In this episode of our monthly series on fraud and abuse issues, Kevin Raphael, Partner, Pietragallo Gordon Alfano Bosick & Raspanti LLP and Greg Russo, Managing Director, Berkley Research Group (BRG) discuss best practices in the use of digital forensic services in defending against government civil investigative demands. The speakers examine issues related to data usage through two hypothetical examples. The podcast is moderated by Matthew Wetzel, Associate General Counsel, Compliance Officer, GRAIL. From AHLA's Fraud and Abuse Practice Group. Sponsored by BRG.
To learn more about AHLA and the educational resources available to the health law community, visit americanhealthlaw.org.
The following message and support for A H L A is provided by Berkeley Research Group, a global consulting firm that helps organizations advance in the areas of disputes and investigations, corporate finance and strategy and operations. BRG helps clients stay ahead of what's next. For more information, visit think brg.com.Speaker 2:
Welcome to the next edition of the American Health Lawyers Association Fraud and Abuse Practice Group podcast. My name is Matt Wetzel, and along with my co-host, Kevin Raphael, we're excited to continue sharing our monthly updates on hot topics and key stories about the most pressing healthcare fraud abuse issues in the US each month. As you know, we talk about trends and enforcement, provide critical updates in the law, and share some court insights on important fraud abuse issues. We also hope to provide you with developments in government enforcement potential legislation that could impact how your clients operate and other regulatory developments that could have an influence on your business or your client's business. We wouldn't be here today without the sponsorship of B r G, the Berkeley Research Group. And on behalf of a H L A, I want to extend a huge thank you for your support. And before we jump into ta, today's topic, just a reminder for our listeners, if you have a recommendation or a suggestion for a future episode of the Fraud and Abuse Podcast, please reach out through the contact information and the podcast description. Uh, my co-host Kevin Rayfield, needs no introduction. Kevin, as you know, is a partner in the Philly office of Piera, Gallo, Gordon Alfano, ba Bosek Andi to and for over two decades, Kevin has represented hospitals, licensed providers, home health agencies, and other healthcare entities in commercial litigation, government investigations and enforcement, false claims act investigations, internal investigations and private and government payer overpayment demands. Kevin also works with corporations and entities and other industries, including food and drug and higher education as well. And Kevin serves as an adjunct professional professor, excuse me, of health law writes and speaks extensively on healthcare and white collar matters. Joining us today from b r G is Greg Russo. Welcome Greg. Greg brings more than 15 years of experience in providing strategic advice to healthcare organizations, uh, through his use of complex data analyses and financial modeling. Greg's clients seek his expert understanding of the regulatory environment, focusing, uh, primarily on harnessing the wealth of information available in large multi-part data sets to bring results and insights to clients with complex unstructured issues. Greg leverages this data and providing clients with strategic advice on damage calculations, government investigations, internal investigations, business planning and provider reimbursement. So, long story short, you all are in the right hands for fraud abuse issues today. And, uh, in this episode we're gonna be talking about the use of of digital forensic services with defending government investigations. What do we mean by digital forensic services? How can they play a critical role and what are some of the practical considerations and impacts? Kevin, let me turn it over to you. Thanks.Speaker 3:
Thank you, Matt. And thank you for the introduction, um, today, Greg, and be discussing, uh, the use of forensic services in defending government investigations. And this is an interesting discu, uh, discussion for younger attorneys, and likely a refresher for more experienced attorneys who may not be aware of the latest technology available to defense counsel and to their forensic experts. Uh, most cases, as you likely are aware, involve large, very large amounts of electronically stored information. And the government's grand jury subpoenas and civil investigative demands are getting more and more focused and demand particular types of electronic production in varying types of investigations. So today, Greg and I will be discussing best's practices related to digital forensics from both the attorneys and the forensic experts point of view. Um, during our discussions today, Greg and I will be discussing, uh, around two different examples. One example is the government investigation, uh, civil investigative demand, uh, concerning Medicare Part C, and in the Medicare Advantage plan where the government is trying to determine whether data has been modified to increase risk adjustment payments. Of course, as you're aware, this involves the luminous amounts of, uh, patient data coding and billing data and other esi. The other example we'll be using today is a grand jury subpoena, and c i d from the government focused on whether a large health system and several surgical practices affiliated with that health system, um, have been performing medically unnecessary procedures with the knowledge of, or due to the woeful blindness of the health system. So the surgeons get paid more and the health system's profit by the reimbursement of the surgeries. At least that's what the government's theory would be. So using those examples, we're gonna move forward. Um, initially, once, uh, council gets the grand jury subpoena and the c I d uh, the council reviews that to determine what they believe the government's theory is, has a conversation with the assigned assist United States attorneys to get further