Category: Criminal Law

Fifth Circuit Court of Appeals Vacates Its Own Stay Rendering the Corporate Transparency Act Unenforceable . . . Again

On December 26, 2024, in Texas Top Cop Shop, Inc. v. Garland, No. 24-40792, 2024 WL 5224138 (5th Cir. Dec. 26, 2024), a merits panel of the United States Court of Appeals for the Fifth Circuit issued an order vacating the Court’s own stay of the preliminary injunction enjoining enforcement of the Corporate Transparency Act (“CTA”), that was originally entered by the United States District Court for the Eastern District of Texas on December 3, 2024, No. 4:24-CV-478, 2024 WL 5049220 (E.D. Tex. Dec 5, 2024).

A Timeline of Events:

  • December 3, 2024 – The District Court orders a nationwide preliminary injunction on enforcement of the CTA.
  • December 5, 2024 – The Government appeals the District Court’s ruling to the Fifth Circuit.
  • December 6, 2024 – The U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) issues a statement making filing of beneficial ownership information reports (“BOIRs”) voluntary.
  • December 23, 2024 – A motions panel of the Fifth Circuit grants the Government’s emergency motion for a stay pending appeal and FinCEN issues a statement requiring filing of BOIRs again with extended deadlines.
  • December 26, 2024 – A merits panel of the Fifth Circuit vacates its own stay, thereby enjoining enforcement of the CTA.
  • December 27, 2024 – FinCEN issues a statement again making filing of BOIRs voluntary.
  • December 31, 2024 – FinCEN files an application for a stay of the December 3, 2024 injunction with the Supreme Court of the United States.

This most recent order from the Fifth Circuit has effectively paused the requirement to file BOIRs under the CTA once again. In its most recent statement, FinCEN confirmed that “[i]n light of a recent federal court order, reporting companies are not currently required to file beneficial ownership information with FinCEN and are not subject to liability if they fail to do so while the order remains in force. However, reporting companies may continue to voluntarily submit beneficial ownership information reports.”

Although reporting requirements are not currently being enforced, we note that this litigation is ongoing, and if the Supreme Court decides to grant FinCEN’s December 31, 2024 application, reporting companies could once again be required to file. Given the high degree of unpredictability, reporting companies and others affected by the CTA should continue to monitor the situation closely and be prepared to file BOIRs with FinCEN in the event that enforcement is again resumed. If enforcement is resumed, the current reporting deadline for most reporting companies will be January 13, 2025, and while FinCEN may again adjust deadlines, this outcome is not assured.

For more information on the CTA and reporting requirements generally, please reference the linked Client Alert, dated November 24, 2024.

Copyright © 2024, Sheppard Mullin Richter & Hampton LLP.
For more on the CTA, visit the NLR Financial Institutions Banking section

OCR Proposed Tighter Security Rules for HIPAA Regulated Entities, including Business Associates and Group Health Plans

As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security Rule (scheduled to be published in the Federal Register January 6). It looks like substantial changes are in store for covered entities and business associates alike, including healthcare providers, health plans, and their business associates.

According to the OCR, cyberattacks against the U.S. health care and public health sectors continue to grow and threaten the provision of health care, the payment for health care, and the privacy of patients and others. In 2023, the OCR has reported that over 167 million people were affected by large breaches of health information, a 1002% increase from 2018. Further, seventy nine percent of the large breaches reported to the OCR in 2023 were caused by hacking. Since 2019, large breaches caused by successful hacking and ransomware attacks have increased 89% and 102%.

The proposed Security Rule changes are numerous and include some of the following items:

  • All Security Rule policies, procedures, plans, and analyses will need to be in writing.
  • Create, maintain a technology asset inventory and network map that illustrates the movement of ePHI throughout the regulated entity’s information systems on an ongoing basis, but at least once every 12 months.
  • More specificity needed for risk analysis. For example, risk assessments must be in writing and include action items such as identification of all reasonably anticipated threats to ePHI confidentiality, integrity, and availability and potential vulnerabilities to information systems.
  • 24 hour notice to regulated entities when a workforce member’s access to ePHI or certain information systems is changed or terminated.
  • Stronger incident response procedures, including: (I) written procedures to restore the loss of certain relevant information systems and data within 72 hours, (II) written security incident response plans and procedures, including testing and revising plans.
  • Conduct compliance audit every 12 months.
  • Business associates to verify Security Rule compliance to covered entities by a subject matter expert at least once every 12 months.
  • Require encryption of ePHI at rest and in transit, with limited exceptions.
  • New express requirements would include: (I) deploying anti-malware protection, and (II) removing extraneous software from relevant electronic information systems.
  • Require the use of multi-factor authentication, with limited exceptions.
  • Require review and testing of the effectiveness of certain security measures at least once every 12 months.
  • Business associates to notify covered entities upon activation of their contingency plans without unreasonable delay, but no later than 24 hours after activation.
  • Group health plans must include in plan documents certain requirements for plan sponsors: comply with the Security Rule; ensure that any agent to whom they provide ePHI agrees to implement the administrative, physical, and technical safeguards of the Security Rule; and notify their group health plans upon activation of their contingency plans without unreasonable delay, but no later than 24 hours after activation.

After reviewing the proposed changes, concerned stakeholders may submit comments to OCR for consideration within 60 days after January 6, by following the instructions outlined in the proposed rule. We support clients with respect to developing and submitting comments they wish to communicate to help shape the final rule, as well as complying with the requirements under the rule once made final.

