The Antitrust Division of the Department of Justice (“Division”) now considers a company’s compliance program at the charging and sentencing stages in a criminal antitrust investigation. The Division incorporated these changes into the Justice Manual. The Division also published a guide for evaluating compliance programs under this new approach.
In a growing trend, the Department of Justice (DOJ) indicted two corporate executives and two licensed pharmacists for drug distribution. This is the second time in 2019 that DOJ acted to hold opioid distributors and manufacturers criminally liable for contributing to the drug crisis.
Data protection in Poland now includes an updated “black list” of operations requiring an impact assessment. Another action announces a controversial decision about privacy of license plate numbers. In addition, a data breach manual is available. For fuller analysis see Magdalena Gad-Nowak’s article here in the Data Privacy & Cybersecurity blog.
The Italian Government recently approved a bill known as the Spazzacorrotti, or “Bribe Destroyer.” The anti-establishment Movimento 5 Stelle, or Five Star Movement, which took office after campaigning to tackle bribery, has been championing the bill as a “revolution in the fight against corruption” that would allegedly save the country billions of euros. However, the same Five Star Movement may well have scored a spectacular own goal, having just become embroiled in a high-profile bribery scandal related to the construction of A.S. Roma’s new football stadium, the 52,500-seat Stadio della Roma, a project that has been beset by difficulty. Continue Reading
The Department of Justice (DOJ) recently intervened in a False Claims Act (FCA) lawsuit involving allegations of kickbacks for prescription drug copays. The DOJ says the lawsuit makes “clear that the Department will hold accountable drug companies that pay illegal kickbacks to facilitate increased drug prices.” The DOJ “will not allow drug companies to use so-called charitable patient assistance funds to do what they otherwise cannot do – pay patients’ copays to circumvent these safeguards and increase their profits.” Continue Reading
His Highness Sheikh Khalifa bin Zayed Al Nahyan, President of the United Arab Emirates (UAE), has decreed various updates to Federal Law No. 3 of 1987, known as the UAE Penal Code, that bring the country’s bribery and corruption legislation positively into line with other regimes in other jurisdictions. Continue Reading
On May 31, 2019, the U.S. Attorney for the District of Kansas announced a $250,000 settlement with Coffey Health System, after two whistleblowers filed qui tam suit against Coffey for violations of the False Claims Act. The settlement resolved allegations that Coffey submitted false claims to Medicare and Medicaid pursuant to the Electronic Health Records Incentive Program. That program offers incentive payments to healthcare providers who adopt meaningful electronic health records (EHR) technology and systems. This case is the most recent in a slew pursued by the Department of Justice. It is a helpful reminder that clients should conduct effective risk analyses when determining whether to adopt EHR technologies in accordance with the federal incentive program.
The Electronic Health Records Incentive Program is a provision under the Health Information Technology for Economic and Clinical Health (HITECH) Act – a federal law enacted as part of the American Recovery and Reinvestment Act of 2009 (Pub. L. 111-5 (Feb. 17, 2009)), which amended the Health Insurance Portability and Accountability Act (HIPAA) to address privacy and security concerns associated with the electronic transmission of protected health information. The HITECH Act includes provisions aimed at encouraging health organizations to digitize their health records and record systems. The Act also includes a financial incentives program, or a “meaningful use program.”
Specifically, the Department of Health and Human Services (HHS), through Medicare and Medicaid, offers incentive payments to healthcare providers who agree to comply with certain EHR technology standards and requirements, such as using certified EHR systems, attesting that the organization satisfies certain implementation standards and security risk measures, and other ongoing compliance provisions. When companies attest they are in compliance with the incentive program’s requirements, healthcare providers must acknowledge that the filing of such an attestation equates to submitting a claim for federal funds. False statements in any federally filed documents related to the program are subject to federal and state criminal laws and civil penalties.
Businesses taking advantage of the incentive program must demonstrate meaningful use of the EHR records within one year of receiving funds, or face potential penalties, or delayed or cancelled future disbursements. Full noncompliance may lead to sanctions and mandatory reimbursement in full. Incentive payments are audited by HHS and Medicare/Medicaid, and often require documentation to support proof of any attestation that the providers are in compliance with the program, and have made the noted system improvements. Health care organizations who do not comply risk liability when making false attestations, or from knowingly receiving “reverse false claims” through overpayment or retention of payments unsubstantiated and unearned.
The False Claims Act (31 U.S.C. Sections 3729-3733) creates civil liability for knowingly presenting, or causing to be presented, false or fraudulent claims to the United States. The Act permits private persons to file suit for violations of the state on behalf of the government, in what is known as a “qui tam” action. Such a suit triggers a government investigation if one has not already begun.
On May 7, 2019, the Department of Justice issued updated guidance on False Claim Act matters. Click here for prior post. Essentially, whistleblowers and cooperators are incentivized to voluntarily disclose misconduct within their organizations, and can receive financial compensation for their conduct. Companies are further encouraged to cooperate with any federal investigation, and under the updated policy, the Department will take into account any corrective action a company takes in response to an allegation of wrongdoing under the False Claims Act. Such credit generally takes the form of a reduction in damages assessed and/or civil penalties. Under the updated policy, the Justice Department “may” publicly acknowledge the company’s cooperation. The updated guidance is instructive insight to the Department’s recent push to prosecute those who falsely attest to complying with the EHR Incentive Program.
Coffey Health System is a twenty-five-bed “critical access” hospital in central Kansas. In 2016, the hospital’s former Chief Information Officer (CIO) and corporate compliance officer filed a qui tam suit under the False Claims Act, claiming that Coffey falsely attested that it conducted and reviewed security risk analyses in accordance with the EHR Incentive Program. From 2011 through 2016, the whistleblowers contented that Coffey failed to comply with the appropriate standards, and received more than $3 million in payments from the incentive program, without adhering to its terms. During this same time period, the suit alleges that Coffey represented that patient data submitted to Medicare and Medicaid was captured and exported through certified EHR technology, when in fact it was captured and exported manually. The CIO stated that in 2014 he reported his concerns to hospital officials after he was able to access patient records through a county-wide shared firewall, in clear violation of EHR Incentive policies. Though the CIO attempted to correct many of the issues, the hospital allegedly failed to devote resources to the security risk analysis findings, and further failed to provide the CIO with the tools and support to correct the deficiencies. In addition, the hospital purportedly failed to properly document its efforts to adhere to the EHR. Coffey Health systems decided to settle the matter with the Department of Justice, returning $250,000 of the more than $3 million they received under the incentive program. Consistent with DOJ policy, the whistleblowers will receive $50,000 of the settlement.
HHS and the Department of Justice have investigated and settled several similar cases. In 2015, the Eastern District of Texas criminally prosecuted the former Chief Financial Officer (CFO) of Shelby Regional Medical Center for making false statements in connection with funds distributed to the office by the EHR Incentive Program. The CFO pled guilty, was sentenced to 23 months in prison, and was personally ordered to pay over four million dollars in restitution. (U.S. v. White, 6:14CR0005-001 E.D. Tex.)
In what has been billed Vermont’s largest financial recovery, the Department investigated and negotiated a settlement with eClinicalWorks, one of the nation’s largest EHR software manufacturers, requiring them to pay $155 million to resolve the civil qui tam suit. (U.S. ex rel. Delaney v. eClinicalWorks LLC, 2:15CV00095 (D. Vt.)). In that case, the whistleblower filed suit alleging that the software company misrepresented its product’s capabilities to HHS, and falsely certified their software complied with the statutory requirements, among other claims. In that case, the qui tam claimant received more than $30 million as part of the settlement.
In 2019, Greenway Health, a Tampa, Florida-based developer of EHR software, agreed to pay a $57.25 million fine to settle allegations brought under the False Claims Act that Greenway misrepresented its software’s capabilities, leading to false claims submitted through its use. (U.S. v. Greenway Health, LLC, 2:19CV20 (D. Vt.)). In addition, Greenway was allegedly inducing new customers to use its software by making “unlawful remunerations,” thereby violating the Anti-Kickback statute. Greenway’s faulty software, according to the Department, did not comply with the requirements for EHR certification.
In general, electronic health records need to be maintained with an emphasis on sophisticated, HIPAA-compliant privacy systems. Participation in the EHR Incentive Program exacerbates a client’s potential exposure by requiring those receiving monies to consistently certify their adherence to the rules, and attest that the entity is consistently using, maintaining, and where necessary, improving the system in accordance with the guidelines. Health care providers should also do dogged due diligence to ensure their chosen EHR software is certified by HHS, and has a demonstrated successful track record of creating reliable outcomes. Further, when health care companies decide to implement EHR technological programs, they should provision for adequate internal processes and controls to collect and maintain appropriate records supporting the required incentive attestations, and to ensure the company is at all times in compliance with the program’s guidelines.
A UK court recently fixed a remand hearing in the extradition case of Nirav Modi, a fugitive diamond merchant and the prime accused in a USD 2 billion Punjab National Bank (PNB) fraud case.
After Vijay Mallya (Indian businessman) and Sanjeev Chawla (alleged cricket bookie), Mr. Modi’s case is the third in a series of Indian extraditions that mark a watershed moment for cooperation between Indian and British authorities to bring to justice cross-border corruption. Continue Reading
Another example about the costs of lax data security involves a medical imaging company in the U.S. The company did not perform a risk analysis and failed to respond properly when alerted to problems. See the full post here on the Triage blog.
Russian Duma Revisits Criminalization as Counter-sanction
The Russian Duma is considering a bill that would prohibit media communications that reveal non-compliance with sanctions or facilitate imposition of sanctions and would also impose criminal penalties on those that disclose or transfer information to organizations “directly or indirectly” under the control of an “unfriendly state”, any company organized under the laws of an “unfriendly state”, and persons affiliated with such organizations if such transfer or disclosure leads to the imposition or expansion of sanctions.
What does the bill mean, even in its draft form, for businesses based in Russia and elsewhere? Moscow partners Patrick Brooks and Sergey Treshchev examine the draft bill in a new alert this week.
Related Squire Patton Boggs Sanctions and Counter-sanctions Content
We also recently held a webinar on “Sanctions, counter-sanctions and anti-corruption trends in Russia: doing business in the current climate.” It was presented by partners Patrick Brooks (Moscow) and Dan Waltz (Washington DC), and senior associate Kristina Arianina (Washington DC). You can view the webinar on demand here (requires Lexology login or signup).
Thought Leadership
For more information on sanctions- and anticorruption-related topics and more, we invite you to subscribe to our Anticorruption and Trade Practitioner Blogs, as well as other firm content here.
