Skip to Content
Rule

Medicare and State Health Care Programs: Fraud and Abuse; Electronic Health Records Safe Harbor Under the Anti-Kickback Statute

Action

Final Rule.

Summary

In this final rule, the Office of Inspector General (OIG) amends the safe harbor regulation concerning electronic health records items and services, which defines certain conduct that is protected from liability under the Federal anti-kickback statute, section 1128B(b) of the Social Security Act (the Act). Amendments include updating the provision under which electronic health records software is deemed interoperable; removing the electronic prescribing capability requirement; extending the sunset provision until December 31, 2021; limiting the scope of protected donors to exclude laboratory companies; and clarifying the condition that prohibits a donor from taking any action to limit or restrict the use, compatibility, or interoperability of the donated items or services.

Unified Agenda

Revisions to the Office of Inspector General's (OIG) Exclusion Authorities

1 action from March 15th, 2011

 

Table of Contents Back to Top

DATES: Back to Top

Effective Date: With the exception of the revision of 42 CFR 1001.952(y)(13), this regulation is effective on March 27, 2014. The revision of 42 CFR 1001.952(y)(13) is effective on December 31, 2013.

FOR FURTHER INFORMATION CONTACT: Back to Top

James A. Cannatti III, Heather L. Westphal, or Andrew VanLandingham, Office of Counsel to the Inspector General, (202) 619-0335.

SUPPLEMENTARY INFORMATION: Back to Top

Social security act citation United States code citation
1128B 42 U.S.C. 1320a-7b

Executive Summary Back to Top

A. Purpose of the Regulatory Action

Pursuant to section 14 of the Medicare and Medicaid Patient and Program Protection Act of 1987 and its legislative history, Congress required the Secretary of Health and Human Services (the Secretary) to promulgate regulations setting forth various “safe harbors” to the anti-kickback statute, which would be evolving rules that would be periodically updated to reflect changing business practices and technologies in the health care industry. In accordance with this authority, OIG published a safe harbor to protect certain arrangements involving the provision of interoperable electronic health records software or information technology and training services. The final rule for this safe harbor was published on August 8, 2006 (71 FR 45110) and is scheduled to sunset on December 31, 2013 (42 CFR 1001.952(y)(13)). OIG published a notice of proposed rulemaking on April 10, 2013 (78 FR 21314), proposing to update certain aspects of the electronic health records safe harbor and to extend the sunset date. The purpose of this final rule is to address comments received on the proposed rule and to finalize certain aspects of the proposed rule.

B. Summary of the Final Rule

In this final rule, we amend the current safe harbor in several ways. First, we update the provision under which electronic health records software is deemed interoperable. Second, we remove the requirement related to electronic prescribing capability from the safe harbor. Third, we extend the sunset date of the safe harbor to December 31, 2021. Fourth, we limit the scope of protected donors to exclude laboratory companies. And fifth, we revise the text to clarify the condition that prohibits a donor from taking any action to limit or restrict the use, compatibility, or interoperability of the donated items or services.

C. Costs and Benefits

This final rule modifies an existing safe harbor to the anti-kickback statute. This safe harbor permits certain entities to provide certain items and services in the form of software and information technology and training services necessary and used predominantly to create, maintain, transmit, or receive electronic health records to certain parties. Parties may voluntarily seek to comply with safe harbors so that they have assurance that their conduct will not subject them to any enforcement actions under the anti-kickback statute, the civil monetary penalty (CMP) provision for anti-kickback statute violations, or the program exclusion authority related to kickbacks, but safe harbors do not impose new requirements on any party.

This is not a major rule, as defined at 5 U.S.C. 804(2). It is also not economically significant, because it will not have a significant effect on program expenditures, and there are no additional substantive costs to implement the resulting provisions. We expect the safe harbor, as modified by this final rule, to continue to facilitate the adoption of electronic health records technology.

I. Background Back to Top

A. Anti-Kickback Statute and Safe Harbors

Section 1128B(b) of the Act (42 U.S.C. 1320a-7b(b), the anti-kickback statute) provides criminal penalties for individuals or entities that knowingly and willfully offer, pay, solicit, or receive remuneration in order to induce or reward the referral of business reimbursable under any of the Federal health care programs, as defined in section 1128B(f) of the Act. The offense is classified as a felony and is punishable by fines of up to $25,000 and imprisonment for up to 5 years. Violations of the anti-kickback statute may also result in the imposition of CMPs under section 1128A(a)(7) of the Act (42 U.S.C. 1320a-7a(a)(7)), program exclusion under section 1128(b)(7) of the Act (42 U.S.C. 1320a-7(b)(7)), and liability under the False Claims Act (31 U.S.C. 3729-33).

The types of remuneration covered specifically include, without limitation, kickbacks, bribes, and rebates, whether made directly or indirectly, overtly or covertly, in cash or in kind. In addition, prohibited conduct includes not only the payment of remuneration intended to induce or reward referrals of patients, but also the payment of remuneration intended to induce or reward the purchasing, leasing, or ordering of, or arranging for or recommending the purchasing, leasing, or ordering of, any good, facility, service, or item reimbursable by any Federal health care program.

Because of the broad reach of the statute, concern was expressed that some relatively innocuous commercial arrangements were covered by the statute and, therefore, potentially subject to criminal prosecution. In response, Congress enacted section 14 of the Medicare and Medicaid Patient and Program Protection Act of 1987, 100 (section 1128B(b)(3)(E) of the Act; 42 U.S.C. 1320a-7b(B)(3)(E)), which specifically required the development and promulgation of regulations, the so-called “safe harbor” provisions, that would specify various payment and business practices that would not be subject to sanctions under the anti-kickback statute, even though they may potentially be capable of inducing referrals of business under the Federal health care programs. Since July 29, 1991, we have published in the Federal Register a series of final regulations establishing “safe harbors” in various areas. These OIG safe harbor provisions have been developed “to limit the reach of the statute somewhat by permitting certain non-abusive arrangements, while encouraging beneficial or innocuous arrangements.” 56 FR 35952, 35958 (July 29, 1991).

Health care providers, suppliers, and others may voluntarily seek to comply with safe harbors so that they have the assurance that their business practices will not be subject to any enforcement action under the anti-kickback statute, the CMP provision for anti-kickback violations, or the program exclusion authority related to kickbacks. In giving the Department of Health and Human Services (Department or HHS) the authority to protect certain arrangements and payment practices under the anti-kickback statute, Congress intended the safe harbor regulations to be updated periodically to reflect changing business practices and technologies in the health care industry.

B. The Electronic Health Records Safe Harbor

Using our authority at section 1128B(b)(3)(E) of the Act, we published a notice of proposed rulemaking (the 2005 Proposed Rule) that would promulgate two safe harbors to address donations of certain electronic health records software and directly related training services. 70 FR 59015, 59021 (Oct. 11, 2005). One proposed safe harbor would have protected certain arrangements involving donations of electronic health records items and services made before the adoption of certification criteria. The other proposed safe harbor would have protected certain arrangements involving nonmonetary remuneration in the form of interoperable electronic health records software certified in accordance with criteria adopted by the Secretary and directly related training services. In the same issue of the Federal Register, the Centers for Medicare Medicaid Services (CMS) proposed similar exceptions to the physician self-referral law. 70 FR 59182 (Oct. 11, 2005).

On August 8, 2006 (71 FR 45110), we published a final rule (the 2006 Final Rule) that, among other things, finalized a safe harbor at 42 CFR 1001.952(y) (the electronic health records safe harbor) for protecting certain arrangements involving interoperable electronic health records software or information technology and training services. In the same issue of the Federal Register, CMS published similar final regulations pertaining to the physician self-referral law at 42 CFR 411.357(w). 71 FR 45140 (Aug. 8, 2006). The electronic health records safe harbor is scheduled to sunset on December 31, 2013. 42 CFR 1001.952(y)(13).

C. Summary of the 2013 Proposed Rulemaking

On April 10, 2013 (78 FR 21314), we published a proposed rule (the 2013 Proposed Rule) setting forth certain proposed changes to the electronic health records safe harbor. In the 2013 Proposed Rule, we proposed to amend the current safe harbor in several ways. First, we proposed to update the provision under which electronic health records software is deemed interoperable. Second, we proposed to remove the requirement related to electronic prescribing capability from the safe harbor. Third, we proposed to extend the sunset date of the safe harbor. In addition to these proposals, we solicited public comment on other proposals and possible amendments to the safe harbor, including limiting the scope of protected donors and adding or modifying conditions to limit the risk of data and referral lock-in. CMS proposed almost identical changes to the physician self-referral law electronic health records exception elsewhere in the same issue of the Federal Register. 78 FR 21308 (Apr. 10, 2013). We attempted to ensure as much consistency as possible between our proposed safe harbor changes and CMS's proposed exception changes, within the limitations imposed by the differences in the underlying statutes. We noted in the 2013 Proposed Rule that, due to the close nexus between the 2013 Proposed Rule and CMS's proposed rule, we may consider comments submitted in response to CMS's proposed rule when crafting our final rule. Similarly, CMS stated that it may consider comments submitted in response to the 2013 Proposed Rule in crafting its final rule.

D. Summary of the Final Rulemaking

In this final rulemaking, we amend the electronic health records safe harbor at 42 CFR 1001.952(y) in several ways. First, we update the provision under which electronic health records software is deemed interoperable. Second, we remove the requirement related to electronic prescribing capability from the safe harbor. Third, we extend the sunset date of the safe harbor to December 31, 2021. Fourth, we limit the scope of protected donors to exclude laboratory companies. And fifth, we revise the text to clarify the condition that prohibits a donor from taking any action to limit or restrict the use, compatibility, or interoperability of the donated items or services.

As we observed in the 2006 Final Rule,

OIG has a longstanding concern about the provision of free or reduced price goods or services to an existing or potential referral source. There is a substantial risk that free or reduced-price goods or services may be used as a vehicle to disguise or confer an unlawful payment for referrals of Federal health care program business. Financial incentives offered, paid, solicited, or received to induce or in exchange for generating Federal health care business increase the risks of, among other problems: (i) [o]verutilization of health care items or services; (ii) increased Federal program costs; (iii) corruption of medical decision making; and (iv) unfair competition.

71 FR 45110, 45111 (Aug. 8, 2006).

We further stated that,

consistent with the structure and purpose of the anti-kickback statute and the regulatory authority at section 1128B(b)(3)(E) of the Act, we believe any safe harbor for electronic health records arrangements should protect beneficial arrangements that would eliminate perceived barriers to the adoption of electronic health records without creating undue risk that the arrangements might be used to induce or reward the generation of Federal health care program business.

Id.

We believe that the safe harbor, as amended by this final rule, achieves this goal.

Elsewhere in this issue of the Federal Register, CMS is finalizing almost identical changes to the electronic health records exception [1] under the physician self-referral law. We attempted to ensure as much consistency as possible between our changes to the electronic health records safe harbor and CMS's exception changes, within the limitations imposed by the differences in the underlying statutes. As indicated in the 2013 Proposed Rule, we have considered and responded to the timely comments we received as well as those CMS received. Similarly, CMS considered comments submitted in response to our 2013 Proposed Rule in crafting its final rule. For purposes of this final rule, we treat comments that were made with respect to the physician self-referral law as if they had been made with respect to the anti-kickback statute, except where they relate to differences in the underlying statutes.

II. Summary of Public Comments and OIG Responses Back to Top

OIG received approximately 109 timely filed comments from a variety of entities and individuals. CMS received a similar number of timely filed comments. Overall, the commenters (including in comments submitted to CMS) supported the proposed amendments to the electronic health records safe harbor. However, we received many specific comments about various aspects of the proposed amendments. We have divided the summaries of the public comments and our responses into five parts: A. The Deeming Provision, B. The Electronic Prescribing Provision, C. The Sunset Provision, D. Additional Proposals and Considerations, and E. Comments Outside the Scope of Rulemaking.

A. The Deeming Provision

Our current electronic health records safe harbor requires at 42 CFR 1001.952(y)(2) that the donated software must be “interoperable” (as defined at Note to Paragraph (y) in 42 CFR 1001.952(y)). This condition further provides that software is deemed to be interoperable if a certifying body recognized by the Secretary has certified the software within no more than 12 months prior to the date it is provided to the recipient. We proposed two modifications to this provision in 1001.952(y)(2), which is known as the “deeming provision.” Both modifications to the deeming provision were proposed to reflect recent developments in the Office of the National Coordinator for Health Information Technology (ONC) certification program.

