Skip to Content
Rule

Medicare and State Health Care Programs: Fraud and Abuse; Safe Harbors for Certain Electronic Prescribing and Electronic Health Records Arrangements Under the Anti-Kickback Statute

Action

Final Rule.

Summary

As required by the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA), Public Law 108-173, this final rule establishes a new safe harbor under the Federal anti-kickback statute for certain arrangements involving the provision of electronic prescribing technology. Specifically, the safe harbor would protect certain arrangements involving hospitals, group practices, and prescription drug plan (PDP) sponsors and Medicare Advantage (MA) organizations that provide to specified recipients certain nonmonetary remuneration in the form of hardware, software, or information technology and training services necessary and used solely to receive and transmit electronic prescription information. In addition, in accordance with section 1128B(b)(3)(E) of the Social Security Act (the Act), this final rule creates a separate new safe harbor for certain arrangements involving the provision of nonmonetary remuneration in the form of electronic health records software or information technology and training services necessary and used predominantly to create, maintain, transmit, or receive electronic health records.

 

Table of Contents Back to Top

DATES: Back to Top

Effective Date: These regulations are effective October 10, 2006.

FOR FURTHER INFORMATION CONTACT: Back to Top

Catherine Martin, Office of Counsel to the Inspector General, (202) 619-0335.

SUPPLEMENTARY INFORMATION: Back to Top

I. Background Back to Top

Overview—Establishing New Safe Harbors for Arrangements Involving Electronic Prescribing and Electronic Health Records Technology

This final rule establishes safe harbor protection for certain arrangements involving the donation of electronic prescribing and electronic health records technology. Section I contains a brief background discussion addressing the anti-kickback statute and safe harbors; a summary of the relevant MMA provisions; a summary of the proposed safe harbors; and a summary of the final safe harbors. Section II contains a summary of the public comments and our responses.

A. The Anti-Kickback Statute and Safe Harbors

Section 1128B(b) of the Act (42 U.S.C. 1320a-7b(b), the “anti-kickback statute”) provides criminal penalties for individuals or entities that knowingly and willfully offer, pay, solicit, or receive remuneration in order to induce or reward the referral of business reimbursable under any of the Federal health care programs, as defined in section 1128B(f) of the Act. The offense is classified as a felony and is punishable by fines of up to $25,000 and imprisonment for up to five years. Violations of the anti-kickback statute may also result in the imposition of civil money penalties (CMPs) under section 1128A(a)(7) of the Act (42 U.S.C. 1320a-7a(a)(7)), program exclusion under section 1128(b)(7) of the Act (42 U.S.C. 1320a-7(b)(7)), and liability under the False Claims Act, (31 U.S.C. 3729-33).

The types of remuneration prohibited specifically include, without limitation, kickbacks, bribes, and rebates, whether made directly or indirectly, overtly or covertly, in cash or in kind. Prohibited conduct includes not only the payment of remuneration intended to induce or reward referrals of patients, but also the payment of remuneration intended to induce or reward the purchasing, leasing, or ordering of, or arranging for or recommending the purchasing, leasing, or ordering of, any good, facility, service, or item reimbursable by any Federal health care program.

Because of the broad reach of the statute, concern was expressed that some relatively innocuous commercial arrangements were covered by the statute and, therefore, potentially subject to criminal prosecution. In response, Congress enacted section 14 of the Medicare and Medicaid Patient and Program Protection Act of 1987, 100 (section 1128B(b)(3)(E) of the Act), which specifically required the development and promulgation of regulations, the so-called “safe harbor” provisions, which would specify various payment and business practices that would not be treated as criminal offenses under the anti-kickback statute, even though they may potentially be capable of inducing referrals of business under the Federal health care programs. Since July 29, 1991, we have published in the Federal Register a series of final regulations establishing “safe harbors” in various areas. [1] These OIG safe harbor provisions have been developed “to limit the reach of the statute somewhat by permitting certain non-abusive arrangements, while encouraging beneficial or innocuous arrangements.” (56 FR 35952, 35958; July 21, 1991).

Health care providers and others may voluntarily seek to comply with safe harbors so that they have the assurance that their business practices will not be subject to liability under the anti-kickback statute, the CMP provision for anti-kickback violations, or the program exclusion authority related to kickbacks. In giving the Department of Health and Human Services the authority to protect certain arrangements and payment practices from penalties under the anti-kickback statute, Congress intended the safe harbor regulations to be evolving rules that would be updated periodically to reflect changing business practices and technologies in the health care industry.

B. Section 101 of MMA

Section 101 of the MMA added a new section 1860D to the Act, establishing a Part D prescription drug benefit in the Medicare program. As part of the new statutory provision, Congress, through section 1860D-4(e) of the Act, directed the Secretary to create standards for electronic prescribing in connection with the new prescription drug benefit, with the objective of improving patient safety, quality of care, and efficiency in the delivery of care. [2] Section 1860D-4(e)(6) of the Act directs the Secretary, in consultation with the Attorney General, to create a safe harbor to the anti-kickback statute that would protect certain arrangements involving the provision of nonmonetary remuneration (consisting of items and services in the form of hardware, software, or information technology and training services) that is necessary and used solely to receive and transmit electronic prescription information in accordance with electronic prescribing standards promulgated by the Secretary under section 1860D-4(e)(4) of the Act. Specifically, the safe harbor would set forth conditions under which the provision of such technology by hospitals, group practices, and PDP sponsors and MA organizations to certain prescribing health care professionals, pharmacies, and pharmacists would be protected.

We do not believe Congress, in enacting section 1860D-4(e)(6) of the Act, intended to suggest that a new safe harbor is needed for all or even most arrangements involving the provision of electronic prescribing items and services. In general, fair market value arrangements that are arm's-length and do not take into account in any manner the volume or value of Federal health care program business, or arrangements that do not have as one purpose the generation of business payable by a Federal health care program, should not raise concerns under the anti-kickback statute. In addition, many arrangements can be structured to fit in existing safe harbors, including the safe harbors for discounts (42 CFR 1001.952(h)) and for remuneration offered to employees (42 CFR 1001.952(i)). Finally, parties may use the OIG advisory opinion process (42 CFR part 1008; http://oig.hhs.gov/fraud/advisoryopinions.html) to determine whether their particular arrangements would be subject to OIG sanctions.

In addition to the new safe harbor under the anti-kickback statute, section 1860D-4(e)(6) of the Act directs the Secretary to create a corresponding exception to section 1877 of the Act, commonly known as the physician self-referral law. That exception is being promulgated through a separate rulemaking by the Centers for Medicare Medicaid Services (CMS), the agency that administers the physician self-referral law. We have endeavored to ensure as much consistency as possible between our final safe harbor and the corresponding final physician self-referral exception, given the differences in the respective underlying statutes. One significant difference in the statutory schemes is that fitting in an exception under section 1877 is mandatory, whereas complying with a safe harbor under the anti-kickback statute is voluntary. In other words, arrangements that do not comply with the electronic prescribing safe harbor at 42 CFR 1001.952(x) will not necessarily be illegal under the anti-kickback statute. Rather, they will be subject to the customary case-by-case review under the statute to determine the parties' intent. (The same holds true for electronic health records technology arrangements that do not fit in the new safe harbor at 42 CFR 1001.952(y).) Another difference is that section 1877 applies only to referrals from physicians, while the anti-kickback statute applies more broadly.

C. Summary of the Proposed Rulemaking

On October 11, 2005, we published a notice of proposed rulemaking to promulgate three safe harbors under the anti-kickback statute (70 FR 59015; October 11, 2005). The first proposed safe harbor addressed arrangements involving electronic prescribing technology, as required by section 101 of the MMA. Many industry and government stakeholders had expressed concerns that the MMA provision was not sufficiently useful or practical, and would not adequately advance the goal of achieving improved health care quality and efficiency through widespread adoption of interoperable electronic health records systems. Accordingly, we proposed two additional safe harbors to address donations of certain electronic health records software and directly related training services, using our authority at section 1128B(b)(3)(E) of the Act. One proposed safe harbor would have protected certain arrangements involving nonmonetary remuneration in the form of interoperable electronic health records software certified in accordance with criteria adopted by the Secretary (and directly related training services). The second proposed safe harbor would have protected certain arrangements involving donations of electronic health records software before adoption of certification criteria.

D. Summary of the Final Rulemaking

In this final rulemaking, we are adding two new safe harbors to the existing regulations at 42 CFR 1001.952: One protecting certain arrangements involving electronic prescribing technology (new 42 CFR 1001.952(x)) and one protecting certain arrangements involving interoperable electronic health records software or information technology and training services (new 42 CFR 1001.952(y)). (For purposes of this rulemaking referred to, respectively, as the “electronic prescribing safe harbor” and the “electronic health records safe harbor.”) For the reasons explained below in Section II, we are abandoning the proposal to have separate pre- and post-interoperability safe harbors for electronic health records arrangements.

OIG has a longstanding concern about the provision of free or reduced price goods or services to an existing or potential referral source. There is a substantial risk that free or reduced price goods or services may be used as a vehicle to disguise or confer an unlawful payment for referrals of Federal health care program business. Financial incentives offered, paid, solicited, or received to induce or in exchange for generating Federal health care business increase the risks of, among other problems: (i) Overutilization of health care items or services; (ii) increased Federal program costs; (iii) corruption of medical decision making; and (iv) unfair competition. Thus, consistent with the structure and purpose of the anti-kickback statute and the regulatory authority at section 1128B(b)(3)(E) of the Act, we believe any safe harbor for electronic health records arrangements should protect beneficial arrangements that would eliminate perceived barriers to the adoption of electronic health records without creating undue risk that the arrangements might be used to induce or reward the generation of Federal health care program business.

For the convenience of the public, we are providing the following chart that lays out schematically the overall structure and approach of the final safe harbors, details of which are provided below in sections II. B. and II. C. Readers are cautioned that the final safe harbors contain additional conditions and information not summarized here.

MMA-mandated electronic prescribing safe harbor Electronic health records arrangements safe harbor
Authority for Final Safe Harbor Section 101 of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 Section 1128B(b)(3)(E) of the Social Security Act.
Covered Technology Items and services that are necessary and used solely to transmit and receive electronic prescription information Includes hardware, software, internet connectivity, and training and support services Software necessary and used predominantly to create, maintain, transmit, or receive electronic health records. Software must include an electronic prescribing component. (Software packages may also include functions related to patient administration, for example, scheduling, billing, and clinical support.) Information technology and training services, which could include, for example, internet connectivity and help desk support services. Does not include hardware.
Standards with Which Donated Technology Must Comply Final standards for electronic prescribing as adopted by the Secretary Electronic health records software that is interoperable. Certified software may be deemed interoperable under certain circumstances. Electronic prescribing capability must comply with final standards for electronic prescribing adopted by the Secretary.
Donors and Recipients As required by statute, protected donors and recipients are hospitals to members of their medical staffs, group practices to physician members, PDP sponsors and MA organizations to network pharmacists and pharmacies, and to prescribing health care professionals Protected donors are (i) individuals and entities that provide covered services and submit claims or requests for payment, either directly or through reassignment, to any Federal health care program and (ii) health plans. Protected recipients are individuals and entities engaged in the delivery of health care.
Selection of Recipients Donors may not select recipients using any method that takes into account the volume or value of referrals from the recipient or other business generated between the parties Donors may not select recipients using any method that takes into account directly the volume or value of referrals from the recipient or other business generated between the parties.
Value of Protected Technology No limit on the value of donations of electronic prescribing technology Recipients must pay 15% of the donor's cost for the donated technology. The donor (or any affiliate) must not finance the recipient's payment or loan funds to the recipient for use by the recipient to pay for the technology.
Expiration of the Safe Harbor None Safe harbor sunsets on December 31, 2013.

II. Summary of Public Comments and OIG Responses Back to Top

OIG received a total of 71 timely filed comments from entities and individuals. The majority of the comments came from hospitals and health systems, trade associations, and vendors. OIG also received comments from information technology organizations, health plans, nonprofit organizations, pharmaceutical manufacturers, pharmacies, and physician organizations. In addition, OIG participated in an Open Door Forum organized by CMS on November 9, 2005, at which various stakeholders addressed a wide array of issues.

Overall, the commenters welcomed the establishment of safe harbors for electronic prescribing and electronic health records technology arrangements. However, we received many specific comments about various aspects of the proposed rules. We have divided the summaries of the public comments and our responses into four parts: (1) General comments for all of the proposed safe harbors; (2) comments specific to the electronic prescribing safe harbor; (3) comments specific to the electronic health records safe harbor; and (4) comments specific to community-wide health information systems.

A. General Comments

Comment: Most commenters supported the promulgation of safe harbors for electronic prescribing and electronic health records arrangements. Commenters observed that both Congress and the Administration have recognized the compelling need for rapid and widespread adoption of electronic prescribing and electronic health records technology. Several commenters urged that fraud and abuse concerns not impede the adoption of health information technology. In this regard, some commenters suggested that the final regulations should better balance the goal of preventing fraud and abuse in the short-term with the goal of creating incentives for health information technology arrangements that result in greater fraud reduction, increased quality and efficiency, and better patient care. One commenter asserted that investments in health information technology and the desire to provide an incentive to participate in health information technology systems do not raise typical fraud and abuse concerns present with other financial arrangements. However, another commenter noted that the proposed rule generally struck an appropriate balance between the needs of physicians who may require assistance to develop health information technology systems and the underlying purposes of the Federal fraud and abuse laws.

Response: We disagree with the commenter that suggested that financial arrangements involving incentives in the form of health information technology do not pose the same fraud and abuse concerns as other financial arrangements between parties in a potential referral relationship. Indeed, our enforcement experience demonstrates that improper remuneration for Federal health care program business may take many forms, including free computers, facsimile machines, software, and other goods and services. However, we recognize that certain transfers of health information technology between parties with actual or potential referral relationships may further the important national policy of promoting widespread adoption of health information technology to improve patient safety, quality of care, and efficiency in the delivery of health care. We believe the final rule strikes the appropriate balance between promoting the adoption of health information technology and protecting against fraud and abuse.

Comment: Several commenters urged that Congress and the Administration need to do more to offer meaningful financial incentives for practitioners to accept the increased cost and workflow burdens associated with the implementation of health information technology, for example, by providing modest add-on payments to physicians who employ health information technology as part of overall quality improvement measures. Some commenters observed that the proposed regulations would remove a minor impediment to the adoption of health information technology, but that the Department must play a larger role in providing capital for the technologies that assist physicians in providing quality care and avoiding medical errors.

Response: These comments address matters outside the scope of this rulemaking. The Administration supports the adoption of health information technology as a normal cost of doing business. The 2007 Budget states that “[t]he Administration supports the adoption of health information technology (IT) as a normal cost of doing business to ensure patients receive high quality care.”

Comment: Some commenters complained that the proposed safe harbors were too narrow and vague. These commenters urged that the final safe harbors should be easy to understand, interpret, and enforce so that donors and recipients can readily distinguish permissible activities from those that violate the statute. Some commenters believed that the proposed rules were too complex and might have the unintended effect of discouraging participation in health information technology arrangements.

Response: As described elsewhere in this preamble, we have adopted a number of modifications and changes that address the commenters' concerns. While the final safe harbor at § 1001.952(x) addresses only electronic prescribing arrangements, the final safe harbor at § 1001.952(y) protects a broad scope of arrangements involving electronic health records technology. We have made a number of changes that clarify and simplify the final rules. We have endeavored to create bright line provisions to the extent possible. We reiterate that compliance with a safe harbor does not necessarily distinguish between lawful and unlawful activities under the Federal anti-kickback statute. Compliance with a safe harbor is voluntary; arrangements that do not comply are not per se illegal. As we explained in the preamble to the 1991 final safe harbors regulations:

* * * If a person participates in an arrangement that fully complies with a given [safe harbor] provision, he or she will be assured of not being prosecuted criminally or civilly for the arrangement that is the subject of that provision * * * This [safe harbor] regulation does not expand the scope of activities that the statute prohibits. The statute itself describes the scope of illegal activities. The legality of a particular business arrangement must be determined by comparing the particular facts to the proscriptions of the statute.

The failure to comply with a safe harbor can mean one of three things. First * * * it may mean that the arrangement does not fall within the ambit of the statute. In other words, the arrangement is not intended to induce the referral of business reimbursable under Medicare or Medicaid; so there is no reason to comply with the safe harbor standards, and no risk of prosecution.

Second, at the other end of the spectrum, the arrangement could be a clear statutory violation and also not qualify for safe harbor protection. In that case, assuming the arrangement is obviously abusive, prosecution would be very likely.

Third, the arrangement may violate the statute in a less serious manner, although not be in compliance with a safe harbor provision. Here, there is no way to predict the degree of risk. Rather, the degree of risk depends on an evaluation of the many factors which are part of the decision-making process regarding case selection for investigation and prosecution * * *. (56 FR 35952, 35954; July 29, 1991).

We do not believe Congress, in enacting section 1860D-4(e)(6) of the Act, intended to suggest that a new safe harbor is needed for all or even most arrangements involving the provision of electronic prescribing items and services. Nor do we believe a safe harbor is needed for all electronic health records arrangements. In general, fair market value arrangements that are arm's-length and do not take into account in any manner the volume or value of Federal health care program business, or arrangements that do not have as one purpose the generation of business payable by a Federal health care program, should not raise concerns under the anti-kickback statute. In addition, many arrangements can be structured to fit in existing safe harbors.

