During the past several years, prosecutors have increasingly used Deferred Prosecution Agreements (DPAs) against corporations in enforcing white collar criminal statutes. DPAs have enabled companies to avoid the costs and consequences associated with a lengthy criminal investigation and trial. Simultaneously, DPAs have provided the government with a more efficient means to hold corporate wrongdoers accountable and to influence changes in corporate compliance culture. Usually, when a corporation enters into a DPA with the government, a criminal charge is filed; however, no conviction is imposed provided that the company abides by certain terms and conditions and commits no additional crimes during a deferred prosecution period. A corporation that successfully completes this period of pretrial diversion avoids having a criminal conviction on its record.
Historically, there have been few reported cases where courts strenuously objected to proposed DPAs or where the government alleged that a company breached a DPA. Two cases resolved during the past year, however, may presage that corporations may no longer assume that agreeing to a DPA will result in uncritical judicial review and reduced government scrutiny.
On December 19, 2012, North Carolina-based non-profit WakeMed Health and Hospitals (WakeMed) was charged in a criminal information based on evidence that its cardiac center personnel falsely classified patients for inpatient hospital stays and then fraudulently billed Medicare for associated services. On that date, WakeMed and the U.S. Department of Justice entered into a global settlement that included a civil agreement to resolve False Claims Act allegations related to overbilling Medicare, a two-year DPA, and a five-year Corporate Integrity Agreement (CIA). WakeMed agreed to pay $8 million — a figure representing a multiple of the underlying overpayment amount plus damages— and to submit to an independent monitor’s review. Under the settlement, WakeMed would not be excluded from participation in Medicare.
When WakeMed attempted to admit guilt before a North Carolina federal judge on January 17, 2013, the court refused to accept the DPA, calling it a “slap on the hand.” After reviewing supplemental briefs, the judge subsequently agreed to defer prosecution under an agreement that imposes a five-year CIA and prohibits the hospital from making public statements contradicting the underlying statement of facts. While the judge ultimately accepted the DPA to protect WakeMed’s health care providers, employees, and patients, the judge’s order also left open the possibility that the court might conduct a hearing in a year to examine how the DPA is proceeding.
In September 2010, global medical device manufacturer Wright Medical Group, Inc. (Wright) entered into a one-year DPA with the U.S. Attorney’s Office for the District of New Jersey to resolve a criminal complaint that its subsidiary, Wright Medical Technology, Inc. (WMT), conspired to violate the federal Antikickback Statute. Specifically, WMT was charged with entering into financial arrangements with orthopedic surgeons that involved the offer and solicitation of payments from Wright in exchange for the surgeons’ use of Wright’s hip and knee joint products. As part of the global settlement, Wright and the government agreed to a five-year CIA, which will be overseen by an independent monitor, and to pay $7.9 million in civil and administrative claims.
Months after a federal court in New Jersey accepted the settlement, during the pendency of the deferred prosecution period, Wright announced in a May 2011 Securities and Exchange Commission 8-K filing that it had received a tip through its compliance program concerning potential violations of the terms of the DPA. The company hired outside counsel to conduct an investigation, which unearthed some additional issues relating to physician kickbacks. Wright, consistent with the terms of the DPA, provided written notice to the monitor and the government that it had found “credible evidence of wrongdoing.” In response to Wright’s notice, the U.S. Attorney’s Office accused the corporation of intentionally and materially breaching the DPA, which rendered the company vulnerable to criminal and civil litigation as well as exclusion from Medicare. Under the DPA, Wright was given a short period of time to demonstrate to the government that no breach had occurred, or if it did, that it was not material and had been cured. Ultimately, Wright faced no further charges from the government, yet it did have to operate under the DPA for another year. In October 2012, Wright received notice that the complaint had been dismissed and the DPA terminated.
The WakeMed and Wright cases illustrate how entering into a DPA with the government may not guarantee that the company’s conduct will escape scrutiny. The WakeMed judge’s pointed review and sharp public commentary should put health care corporations on notice that judges may be inclined to reject settlements unless they are satisfied that the DPAs impose adequate corporate oversight and punishment. The Wright case highlights the need for corporate defendants to quickly investigate and report credible allegations of wrongdoing during a deferred prosecution period.
So what can corporate health care defendants do now to prepare for the unlikely event that they have to enter into a DPA? What steps can they take to increase the likelihood that the DPA will withstand exacting judicial and prosecutorial scrutiny? Health care entities should take proactive steps in the near term — and before a civil investigative demand (CID), grand jury subpoena, or target letter arrives — to ensure that their existing compliance and ethics programs are robust and not just curios sitting on the shelf. This means that higher-level management should actively encourage and support the development of a well-run compliance program that contains adequate reporting systems, routine audits and checks, and protections for those who report wrongdoing. The compliance program should clearly discourage conduct that violates civil, criminal, and administrative laws, with significant punishment for wrongdoers. In addition, entities should routinely assess their business strategies to ensure that marketplace fluctuations do not inadvertently cause changes in employee behavior that could violate the law. If a health care corporation does, regrettably, receive a CID or notice that it is a target of a government investigation, this should trigger a quick and focused response that includes, at minimum, a review of the existing compliance program. Are the corporation’s reporting mechanisms deficient? Did the audit and monitoring systems fail to detect the conduct at issue? Are revisions to training and a review of all claims prior to submission to the government in order? Recognition and correction of deficiencies before beginning negotiations with the government may enable the company to minimize, or possibly eliminate, corporate culpability. It may also go a long way in convincing the judge that the corporation has truly accepted responsibility and that a DPA serves as a more-than-adequate-form of punishment and deterrence.