Let's Break Some Laws: Health IT

If you’re a part of the HHS or Office of the National Coordinator, please know I’m kidding. But, I hope this sheds a light on some of the gray areas of existing policies.

I recently had an interaction with an EHR company that had they been a certified developer would have likely violated anti-kickback and information blocking. However, because these acts and statutes are written to apply to a very specific subset of companies, this EHR company falls outside of the section of the market has to comply.

So, what happened?

I reached out to an EHR/PM company hoping to integrate my solution with theirs because we aim to serve a somewhat similar customer base. Their response stated:

• Not accepting new integrations for a period of several months

• When they do accept new integrations they are going to base it off of how many referrals I’ve sent their way to sign up for their EHR platform so they suggest I join their referral program

I’m not naming this company because the intent of this post is to draw comparisons between how regulatory policy impacts businesses that are incredibly alike and compete for similar business yet differ in operations due to a federal certification.

This company is not alone in these practices and even having an integrations program at all is more interoperable than many other non-certified EHRs.

In another article, I wrote about why the anti-kickback statute applies to ONC certified EHRs. There are example court cases like the 2021 case that required Athena to pay millions or the recent case of NextGen in 2023.

The court case rulings provide that ONC certified EHRs must comply with the anti-kickback statute is because providers receive financial incentives to use certified EHRs from the Medicare EHR incentive program. Since federal funds are now involved, the DOJ doesn’t want unnecessary activities driving up the costs of EHRs or unethical practices persuading providers which EHRs to use.

In practice, this looks like ONC certified EHRs not having referral programs. Or, if you read the full article I wrote, being extremely careful about any programs they do have. On the flipside, non-certified EHRs have taken the liberty to create partner programs as advanced and performative as leading SaaS companies. Here’s a few referral programs.

1. SimplePractice

   1. Refer a colleague

   2. Affiliate Program

2. Practice Better

   1. Customer Advocates

   2. Affiliate Partners

3. Healthie

   1. Affiliate Program

4. TherapyNotes

   1. Referral Program

I was also able to find Athena’s referral program which entails an Agreement for Lead Identification. Athena pays both for an initial meeting and a success based payment if the lead becomes a customer, with different amounts depending on the number and type of providers……I’m guessing this is old and no longer used… because WOW could you make some wild money from that program.

Information blocking “Actors”

Now when it comes to information blocking, not everyone has to comply. Only “Actors” have to comply. Non-certified health IT developers (who aren’t HIEs) are also not considered actors under information blocking. You can read more about who is an “actor” here. Therefore EHRs like SimplePractice, Practice Better, TherapyNotes, and many others don’t have to comply with the same regulations that certified health It developers do.

This is kinda weird, right?

According to the letter of law, it seems like this company is technically doing nothing wrong. They don’t have to comply with anti-kickback according to case precedent or information blocking according to who qualifies to be an “actor.”

Some personal commentary

For decades there’s been conversations on what is the United States federal government’s role in healthcare. Where can the government step in and where can’t they? In many industries, the government has to be careful not to overstep. However, rightfully so, healthcare’s a bit different. In the court’s rulings it appears the federal government is using EHR incentive payments as the tie to the government funds in order to be able to step in and police kickback payments and information blocking.

Even if the intent of tying their right to police the space to federal funds is well-meaning, becoming a certified developer of Health IT can be very long, intensive, and optional process. Sure, Epic, Cerner, Meditech, and other inpatient hospitals will ALL be certified as their customers will demand it. But, when you get into private practice, independent medical groups, and non-medical healthcare providers you enter into a world that is both certified and non-certified. For example, hundreds of thousands of mental health providers use non-certified technology.