Comment: Some commenters observed that in describing the nonmonetary remuneration that would be included in the proposed safe harbors, the proposed safe harbors did not reflect the many existing combinations and varieties of electronic prescribing, electronic health records, and similar technology.

Response: As discussed more fully below, we believe that the final safe harbors are sufficiently broad to accommodate the most essential current and evolving electronic prescribing and electronic health records technology. We started this rulemaking process by looking to the guidance from the Congress in section 101 of the MMA with respect to electronic prescribing technology. Using our regulatory authority, we have added a separate safe harbor for arrangements involving electronic health records software or information technology and training services. We believe that we have appropriately balanced the goal of promoting widespread adoption of health information technology against the significant fraud and abuse concerns that stem from the provision of free or reduced cost goods or services to actual or potential referral sources.

Comment: A commenter suggested that the final regulations should include provisions that allow CMS to evaluate and ensure that the regulatory requirements, once enacted, have not negatively impacted key stakeholders or business segments within the healthcare industry.

Response: It would be inappropriate for a safe harbor under the anti-kickback statute to include a provision for ongoing CMS evaluation. Like all regulatory safe harbors, OIG may in future rulemaking propose modifications or clarifications to the safe harbor conditions, as appropriate. OIG annually solicits suggestions from the industry for new and modified safe harbors in accordance with section 205 of the Health Insurance Portability and Accountability Act of 1996.

Comment: We solicited comments on whether and, if so, how, to take into account recipient access to publicly available software at free or reduced prices. One commenter urged that the availability of free public software should not impact the design of the final safe harbors. In addition, the commenter urged that physicians and hospitals be granted substantial latitude in selecting interoperable technology that best meets their needs.

Response: Upon further consideration, we have concluded that it is not necessary to take the availability of publicly available software into account in developing the final safe harbors. Hospitals, physicians, and other donors and recipients will have great latitude in selecting technology that will qualify for safe harbor protection. Nothing in this rule limits the choice of health information technology, although certain transfers of technology, such as non-interoperable electronic health records software (as discussed below), would not qualify for safe harbor protection, because it would not meet all safe harbor conditions. As noted elsewhere, arrangements that fall outside a safe harbor must be evaluated under the anti-kickback statute on a case-by-case basis.

Comment: Some commenters suggested that the safe harbors under the anti-kickback statute should mirror the exceptions under the physician self-referral law in all respects in order to promote the rapid and widespread adoption of electronic prescribing and electronic health records technology. A few commenters suggested that we not adopt anti-kickback statute safe harbors or that any safe harbors should be stricter than any corresponding exceptions to the physician self-referral law.

Response: We believe consistency between these safe harbors and the corresponding exceptions under the physician self-referral law is preferable. We have attempted to ensure as much consistency between the two sets of regulations as possible given the underlying differences in the two statutory schemes.

Comment: Some commenters wanted the final safe harbors to preempt any State laws or regulations that conflict with the requirements of the safe harbors.

Response: The MMA specifically dictated that the Part D electronic prescribing standards would preempt any State law or regulation that (1) is contrary to the adopted final Part D electronic prescribing standards or that restricts the Department's ability to carry out Part D of Title XVIII and (2) pertains to the electronic transmission of medication history and information on eligibility, benefits, and prescriptions with respect to covered Part D drugs under Part D. However, no similar mandate was provided with respect to the anti-kickback safe harbor for the donation of electronic prescribing technology. Moreover, the legal authority for the electronic health records safe harbor in this rule is derived from section 1128B(b)(3)(E) of the Act, which similarly does not provide authority to preempt State anti-kickback laws.

Comment: Some commenters inquired whether the electronic information that is transmitted via electronic prescribing or electronic health records systems would be considered remuneration for purposes of the anti-kickback statute.

Response: Whether a particular item or service constitutes remuneration for purposes of the anti-kickback statute depends on the particular facts and circumstances. Typically, information about a particular patient's health status, medical condition, or treatment exchanged between or among the patient's health care providers and suppliers for the purpose of diagnosing or treating the patient would not constitute remuneration to the recipient of the information. In this regard, the electronic exchange of patient health care information is comparable to the exchange of such information by mail, courier, or telephone conversation. Thus, when related to the care of individual patients, information such as test results, diagnosis codes, descriptions of symptoms, medical history, and prescription information are part of the delivery of the health care services and would not have independent value to the recipient. However, in other situations, information may be a commodity with value that could be conferred to induce or reward referrals. For example, data related to research or marketing purposes, or information otherwise obtained through a subscription or for a fee, could constitute remuneration for purposes of the anti-kickback statute.

B. Electronic Prescribing Safe Harbor Required Under Section 101 of the MMA (42 CFR 1001.952(x))

Summary of the Proposed Rule

On October 11, 2005, as mandated in the MMA, we proposed adding a new paragraph (x) to the existing safe harbor regulations at 42 CFR 1001.952 for certain electronic prescribing arrangements. Specifically, we proposed:

  • Protecting certain arrangements involving the provision of nonmonetary remuneration—in the form of hardware, software, or information technology or training services—necessary and used solely to receive and transmit electronic drug prescription information. We construed this language broadly to include internet connectivity services (of all types, including broadband or wireless), and upgrades of equipment and software that significantly enhanced functionality.
  • Requiring that the donated technology must be part of, or used to access, a prescription drug program that meets applicable standards under Medicare Part D.
  • Protecting technology provided by a hospital to its medical staff; by a medical group practice to its members; and by a PDP sponsor or MA organization to prescribing health care professionals, as well as to pharmacies and pharmacists in the plan's network, so long as all of the safe harbor conditions were satisfied.
  • Prohibiting a recipient from making donation of technology a condition of doing business with a donor.
  • Requiring that protected arrangements be fully and completely documented.
  • Excluding donations of technology that replicate technology the recipient already possesses. To ensure compliance with this provision, we proposed requiring recipients to certify that they did not already possess equivalent technology. Moreover, we proposed that donors would not be protected if they knew or should have known that the recipients already possessed equivalent technology.
  • Requiring that neither a recipient's eligibility for donated technology, nor the amount or nature of the technology, could be determined in any manner that directly or indirectly takes into account the volume or value of referrals or other business generated between the parties.
  • Requiring that the parties not take any action to impede the compatibility or interoperability of the technology.
  • Requiring that the donor not restrict the ability of the recipient to use the technology for any patient, regardless of payor.
  • Limiting the value of donated technology that could be protected by the safe harbor.
  • In deference to the limitations imposed by the “used solely” standard set forth in the MMA, promulgating a separate safe harbor for multi-functional items and services used for electronic prescribing (e.g., connectivity services and multi-use hand held devices or computers).

Summary of the Final Rule

The final safe harbor at 42 CFR 1001.952(x) adopts the proposed safe harbor, with the following key clarifications:

  • The final rule protects technology necessary and used solely to receive and transmit any prescription information, whether related to drugs or to other items or services normally ordered by prescription (e.g., laboratory tests and durable medical equipment orders).
  • Donations may be in an unlimited amount.
  • We have abandoned our proposal to require that recipients provide a written certification that the donated technology is not technically or functionally equivalent to the technology the recipient already possessed or had obtained. We have added language that permits arrangements to be memorialized through cross-referencing incorporation of prior agreements between the parties.
  • We are not finalizing a separate safe harbor for multi-functional electronic prescribing technology.

General Comments

Comment: Many commenters stated that the proposed electronic prescribing safe harbor was too narrow to be useful and should be merged into an electronic health records safe harbor, noting that physicians would likely resist adopting stand-alone electronic prescribing systems. One commenter observed that the proposed rule was generally in accordance with congressional intent underlying section 101 of the MMA.

Response: We agree that the proposed safe harbor was consistent with congressional intent. As we are not free to ignore a congressional mandate, we must promulgate the electronic prescribing safe harbor described in section 101 of the MMA. However, we are also promulgating a separate safe harbor for electronic health records arrangements that also incorporate an electronic prescribing component. This new safe harbor should address the commenters' concerns.

1. Protected Nonmonetary Remuneration

a. Necessary and Used Solely

In the proposed rule, we proposed protecting items and services that are necessary and used solely to transmit and receive electronic prescription drug information. We stated that the safe harbor would not protect arrangements in which donors provided items or services that were technically or functionally equivalent to items that the recipient already possessed or services that the recipient had already obtained. We proposed requiring the recipient to certify that the items and services provided were not technically or functionally equivalent to those that the recipient already possessed or had already obtained. We also proposed that arrangements would not be protected if the donor knowingly provided technology that duplicated the recipient's existing technology. We indicated that upgrades of equipment or software that significantly enhanced the functionality of the item or service would be considered “necessary” for purposes of the safe harbor.

Because the term “necessary” appeared in our proposed rulemaking in the discussions of all three proposed safe harbors, many commenters chose to address this requirement primarily in the context of the proposed safe harbors for electronic health records arrangements. Thus, there is a detailed discussion of our interpretation of the term “necessary” in section II.C.1.b of this preamble, which addresses the new electronic health records safe harbor. We intend to interpret the term “necessary” uniformly for both new safe harbors. We are addressing here only those comments received on the proposed electronic prescribing safe harbor requirement that transferred technology be “necessary and used solely” to receive and transmit electronic prescription information.

Comment: One commenter observed that the “necessary and used solely” requirement ensures that items and services will be used to encourage electronic prescribing activities. This commenter suggested including an additional requirement that the items or services be clearly intended to promote interoperability of health information and the improvement of quality in a clinical setting.

Response: We agree that it was the intent of Congress to encourage electronic prescribing activities, in part, through the development of a safe harbor for transfers of certain items and services necessary and used solely for electronic prescribing transactions. However, the intent-based additional standard suggested by the commenter, while reflecting laudable goals, is not sufficiently “bright line” for purposes of this safe harbor. We have included a requirement at § 1001.952(x)(2) intended to ensure that protected technology meets Part D electronic prescribing standards applicable at the time of the donation, including any standards relating to interoperability.

Comment: Some commenters expressed concern that OIG has taken an unnecessarily narrow interpretation of the statutory language “necessary and used solely to receive and transmit electronic prescription information in accordance with the standards promulgated under this subsection [section 101 of the MMA] * * *.” One commenter explained its view that the phrase “necessary and used solely” should be read so that the word “necessary” modifies the phrase “to receive and transmit electronic prescription information” and the phrase “used solely” modifies the phrase “in accordance with the standards promulgated under this subsection.” In other words, in this commenter's view the protected hardware, software and services must be “necessary” to perform electronic prescribing transactions “solely” in accordance with CMS established data interchange standards. This commenter explained that this interpretation would be consistent with the purpose of the safe harbor and the practical realities of computers and electronic transactions.

Response: We appreciate the comment; however, we do not believe the commenter's proposed interpretation is the best or most logical reading of the statutory language. We believe the better and less strained reading is that Congress intended for all donated technology to be necessary for the receipt and transmission of electronic prescription information and to be used solely for that purpose. The requirement that the items and services be “necessary and used solely” for transmitting and receiving electronic prescribing information helps minimize the potential for abuse. Limiting the safe harbor to necessary items and services helps ensure the safe harbor does not become a means of conveying valuable items and services that do not further the underlying policy goals and that might, in reality, constitute disguised referral payments.

As we noted in the preamble to the proposed rulemaking, we believe Congress included the “used solely” requirement to safeguard against abusive arrangements in which the donated technology might constitute a payment for referrals because it might have additional value attributable to uses other than electronic prescribing. See 70 FR at 59018. For example, a computer that a physician can use to conduct office or personal business might have value to the physician apart from its electronic prescribing purpose; if this value is transferred to the physician in connection with referrals, the statute would be implicated. [3] Accordingly, consistent with section 101 of the MMA, the final safe harbor requires that the protected items and services be “necessary and used solely” to transmit or receive electronic prescribing information.

We note that software that bundles general office management, billing, scheduling, electronic health records, or other functions with the electronic prescribing features would not meet the “used solely” requirement and would not be protected by the final electronic prescribing safe harbor. In some cases, the provision of such bundled software may be eligible for protection under the new safe harbor for electronic health records arrangements at § 1001.952(y).

Comment: A commenter suggested that multi-functional technology be considered “necessary” so long as it includes all components required for a physician to prescribe electronically, even if the technology has other functions (e.g., a handheld device that can be used for more than electronic prescribing).

Response: The commenter's suggestion, as we understand it, is not consistent with the MMA statutory language.

Comment: Many commenters requested that we eliminate the proposed requirement that recipients provide written certification that the donated technology is not technically or functionally equivalent to technology the recipient already possesses, expressing concern about the possible difficulty of making this determination, the lack of technical expertise on the part of some recipients, and the increased cost that could arise by having an outside expert provide a determination of technical or functional equivalence. One commenter supported OIG's interpretation of the term “necessary” as permitting upgrades of equipment or software that significantly enhance the functionality of an item or service. Another commenter suggested that we should not require that the upgrades “significantly” enhance the functionality of the item or service. Rather, the commenter believed that we should allow the marketplace to determine whether an upgrade constitutes a beneficial improvement.

Response: For the reasons noted in detail below in section II.C.1.b.i, with respect to the electronic health records safe harbor, we are not adopting the proposed requirement that recipients provide written certification that the donated technology is not technically or functionally equivalent to technology the recipient already possesses. However, while we are eliminating the certification requirement, we do not believe items and services are “necessary” for electronic prescribing if the recipient already possesses equivalent items or services. The provision of equivalent items and services poses a heightened risk of abuse, since such arrangements potentially confer independent value on the recipient (i.e., the value of the existing items and services that might be put to other uses) unrelated to the need for electronic prescribing technology. Thus, if a donor knows that the recipient already possesses the equivalent items or services, or acts in deliberate ignorance or reckless disregard of that fact, the donor will not be protected by the safe harbor. Thus, prudent donors may want to make reasonable inquires of potential recipients and document the communications. We do not believe this requirement necessitates the hiring of technical experts by either the donor or the recipient. Further, with respect to upgrades of equipment or software, we agree with the commenter that distinguishing “significant” enhancements from other beneficial improvements introduces unnecessary complexity. Under the final safe harbor, any upgrade that is necessary and used solely to transmit and receive electronic prescribing information will be protected (so long as all other safe harbor conditions are satisfied).

Comment: Many commenters noted that it would be impractical to require physicians to acquire or use software and hardware solely for electronic prescribing. Several commenters noted that, in most cases, single-use technology is of limited value to a physician, and could result in inefficiencies. Another commenter expressed concern that the “used solely” standard would preclude the use of robust electronic clinical support tools, such as tools to identify drug-to-drug interactions, or to conduct drug-to-laboratory or prescription data analysis. This commenter urged that any exceptions from the fraud and abuse laws for health information technology arrangements promote access to all information needed by physicians to evaluate alternative drug therapies, identify potential drug-to-drug interactions, and to improve safety, quality, and efficiency of patient care.

Response: The “used solely” condition derives directly from the MMA language. We believe that many of the arrangements of interest to the commenters are best addressed by the electronic health records safe harbor, which is not restricted to technology used solely for electronic prescribing.

The MMA-mandated electronic prescribing safe harbor is reasonably interpreted to encompass electronic tools that provide information necessary to formulate, transmit, or receive a medically appropriate prescription for a patient. These would include electronic clinical support tools identifying alternative drug therapies, drug-to-drug interactions, or a payor's formulary information. The nature of the “prescription data analysis” tools referenced by the commenter is not clear. We believe the appropriate inquiry would be whether the tool is used to formulate and transmit or receive a medically appropriate prescription for a patient. To the extent the data analysis tool (or any other electronic item or service) is used to transmit or receive data unrelated to a medically appropriate prescription for a patient (e.g., data collected for marketing purposes), the tool would not be necessary for electronic prescribing and would not come within the safe harbor.

b. Covered Technology

In our proposed rule, we proposed protecting hardware, software, or information technology and training services that met the various safe harbor conditions. We interpreted our proposed language to include broadband or wireless internet connectivity, training, information technology support services, and other items and services used in connection with the transmission or receipt of electronic prescribing information.

Comment: Various commenters suggested that the scope of covered technology should be expanded to include: Billing, scheduling, and other administrative functions; implementation and maintenance of the system; “upgrades;” and licenses, rights of use, or intellectual property. Commenters also urged that any safe harbor cover educational sessions and consulting assistance related to the electronic prescribing technology. Commenters generally agreed that the provision of equipment for personal, non-medical purposes should not be protected. One commenter suggested that it would not be possible to develop a comprehensive list of protected technology transfers that would sufficiently reflect all possible electronic prescribing items and services. The commenter recommended that OIG periodically review the scope of protected items and services, and expand it as needed.

Response: We agree that it would be difficult to provide a comprehensive list of specific items and services covered by the safe harbor. While a specific list would provide a “bright line” rule, in this case it would also impede the ability of the safe harbor to accommodate novel or rapidly evolving technologies in the marketplace. For these reasons, we are not promulgating a specific list of protected items and services.

Consistent with the MMA mandate, covered items and services under § 1001.952(x) include “hardware, software, and information technology and training services” that are necessary and used solely for electronic prescribing and that meet all other safe harbor conditions. We believe that licenses, rights of use, intellectual property, upgrades, and educational and support services (including, for example, help desk and maintenance services) are items and services that can potentially fit in the safe harbor, if all safe harbor conditions are met. Billing, scheduling, administrative, and other general office software cannot. Operating software that is necessary for the hardware to operate can qualify for safe harbor protection because it is integral to the hardware. Moreover, operating software is distinct from other software applications that are not necessary to transmit or receive electronic prescribing information. Patches designed to link the donor's existing electronic prescribing system to the recipient's existing electronic prescribing system can qualify for protection. The provision of technology for personal, non-medical purposes is not protected, nor is the provision of office staff.

