As more startups enter the healthcare space, health IT companies that aren't aware of the industry's unique fraud and abuse laws could draw the ire of investigators and face steep penalties, according to two federal prosecutors.
With an influx of new companies testing the waters of healthcare, navigating fraud regulations can mean the difference between a successful business model and a prison sentence, the officials with the Department of Health and Human Services (HHS) and the Department of Justice (DOJ) told audience members during a session at the HIMSS annual conference in Las Vegas.
What passes for an innocuous gimmick in one industry—a gym that offers a $25 credit for members who refer a friend, for instance—could lead to civil or criminal charges for companies and executives that work with providers.
“In healthcare that’s a crime; you go to jail,” said James Cannatti, senior counselor for health information technology at the HHS Office of the Inspector General (OIG). “It’s different and it matters. There are significant consequences.”
Cannatti spoke alongside Owen C.J. Foster, assistant U.S. attorney in the District of Vermont, who helped lead the investigation against eClinicalWorks, which culminated in a $155 million settlement last year. Although Foster avoided the specifics of that investigation, he recommended companies use that settlement and the corporate integrity agreement as a reference for compliance. He also warned that “buggy” code that poses a danger for patients opens companies up to increased liability.
Although fraud and abuse laws like the False Claims Act and the Anti-Kickback Statute have been on the books for decades, enforcement within the health IT industry is still in its infancy. For EHR vendors, a critical liability traces back to incentive payments made by the government to providers that installed certified EHR systems. In the eClinicalWorks case, federal prosecutors alleged the company falsified some of those tests to meet verification requirements, prompting improper payments to providers.
That’s an important lesson for any technology vendor: It doesn’t matter who the payment was made to, just that it was made by the government under false pretenses.
“What matters is you made a statement to make someone’s claim false, and therefore you are on the hook,” Foster told the audience.
Those risks have come to light during two Allscripts acquisitions over the last six months. As FierceHealthcare reported in January, an inquiry from Foster’s office, combined with the eClinicalWorks settlement, caused Allscripts to pull back an initial $250 million bid for Practice Fusion. Allscripts later purchased the company for $100 million but agreed to absorb any liability associated with the investigation.
McKesson, acquired by Allscripts last year, also received an inquiry from the DOJ.
Foster, who said it was his first time at HIMSS, likened the overwhelming nature of the conference in Las Vegas to a federal fraud inquiry.
“Its sort of like being in a DOJ investigation—you’re kind of bewildered and confused and you don’t know what’s going to happen or how to get out,” he said. “And in the end, you might have less money.”