On Thursday, October 17, 2019, the Centers for Medicare & Medicaid Services (CMS) and the Department of Health and Human Services (HHS) Office of Inspector General (OIG) will publish in the Federal Register two proposals to implement major changes to Stark Law and Anti-Kickback Statute (AKS) regulations. We have summarized a portion of those proposed rules that address regulatory changes designed to adapt to emerging value-based payment delivery models in a separate alert. The following summary describes significant regulatory changes CMS and OIG have proposed that do not relate to value-based models.

CMS proposes to overhaul and modernize its Stark Law regulations

CMS has proposed dramatic changes to its Stark Law regulations, including new Stark exceptions, revisions to existing exceptions, and amendments to key regulatory definitions.  Taken as a whole, the proposed rule builds on other Stark Law liberalizations of recent years, reflecting laudable efforts by CMS to respond to stakeholder concerns that certain hypertechnical excesses of the Stark Law can bog health systems down in compliance thickets with little to no benefit to Medicare program integrity.

New exceptions: Adding flexibility for nonabusive business practices

  • Limited remuneration to a physician

In the preamble to its proposed regulation, CMS explains that, through the Self-Referral Disclosure Program (SRDP), it became aware of numerous “nonabusive arrangements” that involved limited remuneration paid to a physician, but that nevertheless ran afoul of the strict letter of the regulations. Many such arrangements would not fit into the existing exceptions for nonmonetary compensation, 42 C.F.R. § 411.357(k), or the exception for fair market value compensation, 42 C.F.R. § 411.357(l). Based on its SRDP experience, CMS decided to propose a new exception for arrangements involving limited compensation, even if those arrangements lack documentation or if remuneration is not set in advance, as long as they meet the following requirements:

  1. the arrangement is for items or services actually provided by the physician;
  2. the amount of the remuneration to the physician is limited ($3,500 per calendar year, adjusted for inflation);
  3. the arrangement furthers a legitimate business purpose of the parties and is on similar terms and conditions as like arrangements, regardless of whether it results in profit for either or both of the parties;
  4. the remuneration is not determined in any manner that takes into account the volume or value of referrals or other business generated by the physician; and
  5. the remuneration does not exceed the fair market value for the items or services.

Notably, the exception would apply to the provision of both items and services by a physician. Prior CMS interpretations viewed office space as neither an “item” nor a “service,” complicating efforts to fit office space arrangements into a Stark exception. CMS is officially retracting that statement. Historically, bond diligence and acquisition diligence has had to grapple with trivial matters such as establishing that low-dollar arrangements with health systems satisfied the signature requirement of a relevant exception, because the referrals from the associated physicians could be significant. CMS is seeking public comment on whether the initial $3,500 threshold is appropriate, too high, or too low. Assuming that the final rule finalizes a reasonable dollar threshold, this new exception could be very helpful to health systems in shifting the focus away from certain low-dollar arrangements that are unlikely to implicate the public policy concerns undergirding the Stark Law.

  • Cybersecurity Technology and Related Services

To encourage increased interoperability and data sharing in health care, CMS proposes to protect arrangements involving the donation of certain cybersecurity technology and related services. CMS recognizes that the cost of cybersecurity software has increased dramatically, and it wants to allow health care organizations to assist physicians in acquiring this technology, either through donation or subsidy. CMS recognizes that although cybersecurity has a value to physicians, the primary motivation for a health care organization to provide software to physicians would be to protect themselves from cyberattack, especially given that a cyberattack on a single provider can threaten every entity in a larger interconnected system. CMS believes this type of donation or subsidy would not pose a risk of program or patient abuse as long as certain safeguards are in place, including:

  1. The technology and services are necessary and used predominantly to implement, maintain, or reestablish cybersecurity;
  2. Neither the eligibility of a physician for the technology or services, nor the amount or nature of the technology or services, is determined in any manner that directly takes into account the volume or value of referrals or other business generated between the parties;
  3. Neither the physician nor the physician’s practice (including employees and staff members) makes the receipt of technology or services, or the amount or nature of the technology or services, a condition of doing business with the donor; and
  4. The arrangement is documented in writing.

The above-described rule applies only to “technology” and “services”—it does not allow the donation of hardware. CMS has proposed, however, an alternative rule that would allow hardware donation as long as the donor has determined it is reasonably necessary based on cybersecurity risk assessments of its own organization and the potential recipient.

OIG has proposed a similar cybersecurity safe harbor, summarized below.

Amendments to existing Stark exceptions

CMS proposes important revisions to a number of current Stark exceptions.

