Originally Published in Bloomberg BNA Health IT Law & Industry Report - July 1, 2013.

View PDF

On April 10, 2013, the Centers for Medicare & Medicaid Services (‘‘CMS'') and the Office of the Inspector General of the Department of Health and Human Services (‘‘OIG'') published twin proposed rules that amend and extend the Stark Law exception and antikickback statute (‘‘AKS'') safe harbor for electronic health records (‘‘EHR'').¹ The two rules were released in tandem because the exception and safe harbor mirror each other. CMS and the OIG intend for the proposed rules to remain similarly consistent.²

When they become effective, the rules will extend the sunset provision on the two regulations, eliminate the electronic prescribing requirement for EHR systems, and update the ‘‘interoperability'' requirements to conform with the current Office of the National Coordinator for Health Information Technology's (ONC) certification program. The two agencies have also solicited comments on three other proposed changes, discussed further below. 

The Stark Law and the AKS take slightly different approaches in attempting to prevent money from influencing referrals for health care services, particularly those that are reimbursed by Medicare and other federal payor programs. However, because hospitals, health systems and other providers of federally funded health services must implement EHR systems to ensure quality patient care and, in some cases, to benefit from additional federal reimbursement for doing so, such providers necessarily must enter into financial arrangements with their affiliated physicians to ensure that everyone's EHR systems integrate properly and work well within the larger system.

How Do Stark and AKS Impact EHR?

The Stark Law prohibits physicians from referring Medicare patients to an entity with which the physician (or an immediate family member) has a financial relationship, and prohibits that entity from submitting claims to Medicare for services resulting from a prohibited referral.³ The AKS, which is not limited to physician relationships, prohibits offering, paying, soliciting or receiving anything of value to induce or reward referrals or generate federal health care program business.⁴

Because the government recognizes that hospitals and health systems must incentivize their affiliated physicians to integrate the hospital's or health system's technology into their practices, the agencies promulgated certain criteria to encourage such integration, while attempting to impose limits on the extent to which such transactions can be used for ill-gotten gains.

The Stark Law exception and AKS safe harbor both serve to permit EHR donations if certain safeguards are met, such that an entity will not violate either law if it makes a gift of EHR technology to another entity that refers patients to it.⁵ A gift of an item of value like an EHR program would normally raise fraud and abuse concerns because it could induce unnecessary referrals or have a corrupting affect on providers and the health care decisions they make for their patients. However, the exemptions were crafted to encourage widespread implementation of EHRs and allow physician groups and other smaller practices to accept gifts of EHR software or programs from other entities to which they might refer patients without running afoul of these laws. The exemptions were designed with sunset provisions because, while the agencies wanted to encourage widespread EHR use, this had to be balanced against the concern of unacceptably long-term remuneration ties between medical providers.

The Current Rules

The Stark Law exception and the AKS safe harbor both currently require the EHR to contain electronic prescribing technology and for the system to be ‘‘interoperable'' (that it communicate with other technology systems and software⁶). Further, the donor may not limit the use or operability of the EHR or condition the gift on doing business with the donor. Also, the arrangement must be set forth in a written agreement, the software may not be primarily used to conduct business unrelated to the medical practice, and that the recipient must pay a portion (15%) of the cost of items and services provided.

The Proposed Rules

The proposed amendments to the two sets of rules affect the sunset provision, as well as the e-prescribing and ‘‘interoperability'' requirements. Currently, the exception and safe harbor are set to expire Dec. 31, 2013,⁷ and the agencies propose to extend them until Dec. 31, 2016. Despite the dramatic rise of EHR use since the original rules were put in place, the agencies recognize a need to lengthen the timeframe in order to encourage further adoption of EHR systems. The 2016 date was chosen because it corresponds to the last year entities may receive Medicare EHR ‘‘meaningful use'' incentive payments, and that is the last year they can initiate participation in the Medicaid EHR incentive program. However, the agencies specifically sought comments on the new sunset date because they left open the possibility of extending it further, possibly into 2021.

