A DOJ Fraud Investigation Hits a Small Practice: Key Takeaways on How to Prepare and Respond (28 CFR 104.71)

Executive Summary

Small healthcare practices are not immune to Department of Justice (DOJ) fraud investigations. When allegations of false claims or fraudulent billing arise, federal investigators can launch inquiries under the False Claims Act (FCA) and related healthcare fraud statutes. Title 28 CFR 104.71 outlines investigative procedures that may involve subpoenas, interviews, audits, and potential civil or criminal penalties. This guide provides a structured, compliance-focused approach to preparing for and responding to a DOJ fraud investigation, helping small practice owners protect their business, reputation, and patients.

Introduction

For many small medical practices, the idea of a DOJ investigation seems like a remote risk, something that happens only to large hospital networks or bad actors engaging in blatant fraud. In reality, even well-meaning providers can be targeted if billing errors, improper documentation, or questionable coding patterns are detected by federal auditors or whistleblowers. The DOJ takes healthcare fraud seriously, and the consequences can include substantial financial penalties, exclusion from federal healthcare programs, and in severe cases, criminal prosecution.

Under 28 CFR 104.71, federal authorities have broad powers to investigate suspected fraud involving Medicare, Medicaid, TRICARE, and other government healthcare programs. A small practice caught unprepared may find itself overwhelmed by subpoenas, document requests, and investigator interviews. However, with the right preparation and rapid, coordinated action, you can navigate the process while mitigating the potential fallout.

Understanding DOJ Fraud Investigations and 28 CFR 104.71

28 CFR 104.71 provides the regulatory framework for fraud investigations conducted by the DOJ and its Civil Division. This includes investigations into false claims submitted to the federal government, such as improper Medicare or Medicaid billing.

Key Provisions of 28 CFR 104.71 Relevant to Small Practices:

Initiation of Investigations: The DOJ can act on tips from whistleblowers (under the qui tam provisions of the FCA), data mining from claims submissions, or referrals from agencies like the HHS Office of Inspector General (OIG).
Investigative Tools: DOJ attorneys can issue Civil Investigative Demands (CIDs) requiring production of documents, written interrogatories, or oral testimony.
Coordination with Other Agencies: DOJ often works alongside OIG, CMS contractors, and state Medicaid Fraud Control Units.
Possible Outcomes: Cases can result in settlements, dismissals, or trials. In many instances, settlements include corrective action plans, corporate integrity agreements, and ongoing monitoring.

Common Triggers for a DOJ Investigation

Even a compliant small practice can attract DOJ scrutiny under certain circumstances. Typical triggers include:

Unusual Billing Patterns: Submitting a higher-than-average number of claims for certain procedures compared to peer practices.
Upcoding or Unbundling: Billing for more complex services than were provided, or separately billing for services that should be bundled.
Documentation Gaps: Incomplete or inconsistent patient records that fail to support billed services.
Kickbacks and Referrals: Accepting or offering remuneration for patient referrals, in violation of the Anti-Kickback Statute.
Whistleblower Complaints: Former employees or contractors reporting suspected fraud under the FCA’s qui tam provisions.
Data Analysis Flags: Automated Medicare and Medicaid systems flagging anomalies in claims submissions.

Preparing for a DOJ Fraud Investigation

The best way to handle a DOJ investigation is to be ready before it ever happens. Proactive preparation includes:

1. Establishing a Compliance Program

Appoint a compliance officer (even in a small practice, this can be a shared role).
Implement written policies covering billing, coding, documentation, and conflict-of-interest disclosures.
Conduct regular training on Medicare, Medicaid, and FCA compliance.

2. Conducting Regular Internal Audits

Review coding accuracy, medical necessity, and documentation completeness.
Use external auditors periodically for an unbiased assessment.

3. Maintaining Thorough Documentation

Ensure patient records clearly justify billed services.
Keep records organized and accessible for at least six years, as required by many federal programs.

4. Vetting Business Relationships

Ensure all contracts with vendors, consultants, and referral partners comply with anti-kickback and Stark Law requirements.

Responding When the DOJ Knocks

If your practice becomes the subject of a DOJ investigation, immediate and strategic action is critical.

Step 1: Verify the Investigator’s Identity

Ask for official identification and the purpose of the visit.
Determine whether they are serving a CID, subpoena, or search warrant.

