Electronic Health Record Enforcement Is New Whistleblower Trend

Posted on by

Wrongful Termination Attorneys

Electronic Health Record (“EHR”) is a term of art for systems that allow medical information to be created and managed digitally, thus allowing for instant information diffusion between healthcare providers.  These systems have seen widespread usage in recent years, creating opportunities for data leaks, cyberattacks, and medical data marketing according to a wrongful termination lawyer from our friends at Hoyer Law Group, PLLC.  Because of these potential vulnerabilities, EHR systems have been the subject of numerous recent False Claims Act (“FCA”) settlements and litigation.

Kickback Violations

The U.S. Department of Justice recently reached two major FCA settlements concerning EHR software vendors and alleged kickback schemes.

The first was a $145 million settlement in January 2020 with Practice Fusion Inc.  The settlement resolved allegations that the company extracted unlawful kickbacks from pharmaceutical companies in exchange for increasing prescriptions by implementing alerts into their EHR software.

The second settlement in November 2022 resulted in a $45 million payment from Modernizing Medicine, Inc. to resolve kickback allegations concerning:

  • Donations in violation of safe harbor requirements;
  • Payments in exchange for tailoring its EHR systems to favor a particular testing lab; and
  • Payments to providers to recommend Modernizing Medicine’s EHR system.

These settlements illustrate how kickback violations can arise from commercial relationships among EHR vendors, suppliers, and healthcare providers.

Security Vulnerabilities and Functionality Issues

In addition to kickback violations, two cases involving EHR software vendor eClinicalWorks, LLC highlighted that EHR security and functionality could create FCA liability.

The first case against eClinical alleged that its EHR software failed to document and track patient medications and laboratory results reliably.  It also alleged that the software was unable to edit patient notes.  Finally, the case alleged that eClinical paid kickbacks to providers in exchange for using their software.  In 2017, eClinical agreed to pay $155 million to settle these allegations and was also required to enter into a corporate integrity agreement.

In the second case, the relator alleged that eClinical’s EHR software suffered from significant security flaws that left protected health information, patient social security numbers, and other private information vulnerable to malicious actors.  The relator argued that these security vulnerabilities created FCA liability since eClinical needed to make representations that the software was secure to obtain eligibility certification for Health Information Technology for Economic and Clinical Health Act (“HITECH”) payments and HIPAA compliance.  Notably, the district court denied eClinical’s motion to dismiss, finding that the relator plausibly pled false representations, including the unusually broad HIPPA-based claim.

The Future of EHR-Related FCA Cases 

The number of recent FCA settlements concerning EHR vendors indicates that it is among the Department of Justice’s enforcement priorities and that EHR-related cases will continue to increase.  In particular, kickback violations and compliance concerns regarding these systems’ functionality or security are a primary focus.  However, EHR-based FCA cases are a relatively new phenomenon, and we have much to learn about the range of compliance issues they may create.

If you are in need of assistance, contact a law firm near you for representation on your case.