Department of Justice Announces Novel False Claims Act Settlement with Leading Electronic Health Record Provider eClinicalWorks
On Wednesday, the Department of Justice announced its settlement of a previously sealed False Claims Act lawsuit against eClinicalWorks, one of the country’s leading providers of Electronic Health Record (“EHR”) software. The settlement is significant not only because of its size—$155 million, the largest False Claims Act settlement of the Trump Administration to date—but also because it signals DOJ’s view that, because of the critical role it now plays in the delivery of healthcare, EHR software should be subject to an increased level of regulatory and enforcement scrutiny.
In 2009, Congress enacted a comprehensive program of financial carrots and sticks designed to encourage physicians, hospitals, and other providers to move away from paper health records and toward EHR. This program is generally referred to as “Meaningful Use.” Under the program, providers who were early adopters of EHR have received incentive payments from CMS—up to $44,000 for Medicare providers, and up to $63,750 for Medicaid providers and—for their “meaningful use” of EHR software that CMS has “certified” (the carrot). Since 2015, CMS has penalized providers who are not meaningful users of certified EHR software by imposing haircuts in those providers’ Medicare fee schedule payments (the stick).
For EHR software to be “certified,” the software vendor must demonstrate to CMS through testing that the software meets a comprehensive, detailed set of functionality criteria set forth in CMS’s Meaningful Use regulations. Because of the Meaningful Use program’s financial carrots and sticks, an EHR vendor’s software must obtain CMS certification if it hopes to be competitive in the EHR marketplace.
Complaint Allegations and Settlement
On May 1, 2015, Brendan Delaney, a software technician who had helped numerous providers implement eClinicalWorks’ EHR software, filed under seal a False Claims Act lawsuit alleging that eClinicalWorks had falsely obtained CMS certification of its software. Specifically, the complaint alleged that eClinicalWorks’ EHR software exhibited various functionality shortcomings, such as failing to document and display information relating to the patient’s medications and laboratory results. The complaint alleged that, had CMS known of these shortcomings at the time that eClinicalWorks’ software was undergoing CMS certification testing, CMS would not have certified the software and, therefore, providers who subsequently used eClinicalWorks’ software would not have received Meaningful Use incentive payments.
On May 12, 2017, DOJ filed a complaint-in-intervention that expanded on the allegations in Delaney’s original complaint. DOJ’s complaint alleged that, although eClinicalWorks’ software was able to pass CMS’s certification test (which was conducted under controlled conditions), the software was not able to meet all of the certification criteria under real world conditions. DOJ’s complaint principally alleged functionality flaws in the software’s e-prescribing function, audit log records, performance of drug interaction checks, and data portability; DOJ’s allegations arguably read more like a list of hyper-technical critiques of an extraordinarily complex software program than ones describing a fraud against the government. In addition to the “software flaws” theory of False Claims Act liability, DOJ’s complaint added a new theory of liability that was nowhere mentioned in Delaney’s original complaint: namely, that eClinicalWorks violated the federal Anti-Kickback Statute by providing modest payments to existing eClinicalWorks’ customers (e.g., $500 in cash, or an iPad) who referred new prospective customers to the company, notwithstanding that these referral payments were open and obvious and are commonplace in the EHR industry.
In addition to agreeing to pay the United States $155 million, eClinicalWorks agreed to enter into a five-year Corporate Integrity Agreement (CIA). Among other things, the CIA requires eClinicalWorks to retain an Independent Software Quality Oversight Organization to assess its software quality control systems and provide the government with semi-annual reports documenting its review and improvement recommendations. The CIA also requires eClinicalWorks to implement a more robust in-house compliance structure, to cease paying customers for referrals, and to retain an Independent Review Organization to review for Anti-Kickback Statute compliance the company’s financial relationships with providers. Essentially, the CIA treats eClinicalWorks not as a software company whose product happens to be used by healthcare providers, but as a healthcare company whose product happens to be software. This is a true paradigm shift: whereas the world’s leading software companies routinely launch new products before all the kinks have been worked out—relying on users to identify and report kinks, and then releasing post-launch updates and patches—healthcare companies generally are expected to identify and fix product flaws prior to launch.
While the complaint against eClinicalWorks focused on providers’ receipt of Meaningful Use incentive payments for their use of eClinicalWorks’ EHR software, DOJ’s theory of False Claims Act liability does not necessarily depend on those incentive payments. Rather, DOJ likely will take the position that, even after expiration of the Meaningful Use incentive payments, EHR vendors (and providers’ use of EHR) remain subject to the False Claims Act and Anti-Kickback Statute because a provider is “paid” by CMS, albeit indirectly, for its use of certified EHR software to the extent that the provider avoids the downward adjustment in its Medicare fee schedule payments. More broadly, DOJ’s decision to intervene in the lawsuit against eClinicalWorks is a clear signal that DOJ views EHR software as a critical component of healthcare delivery and will use the threat of False Claims Act liability to encourage (if not compel) EHR software companies to adopt internal regulatory and compliance processes and procedures that look very much like those of pharmaceutical and medical device companies.
In addition to the eClinicalWorks settlement drawing the attention of the relators’ bar, we expect that DOJ will continue to spend investigatory and enforcement resources in the EHR software space. EHR software vendors and providers who meaningfully use certified EHR would be wise to examine their internal quality and compliance processes and procedures to ensure that they stay one step ahead of DOJ. If you would like to discuss these issues further, please feel free to contact any of the Ropes & Gray healthcare regulatory and enforcement lawyers below.