The FCA Insider

The FCA Insider

Insights and updates on False Claims Act Litigation


OIG Issues Advisory Opinion Approving Supermarket Pharmacy Loyalty Program

On December 17, 2019, the Office of Inspector General (OIG) issued an Advisory Opinion regarding a proposed supermarket loyalty program that would have provided customers with rewards points on out-of-pocket costs related to the purchase of pharmacy products. OIG determined that while the proposal would implicate the Federal anti-kickback statute (AKS) and the prohibition on beneficiary inducements under the civil monetary penalties (CMP) law, the arrangement would satisfy the CMP law’s exception for retailer rewards and pose minimal risk under the AKS.

The requester operates over 200 grocery stories, approximately half of which operate in-store, full-service pharmacies. The stores operate a loyalty program under which customers may earn points for every dollar spent on “qualifying” purchases.  In particular, qualifying purchases do not currently include costs related to pharmacy items or immunizations. The requester inquired as to the permissibility under federal fraud and abuse laws of expanding the rewards program to include out-of-pocket costs paid in connection with pharmacy products. Rewards points earned on pharmacy products would be available to the general public and subject to the same restrictions (such as expiration dates and point limits) that apply to all other rewards points.

The OIG concluded that although the proposed arrangement would implicate the federal anti-kickback statute and the CMP statutes regarding beneficiary inducements, but would satisfy the requirements of an applicable exception to the definition of remuneration and pose a low risk of fraud and abuse. Specifically, the OIG reasoned that the proposed arrangement would fall under an exception for retailer rewards programs, where:

(1) the rewards consist of coupons, rebates, or other rewards from a retailer;

(2) the rewards are offered or transferred on equal terms available to the general public, regardless of health insurance status; and

(3) the offer or transfer of the rewards is not tied to the provision of other items or services reimbursed in whole or in part by the Medicare or Medicaid programs.

The OIG concluded that the proposed arrangement meets all of these criteria. Furthermore, the OIG concluded that the proposed arrangement would pose a low risk of fraud and abuse under the federal anti-kickback statute for two reasons. First, the risk that the proposed arrangement would drive customers to requester’s supermarkets to purchase federally reimbursable items or services is unlikely. Second, the proposed arrangement would not involve a waiver or reduction in cost-sharing amounts, therefore, the risk of over-utilization or increased costs to the federal health care programs is also small.

Accordingly, the OIG concluded that it would not impose administrative sanctions on the requester in connection with the proposed arrangement. As with all OIG opinions, this conclusion only applies to the proposed arrangement however, it is an informative illustration for those evaluating similar loyalty programs.  If you have any concerns with your compliance with federal fraud and abuse law or the contents of this alert, please contact any member of our health care department, including the authors of this alert.

CMS Guidance, Regulatory

CMS Internal Memorandum Clarifies Impact of Supreme Court Decision on Enforcement Practices

The Deputy General Counsel and Chief Legal Officers at the U.S. Department of Health and Human Services (HHS) Centers for Medicare & Medicaid Services (CMS) recently issued an Internal Memorandum clarifying that a recent Supreme Court ruling may limit HHS’s enforcement practices going forward. Consistent with the Court’s ruling, the Memorandum clarifies that subregulatory guidance issued without notice-and-comment rulemaking may not be used as the sole basis for an enforcement action when such guidance creates or changes a substantive legal    standard.

The Supreme Court issued a ruling earlier this year in Azar v. Allina Health Services, invalidating a CMS payment policy due to the Agency’s failure to provide the public with a notice-and-comment period. The Court reasoned that the policy created a “substantive legal standard,” requiring a notice-and-comment period, and noted that the government cannot evade such notice-and-comment obligations by establishing or changing an “avowedly ‘gap’-filling policy.”

The CMS Memorandum references the Allina ruling and notes that CMS payment rules often form the basis for enforcement actions and would therefore be subject to the rulemaking procedure requirements set forth in Allina. Significantly, the Memorandum points out that guidance and policies promulgated without notice-and-comment rulemaking procedures may not be documents upon which the Agency can predicate enforcement actions. If such guidance documents are to be used as the basis for enforcement actions, the Memorandum clarifies that such documents must comply with Allina.

Specifically, the Memorandum points to Internet-Only Manuals (IOMs) and preamble text published with final rules that are sometimes cited in enforcement actions. To the extent that these texts are closely tied to existing statutory or regularity requirements, they can be implicated in enforcement actions. Because such subregulatory guidance does not substantively establish or change a legal standard, it meets the Allina requirements because it merely aids in demonstrating whether or not parties have failed to meet statutory or regulatory requirements. Where such IOMs and guidance documents issued without notice-and-comment set forth payment rules that are not closely tied to statutory or regularity language, the Memorandum warns that such documents are not validly issued under Allina and therefore cannot be used as the sole basis for enforcement action.

The critical question—according to the Memorandum—is whether the enforcement action can be brought absent the guidance document. Where such actions cannot be brought absent a guidance document, then the guidance document establishes a norm and implicates the notice-and-comment requirements of Allina.

The Memorandum notes that Local Coverage Determinations (LCDs) do not implicate the Allina requirements as they merely reflect payment determinations, are not binding on HHS and therefore do not establish or change substantive legal standards. Under Allina, however, LCDs may not be used as the sole basis for enforcement actions. Similarly, the Memorandum clarifies that neither Stark Law advisory opinion nor statutorily-authorized fraud and abuse waivers would require notice-and-comment rulemaking.

*         *         *         *         *

While CMS has not commented on the Memorandum, the Memorandum ends with an assurance that legal counsel will continue to work with CMS to “identify particular guidance documents that might be appropriate to issue through notice-and comment-rulemaking on a more expedited basis.”

Consequently, there may be an uptick in guidance documents being pushed through the notice-and-comment process so as to stand as the basis of enforcement actions. We will continue to monitor and provide updates accordingly. In the meantime, if you have any concerns with your compliance with federal fraud and abuse law or the contents of this alert, please contact any member of our health care department, including the authors of this alert.


DOJ, Individual Liability, Settlements

DOJ Settlement Resolves Allegations of Individual Liability

On October 4, 2019, the U.S. Attorney’s Office for the Central District of California announced a settlement in which the Retina Institute of California Medical Group, its former CEO, and several of its physicians paid the United States and California approximately $6.65 Million to settle False Claims Act allegations.  The settlement related to accusations of billing for unnecessary eye exams, improperly waiving Medicare co-payments, and violating other regulations.

 Between January 2006 and August 2017, the retinal group allegedly billed public health programs by misclassifying simpler exams as being more complex and using billing codes for patients with severe or emergency conditions. The retinal group also allegedly waived Medicare co-payments and deductibles without proper documentation of financial hardship and without reasonable collection efforts, which was viewed as intending to induce referrals.  Finally, the Department of Justice’s press release note that the defendants allegedly billed Medicare and Medicaid for “medical services that weren’t performed, were unnecessary, not documented in the medical record or were not in compliance with applicable rules and regulations.”

