The Department Of Homeland Security Proposes New Rules Affecting Federal Government Contractors

This week, the Department of Homeland Security (“DHS”) issued three proposed rules expanding data security and privacy requirements for contractors and subcontractors. The proposed rules build upon other recent efforts by various federal agencies to strengthen safeguarding requirements for sensitive government information.  Given the increasing emphasis on data security and privacy, contractors and subcontractors are well advised to familiarize themselves with these new requirements and undertake a careful review of their current data security and privacy procedures to ensure they comply.

  • Privacy Training

DHS contracts currently require contractor and subcontractor employees to complete privacy training before accessing a Government system of records; handling Personally Identifiable Information and/or Sensitive Personally Identifiable Information; or designing, developing, maintaining, or operating a Government system of records. DHS proposes including this training requirement in the Homeland Security Acquisition Regulation (“HSAR”) and to make the training more easily accessible by hosting it on a public website.  By including the rule in the HSAR, DHS would standardize the obligation across all DHS contracts.  The new rule would require the training to be completed within thirty days of the award of a contract and on an annual basis thereafter.

DHS invites comment on the proposed rule. In particular, DHS asks commenters to offer their views on the burden, if any associated with the requirement to complete DHS-developed privacy training.  DHS also asks whether the industry should be given the flexibility to develop its own privacy training.  Comments must be submitted on or before March 20, 2017.

  • Information Technology Security Awareness Training

DHS currently requires contractor and subcontractor employees to complete information technology security awareness training before accessing DHS information systems and information resources. DHS proposes to amend the HSAR to require IT security awareness training for all contractor and subcontractor employees who will access (1) DHS information systems and information resources or (2) contractor owned and/or operated information systems and information resources capable of collecting, processing, storing or transmitting controlled unclassified information (“CUI”) (defined below).  DHS will require employees to undergo training and to sign DHS’s Rules of Behavior (“RoB”) before they are granted access to those systems and resources.  DHS also proposes to make this training and the RoB more easily accessible by hosting them on a public website.  Thereafter, annual training will be required.  In addition, contractors will be required to submit training certification and signed copies of the RoB to the contracting officer and maintain copies in their own records.

Through this proposed rule, DHS intends to require contractors to identify employees who will require access, to ensure that those employees complete training before they are granted access and annually thereafter, to provide to the government and maintain evidence that training has been conducted. Comments on the proposed rule are due on or before March 20, 2017.

  • Safeguarding of Controlled Unclassified Information

DHS’s third proposed rule will implement new security and privacy measures, including handling and incident reporting requirements, in order to better safeguard CUI. According to DHS, “[r]ecent high-profile breaches of Federal information further demonstrate the need to ensure that information security protections are clearly, effectively, and consistently addressed in contracts.”  Accordingly, the proposed rule – which addresses specific safeguarding requirements outlined in an Office of Management and Budget document outlining policy on managing government data – is intended to “strengthen[] and expand[]” upon existing HSAR language.

DHS’s proposed rule broadly defines “CUI” as “any information the Government creates or possesses, or an entity creates or possesses for or on behalf of the Government (other than classified information) that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls[,]” including any “such information which, if lost, misused, disclosed, or, without authorization is accessed, or modified, could adversely affect the national or homeland security interest, the conduct of Federal programs, or the privacy of individuals.” The new safeguarding requirements, which apply to both contractors and subcontractors, include mandatory contract clauses; collection, processing, storage, and transmittal guidelines (which incorporate by reference any existing DHS policies and procedures); incident reporting timelines; and inspection provisions. Comments on the proposed rule are due on or before March 20, 2017.

  • Other Recent Efforts To Safeguard Contract Information

DHS’s new rules follow a number of other recent efforts by the federal government to better control CUI and other sensitive government information.

Last fall, for example, the National Archives and Record Administration (“NARA”) issued a final rule standardizing marking and handling requirements for CUI. The final rule, which went into effect on November 14, 2016, clarifies and standardizes the treatment of CUI across the federal government.

NARA’s final rule defines “CUI” as an intermediate level of protected information between classified information and uncontrolled information.  As defined, it includes such broad categories of information as proprietary information, export-controlled information, and certain information relating to legal proceedings.  The final rule also makes an important distinction between two types of systems that process, store or transmit CUI:  (1) information systems “used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency”; and (2) other systems that are not operated on behalf of an agency but that otherwise store, transmit, or process CUI.

Although the final rule directly applies only to federal agencies, it directs agencies to include CUI protection requirements in all federal agreements (including contracts, grants and licenses) that may involve such information.  As a result, its requirements indirectly extend to government contractors.  At the same time, however, it is likely that some government contractor systems will fall into the second category of systems and will not have to abide by the final rule’s restrictions.  A pending FAR case and anticipated forthcoming FAR regulation will further implement this directive for federal contractors.

