CLAY, Circuit Judge.
Plaintiff Vicki Sheldon ("Relator," in this qui tam action) appeals from the district
For the reasons set forth below, we
On April 29, 2014, Relator brought a qui tam action under the False Claims Act, 31 U.S.C. § 3730(b), against KHN in federal court, alleging KHN falsely certified its compliance with certain provisions of the HITECH Act.
Enacted in 2009, the HITECH Act was designed to encourage the adoption of sophisticated electronic health record ("EHR") technology by health care providers. See, e.g., Vadim Schick, After HITECH: HIPAA Revisions Mandate Stronger Privacy and Security Safeguards, 37 J.C. & U.L. 403, 404 (2011). To that end, the Act creates incentive payments for eligible health care providers ("providers")—i.e. individual hospitals and health care professionals—that demonstrate "meaningful use" of certified EHR technology. 42 C.F.R. § 495.2; see also 42 U.S.C. §§ 1395w-4(o), 1395ww(n) (establishing diminishing schedule for incentive payments to encourage early adoption by eligible professionals and hospitals). Incentive payments are calculated using a formula that takes account of each individual provider's volume of patients. See, e.g., 42 C.F.R. §§ 495.102(a)(1) (eligible professionals), 495.104(c)(2) (hospitals).
As a condition to receipt of incentive payments, the Act requires providers to meet roughly two-dozen meaningful-use objectives and accompanying measures of compliance. 42 C.F.R. § 495.20; 42 U.S.C. §§ 1395w-4(o), 1395ww(n). Objectives and measures were released in two stages; Stage 2, which went into effect on September 4, 2012, added additional objectives and measures to the requirements for compliance with the Act. See Electronic Health Record Incentive Program—Stage 2, 77 Fed.Reg. 53,968 (Sept. 4, 2012); 42 C.F.R. §§ 495.20(h)-(m). After Congress passed the Act, the Centers for Medicare and Medicaid Services ("CMS"), an agency of the Department of Health and Human Services, promulgated specific standards for meeting these objectives. See, e.g., Medicare and Medicaid Programs; Electronic Health Record Incentive Program, 75 Fed.Reg. 44314-01 (July 28, 2010).
The meaningful-use objective relevant here (hereinafter "the objective" or "security and privacy objective") requires providers to "[p]rotect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities." 42 C.F.R. §§ 495.20(d)(15)(i), (f)(14)(i), (j)(16)(i), (l)(15)(i) (establishing the same security and privacy objective for different types of providers over different Stages of Act implementation). To
Both Stage 1 and Stage 2 measures for the security and privacy objective require providers to comply with 45 C.F.R. § 164.308(a)(1), which contains security and privacy standards established under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Subsection (a)(1) requires health care providers to "[i]mplement policies and procedures to prevent, detect, contain, and correct security violations." Specifically, the subsection requires providers to:
Id. at (a)(1)(ii).
Stage 2 measures for the objective require providers to comply with two additional HIPAA regulations—45 C.F.R. §§ 164.312(a)(2)(iv) and 164.306(d)(3)—that also contain security standards. 42 C.F.R. §§ 495.6(j)(16)(ii), (l)(15)(ii). The first standard, § 164.312(a)(2)(iv), requires providers to "[i]mplement a mechanism to encrypt and decrypt electronic protected health information." The second standard, § 164.306(d)(3), requires providers to implement such a mechanism if "reasonable and appropriate," and if not, to document why and implement "an equivalent alternative measure."
According to Relator's first amended complaint, Defendant KHN is a network of hospitals, medical facilities, and physicians that provide medical services. "[D]uring the past several years," the complaint asserts, KHN certified to the United States that it implemented a system of protecting electronic protected health information ("e-PHI") in accordance with HITECH Act requirements, and it received meaningful-use payments as a result. (R. 4 at ¶ 5.) KHN would submit this certification to the government by "checking `Yes' to the question `Did you conduct or review a security risk analysis per 45 CFR 164.308(a)(1) and implement security updates
Relator alleges, however, that KHN's attestations of compliance under the Act were false. This allegation stems from two letters she received from KHN informing her that its employees had impermissibly accessed her e-PHI. These letters, which were attached to Relator's original complaint, state that based on its own internal investigation, KHN discovered Relator's e-PHI had been accessed on several occasions by Relator's (now former) husband, Duane Sheldon, and others.