The arrangement described above was uncovered as a result of a whistleblower claim filed by Bobbette Smith and Susan Rogers who worked for the retinal group as administrators.  The case was initially filed in 2013 and unsealed in 2016.

The settlement serves as yet another reminder of the Department of Justice’s increased focus on individual liability and refusal to allow the resolution of allegations against a corporation to provide protection to individuals accused of engaging in wrongdoing.  These principles – memorialized in the September 2015 Yates Memo – have resulted in a significant uptick in the number of cases brought against corporate executives and settlements involving the resolution of individual liability.



HHS to Ease Fraud and Abuse Rules Part 5: CMS Proposes Value-Based Arrangement Stark Exceptions

As discussed in an Oct. 9 alert, the Department of Health and Human Services announced two proposed rules to significantly amend the Physician Self-Referral Law (Stark Law), the federal Anti-Kickback Statute and the Civil Monetary Penalties Law. This client alert, the fifth in McGuireWoods’ summary series on these proposed rules, focuses on the Centers for Medicare & Medicaid Services’ (CMS) three proposed Stark Law exceptions aimed at reducing the regulatory burdens that healthcare providers long have claimed prevented value-based payment model adoption. Stark Law is a strict liability statute, which prohibits a physician from referring a Medicare beneficiary for designated health services (DHS) to an entity with which the physician has a financial relationship, unless that financial relationship meets all of the delineated requirements of an applicable exception.

The Stark Law proposed rule stems from HHS’ Regulatory Sprint to Coordinated Care (discussed in a Sept. 26, 2018, client alert), which outlines the agency’s desire to incentivize value-based arrangements and patient-care coordination by expressly permitting certain activities that could be deemed problematic under current law. CMS’ proposed changes to Stark Law were released on the same day the HHS Office of Inspector General (OIG) proposed new value-based arrangement safe harbors under the Anti-Kickback Statute, to be discussed in a forthcoming alert.

CMS indicated that it seeks to adopt the new value-based arrangement Stark Law exceptions to address the transition away from traditional fee-for-service reimbursement to value-based reimbursement and care-coordination incentives. HHS has granted certain limited fraud and abuse waivers for participants in various value-based and care-coordination initiatives to avoid the strict liability of the Stark Law when a value-based financial relationship would not meet an exception. These waivers, however, do not apply to commercial payor-led or provider-driven activities that nonetheless could implicate the Stark Law, including certain capitation, shared savings, gainsharing and bundled payment programs. CMS and HHS developed this proposed rule to address worries that these restrictions impeded the goals of the Regulatory Sprint.

The following summarizes eight key aspects of the proposed Stark Law changes, intended to reduce regulatory hurdles and afford healthcare providers greater flexibility when participating in a value-based enterprise (VBE).

Three new value-based exceptions. The financial risk assumed by the parties to a VBE would dictate which of the three exceptions would apply to a particular arrangement, with additional safeguards required for arrangements that carry less financial risk for providers. Each of the proposed exceptions would protect remuneration made to a physician by other participants in a VBE, regardless of payor, if it fits the applicable exception’s requirements. A key feature of each of these exceptions is that they do not include the traditional requirements for existing Stark Law exceptions that payments be commercially reasonable, consistent with fair market value, and not vary based on the volume or value of referrals. Instead, as discussed below, each exception would have its own requirements, provided that the VBE is organized as a group of providers, suppliers and other actors collaborating to achieve at least one value-based purpose (as discussed further in point two below). The three types of VBE for which exceptions have been proposed are distinguished as follows:

Full financial risk. The VBE prospectively takes on full financial risk from a payor for all patient care and services related to a target patient population for a specified time period.

Meaningful downside financial risk. The VBE places meaningful downside financial risk on the physician VBE participant for failing to achieve the value-based purpose. CMS proposed “meaningful downside” to mean either where 25 percent of remuneration value paid under the arrangement is at risk or where the physician is prospectively responsible for the cost of all or a defined set of patient-care items for each patient in the target patient population.

General VBE arrangement. The VBE adopts other value-based arrangements to achieve a value-based activity meeting the requirements discussed in this alert, but which provide only potential financial upside for a physician participant.

New exceptions would allow remuneration involving referrals. Due to the nature of value-based arrangements, the proposed exceptions would not prohibit remuneration conditioned on referring patients included in the VBE’s target patient population. For example, if the value-based arrangement focuses on joint replacements, these exceptions would allow conditioning remuneration to the physician on referring joint replacement treatment to certain facilities (but notably would not permit a requirement that the physician refer all of his or her orthopedic patients to such facility). VBE participants could then receive remuneration based on these referrals if the remuneration furthers the value-based purpose.

As noted above, this is a departure from many existing exceptions prohibiting payments that vary based on the value or volume of DHS referrals or other business generated between the physician and a DHS entity. CMS noted it is considering including a volume/value variation limitation in the general VBE arrangement exception, citing its concerns that value-based arrangements utilizing this exception are more susceptible to abuse of Medicare or patients because the parties do not assume any meaningful downside financial risk. In addition, any physician remuneration conditioned on referrals needs to satisfy CMS’ longstanding policy within the Stark Law that excludes from such referral requirements patient or insurance preference, and the best interest of the patient.

Certain requirements would apply to all three proposed exceptions. Each of the three exceptions proposed by CMS must meet the following universal requirements.

Remuneration must relate to activities achieving a value-based purpose. In order for a VBE to qualify for an exception, VBE participants would need to engage in certain care activities for a specific target population with the aim to achieve one of the following proposed value-based purposes: (a) coordinating and managing the care of a target patient population; (b) improving the quality of care for a target patient population; (c) reducing the costs to, or growth in expenditures of, payors without reducing the quality of care for a target patient population; or (d) transitioning to payment mechanisms based on quality of care and control of costs of care for a target patient population.

Notably, this proposed definition of “value-based purpose” could be seen as vague in light of CMS’ stated desire to permit a wide variety of efforts, ranging from mandatory post-discharge meetings, to incentives to reduce unnecessary care or shared-savings payments. Note that CMS sought feedback to refine its position, and has specifically requested comments on whether it should mandate that the VBE achieve quality of care goals before pursuing cost-sharing. Expect commenters to go beyond addressing CMS’ requested feedback and ask CMS whether specific arrangements satisfy CMS’ meaning of activities achieving value-based purposes.

Prohibition on inducements that reduce medically necessary treatment. CMS sought to safeguard the provision of items or services that are medically necessary, recognizing that VBEs, which include financial downside, could encourage patient-care stinting (underutilization). Though CMS noted that other Medicare regulations ensure patient safety and quality of care are maintained, the proposed exceptions would prohibit remuneration as an inducement to limit or reduce the provision of medically necessary services or items to any patient, even non-Medicare beneficiaries and those outside the target patient population.

Record retention. CMS proposed requiring VBE participants to record the methodology and actual amount paid under a value-based arrangement for a six-year period and make such records available upon request to the HHS secretary. As CMS noted, its regulations already require record retention for certain prongs of the Stark Law “group practice” definition and certain exceptions like those for physician recruitment (although those requirements do not mandate a specific retention period).

