Christopher C. Sabis (csabis@srvhlaw.com) heads the Government Compliance & Investigations group at Sherrard Roe Voigt & Harbison PLC in Nashville, TN.
In late February, Joseph (Jody) Hunt, assistant attorney general (AAG) for the Department of Justice (DOJ) Civil Division, told the Federal Bar Association about the DOJ’s civil enforcement priorities for 2020. Alongside elder justice initiatives and skilled nursing facilities—the presentation preceded the coronavirus pandemic taking hold in the United States—AAG Hunt listed electronic health records (EHR) systems as targets for future action.[1] Scrutiny of EHR-related issues is not new, and it is not surprising given that the federal government has invested more than $35 billion in meaningful use incentive payments over the last decade.[2] A brief review of the history of EHR-related False Claims Act (FCA) settlements and two newer cases may shed some light on where DOJ is heading in the EHR arena.
EHR-related cases historically
Over the last few years, EHR-centered fraud and abuse cases have fallen primarily into two categories.[3] “The first is cases where healthcare companies, like laboratories, allegedly paid kickbacks in the form of subsidies for EHR systems to referring physicians and physician groups.” These financial arrangements fell outside of the Anti-Kickback Statute safe harbor and the Stark Law exception that the Centers for Medicare & Medicaid Services had put in place to permit certain EHR donations. The two lead cases in this category are Inform Diagnostics[4] and OURLab.[5] While these were significant dollar-value cases—Inform Diagnostics was one of the ten largest FCA settlement in 2019[6] —they do not directly involve the features or functions of the EHR systems themselves.
In the second category of cases, DOJ has alleged that EHR developers fraudulently obtained certifications for their EHR software through misrepresentations about the systems’ capabilities. According to the government, healthcare providers using those systems submitted false claims for meaningful use incentive payments in violation of the FCA because the systems’ deficiencies rendered the providers’ submissions inaccurate. EHR developers like Greenway Health LLC[7] and eClinicalWorks[8] have paid large settlements to resolve these types of allegations. The fraudulent conduct in this category of cases directly implicates the functionality of the EHRs, but not necessarily the manner in which their features are employed daily by the systems’ end users.
A new type of case
Now a third category is emerging. In these cases, the specific functions of the EHR systems or other compatible electronic systems that the end users employ while providing and billing for healthcare services allegedly enable or cause the false claims. AAG Hunt cited a recent example of this category of cases in his February remarks. On January 27, 2020, the U.S. Attorney’s Office for the District of Vermont (also involved in the Greenway and eClinicalWorks settlements) announced a $145 million global resolution with EHR developer Practice Fusion Inc.[9] As part of the resolution of the criminal case, Practice Fusion “admits that it solicited and received kickbacks from a major opioid company in exchange for utilizing its EHR software to influence physician prescribing of opioid pain medications.” Specifically, the EHR “implement[ed] clinical decision support (CDS) alerts…designed to increase prescriptions for their drug products” in exchange for kickbacks. In other words, one of the functions of the EHR system allegedly caused physicians to prescribe certain opioid medications at a higher rate than they would have without the system.
This third category of EHR-related cases may be the source of AAG Hunt’s interest because it presents appealing opportunities for prosecutors and whistleblowers. Theories of liability involving an EHR or EHR-compatible system may bring another, potentially deeper pocket into an investigation and create a race to cooperate between targets. Even if the government or relator only targets one party, they may seek access to communications between the system developer and the healthcare provider, arguing that those documents could contain relevant evidence of knowledge or intent. But the question remains as to what these types of allegations might look like outside of the kickback context presented in the Practice Fusion resolution.
A recently unsealed qui tam complaint in which the government declined to intervene may provide an example. On March 5, 2020, a little over a month after the Practice Fusion announcement, the Eastern District of Tennessee unsealed the complaint in United States ex rel. VIB Partners v. LHC Group, Inc.[10] In that case, VIB Partners alleges, inter alia, that the defendant home health company “uses software and management techniques to continually pressure managers and clinicians to conform nursing and therapy visits to profitable thresholds, falsify OASIS [Outcome and Assessment Information Set] data, and bill for beneficiaries who do not qualify for the home health benefit.”[11] Specifically in relation to the software, the complaint alleges that the defendant’s programs “identif[y] changes to OASIS items that can increase reimbursement and/or quality scores”[12] and inform end users how a coding change will affect the reimbursement for the services provided to a patient over the relevant period.[13] These allegations may be an example of the types of claims we will see from DOJ in the coming months given AAG Hunt’s comments and the Practice Fusion settlement.
Conclusion
It is unclear whether DOJ intends to focus on EHR and related software developers, end users, or both. But pursuit of developer liability in these cases will present challenges for prosecutors. The provider, not the developer, makes the final decision on what services to bill and how to bill them. This will be a strong defense for system developers in many cases. Still, developers may face costly requests for discovery from the government and whistleblowers in their effort to establish knowledge and intent in FCA investigations and qui tam cases, even when they are focused exclusively on the healthcare provider.
On the provider side, healthcare companies and physician practices employing EHR-related technology should be cautious concerning claims that system features will drive revenue or increase use of healthcare services. Appropriate revenue optimization is important, but such features could attract the attention of whistleblowers and enforcement authorities. Developers and users should take appropriate steps to evaluate any compliance risks in their systems in light of AAG Hunt’s comments and the evolution of EHR-related cases.
Takeaways
-
Fraud investigations involving electronic health records (EHR) systems are now a Department of Justice priority.
-
Historically, EHR-themed fraud and abuse cases have not focused on the actual use of the system’s functions.
-
Newer cases show a trend toward allegations where software systems themselves enable or cause false claims.
-
EHR developers may face investigative costs related to the functionality of their systems even if they are not targets of the enforcement action.
-
Healthcare providers should take steps to ensure that they are employing EHR-related features in a compliant manner.