[Federal Register: August 8, 2006 (Volume 71, Number 152)]
[Rules and Regulations]
[Page 45109-45137]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr08au06-15]
[[Page 45109]]
-----------------------------------------------------------------------
Part II
Department of Health and Human Services
-----------------------------------------------------------------------
Office of Inspector General
-----------------------------------------------------------------------
42 CFR Part 1001
Medicare and State Health Care Programs: Fraud and Abuse; Safe Harbors
for Certain Electronic Prescribing and Electronic Health Records
Arrangements Under the Anti-Kickback Statute; Final Rule
[[Page 45110]]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of Inspector General
42 CFR Part 1001
RIN 0991-AB39
Medicare and State Health Care Programs: Fraud and Abuse; Safe
Harbors for Certain Electronic Prescribing and Electronic Health
Records Arrangements Under the Anti-Kickback Statute
AGENCY: Office of Inspector General (OIG), HHS.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: As required by the Medicare Prescription Drug, Improvement,
and Modernization Act of 2003 (MMA), Public Law 108-173, this final
rule establishes a new safe harbor under the Federal anti-kickback
statute for certain arrangements involving the provision of electronic
prescribing technology. Specifically, the safe harbor would protect
certain arrangements involving hospitals, group practices, and
prescription drug plan (PDP) sponsors and Medicare Advantage (MA)
organizations that provide to specified recipients certain nonmonetary
remuneration in the form of hardware, software, or information
technology and training services necessary and used solely to receive
and transmit electronic prescription information. In addition, in
accordance with section 1128B(b)(3)(E) of the Social Security Act (the
Act), this final rule creates a separate new safe harbor for certain
arrangements involving the provision of nonmonetary remuneration in the
form of electronic health records software or information technology
and training services necessary and used predominantly to create,
maintain, transmit, or receive electronic health records.
DATES: Effective Date: These regulations are effective October 10,
2006.
FOR FURTHER INFORMATION CONTACT: Catherine Martin, Office of Counsel to
the Inspector General, (202) 619-0335.
SUPPLEMENTARY INFORMATION:
I. Background
Overview--Establishing New Safe Harbors for Arrangements Involving
Electronic Prescribing and Electronic Health Records Technology
This final rule establishes safe harbor protection for certain
arrangements involving the donation of electronic prescribing and
electronic health records technology. Section I contains a brief
background discussion addressing the anti-kickback statute and safe
harbors; a summary of the relevant MMA provisions; a summary of the
proposed safe harbors; and a summary of the final safe harbors. Section
II contains a summary of the public comments and our responses.
A. The Anti-Kickback Statute and Safe Harbors
Section 1128B(b) of the Act (42 U.S.C. 1320a-7b(b), the ``anti-
kickback statute'') provides criminal penalties for individuals or
entities that knowingly and willfully offer, pay, solicit, or receive
remuneration in order to induce or reward the referral of business
reimbursable under any of the Federal health care programs, as defined
in section 1128B(f) of the Act. The offense is classified as a felony
and is punishable by fines of up to $25,000 and imprisonment for up to
five years. Violations of the anti-kickback statute may also result in
the imposition of civil money penalties (CMPs) under section
1128A(a)(7) of the Act (42 U.S.C. 1320a-7a(a)(7)), program exclusion
under section 1128(b)(7) of the Act (42 U.S.C. 1320a-7(b)(7)), and
liability under the False Claims Act, (31 U.S.C. 3729-33).
The types of remuneration prohibited specifically include, without
limitation, kickbacks, bribes, and rebates, whether made directly or
indirectly, overtly or covertly, in cash or in kind. Prohibited conduct
includes not only the payment of remuneration intended to induce or
reward referrals of patients, but also the payment of remuneration
intended to induce or reward the purchasing, leasing, or ordering of,
or arranging for or recommending the purchasing, leasing, or ordering
of, any good, facility, service, or item reimbursable by any Federal
health care program.
Because of the broad reach of the statute, concern was expressed
that some relatively innocuous commercial arrangements were covered by
the statute and, therefore, potentially subject to criminal
prosecution. In response, Congress enacted section 14 of the Medicare
and Medicaid Patient and Program Protection Act of 1987, Public Law
100-93 (section 1128B(b)(3)(E) of the Act), which specifically required
the development and promulgation of regulations, the so-called ``safe
harbor'' provisions, which would specify various payment and business
practices that would not be treated as criminal offenses under the
anti-kickback statute, even though they may potentially be capable of
inducing referrals of business under the Federal health care programs.
Since July 29, 1991, we have published in the Federal Register a series
of final regulations establishing ``safe harbors'' in various areas.\1\
These OIG safe harbor provisions have been developed ``to limit the
reach of the statute somewhat by permitting certain non-abusive
arrangements, while encouraging beneficial or innocuous arrangements.''
(56 FR 35952, 35958; July 21, 1991).
---------------------------------------------------------------------------
\1\ 56 FR 35952 (July 29, 1991); 61 FR 2122 (January 25, 1996);
64 FR 63518 (November 19, 1999); 64 FR 63504 (November 19, 1999);
and 66 FR 62979 (December 4, 2001).
---------------------------------------------------------------------------
Health care providers and others may voluntarily seek to comply
with safe harbors so that they have the assurance that their business
practices will not be subject to liability under the anti-kickback
statute, the CMP provision for anti-kickback violations, or the program
exclusion authority related to kickbacks. In giving the Department of
Health and Human Services the authority to protect certain arrangements
and payment practices from penalties under the anti-kickback statute,
Congress intended the safe harbor regulations to be evolving rules that
would be updated periodically to reflect changing business practices
and technologies in the health care industry.
B. Section 101 of MMA
Section 101 of the MMA added a new section 1860D to the Act,
establishing a Part D prescription drug benefit in the Medicare
program. As part of the new statutory provision, Congress, through
section 1860D-4(e) of the Act, directed the Secretary to create
standards for electronic prescribing in connection with the new
prescription drug benefit, with the objective of improving patient
safety, quality of care, and efficiency in the delivery of care.\2\
Section 1860D-4(e)(6) of the Act directs the Secretary, in consultation
with the Attorney General, to create a safe harbor to the anti-kickback
statute that would protect certain arrangements involving the provision
of nonmonetary remuneration (consisting of items and services in the
form of hardware, software, or information technology and training
services) that is necessary and used solely to receive and transmit
electronic prescription information in accordance with electronic
prescribing standards promulgated by the Secretary under section 1860D-
4(e)(4) of the Act. Specifically, the safe harbor would set forth
conditions under which the provision of such technology by hospitals,
group practices, and PDP sponsors and MA organizations to certain
prescribing health care professionals, pharmacies, and pharmacists
would be protected.
---------------------------------------------------------------------------
\2\ See H.R. Rep. No. 108-391 at 495 (2003) (Conf. Rep.).
---------------------------------------------------------------------------
[[Page 45111]]
We do not believe Congress, in enacting section 1860D-4(e)(6) of
the Act, intended to suggest that a new safe harbor is needed for all
or even most arrangements involving the provision of electronic
prescribing items and services. In general, fair market value
arrangements that are arm's-length and do not take into account in any
manner the volume or value of Federal health care program business, or
arrangements that do not have as one purpose the generation of business
payable by a Federal health care program, should not raise concerns
under the anti-kickback statute. In addition, many arrangements can be
structured to fit in existing safe harbors, including the safe harbors
for discounts (42 CFR 1001.952(h)) and for remuneration offered to
employees (42 CFR 1001.952(i)). Finally, parties may use the OIG
advisory opinion process (42 CFR part 1008; http://oig.hhs.gov/fraud/advisoryopinions.html
) to determine whether their particular
arrangements would be subject to OIG sanctions.
In addition to the new safe harbor under the anti-kickback statute,
section 1860D-4(e)(6) of the Act directs the Secretary to create a
corresponding exception to section 1877 of the Act, commonly known as
the physician self-referral law. That exception is being promulgated
through a separate rulemaking by the Centers for Medicare & Medicaid
Services (CMS), the agency that administers the physician self-referral
law. We have endeavored to ensure as much consistency as possible
between our final safe harbor and the corresponding final physician
self-referral exception, given the differences in the respective
underlying statutes. One significant difference in the statutory
schemes is that fitting in an exception under section 1877 is
mandatory, whereas complying with a safe harbor under the anti-kickback
statute is voluntary. In other words, arrangements that do not comply
with the electronic prescribing safe harbor at 42 CFR 1001.952(x) will
not necessarily be illegal under the anti-kickback statute. Rather,
they will be subject to the customary case-by-case review under the
statute to determine the parties' intent. (The same holds true for
electronic health records technology arrangements that do not fit in
the new safe harbor at 42 CFR 1001.952(y).) Another difference is that
section 1877 applies only to referrals from physicians, while the anti-
kickback statute applies more broadly.
C. Summary of the Proposed Rulemaking
On October 11, 2005, we published a notice of proposed rulemaking
to promulgate three safe harbors under the anti-kickback statute (70 FR
59015; October 11, 2005). The first proposed safe harbor addressed
arrangements involving electronic prescribing technology, as required
by section 101 of the MMA. Many industry and government stakeholders
had expressed concerns that the MMA provision was not sufficiently
useful or practical, and would not adequately advance the goal of
achieving improved health care quality and efficiency through
widespread adoption of interoperable electronic health records systems.
Accordingly, we proposed two additional safe harbors to address
donations of certain electronic health records software and directly
related training services, using our authority at section
1128B(b)(3)(E) of the Act. One proposed safe harbor would have
protected certain arrangements involving nonmonetary remuneration in
the form of interoperable electronic health records software certified
in accordance with criteria adopted by the Secretary (and directly
related training services). The second proposed safe harbor would have
protected certain arrangements involving donations of electronic health
records software before adoption of certification criteria.
D. Summary of the Final Rulemaking
In this final rulemaking, we are adding two new safe harbors to the
existing regulations at 42 CFR 1001.952: One protecting certain
arrangements involving electronic prescribing technology (new 42 CFR
1001.952(x)) and one protecting certain arrangements involving
interoperable electronic health records software or information
technology and training services (new 42 CFR 1001.952(y)). (For
purposes of this rulemaking referred to, respectively, as the
``electronic prescribing safe harbor'' and the ``electronic health
records safe harbor.'') For the reasons explained below in Section II,
we are abandoning the proposal to have separate pre- and post-
interoperability safe harbors for electronic health records
arrangements.
OIG has a longstanding concern about the provision of free or
reduced price goods or services to an existing or potential referral
source. There is a substantial risk that free or reduced price goods or
services may be used as a vehicle to disguise or confer an unlawful
payment for referrals of Federal health care program business.
Financial incentives offered, paid, solicited, or received to induce or
in exchange for generating Federal health care business increase the
risks of, among other problems: (i) Overutilization of health care
items or services; (ii) increased Federal program costs; (iii)
corruption of medical decision making; and (iv) unfair competition.
Thus, consistent with the structure and purpose of the anti-kickback
statute and the regulatory authority at section 1128B(b)(3)(E) of the
Act, we believe any safe harbor for electronic health records
arrangements should protect beneficial arrangements that would
eliminate perceived barriers to the adoption of electronic health
records without creating undue risk that the arrangements might be used
to induce or reward the generation of Federal health care program
business.
