FCA Enforcement & Compliance Digest — Winter 2025 False Claims Act Newsletter

In this Winter 2025 edition, we cover:

1. Enforcement Trends: DOJ reports nearly $3 billion in FCA recoveries for FY 2024, and EOs signal use of FCA to enforce Trump policies. Also, McKinsey settlement marks first time management consulting firm held criminally responsible for advice to client, and potentially signals new area of FCA liability.
2. Litigation Developments: First circuit joins sixth and eighth circuits in adopting heightened, but-for causation standard for AKS-based FCA claims brought under 2010 amendment.
3. Compliance Corner: Hospital under the DOJ scalpel: lessons from the indictment of a hospital illustrate importance of effective compliance and oversight.
4. ICYMI: Florida Surgeon Who Saved Rapper 50 Cent’s Life Is Sentenced to Seven Years Imprisonment for Fraudulent Insurance Billing

1. Enforcement Trends

DOJ Reports Nearly $3 Billion in FCA Recoveries for FY 2024, and EOs Signal Use of FCA to Enforce Trump Policies

In Fiscal Year 2024, the US Department of Justice (DOJ) recovered $2.9 billion from 558 FCA settlements and judgments. “The Department places a high priority on fighting fraud and abuse in federal programs,” said Principal Deputy Assistant Attorney General Brian Boynton, head of the Justice Department’s Civil Division. “The results announced today highlight once again that such conduct will not be tolerated, and that those who knowingly misuse taxpayer funds will be held accountable.”

Health care fraud matters remained the leading source of FCA settlements and judgments, with over $1.67 billion in recoveries from managed care providers, hospitals, and other medical facilities, pharmacies, pharmaceutical companies, laboratories, physicians, and others in the health care industry. Under the umbrella of health care fraud, the DOJ pursued matters relating to the opioid epidemic, unnecessary services and substandard care, Medicare Advantage, and unlawful kickbacks and Stark Law violations.

The DOJ also achieved significant recoveries from pandemic fraud matters. During the COVID-19 pandemic, US Congress authorized several trillions of dollars of direct, emergency assistance to individuals and small businesses. Since then, the DOJ has conducted hundreds of investigations on its own and in response to whistleblower complaints involving improper payments under the Paycheck Protection Program (PPP), as well as fraud relating to COVID-19 testing and treatment. In FY 2024, the DOJ obtained more than 250 FCA settlements and judgments resolving allegations of pandemic-related fraud — nearly half of all settlements and judgments for the entire fiscal year — totaling more than $250 million.

The DOJ also continues to pursue government procurement fraud, including a $428 million settlement with Raytheon Company to resolve allegations that the defense contractor knowingly double-billed on a weapons maintenance contract and provided false cost and pricing data when negotiating several contracts with the US Department of Defense. This settlement represents the second largest government procurement fraud recovery in the history of FCA enforcement.

Looking forward to 2025, many are asking whether the new Administration will remain focused on FCA enforcement. At the Federal Bar Association’s Qui Tam Conference, Michael Granston, deputy assistant attorney general in the DOJ Civil Division’s Commercial Litigation Branch, emphasized that consistent with the Trump Administration’s focus on government efficiency and elimination of fraud and waste, DOJ will continue “aggressively” enforcing the FCA. “The department wants to make clear — consistent with the new administration’s stated focus on achieving governmental efficiency and rooting out waste, fraud and abuse — that the department plans to continue to aggressively enforce the False Claims Act.”

In addition, Trump’s executive orders (EOs) signal the use of the FCA to enforce policies against diversity, equity, and inclusion (DEI) and gender-affirming care. Executive Order 14173, “Ending Illegal Discrimination and Restoring Merit-Based Opportunity,” directs federal agencies and government contractors to end “illegal preferences and discrimination,” which may include “illegal DEI.” The EO expressly references the FCA, requiring that grant recipients “agree that its compliance in all respects with all applicable Federal anti-discrimination laws is material to the government’s payment decisions for purposes of section 3729(b)(4) of title 31, United States Code.” The EO also directs agencies to include a term in grant awards requiring the grant recipient to “certify that it does not operate any programs promoting DEI that violate any applicable Federal anti-discrimination laws.” To the extent that government contractors, nonprofits, and other recipients of federal funds certify compliance with federal laws in exchange for receipt of federal funding, they could be exposed to FCA liability if they have not taken steps to eliminate DEI practices in compliance with the EO.

