According to a new report, healthcare providers need to prioritize their compliance with the Controlled Substance Act (CSA) and False Claims Act (FCA). The federal government, say the authors, is taking a tough stance on medication diversion, and providers(including long-term care and senior living communities in which residents are prescribed controlled substances) may find themselves liable if a staff member diverts patients’ medications for illicit use.

According to the report compiled by Bass, Berry & Sims’ Healthcare Fraud & Abuse Task Force, the federal government has recovered $2.69 billion from FCA cases in 2023, with the healthcare industry accounting for the vast percentage of recoveries.  At the same time, the authors noted that there has been a recent “paradigm shift” in government enforcement under the CSA that goes beyond efforts to prosecute the individuals who divert controlled substances for illicit use by themselves or others. The CSA now applies, said the report, “to every actor in the controlled substances supply chain, including manufacturers, distributors, pharmacies, and practitioners.”

CSA and related regulations focus on the maintenance of detailed, accurate records of every controlled substance transaction; mandatory reporting of all transactions, theft, or significant loss; and the assurance of appropriate and sufficient security to prevent controlled substance theft or diversion. The report noted, “When the government discovers CSA compliance issues or diversion, it now demands to know how these issues occurred and seeks to hold DEA registrants accountable for alleged violations at their facilities and shortcomings in their controls.”

According to the report’s authors, filing lawsuits involving healthcare providers under the FCA “remained the driving force behind the government’s civil enforcement efforts.” They added that the U.S. Department of Justice (DOJ) has “continued to aggressively pursue criminal enforcement efforts involving the healthcare industry.”

The U.S. Department of Justice (DOJ) guidance on compliance says providers should be able to answer three basic questions about their programs:

• Is the compliance program well designed?
• Is it applied “earnestly and in good faith as evidenced by the fact that it is adequately resourced and empowered to function effectively”?
• Does the compliance program work in practice?

Additionally, guidance calls for an evaluation of compensation structures and consequence management, transparent communication about disciplinary processes/actions, and tracking data on disciplinary actions. Organizations are encouraged to consider “incentivizing compliance” using systems that tie compensation to standards of conduct. At the same time, the report said, “The government also increasingly expects that companies with robust compliance programs will have effective policies addressing the use of personal devices and third-party messaging platforms.”