Last week the Department of Justice (DOJ) announced a $57 million settlement with electronic health record (EHR) software vendor Greenway Health LLC (Greenway). According to DOJ, Greenway violated the False Claims Act (FCA) by fraudulently obtaining certification of its software and misrepresenting its software's capabilities to customers, thereby causing its customers to submit false attestations of "meaningful use" of EHR technology when seeking to qualify for incentive payments available through the Medicare and Medicaid EHR Incentive Program. The complaint also alleged that Greenway illegally paid kickbacks to customer in exchange for recommendations to prospective new customers.

This matter has strikingly similar facts to a settlement with another EHR vendor, eClinicalWorks, which was announced in 2017. As noted in a previous post, eClinicalWorks, along with its founders and several employees, agreed to pay $155 million to settle allegations that the company caused clients to submit false statements because (like Greenway) it misrepresented its software capabilities to falsely obtain certification. The case also involved similar kickback allegations. In the press release regarding the Greenway case, the Vermont U.S. Attorney's Office noted that in the last two years it has resolved "two matters against leading EHR developers" involving "significant fraudulent conduct" and that the two cases are the largest recoveries in the District's history. While the eClinicalWorks settlement arose as a result of a qui tam case, the District apparently initiated its own investigation of Greenway, which leads one to speculate whether the District identified an opportunity following the eClinicalWorks case and chose to pursue similar (and seemingly lucrative) matters. Given the seriousness of the government's allegations – particularly claims of potential patient harm – it is surprising that these matters did not give rise to any criminal liability.

Both companies agreed to enter into a Corporate Integrity Agreement (CIA) with the HHS Office of Inspector General (HHS OIG), and the terms of those CIAs are arguably more burdensome than a typical CIA. In addition to including the usual compliance-related provisions and review of arrangements with health care providers, both CIAs require an independent assessment of software quality control and compliance systems, and notification to HHS OIG as well as customers regarding patient safety-related issues. In addition, both companies agreed to make customers whole by providing a free upgrade or the opportunity to migrate to another vendor at no charge. The onerous nature of these CIAs is illustrated by the fact that eClinicalWorks paid a penalty of $132,500 for failure to comply with its obligation to timely report patient safety issues.

Finally, these cases signal a trend discussed during our recent Health Care Enforcement Year in Review and 2019 webinar: the government's increasing interest in expanding the scope of potential defendants in qui tam cases, presumably in an effort to maximize recoveries. Another good example is DOJ's intervention in a FCA case brought last year against a compounding pharmacy, two of its senior executives, and the private equity firm that owned a controlling interest in the pharmacy. This case – which was discussed in a previous post – received a great deal of attention because it is reportedly the first FCA case to be brought by the federal government against a private equity firm. It remains unclear whether these cases represent isolated instances or a new trend in FCA litigation, but at a minimum they are a cautionary tale for companies doing business with or investing in the health care sector.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.