Jackson Lewis P.C. © 2024
For more on HIPAA, visit the NLR Health Law Managed Care section

Client Alert Update: Developments in the Corporate Transparency Act Injunction

As we previously reported, a nationwide preliminary injunction against enforcement of the Corporate Transparency Act (CTA) was issued on December 3, 2024. Since our last update, there have been significant developments:

  1. Fifth Circuit Stay and Revival of CTA Enforcement: On December 23, 2024, a three-judge panel of the United States Court of Appeals for the Fifth Circuit stayed the lower court’s preliminary injunction, temporarily reviving the immediate enforceability of the CTA.
  2. Extension of Filing Deadline: Following the Fifth Circuit’s stay, FinCEN announced an extension of the filing deadline for Beneficial Ownership Information Reports (BOIRs) to January 13, 2025, applicable to entities formed before January 1, 2024.
  3. Injunction Reinstated: On December 26, 2024, the Fifth Circuit vacated the three-judge panel’s decision to stay the preliminary injunction. As a result, enforcement of the CTA is once again enjoined, and reporting companies are not currently required to file BOIRs with FinCEN.

Litigation challenging the CTA continues, and further developments are likely as the legal landscape evolves. At this time, we reaffirm our prior guidance:

  • Reporting companies are not currently required to file BOIRs while the injunction remains in effect and will not face penalties for failing to do so.
  • FinCEN continues to accept voluntary submissions for entities that wish to proactively comply with potential future obligations.

Businesses that have already begun preparing beneficial ownership information may wish to complete the process to ensure readiness if the injunction is lifted. We will continue to provide updates on this matter.

© Copyright 2024 Stubbs Alderton & Markiles, LLP
For more on the CTA, visit the NLR Corporate Business Organizations section

FTC Closely Monitoring Healthcare Lead Generators As Open Enrollment Begins

The Federal Trade Commission is watching the healthcare lead generation industry closely.

On December 10, 2024, the Federal Trade Commission announced that it has sent warning letters to 21 companies that market or generate leads for healthcare plans. The letters were sent as open enrollment season for healthcare plans is ongoing. They provide guidance and provide about deceptive or unfair claims that likely violate laws enforced by the FTC.

The letters were sent to companies that provide marketing or advertising, including lead generation, related to Affordable Care Act Marketplace health insurance and healthcare-related products, such as limited benefit plans and medical discount programs.

“It is critical for consumers’ health and financial well-being that marketers of health plans be honest about the plans they and their partners are offering,” said FTC lawyer Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. “The FTC has been watching this important sector closely, especially during open enrollment season, and these warning letters put companies on notice that unlawfully marketing or advertising health plans to consumers can result in serious legal consequences.”

Based on information collected by FTC staff and the agency’s enforcement experience in this area, the types of claims FTC staff has warned about include those that may:

  • misrepresent the benefits included in a healthcare plan, including any insurance benefits;
  • misrepresent that a healthcare plan is major or comprehensive medical health insurance or the equivalent of such health insurance;
  • misrepresent the costs of healthcare plan; and
  • falsely claim that consumers who enroll in a healthcare plan will receive free offers, cash rewards, rebates, or other incentives.

Consult with a season FTC defense lawyer if you are a lead generator or marketer of health insurance leads in order to minimize risk of government scrutiny.

The letters provide examples of prior relevant FTC actions against marketers and lead generators that operate in this field, including Simple HealthBenefytt Technologies, Partners in Healthcare Association, and Consumer Health Benefits Association.

While the letters do not allege any wrongdoing by any of the recipients, they encourage the companies to conduct a thorough review of their advertisements to ensure they are complying with applicable laws and rules, and the letters note that the FTC is closely monitoring this marketplace for unlawful conduct that is harming consumers.

© 2024 Hinch Newman LLP
For more on the FTC, visit the NLR Antitrust Trade Regulation section

OIG Releases Special Fraud Alert About Suspect Payments in Marketing Arrangements Related to Medicare Advantage and Providers

On December 11, 2024, the Office of Inspector General for the U.S. Department of Health and Human Services (“OIG”) issued a special fraud alert warning about certain marketing schemes that involve questionable payments and referrals between Medicare Advantage (“MA”) health plans, health care professionals, and third-party marketers (e.g., agents and brokers) and that can mislead MA enrollees into choosing specific health plans or providers that may not be in the MA enrollees’ best interests or meet their needs (“MA Marketing Alert”). As we have previously advised, special fraud alerts are few and far between—OIG has only issued six in the past 20 years. The importance of the MA Marketing Alert, like its predecessors, should not be taken for granted because it may be instructive as to subsequent enforcement action taken by OIG and/or the U.S. Department of Justice (“DOJ”).

In the MA space, historical enforcement actions taken by both OIG, under their administrative authorities, and DOJ, under the False Claims Act (“FCA”), have related to alleged MA risk adjustment payment inflation schemes. See, e.g., DaVitaSutter HealthBeaver MedicalMartin’s Point, and Cigna. While allegations of this nature continue to be a focus area (e.g., in OIG’s work plans), a light is also now being shone on inappropriate marketing schemes that could violate the Federal anti-kickback statute (“AKS”). And, based on historical empirical data connecting DOJ’s enforcement actions taken subsequent to OIG’s issuance of special fraud alerts, that light may broaden and brighten.

