HIPAA As a Basis for FCA Liability? One Court Says Yes
Until very recently, no case existed in which FCA liability arose from a violation of the Health Insurance Portability and Accountability Act (“HIPAA”). But in United States v. America at Home Healthcare and Nursing Services, Ltd., Judge John Robert Blakely of the United States District Court for the Northern District of Illinois, Eastern Division, allowed an FCA claim premised on a HIPAA violation to survive a motion to dismiss.
In America at Home Healthcare, plaintiff Amy O’Donnell filed a qui tam action under the FCA against her previous employer, America at Home Healthcare Nursing Service, Ltd. (“AAH”). As defendant’s name suggests, AAH is a provider of home health services. Among other allegations of wrongdoing, plaintiff claimed that AAH violated the FCA by unlawfully soliciting patients. More specifically, plaintiff alleged that AAH searched medical charts of individuals who were not AAH patients in order to generate a list of persons to target as new home health patients.
In June 2017, Judge Blakely dismissed plaintiff’s solicitation claim because plaintiff failed to allege that defendant’s solicitations were unlawful. However, in July 2017, plaintiff amended her complaint, and this time alleged that defendant’s solicitations violated HIPAA.
Section 1320d-6-d(a) of HIPAA criminalizes knowingly using, obtaining, or disclosing an individual’s identifiable health information without authorization. According to Judge Blakely, a violation of § 1320d-6-d(a) can result in FCA liability if: (1) defendant knowingly billed the government for unnecessary medical services after obtaining patients’ information unlawfully; and (2) defendant submitted claims and cost reports to the government that impliedly certified compliance with Medicare laws and regulations, but knowingly failed to disclose its HIPAA violations.
With respect to the second basis for FCA liability under HIPAA, defendant argued that plaintiff’s “implied certification” theory failed to satisfy the Supreme Court’s materiality standard from Universal Health Services, Inc. v. United States ex rel. Escobar, 136 S. Ct. 1989, 195 L. Ed. 2d 348 (2016), because HIPAA violations are not material to the government’s decision to pay claims. The FCA defines “material” as having “a natural tendency to influence, or be capable of influencing, the payment or receipt of money or property.”
Judge Blakely rejected defendant’s materiality argument. Instead, the court referenced plaintiff’s allegation that HIPAA violations go to the very essence of the bargain between the government and health care providers, because an unlawful solicitation subjects patients to abusive marketing practices. The court further referenced plaintiff’s allegation the government does not knowingly pay claims to providers who violate § 1320d-6(a) of HIPPA.
Finally, the court was untroubled by the fact that “no HIPAA-based FCA cases exist.” Instead, Judge Blakely analogized this case to kickback cases, and concluded: “[I]nformation that a home health agency has pilfered protected health data to solicit patients has a good probability of affecting a payment decision. These allegations suffice to keep [plaintiff’s] solicitation theory alive for now.”
Judge Blakely’s decision is found at: United States v. America at Home Healthcare and Nursing Services, Ltd., 2018 U.S. Dist. LEXIS 2592 (E.D. Ill. Jan. 8, 2018).