Ropes & Gray attorneys provide timely analysis on legal developments, court decisions and changes in legislation and regulations.
Andrew O’Connor: Welcome, everyone, to another installment of Ropes & Gray’s False Claims Act podcast series. I’m Andrew O’Connor—I co-lead the False Claims Act (“FCA”) group here at Ropes & Gray. I’m joined today by Michael Lampert, who co-leads the practice. Hello, Michael.
Michael Lampert: Hi, Andrew—I’m glad we’re doing this.
Andrew O’Connor: Same here. And most importantly, Michael and I are delighted to welcome our new partner, Amy Kossak. Amy spent the last 10 years at the U.S. Department of Justice (“DOJ”) and, aside from a very interesting tour in the front offices, spent the last decade representing the United States in False Claims Act cases. Amy, we are thrilled to have you both here on the podcast and at Ropes & Gray. Welcome.
Amy Kossak: Thanks, Andrew—great to be here.
Andrew O’Connor: Today, the plan is to get Amy’s thoughts on the FCA landscape, what she sees coming down the pike over the next couple of years, and how companies can navigate those risks. But before we jump into that, Amy, would love to hear a bit more about how, after a successful 10 years at DOJ, you found yourself back on this side of the V.
Amy Kossak: Thanks, Andrew. I did—I spent six years on this side of the V, at the beginning of my practice, and then spent the last 10 years at DOJ. I will say, leaving was a hard decision. I loved my job. I loved my colleagues. It was a really terrific decade. I thought after 10 years, there was a lot of value I could bring to clients on this side of the table based on my time at DOJ.
Once I made the decision to leave, that next part was much easier, which was, “Where would I want to go?” And Ropes & Gray was my first call. I knew it was where I wanted to land. I think it’s not only because Ropes has a Chambers Band 1-recognized FCA practice, which, obviously, is important as you’re going to go out into the world and do this work, but most importantly, I had seen close up how Ropes & Gray handles an FCA case, and I was highly impressed. About eight years ago, Andrew and two of his colleagues handled an FCA case where I was the trial attorney on that matter, and I was really impressed with the arguments they made and with the way they interacted with the government. We had a collaborative discussion, we strongly disagreed, and they made good arguments. They actually persuaded me away from one of the arguments I initially thought was a strong one, but they made a persuasive case for it. And so, I tucked that away in my head—if I was ever going to leave, which at that point was not in my mind, I thought Ropes might be a place I wanted to land. Frankly, as time went on, I became more and more persuaded that Ropes really was at the top of their game in this space. So, I’m thrilled to be here, thrilled to be Andrew’s colleague now and not his opponent, and really just happy to be doing this.
Andrew O’Connor: Looking back at your experience, I’m curious what you see as the latest trends in the False Claims Act space. What should we be looking for out of DOJ in the next year or two?
Amy Kossak: Probably a variety of things, but I think one that is at the top of the list really is an uptick in the number of CIDs—CIDs are civil investigative demands. People in the space know them well—they’re like subpoenas. I think the number of CIDs heading to the nontraditional recipients—vendors, investors, perhaps people who don’t submit claims themselves but are part of the health care system—I suspect a lot of those are coming. There’s been fairly well-publicized statements, including by Brian Boynton, head of the Civil Division, about where DOJ’s priorities are, and investors has been one that has landed on the list. That doesn’t necessarily mean DOJ is going to be actively pursuing them to the exclusion of other participants in the market, but when someone like Brian makes statements out loud at a conference that is heavily attended by members of the relators’ bar, the relators’ bar takes notice and it causes them to scurry around and find cases that hit on DOJ’s stated priorities. In the case of investors and vendors, it also encourages relators to name those entities as defendants in their qui tam suits in part because of a unique aspect of FCA practice, which is the first-to-file rule, part of the False Claims Act, where the first one in the door is the one who gets a piece of the pie at the end if there is a resolution. And so, there’s an incentive to allege broadly, even maybe where your allegations are fairly thin, so I suspect that will happen. Then, once a relator files a qui tam lawsuit that names an entity as a defendant, DOJ is then going to investigate the allegations, the alleged wrongdoers—and these days, “investigate” often means “send CIDs.” Last year was a record year for CIDs at DOJ—there were over 1,500 of them—more than ever before. There’s good reason to think that that trend is going to continue, so that is what I would expect. Folks who are not so used to getting these are going to start getting these, and they’re going to need some help figuring out how to navigate the process.
