FraudEarlier this month, the Department of Justice (“DOJ”) released its statistics on civil fraud enforcement actions for the 2021 fiscal year (which ended September 30, 2021). In total, DOJ hauled in more than $5.6 billion in judgments and settlements from civil fraud and False Claims Act (“FCA”) cases, the second largest total ever, and the largest total since 2014.

Healthcare and Procurement Fraud Made Up the Lion’s Share of Recoveries in 2021

Healthcare and procurement fraud were far and away the leading areas of focus for DOJ.  Approximately 96% of fraud judgments and settlements obtained by DOJ related to fraud in health care programs such as Medicaid, Medicare, and TRICARE.  DOJ particularly targeted fraudulent arrangements for unnecessary medical services and schemes that inappropriately profited off the opioid epidemic. For instance, in October 2021, Purdue Pharma LP and DOJ reached a $2.8 billion agreement to resolve both criminal and civil claims related to the company’s marketing and sale of opioid drug treatments.

Procurement fraud recoveries, on the other hand, totaled nearly $120 million.  DOJ continued the recent trend of pursuing contractors and subcontractors of all sizes for conduct such as falsifying pricing data, providing non-compliant goods and services, and illegal kickbacks.

COVID-Related and Cyber-Fraud Are Likely to Be Priorities in 2022 and Beyond

The DOJ press release accompanying the statistics revealed that, in addition to healthcare fraud and procurement fraud, COVID-related and cyber-fraud will be among DOJ’s top priorities going forward.  In 2021, DOJ weaponized the FCA to bring actions against individuals and small businesses that improperly applied for or misused loans granted through the Payment Protection Program (“PPP”).  The press release affirmed that the Department will continue to go after those who took advantage of the program, stating that DOJ is working “with various Inspector Generals and other agency stakeholders to identify, monitor and investigate the misuse of critical pandemic relief monies.”

In October 2021, DOJ announced the Cyber-Fraud Initiative in response to President Biden’s executive order committing the federal government to shore up its cybersecurity vulnerabilities.  At the time, the Department said that it intended to use the FCA to prosecute contractors “that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”  February’s press release was a stark warning that DOJ will continue instituting enforcement actions against contractors that fail to meet cybersecurity obligations imposed under government contracts.

Strong Compliance Programs are Necessary Now More than Ever  

Regardless of where DOJ aims its enforcement efforts in 2022, robust and effective compliance programs are of the utmost importance for any government contractor or other organization that receives government funding.  The strongest compliance programs include educational components that train employees on how to spot fraud, written policies for reporting and investigating suspected fraud, and the appointment of knowledgeable compliance officers to administer and oversee the programs.

As the old adage goes, an ounce of prevention is worth a pound of cure.  Compliance programs are not only vital for reducing the risk that organizations will engage in conduct that constitutes an FCA violation or other type of fraud, the existence of such a program is a key mitigation factor when assessing an organization’s ultimate liability after an enforcement action commences.  A strong compliance program could be the only thing that saves your organization from having to pay a business-ending judgment or settlement.

courthouseIn the spirit of the new year, we offer a review of the first five years of the Defend Trade Secrets Act (“DTSA”). The DTSA, 18 U.S.C. § 1831 et seq., was signed into law on May 16, 2016. It provides for a federal civil cause of action for trade secret misappropriation and criminal penalties for theft of a trade secret and what the statute calls “economic espionage” – theft of a trade secret knowing or intending to benefit a foreign government, instrumentality, or agent. In 2018, the Department of Justice (“DOJ”) rolled out its “China Initiative” and focused on prosecution of individuals stealing trade secrets to benefit the Chinese government. Notwithstanding this well-publicized initiative, the DTSA reaches much further – and much closer to home – than prosecuting Chinese nationals, agents, and ex-pats. In fact, some of the DTSA’s swiftest mechanisms for recovering stolen trade secrets, which are rarely invoked, are some of its most powerful.

Domestic Prosecutions Are Possible

The DTSA, assuming other criteria are met, criminalizes theft of a trade secret that “is related to a product or service used in or intended for use in interstate in foreign commerce . . . .” 18 U.S.C. § 1832(a).  While the DOJ has prosecuted international theft of trade secrets, like in the case of the China Initiative, the statute applies to domestic theft of trade secrets if the trade secret is used in even interstate commerce. Essentially, theft of a trade secret used in a multistate domestic company could constitute a federal criminal offense.

These domestic prosecutions are rare but have occurred. The DOJ’s Justice Manual states that prosecutors should consider the following factors:

(a)        the scope of criminal activity, including evidence of involvement by a foreign government, agent, or instrumentality;

(b)       the degree of economic injury to the trade secret’s owner;

(c)        the type of trade secret misappropriated;

(d)       the effectiveness of available civil remedies; and

(e)        the potential deterrent value of prosecution.

These factors make clear that domestic prosecutions for theft of trade secrets ordinarily must have an international threat tied to them, and the trade secret must be significant.

For example, in U.S. v. Cariani,[1] the defendant was employed by a defense contractor that made computer programs used by planes in the War in Terror in Afghanistan and commercially to land aircraft in low visibility situations. The defendant had a “secret” level security clearance and, before leaving the company’s employment, downloaded approximately 12,000 files related to the software to personal USB devices. The defendant was arrested, and authorities searched his devices and questioned him. Ultimately, Cariani pled guilty to theft of trade secrets under the DTSA. But this is just one rare domestic prosecution among dozens of prosecutions of international agents.

The last five years have shown that, while the DOJ has the tools to prosecute domestic theft of trade secrets, it has been reserved for sophisticated secrets with potential international reach. However, as the nation’s economy grows more dependent on protecting intellectual property rights, and as the world becomes further interconnected, a growing number of trade secrets have an international connection. Therefore, it is safe to say that the DOJ’s domestic trade secret prosecutions could increase in the years to come.

Forfeiture of Trade Secrets

The DTSA’s seizure provision is potentially one of its most potent. While prosecutors can execute search warrants to seize evidence, the DTSA empowers civil litigants to use law enforcement to seize media containing trade secrets as well. The civil seizure mechanism is rarely utilized but could pave the way for greater government involvement in trade secret prosecutions.

Ordinarily, a temporary restraining order or preliminary injunction could provide for emergency relief for civil seizure of stolen property. However, in rare occasions where an alleged offender is likely to disregard a court order and the alleged offender will “destroy, move, hide, or otherwise make” the stolen information inaccessible, in addition to other requirements, an applicant can seek seizure of the media containing the alleged trade secrets. The court may grant an application for civil seizure and order federal law enforcement to seize the media containing alleged trade secret information. Upon seizure, law enforcement provides the media containing alleged trade secret information to the court for safekeeping during the pendency of litigation. The procedure detailed in 18 U.S.C. § 1836 additionally describes requirements to keep the seizure confidential from public disclosure.

