Volume 24 | April 2022
Chilivis Grubman Continues Growth
Chilivis Grubman continues to grow and is excited to welcome Brandi Z. Murrain to the firm as an Associate.

Brandi began her career as a prosecutor in the second-largest prosecutor’s office in the United States. She honed her trial skills by serving as first chair counsel in dozens of criminal trials.

Brandi focuses her practice on the areas of white-collar criminal defense, government and internal investigations, False Claims Act litigation, and complex civil litigation.
Jury Acquits Former Boeing Test Pilot of Wire Fraud

On March 23, a federal jury in Fort Worth, Texas acquitted a former Boeing test pilot of charges for wire fraud stemming from his work on the Boeing 737 Max. In 2018 and 2019, system failures on the jets led to two fatal crashes and the deaths of 346 people. In October of 2021, a grand jury indicted Mark Forkner for allegedly deceiving the Federal Aviation Administration during the certification process for the 737 Max. Forkner served as chief technical pilot during the certification of the jet. The federal government alleged that Forkner intentionally hid information concerning the flight-control system, which ultimately caused the fatal crashes, from regulators at the FAA in order to avoid expensive flight simulator training for pilots with previous experience piloting other 737 jets. Forkner allegedly had made negative statements about the system’s performance in flight simulators in private but withheld that information from the FAA.

Ultimately, the jury was asked to decide whether Forkner had committed wire fraud. Wire fraud is the most common fraud charge pursued by the federal government. In order to prove that Forkner violated the wire fraud statute, the government needed to prove that Forkner intentionally participated in a scheme to defraud through the use of interstate wires (i.e., telephones or internet), and that the false or misleading statement or omission Forkner made was material. The government argued that Forkner had made false statements to the FAA in order to defraud airline customers of millions of dollars.  

However, Forkner’s attorneys told a different story. They told the jury that Boeing’s engineers had not provided Forkner with information concerning changes they had made to the flight-control system, which meant that statements made to the FAA were false, but that Forkner did not know the statements were false when he made them. His attorneys also said that Forkner was being scapegoated by Boeing in an attempt to shift blame and save face with the public. Forkner’s attorneys added that the allegedly negative statements about the flight-control system which Forkner privately made to a colleague were actually complaints about the flight simulator itself and not the flight-control system. After less than two hours of deliberation, the jury acquitted Forkner of the charges.
Medical Director of Addiction Treatment Facility Convicted in $112 Million Addiction Treatment Fraud Scheme

On November 8, 2021, Chilivis Grubman reported on the conviction of two clinic operators and brothers, Jonathan and Daniel Markovich. Jonathan Markovich owned and operated Second Chance Detox LLC, an inpatient detox and residential facility, and WAR Network LLC, a related outpatient treatment program. The two were convicted on November 4, 2021, for fraudulently billing services that were either never provided or deemed medically unnecessary.

The Department of Justice (DOJ) records stated that the brothers would engage in several illicit activities out of the clinics, including recruiting patients using kickbacks such as free airline tickets, cash payments, and drugs, billing for therapy sessions not administered, and excessively ordering medically unnecessary drug screens. The DOJ also stated the brothers would swap patients back and forth between the facilities in order to bill them as much as possible and were alleged to have given patients illicit drugs to ensure their need for the clinic’s expensive detox treatments.

On March 24, 2022, Dr. Jose Santeiro, the Medical Director of the same two facilities, was convicted after a 15-day trial of engaging in the same scheme that fraudulently billed approximately $112 million for substance abuse services. Santeiro was convicted of conspiracy to commit health care fraud and wire fraud and eight counts of health care fraud. He faces up to 100 years in prison.
Chilivis Grubman News

Later this month, on April 30, Chilivis Grubman Partner Scott Grubman will present at the Ambulatory Surgery Center Association (ASC) Annual Meeting in Dallas, Texas. He will be presenting on fraud and abuse enforcement, particularly related to ASCs.
FREE Webinars

Chilivis Grubman offers FREE on-demand webinars on various legal and compliance matters. Access the free webinars here.
Operators of Staffing Company Plead Guilty to Tax Conspiracy and Immigration Charges

On March 24, the Department of Justice announced the operators of ADB Services Inc., a Key West Labor Staffing Company, pleaded guilty to tax conspiracy and immigration charges related to the operation of their business.

