Electronic Health Records Creating a 'New Era' of Healthcare Fraud

Derek
Lewis was working as an electronic health records specialist for the
nation’s largest hospital chain when he heard about software defects
that might even “kill a patient.”

The doctors at Midwest (City) Regional Medical Center in Oklahoma
worried that the software failed to track some drug prescriptions or
dosages properly, posing a “huge safety concern,” Lewis said. Lewis
cited the alleged safety hazards in a whistleblower lawsuit that he and
another former employee of Community Health Systems (CHS) filed against
the Tennessee-based hospital chain in 2018.

The suit alleges that the company, which had $14 billion in annual revenue  in
2018, obtained millions of dollars in federal subsidies fraudulently by
covering up dangerous flaws in these systems at the Oklahoma hospital
and more than 120 others it owned or operated at the time.

The whistleblowers also allege that Medhost, the Tennessee firm that
developed the software, concealed defects during government-mandated
reviews that were supposed to ensure safety.

Both CHS and Medhost have denied  the
allegations and moved to dismiss the suit. The motions are pending.
Last month, Department of Justice lawyers wrote in court filings that
they were still investigating the matter and had not yet decided whether
to take over the case.

The lawsuit is one of dozens filed by whistleblowers, doctors and
hospitals alleging that some electronic health records (EHR) software
used in hospitals and medical offices has hidden flaws that may pose a
danger to patients — and that a substantial chunk of the $38 billion in
federal subsidies went to companies that deceived the government about
the quality of their products, an ongoing Fortune-KHN investigation
shows. The subsidies were designed to persuade hospitals and doctors’
offices to install software that would track the medical history of
every patient and share the information seamlessly with other healthcare
providers.

But the software makers allegedly gamed the system, repeatedly. Three
major EHR vendors have made multimillion-dollar settlement deals —
totaling $357 million — over Justice Department investigations which
include allegations that they rigged or otherwise gamed the government’s
certification test. At least two other companies are under
investigation.

Beyond those cases, federal officials have paid hundreds of millions
of dollars in subsidies to doctors and hospitals that could not show
they were even qualified to receive them, according to federal
officials. Nearly 28% of doctors and 5% of hospitals who attested to
meeting government standards later failed audits. Federal officials told
Fortune and KHN that they have clawed back $941 million in improper
subsidies.

“We’re entering an entirely new area of healthcare fraud,” John
O’Brien, senior counsel with the Department of Health and Human Services
Office of Inspector General, said in a July 2017 video  announcing a $155 million False Claims Act settlement  with eClinicalWorks, one of the nation’s leading sellers of EHRs for physicians.

The concern is not just over wasteful spending of tax dollars. EHRs
monitor the medicines people take and their vital signs, so software
glitches that prevent doctors from accessing files quickly, that mix up
patients or send vital test results to the wrong file can contribute to
serious injuries, or even deaths.

In March, Fortune and KHN revealed  that
thousands of injuries, deaths or near misses tied to software defects,
user errors and other problems have piled up in various
government-sponsored and private repositories.

“Ultimately, it’s about patients getting the right care,” Andrew
Vanlandingham, the HHS inspector general’s senior counselor for health
information technology, said in an interview. He said that investigators
are “gearing up” for more scrutiny of the important industry, including
closer monitoring to make sure that records software is safe.

Leaping Into The Digital Era

In 2009, Congress committed billions of dollars in economic stimulus
funds to bring the era of paper medical records to a close. Officials
hoped to cut down on medical errors caused by illegible paper records
and draw on the power of massive troves of medical data to drive down
the cost of healthcare and help develop improved treatments for disease.

The hastily devised plan offered Medicare doctors and other medical
professionals up to $44,000 and $64,000 in subsidies if they bought the
software and accepted patients on Medicaid, the federal healthcare
program for low-income people.

The money was intended to help them pay vendors to install EHRs in
their offices. Hospitals, which required more sophisticated and costlier
software, could receive millions in subsidies, based on the number of
inpatients treated. To give them a nudge, officials warned doctors and
hospitals that failure to wire up would trigger gradual cuts in their
Medicare payments. EHR vendors had to meet certification standards set
by the HHS Office of the National Coordinator for Health Information
Technology, or ONC.

Providers had to attest that their EHR software could perform a
variety of functions, which the government described as making
“meaningful use” of the technology.