The civil seizure is a powerful weapon for civil litigants. It is an ex parte procedure – the defendant is not told that the application has been made to the court. If successful, the civil seizure operates like a seizure warrant for the allegedly stolen trade secrets, and the fact of seizure is maintained confidentially as well. Although the requirements of the civil seizure largely reflect those of the ordinary civil equitable remedies, including a showing of irreparable harm, it could be argued that the seizure procedure is more fit to protect trade secret disclosure; a defendant has no notice of the seizure before it occurs.  In contrast, temporary restraining orders or preliminary injunctions require at least an attempt to notify a defendant that the plaintiff is requesting equitable relief.

The civil seizure also involves law enforcement in the case at the very outset. The DOJ has asked private entities who face trade secret theft to report the theft to the DOJ if they require the DOJ’s assistance in “leverag[ing] [its] collective response expertise, apply[ing] [its] knowledge of cyber threats, preserv[ing] evidence, and us[ing] [its] combined authorities and capabilities to minimize asset vulnerability and bring malicious actors to justice.” As a plaintiff, civil seizure allows the DOJ to leverage that expertise and knowledge early. As a defendant, civil seizure puts a litigant on notice that the matter might soon be reported to the DOJ and that an otherwise civil matter may require a more exacting response to avoid or mitigate government prosecution.


Five years ago, the DTSA unified federal law with respect to trade secret misappropriation claims. Since its enactment, the DOJ has taken aim at foreign nationals, agents, and instrumentalities – most of them related to China – to protect American trade secrets. However, significant domestic assets have also been protected by prosecution. One way the DOJ could become involved early on in a trade secret misappropriation case is through the civil seizure provision of the DTSA which empowers civil litigants to petition the court to involve federal law enforcement to seize media purportedly containing stolen trade secrets. As the DTSA becomes more firmly rooted in American law and as the economy relies more heavily on trade secret information, expect domestic prosecutions and use of civil seizure to increase.

[1] No. 3:17-cr-00062-LRH-CBC (D. Nev.).

moneyIn October, the annual “SEC Speaks” event took place, where the SEC Chair, Commissioners, senior leaders and other staff provided public remarks and updates on the initiatives and priorities of the agency.  One of the speeches was given by Gurbir Grewal, the new SEC Director of the Division of Enforcement.  Director Grewal’s speech focused on a decline of public trust in financial institutions and markets and identified several policy changes the SEC would be implementing to restore that trust.

Significantly, Director Grewal announced that the SEC will be requiring “admissions” from wrongdoers “in appropriate circumstances.”  This is not the first time the SEC has required admissions of wrongdoing, but it is helpful to review the SEC’s past policies to understand why Director Grewal’s statement is significant.  For many years, the SEC would settle cases without requiring any specific admission of wrongdoing and these settlements would contain language reflecting that the individual or corporation “neither admits nor denies” any wrongdoing.  During the Obama administration, the SEC shifted its settlement requirements and required admissions of wrongdoing in significant or egregious cases or where there were parallel criminal proceedings.  But, under the Trump administration, the SEC reverted back to previous policy.

The return to requiring admissions of wrongdoing announced by Director Grewal appears to be broader than any of the SEC’s previous policy requirements.  Director Grewal vaguely stated that admissions would be required “in appropriate circumstances . . . in cases where heightened accountability and acceptance of responsibility are in the public interest.”  It remains to be seen how broadly this policy will be applied, but it bears noting that Director Grewal did not place any limits on its use.

This is an important shift.  Admissions of wrongdoing matter, as they are legally binding admissions that an individual or corporation violated the law made before a government regulator.  An admission is unambiguous, unlike the commonly seen language that “neither admits nor denies” allegations.  And these admissions of wrongdoing can have additional, collateral implications.

For example, an admission that an individual or entity “knowingly” violated the securities laws can have consequences with other regulatory agencies (e.g., the Office of Comptroller of Currency, the Federal Reserve, the Department of Defense) or self-regulatory organizations (e.g., FINRA, NYSE, Nasdaq, CFE, CME).  It could also be used against the individual or entity in civil litigation, not least in securities’ class actions.  An admission of illegal behavior could trigger an exclusion in a D&O insurance policy that would deny coverage to an otherwise covered individual or entity.  Simply put, these collateral consequences must be considered when potentially agreeing to admissions of wrongdoing with the SEC in order to resolve a matter.

Director Grewal made several other noteworthy pronouncements.  First, he indicated that the SEC would increasingly impose another existing enforcement remedy—the officer and director bar which excludes an individual from acting as an officer or director of a public company—where there are admissions of wrongdoing.  Second, he related that the SEC would heavily rely on other “tools” at its disposal, such as injunctions and undertakings, in order to enforce compliance with securities laws.  Third, he noted that SEC staff would be more empowered in their enforcement, meaning that individual or corporate targets of enforcement efforts will have less opportunity to appeal adverse decisions to the SEC’s more senior attorneys and potentially leading to divergent enforcement decisions, priorities, and policies.

In short, Director Grewal’s remarks indicate what many have expected—that the SEC may ramp up its enforcement efforts and do so with more “teeth.”


moneyOn June 3, 2021, the Supreme Court issued its opinion in Van Buren v. United States, Case No. 19-783. Van Buren is a former police sergeant from Georgia. Relevant to the case, Van Buren accepted money to use his patrol car computer to access a database and retrieve information about a license plate. He was indicted and convicted for violating the Computer Fraud and Abuse Act of 1986, or the “CFAA.” His appeal eventually reached the United States Supreme Court who reversed his conviction and held that the government read the CFAA too expansively to convict Van Buren. Resultingly, the Court restricted the CFAA’s scope of liability which could make computer crimes more difficult to prosecute or pursue civilly unless database owners take steps to preserve required evidence.

The Facts

Van Buren is an ex-sergeant in a Georgia police department. The FBI began investigating Van Buren after receiving a recorded conversation where Van Buren “shook down” an undercover informant for cash. The FBI initiated an undercover operation to, as the Court put it, “see how far Van Buren would go for money.”

The FBI directed the informant, while wired, to ask Van Buren to search a law enforcement database for a license plate that the informant wanted information about in exchange for $5,000. The story was the informant met the woman who owned the plate at a strip club, and he needed to know that she was not an undercover officer.