Key differences among the exceptions. Overall, CMS believed that the value-based arrangement exceptions needed “fewer ‘traditional’ requirements to ensure the arrangements they protect do not pose a risk of program or patient abuse … [as] value-based health care delivery and payment system[s] itself provides safeguards.” That said, as noted above, the proposed exceptions provided the fewest requirements for VBEs assuming full financial risk “with the requirements increasing and changing as the level of financial risk in the value-based arrangement diminishes.” In this manner, there are unique requirements for the three exceptions due to their respective structures.

Duration of risk. CMS proposed that VBEs be at risk (whether full or meaningful downside, depending on the applicable exception) during the entire duration of the value-based arrangement. Arrangements that begin compliant with the applicable exception but continue to a time when such financial risk no longer exists, such as a circumstance where risk-sharing ends, would no longer receive protection under the applicable exception, and would require a different exception to comply. CMS did propose, however, to allow VBEs to utilize the full financial risk exception for six months prior to achieving full risk on the VBE.

Remuneration set in advance. While the full financial risk exception does not require that the methodology for determination of remuneration be set in advance, CMS proposed a set-in-advance requirement under the meaningful financial risk exception and the general VBE arrangement exception. CMS noted that, for purposes of these exceptions with lower or no risk-sharing, a prospective methodology must be determined before healthcare providers furnish the items or services for which the remuneration is provided. CMS did not, however, mandate the actual aggregate remuneration amount to be set in advance or even be fair market value.

Signed writings. Most Stark Law exceptions require signed writings documenting a particular arrangement. CMS did not propose a signed writing requirement for the full financial risk exception (beyond a governing document or contract for the VBE), but would mandate a written description for the meaningful financial risk exception and a signed writing for the general VBE arrangement exception. This latter signed writing requirement would require VBEs to describe (i) the value-based activities to be undertaken, (ii) the activities furthering the value-based purposes of the VBE, (iii) the target population, (iv) the type or nature of the remuneration, (v) the methodology to determine remuneration and (vi) the performance or quality standards measured against the remuneration recipient.

Performance or quality standards. CMS acknowledged the need for monitoring of performance and quality standards to ensure the VBE is furthering its value-based purpose. It sought comment on how best to require VBEs to monitor these standards and when the failure to meet such standards should negate the ability to use the applicable Stark Law exception.

New exceptions would protect only compensation arrangements. CMS proposed to protect only compensation arrangements to which a physician is a party, and not any direct ownership relationships or distributions associated with such ownership. In excluding ownership, CMS indicated that receiving a return on investment is not a value-based activity, so a physician’s return on an investment interest in a VBE would not qualify for protection under a value-based arrangement exception. Notably, protected indirect compensation arrangements could include unbroken chains of financial arrangements which include both ownership and compensation arrangements between parties, provided that the financial relationship in the chain closest to the physician is a compensation arrangement that meets a value-based exception, even if other ownership relationships exist elsewhere in the chain of financial relationships. CMS sought comment on these and other formulations that commenters are likely to respond to during the open comment period.

Remuneration may be nonmonetary. CMS proposed that the value-based exceptions protect nonmonetary remuneration in addition to monetary remuneration. This would provide VBEs the opportunity to offer physician participants remuneration such as electronic health record items and services, care-coordination services, and shared staff to promote value-based activities. CMS sought comments on two alternatives here. In the first alternative, CMS proposed limiting the protection of the general VBE arrangement exception to nonmonetary remuneration only, as OIG is doing in its Anti-Kickback Statute proposed rule, and sought comment on whether such a limitation would inhibit the transition to a value-based healthcare system. In the second alternative, CMS proposed requiring physicians to pay 15 percent of the cost of nonmonetary remuneration, as the electronic health record donation exception currently requires, which McGuireWoods lawyers addressed in part three of this series on Nov. 1, 2019.

Price transparency. CMS noted it is also considering whether to include price transparency provisions in these exceptions in response to recent bipartisan actions and administration executive orders promoting price transparency. Such provisions could require physicians to alert patients that their out-of-pocket costs for items and services can vary across referral locations. CMS believed providers would likely be allowed to meet this requirement through signage or patient consent forms.

VBE participants. As mentioned above, VBEs are organized groups of providers, suppliers and other actors who collaborate to achieve at least one value-based purpose. To be clear, the “enterprise” would not need to be a single legal entity; rather, it could be a network of providers or a series of contracts among providers. VBEs would need an accountable body or person responsible for financial and operational oversight, and must have a governing document describing how VBE participants intend to achieve their value-based purposes.

Notably absent from the definition of VBE participant are certain providers and suppliers, including pharmaceutical manufacturers and suppliers of durable medical equipment, prosthetics, orthotics and supplies, as well as laboratories, pharmacy benefit managers and wholesalers; each would be unable to make payments to a physician pursuant to one of the new exceptions. CMS noted that while this formulation would effectively exclude a direct compensation arrangement between a physician and one of these provider or supplier entities, it would not prevent such providers and suppliers from participating in or contributing to a VBE (provided they are not making payments to physicians). This decision was due to CMS’ belief that these entities lack direct patient contacts and play a minimal role in patient-centered care and ongoing concerns relating to fraud and abuse. CMS sought comment on their exclusion. Expect these provider entities to advocate for their inclusion in response to the proposed rule, which CMS appeared to request by asking for feedback on how such entities could participate in value-based arrangements.

*          *          *          *          *

Through these proposals, CMS sought to balance a need for innovation in the health system with the potential for improper inducements prohibited by the Stark Law, by creating three new value-based arrangement exceptions. CMS aligned its proposal with OIG’s proposed Safe Harbors relating to value-based arrangements, to be discussed in a forthcoming alert. These proposed value-based arrangement exceptions would provide greater flexibility for providers to enter into non-conventional compensation arrangements aimed at rewarding value and care coordination while attempting to provide meaningful safeguards to protect against patient and program abuse. Overall, many providers will likely support these changes, notwithstanding that providers may have desired fewer requirements to meet the proposed Stark Law exceptions.

The proposed changes are subject to a public comment period, open until Dec. 31, 2019. Please do not hesitate to contact a McGuireWoods attorney or one of the authors of this alert for more information regarding these proposed rules or for assistance in preparing a comment to them. After the open comment period, the government will review and may finalize the rule with any desired changes to reduce Stark Law burdens on providers as soon as early 2020.

Given the significance of these proposed changes, McGuireWoods plans to provide additional analysis and summaries on these proposals. To review previous guidance on these proposed rules, click on the links at the bottom of McGuireWoods’ Oct. 10, 2019, alert.


