The Centers for Medicare and Medicaid Services (CMS) has spent billions of dollars to encourage the meaningful use of electronic health records (EHR). In a recent audit report, the Department of Health and Human Services, Office of the Inspector General (OIG) estimated that CMS improperly paid more than $729 million in EHR incentives to professionals during the initial years of the EHR incentive. These findings highlight a potential area for significant overpayment recovery actions that could pose certain risks for recipients of incentive payments.
Although the estimate is based only on a sample of 100 professionals, the OIG has recommended that CMS should attempt recovery of the inappropriate payments. The report signals an increased focus by the government on the EHR incentive programs, which could impact participants of the EHR programs. In light of potential risks identified by the OIG report, vendors and professionals that participate in the Medicare and Medicaid EHR incentive programs (Meaningful Use Program) should confirm their compliance with federal rules and regulations.
EHR Incentive Payments and Specific OIG Findings on Meaningful Use Attestations
The Meaningful Use Program was established by HHS under the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. The incentive program was intended to ensure that health care providers were adopting and using health information technology (health IT) to improve treatment decisions and provide more coordinated care. To receive EHR incentive payments in each stage of the Meaningful Use Program, healthcare providers must attest that they used certified EHR technology and satisfied the applicable Meaningful Use objectives and measures using the on-line EHR Registration and Attestation System.
The HHS-OIG conducted the audit to review whether CMS’s oversight of the EHR incentive programs was sufficient and whether participating providers met the program requirements. During the May 2011 to June 2014 audit time period, providers were required to attest that they met all “core” measures of the Meaningful Use Program, and met 5 of the 10 “menu” measures. The OIG Findings pertained to: (a) a “core” measure that required participants to attest that they performed security risk assessment; and (b) two “menu” measures that required providers to attest they generated patient lists for “quality improvement, reduction of disparities, research, or outreach” and collected certain encounter data. The regulations also require participants to base their attestations on full-years’ worth of encounter data in their second year of participation. To be eligible, professionals must also have 50 percent of their patient encounters at locations with EHR technology.
OIG’s estimate of $729 million in improper payments was based on a finding of 14 percent error rate in a sample of 100 eligible professionals during the 2011 to June 2014 time period. The OIG determined that 12 of the 14 professionals could not provide documentation to support their attestation that: (a) they conducted or reviewed a security risk analysis as required by a “core” measure, or (b) generated required patient lists or provided patient encounter data required by certain “menu” measures. The OIG also found that one provider reported on an incorrect Meaningful Use time period, and another provider insufficiently used locations with certified EHR technology. The OIG attributes the significant amount of improper payments to CMS’s limited documentation reviews of EHR participants that has left the EHR incentive payment programs “vulnerable to abuse and misuse of Federal funds.”
Implications for EHR Incentive Participants
The OIG audit demonstrates an increased focus by the government on the EHR incentive payments. The report comes only weeks after the Department of Justice’s False Claims Act settlement with one of the largest vendors of EHR technology. The report indicates that although CMS has implemented “targeted risk-based audits” to strengthen program integrity, CMS did not accept the OIG’s recommendation to attempt the recovery of $729 million overpayments.
Nonetheless, EHR incentive program participants are on notice of potential shortcomings in CMS oversight of the Meaningful Use Program. Recipients of EHR payments may have exposure under the FCA’s theory of false certification if they recklessly disregard or deliberately ignore their non-compliance with the Meaningful Use Program. EHR participants should conduct an EHR program review and assess on-going compliance with federal rules and certification standards to ensure that their attestations are truthful. At minimum, focus of the review should be on the same program measurements that were subject of the OIG audit. For instance, professionals should ensure that they have performed a security risk analysis as required by the “core” measure of the Meaningful Use Program.
EHR program participants should also consider reviewing past attestations to determine whether those submissions were mistaken or false. The Meaningful Use Program requires professionals to retain documentation supporting their demonstration of meaningful use for six years. Whether providers should conduct a retrospective compliance review as a result of the OIG audit will depend on facts and circumstance. EHR program participants should be aware that liability may attach under the “reverse false claim” provision of the FCA for professionals that knowingly avoid repayment of identified overpayments. We recommend obtaining guidance from experienced FCA and health care attorneys on investigating, reporting and returning potential overpayments under the EHR incentive programs.