Designed for busy in-house counsel and compliance professionals, this newsletter seeks to bring you up to speed on key federal and state False Claims Act (FCA) developments, with links to primary resources. Each quarter, we will provide key takeaways and discuss some of the most significant false claims topics.

Happy New Year! In this first newsletter of 2024, we ask: Will the First Circuit’s grant of an interlocutory appeal on the causation standard in FCA kickback cases make its way to the Supreme Court, and what should companies be doing in response? What should healthcare and life sciences companies know about new Department of Health & Human Services (HHS) compliance guidelines, and what should compliance officers be focused on? What should government contractors know about two proposed cybersecurity rules? We also review several large Department of Justice (DOJ) kickback settlements, including a discussion of a new area of focus by DOJ; a settlement with a major defense contractor related to faulty military engine parts; a tactical outfitter’s settlement for lying that its products were “Made in America”; and a new complaint filed by the New York, New Jersey, and Georgia Attorneys General alleging violations of state FCA statutes. The answers to this quarter’s questions and a discussion of these settlements and the complaint are here in our January 2024 FCA Update.

Federal

First Circuit to Tackle “But For” vs. “Some Connection” Causation Standard in FCA Kickback Cases. In our October 2023 newsletter, we discussed a circuit split likely to make its way to the Supreme Court. In an earlier client alert, we explained that the Sixth Circuit’s March 2023 decision in Martin was significant because it adopted a “but-for” causation standard for FCA suits premised on alleged violations of the Anti-Kickback Statute (AKS), thereby requiring plaintiffs to show that a claim for government reimbursement “would not have occurred” absent the alleged kickback. The Sixth Circuit’s decision aligns closely with the Eighth Circuit’s decision in Cairns and reinforced an existing circuit split with the Third Circuit’s decision in Greenfield, which merely requires proof of “some connection between a kickback and a subsequent reimbursement claim.”

On November 17, 2023, the First Circuit granted an interlocutory appeal in United States v. Teva Pharmaceuticals USA to decide this issue, which has perplexed several judges within the circuit. Judge Nathaniel Gorton, the district judge presiding over Teva Pharmaceuticals, previously held that the government need not prove “but for” causation to support its FCA claim. As we discussed in our October FCA newsletter, this is at odds with another district judge in the same courthouse. In Regeneron Pharmaceuticals, Chief Judge F. Dennis Saylor agreed with the Sixth and Eighth Circuits and held that the government must show that any alleged kickbacks by the pharmaceutical company were the “but for” cause of the false claims. Following the First Circuit’s grant of the appeal, Judge Saylor granted the government’s motion to stay Regeneron Pharmaceuticals pending the appellate court’s decision in Teva Pharmaceuticals. We also await the First Circuit’s decision on which standard is correct. In the meantime, due to this split, the choice of venue will remain important in AKS cases, and motions to transfer venue should be considered.

HHS Publishes New Federal Compliance Guidelines. On November 6, 2023, HHS’s Office of the Inspector General published a new reference guide for the healthcare compliance community and other healthcare stakeholders – the General Compliance Program Guidance (GCPG). The GCPG suggests that there are seven elements of a successful compliance program: (1) written policies and procedures (e.g., codes of conduct and compliance policies); (2) compliance leadership and oversight (compliance officer and compliance committee (3) training and education; (4) effective lines of communication with the compliance officer and disclosure program (e.g., hotline, a website, an email address, or a mailbox); (5) enforcing standards, with consequences and incentives; (6) risk assessment, auditing, and monitoring; and (7) responding to detected offenses and developing corrective action initiatives. Of note, the GCPG focuses on the primary responsibilities of the compliance officer, which should include advising the CEO, board, and other senior leaders on compliance risks facing the company, compliance risks related to strategic and operational decisions of the company, and the operation of the company’s compliance program.

The GCPG applies to hospitals; home health agencies; clinical laboratories; third-party medical billing companies; the durable medical equipment, prosthetics, orthotics, and supply industry; hospices; Medicare Advantage organizations; nursing facilities; physicians; ambulance suppliers; and pharmaceutical manufacturers. Companies and their compliance officers that fit these categories should review their compliance policies, especially if they receive government contracts/grants and thus have FCA exposure. MoFo can advise clients on developing compliance policies and procedures that address the most recent guidance by government regulators and conducting appropriate risk assessments.