Michael Lampert: Amy, from the company’s side, that sounds alarming, a little bit—it sounds like a lot coming down the pike. From your perspective, what you saw on the DOJ side, what are some features you’ve seen common to companies that have gotten caught in the crosshairs, and what companies might do to avoid that?
Amy Kossak: I would say, number one, is take complaints by internal whistleblowers seriously. Hear them out. Have them feel heard. Look into what they say. Don’t fire them. The reason I say that is there are about 700 qui tams filed every year—that’s been roughly the number for the last several years. It’s fairly simple—appropriately handling complaints from whistleblowers internally is really, really important. Companies often have hotlines and certain ways to comply and to hear folks out, but one thing I’ve seen happen before is a lower-level employee reports some concerns to a manager, and then the manager doesn’t report it up, either out of concern or because they don’t think management wants to hear it. Encouraging not only the low-level employees but also the managers to think, “If you hear something from someone, let’s report it, let’s think about it, and let’s talk about it.” Not always will it be an actual compliance violation, but hearing those folks out and making them feel heard I think really goes a long way to preventing someone from deciding to go the whistleblower route.
Another thing I think companies can do is, to the extent possible, figure out whether you are an outlier on any metrics that can be derived from claims filed with the Centers for Medicare & Medicaid Services (“CMS”). The government has ways of analyzing that data, and so, if you are an outlier and it’s something that DOJ and CMS can work to figure out, you either need to be sure you have a good reason for why that’s true—and certainly, there are many times when there’s a really good story as to why what looks like an outlier in data really makes a lot of sense—or if it isn’t easily explainable, to try to figure out what’s happening and address it as needed. Notably, there are now some whistleblowers that are just data analysts. People are crunching some data, and they’re bringing cases to the government—not because they have insider knowledge at a company but because they were able to crunch data and figure out where they see outliers—and so now, you’ve got two people looking at data or two different groups. So, mind your data.
Finally, just take good care of patients if we’re in the health care space. Patient harm can be the difference between DOJ getting involved in a case and it not getting involved in a case. Obviously, those are powerful jury stories, and I think from a moral perspective, DOJ is highly motivated when they think patient harm is involved.
Andrew O’Connor: You talked a lot about whistleblowers. How much do you think that DOJ’s FCA portfolio over the next few years is going to be driven by whistleblower cases as opposed to DOJ’s affirmative mission and goals?
Amy Kossak: As I said before, they’re a little bit intertwined—stated missions and goals lead to whistleblower cases. But I would expect most of DOJ’s work to continue to be reactive and driven by qui tams. Again, there’s an obligation to investigate them when they come in, and in my experience, that is really where most of the cases come from. There are times when, if a qui tam was filed, and it was a successful one and it exposed some wrongdoing in an industry where there are other players, that sometimes may spawn investigations not only of the company but of their competitors. But I would expect most to still come from qui tams.
Michael Lampert: Amy, something that always interests me whenever working with a company that’s suffered the landing of a qui tam or of a CID, and maybe focusing on the CID first, is this: When a CID lands, it lands with a thunderclap and prompts questions of, “How did this get here? Why us? Why is the government looking at it?” I wonder if you might talk about what’s happened on the DOJ side of the curtain before the CID hits the company.
Amy Kossak: Typically, what will happen is a qui tam will be filed by a whistleblower. It will be filed with the court under seal, so the company won’t know about it, but the government will. Then, by statute, they also need to submit what’s called a “disclosure statement” to DOJ and to the U.S. Attorney’s Office that is their disclosure of all the material evidence that they have that supports the allegations in their complaint. So, what happens once the government receives that and reviews it, one of the first things that will happen is that the government will interview the relator (maybe more than once) to understand more about what is in those two documents. They will review that disclosure statement carefully. That disclosure statement often will include the names and contact information of other witnesses the relator thinks will corroborate his or her story. It will identify sources of documents. I’ve even seen them sometimes include, “Here’s the ten document requests I would include in a CID if I were you.” If the relator has taken any documents with him or her upon departure—which the government will argue that they’re allowed to do if the purpose of doing that is a good-faith reporting of what they think is fraud to the government—those will often be attached in the disclosure statement, too. I’ve seen them be very voluminous. So, the government will take a look at those. They’ll search some publicly available information—whatever’s out there on Google, the company’s website, and other public sources. There’s claims data analysis that would help corroborate or, on the flip side, seem to not support the allegations—the government’s likely to do that. And then, former employees are a really big source. Before the government goes overt with a CID, it’s quite common for the government to try to find some former employees that they think are outside any scope of potential representation, try to call them, see if some folks will talk—sometimes if people were disgruntled when they left, they’re more than eager to do that. Another thing that happens, as well, is if there is a question of whether conduct violated some fairly technical regulation or, frankly, even if it’s a question of an Anti-Kickback Statute allegation, the government will talk to—and has every right to, and, in fact, regularly consults with—their client agencies to find out, “If this were all true, does this bother you, or does this seem like a violation?” So, all of that will happen all behind the scenes before the CID lands, like you said, with a thunderclap.
