Electronic Medical Record Provider Pays $930,000 in First Civil Cyber-Fraud Initiative Settlement

Advertisement

For the first settlement as part of the Department of Justice’s Civil Cyber-Fraud Initiative, DOJ settled a case against medical services government contractor Comprehensive Health Services, LLC (CHS) for $930,000.  This settlement resolves allegations brought forth in two qui tam lawsuits, where four whistleblowers filed suit on behalf of the government under the qui tam provision of the False Claims Act.  Three of the whistleblowers received $15,000, in addition to attorneys’ fees, and one relator received $127,050 for reporting fraud.

“This settlement serves notice to federal contractors that they will be held accountable for conduct that puts private medical records and patient safety at risk,” said the United States Attorney for the Eastern District of New York.

Advertisement

CHS, as part of the medical services they provided to the U.S. government, was paid to implement a secure electronic medical record (EMR) system as part of contracts with the State Department and Air Force at various U.S. consulate and military locations in Iraq and Afghanistan.  The EMR system housed personal health information and medical records for anyone who received medical treatment at the locations CHS served, including U.S. service members, diplomats, officials, and contractors.  According to the allegations, CHS did not consistently store patients’ medical records on the secure EMR system and indeed left scans on a network drive which non-clinical staff could access.

As part of several contracts to which CHS was a party, CHS was supposed to provide medical supplies, including controlled substances subject to U.S. Food and Drug Administration (FDA) or European Medicines Agency (EMA) approval.  According to the allegations, CHS “knowingly, recklessly, or with deliberate ignorance” submitted claims for payment for controlled substances that they obtained by means not sanctioned by these contracts.  Not only did CHS lack a Drug Enforcement Agency license to export controlled substances, but CHS also obtained controlled substances by having their U.S.-based subsidiary request that a South African physician prescribe controlled substances, according to the allegations.  The South African physician prescribed these controlled substances, absent FDA or EMA approval, and a shipping company from the same country imported the substances to Iraq.

Advertisement

Government contractors are supposed to adhere to the terms of their contracts in order to receive reimbursement from the U.S. government.  This medical services provider ignored procurement guidelines to obtain controlled substances, undermining safety controls and misrepresenting their adherence to contract terms in providing medical services to U.S. military personnel.  The DOJ’s Civil Cyber-Fraud Initiative brings the power of the False Claims Act to bear on contractors whose job is to protect sensitive information and critical systems.  Representing that data is secure when it is, in fact, not is a violation of the False Claims Act and constitutes cyber-fraud.  As the Special Agent in Charge of the U.S. Department of State OIG, Office of Investigations noted, “…this outcome will send a clear message that cutting corners on State Department contracts has significant consequences.”

Advertisement

Whistleblowers raised data privacy concerns to CHS, but the contractor failed to implement better cybersecurity protocols in response to their concerns.  The Department of Justice has rewarded its first whistleblowers as part of the Civil Cyber-Fraud Initiative, and they’re just getting started.

© 2022 by Tycko & Zavareei LLP
For more articles about digital health, visit the NLR Health Care Law section.

Published by

National Law Forum

A group of in-house attorneys developed the National Law Review on-line edition to create an easy to use resource to capture legal trends and news as they first start to emerge. We were looking for a better way to organize, vet and easily retrieve all the updates that were being sent to us on a daily basis.In the process, we’ve become one of the highest volume business law websites in the U.S. Today, the National Law Review’s seasoned editors screen and classify breaking news and analysis authored by recognized legal professionals and our own journalists. There is no log in to access the database and new articles are added hourly. The National Law Review revolutionized legal publication in 1888 and this cutting-edge tradition continues today.