OIG Redesigned Hotline Webpage

The Office of Inspector General (“OIG”) recently launched a new, redesigned hotline webpage to better guide the public through the tip and complaint reporting process. The OIG hotline operations accepts tips and complaints from all sources regarding potential fraud, waste, abuse, and mismanagement in the U.S. Department of Health and Human Services’ (“HHS”) programs. The OIG receives nearly 115,000 complaints each year. Much of this information, as reported in the OIG’s promotional video, has led to thousands of referrals for further action. Therefore, the OIG stated it is imperative that users understand the complaint and submission process, which it hopes the updated webpage will help facilitate. The OIG’s updated hotline webpage creates a more user friendly environment and a better experience for the complainants.

On the new website, users can find guided questions, mobile compatibility, and more information regarding the types of complaints that the OIG investigates. The updated hotline page includes a section titled “What You Need to Know.” This section contains a link to information for the complainant to review before they submit a complaint. The information on found at this link includes a list of the types of claims the OIG investigates and a list of complaints not addressed through the OIG hotline. The new hotline website lists the following as the types of complaints it investigates: (1) Complaints for HHS employees, grantees or contractors about fraud, waste, abuse or mismanagement in HHS programs (whistleblower complaints); (2) crime, gross misconduct, or conflicts of interest involving HHS employees, grantees or contractors; (3) fraud, waste, or abuse relating to HHS grants or contracts; (4) false or fraudulent claims submitted to Medicare or Medicaid; (5) kickbacks or inducements for referrals by Medicare or Medicaid providers; (6) medical identity theft involving Medicare and/or Medicaid beneficiaries; (7) failure of a hospital to evaluate and stabilize an emergency patient; (8) abuse or neglect in nursing homes and other long-term-care facilities; and (9) human trafficking by HHS employees, contractors or grantees to include procuring a commercial sex act. There is also information regarding what is needed for the complaint, privacy safe guards, what to expect after a complaint is submitted, and how to appeal an OIG hotline operations complaint decision.

In addition to submitting a complaint online, complainants may also forward their tip via phone or mail, as indicated on the updated website. However, the OIG notes in its promotional video, that online complaint submission is preferred because of the efficiency. It also allows individuals the opportunity to submit supporting documents, along with their complaints. Supporting documents cannot be submitted via the other types of complaint submissions.

The OIG emphasized the importance of the updated Hotline website, by stating that the new site will provide complainants with much more information than they previously had available to them. The updated site will guide complainants in filing complaints that the OIG can act on. The OIG stressed that, while they are not able to provide complainants with a status on their tip or complaint, the complainants’ role is very important, and the OIG would be unable to stamp out fraud, waste, and abuse without their assistance.

Given the OIG’s focus on increasing the simplicity in allowing the public to notify it about potential fraud and abuse issues, we will not be surprised if there is a quick and significant increase in the number of complaints filed.  This, in turn, could lead to increased investigatory activity by the OIG. We will continue to provide updates as the OIG publishes information about its updated hotline.


Updated Civil Monetary Penalties

The Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015 requires agencies to adjust civil monetary penalties for inflation annually. Effective November 5, 2019, the Department of Health and Human Services released updated civil monetary penalties for the regulations its agencies are responsible for enforcing.

Below are key changes applicable to healthcare providers.

  1. The physician self-referral law, commonly known as the Stark Law, imposes civil monetary penalties for referring certain designated health services to an entity in which a physician has a financial relationship and for billing for those services. In 2018, the penalty per claim was a maximum of $24,748. The annual adjustment for 2019 increases this to $25,372 per claim.
  2. The federal anti-kickback statute imposes civil monetary penalties for knowing and willful solicitation, receipt, offer, or payment of remuneration for referring an individual for a service or for purchasing, leasing, or ordering an item to be paid for by a Federal health care program. In 2018, the penalty per violation was a maximum of $100,000. The annual adjustment for 2019 increases this to $102,522.
  3. The Civil Monetary Penalty Law also prohibits offering remuneration to induce beneficiaries of Federal health care programs to use particular providers, practitioners, or suppliers. In 2018, the penalty per violation was a maximum of $20,000. The annual adjustment for 2019 increases this to $20,504.
  4. The False Claims Act prohibits knowingly presenting or causing to be presented a false or fraudulent claim under to the federal government. In 2016 (when the dollar amounts were last updated), the penalty for violating this prohibition was $10,000 per claim. The 2019 adjustment increases this to $10,461. The False Claims Act also prohibits making, using, or causing to be made or used a false record or statement material to a false or fraudulent claim. In 2016, the penalty for violating this prohibition was $50,000 per violation. The 2019 adjustment increases this to $52,308.

As always, healthcare providers should be mindful of the landscape of regulatory requirements that govern their business. The penalties for violations are large, and, as demonstrated by this 2019 update, the federal government is consistent in increasing the potential liability.


Changes to CMS’ Conditions of Participation Regulations for Providers Take Effect Nov. 29

Healthcare providers should begin finalizing plans to implement the Centers for Medicare and Medicaid Services’ Omnibus Burden Reductions (conditions of participation) final rule, which becomes effective Nov. 29, 2019. The final rule, issued Sept. 26, 2019, is intended to remove Medicare regulations, contained primarily in providers’ conditions of participation that CMS has identified as unnecessary, obsolete or excessively burdensome on healthcare providers and patients. The rule finalizes the provisions of three distinct proposed rules:

  • Regulatory Provisions to Promote Program Efficiency, Transparency, and Burden Reduction (Omnibus Burden Reduction), published Sept. 20, 2018
  • Hospital and Critical Access Hospital Changes to Promote Innovation, Flexibility, and Improvement in Patient Care, published June 16, 2016
  • Fire Safety Requirements for Certain Dialysis Facilities, published Nov. 4, 2016

The final rule represents a continuation of CMS’ Patients Over Paperwork initiative to reduce regulatory burdens on the healthcare industry, as discussed in a July 9, 2019, McGuireWoods client alert.

CMS estimates that, within the first year of implementation, the changes made by the final rule will save providers and suppliers an estimated 4.4 million hours previously spent on paperwork and roughly $8 billion per year over the next 10 years. The final rule contains many revisions that impact a wide array of providers.

Below are key changes applicable to four specific provider types.

1) Hospitals

Upon implementation of the final rule, CMS will permit a hospital system (defined as a system consisting of two or more separately certified hospitals subject to a system governing body legally responsible for the conduct of each hospital), to elect to have a unified and integrated Quality Assurance and Performance Improvement (QAPI) program for all of its member hospitals subject to compliance with state and local laws. This change is intended to help hospitals increase efficiencies and eliminate some duplication of efforts

In the final rule, CMS also gave hospitals increased flexibility to establish a medical staff policy describing the circumstances under which such hospital can utilize a pre-surgery/pre-procedure assessment for an outpatient, instead of a comprehensive medical history and physical examination. If a hospital elects to establish such a policy, its pre-surgery/pre-procedure assessment must consider patient age, diagnoses, the type and number of surgeries and procedures scheduled to be performed, comorbidities, and the level of anesthesia required for the surgery or procedure, among other requirements. CMS believes these changes will benefit providers and patients by providing administrative and financial relief from current comprehensive pre-operative testing requirements, which are often unnecessarily performed on patients, particularly those patients undergoing only minor outpatient procedures.

2) Ambulatory Surgical Centers (ASCs)

In the final rule, CMS removed from the conditions for coverage (CfCs) requirement that ASCs either (i) have written hospital transfer agreements in place or (ii) require their medical staff physicians to have admitting privileges with a local hospital. While CMS will no longer mandate these requirements, the CfCs will still require ASCs to have an effective procedure for the immediate transfer of patients requiring emergency medical care beyond the capabilities of the ASC, to a local hospital that meets Medicare requirements for payment for emergency services.

As support for removal of the written hospital transfer agreement requirement, CMS noted the current requirement is unnecessary, obsolete and burdensome in light of the small number of patient transfers, existing requirements under the Emergency Medical Treatment and Labor Act, and the exhaustive administrative paperwork and negotiation burden that is required when a local hospital system refuses to sign the written hospital transfer agreement. Despite the removal of this requirement, CMS emphasized that it still believes it is important for ASCs and hospitals to communicate and encourages ASCs and hospitals with “functional working relationships” to maintain written transfer agreements. Further, CMS expects each ASC to periodically provide the local hospital with written notice of its operation and patient population served, including details such as hours of operation and the procedures that are performed in the ASC.

3) Transplant Centers

In response to concerns that present reporting requirements for transplant centers have resulted in fewer eligible patients receiving transplants, CMS’ final rule removed the requirement for transplant centers to submit data, clinical experience and outcome requirements for Medicare re-approval. CMS believes the removal of these requirements will lead to improved patient outcomes, increased transplantation opportunities for patients on the wait list, improved organ procurement for transplantation, greater organ utilization and reduced burden on transplant programs. CMS also noted that the removal of these requirements directly aligns with the U.S. Department of Health and Human Services’ Advancing American Kidney Health initiative, which seeks to increase access to kidney transplants, as discussed in a July 12, 2019, McGuireWoods client alert.

The rule does not make any changes to the QAPI program for transplant centers and CMS expects transplant programs to continue use their QAPI programs to monitor qualify of care, evaluate transplant activities and conduct performance improvement activities, as necessary.

4) Emergency Preparedness Requirements

Medicare and Medicaid providers and suppliers are now required to review and provide training on their emergency programs biennially, instead of annually, with the exception of long-term care facilities, which will still be required to review their emergency programs and provide training annually. Despite this change, CMS still expects facilities to update their emergency preparedness program more frequently than biennially if circumstances trigger the need for such an update — for example, if staff changes occur or lessons are learned from a real-life event or exercise. CMS believes these changes will give providers more flexibility to review and revise their plans based on their actual operational needs.

Bottom Line

The final rule offers regulatory relief to a wide array of healthcare providers. In addition to the categories discussed above, the rule includes a significant number of changes for home health agencies, hospices, comprehensive outpatient rehabilitation facilities, portable X-ray services, critical access hospitals, dialysis facilities and religious nonmedical healthcare institutions. Providers should review their existing policies and procedures to ensure they have revised them to implement the changes required under the final rule.

For more information regarding the new rule, please consult one of the authors.

Defense Arguments, FCA Litigation

Tenth Circuit Affirms an Award of Attorneys’ Fees for a Successful FCA Defendant

On June 11, 2019, the Tenth Circuit affirmed an award of $92,592.75 in attorneys’ fees to the defendants in Pack v. Hickey, 776 F. App’x 549 (10th Cir. 2019). Pack had appealed the district court’s entry of summary judgment and related orders in favor of Defendants Maureen Hickey (“Hickey”) and Cloud Peak Initiatives, Inc. (“Cloud Peak”) on Pack’s claims under the False Claims Act (FCA), 31 U.S.C. §§ 3729-3733.  The Wyoming District Court also granted the defendants’­­ motion for attorneys’ fees on April 6, 2018, Case No. 15-CV-185.


Under the whistleblower provisions of the FCA, Pack served as a qui tam relator in a suit against Defendants Cloud Peak and Hickey.  Cloud Peak is a private mental health facility.  Hickey was Cloud Peak’s President, owner, and sole shareholder.  The individual parties in the lawsuit were allegedly in a prior relationship and it was alleged that Hickey had terminated Pack as CEO of Cloud Peak and had also terminated their romantic relationship.  This background is relevant because the Tenth Circuit’s opinion noted these details in finding that the defendants deserved attorneys’ fees because Pack’s suit was frivolous and motivated by personal animus.

Pack alleged that Hickey was the sole person responsible for reviewing and submitting bills to Medicaid and that she committed Medicaid fraud based upon three types of purportedly false billing: improperly billing skills groups as therapy groups, improperly billing group therapy sessions as individual therapy sessions, and billing of unauthorized direct targeted case management without necessary medical documentation, all in violation of the FCA.

Pack had submitted an affidavit in connection with the District Court proceeding, but the District Court struck portions of the affidavit on multiple grounds, including issues of personal knowledge, hearsay, and impermissible beliefs, opinions, and conclusions.

On appeal, Pack failed to address the district court’s specific findings and failed to identify by number any of the paragraphs from his affidavit that were at issue. Instead, Pack relied on what Judge Briscoe called “generalized propositions, lengthy string cites, and conclusory statements.” Id.

In addition to Pack’s lack of personal knowledge, the court found the absence of evidence supporting the scienter element required for an FCA claim to be striking.

Award of attorneys’ fees to Defendants:

The False Claims Act permits an award of attorneys’ fees in favor of the Defendants where the Defendants prevailed in the litigation and the relator had asserted a claim that was “clearly frivolous, clearly vexatious, or brought primarily for purposes of harassment.”  31 U.S.C. § 3730(d)(4).

In this case, the district court awarded the Defendants $92,592.75 in attorneys’ fees and the appellate court affirmed the award, finding “no reversible error.”  Pack, 776 F. App’x at 558. The court based its ruling on, among other things, Pack’s failure to adduce evidence of false billing claims, the failure to satisfy the scienter requirement of an FCA claim by not deposing Hickey and others, the lack of documentary evidence and reliance on hearsay and speculation, and the proposal of a settlement offer which “tended to show [Pack] brought the action for an improper purpose.” Pack, 776 F. App’x at 559.


In light of the high standard, it is rare that defendants in FCA suits are able to recover attorneys’ fees.  Further, relators in qui tam suits do not typically have deep pockets, and courts are sympathetic to a private citizen bringing an action on the government’s behalf.  However, the Pack case provides an outline of some of the considerations that a Court will view as appropriate to justify an award of attorneys’ fees for the Defendant.  We expect that Defendants will continue to evaluate the possibility of recovering attorneys’ fees in the future, particularly in situations where a relator brings claims that are motivated entirely by personal animus or where the claims were knowingly brought despite a lack of merit.


