Electronic health record (EHR) company Greenway Health recently settled False Claims and Anti-Kickback charges with the U.S. Department of Justice (DOJ) for $57.25 million, less than a year after another vendor settled a False Claims case for $155 million. The cases should make risk managers more aware of the potential liability hospitals and health systems could face from using EHRs tied to fraud charges.

The DOJ could pursue criminal charges in the future, which could lead to hospitals being swept up in conspiracy allegations.

The DOJ alleged that Greenway caused its users to submit false claims to the government by misrepresenting the capabilities of an EHR product. Prosecutors also claimed that the company provided unlawful remuneration to users to induce them to recommend the product.

Assistant Attorney General Jody Hunt, JD, of the DOJ’s Civil Division, explained in a public statement that the alleged fraud was related to provisions of the American Recovery and Reinvestment Act of 2009 that established the Medicare and Medicaid EHR Incentive Program to encourage “meaningful use” of EHR technology. Users could receive incentive payments if they adopted certified EHR technology and met certain requirements relating to its use.

The DOJ contends that Greenway falsely obtained 2014 Edition certification for its product when it concealed from its certifying entity that the product did not fully comply with the requirements for certification. Prosecutors cited several faults, including that Greenway’s product did not incorporate the standardized clinical terminology necessary to ensure the reciprocal flow of information concerning patients and the accuracy of electronic prescriptions.

Greenway modified its test-run software to deceive the company hired to certify the program into believing that it could use the requisite clinical vocabulary, prosecutors alleged.

Government Claimed Kickbacks

The meaningful use incentive payments also required healthcare providers to provide patients with clinical summaries following office visits. The government alleged that Greenway was aware that an earlier version of the software, which was certified to 2011 Edition criteria, did not correctly calculate the percentage of office visits for which its users distributed clinical summaries and thereby caused certain users to falsely attest that they were eligible for EHR incentive payments.

“Greenway refrained from rectifying this error in order to ensure that its users would receive incentive payments,” Hunt’s statement explained. “As a result, numerous users of this earlier version of Prime Suite falsely attested that they were eligible for EHR incentive payments when, in fact, they had not met all necessary use requirements.”

DOJ also accused Greenway of violating the Anti-Kickback Statute by paying money and incentives to its clients for recommending Prime Suite to new customers.

Greenway Health CEO Richard Atkin issued a statement noting that “The settlement is not an admission of wrongdoing by Greenway, and all our products remain [Office of National Coordinator for Health Information]-certified. This agreement allows us to focus on innovation while collaborating with our customers to improve the delivery of healthcare and the health of our communities.”

DOJ Showing Aggressive Stance

Although the defendant in this case was a vendor, healthcare risk managers should take note of the DOJ’s prosecution, says former assistant United States Attorney Jason Mehta, JD, now an attorney with the Bradley law firm in Tampa, FL.

“The Greenway Health settlement is reflective of the government’s keen interest in focusing on compliance and accountability of healthcare companies of all stripes, be they clinics, hospitals, or even software developers,” Mehta says. “From the same office that just months earlier announced another settlement with an electronic health record company, the U.S. Attorney’s Office in Vermont is demonstrating a proficiency in software coding and meaningful use requirements."

For hospitals and health systems that rely on EHRs, the future is a bit uncertain, Mehta says.

“The government has not yet signaled an interest in pursuing customers who used faulty EHR systems,” he says. “But given the government’s aggressiveness to date, providers are not out of the woods yet.”

A few lessons can be gleaned from this most recent settlement, Mehta says. First, most vendors like Greenway Health update their software with routine updates, many of which are focused on emerging compliance requirements. Therefore, customers of Greenway Health would be well-served by applying any software updates.

Second, companies focused on innovation would be wise to use this settlement as a warning and a reminder that all new innovative software, techniques, and procedures need to be fully vetted for compliance prior to deployment, Mehta says.

“Third, and finally, clinicians and hospitals alike would be wise to remember the old adage that an ounce of prevention is worth a pound of cure,” he says. “Nowhere is that more true than in the world of modern regulated medicine.”

