In a June 12, 2017 report entitled, Medicare Paid Hundreds of Millions in Electronic Health Record Incentive Payments That Did Not Comply With Federal Requirements, the Department of Health and Human Services, Office of Inspector General (OIG), reported the results of a study into payments that the Centers for Medicare & Medicaid Services (CMS) made to providers as part of an electronic health record (EHR) incentive program. The OIG found errors in approximately 12 percent of the sample population, and extrapolated the inappropriate payments from May 2011 to June 2014 to an estimated $729 million.
The Electronic Health Record Incentive Programs originated from the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009. The programs offer incentive payments to eligible professionals (EPs) over a five-year rollout period to encourage them to improve health care quality, safety, and efficiency through the use of EHR, among other things. EPs include physicians, podiatrists, optometrists, and chiropractors. To qualify for the program, EPs attest that they satisfy certain "meaningful use" requirements as to their EHR systems by self-reporting data through CMS's National Level Repository. EPs also elect to receive their incentive payments from Medicare or Medicaid within a given program year, but not both.
Meaningful use measures include core measures that must be satisfied in full, and a menu of ten additional measures, of which EPs must satisfy five. These involve demonstrating certain percentages of unique patients, patient visits, or other events that are migrated into various EHR systems. For instance, EPs attest to the percentage of patients seen by the EP that have medications entered on a computerized provider order entry, patients who are entered on certain problem lists (or noted as without problem), patients who benefit from the electronic transmission of prescriptions, or patients who have their demographics centrally recorded as structured data. The list continues, but the goal is to demonstrate a move towards tracking more patient records as structured electronic data.
For the three-year audit period, the OIG tested 100 EPs and found that CMS failed to make incentive payments according to the law in 12 percent of the tested population, and further found CMS's auditing and compliance measures deficient. The failures primarily stem from EP attestations that lack supporting documentation. The program was self-policed and the documentation may never have existed in some cases, or was too poor to justify the attestation in others. The OIG noted, for instance, that patient encounter documentation was missing, security risk assessments were missing, and other supporting documentation was insufficient.
The result is an estimated erroneous payment of $729 million of the total $6 billion in payments made during the audit period. Additionally, OIG found that CMS made EHR payments totaling $2.3 million to EPs who improperly claimed payment after switching between the Medicare and Medicaid incentive programs during the same program year.
The OIG recommends that CMS recover the EP payments that were identified as erroneous and review all EP payments to attempt recovery of the extrapolated loss of $729 million program-wide. The OIG also recommends that CMS conduct additional random samples and increase EP education on the program and its documentation requirements. CMS is advised to collect the $2.3 million paid to EPs who switched between Medicare and Medicaid incentive programs in the same program year, and edit the controls for that program to prevent further misuse.
Baker Donelson's Comments
Providers who participate in the EHR incentive programs should expect an audit of some sort as CMS attempts to recover hundreds of millions of dollars in unsupportable payments. CMS disagrees with OIG that its risk-based audits insufficiently capture the errors identified in the report, so it is unclear what steps CMS will take, if any, to implement additional auditing procedures. Nonetheless, with $729 million at stake CMS will be pressured to be proactive, and providers should be prepared to defend their incentive payments if their attestations were lacking sufficient documentation and support.
Further, providers may be exposed to False Claims Act liability if the ever-increasing whistleblower's bar seizes on this study to seek out new lawsuits from various employees of providers. To the extent providers discover their attestations may be lacking, repayment and self-disclosure may be the safer alternative to avoid the headache of defending a whistleblower suit.