HHS to Ease Fraud and Abuse Rules Part 4: Proposed Revisions to the Stark Law

As discussed in a previous McGuireWoods alert, on Oct. 9, the Department of Health and Human Services announced two proposed rules to significantly amend the Physician Self-Referral Law (Stark Law), the federal Anti-Kickback Statute (AKS) and the Civil Monetary Penalties (CMP) Law. This client alert, the fourth in McGuireWoods’ summary series on these proposed rules, focuses on the Centers for Medicare & Medicaid Services’ (CMS’) proposed revisions to ease certain requirements under the Stark Law by adding: (1) a new exception for limited monetary compensation; (2) changes to the group practice definition, particularly on physician profit-sharing; (3) definitional clarification for interpreting the regulations; and (4) other clarifications to ease compliance.

The proposed rules stem from HHS’ Regulatory Sprint to Coordinated Care (discussed in a Sept. 26, 2018, client alert), intended to incentivize value-based arrangements and patient care coordination by expressly permitting certain activities that could be deemed problematic under current law. The proposed rules, respectively released by CMS and the HHS Office of Inspector General (OIG), would add new value-based exceptions to the Stark Law and additional safe harbors under the AKS.

Although the proposed changes are likely to provide greater flexibility under the Stark Law, CMS does not intend to increase program risk. Accordingly, CMS provided additional clarification and bright-line rules in the proposed rule, based in part on knowledge gained from overseeing more than a thousand Self-Referral Disclosure Protocol filings. The industry will likely welcome changes to a strict liability statute that otherwise prohibits a physician referring designated health services (DHS) when a financial relationship does not meet an exception. This alert outlines CMS’ proposed changes to modernize its Stark Law regulations and provides seven key takeaways to assist healthcare providers in navigating these potential revisions.

1. CMS proposed a new exception for limited monetary physician compensation, under $3,500 per year. CMS seeks to add a new non-monetary compensation exception, which would allow physicians to be paid $3,500 or under per calendar year (adjusted for inflation), in the aggregate, without a signed writing or compensation set in advance. CMS, however, would still require that the compensation (a) not take into account the volume or value of referrals or other business generated, (b) not exceed fair market value, and (c) be commercially reasonable.

CMS noted that, through the Self-Referral Disclosure Protocol, it regularly encountered arrangements it deemed non-abusive but which failed to meet the requirements for a Stark Law exception (e.g., where a hospital paid a physician fair market value and had a legitimate need for physician services, yet failed to satisfy an exception because the arrangement was not in writing). CMS requested comment on whether a $3,500 limit would be workable and appropriate.

Note, importantly, the $3,500 limit, as proposed, would not apply to compensation for items or services outside of these arrangements if that compensation is itself protected under a different exception. CMS also suggested this exception might allow compliance at the outset of an arrangement before being replaced by another exception.

2. Changes to the group practice definition may necessitate certain revisions to a group’s compensation plan. The nuanced, technical definition of “group practice” is a critical concept under the Stark Law, as Congress created certain exceptions for referrals within group practices, including the in-office ancillary services exception, understanding that internal DHS referrals are commonplace and foster continuity of care and patient convenience. Therefore, even minor changes to the group practice definition can have significant impacts necessitating changes to physician compensation. Here, most significantly, CMS proposed to change limits placed on acceptable profit-sharing and productivity bonuses that do not directly vary based on the volume or value of DHS referrals and still meet the group practice definition.

First, CMS proposed a new, deemed-compliant profit-sharing methodology for group practices participating in a value-based enterprise (discussed below). Current law provides three deemed-compliant methodologies that the agency considers to be not directly based on the volume or value of DHS referrals. This new proposal would add another deemed-approved methodology for remuneration paid to a physician based on his or her DHS referrals in the context of value-based arrangements.

Second, CMS proposed several clarifying revisions to the profit-sharing rules. Perhaps the most important clarification is CMS’ continuing intention that “overall profits” means the profits derived from all the DHS in aggregate and not categories of DHS (i.e., the group cannot assign physicians into separate or overlapping imaging, physical therapy and outpatient prescription drug pods). CMS also appeared to prohibit a common approach — to split different DHS categories within a single pod in different compliant manners (i.e., within the same pod, using pro rata for imaging, and basing physical therapy on personal production). Commenters are likely to provide what they consider non-abusive examples of such approaches. We will be watching to see if CMS states explicitly that this clarification will be prospective only for enforcement purposes, despite its statement that the move is consistent with its intention all along.

3. CMS clarified key terms to simplify compliance. CMS, recognizing that common elements of numerous Stark Law exceptions are not always understood, sought to clarify a number of terms.

  • “Commercially Reasonable” Element. CMS proposed to finally define this term utilizing the key determining question of “whether the arrangement makes sense as a means to accomplish the parties’ goals.” From this basic question, CMS proposed two alternative definitions, where the particular arrangement: (i) “furthers a legitimate business purpose of the parties and is on similar terms and conditions as like arrangements” or (ii) “makes commercial sense and is entered into by a reasonable entity of similar type and size and a reasonable physician of similar scope and specialty.” CMS requested comments on these alternatives and specifically asked whether parties could make these proposed comparisons. Commenters may request additional clarification, but we expect many will welcome clarification that this definition is not a valuation question and an arrangement does not need to be profitable.
  • “Volume or Value” and “Other Business Generated” Bright-Line Standards. CMS proposed special rules for each of the “volume or value” and the “other business generated” standards to create more bright-line, objective tests.
    • Compensation from an entity to a physician would be considered to take into account the volume or value of referrals or business generated only if the physician “receives additional compensation as the number or value” of the physician’s referrals or business generated to the entity increases.
    • Compensation from a physician to an entity would be considered to take into account the volume or value of referrals or business generated only if the physician “pays less compensation as the number or value of the physician’s” referrals or business generated to the entity increases.
    • Fixed-rate compensation would also be considered to take into account the volume or value of referrals or business generated if “there is a predetermined, direct correlation between the physician’s prior” referrals or business generated (e.g., a hospital bases its fixed amount for medical director services on exceeding a past patient admissions threshold).

We expect commentators will appreciate the proposed objective, bright-line tests. To provide these tests, CMS believes it needs to revise certain exceptions by expressly referencing that any referral requirements will not contradict patient choice or a patient’s best interest. CMS specifically asked if the academic medical center exception needs this change too.

  • “Fair Market Value” and “General Market Value” Definitions. CMS proposed to provide three separate definitions for “fair market value” that will apply separately to equipment rentals, to office space rentals, and to all other arrangements generally. The definitions do not appear to substantively alter the statutory definition; however, the proposed definitions specifically include that “fair market value” means the “value in an arm’s-length transaction, with like parties and under like circumstances, of like assets.” CMS further proposed to amend the definition of “general market value” to be more in line with the valuation industry’s usage relating “to the value of an asset or service to the actual parties to a transaction that is set to occur within a specified timeframe.” This latter change would allow a particular, in-demand orthopedic surgeon sought by professional athletes to, for example, be paid more than a salary survey would suggest, although it may mean less pay for locations with a lower cost of living.

4. Additional Clarifications to Ease Compliance. CMS also made numerous other changes and proposals to ease certain Stark Law burdens.