Similarly, last year the Department of Defense (“DOD”), General Services Administration, and the National Aeronautics and Space Administration issued a new subpart and contract clause (52.204-21) to the FAR “for the basic safeguarding of contractor information systems that process, store, or transmit Federal contract information.”  The provision adds a number of new information security controls with which contractors must comply.

DOD’s final rule imposes a set of fifteen “basic” security controls for covered “contractor information systems” upon which “Federal contract information” transits or resides.  The new controls include: (1) limiting access to the information to authorized users; (2) limiting information system access to the types of transactions and functions that authorized users are permitted to execute; (3) verifying controls on connections to external information systems; (4) imposing controls on information that is posted or processed on publicly accessible information systems; (5) identifying information system users and processes acting on behalf of users or devices; (6) authenticating or verifying the identities of users, processes, and devices before allowing access to an information system; (7) sanitizing or destroying information system media containing Federal contract information before disposal, release, or reuse; (8) limiting physical access to information systems, equipment, and operating environments to authorized individuals; (9) escorting visitors and monitoring visitor activity, maintaining audit logs of physical access, and controlling and managing physical access devices; (10) monitoring, controlling, and protecting organizational communications at external boundaries and key internal boundaries of information systems; (11) implementing sub networks for publically accessible system components that are physically or logically separated from internal networks; (12) identifying, reporting, and correcting information and information system flaws in a timely manner; (13) providing protection from malicious code at appropriate locations within organizational information systems; (14) updating malicious code protection mechanisms when new releases are available; and (15) performing periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.

“Federal contract information” is broadly defined to include any information provided by or generated for the federal government under a government contract.  It does not, however, include either:  (1) information provided by the Government to the public, such as on a website; or (2) simple transactional information, such as that needed to process payments.  A “covered contractor information system” is defined as one that is:  (1) owned or operated by a contractor; and (2) “possesses, stores, or transmits” Federal contract information.

ARTICLE BY Connie N BertramAmy Blackwood & Emilie Adams of Proskauer Rose LLP

Contracting by Tweet: What Impact Can the New Administration Have on Existing Contracts and Future Awards?

Trump tweets government contractsAmong the many subjects to receive President-elect Trump’s attention in advance of his swearing in on January 20 are venerable defense contractors and their performance of major systems contracts.  The Boeing Company (Boeing) and Lockheed Martin (Lockheed) have both felt the “heat of the tweet” – Boeing for the projected cost of the next generation of presidential aircraft and Lockheed for its F35 Joint Strike Fighter.  The pointed attention has led some to question the authority of a president to alter existing contractual relations or to impact the award of future contracts.  Can a president require contractors to lower prices on existing contracts or direct that future awards not be made to companies that fail to adopt practices the president favors, e.g., retaining jobs in the United States?  A president always has the bully pulpit to pressure high-profile government contractors to “voluntarily” take actions to their detriment and in favor of the government, but what legal tools or contractual remedies are available if a president forces a particular outcome?

The legal obligations of the United States to its contractors, with some exceptions, is little different from the obligations of a buyer in a private contract.  The courts long ago established that the United States as buyer must “turn square corners” when dealing with its contractors.  Maxima Corp. v. United States, 847 F.2d 1549 (Fed. Cir. 1988).  There also exists in every government contract a duty of good faith and fair dealing.  See John Cibinic, Jr., James F. Nagle, Ralph C. Nash, Jr., Administration of Government Contracts 296-314 (4th ed. 2006).  Aspects of government contracts that make them different from commercial contracts, e.g., socio-economic provisions that promote specific government policies, do not alter the basic and implied duties of a buyer to a seller.  The written contract captures the exchange of promises of the parties and embodies all express and implied duties and remedies for their breach.

With this as background, could the new president require that Boeing or Lockheed, for example, unilaterally reduce the prices for their aircraft or face adverse consequences?  First, authority to bind the U.S. Government to contracts, or amendments to contracts, is housed in authorized contracting officers.  See FAR 1.602-1.  Contracting officer authority is delegated from agency heads to government employees considering their experience in government contracting and administration, their education or special training in business administration, law, accounting, engineering, or related fields, their knowledge of acquisition policies and procedures, and their completion of acquisition training courses.  FAR 1.603-2.  Once authority is delegated, contracting officers are to act independently while ensuring that contractors receive impartial, fair and equitable treatment.  See Schlesinger v. United States, 390 F.2d 702 (Ct. Cl. 1968); see also FAR 1.602-1.  While contracting officers can and should look to others for advice, including to higher-ups, see FAR 1.602-2(c) (“Contracting officers shall . . . [r]equest and consider the advice of specialists in audit, law, engineering, information security, transportation, and other fields as appropriate”), the decision of a contracting officer must remain that of the contracting officer.

