Regulation of Medicine


OIG Report Estimates That Medicare Paid Healthcare Providers Over $700 Million in Noncompliant EHR Incentive Payments

By: Scott R. Grubman, Esq. Gregory A. Tanner, Esq. Chilivis, Cochran, Larkins & Bever, LLP

On June 7, 2017, the Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) released a report estimating that Medicare paid over $729 million in improper electronic health record (EHR) incentive payments to healthcare providers who did not meet meaningful use requirements. 

Established in 2009 as part of the HITECH Act, and now partially incorporated into the Merit-Based Incentive Payment System under MACRA, the Medicare and Medicaid EHR incentive programs were created to promote the adoption and use of EHR and other health information technology to improve healthcare quality, safety, and efficiency. Under these incentive programs, professionals such as physicians, dentists, podiatrists, optometrists and chiropractors could be eligible to receive incentive payments from Medicare by adopting EHR in their practices and meeting certain “meaningful use” requirements.     

Between May 2011 and June 2014, Medicare paid over $6 billion to over 240,000 eligible providers. The OIG’s report was based on a random sample of 100 providers who had received at least one payment under the Medicare EHR incentive program. One issue the OIG found was that 12 of the sampled providers did not maintain or could not provide sufficient documentation to support their attestations that they had adopted required measures (e.g., did not provide a security risk assessment, or could not generate at least one report listing patients with a specific condition). The OIG also found that some providers had based their attestations on patient encounter data from periods less than a full calendar year, as was required. Additionally, according to the OIG, some providers incorrectly attested to having at least 50% of all patient encounters at a location equipped with a certified EHR, as was required. 

Of the 100 providers audited, the OIG found that 14 of the 100 had inappropriately received incentive payments totaling $291,222. Extrapolating its findings, the OIG estimated that Medicare has made over $729 million in inappropriate incentive payments to providers. The OIG also disclosed that it has identified 471 providers who were overpaid a total over $2.3 million after switching between the Medicare and Medicaid EHR incentive programs (providers can only participate in one incentive payment program, and if they switch between the programs, then they can only switch once, but then are not eligible for the higher first-year incentive rate for both programs).

Based on this report, the OIG made several recommendations to the Center for Medicare and Medicaid Services (CMS), including seeking recovery of the $291,222 it identified from the 14 providers included in the sample of 100, and seeking recovery of the $2.3 million from the 471 providers who were overpaid after switching between programs. The OIG also recommended that CMS review its incentive programs to identify other providers who did not meet meaningful use requirements and attempt to recover the estimated $729 million. In response to this recommendation, CMS responded that is has implemented risk-based audits that it will use to identify providers who inappropriately received incentive payments after not meeting meaningful use criteria. Thus, the OIG has identified both actual and potential improper incentive payments to providers, and CMS has plans to identify and recover such potentially inappropriate payments.

Not only does this report make it likely that government regulators will soon come after healthcare providers that received improper meaningful use payments, but also raises the specter that the OIG and the Department of Justice will open fraud investigations under the False Claims Act and other relevant statutes against such providers, where appropriate. Although it is impossible to completely eliminate the risk of liability, healthcare providers should consider taking some or all of the following actions to lower that risk:

  • Ensure that any and all information sent to the government to support any sort of government payment is 100% complete and accurate (to the best of the provider’s knowledge)
  • Document all steps taken to ensure the completeness and accuracy of information that is sent to the government, and retain that documentation for at least 6 years, if not longer
  • Strongly consider self-disclosure to the government upon receiving any credible information that you may have received money from the government that you should not have received
  • In the event that you receive a subpoena or some other type of correspondence from a government agency or contractor related to potential improper payments, contact MagMutual immediately so that it may put you in touch with an attorney to assist you in responding




Want to learn more?

Interested in how MagMutual can help?

View our products


The information provided in this resource does not constitute legal, medical or any other professional advice, nor does it establish a standard of care. This resource has been created as an aid to you in your practice. The ultimate decision on how to use the information provided rests solely with you, the PolicyOwner.