For example, in July 2022, OIG issued a special fraud alert about arrangements involving telemedicine companies. In a footnote, OIG provided three enforcement actions resolved under the FCA as examples of allegedly problematic arrangements. After providing the footnote examples, OIG described bullet-pointed “Suspect Characteristics” that tracked the allegedly inappropriate characteristics of the footnote examples. Since the alert’s issuance, DOJ has recovered millions under the FCA and also criminally charged and convicted many individuals and entities for allegedly submitting or causing the submission of more than $3.1 billion (in 2023 and 2024 pursuant to DOJ’s nationwide takedowns) in allegedly fraudulent Medicare claims resulting from telemedicine schemes.

While the MA Marketing Alert provides footnotes of only two enforcement actions resolved under the FCA as examples of allegedly problematic arrangements, the bullet point list of “Suspect Characteristics” is broader than and reaches beyond the footnote examples. This may signal OIG’s awareness of and current investigations into allegedly inappropriate arrangements relating to “Suspect Characteristics” that have yet to be settled or resolved.

It is possible that there may be forthcoming enforcement actions in these areas. And they may follow the same trend of enforcement actions taken by DOJ relating to telemedicine schemes after OIG’s July 2022 special fraud alert. We also note that the MA Marketing Alert aligns with the Centers for Medicare & Medicaid Services’ recently finalized regulatory updates relating to MA health plan marketing arrangements with agents, brokers, and Third-Party Marketing Organizations, which will be effective January 1, 2025, and prohibit such parties from creating direct or indirect incentives “that would reasonably be expected to inhibit an agent or broker’s ability to objectively assess and recommend which plan best fits the health care needs of a beneficiary.” Proskauer’s Health Care Group will continue to monitor these developments in and provide updates about these areas of scrutiny and enforcement.

© 2024 Proskauer Rose LLP.
For more mon Fraud, visit the NLR Criminal Law Business Crimes section

Corporate Transparency Act— Nationwide Injunction Update and Key Considerations

On December 3, 2024, the U.S. District Court for the Eastern District of Texas issued a nationwide injunction halting enforcement of the Corporate Transparency Act (“CTA”).1 In response, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) confirmed it will comply with the injunction while also appealing the decision. FinCEN also states on its website that reporting companies are not required to file beneficial ownership information during the injunction and will not incur penalties for failing to do so.

For so long as the injunction remains in place, it is safe not to make CTA filings. On the other hand, it is impossible to know whether and when the injunction may be lifted. And if it is lifted, there may be limited time for filings to be made before penalties accrue. Filers who choose not to file now may wish to assemble their information so they are ready to file on short notice should the need arise. We also recommend that filers who do not have particular privacy or other concerns consider filing notwithstanding the injunction to ensure that they are compliant no matter the outcome of the lawsuit.Ultimately, the decision to file is a personal and business decision that will vary by client.

Below are key points to consider:

  1. If you have already applied for a FinCEN Identifier, your sensitive information is already submitted, so there is less risk in proceeding with the filing.
  2. If privacy and business concerns are minimal, consider filing now to avoid a potential rush if the injunction is lifted and filings become due immediately.
  3. For entities formed in 2024 with a non-12/31 filing deadline, consider filing if privacy is less of a concern. Although FinCEN may provide an extension in these situations, penalties remain steep and the outcome is uncertain.

1See Texas Top Cop Shop, Inc., et al. v. Merrick Garland, et al.

2We previously published some advisories on the general application of the CTA and its specific application for those with entities for estate planning purposes and the rules and guidelines are largely unchanged.

Copyright 2024 Goulston & Storrs PC.
For more on the CTA, visit the NLR Corporate Business Organizations section

Federal District Court Issues Nationwide Preliminary Injunction Barring Enforcement of Corporate Transparency Act

In Texas Top Cop Shop, Inc., et al. v. Garland, et al., a federal district court judge issued a nationwide preliminary injunction barring enforcement of the Corporate Transparency Act (“CTA”), finding that the CTA likely exceeds Congress’s powers. Therefore, at present, a reporting company is not obligated to comply with the CTA and the government is enjoined from enforcing the CTA’s reporting requirements. As expected, on December 5, 2024, the government entered a notice of appeal of the preliminary injunction and may still seek a stay of the preliminary injunction pending the appeal. If a stay is granted by the Court of Appeals, the reporting obligations would once again be in effect. The Court of Appeals could also decide to keep the preliminary injunction in place while an appeal is pending.

At this time, companies are not required to file Beneficial Ownership Information (“BOI”) reports, although they are free to do so should they choose. Indeed, the Financial Crimes Enforcement Network (“FinCEN”) issued guidance after the entry of the notice of appeal, stating as much: “In light of a recent federal court order, reporting companies are not currently required to file beneficial ownership information with FinCEN and are not subject to liability if they fail to do so while the order remains in force. However, reporting companies may continue to voluntarily submit beneficial ownership information reports.” (available at https://www.fincen.gov/boi.)

At present, it is unknown how long companies would be given to file if the preliminary injunction is stayed, modified or the law is ultimately upheld. However, FinCEN’s statement suggests that a reasonable extension of time for filing can be expected, though that is not a certainty. Of course, if the CTA is ultimately struck down, no filing would be required.

