Health Care Law

A wise person learns from the mistakes of others; and recently, the health IT industry was afforded such a learning opportunity by a well-known EHR platform.

athenahealth, Inc. (Athena), an industry-leading EHR vendor, agreed to pay $18.25 million to resolve allegations that it violated the False Claims Act by paying illegal kickbacks to generate sales of its EHR product, athenaClinicals.

The United States Department of Justice (DOJ) alleged that Athena violated the Anti-Kickback Statute (and by extension the False Claims Act) through three marketing programs. First, Athena allegedly invited prospects and customers to all-expense-paid sporting, entertainment and recreational events. These lavish, “bucket list” events included trips to the Masters Tournament and the Kentucky Derby, along with complimentary travel, luxury accommodations, meals and alcohol. Second, Athena allegedly paid illegal fees to its customers through its “Lead Generation” program designed to identify new prospective customers. Third, Athena allegedly made deals with competing companies that were discontinuing their health information technology products. Pursuant to those “Conversion Deals,” the other companies agreed to refer their clients to Athena, and Athena paid competitors based on the value and volume of practices that were successfully converted into Athena customers.

Athena’s missteps highlight the danger to health IT platforms in incentive-based sales strategies. “Kickbacks corrupt the market for health care services,” said Andrew Lelling, the United States Attorney who brought suit against Athena. The DOJ “will aggressively pursue organizations that fail to play by the rules,” Mr. Lelling said, emphasizing that “EHR companies are no exception.” Nor is any type of health IT platform, it should be emphasized. While health IT platforms are justifiably concerned with HIPAA compliance, their greatest legal threat comes from their sales arrangements, since these arrangements typically involve payments by providers or health plans that are made, at least in part, with federally-funded health care dollars. Any time a potential or current client is offered something of value as an inducement or reward for entering into a contract paid with federally-funded dollars, a health IT platform steps squarely into the crosshairs of the Anti-Kickback Statute.

Health IT platforms should never permit their sales teams to offer discounts, free trial periods, reduced or zero-priced ancillary services, or any other incentive without obtaining legal counsel before the incentive is discussed with the potential client. Some incentives can be structured to meet the Discount Safe Harbor to the Anti-Kickback Statute; however, the potential client must agree to the documentation requirements for such a safe harbor, such as including the required annotations on all invoices. What will never be permissible are the types of “pay for play” incentives identified in the Athena settlement. Likewise, an individual or an entity can never be provided with any form of remuneration in exchange for a referral. To that point, the Discount Safe Harbor can never be used to shelter a discount given to a client for referring or even introducing another potential client.

While Athena managed to escape with a settlement of “only” $18.25 million, recent DOJ settlements with IT platforms have resulted in much larger penalties, including $57 million paid by Greenway Health, $63.5 million paid by Inform Diagnostics, and $155 million paid by eClinicalWorks.

Some commentators have noted that Athena seems to have “gotten away” with a mere $18.25 million settlement. However, the fine print of the Athena settlement grants the government a host of further remedies, including exclusion of the company from participation in federal healthcare programs. As a quick reminder, health plans and providers cannot do business with any entity that is excluded from participation in federal programs, meaning that “exclusion” is fatal to any health IT platform.

Lastly, the Athena settlement reserves to DOJ the right to continue with criminal prosecution, including prosecution of individuals. It may be that Athena’s settlement agreement is merely an opening act for the company, and for the individuals who engaged in or permitted these kickbacks. Either way, Athena’s travails should be a stark reminder that existential dangers are inherent in incentive-based sales techniques. To learn more about permissible incentive models under the Anti-Kickback Statute, please contact PLDO Partner Joel K. Goloskie at 866-353-3310 or email jgoloskie@pldolaw.com.

There has been much ado lately about a newly-revealed joint venture between Ascension Medical Group and Google. Ascension is the nation’s largest non-profit health care system; Ascension Medical Group is the company’s subsidiary physician group, with facilities in more than twenty states. Google is, well, Google. The joint venture being undertaken by these industry behemoths is known as “Project Nightingale.” Ascension and Google describe Nightingale as a treatment-focused initiative, designed to facilitate access and use of data in the medical records of Ascension’s patients. It also involves migrating Ascension’s data from proprietary storage to Google’s cloud-based storage. The software tool developed from this initiative allegedly makes it easier for a doctor to access and use specific patient data such as recent test results, medications, and more.

The initiative appears to be squarely of the type that HIPAA (the package of laws that protect a patient’s privacy) would permit to be undertaken by a provider’s “business associate.” The two companies assert that they have signed a business associate agreement (“BAA”), and also assert that the terms of the agreement prohibit Google from using Ascension’s PHI (Protected Health Information) for any other purpose than for provisioning this tool for use by Ascension clinicians. Further, the BAA allegedly prohibits Google from combining Ascension’s patient data with Google consumer data.

Nightingale is now under scrutiny from the HHS Office of Civil Rights (“OCR”), the office charged with enforcing HIPAA. The agency’s examination comes as no surprise given the controversies around Big Tech companies’ mass collection of data, privacy rights and who exactly has access to personal information and why. To help health care providers and consumers understand the issue, PLDO health care attorney Joel K. Goloskie explores the Nightingale controversy in his latest advisory, Project Nightingale and the Take-Away Lesson for Providers and Payors. The thought-provoking article provides readers with information as to why Nightingale has received such a storm of whistleblower complaints, public backlash and now, an OCR investigation. If you have questions on Project Nightingale or need assistance for your organization, please contact Attorney Goloskie at 401-824-6100 or email jgoloskie@pldolaw.com.

Disclaimer: This blog post is for informational purposes only. This blog is not legal advice and you should not use or rely on it as such. By reading this blog or our website, no attorney-client relationship is created. We do not provide legal advice to anyone except clients of the firm who have formally engaged us in writing to do so. This blog post may be considered attorney advertising in certain jurisdictions. The jurisdictions in which we practice license lawyers in the general practice of law, but do not license or certify any lawyer as an expert or specialist in any field of practice.