For the convenience of the public, we are providing the following
chart that lays out schematically the overall structure and approach of
the final safe harbors, details of which are provided below in sections
II. B. and II. C. Readers are cautioned that the final safe harbors
contain additional conditions and information not summarized here.
------------------------------------------------------------------------
MMA-mandated Electronic health
electronic records
prescribing safe arrangements safe
harbor harbor
------------------------------------------------------------------------
Authority for Final Safe Harbor. Section 101 of the Section
Medicare 1128B(b)(3)(E) of
Prescription the Social
Drug, Security Act.
Improvement, and
Modernization Act
of 2003.
[[Page 45112]]
Covered Technology.............. Items and services Software necessary
that are and used
necessary and predominantly to
used solely to create, maintain,
transmit and transmit, or
receive receive
electronic electronic health
prescription records. Software
information. must include an
Includes hardware, electronic
software, prescribing
internet component.
connectivity, and (Software
training and packages may also
support services. include functions
related to
patient
administration,
for example,
scheduling,
billing, and
clinical
support.)
Information
technology and
training
services, which
could include,
for example,
internet
connectivity and
help desk support
services.
Does not include
hardware.
Standards with Which Donated Final standards Electronic health
Technology Must Comply. for electronic records software
prescribing as that is
adopted by the interoperable.
Secretary. Certified
software may be
deemed
interoperable
under certain
circumstances.
Electronic
prescribing
capability must
comply with final
standards for
electronic
prescribing
adopted by the
Secretary.
Donors and Recipients........... As required by Protected donors
statute, are (i)
protected donors individuals and
and recipients entities that
are hospitals to provide covered
members of their services and
medical staffs, submit claims or
group practices requests for
to physician payment, either
members, PDP directly or
sponsors and MA through
organizations to reassignment, to
network any Federal
pharmacists and health care
pharmacies, and program and (ii)
to prescribing health plans.
health care Protected
professionals. recipients are
individuals and
entities engaged
in the delivery
of health care.
Selection of Recipients......... Donors may not Donors may not
select recipients select recipients
using any method using any method
that takes into that takes into
account the account directly
volume or value the volume or
of referrals from value of
the recipient or referrals from
other business the recipient or
generated between other business
the parties. generated between
the parties.
Value of Protected Technology... No limit on the Recipients must
value of pay 15% of the
donations of donor's cost for
electronic the donated
prescribing technology.
technology. The donor (or any
affiliate) must
not finance the
recipient's
payment or loan
funds to the
recipient for use
by the recipient
to pay for the
technology.
Expiration of the Safe Harbor... None.............. Safe harbor
sunsets on
December 31,
2013.
------------------------------------------------------------------------
II. Summary of Public Comments and OIG Responses
OIG received a total of 71 timely filed comments from entities and
individuals. The majority of the comments came from hospitals and
health systems, trade associations, and vendors. OIG also received
comments from information technology organizations, health plans,
nonprofit organizations, pharmaceutical manufacturers, pharmacies, and
physician organizations. In addition, OIG participated in an Open Door
Forum organized by CMS on November 9, 2005, at which various
stakeholders addressed a wide array of issues.
Overall, the commenters welcomed the establishment of safe harbors
for electronic prescribing and electronic health records technology
arrangements. However, we received many specific comments about various
aspects of the proposed rules. We have divided the summaries of the
public comments and our responses into four parts: (1) General comments
for all of the proposed safe harbors; (2) comments specific to the
electronic prescribing safe harbor; (3) comments specific to the
electronic health records safe harbor; and (4) comments specific to
community-wide health information systems.
A. General Comments
Comment: Most commenters supported the promulgation of safe harbors
for electronic prescribing and electronic health records arrangements.
Commenters observed that both Congress and the Administration have
recognized the compelling need for rapid and widespread adoption of
electronic prescribing and electronic health records technology.
Several commenters urged that fraud and abuse concerns not impede the
adoption of health information technology. In this regard, some
commenters suggested that the final regulations should better balance
the goal of preventing fraud and abuse in the short-term with the goal
of creating incentives for health information technology arrangements
that result in greater fraud reduction, increased quality and
efficiency, and better patient care. One commenter asserted that
investments in health information technology and the desire to provide
an incentive to participate in health information technology systems do
not raise typical fraud and abuse concerns present with other financial
arrangements. However, another commenter noted that the proposed rule
generally struck an appropriate balance between the needs of physicians
who may require assistance to develop health information technology
systems and the underlying purposes of the Federal fraud and abuse
laws.
Response: We disagree with the commenter that suggested that
financial arrangements involving incentives in the form of health
information technology do not pose the same fraud and abuse concerns as
other financial arrangements between parties in a potential referral
relationship. Indeed, our enforcement experience demonstrates that
improper remuneration for Federal health care program business may take
many forms,
[[Page 45113]]
including free computers, facsimile machines, software, and other goods
and services. However, we recognize that certain transfers of health
information technology between parties with actual or potential
referral relationships may further the important national policy of
promoting widespread adoption of health information technology to
improve patient safety, quality of care, and efficiency in the delivery
of health care. We believe the final rule strikes the appropriate
balance between promoting the adoption of health information technology
and protecting against fraud and abuse.
Comment: Several commenters urged that Congress and the
Administration need to do more to offer meaningful financial incentives
for practitioners to accept the increased cost and workflow burdens
associated with the implementation of health information technology,
for example, by providing modest add-on payments to physicians who
employ health information technology as part of overall quality
improvement measures. Some commenters observed that the proposed
regulations would remove a minor impediment to the adoption of health
information technology, but that the Department must play a larger role
in providing capital for the technologies that assist physicians in
providing quality care and avoiding medical errors.
Response: These comments address matters outside the scope of this
rulemaking. The Administration supports the adoption of health
information technology as a normal cost of doing business. The 2007
Budget states that ``[t]he Administration supports the adoption of
health information technology (IT) as a normal cost of doing business
to ensure patients receive high quality care.''
Comment: Some commenters complained that the proposed safe harbors
were too narrow and vague. These commenters urged that the final safe
harbors should be easy to understand, interpret, and enforce so that
donors and recipients can readily distinguish permissible activities
from those that violate the statute. Some commenters believed that the
proposed rules were too complex and might have the unintended effect of
discouraging participation in health information technology
arrangements.
Response: As described elsewhere in this preamble, we have adopted
a number of modifications and changes that address the commenters'
concerns. While the final safe harbor at Sec. 1001.952(x) addresses
only electronic prescribing arrangements, the final safe harbor at
Sec. 1001.952(y) protects a broad scope of arrangements involving
electronic health records technology. We have made a number of changes
that clarify and simplify the final rules. We have endeavored to create
bright line provisions to the extent possible. We reiterate that
compliance with a safe harbor does not necessarily distinguish between
lawful and unlawful activities under the Federal anti-kickback statute.
Compliance with a safe harbor is voluntary; arrangements that do not
comply are not per se illegal. As we explained in the preamble to the
1991 final safe harbors regulations:
* * * If a person participates in an arrangement that fully
complies with a given [safe harbor] provision, he or she will be
assured of not being prosecuted criminally or civilly for the
arrangement that is the subject of that provision * * * This [safe
harbor] regulation does not expand the scope of activities that the
statute prohibits. The statute itself describes the scope of illegal
activities. The legality of a particular business arrangement must
be determined by comparing the particular facts to the proscriptions
of the statute.
The failure to comply with a safe harbor can mean one of three
things. First * * * it may mean that the arrangement does not fall
within the ambit of the statute. In other words, the arrangement is
not intended to induce the referral of business reimbursable under
Medicare or Medicaid; so there is no reason to comply with the safe
harbor standards, and no risk of prosecution.
Second, at the other end of the spectrum, the arrangement could
be a clear statutory violation and also not qualify for safe harbor
protection. In that case, assuming the arrangement is obviously
abusive, prosecution would be very likely.
Third, the arrangement may violate the statute in a less serious
manner, although not be in compliance with a safe harbor provision.
Here, there is no way to predict the degree of risk. Rather, the
degree of risk depends on an evaluation of the many factors which
are part of the decision-making process regarding case selection for
investigation and prosecution * * *. (56 FR 35952, 35954; July 29,
1991).
We do not believe Congress, in enacting section 1860D-4(e)(6) of
the Act, intended to suggest that a new safe harbor is needed for all
or even most arrangements involving the provision of electronic
prescribing items and services. Nor do we believe a safe harbor is
needed for all electronic health records arrangements. In general, fair
market value arrangements that are arm's-length and do not take into
account in any manner the volume or value of Federal health care
program business, or arrangements that do not have as one purpose the
generation of business payable by a Federal health care program, should
not raise concerns under the anti-kickback statute. In addition, many
arrangements can be structured to fit in existing safe harbors.
Comment: Some commenters observed that in describing the
nonmonetary remuneration that would be included in the proposed safe
harbors, the proposed safe harbors did not reflect the many existing
combinations and varieties of electronic prescribing, electronic health
records, and similar technology.
Response: As discussed more fully below, we believe that the final
safe harbors are sufficiently broad to accommodate the most essential
current and evolving electronic prescribing and electronic health
records technology. We started this rulemaking process by looking to
the guidance from the Congress in section 101 of the MMA with respect
to electronic prescribing technology. Using our regulatory authority,
we have added a separate safe harbor for arrangements involving
electronic health records software or information technology and
training services. We believe that we have appropriately balanced the
goal of promoting widespread adoption of health information technology
against the significant fraud and abuse concerns that stem from the
provision of free or reduced cost goods or services to actual or
potential referral sources.
Comment: A commenter suggested that the final regulations should
include provisions that allow CMS to evaluate and ensure that the
regulatory requirements, once enacted, have not negatively impacted key
stakeholders or business segments within the healthcare industry.
Response: It would be inappropriate for a safe harbor under the
anti-kickback statute to include a provision for ongoing CMS
evaluation. Like all regulatory safe harbors, OIG may in future
rulemaking propose modifications or clarifications to the safe harbor
conditions, as appropriate. OIG annually solicits suggestions from the
industry for new and modified safe harbors in accordance with section
205 of the Health Insurance Portability and Accountability Act of 1996.
Comment: We solicited comments on whether and, if so, how, to take
into account recipient access to publicly available software at free or
reduced prices. One commenter urged that the availability of free
public software should not impact the design of the final safe harbors.
In addition, the commenter urged that physicians and hospitals be
granted substantial latitude in selecting interoperable technology that
best meets their needs.
[[Page 45114]]
Response: Upon further consideration, we have concluded that it is
not necessary to take the availability of publicly available software
into account in developing the final safe harbors. Hospitals,
physicians, and other donors and recipients will have great latitude in
selecting technology that will qualify for safe harbor protection.
Nothing in this rule limits the choice of health information
technology, although certain transfers of technology, such as non-
interoperable electronic health records software (as discussed below),
would not qualify for safe harbor protection, because it would not meet
all safe harbor conditions. As noted elsewhere, arrangements that fall
outside a safe harbor must be evaluated under the anti-kickback statute
on a case-by-case basis.