© 2024 Blank Rome LLP
For more on the CTA, visit the NLR Corporate Business Organizations section

FCA Enforcement & Compliance Digest — Fall 2024 False Claims Act Newsletter

Welcome to the Fall 2024 issue of “FCA Enforcement & Compliance Digest,” our quarterly newsletter in which we compile essential updates on False Claims Act (FCA) enforcement trends, litigation, agency guidance, and compliance tips. We bring you the most recent and significant insights in an accessible format, concluding with our main takeaways — aka “And the Fox Says…” — on what you need to know.

In this Fall 2024 edition, we cover:

  1. Enforcement Trends: Manufacturers challenge AKS intent requirement as reflected in recent denials of OIG Advisory Opinion requests.
  2. Litigation Developments: Implications of Florida judge’s ruling that the FCA qui tam provision is unconstitutional.
  3. Compliance Corner: What health care companies need to know about AI.
  4. ICYMI: Federal Court Permits Investors to Resume Kickback Suit Against Teva

1. Enforcement Trends

Do Violations of the AKS Require a ‘Corrupt’ Intent? Manufacturers Challenge the OIG’s Interpretation of the Statute

In a series of recent lawsuits filed by the pharmaceutical industry against the US Department of Health and Human Services (HHS) Office of the Inspector General (OIG), manufactures are challenging the OIG’s interpretation of the Anti-Kickback Statue (AKS), arguing that violations of the statute require a corrupt intent. While courts have so far ruled in OIG’s favor, should a court accept this argument, the AKS regulatory landscape could be upended, providing health care providers and suppliers the opportunity to develop and implement arrangements that have historically been prohibited by the OIG.

The challenges to OIG’s interpretation of the AKS come in the context of OIG Advisory Opinion requests submitted by the manufacturers (or a related charity) proposing various forms of patient assistance programs under which the manufacturers or their related charities offer financial assistance to patients on the manufacturers’ products. The OIG denied each of the Advisory Opinion requests, finding that the proposed forms of patient assistance would constitute remuneration intended to induce patients to purchase the manufacturers’ drugs in violation of the AKS.

The OIG has consistently reiterated its opposition to manufacturer-operated patient assistance programs, with both the OIG’s 2005 Special Advisory Bulletin: Patient Assistance Programs for Medicare Part D Enrollees and the 2014 Supplemental Special Advisory Bulletin: Independent Charity Patient Assistance Programs noting that manufacturers cannot provide co-pay assistance to federal health care program beneficiaries, as doing so would constitute a kickback. However, the guidance also described the parameters under which independent charities can provide co-pay assistance, including assistance to federal health care program beneficiaries (i.e., Medicare beneficiaries). One of the key factors with respect to the operation of charitable patient assistance programs, is the independence of the charities operating the programs. While the independent charities are primarily funded by manufacturers, to be considered independent for OIG’s purposes, the charities must retain independence from donors. This means the donors cannot influence the design or operation of the patient assistance programs, and the programs cannot favor patients on the donor’s drug (e.g., assistance cannot be contingent upon the patient being prescribed a donor’s drug).

In three separate litigations, Pfizer Inc. v. United States Department of Health and Human ServicesVertex Pharmaceuticals Incorporated v. United States Department of Health and Human Services et al., and Pharmaceutical Coalition for Patient Access v. United States of America et al., manufacturers are challenging OIG’s long-held position that manufacturers cannot provide patient assistance, including co-pay assistance, to federal health care program beneficiaries. In doing so, the goal of the manufacturers is to provide assistance to patients, including co-pay support, either directly or through a charity that is not considered independent by OIG’s standards due to the relationship of the proposed charities to the manufactures and the level of influence by the manufacturers over the proposed charities. In each litigation, the manufacturer or, in the case of the Pharmaceutical Coalition for Patient Access (PCPA), the charity controlled by the manufacturers, is challenging an unfavorable Advisory Opinion issued by OIG concluding that the proposed patient assistance programs would constitute remuneration intended to induce patients to use a particular manufacturer’s products.

Under the arrangements proposed by Pfizer and PCPA, the proposed charities would be funded exclusively by manufacturers and would only provide support to patients on those funders’ drugs. In Pfizer’s Advisory Opinion request, the company proposed two potential co-pay assistance programs: (1) a direct co-pay assistance program and (2) a Pfizer-supported charity co-pay assistance program. Similar to the proposed Pfizer-supported charity co-pay assistance program, PCPA, an organization funded by manufacturers of Part-D-covered oncology drugs, proposed to create its own patient assistance program that would provide co-pay assistance to patients who meet certain qualifying criteria and then invoice each participating manufacturer for “the total amount of cost-sharing subsidies provided to eligible Part D enrollees.”

Vertex’s Advisory Opinion request focused on a proposed “Fertility Preservation Program” under which Vertex would pay fertility providers through a third-party vendor for the treatments provided to patients enrolled in the program. While this proposed program involved coverage of related treatment costs (i.e., the costs of the fertility treatments) rather than coverage of the co-pay costs associated with the Vertex drug itself, OIG nonetheless applied the same reasoning as in the Pfizer and PCPA opinions, concluding that the program would constitute remuneration to the patients in violation of the AKS.

In each litigation, the manufacturer (or, in the case of PCPA, the manufacturer-related charity) is challenging OIG’s position that the manufacturer’s subsidies constitute “remuneration” meant “to induce” patients to purchase manufactures’ products. The manufacturers argue that the AKS criminalizes conduct that “leads or tempts to the commission of crime” through “remuneration” that corrupts medical decision-making, as part of a quid pro quo transaction. In other words, according to the manufacturers, “to induce” requires a corrupt intent. Therefore, because the manufactures’ efforts to assist patients with meeting Medicare co-pay obligations or gaining access to Medicare-covered treatments (or treatments otherwise covered by the federal health care programs) are not done with malice or corrupt intent, such programs would not violate the AKS.