The first proposed modification would reflect ONC's responsibility for authorizing certifying bodies. The second proposal would modify the time frame during which donated software must be certified. Currently, to meet the deeming provision, the safe harbor requires software to be certified within no more than 12 months prior to the date of donation.

Subsequent to the issuance of the 2006 Final Rule, ONC developed a regulatory process for adopting certification criteria and standards, which is anticipated to occur on a cyclical basis. (For more information, see ONC's September 4, 2012 Final Rule entitled “Health Information Technology: Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology, 2014 Edition; Revisions to the Permanent Certification Program for Health Information Technology” (77 FR 54163).) Our proposal would modify the deeming provision to track ONC's anticipated regulatory cycle. As a result, software would be eligible for deeming if, on the date it is provided to the recipient, it has been certified to any edition of the electronic health record certification criteria that is identified in the then-applicable definition of Certified EHR Technology in 45 CFR part 170. For example, for 2013, the applicable definition of Certified EHR Technology includes both the 2011 and the 2014 editions of the electronic health record certification criteria. Therefore, in 2013, software certified to meet either the 2011 edition or the 2014 edition could satisfy the safe harbor provision as we proposed.

Additionally, we solicited comments on whether removing the current 12-month certification requirement would impact donations and whether to retain the 12-month certification period as an additional means of determining eligibility under the deeming provision.

After consideration of the public comments, we are finalizing the proposed revisions to subparagraph (y)(2) with one clarification to our proposed regulatory text to ensure the deeming provision closely tracks ONC's certification program. We are revising 42 CFR 1001.952(y)(2) to state that software is deemed to be interoperable if, on the date it is provided to the recipient, it has been certified by a certifying body authorized by the National Coordinator for Health Information Technology to an edition of the electronic health record certification criteria identified in the then-applicable version of 45 CFR part 170. As we stated in the 2006 Final Rule, we understand that

the ability of software to be interoperable is evolving as technology develops. In assessing whether software is interoperable, we believe the appropriate inquiry is whether the software is as interoperable as feasible given the prevailing state of technology at the time the items or services are provided to the recipient.

71 FR 45110, 45126 (Aug. 8, 2006).

We believe our final rule with respect to this condition is consistent with that understanding and our objective of ensuring that software is certified to the current required standard of interoperability when it is donated.

ONC as Agency To Recognize Certifying Bodies

Comment: All commenters addressing the subject supported the proposed modification that would amend the safe harbor to recognize ONC as the agency responsible for authorizing certifying bodies on behalf of the Secretary, with one commenter requesting that we clarify that software need not be certified to ONC standards to be eligible for donation.

Response: We appreciate the commenters' support for this modification. With respect to the request for clarification, the commenter is correct that 42 CFR 1001.952(y)(2) does not require software to be certified to ONC standards in order to be eligible for donation. As we discussed in the 2006 Final Rule (71 FR 45110, 45127 (Aug. 8, 2006)), the deeming provision offers parties one way to be certain that the interoperability condition of subparagraph (y)(2) is met at the time of donation. Even if donated software is not deemed to be interoperable, the donation would satisfy the interoperability condition of subparagraph (y)(2) if it meets the definition of “interoperable” in the Note to Paragraph (y) in 42 CFR 1001.952(y).

Comment: One commenter expressed concerns about linking the interoperability requirement of the safe harbor to ONC's certification criteria and standards because they do not, in the commenter's assessment, reflect contemporary views of interoperability. The commenter suggested that we instead implement a broad definition of interoperability adopted by the International Organization for Standardization or, alternatively, that we adopt interoperability functional definitions developed by the American National Standards Institute.

Response: While we are mindful that other non-governmental organizations may be developing their own standards to encourage the adoption of interoperable electronic health records technology, the ONC certification criteria and standards are the core policies the Department is utilizing to accelerate and advance interoperability and health information exchange. ONC and CMS jointly published a Request for Information (78 FR 14793 (Mar. 7, 2013)) to solicit public feedback on a set of possible policies “that would encourage providers to routinely exchange health information through interoperable systems in support of care coordination across health care settings.” 78 FR 14793, 14794 (Mar. 7, 2013). The process by which ONC considers the implementation of new certification criteria and standards is a public, transparent effort that allows the Department's electronic health records technology experts to appropriately consider the comments submitted in light of the goal “to accelerate the existing progress and enhance a market environment that will accelerate [health information exchange] across providers. . . .” 78 FR 14793, 14795 (Mar. 7, 2013).

We believe it is reasonable and appropriate to link the deeming provision to the ONC certification criteria and standards because of ONC's expertise and its public process for considering and implementing the criteria and standards. ONC is the Department agency with expertise in determining the relevant criteria and standards to ensure that software is as interoperable as feasible given the prevailing state of technology. ONC expects to revise and expand such criteria and standards incrementally over time to support greater electronic health record technology interoperability. See 77 FR 54163, 54269 (Sept. 4, 2012). Additionally, utilizing the ONC certification criteria and standards that are implemented through a public process affords the best opportunity for interested parties to comment on, understand, and ultimately implement those criteria and standards. Therefore, we are not adopting the commenter's suggestion.

Comment: One commenter stated that many electronic health records systems lack the capabilities to function within a patient-centered medical home. The commenter suggested that we finalize policies that further strengthen the use of core electronic health records features.

Response: As discussed, ONC is the Department agency with expertise in determining the relevant criteria and standards for electronic health records technology, including those related to the use of core features. ONC certification criteria and standards that are implemented through a public process afford the best opportunity for interested parties to comment on, understand, and ultimately implement those criteria and standards. Therefore, we are not adopting the commenter's suggestion.

Time Frame for Certification

Comment: Of the commenters that addressed the issue, most supported our proposal to modify the time frame within which donated software must have been certified to more closely track the current ONC certification program. Commenters asserted that aligning with ONC's certification program will provide donors and recipients more certainty about the deemed status of donated software because the software must be certified to meet only one set of standards on the same certification cycle to comply with both the ONC certification criteria and the deeming provision of the safe harbor. One commenter supported the modification, but suggested that the 12-month certification time frame also be retained or, alternatively, that we allow software to be deemed to be interoperable if it has been certified to any edition of the ONC electronic health record certification criteria.

Response: We appreciate the commenters' support for our proposal to modify the safe harbor certification time frame to align with ONC's certification program. We believe, as the commenters suggest, that such a modification will support our dual goals of the deeming provision: (1) To ensure that donated software is as interoperable as feasible given the prevailing state of technology at the time it is provided to the recipient and (2) to provide donors and recipients a means to have certainty that donated software satisfies the interoperability condition of the safe harbor.

We are not persuaded to adopt the commenter's suggestion to retain the 12-month certification time frame; this would not ensure that software is certified to the current required standard of interoperability. In the course of evaluating the commenter's alternative proposal, however, we realized that our proposed regulatory text may be too narrow to satisfy the dual goals of the deeming provision. Under our proposed regulatory text from the 2013 Proposed Rule, software would be deemed interoperable if it was certified to an edition [2] of certification criteria referenced in the then-applicable definition of “Certified EHR Technology” at 45 CFR 170.102. That definition applies only to the Medicare and Medicaid Electronic Health Record Incentive Programs (the EHR Incentive Programs). See generally 42 CFR part 495. However, ONC also has the authority to adopt certification criteria for health information technology, including electronic health records, into other regulations at 45 CFR part 170 that may not be referenced in the definition of “Certified EHR Technology” because they are not related to the EHR Incentive Programs. If we retained our proposed regulatory text, software certified to criteria in editions not included in the definition “Certified EHR Technology” would not be eligible for deeming under the safe harbor, which was not our intent. The safe harbor described in this rule is not limited to donations to individuals and entities eligible to participate in the EHR Incentive Programs. Individuals and entities such as long-term/post-acute care providers and non-physician behavioral health practitioners, while not eligible to participate in the EHR Incentive Programs, may receive donations that are protected by this safe harbor, if the donations meet the conditions of the safe harbor. Further, we have recently learned that ONC intends to retire outdated editions of certification criteria by removing them from the regulatory text at 45 CFR part 170. Accordingly, software certified to an edition identified in the regulations in effect on the date of the donation would be certified to a then-applicable edition, regardless of whether the particular edition was also referenced in the then-applicable definition of Certified EHR Technology.

Thus, we are finalizing our policy to more closely track ONC's certification program in the deeming provision. We are adopting modified regulatory text to provide that software is deemed to be interoperable if, on the date it is provided to the recipient, it has been certified by a certifying body authorized by the National Coordinator for Health Information Technology to an edition of the electronic health record certification criteria identified in the then-applicable version of 45 CFR part 170. We believe that this modified regulatory text is consistent with the intent we articulated in the 2013 Proposed Rule to modify the deeming provision by removing the 12-month timeframe and substituting a provision that more closely tracks ONC's certification program. Further, we believe that the regulatory text, as modified, will support our dual goals of the deeming provision, which we discussed above.

New Certification/Deeming Requirements

Comment: One commenter suggested that, for deeming purposes, we should require that software be certified to the latest edition of electronic health record certification criteria rather than any edition then-applicable. This commenter also suggested that the electronic directory of service (e-DOS) standard should be a certification requirement for donated software, and asserted that both recommendations would help ensure electronic health records software is interoperable.

Response: We decline to adopt the commenter's suggested requirements for the safe harbor at 42 CFR 1001.952(y). We believe that requiring that donated software be certified to editions that are adopted and not yet retired by ONC through its certification program ensures that the software is certified to interoperability standards updated regularly by the Department agency with the relevant expertise. Further, adding requirements to the ONC certification criteria and standards is outside the scope of this rule. Therefore, we are not implementing the commenter's suggestions.

B. The Electronic Prescribing Provision

At 42 CFR 1001.952(y)(10), our current electronic health records safe harbor specifies that the donated software must “contain[ ] electronic prescribing capability, either through an electronic prescribing component or the ability to interface with the recipient's existing electronic prescribing system that meets the applicable standards under Medicare Part D at the time the items and services are provided.” In the preamble to the 2006 Final Rule (71 FR 45110, 45125 (Aug. 8, 2006)), we stated that we included “this requirement, in part, because of the critical importance of electronic prescribing in producing the overall benefits of health information technology, as evidenced by section 101 of the [Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA), Pub. L. 108-173].” We also noted that it was “our understanding that most electronic health records systems already include an electronic prescribing component.”Id.

We understand the critical importance of electronic prescribing. However, in light of developments since the 2006 Final Rule, we proposed to delete from the safe harbor the condition at 42 CFR 1001.952(y)(10). Based on our review of the public comments and for the reasons stated in the 2013 Proposed Rule, we are finalizing our proposal to eliminate the requirement that electronic health records software contain electronic prescribing capability in order to qualify for protection under the safe harbor at 42 CFR 1001.952(y).

Comment: Two commenters disagreed that it is no longer necessary to require the inclusion of electronic prescribing capability in donated electronic health records software. One of the commenters stated that it was encouraged by the growth in the number of physicians using electronic prescribing between 2008 and 2012, but believed that the requirement should remain for patient safety reasons because electronic prescribing is critical to lowering the incidences of preventable medication errors.

Response: Like the commenters, and as we stated in the 2013 Proposed Rule (78 FR 21314, 21317 (Apr. 10, 2013)), we believe in the importance of electronic prescribing. However, as discussed in the 2013 Proposed Rule, we are persuaded that other existing policy drivers, many of which did not exist in August 2006 when the safe harbor was promulgated, sufficiently support the adoption of electronic prescribing capabilities. We do not want to undermine important public policy goals by requiring redundant and sometimes expensive software capabilities that may not contribute to the interoperability of a given system. As we discussed in the 2013 Proposed Rule, electronic prescribing technology would remain eligible for donation under the electronic health records or under the electronic prescribing safe harbor at 42 CFR 1001.952(x). We do not believe that removing this condition would increase the risk of fraud or abuse posed by donations made pursuant to the safe harbor.