After Relator learned her e-PHI had been impermissibly accessed, she requested (through counsel) that KHN provide her with specific e-PHI access reports generated by a software system called "EPIC." Relator asserts that KHN bought and implemented the EPIC software system sometime before her e-PHI was breached. The complaint states that when properly utilized, the EPIC system helps KHN to "maintain[ ] electronic health information," and allows approved persons to access medical information while protecting such information from unapproved access. (R. 4 at ¶ 7.) With EPIC, health care providers can run a comprehensive series of reports, known as "CLARITY" reports, which help providers monitor improper access to e-PHI. Relator, who apparently has some personal familiarity with the EPIC software, lists several of these reports by name in her complaint and asserts that EPIC's training materials suggest providers run such reports on a regular basis to safeguard against unauthorized access to e-PHI.
Relator states that when she asked for specific CLARITY reports by name, KHN refused to provide them. Instead, KHN provided her with a series of "homegrown" reports that contained inconsistent information regarding the users who had impermissibly accessed Relator's e-PHI. At some point, Relator discovered that her daughter and grandson's e-PHI had also been inappropriately accessed, and that their medical billing information had been manipulated. Finally, Relator alleges that an employee who reported to Duane Sheldon routinely ran an "expired medication report" containing the e-PHI of Relator and numerous other patients. According to Relator, there was no reason for this employee to run that report, and the report sat on an unmonitored printer for hours.
On June 4, 2014, while her federal complaint was still under seal pending possible government intervention, Relator filed a second suit against KHN in the Court of Common Pleas for Montgomery County, Ohio. In this suit, Relator was joined by her daughter Haley Dercola and grandson Tucker Dercola as plaintiffs, and together they alleged state torts arising from the same breach of Relator's and co-plaintiffs' electronic health records. They also alleged violations of the Fair Credit Reporting Act, 15 U.S.C. § 1681, et seq., and the Fair Debt Collection Practices Act, 15 U.S.C. § 1692, et seq., stemming from KHN's alleged mishandling of bills accumulated during Haley Dercola's hospitalization while giving birth to Tucker.
On August 29, 2014, the United States filed a notice of election to decline intervention in Relator's qui tam action in federal court. That same day, the district court ordered the complaint be unsealed.
On October 21, 2014, the Montgomery County Court of Common Pleas dismissed Relator's state action in its entirety for "failure to state a claim upon which relief can be granted." Sheldon v. Kettering Adventist HealthCare, 2014 CV 03304, at *3, 2014 WL 10585679, at *2 (Montgomery Cty.Ct.Com.Pl.2014). The court based its dismissal on the fact that (1) "Every allegation related to Plaintiff's tort claims in the `facts' section of the complaint revolves around KHN's alleged failure to run certain `Clarity reports,' which Plaintiffs alleged were required of KHN under HIPAA;" and (2) "HIPAA does not allow private causes of action, according to Ohio law." Id. Plaintiffs appealed that decision to the Court of Appeals of Ohio.
On November 12, 2014, KHN filed a motion to dismiss in the federal case arguing: (1) Relator had failed to state a claim under the heightened pleading standards applicable to FCA claims, and (2) the Ohio state court's dismissal of Relator's state case was res judicata, and Relator's federal claim was therefore precluded. On December 12, 2014, Relator filed a motion to amend her complaint, attaching a proposed amended complaint that Relator argued "cures any perceived defects in insufficient particularity." (R. 14, Pg ID # 326.)
Relator's proposed second amended complaint alleged that KHN's breaches affected not only Realtor and her family members, but also dozens of other people whose e-PHI was mistakenly shared with Relator. The proposed complaint further stated that to obtain meaningful-use money from the federal government, KHN certified its compliance with the HITECH Act on a yearly basis, and that such certification was required in 2011, 2012, and 2013. Finally, the proposed complaint listed four KHN employees that Relator claimed "participated" in KHN's false certification of HITECH Act compliance.
On January 6, 2015, the district court issued an order denying Relator's motion to amend and granting KHN's motion to dismiss under Rule 12(b)(6). The district court held that Relator failed to plead her claims with sufficient particularity because she had not alleged a specific false claim by KHN, and because she failed to plausibly plead that KHN did not meet the HITECH Act's standards. The court further held that because Relator's proposed amended complaint failed to cure these deficiencies, granting her leave to amend would be futile. Finally, as an alternative basis for its decision, the district court noted that the factual allegations in Relator's
On August 14, 2015, the Court of Appeals of Ohio rendered its decision on Relator's state action. Sheldon v. Kettering Health Network, 40 N.E.3d 661 (Ohio Ct. App.2015). The court affirmed the dismissal of Relator's state case and reiterated that her claims "stemmed from KHN's alleged failure to protect the privacy of the plaintiffs' electronic medical information and the improper accessing and disclosure of that information by KHN administrator Duane Sheldon, the former spouse of Vicki Sheldon." Id. at 664. On September 25, 2015, Relator appealed that decision to the Ohio Supreme Court. That appeal is currently pending.
