Volume 11 | November 2020
DOJ Announces Cryptocurrency Enforcement Framework

Although the advent of cryptocurrency has many advantages for an increasingly digital economy, it is not without its perils. The central features of cryptocurrency – decentralized operation and control and high degrees of anonymity – make the technology attractive to bad actors and present unique challenges to law enforcement. The Department of Justice (“DOJ”) Cyber-Digital Task Force recently released its Cryptocurrency Enforcement Framework (“Framework”), which provides a comprehensive overview of emerging threats due to the increasing use of cryptocurrency and outlines the DOJ’s response strategies. 

Attorney General William Barr has stated that ensuring the use of cryptocurrency “is safe and does not imperil our public safety or our national security is vitally important to America and its allies.” The Framework is intended to inform the public of the ways in which legitimate technologies can be used for improper purposes (e.g., fundraising for terrorism, ransom, extortion, blackmail, money laundering, and trading in illegal goods like guns or drugs) and how to comply with the laws governing this technology. The report notes that the DOJ has prosecuted malfeasance and illegal uses of cryptocurrency under a number of federal laws that have been adapted to this emerging technology. The Framework also highlights DOJ’s cooperation with international and domestic partners including the Securities and Exchange Commission, the Commodities Future Commission, and agencies within the Department of Treasury. Each of these agencies has monitored threats and created enforcement mechanisms to crack down on use of cryptocurrency for illegal purposes. For example, the Treasury Department’s Office of Foreign Assets Control’s recently advised that companies that facilitate ransom payments on behalf of ransomware victims may be subject to steep monetary penalties. Read Chilivis Grubman’s post about the advisory here. As this technology becomes more widely used, a comprehensive and coordinated enforcement approach will be necessary.  

As digital currency becomes more ubiquitous, so too will the legal regulations that accompany such technology. It behooves everyone to be aware of such threats and how seemingly innocent behavior could run afoul of federal law.
DOJ Reports Five COVID-19 Relief Fraud Enforcement Actions involving Over $50M
in October 2020

In March 2020, President Trump signed into law the Coronavirus Aid, Relief, and Economic Security Act (“CARES Act”). Since the CARES Act’s enactment, CG attorneys have cautioned recipients about increased oversight and enforcement. In April 2020, CG attorneys discussed the creation of the Special Inspector General for Pandemic Relief, which is tasked with auditing and investigating funds distributed under the Act. The CARES Act also established the Paycheck Protection Program (PPP), under which the federal government has made billions of dollars in forgivable loans to businesses that met certain criteria. Chilivis Grubman has published several blog posts regarding the PPP and related fraud enforcement actions, including increased government scrutiny for PPP recipients, the first federal PPP loan fraud prosecution, and the prosecution of a reality television star

The DOJ’s scrutiny of relief funds related to COVID-19 continues. In October 2020 alone, the DOJ announced at least five enforcement actions allegedly involving schemes to defraud the government of $51 million related to COVID-19 relief funds.

In a press release dated October 6, 2020, the DOJ announced charges against a Florida recording artist and a Pennsylvania man for their role in a $24 million COVID-19 relief fund scheme. According to the government, the men allegedly used falsified documents to obtain PPP funds, sought PPP funds for others in exchange for kickbacks, purchased luxury items, and paid kickbacks to co-conspirators. The government also noted that eleven other defendants were involved in the scheme.   

On October 9, 2020, the DOJ announced charges against a Texas man, who allegedly submitted 15 fraudulent applications for approximately $24.8 Million in PPP loans, of which he received $17.3 million. The Texas man was charged with multiple counts of bank fraud, money laundering, and wire fraud.

On October 22, 2020, the DOJ announced charges against five individuals who allegedly sought over $1.1 million in PPP loan funds. The government alleges that the defendants misrepresented the number of employees and the amount of payroll expenses and submitted false tax documents. On the same day, the DOJ also announced charges against a thirty-five-year-old software developer who admitted submitting fraudulent applications for PPP loans. Similar to other fraudulent schemes, the software developer created and used fake entities, fake payroll records, and fake tax records on PPP loan applications. 