Comment: Many commenters supported our proposal to eliminate the requirement that donated software include electronic prescribing capability at the time it is provided to the recipient, agreeing that developments since the promulgation of the safe harbor make it unnecessary to retain this requirement. One of the commenters asserted that the goal of the requirement for the inclusion of electronic prescribing technology in donated electronic health records software—that is, increasing the use of electronic prescribing—had been achieved through the electronic prescribing incentive program authorized by the Medicare Improvements for Patients and Providers Act of 2008.

Response: We appreciate the commenters' support and, for reasons explained in more detail previously in this final rule, we are eliminating the requirement in 42 CFR 1001.952(y)(10) that donated electronic health records software contain electronic prescribing capability, either through an electronic prescribing component or the ability to interface with the recipient's existing electronic prescribing system that meets the applicable standards under Medicare Part D, at the time the items and services are provided.

C. The Sunset Provision

Protected donations under the current electronic health records safe harbor must be made on or before December 31, 2013. In adopting this condition of the electronic health records safe harbor, we stated that “the need for a safe harbor for donations of electronic health records technology should diminish substantially over time as the use of such technology becomes a standard and expected part of medical practice.” 71 FR 45110, 45133 (Aug. 8, 2006).

As we discussed in the 2013 Proposed Rule, although the industry has made great progress in the adoption and meaningful use of electronic health records technology, the use of such technology has not yet been adopted nationwide. Continued use and further adoption of electronic health records technology remains an important goal of the Department. We continue to believe that as progress on this goal is achieved, the need for a safe harbor for donations should continue to diminish over time. Accordingly, we proposed to extend the sunset date of the safe harbor to December 31, 2016, selecting this date for the reasons described in the 2013 Proposed Rule. We also specifically sought comment on whether we should, as an alternative, select a later sunset date and what that date should be. For example, we stated that we were considering establishing a sunset date of December 31, 2021. 78 FR 21314, 21318 (Apr. 10, 2013). In response to comments, we are extending the sunset date of the safe harbor to December 31, 2021.

Comment: Numerous commenters urged us to make permanent the safe harbor at 42 CFR 1001.952(y). According to these commenters, a permanent safe harbor could (1) provide certainty with respect to the cost of electronic health records items and services for recipients, (2) encourage adoption by physicians who are new entrants into medical practice or have postponed adoption based on financial concerns regarding the ongoing costs of maintaining and supporting an electronic health records system, (3) encourage adoption by providers and suppliers that are not eligible for incentive payments through the Medicare and Medicaid programs, and (4) preserve the gains already made in the adoption of interoperable electronic health records technology, especially where hospitals have invested in health information technology infrastructure through protected donations of such technology. According to some commenters, although the safe harbor was implemented to encourage the adoption of health information technology, it is now a necessity for the creation of new health care delivery and payment models. Some commenters also stated their support for a permanent safe harbor because electronic health record technology adoption has been slower than expected and allowing the safe harbor to expire in 2016 would adversely affect the rate of adoption. Some of these commenters requested that if we are not inclined to make the safe harbor permanent, we extend the availability of the safe harbor through the latest date noted in the 2013 Proposed Rule—December 31, 2021.

Response: We agree with the commenters that the continued availability of the safe harbor plays a part in achieving the Department's goal of promoting electronic health record technology adoption. However, we do not believe that making the safe harbor permanent is required or appropriate at this time. The permanent availability of the safe harbor could serve as a disincentive to adopting interoperable electronic health record technology in the near-term. Moreover, as described in the 2013 Proposed Rule and elsewhere in this final rule, we are concerned about inappropriate donations of electronic health records items and services that lock in data and referrals between a donor and recipient, among other risks. A permanent safe harbor might exacerbate these risks over the longer term without significantly improving adoption rates. Instead, we believe that a reasonable extension of the safe harbor strikes an appropriate balance between furthering the Department's electronic health record adoption goals and safeguarding against undue risks of abuse. In light of other modifications we are making in this final rule to mitigate ongoing risks, including removing laboratory companies from the scope of protected donors, we are persuaded to permit the use of the safe harbor for more than the additional 3-year period that we proposed.

The adoption of interoperable electronic health records technology remains a challenge for some providers and suppliers, despite progress in its implementation and meaningful use since the August 2006 promulgation of the safe harbor. See ONC's Report to Congress on Health IT Adoption, (June 2013) at http://www.healthit.gov/sites/default/files/rtc_adoption_of_healthit_and_relatedefforts.pdf and the U.S. Department of Health and Human Services Assistant Secretary for Planning and Evaluation's EHR Payment Incentives for Providers Ineligible for Payment Incentives and Other Funding Study, (June 2013) at http://aspe.hhs.gov/daltcp/reports/2013/ehrpi.shtml. Although we believe that the protection afforded by the safe harbor encourages the adoption of such technology, its permanence is not essential to the achievement of widespread adoption. It is only one of a number of ways that providers and suppliers are incented to adopt electronic health records technology, including the incentives offered by the EHR Incentive Programs and the movement in the health care industry toward the electronic exchange of patient health information as a means to improve patient care quality and outcomes. Balancing the desire to encourage further adoption of interoperable electronic health records technology against concerns about potential disincentives to adoption and the misuse of the safe harbor to lock in referral streams, we are establishing a December 31, 2021 sunset date for the safe harbor. We believe this sunset date will support adoption, provide a timeframe that aligns with the financial incentives for electronic health records adoption currently offered by the Federal government, and safeguard against foreseeable future fraud risks.

Comment: Two commenters suggested that the sunset date should be extended, but not beyond December 31, 2016. One asserted that a shorter extension of the sunset date for the safe harbor would allow a wider range of people to obtain access to health information technology services while not diminishing the incentive for providers and suppliers to acquire, implement, and standardize the necessary electronic health records systems. Another commenter supported our proposal to extend the availability of the safe harbor through December 31, 2016, and encouraged us to consider an additional extension as that date approaches. One commenter suggested that we extend the availability of the safe harbor for at least 6 years, although a shorter or longer time period could be established after review of adoption rates across the range of providers and suppliers who may or may not be eligible for incentives under the EHR Incentive Programs. Other commenters supported our alternative proposal to extend the availability of the safe harbor through December 31, 2021, which corresponds to the statutory end of the Medicaid EHR Incentive Program. These commenters noted that more remains to be done to promote electronic health records technology adoption, and suggested that maintaining the safe harbor through this date will help maximize the incentives for eligible physicians to adopt electronic health records technology and thereby increase greater use of electronic health records. Two other commenters suggested tying the sunset of the safe harbor to the corresponding date for assessing “penalties” under the Medicare EHR Incentive Program in order to align Federal regulation of electronic health records technology adoption and use.

Response: After considering all of the comments on this issue, we believe that an extension of the safe harbor to December 31, 2021 (which corresponds to the end of incentive payments under the Medicaid Incentive Program), would (1) support adoption, (2) provide a timeframe that aligns with the financial incentives for electronic health records adoption currently offered by the Federal government, and (3) safeguard against foreseeable future fraud risks. We note that the two commenters that suggested tying the sunset date to the corresponding date for assessing “penalties” under the Medicare EHR Incentive Program appear to misunderstand the duration of the downward payment adjustment under the EHR Incentive Programs, which will continue until an eligible participant adopts and meaningfully uses appropriate electronic health record technology. For additional information, see the July 28, 2010 final rule entitled “Medicare and Medicaid Programs; Electronic Health Record Incentive Program (75 FR 44448). The practical effect of the commenters' suggestion would be to extend permanently the electronic health records safe harbor. For the reasons stated elsewhere in this final rule, we do not believe that making the safe harbor permanent is required or appropriate at this time and we are not adopting the commenters' suggestion. We believe the date we selected better serves the goals of the safe harbor. Therefore, we are extending the availability of the safe harbor at 42 CFR 1001.952(y) through December 31, 2021. We also note that there are several types of Medicare and Medicaid providers and suppliers that are not eligible for incentives under the EHR Incentive Programs (e.g., long-term/post-acute care providers and non-physician behavioral health practitioners). This rule applies to donations to any individual or entity engaged in the delivery of health care, regardless of whether the recipient of the donation is eligible for incentives under the EHR Incentive Programs.

Comment: A few commenters expressed general support for extending the sunset date, but did not specify whether the extension should be for 3 years, 8 years, or some other length of time. Commenters noted that failure to extend the sunset of the safe harbor would negatively impact the adoption of electronic health records technology, as well as its continued use.

Response: As described previously, we are finalizing our alternative proposal to extend the availability of the safe harbor through December 31, 2021.

Comment: A number of commenters urged us to let the safe harbor expire on December 31, 2013. Some asserted that the safe harbor permits the exact behavior the law was intended to stop. Other commenters asserted that the safe harbor permits “legalized extortion” or provides “legal sanction to trample the competition.” Another commenter asserted that the inclusion of “non-market factors” (that is, the influence of donors, rather than end users) in the decision to adopt electronic health record technology may result in lower quality products or services and higher costs, often with an adverse impact on technology adoption and innovation. Still others asserted that, given the financial incentives that the Federal government itself has provided, it is no longer necessary to spur the adoption of electronic health record technology through the underwriting of the cost of electronic health record technology by outside entities.

Response: Although we appreciate the commenters' concerns, on balance we continue to believe that the safe harbor serves to advance the adoption and use of interoperable electronic health records. However, we caution that a donation arrangement is not protected under the anti-kickback statute unless it satisfies each condition of the safe harbor at 42 CFR 1001.952(y). Arrangements that disguise the “purchase” or lock-in of referrals and donations that are solicited by the recipient in exchange for referrals would fail to satisfy the conditions of the safe harbor.

Comment: Numerous commenters suggested that the safe harbor sunset as scheduled on December 31, 2013, but only with respect to laboratories and pathology practices, “ancillary service providers,” entities not listed in section 101 of the MMA (directing the creation of a safe harbor for certain donations of electronic prescribing items and services), or entities that are not part of an accountable care organization or not integrated in a meaningful manner.

Response: We consider these comments to be related to “protected donors” and address them later in section II.D.1.

D. Additional Proposals and Considerations

1. Protected Donors

As we discussed in the 2013 Proposed Rule, while broad safe harbor protection may significantly further the important public policy goal of promoting electronic health records, we continue to have concerns, which we originally articulated in the 2006 Final Rule, about the potential for fraud and abuse by certain donors. 78 FR 21314, 21318 (Apr. 10, 2013). We also noted that we had received comments suggesting that abusive donations are being made under the electronic health records safe harbor. Id.

In order to address these concerns, we proposed to limit the scope of protected donors under the electronic health records safe harbor. In the 2013 Proposed Rule, we stated that we were considering revising the safe harbor to cover only the MMA-mandated donors we originally proposed when the safe harbor was first established: hospitals, group practices, prescription drug plan (PDP) sponsors, and Medicare Advantage (MA) organizations. We stated that we were also considering whether other individuals or entities with front-line patient care responsibilities across health care settings, such as safety net providers, should be included, and, if so, which ones. Alternatively, we stated that we were considering retaining the current broad scope of protected donors, but excluding specific types of donors—providers and suppliers of ancillary services associated with a high risk of fraud and abuse—because donations by such providers and suppliers may be more likely to be motivated by a purpose of securing future business than by a purpose of better coordinating care for beneficiaries across health care settings. In particular, we discussed excluding laboratory companies from the scope of protected donors as their donations have been the subject of complaints of abuse. We also discussed excluding other high-risk categories, such as durable medical equipment (DME) suppliers and independent home health agencies. We sought comment on the alternatives under consideration, including comments (with supporting reasons) regarding particular types of providers or suppliers that should or should not be protected donors, given the goals of the safe harbor.

Many commenters raised concerns about donations of electronic health records items and services by laboratory companies and strongly urged us to adopt our proposal to eliminate from the safe harbor protection for such donations, either by excluding laboratory companies from the scope of protected donors (if we extend the availability of the safe harbor), or by letting the safe harbor sunset altogether (for more detailed discussion of comments concerning the sunset provision, please see section II.C. of this final rule). Other commenters raised similar concerns, but did not suggest a particular approach to address them. We summarize the relevant comments and provide our responses below. We have carefully considered the comments that we received on this proposal and, based on the concerns articulated by commenters and the wide-ranging support from the entire spectrum of the laboratory industry (from small, pathologist-owned laboratory companies to a national laboratory trade association that represents the industry's largest laboratory companies), we are finalizing our proposal to remove laboratory companies from the scope of protected donors under the safe harbor. We believe this decision is consistent with and furthers the goal of promoting the adoption of interoperable electronic health record technology that benefits patient care while reducing the likelihood that the safe harbor will be misused by donors to secure referrals. We also believe that our decision will address potential abuse identified by some of the commenters involving potential recipients conditioning referrals for laboratory services on the receipt of, or redirecting referrals for laboratory services following, donations from laboratory companies.

