State AG Updates: California, New York, North Carolina, Massachusetts, Pennsylvania and Ohio

In this edition of Faegre Drinker’s State Attorneys General Update, we discuss:

• The California AG’s $15 million settlement with an online pharmacy for alleged Medicaid fraud
• The New York AG’s:
  • $400,000 settlement with a home health care payment processor relating to an allegedly anti-competitive noncompete agreement with a competitor
  • Lawsuit alleging securities violations by cryptocurrency trading platform CoinEx
• The North Carolina AG’s $500,000 False Claims Act settlement with a medical device manufacturer
• The Massachusetts AG’s
  • $6.5 million settlement with a home security firm relating to allegedly deceptive long-term autorenewal contracts and allegedly unlawful debt collection practices
  • $7.6 million settlement with Toyota Motor Credit Corporation relating to the company’s loan collection practices
• The Pennsylvania and Ohio AGs’ $400,000 joint settlement relating to a data breach

The California AG Enters $15 Million Settlement With Online Pharmacy to Resolve Allegations of Medicaid Fraud

The Pill Club, an online pharmacy focused on birth control and contraceptives, agreed to pay $15 million to resolve allegations that it defrauded California’s Medicaid program. According to the AG, The Pill Club engaged in a variety of two main forms of fraudulent activity. In the more basic alleged fraud, The Pill Club allegedly billed the state for face-to-face counseling sessions that did not occur. The other alleged fraud involved shipping customers a “bundle” of products that the customers did not request when filling prescriptions for emergency contraception. The AG specifically noted that the bundles frequently included a particular type of female condom, which The Pill Club billed to the state at 250% higher rates than the average retail price. Further, The Pill Club allegedly sent large quantities of the condoms, which resulted in reimbursements from the state in excess of $2,250 for a single shipment of them, and would continue to ship them to customers, and bill the state, after customers asked that The Pill Club stop shipping them. The Pill Club did not admit liability in entering the settlement. Copies of the AG’s press release and the settlement agreement are available here.

The New York AG Enters $400,000 Settlement With a Home Health Care Payment Processor Over an Allegedly Unlawful Noncompete Agreement

The New York AG entered a settlement with Affordable Senior Care of New York LLC (Affordable) and its owner, Laszlo Friedman, to resolve allegations that Affordable entered an unlawful agreement to not poach customers from its competitor, Marks Homecare Agency (Marks). (The AG previously entered a $550,000 settlement with Marks relating to the agreement.) Affordable acts as a payment processor for services provided by friends or family of individuals receiving long-term care through New York’s Consumer Directed Personal Assistance Program. According to the AG, Affordable entered an agreement with Marks to not accept patients seeking to transfer from each other’s companies and, in fact, did reject patients who sought to transfer. The AG alleged that the agreement violated the Donnelly Act, which is New York’s antitrust statute. Affordable did not admit any of the AG’s allegations in entering the settlement. In addition to the monetary penalty, Affordable agreed to not enter anticompetitive agreements, to provide antitrust compliance training to its leadership and to provide annual reports to the AG regarding its compliance with the settlement for five years. Copies of the AG’s press release and the settlement agreement are available here.

The New York AG Seeks to Permanently Enjoin CoinEx Cryptocurrency Exchange From Operating in New York State

The New York AG brought suit against Hong Kong–based cryptocurrency exchange CoinEx under New York Executive Law § 63(12), which empowers the AG to bring a special proceeding to enjoin fraudulent or illegal activity. The suit alleges that CoinEx violated New York’s Martin Law by failing to register as either a commodities dealer-broker or a security dealer or broker. Further, the AG alleges that CoinEx violated the “exchange provision” of the Martin Act by using a derivative of the word “exchange” in its name without appropriate registration. Additionally, CoinEx did not appear in response to the AG’s investigatory subpoena; and the AG alleges that this failure constitutes “prima facie proof” of fraudulent practices under New York’s General Business Law.

The CoinEx platform enables the purchase and sale of cryptocurrencies, including four tokens — AMP, LBC, LUNA and $RLY — that the AG alleges are both commodities and securities under New York law. While it is generally accepted that virtual currencies are commodities, the AG argues that the tokens are also securities because their purchase constitutes an “investment contract” under New York precedents. According to the AG, because a portion of each token pool is reserved for the token’s founders or management, and token holders are encouraged to “stake” their coins, the tokens tie “the fortunes of the token holder to the fortunes of management” and investment in the tokens is a “common enterprise” under New York precedents.

New York detectives purchased each of the four tokens through CoinEx from within New York State using a New York-based IP address. Under the AG’s analysis, CoinEx was therefore transacting in commodities and securities under New York law and was required to have registered as a commodities broker-dealer and as a securities dealer or broker.