Former City of Key West Police Officer Igor Kasyanenko and Roman Riabov both pleaded guilty to one count of conspiring to defraud the United States and harbor aliens and induce them to remain in the United States. Mikus Berzins and Andrejs Kozlovs both pleaded guilty to one count of knowingly hiring 10 or more aliens who were not authorized to work in the United States.

According to court documents, Berzins, Kasyanenko and Riabov owned and operated Phoenix ADB Services, Inc. from approximately 2014 to 2020. Kozlovs worked for the company from approximately 2016 to 2020. All four men admitted to facilitating the employment of individuals not authorized to work in the United States. The individuals gained the ability to work in hotels, bars, and restaurants in Key West and other locations.

The DOJ reported that the men admitted to paying the employees “without withholding Social Security, Medicare and income taxes from their wages, and then did not report those wages to the IRS.” According to court documents, Kasyanenko and Riabov admitted they “encouraged” workers to enter the United States and remain in the country, in violation of immigration laws.

All four defendants face up to five years in prison, a period of supervised release, and monetary penalties. In addition, Kasyanenko and Riabov may be required to pay restitution. The men are scheduled to be sentenced on May 27.
More Confusion and Litigation Concerning Leadership Committees

Stacey Abrams, the unopposed Democratic candidate for governor in Georgia, has filed a federal lawsuit seeking permission to utilize her leadership committee, a type of political committee available to the Republican and Democratic nominees for governor that may raise and spend unlimited funds in support of their respective campaigns. Governor Brian Kemp, the likely Republican nominee for governor, has been raising funds into his leadership committee for several months. As the incumbent, Governor Kemp could legally form and begin using his leadership committee last July, and Abrams argues that she should not have to wait until after the primary election to begin using hers.

For background, a “leadership committee” is a new campaign finance vehicle in Georgia, created last year, that is available only to the incumbent Governor, Lieutenant Governor and their respective general-election opponents (i.e., any party nominee for Governor or Lt. Governor “selected in a primary election”), as well as to the majority and minority caucuses in the state Senate and House of Representatives. Leadership committees are considered advantageous compared to other types of political committees because of their ability to accept and spend unlimited funds (unlike a political action committee) and coordinate such spending directly with any campaign they support (unlike an independent committee). For more information on leadership committees and how they compare to other political committees, please check out this earlier post.

Last month, a federal court ruled that Governor Kemp could not use his leadership committee’s funds against former Senator David Perdue, who is challenging Governor Kemp in the Republican primary to be the Republican gubernatorial nominee in November. Under Georgia law, Perdue is not allowed to have a leadership committee, whereas Kemp is, a status leading the court to side with Perdue, finding that Kemp’s leadership committee would give him an unfair advantage if used against Perdue in the primary. The court’s ruling, however, held that Governor Kemp’s leadership committee, Georgians First, could continue to fundraise and use those funds in other races, including in the upcoming general election for governor, should Kemp win the Republican primary.

Now that the qualifying period has ended, Georgia’s 2022 elections are set, as no other candidates can qualify to run at this point. Abrams, the only Democratic candidate for governor, contends that she has secured the Democratic nomination, even though the primary election has not occurred, and thus should not have to wait until May 24, the date of the primary, to utilize her leadership committee, One Georgia. For that reason, Abrams has asked the court for an emergency order authorizing her use of the committee, stating that she “will suffer ongoing and irreparable injury” until such authorization.
I don't know that there are any shortcuts
to doing a good job.