Comment: We solicited comments on whether the safe harbor should protect electronic prescribing technology that is used for the transmission of prescription information for items and services that are not drugs (e.g., durable medical equipment or laboratory tests). Several commenters suggested that the safe harbor should support the use of electronic prescribing technology for all the functions currently accomplished through written prescriptions, in order to encourage provider utilization of electronic prescribing technology to increase safety, cost-effectiveness, and efficiency. The commenters suggested including electronic prescribing technology used for prescribing medical supplies and durable medical equipment, physical therapy, dialysis testing, laboratory tests, and other non-drug prescriptions. A commenter from the clinical laboratory industry supported a broad reach, but only if clinical laboratories were included as permissible donors under the safe harbor.

Response: We agree generally with the first set of commenters. We have reviewed further the language in section 101 of the MMA. The MMA-mandated safe harbor language requires that the donated technology be capable of receiving and transmitting “electronic prescription information” in accordance with the electronic prescribing standards promulgated for purposes of the MMA electronic prescription drug programs. We believe that the specific term “electronic prescription information” as commonly used and as used in the MMA-mandated safe harbor provision retains a broad meaning, to include information about prescriptions for any items or services that would normally be accomplished with a written prescription. In contrast, the information to be transmitted under an electronic prescription drug program established under the MMA is clearly limited to drug information for Part D eligible individuals. Moreover, we do not think that the statutory language is intended to be construed to prohibit the use of the donated technology for the transmission and receipt of orders or prescriptions for other items and services or to require the use of separate systems depending on the item or service to be prescribed or ordered. We believe this approach is consistent with the objectives of the electronic prescribing standards and the patient safety, quality, and efficiency goals underlying the mandated exception. Accordingly, we are defining “prescription information” for purposes of the safe harbor to mean information about prescriptions for drugs or any other item or service normally accomplished through a written prescription.

With respect to the clinical laboratory commenter, consistent with the MMA language, we are not including clinical laboratories as permissible donors under the safe harbor. However, we have expanded the new safe harbor for electronic health records arrangements to include clinical laboratories.

2. Final Standards for Electronic Prescribing

The MMA required that donated electronic prescribing technology comply with the final standards for electronic prescribing as adopted by the Secretary. The first set of these standards (the “foundation standards”) was finalized by the Department on November 7, 2005. See 70 FR 67568. We received no comments on this issue. The final safe harbor at § 1001.952(x)(2) requires that the donated technology comply with the applicable standards for electronic prescribing as adopted by the Secretary.

3. Donors and Recipients Protected by the Safe Harbor

We proposed protecting the same categories of donors and recipients listed in section 101 of the MMA. Because most commenters commented on this issue jointly with the proposed electronic health records arrangements safe harbors, we have included a detailed description of these comments in our discussion of the electronic health records safe harbor below at section II.C.3. of this preamble.

Comment: We received numerous comments requesting that we expand the list of protected donors and recipients to include a variety of providers, practitioners, suppliers, and their affiliates.

Response: We are finalizing the safe harbor consistent with the MMA mandated donors and recipients. We are not persuaded that additional donors or recipients are necessary to achieve the purpose of this safe harbor for electronic prescribing. The enumerated categories of donors and recipients reflect individuals and entities centrally involved in the ordering, processing, filing, or reimbursing of prescriptions. Accordingly, protected donors and recipients under § 1001.953(x) are: hospitals to members of their medical staffs; group practices to their physician members; and PDP sponsors and MA organizations to network pharmacists and pharmacies, and to prescribing health care professionals. For the reasons set forth in the preamble to the proposed rulemaking, and in the absence of any comments to the contrary, we are adopting our proposed definitions of group practice, member of the group practice, prescribing health care professional, PDP sponsor and MA organization. Group practice shall have the meaning set forth at § 411.352; member of the group practice shall mean all persons covered by the definition of “member of the group or member of a group practice” at § 411.351, as well as other prescribing health care professionals who are owners or employees of the group practice; prescribing health care professional shall mean a physician or other health care professional licensed to prescribe drugs in the State in which the drugs are dispensed; PDP sponsor or MA organization shall have the meanings set forth at §§ 423.4 and 422.2, respectively.

We have revisited the issue of protected donors and recipients in the context of the electronic health records arrangements safe harbor at § 1001.952(y), as discussed in the preamble below at section II.C.3.

4. Additional Conditions on the Provision of Qualifying Electronic Prescribing Technology

Promoting Compatibility and Interoperability

Most commenters addressed the issue of the compatibility and interoperability of the donated technology with respect to all three proposed safe harbors. We have included a discussion of these comments in the section of this preamble addressing the electronic health records safe harbor at § 1001.952(y). For the reasons set forth there, we have adopted, with clarifying modifications, our proposed restriction on disabling the compatibility and interoperability of donated technology under the electronic prescribing safe harbor at § 1001.952(x)(3). For clarity, we have included in § 1001.952(x) the same definition of “electronic health record” found in § 1001.952(y).

Limit on Value of Technology

In our proposed rule, we solicited public comments on various means by which we might limit the value of protected technology under the electronic prescribing safe harbor. We indicated that we were considering a limit on the value of protected technology as a further safeguard against fraud and abuse, since, in our experience, the risk of fraud and abuse generally (although not always) increases with the value of the remuneration offered. We received a large number of comments on this topic, the majority of which opposed any limit on the value of donated technology. Because these commenters typically commented jointly on this issue for all three proposed safe harbors (and each commenter typically had the same concerns under all three proposed safe harbors), an extensive description of these comments is found in section II.C.6. of this preamble. Having considered the comments, we are persuaded not to limit the value of the donated technology under the new safe harbor for electronic prescribing arrangements at § 1001.952(x). We believe the final conditions of the safe harbor, including the “necessary and used solely” requirement, should be sufficient to minimize the potential for abuse. Although we are not limiting the value of donated technology, it is not our expectation that donors will necessarily want or be in a position to donate unlimited amounts of electronic prescribing technology.

Selection of Recipients of Donated Technology

We proposed additional conditions in proposed §§ 1001.952(x)(5) and (x)(6) related to how donors select recipients of the electronic prescribing technology. These proposed conditions were designed to minimize the risk that donors would select recipients for the improper purpose of inducing or rewarding the generation of Federal health care program business. Proposed § 1001.952(x)(5) would require that the recipients (including their groups, employees, or staff) refrain from making the donation of qualifying electronic prescribing technology a condition of doing business with the donor. Proposed § 1001.952(x)(6) would preclude safe harbor protection if the eligibility of a recipient to receive items and services from a donor, or the amount or nature of the items or services received, is determined in any manner that takes into account the volume or value of the recipient's referrals or other business generated between the parties. We observed that this requirement would not preclude selecting a recipient based upon the total number of prescriptions written by the recipient, but would preclude selecting the recipient based upon the number or value of prescriptions written by the recipient that are dispensed or paid by the donor (as well as on any other criteria based on any other business generated between the parties). (70 FR at 59021).

Comment: Commenters requested that we confirm that donors can select recipients of electronic prescribing technology based upon the total number of prescriptions written by the recipient, but cannot select them based upon the number or value of prescriptions written by the recipient that are dispensed or paid by the donor (or on any other criteria based on any other business generated between the parties). A commenter supported excluding from safe harbor protection donations that take into account directly the volume or value of referrals or other business generated between the parties. This commenter expressed concern that donors would employ such selection criteria to disadvantage small practices and practices in rural or underserved areas. To counter this potential disadvantage, the commenter suggested that the final rule include incentives to promote donations to small practices, especially in rural and underserved areas. Other commenters suggested that donors, such as PDP sponsors, MA organizations, and pharmacy benefits managers, should be permitted to consider the volume and value of prescriptions written by the recipient, particularly for a donor's patient or plan population.

Response: To safeguard against the use of donated technology to disguise referral payments, we are adopting our proposal that neither the eligibility of a recipient to receive items and services, nor the amount or nature of the items or services received, may be determined in a manner that takes into account, directly or indirectly, the volume or value of the recipient's referrals or other business generated between the parties. Notwithstanding, in the instant case, we believe that prohibiting the selection of recipients based on total number of prescriptions written by the recipient would be inconsistent with the MMA mandate and congressional intent to promote the use of electronic prescribing. Accordingly, we confirm our interpretation, for purposes of the safe harbor at § 1001.952(x), that donors may select recipients of electronic prescribing technology based upon the total number of prescriptions written by the recipient, but cannot select them based upon the number or value of prescriptions written by the recipient that are dispensed or paid by the donor (or on any other criteria based on any other business generated between the parties). Donors also may not select recipients based on the overall value of prescriptions written by the recipient or on the volume or value of prescriptions written by the recipient that are reimbursable by any Federal health care program.

We are not persuaded that PDP sponsors or MA organizations should be permitted to offer technology selectively based on the volume or value of business generated for the plan by the recipient, especially in the context of Part D, which includes some reimbursement based on the plan's costs, rather than capitated payments. The final safe harbor does not include pharmacy benefit managers.

The safe harbor would not protect arrangements that seek to induce a recipient to change loyalties from other providers or plans to the donor (e.g., a hospital using an electronic prescribing technology arrangement to induce a physician who is on the medical staff of another hospital to join the donor hospital's medical staff), because such arrangements take into account business generated for the donor.

We understand the commenter's concern about donors excluding rural and underserved area physicians from their health information technology arrangements. Some donors may favor large or urban practices over small or rural ones. However, we can discern no “incentives” that could be included appropriately in a safe harbor to address this concern, nor has the commenter proposed any with respect to assisting rural or solo practitioners. We note that our decision, explained elsewhere, not to limit the value of technology that can qualify under the safe harbor may assist rural and solo practices insofar as donors may want to provide them with greater resources in recognition of their greater need for assistance in adopting electronic prescribing technology.

Comment: Some commenters supported our proposal to exclude from safe harbor protection donations that are a condition of doing business with the donor.

Response: We are retaining the proposed requirement that recipients (or any affiliated group, employee, or staff member) cannot make the receipt of items or services a condition of doing business with the donor. We have clarified that the condition applies with respect to all individuals and entities affiliated with the recipient.

Documentation

We proposed at § 1001.952(x)(7) a requirement that the arrangement for the donation of electronic prescribing technology be in writing, be signed by the parties, identify with specificity the items or services being provided and their values, and include a certification that the donated items and services not be technically or functionally equivalent to items and services the recipient already has. We stated that to permit effective oversight of protected arrangements, the writing must cover all qualifying electronic prescribing technology provided by the donor (or affiliated parties) to the recipient. For example, if a donor provides a piece of hardware under one arrangement and subsequently provides a software program, the agreement regarding the software would have to include a description of the previously donated hardware (including its nature and value).

Comment: Some commenters supported the requirement that any transfers of technology and services be memorialized in a written agreement. One commenter objected to including a written agreement requirement in the safe harbor, arguing that the requirement would cause an unnecessary delay and increase paperwork. Another commenter suggested that the safe harbor permit the arrangement between the donor and recipient to be captured through a combination of agreements between the recipient, donor, and service provider, rather than one agreement. Commenters also urged OIG to remove the technical and functional equivalency certification requirement from the safe harbor.

Response: We have adopted the documentation requirement in the final safe harbor at § 1001.952(x)(7) with several modifications. With respect to the condition requiring that the documentation cover all of the electronic prescribing items and services to be provided by the donor (or affiliated parties) to the recipient, we have added language to the final safe harbor clarifying that the written documentation requirement can be satisfied by incorporating by reference other agreements between the parties or by the use of cross references to a master list of agreements between the parties that is maintained and updated centrally, is available for review by the Secretary upon request, and preserves the historical record of agreements. We have eliminated the certification of technical and functional non-equivalency. Also, given our decision not to limit the value of protected donations, we have eliminated the requirement that the agreement specify the value of the donated technology. However, in the interests of transparency and accountability, we are requiring that the parties document the donor's costs for the technology. We have retained the remaining documentation requirements, as proposed, at § 1001.952 (x)(7). Finally, nothing in this safe harbor requires that agreements between donors and recipients also be signed by third-party vendors; however, such documentation may be a prudent business practice.

All Payors Requirement

Comment: We proposed that, where possible, recipients must be able to use the protected technology for all patients without regard to payor status. Commenters that addressed the issue universally supported this requirement.

Response: We agree and have included this requirement in the final safe harbor at § 1001.952(x)(4).

Commercial and Other Messaging

Comment: A commenter requested clear and specific rules prohibiting inappropriate commercial messaging through electronic prescribing technology, including electronic detailing messages from a manufacturer promoting a particular brand or brand-name drug. This commenter explained that such messaging may inappropriately influence clinical decision-making. The commenter gave the following as examples of inappropriate messaging: Messages disguised as “clinical alerts” based upon biased research not published in the public domain and alerts purporting to save a patient money when in reality the out-of-pocket expense for the drug to the patient is higher. Another commenter suggested that OIG prohibit commercial messaging and require that donated technologies present information in a neutral and transparent manner so as not to influence clinical decision-making improperly. Similarly, another commenter noted that pop-up messaging could inappropriately influence prescribing patterns. The commenter provided the example of making the procedure for prescribing certain formulary drugs very easy and straightforward, while attempts to prescribe other formulary drugs trigger multiple pop-up notices or require a series of additional steps.

Response: Technology used for marketing purposes would not meet the “necessary and used solely” standard required by the MMA for the electronic prescribing safe harbor, because marketing information is not the type of clinical support that is integral to prescribing accurate and appropriate items and services for patients.

We do not believe it would be feasible or appropriate to regulate the content of commercial messaging or formulary compliance activities through these safe harbors to the anti-kickback statute. The regulation of speech is outside the scope of this rulemaking. Nor, in any event, would a condition in these safe harbors related to the accuracy or objectivity of the content of messages or formulary activities be sufficiently “bright line” to be practical or readily enforceable. That said, the commenter raises important concerns about messaging and formulary activities. Nothing in this rulemaking (either for the electronic prescribing safe harbor at § 1001.952(x) or for the electronic health records safe harbor at § 1001.952(y)) should be construed to approve of or authorize any commercial messaging or formulary compliance activity (or any other conduct) that is prohibited by any Federal, State, or local law or regulation. Nothing in this rulemaking protects parties from liability for improper messaging or formulary activities, including, without limitation, liability for the promotion of adulterated, misbranded, or unapproved drug or devices, off-label marketing, consumer fraud, inappropriate formulary activities, and the like.

5. Multi-Functional Technology

We proposed using our regulatory authority under section 1128B(b)(3)(E) of the Act to create an additional safe harbor to protect the provision by donors to recipients of some limited hardware (including necessary operating system software) and connectivity services used for more than one function, so long as a substantial use of the item or service is to receive or transmit electronic prescription information.

Comment: Most commenters supported a safe harbor that would extend protection to technology beyond that which is “necessary and used solely” for electronic prescribing. Many commenters expressed the hope that multi-functional technology would ultimately be captured in an electronic health records safe harbor.

Response: We have decided not to create a separate safe harbor for multi-functional hardware and connectivity. Instead, we are creating a new safe harbor for the protection of certain arrangements involving electronic health records software and services (including connectivity services) that will more directly further the overall goal of widespread adoption of interoperable electronic health records technology without some of the fraud and abuse risks inherent in gifts of multi-functional hardware. The public comments support this approach, as more fully described in the next section. As set forth below at § 1001.952(y), we have finalized a single safe harbor for certain electronic health records software or information technology and training services.

C. Electronic Health Records Arrangements Safe Harbor (42 CFR 1001.952(y))

Summary of the Proposed Rule

Prior to publication of the proposed rulemaking, many in the hospital industry, among others, raised the issue of the need for safe harbor protection for arrangements involving technology other than technology used for electronic prescribing. To encourage the adoption of electronic health records technology consistent with the ultimate goal of achieving fully interoperable electronic health records for all patients, we proposed using our legal authority at section 1128B(b)(3)(E) of the Act to promulgate two safe harbors related to electronic health records software and directly related training services that are necessary and used solely to receive, transmit, or maintain electronic health records of the donor's or recipient's patients. We did not propose protecting hardware in either safe harbor, because we believed electronic health records software and training services were the components of electronic health records systems most likely to be needed by recipients, and because gifts of valuable, multi-functional hardware (such as computers and servers) would inherently pose a higher risk of constituting a disguised payment for referrals.