Copies of the AG’s press release and brief are available here.

The North Carolina AG Settles False Claims Act Against a Medical Device Manufacturer

The North Carolina AG entered a $500,000 settlement with Joint Active Systems, Inc. (JAS) to resolve allegations — which JAS denies — that the company submitted false claims to the state’s Medicaid program in violation of North Carolina’s False Claims Act. Specifically, the AG alleged that JAS improperly caused its JAS EZ devices to be claimed as custom-fabricated orthotics and paid local orthotic and prosthetic providers to make allegedly improper claims to Medicaid on JAS’s behalf. The investigation and prosecution of the case was done in conjunction with the U.S. Attorney’s Office for the Eastern District of North Carolina. A copy of the AG’s press release is available here.

Massachusetts AG Enters a $6.5 Million Settlement With Home Security Monitoring Service Companies Relating to Auto-renewal and Debt Collection Practices

The Massachusetts AG reached a $6.5 million settlement in a case filed in 2019 against Safe Home Security and its affiliates (Safe Home), alleging unfair and deceptive acts and practices in violation of the Massachusetts Consumer Protection Act and aggressive debt collection practices in violation of the AG’s Debt Collection Regulations. Safe Home, which provides subscription-based home security monitoring services, agreed to pay $1.8 million to the commonwealth over three-and-a-half years, and to waive approximately $4.7 million of claimed consumer debt.

The AG alleged that Safe Home denied consumers the ability to cancel their contracts and billed customers who were not receiving services. Consumers who refused to pay contested bills were allegedly subjected to substantial late fees and compound interest amounting to a rate of over 18% per year. The AG also alleged that Safe Home engaged in aggressive debt collection practices including contacting debtors more frequently than Massachusetts regulations permit and discussing debt with persons other than the debtor. The consent decree permanently enjoins Safe Home from engaging in the illegal alleged practices. It also imposes a range of mandatory changes to Safe Home’s business practices, including specific revisions to consumer contracts and requiring detailed procedures for responding to consumer complaints and processing cancellations.

Copies of the AG’s press release and consent decree are available here.

Massachusetts AG Enters $7.6 Million in Settlement With Toyota Motor Credit Corporation Relating to Loan Collection Practices

The Massachusetts AG entered a $7.6 million settlement with Toyota Motor Credit Corporation (Toyota) to resolve allegations that the company engaged in unlawful auto loan collection practices. The settlement includes approximately $5.5 million in debt relief for borrowers. The AG alleged that the company did not “give certain consumers sufficient information about the calculation methods for deficiencies left on their auto loans after their cars were repossessed.” Specifically, the AG alleged that the company did not use vehicles’ fair market values in calculating remaining balances due. Further, the AG alleged that the company “made excessive collection calls to certain consumers in violation of the AG’s Debt Collection Regulations.” Toyota did not admit any wrongdoing in entering the settlement. Copies of the AG’s press release and the assurance of discontinuance are available here.

The Pennsylvania and Ohio AGs Enter $400,000 Settlement With DNA Diagnostics Center Related to Data Breach

The Pennsylvania and Ohio AGs entered a $400,000 settlement with DNA Diagnostics Center (DNA Diagnostics) relating to a data breach of allegedly thousands of customers’ Social Security numbers. The affected customers used DNA Diagnostics’ services between 2004 and 2012. According to the AGs, the company was notified of suspicious activity in its network several times over a two-month period, but did not activate an incident response plan until several months later when a “data security provider informed the company that there were indications of dangerous malware on the company’s network.” According to the AGs, the company “failed to properly employ reasonable data security measures in protecting consumers’ sensitive personal information in violation of Pennsylvania’s Unfair Trade Practices and Consumer Protection Law.”

In addition to the monetary penalty, which will be split equally between Ohio and Pennsylvania, the settlement requires the company to maintain reasonable security policies “to protect consumer personal information including:

1. Designating an employee to coordinate and supervise its information security program;
2. Conducting security risk assessments of its networks that store personal information annually;
3. Maintaining an updated asset inventory of the entire network and disabling and/or removing any assets identified that are not necessary for any legitimate business purpose;
4. Designing and implementing reasonable security measures for the protection and storing of personal information, including timely software updates, penetration-testing of its networks, and implementation of reasonable access controls such as multi-factor authentication; and
5. Detecting and responding to suspicious network activity within its network within reasonable means.”

Further, one year after entering the settlement, the company must undergo an assessment of its cybersecurity by a third-party expert and provide a copy of that expert’s report to the AGs, if the AGs request it. Copies of the Pennsylvania AG’s press release and assurance of voluntary compliance are available here, and the Ohio AG’s press release and assurance of voluntary compliance are available here.