Links to South Africa have emerged in an expansive matter involving a global medical services provider alleged to have falsely represented contract requirements for work it did at US State Department and US Air Force facilities in Iraq.

The company at the centre of the allegations is Comprehensive Health Services LLC, which is based in Florida. Its website describes it as “one of the nation’s largest and most experienced providers of medical management solutions and humanitarian program support”.

Daily Maverick has established that Comprehensive Health Services, established in 1975, now falls under the umbrella of Acuity International, which was established in 2021.

Last Tuesday, 8 March 2022, the US Attorney’s Office for the Eastern District of New York announced that the company agreed to pay a $930,000 (about R14-million) settlement in the matter.

This was “to resolve allegations” it violated the False Claims Act “by falsely representing to the State Department and the Air Force” that it complied with contract requirements relating to services it provided to those departments’ facilities in Iraq and Afghanistan.

The settlement involved two actions brought under whistle-blower provisions of the US False Claims Act.

In last week’s statement, the US Attorney’s Office explained that Comprehensive Health Services was contracted to provide support services at its government-run facilities in Iraq and Afghanistan.

This required the company to provide medical supplies, which included controlled substances, approved by either the US Food and Drug Administration or European Medicines Agency and “manufactured in accordance with federal quality standards”.

‘Bypassing US controls via SA’

Links to South Africa emerged in this arena.

According to the US, between 2012 and 2019 Comprehensive Health Services “falsely represented to the State Department and Air Force that certain substances provided under those contracts were approved” by the Food and Drug Administration or European Medicines Agency.

The company allegedly did not have a Drug Enforcement Agency licence to export controlled substances from the US to Iraq.

It was alleged the company got hold of controlled substances “by having [company] physicians based in Florida send letters requesting that a South African physician prescribe the controlled substances”.

“A South African shipping company then received controlled substances that were not approved… and sent them to [the company] in Iraq, where [it] supplied the unapproved controlled substances to patients under the State Department and Air Force contracts.” 

It was therefore alleged that Comprehensive Health Services sidestepped US-imposed controls by operating via South Africa.

But it was accused of doing so from the US and, without that government’s approval, for the US.

Neither the name of the South African physician nor that of the shipping company was divulged.

Questions from Daily Maverick to South Africa’s Health Department had not been responded to by the time of publication.

Daily Maverick sent queries to email addresses listed for Comprehensive Health Services, but these were not responded to.

Acuity International also failed to respond to questions.

How armed gangs steal fuel worth millions from buried Transnet pipelines

Data breach

In another set of allegations, the company submitted claims to the US State Department relating to the cost of a secure electronic medical record system.

This was meant to store all patients’ medical reports “including the confidential identifying information of United States service members, diplomats, officials, and contractors working and receiving medical care in Iraq”.

However, between 2012 and 2019 Comprehensive Health Services allegedly “failed to disclose to the State Department that it had not consistently stored patients’ medical records” on a secure electronic medical record system.

“When [company] staff scanned medical records for the… system, [they] saved and left scanned copies of some records on an internal network drive, which was accessible to non-clinical staff,” the US alleged.

“Even after staff raised concerns about the privacy of protected medical information, [the company] did not take adequate steps to store the information exclusively on the [electronic medical record] system.”

A statement on the Comprehensive Health Services website from last month said it “learned of a data security incident” relating to a limited number of people.

In September 2020 it had “detected unusual activity within its digital environment following discovery of fraudulent wire transfers”.

Comprehensive Health Services launched an investigation.

“On November 3, 2021, [the company] learned that certain personal information may have been impacted in connection with the incident,” the notice on its website said.

“[We] then worked diligently to identify address information required to effectuate notification.”

On 20 January and 11 February 2022, the company sent notifications to individuals who may have been affected, it said.

In last week’s statement about the Comprehensive Health Services settlement, the US made it clear that the claims resolved via the $930,000 settlement were only allegations “and there has been no determination of liability”.

Elisabeth Kaminsky, a special agent in charge of the US State Department’s Office of Investigations, said the settlement demonstrated its commitment to protecting personnel. 

“Our hope is that this outcome will send a clear message that cutting corners on State Department contracts has significant consequences,” she said. DM