Last month, two federal courts unsealed False Claims Act complaints that were filed not by people with direct knowledge of wrongdoing, but by a company that explored publicly available data for the purpose of generating potential fraud allegations. The company developed its fraud theories against the defendants “by employing unique algorithms and statistical processes to analyze inpatient claims data” from the Medicare program. It alleged that the data established that the defendants were using certain procedure codes to improperly inflate the reimbursement they received. The company filed federal whistleblower lawsuits, claiming that the defendants fraudulently upcoded more than $61 million in one case, and $188 million in another.
This approach is an example of a new wave of qui tam litigation—combing through claims data to identify potential indicators of fraud. For example, in 2015 nearly 500 hospitals settled claims related to cardiac devices whose billing relators identified as allegedly fraudulent based on data analysis. In the health care industry, we can expect to see whistleblower lawyers and data prospecting experts troll through the increasing amount of available health claims data to develop false claims theories even though they have not had any dealings whatsoever with the potential defendants. This corresponds to government initiatives as well. For example, in 2017 the Department of Justice Criminal Division’s Health Care Fraud Unit announced the launch of a “data analytics team” aimed at both identifying fraud and helping with current prosecutions. The Department of Justice has also “taken historic new steps to go after fraudsters, including … leveraging the power of data analytics.” Similarly, the Department of Health and Human Services Office of Inspector General encourages state governments to use data mining to identify potential Medicaid fraud.
From a litigation perspective, we will watch to see how these cases play out under the False Claims Act’s public disclosure bar, which prohibits relators from filing qui tam suits based on “substantially the same allegations or transactions” that were publicly disclosed in a government “report.” The Supreme Court has construed “report” broadly to include “something that gives information or a notification.” As a result, some lower courts have concluded that information published online by the government—including “CMS data files”—can trigger the public disclosure bar. This could hinder or prevent opportunistic False Claims Act cases that are based solely on data prospecting.
As a practical matter, health care organizations should remain diligent in reviewing their own data to identify—and fix—potential issues as part of their internal compliance and auditing functions. The government expects sophisticated companies to do this. With the widespread adoption of electronic health record and claims platforms, they can often spot the same kinds of trends and patterns the data-prospecting whistleblowers are basing their cases on. By doing so, they can improve potentially noncompliant processes and prevent opportunistic actions. Companies should consider (1) taking corrective actions if there is not a legitimate explanation for possible outliers and (2) enhancing documentation, coding, and billing processes to ensure more reliable revenue capture and retention. Our regulatory and compliance teams have substantial experience in helping to design such data analysis efforts.
 Schindler Elevator Corp. v. United States ex rel. Kirk, 563 U.S. 401, 407 (2011) (internal quotation marks omitted).