Staying Compliant Can Be Challenging in 2025
September 1, 2025
By Gregory Freeman
Compliance is always a main concern for healthcare leaders, but some periods can be more challenging than others. Different federal administrations address compliance in different ways, and it is important to understand their particular areas of focus.
Compliance is more important than ever, says Lauren E. Briggerman, JD, member with the Miller & Chevalier law firm in Washington, DC. Compliance always has been important because healthcare is a highly regulated industry, of course, but the federal government is focused more now on data analytics, she says.
“That means that companies and providers need to be extremely vigilant in particular of the third-party vendors they may use for software for billing, and they really need to make sure that they are overseeing those third-party vendors and doing proper due diligence over them,” she says. “They can’t just say those third parties are not part of our organization, so we don’t have a duty to monitor them. You need to review your oversight on those vendors and make sure you can.”
Briggerman says the recent creation of the Department of Justice-Health and Human Services (DOJ-HHS) False Claims Act Working Group should get the attention of risk managers and compliance officers. DOJ and HHS announced the formation of the working group in July, saying its purpose is to strengthen use of the False Claims Act to combat healthcare fraud. The Working Group will be jointly led by HHS’ general counsel, the chief counsel to the HHS Office of Inspector General, and DOJ’s deputy assistant attorney general of the Commercial Litigation Branch. The group also will include participants from the Centers for Medicare and Medicaid Services’ Center for Program Integrity and U.S. Attorneys’ Offices.
“You’re generally going to see more coordination among these agencies. With DOJ and HHS standing up this working group, you have that coordination and the combination of investigative tools and skills from both agencies. That means you’re just going to see more investigations,” Briggerman says. “You’re going to see more streamlined investigations. And probably bigger dollar resolutions. We’re already seeing resolutions now with damages in the billions of dollars, so just watching the news come in daily, it just seems like there’s an uptick of these False Claims Act settlements and resolutions in the healthcare sector. We’re going to see more of those, and they’re going to be bigger.”
At the same time, Briggerman says, huge verdicts and settlements may push healthcare organizations to push back key components of FCA investigations. In 2024 a Johnson & Johnson subsidiary, Janssen Products LP, was ordered to pay $1.64 billion in a whistleblower lawsuit related to the off-label promotion of human immunodeficiency virus drugs. The judgment was the largest in the history of the False Claims Act.
Johnson & Johnson is appealing the verdict on constitutional grounds.
“When we see these astronomical damage awards, you are starting to see providers push back more and challenge the qui tam provisions of the False Claims Act. I do think in the next year, you’re going to see more court cases come out about the qui tam provisions and whether or not the qui tam provisions are constitutional,” Briggerman says. “At some point, we’re going to get to a crossroads where the Supreme Court is going to have to address whether the qui tam device is constitutional, and, if it guts that provision, that leaves the False Claims Act without a very serious flow of investigations to the Department of Justice.”
A number of amicus briefs were filed by interested parties in that case who have a strong interest in having the qui tam device ruled unconstitutional, like the National Association of Manufacturers, Briggerman notes.
“They wrote in their brief that the qui tam system is spiraling out of control,” she says. “I think that is something that everyone in the healthcare industry should be watching over the next year because if the qui tam device is gutted, that will have a significant impact on the False Claims Act and the government’s ability to pursue cases.”
UnitedHealth Group announced recently in a securities filing that it is facing DOJ investigations over its Medicare billing practices, saying it is complying with formal criminal and civil requests. It also said it has launched a third-party review of its business policies and performance metrics.
Increased Focus on Fraud and Abuse
The DOJ has made it clear that it will pursue and use broad False Claims Act powers to investigate perceived fraud, waste, and abuse, says Gregory P. Rosen, JD, a shareholder with the Rogers Joseph O’Donnell law firm in Washington, DC. Rosen previously was with the U.S. Attorney’s Office in Washington and led the government’s Jan. 6, 2021, prosecutions. Coupled with the administration’s new corporate self-disclosure policies, the sooner healthcare systems can grapple with a long-term or costly investigation the better, he says.
“What we are seeing in the healthcare fraud world is a lot of increased scrutiny through the use of the False Claims Act, civil investigative demands, and general criminal investigations into billing practices. There is ongoing litigation on the civil side relating to pharmacy benefit managers,” he says. “I do not view this as a partisan issue. This is a compliance issue.”
The corporate self-disclosure policy announced in May telegraphs to companies that coming forward with allegations of impropriety early, often, and fulsomely will be rewarded, Rosen says. That may include declinations or non-prosecution agreements. Meanwhile, monitorships that previously were imposed by the department may be less common, he says.
“I don’t think that those policies necessarily relieve the heat that we’re seeing upon some of these large healthcare companies, because one of the stated goals of this current administration is to not burden businesses, particularly smaller businesses, with compliance requirements that often costs a lot of money internally,” Rosen says. “I’m not sure the same can be said about large healthcare corporations, which don’t have sort of the same ‘mom and pop’ feel. So, I would fully expect that there is going to be increased scrutiny across the board,” he says. For instance, Rosen expects the department will pay close attention to whether doctors are prescribing the way that they are supposed to, that they are not overbilling, that they are using the right codes, and other areas along those lines.