On October 27, 2020, the DOJ announced charges against a Washington man who allegedly submitted false information and documents to receive COVID-19 relief funds. Additionally, the government alleged that the defendant made false and misleading statements about the companies’ respective businesses and operations when the entity had none. 

In the press releases, the government alleges very serious felonies that could lead to a multi-year prison sentence. The government’s scrutiny of COVID-19 relief funds will continue for the foreseeable future. 
False Claims Act: Will the U.S. Supreme Court Define “Falsity”?

The federal False Claims Act (FCA) imposes liability for treble damages and civil penalties on “any person who [among other things] … knowingly presents, or causes to be presented, a false or fraudulent claim for payment” to the federal government or who “knowingly makes, uses, or causes to be made or used, a false record or statement material to a false or fraudulent claim.” Today, most FCA enforcement actions involve healthcare providers accused of submitting false claims for reimbursement to federal healthcare programs such as Medicare, Medicaid, or TRICARE. 

To prevail in an FCA action, the plaintiff (either the federal government or a whistleblower, known under the FCA as a “relator”) must show, among other things, that the defendant made a false claim or used a false statement or record in connection with a claim presented to the government. However, there is some ambiguity as to what constitutes “falsity” in this context. For instance, federal regulations prohibit Medicare reimbursement for services that are not “reasonable and necessary.” Thus, when a healthcare provider submits a claim for reimbursement to Medicare, they represent that the services for which they are seeking reimbursement were reasonable and necessary. If it is determined that those services were not, in fact, reasonable and necessary, the healthcare provider may be liable for making a false claim under the FCA, assuming the other elements of an FCA claim are met. 

But what happens if a healthcare provider’s clinical judgment genuinely led them to the view that the services were reasonable and necessary, but the FCA plaintiff disagrees? Moreover, what if the healthcare provider is able to offer evidence – in the form of expert testimony or otherwise – that the services were, in fact, reasonable and necessary?  

Unfortunately, the answers to these questions are not simple, and vary across the federal circuit courts. For instance, in United States v. AseraCare, Inc., the Eleventh Circuit found that an FCA plaintiff must show an “objective falsehood” to prevail on an FCA claim and explained that “a reasonable difference of opinion among physicians reviewing medical documentation ex post is not sufficient on its own to suggest that those judgments—or any claims based on them—are false under the FCA.” United States v. AseraCare, Inc., 938 F.3d 1278, 1297 (11th Cir. 2019). A few months later, however, the Ninth Circuit rejected this position and held that “the FCA does not require a plaintiff to plead an ‘objective falsehood.’” Winter ex rel. United States v. Gardens Reg’l Hosp. & Med. Ctr., Inc., 953 F.3d 1108, 1119 (9th Cir. 2020) (emphasis added).  In its opinion, the Ninth Circuit found that that even an honestly held clinical opinion about the need for medical services can be “false” if that opinion is inconsistent with “accepted standards of medical practice.” The Third Circuit also appears to have adopted this view in United States v. Care Alternatives, 952 F.3d 89, 100 (3d Cir. 2020), wherein the court declined to impose an “objective falsehood” requirement and found that “a difference of medical opinion is enough evidence to create a triable dispute of fact regarding FCA falsity.”

The U.S. Supreme Court has not weighed in on these varying approaches, but the defendant in Care Alternatives has filed a petition for certiorari in the hopes that it will do so. Moreover, a number of other parties, including the U.S. Chamber of Commerce, have filed amicus briefs in support of the petition. If the petition is granted, the U.S. Supreme Court will have an opportunity to give healthcare providers and other government contractors some clarity regarding their potential liability under the FCA. 
Special Fraud Alert: HHS Warns of Risks Associated With Speaker Programs

On November 16, 2020, the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a Special Fraud Alert (“Alert”) highlighting the fraud and abuse risks associated with speaker programs. The Alert confirms the government’s scrutiny of speaker programs, which it defines as company-sponsored events at which a healthcare professional makes a speech or presentation to other healthcare professions about a drug, device, or a disease state on behalf of the company that provides the speaker remuneration. When remuneration is paid purposefully to induce or reward referrals of items or services payable by a Federal healthcare program, the anti-kickback statute is violated. Importantly, remuneration is broadly defined and includes “anything of value, directly or indirectly, overtly or covertly, in cash or in kind.”

