The FCA Insider

The FCA Insider

Insights and updates on False Claims Act Litigation

OIG, Regulatory

Per-Click Compensation for Philanthropic Entity’s COVID-19 Vaccine Site Low Risk of Fraud According to OIG

As previously discussed, on April 3, 2020, the U.S. Department of Health and Human Services Office of Inspector General (OIG) issued a process for inquiries to be submitted to OIG about whether administrative enforcement discretion would be provided for certain arrangements directly connected to the 2019 novel coronavirus (COVID-19). OIG established this process to provide regulatory flexibility to ensure necessary care responding to COVID-19, particularly with respect to the federal anti-kickback statute (AKS) and civil monetary penalty (CMP) beneficiary inducement prohibition provisions. OIG responses are publicly available through a frequently asked questions (FAQ) posting on the OIG COVID-19 portal. OIG has continued to update this FAQ since its initial publication, including inquiries discussed in our August 27 post, most recently providing guidance on the following question:

Can a non-provider philanthropic entity contract to provide certain administrative services to a health care provider relating to the operation of COVID-19 vaccination sites and be compensated on a per-vaccine basis?

A non-provider philanthropic organization (the Organization) questioned whether it could provide certain administrative services in exchange for compensation from its contracted health care providers based on a per-vaccine (or per-click) basis. OIG noted how compensation practices that involve “per patient,” “per click,” or “per order” payment arrangements with parties in a position, directly or indirectly, to refer or recommend an item or service payable by a Federal health care program implicate and may violate the Federal anti-kickback statute. For the reasons discussed herein, however, OIG opined that in light of the COVID-19 pandemic, the proposed arrangement presented a low risk of fraud and therefore it would provide its enforcement discretion.

The Organization proposed to provide contracted health care providers administrative services including arranging for the physical vaccination sites, data systems, online and web-based scheduling, site development and training, and reporting to state agencies. Each health care provider would bill third-party payors, including Federal health care programs, for the vaccines provided at the site. Then such health care provider would share a portion of the collected vaccine reimbursement (after a certain number of shots per hour) with the Organization.  Effectively, the OIG described an arrangement where after the health care provider covered its own costs, including costs of staffing, that it would share a portion of the balance with the Organization.

As disclosed safe guards, the Organization committed to complying with guidelines from both the state health department and the U.S. Centers for Disease Control and Prevention. The COVID-19 vaccines administered at the sites would be approved by the U.S. Food & Drug Administration (FDA), or subject to an FDA-issued emergency use authorization. Finally, the organization’s provision of administrative services to health care providers would not operate in conjunction with any other arrangement or agreement between and among the Organization, the health care provider, and Federal health care program beneficiary who receives vaccinations from one of the sites, or any other person or entity in a position to refer or arrange for the referral of items or services reimbursable by a Federal health care program.

In light of the safeguards and OIG’s belief that due to “the unique circumstances of the COVID-19 public health emergency” that there would be a low risk of vaccine overutilization, OIG did not believe the risk of fraud under the arrangement were high. Implicit, as well, was that the Organization with a philanthropic purposes would be unlikely to trigger additional referrals for services reimbursed by Federal health care programs. OIG, therefore, was comfortable that such an arrangement could proceed. On the other hand, by restating concerns with per-click arrangements, the OIG made clear that outside of the COVID-19 pandemic and arrangements proposed to address care for this circumstance, OIG would continue to carefully scrutinize arrangements and ensure they did not lead to overutilization.


McGuireWoods will continue to monitor OIG’s release of further FAQs as additional providers utilize this inquiry mechanism. Providers may welcome the flexibility provided by OIG exercising enforcement discretion during the COVID-19 pandemic, recognizing the statements do not bind all investigative bodies who could take a different view. OIG will likely continue to require such arrangements to end at the end of the COVID-19 public health emergency declaration, and therefore, providers should plan for the post-pandemic period depending on the arrangement when utilizing these statements.

McGuireWoods has published additional thought leadership related to how companies across various industries can address crucial COVID-19-related business and legal issues, and the firm’s COVID-19 Response Team stands ready to help clients navigate urgent and evolving legal and business issues arising from the novel coronavirus pandemic.


See related update: Free FQHC COVID-19 Testing Approved by OIG (March 22, 2021)

FCA Defenses

District of Minnesota Rejects But-For Causation in the AKS Context

In a recent opinion from the U.S. District Court for the District of Minnesota, the court analyzed the interplay between the False Claims Act and the Anti-Kickback Statute.  See United States ex rel. Fesenmaier v. Cameron-Ehlen Group, Inc., Case No. 13-cv-3003, 2021 WL 101193 (D. Minn. Jan. 12, 2021).  This opinion is significant because the court recognized conflicting evidence on inducements, and rejected but-for causation to violate the AKS.

Continue Reading

Uncategorized

First Provider Relief Fund Indictment

The U.S. Department of Justice (DOJ) announced charges this month against a Michigan woman, Amina Abbas, for embezzling government property.  This indictment is the first in the nation related to the CARES Act public health and social services emergency fund (the Provider Relief Fund), which provides funds to support healthcare providers during the COVID-19 pandemic.

The Provider Relief Fund was created through congressional appropriations now totaling $178 billion to reimburse healthcare providers’ eligible expenses and loss revenues attributable to COVID-19.  HHS developed the Provider Relief Fund through multiple rounds of payment distributions, including both General Distributions and Targeted Distributions to specific provider categories.  HHS also mandated program terms and conditions, published answers to frequently asked questions (FAQs), and made other program announcements to guide healthcare providers’ participation in the Provider Relief Fund.

According to the DOJ’s press release, the criminal indictment alleged that Ms. Abbas closed a home health agency, 1 on 1 Home Health, in early 2020 after receiving a $1.6 million-plus Medicare overpayment recoupment demand.  Notwithstanding this demand and its closing, 1 on 1 Home Health received $37,656.95 from the Provider Relief Fund (likely through the initial automatic distribution paid to all providers participating in Medicare in 2019). Since 1 on 1 Home Health was closed and never operational during the pandemic, it could not use the money on healthcare expenses related to COVID-19, as required by the Provider Relief Fund.  Instead, the DOJ alleged Ms. Abbas intentionally misused the funds to issue checks to her family members for personal gain.

While this is the first indictment related to the Provider Relief Fund, it is unlikely to be the last.  The DOJ press release suggests a few potential lessons for healthcare providers that may become trends in future investigative efforts:

  1. Similar to most government investigations into healthcare fraud, DOJ worked with both the U.S. Department of Health and Human Services (HHS) Office of Inspector General and the Federal Bureau of Investigation. We understand federal prosecutors plan for numerous investigations into COVID-19-related program fraud (e.g., numerous Paycheck Protection Program loan fraud cases have been brought), clearly that will include investigations into the Provider Relief Fund.
  2. The Provider Relief Fund’s terms and conditions require recipients to have provided patient care after Jan. 31, 2020. That said, and noted above, HHS initially distributed funding automatically and expeditiously to all providers participating in Medicare in 2019 without confirming basic information including whether the recipient was even still open.  Investigators may target such recipients as government data could highlight providers that did not bill Medicare in 2020 but retained Provider Relief Fund payments.
  3. DOJ’s framing may challenge certain healthcare providers’ past decisions with respect to the Provider Relief Fund. DOJ’s press release stated the program was to “aid medical providers in the treatment of patients suffering from COVID-19.” While certainly COVID-19 patients benefited from the program, HHS clearly utilized the program in a broader manner to quickly alleviate the pandemic’s burdens on healthcare providers, not only pay for patient care, or limit to providers treating patients with COVID-19 symptoms. DOJ’s framing, however, may suggest prosecutorial challenges when no apparent COVID-19-related patient benefit exists.
  4. Finally, healthcare providers must report and hire an external audit (in certain situations) to examine their healthcare-related expenses and lost revenues attributable to COVID-19, as discussed most recently in a Jan. 19, 2021, McGuireWoods alert. Healthcare providers should vigilantly fulfill these obligations to lessen future government scrutiny.

McGuireWoods has published many thought leadership pieces analyzing the Provider Relief Fund.  To learn more and ensure you are prepared to respond to reporting and auditing requirements, and that you have fulfilled the program’s terms and conditions, please contact one of the authors of this post or review the McGuireWoods COVID-19 Response Team webpage.

CMS Guidance, Regulatory, Stark Law

CMS statement clarifies agency’s view that the Stark Law final rule is effective

Industry publication BVWire quoted a statement from the Centers for Medicare & Medicaid Services (CMS) that gives healthcare providers more certainty to rely on the much heralded final rule modernizing the physician self-referral law (the Stark Law). The CMS statement stated, “The regulations finalized in [the final rule discussed in this post] are effective.”