We review de novo a district court's dismissal of a suit pursuant to Rule 12(b)(6). Riverview Health Inst. LLC v. Med. Mut. of Ohio, 601 F.3d 505, 512 (6th Cir.2010). A district court's order denying a Rule 15(a) motion to amend is typically reviewed for abuse of discretion. Rose v. Hartford Underwriters Ins. Co., 203 F.3d 417, 420 (6th Cir.2000). However, where the district court denies leave to amend because the complaint as amended would not withstand a motion to dismiss under Rule 12(b)(6), that denial is reviewed de novo. Seaton v. TripAdvisor LLC, 728 F.3d 592, 596 (6th Cir.2013) (discussing standard for denial of leave to amend for "futility"). Likewise, we review de novo a district court's application of the doctrine of res judicata. Bragg v. Flint Bd. of Educ., 570 F.3d 775, 776 (6th Cir.2009).
The False Claims Act imposes liability on any person who "knowingly makes, uses, or causes to be made or used, a false record or statement material to a false or fraudulent claim." 31 U.S.C. § 3729(a)(1)(B); see also id. at § 3730(b) ("A person may bring a civil action for a violation of section 3729"). As with all claims, plaintiffs alleging violations of the FCA must plead sufficient facts that, when taken as true, "state a claim to relief that is plausible on its face." Ashcroft v. Iqbal, 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (internal quotation marks omitted). "The district court must construe the complaint in a light most favorable to the plaintiff, accept all of the factual allegations as true, and determine whether the plaintiff undoubtedly can prove no set of facts in support of his claims that would entitle him to relief." Columbia Nat. Res., Inc. v. Tatum, 58 F.3d 1101, 1109 (6th Cir.1995).
In addition, "[c]omplaints alleging FCA violations must comply with Rule 9(b)'s requirement that fraud be pled with particularity." Chesbrough v. VPA, P.C., 655 F.3d 461, 466 (6th Cir.2011). Under Rule 9(b), a party alleging fraud or mistake "must state with particularity the circumstances constituting fraud or mistake." Fed.R.Civ.P. 9(b); see also U.S. ex rel. SNAPP, Inc. v. Ford Motor Co., 532 F.3d 496, 505 (6th Cir.2008) ("SNAPP I") (noting the "knowledge" element of FCA claims "does not need to be pled with particularity"). Specifically, a plaintiff must "allege the time, place, and content of the alleged misrepresentation . . . the fraudulent scheme; the fraudulent intent of the defendants; and the injury resulting from the fraud." U.S. ex rel. Bledsoe v. Cmty. Health Sys., Inc., 342 F.3d 634, 643
Importantly, Rule 9 should not be read to "reintroduce formalities to pleading." U.S. ex rel. Bledsoe v. Cmty. Health Sys., Inc., 501 F.3d 493, 503 (6th Cir.2007) ("Bledsoe II"); see also SNAPP I, 532 F.3d at 503-04 (noting Rule 9's heightened pleading standards "should not be read to defeat the general policy of `simplicity and flexibility' in pleadings contemplated by the Federal Rules"). A complaint sufficiently pleads the time, place, and content of the alleged misrepresentation so long as it "ensure[s] that [the] defendant possesses sufficient information to respond to an allegation of fraud;" providing the defendant with sufficient information to respond is Rule 9's "overarching purpose." SNAPP I, 532 F.3d at 504.
To state a claim under the FCA, the plaintiff must sufficiently plead:
U.S. ex rel. SNAPP, Inc. v. Ford Motor Co., 618 F.3d 505, 509 (6th Cir.2010) ("SNAPP II").
The FCA requires relators to establish "that the defendant [made] a false statement or create[d] a false record." SNAPP II, 618 F.3d at 509. We have held that "[w]hen a claim [for payment] expressly states that it complies with a particular statute, regulation, or contractual term that is a prerequisite for payment, failure to actually comply" satisfies this element. See Chesbrough, 655 F.3d at 467 (citing Mikes v. Straus, 274 F.3d 687, 697-99 (2d Cir.2001)). This theory of liability under the FCA is referred to as "false certification." Id.
As noted above, a relator's pleadings of false certification must "contain[ ] `enough facts to state a claim to relief that is plausible on its face.'" Id. (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570,
In this case, Relator alleges that KHN falsely certified its compliance with the HITECH Act's requirements, and that KHN received meaningful-use incentive payments as a result. This allegation is premised on two conclusions drawn from the facts outlined in her complaint: first, that the individual breaches alleged in the complaint either constitute violations of the Act in themselves or suggest KHN failed to implement security policies and procedures; and second, that KHN's failure to run CLARITY reports on a regular basis constituted a breach of its duties under the Act. Because these conclusions are either facially implausible or based on incorrect conclusions of law, we affirm the district court's dismissal of Relator's suit pursuant to Rule 12(b)(6).