To date, no court has agreed with the manufacturers’ position. While Vertex is still pending trial in the District Court for the District of Columbia, the District Court for the Southern District of New York ruled against Pfizer, noting that “the law is clear that absent an express carve-out, the Anti-Kickback Statute prohibits any remuneration intended to induce someone to purchase or receive a drug or medical service.” Similarly, the District Court for the Eastern District of Virginia ruled against PCPA, concluding that HHS OIG’s “interpretation of the AKS adheres faithfully [to] the statute’s plain text, comports with its context, and does not offend its history.” On appeal, the Second Circuit affirmed the District Court’s decision in Pfizer, finding that an AKS violation does not require “corrupt intent.” Pfizer then appealed to the US Supreme Court, which denied certiorari. PCPA’s case is currently on appeal with the Fourth Circuit.

Should the Vertex court or a court of appeals agree that the statutory terms “induce” and “remuneration” should be construed more narrowly and require a corrupt intent to violate the AKS, AKS regulatory interpretation and much of OIG’s guidance could be called into question. Arrangements that have historically been viewed as suspect by the OIG could be considered compliant to the extent the parties lacked a corrupt intent to violate the law.

And the Fox Says… Ongoing efforts challenging OIG’s statutory interpretation of the AKS demonstrate manufacturers’ interests in narrowing the scope of prohibited activities under the law. Providers and suppliers should continue monitoring the ongoing litigation and any future efforts to challenge OIG’s interpretation of the AKS, as any judicial narrowing of the interpretation could provide opportunities to develop innovative arrangements that may be beneficial to patients. Regardless, developing compliant arrangements to benefit patients can be complicated, and legal counsel can help to ensure you remain apprised of all relevant developments and assist in structuring compliant arrangements.

2. Litigation Developments

What Is the FCA Without Its Qui Player? A Look Into Zafirov’s Future Implications and the Enforceability of the FCA Without a Qui Tam Device

As we previously discussed, a Florida federal district court recently held in Zafirov v. Florida Medical Associates LLC that the FCA qui tam provision is unconstitutional. The court reasoned that a relator who litigates an FCA lawsuit on behalf of the United States is not a properly appointed “officer” under Article II of the US Constitution and, thus, does not have the authority to serve in that position. This article examines several questions: What does FCA enforcement look like without a qui tam device? What questions did Zafirov leave unresolved? And what should one expect in the coming years as this issue is litigated on appeal and among other courts?

Can the government successfully enforce the FCA without a qui tam device? If, in the end, the qui tam provision is voided, that does not spell doom for the FCA. This is because the government still has the authority to file FCA actions itself and could hire many more attorneys to investigate and prosecute them. The government also has other mechanisms to entice whistleblowers to come out of the woodwork and inform it of wrongdoing. For example, recently, the US Department of Justice (DOJ) announced the “Corporate Whistleblower Awards Pilot Program.” This enforcement program compensates whistleblowers who inform the DOJ of original and truthful information concerning corporate misconduct. If the information leads to a successful forfeiture of over $1 million, the whistleblower is compensated. Currently, however, the program does not cover FCA claims. But the DOJ or US Congress could theoretically expand this program, or create a new one, to attract whistleblowers who have information concerning FCA violations. Under such a program, the government’s litigation of FCA claims would not be all that different from what happens currently. Rather than intervene in a meritorious FCA case brought by a relator, the government would file its own case based on information provided by a whistleblower. This would avoid the constitutional pitfalls identified in Zafirov. A post-qui tam landscape will certainly see fewer FCA claims being filed overall, but the government would likely file more FCA claims than it does now.

Still, many questions remain unresolved under Zafirov concerning the extent to which relator suits are constitutionally permissible. In Zafirov, the relator was litigating an FCA suit in which the United States declined to intervene. But what happens if the United States does intervene and takes over the case? Are those suits permissible? Does the relator act as an “officer” if her role is just limited to filing a lawsuit? Could the government get around Zafirov by intervening in more cases? Or are all FCA lawsuits filed by a relator invalid ab initio even if the government intervenes? If so, would Congress have to create a mechanism to appoint a relator as an officer for FCA purposes? In short, it is unclear how broadly Zafirov will be read. On one hand, it could be read to only apply to non-intervened cases. On the other hand, the very act of filing a complaint on behalf of the United States may require a constitutional appointment, and the government’s intervention would not cure that taint. These questions will remain unresolved until they are addressed by the Supreme Court.

Only time will tell what will happen as this issue percolates in the courts. Already, several circuit courts have upheld the constitutionality of the qui tam provisions. In the district courts located in circuits that have not yet addressed this issue, defendants are filing dispositive motions arguing that the relator’s appointment is unconstitutional. Though the decision in Zafirov is currently an outlier, it soon may not be as more courts consider arguments that rely on Zafirov’s reasoning.