Protected Donors: Comments and Suggestions Regarding Laboratory Companies

Comment: Many commenters raised concerns that, notwithstanding a clear prohibition in the safe harbor, laboratory companies are, explicitly or implicitly, conditioning donations of electronic health records items and services on the receipt of referrals from the recipients of those donations or establishing referral quotas and threatening to require the recipient to repay the cost of the donated items or services if the quotas are not reached. Some commenters suggested that such quid pro quo donations, and donations by laboratory companies generally, are having a negative effect on competition within the laboratory services industry (including increased prices for laboratory services) and impacting patient care as referral decisions are being made based on whether a laboratory company donated electronic health records items or services, not whether that company offers the best quality services or turnaround time. A few commenters also raised concerns that laboratory companies were targeting possible recipients based on the volume or value of their potential referrals.

Response: The current safe harbor provision at 42 CFR 1001.952(y)(5) prohibits determining the eligibility of a recipient or the amount or nature of the items or services to be donated in a manner that directly takes into account the volume or value of referrals or other business generated between the parties. Accordingly, the quid pro quo arrangements and targeted donations described by the commenters would not qualify for safe harbor protection. Such arrangements are not consistent with the purpose of the safe harbor and can result in the precise types of harm the anti-kickback statute is designed to prevent, such as corruption of medical decision making. We urge those with information about such arrangements to contact our fraud hotline at 1-800- HHS-TIPS or visit https://forms.oig.hhs.gov/hotlineoperations/ to report fraud.

We appreciate the commenters sharing their concerns about arrangements involving laboratory company donations. As previously discussed, we have decided to exclude laboratory companies from the scope of protected donors. We believe that our decision will continue to support the Department's electronic health record adoption policies, while addressing the risk of fraud and abuse. By excluding laboratory companies from the scope of protected donors, parties to such donations will not be able to assert safe harbor protection for such arrangements. The effect will be a reduction in the risk that parties will enter into arrangements like the quid pro quo and targeted donation arrangements described by the commenters.

Comment: Several commenters raised concerns about laboratory company arrangements with electronic health record technology vendors. The commenters described arrangements involving laboratory companies and vendors that result in the vendor charging other laboratory companies high fees to interface with the donated technology or prohibiting other laboratory companies from purchasing the technology for donation to their own clients. One of the commenters also raised the concern that volume discount arrangements between laboratory companies and vendors of electronic health record technology are resulting in donations of electronic health record technology that may not best suit the needs of the recipient. The commenter asserted that donor laboratory companies are pushing a particular vendor's specific electronic health record system onto recipients because of a donor's close business relationship with the vendor.

Response: Excluding potential competitors of the donors from interfacing with the donated items or services described by the commenters can result in data and referral lock-in. We discuss the issue of lock-in elsewhere in this final rule in more detail. We believe that our determination to exclude laboratory companies from the scope of protected donors will help address the data and referral lock-in risks posed by arrangements such as those described by the commenters. We also believe that the changes we are finalizing to the scope of protected donors will help address the commenter's concern about the negative impact of relationships between laboratory companies and vendors on the selection of electronic health records technology by providers and suppliers. We stated in the 2006 Final Rule that, although physicians and other recipients remain free to choose any electronic health record technology that suits their needs, we do not require donors to facilitate that choice for purposes of the safe harbor. However, donors must offer interoperable products and must not impede the interoperability of any electronic health record software they decide to offer. 71 FR 45110, 45128-9 (Aug. 8, 2006). Agreements between a donor and a vendor that preclude or limit the ability of competitors to interface with the donated software would cause the donation to fail to meet the condition at 42 CFR 1001.952(y)(3), and thus preclude protection under the electronic health records safe harbor.

Comment: Many commenters noted that several States—including Missouri, New Jersey, New York, Pennsylvania, Tennessee, Washington, and West Virginia—have prohibited or restricted donations of electronic health record technology by laboratory companies to address fraud and abuse concerns. Some of the commenters urged us to effectuate a similar prohibition or restriction by removing safe harbor protection from laboratory company donations. One of these commenters, referencing an earlier discussion of “the need for [electronic health record technology] subsidies to compete for business,” went on to state that “[laboratory companies] that are licensed in states that strictly prohibit [laboratory companies] from donating all or part of the costs of [electronic health record technology] to referring physicians are put at a considerable disadvantage in the marketplace.”

Response: We appreciate the commenters providing this information and we believe that our determination to exclude laboratory companies from the scope of protected donors will address the fraud and abuse concerns the commenters referenced. With respect to the commenter's concern about being disadvantaged, we note that our decision to remove laboratory companies from the scope of protected donors under the electronic health records safe harbor applies equally to all laboratory companies, regardless of their location.

Comment: Several commenters, including a national laboratory trade association that represents the industry's largest laboratory companies, took exception to what it perceived as a characterization that laboratory companies are solely responsible for problematic donations. Some of these commenters asserted that electronic health record vendors are encouraging physicians to seek or demand donations from laboratory companies, and that physicians are threatening to withhold referrals or send laboratory business elsewhere if donations are not made. According to one commenter, because physicians are not paying for a significant portion of the cost of these items and services, electronic health record technology vendors are able to charge high prices and the size of donations (in dollars) in recent years has increased exponentially. The commenter also suggested that vendors may be manipulating pricing to maximize the amount a laboratory company pays for donated items and services while minimizing or eliminating any physician responsibility. Another commenter raised a related concern that electronic health records technology vendors have increased the costs of their products because they know that laboratory companies are paying for them. Generally, commenters raising concerns about the conduct of electronic health record technology vendors and physicians recommended that we remove safe harbor protection for laboratory company donations.

One commenter asserted that electronic health records items and services are no longer being chosen by physicians based on which system is most appropriate, but rather based on which will produce the largest donation. Another commenter claimed that many physicians will change laboratory companies and seek a new donation once an existing donor laboratory company ceases to subsidize the physicians' electronic health records items and services costs. This commenter stated that such conversions are not only inefficient, but undermine the spirit of the regulatory requirement that recipients do not possess the same or equivalent items or services as those being donated.

Response: Our proposed modification related to the scope of protected donors and, thus, the focus of our discussion in the 2013 Proposed Rule was on donor conduct. Some of the comments we describe in this final rule also raise concerns about the conduct of recipients. We are clarifying that we do not believe that problematic donations involving laboratory companies are solely the result of questionable conduct by laboratory companies. Our decision to exclude laboratory companies from the scope of protected donors is the best way to reduce the risk of misuse of donations by both donors and recipients and address the concerns identified by the commenters.

The safe harbor at 42 CFR 1001.952(y)(4) contains a condition that prohibits the donation recipient, the recipient's practice, or any affiliated individual or entity, from making the receipt, amount or nature of the donated items or services a condition of doing business with the donor. This condition recognizes the risk of fraud and abuse posed by a potential recipient demanding a donation in exchange for referrals. This type of quid pro quo arrangement is no less troubling than quid pro quo arrangements that originate with the donor and would not be subject to safe harbor protection. Whether a quid pro quo donation is for an initial installation of a donated item or service or a conversion to a different donated item or service would not change our analysis. Additionally, we caution those engaging in conversion arrangements to be mindful of the limitations in the safe harbor at 42 CFR 1001.952(y)(7) concerning the donation of equivalent items or services.

Comment: Several commenters suggested that laboratory companies should be prohibited from making donations to physicians or that physicians should pay for their own electronic health records technology. Other commenters asserted that laboratory companies do not share an essential interest in their referring clients having electronic health records technology. Still other commenters stated simply that laboratory companies represent a high risk of fraud and abuse.

Response: We are excluding laboratories from the scope of protected donors.

Comment: A few commenters noted that laboratory companies typically use a laboratory information system (LIS), anatomic pathologist information system and/or blood banking system to store and share patients' laboratory results, and that these systems should not be confused with an electronic health record that includes a patient's full medical record composed of information from many medical specialties, including pathology. One of these commenters asserted that laboratories already bear the cost of establishing LIS interfaces that they provide in order to exchange laboratory services data electronically, and that clinical and anatomic laboratories could continue to do so legally even if they were no longer protected donors under the safe harbor. One commenter expressed concern about the costs associated with interfaces, other commenters asked us to clarify our position on the donation of interfaces by laboratory companies, and one commenter stated that interfaces were not closely analogous to facsimile machines.

Response: We appreciate the information provided by the commenters. We take this opportunity to note that our decision to exclude laboratory companies from the scope of protected donors under the safe harbor does not affect our position concerning the provision of free access to certain limited-use interfaces. We have long distinguished between free items and services that are integrally related to the offering provider's or supplier's services and those that are not. For instance, we have stated that a free computer provided to a physician by a laboratory company would have no independent value to the physician if the computer could be used only, for example, to print out test results produced by the laboratory company. In contrast, a free personal computer that the physician could use for a variety of purposes would have independent value and could constitute an illegal inducement. 56 FR 35952, 35978 (July 29, 1991) (preamble to the 1991 safe harbor regulations). The donation of free access to an interface used only to transmit orders for the donor's services to the donor and to receive the results of those services from the donor would be integrally related to the donor's services. As such, the free access would have no independent value to the recipient apart from the services the donor provides and, therefore, would not implicate the anti-kickback statute. See, e.g., OIG Ad. Op. 12-20 (2012). Accordingly, safe harbor protection for such donations would not be necessary.

We disagree with the commenter that asserted that interfaces are not sufficiently analogous to facsimile machines. We believe that a limited-use interface (as described in the preceding paragraph) is the contemporary analog to the limited-use computer described in the example from the 1991 preamble to the safe harbor regulations. A similarly limited-use facsimile machine would not materially differ from the limited-use computer and, thus, would be analogous to the access to the limited-use interface. It is the lack of independent value to the recipient that takes the donation outside the scope of the anti-kickback statute's prohibition, not the mode of technology. Finally, in the circumstances presented above, the free access to a limited-use interface would not require safe harbor protection, and thus the costs of the interface are outside the scope of this rulemaking.

Comment: Several commenters inquired whether our proposal to remove laboratory companies from the scope of protected donors applied to suppliers of both anatomic and clinical pathology services, and suggested that our proposal should apply to both. Commenters also inquired about the application of this proposal to hospitals that operate laboratory companies for non-hospital affiliated customers. Raising concerns about an uneven playing field, some of these commenters urged us to exclude such hospitals from the scope of protected donors if we determined to exclude laboratory companies. One commenter suggested that we effectuate this limitation by restricting protected hospital donations to those made to the hospital's employed physicians and the hospital's wholly-owned physician practices.

Response: Our proposal applied to “laboratory companies” and did not distinguish between those that provide anatomic pathology services and those that provide clinical pathology services. We intend that references to “laboratory company” or “laboratory companies” include entities that furnish either type of service. With respect to the commenters' suggestion to limit or prohibit hospital donations, we appreciate the commenters' concerns, but are not adopting their suggestion at this time. We continue to believe that hospitals have a substantial and central stake in patients' electronic health records. Further, the types and prevalence of the concerns that have been brought to our attention and discussed elsewhere in this final rule in the context of laboratory company donations have not arisen, to our knowledge, in the hospital-donation context.

We are clarifying that if a hospital furnishes laboratory services through a laboratory that is a department of the hospital for Medicare purposes (including cost reporting) and that bills for the services through the hospital's provider number, then the hospital would not be considered a “laboratory company” for purposes of this safe harbor and would continue to qualify as a protected donor under the modified safe harbor. However, if a hospital-affiliated or hospital-owned company with its own supplier number furnishes laboratory services that are billed using a billing number assigned to the company and not the hospital, the company would be considered a “laboratory company” for purposes of this safe harbor and would no longer qualify as a protected donor. The ability of the affiliated hospital to avail itself of the safe harbor would be unaffected. We remind readers that it is the substance, not the form, of an arrangement that governs under the anti-kickback statute. A donation purported to be by an affiliate of a laboratory company could, depending on the facts and circumstances, be attributed to the affiliated laboratory company, and thus not be subject to safe harbor protection.