Relator's complaint alleges KHN's individual breaches, by themselves, constituted violations of the Act. Specifically, Relator argues: (1) KHN's letters alerting Relator to breaches of her e-PHI contained or constituted an admission that KHN violated the HITECH Act; and (2) the impermissible running of the "expired medication report" constituted, in itself, a breach of KHN's duties under the HITECH Act. Relator also argues that when taken together, these individual breaches suggest an absence of necessary policies or procedures.
To begin, Relator's claim that KHN's individual breaches each constituted a violation of the HITECH Act is an incorrect conclusion of law. The Act's implementing regulations require providers to "[c]onduct or review a security risk analysis," "implement security updates as necessary," and "correct identified security deficiencies." See, e.g., 42 C.F.R. §§ 495.6(d)(15)(ii), (f)(14)(ii). This language indicates that compliance is premised on the process of analyzing and reviewing security policies and procedures; attestation of compliance is not rendered false by virtue of individual breaches. See id. Indeed, materials distributed by CMS discussing compliance with the objective state that providers need not "fully mitigate all risks" of e-PHI breaches before attesting to Act compliance. See CMS, Security Risk Analysis Tipsheet: Protecting Patients' Health Information 5 (Revised Dec. 2013), https://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Downloads/SecurityRiskAssessment_FactSheet_Updated20131122.pdf.
Similarly, 45 C.F.R. § 164.308(a)(1) requires health care providers to "[i]mplement policies and procedures to prevent, detect, contain, and correct security violations." The more detailed regulations contained in subsection (a)(1)(ii) likewise indicate that individual breaches do not negate compliance: those regulations state that risks should be reduced to a "reasonable and appropriate level," and that providers should "[a]pply appropriate sanctions against" employees who violate security policies. Id. This language plainly contemplates occasional breaches of e-PHI. Thus, as KHN aptly states, "[t]he regulations. . . do not impose a strict liability standard that requires hospitals to prevent all privacy breaches." (Def.'s Br. at 11.)
For these reasons, KHN's admissions that Relator's e-PHI was improperly accessed could not, by themselves, render "false" any of KHN's attestations of Act compliance. The same holds true for the impermissible running of the "expired medication report." See CBER, 648 F.3d at 369 ("[T]he general rule that the court must accept as true all allegations in the complaint `is inapplicable to legal conclusions.'" (quoting Twombly, 550 U.S. at 570, 127 S.Ct. 1955)).
Relator's complaint also states that these individual breaches, taken together, indicate a lack of policies and procedures. Her proposed amended complaint adds no new facts to support this claim. Assuming occasional breaches of e-PHI can support a reasonable inference that security policies and procedures do not exist, Relator's allegations fail to support such an inference. See id. ("A claim is plausible on its face if the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged." (emphasis added) (internal quotation marks omitted)).
Relator's own allegations, which we must accept as true, indicate that KHN did have policies and procedures in place. Those allegations assert that "[KHN] revealed that there had been a breach of Relator Vicki Sheldon's private electronic health records" in the two letters she attached to her complaint. (R. 4 at ¶ 16.) Notably, these letters state that the breaches of Relator's e-PHI were "inappropriate/unauthorized and in violation of [KHN] policy and procedure," that KHN conducted an investigation, and that it would be notifying HHS of the breach. (R. 1-1, Pg ID # 10, 12.) Even assuming, however, that these statements are not true, that Relator even received such letters indicates that KHN has some procedure in place for detecting unauthorized access to e-PHI, as well as a policy of investigating such unauthorized access and notifying patients whose information was breached.
For these reasons, we agree with the district court's conclusion that Relator's allegations that KHN lacked the requisite policies and procedures are not facially plausible. U.S. ex rel. Sheldon v. Kettering Health Network, No. 1:14-CV-345, 2015 WL 74950, at *5-6 (S.D.Ohio Jan. 6, 2015).
In support of her claim that KHN falsely attested to HITECH Act compliance, Relator relies on the following chain of inference: first, KHN's failure/refusal to provide Relator with CLARITY reports when asked indicated that it had not run them; second, KHN's failure to run CLARITY reports indicated that it "had failed to follow the usual steps and standards in the industry to protect medical information" (R. 4 at ¶ 16); and third, failing to follow industry standards by running CLARITY reports on a regular basis constituted a breach of KHN's duties under the HITECH Act. Relator's proposed amended complaint does nothing to bolster this chain of inference or the facts supporting it; the amended complaint merely adds the conclusory allegation that "failure to use and run [CLARITY] reports and review them for violations indicates that a provider has failed to implement policies and procedures for protecting patient private health information." (R. 14-1 at ¶ 10.)
