AHLA's Speaking of Health Law

Fraud and Abuse: Recent Developments Related to Electronic Health Records

April 19, 2022 AHLA Podcasts
AHLA's Speaking of Health Law
Fraud and Abuse: Recent Developments Related to Electronic Health Records
Show Notes Transcript

In this episode of AHLA's monthly series on fraud and abuse issues, Matthew Wetzel, Partner, Goodwin Procter, speaks to Chris Sabis, who heads the Government Compliance & Investigations Group at Sherrard Roe Voigt & Harbison PLC, about recent developments in the government’s approach to electronic health records (EHRs). They discuss what constitutes EHR fraud, the concept of Meaningful Use, the theories that the government uses to pursue fraud in the EHR space, and what general counsel and compliance officers should be considering when updating their organizations’ EHR systems. From AHLA's Fraud and Abuse Practice Group. Sponsored by BRG.

To learn more about AHLA and the educational resources available to the health law community, visit americanhealthlaw.org.

Speaker 1:

The following message and support for a H a is provided by Berkeley research group, a global consulting firm that helps organizations advance in the areas of disputes and investigations, corporate finance, and strategy and operations BRG helps clients stay ahead of what's next for more information, visit think brg.com .

Speaker 2:

Good morning. Good afternoon. Good evening. And welcome to the ALA fraud and abuse podcast. I'm your host, Matt ETOL today. We're talking about electronic health records and recent developments in the government's approach to EHR . In recent years, we've seen a substantial uptick in healthcare fraud matters involving EHR and as providers, healthcare companies, life scientist , companies, and others work to create more interoperable record keeping system . And frankly, as patients continue to expect near real time access to medical histories, the government continues to incentivize the adoption of meaningful EHR. And with that incentivization, we can only expect to see more interest from the government today. I'm joined by Chris SaaS , who heads the government compliance and investigations group at shard Roe and Haron based in Nashville, Tennessee, Chris concentrates, his practice in areas of government investigations and litigation and has extensive experience in false claims act matters involving allegations of healthcare and procurement fraud. Prior to joining the firm, Chris served nearly a decade as an assistant us attorney in the middle district of Tennessee. And I also happen to have had the distinct pleasure of working with Chris in our law school days when we both served on the mast head of the Georgetown journal of legal ethics. I won't say how many years ago, Chris . Welcome.

Speaker 3:

Thank you. Thank you for having me.

Speaker 2:

All right . Well , uh , break it down for us here. How do , how should we think about EHR related fraud and how it affects patients?

Speaker 3:

Okay . Well, when I think about EHR related fraud , uh, I think about first of all, obviously electronic health record systems , uh, that are used by practitioners , uh, to track the medical records of their patients. I also think of technologies that are what I call EHR adjacent. So if you have a software program that interacts with your EHR and helps you with things like revenue optimization , um, you know, I , I think that's included kind of in the EHR fraud realm , um, as far as how EHR , uh , affect patients. It's a fascinating question because, you know, we're still learning that , uh, you know, the federal government of the last 10, 15 years has invested over 35 billion in the adoption of EHRs and EHR , uh, uh , systems. And so it's a huge investment and, and CMS has an entire webpage dedicated to why it's done that and listing a ton of reasons. Um, you know, the , the most, I guess, obvious are patient safety , um, you know, communication between different physicians and practice groups , uh, coordination of care , uh, and , uh, avoiding errors. You know, for example, in medication, being able to determine quickly through an electronic system, whether you might be something that might cause a reaction or be problematic, given something else the patient already is taking or some patient condition. And so that's how EHR really affect patients, at least in theory. Um, the , the issue for, for, you know, healthcare providers and for EHR developers is that fraud investigation tend to follow the money. And when, you know, the government has invested over 35 billion in , in the adoption of these systems , uh , eventually they're going to be looking for, for anything they seem that they think is problematic,

Speaker 2:

Follow the money. That's what I always tell my clients when it comes to this kind of , uh, this kind of area, this kind of potential increased enforcement, 35, 5 billion though , a 35 billion investment. What does that look like? Where, where are we seeing that money going? Is it in the form of grants? Is it in the form of , um, subsidies? What, what does that look like?

