By: Christopher Parrella, Esq., CPC, CHC, CPCO
Parrella Health Law, Boston, MA
A Health Care Provider Defense and Compliance Firm

A recent settlement out of Massachusetts should get the attention of every health care provider that relies on clinical software risk calculators, decision support tools or embedded algorithms. The U.S. Attorney’s Office for the District of Massachusetts announced that PenRad Technologies Inc agreed to pay $529,069 to resolve allegations that its software configuration caused providers to bill Medicare and MassHealth for medically unnecessary breast cancer screening MRIs. No bribes. No kickbacks. No fabricated claims. Just software settings and silence. That is what makes this case so important.

PenRad’s software allowed providers to use the widely known Tyrer-Cusick breast cancer risk calculator. The tool itself is not the problem. It is publicly available widely used and clinically accepted. The issue was how it was configured and how that configuration was communicated. The Tyrer-Cusick documentation recommends that in clinical settings users enable a feature called “competing mortality” which accounts for the likelihood that a patient may die from something other than breast cancer. Enabling that feature typically lowers risk scores for older or medically complex patients.
According to the government, PenRad knew this recommendation. Internally PenRad recommended enabling competing mortality. But when customers upgraded software or added the Tyrer-Cusick function PenRad sometimes installed the calculator with competing mortality disabled and did not consistently tell customers that it should be enabled. At least one provider unknowingly used the calculator with that setting turned off. The result was inflated risk scores which then drove referrals for breast MRIs that were not medically necessary. Those MRIs were billed to Medicare and MassHealth.

That was enough for False Claims Act liability.

This case is a turning point because it shows how the government now views health technology. Software vendors are not just passive tools. Configuration choices, defaults and omissions, can be treated as causing false claims when they predictably drive unnecessary services. And providers are not insulated just because they trusted the software.
PenRad received cooperation credit under DOJ’s FCA guidelines which almost certainly reduced the settlement amount. But the underlying message is stark. If an algorithm nudges clinical decision making in a way that inflates utilization and reimbursement, the government will follow that thread. Whistleblowers are watching. Data analytics are watching. And prosecutors are now comfortable explaining to a jury how a software toggle translated into millions in federal health care spending.

For providers, the implications are immediate. Many practices rely on EHR embedded tools, risk stratification calculators AI assisted decision support and automated recommendations. Few clinicians or compliance teams review the default settings. Even fewer document why a particular configuration is clinically appropriate for their patient population. That is a problem. Here is the call to action. Providers must start treating clinical software the same way they treat billing compliance. Inventory every decision support tool you use. Understand what settings are enabled or disabled by default. Confirm that those settings align with published clinical guidance. Document that review. Train clinicians on what the software does and what it does not do. And most importantly do not allow software output to substitute for independent clinical judgment.

For software vendors, the lesson is equally clear. Silence is risk. If a configuration choice materially affects clinical outcomes and reimbursement, it must be communicated clearly consistently and in writing. Defaults matter. And when they are wrong they can become exhibits in a False Claims Act case.

The PenRad settlement is not about breast cancer screening alone. It is about how regulators now connect technology design to medical necessity and billing liability. Providers who take this seriously can reduce risk. Providers who ignore it are trusting that no one ever asks how the software actually works. If you have any questions or comments about the subject of this blog or want help reviewing your clinical software compliance exposure please contact Parrella Health Law at 857.328.0382 or Chris directly at cparrella@parrellahealthlaw.com.