[Federal Register Volume 71, Number 152 (Tuesday, August 8, 2006)]
[Rules and Regulations]
[Pages 45110-45137]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 06-6666]



[[Page 45109]]

-----------------------------------------------------------------------

Part II





Department of Health and Human Services





-----------------------------------------------------------------------



Office of Inspector General



-----------------------------------------------------------------------



42 CFR Part 1001



Medicare and State Health Care Programs: Fraud and Abuse; Safe Harbors 
for Certain Electronic Prescribing and Electronic Health Records 
Arrangements Under the Anti-Kickback Statute; Final Rule

  Federal Register / Vol. 71 , No. 152 / Tuesday, August 8, 2006 / 
Rules and Regulations  

[[Page 45110]]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of Inspector General

42 CFR Part 1001

RIN 0991-AB39


Medicare and State Health Care Programs: Fraud and Abuse; Safe 
Harbors for Certain Electronic Prescribing and Electronic Health 
Records Arrangements Under the Anti-Kickback Statute

AGENCY: Office of Inspector General (OIG), HHS.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: As required by the Medicare Prescription Drug, Improvement, 
and Modernization Act of 2003 (MMA), Public Law 108-173, this final 
rule establishes a new safe harbor under the Federal anti-kickback 
statute for certain arrangements involving the provision of electronic 
prescribing technology. Specifically, the safe harbor would protect 
certain arrangements involving hospitals, group practices, and 
prescription drug plan (PDP) sponsors and Medicare Advantage (MA) 
organizations that provide to specified recipients certain nonmonetary 
remuneration in the form of hardware, software, or information 
technology and training services necessary and used solely to receive 
and transmit electronic prescription information. In addition, in 
accordance with section 1128B(b)(3)(E) of the Social Security Act (the 
Act), this final rule creates a separate new safe harbor for certain 
arrangements involving the provision of nonmonetary remuneration in the 
form of electronic health records software or information technology 
and training services necessary and used predominantly to create, 
maintain, transmit, or receive electronic health records.

DATES: Effective Date: These regulations are effective October 10, 
2006.

FOR FURTHER INFORMATION CONTACT: Catherine Martin, Office of Counsel to 
the Inspector General, (202) 619-0335.

SUPPLEMENTARY INFORMATION:

I. Background

Overview--Establishing New Safe Harbors for Arrangements Involving 
Electronic Prescribing and Electronic Health Records Technology

    This final rule establishes safe harbor protection for certain 
arrangements involving the donation of electronic prescribing and 
electronic health records technology. Section I contains a brief 
background discussion addressing the anti-kickback statute and safe 
harbors; a summary of the relevant MMA provisions; a summary of the 
proposed safe harbors; and a summary of the final safe harbors. Section 
II contains a summary of the public comments and our responses.
A. The Anti-Kickback Statute and Safe Harbors
    Section 1128B(b) of the Act (42 U.S.C. 1320a-7b(b), the ``anti-
kickback statute'') provides criminal penalties for individuals or 
entities that knowingly and willfully offer, pay, solicit, or receive 
remuneration in order to induce or reward the referral of business 
reimbursable under any of the Federal health care programs, as defined 
in section 1128B(f) of the Act. The offense is classified as a felony 
and is punishable by fines of up to $25,000 and imprisonment for up to 
five years. Violations of the anti-kickback statute may also result in 
the imposition of civil money penalties (CMPs) under section 
1128A(a)(7) of the Act (42 U.S.C. 1320a-7a(a)(7)), program exclusion 
under section 1128(b)(7) of the Act (42 U.S.C. 1320a-7(b)(7)), and 
liability under the False Claims Act, (31 U.S.C. 3729-33).
    The types of remuneration prohibited specifically include, without 
limitation, kickbacks, bribes, and rebates, whether made directly or 
indirectly, overtly or covertly, in cash or in kind. Prohibited conduct 
includes not only the payment of remuneration intended to induce or 
reward referrals of patients, but also the payment of remuneration 
intended to induce or reward the purchasing, leasing, or ordering of, 
or arranging for or recommending the purchasing, leasing, or ordering 
of, any good, facility, service, or item reimbursable by any Federal 
health care program.
    Because of the broad reach of the statute, concern was expressed 
that some relatively innocuous commercial arrangements were covered by 
the statute and, therefore, potentially subject to criminal 
prosecution. In response, Congress enacted section 14 of the Medicare 
and Medicaid Patient and Program Protection Act of 1987, Public Law 
100-93 (section 1128B(b)(3)(E) of the Act), which specifically required 
the development and promulgation of regulations, the so-called ``safe 
harbor'' provisions, which would specify various payment and business 
practices that would not be treated as criminal offenses under the 
anti-kickback statute, even though they may potentially be capable of 
inducing referrals of business under the Federal health care programs. 
Since July 29, 1991, we have published in the Federal Register a series 
of final regulations establishing ``safe harbors'' in various areas.\1\ 
These OIG safe harbor provisions have been developed ``to limit the 
reach of the statute somewhat by permitting certain non-abusive 
arrangements, while encouraging beneficial or innocuous arrangements.'' 
(56 FR 35952, 35958; July 21, 1991).
---------------------------------------------------------------------------

    \1\ 56 FR 35952 (July 29, 1991); 61 FR 2122 (January 25, 1996); 
64 FR 63518 (November 19, 1999); 64 FR 63504 (November 19, 1999); 
and 66 FR 62979 (December 4, 2001).
---------------------------------------------------------------------------

    Health care providers and others may voluntarily seek to comply 
with safe harbors so that they have the assurance that their business 
practices will not be subject to liability under the anti-kickback 
statute, the CMP provision for anti-kickback violations, or the program 
exclusion authority related to kickbacks. In giving the Department of 
Health and Human Services the authority to protect certain arrangements 
and payment practices from penalties under the anti-kickback statute, 
Congress intended the safe harbor regulations to be evolving rules that 
would be updated periodically to reflect changing business practices 
and technologies in the health care industry.
B. Section 101 of MMA
    Section 101 of the MMA added a new section 1860D to the Act, 
establishing a Part D prescription drug benefit in the Medicare 
program. As part of the new statutory provision, Congress, through 
section 1860D-4(e) of the Act, directed the Secretary to create 
standards for electronic prescribing in connection with the new 
prescription drug benefit, with the objective of improving patient 
safety, quality of care, and efficiency in the delivery of care.\2\ 
Section 1860D-4(e)(6) of the Act directs the Secretary, in consultation 
with the Attorney General, to create a safe harbor to the anti-kickback 
statute that would protect certain arrangements involving the provision 
of nonmonetary remuneration (consisting of items and services in the 
form of hardware, software, or information technology and training 
services) that is necessary and used solely to receive and transmit 
electronic prescription information in accordance with electronic 
prescribing standards promulgated by the Secretary under section 1860D-
4(e)(4) of the Act. Specifically, the safe harbor would set forth 
conditions under which the provision of such technology by hospitals, 
group practices, and PDP sponsors and MA organizations to certain 
prescribing health care professionals, pharmacies, and pharmacists 
would be protected.
---------------------------------------------------------------------------

    \2\ See H.R. Rep. No. 108-391 at 495 (2003) (Conf. Rep.).

---------------------------------------------------------------------------

[[Page 45111]]

    We do not believe Congress, in enacting section 1860D-4(e)(6) of 
the Act, intended to suggest that a new safe harbor is needed for all 
or even most arrangements involving the provision of electronic 
prescribing items and services. In general, fair market value 
arrangements that are arm's-length and do not take into account in any 
manner the volume or value of Federal health care program business, or 
arrangements that do not have as one purpose the generation of business 
payable by a Federal health care program, should not raise concerns 
under the anti-kickback statute. In addition, many arrangements can be 
structured to fit in existing safe harbors, including the safe harbors 
for discounts (42 CFR 1001.952(h)) and for remuneration offered to 
employees (42 CFR 1001.952(i)). Finally, parties may use the OIG 
advisory opinion process (42 CFR part 1008; http://oig.hhs.gov/fraud/advisoryopinions.html) to determine whether their particular 
arrangements would be subject to OIG sanctions.
    In addition to the new safe harbor under the anti-kickback statute, 
section 1860D-4(e)(6) of the Act directs the Secretary to create a 
corresponding exception to section 1877 of the Act, commonly known as 
the physician self-referral law. That exception is being promulgated 
through a separate rulemaking by the Centers for Medicare & Medicaid 
Services (CMS), the agency that administers the physician self-referral 
law. We have endeavored to ensure as much consistency as possible 
between our final safe harbor and the corresponding final physician 
self-referral exception, given the differences in the respective 
underlying statutes. One significant difference in the statutory 
schemes is that fitting in an exception under section 1877 is 
mandatory, whereas complying with a safe harbor under the anti-kickback 
statute is voluntary. In other words, arrangements that do not comply 
with the electronic prescribing safe harbor at 42 CFR 1001.952(x) will 
not necessarily be illegal under the anti-kickback statute. Rather, 
they will be subject to the customary case-by-case review under the 
statute to determine the parties' intent. (The same holds true for 
electronic health records technology arrangements that do not fit in 
the new safe harbor at 42 CFR 1001.952(y).) Another difference is that 
section 1877 applies only to referrals from physicians, while the anti-
kickback statute applies more broadly.
C. Summary of the Proposed Rulemaking
    On October 11, 2005, we published a notice of proposed rulemaking 
to promulgate three safe harbors under the anti-kickback statute (70 FR 
59015; October 11, 2005). The first proposed safe harbor addressed 
arrangements involving electronic prescribing technology, as required 
by section 101 of the MMA. Many industry and government stakeholders 
had expressed concerns that the MMA provision was not sufficiently 
useful or practical, and would not adequately advance the goal of 
achieving improved health care quality and efficiency through 
widespread adoption of interoperable electronic health records systems. 
Accordingly, we proposed two additional safe harbors to address 
donations of certain electronic health records software and directly 
related training services, using our authority at section 
1128B(b)(3)(E) of the Act. One proposed safe harbor would have 
protected certain arrangements involving nonmonetary remuneration in 
the form of interoperable electronic health records software certified 
in accordance with criteria adopted by the Secretary (and directly 
related training services). The second proposed safe harbor would have 
protected certain arrangements involving donations of electronic health 
records software before adoption of certification criteria.
D. Summary of the Final Rulemaking
    In this final rulemaking, we are adding two new safe harbors to the 
existing regulations at 42 CFR 1001.952: One protecting certain 
arrangements involving electronic prescribing technology (new 42 CFR 
1001.952(x)) and one protecting certain arrangements involving 
interoperable electronic health records software or information 
technology and training services (new 42 CFR 1001.952(y)). (For 
purposes of this rulemaking referred to, respectively, as the 
``electronic prescribing safe harbor'' and the ``electronic health 
records safe harbor.'') For the reasons explained below in Section II, 
we are abandoning the proposal to have separate pre- and post-
interoperability safe harbors for electronic health records 
arrangements.
    OIG has a longstanding concern about the provision of free or 
reduced price goods or services to an existing or potential referral 
source. There is a substantial risk that free or reduced price goods or 
services may be used as a vehicle to disguise or confer an unlawful 
payment for referrals of Federal health care program business. 
Financial incentives offered, paid, solicited, or received to induce or 
in exchange for generating Federal health care business increase the 
risks of, among other problems: (i) Overutilization of health care 
items or services; (ii) increased Federal program costs; (iii) 
corruption of medical decision making; and (iv) unfair competition. 
Thus, consistent with the structure and purpose of the anti-kickback 
statute and the regulatory authority at section 1128B(b)(3)(E) of the 
Act, we believe any safe harbor for electronic health records 
arrangements should protect beneficial arrangements that would 
eliminate perceived barriers to the adoption of electronic health 
records without creating undue risk that the arrangements might be used 
to induce or reward the generation of Federal health care program 
business.
    For the convenience of the public, we are providing the following 
chart that lays out schematically the overall structure and approach of 
the final safe harbors, details of which are provided below in sections 
II. B. and II. C. Readers are cautioned that the final safe harbors 
contain additional conditions and information not summarized here.