The amendments change the definition of the meaning of the term ‘‘interoperable.'' In an attempt to reduce fraud and abuse risk, the original rules require the EHR systems to interact smoothly with other software products and systems so that the recipient is not limited to communicating only with the donor, but may instead share patient information with other medical providers (including competitors of the donor). The current provisions deem an EHR system to be interoperable if ‘‘a certifying body recognized by the Secretary has certified the software no more than 12 months prior to the date it is provided to the recipient.''⁸

The new provision would update that requirement in two ways. First, it would modify the regulation to specifically recognize the ONC as the body responsible for ‘‘recognizing'' ‘‘certifying bodies.'' Second, the provision would remove the 12 month requirement to allow greater flexibility in determining interoperability. The new provision allows for any system to qualify if it was certified as interoperable according to the version of the Certified EHR Technology set forth in 45 C.F.R. part 170 when the system was donated.

The amendments also eliminate the electronic prescribing provision. The current regulations require the donated EHR to contain ‘‘an electronic prescribing component or the ability to interface with the recipient's existing electronic prescribing system, that meets the applicable standards under Medicare Part D.''⁹ The requirement was originally included because the agencies viewed it as critically important to ‘‘producing the overall benefits of health information technology.'"¹⁰ However, since then, Congress has enacted legislation that independently incentivizes providers to implement electronic prescribing,¹¹ and the agencies now believe that there are ‘‘sufficient alternative policy drivers''¹² that make the electronic prescribing requirement unnecessary. The agencies have further acknowledged that removing the requirement does not increase the likelihood of fraud or abuse.

Three Other Issues for Comment

The agencies solicited comments on three other proposed changes to the EHR exception and safe harbor: limiting permissible donors, adding provisions to reduce the likelihood of data lock-in, and specifically enumerating the scope of the covered technology.

Regarding donor types, the exemptions are currently very broad: the Stark Law exception applies broadly to any entity donating EHR to any physician, and the AKS safe harbor applies to any entity covered by a Federal health care program or health plan donating EHR to any entity engaged in the delivery of health care. However, since the original rules were adopted, the OIG has learned that, even when donated EHR is interoperable on its face, it can, in some cases, lead to data and referral lock-in.¹³ As such, the agencies propose to limit the exemptions to donors that have a ‘‘direct and primary patient care relationship and a central role in the health care delivery infrastructure.''¹⁴

The agencies particularly seek to exclude donors with a high fraud risk, such as laboratory companies, durable medical equipment (‘‘DME'') suppliers, and independent home health agencies.¹⁵ Thus, the agencies propose either to specifically enumerate what donors are protected, or leave the protected category broad but specifically disallow the high risk donors.

The agencies also seek comments on changes that could be made in the regulations to reduce data lock-in and to further encourage the free exchange of data.¹⁶ Specifically, the agencies are asking ‘‘what new or modified conditions'' could be added to accomplish those goals, and whether any new conditions should be placed in addition to, or in lieu of, the proposal to limit the scope of permissible donors.¹⁷

Lastly, the agencies solicited comments on what kinds of technology should be protected. Currently, the provisions state that protected EHR is ‘‘items and services in the form of software or information technology and training services.''¹⁸ The agencies believe the current regulatory text is clear, but in light of some confusion among stakeholders, they seek comments on changes that would make the language clearer.¹⁹

Overall Impact of the Proposed Changes

While the nuts and bolts of the Stark Law exception and AKS safe harbor remain the same, the proposed amendments would create some important changes. The extension of the sunset provisions would give donors more time to consider donating, which could lead to an increase in donations, or perhaps smooth out any donation bump that might otherwise have occurred at the end of 2013.

Because providers who receive donated EHR must pay 15% of the donor's costs before receipt, the extension will relieve recipients with budgetary concerns from facing the time-crunch under the current 2013 deadline, which would also likely lead to more providers taking advantage of the EHR exemptions. The broader definition of ‘‘interoperability'' and the removal of the 12-month limit for EHR interoperability certification will also allow for greater flexibility in types of software and programs, which is also likely to lead to more donations.

