Government Review of EHR Incentive Programs Raises Risk of FCA Liability for Health Care and Software Companies
On 12 December 2017, the Department of Justice announced that, 21st Century Oncology had agreed to pay USD 26 million to the government in part to resolve allegations that the integrated cancer care provider submitted false attestations regarding the company’s use of electronic health records (EHR) software and thus improperly received payments from the government as part of the Medicare EHR Incentive Program.
This is the second False Claims Act settlement this year involving EHR incentive programs. The first case was the eClinicalWorks USD 155 million settlement, in which a software vendor resolved allegations that it made false certifications regarding the capabilities of its EHR software. The improper certifications allegedly caused eClinicalWorks customers to submit false claims and fraudulent records to the government.
These cases reflect the government’s aggressive efforts to uncover and punish misconduct related to the ever expanding use and development of EHR technology by entities that benefit from government-sponsored incentive programs. Such cases will likely become more common in the new year, and both software developers and healthcare providers need to ensure compliance with the programs’ requirements to avoid False Claims Act liability.
The EHR Incentive Programs
The American Recovery and Reinvestment Act of 2009 established the EHR incentive programs for both Medicare and Medicaid. Under the programs, the US Department of Health and Human Services (HHS) offers incentive payments to healthcare providers that adopt and demonstrate "meaningful use" of certified EHR technology. Individual practitioners (Eligible Professionals) and hospitals can qualify for payments over five years from Medicare (ending after 2016) and over six years from Medicaid (ending after 2021). Additionally, to obtain certification for their product, companies that develop and market EHR software must attest that their product complies with applicable HHS-adopted criteria and pass testing by an accredited independent certifying entity approved by HHS.
From 1 January 2011, through 31 December 2016, the Centers for Medicare & Medicaid Services (CMS) made a total of USD 14.6 billion Medicare EHR incentive payments to hospitals.
Heightened Scrutiny In 2017
Over the past year, the government has become increasingly concerned with the risk of improper incentive payments under the programs. In June 2017, the HHS Office of Inspector General (OIG) issued a report estimating that Medicare paid USD 729,424,395 in EHR incentive payments that did not comply with federal requirements. The OIG’s review covered EHR incentive payments totaling USD 6,093,924,710 that Medicare made to 250,470 Eligible Professionals from May 2011 to June 2014. Following the report, in July 2017, the OIG revised its work plan to include a nationwide review of Medicare EHR incentive payments to hospitals. The expected issue date for the report is Fiscal Year 2018. OIG further indicated that its reviews of Medicaid EHR incentive payments found that State agencies overpaid hospitals by USD 66.7 million.
For healthcare providers, liability under the False Claims Act may arise from presenting a false or fraudulent claim for payment under the EHR incentive programs, submitting a false record or statement, or for improper retention of an overpayment to the government.
Software developers, who do not receive incentive payments under the programs, may also find themselves in hot waters should the government determine that issues with their technology caused customers to present a fraudulent claim or a false record to HHS.
What Should You Do?
If you participate in the EHR incentive programs in any capacity, you should ensure that your company maintains proper documentation to support any attestation or certification that it has made to the government. This can include preserving software utilization reports or evidence of implementation of necessary software updates. In addition, you should confirm that your IT staff and other relevant stakeholders understand the requirements of the EHR incentives programs, and that the proper controls are implemented to prevent the falsification or fabrication of records.
How Can We Help?
At Baker McKenzie, our US False Claims Act practice team consists of integrated health care regulatory, litigation and IT professionals that can help your company navigate the EHR incentive regulatory regime. Our globally acclaimed compliance and investigation team will help design and conduct independent risk assessments and flag key areas of risk and recommend sound remediation steps. Every client is unique so we will review the effectiveness of your policies and procedures and recommend alternations that fit "your" needs. We will credibly and independently investigate any allegations of wrongdoing and, where required, manage and position disclosure and reporting to relevant authorities.