Comment: Some commenters suggested that the safe harbors under the
anti-kickback statute should mirror the exceptions under the physician
self-referral law in all respects in order to promote the rapid and
widespread adoption of electronic prescribing and electronic health
records technology. A few commenters suggested that we not adopt anti-
kickback statute safe harbors or that any safe harbors should be
stricter than any corresponding exceptions to the physician self-
referral law.
Response: We believe consistency between these safe harbors and the
corresponding exceptions under the physician self-referral law is
preferable. We have attempted to ensure as much consistency between the
two sets of regulations as possible given the underlying differences in
the two statutory schemes.
Comment: Some commenters wanted the final safe harbors to preempt
any State laws or regulations that conflict with the requirements of
the safe harbors.
Response: The MMA specifically dictated that the Part D electronic
prescribing standards would preempt any State law or regulation that
(1) is contrary to the adopted final Part D electronic prescribing
standards or that restricts the Department's ability to carry out Part
D of Title XVIII and (2) pertains to the electronic transmission of
medication history and information on eligibility, benefits, and
prescriptions with respect to covered Part D drugs under Part D.
However, no similar mandate was provided with respect to the anti-
kickback safe harbor for the donation of electronic prescribing
technology. Moreover, the legal authority for the electronic health
records safe harbor in this rule is derived from section 1128B(b)(3)(E)
of the Act, which similarly does not provide authority to preempt State
anti-kickback laws.
Comment: Some commenters inquired whether the electronic
information that is transmitted via electronic prescribing or
electronic health records systems would be considered remuneration for
purposes of the anti-kickback statute.
Response: Whether a particular item or service constitutes
remuneration for purposes of the anti-kickback statute depends on the
particular facts and circumstances. Typically, information about a
particular patient's health status, medical condition, or treatment
exchanged between or among the patient's health care providers and
suppliers for the purpose of diagnosing or treating the patient would
not constitute remuneration to the recipient of the information. In
this regard, the electronic exchange of patient health care information
is comparable to the exchange of such information by mail, courier, or
telephone conversation. Thus, when related to the care of individual
patients, information such as test results, diagnosis codes,
descriptions of symptoms, medical history, and prescription information
are part of the delivery of the health care services and would not have
independent value to the recipient. However, in other situations,
information may be a commodity with value that could be conferred to
induce or reward referrals. For example, data related to research or
marketing purposes, or information otherwise obtained through a
subscription or for a fee, could constitute remuneration for purposes
of the anti-kickback statute.
B. Electronic Prescribing Safe Harbor Required Under Section 101 of the
MMA (42 CFR 1001.952(x))
Summary of the Proposed Rule
On October 11, 2005, as mandated in the MMA, we proposed adding a
new paragraph (x) to the existing safe harbor regulations at 42 CFR
1001.952 for certain electronic prescribing arrangements. Specifically,
we proposed:
Protecting certain arrangements involving the provision of
nonmonetary remuneration--in the form of hardware, software, or
information technology or training services--necessary and used solely
to receive and transmit electronic drug prescription information. We
construed this language broadly to include internet connectivity
services (of all types, including broadband or wireless), and upgrades
of equipment and software that significantly enhanced functionality.
Requiring that the donated technology must be part of, or
used to access, a prescription drug program that meets applicable
standards under Medicare Part D.
Protecting technology provided by a hospital to its
medical staff; by a medical group practice to its members; and by a PDP
sponsor or MA organization to prescribing health care professionals, as
well as to pharmacies and pharmacists in the plan's network, so long as
all of the safe harbor conditions were satisfied.
Prohibiting a recipient from making donation of technology
a condition of doing business with a donor.
Requiring that protected arrangements be fully and
completely documented.
Excluding donations of technology that replicate
technology the recipient already possesses. To ensure compliance with
this provision, we proposed requiring recipients to certify that they
did not already possess equivalent technology. Moreover, we proposed
that donors would not be protected if they knew or should have known
that the recipients already possessed equivalent technology.
Requiring that neither a recipient's eligibility for
donated technology, nor the amount or nature of the technology, could
be determined in any manner that directly or indirectly takes into
account the volume or value of referrals or other business generated
between the parties.
Requiring that the parties not take any action to impede
the compatibility or interoperability of the technology.
Requiring that the donor not restrict the ability of the
recipient to use the technology for any patient, regardless of payor.
Limiting the value of donated technology that could be
protected by the safe harbor.
In deference to the limitations imposed by the ``used
solely'' standard set forth in the MMA, promulgating a separate safe
harbor for multi-functional items and services used for electronic
prescribing (e.g., connectivity services and multi-use hand held
devices or computers).
Summary of the Final Rule
The final safe harbor at 42 CFR 1001.952(x) adopts the proposed
safe harbor, with the following key clarifications:
The final rule protects technology necessary and used
solely to receive and transmit any prescription information, whether
related to drugs or to other items or services normally ordered by
prescription (e.g., laboratory tests and durable medical equipment
orders).
[[Page 45115]]
Donations may be in an unlimited amount.
We have abandoned our proposal to require that recipients
provide a written certification that the donated technology is not
technically or functionally equivalent to the technology the recipient
already possessed or had obtained. We have added language that permits
arrangements to be memorialized through cross-referencing incorporation
of prior agreements between the parties.
We are not finalizing a separate safe harbor for multi-
functional electronic prescribing technology.
General Comments
Comment: Many commenters stated that the proposed electronic
prescribing safe harbor was too narrow to be useful and should be
merged into an electronic health records safe harbor, noting that
physicians would likely resist adopting stand-alone electronic
prescribing systems. One commenter observed that the proposed rule was
generally in accordance with congressional intent underlying section
101 of the MMA.
Response: We agree that the proposed safe harbor was consistent
with congressional intent. As we are not free to ignore a congressional
mandate, we must promulgate the electronic prescribing safe harbor
described in section 101 of the MMA. However, we are also promulgating
a separate safe harbor for electronic health records arrangements that
also incorporate an electronic prescribing component. This new safe
harbor should address the commenters' concerns.
1. Protected Nonmonetary Remuneration
a. Necessary and Used Solely
In the proposed rule, we proposed protecting items and services
that are necessary and used solely to transmit and receive electronic
prescription drug information. We stated that the safe harbor would not
protect arrangements in which donors provided items or services that
were technically or functionally equivalent to items that the recipient
already possessed or services that the recipient had already obtained.
We proposed requiring the recipient to certify that the items and
services provided were not technically or functionally equivalent to
those that the recipient already possessed or had already obtained. We
also proposed that arrangements would not be protected if the donor
knowingly provided technology that duplicated the recipient's existing
technology. We indicated that upgrades of equipment or software that
significantly enhanced the functionality of the item or service would
be considered ``necessary'' for purposes of the safe harbor.
Because the term ``necessary'' appeared in our proposed rulemaking
in the discussions of all three proposed safe harbors, many commenters
chose to address this requirement primarily in the context of the
proposed safe harbors for electronic health records arrangements. Thus,
there is a detailed discussion of our interpretation of the term
``necessary'' in section II.C.1.b of this preamble, which addresses the
new electronic health records safe harbor. We intend to interpret the
term ``necessary'' uniformly for both new safe harbors. We are
addressing here only those comments received on the proposed electronic
prescribing safe harbor requirement that transferred technology be
``necessary and used solely'' to receive and transmit electronic
prescription information.
Comment: One commenter observed that the ``necessary and used
solely'' requirement ensures that items and services will be used to
encourage electronic prescribing activities. This commenter suggested
including an additional requirement that the items or services be
clearly intended to promote interoperability of health information and
the improvement of quality in a clinical setting.
Response: We agree that it was the intent of Congress to encourage
electronic prescribing activities, in part, through the development of
a safe harbor for transfers of certain items and services necessary and
used solely for electronic prescribing transactions. However, the
intent-based additional standard suggested by the commenter, while
reflecting laudable goals, is not sufficiently ``bright line'' for
purposes of this safe harbor. We have included a requirement at Sec.
1001.952(x)(2) intended to ensure that protected technology meets Part
D electronic prescribing standards applicable at the time of the
donation, including any standards relating to interoperability.
Comment: Some commenters expressed concern that OIG has taken an
unnecessarily narrow interpretation of the statutory language
``necessary and used solely to receive and transmit electronic
prescription information in accordance with the standards promulgated
under this subsection [section 101 of the MMA] * * *.'' One commenter
explained its view that the phrase ``necessary and used solely'' should
be read so that the word ``necessary'' modifies the phrase ``to receive
and transmit electronic prescription information'' and the phrase
``used solely'' modifies the phrase ``in accordance with the standards
promulgated under this subsection.'' In other words, in this
commenter's view the protected hardware, software and services must be
``necessary'' to perform electronic prescribing transactions ``solely''
in accordance with CMS established data interchange standards. This
commenter explained that this interpretation would be consistent with
the purpose of the safe harbor and the practical realities of computers
and electronic transactions.
Response: We appreciate the comment; however, we do not believe the
commenter's proposed interpretation is the best or most logical reading
of the statutory language. We believe the better and less strained
reading is that Congress intended for all donated technology to be
necessary for the receipt and transmission of electronic prescription
information and to be used solely for that purpose. The requirement
that the items and services be ``necessary and used solely'' for
transmitting and receiving electronic prescribing information helps
minimize the potential for abuse. Limiting the safe harbor to necessary
items and services helps ensure the safe harbor does not become a means
of conveying valuable items and services that do not further the
underlying policy goals and that might, in reality, constitute
disguised referral payments.
As we noted in the preamble to the proposed rulemaking, we believe
Congress included the ``used solely'' requirement to safeguard against
abusive arrangements in which the donated technology might constitute a
payment for referrals because it might have additional value
attributable to uses other than electronic prescribing. See 70 FR at
59018. For example, a computer that a physician can use to conduct
office or personal business might have value to the physician apart
from its electronic prescribing purpose; if this value is transferred
to the physician in connection with referrals, the statute would be
implicated.\3\ Accordingly, consistent with section 101 of the MMA, the
final safe harbor requires that the protected items and services be
``necessary and used solely'' to transmit or receive electronic
prescribing information.
---------------------------------------------------------------------------
\3\ See, e.g., 56 FR 35952, 35978 (July 29, 1991) (noting that a
computer that has independent value to a physician may constitute an
illegal inducement).
---------------------------------------------------------------------------
We note that software that bundles general office management,
billing, scheduling, electronic health records, or other functions with
the electronic
[[Page 45116]]
prescribing features would not meet the ``used solely'' requirement and
would not be protected by the final electronic prescribing safe harbor.
In some cases, the provision of such bundled software may be eligible
for protection under the new safe harbor for electronic health records
arrangements at Sec. 1001.952(y).
Comment: A commenter suggested that multi-functional technology be
considered ``necessary'' so long as it includes all components required
for a physician to prescribe electronically, even if the technology has
other functions (e.g., a handheld device that can be used for more than
electronic prescribing).
Response: The commenter's suggestion, as we understand it, is not
consistent with the MMA statutory language.
