OIG fines eClinicalWorks $132,500 for patient safety reporting failures

More than a year after agreeing to a massive settlement to resolve claims it falsified EHR certification standards, eClinicalWorks has been fined for failing to report patient safety issues with its software to regulators within a specified timeframe, violating an agreement with the federal government.

Earlier this month, the Office of Inspector General fined eClinicalWorks $132,500 for violating the terms of its corporate integrity agreement (CIA). The five-year agreement was signed as part of a $155 million settlement with the Department of Justice in May 2017 after federal prosecutors alleged the company knowingly caused providers to submit falsified EHR incentive payments by circumventing federal certification requirements.

According to OIG spokesperson Melissa Rumley, eClinicalWorks self-identified “a number of patient safety issues” since the CIA took effect last year but failed to submit reportable event notifications for “all or a significant portion” of the issues in a timely manner.

The Massachusetts-based EHR vendor reported the issues to the OIG on June 11, including "numerous Reportable Event disclosures that had not been previously or timely filed,” Rumley said in an email to FierceHealthcare.

Rumley did not specify exactly what the patient safety issues were or who else notified the OIG of the reportable events.

RELATED: eClinicalWorks settlement hints at broader certification infractions throughout the EHR industry

Among several definitions in the eClinicalWorks’ CIA (PDF), a reportable event is described as “a Patient Safety Issue or any identified instance of actual or suspected patient harm related to the EHR Software.” In the event of a patient death, injury or hospital readmission, the company is required to report the event to OIG within 48 hours. All other events must be reported within seven days of identifying or resolving the issues—whichever comes first.

It appears the reports did not reach the level of actual or suspected patient harm. Instead, Rumley says the fine is associated with eClinicalWorks' failure to report the patient safety issues within a 7-day time frame. The company also violated a clause that requires it to report details of the event to its Software Quality Oversight Organization, created as part of the CIA.

"Under our Corporate Integrity Agreement, certain events must be reported to the OIG," eClinicalWorks spokesperson Bhakti Shah said in an emailed statement. "We have consistently sought to do so in a complete and timely manner to comply with the CIA, including by reporting such events to customers on our portal. The OIG determined that certain reports were not timely provided to it and assessed this penalty. We have paid the penalty and enhanced our processes to ensure timely reporting going forward."

While OIG can impose a stipulated penalty of up to $2,500 per day for each day the company violates requirements of the agreement, the agency has discretion over the total amount, according to Rumley. 

Stipulated penalties are typically issued by the enforcement agency following some back-and-forth with the company in question. The OIG often works with organizations to obtain more information or documentation when a suspected CIA violation occurs rather than immediately issuing a stipulated penalty.

“There were communications between eCW and OIG relating to eCW’s noncompliance prior to OIG assessing penalties,” Rumley said.

The eClinicalWorks settlement marked a turning point for the industry, and in some respects altered the trajectory of a pending acquisition between Allscripts and Practice Fusion, which received an investigative demand from the DOJ in March 2017. Several other EHR vendors, including McKesson and NextGen Healthcare, have received similar demands from federal prosecutors.

Editor's Note: This story has been updated to include a clarification from the OIG spokesperson regarding the disclosures filed by eClinicalWorks on June 11.