Van Buren complied by using his patrol car computer. Van Buren’s department policy did not permit any such searches for anything but a legitimate law enforcement purpose. The Government’s theory was the breach of department policy exceeded Van Buren’s authorization under the CFAA and Van Buren was charged and convicted of violating the CFAA.

On appeal, the Eleventh Circuit affirmed, criminalizing Van Buren’s access for an “inappropriate reason.” The Supreme Court granted certiorari to resolve a circuit split concerning the scope of liability under the CFAA’s “exceeds authorized access” clause.

The History of the CFAA

The CFAA was borne out of necessity. As Justice Barret recited in the Court’s opinion, trespass and similar actions failed to capture internet crimes and hacking during the 1980’s technology boom.

The CFAA creates criminal liability for “intentionally access[ing] a computer without authorization or exceed[ing] authorized access” and obtaining information as a result. Over time, amendments expanded the scope of information subject to protection from initially only financial information to anything “used in or affecting interstate or foreign commerce or communication.” Therefore, in the Court’s words, the CFAA protects “all information from all computers that connect to the internet.”

The CFAA created civil and criminal responsibility for violators. On the civil side, persons suffering “damage” or “loss” from a CFAA violation may sue for money damages and equitable relief. Prosecutions may result in punishments ranging from misdemeanor sentences and fines to a potential of up to ten years in prison for more egregious violations of the statute.

The Supreme Court’s Analysis and Holding

The Court’s analysis began by analyzing the text of the statute. The CFAA defines “exceeds authorized access” as “to access a computer with authorization and to use such access to obtain . . . information in the computer that the accesser is not entitled so to obtain.” There was no dispute Van Buren accessed the information; rather the question before the Court was whether he was “entitled so to obtain” that license plate information.

The Court engaged in a lengthy determination of what the word “so” means in “entitled so to obtain.” Van Buren argued it meant “the same manner as has been stated” or “the way or manner described” previously in the statute. Thus, in Van Buren’s construction, “so” means “whether one has the right, in ‘the same manner as has been stated [in the statute],’ to obtain the” license plate information. In practice, Van Buren read the statute to mean that the CFAA criminalizes accessing information one is not allowed to obtain on a computer that one is authorized to access. The Government argued “so” means more and that the CFAA should criminalize accessing information that is not permitted to be obtained in the particular method or manner in which it was obtained, i.e., as a product of a bribe. The Court agreed with Van Buren’s interpretation and read “is not entitled so to obtain” to “refer to information that a person is not entitled to obtain by using a computer that he is authorized to access.”

To drive this point home, the Court rejected all of the Government’s counterarguments. Importantly, the Court held that the Government’s untenable reading would result in prosecutions where an employee accesses a company computer which imposes a “business use only” restriction. Under the Government’s reading, an employee who uses a company computer to read the news or send a personal email could be subject to criminal liability. The Court’s opinion limited the statute’s reach and, now, “an individual ‘exceeds authorized access’ when he accesses a computer with authorization but then obtains information located in particular areas of the computer – such as files, folders, or databases – that are off limits to him.” Because Van Buren was authorized to use his patrol car computer and obtain license plate information, he could not be convicted for violating the CFAA.


algorithimOn September 8, 2021, the U.S. Court of Appeals for the Seventh Circuit released an opinion that rejected a defendant’s Fourth Amendment challenge to the government’s use of pen registers to obtain data for a single internet protocol (“IP”) address that was then used to prove that the defendant had launched a cyberattack against his former employer.  The Circuit ultimately held that the use of a pen register to track IP addresses is not a “search” under the Fourth Amendment and does not require the government to obtain a search warrant.   United States v. Soybel, No 19-1936 (7th Cir. Sept. 8, 2021).

In 2016, industrial supply company W.W. Grainger suffered a series of cyberattacks in which millions of records were deleted from a segment of its business.  Grainger determined that each of the attacks originated from a single IP address outside of Grainger’s network.   After discovering this issue, Grainger referred the cyberattack to the FBI, which found that the implicated IP address came from an apartment building in Chicago where a former disgruntled employee, Edward Soybel, resided.

To confirm the source of the attacks, the FBI had to monitor internet traffic in and out of Soybel’s apartment.  Since the IP addresses were being routed through a master router in the apartment building, the FBI was unable to determine where the source of the cyberattack against Grainger was coming from without the use of a device known as a pen register.  In 1986, Congress passed the Pen Register Act, 18 U.S.C. §§ 3121 et seq., authorizing law enforcement to use pen registers and “trap-and-trace” surveillance devices to obtain information as part of a criminal investigation.  Historically, such devices were used to trace telephone numbers dialed on landline telephones and now, with common use of the internet, they are used to track IP addresses.

In this case, the FBI obtained approval to use the pen register device from a district judge upon a minimal statutory showing of relevance to the investigation.  The pen register was then used to record specific IP addresses coming through the master router for Soybel’s apartment building and the external IP addresses to which they were connecting.  In this way, the IP addresses of the websites visited from Soybel’s apartment demonstrated that Grainger’s systems had been unlawfully accessed. FBI’s surveillance confirmed that Soybel accessed Grainger’s network 790 times between September and November 2016.

Before trial in the Northern District of Illinois on twelve counts of violating the Computer Fraud and Abuse Act, Soybel sought to suppress evidence collected using the IP pen registers as a warrantless search in violation of the Fourth Amendment.  He contended that the government should have been required to make a showing of probable cause to use the pen register – which it had not.  Soybel further claimed that the unlawfulness of the government’s actions was supported by a Supreme Court case from 2018 that held the collection of historical cell-site location information from a cell phone (“CSLI”) required a search warrant.  See Carpenter v. United States, 138 S. Ct. 2206 (2018).  The district court rejected this challenge.  It found that even if a search warrant should have been sought, law enforcement officers were operating prior to the Carpenter decision and were entitled to rely on the “good faith exception” to the exclusionary rule. That is, the officers were acting in good faith when they relied on pre-Carpenter law to evaluate their obligations under the Fourth Amendment.

Soybel was ultimately convicted and filed an appeal with the Seventh Circuit.  On appeal, the defendant argued that he had a reasonable expectation of privacy in the data collected from the pen register and, because no search warrant was obtained before using the pen register, the evidence should have been suppressed.  The Seventh Circuit disagreed.  It held that the pen register only collected external data – the IP addresses and the times of connection – and did not collect the content or substance of the connections.  It further found the case to be analogous to the use of telephone pen registers and in line with decades-old precedent holding that there is no expectation of privacy in the telephone numbers dialed on a landline.  Like the IP pen register, the telephone pen register only collected the telephone numbers and the time and duration of the call.  The contents of the telephone calls were not collected.  Citing the third-party doctrine, the Court noted that there was no expectation of privacy in an IP pen register because the IP addresses were routed through a third-party internet service provider.  By using a third-party ISP, the defendant knowingly exposed his data to the public and therefore had no expectation of privacy.  The Court likened the defendant’s use of a third-party ISP to the historical use of a telephone switchboard and held that prior precedent in telephone pen register cases supported a finding that defendant’s privacy rights were not violated.

The Court also determined that the Carpenter decision did not change the result in this case because the unique features of CSLI are not present in IP-address data. It reasoned that IP-address data was stationary, impersonal, and forward-looking, while CSLI tracked an individual’s movements in great detail through monitoring the location of an individual’s cell phone, a device which the Court noted was indispensable to daily life today.  The collection of CSLI, the Court found, allows the compilation of a “detailed chronicle of a person’s presence” in various locations over a period of years and can even be applied retrospectively because cell carriers keep historical records for years.  CSLI demanded a higher level of Fourth Amendment protection while IP-address data did not.

This decision is important for a number of reasons.  Companies seeking to protect themselves from cyberattack can be confident that the government has one more arrow in its sheath to combat cyber criminals.  The decision also serves as a warning to those disgruntled employees who mistakenly believe that their internet activity is protected from disclosure.  Pen registers have long been an important law enforcement tool allowing investigators to identify the criminal connections suspects are making through their communication devices.  This decision shows that advances in technology will not deter law enforcement scrutiny and courts will not create an artificially high bar to collect IP data — as long as it is not a substantial intrusion into an individual’s privacy.

columnsOn May 17, 2021, we discussed the reality that lawyers – namely, Rudy Giuliani – are not immune from searches by federal agents. In that post, we touched on the Department of Justice’s use of “taint teams,” lawyers and federal agents tasked with screening items seized by search warrants to protect privileges. Despite their routine use, taint teams often create issues related to protecting privileged documents. On August 30, 2021, the United States Court of Appeals for the Eleventh Circuit opined for the first time on using taint teams in In re Sealed Search Warrant and Application for Warrant by Telephone or Other Reliable Electronic Means, Case No. 21-14223. The Court held that taint teams are an acceptable means to filter privileged materials from seized materials at least where the subject of the search warrant has an initial opportunity to review potentially privileged materials. As a result, the Eleventh Circuit deepened the divide among the federal circuits’ views concerning proper taint team procedures.

Privilege Review [T]ain’t That Simple

In any litigation, reviewing materials for privilege is an important step in the discovery process. The privilege review protects materials subject to various documentary privileges including the attorney-client privilege and the work product doctrine. In criminal investigations and government enforcement matters, it is essential that privilege reviews capture and protect all documents subject to these privileges. Producing privileged documents could lead to litigation over whether the producing party intended to waive privilege and, ultimately, subject the producing party to consequences, such as the production of additional documents, depending on the nature of the disclosure.

Privilege reviews usually occur before production of materials by the producing party’s attorneys.  When the government enters a person’s home or business with a search warrant, however, the government usually will not wait for the searched person or business to conduct a privilege review. Instead, the agents will seize materials within the scope of the search warrant regardless of whether they are privileged. The seized materials include not only documents, but often also includes computers and electronic storage devices like external hard drives which could contain communications with counsel concerning legal advice, memoranda prepared in anticipation of litigation, and other clearly privileged documents that would never be produced in a run-of-the-mill civil document production.

The government commonly uses taint teams to filter out privileged documents from search warrant returns. A taint team consists of federal agents and attorneys not involved in the underlying investigation or resulting potential prosecution usually conducts that review. The taint team, which is instructed to not disclose the contents of any privileged documents to the prosecution team, filters out privileged documents, and then provides the non-privileged documents to the prosecution team. The rub is that the taint team still consists of federal agents and attorneys employed by the government, giving rise to potential conflicts, and who may not recognize privileged materials before turning them over to their colleagues.  For this reason, several federal circuits have developed guardrails to protect privilege reviews of search warrant returns; these tests, however, are far from uniform, giving rise to uncertainty and disparate treatment depending on where in the country a search occurs.

The Eleventh Circuit Endorses Taint Teams

On August 30, 2021, the Eleventh Circuit released its taint team opinion in In re Sealed Search Warrant and Application for Warrant by Telephone or Other Reliable Electronic Means, an issue of first impression in the circuit. In this case, the government acquired a search warrant for the corporate offices of a group of purported family businesses, all doing business under the name “Optima.” The search team seized documents from the entire office, including files owned by the business’s in-house attorney.  Under the original taint team procedure that the government chose, the prosecution team was to provide the taint team with any seized communications that were to or from an attorney. The taint team would then review the communications and move for a court order to provide the communications back to the prosecution team.

Optima and its employees intervened, seeking a preliminary injunction to halt the taint team’s activities. A magistrate judge in the Southern District of Florida determined that the proposed protocol was underinclusive of privileged documents because it required the prosecution team to segregate only the communications to or from attorneys. The magistrate judge also imposed a new protocol that required the intervenors to first identify privileged documents; then, a different United States Attorney’s office would conduct a taint team review of those documents claimed to be privileged. The intervenors objected to the magistrate’s report and recommendation and argued that the district court should conduct the privilege review, but the district court disagreed. So, the intervenors appealed to the Eleventh Circuit.

The Eleventh Circuit affirmed the district court’s modified taint team protocol. This is the first time the Eleventh Circuit had been asked to rule directly on the propriety of a taint team procedure. Thus, it compared the modified taint team protocol to protocols that various other circuit courts have affirmed or reversed. The Eleventh Circuit reasoned that, because the proposed taint team protocol did not “suffer[] from [any] of the defects [other] courts found disqualifying,” the proposed procedure provided sufficient protections for the privileges at issue. Therefore, a taint team which first permits a searched party to identify potentially privileged documents passes muster in the Eleventh Circuit.

Judicial Restrictions on Taint Teams

In arriving at its decision, the Eleventh Circuit relied on other circuits’ descriptions of what a proper taint team looks like. Notably, it distinguished authority from the Fourth (covering West Virginia, Virginia, Maryland, North Carolina, and South Carolina) and Sixth Circuits (covering Michigan, Ohio, Kentucky, and Tennessee) disapproving of taint teams in certain situations. Additional relevant authority not addressed by the Eleventh Circuit originates from the Southern District of New York.