------------------------------------------------------------------------
                                     MMA-mandated      Electronic health
                                      electronic            records
                                   prescribing safe    arrangements safe
                                        harbor              harbor
------------------------------------------------------------------------
Authority for Final Safe Harbor.  Section 101 of the  Section
                                   Medicare            1128B(b)(3)(E) of
                                   Prescription        the Social
                                   Drug,               Security Act.
                                   Improvement, and
                                   Modernization Act
                                   of 2003.

[[Page 45112]]

 
Covered Technology..............  Items and services  Software necessary
                                   that are            and used
                                   necessary and       predominantly to
                                   used solely to      create, maintain,
                                   transmit and        transmit, or
                                   receive             receive
                                   electronic          electronic health
                                   prescription        records. Software
                                   information.        must include an
                                  Includes hardware,   electronic
                                   software,           prescribing
                                   internet            component.
                                   connectivity, and   (Software
                                   training and        packages may also
                                   support services.   include functions
                                                       related to
                                                       patient
                                                       administration,
                                                       for example,
                                                       scheduling,
                                                       billing, and
                                                       clinical
                                                       support.)
                                                       Information
                                                       technology and
                                                       training
                                                       services, which
                                                       could include,
                                                       for example,
                                                       internet
                                                       connectivity and
                                                       help desk support
                                                       services.
                                                      Does not include
                                                       hardware.
Standards with Which Donated      Final standards     Electronic health
 Technology Must Comply.           for electronic      records software
                                   prescribing as      that is
                                   adopted by the      interoperable.
                                   Secretary.          Certified
                                                       software may be
                                                       deemed
                                                       interoperable
                                                       under certain
                                                       circumstances.
                                                       Electronic
                                                       prescribing
                                                       capability must
                                                       comply with final
                                                       standards for
                                                       electronic
                                                       prescribing
                                                       adopted by the
                                                       Secretary.
Donors and Recipients...........  As required by      Protected donors
                                   statute,            are (i)
                                   protected donors    individuals and
                                   and recipients      entities that
                                   are hospitals to    provide covered
                                   members of their    services and
                                   medical staffs,     submit claims or
                                   group practices     requests for
                                   to physician        payment, either
                                   members, PDP        directly or
                                   sponsors and MA     through
                                   organizations to    reassignment, to
                                   network             any Federal
                                   pharmacists and     health care
                                   pharmacies, and     program and (ii)
                                   to prescribing      health plans.
                                   health care         Protected
                                   professionals.      recipients are
                                                       individuals and
                                                       entities engaged
                                                       in the delivery
                                                       of health care.
Selection of Recipients.........  Donors may not      Donors may not
                                   select recipients   select recipients
                                   using any method    using any method
                                   that takes into     that takes into
                                   account the         account directly
                                   volume or value     the volume or
                                   of referrals from   value of
                                   the recipient or    referrals from
                                   other business      the recipient or
                                   generated between   other business
                                   the parties.        generated between
                                                       the parties.
Value of Protected Technology...  No limit on the     Recipients must
                                   value of            pay 15% of the
                                   donations of        donor's cost for
                                   electronic          the donated
                                   prescribing         technology.
                                   technology.        The donor (or any
                                                       affiliate) must
                                                       not finance the
                                                       recipient's
                                                       payment or loan
                                                       funds to the
                                                       recipient for use
                                                       by the recipient
                                                       to pay for the
                                                       technology.
Expiration of the Safe Harbor...  None..............  Safe harbor
                                                       sunsets on
                                                       December 31,
                                                       2013.
------------------------------------------------------------------------

II. Summary of Public Comments and OIG Responses

    OIG received a total of 71 timely filed comments from entities and 
individuals. The majority of the comments came from hospitals and 
health systems, trade associations, and vendors. OIG also received 
comments from information technology organizations, health plans, 
nonprofit organizations, pharmaceutical manufacturers, pharmacies, and 
physician organizations. In addition, OIG participated in an Open Door 
Forum organized by CMS on November 9, 2005, at which various 
stakeholders addressed a wide array of issues.
    Overall, the commenters welcomed the establishment of safe harbors 
for electronic prescribing and electronic health records technology 
arrangements. However, we received many specific comments about various 
aspects of the proposed rules. We have divided the summaries of the 
public comments and our responses into four parts: (1) General comments 
for all of the proposed safe harbors; (2) comments specific to the 
electronic prescribing safe harbor; (3) comments specific to the 
electronic health records safe harbor; and (4) comments specific to 
community-wide health information systems.

A. General Comments

    Comment: Most commenters supported the promulgation of safe harbors 
for electronic prescribing and electronic health records arrangements. 
Commenters observed that both Congress and the Administration have 
recognized the compelling need for rapid and widespread adoption of 
electronic prescribing and electronic health records technology. 
Several commenters urged that fraud and abuse concerns not impede the 
adoption of health information technology. In this regard, some 
commenters suggested that the final regulations should better balance 
the goal of preventing fraud and abuse in the short-term with the goal 
of creating incentives for health information technology arrangements 
that result in greater fraud reduction, increased quality and 
efficiency, and better patient care. One commenter asserted that 
investments in health information technology and the desire to provide 
an incentive to participate in health information technology systems do 
not raise typical fraud and abuse concerns present with other financial 
arrangements. However, another commenter noted that the proposed rule 
generally struck an appropriate balance between the needs of physicians 
who may require assistance to develop health information technology 
systems and the underlying purposes of the Federal fraud and abuse 
laws.
    Response: We disagree with the commenter that suggested that 
financial arrangements involving incentives in the form of health 
information technology do not pose the same fraud and abuse concerns as 
other financial arrangements between parties in a potential referral 
relationship. Indeed, our enforcement experience demonstrates that 
improper remuneration for Federal health care program business may take 
many forms,

[[Page 45113]]

including free computers, facsimile machines, software, and other goods 
and services. However, we recognize that certain transfers of health 
information technology between parties with actual or potential 
referral relationships may further the important national policy of 
promoting widespread adoption of health information technology to 
improve patient safety, quality of care, and efficiency in the delivery 
of health care. We believe the final rule strikes the appropriate 
balance between promoting the adoption of health information technology 
and protecting against fraud and abuse.
    Comment: Several commenters urged that Congress and the 
Administration need to do more to offer meaningful financial incentives 
for practitioners to accept the increased cost and workflow burdens 
associated with the implementation of health information technology, 
for example, by providing modest add-on payments to physicians who 
employ health information technology as part of overall quality 
improvement measures. Some commenters observed that the proposed 
regulations would remove a minor impediment to the adoption of health 
information technology, but that the Department must play a larger role 
in providing capital for the technologies that assist physicians in 
providing quality care and avoiding medical errors.
    Response: These comments address matters outside the scope of this 
rulemaking. The Administration supports the adoption of health 
information technology as a normal cost of doing business. The 2007 
Budget states that ``[t]he Administration supports the adoption of 
health information technology (IT) as a normal cost of doing business 
to ensure patients receive high quality care.''
    Comment: Some commenters complained that the proposed safe harbors 
were too narrow and vague. These commenters urged that the final safe 
harbors should be easy to understand, interpret, and enforce so that 
donors and recipients can readily distinguish permissible activities 
from those that violate the statute. Some commenters believed that the 
proposed rules were too complex and might have the unintended effect of 
discouraging participation in health information technology 
arrangements.
    Response: As described elsewhere in this preamble, we have adopted 
a number of modifications and changes that address the commenters' 
concerns. While the final safe harbor at Sec.  1001.952(x) addresses 
only electronic prescribing arrangements, the final safe harbor at 
Sec.  1001.952(y) protects a broad scope of arrangements involving 
electronic health records technology. We have made a number of changes 
that clarify and simplify the final rules. We have endeavored to create 
bright line provisions to the extent possible. We reiterate that 
compliance with a safe harbor does not necessarily distinguish between 
lawful and unlawful activities under the Federal anti-kickback statute. 
Compliance with a safe harbor is voluntary; arrangements that do not 
comply are not per se illegal. As we explained in the preamble to the 
1991 final safe harbors regulations:

    * * * If a person participates in an arrangement that fully 
complies with a given [safe harbor] provision, he or she will be 
assured of not being prosecuted criminally or civilly for the 
arrangement that is the subject of that provision * * * This [safe 
harbor] regulation does not expand the scope of activities that the 
statute prohibits. The statute itself describes the scope of illegal 
activities. The legality of a particular business arrangement must 
be determined by comparing the particular facts to the proscriptions 
of the statute.
    The failure to comply with a safe harbor can mean one of three 
things. First * * * it may mean that the arrangement does not fall 
within the ambit of the statute. In other words, the arrangement is 
not intended to induce the referral of business reimbursable under 
Medicare or Medicaid; so there is no reason to comply with the safe 
harbor standards, and no risk of prosecution.
    Second, at the other end of the spectrum, the arrangement could 
be a clear statutory violation and also not qualify for safe harbor 
protection. In that case, assuming the arrangement is obviously 
abusive, prosecution would be very likely.
    Third, the arrangement may violate the statute in a less serious 
manner, although not be in compliance with a safe harbor provision. 
Here, there is no way to predict the degree of risk. Rather, the 
degree of risk depends on an evaluation of the many factors which 
are part of the decision-making process regarding case selection for 
investigation and prosecution * * *. (56 FR 35952, 35954; July 29, 
1991).

    We do not believe Congress, in enacting section 1860D-4(e)(6) of 
the Act, intended to suggest that a new safe harbor is needed for all 
or even most arrangements involving the provision of electronic 
prescribing items and services. Nor do we believe a safe harbor is 
needed for all electronic health records arrangements. In general, fair 
market value arrangements that are arm's-length and do not take into 
account in any manner the volume or value of Federal health care 
program business, or arrangements that do not have as one purpose the 
generation of business payable by a Federal health care program, should 
not raise concerns under the anti-kickback statute. In addition, many 
arrangements can be structured to fit in existing safe harbors.
    Comment: Some commenters observed that in describing the 
nonmonetary remuneration that would be included in the proposed safe 
harbors, the proposed safe harbors did not reflect the many existing 
combinations and varieties of electronic prescribing, electronic health 
records, and similar technology.
    Response: As discussed more fully below, we believe that the final 
safe harbors are sufficiently broad to accommodate the most essential 
current and evolving electronic prescribing and electronic health 
records technology. We started this rulemaking process by looking to 
the guidance from the Congress in section 101 of the MMA with respect 
to electronic prescribing technology. Using our regulatory authority, 
we have added a separate safe harbor for arrangements involving 
electronic health records software or information technology and 
training services. We believe that we have appropriately balanced the 
goal of promoting widespread adoption of health information technology 
against the significant fraud and abuse concerns that stem from the 
provision of free or reduced cost goods or services to actual or 
potential referral sources.
    Comment: A commenter suggested that the final regulations should 
include provisions that allow CMS to evaluate and ensure that the 
regulatory requirements, once enacted, have not negatively impacted key 
stakeholders or business segments within the healthcare industry.
    Response: It would be inappropriate for a safe harbor under the 
anti-kickback statute to include a provision for ongoing CMS 
evaluation. Like all regulatory safe harbors, OIG may in future 
rulemaking propose modifications or clarifications to the safe harbor 
conditions, as appropriate. OIG annually solicits suggestions from the 
industry for new and modified safe harbors in accordance with section 
205 of the Health Insurance Portability and Accountability Act of 1996.
    Comment: We solicited comments on whether and, if so, how, to take 
into account recipient access to publicly available software at free or 
reduced prices. One commenter urged that the availability of free 
public software should not impact the design of the final safe harbors. 
In addition, the commenter urged that physicians and hospitals be 
granted substantial latitude in selecting interoperable technology that 
best meets their needs.