FAR Council’s New Cybersecurity Rules Proposal Could Expand FCA Exposure. On October 2, 2023, the Federal Acquisition Regulation (FAR) Council released two proposed rules for federal contractors related to cybersecurity controls and incident response. The proposed rules seek to: (1) standardize cybersecurity requirements for unclassified federal information systems, including contractor systems; and (2) require contractors to share information on cybersecurity threats with, and to report cybersecurity incidents to, the government. The proposed rules include a requirement for contractors to report all cybersecurity incidents within eight hours of discovery (much shorter than the 72-hour deadline in the comparable Department of Defense cyber incident reporting FAR clause) and an annual certification requirement in which contractors must certify compliance with cybersecurity reporting obligations. The comment period for the rules was extended until February 2024 due to considerable interest. We will continue monitoring the FAR Council’s proposed rules, particularly in light of DOJ’s Civil Cyber-Fraud Initiative. In an October 23, 2023 Government Contracts Insights Blog post, MoFo attorneys discussed these proposed rules, how they might impact a company’s operations, what compliance obligations they impose, and the potentially serious ramifications (including FCA exposure) of non-compliance. MoFo regularly assists clients in evaluating their compliance obligations and establishing compliant data security and cybersecurity programs, policies, and practices, as well as developing comprehensive incident response protocols that include necessary government notifications and disclosures.

DOJ Settles Three Large Kickback Cases Involving Referring Physicians & Pursues Management Services Organizations for Kickbacks on Laboratory Testing Referrals. DOJ announced three large settlements with healthcare providers for unlawful payments to referring physicians. On December 19, 2023, DOJ announced a $345 million settlement with Community Health Network. The Indianapolis-based healthcare network was alleged to have engaged in an illegal scheme to recruit hundreds of local physicians (including cardiovascular specialists, neurosurgeons, and breast surgeons) for employment for the purpose of capturing their “downstream referrals” and paying these physicians salaries that were significantly higher than what they were receiving in their own private practices. On November 15, 2023, DOJ announced a $45.6 million settlement with Prema Thekkek, her management company, and six skilled nursing facilities she owned and operated. Thekkek was alleged to have hired physicians who promised in advance to refer large numbers of patients, paid physicians in proportion to the number of expected referrals, and terminated physicians who did not refer enough patients. And, on October 15, 2023, DOJ announced an $85 million settlement with Cardiac Imaging, Inc. (CII) and its founder, owner and CEO Sam Kancherlapalli. The kickback scheme involved CII allegedly paying kickbacks to referring cardiologists in the form of above-fair market fees to supervise PET scans for the patients these physicians referred to CII. CII paid the cardiologists for each hour CII spent scanning the cardiologists’ patients, including time the cardiologists were away from CII’s mobile scanning units providing care for other patients or were not even on site.

DOJ has also focused efforts on investigating Management Services Organizations (MSOs), physicians, and labs for organizing kickback referral schemes between healthcare providers and specific diagnostic labs. DOJ recently announced that it has recovered over $36 million relating to conduct involving MSO kickbacks to healthcare providers, which includes recoveries from 43 physicians. Two recent settlements include a November 2, 2023 $1.1 million settlement with Genesis Laboratories for alleged payments to two marketing companies to arrange for and recommend that healthcare providers in Missouri and Texas order Genesis’s laboratory tests; and a December 4, 2023 $880,000 settlement with three physicians and a former hospital executive who were involved in a scheme to receive kickbacks in exchange for ordering lab tests from specific diagnostic companies.

Defense Contractor Settles Investigation into Faulty Parts After Voluntary Self-Disclosure. On November 6, 2023, DOJ announced a $9.4 million settlement with General Electric’s aerospace business (“GE Aerospace”) involving allegations that it improperly inspected military aircraft engines and delivered propulsion units with “unallowable metal fragments” inside. GE Aerospace sold military engines to the U.S. Army and U.S. Navy from 2012 to 2019. A GE Aerospace spokesperson said that the company reported this to the Defense Department and cooperated with the investigation. MoFo can lead clients in conducting internal investigations when allegations of misconduct are raised by employees and navigate potential self-disclosures to DOJ.

Tactical Outfitter in Trouble for Claims that Gear was Made in America. On November 21, 2023, DOJ announced a $2.1 million settlement with London Bridge Trading Company for allegations involving the sale of products – including armor, boots, belts, bags, clothing, rope, slings, backpacks, and medical pouches – that it claimed were “American Made” when they were actually manufactured in China, Mexico, and Peru. DOJ alleged the company failed to comply with the requirements of the Buy American Act, Trade Agreements Act, and Berry Amendment, which create a preference for American-made products when selling products to the government.

State

On October 3, 2023, the Attorneys General for New York, New Jersey, and Georgia teamed up to filed a complaint in federal court against Fresenius Vascular Care and one of its executives alleging multiple counts of fraud and state FCA violations. The AGs allege that Fresenius regularly performed unnecessary medical procedures on patients with end-stage renal disease and forced patients to undergo excessive evaluations that subjected them to increased medical risk, in a scheme to defraud state Medicare and Medicaid programs. While we focus much of our attention on DOJ’s enforcement of federal FCA violations, companies should not forget that states are vigorously enforcing state FCA violations and working collaboratively with the federal government and the National Association of Medicaid Fraud Control Units.

[View source.]