Although an unnamed pharmaceutical trade group explained that individuals participate in speaker programs to educate other healthcare professions, the “OIG is skeptical about the educational value of such programs.” The OIG cites multiple studies (including a JAMA article) for the proposition that healthcare professionals that receive remuneration from a company are more likely to prescribe or order that company’s products. The OIG also notes that the availability of information offered in speaker programs (that do not involve remuneration) also suggests that at least one purpose of remuneration associated with speaker programs is to induce or reward referrals. 

The OIG provided a list (not exhaustive) of “suspect characteristics” that potentially indicate a speaker program arrangement that could violate the anti-kickback statute.

  1. The company sponsors speaker programs where little or no substantive information is presented.
  2. Alcohol is available or a meal exceeding modest value is provided to the attendees of the program (the concern is heightened when the alcohol is free). 
  3. The program is held at a location that is not conducive to the exchange of educational information (e.g., restaurants or entertainment or sports venues). 
  4. The company sponsors many programs on the same or substantially the same topic or product, especially in situations involving no recent substantive change in information. 
  5. There has been a significant period with no new medical or scientific information nor a new FDA-approved or cleared indication for the product. 
  6. HCPs attend programs on the same or substantially the same topics more than once (as either a repeat attendee or as an attendee after being a speaker on the same or substantially the same topic). 
  7. Attendees include individuals without a legitimate business reason to attend the program, including, for example, friends, significant others, or family members of the speaker or HCP attendee; employees or medical professionals who are members of the speaker’s medical practice; staff of facilities for which the speaker is a medical director; and other individuals with no use for the information.
  8. The company’s sales or marketing business units influence the selection of speakers or the company selects HCP speakers or attendees based on past or expected revenue that the speakers or attendees have or will generate by prescribing or ordering the company’s product(s) (e.g., a return on investment analysis is considered in identifying participants). 
  9. The company pays HCP speakers more than fair market value for the speaking service or pays compensation that considers the volume or value of past business generated or potential future business generated by the HCPs.

The OIG’s Alert provides a clear warning to any healthcare professional engaged in or considering engaging speaker programs. “Parties involved in speaker programs may be subject to increased scrutiny.” If the requisite intent is present, the OIG warned that the company and the healthcare professional “may be subject to criminal, civil, and administrative enforcement actions” for improper speaker program arrangements, according to Alert. Not mentioned in the Alert, but of equal concern, are state anti-kickback and false claims act laws that often closely mirror federal counterparts. In some circumstances, violating the federal anti-kickback statute or the False Claims Act could also create state culpability exposure.

The OIG’s Alert and warnings of increased scrutiny should not be considered idle warnings. Chilivis Grubman attorneys have written extensively about enforcement actions related to speaker programs, speaker fees, consulting fees, and related activities. In July 2020, Chilivis Grubman attorneys wrote about False Claims Act settlements totaling $729 million for alleged kickbacks paid to doctors under the guise of speaker programs. Chilivis Grubman attorneys also wrote about an $18 million False Claims Act settlement related to speaker programs. 
Georgians Overwhelmingly Approve Constitutional Amendment
Waiving Sovereign Immunity

Leading up to the recent elections, we explained the three constitutional amendments that Georgia voters would be asked to decide. All three amendments passed. In particular, nearly 80% of Georgia’s voters approved amending Georgia’s constitution to waive sovereign immunity, overturning a deeply ingrained judicial doctrine that prevented Georgia’s state courts from hearing constitutional challenges to its own state’s laws. As Justice Keith Blackwell explained, “the constitutional doctrine of sovereign immunity forbids our courts to entertain a lawsuit against the State without its consent.” Until now, the State of Georgia had to agree to be sued in state court before someone could challenge the constitutionality of a state law.  In fact, Georgia was the only state in the country where state courts were stripped of the power to declare a state law unconstitutional or not. Georgians were forced to challenge Georgia laws in federal court, without the option to do so in their own state courts.