The CMS final rule joined one issued by the Department of Health and Human Services (HHS) Office of Inspector General (OIG) revising safe harbors to the anti-kickback statute (AKS) to be effective Jan. 19, 2021. Despite the published effective dates, prior to this CMS statement, ambiguity existed on whether either of these final rules were effective.

Specifically, both the CMS and OIG final rules had technical deficiencies that threatened to lead to retraction, revision or modification. Essentially, HHS announced the final rules would be effective Jan. 19, 2021, as part of the Trump administration’s efforts to remove barriers from care coordination before the end of their term. HHS announced the rules 61 days before the presidential inaugural on Nov. 20, 2020, but did not publish the rules in the Federal Register until Dec. 2, 2020 (publication: Stark Law | AKS). As both are “major rules,” statute requires a 60-day delay before the regulations are effective, which the Government Accountability Office (GAO) concluded that these final rules (GAO decisions: Stark Law | AKS) did not meet.

Ordinarily such a technical deficiency would not be noteworthy and could be fixed, but in the intervening period, President Joseph Biden was inaugurated. That same day, Biden’s chief of staff, Ron Klain published a memo (within 60 days from publication) essentially requested agencies postpone pending regulations and take other actions to allow the new Biden administration to review subsequent rulemaking. Therefore, industry commentators worried that the final rules may not be effective and could be retracted. That said, with respect to rules “published in the Federal Register . . . but have not taken effect,” such as the fraud and abuse rules, Klain merely asked agencies to “consider postponing the rules’ effective dates for 60 days.” With CMS’ statement, it does not appear the agency has determined that is necessary with respect to its Stark Law modernization rule.

[T]he vast majority of healthcare providers did not need to act or address these final rules at this time

With this clarification, healthcare providers will likely begin to proceed in utilizing some of the new Stark Law flexibilities, including the new value-based enterprise provisions. Some healthcare providers have waited before relying on these final rules out of an abundance of caution due to the uncertainty. Of course, the vast majority of healthcare providers did not need to act or address these final rules at this time to maintain compliance with either the Stark Law or AKS final rules. In addition, we never viewed these fraud and abuse rule changes to be particularly partisan and were generally intended to clarify current law such that this clarification from CMS that the implementation will not be delayed is not altogether unexpected.

Even with this additional CMS statement, we should share three notes of caution. First, Biden’s nominees for HHS and CMS, respectively, California Attorney General Xavier Becerra and Chiquita Brooks-LaSure, have not had Senate confirmation hearings. With new leadership at HHS and CMS, it is possible that further regulatory changes to the Stark Law could be proposed (albeit, they would require the notice-and-comment rulemaking process). Second, we are unaware of a similar statement from OIG or HHS with respect to the AKS rule, although CMS and OIG have coordinated closely on these fraud and abuse rules and we would not suspect different treatment. Last, while CMS staffers would be unlikely to provide such a statement without approval, CMS has not provided this through a more formal channel such as formal published guidance.

*   *   *   *   *

McGuireWoods has been providing additional analysis and summaries about this CMS final rule, as well as the OIG’s final rule. To review additional guidance on the fraud and abuse final rules, see the following McGuireWoods legal alerts:

CMS Guidance, Regulatory, Stark Law

Fraud and Abuse Rules Part V: Easing Stark Law Compliance

As discussed in a previous McGuireWoods alert, the U.S. Department of Health and Human Services (HHS) published final rules that significantly amend the regulations to the Physician Self-Referral Law (Stark Law), the federal Anti-Kickback Statute (AKS) and the Civil Monetary Penalties (CMP) Law. This client alert, the final in McGuireWoods’ summary series on these final rules, focuses on new exceptions, guidance and other policies to aid in Stark Law compliance.

The Stark Law final rule discussed in this alert was originally given a Jan. 19, 2021, effective date. Since publication, however, the Government Accountability Office concluded that the final rules did not incorporate a required 60-day delay in their effective date. Meanwhile, on Jan. 20, 2021, the Biden administration paused final rules from the Trump administration from taking effect. McGuireWoods will review further guidance from the new administration to understand if the policies in this final review are modified, retracted or corrected with a new effective date, although such a statement has not been made to date.

The Stark Law policy changes in the final rule include (1) a new exception for limited monetary compensation; (2) changes to the group practice definition, particularly on physician profit-sharing; (3) definitional clarification for interpreting the regulations and application of the exceptions; and (4) other clarifications to ease compliance. By implementing these changes, the Centers for Medicare & Medicaid Services (CMS) expressly noted its intent is to interpret the Stark Law “prohibitions narrowly and the exceptions broadly.” Therefore, the final rule permits more flexibility for compensation arrangements that could, in the absence of these changes, be deemed a prohibited financial relationship between a physician referrer and a provider of designated health services (DHS) that did not squarely meet an exception to the Stark Law. In finalizing this rule, CMS provided additional clarification and bright-line rules based in part on knowledge gained from receiving more than 1,200 Self-Referral Disclosure Protocol voluntary filings.

Notably, the final rule largely adopts the policies in its proposed rule, discussed in a Nov. 7, 2019, McGuireWoods alert, with certain key changes to the proposals discussed below. This alert outlines CMS’ changes to modernize its Stark Law regulations and provides eight key takeaways for healthcare providers.

  1. CMS finalized a new exception for limited monetary physician compensation, capped at $5,000 per year. CMS added a new limited monetary compensation exception, which would allow physicians to be paid up to $5,000 per calendar year (adjusted for inflation), in the aggregate, for items or services provided by the physician (directly or through employees, a wholly owned entity or through locum tenens physicians) without a signed writing or compensation set in advance. This $5,000 limit was increased from CMS’ initial proposal of $3,500, following industry comment. CMS, however, still requires that the compensation (a) not take into account the volume or value of referrals or other business generated, (b) not exceed fair market value, (c) be commercially reasonable and (d) if conditioned on the physician’s referrals to a particular provider, satisfy the special rules on compensation discussed further below. The final rule also limits the use of this exception to protect percentage-based and per-click equipment and space leasing arrangements.CMS noted as a basis for this new exception that, through the Self-Referral Disclosure Protocol, it regularly encountered arrangements it deemed non-abusive but which failed to meet the requirements for a Stark Law exception (e.g., where a hospital paid a physician a fair market value amount and had a legitimate need for physician services, yet failed to satisfy an exception because the arrangement was not in writing).

    Importantly, the $5,000 limit does not include amounts paid for items or services if that compensation is itself protected under a different exception. However, if an entity has multiple undocumented, unsigned agreements under which it provides compensation to a physician, CMS will treat these as a single compensation arrangement, the aggregate of which cannot exceed the limit under this exception during a calendar year. CMS also clarified this exception might allow a grace period at the outset of a financial arrangement before the elements of another exception are met, specifically adding language to the personal services arrangements and fair market value exceptions indicating they can be used in conjunction with this exception.

  2. Changes to the group practice definition may necessitate certain revisions to compensation plans before 2022. The nuanced, technical definition of “group practice” is a critical concept under the Stark Law. Congress created certain exceptions for referrals within group practices, including the in-office ancillary services exception, understanding that internal DHS referrals are commonplace and foster continuity of care and patient convenience. Therefore, even minor changes to the group practice definition can have significant impacts necessitating changes to, among other things, the way in which physicians in a group practice are compensated.Here, most significantly, CMS finalized a deemed-compliant methodology for distribution of profits related to participation in a value-based enterprise or VBE (that is, a practice may distribute to a physician profits derived from such physician’s participation in a VBE). CMS also finalized several clarifying revisions to the group practice profit-sharing rules (including that practices may not separately pool different categories of DHS revenue for distribution to different groups of physicians). In addition, CMS removed the reference to Medicaid from the definition of “overall profits,” which historically created certain compliance ambiguity. To allow group practices time to revise their compensation plans consistent with these regulatory changes, CMS delayed the effectiveness of these changes to Jan. 1, 2022.

    McGuireWoods anticipates providing additional specific guidance on these group practice rule changes later this year before the official effective date.

