Navigating Relationships With Practice Support and Other Tech Vendors

Skadden Publication / Enforcement in Life Sciences Series

Maya P. Florence

Enforcement in Life Sciences Series:

Key Cases in 2020 Reflect Emerging DOJ Focus for Pharmaceutical and Medical Device Makers

About the Enforcement in Life Sciences Series

Recent settlements between the U.S. Department of Justice (DOJ) and a range of FDA-regulated drug and medical device manufacturers provide a snapshot of the DOJ’s enforcement focus. These settlements involve new DOJ theories of liability or new ways of evaluating long-standing industry practices and may be harbingers of future DOJ enforcement activity. In this six-part series of client alerts, we take an in-depth look at the facts and legal theories in each case or set of cases, discuss what makes each novel and consider the compliance implications for each. You can find all the client alerts in the series here.

Part 3: Relationships With Practice Support and Other Tech Vendors

As new technologies and information systems develop with increasing speed, health care manufacturers face a proliferation of resulting vendor programs that may challenge manufacturers’ traditional compliance and review procedures. The DOJ’s Enforcement activity over the past year indicates where manufacturers might focus when designing operations and marketing efforts. For example, Practice Fusion, an electronic health records (EHR) vendor, entered into a deferred prosecution agreement (DPA) and civil False Claims Act settlement in July 2020 to resolve allegations that it extracted unlawful kickbacks from 14 pharmaceutical companies in exchange for implementing in its EHR software clinical decision support (CDS) alerts that were designed to increase prescriptions for those companies’ products.1 Specifically, in exchange for “sponsorship” payments from pharmaceutical companies, Practice Fusion allegedly allowed the companies to participate in developing the alerts, with the companies “setting the criteria that would determine when a health care provider received an alert, and in some cases, even drafting the language used in the alert itself.”2 In its discussions with pharmaceutical companies, Practice Fusion “touted the anticipated financial benefit to the pharmaceutical companies from increased sales of pharmaceutical products that would result from the CDS alerts,”1 and between 2014 and 2019, health care providers using Practice Fusion’s EHR software wrote numerous prescriptions after receiving CDS alerts that pharmaceutical companies participated in designing.1

Under the DPA, Practice Fusion admitted its understanding that “it was unlawful to sell CDS programs based on anticipated returns on investment” that a pharmaceutical company could achieve through the alerts, and unlawful that Practice Fusion received certain remuneration because the alerts could boost sales:3 In marketing the CDS alert, Practice Fusion promoted “that [the program] would result in a favorable return on investment for the [ ] company based on doctors” writing more prescriptions.1

Compliance Implications

The Practice Fusion settlement highlights the risks involved for pharmaceutical companies in partnering with technology vendors and other nontraditional marketing and promotion vendors. Arrangements involving these types of vendors, particularly those that entail new and emerging technologies, often require evaluating risks associated with novel, rather than well-established, programs. This challenge may be amplified because traditional company review procedures, such as legal review of vendor contracts or clearance processes for promotional material, may not be well-suited to identify novel risks and ensure they receive consideration from all relevant stakeholders. Adding to the complication, EHR and similar technologies may raise concerns regarding the use of information in a patient’s medical file to prompt physician prescribing behavior, which prosecutors previously have focused on in the reimbursement support space.

From a compliance perspective, companies should evaluate whether their mechanisms for reviewing vendor arrangements, which are often processed through procurement or marketing personnel, include consideration of risks that may arise under the Anti-Kickback Statute (AKS) and HIPAA. In assessing relationships with technology vendors, companies may want to examine the following questions:

  • What is the vendor being paid to do — and is such payment tied, in whole or in part, to recommending or arranging prescriptions of the manufacturer’s product? How is success measured, and does any measurement include a return on investment analysis?
  • What function within the manufacturer is involved in and funding the arrangement? Arrangements sponsored or funded by commercial functions are more likely to be perceived as promotional or intended to increase prescriptions.
  • What information or recommendations are being provided to physicians — and is the information or recommendation on-label (least risky) or based on well-accepted clinical guidelines? Note that on-label promotion alone does not immunize a relationship under the AKS.
  • Is personal health information involved? If so, does the relationship comply with HIPAA and applicable state health privacy laws?

Not all technology vendors offer expertise with and sensitivity to the compliance risks posed by health care fraud and abuse laws, HIPAA, and state privacy laws. Given this reality, in-house lawyers and compliance professionals at manufacturers need to be particularly vigilant in scrutinizing potential and ongoing arrangements with vendors. Rigorous documentation of legal and compliance review is important to ensure company records reflect the consideration given to identified risks, the measures implemented to control any identified risks and the contemporaneous basis for approval decisions. Finally, manufacturers should also establish means to monitor vendor relationships to verify that arrangements, as actually implemented, do not entail greater risk than perceived at the time of initial review and approval.


1 DOJ Office of Public Affairs, “Electronic Health Records Vendor To Pay $145 Million To Resolve Criminal and Civil Investigations,” January 27, 2020.

2 Practice Fusion, Inc. Settlement Agreement, ¶ D.

3 Deferred Prosecution Agreement, Statement of Facts ¶¶ 17-18. 

This memorandum is provided by Skadden, Arps, Slate, Meagher & Flom LLP and its affiliates for educational and informational purposes only and is not intended and should not be construed as legal advice. This memorandum is considered advertising under applicable state laws.