As federal judges in New York and elsewhere continue to hand down decades-plus long prison sentences for health care fraud and the administration increases federal resources devoted to combating health care fraud, health care providers should pay close attention to the “badges of fraud” that may land a company in the crosshairs of a federal criminal investigation.

Below, we look at the “red flags”—the areas of potential fraud of which a health care company should be aware to stay compliant and off the DOJ’s radar.

A hot enforcement area

It should come as no surprise to health care professionals that criminal health care fraud enforcement is increasing. The highly successful U.S. Department of Justice Medicare Fraud Strike Force, led by the Fraud Section in Main Justice, has convicted thousands of defendants nationwide, and its last health care fraud “takedown” in July 2017 was the biggest in DOJ history with more than 400 individuals charged. Judges continue to impose lengthy prison sentences, including a 13-year sentence handed down to Dr. Imran Ahmed in February 2018 in the Eastern District of New York.

Related: Death, fraud and ACA subsidies

These stats are only poised to increase as the administration has devoted significant federal dollars to combating health care fraud. The administration’s fiscal year 2019 budget request calls for $770 million in anti-fraud funding, a jump from the FY 2018 request of $751 million.

The bottom line: DOJ continues to view criminal health care fraud as a target-rich environment for investigation and prosecution.

What are the top red flags for health care fraud?

As a health care industry GC or executive, you should be on the lookout for any of these red flags in your business practices.

(1) Opioids. Not surprisingly, if you or your company prescribes, sells or distributes opioids, that mere fact alone could warrant scrutiny, given the administration’s focus on combating the opioid epidemic. In August 2017, Attorney General Sessions announced the formation of the Opioid Fraud and Abuse Detection Unit, a pilot program that uses data to identify and prosecute individuals engaged in opioid-related health care fraud. The program will fund 12 Assistant U.S. Attorneys, to be located in health care fraud hot spots around the country. These AUSAs will focus on investigating and prosecuting “pill mills,” pharmacies that improperly divert and dispense prescription opioids, and other opioid-related issues. Overall, if your practice writes a high number of prescriptions for opioids, that fact alone could spark enforcement interest.

(2) Home health care. Home health care fraud has traditionally been a rich area of prosecution for DOJ. Generally speaking, home health care can be prescribed by a doctor when the patient is homebound and needs intermittent skilled care. Traditional flavors of fraud in the home health care sphere have included doctors writing prescriptions for home health care when there is no real medical necessity, unlicensed workers rendering the “care,” workers billing for services not rendered (“no-show workers”) and kickbacks being paid to recruit patients. If your medical practice includes home health care, be aware that your practices may fall under scrutiny. A recent example of a lengthy prison sentence handed down in this area is the 35-year sentence for Dr. Jacques Roy in Dallas for home health care fraud involving more than 11,000 patients.

(3) More data, more problems. For many years, DOJ has used providers’ claims data to help identify health care fraud. This data crunching will continue to become more sophisticated over time as more resources are allocated to health care fraud data analytics. Uses of the data range from identifying geographic hotbeds for fraud so enforcement resources can be targeted and deployed to identifying the top doctors who are using billing codes that are suspected to be fraudulent. In this case, being the top biller in the country for a specific code is not a good thing and will almost certainly lead to greater scrutiny.

DOJ will zero in on these outliers as a possible badge of fraud, looking for a disconnect between the size of the medical practice and the volume of billing (i.e., a small practice with a large volume of billing), incongruity between the practice’s specialty and the types of codes billed (e.g., a general practitioner prescribing a high percentage of opioids), and whether a large portion of the overall claims billed skew toward higher-paying codes even when lower-paying codes are available. The bottom line: Know your data and be able to defend it. If you are a high-volume biller, or if there are anomalies or spikes, you could be targeted.

(4) Robosigning. A common theme among many health care fraud cases is the practice known as “robosigning,” which typically involves a doctor blindly writing prescriptions or orders that authorize care without first making an individualized determination of medical necessity.

The government will use data analytics and other means to identify possible robosigning, especially when the orders are for expensive drugs or services, or those areas of care that have a track record of inappropriate ordering (such as opioids, home health care, power wheelchairs and sleep studies). Your company should ensure that the authorizing medical professional is actually making a case-by-case analysis of medical necessity before ordering drugs or services. And importantly, the company should be able to re-create and affirmatively prove this process was actually used.

(5) Kickbacks. The payment of kickbacks or other illicit benefits to patients, recruiters who procure such patients, or even to doctors or other medical professionals, continues to be a major problem. Where appropriate, clinics should actively question management as to how the patients learned of the clinic or why the patient selected your clinic over others.

Internal data will show if the patient is a “frequent flier” in an office and whether the patient has presented with a number of different ailments over time that seem implausible or has received treatment at your facility for which they inexplicably re-present multiple times. This could be suggestive of a patient who is being paid to visit your facility. If one patient is being paid, it is likely there are more. Criminal penalties for paying and receiving kickbacks are severe, and any suggestion that this is occurring should be investigated immediately.

(6) Upcoding. Upcoding refers to the improper practice of a medical professional billing for a more expensive medical service than was actually provided to the patient. While upcoding can occur in a myriad of ways, DOJ often focuses on service-based, location-based or time-based upcoding. In service-based upcoding, a doctor may perform a simple check-up, but bill for a more extensive examination or even a surgery.

A location-based example could be billing for a procedure that occurred in an operating room when, in fact, it had occurred in a less-expensive setting such as an office. Finally, time-based upcoding fraud can occur when a doctor sees a patient for 10 minutes, but bills for a more expensive 45-minute consultation. These upcoding schemes are more difficult for law enforcement to unravel, but the claims data will give rise to greater potential scrutiny when providers consistently use higher-paying codes.

(7) Billing for unqualified workers. Another common theme in health care fraud cases is billing for unqualified or unlicensed workers. On the obvious side, many cases have featured clinics using a less qualified worker (such as a physician’s assistant) to render services to a patient, but the services are billed as if they were provided by a medical professional with a higher reimbursement rate.

Other subtler variations on this theme are clinics that bill for lower-level medical professionals (such as physical therapy assistants) who are supposed to be supervised by a higher-level medical professional (a physical therapist) but operate without supervision. Your facility must have the proper monitoring equipment (e.g., electronic badging, timecards, etc.) to be able to demonstrate which medical professional actually saw the patient and in the case of supervision requirements, who was on-site when certain care requiring supervision was rendered.


The administration has backed up its tough talk on combating health care fraud with new initiatives and more money. Make no mistake—federal enforcement of criminal health care laws stands poised to become increasingly muscular and robust. Knowing the red flags the federal authorities will look for will help your company be more compliant and mitigate the risk of becoming the subject of a federal criminal health care fraud investigation.

Maranda E. Fritz is a partner in Thompson Hine’s New York office, Sarah M. Hall is senior counsel in the firm’s Washington, D.C. office, and John R. Mitchell is a partner in the firm’s Cleveland office. Hall is a former federal prosecutor, and Fritz and Mitchell are former state prosecutors. All three authors are members of the firm’s white-collar criminal practice, internal investigations and government enforcement practice.