  3. CMS clarified key terms to alleviate the compliance burden. In the final rule, CMS clarified key terms frequently cited in the Stark Law by detangling the following three distinct elements so as to “reduce the burden” of providers’ compliance with the Stark Law:
    1. “Commercially Reasonable” Element. For the first time, CMS defined “commercially reasonable,” adopting a meaning “that the particular arrangement furthers a legitimate business purpose of the parties to the arrangement and is sensible, considering the characteristics of the parties, including their size, type, scope, and specialty.” CMS chose this definition instead of two alternative proposed definitions. In defining this term, CMS codified a favorable response to recent court decisions that a “commercially reasonable” arrangement does not need to be profitable (e.g., certain hospital call coverages are necessary to keep the hospital open but payment for coverage may exceed the patient fees generated). CMS reiterated in the final rule that papering an arrangement as commercially reasonable does not alone satisfy this element, and instead, determinations will be made on a case-by-case, facts and circumstances basis primarily asking whether the arrangement “makes sense as a means to accomplish the parties’ goals.”
    2. “Volume or Value” and “Other Business Generated” Bright-Line Standards. CMS finalized special rules for the “volume or value” and “other business generated” standards to create more bright-line, objective tests. These special rules effectively ask if the compensation paid to or received from a physician increases or decreases as the value of the referrals or other business generated increases or decreases. CMS explained that, effectively, if the amount of a physician’s referrals to an entity is a variable in the mathematical formula used to calculate the physician’s compensation, such compensation would be considered to take into account the volume or value of referrals or business generated.
    3. “Fair Market Value” and “General Market Value” Definitions. CMS finalized three separate definitions for “fair market value” that will apply separately to equipment rentals, to office space rentals and to all other arrangements generally. The definitions did not substantially alter the statutory definition; however, the proposed definitions specifically included a reference to “general market value” regarding assets, compensation and rental of equipment or office space, noting that it would be the amount “as the result of bona fide bargaining between well-informed” parties not “in a position to generate business for each other.” CMS did not finalize a proposal that these definitions would refer to arrangements “with like parties and under like circumstances, of like assets,” responding to commenters who expressed concerns with this language’s applicability to unique arrangements.
  4. CMS made additional clarifications to ease Stark Law compliance burdens.
    1. Definitional Changes.
      • DHS. For inpatient hospital services, CMS finalized changes to the definition of DHS to carve out inpatient services that do not increase Medicare’s payment under a prospective payment system (PPS), such as an X-ray that is ordered after the PPS rate has been established by the relevant payment rules for inpatient hospitals, inpatient rehabilitation facilities, inpatient psychiatric facilities and long-term care hospitals. However, the finalized carve-out does not apply to hospital services furnished in the outpatient setting.
      • Remuneration. CMS finalized its proposed changes clarifying the “used solely” requirement for items that are excluded from the definition of remuneration. Specifically, the furnishing of surgical items, devices and supplies that might have alternative purposes will not be considered remuneration if such items are in fact used for one of six explicitly designated statutory purposes. Notwithstanding this change, CMS continued to emphasize that items like sterile gloves, essential to the specimen collection process, are fungible and therefore cannot qualify for this remuneration carve-out.
      • Isolated Financial Transaction. CMS finalized changes to the definition of “isolated financial transaction” to specify that it includes arrangements beyond a one-time sale of a property or a practice. The final rule limits use of this change for forgiveness for an amount or owed as part of settlement of a bona fide dispute under certain conditions. CMS continued to limit the use of the definition (and by extension, the exception) that the forgiveness must be fair market value, the amount must not be determined in a way that takes into account the volume or value of referrals generated, and that the forgiveness cannot be used for multiple services provided over an extended period, even if there is only one payment for all of those services.
    2. Writing and Signature Requirements. CMS codified its policy that electronic signatures could fulfill signature requirements. In addition, CMS finalized its proposal to give a 90-day grace period to satisfy the writing requirement (consistent with the prior grace period granted for obtaining signatures). Importantly, however, this grace period is not available for amending compensation in existing arrangements. In addition, CMS stressed and reiterated that this grace period for documenting an arrangement does not alleviate the need that compensation be set in advance.
    3. Non-exclusive Rental Arrangements. Under current exceptions, a lessee must have exclusive use of the office or equipment being rented. CMS finalized its clarification giving greater freedom by allowing multiple lessees to rent the same space as long as the lessor does not have access to the space.
    4. Expanding Relevance of Two Existing Exceptions. CMS liberalized two existing exceptions that past rulemaking had significantly limited. First, CMS expanded the reach of the payments by a physician exception allowing its use even if another regulatory exception could apply. (Statutory exceptions still cannot.) Second, CMS finalized changing the fair market value exception for use with short-term equipment and office space rentals less than one year in length. CMS did decline to finalize its proposed significant rewrite for remuneration unrelated to DHS from hospitals, but indicated that it may consider a regulatory change here again in the future.
    5. Physician Recruitment. CMS modified the signature requirement for physician recruitment arrangements so a physician practice has to sign the writing only if it is receiving a financial benefit from the arrangement, but not if the practice merely passes the compensation through to the recruited physician.
    6. Remuneration for Non-physician Practitioner (NPP) Patient Care Services. CMS revised the exception allowing a hospital, a federally qualified health center or a rural health clinic to assist a physician in hiring an NPP, previously discussed in a Sept. 1, 2015, client alert. CMS clarified numerous service area questions, including that a nurse who had not previously been an NPP (and thus has not provided “NPP patient care services”) could remain in his or her community and a physician or physician practice can receive this support to compensate such individual after he or she becomes a nurse practitioner. CMS also revised the exception to require that the arrangement between the NPP and physician/physician practice begin on or after the commencement of the assistance arrangement.
    7. Ownership or Investment Interests. CMS finalized, without modification, its proposal regarding the definition of ownership or investment interests. CMS affirmed that a titular ownership or investment would not be considered ownership because a physician would not be entitled to receive the financial benefits of ownership or investment such as profit distributions, dividends or sale proceeds. This may be beneficial for some corporate practice-of-medicine arrangements, although in many cases, the in-office ancillary services exception already protects physician ownership in a practice. In addition, CMS finalized changes to remove employee stock ownership plans, or ESOPs, from its meaning of ownership so ownership and investment interests do not include interests in an entity arising from participation in an ESOP.
    8. Decoupling the AKS From the Stark Law. CMS removed the requirement that providers comply with the AKS to meet most exceptions where this language existed. Although the practical effect may be small, this removed ambiguity to meet a strict liability statute by also having to meet an intent-based criminal statute with narrower safe harbors. CMS noted the AKS separately remains a “backstop” for problematic arrangements that would no longer be restricted under the Stark Law, despite this change. Note, CMS did not make this change with respect to the AKS element within the fair market value exception despite proposing to do so, believing this to be a substitute safeguard for requirements included in other exceptions but omitted from the fair market value exception.
  5. CMS finalized its proposal to expand the directed referral requirement in Stark Law exceptions. Prior to the final rule, Stark Law regulations contained a special rule that allowed a physician’s compensation under an employment arrangement, personal service arrangement or managed care contract to be conditioned on referrals to a particular provider, if certain conditions were met. One of the conditions provides that the referral could not be required if (a) the patient expresses a preference for a different provider, (b) the patient’s insurer determines the provider, or (c) the referral is not in the patient’s best medical interests. CMS finalized its proposal to utilize this special rule on directed referrals with Stark Law exceptions for academic medical centers, physician incentive plans, group practice arrangements with a hospital, fair market value compensation, and indirect compensation arrangements.Notably, CMS added a condition to referral requirements that “neither the existence of the compensation arrangement nor the amount of the compensation is contingent on the number or value of the physician’s referrals to the particular provider, practitioner, or supplier.” CMS explained that, as an example, if an employer increases a physician’s compensation in a renewal term only if the physician met his or her targeted numbers for referrals for DHS, the compensation arrangement would not comply with this new condition in the special rule; however, if an employer increases a physician’s compensation in a renewal term only if the physician referred a certain percentage of his or her patients to a particular provider, the compensation arrangement would meet the new requirement in the special rule. In other words, requiring a percentage or ratio of a physician’s referrals to a particular DHS entity is allowed.
  6. CMS finalized its proposal to delete its “period of disallowance” rule and provide greater flexibility in curing noncompliance and reconciling compensation. For purposes of the DHS referral prohibition, CMS developed a “period of disallowance” concept to identify the time period when a physician would be prohibited from making referrals. CMS has now deleted its existing language for this concept. Instead, CMS provided a general principle that the period of disallowance “should begin on the date when a financial relationship fails to satisfy all requirements of any applicable exception and end on the date that the financial relationship ends or is brought back into compliance” by satisfying all requirements of an applicable exception. This period of disallowance will be determined on a case-by-case basis in light of the relevant facts and circumstances.Further, CMS finalized guidance to permit curing potential noncompliant compensation arrangements related to administrative errors, operational errors or payment discrepancies during the course of an arrangement to avoid triggering a period of disallowance. However, CMS noted that retroactively curing previous noncompliance by recovering or repaying problematic compensation after an arrangement ends is still prohibited. Therefore, if a provider reconciles compensation to satisfy this new regulatory language, it must be done within 90 calendar days of termination or expiration of an arrangement.
  7. CMS finalized a new exception and modifications to the electronic health record (EHR) exception to extend protections for cybersecurity technology. As discussed in a Jan. 12, 2021, McGuireWoods alert, CMS joined the Office of the Inspector General (OIG) in finalizing a new exception and modifications of an existing exception to protect cybersecurity technology. The cybersecurity technology donation exception does not require the donation recipient to cover any of the costs of the technology, and CMS did not finalize a proposal that a risk assessment be conducted to determine if the technology was reasonably necessary. In addition, CMS finalized the following changes to the existing EHR exception: (a) the addition of cybersecurity technology and services, (b) modernization updates regarding interoperability provisions, (c) changes to cost-sharing requirements to allow payments at reasonable intervals, (d) removal of the replacement technology donation prohibition and (e) removal of sunset provisions.
  8. CMS adopted value-based exceptions. As discussed in a Jan. 20, 2021, McGuireWoods alert, CMS, in an effort to foster a greater emphasis on value-based care, finalized three new Stark Law compensation exceptions, in conjunction with OIG’s proposed safe harbors to the AKS. Specifically, the Stark Law now will allow remuneration exchanged between or among participants in certain value-based arrangements (e.g., care coordination arrangements designed to improve quality, health outcomes and efficiency). CMS structured the requirements for these value-based exceptions around whether the value-based arrangement (a) has full financial risk, (b) has meaningful downside financial risk or (c) is another value-based arrangement, with the most significant regulatory burden for this third exception falling on those without financial risk. In adding these exceptions, CMS finalized a new value-based enterprise definition that would allow multiple entities to collaborate to achieve value-based purposes

