Designed for busy in-house counsel and compliance professionals, this newsletter seeks to bring you up to speed on key federal and state False Claims Act (FCA) developments, with links to primary resources. Each quarter, we will provide key takeaways and discuss some of the most significant false claims topics.

In this second newsletter of 2023, we ask: What are we to make of the Department of Justice (DOJ or the "Department") stats for False Claims activity and the Supreme Court adding a second FCA matter to this term? We report on a pair of cybersecurity matters with notable False Claims connections, review a relator's bid to revive a thrice-dismissed complaint, and bring news of the Connecticut Attorney General's desire to broaden his state's FCA. The answers to these questions and more are here in our April 2023 FCA Update.

Federal

DOJ Releases Statistics For 2022 FCA Settlements and Judgments.On February 7, 2023, the Department announced its 2022 FCA statistics, which included the collection of $2.2 billion in settlements and judgments–a majority of which continue to involve the healthcare industry. While the total financial recovery was down from the prior year, FY 2022 saw 351 FCA settlements and judgments, the second-highest annual total ever. In addition, DOJ initiated the most new FCA matters in almost two decades (296), and the number of qui tam lawsuits filed increased by 9% from last year (652). While healthcare continues to be the basis for most FCA activity, the numbers also reflect DOJ's focus on new enforcement priorities, including violations of cybersecurity requirements in government contracts and grants and COVID-19 fraud. Our February 14, 2023 client alert contains more detailed information on these statistics.

Supreme Court Adds a Second FCA Question for This Term.On January 13, 2023, the Supreme Court granted cert and consolidated two cases from the Seventh Circuit for oral argument on April 18, 2023: U.S. ex rel. Schutte v. SuperValu Inc. and U.S. ex rel. Proctor v. Safeway, Inc. These cases present the question of whether a plaintiff can establish the requisite scienter (i.e., knowledge) where the defendant's conduct was consistent with an "objectively reasonable" interpretation of the law even where that ultimately proved incorrect. In both SuperValu, Inc. and Safeway, the Seventh Circuit applied the Supreme Court's Safeco standard (articulated in a case involving a provision of the Fair Credit Reporting Act) to determine that a defendant has not acted with "reckless disregard," and thus does not have the necessary scienter under the FCA, if its conduct is consistent with an "objectively reasonable" interpretation of an unclear law or regulation without any available "authoritative guidance" to the contrary. The qui tam relators in each case argue that the Seventh Circuit should have applied the subjective standard used in some other circuits to determine whether the defendant actually knew or should have known that it was committing an FCA violation. On February 24, 2023, the Solicitor General filed an amicus curiae brief supporting the relators and urging the Court to reverse the Seventh Circuit's "objectively reasonable" standard. The government argued that the Seventh Circuit incorrectly applied the Safeco standard to the FCA regime on the grounds that the "FCA's scienter standard encompasses circumstances in which persons subjectively believe they are submitting false claims or statements to the government; are subjectively aware of a substantial risk that their claims or statements are false but deliberately avoid taking readily available steps to obtain clarification; or act in reckless disregard of known or objectively obvious facts indicating a high likelihood of falsity." On March 20, 2023, the Supreme Court granted the Solicitor General's request to participate in oral arguments, although the Court afforded the government just 10 minutes to argue–not the 20 it had requested. Thirty-three states and Senator Chuck Grassley have also joined the relators and the Solicitor General in urging the Court to reverse the Seventh Circuit. We expect the Court to issue opinions in this matter and in U.S. ex rel. Polansky v. Executive Health Resources Inc. (resolving a circuit split concerning whether the government can move to dismiss a qui tam case after initially declining to intervene in the suit) before the end of the term in June.

Supreme Court Denies Review of Cost-Sharing Assistance Program.On January 9, 2023, the Supreme Court declined to review a Second Circuit decision that blocked Pfizer from implementing a cost-sharing assistance program. Pfizer had sought to cover out-of-pocket expenses for financially eligible Medicare patients who need tafamidis (sold as Vyndaqel and Vyndamax), the only drug approved by the Food and Drug Administration to treat a rare heart condition. In 2019, Pfizer sought an advisory opinion from the Department of Health and Human Services (HHS) regarding its subsidy program, and in September 2020, HHS advised Pfizer that the program "plainly would" involve prohibited conduct under the Anti-Kickback Statute (AKS) because it would induce Medicare patients to purchase the medication. Pfizer brought a suit to challenge the determination, arguing that they did not violate the AKS because there was no "corrupt intent." The federal courts examined the plain language of the AKS, which prohibits "any remuneration (including any kickback, bribe, or rebate) directly or indirectly, overtly or covertly, in cash or in kind to any person to induce such person . . . to purchase . . . any good, facility, service, or item for which payment may be made in whole or in part under a Federal health care program." Because nothing in the text of the AKS requires a "corrupt intent," the courts sided with the government because the cost-sharing program would persuade or induce Medicare beneficiaries to purchase the drug. The decision by HHS reflects a trend to scrutinize programs associated with high-cost medications and a broader push to enforce cost-control functions within Medicare and other federal programs. Our February 7, 2023 MoFo Life Sciences Blog Post contains a more detailed analysis of this matter.