Comment: Many commenters requested that we eliminate the proposed
requirement that recipients provide written certification that the
donated technology is not technically or functionally equivalent to
technology the recipient already possesses, expressing concern about
the possible difficulty of making this determination, the lack of
technical expertise on the part of some recipients, and the increased
cost that could arise by having an outside expert provide a
determination of technical or functional equivalence. One commenter
supported OIG's interpretation of the term ``necessary'' as permitting
upgrades of equipment or software that significantly enhance the
functionality of an item or service. Another commenter suggested that
we should not require that the upgrades ``significantly'' enhance the
functionality of the item or service. Rather, the commenter believed
that we should allow the marketplace to determine whether an upgrade
constitutes a beneficial improvement.
Response: For the reasons noted in detail below in section
II.C.1.b.i, with respect to the electronic health records safe harbor,
we are not adopting the proposed requirement that recipients provide
written certification that the donated technology is not technically or
functionally equivalent to technology the recipient already possesses.
However, while we are eliminating the certification requirement, we do
not believe items and services are ``necessary'' for electronic
prescribing if the recipient already possesses equivalent items or
services. The provision of equivalent items and services poses a
heightened risk of abuse, since such arrangements potentially confer
independent value on the recipient (i.e., the value of the existing
items and services that might be put to other uses) unrelated to the
need for electronic prescribing technology. Thus, if a donor knows that
the recipient already possesses the equivalent items or services, or
acts in deliberate ignorance or reckless disregard of that fact, the
donor will not be protected by the safe harbor. Thus, prudent donors
may want to make reasonable inquires of potential recipients and
document the communications. We do not believe this requirement
necessitates the hiring of technical experts by either the donor or the
recipient. Further, with respect to upgrades of equipment or software,
we agree with the commenter that distinguishing ``significant''
enhancements from other beneficial improvements introduces unnecessary
complexity. Under the final safe harbor, any upgrade that is necessary
and used solely to transmit and receive electronic prescribing
information will be protected (so long as all other safe harbor
conditions are satisfied).
Comment: Many commenters noted that it would be impractical to
require physicians to acquire or use software and hardware solely for
electronic prescribing. Several commenters noted that, in most cases,
single-use technology is of limited value to a physician, and could
result in inefficiencies. Another commenter expressed concern that the
``used solely'' standard would preclude the use of robust electronic
clinical support tools, such as tools to identify drug-to-drug
interactions, or to conduct drug-to-laboratory or prescription data
analysis. This commenter urged that any exceptions from the fraud and
abuse laws for health information technology arrangements promote
access to all information needed by physicians to evaluate alternative
drug therapies, identify potential drug-to-drug interactions, and to
improve safety, quality, and efficiency of patient care.
Response: The ``used solely'' condition derives directly from the
MMA language. We believe that many of the arrangements of interest to
the commenters are best addressed by the electronic health records safe
harbor, which is not restricted to technology used solely for
electronic prescribing.
The MMA-mandated electronic prescribing safe harbor is reasonably
interpreted to encompass electronic tools that provide information
necessary to formulate, transmit, or receive a medically appropriate
prescription for a patient. These would include electronic clinical
support tools identifying alternative drug therapies, drug-to-drug
interactions, or a payor's formulary information. The nature of the
``prescription data analysis'' tools referenced by the commenter is not
clear. We believe the appropriate inquiry would be whether the tool is
used to formulate and transmit or receive a medically appropriate
prescription for a patient. To the extent the data analysis tool (or
any other electronic item or service) is used to transmit or receive
data unrelated to a medically appropriate prescription for a patient
(e.g., data collected for marketing purposes), the tool would not be
necessary for electronic prescribing and would not come within the safe
harbor.
b. Covered Technology
In our proposed rule, we proposed protecting hardware, software, or
information technology and training services that met the various safe
harbor conditions. We interpreted our proposed language to include
broadband or wireless internet connectivity, training, information
technology support services, and other items and services used in
connection with the transmission or receipt of electronic prescribing
information.
Comment: Various commenters suggested that the scope of covered
technology should be expanded to include: Billing, scheduling, and
other administrative functions; implementation and maintenance of the
system; ``upgrades;'' and licenses, rights of use, or intellectual
property. Commenters also urged that any safe harbor cover educational
sessions and consulting assistance related to the electronic
prescribing technology. Commenters generally agreed that the provision
of equipment for personal, non-medical purposes should not be
protected. One commenter suggested that it would not be possible to
develop a comprehensive list of protected technology transfers that
would sufficiently reflect all possible electronic prescribing items
and services. The commenter recommended that OIG periodically review
the scope of protected items and services, and expand it as needed.
Response: We agree that it would be difficult to provide a
comprehensive list of specific items and services covered by the safe
harbor. While a specific list would provide a ``bright line'' rule, in
this case it would also impede the ability of the safe harbor to
accommodate novel or rapidly evolving technologies in the marketplace.
For these reasons, we are not promulgating a specific list of protected
items and services.
Consistent with the MMA mandate, covered items and services under
[[Page 45117]]
Sec. 1001.952(x) include ``hardware, software, and information
technology and training services'' that are necessary and used solely
for electronic prescribing and that meet all other safe harbor
conditions. We believe that licenses, rights of use, intellectual
property, upgrades, and educational and support services (including,
for example, help desk and maintenance services) are items and services
that can potentially fit in the safe harbor, if all safe harbor
conditions are met. Billing, scheduling, administrative, and other
general office software cannot. Operating software that is necessary
for the hardware to operate can qualify for safe harbor protection
because it is integral to the hardware. Moreover, operating software is
distinct from other software applications that are not necessary to
transmit or receive electronic prescribing information. Patches
designed to link the donor's existing electronic prescribing system to
the recipient's existing electronic prescribing system can qualify for
protection. The provision of technology for personal, non-medical
purposes is not protected, nor is the provision of office staff.
Comment: We solicited comments on whether the safe harbor should
protect electronic prescribing technology that is used for the
transmission of prescription information for items and services that
are not drugs (e.g., durable medical equipment or laboratory tests).
Several commenters suggested that the safe harbor should support the
use of electronic prescribing technology for all the functions
currently accomplished through written prescriptions, in order to
encourage provider utilization of electronic prescribing technology to
increase safety, cost-effectiveness, and efficiency. The commenters
suggested including electronic prescribing technology used for
prescribing medical supplies and durable medical equipment, physical
therapy, dialysis testing, laboratory tests, and other non-drug
prescriptions. A commenter from the clinical laboratory industry
supported a broad reach, but only if clinical laboratories were
included as permissible donors under the safe harbor.
Response: We agree generally with the first set of commenters. We
have reviewed further the language in section 101 of the MMA. The MMA-
mandated safe harbor language requires that the donated technology be
capable of receiving and transmitting ``electronic prescription
information'' in accordance with the electronic prescribing standards
promulgated for purposes of the MMA electronic prescription drug
programs. We believe that the specific term ``electronic prescription
information'' as commonly used and as used in the MMA-mandated safe
harbor provision retains a broad meaning, to include information about
prescriptions for any items or services that would normally be
accomplished with a written prescription. In contrast, the information
to be transmitted under an electronic prescription drug program
established under the MMA is clearly limited to drug information for
Part D eligible individuals. Moreover, we do not think that the
statutory language is intended to be construed to prohibit the use of
the donated technology for the transmission and receipt of orders or
prescriptions for other items and services or to require the use of
separate systems depending on the item or service to be prescribed or
ordered. We believe this approach is consistent with the objectives of
the electronic prescribing standards and the patient safety, quality,
and efficiency goals underlying the mandated exception. Accordingly, we
are defining ``prescription information'' for purposes of the safe
harbor to mean information about prescriptions for drugs or any other
item or service normally accomplished through a written prescription.
With respect to the clinical laboratory commenter, consistent with
the MMA language, we are not including clinical laboratories as
permissible donors under the safe harbor. However, we have expanded the
new safe harbor for electronic health records arrangements to include
clinical laboratories.
2. Final Standards for Electronic Prescribing
The MMA required that donated electronic prescribing technology
comply with the final standards for electronic prescribing as adopted
by the Secretary. The first set of these standards (the ``foundation
standards'') was finalized by the Department on November 7, 2005. See
70 FR 67568. We received no comments on this issue. The final safe
harbor at Sec. 1001.952(x)(2) requires that the donated technology
comply with the applicable standards for electronic prescribing as
adopted by the Secretary.
3. Donors and Recipients Protected by the Safe Harbor
We proposed protecting the same categories of donors and recipients
listed in section 101 of the MMA. Because most commenters commented on
this issue jointly with the proposed electronic health records
arrangements safe harbors, we have included a detailed description of
these comments in our discussion of the electronic health records safe
harbor below at section II.C.3. of this preamble.
Comment: We received numerous comments requesting that we expand
the list of protected donors and recipients to include a variety of
providers, practitioners, suppliers, and their affiliates.
Response: We are finalizing the safe harbor consistent with the MMA
mandated donors and recipients. We are not persuaded that additional
donors or recipients are necessary to achieve the purpose of this safe
harbor for electronic prescribing. The enumerated categories of donors
and recipients reflect individuals and entities centrally involved in
the ordering, processing, filing, or reimbursing of prescriptions.
Accordingly, protected donors and recipients under Sec. 1001.953(x)
are: hospitals to members of their medical staffs; group practices to
their physician members; and PDP sponsors and MA organizations to
network pharmacists and pharmacies, and to prescribing health care
professionals. For the reasons set forth in the preamble to the
proposed rulemaking, and in the absence of any comments to the
contrary, we are adopting our proposed definitions of group practice,
member of the group practice, prescribing health care professional, PDP
sponsor and MA organization. Group practice shall have the meaning set
forth at Sec. 411.352; member of the group practice shall mean all
persons covered by the definition of ``member of the group or member of
a group practice'' at Sec. 411.351, as well as other prescribing
health care professionals who are owners or employees of the group
practice; prescribing health care professional shall mean a physician
or other health care professional licensed to prescribe drugs in the
State in which the drugs are dispensed; PDP sponsor or MA organization
shall have the meanings set forth at Sec. Sec. 423.4 and 422.2,
respectively.
We have revisited the issue of protected donors and recipients in
the context of the electronic health records arrangements safe harbor
at Sec. 1001.952(y), as discussed in the preamble below at section
II.C.3.
4. Additional Conditions on the Provision of Qualifying Electronic
Prescribing Technology
Promoting Compatibility and Interoperability
Most commenters addressed the issue of the compatibility and
interoperability of the donated technology with respect
[[Page 45118]]
to all three proposed safe harbors. We have included a discussion of
these comments in the section of this preamble addressing the
electronic health records safe harbor at Sec. 1001.952(y). For the
reasons set forth there, we have adopted, with clarifying
modifications, our proposed restriction on disabling the compatibility
and interoperability of donated technology under the electronic
prescribing safe harbor at Sec. 1001.952(x)(3). For clarity, we have
included in Sec. 1001.952(x) the same definition of ``electronic
health record'' found in Sec. 1001.952(y).
