This story also ran on Fortune . This story can be republished for free ( details ). Derek Lewis was working as an electronic health records specialist for the nation’s largest hospital chain when he heard about software defects that might even “kill a patient.”

The doctors at Midwest (City) Regional Medical Center in Oklahoma worried that the software failed to track some drug prescriptions or dosages properly, posing a “huge safety concern,” Lewis said. Lewis cited the alleged safety hazards in a whistleblower lawsuit that he and another former employee of Community Health Systems (CHS) filed against the Tennessee-based hospital chain in 2018.

The suit alleges that the company, which had $14 billion in annual revenue in 2018, obtained millions of dollars in federal subsidies fraudulently by covering up dangerous flaws in these systems at the Oklahoma hospital and more than 120 others it owned or operated at the time.

The whistleblowers also allege that Medhost, the Tennessee firm that developed the software, concealed defects during government-mandated reviews that were supposed to ensure safety.

Both CHS and Medhost have denied the allegations and moved to dismiss the suit. The motions are pending. Last month, Department of Justice lawyers wrote in court filings that they were still investigating the matter and had not yet decided whether to take over the case.

Email Sign-Up Subscribe to KHN’s free Morning Briefing.

The lawsuit is one of dozens filed by whistleblowers, doctors and hospitals alleging that some electronic health records (EHR) software used in hospitals and medical offices has hidden flaws that may pose a danger to patients — and that a substantial chunk of the $38 billion in federal subsidies went to companies that deceived the government about the quality of their products, an ongoing Fortune-KHN investigation shows. The subsidies were designed to persuade hospitals and doctors’ offices to install software that would track the medical history of every patient and share the information seamlessly with other health care providers.

But the software makers allegedly gamed the system, repeatedly. Three major EHR vendors have made multimillion-dollar settlement deals — totaling $357 million — over Justice Department investigations which include allegations that they rigged or otherwise gamed the government’s certification test. At least two other companies are under investigation.

Beyond those cases, federal officials have paid hundreds of millions of dollars in subsidies to doctors and hospitals that could not show they were even qualified to receive them, according to federal officials. Nearly 28% of doctors and 5% of hospitals who attested to meeting government standards later failed audits. Federal officials told Fortune and KHN that they have clawed back $941 million in improper subsidies.

“We’re entering an entirely new area of health care fraud,” John O’Brien, senior counsel with the Department of Health and Human Services Office of Inspector General, said in a July 2017 video announcing a $155 million False Claims Act settlement with eClinicalWorks, one of the nation’s leading sellers of EHRs for physicians.

The concern is not just over wasteful spending of tax dollars. EHRs monitor the medicines people take and their vital signs, so software glitches that prevent doctors from accessing files quickly, that mix up patients or send vital test results to the wrong file can contribute to serious injuries, or even deaths.

In March, Fortune and KHN revealed that thousands of injuries, deaths or near misses tied to software defects, user errors and other problems have piled up in various government-sponsored and private repositories.

“Ultimately, it’s about patients getting the right care,” Andrew Vanlandingham, the HHS inspector general’s senior counselor for health information technology, said in an interview. He said that investigators are “gearing up” for more scrutiny of the important industry, including closer monitoring to make sure that records software is safe.

Leaping Into The Digital Era

In 2009, Congress committed billions of dollars in economic stimulus funds to bring the era of paper medical records to a close. Officials hoped to cut down on medical errors caused by illegible paper records and draw on the power of massive troves of medical data to drive down the cost of health care and help develop improved treatments for disease.

The hastily devised plan offered Medicare doctors and other medical professionals up to $44,000 and $64,000 in subsidies if they bought the software and accepted patients on Medicaid, the federal health care program for low-income people.

The money was intended to help them pay vendors to install EHRs in their offices. Hospitals, which required more sophisticated and costlier software, could receive millions in subsidies, based on the number of inpatients treated. To give them a nudge, officials warned doctors and hospitals that failure to wire up would trigger gradual cuts in their Medicare payments. EHR vendors had to meet certification standards set by the HHS Office of the National Coordinator for Health Information Technology, or ONC.

Providers had to attest that their EHR software could perform a variety of functions, which the government described as making “meaningful use” of the technology.

