Issue link: https://beckershealthcare.uberflip.com/i/1353232
61 CIO / HEALTH IT Athenahealth settles kickback allegations for $18M+ By Jackie Drees W atertown, Mass.-based Athen- ahealth agreed to pay $18.25 mil- lion to settle allegations it violated the False Claims Act by paying illegal kick- backs to sell its EHR products, according to a Jan. 28 Department of Justice news release. e Department of Justice alleged that Athenahealth violated the FCA and An- ti-Kickback statute through three marketing programs. For the first allegation, prosecutors claimed Athenahealth invited prospects and customers to all-expense-paid entertainment events such as the Kentucky Derby and the Masters Tournament, along with free luxury accommodations, meals and alcohol. In a Jan. 28 statement emailed to Becker's Hospital Review, a spokesperson for Athen- ahealth said the company "places the high- est priority on compliance with all laws and regulations" governing the industry and that its employees provide healthcare services "ethically and with integrity." "Our dedicated employees work everyday to create a thriving ecosystem that delivers ac- cessible, high quality, and sustainable health- care for all … We do so ethically and with integrity — values that are integral to our company's culture," the spokesperson said. e DOJ also alleges that Athenahealth paid illegal fees of up to $3,000 per physician to those who signed up for its services through the company's "Lead Generation" program, which identifies new prospective customers. Prosecutors also claimed Athenahealth inked "conversion deals" with competing companies that had decided to discontinue their health IT products to then refer their clients to Athen- ahealth. e EHR vendor then allegedly paid competitors based on the volume and val- ue of practices that successfully converted to its soware. e DOJ claimed that Athenahealth used the kickbacks to improperly generate sales for itself while causing providers to submit false claims to the government for incentive payments for adopting Athenahealth's EHR technology and achieving meaningful use. "While we have full confidence in our robust compliance policies and programs, we agreed to this settlement—under which we admit no wrongdoing—to put this matter behind us and move forward with our critical work on behalf of patients and healthcare providers," the Athenahealth spokesperson said. e $18.25 million settlement also resolves allegations of Athenahealth's involvement in two whistleblowers lawsuits, according to the news release. "Across the country, physicians rely on elec- tronic health records soware to provide vital patient data. Kickbacks corrupt the market for healthcare services and risk jeopardizing patient safety," U.S. Attorney Andrew Lelling said in the news release. "We will aggressively pursue organizations that fail to play by the rules; EHR companies are no exception." n Bethesda Hospital employee fired for alleged EHR snooping, altering patient health order By Jackie Drees B ethesda Hospital, part of Coral Gables, Fla.-based Baptist Health, terminated an employee for access- ing patients' medical records and altering a home care patient's health order. The Boynton Beach, Fla., hospital posted a notice to its website Jan. 29 to alert patients of the incident. The hos- pital said it discovered on Dec. 1 that an employee "im- permissibly accessed protected health information and altered a home health order that was used to provide a patient with home care services." The hospital launched an investigation immediately after discovering the breach, fired the employee and alerted law enforcement. The hospital said people who were patients between June 1, 2019, and Dec. 2, 2020, may have been affected by the incident. Information that may have been compromised includes name, dates of birth, addresses and Social Security numbers. The hospital is offering patients affected by the incident one year of identity protection and credit-monitoring services. It said it is also looking to increase security mea- sures to protect patients' health information. n Hacker infiltrates Iowa medical group's computer system; 34,000 patients' info exposed By Jackie Drees G rand River Medical Group notified 34,000 patients of a hacking incident that allowed an unauthorized individu- al to access the Dubuque, Iowa-based medical group's computer systems and view their protected health information. The hacker gained access to Grand River's systems via an employ- ee's email account, and subsequently spreadsheets containing pa- tients' health information. The medical group tapped an outside incident response expert to complete a forensic analysis, which did not find any evidence of data being accessed or downloaded by the intruder. However, Grand River "could not definitely rule such activity out." The medical group reported the breach to HHS as affecting 34,000 individuals and mailed notice letters to patients from Feb. 8-11. Patient data exposed in the incident included names, Social Security numbers, birth dates, addresses, medications and visit types. Grand River terminated the hacker's access immediately upon dis- covering the breach and has since changed all relevant passwords and isolated the compromised account from its system. The med- ical group offered all affected individuals one year of free identity theft protection services. n