Government Enforcers Keep Their Sights Trained on Telehealth Providers

The COVID-19 pandemic ushered in the expanded use of telehealth platforms and services, which continues today. Yet increased telehealth activity has also led to increased enforcement efforts against those who — in the government’s view — exploit these platforms unlawfully. As outlined in our prior Advisory, “Can You Hear Me Now?”: DOJ Expands Telehealth Enforcement Efforts, government agencies are ramping up enforcement efforts against telehealth platforms and their affiliated executives and healthcare providers. As the year comes to a close, recent U.S. Department of Justice (DOJ) enforcement actions out of New York and Michigan further illustrate the trend. At the same time, a recent update in a False Claims Act (FCA) qui tam suit suggests some tips for handling a private civil suit related to similar conduct, while U.S. Federal Trade Commission (FTC) activity reinforces the importance of considering billing practices and data collection. We break down these latest happenings below and also provide some takeaways for companies operating in the telehealth space.

Seven Plead Guilty in $1.7 Billion International Telemedicine Scheme

On October 22, 2024, Hafizullah Ebady pleaded guilty to healthcare fraud conspiracy in the Eastern District of New York for his role in a $1.7 billion international telemedicine scheme involving fraudulent prescription billings from over 50 pharmacies in the United States. Ebady is the seventh co-conspirator to plead guilty to the scheme; the alleged leader of the organization, Brian Sutton, a U.S. citizen who resides in Russia, has been charged but remains abroad.

According to the charging documents, the defendants allegedly operated out of Moscow and acquired and operated brick-and-mortar pharmacies across the United States which had pre-existing relationships with private health insurers. The defendants then allegedly oversaw call centers that were initially based in Utah but later moved to Russia and other foreign nations. Callers allegedly telephoned beneficiaries enrolled with the private health insurers and offered prescription medications at little to no cost and without any required medical exams. The defendants then allegedly recruited doctors to review the prescriptions but falsely told them that the necessary telemedicine visits had taken place. The government asserts that although the prescriptions were filled, many beneficiaries never actually received the medications. Ultimately, the defendants allegedly submitted over $1.7 billion in reimbursement requests for over 50 pharmacies, with private insurers paying over $500 million. According to the government, the alleged conspirators concealed their activities by using shell companies and straw owners to purchase pharmacies and to launder the proceeds; using end-to-end encrypted communications; and installing software at their pharmacies that allowed them to remotely submit reimbursement requests to private insurers.

Notably, this scheme was directed at private health insurers and not government-operated providers. DOJ has recently prioritized schemes against private providers as part of its corporate whistleblower awards program, which we detailed in our prior Advisory, “DOJ Launches Highly Anticipated Corporate Whistleblower Awards Program.”

DOJ Resolves Five Cases Against Physicians for Roles in Telemedicine Fraud

DOJ also continues to focus on physicians who enable telemedicine fraud. On November 18, 2024, the U.S. Attorney’s Office for the Western District of Michigan announced resolutions with five Michigan doctors. Two doctors pleaded guilty to making false statements relating to healthcare matters for using a telemedicine program to authorize medical orders for patients they never met or examined. In addition to pleading guilty, both doctors also agreed to pay civil settlements for their conduct. Three other doctors reached civil settlements with DOJ to resolve allegations that they collectively ordered thousands of costly, medically unnecessary orthotic braces. These resolutions were part of DOJ’s previously announced nationwide takedowns related to telemedicine.

Telehealth Company Cerebral to Pay $3.6 Million to Resolve Probe of Adderall Sales

Our prior telehealth Advisory examined the criminal charges filed against two executives of telehealth company Done Global related to that company’s involvement in telehealth prescriptions of Adderall and other controlled substances. Now, DOJ has unveiled another enforcement against a telehealth company related to prescriptions of Attention-Deficit/Hyperactivity Disorder (ADHD) medications. On November 4, 2024, online mental healthcare company Cerebral, Inc. entered into a non-prosecution agreement (NPA) with the U.S. Attorney’s Office for the Eastern District of New York, and agreed to pay more than $3.6 million for encouraging increased prescriptions of Adderall and other controlled substances via telemedicine.

According to the statement of facts included as part of the agreement, Cerebral operates as a direct-to-consumer business and promotes or sells subscription services offering online mental healthcare treatment. From October 2020 to October 2022, Cerebral prescribed controlled substances, including Adderall, to its patients. Cerebral admitted that, in an effort to grow the revenue generated by its drug prescriptions, the company developed internal plans to (1) increase the rate at which new patients signed up for its medication management subscription plan to 95%, and (2) increase its rate of stimulant prescriptions for those diagnosed with ADHD to “near 100%.” These tactics included practices like considering “flags” and “strikes” for providers who supposedly under-prescribed ADHD stimulant medication, as well as providing financial incentives for providers who conducted pre-prescription checks of prescription monitoring databases for ADHD patients (a necessary step for eventually prescribing ADHD stimulants). These practices occurred despite noted internal concerns that Cerebral’s incentive structures could encourage the unnecessary prescription of stimulants as well as internally known warning signs that improper drug diversion (to non-patients, etc.) could take place.