Comment: One commenter requested that, if we finalize our proposal to exclude laboratory companies from the scope of protected donors, we specifically clarify that “[laboratory companies] are prohibited from providing [ ] software to physicians unless they comply with another one of the existing safe harbors.” The commenter went on to cite examples of software leases and sales at fair market value.

Response: We cannot make the statement requested. Safe harbors set forth specific conditions that, if met, assure the parties involved of not being subject to any enforcement actions under the anti-kickback statute, the CMP provision for anti-kickback violations, or the program exclusion authority related to kickbacks for the arrangement qualifying for the safe harbor. However, safe harbor protection is afforded only to those arrangements that precisely meet all of the conditions set forth in the safe harbor. The failure of an arrangement to fit in a safe harbor does not mean that the arrangement is illegal. That an arrangement does not meet a safe harbor only means that the arrangement must be evaluated on a case-by-case basis. Arrangements regarding the lease or sale of software are outside the scope of this rulemaking.

Comment: One commenter shared its concerns about a practice that it described as “post donation in-sourcing.” The commenter stated that it is aware of situations in which laboratory companies are donating to ordering physicians only to have those physicians in-source their laboratory services shortly after the donation. The commenter suggested that “[t]he donation enables [ ] ordering physicians to avoid bearing the full cost of the [electronic health records items and services] when they discontinue use of an outside laboratory and bring the specimen testing into their own in-house self-referral arrangement just after receiving the donation.”

Response: The safe harbor does not require the donation recipient to make referrals to the donor. To the contrary, subparagraph (y)(4) prohibits the donation recipient, the recipient's practice, or any affiliated individual or entity, from making the receipt, amount or nature of the donated items or services a condition of doing business with the donor. Moreover, subparagraph (y)(5) prohibits determining the eligibility of a recipient or the amount or nature of the items or services to be donated in a manner that directly takes into account the volume or value of referrals or other business generated between the parties. Whether safe harbor protection is afforded to the types of arrangements described by the commenter will depend on whether all conditions of the safe harbor are satisfied.

Comment: Two commenters raised issues regarding the type of remuneration permissible under the safe harbor at 42 CFR 1001.952(y). One commenter characterized the safe harbor in terms of allowing laboratory companies to donate funds to recipients to help them implement electronic health records technology. Another commenter noted that some donations from laboratory companies have included hardware.

Response: We remind stakeholders that the electronic health records safe harbor applies only to the donation of nonmonetary remuneration (consisting of items and services in the form of software or information technology and training services) necessary and used predominantly to create, maintain, transmit, or receive electronic health records. As stated in the preamble to the 2006 Final Rule, reimbursement for previously incurred expenses is not protected, as it poses a substantial risk of fraud and abuse. 71 FR 45110, 45134 (Aug. 8, 2006). We also remind stakeholders that the safe harbor does not protect the donation of hardware.

Scope of Protected Donors: Other Comments and Suggestions

Although the majority of commenters recommended removing safe harbor protection for donations by laboratory companies, including by excluding laboratory companies from the scope of protected donors, some commenters had alternate or additional recommendations.

Comment: A number of commenters recommended that we maintain our current scope of protected donors. Some of these commenters stated that limiting the scope of protected donors could have an impact on specialists, who, according to the commenters, still have relatively low rates of electronic health records adoption. Along the same lines, one commenter stated that limiting the categories of donors that may seek protection under the safe harbor will negatively impact recipients by preventing certain entities from helping move the entire healthcare system towards more interoperable electronic health records systems. Others cautioned that restricting the scope of protected donors will stymie innovation and restrict learning from the technology. Finally, some commenters contended that laboratory companies and other ancillary service providers and suppliers have a legitimate clinical interest in donating electronic health record items and services, and that many physician practices depend on it.

Some commenters, while acknowledging our concerns regarding abusive donation practices, suggested alternative means to address the concerns we articulated in the 2013 Proposed Rule. These commenters variously recommended that we strengthen interoperation requirements, provide education materials, or adopt enforcement policies to prevent abuses rather than limiting the scope of potential donors.

Response: We agree with many of the reasons articulated by the commenters that support maintaining our current broad scope of protected donors. We recognize that limiting the scope of potential donors could constrain the ability of many providers and suppliers to adopt electronic health record technology. Other than with respect to laboratory companies, the scope of protected donors will remain the same. We will continue to monitor and may, prior to 2021, reconsider in a future rulemaking the risk of fraud or abuse relating to the use of the safe harbor by other donors or categories of donors.

We appreciate the suggestions from commenters regarding alternative means of addressing abusive donation practices. The purpose of safe harbors is to permit certain non-abusive arrangements that, in the absence of the safe harbor, potentially would be prohibited by the anti-kickback statute. Compliance with safe harbors is voluntary, and safe harbor protection is afforded only to those arrangements that precisely meet all of the conditions set forth in the safe harbor. Thus, any individual or entity engaging in an arrangement that does not meet all conditions of the safe harbor could be subject to an enforcement action unless the arrangement otherwise complies with the law. In response to the suggestion that we provide additional education materials, we would like to highlight our efforts to educate the industry about compliance with the anti-kickback statute and other fraud and abuse laws generally. Our Web site (www.oig.hhs.gov) has a “Compliance” tab with many compliance-related materials. These include Compliance Education for Physicians, Compliance Program Guidance documents for various segments of the industry (including hospitals, nursing facilities, and others), Special Fraud Alerts, advisory opinions, and more. We believe that the information we include in this final rule sufficiently sets forth donors' and recipients' requirements under the safe harbor with respect to donations. If an individual or entity desires guidance about a specific arrangement involving the donation of electronic health records items or services under the safe harbor, our advisory opinion process remains available. Finally, we address the issue of interoperation requirements elsewhere in this final rule.

Comment: We received a number of comments requesting that we retain certain categories of providers and suppliers within the scope of protected donors under the safe harbor at 42 CFR 1001.952(y). For example, commenters that provide dialysis services specifically requested that they remain protected donors. One of the dialysis provider commenters noted that excluding this specialty would have a chilling effect on the development and availability of the specialized electronic health records systems used by nephrologists. A few commenters requested that we continue to include hospitals and health systems as protected donors in order for them to retain the ability to assist physicians in adopting electronic health records technology. Other commenters requested that we explicitly retain home health agencies as protected donors. In support of retaining home health agencies, one commenter stated that the depth, breadth, and frequency of communications between home health agencies and other direct care providers makes the use of interoperable electronic health record technology essential to improving clinical outcomes and financial efficiencies. We also received comments in support of retaining safety-net providers and pharmacies as protected donors.

Response: We agree generally with the thrust of these comments. We recognize the value of permitting individuals and entities that participate directly in the provision of health care to patients and that have a need to coordinate with care providers and suppliers to donate electronic health record items or services to facilitate those interactions. Based on the information we have available at this time, we intend to continue to protect donors, other than laboratory companies, that provide patients with health care items or services covered by a Federal health care program and submit claims or requests for payment to those programs directly or through reassignment. Thus, whether a particular donation is eligible for safe harbor protection will hinge, in part, on whether the particular individual or entity making the donation meets this standard. For example, a hospital (whether stand-alone or within a health system) is an entity that typically provides health care services and submits claims or requests for payment to Federal health care programs and, therefore, could be a protected donor under this safe harbor.

Comment: Some commenters agreed with the option we presented in the 2013 Proposed Rule to retain the current scope of protected donors but exclude providers and suppliers of ancillary services associated with a high risk of fraud and abuse. A few of these commenters suggested that taking a targeted approach minimizes the risk of unintended consequences. One of these commenters asserted that we should exclude the particular individuals or entities that have been the subject of complaints. Another of these commenters specifically recommended that we target categories of providers and suppliers with a history or pattern of abusive behavior. Other commenters variously recommended excluding laboratory companies, DME suppliers, home health agencies, or safety-net providers from the scope of protected donors. One commenter asserted that entities like laboratory companies and DME suppliers do not have an overarching and essential interest in having physicians use electronic health records, nor do they coordinate a patient's care. In contrast, one commenter objected to singling out a provider or supplier type to exclude from the scope of protected donors. This commenter stated that such an action unjustly (1) penalizes a whole category of providers or suppliers when most, in the commenter's assessment, are law-abiding, and (2) supports other providers or suppliers that may have similar motivations.

Response: We respond earlier to the commenters who recommended removing only laboratory companies from the scope of protected donors. With respect to the other comments, we note that, in the 2013 Proposed Rule, we specifically requested comments with supporting reasons regarding whether particular provider or supplier types should not be protected. 78 FR 21314, 21318 (Apr. 10, 2013). Some commenters generally suggested that we remove additional provider or supplier types from the scope of protected donors, but their comments did not provide specific examples of abusive practices with respect to donations by other donors, nor did the comments contain indicia of problems comparable to those that are arising in the laboratory context. We have not heard the same concerns or received similar complaints about other categories of donors or types of donation arrangements, and therefore believe it is premature to exclude potential donors (other than laboratory companies). We also decline to identify particular individuals or organizations in the regulation.

Comment: A few commenters recommended restricting the scope of protected donors under the safe harbor to those types listed in the MMA. These commenters also made suggestions regarding how to restrict donations from these limited categories of donors. For example, one commenter recommended limiting the protected donors to hospitals and providers and suppliers operating in an integrated setting and to MA plans and providers and suppliers under contract with them. Another commenter suggested limiting the application of the safe harbor to a similar integrated model, and to hospitals that donate to their employed physicians and the physician groups that they own. In contrast, one commenter suggested that limiting the protected donor types to the original MMA list is too restrictive because some provider and supplier types not listed in the MMA (e.g., ambulatory surgical centers that now perform many procedures previously performed only in hospitals) should have the opportunity to make donations.

Response: We agree that providers and suppliers operating in an integrated environment need interoperable electronic health records. However, we do not believe that the need for this technology is limited to individuals and entities in an integrated care setting. Patients may receive care from providers and suppliers that are not in the same integrated system, and the patient's medical records need to be shared with those providers and suppliers who care for a patient. The Department's goal continues to be fostering broad adoption of interoperable electronic health records technology. At this time, we believe that excluding laboratory companies from the scope of protected donors, rather than limiting the scope to the original MMA list of donors (or some other subset of protected donors) strikes the right balance between furthering that goal and preventing fraud and abuse.

2. Data Lock-In and Exchange

We solicited comments on what new or modified conditions could be added to the electronic health records safe harbor to achieve the two goals of (1) preventing misuse of the safe harbor that results in data and referral lock-in and (2) encouraging the free exchange of data (in accordance with protections for privacy). Additionally, we requested comments on whether those conditions, if any, should be in addition to, or in lieu of, our proposal to limit the scope of protected donors. We also solicited comments on possible modifications to 42 CFR 1001.952(y)(3), which is a condition of the safe harbor requiring that “[t]he donor (or any person on the donor's behalf) does not take any action to limit or restrict the use, compatibility, or interoperability of the items or services with other electronic prescribing or electronic health records systems.”

Data Lock-In: Comments on Current Conditions

Comment: Many commenters asserted that the current conditions of the safe harbor provide adequate safeguards to prevent donations that result in data or referral lock-in between the donor and recipient. These commenters expressed general support for enforcement when arrangements do not comply with the conditions of the safe harbor. Several of these commenters were also concerned that adding or modifying conditions of the safe harbor may increase the burden of compliance and, therefore, lead to fewer entities willing to make appropriate donations.

Response: We are not persuaded to adopt significant new requirements or modifications to the safe harbor to address the issue of data and referral lock-in at this time. However, as described below, we are making limited clarifications to current conditions to reflect our intended meaning.

We remain committed to investigating potentially abusive arrangements that purport to meet the conditions of the safe harbor, but, in fact, do not. Donations that do not meet the conditions of the safe harbor—because they are used to lock in referrals—are suspect under the law.