Recognizing the need to remedy the issue, twice state lawmakers passed bills that would have waived sovereign immunity, only to be vetoed by Governor Deal in 2016 and Governor Kemp in 2019. By placing the issue on the ballot as a constitutional amendment, lawmakers were able to remove the threat of veto because constitutional amendments cannot be vetoed.

Now that voters have amended the state constitution to waive sovereign immunity, Georgians can turn to their own state’s courts to challenge Georgia law. The amendment allows people to seek declaratory and equitable relief against state and local governments for acts that are “outside the scope of lawful authority or in violation of the laws or the Constitution of this state or the Constitution of the United States.” The law does not authorize lawsuits against the state and county for money; rather, it authorizes lawsuits against the state and counties in order to declare laws to be unconstitutional and to enjoin their enforcement. Time will tell how litigants will use this new law to seek redress in Georgia courts.
COVID-19 Testing: Are Out-of-Network Providers Charging Too Much?

The Coronavirus Aid, Relief, and Economic Security (CARES) Act, enacted on March 27, 2020, requires insurers to “provide coverage [for], and…not impose any cost-sharing (including deductibles, copayments, and coinsurance) requirements or prior authorization or other medical management requirements,” on COVID-19 testing. The CARES Act also requires that providers publicize the “cash price” of their COVID-19 diagnostic tests. If an out-of-work provider complies with this requirement, the CARES Act requires that the patient’s health plan to issue a reimbursement “in an amount equal to the cash price the provider lists on a public internet website.”  

According to an October survey by America’s Health Insurance Plans (AHIP), this “cash price” requirement “eliminates [health plans’] ability to negotiate more affordable test prices” with out-of-network providers. AHIP’s survey indicates that the share of tests being administered by out-of-network providers has increased by 14% since July. Moreover, the share of out-of-network tests costing an amount “significantly higher” than the average price (i.e. $185 or more) increased by 10%. According to AHIP, this survey indicates that providers of COVID-19 tests are engaging in “price gouging,” which can be remedied by, among other things, Congress “setting a reasonable market-based pricing benchmark for tests delivered out of network.”  

In the meantime, several states have already taken action to try and constrain costs. The insurance commissioners of Tennessee and North Dakota have urged out-of-network testing providers to accept reimbursement in an amount equal an insurer’s in-network rate. The state of Georgia has opened “a number of formal investigations into alleged price gouging” and the state of Florida has conducted at least one price gouging investigation of a hospital.

Regulatory interest in COVID-19 test pricing could wane as Americans gain access to several vaccines set to be approved for distribution in the coming weeks. However, according to Health and Human Services Secretary Alex Azar, there will not be enough doses to vaccinate all Americans until late March or early April of 2021, and even this timeline is considered optimistic by some experts. In the meantime, COVID-19 cases and deaths are reaching new heights, and this trajectory is expected to continue throughout most of the winter. States are therefore likely to continue to closely monitor COVID-19 test pricing well into next year. 
Opioid Crisis: DOJ Nets $8.5 Billion in Fines and Penalties from Manufacturer of OxyContin

Over the last few years, state and federal law enforcement agencies have brought a number of criminal and civil actions to hold pharmaceutical companies accountable for the opioid crisis. The latest milestone in the pursuit of accountability is a DOJ settlement with Purdue Pharma, the manufacturer of OxyContin.  