Justice Sandra Day O'Connor, U.S. Supreme Court
Real Estate Consultant Faces Up to Three Years in Prison for Filing False Tax Return

The government is cracking down on tax fraud. On March 24, the Department of Justice announced that the district court accepted a Michigan man’s guilty plea for filing a false individual income tax return with the IRS.

According to court documents, Steven A. Mills was a real estate consultant who managed Mills Real Estate Consulting LLC. From 2012 to 2015, the consulting firm received payments from third parties with whom Mills was conducting real estate transactions. Mills did not report the full amount of those payments on his federal income tax returns. According to the DOJ, in Mill’s 2014 federal income tax return, for example, he did not report to the IRS approximately $356,100 in payments made to Mills Real Estate Consulting LLC.

Mills is scheduled to be sentenced on June 14 and faces up to three years in prison a period of supervised release, restitution, and monetary penalties.
Physician Convicted for Unlawfully Prescribing Over 1 Million Opioid Pills

On March 24, the Department of Justice announced that James Pierre, a doctor in Houston, was convicted for unlawfully prescribing more than one million hydrocodone and carisoprodol pills. This opioid combination is widely known as a “Las Vegas Cocktail.”
According to the government, from June 2015 through July 2016, “Pierre prescribed the drugs to hundreds of individuals posing as patients each week.” Individuals referred to as “runners” were tasked with bringing numerous people to pose as patients at West Parker Medical Clinic in Houston. The DOJ considers West Parker “a pill-mill clinic,” an illegal facility that resembles a regular pain clinic but regularly prescribes medically unnecessary painkillers.

For his role in the scheme, Pierre received $220 to $500 in cash for each visit that resulted in prescriptions for the drugs. Over the course of time, West Parker made approximately $1,750,000 from the illegal prescriptions. Pierre personally received over $300,000.  

Pierre was convicted of one count of conspiracy to unlawfully distribute and dispense controlled substances and seven counts of unlawfully distributing and dispensing controlled substances. He is scheduled to be sentenced on June 27 and faces up to 160 years in prison. One co-conspirator pleaded guilty to conspiracy to unlawfully distribute controlled substances.
Access Device Fraud Scheme Lands Computer Consultant in Prison

On March 18, the United States Attorney’s Office for the Northern District of Georgia announced that Kevin Kirton, a computer consultant, had been sentenced to six years and nine months in prison and was ordered to pay restitution of over $600,000. Kirton pled guilty to a scheme involving fraudulent computer access that led to over $600,000 in stolen tax returns from the Internal Revenue Service. Kirton allegedly created a computer program that would allow users to file fraudulent tax returns with the IRS by accessing a cache of stolen identities to be used in filing fake returns in the names of the individuals whose identities had been stolen by criminal actors. The program could even be accessed remotely over the internet. Proceeds from the fraud – the tax refunds – were put on prepaid debit cards, which bore the names of the victims.

The government did not elaborate on how Kirton obtained the information of the individuals whose identities had been stolen; however, the government’s press release stated that Kirton had “effectively automat[ed] stolen identity tax refund fraud.” To further protect the scheme, Kirton developed a method to hide users’ IP addresses from the government to reduce the possibility that users would be identified. Kirton also allegedly developed a phone system that he believed could not be overheard by the government. After his arrest, Kirton allegedly went to further lengths to prevent his conviction. The government claims that Kirton contacted an associate to influence a cooperating witness’s testimony by making threats via the associate. However, the associate was in custody, and the phone calls were recorded. As a result, Kirton’s bond was revoked. Kirton pled guilty in June of 2021.
Former Hospice Owner Enters Guilty Plea related to COVID-19 Relief Funds Fraud

On March 18, 2022, the Department of Justice announced a guilty plea by Mr. Gurgen Israyelyan for the theft of government property associated with COVID-19 relief funds.

Mr. Israyelyan owned or controlled several entities, including Saint Christopher Hospice, Inc. in North Hollywood, California, according to the press release. The government noted that his hospice closed around September 2019 and was not operating during the COVID-19 pandemic. Despite the closure of his hospice before the pandemic, Mr. Israyelyan applied for COVID-19 relief funds and received nearly $90,000 in relief. The funds were designated for the care of COVID-19 patients. However, Mr. Israyelyan admitted he stole and misused these funds, including giving funds to family members and using funds for personal use.