[[Page 45114]]

    Response: Upon further consideration, we have concluded that it is 
not necessary to take the availability of publicly available software 
into account in developing the final safe harbors. Hospitals, 
physicians, and other donors and recipients will have great latitude in 
selecting technology that will qualify for safe harbor protection. 
Nothing in this rule limits the choice of health information 
technology, although certain transfers of technology, such as non-
interoperable electronic health records software (as discussed below), 
would not qualify for safe harbor protection, because it would not meet 
all safe harbor conditions. As noted elsewhere, arrangements that fall 
outside a safe harbor must be evaluated under the anti-kickback statute 
on a case-by-case basis.
    Comment: Some commenters suggested that the safe harbors under the 
anti-kickback statute should mirror the exceptions under the physician 
self-referral law in all respects in order to promote the rapid and 
widespread adoption of electronic prescribing and electronic health 
records technology. A few commenters suggested that we not adopt anti-
kickback statute safe harbors or that any safe harbors should be 
stricter than any corresponding exceptions to the physician self-
referral law.
    Response: We believe consistency between these safe harbors and the 
corresponding exceptions under the physician self-referral law is 
preferable. We have attempted to ensure as much consistency between the 
two sets of regulations as possible given the underlying differences in 
the two statutory schemes.
    Comment: Some commenters wanted the final safe harbors to preempt 
any State laws or regulations that conflict with the requirements of 
the safe harbors.
    Response: The MMA specifically dictated that the Part D electronic 
prescribing standards would preempt any State law or regulation that 
(1) is contrary to the adopted final Part D electronic prescribing 
standards or that restricts the Department's ability to carry out Part 
D of Title XVIII and (2) pertains to the electronic transmission of 
medication history and information on eligibility, benefits, and 
prescriptions with respect to covered Part D drugs under Part D. 
However, no similar mandate was provided with respect to the anti-
kickback safe harbor for the donation of electronic prescribing 
technology. Moreover, the legal authority for the electronic health 
records safe harbor in this rule is derived from section 1128B(b)(3)(E) 
of the Act, which similarly does not provide authority to preempt State 
anti-kickback laws.
    Comment: Some commenters inquired whether the electronic 
information that is transmitted via electronic prescribing or 
electronic health records systems would be considered remuneration for 
purposes of the anti-kickback statute.
    Response: Whether a particular item or service constitutes 
remuneration for purposes of the anti-kickback statute depends on the 
particular facts and circumstances. Typically, information about a 
particular patient's health status, medical condition, or treatment 
exchanged between or among the patient's health care providers and 
suppliers for the purpose of diagnosing or treating the patient would 
not constitute remuneration to the recipient of the information. In 
this regard, the electronic exchange of patient health care information 
is comparable to the exchange of such information by mail, courier, or 
telephone conversation. Thus, when related to the care of individual 
patients, information such as test results, diagnosis codes, 
descriptions of symptoms, medical history, and prescription information 
are part of the delivery of the health care services and would not have 
independent value to the recipient. However, in other situations, 
information may be a commodity with value that could be conferred to 
induce or reward referrals. For example, data related to research or 
marketing purposes, or information otherwise obtained through a 
subscription or for a fee, could constitute remuneration for purposes 
of the anti-kickback statute.

B. Electronic Prescribing Safe Harbor Required Under Section 101 of the 
MMA (42 CFR 1001.952(x))

Summary of the Proposed Rule
    On October 11, 2005, as mandated in the MMA, we proposed adding a 
new paragraph (x) to the existing safe harbor regulations at 42 CFR 
1001.952 for certain electronic prescribing arrangements. Specifically, 
we proposed:
     Protecting certain arrangements involving the provision of 
nonmonetary remuneration--in the form of hardware, software, or 
information technology or training services--necessary and used solely 
to receive and transmit electronic drug prescription information. We 
construed this language broadly to include internet connectivity 
services (of all types, including broadband or wireless), and upgrades 
of equipment and software that significantly enhanced functionality.
     Requiring that the donated technology must be part of, or 
used to access, a prescription drug program that meets applicable 
standards under Medicare Part D.
     Protecting technology provided by a hospital to its 
medical staff; by a medical group practice to its members; and by a PDP 
sponsor or MA organization to prescribing health care professionals, as 
well as to pharmacies and pharmacists in the plan's network, so long as 
all of the safe harbor conditions were satisfied.
     Prohibiting a recipient from making donation of technology 
a condition of doing business with a donor.
     Requiring that protected arrangements be fully and 
completely documented.
     Excluding donations of technology that replicate 
technology the recipient already possesses. To ensure compliance with 
this provision, we proposed requiring recipients to certify that they 
did not already possess equivalent technology. Moreover, we proposed 
that donors would not be protected if they knew or should have known 
that the recipients already possessed equivalent technology.
     Requiring that neither a recipient's eligibility for 
donated technology, nor the amount or nature of the technology, could 
be determined in any manner that directly or indirectly takes into 
account the volume or value of referrals or other business generated 
between the parties.
     Requiring that the parties not take any action to impede 
the compatibility or interoperability of the technology.
     Requiring that the donor not restrict the ability of the 
recipient to use the technology for any patient, regardless of payor.
     Limiting the value of donated technology that could be 
protected by the safe harbor.
     In deference to the limitations imposed by the ``used 
solely'' standard set forth in the MMA, promulgating a separate safe 
harbor for multi-functional items and services used for electronic 
prescribing (e.g., connectivity services and multi-use hand held 
devices or computers).
Summary of the Final Rule
    The final safe harbor at 42 CFR 1001.952(x) adopts the proposed 
safe harbor, with the following key clarifications:
     The final rule protects technology necessary and used 
solely to receive and transmit any prescription information, whether 
related to drugs or to other items or services normally ordered by 
prescription (e.g., laboratory tests and durable medical equipment 
orders).

[[Page 45115]]

     Donations may be in an unlimited amount.
     We have abandoned our proposal to require that recipients 
provide a written certification that the donated technology is not 
technically or functionally equivalent to the technology the recipient 
already possessed or had obtained. We have added language that permits 
arrangements to be memorialized through cross-referencing incorporation 
of prior agreements between the parties.
     We are not finalizing a separate safe harbor for multi-
functional electronic prescribing technology.
General Comments
    Comment: Many commenters stated that the proposed electronic 
prescribing safe harbor was too narrow to be useful and should be 
merged into an electronic health records safe harbor, noting that 
physicians would likely resist adopting stand-alone electronic 
prescribing systems. One commenter observed that the proposed rule was 
generally in accordance with congressional intent underlying section 
101 of the MMA.
    Response: We agree that the proposed safe harbor was consistent 
with congressional intent. As we are not free to ignore a congressional 
mandate, we must promulgate the electronic prescribing safe harbor 
described in section 101 of the MMA. However, we are also promulgating 
a separate safe harbor for electronic health records arrangements that 
also incorporate an electronic prescribing component. This new safe 
harbor should address the commenters' concerns.
1. Protected Nonmonetary Remuneration
a. Necessary and Used Solely
    In the proposed rule, we proposed protecting items and services 
that are necessary and used solely to transmit and receive electronic 
prescription drug information. We stated that the safe harbor would not 
protect arrangements in which donors provided items or services that 
were technically or functionally equivalent to items that the recipient 
already possessed or services that the recipient had already obtained. 
We proposed requiring the recipient to certify that the items and 
services provided were not technically or functionally equivalent to 
those that the recipient already possessed or had already obtained. We 
also proposed that arrangements would not be protected if the donor 
knowingly provided technology that duplicated the recipient's existing 
technology. We indicated that upgrades of equipment or software that 
significantly enhanced the functionality of the item or service would 
be considered ``necessary'' for purposes of the safe harbor.
    Because the term ``necessary'' appeared in our proposed rulemaking 
in the discussions of all three proposed safe harbors, many commenters 
chose to address this requirement primarily in the context of the 
proposed safe harbors for electronic health records arrangements. Thus, 
there is a detailed discussion of our interpretation of the term 
``necessary'' in section II.C.1.b of this preamble, which addresses the 
new electronic health records safe harbor. We intend to interpret the 
term ``necessary'' uniformly for both new safe harbors. We are 
addressing here only those comments received on the proposed electronic 
prescribing safe harbor requirement that transferred technology be 
``necessary and used solely'' to receive and transmit electronic 
prescription information.
    Comment: One commenter observed that the ``necessary and used 
solely'' requirement ensures that items and services will be used to 
encourage electronic prescribing activities. This commenter suggested 
including an additional requirement that the items or services be 
clearly intended to promote interoperability of health information and 
the improvement of quality in a clinical setting.
    Response: We agree that it was the intent of Congress to encourage 
electronic prescribing activities, in part, through the development of 
a safe harbor for transfers of certain items and services necessary and 
used solely for electronic prescribing transactions. However, the 
intent-based additional standard suggested by the commenter, while 
reflecting laudable goals, is not sufficiently ``bright line'' for 
purposes of this safe harbor. We have included a requirement at Sec.  
1001.952(x)(2) intended to ensure that protected technology meets Part 
D electronic prescribing standards applicable at the time of the 
donation, including any standards relating to interoperability.
    Comment: Some commenters expressed concern that OIG has taken an 
unnecessarily narrow interpretation of the statutory language 
``necessary and used solely to receive and transmit electronic 
prescription information in accordance with the standards promulgated 
under this subsection [section 101 of the MMA] * * *.'' One commenter 
explained its view that the phrase ``necessary and used solely'' should 
be read so that the word ``necessary'' modifies the phrase ``to receive 
and transmit electronic prescription information'' and the phrase 
``used solely'' modifies the phrase ``in accordance with the standards 
promulgated under this subsection.'' In other words, in this 
commenter's view the protected hardware, software and services must be 
``necessary'' to perform electronic prescribing transactions ``solely'' 
in accordance with CMS established data interchange standards. This 
commenter explained that this interpretation would be consistent with 
the purpose of the safe harbor and the practical realities of computers 
and electronic transactions.
    Response: We appreciate the comment; however, we do not believe the 
commenter's proposed interpretation is the best or most logical reading 
of the statutory language. We believe the better and less strained 
reading is that Congress intended for all donated technology to be 
necessary for the receipt and transmission of electronic prescription 
information and to be used solely for that purpose. The requirement 
that the items and services be ``necessary and used solely'' for 
transmitting and receiving electronic prescribing information helps 
minimize the potential for abuse. Limiting the safe harbor to necessary 
items and services helps ensure the safe harbor does not become a means 
of conveying valuable items and services that do not further the 
underlying policy goals and that might, in reality, constitute 
disguised referral payments.
    As we noted in the preamble to the proposed rulemaking, we believe 
Congress included the ``used solely'' requirement to safeguard against 
abusive arrangements in which the donated technology might constitute a 
payment for referrals because it might have additional value 
attributable to uses other than electronic prescribing. See 70 FR at 
59018. For example, a computer that a physician can use to conduct 
office or personal business might have value to the physician apart 
from its electronic prescribing purpose; if this value is transferred 
to the physician in connection with referrals, the statute would be 
implicated.\3\ Accordingly, consistent with section 101 of the MMA, the 
final safe harbor requires that the protected items and services be 
``necessary and used solely'' to transmit or receive electronic 
prescribing information.
---------------------------------------------------------------------------

