A False Claims Act case pits a prominent health system against its EHR software provider.
Over the last many years, healthcare providers have been financially incentivized to purchase electronic health records (EHR) software. These programs can cost upwards of $25,000 to $50,000, and, sometimes are renewable every year. In other words, these programs are extremely expensive.
So shouldn’t these programs be compliant with all applicable federal and state regulations? The truth is, most programs are not created by physicians or attorneys. Many companies producing the programs do not even have attorneys review the software for regulatory compliance. Yet healthcare providers rely on these EHR systems to submit their billings to Medicare and Medicaid – and guess what? Complying with state and federal regulations as well.
This poses a huge risk for healthcare providers, because the next regulatory audit, such as one from a Recovery Audit Contractor (RAC), is as sure as death and taxes. One hundred percent of provider’s service notes or healthcare records could be noncompliant, based on the underlying software, and the provider would never know. If the provider is accused of failing to report a $1 million overpayment based on a flaw in the software, who bears the burden? The provider? Or the noncompliant software company?
Currently, the answer is this: whichever national provider identification (NPI) number is used is the “captain of the ship,” and thus is liable for any noncompliance issues. However, with providers getting smarter and more comfortable navigating the EHR world, many have begun to negotiate indemnification clauses in their contracts with the software companies and/or sue on the back end for indemnification, regardless of the contract terms and based on multiple legal causes of action.
Common compliance issues found with using EHR software include the following:
1. Electronic signatures
Simply typing the healthcare provider’s name at the bottom of a service note does not mean compliance with Medicare criteria has been achieved. You can look at the Medicare Program Integrity Manual, Chapter 3, for more guidance.
2. Self-populating entries
These are the “time-savers.” And they are indeed that. However, I have seen that some software programs default to the pronoun “he,” and without the healthcare provider going back and revising the note to say “she,” there will be gender pronouns that clash. These are red flags for auditors. Internal inconsistencies within notes or other medical records also present liability issues to auditors. The same is true of massive amounts of cutting and pasting.
An example of internal inconsistencies is the following: some computer software programs default to “patient presents without pain.” Then, later on in the service note, the healthcare provider writes “patient c/o of severe pain.” An auditor may deny payment with respect to that service because of inconsistent documentation.
3. Retrospective self-populating entries
Some EHR software is programmed to populate information not only prospectively, but retrospectively, which creates significant risk for providers. In one case, a provider did not realize that each time a diagnostic test result was entered, this information was auto-populated prospectively as well as retrospectively. Results from a February 2010 test were included, not only in subsequent notes, but in notes dating prior to the test.
4. Customization to a specialty
In some instances, the software template may include information that would rarely be relevant to a particular provider. For example, a software program may include a review of the gastrointestinal system when the provider is a hand specialist. As ridiculous as it sounds, regardless of the specialty, blanks – or the absence of information that could be perceived to be needed – can lead to denials in an audit.
Legal Liability
In a very recently initiated and ongoing qui tam action under the federal False Claims Act, a relator alleges that Bon Secours Health System, Inc., fraudulently billed Medicare and Medicaid by millions of dollars.
The allegations derive from the installation and use of a billing system known as “McKesson billing software.” McKesson billing software, according to the complaint, “from the very start … was deliberately programmed not to do split-billing.”
“’Split-billing,’ otherwise known as ‘Medicare maximization,’ involves ‘identif(ying) and bill(ing) any liable third party prior to … Medicaid,” The filing reads.
Billing such parties prior to billing Medicaid is a requirement of participation in the Medicaid program. For patients eligible for both Medicare and Medicaid, or “dual-eligible patients,” this means billing Medicare before billing Medicaid.
The impetus for this requirement is that Medicaid typically reimburses providers for the full cost of a patient’s treatment, whereas Medicare reimburses at a flat rate lower than the actual cost of treatment. Thus, the government saves money when a provider bills Medicare first. If a provider bills Medicaid first for services provided to a dual-eligible patient, it violates the split-billing requirement.
