Editor: Please tell us about your background.
Walther: I joined Jones Day in January of this year, having spent six years at the Department of Justice. At the DOJ, I served as a line prosecutor, then as a supervisor in the Criminal Division’s Fraud Section. I worked for two years as an assistant chief in the Foreign Corrupt Practices Act Unit, supervising its group of prosecutors; and, most recently, I served for two years as deputy chief in charge of its Health Care Fraud Unit, which is the largest unit of criminal healthcare fraud prosecutors in the country.
Editor: What are the latest enforcement trends in the healthcare industry?
Walther: There has been a lot of activity relating to enforcement of the Food, Drug, and Cosmetic Act, which has led to blockbuster settlements with pharmaceutical companies. These FDCA matters involve allegations of misbranding and off-label marketing, i.e., product uses that are not specifically authorized by the FDA. DOJ has also significantly bolstered its efforts to criminally prosecute medical professionals and clinic owners involved in intentional wrongdoing.
Another noteworthy trend is DOJ and the Department of Health and Human Services using data to more efficiently investigate and prosecute healthcare fraud. Whether they are investigating hospital services, home health agencies, hospice providers, or other types of medical services, this trend allows the government to collect and analyze extraordinary volumes of data, identify patterns and abnormalities, and then decide where to allocate the government’s scarce enforcement resources.
DOJ’s success in pursuing healthcare cases is typically measured by two metrics. First, on the criminal side, how many criminal charges were filed, who was convicted, and who was sent to jail? Second, on the civil side, what recoveries did the DOJ obtain? These two metrics are complimentary, and DOJ tries to balance the number of prosecutors focused on recoveries alone with the number of prosecutors tasked with building criminal cases and sending people to prison. Over the past three years, DOJ has succeeded in increasing the number of individuals prosecuted criminally while also increasing its high-dollar civil recoveries, the largest of which was the $3 billion resolution with GlaxoSmithKlein earlier this summer.
Editor: Do both technology and staff contribute to this strategic use of data?
Walther: Yes, both are important, but it is just as important to foster an environment where this information can be communicated across agencies, which is often the most difficult task.
Historically, one of the biggest problems in developing sophisticated data analytics has been money. Who is going to pay for the big computers that can absorb the reams of data coming into HHS every hour, then turn this data into something meaningful that can be used to identify badges of fraud? The government also needs to hire the right professional staff that can turn the output into something comprehensible that can be given to law enforcement agents or prosecutors who are generally not medical professionals.
All of this is occurring within Washington, DC, which means that even if one agency gets its hands on valuable data in a useable format, how and when will that information be shared? The main players are HHS’s Office of Inspector General, the Centers for Medicare and Medicaid Services (within HHS), DOJ’s Criminal Division, DOJ’s Civil Division, and the FBI. State healthcare fraud enforcement agencies also have a need for this kind of data. That’s a lot of agencies who need this information for the healthcare enforcement system to work effectively.
Editor: What are the latest trends in FCPA enforcement?
Walther: FCPA enforcement has remained robust in the last few years and has been a priority for Lanny Breuer, who is in charge of DOJ’s Criminal Division. The FBI has been dedicating more resources toward investigating FCPA offenses and DOJ has been getting smarter about how it investigates cases, often focusing on enforcement against entire industries, rather than individual companies. A recent example of this is DOJ’s efforts to pursue FCPA cases against pharmaceutical and medical device companies, which has led to several recent resolutions.
I think DOJ has also made some small efforts to moderate its position on how companies should be punished for violating the FCPA, particularly in light of the U.S. Chamber of Commerce’s efforts to weaken the FCPA legislatively. One example of this has involved corporate monitors. For years, DOJ has often insisted that companies resolving FCPA cases hire an independent compliance monitor to assess the company’s policies and procedures, figure out ways to improve them and, most importantly, make sure an effective compliance program is implemented. Companies routinely criticized this DOJ practice because hiring qualified monitors can be both expensive and intrusive.
More recently, DOJ has shown a willingness to allow companies to self-monitor. For example, both the J&J and Pfizer deferred prosecution agreements contained self-monitorship language.
Editor: In their recent FCPA settlements, how did J&J and Pfizer lessen the impact of prior violations by informing on their competitors?
Walther: One of the purposes of DOJ’s use of industry-wide investigations is to encourage each company to be the first one in the door to admit its own wrongdoing, then to tell DOJ everything it knows about its competitors who are also engaged in similar forms of wrongdoing. This type of tactic has been used in street crime cases for years. Prosecutors often arrest multiple people in a drug or violent crime investigation, then attempt to use each individual defendant against the others. This is exactly what’s happening in the pharma and medical device field and in all other industries that DOJ targets. Companies that are in the government’s crosshairs are expected to disclose their own wrongdoing, then cooperate and provide information about their competitors.
The language included in J&J’s deferred prosecution agreement illustrates this point. In assessing J&J’s cooperation, DOJ cited the fact that J&J assisted in the investigation of other companies as a basis for giving J&J a lesser punishment.
Editor: Is the healthcare industry particularly vulnerable to prosecution under the FCPA?