    \3\ See, e.g., 56 FR 35952, 35978 (July 29, 1991) (noting that a 
computer that has independent value to a physician may constitute an 
illegal inducement).
---------------------------------------------------------------------------

    We note that software that bundles general office management, 
billing, scheduling, electronic health records, or other functions with 
the electronic

[[Page 45116]]

prescribing features would not meet the ``used solely'' requirement and 
would not be protected by the final electronic prescribing safe harbor. 
In some cases, the provision of such bundled software may be eligible 
for protection under the new safe harbor for electronic health records 
arrangements at Sec.  1001.952(y).
    Comment: A commenter suggested that multi-functional technology be 
considered ``necessary'' so long as it includes all components required 
for a physician to prescribe electronically, even if the technology has 
other functions (e.g., a handheld device that can be used for more than 
electronic prescribing).
    Response: The commenter's suggestion, as we understand it, is not 
consistent with the MMA statutory language.
    Comment: Many commenters requested that we eliminate the proposed 
requirement that recipients provide written certification that the 
donated technology is not technically or functionally equivalent to 
technology the recipient already possesses, expressing concern about 
the possible difficulty of making this determination, the lack of 
technical expertise on the part of some recipients, and the increased 
cost that could arise by having an outside expert provide a 
determination of technical or functional equivalence. One commenter 
supported OIG's interpretation of the term ``necessary'' as permitting 
upgrades of equipment or software that significantly enhance the 
functionality of an item or service. Another commenter suggested that 
we should not require that the upgrades ``significantly'' enhance the 
functionality of the item or service. Rather, the commenter believed 
that we should allow the marketplace to determine whether an upgrade 
constitutes a beneficial improvement.
    Response: For the reasons noted in detail below in section 
II.C.1.b.i, with respect to the electronic health records safe harbor, 
we are not adopting the proposed requirement that recipients provide 
written certification that the donated technology is not technically or 
functionally equivalent to technology the recipient already possesses. 
However, while we are eliminating the certification requirement, we do 
not believe items and services are ``necessary'' for electronic 
prescribing if the recipient already possesses equivalent items or 
services. The provision of equivalent items and services poses a 
heightened risk of abuse, since such arrangements potentially confer 
independent value on the recipient (i.e., the value of the existing 
items and services that might be put to other uses) unrelated to the 
need for electronic prescribing technology. Thus, if a donor knows that 
the recipient already possesses the equivalent items or services, or 
acts in deliberate ignorance or reckless disregard of that fact, the 
donor will not be protected by the safe harbor. Thus, prudent donors 
may want to make reasonable inquires of potential recipients and 
document the communications. We do not believe this requirement 
necessitates the hiring of technical experts by either the donor or the 
recipient. Further, with respect to upgrades of equipment or software, 
we agree with the commenter that distinguishing ``significant'' 
enhancements from other beneficial improvements introduces unnecessary 
complexity. Under the final safe harbor, any upgrade that is necessary 
and used solely to transmit and receive electronic prescribing 
information will be protected (so long as all other safe harbor 
conditions are satisfied).
    Comment: Many commenters noted that it would be impractical to 
require physicians to acquire or use software and hardware solely for 
electronic prescribing. Several commenters noted that, in most cases, 
single-use technology is of limited value to a physician, and could 
result in inefficiencies. Another commenter expressed concern that the 
``used solely'' standard would preclude the use of robust electronic 
clinical support tools, such as tools to identify drug-to-drug 
interactions, or to conduct drug-to-laboratory or prescription data 
analysis. This commenter urged that any exceptions from the fraud and 
abuse laws for health information technology arrangements promote 
access to all information needed by physicians to evaluate alternative 
drug therapies, identify potential drug-to-drug interactions, and to 
improve safety, quality, and efficiency of patient care.
    Response: The ``used solely'' condition derives directly from the 
MMA language. We believe that many of the arrangements of interest to 
the commenters are best addressed by the electronic health records safe 
harbor, which is not restricted to technology used solely for 
electronic prescribing.
    The MMA-mandated electronic prescribing safe harbor is reasonably 
interpreted to encompass electronic tools that provide information 
necessary to formulate, transmit, or receive a medically appropriate 
prescription for a patient. These would include electronic clinical 
support tools identifying alternative drug therapies, drug-to-drug 
interactions, or a payor's formulary information. The nature of the 
``prescription data analysis'' tools referenced by the commenter is not 
clear. We believe the appropriate inquiry would be whether the tool is 
used to formulate and transmit or receive a medically appropriate 
prescription for a patient. To the extent the data analysis tool (or 
any other electronic item or service) is used to transmit or receive 
data unrelated to a medically appropriate prescription for a patient 
(e.g., data collected for marketing purposes), the tool would not be 
necessary for electronic prescribing and would not come within the safe 
harbor.
b. Covered Technology
    In our proposed rule, we proposed protecting hardware, software, or 
information technology and training services that met the various safe 
harbor conditions. We interpreted our proposed language to include 
broadband or wireless internet connectivity, training, information 
technology support services, and other items and services used in 
connection with the transmission or receipt of electronic prescribing 
information.
    Comment: Various commenters suggested that the scope of covered 
technology should be expanded to include: Billing, scheduling, and 
other administrative functions; implementation and maintenance of the 
system; ``upgrades;'' and licenses, rights of use, or intellectual 
property. Commenters also urged that any safe harbor cover educational 
sessions and consulting assistance related to the electronic 
prescribing technology. Commenters generally agreed that the provision 
of equipment for personal, non-medical purposes should not be 
protected. One commenter suggested that it would not be possible to 
develop a comprehensive list of protected technology transfers that 
would sufficiently reflect all possible electronic prescribing items 
and services. The commenter recommended that OIG periodically review 
the scope of protected items and services, and expand it as needed.
    Response: We agree that it would be difficult to provide a 
comprehensive list of specific items and services covered by the safe 
harbor. While a specific list would provide a ``bright line'' rule, in 
this case it would also impede the ability of the safe harbor to 
accommodate novel or rapidly evolving technologies in the marketplace. 
For these reasons, we are not promulgating a specific list of protected 
items and services.
    Consistent with the MMA mandate, covered items and services under

[[Page 45117]]

Sec.  1001.952(x) include ``hardware, software, and information 
technology and training services'' that are necessary and used solely 
for electronic prescribing and that meet all other safe harbor 
conditions. We believe that licenses, rights of use, intellectual 
property, upgrades, and educational and support services (including, 
for example, help desk and maintenance services) are items and services 
that can potentially fit in the safe harbor, if all safe harbor 
conditions are met. Billing, scheduling, administrative, and other 
general office software cannot. Operating software that is necessary 
for the hardware to operate can qualify for safe harbor protection 
because it is integral to the hardware. Moreover, operating software is 
distinct from other software applications that are not necessary to 
transmit or receive electronic prescribing information. Patches 
designed to link the donor's existing electronic prescribing system to 
the recipient's existing electronic prescribing system can qualify for 
protection. The provision of technology for personal, non-medical 
purposes is not protected, nor is the provision of office staff.
    Comment: We solicited comments on whether the safe harbor should 
protect electronic prescribing technology that is used for the 
transmission of prescription information for items and services that 
are not drugs (e.g., durable medical equipment or laboratory tests). 
Several commenters suggested that the safe harbor should support the 
use of electronic prescribing technology for all the functions 
currently accomplished through written prescriptions, in order to 
encourage provider utilization of electronic prescribing technology to 
increase safety, cost-effectiveness, and efficiency. The commenters 
suggested including electronic prescribing technology used for 
prescribing medical supplies and durable medical equipment, physical 
therapy, dialysis testing, laboratory tests, and other non-drug 
prescriptions. A commenter from the clinical laboratory industry 
supported a broad reach, but only if clinical laboratories were 
included as permissible donors under the safe harbor.
    Response: We agree generally with the first set of commenters. We 
have reviewed further the language in section 101 of the MMA. The MMA-
mandated safe harbor language requires that the donated technology be 
capable of receiving and transmitting ``electronic prescription 
information'' in accordance with the electronic prescribing standards 
promulgated for purposes of the MMA electronic prescription drug 
programs. We believe that the specific term ``electronic prescription 
information'' as commonly used and as used in the MMA-mandated safe 
harbor provision retains a broad meaning, to include information about 
prescriptions for any items or services that would normally be 
accomplished with a written prescription. In contrast, the information 
to be transmitted under an electronic prescription drug program 
established under the MMA is clearly limited to drug information for 
Part D eligible individuals. Moreover, we do not think that the 
statutory language is intended to be construed to prohibit the use of 
the donated technology for the transmission and receipt of orders or 
prescriptions for other items and services or to require the use of 
separate systems depending on the item or service to be prescribed or 
ordered. We believe this approach is consistent with the objectives of 
the electronic prescribing standards and the patient safety, quality, 
and efficiency goals underlying the mandated exception. Accordingly, we 
are defining ``prescription information'' for purposes of the safe 
harbor to mean information about prescriptions for drugs or any other 
item or service normally accomplished through a written prescription.
    With respect to the clinical laboratory commenter, consistent with 
the MMA language, we are not including clinical laboratories as 
permissible donors under the safe harbor. However, we have expanded the 
new safe harbor for electronic health records arrangements to include 
clinical laboratories.
2. Final Standards for Electronic Prescribing
    The MMA required that donated electronic prescribing technology 
comply with the final standards for electronic prescribing as adopted 
by the Secretary. The first set of these standards (the ``foundation 
standards'') was finalized by the Department on November 7, 2005. See 
70 FR 67568. We received no comments on this issue. The final safe 
harbor at Sec.  1001.952(x)(2) requires that the donated technology 
comply with the applicable standards for electronic prescribing as 
adopted by the Secretary.
3. Donors and Recipients Protected by the Safe Harbor
    We proposed protecting the same categories of donors and recipients 
listed in section 101 of the MMA. Because most commenters commented on 
this issue jointly with the proposed electronic health records 
arrangements safe harbors, we have included a detailed description of 
these comments in our discussion of the electronic health records safe 
harbor below at section II.C.3. of this preamble.
    Comment: We received numerous comments requesting that we expand 
the list of protected donors and recipients to include a variety of 
providers, practitioners, suppliers, and their affiliates.
    Response: We are finalizing the safe harbor consistent with the MMA 
mandated donors and recipients. We are not persuaded that additional 
donors or recipients are necessary to achieve the purpose of this safe 
harbor for electronic prescribing. The enumerated categories of donors 
and recipients reflect individuals and entities centrally involved in 
the ordering, processing, filing, or reimbursing of prescriptions. 
Accordingly, protected donors and recipients under Sec.  1001.953(x) 
are: hospitals to members of their medical staffs; group practices to 
their physician members; and PDP sponsors and MA organizations to 
network pharmacists and pharmacies, and to prescribing health care 
professionals. For the reasons set forth in the preamble to the 
proposed rulemaking, and in the absence of any comments to the 
contrary, we are adopting our proposed definitions of group practice, 
member of the group practice, prescribing health care professional, PDP 
sponsor and MA organization. Group practice shall have the meaning set 
forth at Sec.  411.352; member of the group practice shall mean all 
persons covered by the definition of ``member of the group or member of 
a group practice'' at Sec.  411.351, as well as other prescribing 
health care professionals who are owners or employees of the group 
practice; prescribing health care professional shall mean a physician 
or other health care professional licensed to prescribe drugs in the 
State in which the drugs are dispensed; PDP sponsor or MA organization 
shall have the meanings set forth at Sec. Sec.  423.4 and 422.2, 
respectively.
    We have revisited the issue of protected donors and recipients in 
the context of the electronic health records arrangements safe harbor 
at Sec.  1001.952(y), as discussed in the preamble below at section 
II.C.3.
4. Additional Conditions on the Provision of Qualifying Electronic 
Prescribing Technology
Promoting Compatibility and Interoperability
    Most commenters addressed the issue of the compatibility and 
interoperability of the donated technology with respect

