INSIGHTSLeading Light

The Government Knows the Playbook — So Should You 

wchinsights

An Interview with Robert W. Liles, JD, MBA, MS 

He wrote the federal playbook on healthcare fraud — then spent the next 25 years helping providers survive it.  

Robert W. Liles, JD, MBA, MS, Managing Partner at Liles Parker, Attorneys & Counselors at Law (Washington, DC), is one of the most distinctive voices in American healthcare law. As the nation’s first National Health Care Fraud Coordinator for the U.S. Department of Justice, he trained federal prosecutors across the country on how to investigate and prosecute healthcare fraud. He then crossed the aisle into private practice — and has spent more than two decades doing exactly the opposite: defending the providers those prosecutors target. 

With over three decades of experience spanning the Southern District of Texas U.S. Attorney’s Office, private regulatory defense, and service as compliance counsel for national physician associations, Liles holds a uniquely panoramic view of where healthcare enforcement has been — and where it is heading. He is also a Certified Professional Coder (CPC), which means his understanding of billing disputes goes far deeper than legal theory. 

In this interview, Liles pulls no punches: on UPIC audits and extrapolated damages, on the risks of incident-to billing, on AI in medical coding, and on what every physician opening a private practice today absolutely must understand. The message is consistent throughout: ignorance is not a defense, and the government is not bluffing. 

Mr. Liles, you have stood on both sides of the courtroom — first as a Federal prosecutor and now as defense counsel. How does having been the “first National Health Care Fraud Coordinator” shape the way you defend providers today? 

Before I attended law school, I started out on the provider side, in hospital administration. I believe that many of the lessons I learned and the real-world perspective I gained while working on the provider side gave me a much better practical understanding of the challenges providers face when I became a prosecutor. Since leaving the DOJ and working as defense counsel, I believe I have a better sense of what to expect from the government and how to better resolve the government’s concerns regarding my client. 

What is the most significant change you’ve seen in how the DOJ and HHS-OIG approach healthcare fraud since the passage of HIPAA? 

Prior to the passage of HIPAA, bank fraud, securities fraud, and other criminal and civil white-collar violations dominated the caseloads of federal prosecutors. HIPAA provided significant dedicated funding for prosecutors and OIG agents and investigators. Today, healthcare fraud investigations and prosecutions dominate the white-collar case mix of most U.S. Attorney’s Offices. 

You are both a lawyer and a Certified Professional Coder (CPC). How often does a case turn not on a point of law, but on a single misunderstood billing code? 

When it comes to analyzing billing and coding issues, prosecutors typically rely on guidance provided by the agent or investigator working for the client agency. While government agents do their best to advise the prosecutor, they sometimes make mistakes — especially regarding medical necessity and coverage determinations. As a coder, I can better argue my client’s case and can often show that even if a claim was incorrectly coded, it was a mistake or an error, not fraud. 

In your recent analysis, you highlighted the dangers of “Incident-to” billing when a physician is out of the country. Why is this specific area becoming such a “low-hanging fruit” for CMS auditors? 

Under the new 2026 “direct supervision” rules covering the billing of incident-to services, a supervising physician who is available via two-way audio/video communication technology will qualify as meeting the direct supervision requirements. Unfortunately, the 2026 amended rule does not address whether overseas access is permitted, assuming that the physician is properly licensed, credentialed by Medicare, etc. This has muddied the water and confused many providers. 

To be crystal clear: you cannot qualify as providing direct supervision if you are outside of the United States. Period. There is a regulatory prohibition against payment for non-emergency Medicare services furnished outside of the United States (42 CFR 411.9). Services cannot be billed if they are provided by individuals located outside the United States — or to beneficiaries located outside the United States. 

Can a physician ever truly be “out of the office” while still billing “incident-to,” or is the risk of extrapolated damages simply too high to justify it? 

The incident-to rules have been in place for more than 30 years — and providers still make mistakes when billing for incident-to services. Since entering private practice 25 years ago, I have consistently recommended that practices not bill incident-to. There are multiple billing requirements that must be met in order for incident-to services to qualify for coverage and payment. If you get it wrong, the government will not merely recoup the 15% differential — they will recoup all of the monies you were paid. It isn’t worth it. Have all of your physician extenders credentialed under Medicare and bill out services under their own billing numbers. 

Many providers are terrified by the term “UPIC” (Unified Program Integrity Contractor). What is the first thing a practice should do — and the first thing they should not do — when they receive an audit notice? 

Upon receipt of an audit notice from a UPIC, call experienced healthcare regulatory counsel immediately — BEFORE sending in the records requested. Experienced counsel can work with you to make sure that the submission is complete, can guide you to avoid potential document production pitfalls, and may advise you whether the submission of claim summaries to accompany the requested records is a good idea. 

“Extrapolated damages” can turn a few thousand dollars in errors into a multi-million dollar nightmare. How do you challenge the statistical validity of these samples? 

In early cases, we successfully challenged countless extrapolations by identifying relatively basic reasons why the calculations were inconsistent with accepted statistical principles and practices. Now, however, providers should expect UPICs and other Medicare contractors to vigorously oppose most, if not all, hearings challenging the validity of the extrapolation. While we still challenge extrapolations as early as possible in the appeals process, we typically now engage a statistical expert to assist our efforts prior to the ALJ level of appeal. 

Contractors often make significant mistakes, and you should not take for granted that the UPIC’s extrapolation will stand up in court. Should a UPIC send you a claims analysis that contains errors, an indecipherable list of statistical formulas, and an extrapolated recovery demand that will cripple your practice or clinic, it is important that you are prepared to analyze the contractor’s work and are able to prepare an appropriate response to the audit. 