Likewise, Executive Order 14187, “Protecting Children from Chemical and Surgical Mutilation,” directs agencies issuing federal grants to “take all appropriate steps to ensure” that grant recipients end gender-affirming care for minors. The EO also directs agencies administering federal healthcare programs to promulgate changes aimed at ending gender-affirming care for minors, including modifying Medicare or Medicaid conditions of participation and restricting coverage for such services by federal health care programs. The EO directs DOJ to prioritize enforcement of the policy and instructs the US Secretary of Health and Human Services in consultation with the Attorney General to “issue new guidance protecting whistleblowers who take action related to ensuring compliance with this order.” Although it remains to be seen what the new regulations will require, the EO sets the stage for FCA enforcement.

And the Fox Says… The DOJ had another historic year of FCA enforcement. Traditional areas of FCA enforcement like health care fraud and government procurement fraud are likely to remain top priorities for DOJ in 2025. We will also continue to see enforcement of pandemic fraud and cybersecurity fraud, as well as use of the FCA to enforce the new Administration’s anti-DEI measures and anti-transgender policies.

McKinsey Settlement Marks First Time Management Consulting Firm Held Criminally Responsible for Advice to Client and Potentially Signals New Area of FCA Liability

Global management consulting firm McKinsey & Company, Inc. recently agreed to pay $650 million to end criminal and civil investigations relating to their work for Purdue Pharma L.P. — the first time a management consulting firm has been found criminally liable for conduct resulting from advice given by the firm. As part of the settlement, McKinsey agreed to pay over $323 million to resolve FCA liability, on the theory that McKinsey provided advice to Purdue that caused the submission of false claims to federal health care programs for prescriptions of OxyContin. The FCA settlement leaves many wondering whether this is just the beginning of DOJ’s use of the FCA’s “cause to be submitted” prong to target consultants and other non-traditional third parties.

Although McKinsey itself did not submit false claims, the government alleged McKinsey was liable under the “cause to be submitted” prong of the FCA, which creates third-party FCA liability where (1) the third party’s conduct was a substantial factor in inducing providers to submit claims and (2) the submission of claims was reasonably foreseeable or a natural consequence of the third party’s conduct. According to the government, between January 2013 and May 2014, McKinsey advised Purdue to “turbocharge” its marketing of OxyContin and increase sales by targeting “High Value Prescribers,” i.e. certain prescribers who were already prescribing large quantities of the opioid. The government further claimed that McKinsey advised on marketing schemes and provided general consulting services despite knowing of the opioid crises, and when they learned that states were investigating Purdue, McKinsey partners contemplated deletion of documents and emails. The government also alleged that from November 2014 through September 2017, McKinsey knowingly mislead the US Food and Drug Administration (FDA) when it failed to disclose conflicts of interest pertaining to McKinsey’s concurrent consulting for Purdue and FDA.

As part of the FCA settlement, McKinsey entered into a rigorous, five-year Corporate Integrity Agreement (CIA) with the US Department of Health and Human Services Office of the Inspector General (OIG) – OIG’s first ever CIA with a management consulting firm. The CIA requires McKinsey to establish a robust risk evaluation process, engage in a Quality Review Program to ensure McKinsey’s advice to high-risk life sciences and health care clients complies with applicable laws, and to employ an independent Compliance Expert to review and audit the advice provided in high-risk engagements.

Given the devastating loss of life resulting from the opioid epidemic and the DOJ’s use of the FCA to hold accountable health care providers and companies that contributed to (and profited from) the crisis, it is not surprising that the government targeted McKinsey for the role it played. It remains to be seen whether the DOJ will continue to use the “cause to be submitted” prong of the FCA to go after other consulting firms or “third-party” entities whose clients provide goods or services reimbursed by federal dollars. Speaking at the Federal Bar Association’s annual Qui Tam Conference, a senior prosecutor advised that he does not anticipate a “huge wave” of FCA enforcement cases brought against consulting firms, and highlighted the unique circumstances of this case. Assistant United States Attorney Brian LaMacchia, chief of the Affirmative Civil Enforcement Unit at the Massachusetts US Attorney’s Office, noted the lengthy relationship between McKinsey and Purdue, as well as McKinsey’s recommendation that Purdue “turbocharge” the sale and marketing of OxyContin, despite McKinsey’s awareness of the risks of over-prescription.

Nonetheless, this case illustrates that the DOJ will not hesitate to seek FCA liability against non-traditional or third-party entities under the right circumstances, and these cases can result in some of the highest settlement values despite mitigating factors. Indeed, in the McKinsey settlement of the FCA claims, the DOJ recognized the cooperation credit McKinsey received for taking what the DOJ characterized as “extensive remedial measures,” which included proactive and collaborative efforts with the DOJ throughout the investigation, voluntarily ceasing all opioid-specific business in 2019, and hiring a new chief legal counsel and chief ethics and compliance officer — two requirements later included in the CIA.