This is not to suggest that contracting officers are immune to pressure from government officials in influential positions, including the president.  However, contracting officers are bound to apply the law when awarding and administering contracts.  See FAR 1.602-1(b) (“No contract shall be entered into unless the contracting officer ensures that all requirements of law, executive orders, regulations, and all other applicable procedures, including clearances and approvals, have been met”); FAR 1.602-2 (“Contracting officers are responsible for . . . ensuring compliance with the terms of the contract”).  Contracting officers are allowed wide latitude to exercise business judgment which might provide an avenue for a contracting officer to accommodate certain presidential desires but the contracting officer must nonetheless operate within the constraints of the law and the terms of any existing contract.  Id.

The classic tool the government has when it finds an existing contract no longer in its interest is the termination for convenience.  See FAR 52.249-2(a) (fixed price contracts); 52.249-6(a)(1) (cost reimbursement contracts).  What constitutes the government’s “interest” is very broad.  Surely, a contracting officer could find it in the government’s interest to terminate a contract for a major system that the contracting officer deemed, perhaps because of encouragement from the top of the executive branch, to be too expensive.  However, a termination for convenience is not cost free to the government.  Contractors terminated for convenience are entitled to recover their cost incurred to the date of the termination, profit or fee on that cost, and termination settlement expenses.  FAR 52.249-2(g); 52.249-6(h).  In addition, the termination of any contract where there is a continuing requirement is a drastic action.  The government would need to begin a new procurement to satisfy the requirement, conduct the procurement pursuant to law, including obtaining full and open competition unless an exception existed, and begin a program all over again.  Practically, the government is unlikely to take this path because it would be costly and delay ultimate delivery of the system.  Thus a contractor willing to endure the public approbation of being identified with “fraud, waste and abuse” likely can survive simply because the consequences of terminating a contract are so drastic.

An even more drastic government approach would be for the government to terminate an unpopular contract for default.  This would absolve the government of all monetary obligations for the termination.  This may sound exceedingly extreme, but the history of the longest-running and largest termination for default in the Department of Defense’s history, the Navy’s A-12 aircraft, shows that an over-budget contract that became politically unpopular can meet such a fate.

For new contracts, the government has the ability to set requirements and select the awardee.  Could the government establish a requirement that all companies who ship jobs overseas are excluded from government contracting?  Or more subtly, could a bias against such companies infect the selection process?

The out-going Obama Administration in its latter stages liberally used the president’s Executive Order power to implement socio-economic policies for government contractors.  Typically, these policies were ones likely to face opposition in the Republican-controlled Congress.  Using the president’s power over contracting, President Obama issued Executive Orders that led to new requirements on paid sick leave, fair pay and safe workplaces, and LGBT rights.  There seems no reason that the Trump Administration might not attempt this same path to limit awards to contractors who do not fit the Administration’s view of “Making America Great Again.”

Such an attempt might run into problems, however.  The Obama Administration’s Executive Orders affirmatively imposed new social requirements on contractors where those requirements were not prohibited by law or regulation.  A Trump Administration Executive Order prohibiting contract awards to companies who move jobs overseas, for example, might run squarely into the Competition in Contracting Act’s (CICA) mandate for “full and open competition.”  Although CICA contains exceptions to full and open competition, promoting US jobs by discouraging offshoring is not one of them (although awards to inverted domestic corporations are prohibited by statute and regulation, see FAR 9.108-2).

Finally, bias in source selection for new contracts is difficult to detect.  Every selection official, indeed every human, has biases, but as a matter of law, those biases cannot lead to an award inconsistent with solicitation selection criteria.  See FAR 15.303(b)(4).  Unwarranted bias in the procurement process is controlled through the bid protest, a review by a third-party to determine whether a selection authority acted arbitrarily, capriciously, or abusively, or not in conformance with law.  See FAR part 33.  A source selection authority influenced by desires of a new president that were not included in a solicitation could be brought to task through the bid protest process.

The new Administration is not without power to influence government contracting and contractors through the bully pulpit.  From a purely legal standpoint, however, the Administration’s powers are circumscribed by the remedies available to contractors and challenges that prospective offerors can bring through the bid protest process.  We shall see how the Trump Administration proceeds and report further if there are any developments.

© 2017 Covington & Burling LLP

Fair Pay and Safe Workplaces Final Rule Presents Challenges to Government Contractors

fair payLast week, the FAR Council released its Final Rule implementing President Obama’s 2014 Fair Pay and Safe Workplaces Executive Order. At the same time, the U.S. Department of Labor released its Final Guidance on the rule. Contractors need to take action immediately—the Final Rule goes into effect on October 25, 2016.

