True Facts About False Claims: MoFo's FCA Newsletter
True Facts About False Claims: MoFo's FCA Newsletter
Designed for busy in-house counsel and compliance professionals, this newsletter seeks to bring you up to speed on key federal and state False Claims Act (FCA) developments, with links to primary resources. Each quarter, we will provide key takeaways and discuss some of the most significant false claims topics.
In this third newsletter of 2024, we ask: what should you make of the recent U.S. Department of Justice (DOJ or the “Department”) settlements with health care providers that have voluntarily self-disclosed misconduct, what should you know about the Department’s most recent cyber-fraud settlements, and is DOJ focusing on grant applications and the failure to disclose foreign funding? The answers to this quarter’s questions and a discussion of two additional federal and state settlements are here in our July 2024 FCA update.
Health Care Provider Voluntarily Self-Discloses Improper Discounts. On May 6, 2024, DOJ announced that Baptist Health System, Inc. agreed to pay $1.5 million (which includes $1 million in restitution) after it voluntarily self-disclosed to DOJ that its subsidiaries provided discounts of up to 50% or more to patients off their cost-sharing obligations to induce them to utilize their health care services. In addition to self-disclosing, Baptist Health cooperated with the investigation and took remedial steps including discontinuing the practice and conducting an internal compliance review. Announcing this settlement, the Department stated that Baptist Health took significant steps entitling it to credit for self-disclosing misconduct and cooperating with the government’s investigation. It appears, based on the settlement, that DOJ calculated the overall damage amount using the same “minimum multiplier” formula of 1.5 times the restitution amount used by HHS-OIG as part of its Self-Disclosure Protocol. This same 1.5 “minimum multiplier” was also used by DOJ in the last year in two voluntary self-disclosure cases involving FCA health care fraud violations. These settlements provide some clarity to health care companies that are considering voluntarily self-disclosing misconduct to DOJ. MoFo regularly assists clients in evaluating their compliance obligations especially in light of the Department’s voluntary self-disclosure policy and can assist clients with navigating voluntary self-disclosure decisions.
DOJ Announces Civil Cyber-Fraud Settlements. On May 1, 2024, DOJ announced a $2.7 million settlement with Insight Global LLC to resolve allegations under the FCA that it failed to implement adequate cybersecurity measures to protect the health information of contact tracing subjects during the pandemic. During the COVID-19 pandemic, the Pennsylvania Department of Health hired Insight Global to provide staffing for contact tracing and was required to keep personal health information confidential and secure. However, the government alleged that personal health information and/or personally identifiable information (PII) of contact tracing subjects was transmitted in unencrypted emails, staff used shared passwords to access such information, and this information was stored and transmitted using Google files that were not password protected and potentially accessible to the public via internet links.
The Insight Global matter is one of the recent DOJ Civil Cyber-Fraud Initiative settlements and confirms that the Department remains focused on cyber fraud and the failure of government contractors to adequately safeguard PII. With enforcers now routinely wielding the FCA in the cybersecurity context, all government contractors, including for-profit entities, as well as non-profits and research universities (particularly those that deal with sensitive unclassified defense or national security information, law enforcement data, personal health records, taxpayer information or personal health information) should review their cybersecurity and risk management practices. MoFo regularly assists clients in evaluating their compliance obligations and establishing compliant data security and cybersecurity programs, policies, and practices, as well as developing comprehensive incident response protocols that include necessary government notifications and disclosures.
Cleveland Clinic and the University of Maryland Settle Allegations that They Failed to Disclose Support from Foreign Sources on Grant Applications. On May 17, 2024, DOJ announced that the Cleveland Clinic Foundation agreed to pay $7.6 million to resolve allegations that it failed to disclose that the principal investigator for National Institutes of Health (NIH) grants had pending and/or active grants from foreign institutions that provided financial assistance to support the employee’s research and already obligated the investigator’s time.
On July 16, 2024, DOJ announced that the University of Maryland, College Park agreed to pay $500,000 to resolve allegations that it failed to disclose current and pending support from foreign sources for faculty members who were principal investigators or co-principal investigators for federal research grant proposals.
Federal grant applicants are required to disclose all sources of research support on their grant applications. These recent settlements follow an October 2023 settlement by Stanford University in which it paid $1.9 million to resolve allegations that it failed to disclose current and pending support that 12 faculty members received from foreign sources. It appears that the Department is focused on examining grant applications to ensure that funding from foreign sources is appropriately disclosed. If you are a grant applicant, consider consulting with MoFo’s Government Contracts Group to learn best practices in applying for and performing federal grants for universities as well as Small Business Innovation Research grants.
Lockheed Martin Subsidiaries Agree to Pay $70 Million to Resolve Allegations of Improper Markups on Spare Parts for Navy Trainer Aircraft. On June 21, 2024, DOJ announced that Sikorsky Support Services and Derco Aerospace – both subsidiaries of Lockheed Martin – agreed to pay $70 million to resolve allegations that they overcharged the Navy for spare parts and materials needed to repair and maintain aircraft used to train naval aviators. The government alleged that the two companies entered into an improper cost-plus-percentage-of-cost subcontract in which Sikorsky agreed to purchase parts from Derco at the cost that Derco paid other suppliers for those parts plus a fixed 32% markup. Sikorsky then allegedly submitted cost vouchers to the Navy for reimbursement of the amounts it paid Derco. The relator, a former employee of Derco, will receive approximately $14 million.
Online Lender Agrees to Settle for $120 Million to Resolve Allegations that it Submitted Thousands of False Claims for PPP Loan Forgiveness and Operated without Adequate Fraud Controls. On May 13, 2024, Kabbage Inc. agreed to pay $120 million to resolve allegations that it submitted thousands of false claims for Paycheck Protection Program (PPP) loan forgiveness and operated without adequate fraud controls in place. The government alleged that Kabbage: (1) double-counted state and local taxes that employees paid in determining borrower’s gross wages; (2) included annual employee compensation over $100,000 in calculating loan eligibility as well as payments for leave and severance; and (3) failed to comply with the Bank Secrecy Act and anti-money laundering requirements by not implementing adequate fraud controls (including relying on inadequate automated tools, reducing fraud review staff and encouraging employees to approve suspicious loans to increase revenue). During the pandemic, Kabbage facilitated $7 billion in PPP loans to small businesses affected by the COVID-19 pandemic and filed for bankruptcy in 2022.
New York AG’s Office Settles with State’s Largest Health Care Network Over Improper Billing. On April 12, 2024, the New York Attorney General’s Office announced a $1.05 million settlement with Northwell Health, New York’s largest health care network, for over-charging patients for visits to COVID-19 testing sites located in Northwell Health’s emergency departments. State and federal laws prohibited health plans from charging any type of cost sharing for COVID-19 tests and related services. The state alleged that Northwell Health deceptively advertised three of its emergency departments in New York City and on Long Island as COVID-19 testing sites where New Yorkers could get a COVID-19 test, but then billed patients for emergency room visits despite these patients only receiving COVID-19 tests.
Morrison Foerster has a multidisciplinary team focused on False Claims Act (FCA) matters, which includes former high-ranking DOJ officials, federal and state prosecutors, senior government regulators, White House and FBI counsel, government contracts specialists, privacy experts, and veteran defense lawyers, among others. We focus on counseling clients through all phases of matters related to the FCA, including proactive compliance counseling, due diligence, internal investigations, government investigations, and litigation. The breadth of our experience allows us to understand how law enforcement agencies choose which FCA cases to pursue, anticipate prosecutors’ and regulators’ next steps, plan and execute efficient and thorough investigations, quickly pinpoint key issues, and identify the best path forward from the outset.