On the other hand, the new regulations would limit permissible donors. Whether the new rules ultimately enumerate precisely who may donate, or leave the protected category broad and enumerate only those who are specifically disallowed, the likely impact will be to reduce the amount and type of entities that may make protected EHR donations. Hospitals, group practices, Medicare Part D prescription drug plan sponsors, and Medicare Advantage organizations will likely continue to be included, but laboratory companies, DME suppliers, and independent home health agencies probably will not be.²⁰ Who else will fall out of coverage remains to be seen.

Any increase in EHR donations would also likely spur more providers to seek EHR incentive payments from Medicare and Medicaid because, once they have an EHR system, providers have no real down-side to participating in either the Medicare or Medicaid incentive program. The Medicaid program allows for an incentive payment in the first year just for adopting or implementing an EHR. The Medicare program and the Medicaid program after year one require the provider to demonstrate meaningful use and other requirements. Further, providers who meet the Medicare program requirements but choose not to participate will see a reduction in Medicare payments beginning in 2015, which amounts essentially to a penalty for not participating.

For any entity considering making a donation under the Stark Law exception, the donation must precisely satisfy each aspect of the exception so that the financial relationship between the donor and recipient does not taint any referrals from the recipient to the donor for Medicare services. Similarly, in order to benefit from full protection of the EHR AKS safe harbor, the arrangement needs to meet all of its requirements. However, failure to meet an AKS safe harbor does not necessarily make the arrangement illegal under the AKS.

EHR donors and recipients should check the regulations in effect at the time a donation is made, because the regulations are not yet finalized, and the regulatory language is likely to change before the rules are formally adopted.

¹ Physicians' Referrals to Health Care Entities: Exception for Certain Electronic Health Records Arrangements, 78 Fed. Reg. 21,308 (proposed Apr. 10, 2013) (to be codified at 42 C.F.R. pt. 411); Electronic Health Records Safe Harbor Under the Anti-Kickback Statute, 78 Fed. Reg. 21,314 (proposed Apr. 10, 2013) (to be codified at 42 C.F.R. pt. 1001).

² Physicians' Referrals to Health Care Entities: Exception for Certain Electronic Health Records Arrangements, 78 Fed. Reg. at 21,310.

³ 42 U.S.C. § 1395nn.

⁴ 42 U.S.C. § 13020a-7b(b).

⁵ 42 C.F.R. § 411.357(w); 42 C.F.R. § 1001.952(y).

⁶ 42 C.F.R. § 1001.952(y) note.

⁷ 42 C.F.R. § 411.357(w)(13); 42 C.F.R. § 1001.952(y)(13).

⁸ 42 C.F.R. § 1001.952(y)(2).

⁹ Id. at § 1001.952(y)(10); 42 C.F.R. § 411.357(w)(11).

¹⁰ Physicians Referrals to Health Care Entities With Which They Have Financial Relationships; Exceptions for Certain Electronic Prescribing and Electronic Health Records Arrangements, 71 Fed. Reg. 45,14, 45,153 (Aug. 8, 2006).

¹¹ The Medicare Improvements for Patients and Providers Act of 2008 (MIPPA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009.

¹² Physicians' Referrals to Health Care Entities: Exception for Certain Electronic Health Records Arrangements, 78 Fed. Reg. at 21,311; Electronic Health Records Safe Harbor Under the Anti-Kickback Statute, 78 Fed. Reg. at 21,317.

¹³ Electronic Health Records Safe Harbor Under the Anti-Kickback Statute, 78 Fed. Reg. at 21,318.

¹⁴ Id.

¹⁵ Id.

¹⁶ Id. at 21,318-19.

¹⁷ Id. at 21,319.

¹⁸ 42 C.F.R. § 411.357(w); 42 C.F.R. § 1001.952(y).

¹⁹ Electronic Health Records Safe Harbor Under the Anti-Kickback Statute, 78 Fed. Reg. at 21,319.

²⁰ Id. at 21,318.