The first proposed safe harbor would have applied to donations made before adoption by the Secretary of product certification criteria, including criteria for interoperability, functionality, and privacy and security of electronic health records technology (“product certification criteria”). (We referred to this proposed safe harbor as the “pre-interoperability” safe harbor.) See 70 FR at 59022-23. Among other provisions, we proposed:

  • That the electronic health records software would have to be essential to and used solely for the transmission, receipt, and maintenance of patients' electronic health records and prescription drug information.
  • That the software would have to include an electronic prescribing component in accordance with the final standards established by the Secretary under the Part D electronic prescription drug program.
  • That the pre-interoperability safe harbor would not protect the provision of other types of technology (e.g., billing, scheduling, or general office management software) or any software used by the recipient to conduct business or engage in activities unrelated to the recipient's medical practice. We also proposed to exclude from the safe harbor the provision of staff to the recipient or its office.
  • That we would define the term “electronic health records.”
  • That the safe harbor would include documentation provisions comparable to those proposed for the electronic prescribing safe harbor.
  • That the safe harbor would preclude protection for any arrangement in which the donor or its agents disable the interoperability of any component of the software or otherwise imposed barriers to compatibility.
  • That the safe harbor might limit the aggregate value of protected technology that a donor could provide to a recipient under the pre-interoperability safe harbor or in combination with the other proposed safe harbors. We noted that we were considering the same alternatives we proposed for setting a value for the electronic prescribing safe harbor. These could include an aggregate dollar cap; a limitation that would require cost sharing by the recipient; or another methodology, including a reduction in the amount of any cap over time.
  • That the safe harbor would prohibit donors from shifting the costs of the donated technology to the Federal health care programs or beneficiaries.
  • That the safe harbor would include the same categories of donors and recipients that we proposed for the electronic prescribing arrangements safe harbor.
  • That the safe harbor would include other requirements drawn from the proposed electronic prescribing safe harbor, including the restriction on arrangements tied to the volume or value of referrals or other business generated (proposed § 1001.952(x)(6)); the anti-solicitation provision (proposed § 1001.952(x)(5)); and the proposed all payors condition (proposed § 1001.952(x)(4)).
  • That the pre-interoperability safe harbor might sunset once interoperability standards were finalized.

Recognizing that once standards and product certification criteria were developed and adopted by the Secretary for electronic health records (including standards for interoperability), some enhanced flexibility in the conditions applicable under a safe harbor for electronic health records arrangements might be appropriate, we proposed a second safe harbor, which we referred to as the “post-interoperability” safe harbor. We noted that adoption of uniform interoperability standards, as well as product certification standards to ensure that products meet those standards, would help prevent certified technology from being used by unscrupulous parties to lock in streams of referrals or other business. While interoperability does not eliminate the risk of improper referral payments (parties might still use the offer or grant of interoperable technology as a vehicle to induce referrals), it potentially mitigates the risk sufficiently to warrant different or modified safe harbor conditions.

In summary, for the post-interoperability safe harbor, we proposed:

  • Requiring protected technology to be certified in accordance with product certification criteria adopted by the Secretary, and to include an electronic prescribing component that complies with the electronic prescribing standards established by the Secretary for the Part D program, to the extent those standards are not incorporated into the product certification criteria; and
  • Including the same conditions proposed for the pre-interoperability safe harbor, with the following differences: (1) Some additional software applications might be included, so long as electronic health records and electronic prescribing remained core functions; (2) additional categories of donors and recipients might be included; (3) specific selection criteria might be included to identify acceptable methods for selecting recipients; and (4) there might be a potentially larger limit on the value of protected technology.

When we issued the proposed rulemaking, we indicated that, given the number of important variables and the inherent risk of fraud and abuse typically posed by gifts of items and services to potential referral sources, we did not have sufficient information to draft safe harbor regulatory language. We proposed and solicited extensive public comment on the scope and conditions for the electronic health records arrangements safe harbors.

Summary of the Final Rule

Consistent with the majority of public comments, we have finalized one safe harbor for arrangements involving electronic health records that, effectively, combines the pre- and post-interoperability proposals. Separate safe harbors are no longer necessary, in part, because criteria for product certification are available. The final safe harbor protects arrangements involving electronic health records software or information technology and training services necessary and used predominantly to create, maintain, transmit, or receive electronic health records.In many respects, the provision of electronic health records technology to physicians and others poses greater risk of fraud or abuse than the provision of electronic prescribing technology; electronic health records technology is inherently more valuable to physicians and other recipients in terms of actual cost, avoided overhead, and administrative expenses of an office practice. The final safe harbor conditions, in combination, should promote the important national policy goal of open, interconnected, interoperable electronic health records systems that improve the quality of patient care and efficiency in the delivery of health care to patients, without protecting arrangements that pose an undue risk of fraud and abuse.

In summary, the final safe harbor includes the following conditions:

  • The safe harbor protects transfers of electronic health records software or information technology and training services necessary and used predominantly to create, maintain, transmit, or receive electronic health records (provided all safe harbor conditions are satisfied). We have not included hardware. We have clarified that the safe harbor covers “information technology services,” which we interpret as including, for example, connectivity and maintenance services. We interpret “training services” to include help desk and other similar support. We have eliminated the language that required the training services to be “directly related” because it was superfluous in light of the language requiring the training services to be “necessary and used” for electronic health records purposes.
  • We have not adopted the proposal that the protected technology be used solely for electronic health records purposes. Instead, we have included a condition making clear that electronic health records purposes must be predominant. Thus, depending on the circumstances, some software that relates to patient administration, scheduling functions, and billing and clinical support can be included. We have expressly excluded the provision of any technology used primarily to conduct personal business or business unrelated to the recipient's clinical practice or clinical operations, as well as the provision of staff to the recipient or the recipient's office.
  • In order to qualify for protection, at the time of donation the software must be interoperable. Products that are certified by a certifying body recognized by the Secretary will be deemed interoperable under circumstances set forth in the regulation. Software must contain an electronic prescribing capability, either through an electronic prescribing component or the ability to interface with the recipient's existing electronic prescribing system which complies with the foundation standards set forth in 70 FR 67568 (November 7, 2005) and other final electronic prescribing standards, when adopted. Moreover, the donor (or any agent) must not take any steps to disable the interoperability of any technology or otherwise impose barriers to compatibility of the donated technology with other technology.
  • The final safe harbor protects arrangements involving donors that are (i) health plans or (ii) individuals or entities that provide covered services and submit claims or requests for payment to a Federal health care program, and recipients that are individuals or entities engaged in the delivery of health care.
  • The final rule clarifies that donors cannot select recipients in a manner that directly takes into account the volume or value of referrals or other business generated between the parties. However, donors may select recipients of donated electronic health records technology using means that do not directly take into account the volume or value of referrals from the recipient or other business generated between the parties. The final rule sets forth examples of specific criteria that will be deemed to meet this condition.
  • The final rule does not limit the aggregate value of technology that may qualify for safe harbor protection. It does contain a requirement that the recipient pay 15 percent of the donor's costs. No portion of this contribution may be funded by the donor (or any affiliate of the donor).
  • The final safe harbor adopts the proposed documentation requirements and includes a requirement that the donor's costs and recipient's contribution be documented in the written agreement between the parties. The final safe harbor does not require that recipients certify that they do not already possess equivalent technology. The final safe harbor precludes protection if the donor knows that the recipient already has equivalent technology or acts in deliberate ignorance or reckless disregard of that fact. The final safe harbor permits documentation through cross-referencing or incorporation of other agreements between the parties.
  • The final safe harbor adopts the proposed conditions related to use of the technology by all payors; non-solicitation by recipients; and the bar on cost shifting to Federal programs.
  • The final safe harbor sunsets on December 31, 2013.

General Comments

Comment: Several commenters urged that OIG set out specific regulatory language for an electronic health records safe harbor. Some commenters believed that the lack of specific proposed safe harbor regulatory text meant that we had not proposed safe harbors.

Response: These commenters misconstrued our proposed rulemaking. Nothing in the Administrative Procedure Act governing notice and comment rulemaking requires an agency to propose specific regulatory text; rather, the notice shall include “either the terms or substance of the proposed rule or a description of the subjects and issues involved.” 55 U.S.C. 553(b)(3). We proposed safe harbors for electronic health records technology, as described in detail in the preamble to our proposed rulemaking. Virtually all commenters responded to these proposals. The final regulations set forth specific regulatory language for a new safe harbor at § 1001.952(y).

Comment: Most commenters expressed concern with the pre- and post-interoperability bifurcated approach to the safe harbors, asserting that a bifurcated process was not necessary, too confusing, and contrary to the goal of achieving widespread adoption of health information technology. These commenters urged OIG to abandon the bifurcated approach and publish one final safe harbor for remuneration in the form of electronic health records technology. Commenters urged OIG and CMS to adopt similar approaches to a post-interoperability safe harbor under the anti-kickback statute and exception under the physician self-referral law. However, the commenters believed that the product certification provision should be omitted at this time and added if necessary when all of the product certification standards have been developed.

Response: We have finalized one safe harbor for arrangements involving electronic health records software or information technology and training services. We have coordinated with CMS to ensure as much consistency between the two sets of regulations as possible, given the underlying differences in the two statutory schemes.

Comment: Some commenters suggested that the general concept of interoperability should be incorporated into the pre-interoperability safe harbor, even if product certification is not required. Many commenters stated that encouraging electronic health records arrangements before interoperability standards would be bad public policy. Some commenters believed that a product certification process that would include interoperability standards is already underway and within the timeframe for this rulemaking. Others expressed that OIG should either not wait until certification standards are adopted before finalizing the post-interoperability safe harbor or should not finalize either of the safe harbors until the certification standards are adopted. One commenter expressed that since timetables for the safe harbor rulemaking and for the certification standards were not known, OIG should consider writing the regulation from the pre-interoperability perspective and should address the post-interoperability era in the future.

Response: We agree with the commenters that a bifurcated approach is not necessary. We are not promulgating separate safe harbors. The industry has made considerable progress in developing certification criteria for electronic health records products within a very short time. One certification organization has already completed an initial set of certification criteria for ambulatory electronic health records. In some cases, there may be products for which no certification standards are available. To address this situation and to ensure interoperability to the extent possible, the final safe harbor requires that donated software be interoperable and bars donors or their agents from taking any actions to disable or limit interoperability. This latter condition also protects against donors who may improperly attempt to create closed or limited electronic health records systems by offering technology that functionally or practically locks in business for the donor.

Comment: Some commenters suggested that early adopters of electronic health records technology should be offered incentives or rewards, because otherwise physicians or other recipients might delay investing their own funds in electronic health records systems while waiting for a donor to offer them free technology. The commenters stated that this delay would have a detrimental effect on the adoption of electronic health records technology.

Response: It is unclear what types of incentives or rewards the commenters are requesting. We note that the safe harbor does not provide incentives or rewards for early adopters, nor would it be appropriate for a safe harbor to do so; rather, the safe harbor protects the transfer of certain electronic health records technology when all conditions of the safe harbor are satisfied. The safe harbor would not protect any cash reimbursement paid to recipients for costs they incurred in adopting technology.

Comment: One commenter requested that OIG and CMS coordinate with the Internal Revenue Service (IRS) to provide guidance through an IRS revenue ruling publication to alleviate tax exemption concerns.

Response: This comment addresses a matter outside the scope of this rulemaking.

1. Protected Nonmonetary Remuneration

a. “Electronic Health Record”

Comment: We requested comments on how to define “electronic health record.” One commenter suggested that electronic health record be defined as electronically originated and/or maintained clinical health information, that may incorporate data derived from multiple sources and that replaces the paper record as the primary source of patient information. Another commenter suggested that OIG protect any interoperable component or module of an electronic health record. A third commenter suggested that “electronic health records” be defined for safe harbor purposes to accomplish two objectives: (1) To promote a connected system of electronic healthcare information available to all doctors and patients whenever and wherever possible and (2) to promote the collection of quality and outcome measures to facilitate pay-for-performance payment methodologies. This commenter pointed to the Medicare Payment Advisory Commission (MedPAC) description of electronic health record clinical information technology and suggested that we define “electronic health record” to include applications that permit the following functions: Tracking patients' care over time; allowing physicians to order medications, laboratory work, and other tests electronically and access test results; providing alerts and reminders for physicians; and producing and transmitting prescriptions electronically. See MedPac Report to the Congress Medicare Payment Policy at 206 (2005) (available at http://www.medpac.gov/publications/congressional_reports/Mar05_EntireReport.pdf.) A commenter requested that “electronic health records” be defined broadly enough to include applications that capture clinical trial data. Another commenter did not think it was in the best interest of the industry for OIG to propose such a definition at this time.

Response: For the purpose of this rulemaking, we are adopting a broad definition of “electronic health record.” An electronic health record will be defined as: “A repository of consumer health status information in computer processable form used for clinical diagnosis and treatment for a broad array of clinical conditions.” We are adopting a broad definition consistent with our goal of encouraging widespread adoption of electronic health records technology.

Comment: A commenter stated that the term “electronic health record,” as used in the proposed rule, is inconsistent with the same terminology when used within the information technology industry, and is therefore confusing. The commenter suggested that we might have meant to use the term “electronic medical record.” According to the commenter, an “electronic health record” is commonly used to describe the broad concept of the total health care data that exists regarding an individual within an electronic universe (including, for example, the patient's personal health record, medication history stored by an insurance plan, electronic imaging results stored at a hospital, etc.), whereas an “electronic medical record” typically refers to patient-centric, electronically maintained information about an individual's health status and care that focuses on tasks and events related to patient care, is optimized for use by a physician, and relates to care within a single clinical delivery system.

Response: We recognize that there are several ways in which information technology terms are used, including the terminology “electronic health record” and “electronic medical record.” For purposes of this safe harbor, we have opted to use the term “electronic health record,” and we have included a definition of “electronic health record” in this final rule.

b. Necessary

i. Technical and Functional Equivalency

We proposed requiring the recipient to certify that the items and services to be provided are not technically or functionally equivalent to items or services the recipient already possesses or has obtained. The certification would have needed to be updated prior to the provision of any necessary upgrades or items and services not reflected in the original certifications. We expressed our concern that the certification process would be ineffective as a safeguard against fraud and abuse if it were a mere formality or if recipients simply executed a form certification provided by a donor. Therefore, we proposed that the donor must not have actual knowledge of, and not act in reckless disregard or deliberate ignorance of, the fact that the recipient possessed or had obtained items and services that were technically or functionally equivalent to those donated by the donor and that the recipient would be protected only if the certification were truthful.

Comment: Several commenters requested further clarification regarding the meaning of “technically or functionally equivalent” and the meaning of “significantly enhance the functionality” as those terms were used in the proposed rulemaking. Other commenters expressed concerns about the requirement, asserting that it would deter recipients who are not technology experts from adopting health information technology, and might result in recipients hiring costly technology consultants to evaluate their existing systems. A commenter expressed concern that the safe harbor not hinder the goals of widespread adoption of electronic health records by, for example, excluding from protection technology that would standardize the technology used by all recipients, or updated, user-friendly technology that would replace outdated, outmoded, or unusable technology. For these reasons, several commenters argued that technical and functional equivalency was not an appropriate or workable standard for assessing whether donated items and services are necessary and that, accordingly, the requirement should not be adopted.

Other commenters suggested modifications to the proposed regulations. One commenter suggested that hospitals should incorporate inquiries regarding the technological items and services physicians possess into the surveys physicians must complete to acquire and maintain physician privileges. Another suggested that any costs associated with the certification process should be included as part of the services offered by the donor. A few commenters suggested that the Government should provide financial assistance in evaluating the existing technology, while another commenter proposed that CMS publish guidelines for technological equivalence upon which all donors and recipients could rely. Some commenters urged that the certification requirement incorporate a “good faith” standard for compliance, while other commenters expressed concern that donors would not be in a position to evaluate the technology already possessed by potential recipients and, therefore, that safe harbor protection for donors should not hinge on the recipient's certification.

Another commenter requested that OIG provide “templates” for the written certification to ensure a simple and transparent certification process. One commenter expressed concern that a requirement for ongoing certification to account for upgrades or new software, hardware, or services would create an unnecessary burden. Another commenter proposed that there should be one certification required once final interoperability standards for all health information technology components are finalized.

Response: Having reviewed the public comments, we have concluded that our proposal to require recipients to certify in writing that they do not possess equivalent technology might become unnecessarily burdensome. We are not requiring a written certification. The final safe harbor requires that protected donations be limited to electronic health records software or information technology and training services that are necessary and used predominantly to create, maintain, transmit, or receive electronic health records. We do not believe software and services are “necessary” if the recipient already possesses the equivalent software or services. The provision of equivalent items and services poses a heightened risk of abuse, since such arrangements potentially confer independent value on the recipient (i.e., the value of the existing items and services that might be put to other uses) unrelated to the need for electronic health records technology. Thus, if a donor knows that the recipient already possesses the equivalent items or services, or acts in deliberate ignorance or reckless disregard of that fact, the donor will not be protected by the safe harbor. Prudent donors may want to make reasonable inquiries to potential recipients and document the communications. We do not believe this requirement necessitates the hiring of technical experts by either the donor or recipient. The “necessary” requirement in the final safe harbor would not preclude upgrades of items or services that enhance the functionality of the items or services, including, for example, upgrades that make software more user-friendly or current. Nor would it preclude items and services that result in standardization of systems among donors and recipients, provided that the standardization enhances the functionality of the electronic health records system (and any software is interoperable).

Comment: A commenter suggested that, instead of including a recipient certification, as we proposed, the written agreement between the donor and recipient could affirm their intent to comply with the anti-kickback statute and relevant regulations, and the parties could sign a statement that their business transactions do not take into account the volume or value of referrals or business generated between the parties.

Response: We are not adopting the commenter's suggestion. While the suggested affirmation and statements may be useful to the parties, they are necessarily self-serving and offer little, if any, protection against fraud and abuse. We note that the critical inquiry under the anti-kickback statute is not what terms appear on the face of an agreement but how the arrangement is actually conducted. It is not sufficient for safe harbor purposes for documentation to contain facially the correct terms; the underlying arrangement itself must meet all the safe harbor conditions.

