Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims
Tuesday, November 1, 2022 Modernizing
Medicine Inc. (ModMed), an electronic health record (EHR) technology
vendor located in Boca Raton, Florida, has agreed to pay $45 million to
resolve allegations that it violated the False Claims Act (FCA) by
accepting and providing unlawful remuneration in exchange for referrals
and by causing its users to report inaccurate information in connection
with claims for federal incentive payments.
The Anti-Kickback Statute prohibits anyone from offering or paying,
directly or indirectly, any remuneration — which includes money or any
other thing of value — to induce referrals of items or services covered
by Medicare, Medicaid and other federally funded programs. In a
complaint filed in conjunction with today’s settlement, the United
States alleged that ModMed violated the FCA and the Anti-Kickback
Statute through three marketing programs: First, ModMed solicited and
received kickbacks from Miraca Life Sciences Inc. (Miraca) in exchange
for recommending and arranging for ModMed’s users to utilize Miraca’s
pathology lab services. Second, ModMed conspired with Miraca to
improperly donate ModMed’s EHR to health care providers in an effort to
increase lab orders to Miraca and simultaneously add customers to
ModMed’s user base. Third, ModMed paid kickbacks to its current health
care provider customers and to other influential sources in the
healthcare industry to recommend ModMed’s EHR and refer potential
customers to ModMed.
“Electronic health records serve a critical role in informing
physician decision making, and it is therefore essential that health
care providers select such technology free from the influence of
improper financial inducements,” said Principal Deputy Assistant
Attorney General Brian M. Boynton, head of the Department of Justice’s
Civil Division. “Vendors of electronic health records will be held to
the same standards of compliance that we expect of everyone who provides
health care services.”
“Today’s settlement marks the fourth resolution that our office has
achieved as we seek to root out fraud in the electronic health record
technology field,” said U.S. Attorney Nikolas P. Kerest for the District
of Vermont. “It is imperative that medical providers be able to trust
the health record systems with which they document important and
sensitive patient information, and for too long electronic health record
vendors have prioritized only sales. The government alleges that for
years, ModMed, through a variety of schemes, engaged in illegal
kickbacks that distorted both the EMR and pathology lab markets, in
addition to providing its users with a deficient product. This
resolution reflects the seriousness of the government’s allegations and
the determination of the Department of Justice to restore integrity to
the electronic health record field.”
As a result of this conduct, the government alleges that ModMed
improperly generated sales for itself and for Miraca, while causing
health care providers to submit false claims for reimbursement to the
federal government for pathology services, and for incentive payments
from the Department of Health and Human Services (HHS) for the adoption
and “meaningful use” of ModMed’s EHR technology.
In January 2019, Miraca (now known as Inform Diagnostics) agreed to
pay $63.5 million to resolve allegations that it violated the
Anti-Kickback Statute and the Stark Law by providing to referring
physicians subsidies for EHR systems and free or discounted technology
consulting services. 2019 Press Release.
Additionally, under HHS’ EHR Incentive Programs, HHS offered
incentive payments to health care providers that adopted certified EHR
technology and met certain requirements relating to their “meaningful
use” of that technology. Eligibility for incentive payments required
health care providers to use certified EHR technology that, among other
things, utilized certain standard vocabularies for drugs (RxNorm) and
clinical terminology (SNOMED CT) in order to conduct certain
transactions. The government’s complaint in intervention alleges that
ModMed knew that its EHR did not always allow physician users to
electronically record medical records using the required standard
vocabularies, thereby causing certain of its users to submit false
claims for incentive payments under that program.
The settlement with ModMed resolves, in part, allegations in a
lawsuit filed in the District of Vermont by Amanda Long, a former Vice
President of Product Management at ModMed. The lawsuit was filed under
the qui tam, or whistleblower, provisions of the FCA, which
permit private individuals to sue on behalf of the government for false
claims and to share in any recovery. The qui tam case is captioned United States ex rel. Long v. Modernizing Med., Inc.,
No. 2:17-cv-179 (D. Vt.). The Act allows the government to intervene
and take over the action, as it did in this case. As part of today’s
resolution, Ms. Long will receive approximately $9 million.
