Regulatory compliance is a major consideration when choosing an electronic health record solution for a provider agency. From billing, to HIPAA, to the design features of the solution itself, there are far and wide compliance implications to a provider’s choice of EHR vendor.
A recent case against an EHR vendor serves as a wake-up call to both providers and vendors to the importance of ensuring strict regulatory compliance in their electronic health record solutions.
An Instance of EHR Compliance Failure
In May 2017, The Office of Inspector General (OIG) under the U.S. Department of Health and Human Services (HHS) reached a settlement in a federal fraud case against a major EHR vendor. It was the first federal fraud case of its kind against an EHR vendor. The penalties resulting from the suit were severe, including $155M in settlement and increased oversight.
The fraud and false claims case stemmed from provider incentive payments paid out by the federal government under the EHR Meaningful Use Incentive Program, established under the HITECH law in 2009. Under this program, eligible health care providers could receive payments up to $63,750 for the adoption and ‘meaningful use’ of electronic health records that are approved through a certification for the program.
In this case, the EHR vendor falsified information and misled both authorities and their provider agency clients about the features and functionality of their solution, stating that it complied with meaningful use requirements. Because of this misrepresentation, it caused provider agencies claiming Meaningful Use Incentive Payments to be in violation of the federal False Claims Act as the EHR solution was not actually compliant.
The case represented a watershed compliance moment for the relationship between providers and their EHR vendors. It drives home the point that the relationship between provider and vendor is no longer that of just a partnership, it is really a marriage. The case also alerts providers to the implications of non-compliance, and the importance of seriously weighing compliance considerations when choosing an EHR solution.
Key EHR Features to be Wary of When Selecting your EHR Solution
There are several features of EHRs that can add unnecessary compliance risk for both providers and vendors. These features generally add risk by reducing or altering documentation, or deviating from a person-centered approach to care. These can include:
- Copy-paste or cloning of information from one patient record to another.
- Build-a-sentence or auto-document creation features in a record.
- This feature can make sense in cases where the informational category has very limited selections or possibilities.
- Allowing for the retroactive alteration of a note.
- Allowing for the ability to suspend the audit trail within a record.
- Providing alerts on evaluation or management codes, which could encourage the practice of up-coding.
- The lack of a narrative field in a record.
- If the EHR allows the adding of vital information prior to a visit.
- If the EHR allows a user to refrain from entering any mandatory information.
When selecting an EHR vendor and solution, it is important to fully understand and ask about how the day-to-day features such as these can affect your organization’s compliance program and risk.
Tyler Blake is a Compliance Policy Analyst with MediSked, focusing on compliance and regulatory research. He is a graduate of Albany Law School where he received his joint JD/MBA in healthcare management.