In 2009, as part of the HITECH Act, the federal government funded an incentive program by which health care providers who implemented and used electronic health records (“EHRs”) for their patients were able to receive significant financial benefits. The incentive program, which provided for potentially substantial payments to medical providers who engage in the “meaningful use” of EHRs, was premised on the view that the jettisoning of paper records, and the adoption and use of electronic medical records, was likely to improve the quality of patient care, improve patient safety, and reduce health care costs. But, from the very outset, entities such as the Government Accountability Office also made note of a darker side to the incentive program – namely, the potential that the program would be subject to fraud and abuse, and the need for significant oversight to ensure the integrity of payments made under the program’s auspices.

Given this history, a report that the Office of the Inspector General of the United States Department of Health and Human Services (“HHS-OIG”) released on June 12, 2017 may not be surprising, but its scope is alarming nonetheless. In preparing its report, HHS-OIG sampled the records of 100 providers who received “meaningful use” payments in the approximately three-year period between May 2011 and June 2014. As to this small sample size, HHS-OIG determined that another government agency – the Centers for Medicare and Medicaid Services (“CMS”), which administered the incentive program – paid out over $290,000 to health care providers who had not properly demonstrated their meaningful use of EHRs. HHS-OIG then extrapolated from these findings in order to assess the total dollar value of improperly obtained EHR incentive payments that were made in the same three-year period. Specifically, given the total of over $6 billion in incentive payments that were made to 250,470 providers in the period through June 2014, HHS-OIG reached the staggering conclusion that “CMS inappropriately paid $729,424,395 in incentive payments to [providers] who did not meet meaningful use requirements.” In other words, according to HHS-OIG, the meaningful use program resulted in nearly three-quarters of a billion dollars in financial incentives being improperly paid to, and received by, health care providers who were not in fact qualified to receive these sums.

To be sure, the HHS-OIG’s report appears to leave room for criticism and doubt. Most notably, even presuming that 100 providers represents a statistically meaningful sampling of the 250,470 providers who received incentive payments under the program, one could ask in any event whether such a small sample size truly warrants HHS-OIG’s willingness to treat its extrapolated estimate as a definitive loss calculation. Similarly, it appears fair to question whether HHS-OIG’s report accounts for the possible refinement over time of CMS’s meaningful use determinations, and whether the improper payments were clustered at the earlier stages of what was indisputably a complex and difficult-to-administer program.

But, ultimately, the fundamental issue raised by the HHS-OIG report is not whether it is perfect, nor whether a more thorough study could have been performed. Instead, the critical issue is what the fallout from the report will be, and what we can expect to happen next. In this regard, at least three points are worth noting.

First, inherent in the HHS-OIG report are criticisms of the oversight role that CMS plays in the Medicare and Medicaid programs generally, and in the EHR incentive program more specifically. For example, the HHS-OIG report states that one of its goals was to assess whether “CMS’s oversight of the Medicare EHR incentive program was sufficient,” and the implicit finding of the report is that CMS simply fell down on the job. Indeed, HHS-OIG explicitly states in its report that CMS “conducted minimal documentation reviews” of the attestations that health care providers must submit in order to obtain meaningful use incentive payments, and HHS-OIG also describes at least one instance in which, due to a lack of proper controls within CMS, an inappropriate meaningful use payment was made to a health care provider who had died during the reporting period. Further, HHS-OIG repeatedly notes that, in responding to the report, CMS has disputed the need to conduct fulsome audits of those health care providers who obtained meaningful use payments, and instead has indicated that only more narrow, “targeted risk-based” audits should be pursued. By making clear its rejection of this position, and by suggesting that government health care programs cannot be properly policed by agencies such as CMS, the HHS-OIG report may not only undermine the implementation of similar incentive programs in the future, but may also provide ammunition to those who oppose expanded government involvement in the healthcare industry, including in the form of the Affordable Care Act or the implementation of a single-payer system.

Second, for those health care providers that have received and may continue to receive EHR incentive payments, the HHS-OIG report can only increase the likelihood of a government audit, a potential demand for the return of meaningful use payments, and even the potential pursuit of False Claims Act litigation. In this regard, it should be noted that the HHS-OIG report does not appear to reflect or report widespread instances of intentional misconduct on the part of healthcare providers, or the knowing submission of false claims. To the contrary, the HHS-OIG report notes that the inappropriate meaningful use payments the agency found stem primarily from a lack of proper recordkeeping by health care providers – that is, by the failure of providers to retain the documentation necessary to support the electronic attestations by which meaningful use payments have been obtained. Yet the findings underlying the HHS-OIG report also appears to suggest that inappropriate meaningful use payments may have been made to providers who knowingly made incorrect representations to CMS – such as, for example, a health care provider that claimed to have had at least 50 percent of its patient encounters at a location equipped with certified EHR technology, when the actual percentage of encounters at locations using certified EHRs was only 20 percent. Moreover, False Claims Act liability can be triggered even for those health care providers whose inaccurate representations to CMS were merely inadvertent, because the discovery of such inaccuracies may implicate the provision of the Affordable Care Act by which overpayments that are not reported and returned within 60 days of their identification become false claims. Thus, rather than risk potential treble damages and the prospect of threatened or actual litigation under the False Claims Act, health care providers who received meaningful use payments would do well to review their attestations and the support underlying them, and return any funds as to which they could no longer satisfy the requirements of the meaningful use program.

Third, although the HHS-OIG report speaks solely in terms of audits and the recapture of government funds, implicit in the report is the potential that serious wrongdoing in connection with the receipt of meaningful use payments could result in criminal prosecution. In fact, because meaningful use attestations are submitted electronically to CMS, the presence of knowingly false statements in such attestations can result in a potential wire fraud prosecution, as well as a prosecution for health care fraud or the theft of government funds. Moreover, at least one case involving meaningful use payments has already been criminally prosecuted – in January 2014, a grand jury in the Eastern District of Texas returned an indictment charging a hospital CFO with falsely certifying that the hospital had met the criteria for the meaningful use of EHRs. Following the CFO’s guilty plea to a single count of making a false statement in a matter within the jurisdiction of CMS (in violation of 18 U.S.C. § 1001), the Court sentenced the CFO to a period of 23 months in federal prison. To be clear, it is hardly likely that typical cases involving inappropriate meaningful use payments will result in criminal prosecution – but, they most certainly can. As a result, when deciding how to respond to the HHS-OIG report, and how to address issues regarding meaningful use payments more generally, health care providers and their attorneys would do well to proceed with caution.

From The Insider Blog: White Collar Defense & Securities Enforcement.