In implementing this final rule, CMS sought to balance a need for innovation with the potential for improper inducements prohibited by the Stark Law, by removing certain burdens while clarifying the law and adding new exceptions. As noted, CMS expressed a desire to allow providers to consider the Stark Law’s prohibition narrowly, while considering its exceptions broadly, which may open additional avenues to argue that an arrangement is compliant. The industry appears receptive to these changes to a strict liability statute that otherwise prohibits a physician referring DHS when a financial relationship does not meet an exception.

Contact a McGuireWoods attorney or one of the authors of this alert for more information regarding these final rules. Given the significance of these changes, McGuireWoods has been providing additional analysis and summaries.

DOJ, FCA Statistics

Analysis of the DOJ’s 2020 FCA Statistics and the Trends Therein

The Department of Justice recently issued its annual press release summarizing fraud-related recoveries from False Claims Act (FCA) matters in the prior fiscal year.  While the headline number for FY 2020 of $2.2 billion in settlements and judgments involving fraud and false claims against the government is down about $900 million from the average annual recoveries over the prior three years, a deeper look at the underlying statistics and macro trends suggests an upswing in False Claims Act matters, particularly non qui tam (whistleblower) cases, and suggests that an increase in government fraud-related recoveries are likely in future years.

Two factors that were unique to 2020 and not indicative of a longer-term downward trend in FCA prosecutions were likely key drivers of the lower value of FCA recoveries.  The $2.2 billion in FCA-related settlements and judgments recovered in FY 2020 represent a significant decrease from FY 2019 and the prior five years of such settlements and judgments.  Healthcare fraud related civil recoveries were $1.9 billion in FY 2020, a decrease of around 25% from the prior 3-year average of approximately $2.4 billion per year.  As indicated in the press release, these are strong numbers “in the face of a nationwide pandemic” that caused significant interruptions to operations, delayed courtroom proceedings and hindered investigators’ ability to conduct witness interviews and take oral testimony.  Also distorting the statistics were two large settlements highlighted in the DOJ press release that did not become effective until early-FY 2021.  The first, a $3 billion settlement with a pharmaceutical company (and several individuals), which manufactured opioids, was finalized three weeks after the end of FY 2020, on October 21, 2020.  The second, a $600 million settlement ($300 million of which was paid to resolve civil allegations) with a pharmaceutical company that sold an opioid addiction treatment drug, was reached in July 2020, but did not become effective until November 2020.  The net effect of the pandemic-related delays and these two large settlements executed in early-FY 2021 is a slightly-deflated FY 2020 total recovery.  A corresponding bump for FY 2021 recoveries is likely though the longer-term indicators suggest a durable uptick in FCA activity.

Several trends gleaned from the statistics that DOJ published with its annual press release, as well as two important political macro-factors that tend to cause an increase in fraud-related prosecutions, suggest that FCA recoveries are likely to climb in future years.  In terms of the statistics, more informative than the top-line recovery numbers, which tend to fluctuate from year-to-year due to a handful of large “blockbuster” settlements, are the new matter numbers, which are usually more stable from one year to the next.  That was not the case in FY 2020, however, which saw significant increases in new matters, particularly non qui tam investigations initiated by the government.  In FY 2020 there were 922 new matters, an increase of almost 20% over the prior 3-year average of 796 new matters per year.  573 of those new matters in FY 2020 were healthcare–related, a roughly 10% increase from the prior 3-year average of 521 new healthcare matters per year.  Of note, the majority of those increases were attributable to a sharp growth in non qui tam matters, which totaled 250 in FY 2020, an almost 80% increase over the prior 3-year average of 140 new non qui tam matters per year.  The growth was even more pronounced for healthcare related non qui tam matters, which climbed to 117, up a whopping 205% from the prior 3-year average of 57 new healthcare non qui tam matters per year.

This increase in government initiated non qui tam investigations follows a concerted, years-long effort at DOJ and its client agencies to be more proactive in combatting fraud using sophisticated data mining tools, as opposed to merely reacting to qui tam suits brought by whistleblowers.  This has particular significance for clients as non qui tam matters have a significantly higher average recovery than qui tam matters.  For example, from 2017-2019, the average recovery per new qui tam matter was about $3.8 million, while the average recovery per new non qui tam matter was about $4.6 million, a 20% difference.  (The net recovery for the government is even greater in non qui tam matters since DOJ does not need to pay a relator share in those cases.)  Given the increase in new matters, particularly government initiated ones, clients should expect to see an uptick in FCA prosecutions and recoveries in the next few years.

Also likely to increase recoveries in the next few years are two overriding political factors.  The first is the recent change in administration with the attendant promise of increased enforcement efforts.  Historically, fraud enforcement activity tends to tick up after a Democratic administration replaces a Republican one.  Indeed, the Biden administration through its early picks to lead the SEC and CFPB has telegraphed its intent to crack down on corporate fraud.  The second macro-factor likely to drive up fraud-enforcement prosecutions and recoveries is the spending associated with the COVID-19 pandemic, particularly in the healthcare sector.  Past crisis-driven spending has led to increased FCA activity and recoveries in subsequent years.  That trend is likely to be magnified in the coming years since the COVID-related relief programs have somewhat vague qualification requirements.  Moreover, the Corona Virus Aid, Relief, and Economic Security Act (CARES Act) itself created oversight and enforcement mechanisms that raise risks for businesses that participated in those programs.

Beyond the overall likely increase in FCA cases and recoveries in future years, DOJ has identified several specific priority areas of healthcare enforcement.  Those include:

  • Opioids – The opioid epidemic continues to inflict significant harm on the country. According to the Centers for Disease Control and Prevention (CDC), there was a 38% increase in opioid-related overdose deaths in the 12-months ending in May 2020, as compared to the prior 12-month period.  COVID-19 and the resulting disruptions to daily life has accelerated those trends.  DOJ enforcement activity has likewise increased and as indicated by recent settlements and news articles, the focus is expanding beyond those entities in the supply chain (manufacturers, distributors, pharmacies) to include companies with a tangential connection to the sale and distribution of opioids, such as electronic medical record companies and consulting firms.  For example, the DOJ press release highlighted a $145 million settlement in FY 2020 with a health information technology developer that allegedly accepted kickbacks in exchange for implementing alerts in its software designed to prompt providers to increase certain prescriptions.  In another more recent example, just last week a consulting firm reached a $600 million settlement agreement with 49 states related to sales and promotion advice provided by the firm to several opioid manufacturers.
  • Elder Care – Long running efforts at DOJ to combat elder fraud and abuse, particularly that committed by nursing home and at-home care providers, are likely to be bolstered by the combination of pandemic-related funding given to elder-care providers as well as the increased scrutiny arising from the high COVID-19 case and death counts associated with nursing homes and their patient populations. This increased enforcement risk comes at a time when nursing homes are being heavily impacted by higher costs to combat the spread of COVID-19 in their facilities and lower occupancy rates.
  • Medicare Part C – Enrollment in Medicare Part C continues to climb, with almost a third of current Medicare beneficiaries opting out of traditional fee for service Medicare Parts A and B in favor of Medicare Advantage Organization (MAO) plans. In 2019, payment to MAOs totaled approximately $250 billion.  DOJ has reached several major FCA resolutions with MAO plans and Part C providers in recent years and communicated recently that it expects more to come in the near future.  DOJ also has pending suits or open investigations against several of the largest MAO plans and continues to aggressively pursue risk-sharing providers alleged to have submitted false diagnoses, thereby artificially inflating reimbursement from Medicare.