  • Definitional Changes. CMS proposed to revise the following definitions, among others.
    • Designated Health Services. For inpatient hospital services, CMS proposed to carve out from “DHS” any furnished service that does not affect Medicare’s payment to the hospital under the inpatient prospective payment system (IPPS), such as an X-ray that is ordered after the IPPS rate has been established by the relevant payment rules. CMS requested comment on similar changes for hospitals not paid under the IPPS.
    • Remuneration. The current definition of “remuneration” carves out certain items, devices or supplies used solely to collect, transport, process or store specimens for the entity providing it. Under current law, CMS does not protect surgical items in this carve-out; however, CMS proposed to allow surgical items if used solely for one of the six statutory purposes. Notwithstanding this change, CMS continues to believe things like sterile gloves, essential to the specimen collection process, are fungible and therefore cannot qualify for this remuneration carve-out.
    • Transaction. The term “transaction” is used in the isolated financial transaction exception for one-time sales of property or a practice. CMS noted that some have used this exception beyond its intended scope to cure noncompliance retroactively. Therefore, CMS proposed to establish an independent definition of “isolated financial transaction” and clarify that it “does not include payment for multiple services provided over an extended period, even if there is only one payment for such services.”
  • Writing and Signature Requirements. CMS proposed to codify electronic signature approval for exceptions requiring a signed writing and to allow the 90-day grace period for unsigned writings to be used to satisfy the writing requirement.
  • Non-exclusive Rental Arrangements. Under current law, CMS requires a lessee to have exclusive use of an office or equipment being rented. CMS proposed to clarify that the exclusive use is only against the lessor, such that healthcare providers will have greater freedom to enter into non-exclusive leases, including multiple lessees at the same time.
  • Expanding Relevance of Three Existing Exceptions. CMS proposed to liberalize three exceptions that past rulemaking significantly limited. First, at §411.357(g), CMS proposed a significant rewrite for remuneration unrelated to DHS from hospitals to protect more arrangements. Second, at §411.357(i), CMS proposed to expand the reach of the payments by a physician exception by allowing its use even if another regulatory exception could apply (statutory exceptions still cannot). Finally, CMS proposed to allow the fair market value exception at §411.357(l) for short-term equipment and office space rentals under one year in length.
  • Physician Recruitment. CMS proposed to modify the signature requirement for physician recruitment arrangements so a physician practice has to sign the writing only if it is receiving a financial benefit from the arrangement, but not if the practice merely serves as a pass-through to the recruited physician.
  • Remuneration for Non-physician Practitioner (NPP) Patient Care Services. CMS proposed to revise an exception allowing a hospital, federally qualified health center or a rural health clinic to assist a physician in hiring an NPP, previously discussed in a Sept. 1, 2015, client alert. CMS clarified numerous service area questions, including that the NPP could remain in his or her community and receive this support after first becoming a nurse practitioner. CMS also proposed to require that the NPP and physician arrangement begin on or after the commencement of the assistance arrangement.
  • Ownership or Investment Interests. CMS raised two topics with respect to its definition of ownership or investment interests. First, CMS proposed that a titular ownership or investment would not be considered ownership. This may be beneficial for some corporate practice of medicine arrangements, although in many cases, the in-office ancillary services exception already protects the relationship. In addition, CMS asked for comments on whether it should also remove employee stock ownership plans, or ESOPs, from its meaning of ownership.
  • Decoupling the AKS from the Stark Law. CMS proposed to remove certain requirements for exceptions that entail AKS or other related law compliance. Although the practical effect may be small, providers will appreciate that this would remove ambiguity from complying with a strict liability statute by meeting an intent-based criminal statute with more limited safe harbors. CMS noted the AKS separately remains a “backstop” for problematic arrangements that would no longer be restricted under the Stark Law.

5. CMS proposed to replace its “period of disallowance” rule with a general standard. For purposes of the DHS referral prohibition, CMS has called the period when a referral cannot be made a “period of disallowance.” CMS has now proposed to replace its current complex rule to determine a period of disallowance, with a general principle that the period of disallowance “should begin on the date when a financial relationship fails to satisfy all requirements of any applicable exception and end on the date that the financial relationship ends or satisfies all requirements of an applicable exception.” Providers would determine the ending date on a case-by-case basis. While commenters will likely appreciate the deletion of the overly prescriptive period of disallowance rules, and certain guidance that may allow providers to cure noncompliance without triggering this period, the general guidance provided in the proposed rule will likely lead to further legal development and consideration in the industry, particularly since the guidance may provide additional opportunities to cure past conduct.

6. CMS proposed a new exception and modifications to the EHR exception to extend protections for cybersecurity technology. CMS has amended the EHR exception several times, avoiding sunsetting the exception as initially codified. In the proposed rule, CMS introduced various potential changes to the Stark Law exception, consistent with OIG’s AKS proposals. Specifically, CMS’ proposed revisions would: (i) allow cybersecurity technology donations, (ii) update interoperability provisions and (iii) remove the existing sunset date. CMS separately proposed a new cybersecurity technology exception. More information regarding CMS’ proposed modifications were presented in a recent McGuireWoods alert.

7. CMS proposed a new, value-based exception. As will be discussed in greater depth in a forthcoming McGuireWoods alert, CMS, in an effort to foster a greater emphasis on value-based care, also proposed creating a new Stark Law exception, in conjunction with OIG’s proposed safe harbors to the AKS. Specifically, CMS proposed an exception focused on remuneration exchanged between or among participants in certain value-based arrangements (e.g., care coordination arrangements designed to improve quality, health outcomes and efficiency). CMS would structure the requirements for this exception around whether the value-based arrangement (a) has full financial risk, (b) has meaningful downside financial risk or (c) has other criteria, which would come with the most significant regulatory burden. In adding this exception, CMS also proposed a new value-based enterprise definition that would allow multiple entities to come together to collaborate to achieve value-based purposes.

*          *          *          *          *

Through these proposed changes, CMS sought to be balance a need for innovation with the potential for improper inducements prohibited by the Stark Law, by removing certain burdens while clarifying others and adding new exceptions. Consistent with its changes to the Stark Law advisory opinion process (discussed in an Aug. 26, 2019, client alert), CMS seems to be loosening its rules. Overall, many providers will support these proposed changes, notwithstanding that existing arrangements may need to be adjusted, reformed or terminated to comply with the proposed rule.

The proposed changes are subject to a public comment period, open until Dec. 31, 2019. Please do not hesitate to contact a McGuireWoods attorney or one of the authors of this alert for more information regarding these proposed rules or for assistance in preparing a comment to these rules. After the open comment period, the government will review and may finalize the rule with any desired changes to reduce Stark Law burdens on providers as soon as early 2020.

Given the significance of these proposed changes, McGuireWoods plans to provide additional analysis and summaries on these proposals in the coming weeks. To review additional guidance on the proposed rules, click on the links at the bottom of McGuireWoods’ Oct. 10, 2019, alert.