information about the government's investigation and what their theories are and what information they're looking for. And then the council sits down with the client or clients and discusses the various sources of potentially responsive documents, both paper and electronically stored information, including electronic health records, whether they're cloud-based or on servers on site. The next step is to then re, uh, involve the digital forensic services expert. Someone like Greg, who helped counsel have a conversation with the client's, uh, IT department and, uh, identified individuals of the client to make sure that the initial cut that defense counsel made with the client about the sources of information is accurate. Cause as we all know from experience, uh, once the client's IT department gets involved, there's usually additional source of of data that the other client, uh, representatives were unfamiliar with unaware about. Um, so Greg, let, let me ask you on either the two examples that we've are using today, what kind of information would you, uh, like to, uh, see the client produce and what would that discussion look like between you and the client?Speaker 4:
Thanks very much for having me, uh, again, Kevin. Um, and yeah, happy to take that question. So it's, uh, it's always an interesting conversation when, uh, when I start talking with clients. The first thing that I have to remind myself is that the clients don't often deal with litigation. So this is already outside their bailiwick. If they're a, a provider system, so a large hospital and the example you gave, or they're a payer, they're in a different business entirely than the business of litigation. So they're, they're not used to responding to CIDs, at least we hope they aren't used to responding to CIDs. And, um, they also typically have day jobs. So they're, they're trying to manage the many requests that my team as well as the attorneys, uh, and the DOJ is putting on their organization. And one of the first things that, that I always do is I, I work to find the folks within the organization who are those key players that hold the keys to the data, because those are the folks with whom we need to get, uh, the friendly and start a dialogue back and forth to make sure that we are collecting, uh, as much data as we can. And it's very important for our clients to recognize that more data to an organization like, uh, my, my organization, Berkeley Research Group, is a very good thing for us and takes less effort than a limited amount of data. So, for example, in, uh, in, in the, the experience that I've had, uh, and, um, taking one of the examples that you've provided, when I'm working with a large hospital system, if that large hospital system takes its data and limits that data down and then gives it to me, there are oftentimes that that data has in some way, shape or form been limited in a way that the client never thought was an issue. Perhaps they thought they limited it to all Medicare beneficiaries, but really they limited it to just traditional Medicare beneficiaries, and they threw out all of the other types of, uh, government insurance that are in there. So that sort of work to then ferret out why the data set isn't complete is far more work on our end than if we're given a full spectrum of data and then have to limit it on our side, working with the attorneys to get to the, the data that's responsive to the C I D again, what we, and what the attorneys deal with is litigation on a, on a daily basis, what the clients deal with is not litigation on a daily basis. So take, take that data over and, and put it in the hands of experts.Speaker 3:
Thank you, Greg. Um, so let me ask you, let's take an example. The, uh, Medicare part C analysis. What data, uh, would you be looking the client to provide? For example, diagno diagnostic codes or, um, rack information, you know, what kind of data would you be looking for? Um, how would you go about collecting that data? And then how would you go about analyzing it?Speaker 4:
Well, the, and the example of the Medicare Ad Advantage investigation, we have to gather a robust set of data. And that robust set of data is irrespective of what the allegations are in, in, in the, um, in the matter. And the reason that we have to do so is because of the methodology with which Medicare Advantage plans are paid. And that, I think is, uh, a key item to, to remember, which is that the economic incentives that are in play in the healthcare market often dictate the data that we need because we have to ferret out whether or not an allegation is, uh, is true or not. And to do so, we need to understand the economic dynamic that has been at play. So in the example that we have of a Medicare Advantage plan, we look to go back to the very start of the data that we have, gather all of the member data, we need to know what members are enrolled within the health plan, then what claims data do we have for those members, because we need to understand when they've hit the system, when they, when they've utilized services. And then furthermore, how has that claimed data generated diagnoses that are submitted to the government? And then what has the government returned back to the health plan as diagnoses that have been accepted in their mind? There are some ancillary data sets that we will also go about collecting, but those are really the key sort of data sets.Speaker 3:
So, Greg, as defense counsel, I'm gonna want to, uh, get a sense, uh, through the data before it's produced to the government, uh, whether or not there's any merit to the allegations that the government is, uh, propounding in any particular case. So let's take for example, the Medicare part C C I D. What information would you be reviewing and what report would you be providing to me, uh, when you've analyzed the data to help me understand whether the data supports or cuts against the government's allegations that, uh, diagnosis codes have been, uh, modified in order to increase risk adjustment scores?Speaker 4:
Well, we can go through and analyze, uh, the data in a number of different respects to help the defense team as well as the client understand whether or not those, um, allegations, uh, do appear to hold any weight. One of the things that we can look at is we can look at the diagnosis codes that a patient has received and understand whether those diagnosis codes are supportable by other points of data, uh, that we may have collected. So, for example, if multiple providers independently have identified the diagnosis for, for a patient that may, uh, help, uh, provide some credence to the, the diagnosis code being appropriately, uh, assigned to a patient. If, uh, if, if the diagnosis code was assigned by only one provider or physician, we may have collected pharmaceutical data and we could look at the pharmaceutical data to understand whether the pharmaceutical data will provide some support to the patient having that condition that has been diagnosed. So there are several different manners in which we can, uh, look at the data to get a better sense of the appropriateness of the diagnosis codes.Speaker 3:
Great, Greg, and, and what kind of report, um, or what would your work product be is a better way of saying that as far as producing to me as counsel in the case, what your conclusions are from the data you've reviewed?Speaker 4:
Well, we would work very closely with counsel to make sure that the questions we are being asked and the the questions that we're asking the data are what is most appropriate at that point in time in the litigation to ensure that we aren't creating any, um, challenges for the overall litigation strategy by doing work that, um, hasn't been asked of us. But if, if we're, if we're on the same page with the defense team as to what we are, uh, asking of the data, then our work product often looks like, uh, charts and tables to help summarize and synthesize the analyses that we've done. Our data sets often involve millions and millions of records, so producing data to a team of attorneys, um, when, when the data is that voluminous usually doesn't, um, do much to, to advance the ball. So, so our team is skilled in distilling that information down so that there are pieces of information that the attorneys can use to understand the allegation and potentially provide, uh, support to their client.Speaker 3:
Thanks, Greg. Now let's take the other example of the health system. If I, if council wanted you to review the data and give me a sense of whether the surgical practices that are the focus of the government's grand jury subpoena and c i d are outliers or not, as far as the procedures that they're performing, would you be able to compare their data that the client provides to other data and then gi give me a sense of whether the practices or outliers are not and any particular proceduresSpeaker 4:
You would? Yes. Um, and it's important to note that in those types of cases, the, the data that we use is data that we already store in a warehouse regardless of who the client is. So we typically get very little data on those cases from our clients because we already house about 20 years worth of Medicare claims data, which is most often what's at issue. So what we would be able to do is we would be able to look at the specific physician that is being, uh, investigated and understand his or her practice pattern and how that practice pattern may differ from similarly situated providers. And in some cases, the Department of Justice, uh, or the, and or the oig, whomever, whatever agency may be invest leading the investigation, may have already presented a theory of, uh, an outlier theory and provided benchmark, uh, or comparisons for that, uh, individual that's being investigated. And in those cases, we're able to look at those benchmarks and understand how those benchmarks may or may not be similar from the individual that is getting investigated as well. We have the ability to look across the care continuum, and that's very important when you talk about the example that you've provided here. It's, uh, it's important not to be myopic in terms of our healthcare system. Our healthcare system is a set of interrelated entities that provide care to patients. And that handoff often, uh, often affects the care that's provided in the next setting. So to the extent that a physician may be performing surgeries in a manner that is unlike other physicians, it's important to understand who that physician is. Are they providing care to patients who typically don't receive care? So perhaps they're showing up at the doorstep already sicker than other patients. Are those patients duly eligible as opposed to just being Medicare beneficiaries are, uh, are what does the pa, what does the physician's mortality rate look like with respect to other physicians? Lots of different factors come into play, uh, and it's important not to just look at a single statistic and think that the physician is an outlier on that statistic, and therefore they are doing something inappropriate.Speaker 3:
Thank you, Greg. Um, now while you are doing that kind of work, council's also gonna be working with other forensic, uh, experts to gather the electronically stored information that the, the client would have in either of the examples emails and other unstructured DA data in addition to what, uh, any hard copy records that may exist. And the defense council team will also be, um, having discussions with the client and the, and the forensic expert about the volume and the kind of search terms that would likely need to be run on that ESI in order to get documents that are responsive to the government's requests. And then council's gonna have a conversation with the government about what data exists, what data can be collected or has been collected, and have a discussion with the government about the search terms or certificate of coding that would be used to analyze the electronically stored information order to get the universe of data that would be responsive to the government's request. Now, Greg, in, when defense counsel and the other forensic experts are having discussions with the government, narrowing down the, the, the scope of the c i d discussion PR discussing priorities for response, discussing timing, and the rolling production, uh, of the, in response to the C I D or grand jury subpoena, would you be involved in those discussions as well if the defense counsel wants you to be as far as your world of destru of the structured data?Speaker 4:
We would, yes, because as I see it, the qualitative, uh, discussions that happen in the unstructured data world, so going out and having inter or doing interviews and having conversations with the clients and reviewing documents needs to inform our structured quantitative analyses. And by vice versa, it's a feedback loop. And that feedback loop provides the best, uh, service to our clients. And, um, ultimately I think ends up, uh, providing them with the, the best defense, uh, with, um, the allegations that are at hand.Speaker 3:
Thanks, Greg. So now we're at the point where the government and, uh, defense team has agreed on search terms or predictive coding analysis, prop methodologies, all the day's been collected, it's starting to be, uh, re uh, searched and the responsive documents collected, and the defense team is starting to work through the responsive documents in advance of production. Um, we've already discussed, Greg, some of the work that you would do on either of these examples to analyze the data that the structured data that you work with to assist counseling, understanding, uh, the, whether the government's theories have any merit. Um, now as this process is ongoing, there may be a time that the defense team wants to focus on what, if any damages may result from the government's investigation and the civil context under the CIDs in the either of the examples. Let's take the Part C example first. Um, would you be working with defense counsel? Actually, lemme rephrase that. Defense counsel, I'd be asking you to assist me in calculating, uh, potential damages if the government's theory of liability proves to be accurate. Could you briefly discuss in the example of the Medicare Part C example, uh, what kind of work you'd be doing, what kind of assistance you'd be writing counsel and, and assessing what, if any, damages existSpeaker 4:
In, in that example? Um, and, and really in, in all examples, when, when I'm asked to look at the potential damages that relate to an allegation, I have to go about creating a but four world and that, but four world, uh, is based on my experience with the data and what we have the ability to construct using the data that's at hand with the example that you've provided. Um, so a Medicare advantage plan that, um, let's assume now has, uh, inappropriately added diagnosis codes to the patient's records, we would have to go through and remove those diagnosis codes and then understand how the reimbursement would have changed to the health plan from the federal government. So we would need to calculate that financial impact, which would require running the diagnosis codes through, uh, our, through the government's modeling. So they're HCC modeling, which, uh, is, is used to identify takes. It's used to identify the, uh, um, HCCs that a beneficiary has according to the diagnosis that the, that beneficiary has. And then furthermore, identifies the risk score for that beneficiary. The risk score is one of the key drivers of reimbursement, and that risk score may change if a different, if a diagnosis code is deleted from that beneficiary's record. It's not always the case though that that risk score changes because in some cases, a diagnosis code does not affect the risk score. So we would go through to model the impact to provide that reasonable, but for world scenario.Speaker 3:
Thank you, Greg. And while you're doing that, um, in this process, the defense team, including the other forensic uh, expert, is, uh, preparing the production to the government and the data would be stored for defense team review, the emails, the other electronically stored information, the unstructured data and electronic versions of the hard copies would be stored on a database concordance or relativity so that the defense team can review it in advance of production and would have the data available. Um, as the case progressed, your data is slightly different cuz it's so voluminous and it's really working with structured data within databases. So while another, uh, forensic expert with unstructured data will be providing the defense team the ability to access that data, whether it's on, you know, a cloud system or some other method so that the defense team can start reviewing the data, um, and preparing for defending the matter, your data is slightly different. So how would you make the results of your data analysis accessible to the defense team? Um, as the case progresses so that the defense team has information necessary to, uh, appropriately defend the clientSpeaker 4:
We would need to provide. And we have provided summaries of the data that we have on hand. Uh, as I mentioned, what we are dealing with are oftentimes millions of, uh, rows of data, many different fields within each row of that data. So there's no way that we, uh, can, in an easy format provide that to the, the legal team. For instance, we can't just give you an Excel spreadsheet that's got this much data in it. It would, it would break Excel and it would, uh, drive the attorneys, uh, crazy if we, if we provided this level of, of information. So we have to ensure that we've provided summary level data to get the attorneys and the defense team comfortable with whatever may be produced. And then also that we've worked together to ask of the data, the right questions that will help inform the defense team as to the allegations that are at hand.Speaker 3:
Thank you, Greg. Greg, that's extremely helpful. So listeners, I believe that our time has is up. We appreciate you taking the time to listen to our conversation today and, uh, we hope you'll join us for future podcasts. And once again, thank you to b r G for sponsoring this, uh, podcast series. And thank you again to Matt Wenzel for his wonderful participation and introduction today.