San Diego-based physician Dr. Janet J. Gray and her former medical practice, The Center for Health & Wellbeing, agreed to pay $3.8 million to resolve allegations that they knowingly submitted false claims to Medicare and TRICARE in violation of the False Claims Act (FCA).
Dr. Gray and the Center operated as a “holistic” clinic, claiming to be staffed by physicians, nurse practitioners, naturopathic physicians, chiropractors, acupuncturists and other health professionals. Dr. Gray and her practice offered various alternative treatments such as IV infusion therapy and hormone/supplementation.
The government alleges that from 2012 to 2022, Dr. Gray and the Center submitted false claims to Medicare and TRICARE for services those programs did not cover. Specifically, the government alleged that Dr. Gray and the Center (1) misrepresented the services provided and the rendering provider, including by concealing that the services were provided by non-covered providers such as naturopathic physicians and acupuncturists, (2) improperly billed for services using multiple codes instead of the correct bundle code and (3) billing for medically unnecessary services. In addition to the $3.8 million payment, Dr. Gray is barred from participating in all federal health care programs for five years.
Read the press release here.
Penn State University agrees to pay $1.25 million to resolve FCA claims
Pennsylvania State University will pay $1.25 million to settle allegations that it violated the FCA by failing to meet contractual obligations to implement cybersecurity controls in 15 contracts or subcontractors involving the U.S. Department of Defense (DoD) and the National National Aeronautics and Space Administration (NASA) ).
The government alleges that the Department of Defense and NASA contractually required Penn State to implement cybersecurity controls. Between 2018 and 2023, however, the university failed to adequately develop mechanisms to correct the deficiencies it identified. DoD contracts require contractors to submit cybersecurity assessment assessments demonstrating their compliance with cybersecurity requirements when using covered systems to store or access defense information. The government alleges that Penn State presented results admitting it did not implement certain controls, but misrepresented the dates by which it would implement them. In addition, the government argued that the university ultimately did not follow any action plans to implement these checks. The government also alleged that Penn State did not use an outside cloud service provider that met the Department of Defense’s security requirements when performing certain contracts and subcontracts.
The agreement authorizes a qui tam a lawsuit filed by Matthew Decker, former chief information officer of Penn State’s Applied Research Laboratory. The whistleblower is scheduled to receive a share of $250,000 of the settlement amount. The case is overwritten US ex rel. Decker v. Pennsylvania State UnivNo. 2:22-cv-03895 (ED Pa.).
Read the press release here.
California Home Health Agency and Owner Settle FCA Claims Related to Wage Protection Program Scheme
Allstar Health Providers Inc., a home health agency, and its owner, Maria Chua, agreed to pay $399,990 to settle allegations that they violated the FCA by knowingly obtaining more than one Payday Protection Program loan ( PPP) in violation of PPP rules.
PPP, an emergency loan program administered by the Small Business Administration (SBA) under the Coronavirus Assistance, Relief, and Economic Security (CARES) Act, was intended to ease the burden on small businesses to pay employees and cover other business expenses during the Covid-19 pandemic. Applicants for a PPP loan had to certify their eligibility and compliance with the program rules, including that they will not receive more than one PPP loan before December 31, 2020.
The government alleged that Chua submitted two PPP loan applications for Allstar Health Providers in May 2020. Although each loan application certified that the company would not receive more than one loan before December 31, 2020, Allstar Health Providers claimed , that they obtained and withheld two PPP loans in 2020. The government alleged that Chua and Allstar Health Providers violated the FCA by withholding the second duplicate loan, which harmed the SBA when it purchased the loan guarantee on the duplicate loan.
The settlement resolves legal action brought under the FCA’s whistleblowing regulations. The qui tam the case is overwritten US ex rel. Quesenberry v. 2 Evil Geniuses and others.No. 20-cv-8495 (CD Cal.). The whistleblower, J. Bryan Quesenberry, will receive approximately $60,000 of the settlement amount.
Read the press release here.
Virginia contractor settles FCA’s liability for failure to secure Medicare beneficiary data
ASRC Federal Data Solutions LLC (AFDS), based in Reston, Va., has agreed to pay $306,722 to resolve FCA claims stemming from its storage of unprotected personal information in connection with certain government contracts.
AFDS provided certain Medicare support services under contract with the Centers for Medicare and Medicaid Services (CMS). The settlement resolves allegations that from March 10, 2021, to October 8, 2022, AFDS stored screenshots from CMS systems containing Medicare beneficiary personal information on a subcontractor server without properly encrypting the files to protect them in breakthrough case. The subcontractor’s server was breached by a third party in October 2022, and unsecured screenshots containing Medicare beneficiary information were allegedly compromised during that breach. The government argued that the improper storage of screenshots on the subcontractor’s server violated AFDS’ contractual requirements for cybersecurity, and that CMS’s knowing billing despite these violations rendered AFDS’ claims for reimbursement invalid under the FCA.
In addition to the settlement payment, AFDS waived any right to recover costs to remedy the breach, including at least $877,578 the company incurred to notify beneficiaries and provide credit monitoring. The government acknowledged that AFDS promptly notified CMS of the data breach, worked with CMS to address the impact of the breach, took other corrective measures, and cooperated with the US Department of Justice’s investigation.
Read the press release here.
Additional author: Laura Zell