DOJ Announces Third Civil Cyber-Fraud Settlement.On March 14, 2023, the Department announced the resolution of FCA claims against Jelly Bean Communications Design LLC (Jelly Bean). This marks the third such settlement under DOJ's Civil Cyber-Fraud Initiative, which uses the FCA to "hold accountable" entities and individuals who knowingly: (1) provide deficient cybersecurity products or services; 2) misrepresent their cybersecurity practices or protocols; or (3) fail to monitor and report cybersecurity incidents or breaches. Jelly Bean agreed to settle allegations that it violated the FCA by failing to secure personal information on a Florida children's health website. The state of Florida, using federal Medicaid funds, contracted with Jelly Bean for "website design, programming and hosting services" to aid the state in providing children's health insurance programs. DOJ alleged, however, that Jelly Bean "did not provide secure hosting of applicants' personal information and instead knowingly failed to properly maintain, patch, and update the software systems underlying HealthyKids.org" – an online application used to enter data to apply for state Medicaid insurance coverage for children. In December 2020, hackers accessed over 500,000 applications from the website, potentially exposing personal identifying information and other data. The Jelly Bean settlement follows DOJ cybersecurity settlements in Aerojet and Comprehensive Health Services. As we discussed in our last FCA Newsletter, these enforcement actions and the underlying theory of FCA liability should prompt companies to review their cybersecurity and risk management practices, especially if they receive government contracts or grants and thus have FCA exposure. Such a review is particularly important for healthcare and life science companies whose business includes beneficiaries of federal healthcare programs and who are subject to the various security rules imposed by HIPAA. MoFo can lead clients in developing workable practices consistent with standards set by the Department of Commerce's National Institute of Standards and Technology (NIST) bureau.

Second Circuit Asked to Revive FCA/AKA Suit Challenging Speaker Programs.A relator has asked the Second Circuit to revive an FCA/AKS case that alleges a pharmaceutical company (1) provided improper payments to doctors through "speaker programs" that had little educational value, were poorly attended, paid speakers for canceled events, and chose speakers on the basis of their prescription potential; and (2) found other ways to compensate these physicians, including allegedly improperly outfitting medical offices, improperly producing promotional materials with the physicians' contact information, providing improper billing assistance, and "wining and dining" speakers. On September 13, 2022, U.S. District Court Judge Kimba Wood granted Novartis Pharmaceuticals' motion to dismiss with prejudice after allowing the relator four opportunities to plead his claims with particularity. The court had previously warned the relator that Rule 9(b)'s particularity rule required greater details to establish a kickback scheme through "speaker programs" (e.g., providing a list of the doctors that gave the same presentation to the same group of attendees over short periods of time, and specifically identifying details about the presentation such as the time period, the name of the presentations, the number of repeat attendees, and the amounts received). The relator contends that the dismissal was in error because the district court misapplied the "one purpose" rule, which holds that a company violates the AKS (and thus the FCA) "so long as one purpose of the offer or payment is to 'induce or reward the referral or recommendation of business . . . to a program under which payments may be made from federal funds.'" Notably, however, the district court held that the fundamental flaw in the relator's amended complaint was its failure to plea with particularity any allegations for any fraudulent purpose. We will continue to monitor this appeal as many of our clients engage in "speaker programs" to educate physicians.

State

Connecticut Seeks to Expand FCA Liability.On March 6, 2023, Connecticut Attorney General (AG) William Tong announced legislation that would expand the scope of Connecticut's FCA by removing provisions that currently limit application to state-administered health or human services programs. As a result, the proposed legislation would reach not only the nine health and human services agencies it currently covers, but also more than 100 different state agencies, offices, and quasi-public agencies that spend tax dollars on behalf of the Connecticut state government. AG Tong noted that a majority of states, including New York, Massachusetts, Rhode Island, New Jersey, and Vermont, have broad state FCA statutes resembling federal law. If this legislation passes, expect to see the Connecticut AG enhance the enforcement of FCA matters.

Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP. All rights reserved