Limit on Value of Technology
In our proposed rule, we solicited public comments on various means
by which we might limit the value of protected technology under the
electronic prescribing safe harbor. We indicated that we were
considering a limit on the value of protected technology as a further
safeguard against fraud and abuse, since, in our experience, the risk
of fraud and abuse generally (although not always) increases with the
value of the remuneration offered. We received a large number of
comments on this topic, the majority of which opposed any limit on the
value of donated technology. Because these commenters typically
commented jointly on this issue for all three proposed safe harbors
(and each commenter typically had the same concerns under all three
proposed safe harbors), an extensive description of these comments is
found in section II.C.6. of this preamble. Having considered the
comments, we are persuaded not to limit the value of the donated
technology under the new safe harbor for electronic prescribing
arrangements at Sec. 1001.952(x). We believe the final conditions of
the safe harbor, including the ``necessary and used solely''
requirement, should be sufficient to minimize the potential for abuse.
Although we are not limiting the value of donated technology, it is not
our expectation that donors will necessarily want or be in a position
to donate unlimited amounts of electronic prescribing technology.
Selection of Recipients of Donated Technology
We proposed additional conditions in proposed Sec. Sec.
1001.952(x)(5) and (x)(6) related to how donors select recipients of
the electronic prescribing technology. These proposed conditions were
designed to minimize the risk that donors would select recipients for
the improper purpose of inducing or rewarding the generation of Federal
health care program business. Proposed Sec. 1001.952(x)(5) would
require that the recipients (including their groups, employees, or
staff) refrain from making the donation of qualifying electronic
prescribing technology a condition of doing business with the donor.
Proposed Sec. 1001.952(x)(6) would preclude safe harbor protection if
the eligibility of a recipient to receive items and services from a
donor, or the amount or nature of the items or services received, is
determined in any manner that takes into account the volume or value of
the recipient's referrals or other business generated between the
parties. We observed that this requirement would not preclude selecting
a recipient based upon the total number of prescriptions written by the
recipient, but would preclude selecting the recipient based upon the
number or value of prescriptions written by the recipient that are
dispensed or paid by the donor (as well as on any other criteria based
on any other business generated between the parties). (70 FR at 59021).
Comment: Commenters requested that we confirm that donors can
select recipients of electronic prescribing technology based upon the
total number of prescriptions written by the recipient, but cannot
select them based upon the number or value of prescriptions written by
the recipient that are dispensed or paid by the donor (or on any other
criteria based on any other business generated between the parties). A
commenter supported excluding from safe harbor protection donations
that take into account directly the volume or value of referrals or
other business generated between the parties. This commenter expressed
concern that donors would employ such selection criteria to
disadvantage small practices and practices in rural or underserved
areas. To counter this potential disadvantage, the commenter suggested
that the final rule include incentives to promote donations to small
practices, especially in rural and underserved areas. Other commenters
suggested that donors, such as PDP sponsors, MA organizations, and
pharmacy benefits managers, should be permitted to consider the volume
and value of prescriptions written by the recipient, particularly for a
donor's patient or plan population.
Response: To safeguard against the use of donated technology to
disguise referral payments, we are adopting our proposal that neither
the eligibility of a recipient to receive items and services, nor the
amount or nature of the items or services received, may be determined
in a manner that takes into account, directly or indirectly, the volume
or value of the recipient's referrals or other business generated
between the parties. Notwithstanding, in the instant case, we believe
that prohibiting the selection of recipients based on total number of
prescriptions written by the recipient would be inconsistent with the
MMA mandate and congressional intent to promote the use of electronic
prescribing. Accordingly, we confirm our interpretation, for purposes
of the safe harbor at Sec. 1001.952(x), that donors may select
recipients of electronic prescribing technology based upon the total
number of prescriptions written by the recipient, but cannot select
them based upon the number or value of prescriptions written by the
recipient that are dispensed or paid by the donor (or on any other
criteria based on any other business generated between the parties).
Donors also may not select recipients based on the overall value of
prescriptions written by the recipient or on the volume or value of
prescriptions written by the recipient that are reimbursable by any
Federal health care program.
We are not persuaded that PDP sponsors or MA organizations should
be permitted to offer technology selectively based on the volume or
value of business generated for the plan by the recipient, especially
in the context of Part D, which includes some reimbursement based on
the plan's costs, rather than capitated payments. The final safe harbor
does not include pharmacy benefit managers.
The safe harbor would not protect arrangements that seek to induce
a recipient to change loyalties from other providers or plans to the
donor (e.g., a hospital using an electronic prescribing technology
arrangement to induce a physician who is on the medical staff of
another hospital to join the donor hospital's medical staff), because
such arrangements take into account business generated for the donor.
We understand the commenter's concern about donors excluding rural
and underserved area physicians from their health information
technology arrangements. Some donors may favor large or urban practices
over small or rural ones. However, we can discern no ``incentives''
that could be included appropriately in a safe harbor to address this
concern, nor has the commenter proposed any with respect to assisting
rural or solo practitioners. We note that our decision, explained
elsewhere, not to limit the value of technology that can qualify under
the safe harbor may assist rural and solo practices insofar as donors
may want to provide them with greater resources in recognition of their
[[Page 45119]]
greater need for assistance in adopting electronic prescribing
technology.
Comment: Some commenters supported our proposal to exclude from
safe harbor protection donations that are a condition of doing business
with the donor.
Response: We are retaining the proposed requirement that recipients
(or any affiliated group, employee, or staff member) cannot make the
receipt of items or services a condition of doing business with the
donor. We have clarified that the condition applies with respect to all
individuals and entities affiliated with the recipient.
Documentation
We proposed at Sec. 1001.952(x)(7) a requirement that the
arrangement for the donation of electronic prescribing technology be in
writing, be signed by the parties, identify with specificity the items
or services being provided and their values, and include a
certification that the donated items and services not be technically or
functionally equivalent to items and services the recipient already
has. We stated that to permit effective oversight of protected
arrangements, the writing must cover all qualifying electronic
prescribing technology provided by the donor (or affiliated parties) to
the recipient. For example, if a donor provides a piece of hardware
under one arrangement and subsequently provides a software program, the
agreement regarding the software would have to include a description of
the previously donated hardware (including its nature and value).
Comment: Some commenters supported the requirement that any
transfers of technology and services be memorialized in a written
agreement. One commenter objected to including a written agreement
requirement in the safe harbor, arguing that the requirement would
cause an unnecessary delay and increase paperwork. Another commenter
suggested that the safe harbor permit the arrangement between the donor
and recipient to be captured through a combination of agreements
between the recipient, donor, and service provider, rather than one
agreement. Commenters also urged OIG to remove the technical and
functional equivalency certification requirement from the safe harbor.
Response: We have adopted the documentation requirement in the
final safe harbor at Sec. 1001.952(x)(7) with several modifications.
With respect to the condition requiring that the documentation cover
all of the electronic prescribing items and services to be provided by
the donor (or affiliated parties) to the recipient, we have added
language to the final safe harbor clarifying that the written
documentation requirement can be satisfied by incorporating by
reference other agreements between the parties or by the use of cross
references to a master list of agreements between the parties that is
maintained and updated centrally, is available for review by the
Secretary upon request, and preserves the historical record of
agreements. We have eliminated the certification of technical and
functional non-equivalency. Also, given our decision not to limit the
value of protected donations, we have eliminated the requirement that
the agreement specify the value of the donated technology. However, in
the interests of transparency and accountability, we are requiring that
the parties document the donor's costs for the technology. We have
retained the remaining documentation requirements, as proposed, at
Sec. 1001.952 (x)(7). Finally, nothing in this safe harbor requires
that agreements between donors and recipients also be signed by third-
party vendors; however, such documentation may be a prudent business
practice.
All Payors Requirement
Comment: We proposed that, where possible, recipients must be able
to use the protected technology for all patients without regard to
payor status. Commenters that addressed the issue universally supported
this requirement.
Response: We agree and have included this requirement in the final
safe harbor at Sec. 1001.952(x)(4).
Commercial and Other Messaging
Comment: A commenter requested clear and specific rules prohibiting
inappropriate commercial messaging through electronic prescribing
technology, including electronic detailing messages from a manufacturer
promoting a particular brand or brand-name drug. This commenter
explained that such messaging may inappropriately influence clinical
decision-making. The commenter gave the following as examples of
inappropriate messaging: Messages disguised as ``clinical alerts''
based upon biased research not published in the public domain and
alerts purporting to save a patient money when in reality the out-of-
pocket expense for the drug to the patient is higher. Another commenter
suggested that OIG prohibit commercial messaging and require that
donated technologies present information in a neutral and transparent
manner so as not to influence clinical decision-making improperly.
Similarly, another commenter noted that pop-up messaging could
inappropriately influence prescribing patterns. The commenter provided
the example of making the procedure for prescribing certain formulary
drugs very easy and straightforward, while attempts to prescribe other
formulary drugs trigger multiple pop-up notices or require a series of
additional steps.
Response: Technology used for marketing purposes would not meet the
``necessary and used solely'' standard required by the MMA for the
electronic prescribing safe harbor, because marketing information is
not the type of clinical support that is integral to prescribing
accurate and appropriate items and services for patients.
We do not believe it would be feasible or appropriate to regulate
the content of commercial messaging or formulary compliance activities
through these safe harbors to the anti-kickback statute. The regulation
of speech is outside the scope of this rulemaking. Nor, in any event,
would a condition in these safe harbors related to the accuracy or
objectivity of the content of messages or formulary activities be
sufficiently ``bright line'' to be practical or readily enforceable.
That said, the commenter raises important concerns about messaging and
formulary activities. Nothing in this rulemaking (either for the
electronic prescribing safe harbor at Sec. 1001.952(x) or for the
electronic health records safe harbor at Sec. 1001.952(y)) should be
construed to approve of or authorize any commercial messaging or
formulary compliance activity (or any other conduct) that is prohibited
by any Federal, State, or local law or regulation. Nothing in this
rulemaking protects parties from liability for improper messaging or
formulary activities, including, without limitation, liability for the
promotion of adulterated, misbranded, or unapproved drug or devices,
off-label marketing, consumer fraud, inappropriate formulary
activities, and the like.
5. Multi-Functional Technology
We proposed using our regulatory authority under section
1128B(b)(3)(E) of the Act to create an additional safe harbor to
protect the provision by donors to recipients of some limited hardware
(including necessary operating system software) and connectivity
services used for more than one function, so long as a substantial use
of the item or service is to receive or transmit electronic
prescription information.
Comment: Most commenters supported a safe harbor that would extend
protection to technology beyond
[[Page 45120]]
that which is ``necessary and used solely'' for electronic prescribing.
Many commenters expressed the hope that multi-functional technology
would ultimately be captured in an electronic health records safe
harbor.
Response: We have decided not to create a separate safe harbor for
multi-functional hardware and connectivity. Instead, we are creating a
new safe harbor for the protection of certain arrangements involving
electronic health records software and services (including connectivity
services) that will more directly further the overall goal of
widespread adoption of interoperable electronic health records
technology without some of the fraud and abuse risks inherent in gifts
of multi-functional hardware. The public comments support this
approach, as more fully described in the next section. As set forth
below at Sec. 1001.952(y), we have finalized a single safe harbor for
certain electronic health records software or information technology
and training services.
