Designed for busy in-house counsel and compliance professionals, this newsletter seeks to bring you up to speed on key federal and state False Claims Act (FCA) developments, with links to primary resources. Each quarter, we will provide key takeaways and discuss some of the most significant false claims topics.
In this last newsletter of 2023, we ask: Will recent decisions on the FCA Kickback standard make their way back to the Supreme Court, and what should companies be doing in response? What should defense contractors, healthcare and life sciences companies, and universities be doing to review their cybersecurity and risk management practices? We also review recent settlements by a university for failing to disclose foreign funding in grant applications, an insurance company for its Medicare Advantage billing practices, a genomic testing company for evading Medicare’s 14-Day Rule, a national pharmacy for waiving co-payments and providing kickbacks for referrals, and a major defense contractor for failing to meet certain contractual manufacturing specifications. The answers to this quarter’s questions and a discussion of these settlements are here in our October 2023 FCA Update.
Federal
Supreme Court Turns Away Whistleblower’s Efforts to Ease FCA Kickback Standard, Denying Cert and Keeping Sixth Circuit Opinion in Place. On the first day of its new term, the Supreme Court denied a relator’s petition for a writ of certiorari asking to revisit the Sixth Circuit’s decision in Martin, which holds that the AKS requires proof that billing claims would not have happened “but for” illicit “remuneration.” In an earlier client alert, we explained that the Sixth Circuit’s decision in Martin was significant in that it: (1) narrowly interpreted “remuneration” under the AKS to mean “payments or other transfers of value,” as opposed to “any act that may be valuable” to another; and (2) adopted a “but for” causation standard for FCA suits premised on alleged violations of the AKS, thereby requiring that a plaintiff show that a claim for government reimbursement “would not have occurred” absent the alleged kickback. While the Supreme Court did not explain its reasoning, the denial of certiorari is significant in that it maintains a circuit split between the Sixth and Eighth Circuits’ “but for” causation requirement on the one hand, and on the other the Third Circuit’s Greenfield decision, which merely requires proof of “some connection between a kickback and a subsequent reimbursement claim.”
Undoubtedly, the “but for” vs. “some connection” causation question will be back before the Supreme Court, perhaps even in connection with two cases now making their way through the First Circuit: U.S. v. Teva Pharmaceuticals USA and U.S. v. Regeneron Pharmaceuticals Inc. The district judge presiding over Teva Pharmaceuticals has held that the government need not prove “but for” causation to support its FCA claim, but the court issued a ruling on August 14, 2023 certifying an interlocutory appeal to the First Circuit on the issue and noting that there is “substantial ground for difference of opinion” on the matter. The expected appeal will delay the government’s efforts to seek $10 billion from Teva and—depending on the First Circuit’s opinion—may alter the trajectory of the case significantly.
Just down the hall in the same Boston courthouse, a different judge came to a different conclusion about causation. In Regeneron Pharmaceuticals, Chief Judge F. Dennis Saylor issued an opinion on September 27, 2023, agreeing with the Sixth and Eighth circuits and holding that the government must show that any alleged kickbacks by the pharmaceutical company were the “but for” cause of the purported false claims. We will continue to monitor developments surrounding this issue. In the meantime, due to this split, the choice of venue will remain important in AKS and FCA cases, and motions to transfer venue should be considered.
DOJ Announces New Civil Cyber-Fraud Settlement with Verizon and a Decision Not to Intervene in Pennsylvania State University Case. On September 5, 2023, the Department announced a $4 million resolution of FCA claims against Verizon Business Network Services LLC (“Verizon”) on allegations of failure to provide adequate cybersecurity. This marks the fourth such settlement under DOJ’s Civil Cyber-Fraud Initiative, which uses the FCA to “hold accountable” entities and individuals who knowingly: (1) provide deficient cybersecurity products or services; (2) misrepresent their cybersecurity practices or protocols; or (3) fail to monitor and report cybersecurity incidents or breaches. Here, the settlement involved allegations that Verizon failed to provide federal agencies with secure connections to the internet and other external networks and did not satisfy required cybersecurity controls for Trusted Internet Connections under General Services Administration contracts. Notably, DOJ highlighted the fact that the company cooperated and took prompt and substantial remedial measures. According to the settlement, Verizon “provided the government with a written self-disclosure, initiated an independent investigation and compliance review of the issues and provided the government with multiple detailed supplemental written disclosures.”
On September 29, 2023, DOJ filed notice that it would not intervene at this time in a newly unsealed FCA suit alleging that Pennsylvania State University failed to provide adequate cybersecurity for covered defense information, as contractually required by Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012. Under the DFARS, contractors must implement controls outlined in the National Institute of Standards and Technology (NIST) Special Publication 800-171. The lawsuit alleges that the University falsified documents related to NIST compliance. Although prosecutors did not give an explanation for their decision, the move serves as a useful reminder to consider engaging with DOJ on intervention.
With enforcers now routinely wielding the FCA in the cybersecurity context, all government contractors, including for-profit entities, as well as nonprofits and research universities (particularly those that deal with sensitive unclassified defense or national security information, law enforcement data, personal health records, taxpayer information, or personal health information) should review their cybersecurity and risk management practices. MoFo regularly assists such clients in evaluating their compliance obligations and establishing compliant data security and cybersecurity programs, policies, and practices, as well as developing comprehensive incident response protocols that include necessary government notifications and disclosures.
University Settles Allegations That It Failed to Disclose Support from Foreign Sources on Grant Applications. On October 2, 2023, DOJ announced that Stanford University has agreed to pay $1.9 million to resolve allegations that it failed to disclose current and pending support that 12 faculty members are receiving from foreign sources. In 16 grant applications, Stanford is alleged to have knowingly failed to disclose funding that principal investigators and co-principal investigators received or expected to receive from foreign sources in support of their research. If you are a grant applicant and this story caught your eye, consider consulting with MoFo’s Government Contracts Group to learn best practices in applying for and performing federal grants for universities, as well as Small Business Innovation Research (SBIR) grants.
Health Insurance Company Pays $172 Million to Settle Medicare Billing Claims. The Cigna Group has agreed to settle three sets of claims involving Medicare Advantage billing practices. On September 30, 2023, DOJ announced a $172 million settlement resolving claims that Cigna improperly utilized chart reviews to manipulate codes to seek reimbursements from CMS, utilized false diagnosis codes for morbid obesity, and utilized a program to send nurses to patients’ homes to perform health examinations and allegedly diagnose policyholders with exaggerated medical problems. The last of these allegations came from a qui tam filing in which the government intervened. The relator will receive approximately $8.1 million from the settlement of these claims.
Genomic Testing Company Settles Allegations Involving Medicare’s 14-Day Rule. On October 2, 2023, Genomic Health, Inc. agreed to settle FCA claims that it improperly billed Medicare for certain genomic laboratory tests in order to evade Medicare’s 14-Day Rule. This rule prohibits laboratories from separately billing Medicare for covered tests if a physician orders the test within 14 days of the patient’s discharge from a hospital. If the test is performed more than 14 days after discharge, Medicare permits laboratories to bill Medicare directly for the test. Genomic Health is alleged to have manipulated the 14-Day Rule in several ways, including seeking direct reimbursement within the 14-day period, conspiring with and encouraging hospitals and physicians to cancel and reorder tests to manipulate the timing of the tests, and failing to send invoices to hospitals for laboratory services. The relator will receive approximately $5.6 million from the settlement.
National Pharmacy Settles Kickback Allegations Involving Co-payments. On October 2, 2023, BioTek reMEDys Inc. agreed to pay $20 million to resolve FCA allegations that it paid kickbacks to patients and physicians. The government alleged that BioTek routinely waived Medicare and TRICARE co-payments to induce patients to purchase expensive drugs without regard for whether the patients were experiencing financial hardship. In addition, BioTek was alleged to have provided gifts, dinners, and free administrative and clinical support services to physicians to induce referrals. The whistleblowers will receive over $4 million as a result of the settlement.
Defense Contractor Settles FCA Claims over Osprey Components. On September 28, 2023, DOJ announced a $8.1 million settlement with Boeing over claims involving its Osprey V-22 tiltrotor military aircraft. Former Boeing employees filed a whistleblower claim alleging that the company failed to meet certain contractual manufacturing specifications in fabricating composite parts for the Osprey. The whistleblowers will receive over $1.5 million in connection with the settlement.
State
Texas Reaches $42 million settlement. On August 8, 2023, the Texas Attorney General’s Office announced that it had reached a $42.7 million settlement with pharmaceutical drug manufacturers. The matter arose from claims that certain drug manufacturers violated the Texas Medicaid Fraud Protection Act by providing nursing and reimbursement services for certain pharmaceutical drugs to Texas Medicaid providers and by paying clinical nurse educators to refer or recommend drugs to providers. The claims were originally brought by a whistleblower under the qui tam provisions of the Act.
[View source.]