Criminal Prosecution Possible

The Greenway Health settlement should worry hospital and health system risk managers, says Sarah Hall, JD, a former federal white-collar crime prosecutor and now senior counsel with the Thompson Hine law firm in Washington, DC.

“Hospitals and health systems that contract with EHR vendors and rely on their integrity should now be on notice that the biggest players in the healthcare fraud enforcement space — Main Justice, U.S. Attorneys’ Offices, the FBI, and HHS-OIG — are looking closely at EHR companies,” she says. “Although the Greenway case was resolved by the government civilly, these are the same enforcement agencies who can and do refer cases for criminal prosecution. DOJ is not mincing words. They are likely probing the EHR industry as a whole.”

Healthcare organizations that contract with EHR vendors should pay attention to this settlement and use it as an opportunity to take a close look at their business arrangements with EHR vendors, Hall says.

“If the next EHR case goes criminal, the concept of conspiracy is a flexible one in the hands of a prosecutor,” she says. “Healthcare organizations could be dragged into the criminal realm if they knew or participated in the use of noncompliant EHR products, had unusual business relationships with such vendors, or submitted false claims to Medicare, Medicaid, or other healthcare programs based on known faults with the EHR products.”

Hospitals and health systems that contract with EHR vendors should audit their financial relationships with such vendors to ensure that there are no Anti-Kickback Statute issues at play, Hall says. Specifically, they should make sure neither they nor their subsidiaries are, or have, contracted with Greenway. Next, they should ensure that any EHR vendors they use are not providing them any money or incentives to recommend them to prospective new customers.

“In the Greenway case, these kickbacks were disguised as gifts, discounts, credits toward fees, and various Ambassador Programs and Reference Programs,” Hall says. “Healthcare organizations need to drill down on the precise financial relationship that is actually happening on the ground and should consider using internal audit or compliance departments to do such investigation, or engage qualified outside counsel.”

Don’t Assume Vendor Compliance

Most healthcare organizations, including larger hospital systems that deal with large, established EHR vendors, assume that their vendors are fully compliant with the myriad healthcare regulations governing the industry, notes Damaris Medina, JD, an attorney with the Buchalter law firm in Los Angeles. The two EHR settlements show that is not always the case, she says.

“With this settlement, the government is sending a clear message that it has identified meaningful use and the use of EHR technology as an area of potential fraud, and it has committed resources to investigate and pursue EHR companies for improper conduct,” Medina says. “Healthcare organizations have ultimate responsibility for their documentation and claims submission, their patients’ health information, their relationships with vendors, and the representations they make to the government through the use of vendors’ products.”

While this settlement was directed at the EHR company itself, it is not difficult to envision a situation where an unwary healthcare organization contracts with a bad actor and is exposed to liability through its purported “knowledge” of the bad acts, Medina explains. The False Claims Act’s definition of “knowledge” doesn’t just include actual knowledge, she says. It also includes deliberate ignorance or reckless disregard of the truth or falsity of information. Intent is not necessary for False Claims liability, she notes.

“A healthcare organization’s first line of defense is always to perform due diligence and run any contract and/or relationship it enters into through legal review and its compliance process. Even if providers were not aware of the alleged false certification issues, or the improper metrics formula allegedly used for incentive payments under the meaningful use program, a legal evaluation and compliance review by the provider prior to involvement in these 'Ambassador' and 'Reference' programs may have raised some important flags that would have caused the provider to ask more questions or otherwise reconsider doing business with the vendor,” Medina says.

“Healthcare organizations, and especially hospital systems — which have substantial leverage with these companies — can also negotiate various safeguards into their EHR contracts, such as indemnity clauses, disclosures, and warrantees, and specific compliance clauses that can afford them some additional protection.”


• Sarah Hall, JD, Thompson Hine, Washington, DC. Phone: (202) 263-4192. Email: sarah.hall@thompsonhine.com.

• Jason Mehta, JD, Bradley, Tampa, FL. Phone: (813) 559-5532. Email: jmehta@bradley.com.

• Damaris Medina, JD, Buchalter, Los Angeles. Phone: (213) 891-5224. Email: dmedina@buchalter.com.