And the Fox Says… Zafirov is significant because it may be the first blow to a significant enforcement mechanism on which the government heavily relies. But the qui tam provision’s fate is not set in stone. The relator in Zafirov will almost certainly appeal the decision to the Atlanta-based Eleventh Circuit Court of Appeals. That court’s decision may then be appealed to the Supreme Court. The appeals process for Zafirov may take years before the Supreme Court grants certiorari on the issue (if it does at all). In the meantime, the issue is not going away, and Zafirov is unlikely to be a one-off case. Those who are in the throes of an FCA investigation or litigation should raise this issue as a possible litigation risk or as an affirmative defense. The best possible time to raise this issue amid litigation is on a Rule 12(b)(6) motion to dismiss. Even if a case is past this point, Zafirov supports the position that such an argument is not waived, given that the issue goes to the relator’s very authority to bring the suit. So, defendants litigating a case brought by a relator should raise this issue as soon as possible. We at ArentFox Schiff will continue to monitor developments to help our clients navigate this ever-changing legal landscape.

3. Compliance Corner

AI Under the DOJ Microscope: How Health Care Companies Should Respond

Many companies, including health care companies, have incorporated artificial intelligence (AI) into their business practices. While historically, AI has largely been unregulated, that is starting to change. Recently, state governments have begun regulating the use of AI in the health care setting, as our colleagues summarized here regarding recently passed California legislation requiring health care facilities, clinics, and physician practices in the state to disclose the use of AI in communications regarding patient clinical information. Now, AI has the attention of the DOJ.

This past March, Deputy Attorney General Lisa Monaco indicated the DOJ’s interest in AI, stating at the American Bar Association’s 39th National Institute on White Collar Crime that “fraud using AI is still fraud.” Following Monaco’s statement, in September, the Criminal Division of the DOJ updated its Evaluation of Corporate Compliance Programs (ECCP) guidelines to require DOJ prosecutors to consider whether a company’s compliance program safeguards against misuse of AI or other emerging technologies. As a brief primer, the ECCP is a DOJ document that prosecutors use to evaluate the effectiveness of a corporate compliance program in determining whether to criminally charge a company. The document is published publicly and provides helpful insight into the DOJ’s expectations for companies as they build and implement their corporate compliance programs.

Under the updated guidance, the DOJ emphasizes that companies need to assess AI-related risks as part of their overall enterprise risk management systems. Specifically, a corporate compliance program must consider whether it has specific policies and procedures to prevent “any potential negative or unintended consequences” resulting from the use of AI in its business practices and compliance program. Additionally, a company should proactively conduct risk analyses of its use of AI and mitigate the potential for “deliberate or reckless misuse of technologies” by company insiders. Other key considerations are whether the company trains its employees on the use of AI, whether there is a baseline of human decision-making used to assess AI-generated content, and how the company implements accountability over the use of AI.

In its September update, the DOJ also revised a section of the ECCP, asking whether compliance personnel have access to relevant data sources to allow for “timely and effective monitoring and/or testing” of policies, controls, and transactions. A key consideration is whether the assets, resources, and technology available to compliance programs are comparable to those available elsewhere in the company. An imbalance in access to technology and resources may indicate a compliance program’s inability to detect and mitigate risks, particularly if a business unit is given unfettered access to AI tools while compliance lags behind.

Compliance officers at health care companies should take steps now to ensure that the implementation and use of AI within their organizations do not raise any compliance red flags. Consider the recent Texas Attorney General settlement with Pieces Technologies, a company that markets generative AI products, which resolved allegations that the company made misleading statements regarding the accuracy of its products. As part of the settlement, Pieces agreed to provide more explicit disclosures to customers related to how the company’s products should be used and the potential harm that could result from the products.

Providers using such technologies may encounter data privacy and security risks, including cybersecurity risks such as ransomware and malware attacks, bias and fairness concerns with respect to the training of the AI systems that may result in preference for a particular drug or treatment, and reliability and accountability concerns affecting a health care professional’s ability to provide patient care. With that being said, the DOJ could conduct investigations similar to the Pieces investigation against health care providers that use AI without considering these risks.

To help mitigate the risks associated with AI, including in the event of a DOJ investigation, compliance officers should be involved during all stages of discussions around AI initiatives, including through implementation and use. Compliance officers should ensure their companies have appropriate policies and procedures governing the use of AI once it is introduced to their organizations and provide training to employees both on the AI technology and on the policies governing its use. Finally, compliance officers should ensure they have the necessary access to AI systems to conduct compliance oversight measures. Such oversight measures may include assessing AI-related risks as part of their organization’s annual risk assessment, conducting AI-related auditing, and monitoring to help identify potential issues with the technology as they arise.

And the Fox Says… The DOJ’s AI-focused compliance guidance is a call to action for companies to proactively address the legal and regulatory implications of AI technologies, reminding them that the age of AI requires more than just innovation — it demands robust compliance strategies. Companies that conduct regular risk assessments of their practices must consider the use of AI, update policies and procedures to address its use, provide compliance teams with equal data access, and regularly update training on the lawful use of these technologies. Empowering compliance personnel and working with outside compliance experts to make these regular updates will put a company in a good position to meet these new standards. By embracing these guidelines, companies can mitigate legal and regulatory risks while leveraging the capabilities of AI technologies.

4. In Case You Missed It

Our most popular blog post from the last quarter: Federal Court Permits Investors to Resume Kickback Suit Against Teva.

© 2024 ArentFox Schiff LLP
For more on the FCA, visit the NLR Criminal Law Business Crimes section

BREAKING: Federal Court Enjoins Government from Enforcing Corporate Transparency Act

On December 3, 2024, the U.S. District Court for the Eastern District of Texas granted a nationwide preliminary injunction that enjoins the federal government from enforcing the Corporate Transparency Act (the CTA).

