CFO Pleads Guilty to HITECH Act Fraud

More Prosecutions for Abuse of EHR Incentive Program Likely
CFO Pleads Guilty to HITECH Act Fraud

A former CFO at a now-shuttered hospital has pleaded guilty to submitting false documents so the medical center could receive $785,000 in payments under the HITECH Act electronic health records financial incentive program. Some legal experts predict that more federal prosecutions of HITECH Act fraud under the EHR "meaningful use" program are likely.

See Also: Live Webinar | Embracing Digital Risk Protection: Take Your Threat Intelligence to the Next Level

On Nov. 12, Joe White, 67, of Cameron, Texas, pleaded guilty to making a false statement in November 2012 to the Centers for Medicare and Medicaid Services that Shelby Regional Medical Center in Texas was a meaningful user of EHRs, when the hospital actually was primarily using paper records, according to the Department of Justice.

White, who was indicted by a federal grand jury on Feb. 6, now faces up to five years in federal prison. A sentencing date has not been set (see HITECH Act EHR Program Fraud Alleged).

To obtain financial incentives from Medicare or Medicaid under the HITECH Act, hospitals and physicians must submit detailed documents that attest to meeting the requirements for the program, including conducting a HIPAA security risk assessment.

The Department of Health and Human Services' Office of the Inspector General, the Texas Office of the Attorney General's Medicaid Fraud Control Unit and the FBI investigated the Shelby Regional case.

Wake Up Call

Some legal experts say other federal prosecutions for HITECH Act EHR program fraud could be quietly in the works.

"It remains possible that such cases have been brought and are currently under seal," says privacy attorney Adam Greene of the law firm Davis Wright Tremaine. "Accordingly, I would not be surprised if we see one or more other prosecutions in this area in the years to come."

Attorney David Holtzman, vice president of compliance at security consulting firm CynergisTek, notes that more than $25 billion in incentive payments have been distributed through the HITECH Act's meaningful use program. "So it is highly likely that we will see additional criminal prosecutions involving those who have received funds through fraud," he says.

"The program set a very low bar on demonstrating eligibility for receiving EHR incentive payments. With CMS auditing whether the attestations were factual, the government will be looking to identify where the attestations for meaningful use can be supported by the documentation of the hospital or eligible provider," Holtzman says. "In the instances where the promises made in the attestation were outright lies, the government will seek to apply criminal sanctions."

A HHS OIG spokesman tells Information Security Media Group: "To the best of our knowledge, this is the first case that the government has prosecuted. Under standard law enforcement protocols, I am unfortunately not able to discuss related investigative matters."

A newly released HHS OIG report, 2014 Top Management & Performance Challenges, notes: "Challenges in [HITECH Act] program oversight also leave the EHR incentive programs vulnerable to inappropriate payments to participants that do not meet program requirements."

The Fraud Charges

Prosecutors say that on Nov. 20, 2012, White falsely attested to CMS that Shelby Regional met HITECH Act meaningful use requirements for the 2012 fiscal year by implementing EHRs. In fact, the hospital, relied on paper records throughout the fiscal year and only minimally used EHRs, authorities say. Prosecutors also allege that White falsely attested to the hospital's meaningful use of EHRs by using another person's name and information without that individual's consent or authorization.

The 54-bed hospital closed last year amidst legal issues involving its owner, Tariq Mahmood, M.D. of Cedar Hill, Texas. Mahmood was indicted by a federal grand jury on April 11, 2013, and charged with conspiracy to commit healthcare fraud and seven counts of healthcare fraud.

Mahmood owned and operated several other hospitals in Texas, including Cozby-Germany Hospital in Grand Saline, Renaissance Terrell Hospital in Terrell, Central Texas Hospital in Cameron, and Community General Hospital in Dilley. Federal prosecutors allege that from April 2010 to April 2013, Mahmood and others carried out a scheme to defraud Medicare and Medicaid through the submission of false and fraudulent claims, according to an FBI statement issued in April 2013.

Prosecutors allege that Mahmood and others "changed, deleted, and incorrectly sequenced diagnostic codes in a way that did not reflect the actual diagnoses and conditions of the patients," according to the FBI statement. The defendant and his co-conspirators are alleged to have unlawfully submitted false claims of more than $1.1 million and obtained more than $375,000.

In total, hospitals operated by Mahmood, including Shelby Regional, were paid about $16.8 million by Medicaid and Medicare under the HITECH EHR incentive program for fiscal years 2011 and 2012, authorities say. But the federal indictment against Mahmood filed in April 2013 does not specify HITECH-related fraud. The federal case against Mahmood is working its way through the U.S. District Court of the Eastern District of Texas, and a trial date has not yet been set.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.