Recently, the former CFO of the Shelby Regional Medical Center, Joe White, has been sentenced to 23 months in federal prison and ordered to pay $4.5 million in restitution. White oversaw the hospital’s implementation of electronic health records (EHR) and was responsible for Meaningful Use attestation to obtain incentive payments. He pleaded guilty to making a false statement about the hospital’s status as a meaningful user of EHR when, in fact, the hospital failed to meet the requirements. The false attestation resulted in $785,655 paid by Medicare to the hospital. As a consequence of the ensuing turmoil, Shelby Regional Medical Center has permanently closed.
What message does this send about HITECH and Meaningful Use? Although this is a more severe example of dishonesty, the underlying warning is still there for recipients of Meaningful Use incentives. Falsely attesting or failure to meet requirements could result in civil penalties, refund of incentive money, and could lead to criminal charges.
The HITECH Act was established with the intent to promote the adoption of health information technology. This was promoted and incentivized by the Government through the Meaningful Use program. Providers can obtain incentive payments by attesting and proving that they are using certified EHR technology to improve patient care.
As we’ve observed from the past, not withholding this example, you do NOT want to take unwarranted money from the Government. To protect your organization from unintentional false attestation, you must understand the 15 Core Measures of Meaningful Use and to how to properly demonstrate meeting these objectives annually. Bear in mind that 5% of Meaningful Users will face mandatory audits.
However, attesting for Meaningful Use does not exempt you from the obligation to comply with HIPAA regulations. Regardless of whether you are applying for Meaningful Use or not, you are still required to be HIPAA compliant. The HITECH Act has served to strengthen HIPAA security and privacy provisions by adding greater fines and penalties for non-compliance. Bottom line, if your services involve Protected Health Information (PHI) you are required to be HIPAA compliant.
Unfortunately, 70% of the healthcare industry is not HIPAA compliant while CMS states that 79% of Meaningful Use Audits have resulted in failure. The two prevalent factors were incomplete risk assessments and misconceptions about the differences between HIPAA and HITECH. If you are unsure of your compliance with HIPAA, HITECH or Meaningful Use you need to take corrective action immediately.