A Big EHR Fraud Defense Win and HHS Obtains Five Settlements Relating to Withholding of EHR Access
Over the last few months, I have written and spoken a fair amount about electronic health records (EHR) systems. For example, in March, I wrote about how EHRs are increasingly targets of government investigations and whistleblower lawyers. In July, that post evolved into an article for the Health Care Compliance Association’s Compliance Today magazine. In May, I blogged about the Department of Health and Human Services Office of Inspector General’s proposed information blocking regulations. And in June, I wrote about the role that EHR systems are playing in the expansion of telehealth. On Wednesday, September 30, I will be participating in a panel discussion addressing trends in EHR-related fraud enforcement at the 2020 American Health Law Association Fraud & Compliance Forum.
“[T]he settlements are the most recent enforcement actions under HHS-OCR’s Right to Access Initiative, enacted in 2019 ‘to support individuals’ right to timely access to their health records at a reasonable cost under the HIPAA Privacy Rule.
Although the COVID-19 pandemic and the looming 2020 election continue to dominate the headlines, the EHR-related news has not stopped. June saw a big win for False Claims Act (FCA) defendants when a federal district judge in the Southern District of Florida dismissed healthcare fraud claims that Medhost, Inc., along with CHS and 140 of its hospitals, submitted or caused the submission of false claims because of numerous failures of Medhost’s EHR system to meet meaningful use (MU) certification requirements. Relators alleged that Medhost’s EHR, inter alia, (1) experienced integration failures between Medhost systems, including allergy interaction importing errors and failed drug interaction checks; (2) failed to record medication orders accurately; and (3) experienced malfunctions in its clinical decision support rules.
A federal judge was unimpressed. The court dismissed the relators’ Medicare fraud claims, finding that they failed to plead them with the particularity required by Federal Rule of Civil Procedure 9(b). More specifically, the court found that the whistleblowers’ complaint (1) was not precise in the who, what, where, and when of the alleged misrepresentations; (2) failed to link facts about the alleged shortfalls in the EHR to the alleged fraudulent actions; and (3) created an insufficient nexus between what Medhost knew about the EHR deficiencies, who knew it, and the specific fraud allegations.
Last week, EHRs were in the news again. This time, HHS’s Office of Civil Rights (HHS-OCR) announced settlements with five hospitals over alleged failures to provide EHR access for individual patients or their proxies. According to EHR Intelligence, the settlements are the most recent enforcement actions under HHS-OCR’s Right to Access Initiative, enacted in 2019 “to support individuals’ right to timely access to their health records at a reasonable cost under the HIPAA Privacy Rule.” These resolutions may be a preview of the types of enforcement actions forthcoming under HHS-OIG’s new Civil Monetary Penalty authority addressing information blocking.
Compliance continues to be critical in the deployment and use of EHR systems, and government investigations in this area appear to be on the rise despite the pandemic. For future updates, subscribe to the SRVH blog and follow us on Twitter. Contact the lawyers in our Government Compliance & Investigations or Healthcare groups with any questions or concerns.