And the Fox Says… Organizations and consultants operating in high-risk industries like health care or pharmaceutical or device manufacturing should proceed with caution, particularly when advising clients who seek government reimbursements. Where non-compliance is suspected, it is important to be proactive. Taking steps to implement legal and regulatory compliance units preemptively, and strategically cooperating with an investigative body can help limit exposure.

2. Litigation Developments

First Circuit Joins Sixth and Eighth Circuits in Adopting Heightened, But-For Causation Standard for AKS-Based FCA Claims Brought Under 2010 Amendment

On February 18, the US Court of Appeals for the First Circuit became the latest court to agree that the Anti-Kickback Statute (AKS) requires proof of but-for causation to generate a per se FCA violation. In so doing, the First Circuit rejected the government’s claim that Medicare claims following an alleged AKS violation necessarily result from the alleged kickback, regardless of whether those claims would have been made even in the absence of the alleged inducement at issue in the case.

By way of background, the government alleged that Regeneron Pharmaceuticals, Inc. knowingly induced prescriptions of Eylea, a drug approved for treating neovascular age-related macular degeneration, by covering copayments for certain patients who received the drug. At the district court level, the parties filed cross-motions for summary judgment, with the government arguing that the facts established causation as a matter of law, while Regeneron argued that the government could not meet its burden to establish causation as a matter of law.

The district court denied both motions, agreeing with Regeneron that but-for causation was the appropriate standard, but also holding that there were genuine disputes of material fact precluding summary judgment as to causation. The district court, followed by the First Circuit, granted permission to hear the question of the proper application of the causation standard on an interlocutory basis.

The First Circuit affirmed, agreeing with Regeneron that “a claim only ‘result[s] from’ an AKS violation if it includes ‘items or services’ that would not have been paid for by the government absent the AKS violation.” “Put differently,” the First Circuit continued, “an AKS violation must be a but-for cause of the challenged claim,” and so, “if a doctor would have purchased (and sought reimbursement for) Eylea anyway, then the subsequent Medicare claim cannot have ‘result[ed] from’ Regeneron’s allegedly illicit payments.” Of note, the court specifically acknowledged that it may be “difficult” to “prove why a doctor prescribed a particular drug,” but rejected that rationale as a basis for applying a standard different than but-for causation, observing that “the same could be said about the requirement to prove other elements of a successful action under the FCA, such as scienter.”

Looking forward, it is important to consider the statutory backdrop for the First Circuit’s ruling. Before 2010, the government often claimed that an AKS violation led to an FCA violation under what’s known as a “false certification” theory, e.g., a drug manufacturer falsely represented compliance with the AKS on a federal form, which generated a false claim. In 2010, Congress passed the amendment that set forth the language that was the subject of the First Circuit’s ruling — any claim “resulting from” an AKS violation constitutes a false claim under the FCA.

And the Fox Says… The First Circuit’s ruling narrows the scope of liability for claims under the 2010 amendment, but it does not eliminate the possibility of clams brought under the pre-2010 “false certification theory.” In other words, the government can still bring its false certification claims — those do not require proof of causation but do require proof of a false representation of AKS compliance on a federal agency form, as well as a showing of materiality. The government can bring claims under the 2010 amendment, which require proof of but-for causation, but they do not require proof of a false representation or a showing of materiality.

3. Compliance Corner

Hospital Under the DOJ Scalpel: Lessons From the Indictment of a Hospital Illustrate Importance of Effective Compliance and Oversight

In January 2025, the DOJ issued a rare criminal indictment against Chesapeake Regional Medical Center (CRMC) for health care fraud and conspiracy to defraud the United States. The DOJ claims CRMC knowingly profited from the serious crimes of a physician who had privileges at the hospital for 35 years, despite the physician’s checkered past.

USA v. Chesapeake Regional Medical Center Allegations

The indictment centers on CRMC’s association with Dr. Javaid Perwaiz, who had privileges at the hospital from 1984 until his arrest in 2019. Despite knowing of the termination of Perwaiz’ privileges at another hospital related to the performance medically unnecessary surgeries, as well as two felony convictions in 1996, CRMC continued to grant Perwaiz privileges. CRMC also allegedly knowingly disregarded patient care in permitting Perwaiz to continue performing unnecessary surgeries. CRMC is accused of collaborating with Perwaiz to obtain reimbursements for unauthorized treatments, including surgeries without proper documentation, sterilizations without timely consent, and unnecessary medical procedures. Perwaiz is said to have performed unwarranted hysterectomies and induced early labor without medical necessity, defrauding insurers like Medicare and Medicaid.