Mr. Israyelyan also admitted to fraudulently submitting or causing to be submitted applications for Economic Injury Disaster Loans (“EIDL”) to the Small Business Administration for five entities that he owned or controlled – GMG Holdings LLC, Double G Ventures LLC, One Touch Assistants LLC, G.I. Construction Group, and his hospice. According to the government, Mr. Israyelyan received approximately $428,100 of EIDL funds, which he used for his benefit and in contradiction to EIDL requirements. EIDLs are part of an SBA program that provides low-interest financing to small businesses, renters, and homeowners in regions affected by declared disasters. The EIDL program was expanded under the CARES Act to provide loans to small businesses economically affected by the COVID-19 pandemic.

Mr. Israyelyan is scheduled to be sentenced on June 13, 2022, after he pled guilty to three counts of theft of government property. A federal district court judge will consider the U.S. Sentencing Guidelines and other factors when issuing a sentence, but Mr. Israyelyan faces up to 30 years in prison (10 years per count).
First Settlement Under DOJ Civil Cyber-Fraud Initiative Nets $930,000

On March 8, the Department of Justice announced that it had reached a settlement with a defense contractor resolving allegations that the contractor had violated the False Claims Act by failing to take sufficient steps to safeguard sensitive information from cyberattacks. Comprehensive Health Services LLC (CHS), a contractor providing medical services in Iraq and Afghanistan, agreed to pay $930,000 to resolve the allegations. CHS provided medical services to the Air Force and State Department between 2012 and 2019. During that time, CHS allegedly submitted claims to the State Department to recoup the cost of a secure electronic medical record system to protect the confidential information of American citizens.

Despite implementing the EMR system and submitting claims for payment to the government to recoup the cost, CHS personnel allegedly retained personally identifiable information of Defense and State Department personnel on unsecured network drives which were accessible to staff without the need to access that information. When informed of the unsecure practice, CHS allegedly failed to task steps necessary to ensure the information was stored on the secure EMR system.

The resolution of these allegations is the first settlement under the Department of Justice’s new Civil Cyber-Fraud Initiative. The Initiative “aims to hold accountable entities or individuals that put U.S information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”

CHS also allegedly sought reimbursement for controlled substances for which it did not have a license to handle. CHS allegedly failed to obtain a DEA license necessary to export controlled substances from the United States to Iraq. CHS was also required to provide medical supplies and controlled substances approved by the FDA and European Medicines Agency. However, the government alleges that CHS falsely represented that some of the substances it provided were approved by FDA and EMA. CHS allegedly accomplished this by requesting physicians in South Africa to prescribe controlled substances not approved by FDA and EMA and having those substances shipped to Iraq. Those substances were then, allegedly, provided to patients under federal government contracts.
Highlights from Protenus’ 2022 Breach Barometer Report

Protenus, a healthcare compliance analytics company that offers privacy monitoring and drug diversion surveillance technology, has become a reliable source for healthcare and privacy professionals. Since 2016, Protenus has published an annual report, the “Breach Barometer,” that analyzes data breaches in the healthcare industry. Setting itself apart, the Breach Barometer’s report considers data from traditional sources, such as the U.S. Department of Health and Human Services, but also “includes proprietary, non-publicly available data on the status of health data breaches across the country.” Protenus recently released its 2022 Breach Barometer report, which includes data compiled and analyzed by DataBreaches.net and Protenus.

At the outset, according to DataBreaches.net, “this year’s figures, while significantly higher than last year’s, are undoubtedly significantly underestimating the actual number of both reports and breaches because some data sources that we had for the 2021 report were not available in time for the 2022 report.” Despite not having all data sources as in the past, the 2022 Breach Barometer report is telling.

