Healthcare Risk Management: DOJ Pursuing EHR Vendors for False Claims, Kickbacks
March 2019

Don’t Assume Vendor Compliance

Most healthcare organizations, including larger hospital systems that deal with large, established EHR vendors, assume that their vendors are fully compliant with the myriad healthcare regulations governing the industry, notes Damaris Medina, JD, an attorney with the Buchalter law firm in Los Angeles. The two EHR settlements show that is not always the case, she says.

“With this settlement, the government is sending a clear message that it has identified meaningful use and the use of EHR technology as an area of potential fraud, and it has committed resources to investigate and pursue EHR companies for improper conduct,” Medina says. “Healthcare organizations have ultimate responsibility for their documentation and claims submission, their patients’ health information, their relationships with vendors, and the representations they make to the government through the use of vendors’ products.”

While this settlement was directed at the EHR company itself, it is not difficult to envision a situation where an unwary healthcare organization contracts with a bad actor and is exposed to liability through its purported “knowledge” of the bad acts, Medina explains. The False Claims Act’s definition of “knowledge” doesn’t just include actual knowledge, she says. It also includes deliberate ignorance or reckless disregard of the truth or falsity of information. Intent is not necessary for False Claims liability, she notes.

“A healthcare organization’s first line of defense is always to perform due diligence and run any contract and/or relationship it enters into through legal review and its compliance process. Even if providers were not aware of the alleged false certification issues, or the improper metrics formula allegedly used for incentive payments under the meaningful use program, a legal evaluation and compliance review by the provider prior to involvement in these ‘Ambassador’ and ‘Reference’ programs may have raised some important flags that would have caused the provider to ask more questions or otherwise reconsider doing business with the vendor,” Medina says.

“Healthcare organizations, and especially hospital systems — which have substantial leverage with these companies — can also negotiate various safeguards into their EHR contracts, such as indemnity clauses, disclosures, and warrantees, and specific compliance clauses that can afford them some additional protection.”

To read the full article click here.


  • Damaris Medina, JD, Buchalter, Los Angeles. Phone: (213) 891-5224. Email: [email protected]
  • Sarah Hall, JD, Thompson Hine, Washington, DC. Phone: (202) 263-4192. Email: [email protected]
  • Jason Mehta, JD, Bradley, Tampa, FL. Phone: (813) 559-5532. Email: [email protected]