[[Page 45118]]

to all three proposed safe harbors. We have included a discussion of 
these comments in the section of this preamble addressing the 
electronic health records safe harbor at Sec.  1001.952(y). For the 
reasons set forth there, we have adopted, with clarifying 
modifications, our proposed restriction on disabling the compatibility 
and interoperability of donated technology under the electronic 
prescribing safe harbor at Sec.  1001.952(x)(3). For clarity, we have 
included in Sec.  1001.952(x) the same definition of ``electronic 
health record'' found in Sec.  1001.952(y).
Limit on Value of Technology
    In our proposed rule, we solicited public comments on various means 
by which we might limit the value of protected technology under the 
electronic prescribing safe harbor. We indicated that we were 
considering a limit on the value of protected technology as a further 
safeguard against fraud and abuse, since, in our experience, the risk 
of fraud and abuse generally (although not always) increases with the 
value of the remuneration offered. We received a large number of 
comments on this topic, the majority of which opposed any limit on the 
value of donated technology. Because these commenters typically 
commented jointly on this issue for all three proposed safe harbors 
(and each commenter typically had the same concerns under all three 
proposed safe harbors), an extensive description of these comments is 
found in section II.C.6. of this preamble. Having considered the 
comments, we are persuaded not to limit the value of the donated 
technology under the new safe harbor for electronic prescribing 
arrangements at Sec.  1001.952(x). We believe the final conditions of 
the safe harbor, including the ``necessary and used solely'' 
requirement, should be sufficient to minimize the potential for abuse. 
Although we are not limiting the value of donated technology, it is not 
our expectation that donors will necessarily want or be in a position 
to donate unlimited amounts of electronic prescribing technology.
Selection of Recipients of Donated Technology
    We proposed additional conditions in proposed Sec. Sec.  
1001.952(x)(5) and (x)(6) related to how donors select recipients of 
the electronic prescribing technology. These proposed conditions were 
designed to minimize the risk that donors would select recipients for 
the improper purpose of inducing or rewarding the generation of Federal 
health care program business. Proposed Sec.  1001.952(x)(5) would 
require that the recipients (including their groups, employees, or 
staff) refrain from making the donation of qualifying electronic 
prescribing technology a condition of doing business with the donor. 
Proposed Sec.  1001.952(x)(6) would preclude safe harbor protection if 
the eligibility of a recipient to receive items and services from a 
donor, or the amount or nature of the items or services received, is 
determined in any manner that takes into account the volume or value of 
the recipient's referrals or other business generated between the 
parties. We observed that this requirement would not preclude selecting 
a recipient based upon the total number of prescriptions written by the 
recipient, but would preclude selecting the recipient based upon the 
number or value of prescriptions written by the recipient that are 
dispensed or paid by the donor (as well as on any other criteria based 
on any other business generated between the parties). (70 FR at 59021).
    Comment: Commenters requested that we confirm that donors can 
select recipients of electronic prescribing technology based upon the 
total number of prescriptions written by the recipient, but cannot 
select them based upon the number or value of prescriptions written by 
the recipient that are dispensed or paid by the donor (or on any other 
criteria based on any other business generated between the parties). A 
commenter supported excluding from safe harbor protection donations 
that take into account directly the volume or value of referrals or 
other business generated between the parties. This commenter expressed 
concern that donors would employ such selection criteria to 
disadvantage small practices and practices in rural or underserved 
areas. To counter this potential disadvantage, the commenter suggested 
that the final rule include incentives to promote donations to small 
practices, especially in rural and underserved areas. Other commenters 
suggested that donors, such as PDP sponsors, MA organizations, and 
pharmacy benefits managers, should be permitted to consider the volume 
and value of prescriptions written by the recipient, particularly for a 
donor's patient or plan population.
    Response: To safeguard against the use of donated technology to 
disguise referral payments, we are adopting our proposal that neither 
the eligibility of a recipient to receive items and services, nor the 
amount or nature of the items or services received, may be determined 
in a manner that takes into account, directly or indirectly, the volume 
or value of the recipient's referrals or other business generated 
between the parties. Notwithstanding, in the instant case, we believe 
that prohibiting the selection of recipients based on total number of 
prescriptions written by the recipient would be inconsistent with the 
MMA mandate and congressional intent to promote the use of electronic 
prescribing. Accordingly, we confirm our interpretation, for purposes 
of the safe harbor at Sec.  1001.952(x), that donors may select 
recipients of electronic prescribing technology based upon the total 
number of prescriptions written by the recipient, but cannot select 
them based upon the number or value of prescriptions written by the 
recipient that are dispensed or paid by the donor (or on any other 
criteria based on any other business generated between the parties). 
Donors also may not select recipients based on the overall value of 
prescriptions written by the recipient or on the volume or value of 
prescriptions written by the recipient that are reimbursable by any 
Federal health care program.
    We are not persuaded that PDP sponsors or MA organizations should 
be permitted to offer technology selectively based on the volume or 
value of business generated for the plan by the recipient, especially 
in the context of Part D, which includes some reimbursement based on 
the plan's costs, rather than capitated payments. The final safe harbor 
does not include pharmacy benefit managers.
    The safe harbor would not protect arrangements that seek to induce 
a recipient to change loyalties from other providers or plans to the 
donor (e.g., a hospital using an electronic prescribing technology 
arrangement to induce a physician who is on the medical staff of 
another hospital to join the donor hospital's medical staff), because 
such arrangements take into account business generated for the donor.
    We understand the commenter's concern about donors excluding rural 
and underserved area physicians from their health information 
technology arrangements. Some donors may favor large or urban practices 
over small or rural ones. However, we can discern no ``incentives'' 
that could be included appropriately in a safe harbor to address this 
concern, nor has the commenter proposed any with respect to assisting 
rural or solo practitioners. We note that our decision, explained 
elsewhere, not to limit the value of technology that can qualify under 
the safe harbor may assist rural and solo practices insofar as donors 
may want to provide them with greater resources in recognition of their

[[Page 45119]]

greater need for assistance in adopting electronic prescribing 
technology.
    Comment: Some commenters supported our proposal to exclude from 
safe harbor protection donations that are a condition of doing business 
with the donor.
    Response: We are retaining the proposed requirement that recipients 
(or any affiliated group, employee, or staff member) cannot make the 
receipt of items or services a condition of doing business with the 
donor. We have clarified that the condition applies with respect to all 
individuals and entities affiliated with the recipient.
Documentation
    We proposed at Sec.  1001.952(x)(7) a requirement that the 
arrangement for the donation of electronic prescribing technology be in 
writing, be signed by the parties, identify with specificity the items 
or services being provided and their values, and include a 
certification that the donated items and services not be technically or 
functionally equivalent to items and services the recipient already 
has. We stated that to permit effective oversight of protected 
arrangements, the writing must cover all qualifying electronic 
prescribing technology provided by the donor (or affiliated parties) to 
the recipient. For example, if a donor provides a piece of hardware 
under one arrangement and subsequently provides a software program, the 
agreement regarding the software would have to include a description of 
the previously donated hardware (including its nature and value).
    Comment: Some commenters supported the requirement that any 
transfers of technology and services be memorialized in a written 
agreement. One commenter objected to including a written agreement 
requirement in the safe harbor, arguing that the requirement would 
cause an unnecessary delay and increase paperwork. Another commenter 
suggested that the safe harbor permit the arrangement between the donor 
and recipient to be captured through a combination of agreements 
between the recipient, donor, and service provider, rather than one 
agreement. Commenters also urged OIG to remove the technical and 
functional equivalency certification requirement from the safe harbor.
    Response: We have adopted the documentation requirement in the 
final safe harbor at Sec.  1001.952(x)(7) with several modifications. 
With respect to the condition requiring that the documentation cover 
all of the electronic prescribing items and services to be provided by 
the donor (or affiliated parties) to the recipient, we have added 
language to the final safe harbor clarifying that the written 
documentation requirement can be satisfied by incorporating by 
reference other agreements between the parties or by the use of cross 
references to a master list of agreements between the parties that is 
maintained and updated centrally, is available for review by the 
Secretary upon request, and preserves the historical record of 
agreements. We have eliminated the certification of technical and 
functional non-equivalency. Also, given our decision not to limit the 
value of protected donations, we have eliminated the requirement that 
the agreement specify the value of the donated technology. However, in 
the interests of transparency and accountability, we are requiring that 
the parties document the donor's costs for the technology. We have 
retained the remaining documentation requirements, as proposed, at 
Sec.  1001.952 (x)(7). Finally, nothing in this safe harbor requires 
that agreements between donors and recipients also be signed by third-
party vendors; however, such documentation may be a prudent business 
practice.
All Payors Requirement
    Comment: We proposed that, where possible, recipients must be able 
to use the protected technology for all patients without regard to 
payor status. Commenters that addressed the issue universally supported 
this requirement.
    Response: We agree and have included this requirement in the final 
safe harbor at Sec.  1001.952(x)(4).
Commercial and Other Messaging
    Comment: A commenter requested clear and specific rules prohibiting 
inappropriate commercial messaging through electronic prescribing 
technology, including electronic detailing messages from a manufacturer 
promoting a particular brand or brand-name drug. This commenter 
explained that such messaging may inappropriately influence clinical 
decision-making. The commenter gave the following as examples of 
inappropriate messaging: Messages disguised as ``clinical alerts'' 
based upon biased research not published in the public domain and 
alerts purporting to save a patient money when in reality the out-of-
pocket expense for the drug to the patient is higher. Another commenter 
suggested that OIG prohibit commercial messaging and require that 
donated technologies present information in a neutral and transparent 
manner so as not to influence clinical decision-making improperly. 
Similarly, another commenter noted that pop-up messaging could 
inappropriately influence prescribing patterns. The commenter provided 
the example of making the procedure for prescribing certain formulary 
drugs very easy and straightforward, while attempts to prescribe other 
formulary drugs trigger multiple pop-up notices or require a series of 
additional steps.
    Response: Technology used for marketing purposes would not meet the 
``necessary and used solely'' standard required by the MMA for the 
electronic prescribing safe harbor, because marketing information is 
not the type of clinical support that is integral to prescribing 
accurate and appropriate items and services for patients.
    We do not believe it would be feasible or appropriate to regulate 
the content of commercial messaging or formulary compliance activities 
through these safe harbors to the anti-kickback statute. The regulation 
of speech is outside the scope of this rulemaking. Nor, in any event, 
would a condition in these safe harbors related to the accuracy or 
objectivity of the content of messages or formulary activities be 
sufficiently ``bright line'' to be practical or readily enforceable. 
That said, the commenter raises important concerns about messaging and 
formulary activities. Nothing in this rulemaking (either for the 
electronic prescribing safe harbor at Sec.  1001.952(x) or for the 
electronic health records safe harbor at Sec.  1001.952(y)) should be 
construed to approve of or authorize any commercial messaging or 
formulary compliance activity (or any other conduct) that is prohibited 
by any Federal, State, or local law or regulation. Nothing in this 
rulemaking protects parties from liability for improper messaging or 
formulary activities, including, without limitation, liability for the 
promotion of adulterated, misbranded, or unapproved drug or devices, 
off-label marketing, consumer fraud, inappropriate formulary 
activities, and the like.
5. Multi-Functional Technology
    We proposed using our regulatory authority under section 
1128B(b)(3)(E) of the Act to create an additional safe harbor to 
protect the provision by donors to recipients of some limited hardware 
(including necessary operating system software) and connectivity 
services used for more than one function, so long as a substantial use 
of the item or service is to receive or transmit electronic 
prescription information.
    Comment: Most commenters supported a safe harbor that would extend 
protection to technology beyond

