Federal authorities are cracking down on abuse of the HITECH Act’s Meaningful Use financial incentive program as evidenced by the recent indictment of Joe White, former CEO of Shelby Regional Medical Center (“Shelby Regional”) in Tyler, Texas. A federal grand jury indicted White on charges of making false statements to the Centers for Medicare and Medicaid Services (“CMS”) and aggravated identity theft.
The American Recovery and Reinvestment Act of 2009 established incentive payments under the Medicare and Medicaid programs for eligible professionals (“EPs”) and eligible hospitals who adopt, implement, upgrade or demonstrate meaningful use of Certified Electronic Health Record Technology (“EHR”).
CMS is making available up to $27 billion in EHR incentive payments, or as much as $44,000 (through Medicare) or $63,750 (through Medicaid) per EP. The incentive programs were created to promote the use of health information technology in order to improve quality, maintain privacy and security of patient health information, and to reduce the cost of healthcare in the United States.
According to White’s indictment, it is alleged that he falsely attested to CMS that Shelby Regional met the Meaningful Use requirements for the 2012 fiscal year. However, Shelby Regional relied on paper records throughout the fiscal year and only minimally used electronic health records. Allegedly, to give the false appearance that the hospital was actually using certified EHR software, White directed its software vendor and hospital employees to manually input data from paper records into the EHR software, often times months after the patient was discharged and after the end of the fiscal year. Additionally, the indictment further alleges that White falsely attested to the hospital’s meaningful use by using another person’s name and information without that individual’s consent or authorization. As a result of the false attestation, CMS paid Shelby Regional over $785,000.
If convicted, White faces up to 5 years in federal prison for making a false statement and up to 2 years in federal prison for aggravated identity theft.
In light of this recent indictment, it is imperative that eligible hospitals and EPs participating in the EHR Incentive Program are in compliance with the HIPAA Security Rule and all other Meaningful Use attestation requirements. It is a specific requirement of the Incentive Program for eligible hospitals and EPs to conduct a security risk analysis of the practice to identify potential risks and vulnerabilities related to the confidentiality, integrity, and availability of electronic protected health information. It is important to note, when attesting to meaningful use, all providers may be subject to a meaningful use audit, since Congress has identified this program as a risk area for abuse.
The Health Law Partners has experience with respect to all HIPAA related matters and representing EPs, hospitals, and providers in Meaningful Use audits.
For more information, or for questions related to HIPAA or other regulatory concerns, please contact Clinton Mikel, Esq., or Adrienne Dresevic, Esq. at (248) 996-8510, or via email at firstname.lastname@example.org or email@example.com.