Opioid-related compliance enforcement actions 

Enforcement actions to beat back the opioid epidemic.

C.J. Wolf, MD provides enforcement action summaries for the YouCompli blog. These summaries provide real-world examples of regulators’ response to practices that don’t fully comply with regulations. This month’s article looks at opioid-related incidents.     

Government enforcement agencies continue to put the pressure on healthcare providers to ensure compliance with opioid prescribing guidelines. And for good reason: We saw 92,000 drug overdose deaths in the United States in 2020. A full 75% of these deaths involved an opioid. 

Multiple presidential administrations have focused on beating back the opioid epidemic. One way that is being done is by enforcement against healthcare providers who are contributing to the problem. The U.S. Department of Justice, through its Consumer Protection Branch, is pursuing both criminal and civil actions against entities and individuals committing wrongdoing throughout the prescription opioid supply chain. 

Providers investigated for overprescribing opioids 

For example, a pain management physician in Ohio was recently convicted for unlawfully distributing opioids through his clinic. The convictions involved the distribution of a controlled substance, outside the usual course of professional practice, and not for a legitimate medical purpose. The prescriptions greatly exceeded recommended dosages and were in dangerous, life-threatening combinations. For each charge, he faces a maximum penalty of 20 years in prison. The physician required clients to pay cash for prescriptions and they would often travel hundreds of miles to visit this physician’s particular clinic. During a four-and-a-half-year period, the physician prescribed over 111,000 pills to nine clients. Sentencing has not yet occurred. 

Non-physicians have also been subject to enforcement. In one case, a Maryland physician assistant was enjoined by the court from dispensing, prescribing, or administering any controlled substances. Officials specifically called out anyone, regardless of their credentials, to be aware of their responsibilities. The U.S. Attorney involved in the enforcement noted that the Controlled Substances act applies to physician assistants and nurse practitioners.

They “cannot overprescribe opioids and hide behind their affiliations with physicians in an attempt to shield themselves from criminal and civil liability.”    

U.S. Attorney Erek L. Barron for the District of Maryland.

The court’s action brought to close a civil complaint filed by the government against the physician’s assistant. Allegedly, she issued hundreds of opioid prescriptions that had no legitimate medical purpose and fell outside the usual course of professional medical practice. In some especially concerning examples, it was alleged she prescribed morphine milligram equivalent (MME) dosages exceeding 700 MME per day. By comparison, the Centers for Disease Control and Prevention (CDC) generally recommends that primary care clinicians avoid daily dosages of opioids over 90 MME daily. The court’s ruling requires she never again apply for or seek the reinstatement of her Drug Enforcement Administration (DEA) registration. DEA registration is required to prescribe controlled substances.  

Manufacturer fined for opioid kickback scheme 

It is not just prescribers coming under scrutiny from enforcement agencies. The agencies have also publicized major financial settlements with opioid manufacturers. For example, Insys Therapeutics is the manufacturer of a sublingual fentanyl spray, known as Subsys. The company allegedly participated in kickbacks and other illegal marketing schemes to influence prescribers. These schemes were intended to induce providers to write more prescriptions of the drug typically used for breakthrough cancer pain. Insys settled the allegations with the government by agreeing to pay $225 million.  

The primary alleged scheme was a sham speakers’ program. The company would recruit physicians, physician assistants and other prescribers to ostensibly participate as paid speakers about the drug. The program was simply a mechanism to funnel kickbacks to the providers. One physician assistant in New Hampshire had not written a single prescription for the drug before joining the speaker program. After signing on, he was soon writing over 670 prescriptions after being a paid speaker. A substantial number of other prescribers have also participated and have either settled financially with the government or pleaded guilty to accepting kickbacks. 

What should compliance officers do to stay ahead of opioid regulation violations? 

Compliance officers often include opioid monitoring on their workplan, to protect the wellbeing of patients and to safeguard their organizations against fines and reputational hits. Here are two strategies compliance officers can use. 

Know who the high-volume prescribers are.  

Are patients traveling longer distances to visit a particular clinic or provider? Are patients asked to pay cash for services? Are patients doctor shopping?  

The HHS OIG offers a toolkit and computer programming tools to assist healthcare entities with monitoring potentially concerning prescription patterns.

According to the HHS, “These toolkits and the accompanying computer code can be used to analyze claims data for prescription drugs and identify patients who may be misusing or abusing prescription opioids and may need additional case management or other follow up.”

Learn more about the toolkits – HHS OIG Toolkits for Calculating Opioid Levels and Identifying Patients at Risk of Misuse or Overdose.

Utilize your medical directors or clinical resources to assess compliance with opioid guidelines.  

Though clinical guidelines are not the end-all of clinical decision making, compliance programs can start with these respected guidelines when assessing opioid risks. 

Opioid clinical guideline examples include:  

While the enforcement actions noted in this article are focused on individual providers or manufacturers, healthcare organizations are under scrutiny as well. Staying aware of opioid-related regulatory changes and monitoring for compliance are critical steps you can take to protect patients and your organization.  

Don’t miss the next enforcement action article from C.J. Wolf.

Register now to get email notifications from YouCompli.

Managing regulatory change is crucial to avoid enforcement actions. YouCompli is the only healthcare compliance solution that combines actionable, regulatory analysis with a simple SaaS solution to help you manage regulatory change. Read more about the rollout and accountability of requirements or schedule a demo. 

Get a personal tour of YouCompli.

