In a May 15, 2025, Memo, Matthew R. Galeotti, the Head of the U.S. Department of Justice’s Criminal Division, announced their white collar prosecutorial priorities. In the number one position: healthcare fraud. To make matters more pressing for you, the Galeotti Memo instructs the Criminal Division that the DOJ’s first priority is to prosecute the individuals involved.
Let that sink in.
As Galeotti put it, “it is individuals—whether executives, officers, or employees of companies—who commit these crimes, often at the expense of shareholders, workers, and American investors and consumers. The Criminal Division will investigate these individual wrongdoers relentlessly to hold them accountable.”
Although the government never went entirely out of the business of prosecuting individuals, at times the focus has been directed at, and publicity has centered on, the prosecution of the company itself. That said, and, in fact, as the Galeotti Memo reminds us, it is individuals within companies that act out the crimes.
In a nutshell, liability for healthcare fraud doesn’t stop at the entity level. And, it doesn’t stop with civil claims under the False Claims Act or even with a civil settlement. The truth is that physicians, medical group CEOs, and other healthcare entity owners, executives, and managers, can be and are charged criminally for their role in their company’s fraud. This is the case whether you’re with an anesthesia group, a 3-physician radiology practice, a mega-size hospital-controlled medical group, or, well, you name it.
Although his conduct pre-dates the Galeotti Memo, the sentencing earlier this year of Miguel Saravia demonstrates how prosecutors can, and do, see through entity conduct to prosecute corporate employees.
Saravia, the former COO of a behavioral health service was sentenced to three and a half months in federal prison, to be followed by one year of supervised release. He was also ordered to pay $561,141.89 in restitution.
His sentencing followed his guilty plea to six counts of healthcare fraud arising from allegations that he directed a group of individuals with no billing or medical training to enter CPT codes for therapy services that were not provided and to upcode CPT codes for actual psychotherapy visits.
False claims can be presented by accident, but that’s often not the case. Although entities, formed properly, offer some insulation from personal civil liability, they offer no protection for criminal liability.
So, how to avoid your own “Miguel Saravia” problem?
The first step is to adopt a compliance plan, but a compliance plan that isn’t part of an active compliance process is as ineffective as that flu shot that you forgot to get. And, even if you got that flu shot, it’s not 100% effective and neither is a process unless it’s actively maintained. I’m talking about reviews, internal audits, external audits, and the like. That’s an active process. It’s certainly not that binder on your shelf gathering dust, or even worse, the Word document on a hard drive.
And, of course, any compliance process is an overlay upon a properly planned business structure and its properly planned business processes.
If you need help getting started, get in touch. If you smell trouble, get in touch sooner.
In real life healthcare compliance, there’s no get out of jail free card. Proper structure, proper business processes, and proper compliance processes are as close as you’re going to get. To cap it off, you can no longer discount the downside as being contained within your entity’s structure, even if that meant the criminal prosecution of the entity. After all, the DOJ is telling you that they are going to focus on the prosecution of the individuals involved. It makes sense to believe them.
Related Posts:
