DOJ Takes Action on False Claims, Holding Healthcare Providers & Contractors Accountable

Key Takeaways

• Saint Vincent’s Settlement: The healthcare provider agrees to pay $29 million to resolve False Claims Act violations tied to overpayments from the Department of Defense’s healthcare program.
• Whistleblower Rewards: Jane Rollinson and Daniel Gregorie will receive a combined $5.7 million from the Saint Vincent settlement for exposing the violations.
• Cybersecurity Failures & Settlement: Health Net Federal Services and Centene Corporation settle for $11.25 million for falsely certifying cybersecurity compliance in managing military healthcare data.
• Protecting Sensitive Information: The settlements underscore the importance of securing sensitive data, particularly in programs serving military families.

Deep Dive

When you think of government contracts, the last thing that might come to mind is a mix-up of payments or a cybersecurity breach, especially when it comes to protecting our nation’s military families. But that’s exactly what’s behind two of the most recent enforcement actions by the Department of Justice (DOJ), resulting in settlements worth more than $40 million.

Saint Vincent Catholic Medical Centers

Saint Vincent’s Catholic Medical Centers, now operating under the name SVCMC Inc., is no stranger to federal healthcare programs, having participated in the Uniformed Services Family Health Plan (USFHP), which provides health services to retired military members and their families. But in 2012, Saint Vincent realized something was amiss: the Department of Defense (DoD) had been overpaying the hospital for years due to errors in the calculation of the capitated rates.

Instead of owning up to the mistake and returning the funds, the hospital chose to cover it up—continuing to submit inflated invoices for healthcare services well after the error had been discovered. The DOJ took action, and now the organization has agreed to pay $29 million to resolve these claims.

While this settlement is certainly a large sum, it also tells the story of two individuals—Jane Rollinson and Daniel Gregorie—whose courage to blow the whistle led to the resolution of this case. They’ll be receiving a combined $5.7 million for their role in exposing the violations, highlighting how important it is for those inside organizations to take a stand when they spot wrongdoing.

Acting Assistant Attorney General Brett A. Shumate reminded us, “Those who receive public funds must return funds to which they are not entitled.” Dr. David C. Krulak, Director of TRICARE Health Plan, echoed the sentiment, emphasizing the need to remain vigilant stewards of taxpayer money.

Health Net & Centene

Meanwhile, over on the cybersecurity side, Health Net Federal Services (HNFS) and its parent company Centene Corporation are facing their own legal music. These companies had a contract with the DoD to administer the TRICARE program, providing healthcare benefits to military service members and their families. However, from 2015 to 2018, they failed to meet several crucial cybersecurity standards meant to protect the sensitive data of those they served.

The companies falsely certified their compliance with the cybersecurity requirements and ignored multiple warnings—both internal and from third-party auditors—about vulnerabilities in their systems. Things like weak access controls, outdated software, and unaddressed security flaws created an environment ripe for potential exploitation.

In response, the DOJ has secured an $11.25 million settlement, making it clear that the U.S. government takes its responsibility to protect the personal data of military families seriously. Acting Assistant Attorney General Shumate pointed out, “Companies that hold sensitive government information must meet their contractual obligations to protect it,” a statement that resonates deeply given the critical nature of the data involved.

Acting U.S. Attorney Michele Beckwith emphasized that the breach wasn’t just about breaking a contract—it was about breaching a moral duty to those who serve our country. “Safeguarding sensitive government information is of paramount importance,” she said, underscoring the gravity of these cybersecurity responsibilities.

Accountability & Responsibility in Federal Contracts

Both cases serve as reminders that companies working with the government have a clear responsibility—not just to follow the rules, but to actively ensure that they are living up to their promises, especially when it comes to taxpayer funds and data that could impact national security.

At the heart of both settlements is a message about accountability. Whether it’s returning overpayments made in error or ensuring that military families’ sensitive healthcare data is protected, these actions are a reminder of the importance of trust and integrity in federal contracting. And for the whistleblowers who played a crucial role in bringing these cases to light, the settlements serve as a recognition of their courage in standing up to what’s wrong.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.