Electronic health record (EHR) vendor Allscripts recently disclosed on an earnings call that it has reached a tentative agreement with the Department of Justice (DOJ) to pay $145 million to settle an investigation into the regulatory compliance of one of its recent acquisitions, Practice Fusion. This news, combined with DOJ’s other recent successful enforcement actions against EHR companies, represents a trend and should be a warning that compliance is a priority when it comes health IT. We anticipate that there will be more Anti-Kickback, HIPAA, and False Claims Act cases against similar health IT targets in the pipeline.

Allscripts acquired Practice Fusion, also an electronic health record company, in February 2018. According to the company’s public SEC filing from the first quarter of 2019, the investigation “relates to both the certification Practice Fusion obtained in connection with the U.S. Department of Health and Human Services’ Electronic Health Record Incentive Program and Practice Fusion’s compliance with the Anti-Kickback Statute and HIPAA.”

Practice Fusion has also received a grand jury subpoena in connection with a related criminal investigation, reportedly from the U.S. Attorney’s Office for the District of Vermont (Vermont USAO), also involving the vendor’s compliance with the Electronic Health Record Incentive Program.

Background on the Electronic Health Record Incentive Program

The EHR Incentive Program (now referred to as the Promoting Interoperability Program)as originally established by the Department of Health and Human Services (HHS) under the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. Under the program, eligible clinicians and hospitals initially could earn incentive payments from CMS if they could attest that they used certified EHR technology (CEHRT) and satisfied the applicable program objectives and measures.

In parallel, the HITECH Act provided for the Office of the National Coordinator of Health Information Technology (ONC) to establish a health IT certification program. As part of the certification program, accredited testing laboratories and ONC-authorized certification bodies test and certify, respectively, that EHR developers meet the regulatory requirements established by ONC. The goal of the certification program is to provide a baseline of transparency and confidence for providers buying these systems, that certified health IT products use standards and functionality to support patient care and interoperability of health information.

Federal Government Continues to Crack Down on EHR Vendors

This is the latest move by DOJ against EHR vendors for business practices implicating the Anti-Kickback Statute in relation to obtaining false certifications under federal health IT certification programs. In May 2017, eClinicalWorks paid $155 million to resolve a False Claims Act case where the vendor was investigated for attesting to have certain certification program functionalities without actually meeting the certification criteria for standardized drug codes as required by the ONC certification program. The settlement also resolved allegations that eClinicalWorks violated the Anti-Kickback Statute by paying its customers to recommend its products to prospective customers in violation of the Anti-Kickback Statute and, coincidentally, involved the Vermont USAO.

More recently, Greenway Health, a Florida-based EHR vendor, paid $57.25 million to settle similar False Claims Act allegations. In that case, DOJ alleged that Greenway falsely obtained certification for a product that did not comply with requirements of the certification program, namely standardized clinical terminology necessary for interoperability with other systems. In line with the eClinicalWorks settlement, the settlement also resolved allegations under the Anti-Kickback Statute that Greenway Health paid money and incentives to its client providers to recommend its products to future customers.

The government’s successful and continued prosecution of False Claims Act and Anti-Kickback allegations against EHR vendors continues, and marks a trend that could impact similarly situated technology developers. ONC is expected to release in late 2019 final regulations on interoperability and prohibitions on information blocking, which will also contain updates to the certification program. Among these changes, ONC would add several conditions of certification for EHR vendors in order to qualify as certified health IT, including attestations for conditions regarding transparency and communications, real world testing for interoperability, and more. Each new attestation requirement or health IT-related standard imposed by HHS will become a new opportunity for federal regulators to pursue False Claims Act charges against EHR vendors.

With new requirements emerging and continued oversight and enforcement, it is becoming more important that health IT companies and health care providers review compliance with these regulations to ensure that they are meeting their legal requirements. Moreover, if EHR companies or the health care providers that use their products uncover suspicious business practices that call into question the validity of EHR certifications, or indicate that the relationship originated through the payment of kickbacks or improper referral fees, they should take quick action to investigate the conduct and avail themselves of self-disclosure programs to minimize their financial exposure.