Digest 12.6.2018 The State AG Report Weekly Update

Breaking News

Alaska Governor Appoints Kevin Clarkson as Attorney General

  • Recently elected Alaska Governor Mike Dunleavey, a Republican, appointed Kevin Clarkson as Attorney General, replacing AG Jahna Lindemuth.
  • Prior to his appointment, Clarkson was an attorney in private practice at the Anchorage law firm Brena, Bell & Clarkson, P.C.
  • The Governor’s appointment is subject to legislative confirmation.

Maine Legislature Elects State Representative Aaron Frey as Attorney General


Massachusetts Attorney General Reaches Settlement with Medical Center and Health System Over Proposed Merger

  • Massachusetts AG Maura Healey reached a settlement with Beth Israel Lahey Health, Inc. (“BILH”) to resolve concerns that the proposed merger between Lahey Health System, Inc. and Beth Israel Deaconess Medical Center, Inc. would increase costs and impose barriers to health care in violation of consumer protection and antitrust laws.
  • According to the Assurance of Discontinuance (“AOD”), the AG’s investigation and the Massachusetts Health Policy Commission’s report found that the proposed merger could lead to significant price increases and adversely affect access to health care services, particularly for underserved populations, among other things.
  • Under the terms of the AOD, the merger is approved on the conditions that BILH operate under a price cap for seven years and provide $71.6 million in support services for low-income and underserved communities.

Consumer Protection

43 Attorneys General Settle with Debt Buyers Over Allegedly Unlawful Debt Collection Practices

  • 43 AGs reached a settlement with debt buyer Encore Capital Group Inc. and its subsidiaries Midland Credit Management, Inc. and Midland Funding LLC (collectively, “Encore”) over allegations that Encore engaged in “robosigning”—automatically signing and filing affidavits in state courts against consumers to collect on debts—in violation of state consumer protection laws.
  • According to the AGs, Encore sought to collect on the debts it purchased by robosigning and filing legal actions against consumers in large volumes without verifying the information printed in documents filed with the courts.
  • According to the AGs, under the terms of the settlement Encore will pay $6 million to the participating states, eliminate or reduce judgment balances of consumers, and reform its affidavit signing and litigation practices, among other things.

Data Privacy

12 Attorneys General File Lawsuit Against Electronic Health Records Company Over Alleged Data Breach

  • 12 states, led by Indiana AG Curtis Hill, filed a lawsuit against web-based electronic health records company Medical Informatics Engineering Inc. d/b/a Enterprise Health, LLC, K&L Holdings, and NoMoreClipboard, LLC (collectively, “MIE”) for allegedly failing to adequately protect patients’ electronic personal health information (“ePHI”) or respond to unauthorized access to its systems in violation of the federal Health Insurance Portability and Accountability Act (“HIPAA”) and state consumer protection, data breach notification, and personal information protection laws.
  • According to the complaint, MIE allegedly failed to implement basic industry-accepted data security measures or remedy vulnerabilities in its systems identified during testing, leading to the breach of its network and access gained to patients’ ePHI by hackers in May 2015, among other things, and failed to comply with HIPAA requirements imposed on Business Associates—third-party providers with access to ePHI—of healthcare providers.
  • The complaint seeks injunctive relief, restitution, and civil penalties.

New York Attorney General Reaches Settlement with Online Advertisement Auction Company Over Alleged Violations of Children’s Privacy

  • New York AG Barbara Underwood reached a settlement with Oath Inc.—a subsidiary of Verizon Communications Inc. and formerly known as AOL Inc.—to resolve allegations that it enabled online advertisers to track and target ads to young children in violation of the federal Children’s Online Privacy Protection Act (“COPPA”).
  • According to the AG’s office, Oath allegedly conducted billions of auctions for ad space on websites that it knew were directed to children under age 13, which enabled advertisers to track and serve targeted ads to young children, permitted clients to use its ad exchange even though the exchange was not capable of conducting COPPA-compliant auctions involving third-party bidders, misrepresented to clients that its ad exchange could be used in a COPPA-compliant manner, and ignored information it received from other ad exchanges that the ad spaces Oath was bidding on were subject to COPPA.
  • According to the AG’s office, Oath will pay $4.95 million in penalties, establish and maintain a COPPA compliance program, retain a third-party professional to assess its privacy controls, implement and maintain a website function that indicates portions of sites that are subject to COPPA, and destroy all personal information it has collected from children.

Federal Trade Commission Requests Public Comment on Identity Theft Detection Rules

  • The Federal Trade Commission (“FTC”) is seeking public comment on whether the FTC should modify its Red Flags Rule and Card Issuers Rule, which require financial institutions and some creditors to take certain steps to detect signs of identity theft affecting their customers.
  • The Red Flags Rule, 16 CFR 681.1, requires covered entities to implement a written identity theft detection program for use in daily operations, take steps to prevent identity theft, and mitigate its damage should theft occur, while the Card Issuers Rule, 16 CFR 681.2, requires card issuers to ensure validity of consumer addresses prior to issuing an additional or replacement debit or credit card.
  • According to the Federal Register Notice, the FTC is seeking comment on whether the specific provisions of the Rules are necessary, how the Rules benefit consumers, what significant costs the Rules have imposed on consumers and businesses, and whether additional types of creditors should be covered by the Red Flags Rule.
  • The deadline for submitting comments is February 11, 2019.

False Claims Act

Georgia Attorney General Reaches Settlement with Medical Device Company Over Allegedly Improper Kickback Payments

  • Georgia AG Chris Carr and the S. Department of Justice (“DOJ”) reached a settlement with medical device company LivaNova USA, Inc., f/k/a Cyberonics, Inc. (“LivaNova”), to resolve allegations that it knowingly paid kickbacks to Georgia physicians with the intent to cause referrals for implantation of LivaNova’s medical devices in violation of the federal Anti-Kickback Statute and False Claims Act and the Georgia False Medicaid Claims Act.
  • According to the DOJ, LivaNova allegedly paid speaking fees to physicians who were the highest source of referrals of implementation devices for events primarily attended by the physicians’ own staff.
  • According to the DOJ, under the terms of the settlement, LivaNova will pay $1.87 million to the United States, Georgia, and the plaintiff who originally brought a qui tam action related to the conduct.

Health Care

Massachusetts Attorney General Settles with Adult Day Health Facilities Over Alleged False Claims and Improper Billing

  • Massachusetts AG Maura Healey reached a settlement with adult day health facilities Otrada Adult Day Health Care Ctr., Inc., North Shore Adult Day Health Care Center, Inc., and Revere Adult Day Health Care Center, LLC (collectively, “Adult Day Health Care Centers”) over allegations that they failed to accurately track provider time and attendance in violation of regulations governing MassHealth, the state Medicaid program.
  • According to the AG’s office, the Adult Day Health Care Centers allegedly failed to provide accurate attendance information and billed for full-day adult day health services for MassHealth members who did not attend full-day programs.
  • According to the AG’s office, under the terms of the settlement the Adult Day Health Care Centers will pay over $500,000 to the state.