The proposed rule was issued back in May of 2015 and there has been lots written about it (and more than 10,000 comments and responses submitted). In today’s post, we highlight some of the requirements that may present challenges to contractors. Remember, once the rule takes effect, contractors will be required to report certain details about their labor law violations.

Public Disclosure of Labor Law Violations

Actually, contractors will be required to disclose violations of 14 federal labor laws and executive orders and state equivalents. Those laws range from the Fair Labor Standards Act and the Occupational Safety and Health Act to the Service Contract Act, the Davis Bacon Act and the Family and Medical Leave Act. The E.O.s include E.O. 13658 (Establishing a Minimum Wage for Contractors) and E.O. 1124 (Equal Employment Opportunity). The Final Rule also requires contractors to update their reports every six months. And, all disclosures under the new rule will be public.

Phase-In Periods

That’s probably one of the main takeaways here—the rule will be “phased in” over time. Starting on October 25, 2016, the disclosure requirements will become effective as to prime contracts valued at $50 million or more. By April 25, 2017, those requirements will apply to prime contracts valued at $500,000 or more. Subcontracts are not covered by the rule until October 25, 2017. Initially, the disclosure rules only will look back one year, but that “look back” period will stretch to three years by October 25, 2018.

Paycheck Transparency and Arbitration Restrictions

Starting on January 1, 2017, the “paycheck transparency” provisions take effect. Among other things, starting in 2017, contractors will be required to provide notices to workers about their status as independent contractors and whether they are exempt from overtime pay. Those notices will be particularly problematic for contractors who have not previously focused on proper classification and for all contractors in light of new overtime regulations and DOL’s increased attention to alleged worker misclassifications.

Subcontractor Reporting Directly to DOL

The Final Rule includes one significant change from the proposed rule and requires subcontractors to report directly to the Department of Labor rather than to the prime contractor. The rule also includes a contorted pathway for consideration of subcontractors’ disclosed violations, bouncing from DOL back to the sub and then up to the prime and then to the contracting officer. It remains to be seen how that process will work and if it will work efficiently.

Reporting Does Not Extend to Affiliates

The text of the Final Rule makes it clear that the reporting requirements do not extend to corporate parents, subsidiaries or affiliated companies. Instead, it is limited to the contracting party only.

Perhaps it is a silver lining for prime contractors that they will not be required to report on their subcontractors’ and their own affiliates’ labor law violations. But the new rules contain many new requirements and contractors should get ready now for the implementation to begin on October 25, 2016.

DOJ Announces Dramatic Increase in False Claims Act Penalties

False Claims Act penaltiesOn May 6th, we posted about the possibility that the Department of Justice (“DOJ”) might dramatically increase False Claims Act penalties after the Railroad Retirement Board (“RRB”) nearly doubled the per-claim penalties it imposed under the FCA.  After nearly two months of anticipation, DOJ published an Interim Final Rule yesterday announcing that it intended to increase the minimum per-claim penalty under Section 3730(a)(1) of the FCA from $5,500 to $10,781 and increase the maximum per-claim penalty from $11,000 to $21,563.  These adjusted amounts will apply only to civil penalties assessed after August 1, 2016, whose violations occurred after November 2, 2015.  Violations that occurred on or before November 2, 2015 and assessments made before August 1, 2016 (whose associated violations occurred after November 2, 2015) will be subject to the current civil monetary penalty amounts.

The penalty increases proposed by DOJ are the same as those proposed by the RRB back in May.  The RRB’s increase resulted from a section of the Bipartisan Budget Act of 2015, called the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015 (the “2015 Adjustment Act”), which required federal agencies to update civil monetary penalties (“CMPs”) within their jurisdiction by August 1, 2016.  The 2015 Adjustment Act amended the Federal Civil Penalties Inflation Adjustment Act of 1990—which is incorporated into the text of the FCA—and enacted a “catch-up adjustment.”  Under the “catch-up adjustment,” CMPs must be adjusted based on the difference between the Consumer Price Index (“CPI”) in October of the calendar year in which they were established or last adjusted and the CPI in October 2015.

DOJ last raised the civil penalty amounts under the FCA to their current levels in August 1999, but because the 2015 Adjustment Act repealed the legislation responsible for the 1999 adjustment, DOJ looked back to 1986 when civil penalties were set at a minimum of $5,000 and a maximum of $10,000.  This calculation resulted in a CPI multiplier of more than 215% resulting in the new minimum per-claim penalty of $10,781 ($5,000 x 2.15628) and a maximum per-claim penalty of $21,563 ($10,000 x 2.15628).  Under the 2015 Adjustment Act, the increases are required unless DOJ, with the concurrence of the Director of the Office of Management and Budget, makes a determination to increase a civil penalty less than the otherwise required amount.  As to the FCA civil penalty, as well as scores of other civil penalties under DOJ’s jurisdiction, DOJ declined to seek this exception.