Please contact the authors if you have any questions about these trends and their potential impact on your business.

FCA Litigation

Reimbursement Consultant Could be Liable Under the FCA

The Northern District of Illinois recently denied a hospital reimbursement consultant’s motion for summary judgment, finding that the consultant could be held liable under the FCA based on the theory that the consultant’s solicitations of fees-for-recommendations could be found to violate the Federal Anti-Kickback Statute (“AKS”).

In United States ex rel. Graziosi v. R1 RCM, Inc., relator Cherry Graziosi, a former hospital employee, filed an FCA action alleging that R1 RCM, Inc.—a Medicare reimbursement consulting firm for the hospital—caused its clients to submit false claims when R1 recommended that physicians convert the admission status of Medicare patients from “outpatient” to “inpatient” or “observation.”  As background, when a Medicare beneficiary arrives at a hospital, a treating physician must decide whether to admit the patient for inpatient care or assign the individual to “outpatient” status based on their clinical decision-making including the patient’s anticipated length of stay.  Medicare reimburses a hospital a greater amount if that hospital seeks reimbursement for “inpatient” rather than “outpatient” services.

Graziosi alleged that R1 recommended that its clients “bill insurers for a (higher-paying) ‘inpatient admission’ even though the hospitals’ physicians (who had examined, and prepared a plan of care for each patient) had earlier determined that each patient was only in medical need of a (lower-paying) ‘observation’ (or other ‘outpatient’) service.”  When soliciting clients, R1 represented that it could provide a “payment lift” or “return on investment” to hospitals.

While Graziosi argued that R1’s solicitations of fees-for-recommendations violated the AKS, R1 maintained that it services were designed primarily “to improve the accuracy of hospital-clients’ initial admission.”  The court denied summary judgment, holding that a reasonable juror could conclude that R1’s fees constitute “remuneration in return” for recommending that R1’s hospital clients “upgrade” patients to inpatient status.  The court went on to explain that it “accepts that at least part of the purpose of R1’s [] program was to help its hospital clients comply with Medicare rules for classifying patients.”  With all this in mind, the court concluded there is sufficient evidence in the record—from which a reasonable juror could conclude that another motivation for all of the cases in which patients were ‘upgraded’ to inpatient status was boosting the amount that R1’s hospital clients could collect from Medicare—around $5,000 per case.”

In light of Graziosi, billing and other management companies need to continue to be vigilant at monitoring how they advertise their services and ensuring that their compliance plans are carefully vetted to ensure compliance with the fraud and abuse laws.

 

Defense Arguments, FCA Litigation

“Expert” Analyzing FOIA Report Barred as Public Disclosure

A federal district judge in the Northern District of California dismissed a qui tam suit in late 2020 under the public disclosure bar of the False Claims Act (“FCA”). United States ex rel. Jones v. Sutter Health, No. 18-CV-02067-LHK, 2020 WL 6544412, at 9 (N.D. Cal. Nov. 6, 2020). In a holding consistent with the Supreme Court’s application of the public disclosure bar, and as has been discussed in previous McGuireWoods alerts, the district court held that information acquired through a Freedom of Information Act (“FOIA”) report is “publicly disclosed” and, therefore, that the relator was barred from using this information to form the basis of her FCA action.

By way of background, the public disclosure bar prohibits a relator from bringing a qui tam action based on information that has already been disclosed through certain public channels. The doctrine is intended to prevent “parasitic” claims in which relators feed off previous disclosures of fraud against the government. There is, however, an “original source” exception to the public disclosure bar, which allows a relator to avoid dismissal of the case provided the publicly disclosed information is used in conjunction with relator’s own independent and material knowledge of the transactions in question. 31 U.S.C. § 3730(e)(4)(A)(iii) Effectively, then, courts first determine whether the same allegations or transactions underlying the suit were previously disclosed through an enumerated channel. If that is the case, the courts then consider if the relator can serve as an “original source” within the meaning of the statute by offering independent and material additional information.

Here, the Sutter Health court ruled that the Supreme Court’s Schindler Elevator holding, which defines a FOIA report as “a ‘report’ within the meaning of the public disclosure bar,” controlled. Schindler Elevator Corp. v. U.S. ex rel. Kirk, 563 U.S. 401, 404 (2011). To paraphrase Schindler Elevator, using a FOIA request to build or collect evidence for a qui tam claim is “a classic example of the ‘opportunistic’ litigation that the public disclosure bar is designed to discourage” because “anyone could file the same FOIA requests and then file the same suit.”

With FOIA reports clearly falling under the public disclosure bar, relator’s ability to proceed with her suit rested upon her ability to paint herself as an “original source.” Quoting from the 6th, 7th, and 9th Circuits, the judge reiterated that independent and material knowledge must “add value to what the government already knew,” as well as be “essential” and “significant.”

Relator argued that because she received personal care from the defendant health system, and that because she had a background in reading and interpreting medical bills, she had direct and independent knowledge of the alleged fraud thereby surpassed the meaningful hurdle of the “original source” exception.  The court, however, was not convinced. Criticizing relator’s use of the old definition of “original source” (“direct and independent knowledge”) the court found that reading and analyzing data from a FOIA report does not add significant value to what the government already knew. Furthermore, the fact that relator possesses first-hand knowledge by means of being a patient was insufficient to be an original source.

This case restates the fact that a court is bound to classify a FOIA report as publicly disclosed information subject to the public disclosure bar of the FCA. With the public disclosure bar prohibiting a qui tam suit, a relator who utilizes such a report must qualify as an “original source” within the meaning of the statute and case law, which is no small hurdle to cross. Merely applying some independent knowledge and expertise to the report is not enough; additional independent knowledge needs to materially add to what is provided to the government.

OIG, Regulatory

Fraud and Abuse Rules Part IV: Final Changes to Existing and New Anti-Kickback Statute Safe Harbors

As discussed in a prior McGuireWoods alert, the U.S. Department of Health and Human Services (HHS) published final rules that significantly amend the Physician Self-Referral Law (Stark Law), the federal Anti-Kickback Statute (AKS) and the Civil Monetary Penalties Law. The final rules discussed in this alert were originally given a Jan. 19, 2021, effective date. Since publication, however, the Government Accountability Office concluded that the final rules did not incorporate a required 60-day delay in their effective date. Meanwhile, on Jan. 20, 2021, the Biden administration paused final rules from the Trump administration from taking effect. McGuireWoods will review further guidance from the new administration to understand if the policies in this final review are modified, retracted or corrected with a new effective date.

This client alert, the latest in McGuireWoods’ summary series on these final rules, focuses on four key revisions to existing AKS safe harbors and provides key takeaways to assist healthcare providers in navigating these new changes. Specifically, the final rules changed several existing AKS safe harbors, including: (i) modifying the electronic health records (EHR) safe harbor to expand cybersecurity protections, among other updates; (ii) increasing flexibility under the personal services and management contracts safe harbor; (iii) expanding around patient transportation protections and loosening several restrictions; and (iv) extending coverage and protections under the warranties safe harbor. This alert also provides a brief overview of the final rule’s new safe harbors that cover value-based delivery models and patient engagement tools. By implementing these changes, the Office of the Inspector General (OIG) will reduce burdens for healthcare providers and other stakeholders within the healthcare industry and provide greater flexibility under existing laws while, at the same time, continuing to protect against misuse, fraud and abuse.

The final rules stem from HHS’ “Regulatory Sprint to Coordinated Care,” discussed more thoroughly in a previous McGuireWoods alert, which is intended to incentivize value-based arrangements and patient care coordination by expressly permitting certain activities that could be deemed problematic under historic laws.

