This blog’s second post introduced a general legal and regulatory framework for certified EHRs, and the applicability of the antikickback statute to health IT vendors. It also referenced how the False Claims Act can create risk because of health IT’s relationship with physician reimbursement. On January 27, 2020, the Department of Justice (“DOJ”) executed a deferred prosecution agreement and a civil settlement with Practice Fusion, and what we know about the case and similar matters can inform readers about what it means for their businesses. This blog will cover the Practice Fusion case and what it means for your business in a series of posts. This one will focus on the Anti-Kickback Statute (“AKS”) allegations. A future post will discuss the civil and False Claims Act allegations.
A quick note on citations. This is meant to be a blog, not a law review article. Generally, I don’t feel the need to cite to everything written here. But in this case, we’re talking about a criminal settlement that has nuanced and sensitive legal issues in play. For the sake of accuracy when discussing statements around potential facts, I will be citing to the information filed against Practice Fusion by paragraph number (¶ #).
First though, let’s talk about enforcement actions against health IT developers in general. This is not an isolated trend. The Government, through a number of public venues, has a made it abundantly clear that it is targeting certified health IT for enforcement actions. This is the third action of its kind. The DOJ has recovered $331.25 million in civil fines from health IT vendors. It has a criminal case under its belt now as well, and for reasons that we’ll discuss shortly, that should terrify any health IT vendor who does not regulate the sale of their products like they are selling drugs. It should terrify physicians and hospitals too. Christina Nolan, United States Attorney for the District of Vermont, explicitly stated that this case “is another example of pioneering healthcare fraud enforcement by the talented Assistant U.S. Attorneys and staff of this U.S. Attorney’s Office, working with their partners in law enforcement. We cannot—and will not—tolerate technology companies influencing patient treatment merely because a pharmaceutical company provided a kickback.”
According to the press release:
“Practice Fusion executed a deferred prosecution agreement with the U.S. Attorney’s Office for the District of Vermont based on its solicitation and receipt of kickbacks from a major opioid company to arrange for an increase in prescriptions of extended release opioids by healthcare providers who used Practice Fusion’s EHR software. As detailed in the criminal Information made public today, Practice Fusion solicited a payment of nearly $1 million from the opioid company to create a CDS alert that would cause doctors to prescribe more extended release opioids. That payment was financed by the opioid company’s marketing department, and the CDS was designed with input from the marketing department. Practice Fusion and the opioid company entered the CDS sponsorship because they believed that the CDS would influence doctors’ prescriptions of extended release opioids. In marketing the “pain” CDS alert, Practice Fusion touted that it would result in a favorable return on investment for the opioid company based on doctors prescribing more opioids.”
Now, let’s contrast that with the AKS:
“Whoever knowingly and willfully solicits or receives any remuneration (including any kickback, bribe, or rebate) directly or indirectly, overtly or covertly, in cash or in kind— in return for referring an individual to a person for the furnishing or arranging for the furnishing of any item or service for which payment may be made in whole or in part under a Federal health care program, or in return for purchasing, leasing, ordering, or arranging for or recommending purchasing, leasing, or ordering any good, facility, service, or item for which payment may be made in whole or in part under a Federal health care program, shall be guilty of a felony (emphasis added).”
These allegations map against the statutory text pretty well. What makes this case unique compared to similar settlements is its inherent criminal, rather than civil, nature. The Statement of Facts, to which Practice Fusion has admitted, lays out a nasty fact pattern. A pharmaceutical company paid Practice Fusion $1,000,000 to develop certain Clinical Decision Support (“CDS”) tools. CDS are usually alerts to a clinician at the point of care, sometimes in the form of pop-ups. Based on the information in the health record the CDS makes recommendations about what procedures may be due to the patient. A CDS tool could provide a reminder that a specific patient over 65 might qualify for an annual wellness exam. That is a relatively benign example.
Here, the information claims that this CDS was designed to recommend opioids to a prescribing physician even when the recommendation fell outside of clinical guidelines established by the Centers for Disease Control (“CDC”) and the New England Journal of Medicine (“NEJM”). ¶¶ 84-87. The information states that:
“As finalized, the Pain CDS contained three separate alerts. The first alert encouraged healthcare providers to record a pain score. The second alert suggested that doctors take a BPI of patients who had recorded two or more pain scores of four or more (on a zero to ten-point scale) within the previous three months, or who had a chronic pain diagnosis. The BPI further focused providers on the patient’s pain symptoms and included a list of questions on the severity and impact of the patient’s pain, and prompted the patient to describe the patient’s pain ‘now,’ ‘on the average,’ and at its ‘worst’ and ‘least’ during the previous 24 hours. The third alert indicated that a follow up plan should be created for treating the patient’s pain, appearing only if the patient reported pain on the pain scale of four or higher twice within four months, or if a patient with chronic pain has had a BPI completed.” ¶ 95.
