Merle M. DeLancey Jr.
Over the last decade, False Claims Act (“FCA”) litigation has exploded, and actions asserting new theories of liability are resulting in increasingly large recoveries. Last year the U.S. Department of Justice (DOJ) announced that it had recovered $3.8 billion under the federal FCA in FY 2013. From all appearances FY 2014 promises to be another “banner year for civil fraud recoveries,” and the DOJ has already put up impressive numbers, particularly against pharmaceutical and medical device companies, including a massive $2.2 billion settlement with Johnson & Johnson, as well as settlements with Endo Health Solutions Inc. ($192.7 million), Halifax Hospital Medical Center ($85 million), and Amedisys, Inc. ($150 million).
While the DOJ continues to vigorously pursue FCA cases against companies in the health care and other sectors, cash-strapped states are now following suit. State Attorneys General (AGs) have increasingly pursued novel and creative FCA actions, as have private plaintiffs, who are authorized by qui tam provisions to stand in the shoes of states to sue and receive part of any recovery. A driver of this action was the Deficit Reduction Act (DRA) of 2005, which authorized states to receive, in addition to their own recoveries, 10 percent of the federal government’s share of recovered Medicaid funds if their FCAs are at least as robust as the federal FCA. As a result, since 2005 nearly a dozen states have either enacted false claims statutes or have amended existing statutes to make them equally or more robust than the federal FCA, including incorporating qui tam provisions and broadening the circumstances under which companies can be found liable for violations.
For example, late last year, in response to the DRA, New York state amended its FCA (New York State Finance Law § 187, et seq. (NY FCA)), to bring its false claims law more in line with the federal FCA. The New York statute now includes a “reverse false claims” provision that imposes liability as broadly as the federal FCA, providing that a person may be held liable for violating the NY FCA if that person “[k]nowingly conceals or knowingly and improperly avoids or decreases an obligation to pay or transmit money or property to the state or a local government, or conspires to do the same….” (NY FCA § 189(1)(h)). The New York amendments also allow the state, as intervenor in a qui tam case, to relate back to the qui tam plaintiff’s filing date for statute of limitations purposes, expanding the period for which the state can seek recoveries. In addition, the law provides attorneys’ fees for successful qui tam plaintiffs, incentivizing the plaintiff’s bar to partner with the state or pursue their own cases under the NY FCA. Continue reading “State False Claims Act Enforcement Explodes in 2014”
David M. Nadler, David Yang, and Christian N. Curran
Recently, the U.S. District Court for the District of Columbia ruled that a company’s work product created during an internal mandatory disclosure investigation was not protected by the attorney-client privilege or attorney work-product doctrines. During discovery in United States ex. rel. Barko v. Halliburton Co. et al., KBR sought to withhold internal investigation reports relating to alleged fraudulent activities during its performance of the Logistics Civil Augmentation Program (LOGCAP III) contract in Iraq. The ruling casts doubt on whether documents created pursuant to internal investigations are protected by the attorney-client privilege or work-product doctrines and could significantly impact how companies conduct internal investigations, including their mandatory disclosure practices.
The Barko Case
The relator filed his case against KBR under the False Claims Act (FCA) in 2005, alleging that KBR had overcharged the government in a variety of ways under KBR’s LOGCAP III contract. During discovery, the relator requested that KBR produce documents relating to internal audits and investigations of alleged misconduct that was reported by KBR employees under LOGCAP III. KBR asserted that the material was protected by the attorney-client privilege and work-product doctrine. After the relator moved to compel, the court conducted an in camera review of the documents. Continue reading “KBR Ruling Threatens Privilege in Mandatory Disclosure Investigations”
Merle M. DeLancey Jr. and Deborah P. Kelly
In the past two months, three important changes took place that will affect the federal workplace. First, in early February, President Obama signed an Executive Order raising the minimum wage for federal contractors from $7.25 to $10.10. On the heels of that Executive Order, in March, the President signed a memorandum directing the Department of Labor (“DOL”) to “propose revisions to modernize and streamline” the existing Fair Labor Standards Act’s overtime regulations. Finally, three days ago, the DOL’s new federal contract affirmative action regulations took effect—a development we first analyzed in this alert. Below, we summarize these three events and how each could affect your federal contracting business.
I. Obama’s Executive Order Regarding Federal Contractor’s Minimum Wage
With the March Executive Order, President Obama raised the minimum wage for federal contractors. How will this new Executive Order affect your federal contracts? Below, we highlight the critical questions and answers regarding the scope and substance of this new Executive Order. Continue reading “Recent Changes to Federal Employment Regulations”
Justin A. Chiarodo and Daniel A. Broderick
On Wednesday, March 12, 2014, the Department of Defense (DOD) and General Services Administration (GSA) Joint Working Group on Improving Cybersecurity and Resilience Through Acquisition (Working Group) requested public comments on its draft implementation plan (draft plan) for federal cybersecurity acquisition. See 79 Fed. Reg. 14042 (Mar. 12, 2014). The draft plan is the first of several steps toward implementing the recommendations outlined in the Working Group’s recently finalized report on Improving Cybersecurity and Resilience Through Acquisition (summarized here).