Walther: Yes. This is particularly true for pharmaceutical and medical device companies, which have an inordinately high number of government “touches,” or points of contact with government agencies and officials. The first step in assessing FCPA risk is to identify where your business directly or indirectly interacts with a government official. This includes not only traditional government officials, like cabinet-level officials or members of Congress or Parliament, but also anyone employed by a state-owned or state-run enterprise.
If you’re employed by a drug company and you visit a doctor to promote or educate her about your drug, you may be calling on a government official. Many doctors in China are employed by the state, for instance. When pharmaceutical and device companies conduct studies, they are also often interacting with government officials. So when you consider the sheer number of times that an employee of a pharmaceutical or medical device company interacts with a government official, it is easier to understand why those industries are being heavily scrutinized.
Editor: How may the new SEC whistleblower regulations affect FCPA enforcement?
Walther: The SEC’s whistleblower regulations encourage employees to report allegations of wrongdoing directly to the government by offering the whistleblower a percentage of any recovery the SEC ultimately receives. These regulations are based on the whistleblower successes that DOJ has enjoyed over the last several years, particularly in healthcare and defense procurement cases. The SEC’s relatively new FCPA Unit will surely use this new tool to encourage insiders to come directly to the SEC with allegations of FCPA misconduct. In any instances where the SEC believes there may be criminal wrongdoing, they will refer the case to DOJ. There is a well-developed plaintiffs’ bar that handles qui tam matters, and I know these attorneys are now turning their attention to this.
Editor: What proactive steps can companies take to minimize the impact of an FCPA investigation or enforcement action?
Walther: Most government attorneys realize that a company can take every reasonable step to prevent wrongdoing but ultimately is powerless if somebody really wants to break the law. So the most important step a company can take to minimize the impact of any investigation is to think preventatively and implement a reasonable and effective compliance program. If a company can demonstrate to the government that it has a thoughtful compliance program, that it trains its employees to comply with the law, and that it periodically tests its program, then those actions can go a long way to minimizing the impact of an enforcement action.
A recent example of this is the decision not to prosecute Morgan Stanley for the conduct of one of its executives in China. This executive pled guilty to violating the FCPA, but DOJ declined to prosecute Morgan Stanley because the company was able to show that it took reasonable steps to train its employees and identify potential wrongdoing. If a Wall Street bank can avoid prosecution when one of its executives admitted to breaking the law – in the current environment where banks are in the crosshairs of DOJ and other regulatory agencies – that bodes well for other companies that have effective compliance programs yet still find themselves as the subject of enforcement actions.
Editor: What is the purpose of the Health Care Fraud Prevention and Enforcement Action Team (HEAT)?
Walther: HEAT was created in 2009 as a DOJ-HHS partnership to more effectively address the significant healthcare fraud problem in government healthcare programs. Spending on all government-sponsored healthcare programs in 2011 was estimated at $984 billion. Fraud estimates range from 3 to 10 percent, but the General Accounting Office has used the 10 percent figure. This means that healthcare fraud in government-sponsored programs is a $98 billion problem, and it’s only going up as Baby Boomers hit Medicare eligibility and Medicaid spending increases.
DOJ and HHS understood that they needed to work together to address this fraud problem, so the idea behind HEAT was to create an action team co-chaired by Attorney General Holder and HHS Secretary Sebelius to make sure this was a priority for both agencies. Regions of the country that have been identified as “HEAT hotspots” and that have been a focus of DOJ and HHS enforcement efforts are starting to see HEAT’s deterrent effect. DOJ is investigating and prosecuting some sophisticated fraud rings and sending the message that healthcare criminals won’t get special treatment.
Editor: What impact has the Affordable Care Act had on healthcare enforcement?
Walther: During my time as chief of the Health Care Fraud Unit, I saw firsthand some of the ACA’s impacts, one of them being the enhanced penalties for people who violate the criminal healthcare laws. Judges are starting to hand down tougher sentences to healthcare criminals and this is due, at least in part, to ACA’s sentencing enhancements.
Another provision of ACA that enhanced the government’s enforcement efforts relates to HHS’s authority to suspend payments to providers suspected of fraud. Prior to the ACA, HHS’s standards and authorities governing when a payment suspension could be issued were murky. The ACA clarified these standards for HHS and stated that payments can be suspended when there are “credible allegations of fraud.”
Perhaps most importantly, the ACA provided money and direction to HHS to create a system for analyzing and sharing Medicare and Medicaid billing information more effectively. As a result, CMS has created a sophisticated data analytic tool called the Fraud Prevention System (or FPS) that can analyze an unbelievably large volume of claims and identify trends that may indicate fraud or negligent over-billing.
Editor: What strategies can companies employ to identify internal and external triggers to detect fraud or corruption problems early?
Walther: An effective compliance program requires knowing what types of services your company is providing all over the world. This is much more difficult than it sounds for large healthcare companies with complex U.S. and global operations. Companies can benefit by mimicking what the government is doing with respect to billing data and using that data to identify the types of services being provided and any abnormalities in the data. Hospital systems that provide thousands of different services every day are a great example. Most systems have people who make sure bills are properly coded and submitted for payment, but that data is not used proactively by anyone in the legal department or those involved in the compliance function to determine whether there is any information imbedded in that data that may warrant an investigation or at least a few questions.