Purdue Pharma began manufacturing OxyContin in the mid-1990’s and the company is viewed by the government as the originator of the aggressive and misleading marketing of opioids that drove the epidemic. According to the DOJ settlement, those marketing efforts included paying kickbacks to doctors to write prescriptions of the addictive painkiller. Since 1999, more than 450,000 Americans have died of overdoses and other opioid-related causes and OxyContin is understood to have caused more of those deaths than any other prescription drug.  

Under the settlement, Purdue Pharma agreed to plead guilty to one count of violating of the Food, Drug, and Cosmetic Act and two counts of violating the federal Anti-Kickback Statute, and agreed to pay $8.3 billion in fines and penalties. Because the company does not have $8.3 billion in cash, it will be dissolved, and the remaining assets will be used to form a “public benefit company.” The newly formed company’s future earnings will be used to pay Purdue Pharma’s outstanding fines and penalties. Members of Sackler family, who own Purdue Pharma, are required to pay $225 million in civil penalties under the settlement. Addressing the settlement, the members of the Sackler Family stated that they “acted ethically and lawfully” and that Purdue Pharma’s board “relied on repeated and consistent assurances from Purdue’s management team that the company was meeting all legal requirements.”

Many individual states have also filed claims against Purdue Pharma, seeking more than $2 trillion in the aggregate, and many of these states oppose the DOJ’s settlement. After the settlement was announced, more than twenty-five state attorneys general wrote a letter expressing their opposition and arguing that the government should not participate in the sale of opioids. Several state attorneys general have also protested the lack of individual criminal charges against members of the Sackler family or Purdue Pharma executives, but the settlement does not preclude the DOJ from bringing such charges at a later date.
Healthcare Providers Targeted in Wave of New Ransomware Attacks

We've written before about regulators’ and prosecutors’ increasing efforts to fight cybercrime in the COVID-19 era, and about how the most common form of cybercrime is Business Email Compromise (BEC) fraud. Last week, federal agencies reminded us about the particular vulnerability of healthcare providers to such cyber-attacks. The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Health and Human Services (HHS) issued a joint alert last Wednesday in which they stated that they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The agencies warn that these new attacks, allegedly orchestrated by a Russian-speaking criminal gang, can cause “data theft and disruption of healthcare services.”  

According to the agencies, these cybercriminals use ransomware that is seeded through a network of zombie computers. When the ransomware attack commences, the victim’s data is scrambled and rendered useless. The only way to unscramble the victim’s data is with a “key,” which can only be obtained from the cybercriminals in exchange for a substantial ransom payment.

Ransomware attacks have been particularly frequent over the last 18 months, with local governments and healthcare providers hit especially hard. According to one analyst, at least 59 U.S. healthcare providers/systems have already been affected by ransomware this year. Last month, a ransomware attack effectively shut down the computer system of a hospital, forcing doctors and nurses across 250 U.S. facilities to handwrite their records. The cybercriminals understand that this type of disruption puts patient lives in danger, which can increase the likelihood that the ransom will be paid.  

The cost associated with the disruption caused by ransomware often outweighs the cost of a ransom payment, but giving in to a cybercriminal’s demand may pose its own risks. Paying a ransom may encourage additional attacks in the future and it may even lead to government scrutiny and the imposition of civil monetary penalties
HHS Levies $25,000 Fine in Tenth HIPAA Right of Access Enforcement Action

Over the past year, CG attorneys have alerted readers about the focus of U.S. Department of Health and Human Services’(HHS) Office of Civil Rights (OCR) on patient access to records in its “HIPAA Right of Access Initiative.” Under this initiative, OCR announced at least ten settlements involving medical practices that allegedly violated HIPAA’s record access requirements.  

The HIPAA Privacy Rule generally requires covered entities to provide individuals access to their “designated record sets” maintained by or for the covered entity. The access requirements generally do not apply to (1) information not considered “designated record sets,” as defined by 45 C.F.R § 164.501, (2) psychotherapy notes, and (3) records created in reasonable anticipation of or for a civil, criminal, or administrative action. 45 C.F.R. § 164.524.