Comment: Several commenters expressed concerns about donations that lead to data lock-in. As described elsewhere in this final rule, some commenters suggested that, although some donated items or services have the ability to be interoperable, vendors may charge providers and suppliers who do not use the same donated software high fees to interface with it. The commenters contended that these business practices result in electronic health records software that is not practically interoperable because non-donor providers and suppliers cannot afford to connect to it. Other commenters expressed general concerns that donated items or services are capable of interoperation, but that recipients implicitly agree to send referrals only to the donor. These commenters did not provide specific recommendations to modify the data lock-in conditions of the safe harbor, but generally supported our efforts to prevent data lock-in.

Two commenters representing laboratory companies expressed specific concerns about a feature of donated software that may lead to data lock-in. They explained that some software is designed to limit the accessibility of data that is received from an electronic health records system that is different than the donated software. Most often, data sent from the non-donated electronic health records system cannot populate automatically in a patient's electronic health record or other limits are placed on the portability of data sent from the non-donated electronic health records system. According to these commenters, the limited accessibility of the data makes it harder for the recipient to access and use it for clinical purposes. As a result, a physician or other recipient is more likely to use only the donor's services to make sure that necessary data is easily accessible. These commenters asserted that there are no technical solutions to reducing the possibility of data lock-in; rather, the only solution is to remove laboratory companies from the scope of protected donors.

Several other commenters endorsed generally our efforts to prevent referral and data lock-in. These commenters evidenced strong support of the free exchange of health information across different provider and supplier types to better coordinate care for patients. However, apart from supporting our efforts to ensure that electronic health records systems are interoperable, the commenters made no specific recommendations regarding modifications to the exception.

Response: We share the commenters' concerns about the interoperability of donated software. While any definitive conclusion regarding the existence of an anti-kickback violation requires a case-by-case determination of the parties' intent, we note that donations of items or services that have limited or restricted interoperability due to action taken by the donor or by any person on the donor's behalf (which could include the recipient acting on the donor's behalf) would fail to meet the condition at 42 CFR 1001.952(y)(3) and is inconsistent with the intent of the safe harbor to promote the use of technology that is able to communicate with products from other vendors. Resulting donations would be suspect under the law as they would appear to be motivated, at least in part, by a purpose of securing Federal health care program business. For example, arrangements in which a donor takes an action to limit the use, communication, or interoperability of donated items or services by entering into an agreement with a recipient to preclude or inhibit any competitor from interfacing with the donated items or services would not satisfy the requirement of 42 CFR 1001.952(y)(3). Other donation arrangements described by the commenters in which electronic health records technology vendors agree with donors to charge high interface fees to non-recipient providers or suppliers or to competitors may also fail to satisfy the conditions of 42 CFR 1001.952(y)(3). We believe that any action taken by a donor (or any person on behalf of the donor, including the electronic health record vendor or the recipient) to limit the use of the donated items or services by charging fees to deter non-recipient providers and suppliers and the donor's competitors from interfacing with the donated items or services would pose legitimate concerns that parties were improperly locking-in data and referrals and that the arrangement in question would not qualify for safe harbor protection.

However, whether a donation actually satisfies the conditions of the safe harbor depends on the specific facts of each donation arrangement. We encourage the reporting of instances of data lock-in, as we believe that investigation may establish that where such lock-in has occurred, existing conditions of the safe harbor have not been met. Moreover, any action taken to achieve such a result could be evidence of intent to violate the anti-kickback statute. In regard to the specific recommendation to remove laboratories from the scope of protected donors, we note that we are excluding laboratory companies from the scope of protected donors as discussed earlier in this final rule.

Data Lock-In: Recommendations Outside the Scope of the Rulemaking

Comment: One commenter expressed concern regarding data lock-in and supported ensuring that donations are transparent and free of any attempts to steer future business. Although the commenter denied knowledge of any specific abuse of the safe harbor, the commenter requested that we allow individuals or entities to remedy a donation that may not be protected by the safe harbor. The commenter suggested that the remedy for failure to satisfy the conditions of the safe harbor as modified by this final rule should be to make recipients pay the fair market value of any costs for ongoing support of the donated items or services and provide 3 years for the recipient to either pay full value for the donation or make a transition to a new system.

Response: We appreciate the commenter's concern and recommendation; however we decline to make the suggested modification. Even if we were inclined to do so, implementing the commenter's suggestions would be outside the scope of this rulemaking.

Data Lock-in: Recommendations for Additions or Modifications to the Safe Harbor Conditions

Comment: A few commenters urged us to amend the safe harbor to require that the recipient or the donor participate in actual health information exchange with an electronic health records system that is different from the donated item. One commenter specifically suggested that the recipient should have to demonstrate exchange with at least one other electronic health record system within a certain time frame after receipt of the donation. Another commenter suggested that the donor should have to—upon request—enable the donation recipients to engage in bi-directional exchange of data with competitors not using the same electronic health record system.

Response: We appreciate the commenters' recommendations; however, we are not modifying the conditions of the safe harbor that require the parties to a donation arrangement to demonstrate interoperation. We question whether adequate demonstration of interoperation could occur only after the donation has been made, which would create uncertainty about whether the donation meets the conditions for protection under the safe harbor at the time of the donation. This uncertainty would undermine the Department's goal to support widespread adoption of interoperable electronic health record technology. It is our intent and expectation that interoperation will, in fact, occur, and we believe the safe harbor conditions, in their entirety, promote such interoperation. Moreover, routine interoperation with systems other than those of the donor may be evidence that neither the donor nor any person on the donor's behalf has taken any action to limit or restrict the use, compatibility, or interoperability of the items or services with other electronic prescribing or electronic health records systems. See 42 CFR 1001.952(y)(3).

Further, we note that the Department is considering a number of policies to accelerate and advance interoperability and health information exchange. As part of this process, ONC and CMS requested input from the public on possible policies and programmatic changes to accelerate electronic health information exchange among individuals and entities that furnish health care items and services, as well as new ideas that would be both effective and feasible to implement. 78 FR 14793, 14794 (Mar. 7, 2013). We believe that the process initiated by ONC and CMS is better suited than this anti-kickback statute safe harbor to consider and respond to evolving functionality related to the interoperability of electronic health record technology. [3]

Comment: In response to our solicitation of comments, some commenters provided suggestions as to how we could broaden the current safe harbor conditions related to data lock-in. Two commenters suggested broadening 42 CFR 1001.952(y)(3), which imposes the condition that the donor (or any person on the donor's behalf) does not take any action to limit or restrict the use, compatibility, or interoperability of the items or services with other electronic prescribing or electronic health records systems. Specifically, one of the commenters suggested that we replace the reference to “electronic prescribing or electronic health records systems” with “health information technology platforms or other health care providers.” The commenters asserted that this proposed change reflects the development of health information technology that may not be classified as an electronic health record system, but supports the free exchange of health information. These two commenters also suggested that we modify the condition at 42 CFR 1001.952(y)(3) to state that neither the donor nor the recipient may take any action to limit the interoperability of donated items or services and require that the modified condition be included as part of the written agreement condition at 42 CFR 1001.952(y)(6).

Another commenter suggested amending 42 CFR 1001.952(y)(3) by providing a non-exhaustive list of actions that would cause a donation not to satisfy this condition and by establishing a process for entities to provide the Department with information about potential abuses of the safe harbor. A representative of several health plans suggested modifying the safe harbor conditions to ensure that, in the context of health information exchange, the interoperability condition requires that all key stakeholders, including health insurance plans, have access to the health information exchange. The commenter suggested that we modify the interoperability condition at 42 CFR 1001.952(y)(2) to prohibit restrictions on the communication and exchange of data with any “covered entity” as defined 45 CFR 160.103.

Response: The current language in the regulatory text prohibits donors (or persons on the donor's behalf) from taking any action to limit or restrict the use, compatibility, or interoperability of donated items or services with other “electronic prescribing or electronic health records systems.” The term “electronic prescribing or electronic health records systems” was intended to be broad in order to account for developments in the health information technology industry. Based on the commenters' suggestions it appears, however, that some have read this term more narrowly. This narrow reading is inconsistent with our intended meaning. We have always believed and continue to believe that an action taken by a donor (or on behalf of the donor) that limits the use, compatibility, or interoperability of donated items or services with any other health information technology may impede the free exchange of data and limit the ability of providers and suppliers to coordinate care, which is inconsistent with one of the goals of the safe harbor. Therefore, we are clarifying 42 CFR 1001.952(y)(3) by adding a parenthetical that includes a non-exhaustive list of some of the forms of technologies we believe are included within the meaning of the current regulatory language. We are not adopting the commenters' suggested edit as we do not believe that it is necessary in light of the clarification we have made. We also decline to modify 42 CFR 1001.952(y)(2) to prohibit restrictions on the communication and exchange of data with any covered entity as defined at 45 CFR 160.103. We believe that the existing condition at 42 CFR 1001.952(y)(3), which we have clarified in this final rule as including health information technology applications, products, or services, promotes interoperability with a variety of providers and suppliers, as well as other health care entities that may play a role in the coordination of care, including health plans that operate health information technology applications, products, or services.

We are not adopting the commenters' suggestion to modify the safe harbor to state that neither the donor nor the recipient may take any actions to limit the interoperability of the donated item or service. The condition at 42 CFR 1001.952(y)(3) requires the donor (or any person on behalf of the donor) to refrain from taking any action that limits or restricts the use, compatibility, or interoperability of the donated items or services. To the extent that a recipient takes an action on the donor's behalf to limit the use, compatibility, or interoperability of donated items or services, that donation would fail to qualify for protection under the safe harbor. Because we see no obvious reason for a recipient to take action to limit the use, compatibility, or interoperability of donated items or services other than at a donor's behest or as a condition of the donation, we believe that any action of this type by a recipient would be suspect. We are not making the suggested modification because the concern articulated by the commenters is already addressed by the existing regulatory language and the policies we are adopting in this final rule. Because we are not adopting the commenters' suggestion, we are not making any corresponding revisions to require that the recommended provision be incorporated into the written agreement condition at 42 CFR 1001.952(y)(6).

We are not implementing the suggestion that we provide in regulation text examples of actions that may cause a donation not to meet the condition of 42 CFR 1001.952(y)(3). Whether a donation meets the precise conditions of the safe harbor requires a case-by-case analysis and depends on the specific facts of the donation. We encourage the reporting of instances when the donor (or any other person on behalf of the donor) takes action to limit the interoperability of donated items or services, as we believe that investigation may establish that, when such lock-in has occurred, existing conditions of the safe harbor not have been met. Moreover, any action taken to achieve such a result could be evidence of intent to violate the anti-kickback statute.

Data Lock-in: Other Comments and Suggestions

Comment: One commenter objected to the use of the safe harbor to address the issue of data lock-in. The commenter contended that data lock-in may arise in response to legitimate concerns, such as Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security rules, liability issues, licensing requirements, and anti-trust issues. Further, according to the commenter, data lock-in conditions may cause uncertainty for donors because parties may not be able to determine whether a donation met these conditions until after donation.

Response: Nothing in this final rule is intended to prohibit legitimate actions taken to ensure that donated items and services appropriately protect data, including measures to ensure the privacy and security of health information data. We recognize that there may be appropriate security, privacy, and other business reasons to protect data. This final rule addresses only actions that inappropriately lock in data, for example locking in data to secure future referrals.

Comment: One commenter expressed support for preventing electronic health records data lock-in and the free exchange of data. However, the commenter did not agree that additional conditions designed to promote these goals would be effective. Instead, the commenter suggested that CMS adopt payment models that continue to foster care coordination activities.

Response: We appreciate the commenter's suggestion; however, changes to CMS payment models are outside the scope of this OIG rulemaking. We note that ONC and CMS in their Request for Information solicited input on options for improving several different CMS payment models to support better the adoption of interoperable electronic health record technology. 78 FR 14793, 14797 (Mar. 7, 2013).

Comment: Two commenters suggested data lock-in could be limited by requiring electronic health record software to be open or “open source.” Both commenters asserted that open source software would limit data lock-in due to the transparent nature of open source software. In addition, it would lead to greater interoperability of electronic health record systems. One commenter also suggested that we require mandatory advance disclosure of the operational and business policies and practices associated with the electronic health record technologies. One commenter suggested that we adopt the e-DOS standard as certification criteria for electronic health records.