Physician Coding and Billing Enforcement: What to Watch For

Physician Coding and Billing Enforcement: What to Watch For
CJ Wolf, MD writes enforcement action summaries for the YouCompli blog. These summaries provide real-world examples of regulators’ response to practices that don’t fully comply with regulations.  

This month’s article looks at physician coding and billing cases. It reflects remarks CJ made at HCCA’s 2022 Compliance Institute. (For more insights from the Compliance Institute, download our white paper on how compliance professionals can help healthcare institutions mitigate risk.)

Physicians are often seen as the drivers in healthcare. They examine patients, order labs and diagnostic testing. They perform procedures and surgeries, admit patients to hospitals, and document in the medical record.  

If you ask physicians what they think about coding and billing, most of them will tell you this: The rules do not make sense, are hard to understand, and are constantly changing. Most of them are doing their best to apply the confusing rules as they care for patients. Some might even be billing improperly on purpose. Either way, these examples highlight the consequences of “getting it wrong.” They offer clues for compliance professionals to spot training opportunities before they become enforcement actions. 

Billing for services not needed or received 

In March of 2022, a New Jersey rheumatologist was convicted by a federal jury for defrauding Medicare and other health insurance programs. She had billed for services that were either unnecessary or were not provided. Court documents demonstrated the physician billed for expensive infusion medication that her practice never purchased. She also fraudulently billed millions of dollars for allergy services that patients never needed or received. The doctor will be sentenced in July for multiple counts of healthcare fraud. Each count carries a maximum penalty of 10 years. 

Compliance officers should watch for:

Follow the money.  If a practice is billing millions of dollars for allergies services, that code or set of codes is likely to stand out as an outlier to compliance programs monitoring all their billing data.  Compliance officers should have a true sense of what their organization’s bread and butter services are. Then, they should perform regular audits of those high dollar, high volume services.  

Billing for unnecessary urine drug testing 

A Florida physician, serving as a medical director for a sober living facility, was found guilty of healthcare fraud. The federal jury found that he had ordered medically unnecessary urine drug tests. Court documents showed the physician unlawfully billed approximately $110 million of urinalysis (UA) drug testing services that were medically unnecessary for patients. Some of the evidence used at trial included inappropriate standing orders for UA drug tests in exchange for a monthly fee. As a condition of residency, patients had to submit to excessive and medically unnecessary urine drug testing three to four times per week.  

Evidence also showed the medical director did not review the UA drug test results and did not use the UA drug tests to treat the patients. This lack of review called the necessity of the tests into question.  In addition, the doctor had these same patients sent to his office so he could also fraudulently bill for services through his own practice. He faces up to 20 years in prison for healthcare fraud and wire fraud conspiracy. He faces another 10 years for each of eleven counts of healthcare fraud.  

Compliance officers should watch for:

If your organization allows for standing orders, you should have a written policy that guides their use. The policy should outline the risks and benefits of the standing orders. It should describe when they are appropriate and when they are not appropriate.  That policy should also outline the process for reviewing standing orders on a regular basis to determine if they are still appropriate.  If it’s been more than a year since you’ve reviewed a standing order, you may want to schedule a review soon.   

Modifier misuse: unbundling under modifier 25 

Billing and coding modifiers can also be an area of risk for physicians. In general, most encounters are reported with one Healthcare Common Procedure Coding System / Current Procedural Terminology (HCPCS/CPT) code. Medicare generally prohibits healthcare providers from separately billing for E&M services provided on the same day as another medical procedure. The exception is if the E&M services are significant, separately identifiable, and above and beyond the usual preoperative and postoperative care associated with the medical procedure.   

When the E&M service meets this definition, modifier 25 can appropriately be appended to the E&M code. When that is done, a physician is, in essence, certifying that the procedure and E&M are separate enough to meet the definition of the modifier. 

A urology practice learned an expensive lesson by allegedly using modifier 25 inappropriately. The practice agreed to pay $1.85 million to resolve allegations of modifier misuse. The case was initiated by a qui tam whistleblower.  Allegedly the practice used modifier 25 to improperly unbundle routine E&M services that were not separately billable from other procedures performed on the same day. As a result, the practice improperly claimed compensation from Medicare for certain urological services. The whistleblower had performed audits that allegedly showed an overall error rate for the practice of 58% with some physicians showing a 100% error rate.  

Compliance officers should watch for:

Any specialty could potentially run into problems with modifier 25. Consider common clinical scenarios such as a scheduled procedure. For example, in urology a physician might schedule a patient to return to the office another day for a scope procedure or a prostate biopsy. Frequently, upon return, the procedure is performed but a significant, separately identifiable evaluation and management service might not be performed. In those cases, it would not be appropriate to bill the procedure and an E&M service, but rather only the procedure.  Automatically billing an E&M with modifier 25 just because the patient was in the office would be a red flag. 


Physicians and their practices need to be aware of coding and billing risks. Enforcement agencies and potential whistleblowers may identify outliers or flat-out fraud. Common mistakes may include a lack of documentation or not performing a service but billing for it anyway. Other common mistakes are billing for procedures or services that were performed but were not medically necessary and misuse of medical codes and/or modifiers.  

Managing regulatory change is a critical way to avoid enforcement actions. YouCompli is the only healthcare compliance solution that combines actionable, regulatory analysis with a simple SaaS workflow to help you manage regulatory change. Read more about the rollout and accountability of requirements or schedule a demo.

Download our white paper on how compliance professionals can help healthcare institutions mitigate risk.

Never miss an article from YouCompli