The CTA, which went into effect January 1, 2024, requires “reporting companies” in the United States to disclose information about their beneficial owners — the individuals who ultimately own or control a company — to the Treasury Department’s Financial Crimes Enforcement Network (FinCEN).

A group of six plaintiffs filed a lawsuit in May 2024 claiming that Congress exceeded its authority under the Constitution in passing the CTA. In a 79-page order issued by United States District Judge Amos L. Mazzant, the Court found that the plaintiffs were likely to succeed on the merits of their claims and, although the plaintiffs sought a preliminary injunction on behalf of only themselves and their members, the Court issued a nationwide injunction instead.

The Court’s order states that neither the CTA nor the implementing rules adopted by FinCEN may be enforced and that reporting companies need not comply with the CTA’s upcoming January 1, 2025 deadline for filing beneficial ownership reports.

The Court’s order is a preliminary injunction only and not a final decision. The Court’s order temporarily pauses enforcement of the CTA on a nationwide basis, but enforcement could resume if the Court’s order is overturned on appeal or the Government ultimately prevails on the merits.

© 2024 Foley & Lardner LLP
For more on the CTA, visit the NLR Corporate Business Organizations section

Disregarded Entity Eligibility for the CTA Large Operating Company Exemption

Summary: As discussed in detail below, the Corporate Transparency Act (CTA) provides an exemption to its reporting requirements for certain large operating companies (the Large Operating Company Exemption or “LOC Exemption”). In order to qualify for the LOC Exemption, a reporting company must, among other requirements, “have filed a Federal income tax or information return in the United States in the previous year demonstrating more than $5,000,000 in gross receipts or sales.” Certain reporting companies are “disregarded entities” (DREs) for Federal tax purposes and, as such, do not themselves directly have a Federal tax filing obligation or ability. However, based upon guidance from FinCEN and the IRS, support exists for the proposition that the Federal tax filing of a DRE’s sole individual owner or sole parent entity constitutes the filing referenced in the LOC Exemption, and that a DRE reporting company is not, per se, disqualified from utilizing the LOC Exemption.

* * * * *

Certain business entities may elect (including through default attribution under the Internal Revenue Code, (IRC) to be treated as “disregarded” from their individual owner or parent entity for U.S. federal income tax purposes. Such entities include limited liability companies (LLCs) who have a single member (unless such an LLC has elected on Internal Revenue Service (IRS) Form 8832 to be taxed as a “corporation”), or certain wholly owned subsidiaries of “S-corporations” where the parent S-corporation has made an election (referred to as a “Q-Sub election”) on IRS Form 8869 to treat the subsidiary as a qualified subchapter S subsidiary (QSub), whereby such Q-Sub is deemed to be liquidated (for federal tax purposes only) into the parent S-corporation.

These entities, often referred to simply as “disregarded entities” do not, as a distinct, juridical person, file a federal income tax return per se. Instead, DREs have their taxable income and loss reflected, on an aggregated basis, on the federal income tax return of their individual owner or (direct or indirect) parent entity. In fact, when reporting the taxpayer identification number (TIN) of a DRE on an IRS Form W-9 (Request for Taxpayer Identification Number and Certification), the DRE provides the federal employer identification number (FEIN) of a parent entity or a social security number (SSN) of an individual owner, rather than a TIN of the DRE itself. This is true even if the DRE has filed for, and has received from the IRS, its own FEIN.

Further to this point, some DREs do not, and are not required to, file for their own FEIN. As such, not all DREs possess their own FEIN or other entity distinct TIN.

The Financial Crimes Enforcement Network (FinCEN), in its Frequently Asked Question F.13 issued July 24, 2024, acknowledged this fact as follows:

“An entity that is disregarded for U.S. tax purposes—a “disregarded entity”—is not treated as an entity separate from its owner for U.S. tax purposes. Instead of a disregarded entity being taxed separately, the entity’s owner reports the entity’s income and deductions as part of the owner’s federal tax return. …

Consistent with rules of the Internal Revenue Service (IRS) regarding the use of TINs, different types of tax identification numbers may be reported for disregarded entities under different circumstances:

  • If the disregarded entity has its own EIN, it may report that EIN as its TIN. If the disregarded entity does not have an EIN, it is not required to obtain one to meet its BOI reporting requirements so long as it can instead provide another type of TIN….
  • If the disregarded entity is a single-member limited liability company (LLC) or otherwise has only one owner that is an individual with a SSN or ITIN, the disregarded entity may report that individual’s SSN or ITIN as its TIN.
  • If the disregarded entity is owned by a U.S. entity that has an EIN, the disregarded entity may report that other entity’s EIN as its TIN.
  • If the disregarded entity is owned by another disregarded entity or a chain of disregarded entities, the disregarded entity may report the TIN of the first owner up the chain of disregarded entities that has a TIN as its TIN.

As explained above, a disregarded entity that is a reporting company must report one of these tax identification numbers when reporting beneficial ownership information to FinCEN.i

While the above FAQ is not offered by FinCEN specifically in the context of the LOC Exemption, this FAQ does have important implications for the LOC Exemption. In stating that a DRE is not required to obtain an FEIN merely for purposes of having such a number for purposes of filing a beneficial ownership information report (BOIR) under the CTA, and acknowledging that a DRE may provide a SSN of an individual owner, or an FEIN of a parent entity, in satisfaction of the DRE’s requirement to provide a tax identification number as required in FinCEN’s form for filing BOIRs, FinCEN has recognized that the same TIN required by the IRS to be disclosed on a Form W-9 in respect of a DRE is recognized by FinCEN as an appropriate TIN in respect of the DRE for purposes of such entity’s BOIR filing.