Speaker 3:

A lot of that money has come from , uh , what are known as meaningful use incentive payments , uh, uh , about like I said, about 10, 15 years ago , uh, the, the government made a decision that really wanted to, to push the adoption of EHR systems. One of the obstacles for that is that they're expensive. Uh, and you have a lot of practitioners who did not want to , uh , invest the money to adopt those systems either just because they're expensive or also because they did not like technology, they're used to working with paper, they have their pay , they wanna keep it . And so the government , uh , adopted , uh , a safe Harbor exception to the, any kickback statute or excuse me, a safe Harbor for the, any kickback statute and an exception for the stark law to allow , uh, different healthcare entities to , uh, make contributions , uh, toward a practices purchase of EHR technology. And, you know, if the , if, if the practice adopted , uh , EHR technology and could show that they were meaningfully using that technology in their practices, they could submit to the government for incentive payments for adoption and use. And that's where a lot of that investment went in.

Speaker 2:

And so when, when we talk about meaningful use, so, you know, when I hear EHR , uh , my mind kind of immediately goes to , um , the safe Harbor under the anti kickback statute , thinking about, you know, the recent changes to eliminate the sunset provision. Um, but talk to us a little bit about meaningful use. What does that mean? I think that's gonna come into play when we talk a little bit about some of the government's theory for fraud here.

Speaker 3:

Yeah. And meaningful use basically means that, you know, the government doesn't just want you to have an EHR system, the government wants to know that you are , um , using that system in your practice to the betterment of your patients. And there , for that reason, the government adopted certain requirements , uh, for what functions the HR has to be able to perform, for example, you know, and , and this goes deeper than, than , you know, my expertise in the it piece of it, but, but the systems need to be able to, you know, properly track , um , you know , uh , lab tests and results and report them on each patient need to properly keep track of time. Um , uh , and the length of , uh , certain , uh , uh , certain , um, uh, appointments , uh, in order to provide for proper ENM code usage , uh, for example, and, and correct ENM modify , uh , it needs to be able to , um, keep track of , um, you know, lab results, test results , as I mentioned before. And you need to be able to track prescription information. I think like we , like we discussed early on , uh, so that patients , uh , are safe and it improves patient safety and allows for , uh , quick check and quick communication of , uh, prescriptions that are the patient is presently on. Those are just some examples of kind of the , the functions that are at issue with these systems and why the government wanted them adopted.

Speaker 2:

And presumably, especially when we talk about, you know, sort of the, you know, coding and billing, the diagnosis codes, you know, making sure the accuracy of records that can only to our , you know , hopefully serve to improve it efficiency within the, you know, coverage and reimbursement system.

Speaker 3:

Yeah. And, and with, and with that accuracy. And with that, that, that approach, you know, with, with coding , um, came obviously requirements for audit trails. Um, you know, one thought is that if we can have an electronic system where you have an audit trail that can be created and followed , uh, it's going to help to , um, detect and to dissuade fraudulent activity. And so that's another function of these systems that the government coveted was , uh , a way to go back and be sure you had an accurate audit trail. And of course, if, if the audit trail is not accurate , um , that creates a whole other problem in this space. You ,

Speaker 2:

So , um, I wanna dig a little bit into some of the recent cases here into some of the government's theories. I read an article that you wrote , uh, uh, relatively recently, and you cite sort of three main theories. I'd love to hear if that's changed over time, but why don't you talk to us about, you know, some of the theories that , that the government's used to pursue fraud in the EHR space and, you know, what does that look like? And, and , and how have companies reacted?

