Electronic Health Record (EHR) that are not properly put in BAA and not properly stored can be deemed improper and fraudulent:
Companies that gather and sell electronic health records systems and services may face liability for downstream improper storing and use of data. It requires having downstream agreements, such as business associate agreements (BAA), even with affiliated and subsidiary companies. It also requires maintaining systems that meet government certification standards. In addition, providers and hospitals may face liability for fraudulently claiming EHR incentive payments, or for submitting fraudulent bills based on EHR systems designed to improperly increase reimbursements. EHR marketing may also implicate unlawful kickbacks and other improper financial relationships. Healthcare employers and healthcare whistleblowers are on the lookout for electronic healthcare record fraud.