  • Decoupling Stark Law from Federal Anti-Kickback Statute

Many of the present Stark Law exceptions include a requirement that the arrangement must not be in violation of the AKS. This coupling of the Stark Law with AKS has received considerable criticism from the health care industry, including in responses to CMS’s 2018 RFI.  One of the criticisms is that the Stark Law’s strict liability structure should not incorporate intent-based elements from the AKS in order for an arrangement to comply with an exception.

CMS appears sympathetic to this critique. In fact, CMS notes in its preamble that it is unaware of any instance of non-compliance with the Stark Law turning solely on an underlying AKS violation. Accordingly, CMS proposes to remove from existing Stark exceptions any reference to the requirement that an arrangement not violate the Federal Anti-Kickback Statute or any other Federal or State law governing billing or claim submissions.

  • Special rules on compensation arrangements

CMS proposes a series of revisions to various compensation exceptions, broadening the application of the exceptions and providing more flexibility to hospitals and physicians.

Temporary noncompliance with the writing and signature requirements
Under this proposal, the writing or signature requirement would be deemed satisfied if the compensation arrangement satisfies all requirements of an applicable exception and the parties obtain the writing or signatures within 90 consecutive calendar days after the date on which the arrangement failed to satisfy the requirement.

Exception for fair market value compensation
To provide flexibility to stakeholders and to protect nonabusive arrangements, CMS proposes to expand the fair market value compensation exception to apply to arrangements for rental or lease of office space. Unlike the current exception specific to rental of office space, 42 C.F.R. § 411.357(a), the revised fair market value compensation exception would not require a one-year term, giving more flexibility to allow short-term leasing arrangements with physicians.

Electronic Health Records (EHR)
CMS proposes to update provisions in the EHR exception related to interoperability and data lock-in to allow donations of certain cybersecurity software and services.  In addition, CMS proposes to remove the sunset provision, modify the definitions of “electronic health record” and “interoperable” to ensure consistency, and permit certain donations of replacement EHR technology.

New regulatory definitions

CMS proposes new clarifications for a number of key definitions in the Stark regulations in an apparent effort to establish bright-line rules. Some of these are terms whose definitions (or lack thereof) have bedeviled the healthcare industry for years and were the subject of numerous comments in response to last year’s RFI. In particular, CMS tackled the following key terms:

  • “Commercially reasonable”

CMS proposes two alternative definitions for the term “commercially reasonable”:

(i) That a particular arrangement furthers a legitimate business purpose of the parties and is on similar terms and conditions with like arrangements.

(ii) That an arrangement makes commercial sense and is entered into by a reasonable entity of similar type and size, and a reasonable physician of similar scope and specialty.

CMS also proposes to clarify in regulatory text that an arrangement may be commercially reasonable even if it does not result in profit. CMS seeks comments from the industry on each of the proposed definitions.

  • “Volume or value” and “other business generated”

CMS attempts to establish a bright-line standard for circumstances in which compensation will be considered to “take into account” the volume or value of referrals or the other business generated by the physician for the entity. Under the proposed definition, there must be a predetermined correlation between the business generated and the exact rate of compensation paid in order for the compensation to violate the volume, value, or other business generated standard. In other words, there must be a predetermined “if X, then Y” correlation, and merely hoping for or even anticipating future referrals or other business is not sufficient to show compensation is determined in a manner that takes other business generated into account. This clarification should be very helpful to health systems by undercutting rulings from the Third and Fourth Circuits that had potentially implicated very common productivity compensation models.

  • “Set in advance”

In the rule’s preamble, CMS offers additional flexibility on the requirement that compensation must be “set in advance,” which appears in several Stark exceptions. According to the rule, records of a consistent rate of payment over the course of an arrangement, from the first payment to the last, typically support the inference that the rate of compensation was set in advance (even if the rate was not reduced to writing before the furnishing of items and services began).

  • “Fair market value”

Interpreting the statutory definition of “fair market value” to be independent of the requirement that compensation does not take into account the volume or value of referrals, CMS proposes to revise the definition of “fair market value” to eliminate the connection to the volume or value standard. Generally, “fair market value” would mean the value in arm’s-length transactions, consistent with the general market value.

  • “Designated health services”

CMS proposes revising the definition of “designated health services” to clarify that a service provided by a hospital to an inpatient does not constitute a designated health service payable by Medicare if furnishing the service does not affect the amount of Medicare’s payment to the hospital under the Acute Care Hospital Inpatient Prospective Payment System (IPPS).

  • “Remuneration”

CMS proposes to remove the parenthetical in the current definition of “remuneration,” which excludes surgical items, devices or supplies from the definition carve-out. The relevant inquiry would be whether the item is used solely for one or more of the statutory purposes, regardless of whether it is also classified as surgical.  The mere fact that an item could be used for a purpose other than the listed permitted purposes does not automatically mean that furnishing the item at no cost constitutes remuneration.