Certification was essentially an open-book test in which the government gave vendors the questions in advance — for instance, the names of 16 or so drugs the system would have to prescribe electronically to pass. The Justice Department has alleged that some vendors simply doctored their software to pass the test — for example, programming the required codes for just the specified 16 drugs they would be tested on, rather than all medicines — as officials had expected.

Frank Poggio who recently retired from a 45-year career in health technology, saw the cases of fraud coming, he said, because the tests “were superficial, and if you wanted to game it, you could game it.”

Poggio said there were many weaknesses in the system that allowed a vendor to show a “prototype” as opposed to live software.

Dr. Scott Monteith, a Michigan psychiatrist who served as an early certification juror, said he saw some limitations firsthand. He said one vendor took 30 minutes to produce a list of patients who had diabetes and also smoked, data he figured any computer program should be able to spit out in seconds. The vendor passed.

“That’s an example of how poorly thought-out the whole thing was,” said Monteith, who noted he was then, and still is, a big booster of EHRs.

Jeffery Daigrepont, a senior vice president at Coker Group, a firm that advises health providers on business decisions, said the government erred by handing out too much money in the early stages of the program, when many doctors and hospitals had not yet done much more than agree to participate.

“It was an upside-down pyramid,” he said. “You got the bulk of the money for doing the least amount of effort.”

Dr. John Halamka, a physician and Harvard Medical School professor who chaired the ONC standards committee, which wrote the certification rules, defended the process.

“The only problem [with certification] is that it presupposed that the product the vendor certified would be the same product they sold,” Halamka said. “It presupposes that people will go into the certification process and participate in good faith.”

That did not always happen in the rush to snatch up subsidy dollars, according to the whistleblowers’ suits. The Justice Department case against eClinicalWorks, which has 130,000 providers, accused the company of rigging tests to win certification, claims the company has denied. The company did not respond to numerous requests for comment.

The government accused Greenway Health, a Florida-based EHR developer with 75,000 providers, of doing the same thing. The DOJ’s complaint included a number of instant-message exchanges between Greenway employees in which they allegedly discuss their plan for gaming the certification process by “shortcutting some functionality” of the software. In February, Greenway Health settled with the government for just over $57 million without admitting wrongdoing.

The whistleblower case filed by Lewis and former co-worker Joey Neiman accuses the CHS hospital chain of submitting more than $385 million in false claims for EHR stimulus payments between 2012 and 2014.

Visiting the Oklahoma hospital as part of a troubleshooting team in June 2015, Lewis heard that physicians worried flaws in the system could result in patients being sent home “with the wrong drugs, doses or instructions,” according to the suit.

Things got so bad that local doctors were threatening to admit patients elsewhere unless the hospital fixed the software problems, according to the suit.

In a statement, CHS said it had “complete confidence” in its records systems. “The allegations made in the lawsuit against our hospitals are completely without merit,” the company said. Medhost denied its software has flaws, noting in its statement: “Hundreds of facilities have successfully used our software over the years and continue to do so today.”

Few in the industry seemed surprised by such allegations. When news of the eClinicalWorks case broke, Farzad Mostashari, who led the ONC from 2011 to 2013, tweeted: “Let me be plain-spoken. eClinicalWorks is not the only EHR vendor who ‘flouted certification/misled’ customers. Other vendors better clean up.”

The Electronic Health Record Association, a trade group that represents more than 30 vendors, did not respond to a request for comment. However, vendors have argued that they faced a tangle of regulations that required them to meet constantly shifting standards that government officials often could not explain.

ONC officials declined to answer written questions. But in a statement, ONC said it takes steps to ensure that products “are safe for patients and usable by providers.”

System Glitches And Accusations Of ‘Gaming’ The System

While the ONC sets the standards, the federal Centers for Medicare & Medicaid Services (CMS) had the job of paying doctors and hospitals that attested to meeting the “meaningful use” criteria. As of September 2018, CMS had paid out $38.4 billion in these funds.

In 2012, CMS hired accounting firm Figliozzi and Co. of Garden City, N.Y., which audited almost 50,000 medical professionals. Nearly 28% failed, despite the fact that they had previously attested to meeting the standards. Hospitals did better, posting a 5% failure rate. CMS officials said they have recovered some $941 million in these improper payments. The losses to the Treasury are likely far higher because only 14% of the medical professionals and 40% of the hospitals receiving payments were audited.

