Opioid Case Spotlights Use of AI for Health-Care Fraud

Jan. 29, 2020, 10:46 AM

A software developer’s scheme to rig alerts to doctors so they would write more opioid prescriptions shows that bringing artificial intelligence into health-care decision-making has opened up new possibilities for fraud.

Practice Fusion Inc. created an electronic health records system and took $1 million in kickbacks from a drugmaker in return for sending the alerts, the Justice Department said in announcing it had reached a deferred prosecution agreement with the company. Reuters reported Tuesday that Purdue Pharma is the drugmaker, identified in court documents as “Pharma Co. X.”

The case highlights a weakness in federal regulations for electronic health records, or EHR, systems, which are built on the idea that transparency will provide protection to patients, Jacob Reider, former deputy national coordinator for health information technology during the Obama administration, said.

“The regulations for EHR systems assume that providers will make the best decisions for their patients as long as they have access to all of the information about how the alerts and prompts in the system were developed,” Reider said. “But it’s clear from this case that transparency will only get you so far. This is going to require some high-level policy thinking about what else we should be doing.”

‘Very Significant Step’

The case also marks an important evolution in the DOJ’s scrutiny of software companies, according to Colette G. Matzzie, a partner with Phillips & Cohen in Washington.

“The government has been focusing on the compliance of these systems with federal regulations up to now,” she said. “But this case shows that DOJ is now looking at the whole web of relationships between these EHR makers and drug companies, doctors, hospitals, and laboratories. This is a very significant step.”

Mattzie represented the whistleblower in a lawsuit against eClinicalWorks, another EHR maker, that led to a $155 million settlement with the government.

Nudge, Nudge

Practice Fusion admitted to the kickback charges as part of the deferred prosecution agreement that also requires it to pay $26 million in fines, the DOJ said. The company also agreed to pay $119 million to the federal government and several states to settle civil allegations regarding similar kickback arrangements with drug companies.

At the heart of the case are clinical-support decision alerts, pop-up windows that appear to doctors and other users of EHR systems to help them make appropriate treatment decisions.

Those alerts are embedded in EHR systems, and doctors have come to expect and rely on them for help with a wide range of clinical decisions, Reider said.

Doctors are susceptible to the influence of such alerts in ways they may not even realize, according to Mark Friedberg, a vice president with Blue Cross Blue Shield of Massachusetts who conducted research on EHR systems when he was with the RAND Corp.

Friedberg said he and his fellow researchers found it easy to “nudge” the clinical decision-making of doctors without them even noticing.

“As we were doing this research, it occurred to me that it would be easy for someone to devise ‘nudges’ that served the interests, not of the patient, but of a drug company, or the hospital, or the doctor,” he said. “It was only hypothetical at the time, but that’s what it looks like happened here.”

Regulations Addressed Risk

The possibility that alerts could be misused also was in the mind of policymakers as they were developing the current regulations, Reider said.

Those regulations require that the EHR system provide user access to three categories of information: the medical evidence justifying an alert, the identity of the entity that created the alert, and the identity of the entity that funded it.

The goal was to reduce the likelihood that a “sponsored” alert would inappropriately influence a provider’s decision making, he said.

The company concealed from regulators that its “software did not comply with all of the applicable requirements,” of the Health and Human Services Department’s voluntary health IT certification program, the DOJ said.

The case against Practice Fusion marks the first criminal allegations against a provider of electronic health records, the DOJ said in announcing the agreement.

The company was acquired by Allscripts Healthcare Solutions Inc. in 2018, after the conduct at issue occurred, a spokesman said earlier Tuesday.

To contact the reporter on this story: Christopher Brown in St. Louis at ChrisBrown@bloomberglaw.com

To contact the editors responsible for this story: Fawn Johnson at fjohnson@bloomberglaw.com; Peggy Aulino at maulino@bloomberglaw.com

To read more articles log in.

Learn more about a Bloomberg Law subscription.