[[Page 45120]]

that which is ``necessary and used solely'' for electronic prescribing. 
Many commenters expressed the hope that multi-functional technology 
would ultimately be captured in an electronic health records safe 
harbor.
    Response: We have decided not to create a separate safe harbor for 
multi-functional hardware and connectivity. Instead, we are creating a 
new safe harbor for the protection of certain arrangements involving 
electronic health records software and services (including connectivity 
services) that will more directly further the overall goal of 
widespread adoption of interoperable electronic health records 
technology without some of the fraud and abuse risks inherent in gifts 
of multi-functional hardware. The public comments support this 
approach, as more fully described in the next section. As set forth 
below at Sec.  1001.952(y), we have finalized a single safe harbor for 
certain electronic health records software or information technology 
and training services.

C. Electronic Health Records Arrangements Safe Harbor (42 CFR 
1001.952(y))

Summary of the Proposed Rule
    Prior to publication of the proposed rulemaking, many in the 
hospital industry, among others, raised the issue of the need for safe 
harbor protection for arrangements involving technology other than 
technology used for electronic prescribing. To encourage the adoption 
of electronic health records technology consistent with the ultimate 
goal of achieving fully interoperable electronic health records for all 
patients, we proposed using our legal authority at section 
1128B(b)(3)(E) of the Act to promulgate two safe harbors related to 
electronic health records software and directly related training 
services that are necessary and used solely to receive, transmit, or 
maintain electronic health records of the donor's or recipient's 
patients. We did not propose protecting hardware in either safe harbor, 
because we believed electronic health records software and training 
services were the components of electronic health records systems most 
likely to be needed by recipients, and because gifts of valuable, 
multi-functional hardware (such as computers and servers) would 
inherently pose a higher risk of constituting a disguised payment for 
referrals.
    The first proposed safe harbor would have applied to donations made 
before adoption by the Secretary of product certification criteria, 
including criteria for interoperability, functionality, and privacy and 
security of electronic health records technology (``product 
certification criteria''). (We referred to this proposed safe harbor as 
the ``pre-interoperability'' safe harbor.) See 70 FR at 59022-23. Among 
other provisions, we proposed:
     That the electronic health records software would have to 
be essential to and used solely for the transmission, receipt, and 
maintenance of patients' electronic health records and prescription 
drug information.
     That the software would have to include an electronic 
prescribing component in accordance with the final standards 
established by the Secretary under the Part D electronic prescription 
drug program.
     That the pre-interoperability safe harbor would not 
protect the provision of other types of technology (e.g., billing, 
scheduling, or general office management software) or any software used 
by the recipient to conduct business or engage in activities unrelated 
to the recipient's medical practice. We also proposed to exclude from 
the safe harbor the provision of staff to the recipient or its office.
     That we would define the term ``electronic health 
records.''
     That the safe harbor would include documentation 
provisions comparable to those proposed for the electronic prescribing 
safe harbor.
     That the safe harbor would preclude protection for any 
arrangement in which the donor or its agents disable the 
interoperability of any component of the software or otherwise imposed 
barriers to compatibility.
     That the safe harbor might limit the aggregate value of 
protected technology that a donor could provide to a recipient under 
the pre-interoperability safe harbor or in combination with the other 
proposed safe harbors. We noted that we were considering the same 
alternatives we proposed for setting a value for the electronic 
prescribing safe harbor. These could include an aggregate dollar cap; a 
limitation that would require cost sharing by the recipient; or another 
methodology, including a reduction in the amount of any cap over time.
     That the safe harbor would prohibit donors from shifting 
the costs of the donated technology to the Federal health care programs 
or beneficiaries.
     That the safe harbor would include the same categories of 
donors and recipients that we proposed for the electronic prescribing 
arrangements safe harbor.
     That the safe harbor would include other requirements 
drawn from the proposed electronic prescribing safe harbor, including 
the restriction on arrangements tied to the volume or value of 
referrals or other business generated (proposed Sec.  1001.952(x)(6)); 
the anti-solicitation provision (proposed Sec.  1001.952(x)(5)); and 
the proposed all payors condition (proposed Sec.  1001.952(x)(4)).
     That the pre-interoperability safe harbor might sunset 
once interoperability standards were finalized.
    Recognizing that once standards and product certification criteria 
were developed and adopted by the Secretary for electronic health 
records (including standards for interoperability), some enhanced 
flexibility in the conditions applicable under a safe harbor for 
electronic health records arrangements might be appropriate, we 
proposed a second safe harbor, which we referred to as the ``post-
interoperability'' safe harbor. We noted that adoption of uniform 
interoperability standards, as well as product certification standards 
to ensure that products meet those standards, would help prevent 
certified technology from being used by unscrupulous parties to lock in 
streams of referrals or other business. While interoperability does not 
eliminate the risk of improper referral payments (parties might still 
use the offer or grant of interoperable technology as a vehicle to 
induce referrals), it potentially mitigates the risk sufficiently to 
warrant different or modified safe harbor conditions.
    In summary, for the post-interoperability safe harbor, we proposed:
     Requiring protected technology to be certified in 
accordance with product certification criteria adopted by the 
Secretary, and to include an electronic prescribing component that 
complies with the electronic prescribing standards established by the 
Secretary for the Part D program, to the extent those standards are not 
incorporated into the product certification criteria; and
     Including the same conditions proposed for the pre-
interoperability safe harbor, with the following differences: (1) Some 
additional software applications might be included, so long as 
electronic health records and electronic prescribing remained core 
functions; (2) additional categories of donors and recipients might be 
included; (3) specific selection criteria might be included to identify 
acceptable methods for selecting recipients; and (4) there might be a 
potentially larger limit on the value of protected technology.
    When we issued the proposed rulemaking, we indicated that, given 
the

[[Page 45121]]

number of important variables and the inherent risk of fraud and abuse 
typically posed by gifts of items and services to potential referral 
sources, we did not have sufficient information to draft safe harbor 
regulatory language. We proposed and solicited extensive public comment 
on the scope and conditions for the electronic health records 
arrangements safe harbors.
Summary of the Final Rule
    Consistent with the majority of public comments, we have finalized 
one safe harbor for arrangements involving electronic health records 
that, effectively, combines the pre- and post-interoperability 
proposals. Separate safe harbors are no longer necessary, in part, 
because criteria for product certification are available. The final 
safe harbor protects arrangements involving electronic health records 
software or information technology and training services necessary and 
used predominantly to create, maintain, transmit, or receive electronic 
health records. In many respects, the provision of electronic health 
records technology to physicians and others poses greater risk of fraud 
or abuse than the provision of electronic prescribing technology; 
electronic health records technology is inherently more valuable to 
physicians and other recipients in terms of actual cost, avoided 
overhead, and administrative expenses of an office practice. The final 
safe harbor conditions, in combination, should promote the important 
national policy goal of open, interconnected, interoperable electronic 
health records systems that improve the quality of patient care and 
efficiency in the delivery of health care to patients, without 
protecting arrangements that pose an undue risk of fraud and abuse.
    In summary, the final safe harbor includes the following 
conditions:
     The safe harbor protects transfers of electronic health 
records software or information technology and training services 
necessary and used predominantly to create, maintain, transmit, or 
receive electronic health records (provided all safe harbor conditions 
are satisfied). We have not included hardware. We have clarified that 
the safe harbor covers ``information technology services,'' which we 
interpret as including, for example, connectivity and maintenance 
services. We interpret ``training services'' to include help desk and 
other similar support. We have eliminated the language that required 
the training services to be ``directly related'' because it was 
superfluous in light of the language requiring the training services to 
be ``necessary and used'' for electronic health records purposes.
     We have not adopted the proposal that the protected 
technology be used solely for electronic health records purposes. 
Instead, we have included a condition making clear that electronic 
health records purposes must be predominant. Thus, depending on the 
circumstances, some software that relates to patient administration, 
scheduling functions, and billing and clinical support can be included. 
We have expressly excluded the provision of any technology used 
primarily to conduct personal business or business unrelated to the 
recipient's clinical practice or clinical operations, as well as the 
provision of staff to the recipient or the recipient's office.
     In order to qualify for protection, at the time of 
donation the software must be interoperable. Products that are 
certified by a certifying body recognized by the Secretary will be 
deemed interoperable under circumstances set forth in the regulation. 
Software must contain an electronic prescribing capability, either 
through an electronic prescribing component or the ability to interface 
with the recipient's existing electronic prescribing system which 
complies with the foundation standards set forth in 70 FR 67568 
(November 7, 2005) and other final electronic prescribing standards, 
when adopted. Moreover, the donor (or any agent) must not take any 
steps to disable the interoperability of any technology or otherwise 
impose barriers to compatibility of the donated technology with other 
technology.
     The final safe harbor protects arrangements involving 
donors that are (i) health plans or (ii) individuals or entities that 
provide covered services and submit claims or requests for payment to a 
Federal health care program, and recipients that are individuals or 
entities engaged in the delivery of health care.
     The final rule clarifies that donors cannot select 
recipients in a manner that directly takes into account the volume or 
value of referrals or other business generated between the parties. 
However, donors may select recipients of donated electronic health 
records technology using means that do not directly take into account 
the volume or value of referrals from the recipient or other business 
generated between the parties. The final rule sets forth examples of 
specific criteria that will be deemed to meet this condition.
     The final rule does not limit the aggregate value of 
technology that may qualify for safe harbor protection. It does contain 
a requirement that the recipient pay 15 percent of the donor's costs. 
No portion of this contribution may be funded by the donor (or any 
affiliate of the donor).
     The final safe harbor adopts the proposed documentation 
requirements and includes a requirement that the donor's costs and 
recipient's contribution be documented in the written agreement between 
the parties. The final safe harbor does not require that recipients 
certify that they do not already possess equivalent technology. The 
final safe harbor precludes protection if the donor knows that the 
recipient already has equivalent technology or acts in deliberate 
ignorance or reckless disregard of that fact. The final safe harbor 
permits documentation through cross-referencing or incorporation of 
other agreements between the parties.
     The final safe harbor adopts the proposed conditions 
related to use of the technology by all payors; non-solicitation by 
recipients; and the bar on cost shifting to Federal programs.
     The final safe harbor sunsets on December 31, 2013.
General Comments
    Comment: Several commenters urged that OIG set out specific 
regulatory language for an electronic health records safe harbor. Some 
commenters believed that the lack of specific proposed safe harbor 
regulatory text meant that we had not proposed safe harbors.
    Response: These commenters misconstrued our proposed rulemaking. 
Nothing in the Administrative Procedure Act governing notice and 
comment rulemaking requires an agency to propose specific regulatory 
text; rather, the notice shall include ``either the terms or substance 
of the proposed rule or a description of the subjects and issues 
involved.'' 55 U.S.C. 553(b)(3). We proposed safe harbors for 
electronic health records technology, as described in detail in the 
preamble to our proposed rulemaking. Virtually all commenters responded 
to these proposals. The final regulations set forth specific regulatory 
language for a new safe harbor at Sec.  1001.952(y).
    Comment: Most commenters expressed concern with the pre- and post-
interoperability bifurcated approach to the safe harbors, asserting 
that a bifurcated process was not necessary, too confusing, and 
contrary to the goal of achieving widespread adoption of health 
information technology. These commenters urged OIG to abandon the 
bifurcated approach and publish one final safe harbor for remuneration 
in the form of electronic health records technology. Commenters

