization must voluntarily identify any culpable individuals and provide all material facts about those individuals.”1 Accordingly, a strong internal reporting and compliance program will allow health-care corporations to proactively and thoroughly provide the DOJ with relevant facts regarding individuals involved in corporate wrongdoing.

Second, hospitals, nursing home chains, and other health-care entities that settle with the government will no longer automatically get a “pass” from criminal prosecution for their employees. Health-care corporate counsel “may need to hire separate attorneys to represent individual employees during [DOJ]-led civil and criminal investigations and litigation.”2

Employers will not only bear the costs of providing independent counsel for the alleged wrongdoers, but also expend additional resources conducting investigations of those wrongdoers to earn cooperation credit. Health-care organizations have the incentive to avoid these increased costs of possible fraudulent activities by proactively deterring them through greater internal reporting and self-policing efforts.

Health-Care Organizations Should Heed DOJ’s Emphasis on Prosecution of Health-care Fraud

Fraud and abuse enforcement is one of the most significant health law issues for 2016. In September 2015, at the American Health Lawyers Association annual conference, DOJ Civil Division Deputy Assistance Attorney General Joyce Branda discussed the DOJ's enforcement priorities regarding:

(1) allegations of artificially inflated Medicare Advantage plan risk scores to qualify for higher payments;

(2) allegations of hospice providers falsely certifying individuals for hospice care; and

(3) allegations of Stark Law violations (e.g. arrangements where physician compensation exceeds the fair market value of performed services or is dependent on “volume or value” of their referrals).3


According to a DOJ press release issued on January 8, 2016, the DOJ collected approximately $1.9 billion in fiscal year 2015 solely from settlements and judgments in cases that involved allegations of health-care fraud. Although lower than some prior years, this reflects a continued focus by federal enforcement officials in this area.

With the DOJ emphasizing these enforcement priorities, health-care companies and corporate counsel should similarly focus their efforts on mitigating possible violations in these areas through internal reporting and compliance programs. As Gary W. Herschman, a partner with law firm Epstein Becker & Green PC stated, “There are so many ambiguities in the Stark law and Anti-Kickback Statute (AKS) that even health-care facilities and companies that think they are compliant may be targets for major compliance and False Claims Act (FCA) exposures.”4 Health-care employers must implement mandatory training for management on these specific violations and written procedures for reviewing compliance concerns. Employers can offer heightened rewards and incentives for internal reports regarding Medicare fraud or Stark Law violations. These organizations should also communicate their commitment to anti-retaliation protection to motivate employees to come forward.

Increased Publicity for Dodd-Frank Act Whistleblower Awards

In 2015, the health-care sector accounted for 45% of initial public offerings (IPOs) in the United States, more than any other sector.5 While the False Claims Act provides the main legal authorization for whistleblowers to report health-care fraud against the government, the Dodd-Frank Act provides a separate mechanism for promoting whistleblower activities, when the fraud affects investors.6 Publicly traded health-care companies must have a reliable internal reporting and compliance program taking into account at least two different types of whistleblowing.

Under the Dodd-Frank Act, whistleblowers who provide the Securities and Exchange Commission (SEC) with original information regarding a securities law violation that leads to a successful enforcement action may receive large bounty awards.7 These whistleblowers are protected from retaliation by their employers, in connection with certain types of reporting activities.

Publicly traded health-care companies should be just as concerned with Dodd-Frank whistleblowers as they are with False Claims Act whistleblowers, if not more so. Health-care corporations are not immune from its executives committing offering fraud, insider trading, or earnings manipulation. Covering up health-care fraud or whistleblower complaints might also constitute a Dodd-Frank violation if it deceives shareholders or artificially inflates share prices.

Notably, the 2015 Dodd-Frank Whistleblower Program annual report revealed that approximately 80% of award recipients who were current or former employees had “raised their concerns internally to their supervisors or compliance personnel, or understood that [they] knew of the violations, before reporting their information of wrongdoing to the [SEC].”8 With 80% of award recipients first reporting their concerns internally, a strong internal reporting and compliance program can mitigate the risk of an employee subsequently reporting the violations directly to the SEC. Health-care organizations can self-police and take action against individual employees involved in securities fraud, strengthening their case for the cooperation credit and DOJ leniency discussed above.


Health-care companies must proactively strengthen their internal reporting and compliance programs to ensure that they deter and mitigate fraud within their organizations. In 2015, DOJ and SEC actions emphasized their commitment to investigating fraud and punishing wrongdoing fully. Moving forward, health-care providers and corporate counsel must view their compliance programs as more of an asset than an expense, winning greater respect from employees, ensuring protection of the organization's assets, and protecting against a decrease in shareholder value.

1 Benjamin C. Mizer, Principal Deputy Assistant Attorney General, DOJ, Remarks at the 16th Pharmaceutical Compliance Congress and Best Practices Forum (Oct. 22, 2015),

2 Joyce E. Cutler, Healthcare Employees May Need Own Lawyers in DOJ Cases, 25 Health L. Rep. (BNA) No. 5, at 157 (Feb. 4, 2016).

3 Hope Foster et al., Health Care Enforcement in 2016: A Look Back on 2015 and Forecasting the Year Ahead, Mintz Levin (Jan. 2016).

4 Mary Anne Pazanowski & Matthew Loughran, Provider Realignment, Fraud and Abuse Head 2016 Top Ten List, 25 Health L. Rep. (BNA) No. 1, at 5 (Jan. 7, 2016).

5 EY Global IPO Trends 2015 4Q, Ernst & Young (2015).

6 Pub. L. No. 111-203, 124 Stat. 1376 (2010).

7 15 U.S.C. §78u-6(b) (2010).

8 SEC, 2015 Ann. Rep. To Congress On Dodd-Frank Whistleblower Program (2015).


2016 Bloomberg Law Write-On Competition

For the second year in a row, Bloomberg BNA invited law students from schools around the country to submit original articles, the best of which would be published in selected Bloomberg BNA Law Reports. Entries were evaluated by our editorial team based on accuracy, depth of analysis, writing style and usefulness to our audience. The winning articles will appear during the month of April in 10 Bloomberg BNA publications and on Bloomberg Law.