The Coronavirus Aid, Relief, and Economic Security (CARES) Act provided trillions in economic relief in response to the COVID-19 pandemic, including hundreds of billions of dollars in aid for the healthcare industry.  Regulators in the healthcare industry have also adjusted regulations and procedures in response to the changing landscape caused by the pandemic.  While the CARES Act and regulatory changes provide much-needed help, accepting funds and navigating the regulatory changes can add many legal pitfalls to an already cluttered regulatory scheme.  As the government prepares to prosecute fraud and abuse by recipients of CARES Act funds, healthcare entities—the top payors of government enforcement and qui tam dollars—should take care to avoid claims of misconduct under the CARES Act.

 Coronavirus, CARES Act funds

Expect Aggressive Enforcement of CARES Act Fraud

Any time the government pays out significant sums of money for economic relief, a massive wave of enforcement follows.  The Department of Justice, United States Attorneys’ Offices, and Inspectors General have all been ordered to prioritize the investigation and prosecution of fraud and abuse related to CARES Act funds and COVID-19-related scams.  In addition to government watchdogs, the public has been enlisted to report fraud through federal and state government websites and hotlines. There is no shortage of new, well-funded enforcement bodies formed for the express purpose of investigating and prosecuting fraud and abuse.  The CARES Act established a Special Inspector General for Pandemic Recovery (SIGPR), who is tasked with investigating financial assistance programs for businesses under the CARES Act.  The Act also established the Pandemic Response Accountability Committee (PRAC), which is composed of inspectors general from several agencies, and the COVID-19 Congressional Oversight Commission, a bicameral Congressional commission empowered to secure information from federal departments related to programs and spending in response to the COVID-19 pandemic.

The Department of Health and Human Services (HHS) has already begun applying extra scrutiny to entities in the healthcare industry receiving CARES Act funds.  On April 22, 2020, HHS Secretary Alex Azar issued the following warning: “Congress has entrusted us with an immense amount of money to send to providers, and we will be clear and careful about how we’re doing it…There will be significant anti-fraud and auditing work done by HHS, including the work of the Office of the Inspector General.”[1]

Entities in the healthcare industry that receive Public Health and Social Services Emergency Funds (Relief Funds) must satisfy requirements that depend on their certifications and representations.  Organizations that receive Relief Funds are deemed to have accepted the Terms and Conditions.  The following are some highlights from the Terms and Conditions applicable to receipts of the Relief Funds:

  • Recipients must certify that payments will only be used for medical expenses or lost revenues attributable to COVID-19.
  • Recipients that receive more than $150,000 must submit quarterly reports that detail the use of the funds received.
  • Recipients must maintain appropriate records and cost determinations.
  • Recipients must limit patient out of pocket expenses for out-of-network coronavirus services to patient in-network out of pocket payment rates.
  • Recipients cannot use funds to reimburse losses that have been reimbursed from other sources.
  • Recipients must not make a grant or provide a loan to any corporation that has any unpaid Federal tax liability.[2]

Enforcement actions will also include claims brought by the government and private whistleblowers under the False Claims Act (FCA).  The FCA allows private whistleblowers to bring claims on behalf of the government (known as “qui tam” cases) when alleging fraud against the government.  For decades, the FCA has been the government’s strongest enforcement tool for combatting fraud, waste, and abuse against the government, with most claims starting as whistleblower claims.  The Department of Justice recovered $2.6 billion under the FCA in 2019 alone, with the healthcare industry comprising 70% of FCA investigations and settlements.

The current pandemic has created the perfect storm for whistleblower claims.  Whistleblowers already have a strong incentive to bring FCA cases because they can receive up to 25% of the total amount recovered.  Constant procedural and regulatory changes in response to the pandemic create an especially high risk of FCA claims for healthcare companies, stemming from potential errors like improper claim billings and adjudication, inconsistent utilization determinations, and accounting and reporting errors.  Economic changes also threaten a massive wave of new whistleblowers: disgruntled former employees often file FCA claims against former employers, so the unprecedented spike in unemployment will likely lead to an unprecedented spike in whistleblowers.

Civil and Criminal Liability for Misrepresentations Under the CARES Act

The enforcement actions taken against those making misrepresentations to the government when applying for Relief Funds may lead to civil and criminal liability.  First, intentional misrepresentations to the government may subject potential wrongdoers to prosecution under 18 U.S.C. § 1341 (mail fraud), 18 U.S.C. § 1343 (wire fraud), and 18 U.S.C. § 1344 (bank fraud).  Each of these crimes is punishable by up to $1,000,000 in fines and/or up to 30 years imprisonment.  Businesses and individuals making intentional misrepresentations to the government may also be criminally liable for making false statements to a federal official under 18 U.S.C. § 1001 and for knowingly submitting false claims to the government under 18 U.S.C. § 287.

Second, those who make misrepresentations to the government may also face civil liability under the FCA.  A business need not know that the representation was false: they need only “act[] in deliberate ignorance of the truth or falsity of the information,” or “act[] in reckless disregard of the truth or falsity of the information, and no proof of specific intent to defraud is required.” 31 U.S.C. § 3729(b)(1).  The statute of limitations is long (6 to 10 years) and liability under the FCA is severe, including up to $23,330 in penalties per false claim and triple the amount of loss sustained by the government.

Ways For Healthcare Entities to Mitigate Risk

Businesses in the healthcare industry—already the most heavily regulated industry in the country—understand the need to take precautions against liability when receiving government funds.  The following are proactive steps that healthcare businesses can take to mitigate risk when receiving CARES Act funds.