Cerebral’s $3,652,000 forfeiture represents the amount attributed to the increase in Cerebral’s revenue due to stimulant prescriptions issued to patients diagnosed with ADHD during the relevant period. This amount factors in Cerebral’s voluntary remedial measures to mitigate and correct the above-described practices, as well as Cerebral’s voluntary decision in October 2022 to stop prescribing controlled substances and to refrain from doing so in the future. Cerebral also agreed to pay a fine of $2,922,000, but the government deferred the payment of the fine for the NPA’s term because Cerebral lacked the ability to pay it. Notably, the government stated that Cerebral did not self-disclose its misconduct, and therefore would not receive voluntary self-disclosure credit. However, according to the government, Cerebral nonetheless received an NPA based on its lack of criminal history, its cooperation, and the substantial remediation efforts it undertook, which included terminating its CEO, stopping the use of the at-issue prescription metrics, and ceasing to prescribe controlled substances.

This NPA comes on the heels of the DOJ and FTC announcing civil claims against Cerebral and other telehealth companies in June of this year for allegedly unfair and deceptive privacy, data security, marketing, and billing practices, as described in our previous Advisory.

FCA Qui Tam Suit Against ZocDoc Dismissed in the Southern District of New York

Beyond government enforcement actions, telehealth or telehealth-adjacent companies also face the risk of private plaintiffs pursuing FCA qui tam suits. Such suits may become more attractive as the government continues to focus on telehealth companies.

We previously highlighted one such qui tam suit in the Southern District of New York against Zocdoc, Inc. (Zocdoc). There, the plaintiff alleged that Zocdoc, an online digital health platform that allows patients to search for and schedule appointments with medical providers, violated the federal False Claims Act (FCA) and Anti-Kickback Statute (AKS) through actions related to its pricing model used to determine the fees charged to providers for new patient bookings made through the Zocdoc website.

In an opinion and order on September 26, 2024, the district court granted Zocdoc’s motion to dismiss both the FCA and AKS counts. Of particular influence were two Advisory Opinions that Zocdoc had previously received from the Office of the Inspector General of the Department of Health and Human Services (HHS-OIG). Both opinions concluded that Zocdoc’s pricing model at issue presented a “low risk of fraud” under the AKS. In its opinion, the court found that the plaintiff’s complaint did “not plausibly allege that Zocdoc misled the OIG, has acted in a manner inconsistent with the two Advisory Opinions, or has acted with the necessary mens rea required to state a claim under the FCA and AKS.” The plaintiff filed a notice of appeal to the Court of Appeals for the Second Circuit on October 21, 2024.

The FTC Continues Enforcement Related to Unfair and Deceptive Billing Practices

As discussed in our prior Advisory, a central component to the FTC’s focus on telehealth providers has been their failure to comply with laws governing billing practices such as the Restore Online Shoppers’ Confidence Act (ROSCA) and the Electronic Funds Transfer Act. For example, the FTC’s complaint against Cerebral alleged that the company violated ROSCA by failing to clearly disclose all material terms of Cerebral’s cancellation policies before charging consumers and that, despite promising that consumers could “cancel anytime,” Cerebral required its clients to navigate a complex, multi-step, and often multi-day process to cancel. In September, a federal court approved a $40 million settlement with a group of defendants who, purportedly, similarly violated ROSCA by enrolling customers in continuity programs for health products without their knowledge. The relevant orders permanently ban the defendants from marketing or selling any product or service using a negative option feature, or otherwise failing to disclose certain facts regarding the costs, charges, refund and cancellation policies, or “free trial” offers often associated with recurring billing programs.

Takeaways

There are several key takeaways from these recent developments:

• The government’s focus on telehealth enforcement is likely here to stay, despite the change in administration: As detailed in our prior Advisory, telehealth enforcement has been a government priority dating back to before the pandemic and has only increased in the subsequent years. Enforcement authorities like DOJ and FTC, as well as private whistleblowers, will likely continue to prioritize telehealth enforcement given its widespread use.
• Preemptively assessing the range of regulations governed by company practices is key to avoiding future government action. As shown in the Cerebral matter, telehealth programs can trigger a series of regulatory considerations that are less commonly enforced against the life science industry, including those governing subscription services, electronic payments, and general data privacy and security. Partnering with external counsel to understand the full gamut of federal and state regulations that can be triggered by business practices of interest can help the company to develop appropriate risk-mitigation strategies on the front end to avoid government attention.
• Additional scrutiny for controlled substances: There have now been multiple enforcement actions related to telehealth platforms offering Adderall. Telehealth platforms that allow for the prescription of Adderall and other controlled substances like it may face more intense scrutiny by enforcement authorities.
• Factors leading to a non-prosecution agreement: Although Cerebral had not self-disclosed its misconduct, lack of criminal history, cooperation, and remedial efforts, including terminating its CEO, DOJ entered into a non-prosecution agreement, as opposed to seeking a deferred prosecution or guilty plea. Similarly situated companies facing scrutiny should examine resolutions like this to inform their negotiations with DOJ.
• Seeking prior regulatory guidance may help reduce penalties or legal exposure: As noted in the Zocdoc case, the HHS-OIG Advisory Opinions played a central role in the district court’s decision to dismiss the complaint. Thus, engaging with the government early — albeit cautiously and with the advice of counsel — could improve the ultimate outcome of an enforcement action or qui tam suit.

The authors are members of Arnold & Porter’s White Collar Defense & Investigations group, Life Sciences & Healthcare Regulatory group, and Consumer Protection & Advertising team, which collectively have decades of experience in handling criminal and civil healthcare-related enforcement actions on both the government and defense sides. Please reach out to them about these cases or healthcare-related enforcement matters generally.

© Arnold & Porter Kaye Scholer LLP 2024 All Rights Reserved. This Advisory is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.