DOJ is providing a 60-day period for public comment on this Interim Final Rule.  Like the rest of the health care industry, we will be watching closely to see if commenters are able to convince the Department to reconsider these astronomical penalty amounts.

©1994-2016 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

OFCCP Reduces Veteran Hiring Benchmark

OFCCPOn June 16th, Office of Federal Contract Compliance Programs, OFCCP, announced that, effective March 4, 2016, the annual hiring benchmark for veterans pursuant to Vietnam Era Veterans’ Readjustment Assistance Act, VEVRAA,regulation is 6.9%.  This is a slight decrease from last year’s 7.0% benchmark.

As part of the release OFCCP clarified that

“Contractors who adopted the previous year’s national benchmark of 7 percent after March 4, 2016, but prior to this announcement may keep their benchmark at 7 percent.”

The agency noted that going forward the effective date for the annual benchmark will match the date the Bureau of Labor Statistics publishes the data from which OFCCP calculates the benchmark.  This usually takes place in March every year.

Jackson Lewis P.C. © 2016

Supreme Court: False Claims Act & Materiality Requirement

False claims act Supreme courtThe U.S. Supreme Court has rendered a unanimous decision in the hotly-awaited False Claims Act case of Universal Health Services v. United States ex rel. Escobar.  This case squarely presented the issue of whether liability may be based on the so-called “implied false certification” theory.  Universal Health Service’s (“UHS) problem originated when it was discovered that its contractor’s employees who were providing mental health services and medication were not actually licensed to do so. The relator and government alleged that UHS had filed false claims for payment because they did not disclose this fact and thus had impliedly certified that it was in compliance with all laws, regulations, etc.  The District Court granted UHS’s motion to dismiss because no regulation that was violated was a material condition of payment. The United States Court of Appeals for the First Circuit reversed, holding that every submission of a claim implicitly represents regulatory compliance and that the regulations themselves provided conclusive evidence that compliance was a material condition of payment because the regulations expressly required facilities to adequately supervise staff as a condition of payment.

The Supreme Court vacated and remanded the matter in a manner that represents a compromise view of implied false certification.

The Court recognized the vitality of the implied false certification theory but also held that the First Circuit erred in adopting the government’s expansive view that any statutory, regulatory, or contractual violation is material so long as the defendant knows that the Government would be entitled to refuse payment were it aware of the violation.

Instead, the Court held that the claims at issue may be actionable because they do more than merely demand payment; they fall squarely within the rule that representations that state the truth only so far as it goes, while omitting critical qualifying information, can be actionable misrepresentations.   Here, UHS and its contractor, both in fact and through the billing codes it used, represented that it had provided specific types of treatment by credentialed personnel.  These were misrepresentations and liability did not turn upon whether those requirements were expressly designated as conditions of payment.

The Court next turned to the False Claims Act’s materiality requirement, and stated that statutory, regulatory, and contractual requirements are not automatically material even if they are labeled conditions of payment. Nor is the restriction supported by the Act’s scienter requirement. A defendant can have “actual knowledge” that a condition is material even if the Government does not expressly call it a condition of payment. What matters is not the label that the Government attaches to a requirement, but whether the defendant knowingly violated a requirement that the defendant knows is material to the Government’s payment decision.

The FCA’s materiality requirement is demanding. An undisclosed fact is material if, for instance, “[n]o one can say with reason that the plaintiff would have signed this contract if informed of the likelihood” of the undisclosed fact.   When evaluating the FCA’s materiality requirement, the Government’s decision to expressly identify a provision as a condition of payment is relevant, but not automatically dispositive. A misrepresentation cannot be deemed material merely because the Government designates compliance with a particular requirement as a condition of payment. Nor is the Government’s option to decline to pay if it knew of the defendant’s noncompliance sufficient for a finding of materiality. Materiality also cannot be found where noncompliance is minor or insubstantial.

Moreover, if the Government pays a particular claim in full despite its actual knowledge that certain requirements were violated, that is very strong evidence that those requirements are not material. The FCA thus does not support the Government’s and First Circuit’s expansive view that any statutory, regulatory, or contractual violation is material so long as the defendant knows that the Government would be entitled to refuse payment were it aware of the violation.

The materiality requirement, stringently interpreted, and the fact that the First Circuit’s expansive view was rejected suggest that the game is far from over and that there still are viable defenses, facts allowing, to cases premised upon the implied false certification theory.

©2016 Epstein Becker & Green, P.C. All rights reserved.