Even assuming the cogency of the first two links in Relator's inferential chain, the final link is an incorrect conclusion of law. As we stated above, HITECH Act compliance is premised on the process of conducting security risk analyses and correcting any security deficiencies located thereby, see 42 C.F.R. §§ 495.6(d)(15)(ii), (f)(14)(ii), as well as implementing appropriate policies and procedures. 45 C.F.R. § 164.308(a)(1). Neither the Act nor the HIPAA regulations to which it refers require that providers adhere to a particular schedule for running reports, or to purchase and use a particular brand of EHR software. See id. In sum, we agree with the district court's conclusion that "[t]he HITECH Act requires hospitals to implement a system to protect e-PHI; it does not require covered entities to use a particular e-PHI product or vendor or to run a specific type of monitoring report." U.S. ex rel. Sheldon v. Kettering Health Network, No. 1:14-CV-345, 2015 WL 74950, at *4 (S.D.Ohio Jan. 6, 2015).
Because Relator's claim that KHN's attestation of HITECH Act compliance was false is based either on implausible inferences or incorrect conclusions of law, we conclude that Relator failed to adequately plead the "false statement" element of her FCA claim. See SNAPP II, 618 F.3d at 509.
The FCA requires relators to establish "that the defendant . . . submitted a claim for payment to the federal government." SNAPP II, 618 F.3d at 509. In this Circuit, there is "[a] clear and unequivocal requirement that a relator allege specific false claims" when pleading a violation of the FCA. Bledsoe II, 501 F.3d at 504. This requirement derives from the fact that "the [FCA] statute attaches liability, not to the underlying fraudulent activity or to the government's wrongful payment, but to the `claim for payment.'" Sanderson v. HCA-The Healthcare Co., 447 F.3d 873, 877-78 (6th Cir.2006) (quoting United States v. Rivera, 55 F.3d 703, 709 (1st Cir.1995)); see also U.S. ex rel. Clausen v. Lab. Corp. of Am., 290 F.3d 1301, 1311 (11th Cir.2002) ("The submission of a claim is thus not . . . a `ministerial
In SNAPP I, for example, the relator alleged that the defendant received, between 1991 and 2001, an undetermined number of government contracts based on fraudulent misrepresentations made in reports filed annually with the federal government. 532 F.3d at 506. The relator also alleged the approximate value of those contracts. Id. Despite pleading these details with specificity, id., we affirmed dismissal of the relator's complaint because the relator had "not complied with Bledsoe II's mandate that `[i]n order for a relator to proceed to discovery on a fraudulent scheme,' it must plead with specificity `characteristic example[s]' that are `illustrative of [the] class' of all claims covered by the fraudulent scheme." Id. (quoting Bledsoe II, 501 F.3d at 510-11); see also Sanderson, 447 F.3d at 877 ("Rule 9(b) `does not permit a False Claims Act plaintiff merely to describe a private scheme in detail but then to allege simply . . . that claims requesting illegal payments must have been submitted, were likely submitted or should have been submitted to the Government.'").
This case is on all fours with SNAPP I. At its most specific, Relator's complaint alleges that KHN "falsely certified to the United States Government that it had complied with the HITECH Act to collect `Meaningful Use' monies" (R. 4 at ¶ 25) in an amount "believed to exceed $75,000,000.00." (Id. at ¶ 27.) Nowhere, however, does the complaint allege a specific false claim for payment. Although Relator asserts KHN received government money "as a result" of false certification, this equates to an allegation that claims "must have been submitted" at some point—allegations explicitly held insufficient in Sanderson, 447 F.3d at 877. Thus, the district court was correct in dismissing Relator's complaint for, inter alia, failing to "identify with specificity examples that are illustrative of the class of all claims covered by the fraudulent scheme." U.S. ex rel. Sheldon v. Kettering Health Network, No. 1:14-CV-345, 2015 WL 74950, at *6 (S.D.Ohio 2015).
The additional facts in Relator's proposed amended complaint likewise fail to meet the FCA's heightened pleading standards. The additional facts relevant here allege that KHN falsely attested to its compliance with the HITECH Act on an annual basis, and that certification was "required . . . in 2011, 2012, and 2013." (R. 14-1 at ¶ 23, Pg ID # 332.) Even with these additional facts, however, Relator's pleadings are insufficient under this Court's holding in SNAPP I because she fails to allege a characteristic example of a false claim for payment. The Act's implementing regulations establish that attestation is provider-specific: incentive payments are calculated, in part, using the volume of patients that a particular hospital or professional treated during the reporting year. See 42 C.F.R. §§ 495.102(a)(1) (eligible professionals), 495.104(c)(2) (hospitals). CMS materials likewise suggest that meeting the security and privacy objective requires review of the "physical safeguards" and security protocols at each individual provider's "facility and other places where patient data is accessed." See CMS, Security Risk Analysis
Relator's proposed amended complaint states that KHN is "a network of hospitals, medical facilities and physicians" (R. 14-1 at ¶ 4), and that KHN "serves as the records custodian for many doctors and physicians" (id. at ¶ 25), but it fails to name a single hospital or professional in KHN's network for whom attestation was rendered "false" by virtue of KHN's allegedly deficient security protocols. Relator's allegations might create an inference that security flaws affected all providers in KHN's network.