  1. Ensure That All Certifications Are Truthful

Recipients of CARES Act funds must make certifications of certain facts in order to receive funding.  False certifications can lead to severe civil and criminal liability, so businesses should redouble their efforts to ensure that their certifications are correct, and that they are aware of and in compliance with all relevant regulations.  Businesses should review submissions and correct errors in their certifications as quickly as possible, and return funds immediately if they discover they are not eligible for such funds.

  1. Revisit Whistleblower Rules and Pay Attention to Potential Exposure Areas

Businesses should identify risk areas related to the pandemic and evaluate the adequacy of policies addressing the risk areas.  Potential whistleblower claims are an especially high-risk area now.  To minimize the risk of whistleblower claims, businesses should create an environment that encourages employees to voice complaints internally, allowing businesses to investigate and correct potential errors before they lead to whistleblower claims.  Businesses should provide adequate training, education, and reviews for their employees.  They should also maintain procedures that allow employees to voice complaints without fear of retaliation.  Once complaints are received, businesses should investigate the complaints thoroughly and address any noncompliance they find.  Finally, businesses should perform exit interviews with employees to ensure that they do not leave with unaddressed compliance concerns.

  1. Appoint a Resource to Keep Up With New COVID-19-Related Legal Developments

The government’s response to COVID-19 changes rapidly, so businesses must ensure that they are aware of new developments and respond accordingly.  New regulations will impact business decisions over whether they can access government funds, and proactive steps needed to stay compliant with legal requirements.  Healthcare businesses should also be vigilant for new developments in regulations on treatments for COVID-19 patients.  Visit our firm’s Coronavirus Insights Portal for the latest legal developments related to COVID-19.

  1. Prepare and Maintain Detailed Records

It is essential that businesses maintain accurate and detailed records of all conduct that could lead to liability.  All communications with the government should be documented to prove what was communicated to the government, but also to prove that businesses acted in accordance with guidance from the government and demonstrating good faith, due diligence and good corporate citizenship.  Asking the government clarifying questions goes a long way toward demonstrating good faith.  In addition, all representations and certifications to the government should be backed by records proving the truthfulness of the representations.  These records should be kept in an accessible, centralized location and will help show that the business acted legally should it ever face audits or government investigations.

  1. Perform Regular Audits and Monitoring

To guard against legal liability, businesses need to know what is happening within the business.  This will involve regular auditing and review of business activities, especially in high-risk areas like billing and claims.  Businesses should also maintain an internal monitoring system that will alert them when suspicious activities occur.  These systems may help businesses detect potential wrongdoing and prevent them from becoming more severe.

  1. Maintain Clear and Transparent Communications with the Government

Communicating with the government can carry legal risks for unwary businesses.  Outside legal counsel often fill this role and have experience with communicating with the government.  Having a clear channel will help businesses maintain complete records of communications and avoid making unintended disclosures to the government.

  1. Maintain An Action Plan For Responding to Allegations of Fraud, Waste, and Abuse of Government Funds

Allegations of misconduct could come through internal complaints, government investigations, or lawsuits.  Businesses must be prepared to immediately respond to allegations of misconduct by quickly investigating the allegations and ending any unlawful conduct they discover.  Businesses must also maintain protocols for implementing litigation holds to preserve documents related to legal claims.  Preserving these documents will be necessary to establishing a legal defense.  The government may also view failure to preserve relevant documents as spoliation of evidence, which could lead to additional liability.

  1. Perform a Prompt, Thorough Investigation of Allegations or Complaints

Once businesses receive complaints or allegations of misconduct, they must immediately and thoroughly investigate the allegations to protect themselves from legal liability.  Investigations involve interviewing witnesses and reviewing relevant documents, preferably through outside counsel to protect the investigation under the attorney-client privilege.  Thorough investigations also demonstrate due diligence and good corporate citizenship.

  1. Review and Update Compliance Plans, Policies, and Procedures

Businesses must update compliance plans to effectively prevent misconduct.  Compliance plans may be outdated, especially in light of rapidly developing responses to COVID-19, so the plans should be updated to match new legal, personnel, and logistical developments.  Even if compliance plans are up to date, lax enforcement of the plans may also put businesses at risk of noncompliance.  These compliance plans should also include procedures to immediately respond to pandemic-related emergencies.

  1. Stay Vigilant

As a general point, businesses must stay vigilant to all areas of COVID-19-related changes.  They must understand which provisions are temporary and which are permanent.  They must ensure that they are in compliance with changes in requirements by public and private health plans.  Internal systems should also ensure that claims processing systems incorporate these changes, and that new provisions are applied to patients equally.  Finally, businesses must be prepared to unwind temporary procedures when emergency measures begin to relax.


While the CARES Act provides healthcare entities with much-needed support, they bring the threat of severe government enforcement for noncompliant recipients.  Healthcare entities must take precautions to avoid making misrepresentations to the government when receiving government relief.

For more information on this topic, have a look at our recent webinar “Cares Act Oversight and Enforcement”.

In addition, check out Sheppard Mullin’s Coronavirus Insights Portal which now aggregates the firm’s various COVID-19 blog posts on a broad range of topics. Click here to view and subscribe.

As you are aware, things are changing quickly, there is no clear-cut authority or bright line rules in this area, and the aid measures and interpretations described here may change. This Blog does not reflect an unequivocal statement of the law, but instead represents our best understanding and interpretation based on where things currently stand. This Blog does not address the potential impacts of the numerous other local, state, and federal orders that have been issued in response to the COVID-19 pandemic, including, without limitation, potential liability should an employee become ill, requirements regarding family leave, sick pay, and other issues.


[1] Department of Health & Human Services. “Remarks to Press on the Announcement of Additional Allocations of CARES Act Provider Relief Fund.”  April 22, 2020.

[2] Department of Health & Human Services. “Terms and Conditions for Provider Relief Fund Distributions: Relief Fund Payment from $30 Billion General Distribution.”