Again, the allegation in Bon Secours was that the billing system or computer program for the EHR was purposefully unable to split-bill, which violates Medicaid regulations. Notice, however, that the billing company in Bon Secours was not a named defendant. Why not? Even if the plaintiff did not name the billing company as a party in the complaint, Bon Secours could have filed a third-party complaint bringing in the billing company as a party to indemnify it.
The law is not clear on the issue of who bears the burden of liability for regulatory noncompliance when the noncompliance is caused by the billing software company and not the provider. Certainly, the billing software company will argue that it is the burden of a healthcare provider to follow all rules and regulations pertaining to Medicare and Medicaid when the providers signs the Medicare/Medicaid contact. Obviously, the billing software companies do not sign a contract with Medicare or Medicaid.
Going forward, we will keep an eye on the outcome of Bon Secours. Until then, I am of the opinion that there is a strong legal argument for indemnification of the provider by the billing software company.
To be safe, I recommend demanding an indemnification clause in contracts with billing software companies. They may buck, but if that is the case, then maybe that software company is not the right choice for you.
Normally, I write about substantive law, but today I’m going to focus more on psychology. The idea was triggered by the subject line in an
The U.S. Department of Justice (DOJ) announced that Texas rheumatologist Dr. Jorge Zamora-Quezada had been sentenced to 10 years’ imprisonment in connection with the submission
Please log in to your account to comment on this article.
Stop revenue leakage and boost hospital performance by mastering risk adjustment and HCCs. This essential webcast with expert Cheryl Ericson, RN, MS, CCDS, CDIP, will reveal how inaccurate patient acuity documentation leads to lost reimbursements through penalties from poor quality scores. Learn the critical differences between HCCs and traditional CCs/MCCs, adapt your CDI workflows, and ensure accurate payments in Medicare Advantage and value-based care models. Perfect for HIM leaders, coders, and CDI professionals. Don’t miss this chance to protect your hospital’s revenue and reputation!
Struggling with ICD-10-CM coding for diabetes and complications? This expert-led webcast clarifies complex combination codes, documentation gaps, and sequencing rules to reduce denials and ensure compliance. Dr. Angela Comfort will provide actionable strategies to accurately link diabetes to complications, improve provider documentation, and optimize reimbursement—helping coders, CDI specialists, and HIM leaders minimize audit risks and strengthen revenue integrity. Don’t miss this chance to master diabetes coding with real-world case studies, key takeaways, and live Q&A!
Uncover critical guidance. HIM coding expert, Kay Piper, RHIA, CDIP, CCS, provides an interactive review on important information in each of the AHA’s 2025 ICD-10-CM/PCS Quarterly Coding Clinics in easy-to-access on-demand webcasts, available shortly after each official publication.
Uncover critical guidance. Kay Piper provides an interactive review on coding guidelines and more in the AHA’s fourth quarter 2025 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
RACmonitor is proud to welcome back Dr. Ronald Hirsch, one of his most requested webcasts. In this highly anticipated session, Dr. Hirsch will break down the complex Two Midnight Rule Medicare regulations, translating them into clear, actionable guidance. He’ll walk you through the basics of the rule, offer expert interpretation, and apply the rule to real-world clinical scenarios—so you leave with greater clarity, confidence, and the tools to ensure compliance.
Bring your questions and join the conversation during this open forum series, live every Wednesday at 10 a.m. EST from June 11–July 30. Hosted by Chuck Buck, these fast-paced 30-minute sessions connect you directly with top healthcare experts tackling today’s most urgent compliance and policy issues.
Fraud convictions don’t just punish a few bad claims; they can wipe out years of reimbursements. Don’t wait for an audit to learn the rules. Join Frank Cohen, MPA, for a live Q&A on spotting red flags, avoiding liability, and protecting your practice. Register now and bring your questions!
Substance abuse is everywhere. It’s a complicated diagnosis with wide-ranging implications well beyond acute care. The face of addiction continues to change so it’s important to remember not just the addict but the spectrum of extended victims and the other social determinants and legal ramifications. Join John K. Hall, MD, JD, MBA, FCLM, FRCPC, for a critical Q&A on navigating substance abuse in 2025. Register today and be a part of the conversation!
Copyright © 2025 RACmonitor. Powered by MedLearn Media.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