Speaker 3:

Yeah, it's the three has kind of become four in my mind and just the way that I conceive it and, and , you know, actually spoke to at the, eh , a fraud and compliance form about this in 2020 when we were all, you know, sitting in our offices , uh , uh, you know, watching , uh , watching our, our continuing legal education and hopefully not doing other things at the same time. Uh , but , um, it , it , there's basically four areas that I think that the government has really worked in here the first and, and kind of the primary starting point of this was EHR donation fraud. Um, and in , in full disclosure, I was a USA in the middle district of Tennessee , uh, when, when the two, you know, kind of primary EHR donation fraud cases , uh, hit, and they were my cases. Um, so just speaking generally, and, and, and only with public knowledge on these, this is a situation where that safe Harbor in that exception that I referenced earlier were allegedly abused, where someone is where in a , a company is making a donation in , in the instances of my cases , it was U they were Uly testing companies , um, where, where donations being made to a practice. Uh, and, and it's not complying with those, with the , the safe Harbor and the exception , uh, after those cases. And , and again, you know , the timelines are not exact, but roughly speaking after those cases, you had , um , meaningful use certification fraud as the second category. I think of, and that's cases basically where the system itself, the EHR system that is being employed does not meet the certification requirements , um , to be used for a bio practice to get, you know, EHR adoption and meaningful use credit. And so the government's theory is that if you have a system that does not meet the certification requirements, any claims for meaningful use incentive payments are then rendered false. And so the district of Vermont has been very active in that space. Um, you know, they have done a significant amount of work , uh, with multiple settlements in that area over the last few years. Um, the, the kind of third category , uh, is, is kickbacks, EHR, you know, adoption kickbacks , um, district of Massachusetts had a recent settlement on this , um, uh , with Athena health district of Vermont. Again, some of their, their meaningful use certification fraud settlements also reference a kickback issue. And that's basically where a company, an EHR developer is paying a kickback to a referral source for another client . So for example, two physicians who've adopted their system , um , in the Athena how case , I think there was a program where they provided , uh , um , uh , a payment to former competitors , uh, who left the HR space to, to try to , uh , secure their, their clients. And so it's , it's more of a standard form kickback. And again, the theory being that it's related to a federal healthcare payment, because these meaningful use and adopt payments , um , were being , uh , made for the, for the physician that, that adopted the EHR , um, the, the fourth category, which is, is kind of what, what I spoke about in 2020 and, and what, you know, the most recent intervention in this area , um, seems to, to relate to, at least in , in part is what I refer to as substantive, EHR fraud. And that's a situation where it's not just about the adoption of the system or the meaningful use of the system , um, or it's where there's a functionality. If I can use consultants speak for a moment, my wife would be proud <laugh> , uh , in the system itself that is either allegedly causing a fraud , uh , or a false claim, or, or is exacerbating , um, or, or contributing to , uh , a fraud or a false claim that is, that is substantively , um, uh , uh , a problem, like for example, an up uploading , uh, would be an example , um, you know, the practice fusion case got, you know, did something like this, where you had, you know, the allegations of an opioid , um, uh, manufacturer , um, getting access to the system and being able to draft , you know, physician alerts , um, it's something in the actual functionality of the system that, that is allegedly contributing to the false claims.

Speaker 2:

So where do you see most of the government's effort to date? And , you know, when , when we talk about these four theories, the donation fraud, meaningful use certification, sort of, you know, traditional kickbacks for adoption, and then , um, you know, the EHR fraud, where , where are we seeing most , uh , government focus , most of the government focus here

Speaker 3:

So far, most of the focus has been in those, those first three categories. Mm-hmm , <affirmative> , um, I think it's trending toward the fourth. Um, you know, the EHR donation , um, fraud piece, as you mentioned briefly, you know, when we were talking before , um, that the , the, there of sunset , um , at least for certain providers, I know that, that, you know, in 2013, they sunset for urine testing companies, urine drug testing companies , um , which was before, you know, the , the claims came in for, for the cases I worked on. Um, and then meaningful use certification fraud. You know, the , I , I said the district of Vermont has done a no of those . And , um , they , they had recently filed an intervention , uh , in a case against modernizing medicine. That includes those types of claims. Um , at least on the, on the relaters complaint, it does, we're still waiting on the government's complaint on that, which I think is gonna be fascinating to read. Um, EHR kickbacks have been the hottest area. I think lately you had Athena health, they were a , there were allegations in the , in the other Vermont cases, eClinical works in Greenway about kickbacks along the same lines. Um, you know, kickbacks are , are always there , um, as, as the, you know, as the meaningful use payment system and the claims that are associated with it wind down, it seems to me like kickbacks, and then Morgan , this substantive fraud, alleged fraud, where you've got questions about the actual function of the EHR. It seems to me that that over the next few years is where that's gonna trend, which is why I found the modernizing medicine related complaints. So interesting because it, again, kind of follows this pattern. It , it talks about meaningful use fraud. It makes allegations about kickbacks, and then it goes, oh, wait a minute. And also there are problems in the system that they're alleging or causing false claims to be submitted on the actual claim itself, as opposed to indirectly through the meaningful use system,