While the Eleventh Circuit’s decision did not address decisions from the Southern District of New York, which is widely regarded as an influential district court, it has approved of taint teams at least twice. First, in U.S. v. Sattar, No. 02 Cr. 395, 2003 U.S. Dist. LEXIS 16164, 2003 WL 22137012 (S.D.N.Y. Sept. 15, 2003), the government sought a court order to produce privileged materials belonging to Sattar’s co-defendants to Sattar pursuant to Brady. The co-defendants opposed, citing privilege concerns. The dispute centered around notebooks which contained allegedly privileged statements that the taint team was translating from Arabic to English and phone calls between Sattar’s co-defendants and their counsel being transcribed and redacted where privileged for the prosecution team’s use. The translations and transcripts were also provided to the co-defendants. The district court held in camera review was appropriate because the court could not determine whether the material was actually privileged without reviewing it. Second, in In re Search Warrants Executed on April 28, 2021, No. 21-MC-425, 2021 U.S. Dist. LEXIS 101348 (S.D.N.Y. May 28, 2021), the Southern District of New York again addressed taint teams when Rudy Giuliani sought the return of allegedly privileged materials seized pursuant to a search warrant. Giuliani objected to a taint team protocol, but the district court disagreed and stated that “[t]he use of a [taint] team is common procedure in this District and has been deemed adequate in numerous cases to protect attorney-client communications.” Nonetheless, the court appointed a special master to ensure the “perception of fairness” in the process. Therefore, the Southern District of New York has broadly approved using taint teams, but will not credit their privilege designations without judicial review.

In In re: Search Warrant Issued June 13, 2019, 942 F.3d 159 (4th Cir. 2019), an unidentified law firm resisted a taint team procedure imposed by the government when collecting documents seized pursuant to a search warrant of its offices. The search warrant sought evidence of alleged illegality related to one attorney’s representation of one client out of a 20-attorney law firm. The magistrate judge ex parte authorized the use of a taint team. The procedure required the taint team to send responsive yet potentially privileged materials to the subject’s attorneys for further review, but non-privileged materials, based solely upon the judgment of the taint team, would be forwarded to the prosecution team. The taint team seized the subject’s documents which included tens of thousands of emails unrelated to the client relationship under investigation. The subject’s law firm partners objected to protect their clients’ information on the subject’s computer, but the district court overruled the objections. The Fourth Circuit reversed. It held a potential privilege waiver of this magnitude presented potential irreparable harm, and the proposed taint team protocol vested the Executive Branch with judicial powers to make privilege determinations. It also relied on a recent case from the District of Maryland, U.S. v. Elbaz, No. 8:18-cr-00157, in which a taint team improperly disclosed thousands of privileged documents to the prosecution team. Accordingly, the Fourth Circuit reversed the taint team protocol and ordered the district court to impose injunctive relief to cease the taint team’s operation pending further review by the district court. The district court’s activity on remand is not reported under the case number associated with the appeal, so it is unclear how the district court resolved the taint team protocol. Notably, the Southern District of New York distinguished this case in the Giuliani case by stating the Fourth Circuit “did not hold the Government’s use of a filter team is categorically inappropriate.”

In In re Grand Jury Subpoenas 04-124-03 and 04-124-05, 454 F.3d 511 (6th Cir. 2006), the Sixth Circuit held that a subject of a grand jury investigation has a limited right to review documents before producing them to the grand jury. A grand jury issued a subpoena for documents related to Larry Winget in Winget’s company’s control. The subpoena required immediate production to a taint team who would send documents it determined to be non-privileged to the grand jury without any review by any party. Asserting that the protocol was improper, Winget intervened, but the district court disagreed. The Sixth Circuit reversed, reasoning that this case was not appropriate for taint team procedures because the documents were not in the government’s possession yet and “taint teams present inevitable, and reasonably foreseeable, risks to privilege” from leaks between the taint team and prosecution team. However, the Sixth Circuit also held that a subpoenaed party should not be able to delay the grand jury’s review of relevant documents. Accordingly, the Sixth Circuit held that a Special Master should be appointed to conduct an initial privilege review, returning privileged documents to the subpoenaed company and sending non-privileged documents to the grand jury.

These cases highlight important differences among judicial approaches to using taint teams. First, as is clear from the Sixth Circuit, taint teams are inappropriate in situations where the materials are not yet in the government’s possession. Second, the Fourth Circuit has decisively held that overinclusive search warrant returns cannot simply be turned over to a taint team to make privilege determinations as if it were part of the judiciary. Third, while the Southern District of New York has held that a taint team sufficiently protects a subject’s privileged materials, a taint team cannot unilaterally determine whether privileged materials are indeed privileged and a court still must review the documents in camera before producing them to another party even pursuant to the government’s Brady obligation. These principles reconcile in the Eleventh Circuit’s holding that a taint team may make privilege determinations only after the potentially privileged materials are first identified by the subject of the investigation. Notably, the Eleventh Circuit departed from the Sixth Circuit’s analysis of who possesses the documents – in the Eleventh Circuit, the government possessed the documents, but the subject was still entitled to a first-look privilege review.


The circuits which have opined on the propriety of a taint team procedure do not take a uniform approach. Instead, whether a taint team is appropriate and how it will operate depends on the facts of the case including who possesses the documents, the size of the seizure relative to the scope of the warrant, the number of privileged documents in the seized materials, the timing of the production, and most important, where the search was executed. At some point, the Supreme Court may be asked to resolve the circuit splits and provide a definitive approach to the procedure concerning seizure of privileged material subject to search warrants.

waitingAt the onset of the COVID-19 pandemic—and thus nearly a year and a half ago—the federal government implemented a massive stimulus program to prop up the economy.  A key component of that stimulus was the Paycheck Protection Program (PPP).  The PPP allowed businesses to obtain forgivable loans to be used for payroll and related expenses; the loans were approved, disbursed and administered by banks and fintech companies, but were issued and backed by the Small Business Administration.  (For additional background on the PPP, see here, here, and here.)

The rapid rollout of the PPP coupled with shifting federal guidelines and reduced underwriting requirements made PPP loans ripe for fraud.  One expected avenue that the government and private whistleblowers will use to combat that fraud is the False Claims Act (FCA) (see here).  But to date, there have been few publicly announced FCA cases brought for PPP fraud.  It was not until January 2021 when the government announced its first settlement in a FCA case for PPP fraud.  There, the defendant failed to disclose that it was in bankruptcy proceedings at the time of the loan application.  There were no criminal charges.  While that settlement was notable for being the first, the alleged fraud involved only $350,000 of PPP funds—PPP loans, however, were made in sums as large as $10 million.

Since the January 2021 settlement, there have only been a handful more in 2021, all of which also involve relatively small loan amounts.