Michael Lampert: It sounds like it’s coming, maybe to mix metaphors, with a thunderclap and maybe with a lot of momentum behind it—sounds like it’d be fascinating to see. When it hits, maybe apart from uttering some choice words, what’s the first step for a company? When you were on the government side, what right things did you see companies do right out of the gate that really helped their position and what wrong things hurt them?
Amy Kossak: First, I would say, “Call me.” But, really, get an FCA expert involved right away, right out of the gate, before your very first call with DOJ. I know it’s tempting to pick up the phone, but your phone call should be to an FCA expert—I really highly encourage that. That may not be the person you would call up to handle run-of-the-mill subpoenas—you really want someone who knows this landscape, can set the right tone with DOJ, and knows where the landmines are, etc. I think I’ve seen some companies do this, where they think of this in two stages—there’s responding to the CID, and then, talking about potential liability. Those two things are not separate—they go hand in hand, and they are part of the discussions from the very beginning. So, you want to find your lawyer who will figure out how to have a smart approach to staging the productions. It is not the kind of thing where, although the CID will say, “You must respond to everything in 30 days,” that’s not how it goes. The government will take things in pieces, and understanding how to provide the government with what it is looking for without having to turn the company upside down is really important both for the substance but also just for cost. You need to understand what motivates the folks at DOJ, what moves them, what doesn’t move them. You need to know when it is an appropriate, and good, and useful time to present an affirmative story from the company and when it’s really most appropriate to wait and see where the government’s interest is. And you really need to make sure your lawyer’s up to speed on the FCA case law in this area.
Andrew O’Connor: Amy, I think that’s exactly right. We’ve certainly had cases where counsel who’s perhaps not as expert in the False Claims Act or anti-kickback space comes in and gets off on the wrong foot with the government, and you find yourself trying to dig out of a hole. And so, I totally agree with you that getting someone who knows this landscape, who knows the players is really key to responding effectively when you get a CID.
Amy, I wanted to ask you about a hot topic. Every time I go to a conference, I hear DOJ banging the self-disclosure drum, but it remains a pretty complicated issue, and there remains a lot of skepticism, I would say, on the side of the defense bar about the values of self-disclosure. What are your views on that issue?
Amy Kossak: You’re absolutely right—I think DOJ is very much interested in encouraging self-disclosures. The Office of Inspector General for the U.S. Department of Health and Human Services (“HHS-OIG”) also has put out incentives for self-disclosures. It seems like there’s a new program every week trying to encourage self-disclosures, and there’s a lot of press and a lot of statements by high-level folks at DOJ really trying to encourage it. And I get it—it is good when people self-disclose wrongdoing if you are DOJ, but just to be perfectly frank, it’s a really fraught decision. There are a lot of risks to doing so. There are a lot of variables that a company would want to consider before making a self-disclosure. It depends who’s on the other side from the government’s perspective. It depends on the facts. It depends on the exposure. It just depends on a lot of things. So, it’s a really momentous decision. Again, it’s another place where a lawyer with expertise in this area is a really good person to talk to in order to really think through the implications of that.
Michael Lampert: Self-disclosure is momentous, as you said. It’s also part of a compliance program. We’ve all read, just as you said, about what HHS-OIG and DOJ have said about self-disclosure and have said the same about good compliance programs—you get credit for having one. But it can also feel like a prosecutor could focus not on the fact that there were a bunch of compliance activities, but instead that something did go wrong, and that that’s evidence that the program wasn’t robust, and so no credit would be due, which presents the question of the ROI of big investments in a compliance program that inevitably isn’t going to catch everything and might not actually generate the credit that DOJ has said is due for it. How do you think about that?
