Medical Services Contractor Pays $930,000 to Settle False Claims Act Allegations Relating to Medical Services Contracts at State Department and Air Force Facilities in Iraq and Afghanistan
First Settlement by the Department of Justice of a Civil Cyber-Fraud Case Under the Department’s Civil Cyber-Fraud Initiative
Comprehensive Health Services LLC (CHS), located in Cape Canaveral, Florida, has agreed to pay $930,000 to resolve allegations that it violated the False Claims Act by falsely representing to the State Department and the Air Force that it complied with contract requirements relating to the provision of medical services at State Department and Air Force facilities in Iraq and Afghanistan. This is the Department of Justice’s first resolution of a False Claims Act case involving cyber fraud since the launch of the department’s Civil Cyber-Fraud Initiative, which aims to combine the department’s expertise in civil fraud enforcement, government procurement and cybersecurity to combat new and emerging cyber threats to the security of sensitive information and critical systems.
CHS is a provider of global medical services that contracted to provide medical support services at government-run facilities in Iraq and Afghanistan. Under one of the contracts, CHS submitted claims to the State Department for the cost of a secure electronic medical record (EMR) system to store all patients’ medical records, including the confidential identifying information of United States service members, diplomats, officials and contractors working and receiving medical care in Iraq. The United States alleged that, between 2012 and 2019, CHS failed to disclose to the State Department that it had not consistently stored patients’ medical records on a secure EMR system. When CHS staff scanned medical records for the EMR system, CHS staff saved and left scanned copies of some records on an internal network drive, which was accessible to non-clinical staff. Even after staff raised concerns about the privacy of protected medical information, CHS did not take adequate steps to store the information exclusively on the EMR system.
The State Department and Air Force contracts also required CHS to provide medical supplies, including controlled substances, that were approved by the U.S. Food and Drug Administration (FDA) or European Medicines Agency (EMA) and manufactured in accordance with federal quality standards. The United States alleged that, between 2012 and 2019, CHS falsely represented to the State Department and Air Force that certain substances provided under those contracts were approved by the FDA or EMA. CHS lacked a Drug Enforcement Agency license necessary for exporting controlled substances from the United States to Iraq. CHS obtained controlled substances by having CHS physicians based in Florida send letters requesting that a South African physician prescribe the controlled substances. A South African shipping company then received controlled substances that were not approved by the FDA or EMA and sent them to CHS in Iraq, where CHS supplied the unapproved controlled substances to patients under the State Department and Air Force contracts.
“This settlement demonstrates the department’s commitment to use its civil enforcement tools to pursue government contractors that fail to follow required cybersecurity standards, particularly when they put confidential medical records at risk,” said Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division. “We will continue to ensure that those who do business with the government comply with their contractual obligations, including those requiring the protection of sensitive government information.”
“Protecting the health and safety of servicemembers, diplomats, and other government employees working abroad is of utmost importance,” said U.S. Attorney Breon Peace for the Eastern District of New York. “The defendants were required to maintain personal health information securely and provide only approved pharmaceuticals to patients. This settlement serves notice to federal contractors that they will be held accountable for conduct that puts private medical records and patient safety at risk. We are grateful for the support of our colleagues in the Middle District of Florida, the State Department and the Air Force for their assistance in investigating these important claims.”
“Government contractors should never disregard their obligations when providing medical care to members of the military,” said U.S. Attorney Roger B. Handberg for the Middle District of Florida. “We thank our colleagues in the Eastern District of New York, as well as the investigative agencies who supported this effort, for their steadfast pursuit of this important investigation.”
“This settlement demonstrates the commitment State Department, Office of Inspector General, Special Agents have to protect the safety, well-being, and personal information of State Department personnel,” said Special Agent in Charge Elisabeth “Elli” Kaminsky of the U.S. Department of State OIG, Office of Investigations. “Our hope is that this outcome will send a clear message that cutting corners on State Department contracts has significant consequences.”
“The Department of the Air Force Office of Special Investigations (OSI) is undeterred in its approach to hunting down fraud within our Foreign Military Sales programs and ensuring the offenders are held accountable,” said Special Agent in Charge Nicholas J. Groesbeck of OSI Procurement Fraud Detachment 4, Wright-Patterson AFB, OH. “We applaud the complainant for coming forward, which allowed our joint partners to protect the governments procurement process and carry out the warfighting mission.”
The civil settlement includes the resolution of two actions brought under the qui tam or whistleblower provisions of the False Claims Act against CHS. Under the qui tam provisions of the False Claims Act, a private party can file an action on behalf of the United States and receive a portion of the settlement if the government takes over the case and reaches a monetary agreement with the defendant. The qui tam cases are captioned United States ex rel. Lawler v. Comprehensive Health Servs., Inc. et al., Case No. 20-cv-698 (E.D.N.Y.), and United States ex rel. Watkins et al. v. CHS Middle East, LLC, Case No. 17-cv-4319 (E.D.N.Y.).
The investigation and resolution of this matter illustrates the government’s emphasis on combatting cyber-fraud. On October 6, 2021, the Deputy Attorney General announced the department’s Civil Cyber-Fraud Initiative, which aims to hold accountable entities or individuals that put U.S information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches. Information on how to report cyber fraud can be found here.
The resolutions obtained in this matter were the result of a coordinated effort between the Fraud Section of the Commercial Litigation Branch of the Justice Department’s Civil Division, the U.S. Attorney’s Office for the Eastern District of New York, the U.S. Attorney’s Office for the Middle District of Florida, the U.S. Department of State Office of Inspector General and the U.S. Air Force.
The claims resolved by the settlement are allegations only and there has been no determination of liability.