False Claims Act: DOJ Appealing AseraCare Loss

False Claims ActOn May 27, 2016, the US Department of Justice said it will appeal to the Eleventh Circuit its loss in the False Claims Act (FCA) case against hospice chain AseraCare Inc. The government’s decision to appeal comes as no surprise, and it means that the substantial attention this case has received will continue.

As a reminder, this case, U.S. ex rel. Paradies v. AseraCare, Inc., focused on whether AseraCare fraudulently billed Medicare for hospice services for patients who were not terminally ill. AseraCare argued (and the district court ultimately agreed) that physicians could disagree about a patient’s eligibility for end-of-life care and such differences in clinical judgment are not enough to establish FCA falsity.

The government appealed three orders issued by the US District Court for the Northern District of Alabama. We previously posted about each of these three orders.

The first order on appeal is the district court’s May 20, 2015 decision bifurcating the trial, with the element of falsity to be tried first and the element of scienter (and the other FCA elements) to be tried second. The government had unsuccessfully sought reconsideration of this decision.  This is the first instance in which a court ordered an FCA suit to be tried in two parts.

The second order on appeal is the district court’s October 26, 2015 decision ordering a new trial, explaining that the jury instructions contained the wrong legal standard on falsity. This order came after two months of trial on the element of falsity and after a jury verdict largely in favor of the government.

The third order on appeal is the district court’s March 31, 2016 decision, after sua sponte reopening summary judgment, granting summary judgment in favor of AseraCare. In dismissing the case, the court explained that mere differences in clinical judgment are not enough to establish FCA falsity, and the government had not produced evidence other than conflicting medical expert opinions.

The government must file its opening brief 40 days after the record is filed with the Eleventh Circuit. We will be watching this case throughout the appellate process.

© 2016 McDermott Will & Emery

Whistleblower Wins Big in Case that Tests Limits of Confidentiality Agreements

Intimidation Of Whistleblower

Confidentiality agreements are common in corporate America. Many companies require new employees to sign them as part of the hiring process. In some industries like healthcare, privacy policies are elevated to a legal requirement. Can these agreements be used to stop an employee from reporting his or her employer for fraud or turning documents over to an attorney? The answer is “no” but there are some limits on what an employee can take and do with the information. The most recent case to examine the issue comes from the Northern District of Illinois.

On May 9th, U.S. Magistrate Judge Sidney Schenkier dismissed a counterclaim brought by LifeWatch Services against a whistleblower in a federal False Claims Act case.

Matthew Cieszynski was a certified technician working for LifeWatch. His job was to conduct heart monitoring tests. LifeWatch conducts remote heart monitoring testing throughout the United States. Patients can wear heart monitor devices anywhere in the world and have those devices monitored through telemetry. Cieszynski’s job was to look for unusual or dangerous heart arrhythmias. The testing results would be passed to the patients’ cardiologists who use the data to diagnose and treat various heart ailments.

When first hired by the company in 2003, Cieszynski signed a confidentiality agreement that said in part, “you agree that both during your employment and thereafter you will not use for yourself or disclose to any person not employed by [LifeWatch] any Confidential Information of the company…” The agreement also restricted Cieszynski’s ability to access computer systems and records or remove information from the company’s premises.

In 2006, Cieszynski signed a HIPAA confidentiality statement.

Years later, Cieszynski became concerned that LifeWatch was sending some of the heart monitoring work offshore to India in violation of Medicare regulations. He became especially concerned that some of the Indian workers were not properly certified to review and interpret the heart monitoring data.

In 2012, Cieszynski believed that a patient died because of an improper diagnosis made by an unlicensed offshore technician. That is when he became a whistleblower and filed a False Claims Act lawsuit in federal court. In order to file his lawsuit, he provided what he believed were important company documents to his lawyer. Those were later turned over to the government.

Under the Act, complaints are filed under seal and served on the government instead of the defendant. This allows regulators and prosecutors to investigate the merits of the case in secret. Usually the case is unsealed when the government decides to intervene or allow the whistleblower’s counsel to pursue the case. Until unsealed, the whistleblowers identity is not disclosed.

When the complaint was unsealed, LifeWatch Services discovered that Matt Cieszynski was the person who brought the suit.  Their response was to file a counterclaim against Cieszynski for violating his employment agreement and the separate HIPAA nondisclosure agreement.

On May 9th, Magistrate Judge Schenkier dismissed LifeWatch’s counterclaim in a case widely watched by both members of the plaintiffs and defense whistleblower bar.

In dismissing the counterclaims, Judge Schenkier discussed the “strong policy of protecting whistleblowers who report fraud against the government.”

The court recognized the legitimate need for companies to protect confidential information. Those needs must be carefully balanced against the need to prevent “chilling” whistleblowers from coming forward, however.