  • “Isolated financial transaction”

CMS proposes to define “isolated financial transaction” in a manner that would foreclose aggressive uses of the isolated transactions exception (e.g., a single payment for multiple instances of call coverage without an associated written agreement).  While this is an instance of CMS closing a loophole relied upon by some practitioners, its effect should be partially mitigated by the November 2015 liberalizations regarding a “collection of documents” and the proposed “limited remuneration to a physician” exception.


Proposals Involving the Federal Anti-Kickback Statute and Civil Monetary Penalty Law

In its proposed rule, OIG seeks to add six new safe harbors, modify four existing safe harbors, and revise several key regulatory definitions. Although many of its proposals relate to value-based arrangements (and are summarized in our prior alert), OIG has proposed important changes unrelated to value-based arrangements that will have a major impact on the health care industry.

New AKS safe harbor

  • Safe harbor regarding donations of cybersecurity technology and services

Similar to the newly proposed CMS exception for cybersecurity, OIG has proposed a parallel safe harbor that would protect and encourage donations of certain cybersecurity technology and services. To qualify under this safe harbor, there are five conditions that the donation of cybersecurity technology and services must meet.  These requirements are roughly parallel to those in the CMS rule, with the addition of an explicit requirement that a donor of cybersecurity technology does not shift the cost of technology or services to any other Federal health care program. As written, the safe harbor would not apply to donations of hardware.  According to the rule, OIG is considering whether to provide limited protection for hardware donations, such as specific hardware that is necessary for cybersecurity, is stand-alone, and serves only cybersecurity purposes.

Revisions to existing AKS safe harbors

In addition to new safe harbors, OIG also proposes modifications to four existing safe harbors:

  • Electronic health records items and services safe harbor

OIG proposes to modify its existing electronic health records items and services safe harbor to modernize provisions regarding interoperability, to add safeguards for certain types of cybersecurity technology, and to eliminate the safe harbor’s sunset date.

  • Personal services and management contracts safe harbor and outcomes-based arrangements

OIG seeks to amend its existing personal services and management contracts safe harbor to modify the requirement that aggregate compensation be set before the work commences, to protect and add flexibility to certain outcomes-based payments, to eliminate the requirement that a contract must specify the schedule, length, and the exact charge for sporadic or part-time contracts, and to make other technical changes.

OIG also proposes to add language to protect certain “outcomes-based payments,” defined as:

payments from a principal to an agent that: (i) reward the agent for improving (or maintaining improvement in) patient or population health by achieving one or more outcome measures that effectively and efficiently coordinate care across care settings; or (ii) achieve one or more outcome measures that appropriately reduce payor costs while improving, or maintaining the improved, quality of care for patients.

Outcomes-based payments could include, for example, shared savings payments, shared losses payments, gainsharing payments, pay-for-performance payments, or episodic or bundled payments. According to the proposal, OIG also stated that outcomes-based payments would not include any payments made, directly or indirectly, by a pharmaceutical manufacturer, a manufacturer, distributor, or supplier of DMEPOS, or a laboratory. In addition, these outcomes-based payments exclude payments that are made solely to achieve internal cost savings for the principal.

  • Warranties safe harbor

OIG also proposes to modify its warranties safe harbor by adding a new definition of “warranty,” by adding protections to certain warranties for one or more items and related services, and to exclude beneficiaries from the reporting requirements that are applicable to buyers.

The new warranty definition would remove the current reference to the Magnuson-Moss Act, which defines “written warranty” in connection with the sale of a “consumer product.” OIG explains that it seeks to modify the current definition because courts have held that items regulated under the Federal, Food, Drug, and Cosmetic Act are not “consumer product(s),” and therefore, it creates confusion whether the current safe harbor covers warranties for drugs and devices regulated by the U.S. Food & Drug Administration (FDA). The new definition largely models the Magnuson-Moss Act definition, but replaces “product” with “item or bundle of items, or services in combination with one or more related items.” In addition, the definition substitutes “material” with “quality,” and also provides that a warranty includes a “written affirmation of fact or written promise [that] affirms or promises that [items and services] . . . will meet a specified level of performance over a specified period of time.” OIG states that the goal of its new definition is to protect warranty arrangements that are conditioned on clinical outcome guarantees.

  • Local transportation safe harbor

OIG proposes to change its existing local transportation safe harbor to account for extended patient travel in rural areas and to remove any mileage limitation on patient transportation after a patient’s discharge.

* * * * *

These proposed rules are expected to be published in the Federal Register on October 17, 2019. CMS and OIG will accept public comments from the date of publication through December 31, 2019.

*Special thanks to Hayley White and Rachel Park, Law Clerks in our Washington, DC office, for their assistance in preparing this post.