C. Electronic Health Records Arrangements Safe Harbor (42 CFR
1001.952(y))
Summary of the Proposed Rule
Prior to publication of the proposed rulemaking, many in the
hospital industry, among others, raised the issue of the need for safe
harbor protection for arrangements involving technology other than
technology used for electronic prescribing. To encourage the adoption
of electronic health records technology consistent with the ultimate
goal of achieving fully interoperable electronic health records for all
patients, we proposed using our legal authority at section
1128B(b)(3)(E) of the Act to promulgate two safe harbors related to
electronic health records software and directly related training
services that are necessary and used solely to receive, transmit, or
maintain electronic health records of the donor's or recipient's
patients. We did not propose protecting hardware in either safe harbor,
because we believed electronic health records software and training
services were the components of electronic health records systems most
likely to be needed by recipients, and because gifts of valuable,
multi-functional hardware (such as computers and servers) would
inherently pose a higher risk of constituting a disguised payment for
referrals.
The first proposed safe harbor would have applied to donations made
before adoption by the Secretary of product certification criteria,
including criteria for interoperability, functionality, and privacy and
security of electronic health records technology (``product
certification criteria''). (We referred to this proposed safe harbor as
the ``pre-interoperability'' safe harbor.) See 70 FR at 59022-23. Among
other provisions, we proposed:
That the electronic health records software would have to
be essential to and used solely for the transmission, receipt, and
maintenance of patients' electronic health records and prescription
drug information.
That the software would have to include an electronic
prescribing component in accordance with the final standards
established by the Secretary under the Part D electronic prescription
drug program.
That the pre-interoperability safe harbor would not
protect the provision of other types of technology (e.g., billing,
scheduling, or general office management software) or any software used
by the recipient to conduct business or engage in activities unrelated
to the recipient's medical practice. We also proposed to exclude from
the safe harbor the provision of staff to the recipient or its office.
That we would define the term ``electronic health
records.''
That the safe harbor would include documentation
provisions comparable to those proposed for the electronic prescribing
safe harbor.
That the safe harbor would preclude protection for any
arrangement in which the donor or its agents disable the
interoperability of any component of the software or otherwise imposed
barriers to compatibility.
That the safe harbor might limit the aggregate value of
protected technology that a donor could provide to a recipient under
the pre-interoperability safe harbor or in combination with the other
proposed safe harbors. We noted that we were considering the same
alternatives we proposed for setting a value for the electronic
prescribing safe harbor. These could include an aggregate dollar cap; a
limitation that would require cost sharing by the recipient; or another
methodology, including a reduction in the amount of any cap over time.
That the safe harbor would prohibit donors from shifting
the costs of the donated technology to the Federal health care programs
or beneficiaries.
That the safe harbor would include the same categories of
donors and recipients that we proposed for the electronic prescribing
arrangements safe harbor.
That the safe harbor would include other requirements
drawn from the proposed electronic prescribing safe harbor, including
the restriction on arrangements tied to the volume or value of
referrals or other business generated (proposed Sec. 1001.952(x)(6));
the anti-solicitation provision (proposed Sec. 1001.952(x)(5)); and
the proposed all payors condition (proposed Sec. 1001.952(x)(4)).
That the pre-interoperability safe harbor might sunset
once interoperability standards were finalized.
Recognizing that once standards and product certification criteria
were developed and adopted by the Secretary for electronic health
records (including standards for interoperability), some enhanced
flexibility in the conditions applicable under a safe harbor for
electronic health records arrangements might be appropriate, we
proposed a second safe harbor, which we referred to as the ``post-
interoperability'' safe harbor. We noted that adoption of uniform
interoperability standards, as well as product certification standards
to ensure that products meet those standards, would help prevent
certified technology from being used by unscrupulous parties to lock in
streams of referrals or other business. While interoperability does not
eliminate the risk of improper referral payments (parties might still
use the offer or grant of interoperable technology as a vehicle to
induce referrals), it potentially mitigates the risk sufficiently to
warrant different or modified safe harbor conditions.
In summary, for the post-interoperability safe harbor, we proposed:
Requiring protected technology to be certified in
accordance with product certification criteria adopted by the
Secretary, and to include an electronic prescribing component that
complies with the electronic prescribing standards established by the
Secretary for the Part D program, to the extent those standards are not
incorporated into the product certification criteria; and
Including the same conditions proposed for the pre-
interoperability safe harbor, with the following differences: (1) Some
additional software applications might be included, so long as
electronic health records and electronic prescribing remained core
functions; (2) additional categories of donors and recipients might be
included; (3) specific selection criteria might be included to identify
acceptable methods for selecting recipients; and (4) there might be a
potentially larger limit on the value of protected technology.
When we issued the proposed rulemaking, we indicated that, given
the
[[Page 45121]]
number of important variables and the inherent risk of fraud and abuse
typically posed by gifts of items and services to potential referral
sources, we did not have sufficient information to draft safe harbor
regulatory language. We proposed and solicited extensive public comment
on the scope and conditions for the electronic health records
arrangements safe harbors.
Summary of the Final Rule
Consistent with the majority of public comments, we have finalized
one safe harbor for arrangements involving electronic health records
that, effectively, combines the pre- and post-interoperability
proposals. Separate safe harbors are no longer necessary, in part,
because criteria for product certification are available. The final
safe harbor protects arrangements involving electronic health records
software or information technology and training services necessary and
used predominantly to create, maintain, transmit, or receive electronic
health records. In many respects, the provision of electronic health
records technology to physicians and others poses greater risk of fraud
or abuse than the provision of electronic prescribing technology;
electronic health records technology is inherently more valuable to
physicians and other recipients in terms of actual cost, avoided
overhead, and administrative expenses of an office practice. The final
safe harbor conditions, in combination, should promote the important
national policy goal of open, interconnected, interoperable electronic
health records systems that improve the quality of patient care and
efficiency in the delivery of health care to patients, without
protecting arrangements that pose an undue risk of fraud and abuse.
In summary, the final safe harbor includes the following
conditions:
The safe harbor protects transfers of electronic health
records software or information technology and training services
necessary and used predominantly to create, maintain, transmit, or
receive electronic health records (provided all safe harbor conditions
are satisfied). We have not included hardware. We have clarified that
the safe harbor covers ``information technology services,'' which we
interpret as including, for example, connectivity and maintenance
services. We interpret ``training services'' to include help desk and
other similar support. We have eliminated the language that required
the training services to be ``directly related'' because it was
superfluous in light of the language requiring the training services to
be ``necessary and used'' for electronic health records purposes.
We have not adopted the proposal that the protected
technology be used solely for electronic health records purposes.
Instead, we have included a condition making clear that electronic
health records purposes must be predominant. Thus, depending on the
circumstances, some software that relates to patient administration,
scheduling functions, and billing and clinical support can be included.
We have expressly excluded the provision of any technology used
primarily to conduct personal business or business unrelated to the
recipient's clinical practice or clinical operations, as well as the
provision of staff to the recipient or the recipient's office.
In order to qualify for protection, at the time of
donation the software must be interoperable. Products that are
certified by a certifying body recognized by the Secretary will be
deemed interoperable under circumstances set forth in the regulation.
Software must contain an electronic prescribing capability, either
through an electronic prescribing component or the ability to interface
with the recipient's existing electronic prescribing system which
complies with the foundation standards set forth in 70 FR 67568
(November 7, 2005) and other final electronic prescribing standards,
when adopted. Moreover, the donor (or any agent) must not take any
steps to disable the interoperability of any technology or otherwise
impose barriers to compatibility of the donated technology with other
technology.
The final safe harbor protects arrangements involving
donors that are (i) health plans or (ii) individuals or entities that
provide covered services and submit claims or requests for payment to a
Federal health care program, and recipients that are individuals or
entities engaged in the delivery of health care.
The final rule clarifies that donors cannot select
recipients in a manner that directly takes into account the volume or
value of referrals or other business generated between the parties.
However, donors may select recipients of donated electronic health
records technology using means that do not directly take into account
the volume or value of referrals from the recipient or other business
generated between the parties. The final rule sets forth examples of
specific criteria that will be deemed to meet this condition.
The final rule does not limit the aggregate value of
technology that may qualify for safe harbor protection. It does contain
a requirement that the recipient pay 15 percent of the donor's costs.
No portion of this contribution may be funded by the donor (or any
affiliate of the donor).
The final safe harbor adopts the proposed documentation
requirements and includes a requirement that the donor's costs and
recipient's contribution be documented in the written agreement between
the parties. The final safe harbor does not require that recipients
certify that they do not already possess equivalent technology. The
final safe harbor precludes protection if the donor knows that the
recipient already has equivalent technology or acts in deliberate
ignorance or reckless disregard of that fact. The final safe harbor
permits documentation through cross-referencing or incorporation of
other agreements between the parties.
The final safe harbor adopts the proposed conditions
related to use of the technology by all payors; non-solicitation by
recipients; and the bar on cost shifting to Federal programs.
The final safe harbor sunsets on December 31, 2013.
General Comments
Comment: Several commenters urged that OIG set out specific
regulatory language for an electronic health records safe harbor. Some
commenters believed that the lack of specific proposed safe harbor
regulatory text meant that we had not proposed safe harbors.
Response: These commenters misconstrued our proposed rulemaking.
Nothing in the Administrative Procedure Act governing notice and
comment rulemaking requires an agency to propose specific regulatory
text; rather, the notice shall include ``either the terms or substance
of the proposed rule or a description of the subjects and issues
involved.'' 55 U.S.C. 553(b)(3). We proposed safe harbors for
electronic health records technology, as described in detail in the
preamble to our proposed rulemaking. Virtually all commenters responded
to these proposals. The final regulations set forth specific regulatory
language for a new safe harbor at Sec. 1001.952(y).
Comment: Most commenters expressed concern with the pre- and post-
interoperability bifurcated approach to the safe harbors, asserting
that a bifurcated process was not necessary, too confusing, and
contrary to the goal of achieving widespread adoption of health
information technology. These commenters urged OIG to abandon the
bifurcated approach and publish one final safe harbor for remuneration
in the form of electronic health records technology. Commenters
[[Page 45122]]
urged OIG and CMS to adopt similar approaches to a post-
interoperability safe harbor under the anti-kickback statute and
exception under the physician self-referral law. However, the
commenters believed that the product certification provision should be
omitted at this time and added if necessary when all of the product
certification standards have been developed.
Response: We have finalized one safe harbor for arrangements
involving electronic health records software or information technology
and training services. We have coordinated with CMS to ensure as much
consistency between the two sets of regulations as possible, given the
underlying differences in the two statutory schemes.
Comment: Some commenters suggested that the general concept of
interoperability should be incorporated into the pre-interoperability
safe harbor, even if product certification is not required. Many
commenters stated that encouraging electronic health records
arrangements before interoperability standards would be bad public
policy. Some commenters believed that a product certification process
that would include interoperability standards is already underway and
within the timeframe for this rulemaking. Others expressed that OIG
should either not wait until certification standards are adopted before
finalizing the post-interoperability safe harbor or should not finalize
either of the safe harbors until the certification standards are
adopted. One commenter expressed that since timetables for the safe
harbor rulemaking and for the certification standards were not known,
OIG should consider writing the regulation from the pre-
interoperability perspective and should address the post-
interoperability era in the future.