  1. Focus on EHR and cybersecurity technology protections. As discussed in a prior McGuireWoods alert, the OIG has amended the EHR safe harbor several times since its creation in 2006. Most recently, it recognized that certain flexibilities would allow providers to engage in new digital health technology arrangements to develop more sustainable value-based delivery models, strengthen the healthcare industry against cyberattacks, and combat the current public health emergency resulting from the COVID-19 pandemic. Accordingly, the final rule shields the donation of cybersecurity items and services through new protections under the existing EHR safe harbor as well as through the addition of a new cybersecurity technology and services safe harbor.Changes to the existing EHR safe harbor include: (i) expanded protections for cybersecurity technology and services; (ii) modernization updates regarding interoperability provisions; (iii) changes to cost-sharing requirements; (iv) removal of the replacement technology donation prohibition; and (iv) removal of sunset provisions. The new cybersecurity exception and safe harbor permits the donation of cybersecurity technology and related services as long as certain conditions are met. More detailed information regarding the OIG’s changes to the existing EHR safe harbor and the new cybersecurity technology safe harbor can be found in this recent McGuireWoods alert.
  2. Broadened flexibility under the local transportation safe harbor. Undoubtedly, and as the OIG acknowledged, transportation plays a vital role in patients’ access to quality care and care coordination. To increase flexibility to meet those needs, the OIG finalized its proposed rule (with slight modifications) to update the local transportation safe harbor by: (i) expanding the mileage limits for rural areas from 50 miles to 75 miles (inclusive of shuttle service); (ii) eliminating mileage limitations to transport patients back to a residence after being discharged from an inpatient facility or hospital; and (iii) clarifying that safe harbor protections extend to rideshare arrangements. The OIG did, however, decline to extend safe harbor protection to transportation offered for non-medical purposes, even if such purpose would improve or maintain patient health, citing risk of fraud and abuse.

    the OIG hopes to improve access to healthcare for rural residents and those living in transportation deserts

    By increasing the mileage limits for rural areas from 50 to 75 miles, the OIG hopes to improve access to healthcare for rural residents and those living in transportation deserts. In setting this new mileage limit, the OIG solicited comments and relied on data and evidence as to the distance patients in rural communities travel to obtain healthcare. The OIG believes the increase to 75 miles is both “necessary and practical,” yet maintains the “local” transportation nature this safe harbor was intended to capture and is unlikely to be subject to abuse.

    The OIG cited strong support to eliminate the distance limitations on transportation furnished to a patient “discharged from an inpatient facility following an inpatient admission or released from a hospital” to such patient’s preferred place of residence, regardless of whether the patient resides in an urban or rural area. The OIG expressly confirmed that it intends the term “residence” to include and protect transporting patients to the following locations as long as other requirements of the safe harbor are met: (i) custodial care facilities (such as nursing), provided that the patient established such facility as a residence before receiving treatment; (ii) homeless shelters; and (iii) a residence of the patient’s choice, such the home of a friend or relative who is caring for the patient post-discharge.

    The OIG noted that many commenters advocated for the OIG to expand the safe harbor to protect transportation to any location a discharged patient’s chooses, including to another healthcare facility; however, the OIG declined to do so, citing the potential for abuse if the safe harbor extended to protecting transportation between healthcare providers in a position to refer to each other. The OIG also declined to eliminate distance limitations for patients other than those discharged as inpatients or after spending 24 hours in observation status, reasoning that such an exception would be too “expansive and overly broad.”

    Lastly, while the OIG did not believe an amendment to the regulatory text was necessary, the OIG did expressly state that it supports eligible entities utilizing ridesharing services or other transportation methods similar to that of taxis to make local transportation available to their patients.

  3. Increased protection and flexibility for personal services and management contracts. While the OIG largely adopted its proposed modifications to the personal services and management contracts safe harbor, the OIG did modify the conditions an arrangement must meet if the parties to an arrangement will make outcomes-based payments. Specifically, the OIG (i) removed the requirement that contracts for part-time arrangements specify the schedule, length and exact charge for the intervals of time worked under the arrangement; (ii) substituted the requirement that aggregate compensation paid under an arrangement be set in advance, with a new requirement that only the methodology for determining compensation be set in advance; and (iii) adopted modified conditions permitting outcomes-based payments under a personal services or management contracts arrangement.Removal of the part-time arrangements restrictions and modification of the “set in advance” requirement provide regulatory protection (assuming all other elements of the safe harbor are met) and greater flexibility to providers that need periodic management and personal services arrangements but are unable to predict the exact frequency of their need for services (e.g., call coverage). Additionally, these changes more closely align the personal services and managements contract safe harbor with the personal arrangements exception to the Stark Law. In finalizing these revisions, the OIG noted its desire to accommodate a broad range of part-time or sporadic-need value-based payment and care arrangements and, at this time, will not require additional documentation requirements as it continues to believe that the other conditions to this requirement sufficiently safeguard against potential fraud or abuse.By changing the requirement that the aggregate compensation be set in advance, to the methodology for determining such compensation be set in advance, the OIG made additional protections available for provider compensation. As a result of the final rule, productivity and unit-based methodologies can meet the service arrangement safe harbor as long as the methodology is consistent with fair market value and set in advance, and, in any event, does not take into account the volume or value of any referrals or other business generated between the parties.

    In commentary discussing modification of the “set in advance” requirement, the OIG addressed whether a payment methodology based on “actual expenses incurred” could be a methodology sufficiently set in advance to satisfy the modified safe harbor requirement. While acknowledging that whether the compensation methodology is sufficiently set in advance depends on the facts and circumstances of the arrangement, the OIG stated that it could be possible for compensation based on actual expenses incurred to satisfy the set-in-advance requirement. The example provided in the commentary details a hospital compensating a physician practice for a leased physician based on the percent of the practice’s actual expenses in employing the physician that correlate to the percentage of the physician’s work actually performed for the hospital. There, the expenses include salary, benefits, bonus, liability insurance and overhead. The OIG said such expenses could be set in advance but cautioned that the safe harbor would not be met if the physician’s bonus took into account the volume or value of referrals between the parties.

    Extending protections . . . opens the door for rewarding agents for improving patient or population health, or reducing payor costs

    Extending protections of the personal services and management contracts safe harbor to outcomes-based payments opens the door for rewarding agents for improving patient or population health, or reducing payor costs, while simultaneously improving quality of care so long as such arrangements do not relate solely to the achievement of cost savings for the principal. Consistent with the OIG’s proposal, the final rule excludes pharmaceutical manufacturers; manufacturers, distributors and suppliers of durable medical equipment, prosthetics, orthotics and supplies; and laboratories. The OIG also decided to exclude from protection under the safe harbor for any outcomes-based payments those pharmacies that primarily compound drugs or primarily dispense compounded drugs, wholesalers and distributors of pharmaceutical products, and pharmacy benefit managers. While such entities are currently ineligible to receive protection, the OIG indicated that it may consider outcomes-based contracting for pharmaceutical products and medical device manufacturers in future rulemaking.

  4. Expanded warranties safe harbor to provide flexibility and encourage innovative arrangements. The OIG finalized, without modifications, its proposal to amend the warranties safe harbor, which includes (among others) the following key changes: (i) extending coverage for bundled warranties, including warranties that cover the sale of multiple items and related services (as described in more detail below); (ii) finalizing the “same program/same payment requirement”; (iii) capping the warranty remuneration at the buyer’s cost of the entire bundle of items or items and services in the applicable warranty; (iv) barring arrangements that condition warranties on exclusive use or minimum purchase requirements; (v) requiring buyers (other than beneficiaries) to report price reductions in a way that is compatible with the applicable reimbursement methodology for the items or services (without implementing a specific timeline); and (vi) separately and directly defining “warranties” rather than cross-referencing the definition to other statutes or case law.

    The  most material modification . . . is . . . protecting, for the first time, warranties that cover bundled items and related services.

    The most material modification to the warranties safe harbor that was finalized is OIG’s safeguarding of bundled warranties and protecting, for the first time, warranties that cover bundled items and related services. Previously, the safe harbor for warranties limited its protection to warranties for single items. Although the OIG repeatedly clarified in the final rule that the expanded safe harbor protection will not extend to “services-only” warranties (i.e., the warranty arrangement must include at least one item in the bundle), the OIG expects that the safe harbor’s expansion to safeguard warranties related to the sales of services will facilitate innovative and value-based arrangements. The OIG reiterated in the final rule that the safe harbor continues to protect only warranty remedies (i.e., the expanded safe harbor does protect free or discounted services or items that are provided as part of a bundle or ancillary to a warranty arrangement).

