Daniel F. Gottlieb counsels a wide range of health care industry clients, including health care providers, health plans, health information technology (IT) vendors and life sciences companies. He represents these entities on health IT acquisitions, privacy and data protection, reimbursement, fraud and abuse, and other health care regulatory and transactional matters. Daniel is a co-leader of the Firm’s Global Privacy and Cybersecurity Practice. Read Daniel Gottlieb's full bio.
On May 31, 2017, the US Department of Justice announced a Settlement Agreement under which eClinicalWorks, a vendor of electronic health record software, agreed to pay $155 million and enter into a five-year Corporate Integrity Agreement to resolve allegations that it caused its customers to submit false claims for Medicare and Medicaid meaningful use payments in violation of the False Claims Act.
Amid bipartisan concerns in Congress and multiple U.S. Department of Health and Human Services (HHS) agencies about health “information blocking,” the HHS Office of Inspector General (OIG) recently issued an alert reminding the health care industry that health information blocking can impact whether an arrangement satisfies the electronic health record (EHR) items and services safe harbor (42 C.F.R. § 1001.952) (EHR Safe Harbor) under the federal Anti-Kickback Statute (AKS) (42 U.S.C. § 1320a-7b(b)).
The EHR Safe Harbor permits certain health care providers and other donors to pay up to 85 percent of the cost of EHR technology provided to a physician practice or other referral source if the arrangement meets all EHR Safe Harbor elements. The third element of the EHR Safe Harbor requires that “The donor (or any person on the donor’s behalf) does not take any action to limit or restrict the use, compatibility, or interoperability of the items or services with other electronic prescribing or electronic health records systems (including, but not limited to, health information technology applications, products, or services).”
In the alert, the OIG cautions that information blocking may cause an arrangement that would otherwise satisfy the EHR Safe Harbor to fail to meet the third element. In an April 2015 report cited by the OIG in the alert, the Office of the National Coordinator of Health Information Technology defines information blocking: “Information blocking occurs when persons or entities knowingly and unreasonably interfere with the exchange or use of electronic health information.”
Previously, the OIG expressed concern about this issue in the preamble to its final rule amending the EHR Safe Harbor in 2013, stating, “[D]onors must offer interoperable products and must not impede the interoperability of any electronic health record software they decide to offer . . . Agreements between a donor and a vendor that preclude or limit the ability of competitors to interface with the donated software would cause the donation to fail to meet the condition at 42 CFR 1001.952(y)(3), and thus preclude protection under the electronic health records safe harbor.” (78 Fed. Reg. 79202, 79209 [December 27, 2013]).
The alert cites several examples of information blocking that would threaten protection under the EHR Safe Harbor. For example, if a provider limits the use or interoperability of software by agreeing with the potential referral source to prevent a competitor from interfacing with the software, the safe harbor requirements would not be satisfied. Likewise, if the software vendor agrees with a provider to charge high interface fees to outside providers or suppliers or to competitors, the safe harbor requirements may not be satisfied.
In order to avoid running afoul of the AKS (and resulting False Claims Act [FCA] claims), health care providers considering the roll-out of below-cost EHR technology to physician practices or other referral sources should take care to avoid health information access restrictions that unreasonably interfere with access to information for continuity of care or other appropriate purposes and, thereby, threaten EHR Safe Harbor protection.
The Office of Audit Services of the Office of Inspector General (OIG) of the U.S. Department of Health and Human Services has begun a nationwide audit of a random sample of providers that have received incentive payments for achieving “meaningful use” under the Medicare Electronic Health Record (EHR) Incentive Program from January 1, 2011 to June 30, 2014. Medicare pays EHR incentive payments for up to five years to physicians and hospitals that achieve meaningful use of certified EHR technology each year. Providers that fail to achieve meaningful use face payment reductions beginning in 2015.
The OIG announced its intention to conduct these audits in its Work Plan for FY 2015. The OIG stated that it will review certain, but not all, meaningful use measures to determine whether providers received incentive payments in error. Among the measures covered by the OIG audits is the core meaningful use measure that requires providers to conduct a comprehensive security risk analysis in accordance with the Health Insurance Portability and Accountability Act Security Rule.
OIG is sending audit notice letters requesting specific information and documents, including documentation of compliance with the particular meaningful use measures under review, to each provider in the audit sample. Providers should have documentation for each of the measures such as measure calculation reports printed from the provider’s EHR system, security risk analysis reports, and dated screen prints that demonstrate that the provider met the measure during the meaningful use reporting period or otherwise by the applicable deadline.
When responding to the OIG audits, providers should be mindful that deficiencies identified for one physician in a physician group or one hospital within a multi-hospital system, may apply to the other physicians and hospitals using the same EHR system and/or implementing meaningful use in the same way. Thus, the incentive payments at risk in an audit may be greater than the payments to the particular provider being audited.
The OIG audits are in addition to the meaningful use audits conducted by Figliozzi & Company, the outside audit contractor of the Centers for Medicare and Medicaid Services. Unlike the Figliozzi audits, which cover a MU attestation for a single meaningful use reporting period, the OIG audits cover incentive payments paid from January 1, 2011 through June 30, 2014. 2011 is the first year that Medicare paid EHR incentive payments. For more information about the Figliozzi meaningful use audits, see “What Have We Learned from Audits under the Medicare EHR Incentive Program?”