Comment: Many commenters requested further clarification of OIG's concern about the risk of recipients intentionally divesting themselves of technically or functionally equivalent technology that they already possess or have obtained in order to shift costs to the donor. See 70 FR 59018. These commenters expressed the opinion that recipients would not intentionally divest themselves of health information technology given the low adoption rate of health information technology and the time and resource commitment necessary to implement and maintain a health information technology system.

Response: When a party that desires referrals assumes costs that are otherwise the obligation of a party in a position to generate referrals, the party assuming the costs offers something of value to the party with the referrals. This cost shifting can occur in many ways, including, without limitation, shifting the costs of staff, office space, or equipment. In the context of electronic health records technology, this cost-shifting might occur in connection with, by way of example, ongoing maintenance and help desk support for previously purchased electronic health records systems. Likewise, a recipient might shift costs by moving previously purchased technology to other uses and replacing it with equivalent new technology obtained from a donor. We solicited comments on how we might address this risk.

Having reviewed the public comments, we are not persuaded that this risk is particularly reduced in the context of electronic health records technology. Nonetheless, we believe that the totality of final safe harbor conditions, including, for example, the cost sharing requirement and the sunset provision, should adequately address our concerns. We are not including any separate condition specifically addressing divestiture of technology.

Comment: One commenter requested that OIG clarify that the term “necessary” would not preclude the provision of outpatient-focused (also referred to as “ambulatory-focused”) electronic health records software to recipients that may already have access through the internet or otherwise to an inpatient-focused electronic health records systems.

Response: The final rule does not preclude the provision of outpatient or ambulatory electronic health records software to recipients that already have access to inpatient-focused systems.

ii. Covered Technology

We proposed to protect software and directly related training services that are necessary and used solely to receive, transmit, and maintain electronic health records of the donor's or recipient's patients, provided that the software includes an electronic prescribing component. Importantly, we stated our intention to protect systems that improve patient care rather than systems comprised solely or primarily of technology that is incidental to the core functions of electronic prescribing and electronic health records.

Comment: Some commenters asked whether our proposal to protect certain technology necessary and used to “receive, transmit, and maintain” electronic health records would include technology used to develop, implement, operate, facilitate, produce, and supplement electronic health records.

Response: We intended that the final rule would encompass the types of uses described by the commenters. To make this intent clear, we have clarified the final rule to provide that the protected technology must be necessary and used predominantly to “create, maintain, transmit, or receive” electronic health records.

Comment: Most commenters believed that the proposed scope of the protected donation was too narrow. Commenters variously suggested that the safe harbor should also protect transfers of hardware, operating software, connectivity items, support services, secure messaging, storage devices, clinical decision support technology, services related to training and ongoing maintenance, rights, licenses, and intellectual property, as well as interfaces and translation software to allow recipient offices to exchange data with hospital systems, all of which the commenters considered necessary for a fully functioning electronic health records system.

Some commenters encouraged OIG to exclude from protection hardware and broadband wireless Internet connectivity and to tailor the safe harbor protection narrowly to cover software, training, and information technology support services. One commenter opined that ongoing support, such as help desk support, could pose a risk of abuse, because the recipient would become dependent on the donor for the help desk support, and might feel obligated to refer to the donor to ensure continuation of that support. This commenter suggested that we protect initial, start-up support services, but not long-term, ongoing system support. A few commenters suggested that the scope of support services, training, and other items and services should be a defined contribution not to exceed 365 person-days.

Several commenters urged OIG to protect arrangements involving the donation of billing software and other software for administrative functions, such as registration and patient scheduling, because much of the “return on investment” (i.e., value) for physicians who incorporate electronic health records systems into their practices is the integration of clinical and administrative systems. Commenters noted that the scope of the safe harbor should account for the fact that the products on the market increasingly integrate administrative functions with the clinical electronic health records functions. One commenter suggested that the safe harbor should at least prohibit the donation of technology that is unrelated to the actual electronic health records software, such as technology related to office administration. The commenter requested that the safe harbor protect integrated bundles of applications that include an electronic health records component, provided that the recipient pays for the technology that is unrelated to the electronic health records software. Another commenter suggested that the safe harbor should not protect clearly separable administrative software (e.g., billing, coding, and practice management software), but should protect those elements of an electronic health records system that incidentally facilitate administrative functions, such as software that links to diagnosis codes for billing purposes. The commenter suggested that dual functions that support patient care and administrative functions are valuable to the physician and a driving force behind adoption of electronic health records systems.

Response: We have carefully considered the comments in light of our intention to promote the adoption of electronic health records without undue risk of fraud and abuse. The final rule protects electronic health records software or information technology and training services necessary and used predominantly to create, maintain, transmit, or receive electronic health records.

To ensure that the safe harbor is only available for software, information technology and training services that are closely related to electronic health records, the safe harbor provides that electronic health records functions must be predominant. The core functionality of the technology must be the creation, maintenance, transmission, or receipt of individual patients' electronic health records. There must be an electronic prescribing component. While electronic health records purposes must be predominant, the safe harbor protects arrangements involving software packages that include other functionality related to the care and treatment of individual patients (e.g., patient administration, scheduling functions, billing, and clinical support). This condition reflects the fact that it is common for electronic health records software to be integrated with other features.

Further, we interpret “software, information technology and training services necessary and used predominantly” for electronic health records purposes to include the following, by way of example: Interface and translation software; rights, licenses, and intellectual property related to electronic health records software; connectivity services, including broadband and wireless internet services; clinical support and information services related to patient care (but not separate research or marketing support services); maintenance services; secure messaging (e.g., permitting physicians to communicate with patients through electronic messaging); and training and support services (such as access to help desk services).

We interpret the scope of covered electronic health records technology to exclude: Hardware (and operating software that makes the hardware function); storage devices; software with core functionality other than electronic health records (e.g., human resources or payroll software or software packages focused primarily on practice management or billing); or items or services used by a recipient primarily to conduct personal business or business unrelated to the recipient's clinical practice or clinical operations. Further, the safe harbor does not protect the provision of staff to recipients or their offices. For example, the provision of staff to transfer paper records to the electronic format would not be protected.

While we share the concerns of those commenters worried that ongoing help desk or other assistance could create long-term ties between referral seekers and referral sources, we believe the cost sharing, interoperability, and sunset provisions, among others, should address these concerns. We do not believe it would be feasible to set specific temporal limits on such services or specific aspects of such services. (We note that, in the context of the electronic prescribing safe harbor at § 1001.952(x), the risks associated with long-term transfers of remuneration are mitigated by the narrower scope of the covered technology and the “used solely” restriction.)

Comment: With respect to Internet connectivity services, some commenters suggested that donations for connectivity should be limited to any necessary devices for connectivity and technical support for selecting and installing the appropriate connectivity services, but should not include connectivity fees, which should be an ongoing expense of the recipient. Other commenters suggested that covered technology should include “T1” lines or other enhanced broadband connectivity (including connectivity needed to transfer medical images and EKGs (especially in rural areas)), routers to speed download times, secure connections and messaging, ongoing maintenance and support, and interfaces.

Response: The final safe harbor protects the donation of all forms of connectivity services. We believe the choice of appropriate connectivity services is an individual determination best made by the donors and recipients given their specific circumstances. We note that the cost sharing requirement of § 1001.952(y)(11) will apply to these services, including connectivity fees. Because hardware is not protected remuneration under the safe harbor, routers or modems necessary to access or enhance connectivity would not be protected.

Comment: A commenter asked for further clarification on whether the donation of an electronic health records system operating within an “Application Service Provider” model (a business model that provides computer-based services over a network) would be covered by the safe harbors.

Response: Subject to the cost sharing requirement and other conditions of the final safe harbor, the donation of an electronic health records system operating within an “Application Service Provider” model would be considered covered technology.

Comment: A few commenters requested that the final rule require donors to provide data-migration services to a recipient if the recipient chooses to abandon the donated electronic health record system and purchase its own electronic health record system.

Response: We do not believe it would be appropriate to require donors to provide data migration or any other specific service to recipients that choose to switch electronic health records systems. Donors may provide services if they wish, so long as the arrangement fits in the safe harbor or otherwise complies with the anti-kickback statute. We note that, to the extent the data migration services involve the provision of staff to the recipient's office in order to transfer the data, the services would not be protected.

Comment: A commenter recommended that the safe harbor specifically protect the provision of patient portal software that enables patients to maintain on-line personal medical records, including scheduling functions.

Response: Nothing in this final safe harbor precludes protection for patient portal software if it meets all safe harbor conditions.

Comment: Some commenters urged us to remove the proposed requirement that an electronic health records system include an electronic prescribing component, because such a requirement may stifle investment in electronic health records technology in situations where electronic prescribing is not considered a significant need. These commenters suggested that patients would most benefit if donors are permitted to first adopt electronic health records technology and then add electronic prescribing. Other commenters supported making an electronic prescribing component a mandatory part of the donated electronic health record.

Response: Nothing in this safe harbor rule prevents parties from adopting any particular form of technology. However, to qualify for safe harbor protection for arrangements in which the donor provides electronic health records technology to actual or potential referral sources, we are requiring that the donated electronic health records system include an electronic prescribing capability, either through an electronic prescribing component or the ability to interface with the recipient's existing electronic prescribing system that meets the final standards adopted by the Secretary. We are including this requirement, in part, because of the critical importance of electronic prescribing in producing the overall benefits of health information technology, as evidenced by section 101 of the MMA. It is our understanding that most electronic health records systems already include an electronic prescribing component.

Comment: We solicited comments on whether the safe harbors should require that electronic health records software include a computerized physician order entry (CPOE) component. Many commenters said that, without either agreed upon standards or product criteria, a CPOE component should not be required. These commenters noted that CPOE and electronic prescribing functionalities can be quite similar and may be redundant. These commenters were concerned that mandating implementation of CPOE technology along with electronic health records software could deter development of either system. Another commenter noted that most of the off-the-shelf generic CPOE programs have proven ineffective to date. Some commenters supported permitting CPOE as part of the electronic health record software, so long as it is not a particular type of CPOE.

Response: We are persuaded not to require that safe harbored transfers of electronic health records technology include a CPOE component. We note that nothing in this safe harbor mandates the implementation of any particular technology or functions.

Comment: Most commenters opposed our proposal to require that electronic health record software be compatible with Public Health Information Network preparedness standards or BioSense standards in order to qualify for safe harbor protection. These commenters pointed out that there is currently no industry consensus on preparedness standards, nor are there product criteria established for these programs. These commenters were concerned that clinicians and patients might be alarmed by the idea of clinician systems being linked to Government systems for Biosurveillance purposes.

Response: We have not included this requirement in the final safe harbor.

2. Interoperability

We proposed two types of conditions that would make compatibility and interoperability of donated technology key features of protected arrangements. These features would encourage the adoption of open, interconnected, interoperable systems and thereby reduce the risk of fraud and abuse. First, we proposed that once interoperability criteria had been recognized, electronic health records technology would need to be certified in accordance with standards adopted by the Secretary. Second, we proposed that donors (or their agents) not limit or restrict the use of the technology with other electronic prescription or health records systems, or otherwise impose barriers to compatibility.

Comment: Many commenters supported OIG's proposal to require all donations to meet approved functionality, interoperability, and security certification criteria. Some commenters supported the standards of the Certification Commission for Healthcare Information Technology (CCHIT). One commenter suggested that we measure interoperability based on accepted, consensus-driven standards that are already in place, such as the Electronic Health Record-Lab Interoperability and Connectivity Standards or other interoperability standards adopted by the Federal Government as part of the Consolidated Health Informatics (CHI) initiative. See www.hhs.gov/healthit/chi.

Some commenters expressed concern that clinicians who adopt health information technology prior to the existence of final certification standards would be unfairly penalized. These commenters were also concerned that some early adoption arrangements might be chilled where certification standards are not yet available. These commenters requested that we consider “grandfathering” clinicians whose existing health information technology systems are not compliant with the certification standards by permitting them a one-time opportunity to upgrade their systems to be compliant. As an alternative, a few commenters recommended that we condition the ongoing use of the safe harbor on the donated software being capable of exchanging health care information in compliance with applicable standards once adopted by the Secretary and on no action being taken that would pose a barrier to the information exchange.

Response: Having considered the options, and consistent with Department policy, we have concluded that software will qualify for safe harbor protection if it is interoperable as defined in this final rule (discussed further below). Software will be deemed to be interoperable if it is certified by a certifying body recognized by the Secretary. Nothing in the final rule precludes donors from providing recipients with upgrades to software that meet the definition of “interoperable” in § 1001.952(y) or would make the software comply with then-existing certification standards. As noted below, we are including a provision requiring that donors refrain from impeding interoperability.

Comment: We indicated in the proposed rulemaking that we were considering defining the term “interoperable” for purposes of the safe harbor to mean “the ability of different operating and software systems, applications, and networks to communicate and exchange data in an accurate, secure, effective, useful, and consistent manner.”See 44 U.S.C. 3601(6) (pertaining to the management and promotion of electronic Government services). One commenter agreed with this proposed definition. Another commenter suggested that we incorporate the definition of interoperability that has been promulgated by CCHIT. Another commenter suggested that we adopt the definition developed by the National Alliance for Health Information Technology: “The ability of different information technology systems and software applications to communicate, to exchange data accurately, effectively, and consistently, and to use the information that has been exchanged.” One commenter suggested that the definition of interoperability be flexible to adapt to evolving industry standards. Several commenters suggested defining interoperability as “the uniform and efficient movement of electronic healthcare data from one system to another, such that the clinical or operational purpose and meaning of the data is preserved and unaltered.” One commenter opposed any definition of interoperability that would require a donor to support electronic transmissions from technology supplied by other vendors or to host applications accessible by software supplied by other vendors.

Response: Having reviewed the public comments and upon further consideration, we have crafted a definition of “interoperable” for purposes of the safe harbor that combines elements of our original proposal and the suggestions of the commenters. Under the final safe harbor, “interoperable” is defined to mean that, at the time of the donation, the software is able to (i) communicate and exchange data accurately, effectively, securely, and consistently with different information technology systems, software applications, and networks, in various settings, and (ii) exchange data such that the clinical or operational purpose and meaning of the data are preserved and unaltered. This interoperability must apply in various settings, meaning that the software must be capable of being interoperable with respect to systems, applications, and networks that are both internal and external to the donor's or recipient's systems, applications, and networks. In other words, software will not be considered interoperable if it is capable of communicating or exchanging data only within a limited health care system or community.

We believe this definition reflects our intent to protect only those arrangements that will foster open, interconnected, interoperable electronic health records systems that help improve the quality of patient care and efficiency in the delivery of health care to patients, without undue risk that donors might use arrangements to lock in referrals from recipients.

We are mindful that the ability of software to be interoperable is evolving as technology develops. In assessing whether software is interoperable, we believe the appropriate inquiry is whether the software is as interoperable as feasible given the prevailing state of technology at the time the items or services are provided to the recipient. Parties should have a reasonable basis for determining that software is interoperable. We believe it would be appropriate—and indeed advisable—for parties to consult any standards and criteria related to interoperability recognized by the Department. Compliance with these standards and criteria will provide greater certainty to donors and recipients that products meet the interoperability requirement and may be relevant in any enforcement activities. We note further that parties wishing to avoid any uncertainty can avail themselves of the “deeming” provision, which provides that software that is certified by a body recognized by the Secretary will be deemed interoperable for purposes of the safe harbor. In order to ensure interoperability, products must have an up-to-date certification at the time of donation, and we are requiring that, to meet the deeming provision, the software must have been certified within 12 months prior to the date of the donation.

We are including a condition that the donor (or any person on the donor's behalf) must not take any actions to limit or restrict the use, compatibility, or interoperability of the items and services with other electronic prescribing or electronic health records technology. We believe this language clearly reflects our intent that donors should not limit or restrict the use, compatibility, or interoperability of donated technology. We note that compliance with this condition in § 1001.952(y)(3) is a separate requirement from compliance with § 1001.952(y)(2), which requires that products must be interoperable and will be deemed interoperable if a certifying body recognized by the Secretary has certified the software within no more than 12 months prior to the date it is provided to the recipient.

If a donor takes actions that would cause a certified product to fall out of compliance with the interoperability standards that apply to the certified product, we would consider that to be an action to limit or restrict the use, compatibility, or interoperability of the items or services for purposes of § 1001.952(y)(3). We are not persuaded to protect arrangements where use, compatibility, or interoperability is limited to the products of specific vendors; to the contrary, we believe that inherent in the concept of interoperability is that technology can communicate with products of other vendors.

Comment: Many commenters supported the proposed prohibition against donors or their agents taking any actions to disable or limit interoperability or otherwise impose barriers to compatibility of the donated technology with other technology, including technology owned or operated by competing providers and suppliers.

Response: As explained above, we have included this requirement in the final safe harbor at § 1001.952(y)(3). We believe this condition will help ensure that transfers of health information technology will further the policy goal of fully interoperable health information systems and will not be misused to steer business to the donor.

3. Protected Donors

We proposed to limit the scope of protected donors under § 1001.952(y) to hospitals, group practices, PDP sponsors, and MA organizations, consistent with the MMA-mandated donors for the electronic prescribing safe harbor.

Comment: Most commenters said that the proposed scope of potential donors was too limited. Commenters variously suggested that the protected donors include some or all of the following categories: Nursing facilities; assisted living and residential care facilities; intermediate care facilities for persons with mental retardation; mental health facilities; organizations providing population health management services (such as disease and care management programs and services); all components of an Integrated Delivery System (IDS) (including network providers or other entities that operate, support or manage network providers); clinical laboratories; pharmaceutical manufacturers; durable medical equipment suppliers; radiation oncology centers; community health centers; Federally Qualified Health Centers (FQHCs), physician-hospital organizations; health plans; Regional Health Information Organizations (RHIOs); dialysis facilities; and other entities that, from the commenters' perspective, enhance the overall health of a community.

