Electronic Healthcare Records , Fraud Management & Cybercrime

Fraud Tied to Billing Software? Lawsuit Raises the Issue

Whistle-Blower Claims Epic Systems Software Enables Double-Billing
Fraud Tied to Billing Software? Lawsuit Raises the Issue

A whistle-blower false claims lawsuit filed against electronic health records vendor Epic Systems raises the issue of whether the company's billing software can be used to support fraud.

See Also: Recovering From a Cyberattack, Responding to the OCR, and Building a Cyber Resilient Posture for the Future: A Conversation with OrthoVirginia CIO, Terri Ripley

In the complaint filed in 2015, which was updated in June 2017 and unsealed on Nov. 2 in a Florida district court, the plaintiff, Geraldine Petrowski - a former compliance worker at WakeMed Health in North Carolina - alleges that Epic's anesthesia billing software module is coded to enable its healthcare customers to double-bill Medicare, Medicaid and other payers for the anesthesia services they provide to patients.

Petrowski - who served as a hospital liaison during WakeMed's implementation of Epic's billing software - alleges that "extensive improper billing practices and noncompliance issues" at Wisconsin-based Epic has resulted "in the presentation of hundreds of millions of dollars in fraudulent bills for anesthesia services being submitted to Medicare and Medicaid as false claims."

The suit notes that effective Jan. 1, 2012, Medicare changed its billing and reimbursement practices regarding anesthesia services so that the services are to be billed in actual minutes rather than "base units" equal to 15 minutes each. Petrowski alleges the billing software defaults to charging both the "base units" as well as the actual time taken for anesthesia, resulting in Medicare, Medicaid and other payers being overcharged by healthcare providers.

"These Epic software-generated bills incorrectly and unlawfully include base units in bills for anesthesia services thereby resulting in the double payment to the provider for base units for every anesthesia service bill provided under ... Epic software billing system," the complaint claims.

The suit says Petrowski, "went so far as providing examples to ESC [Epic Systems Corp.] representatives illustrating this unlawful practice. Initially, [Petrowski's] advice went unheeded, as she was told by [Epic] that 'all other hospitals are billing base units.'"

Petrowski again met with Epic representatives "after determining that their software's default protocol for anesthesia incorrectly billed base units, which resulted in a double reimbursement to the provider of base units. Petrowski finally succeeded in forcing [Epic] to take out the base units submission from the hospital's anesthesia billing module, but once again was told that they have ... built all other systems with this feature included.'"

The suit alleges that Petrowski has also examined a 2016 bill for anesthesia for a medical procedure by another Epic customer, MD Anderson Cancer Center, and that bill also reflected "the incorrect billing of anesthesia by Epic's billing software."

In a statement provided to Information Security Media Group, an Epic spokeswoman says: "The Department of Justice did its own expert review and decided not to move forward. The plaintiff's assertions represent a fundamental misunderstanding of how claims software works."

The Justice Department declined to comment to ISMG on the Epic case.

Other Fraud Concerns

The allegations against Epic represent the second recent whistleblower filed case against an EHR vendor so far this year.

Earlier, eClinicalWorks agreed to a settlement with the government that arose from a whistleblower complaint involving allegations that it had defrauded the HITECH Act EHR incentive program.

"A major distinction between that case and the action against Epic is, according to published reports, the Department of Justice chose not to intervene in this matter after reviewing the evidence supporting the allegations," says privacy attorney David Holtzman, vice president of compliance at security consultancy CynergisTek. "The inference is that the evidence does not [support] a finding that would be actionable under the False Claims Act," he says regarding the case filed against Epic.

In the June settlement between the Justice Department and eClinicalWorks, the Westborough, Massachusetts-based vendor agreed to pay a $155 million settlement, as well as enter into a five-year corporate integrity agreement with the Department of Health and Human Services' Office of Inspector General.

The Justice Department alleged the company falsely claimed it met the EHR incentive program's certification requirements. That includes accurately recording user actions - such as orders for diagnostic tests - that were conducted in the course of a patient's treatment and also satisfying requirements for data portability.

Fighting Fraud

HHS OIG, in its semi-annual report to Congress issued in June, noted that the Centers for Medicare and Medicaid Services and the Office of the National Coordinator for Health IT have not yet put into place a plan to fight fraud related to EHRs (see Report: HHS Needs Bolder Steps to Prevent EHR-Related Fraud).

Among the potential ways EHRs can be used to commit fraud is by "upcoding" or exaggerating the kind of care providers give patients, as well as cloning or "copy-pasting" digital patient records to submit falsely documented bills.

"HHS need to address the risks that EHRs pose to the integrity of federal health programs," OIG wrote, adding that it found hospitals were individually employing their own EHR fraud and abuse efforts to varying degrees.

HHS OIG did not immediately respond to an ISMG request for comment on the billing fraud allegations against Epic.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.