Response: We agree with the commenters that a bifurcated approach
is not necessary. We are not promulgating separate safe harbors. The
industry has made considerable progress in developing certification
criteria for electronic health records products within a very short
time. One certification organization has already completed an initial
set of certification criteria for ambulatory electronic health records.
In some cases, there may be products for which no certification
standards are available. To address this situation and to ensure
interoperability to the extent possible, the final safe harbor requires
that donated software be interoperable and bars donors or their agents
from taking any actions to disable or limit interoperability. This
latter condition also protects against donors who may improperly
attempt to create closed or limited electronic health records systems
by offering technology that functionally or practically locks in
business for the donor.
Comment: Some commenters suggested that early adopters of
electronic health records technology should be offered incentives or
rewards, because otherwise physicians or other recipients might delay
investing their own funds in electronic health records systems while
waiting for a donor to offer them free technology. The commenters
stated that this delay would have a detrimental effect on the adoption
of electronic health records technology.
Response: It is unclear what types of incentives or rewards the
commenters are requesting. We note that the safe harbor does not
provide incentives or rewards for early adopters, nor would it be
appropriate for a safe harbor to do so; rather, the safe harbor
protects the transfer of certain electronic health records technology
when all conditions of the safe harbor are satisfied. The safe harbor
would not protect any cash reimbursement paid to recipients for costs
they incurred in adopting technology.
Comment: One commenter requested that OIG and CMS coordinate with
the Internal Revenue Service (IRS) to provide guidance through an IRS
revenue ruling publication to alleviate tax exemption concerns.
Response: This comment addresses a matter outside the scope of this
rulemaking.
1. Protected Nonmonetary Remuneration
a. ``Electronic Health Record''
Comment: We requested comments on how to define ``electronic health
record.'' One commenter suggested that electronic health record be
defined as electronically originated and/or maintained clinical health
information, that may incorporate data derived from multiple sources
and that replaces the paper record as the primary source of patient
information. Another commenter suggested that OIG protect any
interoperable component or module of an electronic health record. A
third commenter suggested that ``electronic health records'' be defined
for safe harbor purposes to accomplish two objectives: (1) To promote a
connected system of electronic healthcare information available to all
doctors and patients whenever and wherever possible and (2) to promote
the collection of quality and outcome measures to facilitate pay-for-
performance payment methodologies. This commenter pointed to the
Medicare Payment Advisory Commission (MedPAC) description of electronic
health record clinical information technology and suggested that we
define ``electronic health record'' to include applications that permit
the following functions: Tracking patients' care over time; allowing
physicians to order medications, laboratory work, and other tests
electronically and access test results; providing alerts and reminders
for physicians; and producing and transmitting prescriptions
electronically. See MedPac Report to the Congress Medicare Payment
Policy at 206 (2005) (available at http://www.medpac.gov/publications/congressional_reports/Mar05_EntireReport.pdf.
) A commenter requested
that ``electronic health records'' be defined broadly enough to include
applications that capture clinical trial data. Another commenter did
not think it was in the best interest of the industry for OIG to
propose such a definition at this time.
Response: For the purpose of this rulemaking, we are adopting a
broad definition of ``electronic health record.'' An electronic health
record will be defined as: ``A repository of consumer health status
information in computer processable form used for clinical diagnosis
and treatment for a broad array of clinical conditions.'' We are
adopting a broad definition consistent with our goal of encouraging
widespread adoption of electronic health records technology.
Comment: A commenter stated that the term ``electronic health
record,'' as used in the proposed rule, is inconsistent with the same
terminology when used within the information technology industry, and
is therefore confusing. The commenter suggested that we might have
meant to use the term ``electronic medical record.'' According to the
commenter, an ``electronic health record'' is commonly used to describe
the broad concept of the total health care data that exists regarding
an individual within an electronic universe (including, for example,
the patient's personal health record, medication history stored by an
insurance plan, electronic imaging results stored at a hospital, etc.),
whereas an ``electronic medical record'' typically refers to patient-
centric, electronically maintained information about an individual's
health status and care that focuses on tasks and events related to
patient care, is optimized for
[[Page 45123]]
use by a physician, and relates to care within a single clinical
delivery system.
Response: We recognize that there are several ways in which
information technology terms are used, including the terminology
``electronic health record'' and ``electronic medical record.'' For
purposes of this safe harbor, we have opted to use the term
``electronic health record,'' and we have included a definition of
``electronic health record'' in this final rule.
b. Necessary
i. Technical and Functional Equivalency
We proposed requiring the recipient to certify that the items and
services to be provided are not technically or functionally equivalent
to items or services the recipient already possesses or has obtained.
The certification would have needed to be updated prior to the
provision of any necessary upgrades or items and services not reflected
in the original certifications. We expressed our concern that the
certification process would be ineffective as a safeguard against fraud
and abuse if it were a mere formality or if recipients simply executed
a form certification provided by a donor. Therefore, we proposed that
the donor must not have actual knowledge of, and not act in reckless
disregard or deliberate ignorance of, the fact that the recipient
possessed or had obtained items and services that were technically or
functionally equivalent to those donated by the donor and that the
recipient would be protected only if the certification were truthful.
Comment: Several commenters requested further clarification
regarding the meaning of ``technically or functionally equivalent'' and
the meaning of ``significantly enhance the functionality'' as those
terms were used in the proposed rulemaking. Other commenters expressed
concerns about the requirement, asserting that it would deter
recipients who are not technology experts from adopting health
information technology, and might result in recipients hiring costly
technology consultants to evaluate their existing systems. A commenter
expressed concern that the safe harbor not hinder the goals of
widespread adoption of electronic health records by, for example,
excluding from protection technology that would standardize the
technology used by all recipients, or updated, user-friendly technology
that would replace outdated, outmoded, or unusable technology. For
these reasons, several commenters argued that technical and functional
equivalency was not an appropriate or workable standard for assessing
whether donated items and services are necessary and that, accordingly,
the requirement should not be adopted.
Other commenters suggested modifications to the proposed
regulations. One commenter suggested that hospitals should incorporate
inquiries regarding the technological items and services physicians
possess into the surveys physicians must complete to acquire and
maintain physician privileges. Another suggested that any costs
associated with the certification process should be included as part of
the services offered by the donor. A few commenters suggested that the
Government should provide financial assistance in evaluating the
existing technology, while another commenter proposed that CMS publish
guidelines for technological equivalence upon which all donors and
recipients could rely. Some commenters urged that the certification
requirement incorporate a ``good faith'' standard for compliance, while
other commenters expressed concern that donors would not be in a
position to evaluate the technology already possessed by potential
recipients and, therefore, that safe harbor protection for donors
should not hinge on the recipient's certification.
Another commenter requested that OIG provide ``templates'' for the
written certification to ensure a simple and transparent certification
process. One commenter expressed concern that a requirement for ongoing
certification to account for upgrades or new software, hardware, or
services would create an unnecessary burden. Another commenter proposed
that there should be one certification required once final
interoperability standards for all health information technology
components are finalized.
Response: Having reviewed the public comments, we have concluded
that our proposal to require recipients to certify in writing that they
do not possess equivalent technology might become unnecessarily
burdensome. We are not requiring a written certification. The final
safe harbor requires that protected donations be limited to electronic
health records software or information technology and training services
that are necessary and used predominantly to create, maintain,
transmit, or receive electronic health records. We do not believe
software and services are ``necessary'' if the recipient already
possesses the equivalent software or services. The provision of
equivalent items and services poses a heightened risk of abuse, since
such arrangements potentially confer independent value on the recipient
(i.e., the value of the existing items and services that might be put
to other uses) unrelated to the need for electronic health records
technology. Thus, if a donor knows that the recipient already possesses
the equivalent items or services, or acts in deliberate ignorance or
reckless disregard of that fact, the donor will not be protected by the
safe harbor. Prudent donors may want to make reasonable inquiries to
potential recipients and document the communications. We do not believe
this requirement necessitates the hiring of technical experts by either
the donor or recipient. The ``necessary'' requirement in the final safe
harbor would not preclude upgrades of items or services that enhance
the functionality of the items or services, including, for example,
upgrades that make software more user-friendly or current. Nor would it
preclude items and services that result in standardization of systems
among donors and recipients, provided that the standardization enhances
the functionality of the electronic health records system (and any
software is interoperable).
Comment: A commenter suggested that, instead of including a
recipient certification, as we proposed, the written agreement between
the donor and recipient could affirm their intent to comply with the
anti-kickback statute and relevant regulations, and the parties could
sign a statement that their business transactions do not take into
account the volume or value of referrals or business generated between
the parties.
Response: We are not adopting the commenter's suggestion. While the
suggested affirmation and statements may be useful to the parties, they
are necessarily self-serving and offer little, if any, protection
against fraud and abuse. We note that the critical inquiry under the
anti-kickback statute is not what terms appear on the face of an
agreement but how the arrangement is actually conducted. It is not
sufficient for safe harbor purposes for documentation to contain
facially the correct terms; the underlying arrangement itself must meet
all the safe harbor conditions.
Comment: Many commenters requested further clarification of OIG's
concern about the risk of recipients intentionally divesting themselves
of technically or functionally equivalent technology that they already
possess or have obtained in order to shift costs to the donor. See 70
FR 59018. These commenters expressed the opinion that recipients would
not intentionally divest themselves of health information technology
given the low adoption rate of health information technology and
[[Page 45124]]
the time and resource commitment necessary to implement and maintain a
health information technology system.
Response: When a party that desires referrals assumes costs that
are otherwise the obligation of a party in a position to generate
referrals, the party assuming the costs offers something of value to
the party with the referrals. This cost shifting can occur in many
ways, including, without limitation, shifting the costs of staff,
office space, or equipment. In the context of electronic health records
technology, this cost-shifting might occur in connection with, by way
of example, ongoing maintenance and help desk support for previously
purchased electronic health records systems. Likewise, a recipient
might shift costs by moving previously purchased technology to other
uses and replacing it with equivalent new technology obtained from a
donor. We solicited comments on how we might address this risk.
Having reviewed the public comments, we are not persuaded that this
risk is particularly reduced in the context of electronic health
records technology. Nonetheless, we believe that the totality of final
safe harbor conditions, including, for example, the cost sharing
requirement and the sunset provision, should adequately address our
concerns. We are not including any separate condition specifically
addressing divestiture of technology.
Comment: One commenter requested that OIG clarify that the term
``necessary'' would not preclude the provision of outpatient-focused
(also referred to as ``ambulatory-focused'') electronic health records
software to recipients that may already have access through the
internet or otherwise to an inpatient-focused electronic health records
systems.
Response: The final rule does not preclude the provision of
outpatient or ambulatory electronic health records software to
recipients that already have access to inpatient-focused systems.
ii. Covered Technology
We proposed to protect software and directly related training
services that are necessary and used solely to receive, transmit, and
maintain electronic health records of the donor's or recipient's
patients, provided that the software includes an electronic prescribing
component. Importantly, we stated our intention to protect systems that
improve patient care rather than systems comprised solely or primarily
of technology that is incidental to the core functions of electronic
prescribing and electronic health records.