  • On April 21, the US Attorney’s Office for the Eastern District of California announced a settlement to resolve FCA claims against a professional medical corporation and its owner related to a $430,000 PPP loan. According to the government, the corporation and its owner falsely certified in an application for a PPP loan that they had not previously received any PPP funds.  (Notably, the government alleged this false statement violated the FCA even though the corporation did not seek forgiveness of the second loan.)  The settlement required the corporation to repay the entire $430,000 loan and to pay, along with its owner, a combined $70,000 in damages and penalties.  There were no criminal charges.
  • On June 2, the US Attorney’s Office for the Eastern District of Virginia announced a settlement with a company and its owner to resolve FCA claims based on the company improperly obtaining multiple PPP loans by using a company that was not currently doing business to obtain a second loan only to have those loan proceeds deposited in the other, operating company’s account. The total settlement, inclusive of penalties, was $230,414.65.  There were no criminal charges.
  • On August 27, the US Attorney’s Office for the Southern District of Florida announced a settlement with the owner of a jet charter company to resolve FCA claims based on the owner misappropriating for his own personal expenses PPP funds obtained by the company. The government alleged that the company received $1,173,382 in PPP money and the owner, within a day, transferred $98,929 to pay for personal expenses unrelated to the company’s operations.  The owner agreed to settle for $287,055.  Unlike the others, this FCA case was commenced by a whistleblower relator, who will receive $57,411 of the settlement.  There were no criminal charges.

These settlements provide two insights into trends of stand alone FCA cases involving PPP fraud.  First, there was no one common fraud scheme: The FCA claim in each is premised on different types of underlying deception.  In the January settlement, the false statement was the borrower’s certification that it was not in bankruptcy when it applied for the PPP loan.  In the April and June settlements, the false statement was the certification the borrower had not previously obtained a PPP loan.  In the August settlement, the false statement was the owner’s certification that the loan funds would be used for permissible purposes under the PPP, i.e., for company payroll and operating expenses.  Each of these FCA violations involve clear cut fraud.  Which leads to the second insight: So far, stand-alone FCA claims based on PPP fraud involve only obvious fraud and involve only relatively small loan amounts (all have been settlements of $500,000 or less).

The question raised by the settlements is whether they are indicative of a less aggressive reliance on stand-alone FCA law suits to recover PPP funds because DOJ intends to prosecute criminally the more egregious PPP frauds, or whether we are just seeing the beginnings of stand-alone FCA cases and these settlements are nothing more than low-hanging fruit.  To be sure, the government has been investigating and prosecuting PPP fraud based on other theories of liability, as my colleague has written about here.  That does not answer whether there will be an uptick in stand-alone FCA cases premised on PPP fraud—an important question for participants in the PPP, because FCA cases are civil, and thus easier to prove than a criminal case, and because the government is aided by private whistleblowers and other relators in investigating and developing FCA cases.

There are several reasons to believe that the wave of FCA PPP cases has not crested and, in fact, is still far offshore.  First, as a practical matter, financial fraud cases can be complex and document heavy, requiring lengthy investigation.  That is true as a general matter but likely even more so for PPP fraud, given the speed of the program’s rollout and the approval and distribution of the loans.  Second, as a legal matter, FCA investigations and claims, by their very nature, are shielded from public view for many months or even years.  When a private relator, i.e., whistleblower, files a FCA case against a defendant, by statute the case is sealed for 60 days to permit the government time to investigate—and that time is frequently extended if the government needs additional time to investigate.  And of course, the government’s own investigations are rarely made public before charges or claims are brought.  So there could be hundreds or thousands of FCA PPP investigations ongoing right now that simply are not public.

Indeed, recent reporting suggests that the focus of investigations into FCA violations for the PPP is expanding beyond the recipients of PPP loans to the financial institutions, i.e., banks and fintech companies, that processed the borrowers’ PPP applications and disbursed the loans.  Whether there can be a viable FCA claim made out against these financial institutions is unclear—there are several strong defenses to FCA liability based on materiality and intent these entities likely could assert.  But this reporting indicates that FCA cases based on PPP fraud are likely to increase substantially in the coming months and years.

So, it is not a question of if the other shoe will drop for PPP FCA cases, but when.


GoalTwo former television executives ensnared in the latest salvo of the long-running FIFA corruption scandal have petitioned the Eastern District of New York for an opportunity to review cellphone evidence from a government cooperating witness that might have been languishing on the shelf for the past six years.

Carlos Martinez and Hernan Lopez (the “Defendants”) are just the latest sports marketing operatives to be caught up in the wide-ranging probe that centers on bribes paid in exchange for broadcasting rights for lucrative soccer tournaments. The first FIFA corruption trial took place in 2017. During the course of that trial it became clear that Alejandro Burzaco, a former executive of the sports communication firm Torneos y Competencias, was the government’s primary cooperating witness. Martinez and Lopez have been charged with, among other things, conspiring with Mr. Burzaco to commit wire fraud and launder money. Now, Defendants have sought to subpoena Mr. Burzaco’s cellphone evidence which the government apparently claims it never reviewed.

In their recent filing seeking the subpoena (the “Motion”), the Defendants note that in 2017 Mr. Burzaco testified that he used an iPhone and a BlackBerry during the timeframe of the alleged conspiracy, that he turned those phones over to his attorneys in 2015, and that – to his knowledge – those phones had not been wiped of their data.[1] According to the Motion, when asked for that cellphone data the government indicated that it “does not have, and has never had, possession of any electronic devices – including cell phones or computers – of Alejando Burzaco’s and thus has no images to produce[,]” and that is likewise does not have any ESI from the phones.[2] This despite the fact that Mr. Burzaco testified to taking part in approximately 50 proffers with the DOJ and FBI, and the fact that Defendants have indicated that they received evidence of encrypted messages between Burzaco and others which were apparently taken from the phones of third parties.[3]

The Defendants have taken the position that the phones are likely to have admissible evidence tending to bear on Burzaco’s credibility and whether they were actual participants in the alleged conspiracy.

Defendants’ efforts to subpoena Burzaco’s phones is a smart tactical move for several reasons.

First, the Motion is an opportunity for the Defendants to play some offense, while potentially strengthening their defense. The Motion raises several questions about the government’s case, which Defendants likely hope to use to highlight reasonable doubt. Why would the government have declined to take possession of and review Burzaco’s cellphones? Especially if it has since done so with other cooperating witnesses? How did the government corroborate intelligence gleaned from Burzaco?