[[Page 45122]]

urged OIG and CMS to adopt similar approaches to a post-
interoperability safe harbor under the anti-kickback statute and 
exception under the physician self-referral law. However, the 
commenters believed that the product certification provision should be 
omitted at this time and added if necessary when all of the product 
certification standards have been developed.
    Response: We have finalized one safe harbor for arrangements 
involving electronic health records software or information technology 
and training services. We have coordinated with CMS to ensure as much 
consistency between the two sets of regulations as possible, given the 
underlying differences in the two statutory schemes.
    Comment: Some commenters suggested that the general concept of 
interoperability should be incorporated into the pre-interoperability 
safe harbor, even if product certification is not required. Many 
commenters stated that encouraging electronic health records 
arrangements before interoperability standards would be bad public 
policy. Some commenters believed that a product certification process 
that would include interoperability standards is already underway and 
within the timeframe for this rulemaking. Others expressed that OIG 
should either not wait until certification standards are adopted before 
finalizing the post-interoperability safe harbor or should not finalize 
either of the safe harbors until the certification standards are 
adopted. One commenter expressed that since timetables for the safe 
harbor rulemaking and for the certification standards were not known, 
OIG should consider writing the regulation from the pre-
interoperability perspective and should address the post-
interoperability era in the future.
    Response: We agree with the commenters that a bifurcated approach 
is not necessary. We are not promulgating separate safe harbors. The 
industry has made considerable progress in developing certification 
criteria for electronic health records products within a very short 
time. One certification organization has already completed an initial 
set of certification criteria for ambulatory electronic health records. 
In some cases, there may be products for which no certification 
standards are available. To address this situation and to ensure 
interoperability to the extent possible, the final safe harbor requires 
that donated software be interoperable and bars donors or their agents 
from taking any actions to disable or limit interoperability. This 
latter condition also protects against donors who may improperly 
attempt to create closed or limited electronic health records systems 
by offering technology that functionally or practically locks in 
business for the donor.
    Comment: Some commenters suggested that early adopters of 
electronic health records technology should be offered incentives or 
rewards, because otherwise physicians or other recipients might delay 
investing their own funds in electronic health records systems while 
waiting for a donor to offer them free technology. The commenters 
stated that this delay would have a detrimental effect on the adoption 
of electronic health records technology.
    Response: It is unclear what types of incentives or rewards the 
commenters are requesting. We note that the safe harbor does not 
provide incentives or rewards for early adopters, nor would it be 
appropriate for a safe harbor to do so; rather, the safe harbor 
protects the transfer of certain electronic health records technology 
when all conditions of the safe harbor are satisfied. The safe harbor 
would not protect any cash reimbursement paid to recipients for costs 
they incurred in adopting technology.
    Comment: One commenter requested that OIG and CMS coordinate with 
the Internal Revenue Service (IRS) to provide guidance through an IRS 
revenue ruling publication to alleviate tax exemption concerns.
    Response: This comment addresses a matter outside the scope of this 
rulemaking.
1. Protected Nonmonetary Remuneration
a. ``Electronic Health Record''
    Comment: We requested comments on how to define ``electronic health 
record.'' One commenter suggested that electronic health record be 
defined as electronically originated and/or maintained clinical health 
information, that may incorporate data derived from multiple sources 
and that replaces the paper record as the primary source of patient 
information. Another commenter suggested that OIG protect any 
interoperable component or module of an electronic health record. A 
third commenter suggested that ``electronic health records'' be defined 
for safe harbor purposes to accomplish two objectives: (1) To promote a 
connected system of electronic healthcare information available to all 
doctors and patients whenever and wherever possible and (2) to promote 
the collection of quality and outcome measures to facilitate pay-for-
performance payment methodologies. This commenter pointed to the 
Medicare Payment Advisory Commission (MedPAC) description of electronic 
health record clinical information technology and suggested that we 
define ``electronic health record'' to include applications that permit 
the following functions: Tracking patients' care over time; allowing 
physicians to order medications, laboratory work, and other tests 
electronically and access test results; providing alerts and reminders 
for physicians; and producing and transmitting prescriptions 
electronically. See MedPac Report to the Congress Medicare Payment 
Policy at 206 (2005) (available at http://www.medpac.gov/publications/congressional_reports/Mar05_EntireReport.pdf.) A commenter requested 
that ``electronic health records'' be defined broadly enough to include 
applications that capture clinical trial data. Another commenter did 
not think it was in the best interest of the industry for OIG to 
propose such a definition at this time.
    Response: For the purpose of this rulemaking, we are adopting a 
broad definition of ``electronic health record.'' An electronic health 
record will be defined as: ``A repository of consumer health status 
information in computer processable form used for clinical diagnosis 
and treatment for a broad array of clinical conditions.'' We are 
adopting a broad definition consistent with our goal of encouraging 
widespread adoption of electronic health records technology.
    Comment: A commenter stated that the term ``electronic health 
record,'' as used in the proposed rule, is inconsistent with the same 
terminology when used within the information technology industry, and 
is therefore confusing. The commenter suggested that we might have 
meant to use the term ``electronic medical record.'' According to the 
commenter, an ``electronic health record'' is commonly used to describe 
the broad concept of the total health care data that exists regarding 
an individual within an electronic universe (including, for example, 
the patient's personal health record, medication history stored by an 
insurance plan, electronic imaging results stored at a hospital, etc.), 
whereas an ``electronic medical record'' typically refers to patient-
centric, electronically maintained information about an individual's 
health status and care that focuses on tasks and events related to 
patient care, is optimized for

[[Page 45123]]

use by a physician, and relates to care within a single clinical 
delivery system.
    Response: We recognize that there are several ways in which 
information technology terms are used, including the terminology 
``electronic health record'' and ``electronic medical record.'' For 
purposes of this safe harbor, we have opted to use the term 
``electronic health record,'' and we have included a definition of 
``electronic health record'' in this final rule.
b. Necessary
i. Technical and Functional Equivalency
    We proposed requiring the recipient to certify that the items and 
services to be provided are not technically or functionally equivalent 
to items or services the recipient already possesses or has obtained. 
The certification would have needed to be updated prior to the 
provision of any necessary upgrades or items and services not reflected 
in the original certifications. We expressed our concern that the 
certification process would be ineffective as a safeguard against fraud 
and abuse if it were a mere formality or if recipients simply executed 
a form certification provided by a donor. Therefore, we proposed that 
the donor must not have actual knowledge of, and not act in reckless 
disregard or deliberate ignorance of, the fact that the recipient 
possessed or had obtained items and services that were technically or 
functionally equivalent to those donated by the donor and that the 
recipient would be protected only if the certification were truthful.
    Comment: Several commenters requested further clarification 
regarding the meaning of ``technically or functionally equivalent'' and 
the meaning of ``significantly enhance the functionality'' as those 
terms were used in the proposed rulemaking. Other commenters expressed 
concerns about the requirement, asserting that it would deter 
recipients who are not technology experts from adopting health 
information technology, and might result in recipients hiring costly 
technology consultants to evaluate their existing systems. A commenter 
expressed concern that the safe harbor not hinder the goals of 
widespread adoption of electronic health records by, for example, 
excluding from protection technology that would standardize the 
technology used by all recipients, or updated, user-friendly technology 
that would replace outdated, outmoded, or unusable technology. For 
these reasons, several commenters argued that technical and functional 
equivalency was not an appropriate or workable standard for assessing 
whether donated items and services are necessary and that, accordingly, 
the requirement should not be adopted.
    Other commenters suggested modifications to the proposed 
regulations. One commenter suggested that hospitals should incorporate 
inquiries regarding the technological items and services physicians 
possess into the surveys physicians must complete to acquire and 
maintain physician privileges. Another suggested that any costs 
associated with the certification process should be included as part of 
the services offered by the donor. A few commenters suggested that the 
Government should provide financial assistance in evaluating the 
existing technology, while another commenter proposed that CMS publish 
guidelines for technological equivalence upon which all donors and 
recipients could rely. Some commenters urged that the certification 
requirement incorporate a ``good faith'' standard for compliance, while 
other commenters expressed concern that donors would not be in a 
position to evaluate the technology already possessed by potential 
recipients and, therefore, that safe harbor protection for donors 
should not hinge on the recipient's certification.
    Another commenter requested that OIG provide ``templates'' for the 
written certification to ensure a simple and transparent certification 
process. One commenter expressed concern that a requirement for ongoing 
certification to account for upgrades or new software, hardware, or 
services would create an unnecessary burden. Another commenter proposed 
that there should be one certification required once final 
interoperability standards for all health information technology 
components are finalized.
    Response: Having reviewed the public comments, we have concluded 
that our proposal to require recipients to certify in writing that they 
do not possess equivalent technology might become unnecessarily 
burdensome. We are not requiring a written certification. The final 
safe harbor requires that protected donations be limited to electronic 
health records software or information technology and training services 
that are necessary and used predominantly to create, maintain, 
transmit, or receive electronic health records. We do not believe 
software and services are ``necessary'' if the recipient already 
possesses the equivalent software or services. The provision of 
equivalent items and services poses a heightened risk of abuse, since 
such arrangements potentially confer independent value on the recipient 
(i.e., the value of the existing items and services that might be put 
to other uses) unrelated to the need for electronic health records 
technology. Thus, if a donor knows that the recipient already possesses 
the equivalent items or services, or acts in deliberate ignorance or 
reckless disregard of that fact, the donor will not be protected by the 
safe harbor. Prudent donors may want to make reasonable inquiries to 
potential recipients and document the communications. We do not believe 
this requirement necessitates the hiring of technical experts by either 
the donor or recipient. The ``necessary'' requirement in the final safe 
harbor would not preclude upgrades of items or services that enhance 
the functionality of the items or services, including, for example, 
upgrades that make software more user-friendly or current. Nor would it 
preclude items and services that result in standardization of systems 
among donors and recipients, provided that the standardization enhances 
the functionality of the electronic health records system (and any 
software is interoperable).
    Comment: A commenter suggested that, instead of including a 
recipient certification, as we proposed, the written agreement between 
the donor and recipient could affirm their intent to comply with the 
anti-kickback statute and relevant regulations, and the parties could 
sign a statement that their business transactions do not take into 
account the volume or value of referrals or business generated between 
the parties.
    Response: We are not adopting the commenter's suggestion. While the 
suggested affirmation and statements may be useful to the parties, they 
are necessarily self-serving and offer little, if any, protection 
against fraud and abuse. We note that the critical inquiry under the 
anti-kickback statute is not what terms appear on the face of an 
agreement but how the arrangement is actually conducted. It is not 
sufficient for safe harbor purposes for documentation to contain 
facially the correct terms; the underlying arrangement itself must meet 
all the safe harbor conditions.
    Comment: Many commenters requested further clarification of OIG's 
concern about the risk of recipients intentionally divesting themselves 
of technically or functionally equivalent technology that they already 
possess or have obtained in order to shift costs to the donor. See 70 
FR 59018. These commenters expressed the opinion that recipients would 
not intentionally divest themselves of health information technology 
given the low adoption rate of health information technology and