One commenter, representing dialysis facilities, suggested that the safe harbor should protect nonmonetary donations by all providers that maintain medical staffs to members of the medical staff. Another commenter suggested that a clinical data exchange (or community-wide health information system) should be included as a protected donor, because individual stakeholders in health information technology projects are unlikely to develop, purchase, or donate items necessary to implement and maintain a true community-wide clinical data exchange.

A few commenters asserted that health plans and pharmacy benefits managers (PBMs) should be protected donors, since, according to the commenters, these entities develop health information technology and are engaged with physicians on a direct level to increase the utilization of electronic prescribing and health records technology. These commenters urged that the fraud and abuse risks are reduced because health plans and PBMs have business incentives to limit utilization of prescriptions. A commenter recommended permitting all entities that bill Medicare to donate electronic health records technology. A few commenters suggested that any entity that has an interest in donating health information technology should be permitted to do so.

Response: Mindful that broad safe harbor protection may significantly further the important public policy goal of promoting electronic health records, and after carefully considering the recommendations of the commenters, we have concluded that the safe harbor should protect any donor that is an individual or entity that provides patients with health care items or services covered by a Federal health care program and submits claims or requests for payment for those items or services (directly or pursuant to reassignment) to Medicare, Medicaid, or other Federal health care programs (and otherwise meets the safe harbor conditions). This approach incorporates a bright line test focused on those individuals and entities that participate directly in the provision of health care to patients and are therefore in the best position to advance the implementation of electronic health records adoption through participation in interoperable electronic health records systems. In other words, the test focuses on those individuals and entities with a substantial and central stake in patients' electronic health records. Individuals and entities that can satisfy this definition include, for example, hospitals, group practices, physicians, nursing and other facilities, pharmacies, laboratories, oncology centers, community health centers, FQHCs, and dialysis facilities.

In addition, we are persuaded that health plans, which generally arrange for the provision of health care items and services rather than providing them directly, should be protected donors. We originally proposed including only PDP sponsors and MA organizations. However, in the final rule, we are including any health plan that meets the definition of “health plan” set forth at § 1001.952(l)(2), an existing safe harbor under the anti-kickback statute for certain managed care arrangements. This definition includes a broad array of health plans that may cover Federal health care program beneficiaries, including, but not limited to, PDP sponsors, MA organizations, and Medicaid managed care plans. We note that our decision to include health plans as protected donors does not reflect our endorsement of the proposition that health plans necessarily present a lower risk of fraud and abuse because they have economic incentives to limit utilization. Rather, our decision reflects the direction provided by Congress with respect to PDP sponsors and MA organizations, as well as the important and central role health plans play in the adoption and use of electronic prescribing and health records systems.

In the preamble to the proposed rule, we noted our concern that providers and suppliers of ancillary services would not have a comparable stake in advancing the goal of interoperable electronic health records for patients, as well as our concern about instances of abusive referral payments by ancillary services providers, such as laboratories. Having reviewed the public comments, we are persuaded that ancillary services providers and suppliers have a stake in the development of interoperable electronic health records sufficient to warrant safe harbor protection. We remain concerned about the potential for abuse by laboratories, durable medical equipment suppliers, and others, but believe that the safe harbor conditions in the final rule and the fact that the safe harbor is temporary should adequately address our concerns. We intend to monitor the situation. If abuses occur, we may revisit our determination. Among other things, we will be alert to patterns of increased utilization correlated with transfers of nonmonetary remuneration in the form of electronic health records technology. While increased utilization would not necessarily indicate fraud or abuse (and might, in some circumstances, reflect improved quality of care), the determination must be made on a case-by-case basis. We note that, notwithstanding the safe harbor, parties remain liable under various Federal and State laws for billing abuses, including over-billing and billing for items and services that are not medically necessary.

We have not included as protected donors pharmaceutical, device, or durable medical equipment manufacturers, or other manufacturers or vendors that indirectly furnish items and services used in the care of patients. These entities do not provide health care items or services to patients or submit claims for those services. Our enforcement experience demonstrates that unscrupulous manufacturers have offered remuneration in the form of free goods and services to induce referrals of their products. Given this enforcement history, and the lack of a direct and central patient care role that justifies safe harbor protection for the provision of electronic health records technology, we are not including manufacturers as protected donors. We believe there is a substantial risk that, in many cases, manufacturers' primary interest in offering technology to potential referral sources would be to market their products.

Nothing in this preamble discussion should be construed to suggest that only parties that provide covered services or have the ability to bill Federal programs are in a position to make unlawful payments for referrals. To the contrary, under the anti-kickback statute, the party offering or paying the illegal remuneration need not be a party that provides a covered service or a party in a position to bill a Federal health care program. Rather, in this final regulation we have focused on parties that provide covered services and bill the programs as a bright line way to identify those individuals and entities with direct, frontline patient care responsibilities and, therefore, a substantial stake in promoting interoperable electronic health records systems.

With respect to categories of individuals and entities that are not included in the safe harbor, depending on the facts and circumstances, safe harbor protection might not be needed or safe harbor protection may be available under other safe harbors. The anti-kickback statute is implicated by remunerative arrangements that might induce or reward the generation of Federally payable health care business. Arrangements between parties where there is no potential or actual Federal program business of any kind generally should not raise concerns under the anti-kickback statute. Moreover, even where the statute is implicated, arrangements that do not qualify for safe harbor protection are not necessarily illegal. Thus, the fact that an entity is not included as a protected donor does not mean that a transfer of electronic health records technology by that entity necessarily would violate the anti-kickback statute. Rather, a determination would depend on the facts and circumstances, including the intent of the parties. Parties seeking assurance that their arrangement does not violate the anti-kickback statute may have the arrangement evaluated through the OIG's voluntary advisory opinion process.

Comment: A commenter requested that the list of protected donors be expanded to include research and manufacturing entities and suggested that blind trusts could be established utilizing funds from several pharmaceutical companies to reduce the risk of fraud and abuse. Another commenter requested that we include entities in the research-based biopharmaceutical industry as permissible donors, noting that the widespread adoption of health information technology could reduce the need for proprietary systems used solely for purposes of clinical trial programs.

Response: As noted in the preceding response, we are not including research and manufacturing entities, or entities in the research-based biopharmaceutical industry, as protected donors for purposes of this final safe harbor. These entities do not provide covered services to beneficiaries and do not submit claims to a Federal health care program. Arrangements involving remuneration in the form of electronic health records technology provided by these entities would need to be evaluated on a case-by-case basis under the anti-kickback statute. We believe the “blind trust” proposal offered by the commenter is also more appropriately addressed case-by-case under the anti-kickback statute based on the totality of facts and circumstances of the particular arrangement.

Comment: One commenter strongly urged OIG to expand the list of protected donors to give physicians the opportunity to choose between different software offerings. Other commenters suggested that the safe harbor require an open, transparent Request for Proposal (RFP) process whereby the donating entity would be required to offer technology from a minimum of three vendors for the recipient to select. These commenters expressed the view that a multi-vendor, open RFP process would ensure competitive market pricing and would allow recipients to participate in the selection process to ensure that services meet the needs of their clinical practices, while also protecting against the recipient being locked-in by the donating entity. Another commenter requested that the rulemaking clearly state that physicians should be free to choose their own electronic health records systems or should be offered a choice by entities providing subsidies or assistance for purchasing these systems.

Response: Physicians and other recipients remain free to choose any electronic health technology that suits their needs. Nothing in the safe harbor is to the contrary. However, we are not requiring donors to facilitate that choice for purposes of the safe harbor. Donors must offer interoperable products and must not impede the interoperability of any technology they decide to offer. We decline to require the type of RFP process requested by the commenter, as it would be unnecessarily burdensome and impractical and would potentially impose substantial transaction costs on donors. In addition, nothing in this safe harbor requires donors to give any particular level, scope, or combination of items and services. Some donors may choose to offer comprehensive packages, while others may elect to offer only individual components of an electronic health records system.

Comment: Commenters from the laboratory industry strongly urged OIG to include laboratories as protected donors. They argued that reducing duplicative laboratory testing is a potential benefit to the implementation of interoperable electronic health records. These commenters stated that clinical laboratories should be included in the safe harbor to achieve a level playing field and the goal of widespread adoption of technology. They also objected to OIG's characterization of the industry with respect to historical and current fraud and abuse concerns.

Response: We are including clinical laboratories as protected donors for the reasons noted above. However, in our experience, laboratories and others have used free or deeply discounted goods, such as computers and fax machines, to influence referrals improperly, and we remain concerned about potentially abusive kickback schemes involving free or deeply discounted goods. However, we believe the potential public benefit from interoperable electronic health records is so significant that some additional safe harbor protection is warranted for the limited purposes of this safe harbor. In this rule, it is our expectation that the combination of conditions in the safe harbor, including the sunset provision, will protect the programs from abuse during a limited period of time for the purpose of spurring widespread adoption of interoperable electronic health records technology. We intend to monitor the situation; if we discover instances of abuse, we may revisit our determination to include clinical laboratories (or any other category of potential donor).

Comment: A commenter requested that health information technology vendors be included as protected donors.

Response: We decline to include health information technology vendors as protected donors. In many cases, no safe harbor protection will be needed. Moreover, we are concerned that if vendors are included as protected donors, entities that are not included in the safe harbor will expand their lines of business to become vendors to circumvent the safe harbor limitations.

Comment: Some commenters suggested that the safe harbor should protect nonmonetary donations offered by partnerships or consortia of otherwise permissible donors, so that parties could work together and share the cost of expanding needed health information technology in the community.

Response: Because consortia and partnerships can be structured in various ways, it is difficult for us to conclude with confidence that in all circumstances they would not pose an undue risk of abuse. We believe the better approach to the issue of consortia and partnerships is a case-by-case approach.

4. Protected Recipients

Comment: Most commenters expressed the view that the categories of protected recipients were too limited and urged OIG to be more expansive. Commenters suggested that all or some of the following should be included: Non-staff physicians; physicians who are network providers; physicians who have contracted with an IDS; physicians and other licensed health care professionals whose patients regularly receive inpatient and/or outpatient care at the donor hospital or health system; hospitalists; intensivists; physician assistants; nurse practitioners; audiologists; and independent contractors of group practices. Commenters noted that many non-physician providers would greatly benefit from safe harbor protection, given the fact that non-physician providers generally have limited resources available to fund office technology. A commenter suggested including all non-physician providers that furnish Medicare or Medicaid covered services and might benefit from the adoption of electronic health records systems.

Many commenters suggested that the categories of permissible recipients be expanded to include the following providers and suppliers and their staffs: nursing facilities, assisted living and residential care facilities, intermediate care facilities for persons with mental retardation, mental health facilities, clinical laboratories, durable medical equipment providers, pharmacies (including long-term care pharmacies), community health centers, network providers or other entities that operate, support or manage network providers, physician-hospital organizations, health plans, RHIOs, and other entities designed to enhance the overall health of the community. Commenters also requested that FQHCs, as defined in the Medicaid statute and Medicare regulations, be included as permissible recipients.

Response: We agree with the commenters that additional protection would further the goal, and achieve the benefits, of widespread adoption of electronic health records technology and, given the overall design of the safe harbor, can be accomplished without undue risk of fraud and abuse. The final rule permits donation of protected remuneration to any individual or entity engaged in the delivery of health care, without regard to whether the recipient is on a medical staff, is a member of a group practice, or is in network of a PDP sponsor or MA organization. Protected recipients would include practitioners, providers, and suppliers that furnish services directly to Federal health care program beneficiaries, as well as those that furnish services to health plan enrollees. Protected recipients can include, among others, physicians, group practices, physician assistants, nurse practitioners, nurses, therapists, audiologists, pharmacists, nursing and other facilities, FQHCs and community health centers, laboratories and other suppliers, and pharmacies.

Comment: Many commenters requested that protected donors be permitted to donate technology to all members of a group practice, or to the group practice as a whole, even if all members do not routinely provide services to the donor. Some commenters suggested that group practices should be permitted to donate to other group practices. One commenter asked for clarification as to whether the proposed safe harbor would apply only to the specific physician recipient of the donated technology or whether, for example, all members of a group practice could use the technology that was donated to the physician.

Response: The final rule contains no limitation on the recipient's membership on a donor's medical staff. Further, the safe harbor protects the donation of the technology to a physician or group practice. As such, donors are permitted to provide technology to the group practice as a whole, which should address the concerns raised by the commenters.

Comment: Some commenters stated that hospital donors may not want to donate the full value of an electronic health records system to physicians outside of their medical staff. These commenters suggest permitting outside physicians to have access to the information in the hospital's electronic health records system by allowing the outside physicians to use or sublicense the hospital's electronic health records system at the hospital's cost. These commenters also suggested allowing outside physicians to take advantage of the pricing obtained by the hospitals for electronic health records technology and related services.

Response: The final safe harbor has been expanded to include all physicians as recipients, regardless of whether the physician is a member of the donor's medical staff. Nothing in the safe harbor requires hospitals or other donors to offer recipients a full electronic health records system. We interpret the commenters' suggestion that community physicians be permitted to access electronic data at the hospital's cost to be a comment seeking clarification that any aggregate dollar limit on donated technology be calculated based on the donor's costs rather than retail value to the recipient. In this regard, the final safe harbor incorporates a cost sharing requirement based on the donor's costs. It does not incorporate an aggregate dollar limit.

5. Selection of Recipients

In light of the enhanced protection against some types of fraud and abuse offered by certified, interoperable systems, the final rule permits donors to use selective criteria for choosing recipients, provided that neither the eligibility of a recipient, nor the amount or nature of the items or services, is determined in a manner that directly takes into account the volume or value of referrals or other business generated between the parties. We have enumerated several selection criteria which, if met, are deemed not to be directly related to the volume or value of referrals or other business generated between the parties (for example, a determination based on the total number of hours that the recipient practices medicine or a determination based on the size of the recipient's medical practice). Selection criteria that are based upon the total number of prescriptions written by a recipient are not prohibited, but the final regulation does prohibit criteria based upon the number or value of prescriptions written by the recipient that are dispensed or paid by the donor, as well as any criteria directly based on any other business generated between the parties. The final safe harbor would not protect arrangements that seek to induce a recipient to change loyalties from other providers or plans to the donor.

We expect that this approach will ensure that donated technology can be targeted at recipients who use it the most in order to promote a public policy favoring adoption of electronic health records, while discouraging especially problematic direct correlations with Federal health care program referrals. This approach is a deliberate departure from other safe harbors under the anti-kickback statute based on the unique public policy considerations surrounding electronic health records and the Department's goal of encouraging widespread adoption of interoperable electronic health records. We caution, however, that outside of the context of electronic health records, as specifically addressed in this final rule, both direct and indirect correlations between the provision of free or deeply discounted goods or services and the volume or value of referrals or other business generated between the parties are highly suspect under the anti-kickback statute (and may evidence outright violations) and do not meet the requirements of other safe harbors under the statute or § 1001.952.

Comment: Several commenters commended OIG for its efforts to prevent fraud and abuse by prohibiting efforts to increase referrals or other changes in practice patterns. Some commenters noted that donors should not be allowed to choose physicians selectively based upon the volume of their prescribing, size of practice, or whether they would be likely to adopt the technology, and stated that donors should give technology to all of their physicians. One commenter suggested eliminating the criteria permitting donors to select recipients based on any reasonable and verifiable manner that is not directly related to the volume or value of referrals or other business generated between the parties. The commenter stated that this criteria is too open-ended and subjective and could become a major loophole.

Other commenters supported the use of such criteria and expressed the view that the use of selection criteria to select recipients will improve quality of care and ensure successful adoption of health technology by physicians. These commenters offered suggestions on the standards for selection criteria. Some commenters suggested that OIG consider broad criteria for selection of recipients, and that donors should be permitted to make this decision based upon their own financial model. One commenter requested that OIG confirm that donations based on total number of prescriptions are allowed under all of the proposed safe harbors.

One commenter recommended that selection criteria related to the volume or value of referrals should be permitted, as long as the criteria are linked to achieving greater improvement in quality of patient care or greater success in adoption of health information technology. The commenter provided the following examples: Participation in hospital quality improvement activities; participation in medical staff meetings and activities; specialty; department (if information technology is rolled out by department); readiness to use health information technology; consistent use of hospital based information technology systems; acting as a “physician champion” of hospital based information technology systems; willingness to serve as a trainer for other physicians; size of medical practice; or willingness to contribute some resources to the information technology project. Another commenter requested that any list of criteria included in the regulation be inclusive, rather than exclusive, and that we provide further guidance on how to interpret the criteria.