Perwaiz also allegedly scheduled deliveries at CRMC to coincide with his surgical schedule, using falsified documents to misrepresent gestational ages. A 2019 review of CRMC obstetrics forms documenting gestational ages in order to schedule inductions revealed that 64% of forms for Medicaid patients were altered, leading to a rate of 39% of early inductions that were not medically necessary. Despite awareness of these discrepancies, CRMC continued to grant Perwaiz privileges and CRMC staff reportedly allowed the practices to continue, even billing for them. When insurers denied outpatient procedure reimbursements, CRMC sought payments directly from patients.

CRMC is accused of ignoring red flags, including manipulating medical records, and prioritizing financial gain over patient safety. The indictment suggests CRMC conspired with Perwaiz to defraud federal health programs, allegedly receiving about $18.5 million in reimbursements from 2010 to 2019 for his procedures.

Key Takeaways For Enhancing Health Care Provider’s Oversight

It is extremely rare for hospitals to be criminally prosecuted, as a guilty verdict on health care fraud-related charges will result in automatic exclusion from participation in the Federal health care programs, very likely leading to the closure of the hospital. The CRMC indictment puts hospitals on notice that they can be subject to criminal consequences for the criminal actions of credentialed medical staff coupled with the knowledge and intent factors. To mitigate risks of health care fraud enforcement, hospitals and other health care facilities should ensure they have an effective compliance program, which includes appropriate processes and policies to identify and respond to relationships with high-risk practitioners. Such processes may include:

1. A Robust Credentialing Process

Identify Potential Concerns: It is crucial for hospitals to conduct thorough due diligence when credentialing health care providers. This includes scrutinizing previous malpractice claims, disciplinary actions, or inconsistent employment histories. The DOJ’s allegations against CRMC highlight the critical need for hospitals to be vigilant about such red flags. Despite being aware of Perwaiz’s prior termination and federal felony convictions, CRMC continued to grant him privileges and continued to profit off the surgeries he performed at the hospital. This case underscores the importance of having a proactive approach to credentialing to protect patients and maintain the health care facility’s integrity. Based on this case, hospitals should ensure their credentialing processes are robust enough to not only identify potential red flags in a physician’s past, but to also take steps to mitigate similar issues from happening at the physician’s new facility. In some instances, hospitals may need to deny a physician privileges altogether.

2. Auditing and Monitoring

Comprehensive Review: Implementing a robust auditing and monitoring system is essential to ensure ongoing quality and compliance for all health care providers and suppliers. For hospitals, regular auditing, and monitoring of physicians’ documentation, including billing and coding, and reviews of their case histories can identify anomalies or outliers, such as a high number of procedures deviating from standard medical practice, that may warrant further investigation. In the CRMC case, a 2019 review uncovered significant alterations in medical documentation, indicating fraudulent activity. This emphasizes the necessity for continuous monitoring to identify patterns of unethical behavior and ensure adherence to medical standards. A strong credentialing process will compliment these audits by identifying and proactively addressing a physician’s past practices and potential red flags or identifying areas for future monitoring.

3. Open Lines of Communication

Transparency and Accountability: Establishing clear reporting mechanisms is vital for fostering transparency and accountability in health care. This includes creating safe channels for staff and patients to report concerns or irregularities and importantly investigating reported issues. The CRMC case shows the consequences of failing to address discrepancies, as employees reportedly allowed Perwaiz’s practices to continue despite being aware of them. A culture that encourages open communication and reporting of compliance concerns will mitigate risks associated with bad actors. Of course, any reports of potential non-compliance must also be investigated with appropriate corrective action taken to the extent concerns are raised through reporting channels.

Having a robust, effective compliance program will mitigate the risk of criminal and civil exposure for hospitals and other health care providers and suppliers. For hospitals, focusing on having effective credentialing, follow-up auditing and monitoring, and a culture that encourages reporting can help to ensure a safer and more compliant environment for all stakeholders.

And the Fox Says… USA v. Chesapeake Regional Medical Center demonstrates that, where there is a substantial risk of patient harm, DOJ may pursue criminal prosecutions of hospitals, despite the risk that doing so may result in the hospital being excluded from participation in federal health care programs and, ultimately, closed. It is crucial for hospitals and other health care providers to ensure they are taking proactive steps to detect potential issues, including patient harm issues, and where issues have been identified, taking appropriate corrective actions. For hospitals, an important risk mitigation strategy includes a thorough credentialling process that identifies all potential red flags with respect to physicians seeking privileges and appropriate processes for addressing any issues identified during credentialling.

4. In Case You Missed It

Our most popular blog post from the last quarter: Florida Surgeon Who Saved Rapper 50 Cent’s Life Is Sentenced to Seven Years Imprisonment for Fraudulent Insurance Billing.