Skip to Main Content
Contact information, policy documents and more

Fraud & Abuse



Laws and Regulations:

Federal False Claims Act
The False Claims Act (FCA) provides that any person who knowingly presents or causes to be presented a false or fraudulent claim for payment or approvals (among other activities) is liable to the United States Government for a civil penalty of $5,000 to $10,000 plus three times the amount of damages the Government sustains because of the act of that person. The FCA includes a qui tam provision, where individuals can bring claims on behalf of the Government in exchange for a percentage of any recovery.

See 31 United States Code §§ 3729 - 3733 for further information.

Anti-Kickback Statute
Provides civil and criminal penalties for individuals or entities that knowingly and willfully offer, pay, solicit or receive “remuneration” to induce the referral of business.  Examples of “remuneration” include services (such as free testing or supplies) as well as items (such as cash, equipment, software, gifts, and other things of value).  No bribes, kickbacks or other inappropriate payments should be offered or given to any person or entity for any reason including, but not limited to, the acquisition or retention of business.

See 42 United States Code § 1320a-7b(b) for further information.

Stark Law
The Stark Law prohibits a physician from making a referral for certain designated health services to an entity in which the physician (or a member of his or her family) has a financial relationship with that entity.

See 42 United States Code §1395nn for further information.

Balanced Budget Act
The BBA expanded the OIG’s sanction authorities and established a toll-free fraud and abuse hotline for individuals who suspect that fraud or abuse have occurred in federal healthcare programs. Further amendments to BBA were made in 2002 and require health plans to implement the following measures:

  • Document policies and procedures
  • Articulate a commitment to comply with state and federal regulations
  • Designate a compliance officer and compliance committee
  • Develop solid detection and reporting processes
  • Provide education to employees, providers, and members

See Public Law 105-33 for further information.

Deficit Reduction Act of 2005
The Deficit Reduction Act of 2005 (“DRA”) established the Medicaid Integrity Program, the first comprehensive federal strategy to reduce fraud, waste and abuse in the Medicaid program. Other examples of anti-fraud provisions enacted by the DRA include strengthening the ability of State Medicaid Agencies to pursue third-party liability, establishing a national expansion of the Medicare-Medicaid data match program, and including incentives for states to enact their own False Claims Act statutes.

See Public Law 109-171 for further information.

Fraud Enforcement Recovery Act of 2009
The Fraud Enforcement Recovery Act of 2009 (FERA) made a number of changes to False Claims Act (FCA), including, but not limited to, broadening the range of conduct that can be subject to false claims prosecution, as well as updates to FCA filing procedures.

See Public Law 111-21 for further information.

Patient Protection and Affordable Care Act
In addition to providing funding to combat healthcare fraud, the Patient Protection and Affordable Care Act (ACA) enacted a number of provisions targeted toward the prevention of fraud, waste and abuse. Some of the notable components of the ACA include the following:

  • Established robust screening requirements for providers and suppliers;
  • Expanded the role of Recovery Audit Contractors to Medicaid and Medicare Parts C and D;
  • Adopted new penalties to deter fraud, waste and abuse, including, but not limited to:
    • harsher civil and monetary penalties on providers who commit fraud;
    • increasing the federal sentencing guidelines for health care fraud offenses involving more than $1,000,000 in losses;
    • new fines and penalties for providers who fail to return overpayments from Medicare in Medicaid within 60 days; and
  • Expanded the CMS integrated data repository to incorporate data from all federal healthcare programs;
  • Revisions to the False Claims Act and Stark Law.

See Public Law 111-148 for further information.

21st Century Cures Act
The 21st Century Cures Act enacted a number of changes to strengthen fraud and abuse measures in the Medicaid program. Some of the notable changes include the following:

  • Requiring states to screen and enroll providers participating in a Medicaid or CHIP managed care organization who are not already enrolled in the state’s fee-for-service program
  • Requiring states to submit information regarding terminated Medicaid and CHIP providers to a centralized database
  • Prohibiting federal financial participation for items and services delivered by terminated providers; and
  • Establishing a timeline for states to adopt electronic verification systems for certain Medicaid-provided services, including personal care and home health services.

See Public Law 114-255 for further information.

Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) required the Department of Health and Human Services to adopt national standards for electronic health care transactions, code sets, unique health identifiers, and security. The law had three components, detailed below:

  • The Privacy Rule, which set national standards for the protection of individually identifiable health information by health plans, healthcare clearinghouses and health care providers who conduct the standard health care transactions electronically;
  • The Security Rule, which set national standards for protecting the confidentiality, integrity, and availability of electronic protected health information; and
  • The Enforcement Rule, which provides standards for the enforcement of all the HIPAA Rules.

See the Health Information Privacy website by HHS for further information.

Health Information Technology for Economic and Clinical Health Act (HITECH)
Subpart D of the HITECH Act strengthened the civil and criminal enforcement of the HIPAA rules. Some of the notable changes include the following:

  • Established four categories of violations with corresponding penalties;
  • Set the maximum penalty amount of $1.5 million for all violations of an identical provision;
  • Prohibit penalties for any violation that is corrected within a 30-day time period, as long the violation was not due to willful neglect; and
  • Removed the bar on assessing penalties if the covered entity did not know and with the exercise of reasonable diligence would not have known of the violation

See Subpart D of the HITECH Act for further information.

Pennsylvania Code – Enforcement Actions by the Department (1101.77)
§ 1101.77 details the fraud abuse sanctions the Pennsylvania Department of Human Services may take against provider’s enrolled in or who directly or indirectly participate in the Medical Assistance program.

See 55 Pa. Code § 1101.77 for further information.

Pennsylvania Code – Provider (1101.75) and Recipient (1101.92) Prohibited Acts
§§ 1101.75 and 1101.92 detail the prohibited acts and accompanying criminal and civil penalties for providers enrolled in the Medical Assistance program and recipients of Medical Assistance program benefits, respectively.

See 55 Pa. Code § 1101.75 and 55 Pa. Code § 1101.92 for further information.

Pennsylvania Code – Medical Assistance Manual
55 Pa. Code §§ 1101-1251 set forth the Pennsylvania Medical Assistance regulations and policies which apply to providers and recipients.

See 55 Pa. Code §§ 1101-1251 for further information.

Fraud and Abuse Definitions:

Fraud: Any intentional deception or misrepresentation made by a person with the knowledge that the deception could result in some unauthorized benefit to himself, herself or some other person. It includes any act that constitutes fraud under applicable federal or state law.

Waste: Involves the taxpayers not receiving reasonable value for money in connection with any government funded activities due to inappropriate act or omission by player with control over, or access to, government resources.

Abuse: Provider practices that are inconsistent with sound fiscal, business or medical practices and result either in an unnecessary cost to the Federally funded programs or in reimbursement for services that are not medically necessary or provider practices that fail to meet professionally recognized standards for healthcare. It also includes recipient practices that result in unnecessary cost to the federally funded programs.