As such, the federal tax return filing associated with such a TIN is, therefore, the tax return associated with the DRE reporting such TIN on its BOIR filing. In other words, the fact that an individual owner or a parent entity has made a prior year’s federal tax return filing, which filing includes the U.S. generated gross receipts or sales of the DRE, should be sufficient to satisfy the DRE’s prior year’s federal tax return filing status with respect to such revenue.

As stated in FAQ F.13 above, “a DRE—is not treated as an entity separate from its owner for U.S. tax purposes…, the entity’s owner reports the entity’s income and deductions as part of the owner’s federal tax return…”

* * * * *

With this background, we next analyze the associated implications to a DRE that may qualify for the LOC Exemption.

For purposes of clarity, the requirements for an entity to qualify for the LOC Exemption is that the entity satisfy all three parts of the following three-part test:

“[A]n entity must have more than 20 full-time employees in the United States, must have filed a Federal income tax or information return in the United States in the previous year demonstrating more than $5,000,000 in gross receipts or sales, and must have an operating presence at a physical office in the United States.”ii

The CTA itself provides more specificity in this regard. The CTA provides that the term “reporting company” does not include any entity that:

“(I) employs more than 20 employees on a full-time basis in the United States; (II) filed in the previous year Federal income tax returns in the United States demonstrating more than $5,000,000 in gross receipts or sales in the aggregate, including the receipts or sales of (aa) other entities owned by the entity; and (bb) other entities through which the entity operates; and (III) has an operating presence at a physical office within the United States.”iii

Although FinCEN has, to date, issued no formal acknowledgment or interpretation with regard to the applicability of the above “revenue prong” specifically in the DRE context, for the reasons outlined above, a reasoned and supported proposition in the DRE situation may be that the “filed Federal income tax or information return” referenced in the LOC Exemption is the federal tax return filing of the reporting company’s individual owner or parent entity, as applicable.

Further to the revenue prong, it appears that if the DRE itself generates U.S. generated gross receipts or sales in excess of five million dollars as reported on the prior year’s federal tax return filing, that the DRE meets the revenue prong of the LOC Exemption. However, based on the above analysis, it may also be a colorable position that the DRE MAY be able to assert that ALL of the U.S. generated gross revenue appearing on the individual owner’s or parent entity’s federal tax return filing may be attributable to the revenue test prong of the LOC Exemption, because all of such revenue is associated with that tax return. This situation is notionally similar to FinCEN’s interpretation that all members of a consolidated corporate taxed group (including each subsidiary) may share in credit for the aggregated gross receipts or sales of the entire group in meeting each of their respective, individual revenue requirements under the LOC Exemption. Here, both the individual and DRE or the parent entity and disregarded subsidiary would be relying upon the same federal tax return, in the individual or partnership tax context.

* * * * *

For purposes of clarity and completeness, we acknowledge a countervailing position espoused by some commentators in the marketplace. That position holds that a DRE is ab initio ineligible to qualify for the LOC Exemption merely because of such reporting company’s status as a DRE (i.e., that it, itself, as a business entity, does not directly cause the filing of its own, independent federal tax return). For the reasons outlined herein, we find this position less compelling than the proposition that disregarded entities have a filed Federal income tax or information return when filed by their individual owner or parent entity.

* * * * *

With respect to exemptions from the reporting obligations under the CTA, each such exemption is “self-executing.” In other words, if an exemption applies to a reporting company, that reporting company has no filing obligation to FinCEN under the CTA. As such, there is no BOIR filing on record documenting that the DRE is relying on its individual owner’s SSN or its parent entity’s FEIN, and, derivatively, the associated federal tax return filing, in establishing compliance with the revenue prong of the LOC Exemption test. We recommend that each DRE making such a reliance-based exemption determination maintain a record of their CTA diligence, analysis and exercise of business judgment made upon a fully informed basis, that underpins the substantiation of the DRE’s satisfaction of all parts of the LOC Exemption test.iv Such substantiation may be needed in the future if FinCEN or one of the DRE’s financial institutions requests substantiation of the DRE’s asserted position that such DRE is not required to file a BOIR under the CTA.

* * * * *

Conclusion. The compliance requirements under the CTA went live on January 1, 2024, and you have only the remainder of this year to take any action to prepare for your compliance position. Now is the time to discuss the CTA with your Polsinelli legal team for guidance.

[i] See FinCEN CTA FAQs F.13 (issued July 24, 2024)(https://www.fincen.gov/boi-faqs)

[ii] See FinCEN CTA FAQs L.7 (issued April 18, 2024)(https://www.fincen.gov/boi-faqs)

[iii] U.S.C. § 5336 (a)(11)(B)(xxi).

[iv] Note that there are other factors of the LOC Exemption that must be met in order to rely on that exemption, and such other factors are required to be met directly by the DRE. This discussion is not intended to suggest that the DRE may rely, for example, on employee counts of affiliated entities or impermissible U.S. physical address locations in qualifying for the LOC Exemption.

© Polsinelli PC, Polsinelli LLP in California
For more on the Corporate Transparency Act, visit the NLR Corporate Business Organizations section