Protenus identifies three key findings. First, over 50 million patient records were affected by healthcare data breaches (a 24% increase from 2020). Second, there were approximately 905 data breach incidents in 2021. This equates to over 2 breaches per day and a 19% increase from 2020 (up from 758 unique incidents reported in 2020). Finally, there was a 44% increase in hacking incidents compared to 2020. Regarding hacking incidents, companies should note that Protenus and DataBreaches.net “are aware that many of the incidents that get coded as ‘hacks’ actually begin with employees falling for phishing attacks or making some other error that allows threat actors to gain initial access,” according to DataBreaches.net.

Beyond Protenus’ three key findings, the 2022 Breach Barometer report (and prior year reports) reflect other notable findings. For example, hacking incidents have increased for six consecutive years and continue to have a significant impact; 75% of 2021 breaches were due to hacks and resulted in over 43.7 million records being exposed or stolen. According to Protenus, the largest hacking incident in 2021 resulted from an IT Business Associate of a children’s health plan failing to address website vulnerabilities resulting in hackers gaining access to millions of records. While not named by Protenus, the health plan referenced is likely Florida Healthy Kids Corporation. Protenus explained that the incident affected as many as 3,500,000 individuals who applied for health insurance between 2013 and December 2020.

There were positive findings. The breach discovery time decreased significantly, approximately 30% year-over-year to 132 days. Despite the decrease in breach discovery time, the 2022 Data Breach report identified an increase in reporting time. The average time to report a data breach increased from 85 days in 2020 to 118 days in 2021. The 2021 median time was 62 days – 2 days beyond the HIPAA Breach Notification Rule requirement. Also, there were 111 insider breaches, which is a 26% reduction from 2020. It should be noted, however, that 2020 saw an unusual spike in insider incidents – which could be COVID-19 related. And the 2021 insider breaches (111) are relatively on par with the 110 insider incidents in 2019. Despite the unusual 2020 spike, there has been a general decrease in insider incidents since Protenus published its Breach Barometer reports in 2016, though some insider incidents may be classified as hacks as DataBreaches.net noted. Chilivis Grubman attorneys recently discussed OCR Director Lisa Pino’s blog post titled “Improving the Cybersecurity Posture of Healthcare in 2022,” and cautioned covered entities and business associates to heed Director Pino’s warnings and take meaningful steps to reduce the likelihood of a cyber event occurring and the impact of such an event. The Breach Barometer report further shows the unfortunate reality that data breaches are not declining. Companies should take meaningful and intentional action.

To download the 2022 Breach Barometer report, or for more information, please visit: https://www.protenus.com/resources/2022-breach-barometer

To obtain information from Datebreaches.net related to the 2022 Breach Barometer report, please visit:
Potentially Discriminatory Voting Districts to Remain in Effect for the 2022 Elections

Around the country, state legislatures have been crafting new voting maps following release of the 2020 Census data to re calibrate districts with the appropriate number or proportion of residents for each district. Many newly created maps were swiftly challenged by various organizations or political parties that claimed the maps had been redrawn improperly, for example, in a discriminatory fashion so as to dilute the voting power of a particular demographic. Lawsuits addressing those challenges are just now being resolved ahead of the 2022 elections.

Here in Georgia, newly drawn congressional and state legislative districts were challenged in federal court for allegedly violating the Voting Rights Act by unlawfully minimizing the voting strength of African-American Georgians. The court found that the groups bringing the lawsuit were “likely to ultimately prove that certain aspects of the State’s redistricting plans are unlawful,” but the court nonetheless ruled that the potentially discriminatory maps would be allowed in the 2022 elections because changing the maps this close to the election would likely disrupt the electoral process.

