eClinicalWorks settlement hints at broader certification infractions throughout the EHR industry

lawsuit and book
Legal experts say the eClinicalWorks case may prompt future False Claims Act litigation from the federal government.

EHR company eClinicalWorks, which recently paid $155 million to resolve allegations it falsely certified its EHR software, isn't the only vendor that has taken liberties with certification criteria, sources tell FierceHealthcare.

Although the details outlined in the Department of Justice's lawsuit earlier this week indicate the Massachusetts-based software company may have been the most egregious offender when it came to circumventing EHR certification requirements, two former officials with the Office of the National Coordinator for Health IT (ONC) say they routinely deal with EHR software that doesn’t do what it was certified to do.

RELATED: eClinicalWorks pays $155M to settle claims it falsified EHR certification

“I don’t think anybody has been as bold as [eClinicalWorks], but I do think there are other companies that push the envelope a little bit,” says Jacob Reider, M.D., CEO of the Alliance for Better Healthcare and a former deputy national coordinator for health IT at the ONC, told FierceHealthcare.

Whether that leads to additional False Claims Act lawsuits in the future remains to be seen, but legal experts say the settlement serves as a sign that the Department of Justice is willing to pursue egregious offenders that shirk EHR certification requirements. 

eClinicalWorks has denied any wrongdoing, noting that the company elected to settle to avoid a drawn-out legal battle.

“Today’s settlement recognizes that we have addressed the issues raised, and have taken significant measures to promote compliance and transparency,” Girish Navani, CEO and co-founder of eClinicalWorks, said in a statement on Wednesday.

However, several allegations in the eClinicalWorks lawsuit stood out. Federal prosecutors claimed that rather than programming the software to retrieve thousands of drug codes from a database, eClinicalWorks hard-coded 16 drugs into the software to satisfy the certification testing requirements. Prosecutors claimed the system was unable to accurately display medication and lab results, creating “a significant risk for patient health and safety.”

The DOJ also alleged that the company’s software failed to meet the ONC’s data portability requirements, which would allow providers to export summaries of patient data. Responding to user concerns, an eClinicalWorks employee said he didn’t think the company wanted “to make it easy to extract tons of patient data,” according to the lawsuit.

This is a common issue among EHR software vendors, according to Farzad Mostashari, co-founder and CEO of Aledade and a former national

Farzad Mostashari
Farzad Mostashari

coordinator at ONC. His company works with 50 different vendors to extract data for physicians, but he said less than a third could export clinical data back to the provider. Sometimes, he’s been told that the software can export five records, but not 50,000 records, or that the provider needs to purchase an additional interface to unlock those capabilities.

“This approach to certification requirements is not unique to this one vendor,” he says.

Reider says he encounters the same approach from EHR developers he works with, noting that he had a conversation with a software company the same day the eClinicalWorks settlement was announced about data portability.

“First the company will say, ‘Oh that practice didn’t buy the version that we tested—they need the Lexus with the leather seats and they got vinyl,’” he says. “Then the next thing they’ll say is, ‘Pay us the service fee to enable this capability.’”

Potential for future litigation

For the EHR software industry, the eClinicalWorks settlement sends a clear message: Fix your certification gaps, or you may be staring down a similar legal battle.

“This is the first [lawsuit] and it’s not going to be the last,” Mostashari predicts.

That could be true for several reasons. First, the whistleblower in the case, a New York City government employee that discovered shortcomings while implementing the EHR software at Rikers Island, received $30 million for bringing the case. That could incentivize potential whistleblowers to take a closer look at the systematic shortcomings in their current software.

Second, the False Claims Act has been a lucrative legal avenue for the federal government for some time, and this EHR certification case could offer a new opportunity for additional recoveries. Last year, the DOJ recovered more than $4.7 billion through FCA cases.

Joshua Freemire, a healthcare and life sciences attorney with Epstein Becker Green in Baltimore, Maryland, says he’s not aware of any other investigations against EHR vendors, but added that he would be “very surprised if the government does not make an effort to return to a well that has been very fruitful.”

Jodi Daniel
Jodi Daniel

“The government has not been shy when it’s successful in going after company A for conduct it believes to be widespread, to investigate companies B, C, D, and F in the hopes of a similar settlement,” he says.

This is particularly true in cases where there are patient safety risks, says Jodi Daniel, the former ONC policy director, now a partner at Crowell & Moring, a law firm in the District of Columbia.

“I think we can’t overlook the patient safety component to this,” she says. “If there is activity on the part of a health IT developer that may cause patient harm or lead to patient safety risks, I think the government has shown that it has tools to intervene, and will do so.”

RELATED: Health IT Now asks Price to rein in ONC's 'mission creep'

Ultimately, both Reider and Mostashari argue that this case exemplifies why EHR certification is such a critical element of ensuring basic levels of patient safety within health technology like EHRs that are now a fundamental part of the healthcare system. Recently, organizations like Health IT Now have urged the Department of Health and Human Services to strip ONC of some of its regulatory and enforcement duties. 

“Without such a strong assurance and surveillance, and without that enforcement function, the temptation would be huge for these companies to do the absolute minimum necessary to pass the test,” Mostashari says.