The Justice Department's focus on EHR systems: Avoiding government scrutiny | Viewpoint

On July 2, 2025, the Department of Justice announced the creation of a False Claims Act (FCA) Working Group between the DOJ and the Department of Health & Human Services, Office of the Inspector General (HHS-OIG).

The Working Group will prosecute civil healthcare fraud under the FCA and focus on six priority areas.

The FCA imposes liability for submitting false claims to the government and can result in defendants paying treble damages (three times the amount of false claims submitted), plus civil penalties for each false claim submitted. Given the significant financial repercussions companies face, the FCA is a very powerful tool.

One of the FCA Working Group’s priority enforcement areas is “Manipulation of Electronic Health Records [EHR] systems to drive inappropriate utilization of Medicare covered products and services.” But given how common it is in the healthcare industry to use revenue optimization software and similar tools to capture and increase revenue, what characteristics might invite scrutiny from the Justice Department?

Revenue optimization tools are not inherently problematic. For example, many healthcare entities use charge capture tools to ensure clinical services are properly captured, clinical documentation improvement tools to write better, more specific descriptions in patients’ charts, and other types of software tools to automate coding, identify diagnosis codes, and perform auditing and compliance functions.

The use of AI is also being integrated into these software tools and EHR systems to further streamline and improve the documentation, coding, and billing processes.

However, when these tools lack appropriate oversight and compliance features, they have the potential to expose companies, including healthcare systems that utilize the tools, to significant liability. Several recent civil and criminal cases brought by the Justice Department illustrate these concerns.

In the DxID case, a Medicare Advantage Organization (MAO) used software that retrospectively reviewed patients' medical records and added diagnosis codes that were supposedly missed by providers or previous coders.

The MAO then submitted these additional codes to the government, which resulted in increased reimbursement amounts since such payments are driven by the severity of the patients' diagnoses. Often, however, the diagnosis codes added by the computer algorithm were not relevant to the patient's care, treatment, or management as required by the applicable regulations.

This disconnect between how the software operated and the regulatory requirements resulted in the United States filing a FCA lawsuit against the software company and the MAO, which settled for $98 million after three years of litigation.

Similarly, Modernizing Medicine, Inc. also faced a FCA lawsuit based on its automated coding software. The criteria in the algorithm did not fully incorporate the billing requirements for higher level outpatient visits or the use of certain modifiers, and that disconnect resulted in false claims being submitted to Medicare.

After a year and a half of litigation, the case settled for $45 million (part of which was also attributable to violations of the Anti-Kickback Statute).

EHR software that improperly influences providers or diminishes their independent medical judgment is also problematic.

For example, Practice Fusion implemented clinical decision support (CDS) alerts in its EHR software that physicians would receive when prescribing drug products. For a fee, Practice Fusion allowed pharmaceutical companies to participate in designing and drafting the CDS alerts, which were devised to steer physicians towards certain drugs. Practice Fusion entered into a $118.6 million civil settlement to resolve FCA allegations and a deferred prosecution agreement to resolve criminal allegations, which required Practice Fusion to pay over $26 million in criminal fines and forfeiture.

Below are steps healthcare companies can take now to monitor the appropriate use of its EMR system and incorporated technologies.

The government will rely on data to identify outlier CPT codes, diagnosis codes, and other metrics when attempting to identify improper manipulation of EHR systems. Therefore, providers should also monitor their data for outliers and consider whether any software tools are causing such outliers.

1. Knowledge of the problem is key to whether the government brings criminal or civil cases against companies and individuals. Therefore, companies should take concerns raised by physicians, employees, consultants, etc. seriously, appropriately investigate them, and document their resolution.
2. Companies should consider who is involved with the contracting and selection process for revenue optimization software and similar tools (or in the case of proprietary tools designed in house, who is involved in the design and approval process).
3. Companies should consult their compliance departments and/or rely on outside professionals, as appropriate, to perform due diligence and vet all vendors the company is considering.
4. Companies should consider its messaging to providers and employees relating to the implementation of revenue optimization tools, including during rollouts and in the course of trainings and other communications.

Jessica Sievert, Henry Leventis, and William Brady are partners at Holland & Knight.