In deciding that the counterclaim against Cieszynski should be dismissed, the court examined a number of factors. Those include:

  • What was the intent of the whistleblower when taking the documents? Here Cieszynski took them for the sole purpose of reporting what he believed to be fraud. There was no evidence that he sought to embarrass the company.

  • How broad was the disclosure? In this case there was no disclosure to the public or competitors. Cieszynski only provided documents to his lawyer and the the government.

  • The scope of the documents taken from the employer. Although LifeWatch claimed Cieszynski took more documents than were necessary to prosecute his case, the court said it wouldn’t apply hindsight and require a whistleblower to know exactly what documents the government might need. Since the documents were reasonably related to what the government could need, Judge Schenkier elected not to second guess Cieszynski.

There are limits to what a person can take and what he or she can do with those documents. For example, disclosing trade secrets to competitors or releasing sensitive healthcare information to the public will not likely elicit sympathy from the court.

In a case like this, however, courts will give the benefit of doubt to the whistleblower. Especially when there has been no public disclosure and no real harm to the defendant. Although LifeWatch claimed harm, the court found the only harm was the “fees and costs associated with pursuing the counterclaim – which is a self-inflicted wound.”

Corporate counsel should think long and hard before bringing counterclaims against whistleblowers. Not only are courts generally unsympathetic to these challenges, the fee shifting provisions of the False Claims Act can make these cases expensive for the defendants. Under the False Claims Act, defendants must pay the relator’s (whistleblower) lodestar legal fees if the relator prevails.

Article By Brian Mahany of Mahany Law

© Copyright 2016 Mahany Law

FBI’s Choice of Contractors Not as Good as Its Crime Solving/Terrorist Tracking

fbibuilding jedgar hoover.jpgThe FBI is very good at tracking down terrorist threats and catching criminals. It appears, however, that it needs some help in choosing contractors to support its mission.

The FBI wanted a contractor for its Name Check and Freedom of Information Act (FOIA)/Declassification programs. Specifically, the FBI needed personnel to conduct research and to provide analysis and reporting services. The FBI decided to procure these services under the Federal Supply Schedule (FSS) using streamlined procedures. So, the FBI issued a Request for Quotations (RFQ) with these labor categories: research analysts; program managers, general consultants; and legal administrative assistants. That much is clear.

The rest is less clear. Apparently, the FBI selected a contractor that did not have the required personnel. Instead of personnel with experience in paralegal, records management and declassification review, the FBI got personnel with capabilities in the development of business methods and identification of best practices. That’s according to the Government Accountability Office (GAO) decision in US Investigations Services, Professional Services Division, Inc., B-410454.2, Jan. 15, 2015, 2015 CPD ¶ 44.

That case was cited by GAO’s general counsel, Susan A. Poling, recently in the GAO Bid Protest Annual Report to Congress for Fiscal Year 2015. Ms. Poling cited to US Investigations Services as an example of GAO’s Most Prevalent Grounds for Sustaining Protests. GAO notified Congress that “unreasonable technical evaluation” was no. 5 on the list and described the decision as follows: “finding that the agency erred in concluding that the labor categories included on the awardee’s Federal Supply Schedule contract encompassed the requirements of the task order.”

Contractors can learn valuable lessons from this case. First, don’t leave the Government hanging. Make sure the labor categories in your proposal match the categories listed in the Solicitation. If there is not a direct match, make sure you explain how your personnel fit the requirements. For task orders under FSS contracts, the law is clear. All solicited labor categories must be on the successful offeror’s FSS contract. Here, maybe the awardee was surprised that it won. More likely, the awardee just failed to explain what it was offering. That was fatal. If you can’t explain how your labor categories fit the RFQ requirements, maybe you should take a pass on the bid.

For protesters and disappointed bidders, this case demonstrates a solid ground for protest. In truth, you probably already know what your competitors are offering, at least when it comes to FSS contract offerings. A quick check on www.GSAAdvantage.gov after you receive an award notice is always a good idea.

Footnote: Although GAO sustained USIS’s protest, the FBI had overridden the automatic stay of performance. Thus, GAO made alternative recommendations to the FBI. Under one scenario, the FBI could consider awarding the task order to USIS but first it had more work to do. That is because in a different protest GAO had questioned an agency’s affirmative determination of USIS’s responsibility in the face of fraud allegations against USIS’s parent company. So, if the FBI was to select the “next in line” bidder, it would have to be careful that the bidder was eligible to perform the work. Otherwise, it could be back to the drawing board.

Article By Michael D. MaloneyCharles R. Lucy & Diego G. Hunt of Holland & Hart LLP

Copyright Holland & Hart LLP 1995-2016.

Wasn't That Supposed to be Made in the USA?