On November 6, 2020, HHS announced a $25,000 settlement involving Riverside Psychiatric Medical Group (“RPMG”). OCR’s investigation was initiated after it received a complaint from an RPMG patient in March 2019. The patient alleged that RPMG did not provide a copy of her medical records despite multiple requests the month prior. OCR provided RPMG technical assistance regarding complying with the HIPAA record access requirements and closed its investigation. The following month, OCR received a second complaint, which alleged that RPMG had yet to provide requested records. During OCR’s investigation, RPMG asserted that it did not have to comply with the request, as the requested records contained psychotherapy notes. However, OCR noted that RPMG had to provide medical records that did not contain psychotherapy notes and that were not created in anticipation of or for civil, criminal, or administrative actions. RPMG was also required to provide a written explanation for denying the request – even if the denial was a partial denial.

Between September and October 2020, OCR settled seven enforcement actions as part of its HIPAA Right of Access initiative. The settlements ranged from $3,500 to over $150,000 and included corrective action plans. Providers and medical practice administrators should familiarize themselves with patients’ rights under HIPAA to access protected health information by reviewing the related statutes (45 C.F.R. § 165.524) and HHS guidance. Enforcement actions will continue. Last month, Roger Severino, OCR Director, stated that “HIPAA entitles patients to timely access to their records and [OCR] will continue our stepped-up enforcement of the right of access until covered entities get the message.”
Recent Decision: Transfer to Georgia’s Statewide Business Court Requires Agreement of All Parties

The Business Court, Georgia’s first statewide in the past 114 years, opened on August 30, 2020. The Business Court is a specialized commercial court created to promote the efficient and predictable resolution of complex litigation. Although lauded as a way to provide expertise for the adjudication of complex matters, the ability of the Business Court to achieve that goal hangs dangerously in the balance. 

Unlike other courts in Georgia, and indeed nationwide, the Business Court cannot hear a case until both parties agree to have the case heard there. In a recent opinion, Overlook Gardens Properties LLC v. Orix USA, the Business Court interpreted the governing legislation and determined that one party’s objection to transferring a case to the Business Court is fatal to the transfer. The order was issued by the Georgia Court of Appeals Presiding Judge Sara Doyle, who sat by designation after Business Court Judge Walt Davis had recused himself due to a conflict of interest with one of the litigants. 

As a practical matter, the court’s interpretation of its own jurisdiction severely limits the ability of the court to hear contested matters. The future of the Business Court likely rests with the legislature, who has the ability to amend the governing legislation and expand the court’s jurisdiction. For now, the Business Court’s docket remains small. Only 15 cases are currently pending in the court, but in 12 of those cases, one of the parties has objected to having the case resolved by the Business Court. The docket is expected to drop to 3 cases and the court will be refunding parties’ filing fees. 


Give thanks not just on Thanksgiving Day,
but every day of your life. Appreciate and
never take for granted all that you have.



Scott Grubman and Ramsey Prather (Butler Wooten & Peak) and are excited once again be co-chairing the Second Annual False Claims Act Summit which, of course, will be virtual this year. The Summit will be held on December 9 from 1-5 pm and will include attorneys from all across the FCA spectrum, including plaintiff/relator counsel, defense counsel, and government attorneys, and will be immediately followed by a networking happy hour, featuring a virtual cocktail class. This conference has been approved by the Georgia Bar for 3 CLE hours. And, the seminar is free of charge! You can view the agenda here and register here.
This month, Chilivis Grubman attorneys Scott Grubman and Christian Dennis published an article in the AHLA (American Health Law Association) Weekly entitled OIG Warns of Risks Associated With Speaker Programs. The article discusses the November 16 OIG Fraud Alert discussed in more detail above.
Even throughout the pandemic, Chilivis Grubman attorney Scott Grubman continues to present at healthcare conferences, albeit virtually. This month, he presented at the HCCA's Annual Enforcement Conference. Next month, he will present at the Part B News Reimbursement Summit.
To read all of this month’s client alerts, please visit our website blog by clicking our link below: