The HITECH Act—including the HITECH Final Rule’s provisions about HIPAA, data privacy, security, and breach notification—is an issue we have covered in detail previously.

According to a June 17, 2015 press release, the former CFO of the Shelby Regional Medical Center in Texas has pleaded guilty to making a false statement in “representing that the hospital was a meaningful user of electronic health records when the hospital did not meet the meaningful use requirements” and thus should not have received nearly $786,000 in electronic health record implementation incentive payments from Medicare. The former CFO was sentenced to 23 months in federal prison, and ordered to pay restitution of nearly $4.5 million to Medicare’s Electronic Health Record (EHR) Incentive Program.

Reed Smith attorney, Brad Rostolsky was recently quoted in an article discussing the case, articulating his belief that the government will continue to be aggressive in its enforcement of “meaningful use” EHR attestations in circumstances that warrant a tough approach. Although most providers undoubtedly take care to ensure their attestations are true and accurate, recommended practices include retaining detailed documentation that supports the representations made in “meaningful use” attestations, and thus the provider’s eligibility to receive EHR incentive payments, for seven years.