Second, locating and producing the cellphone data is unlikely to be burdensome given Burzaco’s testimony. During the 2017 trial, Burzaco indicated that his counsel operated according to best practices by obtaining and sequestering Burzaco’s cellphone records – here, they apparently went so far as to take the literal phones. Maintaining control over such records is not only a smart tactical decision by any defense team, it is also an ethical obligation as part of an attorneys’ duty of competence regarding the handling of Electronically Stored Information.[4] If Burzaco’s attorneys maintain access to the cellphones, providing the necessary data is only a matter of securing a copy, or “image,” of those phones’ data.[5]

Finally, securing access to Burzaco’s cellphone records could change the substantive dynamics of this case. The typical smartphone contains, at a minimum, logs of the user’s calls, texts and emails, voicemails, contact information, calendars, web browsing and search engine history, photos and videos, and GPS information.[6] While some of this information might be retrievable via a company’s servers or cloud software, much of it “may be irretrievable from anywhere but the device itself.”[7] Defendants’ access to even a limited subset of such information would provide an invaluable opportunity to test Burzaco’s credibility and potentially poke holes in the government’s case.

Any opportunity for a criminal defendant to go on the offensive is one which should be carefully considered. Especially where, as here, valuable cellphone records may be at stake. Here, defense counsel’s creative offensive play has created an opportunity to change the narrative and, perhaps, the fundamentals of this case.


[1] Defendants Hernan Lopez and Carlos Martinez’s Application for Pretrial Subpoena Pursuant to Fed. R. Crim. P. 17 and Letter Rogatory, United States v. Carlos Martinez, Hernan Lopez, et al., No. 15-cr-252 (PKC) at 9-11.

[2] Id. at 11-13.

[3] Id. at 13, 15.

[4] Forensic Examination of Digital Devices in Civil Litigation: The Legal, Ethical and Technical Traps, 24 The Professional Lawyer, American Bar Association (March 1, 2016),

[5] The Motion also seeks a Letter Rogatory for certain data from Burzaco’s BlackBerry phone, which the Defendants claim is accessible via Torneos y Competencias’ “BlackBerry Enterprise Server.” The practicability and procedure for accessing such data via a Letter Rogatory is outside the scope of this post. Typically, the ability to secure cellphone data, and the scope of such available data, depends on a company’s data management policies.

[6] See Mobile Devices, Data Collection and the Next E-discovery Front, FTI Technology,

[7] Id.

National DefenseOn January 1, 2021, Congress passed the National Defense Authorization Act for Fiscal Year 2021. Included among its provisions is the Corporate Transparency Act (CTA), which, in short, requires qualifying businesses to disclose so-called “beneficial owners.” The purpose undoubtedly is to root out shell companies that avoid detection, regulation or enforcement through complex, opaque ownership arrangements. While we cannot be certain how enforcement will take shape, companies should be aware of the CTA’s requirements to prepare for its enforcement.

The Problem: Shell Companies Hide Illegal Activity

Law enforcement officials believe that their ability to root out corporate crime of all kinds is hindered because individuals and companies can set up complex ownership structures of assets that hide the true beneficial owners. While forming or having a “shell company” – a business that exists only on paper, with no employees, no physical location and sometimes no disclosure of the owner’s real name – is not in and of itself illegal, it can be used to launder money and evade U.S. law enforcement. Sophisticated shell companies may be owned by a separate company or companies, using a Russian-doll ownership structure that eventually traces back to the ultimate owner, who may or may not be a criminal. The problem for law enforcement is that it is difficult to track back what may be many layers of ownership that have enabled the true owner to remain anonymous. The shell company may either have little legitimate business or no business at all; instead, it merely funnels back to the owners funds that may have been laundered by fraudulent invoices, fudged bookkeeping numbers, made-up accounts receivable or similar illegal yet easy-to-overlook activities that would not raise red flags with the government.

To be sure, while many U.S. companies use shells for legitimate purposes, they are also a favored means of laundering funds that are obtained through illegal activity.

Under the United States Code, “laundering of monetary instruments” is transacting in property while knowing that the property represents the proceeds of an unlawful activity and with the intent to promote or carry on unlawful activity or knowing that the transaction is designed to conceal or disguise the unlawful activity. Most people call it “money laundering” because the process “cleans” the property – usually money – of its illegal history and can be used with less worry that the government will investigate its use. Of course, money laundering does not actually clean the money; it remains tied to its original ill-gotten past, and money laundering is a crime in and of itself.

The Solution: The Corporate Transparency Act

Congress passed the CTA, which then-President Trump vetoed on December 23, 2020. The House of Representatives overrode the veto on December 28, and the Senate followed suit on January 1, 2021. The CTA became law the same day, although its provisions will not become effective until the U.S. Treasury Department promulgates implementing regulations, which is supposed to occur no later than January 1, 2022.

The CTA generally requires shell entities to report their ultimate ownership to the Financial Crimes Enforcement Network (FinCEN), an arm of the federal government, for cataloguing. More specifically, each “reporting company” must provide each “beneficial owner’s” full legal name, date of birth, current residential or business address, and either a unique identifying number from a passport or state-issued ID or a FinCEN identifier number. Because the CTA only affects “beneficial owners” and “reporting companies,” a critical question for businesses is whether they will be deemed to fall into those categories.

A beneficial owner is “an individual who, directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise, exercises substantial control over the entity; or owns or controls not less than 25 percent of the ownership interest of the entity.” A beneficial owner does not include

  • a minor child if the parent or guardian submits reporting information;
  • an individual acting “as a nominee, intermediary, custodian, or agent on behalf of another individual”;
  • “an individual acting solely as an employee” of a business entity who derives an economic benefit solely by virtue of their employment status;
  • an individual whose only interest in the entity was through inheritance; or
  • a creditor of the corporation, unless the creditor meets the requirements of the definition of a beneficial owner.

Because of the definition’s broad language, a shell company will need to trace its ownership outward from the Russian dolls it sits in to arrive back at each individual who either exercises substantial control over the company or possesses at least 25% of its ownership interest.

A reporting company is “a corporation, limited liability company, or other similar entity that is created by the filing of a document with the secretary of state or similar office under the law of a State or Indian Tribe; or formed under the law of a foreign country and registered to do business in the United States by filing a document with a secretary of state or similar office under the laws of a State or Indian Tribe….” A reporting company does not include

  • an issuer, broker, or dealer of securities or entity required to file information under section 15(d) of the Securities Exchange Act of 1934;
  • an entity exercising governmental authority on behalf of the United States or any State, Indian Tribe, or political subdivision;
  • a bank, credit union, bank holding company, or a money transmitting business as defined in various federal laws;
  • an exchange or clearing agency;
  • an investment company or adviser registered with the SEC or under the Investment Advisers Act;
  • an insurance company;
  • a registered entity under the Commodity Exchange Act;
  • a public accounting firm;
  • a public utility company;
  • a financial market utility;
  • a 501(c) nonprofit company, unless the organization loses tax exemption status and fails to cure that defect within 180 days;
  • a charitable or split-interest trust; or
  • other entities not listed here.