Some of the errors UPICs have made in our cases have included: 

  • Improper Universe Definition. For example, the universe may include claims that are outside of the time period. Alternatively, the universe may include claims for services that are not subject to the audit. 
  • Sampling Frame Errors. An example of this type of error would be the frame omitting claims that should have been included, such as zero-paid claims, which are part of the relevant claim universe. 
  • Insufficient Sample Size. The sample must be sufficiently large to produce reliable estimates. Small sample sizes can result in wide confidence intervals and unreliable extrapolations. Unfortunately, this argument can be difficult to bring in a case because of the way the MPIM works with respect to sample size. 
  • The Sample Pulled Was Invalid. For example, you may argue that it was not randomly drawn from the universe or target population. Additionally, a provider may argue that the sample does not meet the standard for a “statistically valid random sample” if (a) the methodology used is not generally accepted by industry experts, (b) the confidence interval or margin of error is too wide, or (c) the sample is not representative of the universe of claims due to sample selection flaws. 
  • The Sample Was Incorrectly Projected to the Universe. A provider may argue that the contractor improperly assumed that every sampled error can be projected to the entire universe. The sample did not reflect variation among locations, time periods, practitioners, or service types. 
  • The Universe Covered Multiple Periods Where the Coding or Medical Necessity Requirements Changed. For example, when billing “Incident To” services, the direct supervision requirements were modified while the COVID-19 public health emergency was in effect. 
  • The Sample Cannot be Reproduced. Either due to a failure of the CMS contractor to fully document their work or the result of a mistake, a third party cannot reproduce the sample. Therefore, the extrapolation must be ruled invalid. 
  • The Confidence Interval Used is Flawed. CMS contractors commonly extrapolate from a lower-bound confidence interval, which inflates the overpayment. You can challenge whether that approach is appropriate under the facts, especially if the sample is small or the margin of error is wide. 

Unfortunately, when a UPIC seeks to collect an extrapolated overpayment, the numbers at issue are often so large that a provider will be put out of business if the government prevails. It is imperative that you work with experienced health law counsel and statistical experts to analyze the contractor’s statistical sampling and extrapolation steps. 

You serve as an Independent Review Organization (IRO) for Corporate Integrity Agreements (CIAs). What is the one compliance habit that could prevent most practices from ever needing a CIA in the first place? 

Failure to regularly review a sample of a provider’s full range of Medicare claims. There is sometimes a tendency to focus only on the types of claims that were cited in an underlying False Claims Act case. When an outside IRO is tasked with conducting an audit, the OIG will almost always require the sample to come from the entire universe of Medicare claims billed by the provider — not only the “problem” claims. Therefore, a provider under a CIA must work to ensure that all of their Medicare claims meet the eight requirements of a payable claim. 

With the integration of AI in medical coding and billing, do you foresee a decrease in human error or a new frontier of systemic compliance risks? 

I recently spoke at a specialty physician conference. After speaking, I visited the vendor area, where each vendor had set up a booth to market their products. Literally every vendor had at least a tagline on their signage touting how their product has incorporated AI into its programming, compliance assessments, and so on. So I asked each one if they were familiar with the position that the DOJ has taken regarding AI. 

As Deputy Attorney General Lisa Monaco noted in her keynote remarks to the 39th National Institute on White Collar Crime: 

“We have long used sentencing enhancements to seek increased penalties for criminals whose conduct presents especially serious risks to their victims and to the public at large — like increased penalties for criminals that use firearms or other dangerous weapons. The same principle applies to AI. Where AI is deliberately misused to make a white-collar crime significantly more serious, our prosecutors will be seeking stiffer sentences — for individual and corporate defendants alike.” 

None of the vendors was aware of the DOJ’s position on the misuse of AI. Although AI may be useful, if it results in documentation that is misleading or false, or incorrectly codes a claim, the DOJ will seek enhanced penalties. The real question every provider should be asking is: what steps has a vendor taken to avoid putting the provider — and the vendor — in harm’s way? 

What is the most important piece of advice you can give to a young physician opening their first private practice in today’s aggressive regulatory environment? 

Take courses from ABMA or AAPC on billing, coding, and compliance. Also, spend a few hours reviewing healthcare fraud press releases from the U.S. Attorney’s Office in your judicial district. None of the physicians accused of civil fraud or criminal healthcare fraud ever thought that they would end up violating the law. It is important to remember that many of the business practices you may regularly see in other industries are illegal in healthcare. Educate yourself. 

Want to hear more from Robert W. Liles? Join us on June 9th for a live webinar where he will dive deeper into the topics covered in this interview — from UPIC audits and extrapolated damages to AI risks in medical billing. This exclusive event is part of our Anniversary Program. Register here: https://us06web.zoom.us/webinar/register/WN_8QO-2BeCSoqVDRQhweFTWA  

Discover more from Doctor Trusted

Subscribe to get the latest posts sent to your email.

Related Posts

AI in Healthcare Claims Processing: Current Legal Landscape and Industry Impact 

Tatyana Kantor, Billing Supervisor at WCH, President of AAPC Chapter in Tashkent  The healthcare insurance industry is facing unprecedented legal…

2023 AMBA Medical Billing & Coding Conference 

Location: Planet Hollywood Hotel and Casino (Las Vegas, Nevada)  Date: October 19-20, 2023  Register: https://www.ambastore.net The world of medical billing…

AI in Healthcare: Legislative Movements in Arizona, Connecticut, and California 

Discover more from Doctor Trusted Subscribe to get the latest posts sent to your email. Type your email… Subscribe

Discover more from Doctor Trusted

Subscribe now to keep reading and get access to the full archive.

Continue reading