The U.S. Supreme Court has weighed in on maps for other states. Last month, the Court issued a 5-4 decision on a similar situation in Alabama. Earlier, a three-judge panel on a lower court, including two Trump-appointed judges, found that Alabama’s legislature illegally redrew maps to disfavor African-American voters in the state, and the panel ordered the legislature to redo the maps before the election. The Supreme Court decision halted the panel’s order from taking effect before the election, allowing the legislature’s maps to be used, despite their apparent discriminatory nature. More recently, however, on March 7, 2022, the U.S. Supreme Court opted not to disturb decisions by state courts in North Carolina and Pennsylvania which replaced maps drawn by the respective states’ Republican-controlled legislatures that the courts had determined were drawn to give Republicans an unfair advantage. Although the U.S. Supreme Court did not explain why it sided with the state courts, language in its recent decisions suggests a reluctance to change maps so close to an upcoming election, an important consideration to the federal court in its ruling regarding Georgia’s new maps.

The legality of newly drawn maps will continue to be litigated after this year’s elections. For now it seems, in some states at least, including Georgia, new districts will remain in place for the current elections, even if the courts indicated that such maps could be discriminatory.
Notable Changes to Georgia Campaign Finance and Ethics Laws Take Effect

In March, the Georgia General Assembly passed and Governor Kemp signed into law Senate Bill (SB) 120, titled the “Ethics in Government Act of 2021.” This bill ushered in a number of meaningful changes and additions to the campaign finance and ethics laws already in place. SB 120 also renamed the Chapter of the Georgia Code containing those laws to the “Georgia Government Transparency and Campaign Finance Act.”

Among the changes brought about by SB 120 is the requirement that a candidate discloses the source(s) of his or her income for the five years leading up to the election in which the candidate is running. Previously, a candidate had to disclose their “financial affairs” for only the one year preceding their election.

SB 120 also clarifies and further restricts what a candidate can do with any leftover or unused campaign funds. The new law expressly prohibits using such funds to make any “gifts, loans, or investments” to the candidate, the candidate’s family, a business owned or partially owned by the candidate or a member of the candidate’s family, a trust benefiting the candidate or a member of the candidate’s family, or a nonprofit which is either controlled by or employs the candidate or a member of the candidate’s family.

Finally, SB 120 gives some additional “teeth” to the Georgia Government Transparency and Campaign Finance Commission to enforce these changes as well as those laws that were already in place. Rather than being limited to investigating complaints of alleged misconduct that are submitted to the Commission by some outside party, now complaints can also be made by an attorney working for the Commission, enabling the Commission to initiate an investigation on its own.

As always, but especially considering that SB 120 gives the state more enforcement tools, candidates will want to be aware of and adhere to all Georgia campaign finance laws to ensure they do not run afoul of the requirements concerning use and reporting of campaign funds.
DOJ Names Chief Prosecutor for Pandemic Relief Fund Fraud

On March 10, the Department of Justice announced the appointment of a chief prosecutor to oversee enforcement efforts stemming from fraud against COVID-19 pandemic relief funds. Associate Deputy Attorney General Kevin Chambers has been named the Director for COVID-19 Fraud Enforcement. President Joe Biden announced the creation of the position on March 1, stating that criminals had defrauded the American people out of billions of dollars in relief that was meant for small businesses and their workers. Mr. Chambers is set to “focus on the most egregious forms of pandemic fraud,” including identity theft by foreign-based actors. DOJ will utilize advanced analytics to identify especially sophisticated fraud schemes against the programs.

COVID relief fund fraud has been a focus of the Department of Justice since the various programs’ inceptions. In May of 2021, the Department established the COVID-19 Fraud Enforcement Task Force to investigate claims of fraud against these programs. Along with announcing the chief prosecutor, President Biden has called for additional resources for the task force to combat the rampant fraud against the programs. However, the President cannot allocate the funds unilaterally, and Congress would need to act to provide those additional resources.