Step 2: Contact Legal Counsel Immediately

Engage an attorney experienced in healthcare fraud defense.
Do not attempt to explain or justify allegations without legal representation.

Step 3: Preserve All Documents and Data

Implement a litigation hold to prevent destruction or alteration of any records.
Include EHRs, billing systems, emails, and text communications related to patient care and billing.

Step 4: Limit Staff Communications with Investigators

Instruct employees to refer all inquiries to legal counsel or the compliance officer.
Ensure staff understand they must answer truthfully, but may decline to speak until counsel is present.

Step 5: Cooperate, But Strategically

Provide requested documents in an organized, timely manner.
Keep detailed records of what is provided and when.

Step 6: Conduct an Internal Review

Parallel to the DOJ’s investigation, assess your own records to identify potential weaknesses or violations.
Prepare a remediation plan if compliance issues are discovered.

A Realistic Case Study: When a Small Practice Faced DOJ Scrutiny

A small orthopedic clinic in the Midwest billed Medicare for postoperative follow-up visits using codes for higher-complexity office visits. Over two years, this pattern triggered CMS’s fraud detection algorithms. A former billing clerk, who had previously raised concerns internally, filed a qui tam lawsuit under the FCA.

The DOJ issued a CID requesting three years of billing records, appointment logs, and physician notes. The clinic’s leadership was unprepared, they had no centralized compliance program, and records were inconsistently maintained. Several patient files lacked adequate documentation to support billed codes.

The investigation concluded that the clinic had engaged in reckless disregard of billing rules, constituting “knowing” submission of false claims under 31 U.S.C. § 3729(b)(1). The case was settled for $450,000, along with a three-year Corporate Integrity Agreement requiring staff training, independent claims review, and quarterly compliance reporting to OIG.

The key lessons: failing to maintain strong documentation and compliance oversight can transform a correctable billing issue into a costly FCA case.

Common Pitfalls and How to Avoid Them

Pitfall	Description	How to Avoid
Incomplete Documentation	Missing or inadequate medical records to support billed claims	Use checklists in patient charts and conduct random chart audits
Overreliance on Billing Staff	Physicians unaware of billing codes submitted in their name	Require provider sign-off on all codes before submission
Ignoring Whistleblower Complaints	Dismissing internal concerns without investigation	Establish an anonymous reporting system and follow up promptly
Weak Vendor Oversight	Third-party billers operating without compliance checks	Include compliance provisions in all vendor contracts and audit them
Delayed Legal Response	Waiting to engage counsel after initial contact by DOJ	Have legal representation identified in advance for rapid engagement

DOJ Fraud Investigation Response Checklist

Task	Responsible Party	Timeline	Reference
Verify Investigator Identity	Compliance Officer	Immediately upon contact	28 CFR 104.71
Notify Legal Counsel	Compliance Officer / Owner	Within 1 hour	FCA / DOJ Protocol
Preserve All Records	IT Manager / Admin	Immediately	45 CFR § 164.530(j)
Limit Staff Communications	Compliance Officer	Immediately	DOJ Best Practices
Gather Requested Documents	Admin / Billing Lead	As per deadline	CID/Subpoena Instructions
Document All Interactions	Compliance Officer	Ongoing	DOJ Protocol
Conduct Internal Review	Compliance Officer / Counsel	Within 2–5 days	FCA Compliance

Concluding Recommendations and Next Steps

Surviving a DOJ fraud investigation requires preparation, discipline, and expert guidance. For small practices, the stakes are high, financial stability, patient trust, and professional licensee can all be on the line.

To strengthen your readiness:

Develop a comprehensive compliance program tailored to your practice size.
Train all staff regularly on FCA and billing compliance.
Audit proactively to catch errors before they attract DOJ attention.
Maintain meticulous documentation to defend every claim.
Engage legal counsel early to guide responses and protect your rights.

By adopting these measures, you not only reduce your risk of triggering an investigation but also position your practice to respond effectively if one occurs. In today’s enforcement environment, HHS, OIG, and DOJ work together closely, meaning small practices must treat compliance as a daily operational priority, not an afterthought.

To safeguard your practice, adopt a compliance management system. These tools consolidate regulatory obligations, provide ongoing risk monitoring, and ensure you’re always prepared for audits while demonstrating your proactive approach to compliance.