Amy Kossak: I think, overall, it is still wise to invest in a compliance program but with some caveats, and I think with some important ones. Going back to first principles, there’s really two reasons to do this. One is to, like you said, avoid things happening at all—avoid any government scrutiny, avoid relators filing qui tams. It’s obviously, as you said, really hard to measure how often a good program prevents that, but it does, and it is still wise to do what you can to stave off these issues from the jump, because they are really just very expensive and very disruptive to deal with. But the point is to invest wisely. Put money where the highest risks are. Put money where if it went wrong, the damages due to the government would be high. Think about where the real pressure points are, think about where the weaknesses are, and put the money there as opposed to maybe scattering it just broadly.
The second thought I have here, I think this is actually really important and I’m glad you raised it—you still want a robust compliance program so that if things go wrong, you really still can get credit for having a good program, even if things, like you said, slip through the cracks. You get it in really two ways. One of them is to defeat the scienter element or the intent element of an FCA violation. A good compliance program really would be a thing a company would talk to a jury about as to why, “We did not intend to act improperly. In fact, we put a lot of time, resources, and energy towards our compliance program.” But then, secondly, as I think you said, you can get credit in a settlement posture, if you’re there, for having a good compliance program. I think, though, in both of those instances, the key is really getting the government to understand your compliance program. Explain why it was thoughtfully designed. Explain how it was supposed to root out the kind of misconduct that is typical at your company and hopefully the type of misconduct that actually happened here.
DOJ, in my experience, really does want to give credit for good compliance programs, but companies don’t often get into the details. They’ll say, “We have a hotline. We have a compliance program. Our chief compliance officer reports directly to the CEO,” all those things. But talking in more detail about the programs, actually, I think, would go a long way to helping the government understand. And then, expressly ask for credit. Say, “We think we deserve some credit or discount in our settlement discussions,” if that’s where you are, “because we really did invest in our compliance program, and we think we’ve caught a lot of things.” If you ask, it really puts the government in an awkward position, because if it is a good compliance program, you have the argument to make, which is, “You guys are telling us we need to have good compliance programs. We did. And now, here we are, and you’re not considering giving us credit for it. It really sends a bad message to the industry.” That would have moved me, frankly, as a trial attorney. I suspect it will move my former colleagues.
Andrew O’Connor: Amy, finally, wanted to talk a little bit about what makes lawyers or companies effective in dealing with DOJ in an FCA investigation. What helps the cause, and what hurts it?
Amy Kossak: I think what I’ve seen hurt an investigation more than anything is lawyers that take a somewhat cavalier approach to making representations to the government. It’s not uncommon for lawyers to say something that they think is helpful without first making sure that the facts back up what they’re saying, and then, it really hurts their credibility and hurts their case when the follow-up questions lead to a recognition that the representation was not true or was not supported. I’ve seen this happen on a number of occasions, and in each case, if you’re going to make a representation to the government, you should expect follow-up questions: “Where’s the data that supports that? Point me to the websites that you are referencing when you make X, Y, Z point.” And, if you have not yet checked to make sure the data supports what you’re saying or the websites are corroborative, you’ll find yourself in real trouble. Sometimes you will not only not help your case, you may also affirmatively hurt it.
Good news is there are things that do help, as well. One other thing I’ve seen work really well is sharing the results of a credible internal investigation. So, a company understands it’s being investigated. It says, “Give us a beat. We’re going to look into this, interview witnesses, find documents.” I’ve seen it done where a law firm will share the results of that internal investigation and not only really speed up the process for the company but get cooperation credit for doing so—noted in a press release, noted in the settlement numbers. What’s, I think, really great about this approach is it gets the government what it needs. It gives the client and the firm a whole heck of a lot more control over the process and how everything plays out than if everything is reactive to what the government says that they’re interested in. But notably, this only works if your client and the law firm that you retain has credibility in the government’s eyes. Some firms do. Some firms don’t. Not surprisingly, folks send emails around saying, “Has anyone dealt with either this firm or this lawyer before?” The level of deference and ability to trust the lawyer on the other side really depends a lot on the responses that come in. So, if you are working with a firm with a good reputation and an internal investigation you’re willing to share with the government, that really can go a long way.
Andrew O’Connor: Amy, thanks. This has been very, very interesting. I appreciate all your insights and look forward to continuing this discussion at some point in the future. Until then, thanks everyone for listening. Be sure to tune in for your next Ropes & Gray False Claims Act podcast. You can find them on iTunes and wherever else you get your podcasts. Thanks for listening.