Make no mistake, the federal government intends to hold health information technology ("HIT") companies accountable for failures to develop HIT in accordance with federal certification standards and compliance with federal fraud and abuse laws, including payments for customer referrals.
This message was clearly delivered in early February when the DOJ with Greenway Health LLC for alleged violations of federal fraud and abuse laws. The DOJ complaint alleged that since 2011, Greenway has made false statements in obtaining certification of its software, and paid unlawful remuneration to customers participating in its referral program. Alleged unlawful payments included credits for fees scaled based on the size of the referred customer, payments for site visits and reference calls, and iPads, meals, travel and sport or entertainment tickets. This announcement came a little over 21 months after the Department of Justice settlement of $155 million with electronic health record ("EHR") vendor eClinicalWorks for similar alleged violations federal fraud and abuse laws.
Two federal laws were the basis for claims against the HIT company: (1) imposes civil liability on any person who knowingly makes a false or fraudulent claim for payment or a false record or statement material to a false or fraudulent claim; and (2) the federal is a criminal violation and the basis for FCA civil liability. Absent a specific safe harbor, AKS prohibits companies such as HIT vendors from willfully offering or paying anything of value, directly or indirectly, to healthcare customers for the purpose of inducing the purchasing or recommending the purchase of a company's healthcare technology.
Healthcare providers were required to use Certified Health IT (formerly certified electronic health record technology ("CEHRT")) for the purpose of receiving a "Meaningful Use" incentive payment, and continued use of Certified HIT is required under the Merit-based Incentive Payment System ("MIPS") of Medicare Access and CHIP Reauthorization Act of 2015 ("MACRA") and other CMS payment programs, such as MACRA Advanced Payment Models, Accountable Care Organizations and bundled payment programs. Certified HIT is not limited to EHR systems, and includes a large cross-section of HIT used by healthcare providers. The Department of Health and Human Services Office of National Coordinator ("ONC") and CMS set the standards for certification () and oversee and administer the certifying process. CMS states that certification provides "assurance to purchasers and other users that an EHR system or module offers the necessary technological capability, functionality, and security to help them meet the meaningful use criteria. healthcare providers and patients be confident that the electronic health IT products and systems they use are secure, can maintain data confidentially, and can work with other systems to share information." ONC publishes the Certified Health IT Product List .
In its press release, the DOJ stated that " Medical professionals and patients depend on the security and competency of electronic health records as a means to improving both the quality and coordination of health care services," said U.S. Attorney Byung J. "BJay" Pak for the Northern District of Georgia. "Vendors who falsify the viability of their products erode the integrity of the public health systems and will be held accountable for their misrepresentations."
For the next five years, Greenway is subject to a (CIA) as a condition of the settlement which sets obligations similar to those previously imposed on eClinicalWorks such as: establishing a comprehensive compliance program including software development compliance, fraud and abuse and HIPAA compliance, retain an Independent Review Organization to assess quality and compliance of future software development, and provide customers with notice of the settlement and their option to receive at no additional cost an upgrade of the EHR to the latest certified version of PrimeSuite, migration of data to another CEHRT developed by Greenway or transfer their patient data to another EHR vendor.
HIT companies and healthcare providers are on notice that product certification, contracting and marketing strategies will be closely scrutinized by the federal government.
Elizabeth Pitman is a partner with Waller Lansden Dortch & Davis and is based in Birmingham. Her experience as general counsel and corporate counsel at a healthcare information technology company is a valuable asset for healthcare providers who appreciate insights into healthcare information technology and HIPAA privacy and data security matters.