Individuals and entities found to have defrauded COVID-19 relief funds face charges for mail and wire fraud, which may result in significant prison terms and criminal monetary penalties. The President has called on Congress once again to enact heightened penalties for individuals who are found to have committed fraud against the relief funds; however, it remains to be seen whether Congress would find additional penalties necessary given the potential lack of deterrent effect. Along with criminal fraud charges, individuals and entities who have engaged in fraudulent activity in connection with COVID relief funds face potential liability under the False Claims Act. If found liable under the False Claims Act, defendants potentially face damages triple the amount that they actually received from the COVID relief programs.
OCR Director Encourages Enterprise-Wide Risk Analysis and Stronger Cyber Posture for Covered Entities and Business Associates

On February 28, 2022, the Director of the U.S. Department of Health and Human Services Office for Civil Rights, Lisa Pino, published a blog post titled “Improving the Cybersecurity Posture of Healthcare in 2022.” Ms. Pino’s blog post was a call to action, encouraging covered entities and business associates to strengthen their cyber posture in 2022 and to perform enterprise-wide risk analyses.

Ms. Pino now leads the enforcement of HIPAA Privacy, Security, and Breach Notification Rules. Her blog discusses her government service and experience related to cyber attacks and cyber breach mitigation and notes her intention to continue “prioritizing cyber security and patient privacy.” Ms. Pino highlighted what many people have observed – increased publicity and occurrence of cyber attacks in 2021, especially in the healthcare industry. She noted that “[f]or healthcare, [2021] was even more turbulent as cyber criminals took advantage of hospitals and healthcare systems responding to the Covid-19 pandemic.” As an example, Ms. Pino highlighted the vulnerabilities in the popular Java-based logging software, “Log4J,” which cyber criminals have reportedly exploited to gain access to servers and networks. The increased reporting of cyber attacks and vulnerabilities underscore why health care companies must be “vigilant in their approach to cybersecurity,” according to Ms. Pino.

One important observation that Ms. Pino also identified related to risk management policies and their limited scope. Ms. Pino noted that many risk management policies are limited to electronic health records as opposed to the entire organization. She cautioned: “I cannot underscore enough the importance of enterprise-wide risk analysis. Risk management strategies need to be comprehensive in scope. You should fully understand where all electronically protected health information (ePHI) exists across your organization – from software to connected devices, legacy systems, and elsewhere across your network.”

Ms. Pino provided a few best practices, including (1) employee training; (2) conducting regular scans to identify vulnerabilities; (3) maintaining offline, encrypted backups (and regularly testing backups); and (4) obtaining regular patches and updates. She also provided several resources and guidance materials on various topics.

Covered entities and business associates should heed Ms. Pino’s warnings. Cyber attacks are not declining. Organizations should take meaningful steps to reduce the likelihood of a cyber event occurring and reduce the impact of such an event. Now that Ms. Pino has informally encouraged “enterprise-wide risk analysis,” covered entities and business associates should be prepared for inquiries and questions in future OCR investigations related to the scope of their risk analysis and should be prepared to show that an enterprise-wide risk analysis was performed.
Florida Tax Preparers Sentenced to Prison for Fraud Scheme

On March 4, 2022, the Department of Justice announced the sentencing of two Florida tax preparers. Nikency Alexis, the owner and operator of Unity Tax & Financial Services, a Broward County tax preparation business, was sentenced to 45 months in prison, and Thony Guillaume, who worked as a return preparer at the same business, was sentenced to 40 months in prison for conspiring to defraud the United States and preparing false tax returns.

According to court documents, from 2011 through 2016, Alexis and Guillaume conspired to defraud the IRS by preparing returns for clients that claimed business and education expenses the clients did not incur. After learning about the criminal investigation, Alexis and Guillaume are said to have continued filing false returns and concealed their involvement in the filing of those returns by listing other individuals as the paid preparers. In total, Alexis and Guillaume were accused of seeking more than $2.8 million in fraudulent refunds from the IRS.

In addition to the terms of imprisonment, the Judge ordered Alexis to serve three years of supervised release and to pay approximately $464,006 in restitution to the IRS. The judge ordered Guillaume to serve three years of supervised release and to pay approximately $221,823 in restitution to the IRS.
To read all of this month’s client alerts, please visit our website blog by clicking our link below: