BLOG POST

Health Law Scan

Legal Insights and Perspectives for the Healthcare Industry

Show Me the Data: What Does DOJ’s Data-Driven Investigative Focus Mean for Healthcare Stakeholders?

As noted in our recent LawFlash, the US Department of Justice’s (DOJ’s) COVID-19 Fraud Enforcement Task Force (CFETF) recently released its annual compilation report of its efforts to combat fraud related to pandemic relief programs since 2020. Accompanying the report, Deputy Attorney General Lisa Monaco and the Biden administration announced strong support for creating and securing funding for future data analytics tools like those used by the Pandemic Response Accountability Committee’s (PRAC) Pandemic Analytics Center of Excellence (PACE).

The report and related announcements signal that DOJ—and possibly other enforcement agencies like HHS-OIG—are “all in” on applying the data-driven investigative techniques developed for pandemic-related fraud to all forms of fraud involving federal spending.

Healthcare stakeholders, in particular, should take note of this development and consider how the enforcement of anti-fraud laws like the False Claims Act and Anti-Kickback Statute will change in the near future. As the primary target of most federal fraud investigation activity, healthcare providers, suppliers, and manufacturers will likely be most impacted by the improvement in fraud analytics tools.

PACE and Pandemic Fraud

The PRAC created PACE as an analytics hub of data scientists and investigative analysts to identify potential fraud in data associated with pandemic relief programs such as the Small Business Administration’s Economic Injury Disaster Loan program (EIDL) and Paycheck Protection Program (PPP). PACE is a centralized resource that, according to DOJ, offers data management, advance analytic capabilities, and “investigative lead generation” for the PRAC across relief programs and enforcement agencies.

One of PACE’s core benefits to the PRAC has been its ability to access vast amounts of public and non-public data and share it across enforcement agencies. The CFETF report notes that PACE has “access to 47 government, public, and non-public data sets and has established Memorandums of Understanding with 47 [Office of Inspector Generals] and law enforcement agencies to prevent and detect improper payments and fraud across federal benefits programs.” It is important for healthcare providers to note the use of language here: it is not just “fraud” that PACE is detecting, but also “improper payments”—a much more substantial area of risk.

The enforcement statistics paint a robust picture of PACE’s investigative support. PACE has supported over 45 federal law enforcement agencies and OIGs in over 700 pandemic-related investigations, with a total estimated loss of $1.87 billion. Notably, the report does not provide what percentage of those 700 investigations led to a recovery by the federal government.

How the PACE Model Detects Fraud

PACE asserts that its personnel analyze data sets by using risk models, machine learning, and artificial intelligence (AI) to identify trends, anomalies, and/or “red flags” in data associated with pandemic-relief programs. PACE scientists have been using these tools to automate some aspects of monitoring pandemic relief spending and related data and have also used “social media analysis” to uncover potential fraud rings. PACE then packages this data and accompanying analysis to the PRAC Fraud Task Force to pursue investigations with the relevant enforcement agencies.

As an example of PACE’s model, in January of 2023, PRAC issued a special fraud alert that identified over 69,000 questionable Social Security numbers (SSNs) that were used to obtain approximately $5.4 billion from the EIDL and the PPP. PRAC used PACE to analyze over 33 million EIDL and PPP applications and identified a targeted selection of SSNs that may have been invalid or not assigned before 2011.

PRAC then asked the Social Security Administration to validate the information associated with these SSNs, which led to the identification of SSNs that were either not issued by the SSA or did not match SSA records. This has led to further investigation of the funds issued to individuals associated with these suspect SSNs by the Small Business Administration, OIG, and CFETF.

Expanding PACE and AI Investigation Concepts to Healthcare Stakeholders

The PRAC and PACE are currently set to expire on September 30, 2025. However, DOJ, the Biden administration, and congressional leaders have begun to call for a similar oversight committee to succeed the PRAC and expand the next committee’s investigative mission to cover all fraud involving federal funds. In DOJ’s press release, Deputy Attorney General Monaco requested that “the necessary funding and data analytic tools” be secured for prosecutors going forward.

The Biden administration similarly announced its support for recently introduced bipartisan legislation that would implement the PRAC’s successor committee, specifically noting that President Biden “supports a permanent anti-fraud data and analytics capability analogous to PACE… covering all Federal spending.” It is a question of “when”—not “if”—enforcement agencies like the DOJ will be armed with a new data analytics hub to pursue enforcement actions. And their primary area of focus will be squarely on billing practices and relationships of healthcare providers.

Data mining in healthcare, of course, is nothing new. The federal government and program integrity contractors have used these resources for years attempting to ferret out fraud. The difference is in the efficacy and resource intensity of the tools. Whereas data review previously involved laborious human intervention to detect anomalies, this process can now be automated, be done much faster, and use greater parameters to investigate particular risk areas.

Representatives from DOJ and other enforcement agencies like HHS-OIG have been publicly noting the increased use of data to drive enforcement for some time, but the specific call for an analogous version of PACE appears to be one of the first concrete and publicized steps in that direction. If a broader data analytics hub becomes a reality in the near future, stakeholders in the healthcare and life sciences industry should be ready for these data-driven investigations.

The unanswered question, however, is how effective this approach may be. The CFETF report does not provide any statistics on data-initiated investigations that turned out to be false positives. Without a glimpse under the hood of PACE’s proprietary analytical tools to understand relevant variables and what human-led decisions were made to influence the AI datasets, it appears inevitable that widening PACE’s approach to all federal spending will continue to result in innocent stakeholders getting swept up into investigations and potential litigation.

How DOJ and others implement these new tools will dictate the risk profile they present to well-meaning providers. As a result of this new reality, stakeholders in the healthcare industry, and their counsel, will need to be well-versed in these tools, as well as their own data, to identify and combat flaws in the government’s analytic-driven enforcement models.

If you have any questions about responding to a data-driven enforcement action, contact the authors.