The resolution obtained in this matter was the result of a
coordinated effort between the Justice Department’s Civil Division,
Commercial Litigation Branch, Fraud Section, and the U.S. Attorney’s
Office for the District of Vermont. The FBI and the Department of Health
and Human Services, Office of Counsel to the Inspector General provided
investigative assistance.
The investigation and pursuit of this matter illustrate the
government’s emphasis on combating health care fraud, including in the
healthcare technology arena. One of the most powerful tools in this
effort is the FCA. Tips and complaints from all sources about potential
fraud, waste, abuse, and mismanagement, can be reported to the
Department of Health and Human Services at 800-HHS-TIPS (800-447-8477).
Assistant U.S. Attorney Lauren A. Lively for the District of Vermont
and Trial Attorneys Kelley Hauser and Sarah Hill of the Civil Division’s
Commercial Litigation Branch, Fraud Section handled this matter.
| Issued by: Office for Civil Rights (OCR) What if a HIPAA covered entity (or business associate) uses a CSP to maintain ePHI without first executing a business associate agreement with that CSP? Answer: If a covered entity (or business associate) uses a CSP to maintain (e.g., to process or store) electronic protected health information (ePHI) without entering into a BAA with the CSP, the covered entity (or business associate) is in violation of the HIPAA Rules. 45 C.F.R §§164.308(b)(1) and §164.502(e). OCR has entered into a resolution agreement and corrective action plan with a covered entity that OCR determined ...read more |
| HHS Issues Guidance on HIPAA and Audio-Only Telehealth Today, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), is issuing guidance on how covered health care providers and health plans can use remote communication technologies to provide audio-only telehealth services when such communications are conducted in a manner that is consistent with the applicable requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules, including when OCR’s Notification of Enforcement Discretion for Telehealth - PDF is no longer in effect. This guidance will help individuals ...read more |
| DOVER (Oct. 21, 2022) – The Delaware Division of Developmental Disabilities Services is announcing today that it is mailing letters to service recipients and legal guardians who were impacted by a recent data breach incident and is providing information to the public regarding the incident. On August 23, 2022, staff within the Division of Developmental Disabilities Services (DDDS) discovered that in the process of creating new user accounts in the division’s client database, DDDS staff inadvertently provided access to individual records of 7074 individuals. As a result of these actions, 159 new users had potential access to service recipients’ ...read more |
| If a CSP stores only encrypted ePHI and does not have a decryption key, is it a HIPAA business associate? Answer: Yes, because the CSP receives and maintains (e.g., to process and/or store) electronic protected health information (ePHI) for a covered entity or another business associate. Lacking an encryption key for the encrypted data it receives and maintains does not exempt a CSP from business associate status and associated obligations under the HIPAA Rules. An entity that maintains ePHI on behalf of a covered entity (or another business associate) is a business associate, even if the entity cannot actually ...read more |
|
April 2026
| Su | Mo | Tu | We | Th | Fr | Sa |
| | | 1 | 2 | 3 | 4 |
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 |
|
Blog Home
Newest Blog Entries
1/21/25 Understanding Business Associate Agreements
11/12/22 Modernizing Medicine Agrees to Pay $45 Million to Resolve Allegations of Accepting and Paying Illegal Kickbacks and Causing False Claims
11/12/22 Indian National Charged in $8 Million COVID-19 Relief Fraud Scheme
11/12/22 Former Hospital Employee Pleads Guilty To Criminal HIPPA Charges
11/12/22 Covered entities and those persons rendered accountable by general principles of corporate criminal liability may be prosecuted directly under 42 U.S.C. § 1320d-6
11/12/22 The Delaware Division of Developmental Disabilities Services Data Breach
11/12/22 OCR Settles Three Cases with Dental Practices for Patient Right of Access under HIPAA
11/12/22 HHS Issues Guidance on HIPAA and Audio-Only Telehealth
11/12/22 Five Former Methodist Hospital Employees Charged with HIPAA Violations
11/12/22 May a covered entity use or disclose protected health information for litigation?
11/12/22 When does the Privacy Rule allow covered entities to disclose protected health information to law enforcement officials?
Blog Archives
January 2025 (1)
November 2022 (54)
Blog Labels
Data Breach (1)
Telehealth (1)
HIPAA Enforcement (3)
ePHI (2)
HIPAA (2)
EHR Fraud (1)
BAA (4)
PPP Fraud (1)
Covered Entity (40)
|