Response: We generally share the commenters' support for free exchange of health information, provided that there are appropriate protections for privacy and security. However, we are not adopting the commenters' recommendations because software certification criteria and standards are determined by ONC and are, therefore, outside the scope of this rulemaking.

3. Covered Technology

In the 2013 Proposed Rule, we noted that “we received questions concerning whether certain items or services . . . fall within the scope of covered technology under the electronic health records safe harbor.” 78 FR 21314, 21319 (Apr. 10, 2013). There, we stated that “[t]he answer to such questions depends on the exact items or services that are being donated.”Id. We referenced the discussion of our interpretation of the term “software, information technology and training services necessary and used predominantly” in the 2006 Final Rule. Id. We stated that “[w]e believe that the current regulatory text, when read in light of the preamble discussion, is sufficiently clear concerning the scope of covered technology . . . .”Id. Nonetheless, because we have received suggestions from stakeholders to modify the regulatory text of the electronic health records safe harbor to reflect explicitly this interpretation, we sought comments from the public regarding this issue. After considering the public comments with respect to this issue, we determined not to make any changes to the regulation text to address the scope of covered technology.

Comment: Several commenters stated that the regulatory text describing the scope of technology covered by the safe harbor, when read in light of the 2006 Final Rule preamble, is sufficiently clear. One of these commenters urged us not to revise the regulation in any way that might limit the scope of covered technology, limit the ability of donors and recipients in the design and selection of items and services, or create barriers to achieving interoperability. Other commenters agreed that the current definition of covered technology is appropriate, with two of these commenters suggesting that we revisit the definition in the future as health information technology evolves. Still other commenters asserted that the existing regulatory language can be interpreted to include “services that enable the interoperable exchange of electronic health records data;” thus, no revisions to the regulatory text are required. In contrast, one commenter suggested that we incorporate into the regulatory text the preamble language from the 2006 Final Rule where we discussed examples of items and services that would qualify for coverage under the safe harbor. Another commenter suggested that we revise the regulatory text to include as many examples of covered “software, information technology and training services” as possible while emphasizing that the list is not exhaustive.

Response: We agree that maintaining flexibility is important, particularly as health information technology evolves. We endeavor to avoid revisions to the regulation text that could inadvertently narrow the safe harbor, which is intended to promote the adoption of interoperable electronic health record technology. Moreover, our interpretation of what is covered by the safe harbor has not changed. As we stated in the 2013 Proposed Rule, whether specific items or services fall within the scope of covered technology under the safe harbor depends on the exact items or services that are being donated. 78 FR 21314, 21319 (Apr. 10, 2013). If the “services that enable the interoperable exchange of electronic health records data” are of the type that do not meet the requirements for covered technology (for example, because they include hardware, storage devices, or have core functionality other than electronic health records), they would not be eligible for protection under the safe harbor at 42 CFR 1001.952(y).

For these reasons, we are not revising the regulation text at 42 CFR 1001.952(y) to identify any specific types of items or services that may be donated if the other conditions of the safe harbor are satisfied. We are also not modifying the examples identified in the preamble discussion in the 2006 Final Rule. 71 FR 45110, 45151-2 (Aug. 8, 2006). The safe harbor continues to protect nonmonetary remuneration in the form of software, information technology and training services necessary and used predominantly to create, maintain, transmit, or receive electronic health records.

Comment: A few commenters requested clarification regarding whether third-party fees related to the exchange of health information, such as health information exchange (HIE) service charges for interconnectivity, are “covered technologies” under the safe harbor.

Response: The safe harbor protects only nonmonetary remuneration. Whether particular items or services, like interconnectivity services, can be donated under the safe harbor depends on the exact item or service that is being donated and whether the item or service is: (1) In the form of software, information technology and training services; and (2) necessary and used predominantly to create, maintain, transmit, or receive electronic health records. We caution, however, that the donation of items or services, including interconnectivity services that are eligible for donation, would not be protected if the recipient, the recipient's practice, or any affiliated individual or entity makes the receipt, amount or nature of the donated items or services a condition of doing business with the donor or if the donor determines the eligibility of a recipient or the amount or nature of the items or services to be donated in a manner that directly takes into account the volume or value of referrals or other business generated between the parties. See 42 CFR 1001.952(y)(4) and (5).

Comment: One commenter suggested that, in addition to maintaining as much flexibility as possible, we broaden the scope of the technology covered by the safe harbor to include software and services used for care coordination, quality measurement, improving population health, or improving the quality or efficiency of health care delivery among parties. The commenter noted that some of these items may be covered by the waivers issued in connection with the Medicare Shared Savings Program (MSSP); however, because those waivers extend only to parties participating in that program, protection for the donation of items or services that advance the Department's goal of encouraging the adoption of health information technology that supports public policy objectives is not available to other health care industry stakeholders. To advance these goals in a broader way, the commenter suggested that the safe harbor be expanded to include items potentially covered by the MSSP pre-participation waiver, such as electronic health information exchanges that allow for electronic data exchange across multiple platforms, data reporting systems (including all-payer claims data reporting systems), and data analytics (including staff and systems, such as software tools, to perform analytic functions). Another commenter suggested that we broaden the scope of technology covered by the safe harbor to include software separate from the certified electronic health record software as long as it is interoperable with the electronic health record software. The commenter gave as examples of such electronic health-records-associated components “patient portals that support patient engagement, direct and other standards-compliant means for secure patient information exchange between providers, solutions to support transition care, and tools that may assist in inter- and intra-patient matching.” A third commenter urged us to consider a broader array of covered technologies, provided that they support policy goals such as reducing hospital readmissions and coordinated care across settings outside of traditional office settings, including telemonitoring and telemedicine. Another commenter suggested that we expand the protection of the safe harbor to cover “any additional items or services that will be required or helpful in meeting Stage 2 or Stage 3 requirements for [the EHR Incentive Programs].”

Response: As stated previously, whether specific items or services fall within the scope of covered technology under the safe harbor depends on the exact items or services that are being donated. Some of the particular items and services that may be included within the broad categories identified by the commenters may be eligible for donation. For example, if a particular software product related to transitions of care was necessary and used predominantly to create, maintain, transmit, or receive electronic health records, then it would be eligible for donation, provided that the donation met all of the other safe harbor conditions. As noted previously in this final rule, software is not required to be certified to ONC certification criteria in order to be donated under the electronic health records safe harbor. Thus, software that is separate from certified software may still be eligible for donation if it satisfies the definition of “interoperable” in the Note to paragraph (y) in 42 CFR 1001.952(y). To the extent that the commenters suggest that we expand the scope of the safe harbor to protect items or services that are not already eligible for donation, we note that revision of the safe harbor to include such items or services would be outside the scope of this rulemaking. In the 2013 Proposed Rule, with respect to the scope of technology potentially covered by the safe harbor, we sought input from the public regarding the singular issue of “whether the current regulatory text, when read in light of the preamble discussion, is sufficiently clear concerning the scope of covered technology.” 78 FR 21314, 21319 (Apr. 10, 2013). With regard to whether the scope of the covered technology should be broadened, as opposed to clarified, we are mindful of the important issues raised by the commenters and may consider them in the future. We further note that, depending on the circumstances, some of the arrangements described by the commenters may fit in other safe harbors or may not implicate the anti-kickback statute.

Comment: One commenter suggested that we define “equivalent technology” for purposes of the condition in the safe harbor that the donor of electronic health record technology may not have actual knowledge of, or act in reckless disregard or deliberate ignorance of, the fact that the recipient possesses or has obtained items or services equivalent to those being donated. This commenter also suggested that we prohibit a provider or supplier from seeking or accepting a donation before a certain period of time has elapsed since the receipt of a previous donation. Another commenter urged us to eliminate maintenance and service agreements from the scope of potentially protected donations under the safe harbor. In the alternative, the commenter suggested that we impose a restriction on the time period that donations of such services would be permitted. The commenter noted concerns that donors may use ongoing donations of maintenance and service agreements to lock in referrals from recipients. A commenter that urged us not to extend the availability of the safe harbor suggested that we prohibit the donation of all technology except interfaces for reporting of laboratory results.

Response: Although we appreciate the commenters' suggestions, we are not making the requested changes. We believe that the modifications to and clarifications of 42 CFR 1001.952(y) adopted in this final rule and the clarifications offered in this preamble address the concerns raised by these commenters.

Comment: One commenter asserted that the prohibition on donating equivalent technology currently included in the safe harbor locks physician practices into a vendor, even if they are dissatisfied with the technology, because the recipient must choose between paying the full amount for a new system and continuing to pay 15 percent of the cost of the substandard system. The commenter asserts that the cost difference between these two options is too high and effectively locks physician practices into electronic health record technology vendors.

Response: Although we appreciate the commenter's concern, we continue to believe that items and services are not “necessary” if the recipient already possesses the equivalent items or services. 71 FR 45110, 45123 (Aug. 8, 2006). As stated in the 2006 Final Rule, “the provision of equivalent items and services poses a heightened risk of abuse, [because] such arrangements potentially confer independent value on the recipient (i.e., the value of the existing items and services that might be put to other uses) unrelated to the need for electronic health records technology.”Id. Thus, we retain our policy to preclude safe harbor protection in instances when the donor has actual knowledge of, or acts in reckless disregard or deliberate ignorance of, the fact that the recipient possesses or has obtained equivalent items or services. We expect physicians would not select or continue to use a substandard system if it posed a threat to patient safety.

Comment: One commenter referenced the 2013 Proposed Rule's statement that “software or information technology and training services necessary and used predominantly for electronic health records purposes” included “information services related to patient care (but not separate research or marketing support services.” 78 FR 21314, 21319 (Apr. 10, 2013). The commenter requested that we retract that statement and clarify that it is appropriate for health researchers to use data in electronic health records for research that is related to, for example, evidence-based medicine, population management, or other research, provided that the use complies with applicable Federal, State, and institutional requirements.

Response: We decline to retract our statement in the 2013 Proposed Rule. To promote adoption of electronic health records while minimizing the risk of abuse, the scope of items and services permitted to be donated under the safe harbor is limited to items and services in the form of software and information technology and training services that are “necessary and used predominantly to create, maintain, transmit, or receive electronic health records.” Donations of software for research that is separate from clinical support and information services related to patient care are not consistent with the primary goals of the safe harbor.

The electronic health records safe harbor addresses only the donation of electronic health records items and services, not the use of data. Thus, the portion of the comment related to data use is outside the scope of this rulemaking. We note, however, that nothing in the safe harbor prohibits the use of data in electronic health record systems for research purposes (assuming the parties comply with all other applicable laws, including HIPAA privacy and security rules).

Comment: One commenter asked us to confirm that patient portals are within the scope of the technology potentially protected by the safe harbor.

Response: We are not certain what the commenter precisely means by “patient portals.” Patient portals come in a variety of forms; the key to the safe harbor analysis is whether the specific item or service donated is: (1) In the form of software, information technology and training services; and (2) necessary and used predominantly to create, maintain, transmit, or receive electronic health records. As we stated in the 2006 Final Rule in response to a commenter's recommendation that the safe harbor specifically protect the provision of patient portal software that enables patients to maintain online personal medical records, including scheduling functions (71 FR 45110, 45125 (Aug. 8, 2006)), nothing in the safe harbor precludes protection for patient portal software if it satisfies all of the safe harbor conditions.

E. Comments Outside the Scope of Rulemaking

In addition to some of the comments noted above, we received several comments from stakeholders, including suggestions on policy changes, that are outside the scope of this rulemaking. For example, one commenter raised concerns about a private insurer's proposed fee schedule for laboratory services. Another commenter expressed a concern about “outrageous bills” the commenter received from a laboratory company. While we appreciate the commenters taking time to raise these concerns, we will not be addressing them as they are outside the scope of this rulemaking.

