Compliance Today - March 2026 | Learning from CIA and IRO audits: Health IT, medical necessity, and the new compliance risk landscape by Catherine Boerner

View all articles | Read the next article

 

Recent enforcement actions continue to highlight how compliance failures are rarely isolated events. The settlement involving Dr. Ameet Vohra and affiliated entities offers important lessons for compliance professionals, particularly regarding the intersection of health IT, clinical decision-making, and medical necessity oversight.

According to the government’s allegations, Vohra and his companies knowingly caused the submission of Medicare claims for medically unnecessary procedures, upcoded non-surgical wound care as surgical excisional debridement, and billed for non-billable evaluation and management services.1 Central to the allegations was a systemic approach: physicians were allegedly pressured, trained, and financially incentivized to perform debridement procedures regardless of patient need. Compounding the issue, the electronic health record (EHR) and billing systems were allegedly programmed to default to higher-reimbursed surgical codes and generate documentation designed to support those claims. While the settlement resolved allegations only, the resulting corporate integrity agreement (CIA) provides valuable insight into enforcement priorities.

The CIA’s independent review organization (IRO) health IT review is particularly instructive. The IRO is required to evaluate workflows and system functionality to ensure the organization did not add or modify features that “default, direct, steer, or otherwise override” provider code selection without confirming clinical appropriateness.2 This language reflects heightened regulatory scrutiny of EHR design. Compliance officers should proactively inquire about any system functionality, including templates, prompts, defaults, or AI-assisted coding tools that may steer providers toward higher-reimbursed services without independent clinical validation.

The CIA’s claims review further reinforces the significance of medical-necessity oversight. The IRO must assess paid claims against documentation, Medicare coverage rules, and facility records to determine if services were medically necessary, appropriately documented, and correctly coded. Importantly, well-crafted documentation alone is insufficient if it does not reflect actual, necessary care.

As healthcare organizations increasingly adopt AI for documentation and coding support, these risks are amplified. AI can streamline workflows and enhance compliance, but it can also replicate inaccuracies, promote copy-paste documentation, and obscure lack of individualized clinical decision-making. Compliance leaders should partner with utilization review, quality, and data analytics teams to monitor procedure frequency, outlier patterns, and repetitive documentation.

The core lesson is clear: compliance risk now extends upstream into system design and clinical workflows. Organizations are increasingly accountable not only for what they bill, but for how their technology and incentives shape provider behavior. Proactive governance, cross-functional oversight, and thoughtful deployment of AI are essential to mitigating this evolving risk.

Endnotes
  • 1. U.S. Department of Justice, Office of Public Affairs, “Vohra Wound Physicians and its Owner Agree to Pay $45M to Settle Fraud Allegations of Fraud Allegations of Overbilling for Wound Care Services,” news release, November 21, 2025, https://www.justice.gov/opa/pr/vohra-wound physicians-and-its-owner-agree-pay-45m-settle fraud-allegations-overbilling . 
  • 2. U.S. Department of Health and Human Services, Office of Inspector General, “Corporate Integrity Agreement with VHS Holdings, P.A. and Dr. Ameet Vohra; Vohra Wound Physicians Management, LLC; VHS Holdings, P.A.; Vohra Wound, Physicians of IL, S.C.; Vohra Post Acute Care Physicians of the East, P.A.; Vohra Wound Physicians of the, Mid-West, S.C.; Florida Post Acute Care Clinicians, LLC; Vohra Post Acute Care Physicians of Texas, PLLC;, Vohra Wound Physicians of the West, P.C.; Vohra Wound Physicians of CA, P.C.; Vohra Wound Physicians, of NY, PLLC; Vohra Post Acute Care Physicians of the Northeast, P.A.; Vohra Wound Physicians of FL, LLC,” effective November 20, 2025 (including Ameet Vohra, M.D., § III.E (Independent Review Organization – Health Information Technology Review)), https:// oig.hhs.gov/compliance/corporate-integrity agreements/browse-cias/vhs-holdings-pa/ . 

Compliance Today | March 2026

 

View all articles          Read the next article

 

 

Copyright © 2025 Health Care Compliance Association (HCCA). All rights reserved. All information provided through this site, including without limitation all information such as the "look and feel" of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms of Use and Privacy Statement.