As comments are due on April 28, 2014, federal contractors and other stakeholders should act quickly to submit their views on what will have a significant and lasting impact on federal cybersecurity acquisition practices.
The draft plan proposes a repeatable, scalable, and flexible framework for addressing cyber risk in federal acquisitions, and by design, it will affect nearly all contracting entities. The draft plan proposes a “taxonomy” for categorizing procurements so that the government can effectively prioritize those in need of additional resources, attention, and safeguards. As proposed, the taxonomy is modeled on Federal Information and Communications Technology (ICT) acquisitions—though the Working Group has asked whether this framework is a workable model for the categorization of all acquisitions. The Working Group would use the ICT framework to categorize all acquisitions that present cyber risk, after which it would separately assess the risks within each category. Categories that present greater cybersecurity risk (based on threats, vulnerabilities, and impacts) would receive more and faster attention in acquisitions. The taxonomy is, in our view, the most significant new development in the draft plan, as it will serve as the principal basis for categorizing the extent of cyber regulations for procurements. This aspect of the plan accordingly warrants particularly close attention. Continue reading “DOD and GSA Seek Comments on Draft Cybersecurity Implementation Plan”
The issue of counterfeit electronic parts in the Department of Defense (DOD) supply chain has taken center stage in recent years given the performance and security concerns that such parts can pose. Hearings before the Senate Armed Services Committee in November 2011 revealed an “open and notorious” counterfeit parts industry and led to the inclusion of Section 818 in the FY 2012 National Defense Authorization Act (NDAA), which was enacted on December 31, 2011. Section 818, which was further amended by the 2013 NDAA, requires the DOD to implement regulations to define, identify, and prevent the use of counterfeit electronic parts in DOD procurements as well as limit the allowability of costs to replace, rework, or take other corrective action in connection with such parts. Notably, the risks and costs associated with these requirements will largely be placed on contractors.
Although final regulations have yet to be issued, the DOD issued proposed rules on May 16, 2013 and December 3, 2013 for industry consideration. As issued, however, the proposals, which raise more questions than they answer, place significant cost and performance risks (including breach, termination, and perhaps even false claims liability) on covered contractors and will almost certainly and significantly increase compliance costs. Continue reading “The DOD Gets Serious About Supply Chain Integrity”
Justin A. Chiarodo and Daniel A. Broderick
On January 23, 2014, the Department of Defense (DoD) and General Services Administration (GSA) Joint Working Group on Improving Cybersecurity and Resilience Through Acquisition (Working Group) submitted its eagerly anticipated final report on integrating cybersecurity requirements into all federal procurements. This report, which satisfies Executive Order (EO) 13636 and Presidential Policy Directive (PPD) 21, includes recommendations on the increased use of cybersecurity standards in all federal acquisition activities, including strategic planning, capabilities needs assessment, systems acquisitions, and program and budget development.
The final report is perhaps most notable as another step toward an era where most every government contractor must satisfy baseline cybersecurity requirements. While the final report does not provide explicit guidance on the details of creating such a new procurement environment, in light of recent, imminent and forthcoming government activity, including the final rule imposing cybersecurity and reporting obligations on DoD contractors (issued November 18, 2013 and summarized here), the upcoming final cybersecurity framework of the National Institute of Standards and Technology (NIST) (to be released in mid-February), and the forthcoming final rule governing the safeguarding of government contractor information systems (likely finalized next year), we view this final report as a bellwether. Government contractors who ignore the final report and the course it has set do so at their own peril. Continue reading “DoD and GSA Issue Final Report on Improving Cybersecurity and Resilience through Acquisition”
Justin A. Chiarodo and Daniel A. Broderick
Last November, the U.S. Department of Defense (DoD) issued a final rule imposing enhanced cybersecurity and reporting obligations on contractors and subcontractors with information systems containing unclassified controlled technical information (UCTI). 78 Fed. Reg. 69273 (Nov. 18, 2013). UCTI is defined to mean technical information with a military or space application that is subject to controls on its access, use, reproduction, modification, performance, display, release, disclosure, or dissemination.
The final rule adds a new subpart (224.73) and corresponding contract clause (252.204-7012) to the Defense Federal Acquisition Regulation Supplement (DFARS), and together they direct contractors that handle UCTI to (1) implement enhanced safeguards and (2) report and investigate certain incidents affecting such information.
This final rule implements one part of the broader and more controversial proposed rule, published in June 2011. 76 Fed. Reg. 38089 (June 29, 2011). That rule, which proposed substantial compliance obligations for protection of unclassified information, applied to a larger class of nonpublic information, including nonpublic information either provided by or on behalf of the DoD or collected, developed, received, or transmitted in conjunction with the contractor’s support of an official DoD activity. Unlike the proposed rule, however, this final rule is narrower in scope because it concerns only a single category of data: UCTI. Continue reading “Final DFARS Rule Imposes New Cybersecurity and Reporting Obligations”