In what appears to be the first False Claims Act (FCA) settlement involving electronic health record (EHR) software vendor and one of the first cases seeking recovery of Medicare and Medicaid EHR incentive payments, the Department of Justice announced a $154.92M settlement to resolve a whistleblower lawsuit against eClinical Works and some of its corporate officers. The underlying complaint alleges that eCW’s faulty software caused providers to submit fraudulent claims for federal incentive payments, and that eCW’s remunerations to customers under its referral programs violated the federal Anti-Kickback Statute. The settlement, reportedly the largest financial recovery in the state of Vermont, highlights FCA-related pitfalls for vendors and providers that participate in the Medicare and Medicaid EHR Incentive Programs (Meaningful Use Program).
Meaningful Use Program and EHR Certifications
The Meaningful Use Program was established by the Department of Health and Human Services under the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. To receive EHR incentive payments in each stage of the HITECH Meaningful Use Program, healthcare providers must attest that they used certified EHR technology and satisfied the applicable Meaningful Use Program objectives and measures.
The HITECH Act established a health information technology certification program administered by the Office of the National Coordinator of Health Information Technology. As part of the certification program, ONC-authorized certification bodies and accredited testing laboratories test and certify that EHR developers meets the requirements established by ONC.
The purpose of the ONC certification program is to create a method for the purchasers of a product to have confidence that the product safely and reliably meets certain criteria that supports patient care and interoperability of health information. The Meaningful Use Program was intended to ensure that health care providers were adopting and using health IT to support health care improvements.
Allegations Against eCW’s Software and Settlement
eCW is a vendor of EHR software for health care providers. On May 1, 2015, a former project manager for several health institutions that implemented eCW’s EHR system from April 2010 through March 2014, filed a qui tam complaint in the District of Vermont. Under the theory of false certification, the whistleblower alleged that eCW’s conduct resulted in improper EHR incentive payments to health care providers under the Meaningful Use Program because eCW falsely represented to its customers that its EHR system complied with certification requirements and the Meaningful Use Program requirements. Plaintiff also alleged that eCW concealed its software defects and paid illegal kickbacks to customers for referrals in violation of the Anti-Kickback Statute.
On January 13, 2017, the Department of Justice filed its notice of intervention and qui tam complaint was unsealed after February 15, 2017. The DOJ’s complaint-in-intervention repeated many of the same allegations: that eCW falsely represented to certifying bodies that its software complied with the requirements for certification and for the payment incentives under the Meaningful Use Program. The DOJ further alleged that eCW prepared its software in order to pass certification testing without meeting the required conditions. The government also alleged that eCW paid customers to recommend its products to prospective customers in violation of the Anti-Kickback Statute.
The parties finalized the settlement within only a few weeks after the DOJ filed its complaint-in-intervention on May 12, 2017. Under the settlement agreements, eCW and its three founders are jointly and severally liable for the payment of $154.92M, while a software developer was required to pay $50,000, and two project managers were required to pay $15,000 each. As is common with most FCA settlements, eCW also entered into an onerous 5-year Corporate Integrity Agreement. Among other things, the CIA requires eCW to establish and maintain a compliance program, establish a compliance and quality assurance committee, establish written standards, and retain an independent software quality oversight organization. The company is also required to provide notice to its customers of any safety-related issues, allow customers to obtain free software updates, and allow transfer of customer data to another EHR software vendor.
Lessons for Digital Health Companies and Health Care Providers
This case underscores the importance of regulatory compliance for all participants in government programs that involve the use of EHRs and other health information technology, including incentive payment programs. Failure to comply with the technical requirements of federal incentive programs, such as the Meaningful Use Program, can create significant false certification liability under the FCA for both health IT vendors and health care providers. When there are misrepresentations and patient safety issues involved, the government can and will take action.
The Supreme Court’s recent recognition of the “implied certification” theory in Escobar may especially expand FCA exposure for health IT vendors, developers, investors, and health care providers. Under the implied certification theory, a claim submitted to the government can be deemed false for purposes of liability under the FCA based on an implied representation that the claim is in compliance with all material technical requirements imposed by rules, regulations and contractual terms. Given the tens of thousands of such requirements for EHR and the government’s position that all EHR requirements for federal incentive programs are material, the false certification liability has a considerable effect on organizations operating in the health IT industry. All EHR participants should carefully scrutinize their compliance with federal rules and certification standards.