Healthcare organizations should be looking closely at the DOJ self-disclosure policies because those have changed drastically. It is important to understand the review process and when to go to the department and report a problem, Rosen says.
“That is critical because, in the past, you weren’t really punished for doing your due diligence internally. But, sometimes, due diligence takes a long time, and the sooner you come to the table, the better resolution you’ll get,” he says. “Whether or not it was instituted under this administration, it’s a fairly innocuous, bipartisan issue, and I think, in light of what happened in some of these recent cases, healthcare organizations are much better off evaluating their compliance programs now rather than when they later get in trouble.”
Rosen cautions against being distracted by political disputes within the federal government. None of that is likely to interfere with the DOJ’s pursuit of healthcare fraud, he says.
“I think the people who are actually in control of the Criminal Division, for example, at DOJ, and the people who are largely sort of the career prosecutors, their day-to-day hasn’t drastically changed. Companies should sort of ignore the white noise and focus in on just making sure that they have robust compliance programs,” he says. “One easy way for any company to make sure that they’re checking the boxes is to have someone on staff, or have outside counsel, who can advise on whether or not a certain practice is avoidable or consistent with the law.”
These cases largely revolve around intent, less so on the civil side but on the criminal side, Rosen notes. “What’s the intent of the particular party or the company?” he says. “If people are going through the checks and doing it right and in good faith, it will be increasingly difficult to show some sort of nefarious intent.”
Encouraging Whistleblowers
The Trump administration’s efforts to decrease cost and eliminate waste throughout the system are affecting some healthcare compliance issues, says Lori Foley, managing principal of revenue and compliance advisory with PYA, an accounting and consulting firm in Atlanta. The administration also is expressing significant goals for Medicare and the government entities to accomplish.
“The plan is to fund those goals by cutting out the fraud, waste, and abuse, but also really doing increased audits, settlements, fines, or corporate integrity agreements. They’ve expanded the hiring of auditors, particularly to go after the Medicare Advantage plans to look at doing those rack reviews to make sure that the Medicare plans have been appropriately reimbursed, that they aren’t overstating the complexity of the patients that increases their revenue and, thus, their profits,” Foley says. “That’s going to trickle down to providers, because the medical plans don’t have the medical records. The providers have the medical records, so they’re going to have to supplement both operationally to fulfill all the medical record requests.”
The emphasis on detecting fraud and abuse will encourage whistleblowers to come forward, which can lead to all sorts of risks for healthcare organizations, she says. Foley encourages the use of artificial intelligence (AI) to help detect fraud before whistleblowers or federal auditors find it.
“AI tools to do more with less. We know that the increase in Medicare beneficiaries is around the corner, and yet some of the staffing numbers and some of the operations will go down,” she says. “Billing and collections for all of their services is always a high-risk area, trying to avoid false claims and having repayment obligations. Attention will continue to expand into the relationships between providers and health systems, auditing the contracts, and the payments to the providers to be sure they are getting the services that they’re paying for, the fair market value, the commercial reasonableness. Those problems can get hidden just because ... everybody’s doing more with less.”
Healthcare organizations should pay particular attention to the 340B Drug Pricing Program, says Shannon Sumner, principal and firm chief compliance officer with PYA in Nashville, TN.
“You need to make sure you have a really good auditing and monitoring component for 340B because that’s a significant source of revenue when done well and appropriately for many health systems,” she says. “We’re seeing a lot of audits in those areas.”
Large health systems are tapping into many different avenues of delivering care that they may not have used in the past, Sumner says, and that can lead to compliance risks. Third-party vendor management for services like telehealth platforms or other types of outsourced service providers can pose compliance challenges, she says.
“They’re looking at ways to preserve revenue and cut costs but that’s also increasing risk, certainly from a cybersecurity perspective with cloud service providers and medical device manufacturers,” Sumner says. “There are a lot of different tentacles that we’re seeing, more and more within these providers and health systems and physician practices, than we have before.”
Greg Freeman has worked with Clinican.com and its predecessor companies since 1989, moving from assistant staff writer to executive editor before becoming a freelance writer. He has been the editor of Healthcare Risk Management since 1992 and provides research and content for other Clinician.com products. In addition to his work with Clinician.com, Greg provides other freelance writing services and is the author of seven narrative nonfiction books on wartime experiences and other historical events.
Sources
- Lauren E. Briggerman, JD, Member, Miller & Chevalier, Washington, DC. Telephone: (202) 626-5966. Email: [email protected].
- Lori Foley, Managing Principal of Revenue and Compliance Advisory, PYA, Atlanta. Telephone: (404) 266-9876.
- Gregory P. Rosen, JD, Shareholder, Rogers Joseph O’Donnell, Washington, DC
- Shannon Sumner, Principal, Firm Chief Compliance Officer, PYA, Nashville, TN. Telephone: (404) 266-9876.
Compliance is always a main concern for healthcare leaders, but some periods can be more challenging than others. Different federal administrations address compliance in different ways, and it is important to understand their particular areas of focus.
You have reached your article limit for the month. Subscribe now to access this article plus other member-only content.
- Award-winning Medical Content
- Latest Advances & Development in Medicine
- Unbiased Content