HHS to Ease Fraud and Abuse Rules Part 3: Flexibility for EHR Items and Services, Donated Cybersecurity Tech

As discussed in a previous McGuireWoods alert, on Oct. 9, the Department of Health and Human Services announced two proposed rules to significantly amend the Physician Self-Referral Law (Stark Law), the federal Anti-Kickback Statute (AKS) and the Civil Monetary Penalties Law. This client alert, the third in McGuireWoods’ summary series on these proposed rules, focuses on (i) proposed changes to the electronic health records (EHR) items and services exception to the Stark Law and EHR safe harbor to the AKS, and (ii) a proposed new exception to the Stark Law and safe harbor to the AKS related to the donation of cybersecurity software and services.

The proposed rules stem from HHS’ Regulatory Sprint to Coordinated Care (discussed in a Sept. 26, 2018, client alert), intended to incentivize value-based arrangements and patient care coordination by expressly permitting certain activities that could be deemed problematic under current law. The proposed rules, respectively released by HHS’ Centers for Medicare & Medicaid Services (CMS) and the HHS Office of Inspector General (OIG), would add new value-based exceptions to the Stark Law and additional safe harbors under the AKS.

In addition to those value-based arrangement changes, other proposed changes to CMS’/OIG’s regulations are likely to ease certain burdens for healthcare providers and provide greater flexibility under these federal fraud and abuse rules, particularly regarding the donation of EHR and cybersecurity items and services.

1. CMS and OIG proposed adding cybersecurity technology and services to the EHR exception and safe harbor and adding a stand-alone cybersecurity technology and related services exception and safe harbor . CMS and OIG noted that the digitization of healthcare delivery and rules designed to increase interoperability and data sharing in the delivery of healthcare create numerous targets for cyberattacks. They further acknowledged that the cost of cybersecurity technology and related services has increased dramatically, to the point where some providers and suppliers are unable to invest in, and therefore have not invested in, adequate cybersecurity measures. Accordingly, CMS and OIG proposed providing for the donation of cybersecurity items and services both within the EHR exception and safe harbor and through a stand-alone exception and safe harbor.

CMS and OIG explained that, as proposed, the new cybersecurity exception and safe harbor are broader than their EHR counterparts are, as they require fewer conditions. For example, the cybersecurity exception and safe harbor do not share the condition of a 15 percent required contribution from recipients that exists under the EHR exception and safe harbor. CMS and OIG clarified that a party seeking to protect an arrangement involving the donation of cybersecurity software and services must comply with only one exception.

As proposed, the cybersecurity exception and safe harbor allow for the donation of cybersecurity technology and related services provided that certain conditions are met, including the following:

a. The technology and services are necessary and used predominantly to implement and maintain effective cybersecurity.

b. The donor does not (i) directly take into account the volume or value of referrals or other business generated between the parties when determining the eligibility of a potential recipient for the technology or services or the amount or nature of the technology or services to be donated; nor (ii) condition the donation of technology or services, or the amount or nature of the technology or services to be donated, on future referrals.

c. Neither the recipient nor the recipient’s practice (nor any affiliated individual or entity) makes the receipt of technology or services, nor the amount or nature of the technology or services, a condition of doing business with the donor.

CMS and OIG are also considering an alternative proposal that allows for the donation of certain cybersecurity hardware when the donor has determined that the hardware is reasonably necessary based on a risk assessment of its own organization and that of the potential recipient.

2. CMS and OIG proposed modernization updates to EHR interoperability provisions . The existing rules — discussed in an April 12, 2013, client alert and a Dec. 24, 2013, client alert — prohibit a donor from taking any action to limit or restrict the use, compatibility or interoperability of EHR items or services. CMS and OIG proposed modifications in recognition of significant intervening legal updates in this area. Specifically, they proposed adopting the term “information blocking” from the 21st Century Cures Act, which generally means interfering with, preventing or materially discouraging access, exchange or use of electronic health information. CMS and OIG clarified that both engaging in information blocking related to donated items or services and using those items or services to engage in information blocking are prohibited. Further, under the existing rules, software that was once ONC-certified but is not certified at the time of donation is protected. The proposed rule would revise this provision to require that the software be certified at the time of donation to be protected. CMS and OIG noted that any changes to the deeming provision would be prospective.

3. CMS and OIG proposed changes to the EHR cost-sharing requirements . CMS and OIG requested comments on whether to eliminate or reduce the 15 percent cost-sharing requirement within the EHR exception and safe harbor for small or rural physician organizations, or, alternatively, to reduce or eliminate this requirement for all physician recipients. CMS and OIG are additionally considering eliminating or reducing the percentage for updates to previously donated software or technology (i.e., requiring a contribution for the initial investment only). These considerations are based on comments that CMS and OIG received describing the 15 percent contribution requirement as burdensome and preventative to some recipients in adopting EHR technology.

4. CMS and OIG proposed to allow donation of replacement technology . The current EHR exception and safe harbor do not protect the donation of replacement technology when the replacement is for “equivalent items or services.” In the 2013 EHR final rule comments, one commenter asserted that the current exceptions lock physicians into vendor agreements by forcing a choice between paying full price for a new system or continuing to pay 15 percent of the cost for substandard technology. The 2019 proposal by CMS and OIG, if adopted, would allow donations of replacement EHR technology.

5. CMS and OIG proposed to either eliminate or extend the EHR exception and safe harbor sunset provisions . The EHR exception and Anti-Kickback Statute safe harbor concerning EHR items and services were originally scheduled to sunset on Dec. 31, 2013. In 2013, both CMS and OIG extended the sunset date to Dec. 31, 2021, but retained the idea that this exception would be obsolete once EHR technology was universal and would then be eliminated. If adopted, these proposed rules would eliminate the sunset date, expressing CMS’ and OIG’s continued interest in promoting EHR technology adoption. OIG explained that a need for this protection persists as new parties enter medical practice and EHR technology ages. Alternatively, CMS and OIG could simply extend the sunset date, and they are seeking comments on this matter.

* * * * *

Through these proposals, CMS and OIG seek to remove burdens on providers, without creating substantial risk of increased fraud and abuse. While CMS and OIG acknowledged that any donation of valuable technology poses risks of fraud and abuse, the need to protect the “weak links” in a healthcare system outweigh these concerns due to the threat of cyberattacks. Overall, many providers will likely support these proposed changes, notwithstanding that existing provider arrangements may need to be adjusted, reformed or terminated to comply with the proposed amendments.

The proposed changes are subject to a public comment period, open until Dec. 31, 2019. Please do not hesitate to contact a McGuireWoods attorney or one of the authors of this alert for more information regarding these proposed rules or for assistance in preparing a comment to these rules. After the open comment period, the government will review and may finalize the rule with any desired changes, to reduce Stark Law and AKS burdens on providers as soon as early 2020.

Given the significance of these proposed changes, McGuireWoods plans to provide additional analysis and summaries on these proposals in the coming weeks. To review additional guidance on the proposed rules, please click on the links at the bottom of McGuireWoods’ Oct. 10, 2019, alert.

We use cookies to enhance your experience of our website. By continuing to use this website, you agree to the use of these cookies. For more information and to learn how you can change your cookie settings, please see our policy.