Electronic Health Records Ongoing Focus Of DOJ And HHS Enforcement

Late last year, Modernizing Medicine (ModMed), a provider of cloud-based electronic health records (EHR) systems, agreed to pay $45 million to resolve allegations concerning multiple kickback schemes including allegations about an illegal referral relationship with a clinical laboratory.  This is the seventh settlement with an electronic health record company since 2017 when the United States settled the first groundbreaking qui tam suit against an electronic health record vendor, eClinicalWorks, and certain top executives, for $155 million. The Mod Med settlement, like several others, reinforces that the Department of Justice and HHS-Office of Inspector General will continue to enforce federal safety standards for EHRs including, most significantly the use of a uniform code system to place orders for prescription medication (ePrescribe). 

As Vice President of Product Management at ModMed, Relator Amanda (Mandy) Long was the quintessential “insider” whistleblower with considerable insight into both software design and ModMed’s plan to monetize its EHR by selling access to providers and patients to third parties.

As part of the Health Information Technology for Economic and Clinical Health Act (HITECH Act), the federal government paid billions of dollars in incentives to healthcare providers to buy and implement certified electronic health record systems – the “Meaningful Use” and now, “Promoting Interoperability” program. To obtain certification, EHR vendors are required to attest that their software meets federal requirements promulgated by HHS and can reliably perform certain required functions for safe use in a clinical setting. The 21st Century Cures Act, enacted in 2016, further requires software developers to attest that health IT software meets all certification criteria, provides patient access to digital health information, and prohibits information blocking schemes which have prevented development of an interoperable system for universal access to health information.

Since eClinicalWorks, there have been six additional EHR settlements:

– February 2019 settlement with Greenway for $57.25 million (misrepresenting software capabilities; kickbacks).

– January 2020 settlement with Practice Fusion for $145 million (receiving kickbacks from an opioid producer in exchange for using its EHR to influence opioid prescribing).

– August 2020 settlement with Konica Minolta for $500,000 (misrepresenting software capabilities).

– January 2021 settlement with Athenahealth for $18.25 million (kickbacks).

– April 2021 settlement with CareCloud for $3.8 million (kickbacks).

– October 2022 settlement with ModMed for $45 million.

Five of the cases were initiated by whistleblowers. All but one allege multiple violations of the federal Anti-Kickback statute.  For example, in 2021, DOJ alleged that CareCloud provided customers with credits, cash bonuses, and other payments to recommend the software and not to say anything negative.  DOJ also has looked at relationships between EHR vendors and pharmaceutical companies and, in ModMed, a clinical laboratory.  These investigations have considered whether there are payments to EHRs intended to influence clinical decisions and generate referrals.  For example, in 2020 the DOJ resolved criminal and civil charges with Practice Fusion for soliciting and receiving kickbacks from Purdue for utilizing its EHR to influence physician prescribing of OxyContin.

Notably, DOJ has looked at individual accountability in the EHR industry.  In ModMed, DOJ intervened against the company’s CEO and Chief Medical Officer even though the settlement was with the company only.

Going forward, we can expect to see more allegations concerning wrongdoing by EHR companies and entities with which they contract.   Even though the Meaningful Use payment program has ended, federal damages may arise under the Merit-based Incentive Payment Systems (MIPS), one of Medicare’s value-based reimbursement programs. In addition, it is reasonable to expect that we will see additional allegations from whistleblowers concerning kickbacks in relationships between EHR vendors and third parties, allegations of use of EHR and linked revenue cycle billing systems to defraud federal programs, and use of certified health information technology in telehealth schemes.  Privacy and security of the systems also continues to be a priority for DOJ and HHS.  Additional areas of enforcement also may arise as we see increased federal and state health program benefits for the use of artificial intelligence and healthcare software.

Colette Matzzie is a Partner at Phillips & Cohen, LLP