Response: Some of the commenters' suggestions are too subjective, impractical, and insufficiently bright line to be “deeming” provisions for purposes of this rulemaking. Although we believe it is important to provide some guidance with respect to selection criteria, we do not think it is possible to enumerate a comprehensive list. Therefore, we are providing several bright line criteria in the final rule, along with a general provision that permits other reasonable and verifiable selection criteria that do not relate directly to the volume or value of referrals or other business generated between the parties. Specifically, we are including the following criteria:

  • The determination is based on the total number of prescriptions written by the recipient (but not the volume or value of prescriptions dispensed or paid by the donor or billed to a Federal health care program);
  • The determination is based on the size of the recipient's medical practice (for example, total patients, total patient encounters, or total relative value units);
  • The determination is based on the total number of hours that the recipient practices medicine;
  • The determination is based on the recipient's overall use of automated technology in his or her medical practice (without specific reference to the use of technology in connection with referrals made to the donor);
  • The determination is based on whether the physician is a member of the donor's medical staff, if the donor is a hospital or other entity with a formal medical staff;
  • The determination is based on the level of uncompensated care provided by the recipient; or
  • The determination is made in any reasonable and verifiable manner that does not directly take into account the volume or value of referrals or other business generated between the parties.

Comment: Some commenters inquired whether it would be permissible under the safe harbor for a donor to offer a staggered roll-out of electronic health records technology, so that the technology could be provided on a selective basis, either by specialty, hospital department, or otherwise. These commenters suggested that the safe harbor should not enumerate specific examples of when a staggered offering is deemed “not directly related to” referrals or other business, but rather should allow donors to offer information technology, as appropriate for each hospital's individual financial situation.

Response: The final rule prohibits the selection of recipients using any method that takes into account directly the volume or value of referrals from the recipient or other business generated between the parties. The final rule provides some examples of acceptable criteria and also permits any other determination that is reasonable and verifiable. Given the potential variation in arrangements, it is not entirely clear to us how the commenters would implement their “staggered roll-out.” Such arrangements should be evaluated for compliance with the safe harbor on a case-by-case basis. We note that nothing in the safe harbor requires that technology be provided to all potential recipients contemporaneously.

Comment: One commenter recommended that OIG reaffirm that physicians who receive donated technology remain free to choose what health information may or may not be shared with the hospital or entity providing the technology, consistent with current law and the wishes of patients and physicians.

Response: Nothing in this final rule regulates the sharing of health information. Nothing in this final rule permits donors to influence the medical decision-making of recipients or requires recipients to act in a manner that would violate any law or ethical obligation to patients.

Comment: A commenter requested that OIG prohibit donors from selecting recipients in a manner that punishes or rewards past prescribing practices or influences future prescribing practices. Another commenter recommended that any incidental increase in the volume of referrals that results from increased quality and patient care be expressly permitted.

Response: Any selection criteria directly related to past, present, or future volume of prescriptions dispensed or paid by the donor or billed to a Federal health care program, or to any other business generated between the parties are strictly prohibited. Any selection criteria that punish or reward past prescribing practices or influence future prescribing practices would give rise to an inference that the selection criteria are tied directly to the volume or value of referrals. We are not adopting the commenter's suggestion that we expressly permit increases in the volume or value of referrals attributable to increased quality and patient care. Whether an increase in the volume of referrals between a donor and recipient is attributable to increased quality and patient care, rather than an impermissible incentive, requires an evaluation of the particular facts and circumstances.

Comment: A commenter requested that PDP sponsors and MA organizations be permitted to determine eligibility, or the amount or nature of the items and services, in a manner that takes into account the volume and value of prescriptions written by the recipient that are paid by the PDP sponsor or MA organization. This commenter believed that PDP sponsors and MA organizations have the financial incentive to control drug utilization costs to compete effectively in the Medicare Part D marketplace.

Response: We are not persuaded. The fact that PDP sponsors and MA organizations have some incentives to control costs is not sufficient to warrant different safe harbor treatment. Neither eligibility for, nor the amount or nature of the items or services, may be determined by taking into account the volume or value of prescriptions written by the recipient for enrollees of the MA organization or PDP sponsor. Nothing in the safe harbor precludes PDP sponsors and MA organizations from offering protected items and services to health care professionals with whom they have network agreements.

Comment: One commenter requested that we protect donations when provided to a physician or clinic that provides a certain level of uncompensated charity care or combination of charity care and volume of Medicaid patients.

Response: The provision of uncompensated care would be an acceptable selection criterion (e.g., a hospital can elect to provide technology only to rural and solo practitioners that provide high levels of uncompensated care when selecting among eligible recipients). We have included a criterion in the final regulations at § 1001.952(y)(5) that expressly permits selection of recipients based on the level of uncompensated care provided by the recipient. We do not believe it would be appropriate for us to establish a particular level of uncompensated care necessary to qualify for safe harbor protection. Donors should have flexibility to respond to the particular needs of their communities by selecting recipients based on levels of uncompensated care that reflect those needs. The total number of Medicaid patients served by the practice could also be acceptable, so long as there is no direct correlation with Medicaid patients referred between the donor and recipient.

Comment: We proposed including a requirement that the prescribing health care professional, practitioner, pharmacy, or pharmacist (or any affiliated group, employee, or staff member) does not make the receipt of items or services a condition of doing business with the donor. Those commenters that commented on this condition favored it. A commenter noted that, as proposed by CMS for the proposed exception under the physician self-referral law, the anti-solicitation provision would be a core protection against fraud and abuse. The commenter suggested that our final rule should mirror the language proposed by CMS, which barred making the receipt, as well as the amount or nature, of items or services a condition of doing business with the donor. See 70 FR 59182, 59187 (October 11, 2005).

Response: We agree that a provision barring recipients from conditioning their business on donations of technology can safeguard against fraud and abuse and should be included in the final safe harbor. We further agree that, in this regard, the safe harbor under the anti-kickback statute should be consistent with the exception under the physician self-referral law. Accordingly, we are including a provision that mirrors the provision proposed by CMS, with modifications appropriate to the different nature of recipients addressed by the two rules. For consistency, we are making the same modifications to the comparable condition in the electronic prescribing arrangements safe harbor.

6. Value of Technology

We proposed, as a further safeguard against fraud and abuse, to limit the aggregate value of the qualifying electronic prescribing technology that a donor could provide to a recipient. We solicited public comment on the applicable amount and methodology for limiting the aggregate value of donated technology.

We also indicated that we were considering setting an initial cap, for both the electronic prescribing and electronic health records safe harbors, which would be lowered after a certain period of time sufficient to promote the initial adoption of the technology. This approach would have the effect of encouraging investments in the desired technology while also ensuring that, once the technology has been widely adopted and, as often occurs with technology, costs decrease as technology becomes more widely adopted, the safe harbor cannot be abused to disguise payments for referrals.

Comment: We solicited public comments that address the retail and nonretail costs (i.e., the costs of purchasing from manufacturers, distributors, or other nonretail sources). Only a few commenters provided concrete information on the cost of health information technology, while most commenters simply noted the cost was high, that financial incentives were imperative, and that adoption was not equally affordable by all sectors of the health care field.

Response: We appreciate commenters providing this information, and we have taken the information into consideration in finalizing the safe harbor. The Administration supports the adoption of health information technology as a normal cost of doing business to ensure patients receive high quality care.

Comment: Most commenters shared the opinion that there should not be a cap on the value of donated technology, stating that there is not a consistent or appropriate way to determine fair market value or establish a monetary cap that would accommodate all situations and account for the rapid advancement in technology. Some commenters believed that the attempt to ascertain the value of donations for the purpose of fraud protection would become a barrier to adoption of electronic health records, unnecessarily discourage potential donors from providing technology, or would result in a reduction on the “return on investment” for electronic prescribing and electronic health records. Other commenters expressed concern that a low cap might discourage the implementation of electronic health records technology, while a high cap may serve to pressure hospitals to provide the maximum allowable amount.

However, a few commenters shared the concern of OIG that allowing donors to provide items or services without limiting the value of such support could provide a potential for fraud and abuse. One commenter asserted that the value of donations will be self-limiting, because donors are unlikely to spend more than is necessary, thereby eliminating the need for a cap. Another commenter argued that a cap is not necessary so long as the donation is made without limiting or restricting the use of the electronic prescribing or electronic health records technology to services provided by the donating entity, and so long as the donation does not take into account the volume or value of referrals. Another commenter recommended that OIG limit the design or utility of the protected donated technology by requiring that it not have more than incidental value to the recipient, beyond the function for which it is intended.

Response: We agree with the commenters that determining the value of donated technology poses certain difficulties, and we are not including a cap on the amount of protected donations in the final safe harbor. While gifts of valuable items and services to existing or potential referral sources typically pose a high risk of fraud and abuse, we believe that the combination of safe harbor conditions in the final safe harbor, including the sunset provision, should adequately safeguard against abusive electronic health records arrangements.

Comment: Many commenters, while opposing the imposition of a cap, offered other suggestions for limiting the value of protected nonmonetary remuneration. Several commenters suggested a limit on the value of protected nonmonetary remuneration in the form of a percentage contribution from the recipient, i.e., cost sharing by the recipient. These commenters suggested requiring either a set percentage contribution by the recipient or a scaled percentage contribution by the recipient that would lower the required percentage contribution once a pre-determined threshold amount was reached. Some commenters also suggested that we consider a cost sharing method that would be based on set amounts that would be donated, with the recipient paying any remaining costs. The amounts could be revised over time to account for the fluctuating expense of technology and other changes that may arise. One commenter noted that studies have shown that individuals value services more when a portion of the cost is shared. This commenter suggested that recipients should, at a minimum, be required to contribute towards the purchase of wireless internet access.

Response: We agree that cost sharing is an appropriate method to address some of the fraud and abuse risks inherent in unlimited donations of technology. Accordingly, the safe harbor establishes a percentage contribution that must be incurred by the recipient of the electronic health records technology. Specifically, the final rule offers safe harbor protection only if the recipient pays 15 percent of the donor's cost of the technology. We believe the 15 percent cost sharing requirement is high enough to encourage prudent and robust electronic health records arrangements, without imposing a prohibitive financial burden on recipients. Requiring financial participation by a recipient should result in selection of technology appropriate for the recipient's practice and increase the likelihood that the recipient will actually use the technology. Moreover, this approach requires recipients to contribute toward the benefits they may experience from the adoption of interoperable electronic health records (for example, a decrease in practice expenses or access to incentive payments related to the adoption of health information technology). We note that, depending on the circumstances, a differential in the amount of cost sharing imposed by a donor on different recipients could give rise to an inference that an arrangement is directly related to the volume or value of referrals or other business generated between the parties, thus rendering the arrangement ineligible for safe harbor protection. In this regard, the reason and basis for the differential should be closely scrutinized.

We note that all donated software and health information technology and training services would be subject to the cost sharing requirements. It is our understanding that many updates and upgrades are included in the initial purchase price of the technology and would not trigger additional cost sharing responsibility on the part of the recipient at the time the update or upgrade is provided to the recipient. Any updates, upgrades, or modifications to the donated electronic health records system that were not covered under the initial purchase price for the donated technology would be subject to separate cost sharing obligations by the recipient (to the extent that the donor incurs additional costs). To ensure that recipients incur the requisite 15 percent of the costs, donors (and their affiliates) are prohibited from providing financing or making loans to recipients to fund the recipient's payment for the technology.

With respect to calculation of the costs for internally-developed (“homegrown”) software (that is, software that is not purchased from an outside vendor), and internally-developed add-on modules and components (that is, software purchased from an outside vendor and internally customized to ensure operational functionality), parties should use a reasonable and verifiable method for allocating costs and are strongly encouraged to maintain contemporaneous and accurate documentation. Methods of cost allocation will be scrutinized to ensure that they do not inappropriately shift costs in a manner that provides an excess benefit to the recipient or results in the recipient effectively paying less than 15 percent of the donor's true cost of the technology.

Comment: One commenter suggested that the entire electronic health records safe harbor sunset no later than five years from the date of publication of the final rulemaking, with the possibility for the sunset to be delayed upon an administrative finding by the Secretary that there is still a need for the safe harbor. The commenter observed that, in the future, electronic health records technology will be a standard and necessary part of a medical practice, and there will no longer be a need for third parties to donate it to physicians to spur adoption of the technology. Moreover, the commenter observed that incompatibility across a network of providers will cease to be an issue once interoperability of technology becomes the norm. For these reasons, the commenter concluded that the rationale for establishing a safe harbor to the anti-kickback statute will decrease over time.

Response: We agree with this commenter that the need for a safe harbor for donations of electronic health records technology should diminish substantially over time as the use of such technology becomes a standard and expected part of medical practice. Over time, physicians and others who receive donated technology from third parties may begin to realize the economic benefits from increased efficiencies and quality of care, at which point they may be expected to shoulder the costs associated with producing those benefits. As we indicated earlier in this rulemaking, we are promulgating an anti-kickback safe harbor for donations of valuable technology to promote its use in the interests of quality of care, patient safety, and health care efficiency, notwithstanding the substantial risk of fraud and abuse normally associated with gifts of valuable goods and services to referral sources. Our goal is to promote the beneficial uses of technology without undue risk of fraud and abuse. As the technology becomes widely used and an accepted part of medical practice, the balance between promoting health information technology and preventing fraud and abuse changes.

A sunset provision would also address some of our concerns about gifts of unlimited amounts of valuable technology. As noted above, we have concluded that we cannot readily develop an appropriate cap on the amount of protected technology. A sunset provision, in effect, would cap the amount of protected technology that could be donated by third parties in a different way, thereby safeguarding against fraud and abuse in the long run. All arrangements occurring after the sunset date would be subject to case-by-case evaluation under the anti-kickback statute.

We solicited comments on our overall approach to crafting a set of safe harbor conditions and how we might ensure that the conditions, taken as a whole, provide sufficient protection against fraud and abuse. Given the difficulties inherent in limiting the value of donated technology and our relaxing of the ordinary principle that remuneration cannot be linked in any manner to the volume or value of referrals, we believe the sunset provision suggested by the commenter will provide appropriate additional protection.

For all of these reasons, we are adopting the suggestion of the commenter, with modifications. We are sunsetting the safe harbor on December 31, 2013. This date is consistent with the President's goal of adoption of electronic health records technology by 2014. See President George W. Bush's Health Information Technology Plan announced April 26, 2004; http://www.whitehouse.gov/infocus/technology/economic_policy200404/ chap3.html. Under § 1001.952(y)(13), all transfers of items and services must occur, and all conditions of the safe harbor must have been satisfied, on or before December 31, 2013. Nothing in the safe harbor would preclude the Secretary from extending the time period in accordance with notice-and-comment rulemaking. However, we do not believe it would be appropriate to have a condition in a regulation that is contingent on an administrative determination.

We observe that the sunset provision is also consistent with the language in the preamble to the proposed rule that stated:

“We are considering setting an initial cap, which would be lowered after a certain period of time sufficient to promote the initial adoption of the technology. This would have the effect of encouraging investments in the desired technology while also ensuring that, once the technology has been widely adopted and its costs have come down, the safe harbor cannot be abused to disguise payments for referrals.” 70 FR at 59020.

(We note that we are not similarly sunsetting the electronic prescribing safe harbor at § 1001.952(x), as that safe harbor is mandated by statute, and we do not have authority to limit its duration. Moreover, the risk of fraud and abuse is substantially greater with respect to donations of electronic health records technology than it is for donations of technology necessary and used solely for electronic prescribing under § 1001.952(x).)

Comment: A few commenters suggested that we not sunset the pre-interoperability safe harbor once the post-interoperability safe harbor was finalized, as we had proposed.

Response: We are not finalizing a separate pre-interoperability safe harbor.

Comment: One commenter stated that CMS should study the issue of a cap since health information technology capabilities and costs are rapidly evolving.

Response: This comment addresses matters outside the scope of this rulemaking.

Comment: A few commenters suggested that the final rule should allow the donors to reimburse recipients for previously implemented electronic health records systems in an amount equal to the lesser of the fair market value of the donated technology or the donated value cap, should a cap be adopted. These commenters also requested that recipients be given assurance by the donor that any technology previously purchased that is equivalent to donated technology and meets the applicable interoperability standards would be integrated into the donor's system.

Response: We are not adopting these suggestions. The commenters' suggestions go beyond the scope of the safe harbor and appear to be a request for the safe harbor to provide retroactive protection for previously purchased technology. The safe harbor protects the donation of technology that meets all of the conditions of the safe harbor. Reimbursement for previously incurred expenses is not protected and poses a substantial risk of fraud and abuse.

Comment: We solicited comment in the proposed rulemaking about our proposal to prohibit donors from shifting the financial burden of providing electronic health records technology to the Federal health care programs or beneficiaries. Some commenters suggested that a cap on the value of donated technology would address our concern. One commenter suggested that the Department mandate savings that must be realized over a particular period of time. This commenter believed that pay for performance incentives should eventually mitigate the risk of cost shifting.

Response: For the reasons noted above, we are not including a cap on the value of donated technology. Moreover, we do not believe it is feasible for us to mandate particular levels of savings as a condition of safe harbor protection or to rely on the future implementation of pay for performance incentives. We continue to believe that our proposed condition is prudent and the best way to prevent cost shifting to the Federal programs and their beneficiaries. We have included the condition in the final safe harbor at § 1001.952(y)(12).

7. Documentation

Comment: One commenter suggested omitting any requirement that the written agreement documenting the arrangement specify the covered items and services and their values. Another commenter requested clarification as to whether all parties to a three-tier technology arrangement (i.e., the donor-distributor of the technology, the vendor of the technology, and the recipient of the technology) would be required to sign the written agreement required by the safe harbor.

