You can always count on lawyers to ring alarm belles and warn businesses. The line between accurate reporting and fear-mongering sometimes blurs when lawyers write so-called “alerts” to inform businesses of new or increasing risks.

When it comes to the False Claims Act, I always try to “stick to the facts.” For healthcare, pharmaceutical/medical device, and defense companies, the False Claims Act is usually the biggest risk they face.

The US Department of Justice recover over $5 billion under the False Claims Act in fiscal year 2014, slightly over $2 billion of which came from the healthcare sector. The settlements and recoveries continue to roll in for FY 2015.

DOJ relies primarily on whistleblowers or qui tam relators to fuel the FCA program. Relators are rewarded with 15 to 30 percent of a recovery depending on the contribution they make in filing a case against the defendant.

In the healthcare sector, FCA cases have focused on long-term care providers who are alleged to commit Medicare and Medicaid fraud. The most typical violations involve claims for procedures that were never provided, medicines not administered or physicians who never actually saw a patient.

False Claim Act cases have expanded these theories of liability to advance claims that care was so poor that it was “worthless.” Some courts have embraced this new theory of liability, while others have rejected it. Usually, the success of such claims depends on the specific facts at issue – the level of service was so poor as to be non-existent, courts are more likely to uphold such claims.

The risk to healthcare providers have increased significantly with the new DOJ policy of conducting a criminal review of a potential FCA case. A significant number of FCA cases include evidence of criminal liability for a company and individuals.   DOJ’s ramp up in this area is likely to bear fruit in the next year: more companies and individuals will be prosecuted for various frauds and even criminal FCA charges.

In the face of these risks, healthcare companies have to reexamine and enhance their compliance programs. They have a complex, multiplicity of risks that need to be addressed through a comprehensive ethics and compliance program.

The number one goal of every healthcare company is to create and foster a robust culture of ethics and compliance conduct. Without a mandate from the healthcare company’s board and senior management, the company will not achieve this objective. A supervisor can have a significant impact on his or her employees if committed to a robust culture of compliance. The full Board must be committed to oversight and monitoring of the company’s ethics and compliance program, and the ke risks that the company faces. As part of this commitment, the board must hold senior management accountable for the company ethics and compliance program, and the standards that are built into the program.

Employees must be made aware of company expectations as to the difference between right and wrong behaviors. At the heart of this effort is the code of ethical and business conduct. The code must be built in response to the company’s risk assessment. In most cases, the code should outline standards for medical charting and billing.

The company’s code should also include a strong statement of protection of whistleblowers against retaliation. The company’s commitment to anti-retaliation policies is an important part of promoting a speak up culture.

A company’s ability to respond to employee concerns depends on a confidential avenue to collect complaints. A confidential hotline is an important avenue, and nearly two-thirds of all internal complaints of fraud were made anonymously.

A comprehensive training program is an important means to communicate the company’s commitment to ethics, reporting obligations and anti-retaliation policies. Training educates employees on the difference between ethical and unethical conduct, as well as legal and illegal conduct.

Training programs have to include senior management and the company Board. There is no excuse for excluding directors and senior management from annual training requirements.

Managers are a critical constituency since they are on the front lines of compliance, and often the first to suspect or learn about potential misconduct. They need to be trained to respond to and elevate complaints or incidents for further review and analysis.

Once an issue is elevated, a company has to ensure proper follow-up, response and investigation occurs. An effective internal investigation system has to be organized, managed and given sufficient resources to conduct investigations in a timely fashion.