eClinicalWorks' Breach - Tip of the Iceberg?
EHR vendor eClinicalWorks recently paid $155 million to settle allegations it falsely certified its EHR software, and legal experts say the case may prompt future False Claims Act litigation from the U.S. federal government.
In the lawsuit filed with the Department of Justice, it was alleged that rather than programming the software to retrieve thousands of drug codes from a database, eClinicalWorks hard-coded 16 drugs into the software to satisfy the certification testing requirements. Federal prosecutors claimed the system was unable to accurately display medication and lab results, creating “a significant risk for patient health and safety.”
Although the details outlined in the DOJ's lawsuit indicate the Massachusetts-based software company may have been the most egregious offender when it came to circumventing EHR certification requirements, two former officials with the Office of the National Coordinator for Health IT (ONC) say they routinely deal with EHR software that doesn’t do what it was certified to do.
“I don’t think anybody has been as bold as [eClinicalWorks], but I do think there are other companies that push the envelope a little bit,” said Jacob Reider, MD, CEO of the Alliance for Better Healthcare and a former deputy national coordinator for health IT at the ONC.
Whether that leads to additional False Claims Act lawsuits in the future remains to be seen, but legal experts say the settlement serves as a sign that the Department of Justice is willing to pursue violators of EHR certification requirements.
eClinicalWorks has denied any wrongdoing, noting that the company elected to settle to avoid a drawn-out legal battle. But in the lawsuit, the DOJ also alleged that the company’s software failed to meet the ONC’s data portability requirements, which would allow providers to export summaries of patient data. Responding to user concerns, an eClinicalWorks employee said he didn’t think the company wanted “to make it easy to extract tons of patient data,” according to the lawsuit.
This is a common issue among EHR software vendors, according to Farzad Mostashari, co-founder and CEO of Aledade and a former national coordinator at ONC. His company works with 50 different vendors to extract data for physicians, but he said less than a third could export clinical data back to the provider. Sometimes, he’s been told that the software can export five records, but not 50,000 records, or that the provider needs to purchase an additional interface to unlock those capabilities.
“This approach to certification requirements is not unique to this one vendor,” Mostashari says. “This is the first [lawsuit] and it’s not going to be the last.”
Image Credit: Pixabay
Published on : Tue, 6 Jun 2017
Print as PDF