Michael Arrigo, who has served as an expert witness in health IT-related fraud and medical malpractice cases, said that in some cases EHR vendors misled hospitals about the challenges of replacing paper records with computers.

Others rolled the dice, apparently hoping the program was so large and complicated that they were unlikely to be targeted for audit. “Sometimes [providers] got away with it until a whistleblower found out,” Arrigo said.

Reviewing state and federal court filings, Fortune and KHN found more than two dozen cases, many filed by hospitals against vendors, which depict chaotic EHR installations and safety concerns as they pursued meaningful-use dollars.

Parrish Medical Center, a 210-bed public hospital on Florida’s Space Coast, is one. In December 2010, the Titusville hospital contracted with McKesson’s Enterprise Information Solutions. One of America’s largest companies, McKesson said its product would be easy for doctors and nurses to learn and help them “deliver high-quality, safe patient care.”

But the deal collapsed, prompting a bitter court battle in which the hospital repeatedly assailed McKesson’s competence. For instance, the hospital alleged that bugs in the software caused it to create more than one record for the same patient, a flaw dubbed a “major safety issue.”

An expert hired by Parrish said he contacted eight other hospitals, including three in Florida, which had dumped McKesson due to what he called “poor or unsatisfactory customer service.”

The medical staff at one of those hospitals was “up in arms” because it took 63 mouse clicks to look up a patient’s lab results, according to the expert’s report.

Parrish later signed on with another EHR vendor and the suit has since been settled. Both Parrish and McKesson declined to comment for this story. McKesson sold its health IT business to Allscripts in October 2017. Earlier this year, Allscripts reported to the Securities and Exchange Commission that government attorneys have requested documents from the company as part of an investigation into McKesson’s certification.

In another lawsuit, Weirton Medical Center, a hospital in West Virginia, stated in a court filing that it submitted “inaccurate” meaningful-use data to the government ― though it blamed the vendor. The hospital alleged the system failed to identify a patient who was critically ill and in the hospital. The hospital declined to comment to KHN and Fortune about the case, which has been settled.

Hamstrung By Technology?

ONC officials said they keep no log of complaints they receive.

A study published in JAMA this month found that 40% of the software that ONC singled out for post-marketing review had flaws that could lead to patient harm, including inaccurate drug codes, information displaying incorrectly and decimal points gone missing.

That’s “a concerning number, and we have to do something to address that,” said researcher Raj Ratwani, the director of the MedStar Health National Center for Human Factors in Healthcare and a co-author of the study. These systems were used in 786 hospitals and by 37,365 provider organizations, according to Ratwani, who said there’s no way to know how many defects have been fixed.

ONC has “decertified” about 100 pieces of once-approved software products. But most were tiny market players that had few or no users and went out of business. PlatinumMD, which had just 48 “meaningful” users, is an example. In a 2014 whistleblower lawsuit, San Diego urologist Dr. Scott Brown alleged that PlatinumMD filed for $18,000 in subsidies on his behalf even though it had not yet fully installed his EHR. In February 2016, the defunct company’s owners settled the case without admitting liability by paying the government $180,000.

Another 132 government-certified products have been flagged for corrective action due to “non-conformities.” As for the technology that the government alleges was fraudulently certified, it’s still used in health care settings across the country.

While those vendors faced multimillion-dollar settlements and now must operate under the oversight of a government monitor, their technology was not taken off the market. Nor were they dumped by many customers who, for the most part, however dissatisfied, were stuck with it.

ONC seemed to acknowledge that decertifying a large vendor would cause a major disruption, noting in an October 2016 regulation: “Our first and foremost desire would be to work with developers to address any problems.”

In the regulations, ONC cited the costs medical providers would face should their EHR vendor shut down as ranging from $33,000 to as much as $650 million.

“It is very difficult to switch product,” said Steve Waldren, chief medical informatics officer for the American Academy of Family Physicians. “You couldn’t just go down the street and pick up another EHR, put it in and move your data over.”

He noted that beyond the considerable cost of the technology, providers would have to take time to learn a new system.

“ONC does seem to have a stance that removing some of these players from the market would be very disruptive,” said Brad Ulrich, a Tennessee health IT expert. “They are almost too big to fail.”