Certification was essentially an open-book test in which the
government gave vendors the questions in advance — for instance, the
names of 16 or so drugs the system would have to prescribe
electronically to pass. The Justice Department has alleged that some
vendors simply doctored their software to pass the test — for example,
programming the required codes for just the specified 16 drugs they
would be tested on, rather than all medicines — as officials had
expected.

Frank Poggio who recently retired from a 45-year career in health
technology, saw the cases of fraud coming, he said, because the tests
“were superficial, and if you wanted to game it, you could game it.”

Poggio said there were many weaknesses in the system that allowed a vendor to show a “prototype” as opposed to live software.

Dr. Scott Monteith, a Michigan psychiatrist who served as an early
certification juror, said he saw some limitations firsthand. He said one
vendor took 30 minutes to produce a list of patients who had diabetes
and also smoked, data he figured any computer program should be able to
spit out in seconds. The vendor passed.

“That’s an example of how poorly thought-out the whole thing was,”
said Monteith, who noted he was then, and still is, a big booster of
EHRs.

Jeffery Daigrepont, a senior vice president at Coker Group, a firm
that advises health providers on business decisions, said the government
erred by handing out too much money in the early stages of the program,
when many doctors and hospitals had not yet done much more than agree
to participate.

“It was an upside-down pyramid,” he said. “You got the bulk of the money for doing the least amount of effort.”

Dr. John Halamka, a physician and Harvard Medical School professor
who chaired the ONC standards committee, which wrote the certification
rules, defended the process.

“The only problem [with certification] is that it presupposed that
the product the vendor certified would be the same product they sold,”
Halamka said. “It presupposes that people will go into the certification
process and participate in good faith.”

That did not always happen in the rush to snatch up subsidy dollars,
according to the whistleblowers’ suits. The Justice Department case
against eClinicalWorks, which has 130,000 providers, accused the company
of rigging tests to win certification, claims the company has denied.
The company did not respond to numerous requests for comment.

The government accused Greenway Health, a Florida-based EHR developer
with 75,000 providers, of doing the same thing. The DOJ’s complaint
included a number of instant-message exchanges between Greenway
employees in which they allegedly discuss their plan for gaming the
certification process by “shortcutting some functionality” of the
software. In February, Greenway Health settled with the government  for just over $57 million without admitting wrongdoing.

The whistleblower case filed by Lewis and former co-worker Joey
Neiman accuses the CHS hospital chain of submitting more than $385
million in false claims for EHR stimulus payments between 2012 and 2014.

Visiting the Oklahoma hospital as part of a troubleshooting team in
June 2015, Lewis heard that physicians worried flaws in the system could
result in patients being sent home “with the wrong drugs, doses or
instructions,” according to the suit.

Things got so bad that local doctors were threatening to admit
patients elsewhere unless the hospital fixed the software problems,
according to the suit.

In a statement, CHS said it had “complete confidence” in its records
systems. “The allegations made in the lawsuit against our hospitals are
completely without merit,” the company said. Medhost denied its software
has flaws, noting in its statement : “Hundreds of facilities have successfully used our software over the years and continue to do so today.”

Few in the industry seemed surprised by such allegations. When news
of the eClinicalWorks case broke, Farzad Mostashari, who led the ONC
from 2011 to 2013, tweeted :
“Let me be plain-spoken. eClinicalWorks is not the only EHR vendor who
‘flouted certification/misled’ customers. Other vendors better clean
up.”

The Electronic Health Record Association, a trade group that
represents more than 30 vendors, did not respond to a request for
comment. However, vendors have argued that they faced a tangle of
regulations that required them to meet constantly shifting standards
that government officials often could not explain.

ONC officials declined to answer written questions. But in a
statement, ONC said it takes steps to ensure that products “are safe for
patients and usable by providers.”

System Glitches And Accusations Of ‘Gaming’ The System

While the ONC sets the standards, the federal Centers for Medicare
& Medicaid Services (CMS) had the job of paying doctors and
hospitals that attested to meeting the “meaningful use” criteria. As of
September 2018, CMS had paid out $38.4 billion in these funds.

In 2012, CMS hired accounting firm Figliozzi and Co. of Garden City,
N.Y., which audited almost 50,000 medical professionals. Nearly 28%
failed, despite the fact that they had previously attested to meeting
the standards. Hospitals did better, posting a 5% failure rate. CMS
officials said they have recovered some $941 million in these improper
payments. The losses to the Treasury are likely far higher because only
14% of the medical professionals and 40% of the hospitals receiving
payments were audited.