    Despite commentators’ concerns, the final rule also finalized the “same program/same payment requirement,” which protects warranties for bundled items or items and services so long as such items and services are reimbursed by the same federal healthcare program and in the same payment. For example, warranties for a bundle of items and services reimbursed under a single state’s Medicaid program are not eligible for protection under this safe harbor if the buyer receives separate reimbursement for each item and service in the bundle under different payment systems.

    Notably, in the final rule, the OIG declined to include a “commercial reasonableness” standard in the expanded safe harbor for warranties and expressly stated that the expanded safe harbor does not protect “population-based warranties”; however, the OIG clarified that it may consider implementing specific safe harbor protection for value-based and outcome-based, pharmaceutical-related arrangements in the future.

  5. New safe harbors protecting value-based delivery models and patient engagement tools and supports. In addition to changes under existing safe harbors, the OIG proposed three new safe harbors designed to protect value-based arrangements and create new opportunities for external alignment models, specifically: (i) a safe harbor regarding care coordination arrangements that do not require parties to assume risk; (ii) a safe harbor regarding value-based arrangements with substantial downside financial risk; and (iii) a safe harbor regarding value-based arrangements with full financial risk. The OIG notes that, by design, these safe harbors will “offer flexibility for innovation and customization of value-based arrangements to the size, resources, needs, and goals of the parties themselves” and further allow arrangements to reflect up-to-date understandings of medicine and the healthcare industry. More information regarding the new value-based safe harbors can be found in this McGuireWoods alert.As a result of the growing digital health technology industry, the OIG also finalized, with some modifications, a new safe harbor that protects patient engagement tools and supports provided only by a value-based enterprise participant to certain patients within a target patient population. For a tool or support to satisfy the safe harbor, the tool and support must be in-kind items, goods and services, and the aggregate retail value of the tools or support must not exceed $500 per year.

With the implementation of these final rules, the OIG seeks to remove specific AKS burdens on providers, while at the same time protecting against substantial risk of increased fraud or abuse. While some of these changes to existing safe harbors are not drawing the same focus as the value-based arrangement changes, they could have similarly large impacts in allowing more care coordination and reducing overall costs to the healthcare system.

Contact a McGuireWoods attorney or one of the authors of this alert for more information regarding these final rules. Given the significance of these changes, McGuireWoods plans to provide additional analysis and summaries on key changes and implementation of the same.

CMS Guidance, OIG, Regulatory, Stark Law

Fraud and Abuse Rules Part III: New Value-Based Arrangement Protections

As discussed in a previous McGuireWoods alert, the Department of Health and Human Services (HHS) published final rules, effective Jan. 19, 2021, that significantly amend the Physician Self-Referral Law (Stark Law), the federal Anti-Kickback Statute (AKS) and the Civil Monetary Penalties (CMP) Law. This client alert, the latest in McGuireWoods’ summary series on these final rules, focuses on the AKS safe harbors and Stark Law exceptions finalized by the HHS Office of Inspector General (OIG) and Centers for Medicare & Medicaid Services (CMS) aimed at reducing regulatory burdens to allow healthcare providers to engage in value-based arrangements.

These protections include (1) three safe harbors to the AKS for remuneration exchanged between or among participants in a value-based enterprise (VBE) that includes two or more participants collaborating to achieve a value-based purpose with an accountable body, or person responsible, and a governing document; and (2) three new exceptions to the Stark Law for remuneration to physicians participating in a value-based arrangement. Each agency has a different approach in light of the scope of each law and agency enforcement objectives, but both place fewer regulatory burdens on the parties when the VBE accepts full risk for all of a target population’s care, with greater burdens when VBEs accept less financial risk. By implementing these changes, OIG and CMS seek to permit more flexibility around valued-based arrangements that could, in the absence of these changes, be deemed to induce or reward referrals in violation of the AKS, or be deemed a financial relationship between a physician referrer and a provider of designated health services (DHS) not covered by an exception to the Stark Law.

OIG and CMS largely adopted their proposed approach to VBEs, discussed in part in a Nov. 22, 2019, McGuireWoods alert, with certain tweaks that largely did not make compliance more difficult.

  1. Three new value-based safe harbors.
    As outlined below, OIG created three new value-based safe harbors that render a value-based arrangement immune from sanction if it meets all the terms of the safe harbor. The amount of risk the VBE assumes, if any, dictates which safe harbor applies, with higher financial risk correlating to lesser requirements.

    • Care coordination arrangements (no financial risk). The first safe harbor protects remuneration when the VBE and its participants provide remuneration to achieve a value-based activity directly connected to coordination and management of care for the VBE’s target patient population. The OIG intends for this safe harbor to protect in-kind remuneration exchanged by and among a VBE and VBE participant(s), such as providing care coordinator staff, technology for care coordination and devices to monitor a patient’s recovery upon discharge.

      As this safe harbor does not require financial risk, the OIG included more safeguards than for the other value-based safe harbors (all discussed below). For example, the remuneration cannot be intended to induce referrals of patients or business not covered under the value-based arrangement, the remuneration cannot be exchanged or used more than incidentally for the recipient’s billing or financial management services, and the recipient must pay at least 15 percent of the cost for the in-kind remuneration.

    • Value-based arrangements with substantial downside financial risk. The second safe harbor protects remuneration when the VBE assumes substantial downside financial risk from the payor (or will assume such downside risk in the next six months). This safe harbor, unlike the care coordination safe harbor, protects in-kind and monetary remuneration exchanged by and among a VBE and its participants.

      Substantial downside financial risk means the VBE: (i) assumes at least 30 percent of any loss for all items and services of the target population compared to a bona fide benchmark (reduced from the 40 percent stated in the proposed rule); (ii) assumes 20 percent of any loss where savings and losses must be calculated by comparing current expenditures to a bona fide benchmark designated to approximate the expected total cost of such care and the parties design the clinical episode to cover more than one care center; or (iii) receives from the payor a prospective, per-patient payment that is designed to produce material savings and is paid on a monthly, quarterly or annual basis for a predefined set of items and services to approximate the expected total cost of expenditures for the predefined set of items and services.

      The VBE participant receiving remuneration must also assume a meaningful share of the risk, meaning the participant (i) assumes two-sided risk for at least 5 percent of the losses and savings realized by the VBE, or (ii) receives a prospective, per-patient payment.

    • Value-based arrangements with full financial risk. The final safe harbor protects remuneration when the VBE takes on full financial risk from a payor (or will assume such risk within one year) for all patient care and services related to a target patient population. Full financial risk means the VBE has assumed prospective risk for all items and services for the target patient population for at least one year — i.e., a full capitated payment. Similar to the substantial financial risk safe harbor, in-kind and monetary remuneration will be protected for VBEs that assume full financial risk. A requirement of this safe harbor is that the VBE participant cannot claim payment in any form from a payor for items or services except as set forth in the VBE agreement.
  2. AKS safe harbor requirements.
    Each of the three safe harbors requires the following universal requirements: (i) the arrangement must be reflected in a signed writing among all VBE participants (though timing of these writing requirements varies based on risk); (ii) remuneration must be directly connected to one or more of the VBE’s value-based purposes; (iii) no inducements to reduce medically necessary treatment can be included; (iv) remuneration based on referrals must be tied to the target patient population and business covered under the arrangement; (v) VBE participants must retain records sufficient to establish compliance for a period of six years; and (vi) certain entities may not qualify as VBE participants within each safe harbor, which typically include pharmaceutical manufacturers, laboratory companies and device manufacturers. Moreover, the final rule requires that parties to a value-based arrangement establish certain monitoring requirements for outcome or process measures for care coordination arrangements that the parties reasonably anticipate, based on clinical evidence or credible medical or health science, will advance the VBE’s quality goals, with full financial risk arrangements having the most flexibility in such monitoring activities.

    In addition to these universal requirements, the substantial downside risk and care coordination safe harbors also require that the value-based arrangements do not: (i) place any limitations on the VBE participants’ ability to make patient care decisions; nor (ii) direct or restrict referrals to a particular provider if: (a) a patient expresses a preference for a particular provider; (b) the patient’s payor determines the provider, practitioner or supplier; or (c) directing the patient is contrary to Medicare and Medicaid policy.