Made in the USA.jpgDespite the existence of long-standing U.S. laws strongly favoring the purchase of domestic products for use by governmental entities, in governmental programs and particularly the fulfillment of Department of Defense (“DoD”) contracts, a surprising number of companies still attempt to circumvent these laws.  They do so at their own peril.  Recognizing the harm likely to befall American workers as a result, an increasing number of employees and former employees have “blown the whistle” on these practices in recent years and teamed up with the U.S. Government to curtail this trend.

The Buy American Act, 41 U.S.C. §§ 83018305, (“BAA”) was enacted in 1933 under President Hoover as part of New Deal legislation intended to help struggling American depression era companies.  The BAA superseded an 1875 statute that “related to preferential treatment of American material contracts for public improvements.” (1933, Sect. 10).   The law carried with it a very simple idea: require the government to exercise a clear preference for US-made products in its purchases to bolster the American economy.

To this day, the BAA continues to require federal agencies to purchase “domestic end products” and use “domestic construction materials” in contracts exceeding certain dollar amounts performed in the United States. Unmanufactured end products or construction materials qualify as “domestic” if they are mined or produced in the United States. Manufactured products are treated as “domestic” if they are manufactured in the United States, and either (1) the cost of components mined, produced, or manufactured in the United States exceeds 50% of the cost of all components, or (2) the items are commercially available off-the-shelf items.

Exemptions and exceptions to the applicability of the BAA exist. For example, the BAA does not apply if the purchasing agency determines “it to be inconsistent with the public interest, or the cost to be unreasonable.” Furthermore, the U.S. Trade Agreements Act of 1979 authorizes the President to waive any procurement law or regulation that accords foreign products less favorable treatment than that given to domestic products in foreign lands.  Additionally, purchases from Canada and Mexico are exempt from BAA prohibitions under the North American Free Trade Agreement. Other treaties and agreements also limit the BAA.  Despite these, the BAA continues to cast a wide liability net for those that seek to willfully or knowingly circumvent it.

Similar to the BAA, the Berry Amendment was passed in 1941 to promote the U.S. economy through the preferential purchase of certain U.S. goods. The Amendment was eventually codified as 10 U.S.C. 2533a in 2002.  The law prohibits the Department of Defense (“DoD”) from utilizing any funding available to or appropriated by the DoD for the purchase of the following end product items from “non-qualifying countries” unless these items are wholly of U.S. origin: food; clothing; tents, tarpaulins, or covers; cotton and other natural fiber products; woven silk or woven silk blends; spun silk yarn for cartridge cloth; synthetic fabric or coated synthetic fabric (including all textile fibers and yarns that are for use in such fabrics); canvas products, or wool (whether in the form of fiber or yarn or contained in fabrics, materials, or manufactured articles); or any item of individual equipment manufactured from or containing such fibers, yarns, fabrics, or materials; and hand or measuring tools. Noticeably absent from the definition of “qualifying country” are China, Japan, Thailand and Korea- among others.

Congress revised the Berry Amendment for fiscal years 2007 and 2008 with National Defense Authorization Act. The revised statute, 10 U.S.C. 2533b, declares that the DoD is prohibited from acquiring specialty metals or component parts for the use in the construction of aircraft, missile and space systems, ships, tank and automotive items, weapon systems, or ammunition unless the DoD itself acquires those materials directly.  In other words, contractors engaged in the production of these items must use American made specialty metals or require that the DoD obtain these materials and component parts for use in any such fabrication and manufacturing.

Despite the existence numerous limitations with the Buy American Act, Berry Amendment and Trade Agreements Act, as discussed above, the United States Government and private citizen plaintiffs (known as Relators) have recently collaborated in bringing numerous False Claims qui tam actions against companies seeking to profit at the expense of the American Taxpayers. In the majority of these cases, contractors attempted to pass off foreign goods as made in the U.S.A.  Examples of these include: MedTronic (relabeled Chinese devices allegations – $4.4 million settlement); ECL Solutions (conceal country of origin-$1.066 million civil forfeiture); Invacare (wrongfully certified as American Made- $2.6 Million settlement); Staples (foreign made goods- $7.4 million settlement), Office Depot (foreign made goods – $4.75 million settlement) and Office Max (sale of goods not permitted by Trade Agreements Act results in $9.72 million settlement).

According to Justice Department statistics released last week, whistleblowers filed 638 False Claims Act lawsuits in FY2015. Because these cases remain under seal sometimes for years, we do not know how many involved violations of BAA or related laws. We are aware from conversations with the Justice Department of an uptick in these claims, however.

Whistleblowers who bring claims under the False Claims Act can earn up to 30% of whatever the government collects from the wrongdoer. To qualify, one must have original knowledge or information about the fraud. Successful whistleblowers are usually current or former employees but anyone with inside information can file.

Article By Brian Mahany of Mahany Law

© Copyright 2015 Mahany Law