The drug recommended in this case was extended release opioids. An extended release drug is something you take and it releases the active ingredient into your body in stages, not all at once. That way its effects are spread out over time. Extended release isn’t necessarily meant to moderate the effect of the drug; sometimes, it simply prolongs it. It can also make the drug more addictive. CDC guidelines provide that these should be prescribed with the following considerations:
- Extended release opioids should be reserved for severe, continuous pain and should be considered only for patients who have received immediate release opioids daily for at least 1 week;
- When starting opioid therapy for chronic pain, clinicians should prescribe immediate-release opioids instead of extended-release/long-acting (ER/LA) opioids;
- When opioids are started, clinicians should prescribe the lowest effective dosage;
- Nonpharmacologic therapy and nonopioid pharmacologic therapy are preferred for chronic pain. Clinicians should consider opioid therapy only if expected benefits for both pain and function are anticipated to outweigh risks to the patient;
- The clinical evidence review found insufficient evidence to determine long-term benefits of opioid therapy for chronic pain and found an increased risk for serious harms related to long-term opioid therapy that appears to be dose-dependent”; and
- Providers should be explicit and realistic about expected benefits of opioids, explaining that while opioids can reduce pain during short-term use, there is no good evidence that opioids improve pain or function with long-term use, and that complete relief of pain is unlikely. ¶ 84.
Now, contrast that with the alerts that Practice Fusion implemented for yourself and judge their appropriateness.
Next, let’s frame up the major players. According to the information, which leaves the pharmaceutical’s name redacted, the Director of eMarketing and a Brand Manager represented the pharmaceutical throughout the deal. ¶¶ 12-13. Reuters has reported that the pharmaceutical in question is the maker of OxCotin, Purdue. Practice Fusion’s side of the transaction involved a sales representative, two directors with sales and business development roles, the Chief Commercial Officer, and Chief Medical Officer. ¶¶ 6-11.
The Government’s investigation uncovered several emails that undoubtedly bolstered its case. In terms of the success of the CDS and partnership, one email stated that the “[p]rimary goal of the project is to increase Rx for medications.” ¶ 81. Sales professionals, not just medical ones, were involved in the design of the CDS. ¶ 72. Internal documents at the pharmaceutical indicated that the goal was to “Grow ERO prescriptions within the Practice Fusion ehr by using the PRACTICE FUSION platform to cause providers to ‘reassess chronic pain patients for the need of Extended Release Opioids.” ¶ 64.
That’s heavy. So what does it all mean for your average health IT developers and provider organizations?
First and foremost: the best offense is a good defense, and you need to be on the offensive. Get good compliance plans in place, now. Enforcement in the health IT space is a priority and it will not stop. A good compliance plan is your first defensive line against these kinds of liabilities. This fact pattern reached across multiple departments, roles, and levels. Each person involved in this deal was standing near legal radiation. It is a bad place to be. If you are a health IT developer, anything that your systems touch related to reimbursement under a federal healthcare program (Medicare Medicaid, etc) probably bears AKS risks. Anytime you are talking about driving ROI related to federal healthcare programs, here prescriptions, AKS could be implicated. On an operational and day-to-day basis AKS implicates, at least, the following departments:
- Sales
- Business Development/Partnerships
- Development
- Product Management
However, readers should note that the AKS’s applicability might seem straightforward here, the DOJ objects to seemingly much more benign relationships between providers and vendors. Just because your conduct does not appear to rise to this level does not mean that the DOJ thinks it’s legal. In the complaint against eClinicalWorks, the DOJ took issue with a referral program, site visit program, and reference program. The DOJ has apparently taken the view that certified EHR is a good, item, or service payable under a federal healthcare program. If tested in court, it is not clear that broader view would withstand a challenge. That said, who wants to be test case for a felony offense as a corporation?
What do healthcare providers have to worry about? Remember that the AKS criminalizes both sides of the transaction. You should scrutinize your relationships with your vendors closely. The view that the DOJ took in the eClinicalWorks case, namely that a certified EHR is an item or service payable under a federal healthcare program by virtue of the meaningful use program, puts certified EHR in the same category as drugs. You should treat transactions and relationships with certified EHR vendors accordingly. That means a compliance program that extends to and encompasses those vendors.
Stay safe out there.
eHealth Law Blog 
2 thoughts on “Practice Fusion Part 1: The AKS and What It Means for You”