Relator argues on appeal that she has sufficient "first-hand knowledge" of KHN's false claims to satisfy Rule 9(b)'s heightened pleading standards. (Pl.'s Reply Br. at 13-16.) This argument is similar to one made by the relators in Chesbrough, 655 F.3d at 471. In that case, the relators cited footnote 12 in Bledsoe II, 501 F.3d at 504, for the proposition that:
Id. In holding that a "relaxed" standard—to the extent it even exists in this Circuit—was not applicable in that case, we observed that cases applying a relaxed standard involved relators with "personal knowledge" that was based either on working in the defendants' billing departments, or on discussions with employees directly responsible for submitting claims to the government. Id. at 471-72 (distinguishing Hill v. Morehouse Med. Assocs., Inc., 2003 WL 22019936 (11th Cir. August 15, 2003) (unpublished); United States v. R & F Prop. of Lake Cty., Inc., 433 F.3d 1349 (11th Cir.2005); U.S. ex rel. Lane v. Murfreesboro Dermatology Clinic, PLC, 2010 WL 1926131 (E.D.Tenn. May 12, 2010)); see also U.S. ex rel. Marlar v. BWXT Y-12, L.L.C., 525 F.3d 439, 446 (6th Cir.2008)
As in Chesbrough, we need not decide whether a relaxed standard exists in this Circuit because Relator lacks the "personal knowledge" necessary to qualify. Although Relator has some personal knowledge regarding the nature of the alleged fraudulent certification—specifically, knowledge of EPIC software and KHN's alleged failure to use that software effectively—such knowledge is not relevant to specific claims analysis. Relator does not claim that she worked in KHN's security or billing departments, or that she ever spoke with those directly responsible for HITECH Act certification. And although her relationship with a KHN employee likely provided her with additional insight into KHN's policies and procedures, Relator never alleges that this relationship gave her the sort of "personal knowledge" found in cases applying a relaxed standard. See Chesbrough, 655 F.3d at 471-72. Thus, Relator lacks the personal knowledge necessary to "support a strong inference—rather than simply a possibility—that a false claim was presented to the government." Id. at 472.
For these reasons, Relator's complaint and proposed amended complaint fail to satisfy the "clear and unequivocal requirement that a relator allege specific false claims" when pleading a violation of the FCA. Bledsoe II, 501 F.3d at 504. This deficiency, combined with Relator's failure to adequately plead a false claim, leads us to conclude that neither of Relator's complaints "contain[s] sufficient factual matter, accepted as true, to `state a claim to relief that is plausible on its face.'" Iqbal, 556 U.S. at 678, 129 S.Ct. 1937 (quoting Twombly, 550 U.S. at 570, 127 S.Ct. 1955); see also In re Omnicare, Inc. Sec. Litig., 769 F.3d 455, 469 (6th Cir.2014) (noting Twombly's plausibility requirement applies "to each element of the cause of action").
Although we ultimately agree with the district court's determination that Relator's complaint fails to state a claim, we note that even had we felt differently, Relator's claims would likely be barred under the doctrine of res judicata. Thus, like the district court below, we conclude that res judicata provides an alternative basis for dismissing Relator's complaint.
Under the doctrine of res judicata, "a final judgment on the merits bars further claims by parties or their privies based on the same cause of action." Montana v. United States, 440 U.S. 147, 153, 99 S.Ct. 970, 59 L.Ed.2d 210 (1979) (citations omitted). When evaluating whether a state-court judgment bars further claims in a federal forum, "[f]ederal courts must give the same preclusive effect to a state-court judgment as that judgment receives in the rendering state." Abbott v. Michigan, 474 F.3d 324, 330 (6th Cir.2007) (citing 28 U.S.C. § 1738). Thus, because KHN argues that the Ohio state court's decision precludes Relator's federal action, we analyze the preclusive effect of that decision under Ohio law.
In Grava v. Parkman Township, 73 Ohio St.3d 379, 653 N.E.2d 226, 229 (1995), the Ohio Supreme Court held that "[a] valid, final judgment rendered upon the merits bars all subsequent actions based upon any claim arising out of the transaction or occurrence that was the subject matter of the previous action." The court explained:
Id. (alteration in original) (quoting Restatement (Second) of Judgments § 24(1) (Am. Law Inst.1982)).