Speaker 2:

Chris, I can't help, but , um , analogize to some more traditional, false claims act matters. And in fact, you know, when I'm , when you meaningful use certification , I think it's almost like , um , you know , uh , uh , quality issue or , uh , you know , uh , mislabeling of a product when you mention the substantive EHR fraud. I almost think it's almost like an off-label claim. Um , in that sense, I mean, do you think that at some point , um , EHR fraud related false claims act cases will sort of become the norm, just like we see with , uh , you know, off-label, you know, AKs issues in the life sciences industry, for example,

Speaker 3:

It , it's funny that you mention quality because in reading the now unseed modernizing medicine complaint out of the , uh , from the later in the district of Vermont, that is, that is one of the allegations that there were system flaws in the EHR that cause clients to submit inaccurate reports under the physician quality reporting. And so yes, is the answer to your question. I think, I think that this is going to, to expand beyond meaningful use it . It's going to go into things like the, the P Q RS . Uh, and I think that it's a really interesting , um, area for the government and for , uh, you know, defense council in , in house council , in that, depending on the circumstances of the alleged fraud, it creates a situation where you have multiple targets. Yeah. Um, there was a case in the Southern district of New York, or excuse me, not the Southern district of New York, the Southern district of Florida , uh, recently where these types of mu certification fraud claims were dismissed. And in that case you had , um , you know , uh , uh , a community health systems was a name defendant, and you also had, of course the EHR company med host. And so it creates more complicated dynamics for defense and in-house counsel dealing with these claims. And it creates, you know, from a government perspective , uh, additional of opportunities for discovery , uh , and for areas of inquiry to try to show things like, you know, CN , um , you know, one of the, you know, going back to the modernizing medicine complaint from the later , um, you know, one of the, the allegations in there is that , uh, the EHR developer specifically marketed , uh , increased revenue and revenue optimization , uh , as a feature of its system. And while there's certainly nothing wrong with revenue optimization , uh, a from a related point of view or a government point of view, those types of promotions and marketing could be fruitful ground, or at least they would argue for discovery , uh, to try to find evidence of intent .

Speaker 2:

You know, Chris , I keep thinking also, while you're talking, what's the motivation behind the bad actors here, or I should say the alleged bad actors here. I mean, you know, from the EHR development , uh , developers , uh, you know, obviously the goal is to get their product in the hands of as many folks as possible. You know, what's your take on that? What are , what are the motivations

Speaker 3:

Here? Well, I mean, you know, having not been in a USA for a couple years, I can tell you that everyone's motivations are entirely pure. Uh, but, but in the, in the theoretical approach of, of, you know, what , what is the conception of, of, of the , the motivations? I mean, you nailed it. As far as the EHR developers, it's a very intensely competitive space. Um , and the , the argument is, look, it's, it's a classic kickback scenario where you are looking to promote adoption in a highly competitive space, and you are looking for ways to do that. And every once in a while, allegedly that line gets crossed from the, the perspective of the provider. Um, it's, it's, you know, anytime anyone tells you, Hey, we can optimize your revenue stream , um, and make sure you're getting paid for everything you're doing that obviously sounds appealing and appropriate. Uh, you know, the , the question is, are there situations where , uh , those functions, can he be abused either , um , by the end user, or is there a problem systemically that, that automatically does this , um , you know, takes these actions that the government finds problematic? Um , I can provide an example of, of the, kind of that contrast. Um , and again, full disclosure, I , I worked on, on this case briefly, but it , it , it was, you know, I , I left government before it was declined, but there's a declined now, unsealed matter , um, out of Tennessee where you had a , um, um, a , uh, long term , uh , uh , a home health company where there were all allegations that they , they were using EHR technology to up code their Oasis forms. And the allegations indicated that, Hey, you have the system that will let the end user know, Hey, if you change this coding within your Oasis , um, it's going to result in a large reimbursement for the period. And in that's situation, theoretically, you have an end user that is consciously using the technology in a way that, that would the government argue, be inappropriate in the modernizing medicine case. That that's just been unsealed in Vermont. The allegations from the later are that the system itself contained contained algorithms within it , um, that were automatically adding inappropriate modifiers to certain em codes , uh, that were resulting in an upcoding of the em codes that were being submitted for payment. And that was being done at least as I read the unsealed complaint , um , was being done without , uh, the knowledge of the end user, an allegation in there that if an end user fi figured out there was a problem and complained about it , um , that, that the, the , uh, defendant , uh , uh , developer would change that coding for that end user, but it would, the system would work the same for everyone else. Interesting. And so those are kind of those two different ways that you can look at a potential substantive fraud, EHR fraud situation.

