Rachel V. Rose, JD, MBA, advises clients on compliance and transactions in healthcare, cybersecurity, corporate and securities law, while representing plaintiffs in False Claims Act and Dodd-Frank whistleblower cases. She also teaches bioethics at Baylor College of Medicine in Houston. Rachel can be reached through her website, www.rvrose.com.
Physicians can learn a lot about risk analysis from the recent EHR vendor False Claims Act and subsequent settlement.
Misrepresentations on a meaningful use attestation lead the U.S. Government to intervene in a False Claims Act case and the Electronic Health Records (EHR) vendor, eClinicalWorks (ECW) to pay $155 million and enter into a corporate integrity agreement.
Any physician who applied for and accepted money from the federal government under the Health Information Technology for Clinical and Economic Health Act ("HITECH") appreciates that line item 13 asks about HIPAA/HITECH Act compliance.
Ironically, I wrote about the subject nearly two years ago for Physicians Practice. The takeaways that I provided in that article were to be diligent about undergoing an annual risk assessment and risk analysis, to answer the statements on any attestation truthfully, and to utilize secure technology when creating, receiving, maintaining or transmitting protected health information. Between then and now, I have seen audits conducted by both state and federal contractors asking physicians to establish that they were HIPAA/HITECH Act compliant when they attested to and submitted the claim for meaningful use funding from the U.S. Government. And, if this cannot be established, the entities are asking that the funds be returned to the government.
Recently, the U.S. Department of Justice (DOJ) announced that ECW, one of the largest vendors of EHRs settled allegations that the company was less than truthful about the capabilities and compliance with its software. The false statements made by ECW that they complied with the requirements for certification. And, also, that it paid kickbacks to certain customers in exchange for promoting its product.
"Every day, millions of Americans rely on the accuracy of their electronic health records to record and transmit their vital health information," said Acting Assistant Attorney General Chad A. Readler of the Justice Department's Civil Division, in a press release "This resolution is a testament to our deep commitment to public health and our determination to hold accountable those whose conduct results in improper payments by the federal government."
This liability is not limited to vendors. Physicians and other providers (e.g., health systems and hospitals) are equally susceptible to potential false claims act cases and audits by RACs and MACs. Therefore, the takeaways for providers are as follows: be truthful in all submissions to the U.S. Government, make sure that HIPAA/HITECH Act compliance is a priority, and make sure adequate due diligence is done on all business associates and subcontractors to ensure their HIPAA/HITECH compliance.