In Hapgood v. City of Warren, 127 F.3d 490 (6th Cir.1997), we distilled Grava's holding into a four-element test for establishing res judicata under Ohio law. There must be:
Id. at 493; see also Ohio ex rel. Boggs v. City of Cleveland, 655 F.3d 516, 520 (6th Cir.2011) ("The party asserting the defense bears the burden of proof."). These elements are addressed in turn.
Under Ohio law, "a dismissal grounded on a complaint's failure to state a claim upon which relief can be granted constitutes . . . an adjudication on the merits. As a result, res judicata bars refiling the claim." State ex rel. Arcadia Acres v. Ohio Dep't of Job & Family Servs., 123 Ohio St.3d 54, 914 N.E.2d 170, 174 (2009) (internal quotation marks omitted) (citing Ohio Civ. R. 41(B)). Here, the Montgomery County Court of Common Pleas dismissed Relator's state action in its entirety for "failure to state a claim upon which relief can be granted." Sheldon v. Kettering Adventist HealthCare, 2014 CV 03304, at *3, 2014 WL 10585679, at *2 (Montgomery Cty.Ct.Com.Pl.2014).
Relator argues that this decision was not "final" because her state case involves "new law that is still under review by an appellate Court, and, most probably, is on its way to the Ohio Supreme Court however decided." (Pl.'s Reply Br. at 10.) We addressed a similar argument in Hapgood. See 127 F.3d at 494 n. 3. In Hapgood, a federal district court granted the defendant summary judgment on the ground of res judicata while the plaintiff's case in Ohio state court was on appeal. Id. Nonetheless, we concluded that "[t]he pendency of an appeal . . . does not prohibit application of claim preclusion. The prior state court judgment remains `final' for preclusion purposes, unless or until overturned by the appellate court." Id. (citing Cully v. Lutheran Med. Ctr., 37 Ohio App.3d 64, 523 N.E.2d 531, 532 (1987)).
As with Hapgood, the fact that Relator's state claims were on appeal when the federal district court entered its judgment does not affect the analysis under res judicata. Thus, the "final decision on the merits" element is met in this case.
In Ohio, application of res judicata requires the parties to the first action be identical to, or privies with, those in the second (precluded) action. Johnson's Island, Inc. v. Danbury Twp. Bd. of Trs., 69 Ohio St.2d 241, 431 N.E.2d 672, 675 (1982). Ohio courts "have applied a broad definition to determine whether the relationship between the parties is close enough to invoke the doctrine" of res judicata. Kirkhart v. Keiper, 101 Ohio St.3d 377, 805 N.E.2d 1089, 1092 (2004). "Thus, a mutuality of interest, including an identity of desired result, may create privity." Id. (internal quotation marks omitted). In
Relator appears to argue that the parties in her federal and state cases are different because the state case "has two additional parties (Plaintiff Vicki Sheldon's daughter and her grandson). . . ." (See Pl.'s Br. at 12.) The relevant inquiry for this element, however, is whether the plaintiff and defendant in the precluded action were opposing parties in the first action; the presence of additional plaintiffs does not affect the analysis. See, e.g., Awad v. Chrysler Grp. LLC, No. 11-14082, 2013 WL 5816505, at *7 (E.D.Mich. Oct. 29, 2013) ("There can be no question that Chrysler was a defendant in both actions. That Chrysler is the only defendant in the subsequent federal court action does not alter the analysis."); Ray v. Citibank, N.A., No. 256322, 2005 WL 3179677, at *2 (Mich.Ct.App. Nov. 29, 2005) ("It is also undisputed that plaintiff and defendant were opposing parties in the federal action. Under federal law, it is immaterial for res judicata purposes that the prior action included additional parties."). Even if this were not the case, the "mutuality of interest, including an identity of desired result" between the parties in Relator's federal and state actions, would be sufficient to satisfy this element. Kirkhart, 805 N.E.2d at 1092.
Relator also argues that because res judicata applies only to "subsequent" actions, this element is not met because her federal case was the first action filed. This misstates the rule: the relevant inquiry for res judicata is which action resulted in judgment first, not which action was filed first. See, e.g., Lesher v. Lavrich, 784 F.2d 193, 195 (6th Cir.1986) ("[F]ederal courts must give prior state court judgments the same preclusive effect they would have in the courts of that state." (emphasis added)). Thus, because the Ohio state court issued its final judgment first, despite being the second action filed, Relator's federal case is the "second" or "subsequent" action for res judicata purposes.
For these reasons, the second element of res judicata is met in this case.
