in disclosures and reporting purportedly impacted by data security; (2) the Federal Trade Commission for violations of Section 5 of the Federal Trade Commission Act 23 related to consumer protection; (3) HHS for violations of HIPAA privacy and security rules; and class action suits brought by patients and other individuals, or state attorneys general pursuant to state privacy, security; and/or (4) consumer protection laws. OPIOID ENFORCEMENT Amidst the pandemic, combating the opioid epidemic remains a major enforcement priority for the government, as DOJ has noted the ongoing opioid epidemic seems to have been “exacerbated by the pandemic.” 24 Attorney General Garland has acknowledged that “[a]gainst the backdrop of the COVID-19 pandemic, the nation is experiencing a precipitous rise in opioid and stimulant misuse and overdoses.” 25 According to the Centers for Disease Control and Prevention, “there were an estimated 100,306 drug overdose deaths in the United States during the 12-month period ending in April 2021, an increase of 28.5% from the 78,056 deaths during the same period the year before.” 26 In response, DOJ has committed to “employ every tool at our disposal to address the opioid addiction crisis” and has promised to “aggressively prosecute anyone who is illegally peddling
CYBER FRAUD ENFORCEMENT RISK In October 2021, DOJ announced a new Civil Cyber-Fraud Initiative to pursue FCA liability against government contractors in the cybersecurity space. The initiative seeks to “hold accountable entities or individuals that put U.S. information or systems at risk by knowingly
providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.” 20 The Civil Cyber-Fraud Initiative follows several significant cyberattacks, which are only becoming more prevalent. The new initiative is the first formal step DOJ has taken to combat attacks by focusing on the preventative cybersecurity efforts of government contractors. The implications for healthcare entities are noteworthy. Health Insurance Portability and Accountability Act (HIPAA) covered entities and business associates are already subject to
In October 2021, DOJ announced a new Civil Cyber-Fraud Initiative to pursue FCA liability against government contractors in the cybersecurity space.
opioids for profit.” 27 While the primary target of DOJ’s opioid enforcement actions has been pharmaceutical companies, DOJ has committed to investigating those in the opioid distribution chain, including pharmacies, clinics and individual doctors who prescribe and dispense unnecessary opioids. 28 In its 2021 annual healthcare fraud takedown, DOJ announced that it brought opioid-related charges against 19 defendants, including several medical professionals, who had prescribed over 12 million doses of opioids and submitted $14 million in false billings. 29 Although criminal enforcement actions have often been the focus of DOJ opioid enforcement efforts, DOJ’s Civil Division has also used multiple tools at its disposal,
a complex web of privacy and security requirements. But, the Civil Cyber-Fraud Initiative raises additional enforcement concerns to healthcare entities with the statutory threat of treble damages and staggering statutory penalties under the FCA. Moreover, the initiative is likely to encourage whistleblowers to be more creative and aggressive in bringing qui tam suits under the FCA in asserting that companies are not honoring their cybersecurity obligations. Indeed, some whistleblower practice groups have already put out calls to arms, and Acting Assistant Attorney General Boynton highlighted the role of whistleblowers in his address at the Cybersecurity and Infrastructure Security Agency (CISA) 4th Annual National Cybersecurity Summit. 21 Boynton noted DOJ’s reliance on the “inside information” of whistleblowers and their “new and evolving fraud schemes that might otherwise remain undetected.” 22 DOJ has pointed to at least three “common cybersecurity failures” that could result in FCA enforcement: (1) knowing failures to meet cybersecurity standards; (2) knowing misrepresentations of security controls and practices; and (3) failing to timely report suspected breaches, which DOJ views as critical for government agencies to respond, remediate any vulnerabilities, and limit the resulting harm. Additionally, investigations related to cybersecurity can lead to investigations and enforcement actions by other state and federal agencies and litigation, including: (1) U.S. Securities and Exchange Commission investigations related to the accuracy of information 20 https://www.justice.gov/opa/pr/deputy-attorney-general-lisa-o-monaco-announces-new-civil-cyber-fraud- initiative. 21 https://www.natlawreview.com/article/calling-all-cybersecurity-whistleblowers-doj-wants-you-to-report- cyber-fraud. 22 https://www.justice.gov/opa/speech/acting-assistant-attorney-general-brian-m-boynton-delivers-remarks- cybersecurity-and.
Amidst the pandemic, combating the opioid epidemic remains a major enforcement priority for the government, as DOJ has noted the ongoing opioid epidemic seems to have been “exacerbated by the pandemic.”
23 https://www.ftc.gov/news-events/media-resources/protecting-consumer-privacy/privacy-security- enforcement. 24 https://www.justice.gov/opa/speech/acting-assistant-attorney-general-brian-m-boynton-delivers-remarks- federal-bar. 25 https://www.justice.gov/opa/pr/department-justice-awards-more-300-million-fight-opioid-and-stimulant- crisis-and-address. 26 https://www.justice.gov/opa/pr/department-justice-awards-more-300-million-fight-opioid-and-stimulant- crisis-and-address. 27 https://www.justice.gov/opa/video/assistant-attorney-general-kenneth-polite-jr-delivers-remarks-health- care-enforcement. 28 https://www.justice.gov/opa/speech/acting-assistant-attorney-general-brian-m-boynton-delivers-remarks- federal-bar. 29 https://www.justice.gov/opa/pr/national-health-care-fraud-enforcement-action-results-charges-involving- over-14-billion.
ISSUES TO WATCH BASS, BERRY & SIMS | 5
Powered by FlippingBook