Speaker 2:

So tell me, you know, if, if I am a GC at an EHR developer or a chief compliance officer for a large provider network, what should I be thinking about when I'm either looking to, or update my EHR system? Uh, you know, how can I ensure that , uh, you know, my folks on the developer side are , uh, you know, working , uh , uh, in , in , in tandem and in lockstep with, with the rules that are in place, what are some of your thoughts on that?

Speaker 3:

It's a fascinating question, because this is still a relatively new area and, and very few of these cases have gone into litigation, right? I mean, most of what we've talked about, you know, so far have been, have been settlements and resolutions. I think the concerns obviously are different if you're on the end user side versus , uh, the , the developer side, if you're on the developer side, I think you need to be conscious of, of the fact that this is an active space, that it's a hot space it's been able to priority by DOJ in the last couple of years, especially that the district of Vermont is, is doing some, some really impressive and consistent work on this. And I think you have to, you know, number one, watch out for those kickback issues, right? Um, you've got a sales force out there that is competitive. It's, it's in a competitive market. You've got people who are trying to , to make sales and you wanna make sure they've been properly trained , um, you know, for kickback concerns and that you , you have a hold over over your sales force that is marketing these systems. Uh, I think you also want to be obviously aware of the functions of your own system, not just to make sure that they're compliant with, with the certification requirements, but all also to be aware of anything that could be misused or misconstrued , um, down the line by an end user or by the government or a whistleblower. And to the extent that you have those, you know, again, revenue optimization is good. Mm-hmm , <affirmative> , there's nothing wrong with revenue optimization. There's nothing wrong with getting paid for what you do, but you do need to consider, are there certain safeguards we need to put in place? Are there certain, you know, disclosures , uh , that we need to make to our end users or warnings we need to give to our end users about proper use of these things for the end user? Uh, I think it's simply be aware of how your system functions , um, if, if you, you know, don't necess , you don't necessarily want to trust everything it does without checking it. And if you see a problem, raise the concern because ultimately an end user is the one usually submitting these claims. And so you are potentially gonna be on the hook, whether you knew what you were doing or not.

Speaker 2:

Chris Saba wise words really appreciate you joining us today. This has been really excellent and a great breakdown of some of the key issues facing EHR , uh, currently, and, and , and , and the fraud theories that we're, we're seeing any final words for our listeners today.

Speaker 3:

Uh, I just, Matt, I really appreciate y'all having me. It's it's I think a very interesting area that is gonna get developed a lot in, in litigation over the next , uh, next , uh, few years. And , uh, hopefully I'll, I'll be able to come back and, and talk to y'all again, after the government files its complaint and modernizing medicine. I think it'll be really interesting to see where they focus

Speaker 2:

Looking forward to it. Thank for joining us.

Speaker 3:

Thank you, Matt. Appreciate it.

Speaker 2:

Thanks also to our listeners and to HLAs members. I'm your host, Matt Wetzel, and please join us for another edition of the HLA fraud abuse podcast next month. Thank you .

Speaker 4:

Thank you for listening. If you enjoy this episode, be sure to subscribe to ALA speaking of health law, wherever you get your podcasts to learn more about ALA and the educational resources available to the health law community, visit American health law.org.