To apply res judicata in Ohio, it must be true that the claims in the precluded action "could have been litigated in the first action." Hapgood, 127 F.3d at 493. As the "could have" phrasing implies, this element concerns only the legal possibility of bringing the disputed claims in the previous action. See Hapgood, 127 F.3d at 494; see also Boggs, 655 F.3d at 522-23 (holding res judicata not applicable where disputed claims were not ripe when previous action commenced); Demsey v. Demsey, 488 Fed. Appx. 1, 5-6 (6th Cir.2012) (emphasizing that the disputed claims "could have been" raised in the previous action); Doe ex rel. Doe v. Jackson Local Sch. Dist., 422 Fed. Appx. 497, 501 (6th Cir.2011) (holding plaintiff could have litigated disputed claim in previous action where state's rules of civil procedure allowed such claims).
In this case, because the Ohio state court action was the first to reach a final adjudication on the merits, the question is whether Relator could have raised her FCA claim in that action. Below, the district court assumed that state courts have concurrent jurisdiction over FCA claims. See generally U.S. ex rel. Sheldon v. Kettering Health Network, No. 1:14-CV-345, 2015 WL 74950, at *6-7 (S.D.Ohio Jan. 6,
Relator argues that bringing her FCA and state tort claims in the same action would have been tactically inconvenient because "the entire case would presumably have been under seal and languished for months, without discovery. . . ." (Pl.'s Reply Br. at 7.) We addressed a similar argument in Wilkins v. Jakeway, 183 F.3d 528 (6th Cir.1999). In Wilkins, plaintiff's counsel argued that splitting FCA claims and other claims "allow[ed] counsel to immediately commence discovery on those claims which were not sealed." Id. at 535. Although we ultimately held res judicata was inapplicable, we also stated:
Id.
We agree with Wilkins' reasoning. Notwithstanding any inconvenience to Relator, the doctrine of res judicata commands attention to the burdens placed on defendants, courts, and the integrity of judgments by allowing similar claims with identical facts to be re-litigated in a second forum. See Restatement (Second) of Judgments § 24 cmt. d (Am. Law Inst. 1982) ("When a defendant is accused of successive but nearly simultaneous acts, or acts which though occurring over a period of time were substantially of the same sort and similarly motivated, fairness to the defendant as well as the public convenience may require that they be dealt with in the same action."); Wilkins, 183 F.3d at 532 n. 4 (summarily rejecting plaintiff's argument that "although both cases could have been litigated in the same action, it is questionable whether they should have been litigated in the same case").
For these reasons, the third element of res judicata is met in this case.
Ohio's res judicata doctrine precludes a second action based on the same "transaction, or series of connected transactions, out of which the [first] action arose." Grava, 653 N.E.2d at 229. Quoting the Restatement (Second) of Judgments, Grava held that the second action involves the same "transaction" if it concerns the same "common nucleus of operative facts." Id. (quoting Restatement (Second) of Judgments § 24 cmt. b (Am. Law Inst.1982)). Although not quoted in Grava, the full text of the paragraph in the Restatement using the "common nucleus of operative facts" language states:
Restatement (Second) of Judgments § 24 cmt. b (Am. Law Inst.1982).
Importantly, Grava held that this element does not require the claims in both actions to be identical:
653 N.E.2d at 229 (quoting Restatement (Second) of Judgments § 25 (Am. Law Inst.1982)); see also id. at 382, 653 N.E.2d at 229 ("That a number of different legal theories casting liability on an actor may apply to a given episode does not create multiple transactions and hence multiple claims. This remains true although the several legal theories . . . would emphasize different elements of the facts." (quoting Restatement (Second) of Judgments § 24 cmt. c)). In sum, satisfaction of this element under Ohio law does not require that both cases involve identical causes of action, proof of identical elements, or even the presentation of exactly the same evidence. See id. at 382-83, 653 N.E.2d at 229-30.
Yet, in this case, Relator's state and federal cases are nearly identical: the vast majority of the allegations in Relator's state complaint involve either KHN's failure to adequately utilize EPIC's CLARITY reports, or KHN's alleged violation of HIPAA based on Duane Sheldon's improper access to Relator's e-PHI. These allegations are mirrored in Relator's federal complaint. In other words, the allegations underlying Relator's state and federal claims are related "in time, space, origin, [and] motivation." Restatement (Second) of Judgments § 24 cmt. b (Am. Law Inst. 1982). Moreover, because both the state and federal claims are based on KHN's alleged failure to satisfy HIPAA standards, those claims would "form a convenient unit for trial purposes," as "the witnesses or proofs in the [federal] action would tend to overlap the witnesses or proofs relevant to the [state action]." Id.
For these reasons, we conclude that Relator's state and federal cases share a "common nucleus of operative facts," Grava, 653 N.E.2d at 229, and that all four elements of res judicata are therefore met in this case. Thus, res judicata provides an additional basis for our conclusion that the district court did not err by dismissing Relator's complaint and denying her leave to amend.
For the foregoing reasons, we