III. Provisions of the Final Regulations Back to Top

For the most part, this final rule incorporates the proposed revisions from the 2013 Proposed Rule. Specifically, we update the provision under which electronic health records software is deemed interoperable by revising 42 CFR 1001.952(y)(2) to remove the phrase “recognized by the Secretary” and replace it with the phrase “authorized by the National Coordinator for Health Information Technology” and to replace the 12-month time frame for certification of electronic health records software with a requirement that the software be certified to an edition of the electronic health record certification criteria identified in the then-applicable version of 45 CFR part 170 (ONC's certification program). Second, we remove from the safe harbor the requirement at 42 CFR 1001.952(y)(10) related to electronic prescribing capability. Third, we extend the sunset date of the safe harbor to December 31, 2021 by modifying 42 CFR 1001.952(y)(13). Fourth, we limit the scope of protected donors to exclude laboratory companies. We are modifying 42 CFR 1001.952(y)(1)(i) to effectuate this change. And fifth, we are clarifying the condition at 42 CFR 1001.952(y)(3) that prohibits a donor from taking any action to limit or restrict the use, compatibility, or interoperability of the donated items or services.

IV. Waiver of the Delay in the Effective Date Back to Top

Ordinarily we provide a delay of at least 30 days in the effective date of a final rule after the date that the rule is issued. However, the 30-day delay in effective date can be waived if the rule grants or recognizes an exemption or relieves a restriction. We believe that it is appropriate to waive the 30-day delay in effective date for 42 CFR 1001.952(y)(13), which relieves a restriction on donations of electronic health records items and services. Specifically, this final rule amends 42 CFR 1001.952(y)(13) to extend the sunset date of the existing safe harbor from December 31, 2013 to December 31, 2021. Without a waiver of the requirement for a delayed effective date, the entire safe harbor will expire on December 31, 2013 and will not be available to protect any ongoing donation arrangements or new donations of electronic health records items and services made after December 31, 2013. By waiving the 30-day delay in effective date, the safe harbor will not expire, thereby allowing parties to continue utilizing the safe harbor to protect donations of electronic health records items and services. We stress, however, that donations of electronic health records items and services that occur between January 1, 2014 and the effective date of the remaining provisions of this final rule (March 27, 2014) will need to comply with all the conditions of the existing safe harbor. The waiver of the 30-day delay in effective date simply serves to maintain the status quo until the rest of this final rule becomes effective.

The 30-day delay in effective date can also be waived if the agency finds for good cause that the delay is impracticable, unnecessary, or contrary to the public interest, and the agency incorporates a statement of the findings and reasons in the rule issued. We find that it is unnecessary to provide a 30-day delay in effective date for 42 CFR 1001.952(y)(13) because an earlier effective date simply allows parties to continue making donations under the existing electronic health records safe harbor; it does not impose any new requirements or restrictions on potentially affected parties. Moreover, we find that a 30-day delayed effective date for 42 CFR 1001.952(y)(13) is impracticable because it would cause the entire safe harbor to expire, thereby nullifying this final rule.

V. Regulatory Impact Statement Back to Top

We have examined the impact of this final rule as required by Executive Order 12866 on Regulatory Planning and Review (Sept. 30, 1993); Executive Order 13563 on Improving Regulation and Regulatory Review (Jan. 18, 2011); the Regulatory Flexibility Act (RFA) (Sept. 19, 1980, 96, codified at 5 U.S.C. 601 et seq.); section 1102(b) of the Act; section 202 of the Unfunded Mandates Reform Act of 1995 (Mar. 22, 1995; Pub. L. 104-4); Executive Order 13132 on Federalism (August 4, 1999); and the Congressional Review Act (5 U.S.C. 804(2)).

Executive Orders 12866 and 13563 direct agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects, distributive impacts, and equity). A regulatory impact analysis (RIA) must be prepared for major rules with economically significant effects ($100 million or more in any 1 year). We believe this final rule does not reach the economic threshold for being considered economically significant and thus is not considered a major rule. It is not economically significant because it will not have a significant effect on program expenditures, and there are no additional substantive costs to implement the resulting provisions. The rule modifies an existing safe harbor, and the modifications would not impose significant additional costs on those seeking to use the safe harbor. Further, the donation of electronic health records items or services and the use of the safe harbor to protect such donations are entirely voluntary. In section II, we provide a detailed discussion and analysis of the alternatives considered in this final rule, including those considered for extending the sunset date of the electronic health records safe harbor, limiting the scope of protected donors, and tying the timeframe for the deeming provision to ONC's certification program. Finally, we received no public comments specific to the RIA set forth in the 2013 Proposed Rule.

This final rule updates (1) the provision under which electronic health records software is deemed interoperable; (2) removes the requirement related to electronic prescribing capability; (3) extends the safe harbor's sunset date to December 31, 2021; (4) limits the scope of protected donors to exclude laboratory companies; and (5) clarifies the condition that prohibits a donor from taking any action to limit or restrict the use, compatibility, or interoperability of the items or services. Neither this final rule nor the regulations it amends requires any entity to donate electronic health records items and services, but we expect these changes to continue to facilitate the adoption of electronic health record technology by eliminating perceived barriers rather than by creating the primary means by which this technology will be adopted.

The summation of the economic impact analysis regarding the effects of electronic health records in the ambulatory setting that is presented in the 2006 Final Rule still pertains to this final rule. 71 FR 45110 (Aug. 8, 2006). However, since the 2006 Final Rule, several developments have occurred to make us conclude that it is no longer necessary to retain a requirement related to electronic prescribing capability in the electronic health records safe harbor. These developments include the passage of two laws encouraging adoption of electronic prescribing and electronic health-records technology: (1) In 2008, Congress passed the Medicare Improvements for Patients and Providers Act of 2008 (MIPPA), Public Law 110-275; (2) in 2009, Congress passed the Health Information Technology for Economic and Clinical Health (HITECH) Act, Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (ARRA), Public Law 111-5. In addition, there has been an increase over the past few years in the rate of electronic health record-based electronic prescribing capabilities. See, e.g., State Variation in E-Prescribing Trends in the United States—available at: http://www.healthit.gov/sites/default/files/us_e-prescribingtrends_onc_brief_4_nov2012.pdf.

As discussed in more detail in the preamble to the 2013 Proposed Rule, section 132 of MIPPA authorized an electronic prescribing incentive program (starting in 2009) for certain types of eligible professionals. The HITECH Act authorized CMS to establish the EHR Incentive Programs for certain eligible professionals, eligible hospitals, and critical access hospitals. Also, the HITECH Act required that eligible professionals under the EHR Incentive Programs demonstrate meaningful use of certified electronic health record technology, including the use of electronic prescribing. Specifically, the final rule for Stage 2 EHR Incentive Programs (77 FR 53968 (Sept. 4, 2012)) includes more demanding requirements for electronic prescribing and identifies electronic prescribing as a required core measure. As a result, beginning in calendar year 2015, an eligible professional risks a reduction in the Medicare Physician Fee Schedule payment amount that will otherwise apply for covered professional services if they are not a meaningful electronic health record technology user for a reporting period during that year. Our intent is to withhold safe harbor protection from the donation of items or services that a potential recipient already owns, while protecting donation of items and services that advance the adoption and use of electronic health records. Lastly, according to ONC, electronic prescribing by physicians using electronic health record technology has increased from 7 percent in December 2008 to approximately 48 percent in June 2012. Furthermore, the rules recently published to implement Stage 2 of the EHR Incentive Programs continue to encourage physicians' use of electronic prescribing technology. See 77 FR 53968, 53989 (Sept. 4, 2012); 77 FR 54163, 54198 (Sept. 4, 2012). However, due to data limitations, we are unable to accurately estimate how much the electronic health records safe harbor has contributed to the increase in electronic prescribing. We believe, as a result of these legislative and regulatory developments advancing in parallel, the increase in the adoption of electronic prescribing using electronic health record technology will continue without making it necessary to retain the electronic prescribing capability requirement in the electronic health records safe harbor.

The RFA generally requires an agency to conduct a regulatory flexibility analysis of any rule subject to notice and comment rulemaking requirements unless the agency certifies that the rule will not have a significant economic impact on a substantial number of small entities. For purposes of the RFA, small entities include small businesses, certain non-profit organizations, and small governmental jurisdictions. Most hospitals and most other providers and suppliers are small entities, either by nonprofit status or by having revenues below specific limits that range from $7.0 million to $35.5 million (depending on the type of entity in question) in any 1 year. Individuals and States are not included in the definition of a small entity. The Secretary has determined that this final rule would not have a significant economic impact on a substantial number of small entities. Therefore, the undersigned certifies that this rule will not have a significant economic impact on a substantial number of small entities.

In addition, section 1102(b) of the Act requires us to prepare a regulatory impact analysis if a rule may have a significant impact on the operations of a substantial number of small rural hospitals. This analysis must conform to the provisions of section 604 of the RFA. For purposes of section 1102(b) of the Act, CMS defines a small rural hospital as a hospital that is located outside of a Metropolitan Statistical Area for Medicare payment regulations and has fewer than 100 beds. The Secretary has determined that this final rule would not have a significant economic impact on the operations of a substantial number of small rural hospitals.

Title II of the Unfunded Mandates Reform Act of 1995 (UMRA) (codified at 2 U.S.C. 1531-1538) establishes requirements for Federal agencies to assess the effects of their regulatory actions on State, local, and tribal governments and the private sector. Under UMRA, agencies must assess a rule's anticipated costs and benefits before issuing any rule that may result in aggregate costs to State, local, or tribal governments, or the private sector, of greater than $100 million in 1995 dollars (currently adjusted to $141 million). This final rule imposes no mandates and, as a result, will have no consequential effect on State, local, or tribal government or on the private sector of $141 million or more.

Executive Order 13132 establishes certain requirements that an agency must meet when it issues a final rule that imposes substantial direct requirement costs on State and local governments, preempts State law, or otherwise has Federalism implications. For the reasons stated earlier, this final rule will not have a substantial effect on State or local governments, nor does it preempt State law or have Federalism implications.

In accordance with Executive Order 12866, this final rule was reviewed by the Office of Management and Budget.

VI. Paperwork Reduction Act Back to Top

The provisions in this final rule will not impose any new or revised information collection, recordkeeping, or disclosure requirements. Consequently, this rule does not need additional Office of Management and Budget review under the authority of the Paperwork Reduction Act of 1995.

List of Subjects in 42 CFR Part 1001 Back to Top

Accordingly, 42 CFR part 1001 is amended as set forth below:

begin regulatory text

PART 1001—[AMENDED] Back to Top

1.The authority citation for part 1001 continues to read as follows:

Authority:

42 U.S.C. 1302, 1320a-7, 1320a-7b, 1395u(j), 1395u(k), 1395w-104(e)(6), 1395y(d), 1395y(e), 1395cc(b)(2)(D), (E) and (F), and 1395hh; and sec. 2455, 103, 108 Stat. 3327 (31 U.S.C. 6101 note).

2.Section 1001.952 is amended by revising paragraphs (y)(1)(i), (y)(2), (y)(3), and (y)(13), and removing and reserving paragraph (y)(10), to read as follows:

§ 1001.952 Exceptions.

* * * * *

(y) * * *

(1) * * *

(i) An individual or entity, other than a laboratory company, that provides services covered by a Federal health care program and submits claims or requests for payment, either directly or through reassignment, to the Federal health care program; or

* * * * *

(2) The software is interoperable at the time it is provided to the recipient. For purposes of this subparagraph, software is deemed to be interoperable if, on the date it is provided to the recipient, it has been certified by a certifying body authorized by the National Coordinator for Health Information Technology to an edition of the electronic health record certification criteria identified in the then-applicable version of 45 CFR part 170.

(3) The donor (or any person on the donor's behalf) does not take any action to limit or restrict the use, compatibility, or interoperability of the items or services with other electronic prescribing or electronic health records systems (including, but not limited to, health information technology applications, products, or services).

* * * * *

(10) [Reserved]

* * * * *

(13) The transfer of the items and services occurs, and all conditions in this paragraph (y) have been satisfied, on or before December 31, 2021.

* * * * *

end regulatory text

Dated: September 10, 2013.

Daniel R. Levinson,

Inspector General.

Approved: November 14, 2013.

Kathleen Sebelius,

Secretary.

[FR Doc. 2013-30924 Filed 12-23-13; 4:15 pm]

BILLING CODE 4152-01-P

Footnotes Back to Top

2. ONC has recently begun characterizing sets of adopted certification criteria as “editions.”

Back to Context

3. ONC and CMS have subsequently published a “Strategy and Principles to Accelerate HIE” document. http://www.healthit.gov/policy-researchers-implementers/accelerating-health-information-exchange-hie.

Back to Context
Site Feedback