Response: In light of the cost sharing condition of the final safe harbor, we are requiring documentation of the cost to the donor of the donated technology, and the recipient's expected contribution thereto. Moreover, we are requiring that the cost sharing contribution be made and documented before the items and services can qualify for safe harbor protection. The documentation must be specific as to the items and services donated, the actual cost to the donor, and the amount of the recipient's cost sharing obligation. The documentation must cover all of the electronic health records items and services to be provided by the donor (or affiliated parties) to the recipient. With respect to this requirement, we have added language to the final safe harbor clarifying that the written documentation requirement can be satisfied by incorporating by reference the agreements between the parties or by the use of cross references to a master list of agreements between the parties that is maintained and updated centrally, is available for review by the Secretary upon request, and preserves the historical record of agreements. Nothing in the safe harbor requires that agreements between donors and recipients also be signed by third-party vendors; however, such documentation may be a prudent business practice.

D. Community-Wide Health Information Systems

Comment: Some commenters responded to our request for public comments on the need for, and the conditions that should pertain to, a safe harbor for community-wide health information systems. These commenters supported the creation of a safe harbor and suggested the safe harbor mirror the community-wide health information systems exception under section 1877 of the Act, with certain suggested revisions, including, for example, that the safe harbor should protect all types of providers, not just physicians. Another commenter offered suggestions on revisions to the section 1877 exception.

Response: We are not addressing a safe harbor for community-wide health information systems at this time; however, we will take into consideration the comments received should we develop a proposal for such a safe harbor. Comments on the section 1877 exception should be addressed to CMS.

III. Regulatory Impact Statement Back to Top

We have examined the impact of this rule as required by Executive Order 12866, the Unfunded Mandates Reform Act of 1995, the Regulatory Flexibility Act (RFA) of 1980, and Executive Order 13132.

Executive Order 12866

Executive Order 12866 directs agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). A regulatory impact analysis must be prepared for major rules with economically significant effects (i.e., $100 million or more in any given year).

This is not a major rule, as defined at 5 U.S.C. 804(2), and it is not economically significant, since it will not have a significant effect on program expenditures, and there are no additional substantive costs to implement the resulting provisions. This final rule will create new safe harbors under the anti-kickback statute for certain entities to provide technology-related items and services to certain parties for electronic prescribing and health records purposes in doing so, this rulemaking imposes no requirements on any party. Parties may voluntarily seek to comply with this provision so that they have assurance that their actions will not subject them to any enforcement actions under the anti-kickback statute.

The safe harbors should facilitate the adoption of electronic prescribing and health records technology by filling a gap rather than creating the primary means by which physicians or other recipients will adopt these technologies. In other words, donors will not fund all of the health information technology used by recipients. However, since we cannot predict which entities will offer these items and services, we cannot determine with certainty the aggregate economic impact of this final rulemaking. We do not believe, however, that the impact of this electronic prescribing safe harbor rule would approach $100 million annually. Therefore, this final rule is not a major rule. We note that this final rule will remove a perceived obstacle to the provision of qualifying electronic prescribing technology and electronic health records software or information technology and training services (for purposes of this Regulatory Impact Statement, herein referred to as “qualifying health information technology”) by certain entities, which effort advances the goal of the adoption of interoperable information technology. Although this final rule applies to donations of qualifying health information technology by hospitals, group practitioners, PDP sponsors, MA plans, and other donors, we do not expect that all entities would use these final safe harbors (in some cases, existing safe harbors may also be available or parties may use the OIG's advisory opinion process).

Our analysis under Executive Order 12866 of the expenditures that entities may choose to make under this final rule is restricted by potential effects of outside factors, such as technological progress and other market forces, future certification standards, and the companion final physician self-referral exceptions. Furthermore, both the costs and potential savings of electronic prescribing, electronic health records, and other functional components vary to the extent to which each element operates as a stand alone system or as part of an integrated system.

As noted in the proposed electronic prescribing standards rule, which was published on February 4, 2005 (70 FR 6256, 6268-6273), donors may experience net savings with electronic prescribing in place and patients would experience significant, positive health effects. We have not repeated that analysis in this final rule. Moreover, we have not replicated the extensive analysis of costs, benefits, and potential impact on patient care contained in the companion physician self-referral final rule. We believe the analysis set forth there may be similarly relevant to the potential impact of the final safe harbors. As also noted there, we assume that qualifying health information technology costs and benefits will be realized eventually. Even without government intervention, there is a lively market today, and as consensus standards evolve, that market will grow. The question as to the regulatory impact of this final rule is: to what extent would the use of these final anti-kickback safe harbors accelerate adoption of electronic prescribing and electronic health records, taking into account available policy instruments, notably the development of interoperability criteria? The baseline information is uncertain. As described in more detail in the physician self-referral final rule, there are numerous estimates of adoption of electronic prescribing by health plans, hospitals, physicians, and (for prescribing of drugs only) pharmacies. As noted there, these estimates are highly sensitive to assumptions. For example, the costs may be higher or lower depending on the nature of, and information technology needs of, donors and recipients. The rate of adoption might be higher or lower than estimated. We believe the substantial majority of recipients will be physicians. The proportion receiving remuneration could be lower or higher than estimated, depending on willingness of hospitals, group practices, MA organizations, and PDP sponsors and other donors to subsidize investments in health information technology.

The Office of Management and Budget (OMB) has reviewed this rule in accordance with Executive Order 12866.

Unfunded Mandates Reform Act

Section 202 of the Unfunded Mandates Reform Act of 1995 requires that agencies assess the anticipated costs and benefits of Federal mandates before issuing any rule that may result in the mandated expenditure by State, local, or tribal Governments, in the aggregate, or by the private sector, of $100 million in 1995 dollars (a threshold adjusted annually for inflation and now approximately $120 million). This final rule would impose no mandates. Any actions taken under this rule would be voluntary. Any expenditures would be undertaken by Government-owned hospitals in their business capacity, without any necessary impact on State, local, or tribal Governments, or their expenditure budgets, as such.

Regulatory Flexibility Act

The Regulatory Flexibility Act (RFA) and the Small Business Regulatory Enforcement and Fairness Act of 1996, which amended the RFA, require agencies to analyze options for regulatory relief of small businesses. For purposes of the RFA, small entities include small businesses, nonprofit organizations, and Government agencies. Most hospitals and most other providers and suppliers are small entities, either by nonprofit status or by having revenues of $6 million to $29 million in any one year. Individuals and States are not included in the definition of a small entity. We are not preparing an analysis for the RFA because we have determined that this final rule will not have a significant impact on small businesses. We base our decision on the fact that we expect the rulemaking on electronic prescribing and health records to be beneficial to the affected entities because it will allow them to better reap the benefits of increased use of electronic prescribing and health records technology, including reduction of medical errors and increased operational efficiencies.

In addition, section 1102(b) of the Act requires us to prepare a regulatory impact analysis if a rule may have a significant impact on the operations of a substantial number of small rural hospitals. This analysis must conform to the provisions of section 603 of the RFA. For purposes of section 1102(b) of the Act, we define a small rural hospital as a hospital that is located outside of a Metropolitan Statistical Area and has fewer than 100 beds. We are not preparing an analysis for section 1102(b) of the Act because we have determined that this rule will not have a substantial negative impact on the operations of a substantial number of small rural hospitals. If this rule has any impact, it would be a substantial positive impact in reducing medical errors and increasing operational efficiencies through the use of technology.

Executive Order 13132

Executive Order 13132 establishes certain requirements that an agency must meet when it promulgates a final rule that imposes substantial direct requirement costs on State and local Governments, preempts State law, or otherwise has Federalism implications. Since this regulation does not impose any costs on State or local Governments, preempt State or local law, or otherwise have Federalism implications, the requirements of Executive Order 13132 are not applicable.

IV. Paperwork Reduction Act Back to Top

In accordance with section 3506(c)(2)(A) of the Paperwork Reduction Act of 1995, we are required to solicit public comments, and receive final OMB approval, on any information collection requirements set forth in rulemaking. The safe harbors promulgated in this final rule impose some minimal information collection requirements. Specifically, for an arrangement to fall within the final safe harbors it would have to fulfill the following documentation requirements: (1) There must be a writing signed by the parties; (2) the written agreement must identify the items or services being provided and their cost; and (3) the written agreement must incorporate or cross-reference prior relevant agreements.

Compliance with a safe harbor under the Federal anti-kickback statute is voluntary, and no party is ever required to comply with a safe harbor. Instead, safe harbors merely offer an optional framework for structuring business arrangements to ensure compliance with the anti-kickback statute. All parties remain free to enter into arrangements without regard to a safe harbor, so long as the arrangements do not involve unlawful payments for referrals under the anti-kickback statute. Thus, we believe that the documentation requirements necessary to enjoy safe harbor protection do not qualify as an added paperwork burden in accordance with 5 CFR 1320.3(b)(2), because the requirements are consistent with usual and customary business practices and because the time, effort, and financial resources necessary to comply with the requirements would largely be incurred in the normal course of business activities.

List of Subjects in 42 CFR Part 1001 Back to Top

begin regulatory text

Accordingly, 42 CFR part 1001 is amended as follows:

PART 1001—[AMENDED] Back to Top

1.The authority citation for part 1001 is revised to read as follows:

Authority:

42 U.S.C. 1302, 1320a-7, 1320a-7b, 1395u(j), 1395u(k), 1395w-104(e)(6), 1395y(d), 1395y(e), 1395cc(b)(2)(D), (E) and (F), and 1395hh; and sec. 2455, 103, 108 Stat. 3327 (31 U.S.C. 6101 note).

2.Section 1001.952 is amended by republishing the introductory text, by adding and reserving paragraph (w), and by adding new paragraphs (x) and (y) to read as follows:

§ 1001.952 Exceptions.

The following payment practices shall not be treated as a criminal offense under section 1128B of the Act and shall not serve as the basis for an exclusion:

* * * * *

(x) Electronic prescribing items and services. As used in section 1128B of the Act, “remuneration” does not include nonmonetary remuneration (consisting of items and services in the form of hardware, software, or information technology and training services) necessary and used solely to receive and transmit electronic prescription information, if all of the following conditions are met:

(1) The items and services are provided by a—

(i) Hospital to a physician who is a member of its medical staff;

(ii) Group practice to a prescribing health care professional who is a member of the group practice; and

(iii) A PDP sponsor or MA organization to pharmacists and pharmacies participating in the network of such sponsor or organization and to prescribing health care professionals.

(2) The items and services are provided as part of, or are used to access, an electronic prescription drug program that meets the applicable standards under Medicare Part D at the time the items and services are provided.

(3) The donor (or any person on the donor's behalf) does not take any action to limit or restrict the use or compatibility of the items or services with other electronic prescribing or electronic health records systems.

(4) For items or services that are of the type that can be used for any patient without regard to payor status, the donor does not restrict, or take any action to limit, the recipient's right or ability to use the items or services for any patient.

(5) Neither the recipient nor the recipient's practice (or any affiliated individual or entity) makes the receipt of items or services, or the amount or nature of the items or services, a condition of doing business with the donor.

(6) Neither the eligibility of a recipient for the items or services, nor the amount or nature of the items or services, is determined in a manner that takes into account the volume or value of referrals or other business generated between the parties.

(7) The arrangement is set forth in a written agreement that—

(i) Is signed by the parties;

(ii) Specifies the items and services being provided and the donor's cost of the items and services; and

(iii) Covers all of the electronic prescribing items and services to be provided by the donor (or affiliated parties). This requirement will be met if all separate agreements between the donor (and affiliated parties) and the recipient incorporate each other by reference or if they cross-reference a master list of agreements that is maintained and updated centrally and is available for review by the Secretary upon request. The master list should be maintained in a manner that preserves the historical record of agreements.

(8) The donor does not have actual knowledge of, and does not act in reckless disregard or deliberate ignorance of, the fact that the recipient possesses or has obtained items or services equivalent to those provided by the donor.

Note to paragraph (x):

For purposes of paragraph (x) of this section, group practice shall have the meaning set forth at 42 CFR 411.352; member of the group practice shall mean all persons covered by the definition of “member of the group or member of a group practice” at 42 CFR 411.351, as well as other prescribing health care professionals who are owners or employees of the group practice; prescribing health care professional shall mean a physician or other health care professional licensed to prescribe drugs in the State in which the drugs are dispensed; PDP sponsor or MA organization shall have the meanings set forth at 42 CFR 423.4 and 422.2, respectively; prescription information shall mean information about prescriptions for drugs or for any other item or service normally accomplished through a written prescription; and electronic health record shall mean a repository of consumer health status information in computer processable form used for clinical diagnosis and treatment for a broad array of clinical conditions.

(y) Electronic health records items and services. As used in section 1128B of the Act, “remuneration” does not include nonmonetary remuneration (consisting of items and services in the form of software or information technology and training services) necessary and used predominantly to create, maintain, transmit, or receive electronic health records, if all of the following conditions are met:

(1) The items and services are provided to an individual or entity engaged in the delivery of health care by—

(i) An individual or entity that provides services covered by a Federal health care program and submits claims or requests for payment, either directly or through reassignment, to the Federal health care program; or

(ii) A health plan.

(2) The software is interoperable at the time it is provided to the recipient. For purposes of this subparagraph, software is deemed to be interoperable if a certifying body recognized by the Secretary has certified the software within no more than 12 months prior to the date it is provided to the recipient.

(3) The donor (or any person on the donor's behalf) does not take any action to limit or restrict the use, compatibility, or interoperability of the items or services with other electronic prescribing or electronic health records systems.

(4) Neither the recipient nor the recipient's practice (or any affiliated individual or entity) makes the receipt of items or services, or the amount or nature of the items or services, a condition of doing business with the donor.

(5) Neither the eligibility of a recipient for the items or services, nor the amount or nature of the items or services, is determined in a manner that directly takes into account the volume or value of referrals or other business generated between the parties. For the purposes of this paragraph (y)(5), the determination is deemed not to directly take into account the volume or value of referrals or other business generated between the parties if any one of the following conditions is met:

(i) The determination is based on the total number of prescriptions written by the recipient (but not the volume or value of prescriptions dispensed or paid by the donor or billed to a Federal health care program);

(ii) The determination is based on the size of the recipient's medical practice (for example, total patients, total patient encounters, or total relative value units);

(iii) The determination is based on the total number of hours that the recipient practices medicine;

(iv) The determination is based on the recipient's overall use of automated technology in his or her medical practice (without specific reference to the use of technology in connection with referrals made to the donor);

(v) The determination is based on whether the recipient is a member of the donor's medical staff, if the donor has a formal medical staff;

(vi) The determination is based on the level of uncompensated care provided by the recipient; or

(vii) The determination is made in any reasonable and verifiable manner that does not directly take into account the volume or value of referrals or other business generated between the parties.

(6) The arrangement is set forth in a written agreement that —

(i) Is signed by the parties;

(ii) Specifies the items and services being provided, the donor's cost of those items and services, and the amount of the recipient's contribution; and

(iii) Covers all of the electronic health records items and services to be provided by the donor (or any affiliate). This requirement will be met if all separate agreements between the donor (and affiliated parties) and the recipient incorporate each other by reference or if they cross-reference a master list of agreements that is maintained and updated centrally and is available for review by the Secretary upon request. The master list should be maintained in a manner that preserves the historical record of agreements.

(7) The donor does not have actual knowledge of, and does not act in reckless disregard or deliberate ignorance of, the fact that the recipient possesses or has obtained items or services equivalent to those provided by the donor.

(8) For items or services that are of the type that can be used for any patient without regard to payor status, the donor does not restrict, or take any action to limit, the recipient's right or ability to use the items or services for any patient.

(9) The items and services do not include staffing of the recipient's office and are not used primarily to conduct personal business or business unrelated to the recipient's clinical practice or clinical operations.

(10) The electronic health records software contains electronic prescribing capability, either through an electronic prescribing component or the ability to interface with the recipient's existing electronic prescribing system, that meets the applicable standards under Medicare Part D at the time the items and services are provided.

(11) Before receipt of the items and services, the recipient pays 15 percent of the donor's cost for the items and services. The donor (or any affiliated individual or entity) does not finance the recipient's payment or loan funds to be used by the recipient to pay for the items and services.

(12) The donor does not shift the costs of the items or services to any Federal health care program.

(13) The transfer of the items and services occurs, and all conditions in this paragraph (y) have been satisfied, on or before December 31, 2013.

Note to paragraph (y):

For purposes of paragraph (y) of this section, health plan shall have the meaning set forth at § 1001.952(l)(2); interoperable shall mean able to communicate and exchange data accurately, effectively, securely, and consistently with different information technology systems, software applications, and networks, in various settings, and exchange data such that the clinical or operational purpose and meaning of the data are preserved and unaltered; and electronic health record shall mean a repository of consumer health status information in computer processable form used for clinical diagnosis and treatment for a broad array of clinical conditions.

end regulatory text

Dated: June 15, 2006.

Daniel R. Levinson,

Inspector General.

Approved: July 14, 2006.

Michael O. Leavitt,

Secretary.

[FR Doc. 06-6666 Filed 8-1-06; 8:45 am]

BILLING CODE 4152-01-P

Footnotes Back to Top

1. 56 FR 35952 (July 29, 1991); 61 FR 2122 (January 25, 1996); 64 FR 63518 (November 19, 1999); 64 FR 63504 (November 19, 1999); and 66 FR 62979 (December 4, 2001).

Back to Context

2. See H.R. Rep. No. 108-391 at 495 (2003) (Conf. Rep.).

Back to Context

3. See, e.g., 56 FR 35952, 35978 (July 29, 1991) (noting that a computer that has independent value to a physician may constitute an illegal inducement).

Back to Context
Site Feedback