Comment: Some commenters asked whether our proposal to protect
certain technology necessary and used to ``receive, transmit, and
maintain'' electronic health records would include technology used to
develop, implement, operate, facilitate, produce, and supplement
electronic health records.
Response: We intended that the final rule would encompass the types
of uses described by the commenters. To make this intent clear, we have
clarified the final rule to provide that the protected technology must
be necessary and used predominantly to ``create, maintain, transmit, or
receive'' electronic health records.
Comment: Most commenters believed that the proposed scope of the
protected donation was too narrow. Commenters variously suggested that
the safe harbor should also protect transfers of hardware, operating
software, connectivity items, support services, secure messaging,
storage devices, clinical decision support technology, services related
to training and ongoing maintenance, rights, licenses, and intellectual
property, as well as interfaces and translation software to allow
recipient offices to exchange data with hospital systems, all of which
the commenters considered necessary for a fully functioning electronic
health records system.
Some commenters encouraged OIG to exclude from protection hardware
and broadband wireless Internet connectivity and to tailor the safe
harbor protection narrowly to cover software, training, and information
technology support services. One commenter opined that ongoing support,
such as help desk support, could pose a risk of abuse, because the
recipient would become dependent on the donor for the help desk
support, and might feel obligated to refer to the donor to ensure
continuation of that support. This commenter suggested that we protect
initial, start-up support services, but not long-term, ongoing system
support. A few commenters suggested that the scope of support services,
training, and other items and services should be a defined contribution
not to exceed 365 person-days.
Several commenters urged OIG to protect arrangements involving the
donation of billing software and other software for administrative
functions, such as registration and patient scheduling, because much of
the ``return on investment'' (i.e., value) for physicians who
incorporate electronic health records systems into their practices is
the integration of clinical and administrative systems. Commenters
noted that the scope of the safe harbor should account for the fact
that the products on the market increasingly integrate administrative
functions with the clinical electronic health records functions. One
commenter suggested that the safe harbor should at least prohibit the
donation of technology that is unrelated to the actual electronic
health records software, such as technology related to office
administration. The commenter requested that the safe harbor protect
integrated bundles of applications that include an electronic health
records component, provided that the recipient pays for the technology
that is unrelated to the electronic health records software. Another
commenter suggested that the safe harbor should not protect clearly
separable administrative software (e.g., billing, coding, and practice
management software), but should protect those elements of an
electronic health records system that incidentally facilitate
administrative functions, such as software that links to diagnosis
codes for billing purposes. The commenter suggested that dual functions
that support patient care and administrative functions are valuable to
the physician and a driving force behind adoption of electronic health
records systems.
Response: We have carefully considered the comments in light of our
intention to promote the adoption of electronic health records without
undue risk of fraud and abuse. The final rule protects electronic
health records software or information technology and training services
necessary and used predominantly to create, maintain, transmit, or
receive electronic health records.
To ensure that the safe harbor is only available for software,
information technology and training services that are closely related
to electronic health records, the safe harbor provides that electronic
health records functions must be predominant. The core functionality of
the technology must be the creation, maintenance, transmission, or
receipt of individual patients' electronic health records. There must
be an electronic prescribing component. While electronic health records
purposes must be predominant, the safe harbor protects arrangements
involving software packages that include other functionality related to
the care and treatment of individual patients (e.g., patient
administration, scheduling functions, billing, and clinical support).
This condition reflects the fact that it is common for electronic
health records software to be integrated with other features.
[[Page 45125]]
Further, we interpret ``software, information technology and
training services necessary and used predominantly'' for electronic
health records purposes to include the following, by way of example:
Interface and translation software; rights, licenses, and intellectual
property related to electronic health records software; connectivity
services, including broadband and wireless internet services; clinical
support and information services related to patient care (but not
separate research or marketing support services); maintenance services;
secure messaging (e.g., permitting physicians to communicate with
patients through electronic messaging); and training and support
services (such as access to help desk services).
We interpret the scope of covered electronic health records
technology to exclude: Hardware (and operating software that makes the
hardware function); storage devices; software with core functionality
other than electronic health records (e.g., human resources or payroll
software or software packages focused primarily on practice management
or billing); or items or services used by a recipient primarily to
conduct personal business or business unrelated to the recipient's
clinical practice or clinical operations. Further, the safe harbor does
not protect the provision of staff to recipients or their offices. For
example, the provision of staff to transfer paper records to the
electronic format would not be protected.
While we share the concerns of those commenters worried that
ongoing help desk or other assistance could create long-term ties
between referral seekers and referral sources, we believe the cost
sharing, interoperability, and sunset provisions, among others, should
address these concerns. We do not believe it would be feasible to set
specific temporal limits on such services or specific aspects of such
services. (We note that, in the context of the electronic prescribing
safe harbor at Sec. 1001.952(x), the risks associated with long-term
transfers of remuneration are mitigated by the narrower scope of the
covered technology and the ``used solely'' restriction.)
Comment: With respect to Internet connectivity services, some
commenters suggested that donations for connectivity should be limited
to any necessary devices for connectivity and technical support for
selecting and installing the appropriate connectivity services, but
should not include connectivity fees, which should be an ongoing
expense of the recipient. Other commenters suggested that covered
technology should include ``T1'' lines or other enhanced broadband
connectivity (including connectivity needed to transfer medical images
and EKGs (especially in rural areas)), routers to speed download times,
secure connections and messaging, ongoing maintenance and support, and
interfaces.
Response: The final safe harbor protects the donation of all forms
of connectivity services. We believe the choice of appropriate
connectivity services is an individual determination best made by the
donors and recipients given their specific circumstances. We note that
the cost sharing requirement of Sec. 1001.952(y)(11) will apply to
these services, including connectivity fees. Because hardware is not
protected remuneration under the safe harbor, routers or modems
necessary to access or enhance connectivity would not be protected.
Comment: A commenter asked for further clarification on whether the
donation of an electronic health records system operating within an
``Application Service Provider'' model (a business model that provides
computer-based services over a network) would be covered by the safe
harbors.
Response: Subject to the cost sharing requirement and other
conditions of the final safe harbor, the donation of an electronic
health records system operating within an ``Application Service
Provider'' model would be considered covered technology.
Comment: A few commenters requested that the final rule require
donors to provide data-migration services to a recipient if the
recipient chooses to abandon the donated electronic health record
system and purchase its own electronic health record system.
Response: We do not believe it would be appropriate to require
donors to provide data migration or any other specific service to
recipients that choose to switch electronic health records systems.
Donors may provide services if they wish, so long as the arrangement
fits in the safe harbor or otherwise complies with the anti-kickback
statute. We note that, to the extent the data migration services
involve the provision of staff to the recipient's office in order to
transfer the data, the services would not be protected.
Comment: A commenter recommended that the safe harbor specifically
protect the provision of patient portal software that enables patients
to maintain on-line personal medical records, including scheduling
functions.
Response: Nothing in this final safe harbor precludes protection
for patient portal software if it meets all safe harbor conditions.
Comment: Some commenters urged us to remove the proposed
requirement that an electronic health records system include an
electronic prescribing component, because such a requirement may stifle
investment in electronic health records technology in situations where
electronic prescribing is not considered a significant need. These
commenters suggested that patients would most benefit if donors are
permitted to first adopt electronic health records technology and then
add electronic prescribing. Other commenters supported making an
electronic prescribing component a mandatory part of the donated
electronic health record.
Response: Nothing in this safe harbor rule prevents parties from
adopting any particular form of technology. However, to qualify for
safe harbor protection for arrangements in which the donor provides
electronic health records technology to actual or potential referral
sources, we are requiring that the donated electronic health records
system include an electronic prescribing capability, either through an
electronic prescribing component or the ability to interface with the
recipient's existing electronic prescribing system that meets the final
standards adopted by the Secretary. We are including this requirement,
in part, because of the critical importance of electronic prescribing
in producing the overall benefits of health information technology, as
evidenced by section 101 of the MMA. It is our understanding that most
electronic health records systems already include an electronic
prescribing component.
Comment: We solicited comments on whether the safe harbors should
require that electronic health records software include a computerized
physician order entry (CPOE) component. Many commenters said that,
without either agreed upon standards or product criteria, a CPOE
component should not be required. These commenters noted that CPOE and
electronic prescribing functionalities can be quite similar and may be
redundant. These commenters were concerned that mandating
implementation of CPOE technology along with electronic health records
software could deter development of either system. Another commenter
noted that most of the off-the-shelf generic CPOE programs have proven
ineffective to date. Some commenters
[[Page 45126]]
supported permitting CPOE as part of the electronic health record
software, so long as it is not a particular type of CPOE.
Response: We are persuaded not to require that safe harbored
transfers of electronic health records technology include a CPOE
component. We note that nothing in this safe harbor mandates the
implementation of any particular technology or functions.
Comment: Most commenters opposed our proposal to require that
electronic health record software be compatible with Public Health
Information Network preparedness standards or BioSense standards in
order to qualify for safe harbor protection. These commenters pointed
out that there is currently no industry consensus on preparedness
standards, nor are there product criteria established for these
programs. These commenters were concerned that clinicians and patients
might be alarmed by the idea of clinician systems being linked to
Government systems for Biosurveillance purposes.
Response: We have not included this requirement in the final safe
harbor.
2. Interoperability
We proposed two types of conditions that would make compatibility
and interoperability of donated technology key features of protected
arrangements. These features would encourage the adoption of open,
interconnected, interoperable systems and thereby reduce the risk of
fraud and abuse. First, we proposed that once interoperability criteria
had been recognized, electronic health records technology would need to
be certified in accordance with standards adopted by the Secretary.
Second, we proposed that donors (or their agents) not limit or restrict
the use of the technology with other electronic prescription or health
records systems, or otherwise impose barriers to compatibility.
Comment: Many commenters supported OIG's proposal to require all
donations to meet approved functionality, interoperability, and
security certification criteria. Some commenters supported the
standards of the Certification Commission for Healthcare Information
Technology (CCHIT). One commenter suggested that we measure
interoperability based on accepted, consensus-driven standards that are
already in place, such as the Electronic Health Record-Lab
Interoperability and Connectivity Standards or other interoperability
standards adopted by the Federal Government as part of the Consolidated
Health Informatics (CHI) initiative. See http://www.hhs.gov/healthit/chi.
Some commenters expressed concern that clinicians who adopt health
information technology prior to the existence of final certification
standards would be unfairly penalized. These commenters were also
concerned that some early adoption arrangements might be chilled where
certification standards are not yet available. These commenters
requested that we consider ``grandfathering'' clinicians whose existing
health information technology systems are not compliant with the
certification standards by permitting them a one-time opportunity to
upgrade their systems to be compliant. As an alternative, a few
commenters recommended that we condition the ongoing use of the safe
harbor on the donated software being capable of exchanging health care
information in compliance with applicable standards once adopted by the
Secretary and on no action being taken that would pose a barrier to the
information exchange.
Response: Having considered the options, and consistent with
Department policy, we have concluded that software will qualify for
safe harbor protection if it is interoperable as defined in this final
rule (discussed further below). Software will be deemed to be
interopera