    Finally, since VBE participants in a care coordination model are not taking financial risk, only in-kind (i.e., non-monetary) remuneration, such as information technology and patient monitoring tools, may be protected and, as noted above, the safe harbor requires that the recipient of any remuneration under this safe harbor contribute at least 15 percent of the offeror’s cost or the remuneration’s fair market value.

  3. Stark Law key differences.
    The Stark Law exceptions are similar to the safe harbors discussed above — with the requirements decreasing as the financial risk on the participants increases — but are generally easier to meet. If the VBE includes payment by a DHS entity to physicians, one of these exceptions must be met (or the requirements of another Stark Law exception must be met instead) to avoid a Stark Law violation for that physician’s referrals to the DHS entity. Unlike the AKS safe harbors, where adherence is voluntary to gain protections, the strict liability nature of Stark Law mandates strict compliance. The key distinctions between the AKS safe harbors and the correlating Stark Law exceptions are discussed below.

    • Full financial risk. The Stark Law’s full financial risk exception similarly protects value-based arrangements by and among a VBE and VBE participants when the VBE has assumed full financial risk for the cost of all patient care items and services covered by a payor for a targeted patient population. Like the AKS safe harbor, the VBE is responsible, or is obligated within one year (increased from six months in the proposed rule) following the commencement date of the value-based arrangement to assume responsibility. As a result, VBE participants can utilize this exception during the “pre-risk period” prior to the VBE assuming full financial risk.
    • Meaningful downside financial risk exception versus substantial downside financial risk. The Stark Law’s meaningful downside financial risk exception shares similarities with the AKS safe harbor for value-based arrangements with substantial downside financial risk. However, significant differences exist. First, the Stark Law exception requires the physician to be responsible for at least 10 percent (down from the 25 percent stated in the proposed rule) of the risk, instead of measuring the VBE’s risk in totality. CMS clarified in the final rule that this risk can be established if either: (i) the physician is required to repay remuneration already received if the value-based purpose is not achieved, or (ii) a portion of the physician’s remuneration is withheld and paid only upon the achievement of the value-based purpose. Moreover, whereas the proposed rule included an alternative definition of meaningful downside financial risk where the physician would be financially responsible to the entity on a prospective basis for the cost of all or a defined set of patient care items, CMS omitted this alternative financial risk methodology from the final rule. Also, CMS did not provide a pre-arrangement protection period as it did with the full financial risk model.
    • Value-based arrangements exception. The Stark Law’s corollary to the limited AKS care coordination safe harbor is a broader general exception to protect value-based arrangements that do not fall into the meaningful downside financial risk or full financial risk exceptions. The value-based arrangements exception applies regardless of the level of risk assumed by the VBE or physician, even if no risk component is involved. This gives physicians and DHS entities flexibility to participate in value-based arrangements that do not assume any financial risk at this time, but where the VBE is working to achieve a value-based purpose, such as coordinating and managing care, improving quality and reducing costs. To satisfy the criteria, there are a significant number of safeguards described further below.
  4. Key differences in requirements among the Stark Law exceptions.
    As a threshold matter, all Stark Law value-based exceptions must comply with the following requirements, which are similar to the AKS safe harbors: (i) remuneration is for or results from value-based activities undertaken by the recipient of the remuneration for patients in the target patient population; (ii) the arrangement must not cause inducements that reduce medically necessary treatment; (iii) remuneration based on referrals must be tied to the target patient population and business covered under the arrangement; (iv) if remuneration paid to the physician is based on the physician’s referral to a particular provider, the requirement to make referrals must be set out in writing and signed by the parties and does not apply if the patient expresses a preference for a different provider or the referral is not in the best interest of the patient; and (v) VBE participants must retain records sufficient to establish compliance for a period of six years.

    Also similar to the AKS safe harbors, the Stark Law exceptions have fewer requirements as risk-sharing increases. For example, while the full financial risk exception does not require that the methodology for determining remuneration be set in advance — i.e., could be determined after receiving funds — CMS requires a prospective methodology be determined before healthcare providers furnish the items or services for which the remuneration is provided under the meaningful financial risk exception and the value-based arrangement exception. CMS did not, however, mandate the aggregate remuneration amount to be set in advance or even be fair market value.

    While the Stark Law meaningful downside financial risk and value-based arrangements exceptions each contain a writing requirement, they differ depending on the levels of risk involved. While the meaningful downside financial risk exception requires only a description of the nature and extent of the physician’s downside financial risk to be set in writing, the signed writings for the value-based arrangements exception must include a fulsome description of: (i) the value-based activities to be undertaken under the arrangement, (ii) the activities furthering the value-based purposes of the VBE, (iii) the target population, (iv) the type or nature of the remuneration, (v) the methodology to determine remuneration and (vi) the performance or quality standards measured against the remuneration recipient. Notably, the full financial risk exception does not contain a writing requirement outside of the VBE’s governing document and likely a contract with the payor.

    Additionally, the value-based arrangements exception is the only one of the three that includes a commercial reasonableness requirement, mandatory outcome measure and the obligation that the VBE (or one of the parties to the value-based arrangement) annually monitor the following: (i) whether the parties have furnished their required value-based activities; (ii) whether and how continuation of the value-based activities is expected to further the value-based purpose(s) of the VBE; and (iii) progress toward attainment of the outcome measures against the remuneration recipient. Though the care coordination AKS safe harbor also contains monitoring safeguards, the AKS requirements are not nearly as burdensome as those required under the Stark Law. This is likely due to CMS permitting both in-kind and cash remuneration under this exception, and not requiring the physician recipient to contribute any of his or her own money to the arrangement. For example, under the Stark Law value-based arrangement exception, a VBE could compensate physicians for providing post-discharge services to patients in a target patient population, and have the compensation be dependent on readmission rates. This arrangement would not qualify for protection under the AKS care coordination safe harbor.

  5. Examples of permitted conduct.
    Provided an arrangement complies with a safe harbor’s requirements noted above and the payment made to a physician complies with a Stark Law exception noted above, VBE participants are permitted to encourage referrals of the target patient population as part of value-based activities. For example, a VBE can create a preferred network of post-acute care providers that meet certain quality criteria. Further, if a VBE seeks to coordinate and manage the care of patients who undergo joint replacement procedures and reduce costs while improving the quality of care, VBEs could condition remuneration to physicians (or other VBE participants) on referring joint replacement treatments to certain facilities under the Stark Law, with certain limitations under the AKS. As a result, VBE participants could receive remuneration based on these referrals so long as the remuneration furthers the value-based purpose.

    Similarly, although the OIG final rule prohibits remuneration used for marketing items or services furnished by the VBE or VBE participants or for the purpose of patient recruitment activities, a VBE is permitted to provide educational activities on behalf of the VBE participants within the target patient population. For example, a skilled nursing facility staff member may work with patients at a hospital to assist in the discharge planning process and, in doing so, educate patients regarding care management processes used by the skilled nursing facility, provided the patient had already selected the facility and such facility was medically appropriate. OIG would consider such activities occurring prior to the patient’s selection of the facility as marketing and therefore ineligible for safe harbor protection. OIG also made it clear that notifying a patient of the criteria used by a VBE participant to determine patient eligibility is not considered marketing.

    Additionally, the Stark Law exceptions make it clear that a hospital can share internal cost savings achieved with a physician who is participating in the hospital’s quality and outcome improvement program if the program reaches or exceeds pre-established benchmarks. Such programs are often referred to as gainsharing. More importantly, the Stark Law exception can be utilized even if the physician is not assuming any of the financial risk. The challenge of the separate regulatory structures, however, is that such a gainsharing arrangement will not meet an AKS safe harbor without risk sharing. While failure to meet a safe harbor does not mean the gainsharing arrangement is illegal or improper, it will not have the AKS protection afforded by a safe harbor. This is only one example of how VBEs will need to navigate both regulatory structures when establishing value-based relationships.


With the implementation of these final rules, the OIG and CMS seek to balance a need for innovation within an evolving healthcare system, with the need for safeguards against improper inducements prohibited by the AKS and Stark law. These proposed safe harbors and their analogous exceptions provide greater flexibility for providers to enter into non-conventional arrangements aimed at rewarding value and care coordination while attempting to provide meaningful safeguards to protect against patient and program abuse.

Contact a McGuireWoods attorney or one of the authors of this alert for more information regarding these final rules. Given the significance of these changes, McGuireWoods plans to provide additional analysis and summaries.

For more information – to review additional guidance on the final rules discussed in this alert, see the following McGuireWoods legal alerts:

We use cookies to enhance your experience of our website. By continuing to use this website, you agree to the use of these cookies. For more information and to learn how you can change your cookie settings, please see our policy.

Agree