Michael Arrigo, who has served as an expert witness in health
IT-related fraud and medical malpractice cases, said that in some cases
EHR vendors misled hospitals about the challenges of replacing paper
records with computers.

Others rolled the dice, apparently hoping the program was so large
and complicated that they were unlikely to be targeted for audit.
“Sometimes [providers] got away with it until a whistleblower found
out,” Arrigo said.

Reviewing state and federal court filings, Fortune and KHN found more
than two dozen cases, many filed by hospitals against vendors, which
depict chaotic EHR installations and safety concerns as they pursued
meaningful-use dollars.

Parrish Medical Center, a 210-bed public hospital on Florida’s Space
Coast, is one. In December 2010, the Titusville hospital contracted with
McKesson’s Enterprise Information Solutions. One of America’s largest
companies, McKesson said its product would be easy for doctors and
nurses to learn and help them “deliver high-quality, safe patient care.”

But the deal collapsed, prompting a bitter court battle in which the
hospital repeatedly assailed McKesson’s competence. For instance, the
hospital alleged that bugs in the software caused it to create more than
one record for the same patient, a flaw dubbed a “major safety issue.”

An expert hired by Parrish said he contacted eight other hospitals,
including three in Florida, which had dumped McKesson due to what he
called “poor or unsatisfactory customer service.”

The medical staff at one of those hospitals was “up in arms” because
it took 63 mouse clicks to look up a patient’s lab results, according to
the expert’s report.

Parrish later signed on with another EHR vendor and the suit has
since been settled. Both Parrish and McKesson declined to comment for
this story. McKesson sold its health IT business to Allscripts in
October 2017. Earlier this year, Allscripts reported to the Securities
and Exchange Commission that government attorneys have requested
documents from the company as part of an investigation into McKesson’s
certification.

In another lawsuit, Weirton Medical Center, a hospital in West
Virginia, stated in a court filing that it submitted “inaccurate”
meaningful-use data to the government ― though it blamed the vendor. The
hospital alleged the system failed to identify a patient who was
critically ill and in the hospital. The hospital declined to comment to
KHN and Fortune about the case, which has been settled.

Hamstrung By Technology?

ONC officials said they keep no log of complaints they receive.

A study  published
in JAMA this month found that 40% of the software that ONC singled out
for post-marketing review had flaws that could lead to patient harm,
including inaccurate drug codes, information displaying incorrectly and
decimal points gone missing.

That’s “a concerning number, and we have to do something to address
that,” said researcher Raj Ratwani, the director of the MedStar Health
National Center for Human Factors in Healthcare and a co-author of the
study. These systems were used in 786 hospitals and by 37,365 provider
organizations, according to Ratwani, who said there’s no way to know how
many defects have been fixed.

ONC has “decertified”  about
100 pieces of once-approved software products. But most were tiny
market players that had few or no users and went out of business.
PlatinumMD, which had just 48 “meaningful” users, is an example. In a
2014 whistleblower lawsuit, San Diego urologist Dr. Scott Brown alleged
that PlatinumMD filed for $18,000 in subsidies on his behalf even though
it had not yet fully installed his EHR. In February 2016, the defunct
company’s owners settled the case without admitting liability by paying
the government $180,000.

Another 132 government-certified products have been flagged for
corrective action due to “non-conformities.” As for the technology that
the government alleges was fraudulently certified, it’s still used in
healthcare settings across the country.

While those vendors faced multimillion-dollar settlements and now
must operate under the oversight of a government monitor, their
technology was not taken off the market. Nor were they dumped by many
customers who, for the most part, however dissatisfied, were stuck with
it.

ONC seemed to acknowledge that decertifying a large vendor would
cause a major disruption, noting in an October 2016 regulation: “Our
first and foremost desire would be to work with developers to address
any problems.”

In the regulations, ONC cited the costs medical providers would face
should their EHR vendor shut down as ranging from $33,000 to as much as
$650 million.

“It is very difficult to switch product,” said Steve Waldren, chief
medical informatics officer for the American Academy of Family
Physicians. “You couldn’t just go down the street and pick up another
EHR, put it in and move your data over.”

He noted that beyond the considerable cost of the technology, providers would have to take time to learn a new system.

“ONC does seem to have a stance that removing some of these players
from the market would be very disruptive,” said Brad Ulrich, a Tennessee
health IT expert. “They are almost too big to fail.”

This story originally was published on Dec. 23, 2018, by Kaiser Health News