Because the new law targets shell companies, a reporting company also does not include an entity that employs more than 20 employees full-time, filed tax returns showing more than $5 million in gross receipts or sales (including receipts and sales of other entities through which that entity operates or owns), and has an operating presence at a physical office in the United States. There is also a grandfather clause that provides preexisting entities two years from the effective date of the act to file the required information.

A person who willfully provides false or fraudulent beneficial ownership information or willfully fails to complete the beneficial ownership information will be liable for a $500 civil penalty each day the violation continues and will suffer a fine of up to $10,000, imprisonment for not more than two years, or both. The CTA provides a liability exception for those who remedy the inaccurate information within 90 days, unless the inaccurate information was provided for purpose of delay and the person had actual knowledge of the inaccuracy. Additionally, a person who knowingly discloses or uses beneficial ownership information they obtain through a report or disclosure made to FinCEN shall be liable for a civil penalty of $500 per day of the violation, and suffer a fine of up to $250,000, imprisonment for not more than five years, or both. If the unauthorized use or disclosure of beneficial information is a part of a pattern of illegal activity involving more than $100,000 in a 12-month period, the fine increases to up to $500,000, and the term of imprisonment increases to not more than 10 years.

The CTA’s clear intended effect is to require those who control or own small companies to file certain identifying information with FinCEN, which can then examine the records to ensure accuracy and alert authorities to anomalous filings. The hope is that this process will permit easier tracking and investigation of these types of companies.

This overview of the CTA is not meant to be comprehensive. The CTA contains many more provisions and subtleties than are provided here, including guidance to regulating authorities. Strict compliance with the CTA is expected, so each business should review the specific requirements that apply to its circumstances.

Conclusion: The CTA is a Good Start on a Long Road

The CTA is a small step on a much longer journey. While its scope is appropriate to begin reining in the use of shell companies, the CTA’s success cannot be measured until long after its effective date. While law enforcement officials view it as an important tool in their efforts to combat money laundering and criminals will likely continue to find new ways of evading detection of ill-gotten gains, businesses that form shell companies for legitimate purposes should pay attention to the CTA’s requirements to avoid unwarranted scrutiny and suspicion.


nursing homeOn June 22, 2021, the Office of the Inspector General for the U.S. Department of Health and Human Services (OIG-HHS) released a comprehensive report on the impact of COVID-19 on Medicare beneficiaries residing in nursing homes for 2020.  While the results may not be surprising, they are still disturbing.  Overall, the report paints a tragic picture of COVID-19 ravaging the nursing home population.

For example, the report finds that roughly forty-two percent of Medicare beneficiaries in nursing homes had or likely had COVID-19 – compared to only six percent of the population as a whole.  The report also determined that the overall mortality rate in nursing homes in 2020 was nearly one-third higher than it was in 2019.  Strikingly, almost 1,000 more Medicare beneficiaries died per day in April 2020 than they did in April 2019.  And while all age and ethnic groups were hit hard by the disease, the report found that nearly half of Black, Hispanic, and Asian Medicare beneficiaries had or likely had COVID-19, as compared to only slightly more than forty percent of White beneficiaries.

While the OIG-HHS report concludes that the data will be used prospectively to avert similar tragedies occurring in the future, the clear, if unwritten, implication of the report is that it will serve as a further basis for regulators and prosecutors to scrutinize and investigate nursing home operators.  As previously discussed on this blog (here and here), the Department of Justice (DOJ) and the Department of Health and Human Services (HHS) announced the creation of the National Nursing Home Initiative (NNHI) in March 2020, coincident with the rise of COVID-19.  The stated purpose of the NNHI was to pursue criminal and civil enforcement actions against nursing homes that provide “grossly substandard care.”  However, by November 2020, the NNHI appeared to have floundered, with nursing homes passing government inspections with ease despite the pandemic, and overall being fined less than the prior year.

That soon could very well change, with the OIG-HHS report being the harbinger of more robust enforcement proceedings and investigations.  The report, and it’s devastating findings, comes just a few months after the new HHS secretary, former California Attorney General Xavier Becerra, was confirmed on March 18, 2021.  Prior to this, Becerra had established himself as an aggressive prosecutor of nursing home fraud and misconduct in California.  In fact, just days before he was confirmed, Becerra, alongside other government prosecutors, filed a newsworthy lawsuit against an operator of one of the nation’s largest nursing home chains.  The lawsuit alleges that the nursing home operator ignored laws designed to protect patient safety and provided false information to the Centers for Medicare & Medicaid.

Another sign that nursing homes may face increased scrutiny are DOJ’s focus on pursing False Claims Act (FCA) actions against nursing home operators.  For example, just last month, nursing home operator SavaSeniorCare LLC (Sava) agreed to settle allegations it violated the FCA by billing Medicare and Medicaid for grossly substandard skilled nursing services or for services that were not necessary by paying $11.2 million.  As is common with FCA cases, the Sava settlement resolves allegations of fraud arising from a complaint filed in 2015 and based on conduct that occurred a decade ago.

What this means is that it is likely that DOJ, OIG-HHS, and other regulators and prosecutors, may be spurred by the OIG-HHS report to investigate nursing homes for fraud out of their handling of the pandemic.  But given the enormity of COVID-19, affecting virtually every nursing home in the nation, and the complexity of FCA investigations generally, it may be months or years before we see the visible impact of those investigations.  This does not mean, of course, that nursing homes will get a free pass.  To the contrary, in remarks given publicly in December 2020, Deputy Assistant Attorney General Michael Granston reiterated that one of DOJ’s priorities included using the FCA as a basis to investigate and hold accountable nursing home operators – specifically emphasizing the NNHI and the “continuing evidence of deficient care being provided to our nation’s seniors.”

The OIG-HHS report released this week all but conclusively proves that COVID-19 took an immense toll on nursing homes and their residents.  The data in that report alone certainly is not a basis to prove that these nursing homes violated laws or regulations, including the FCA.  But it provides a strong basis for regulators and prosecutors to lay the foundations for investigating nursing home misconduct during the pandemic.  Even though the pandemic may be winding down, nursing home operators should expect to continue to be scrutinized and investigated for their actions during it for a long time.