[[Page 45124]]

the time and resource commitment necessary to implement and maintain a 
health information technology system.
    Response: When a party that desires referrals assumes costs that 
are otherwise the obligation of a party in a position to generate 
referrals, the party assuming the costs offers something of value to 
the party with the referrals. This cost shifting can occur in many 
ways, including, without limitation, shifting the costs of staff, 
office space, or equipment. In the context of electronic health records 
technology, this cost-shifting might occur in connection with, by way 
of example, ongoing maintenance and help desk support for previously 
purchased electronic health records systems. Likewise, a recipient 
might shift costs by moving previously purchased technology to other 
uses and replacing it with equivalent new technology obtained from a 
donor. We solicited comments on how we might address this risk.
    Having reviewed the public comments, we are not persuaded that this 
risk is particularly reduced in the context of electronic health 
records technology. Nonetheless, we believe that the totality of final 
safe harbor conditions, including, for example, the cost sharing 
requirement and the sunset provision, should adequately address our 
concerns. We are not including any separate condition specifically 
addressing divestiture of technology.
    Comment: One commenter requested that OIG clarify that the term 
``necessary'' would not preclude the provision of outpatient-focused 
(also referred to as ``ambulatory-focused'') electronic health records 
software to recipients that may already have access through the 
internet or otherwise to an inpatient-focused electronic health records 
systems.
    Response: The final rule does not preclude the provision of 
outpatient or ambulatory electronic health records software to 
recipients that already have access to inpatient-focused systems.
ii. Covered Technology
    We proposed to protect software and directly related training 
services that are necessary and used solely to receive, transmit, and 
maintain electronic health records of the donor's or recipient's 
patients, provided that the software includes an electronic prescribing 
component. Importantly, we stated our intention to protect systems that 
improve patient care rather than systems comprised solely or primarily 
of technology that is incidental to the core functions of electronic 
prescribing and electronic health records.
    Comment: Some commenters asked whether our proposal to protect 
certain technology necessary and used to ``receive, transmit, and 
maintain'' electronic health records would include technology used to 
develop, implement, operate, facilitate, produce, and supplement 
electronic health records.
    Response: We intended that the final rule would encompass the types 
of uses described by the commenters. To make this intent clear, we have 
clarified the final rule to provide that the protected technology must 
be necessary and used predominantly to ``create, maintain, transmit, or 
receive'' electronic health records.
    Comment: Most commenters believed that the proposed scope of the 
protected donation was too narrow. Commenters variously suggested that 
the safe harbor should also protect transfers of hardware, operating 
software, connectivity items, support services, secure messaging, 
storage devices, clinical decision support technology, services related 
to training and ongoing maintenance, rights, licenses, and intellectual 
property, as well as interfaces and translation software to allow 
recipient offices to exchange data with hospital systems, all of which 
the commenters considered necessary for a fully functioning electronic 
health records system.
    Some commenters encouraged OIG to exclude from protection hardware 
and broadband wireless Internet connectivity and to tailor the safe 
harbor protection narrowly to cover software, training, and information 
technology support services. One commenter opined that ongoing support, 
such as help desk support, could pose a risk of abuse, because the 
recipient would become dependent on the donor for the help desk 
support, and might feel obligated to refer to the donor to ensure 
continuation of that support. This commenter suggested that we protect 
initial, start-up support services, but not long-term, ongoing system 
support. A few commenters suggested that the scope of support services, 
training, and other items and services should be a defined contribution 
not to exceed 365 person-days.
    Several commenters urged OIG to protect arrangements involving the 
donation of billing software and other software for administrative 
functions, such as registration and patient scheduling, because much of 
the ``return on investment'' (i.e., value) for physicians who 
incorporate electronic health records systems into their practices is 
the integration of clinical and administrative systems. Commenters 
noted that the scope of the safe harbor should account for the fact 
that the products on the market increasingly integrate administrative 
functions with the clinical electronic health records functions. One 
commenter suggested that the safe harbor should at least prohibit the 
donation of technology that is unrelated to the actual electronic 
health records software, such as technology related to office 
administration. The commenter requested that the safe harbor protect 
integrated bundles of applications that include an electronic health 
records component, provided that the recipient pays for the technology 
that is unrelated to the electronic health records software. Another 
commenter suggested that the safe harbor should not protect clearly 
separable administrative software (e.g., billing, coding, and practice 
management software), but should protect those elements of an 
electronic health records system that incidentally facilitate 
administrative functions, such as software that links to diagnosis 
codes for billing purposes. The commenter suggested that dual functions 
that support patient care and administrative functions are valuable to 
the physician and a driving force behind adoption of electronic health 
records systems.
    Response: We have carefully considered the comments in light of our 
intention to promote the adoption of electronic health records without 
undue risk of fraud and abuse. The final rule protects electronic 
health records software or information technology and training services 
necessary and used predominantly to create, maintain, transmit, or 
receive electronic health records.
    To ensure that the safe harbor is only available for software, 
information technology and training services that are closely related 
to electronic health records, the safe harbor provides that electronic 
health records functions must be predominant. The core functionality of 
the technology must be the creation, maintenance, transmission, or 
receipt of individual patients' electronic health records. There must 
be an electronic prescribing component. While electronic health records 
purposes must be predominant, the safe harbor protects arrangements 
involving software packages that include other functionality related to 
the care and treatment of individual patients (e.g., patient 
administration, scheduling functions, billing, and clinical support). 
This condition reflects the fact that it is common for electronic 
health records software to be integrated with other features.

[[Page 45125]]

    Further, we interpret ``software, information technology and 
training services necessary and used predominantly'' for electronic 
health records purposes to include the following, by way of example: 
Interface and translation software; rights, licenses, and intellectual 
property related to electronic health records software; connectivity 
services, including broadband and wireless internet services; clinical 
support and information services related to patient care (but not 
separate research or marketing support services); maintenance services; 
secure messaging (e.g., permitting physicians to communicate with 
patients through electronic messaging); and training and support 
services (such as access to help desk services).
    We interpret the scope of covered electronic health records 
technology to exclude: Hardware (and operating software that makes the 
hardware function); storage devices; software with core functionality 
other than electronic health records (e.g., human resources or payroll 
software or software packages focused primarily on practice management 
or billing); or items or services used by a recipient primarily to 
conduct personal business or business unrelated to the recipient's 
clinical practice or clinical operations. Further, the safe harbor does 
not protect the provision of staff to recipients or their offices. For 
example, the provision of staff to transfer paper records to the 
electronic format would not be protected.
    While we share the concerns of those commenters worried that 
ongoing help desk or other assistance could create long-term ties 
between referral seekers and referral sources, we believe the cost 
sharing, interoperability, and sunset provisions, among others, should 
address these concerns. We do not believe it would be feasible to set 
specific temporal limits on such services or specific aspects of such 
services. (We note that, in the context of the electronic prescribing 
safe harbor at Sec.  1001.952(x), the risks associated with long-term 
transfers of remuneration are mitigated by the narrower scope of the 
covered technology and the ``used solely'' restriction.)
    Comment: With respect to Internet connectivity services, some 
commenters suggested that donations for connectivity should be limited 
to any necessary devices for connectivity and technical support for 
selecting and installing the appropriate connectivity services, but 
should not include connectivity fees, which should be an ongoing 
expense of the recipient. Other commenters suggested that covered 
technology should include ``T1'' lines or other enhanced broadband 
connectivity (including connectivity needed to transfer medical images 
and EKGs (especially in rural areas)), routers to speed download times, 
secure connections and messaging, ongoing maintenance and support, and 
interfaces.
    Response: The final safe harbor protects the donation of all forms 
of connectivity services. We believe the choice of appropriate 
connectivity services is an individual determination best made by the 
donors and recipients given their specific circumstances. We note that 
the cost sharing requirement of Sec.  1001.952(y)(11) will apply to 
these services, including connectivity fees. Because hardware is not 
protected remuneration under the safe harbor, routers or modems 
necessary to access or enhance connectivity would not be protected.
    Comment: A commenter asked for further clarification on whether the 
donation of an electronic health records system operating within an 
``Application Service Provider'' model (a business model that provides 
computer-based services over a network) would be covered by the safe 
harbors.
    Response: Subject to the cost sharing requirement and other 
conditions of the final safe harbor, the donation of an electronic 
health records system operating within an ``Application Service 
Provider'' model would be considered covered technology.
    Comment: A few commenters requested that the final rule require 
donors to provide data-migration services to a recipient if the 
recipient chooses to abandon the donated electronic health record 
system and purchase its own electronic health record system.
    Response: We do not believe it would be appropriate to require 
donors to provide data migration or any other specific service to 
recipients that choose to switch electronic health records systems. 
Donors may provide services if they wish, so long as the arrangement 
fits in the safe harbor or otherwise complies with the anti-kickback 
statute. We note that, to the extent the data migration services 
involve the provision of staff to the recipient's office in order to 
transfer the data, the services would not be protected.
    Comment: A commenter recommended that the safe harbor specifically 
protect the provision of patient portal software that enables patients 
to maintain on-line personal medical records, including scheduling 
functions.
    Response: Nothing in this final safe harbor precludes protection 
for patient portal software if it meets all safe harbor conditions.
    Comment: Some commenters urged us to remove the proposed 
requirement that an electronic health records system include an 
electronic prescribing component, because such a requirement may stifle 
investment in electronic health records technology in situations where 
electronic prescribing is not considered a significant need. These 
commenters suggested that patients would most benefit if donors are 
permitted to first adopt electronic health records technology and then 
add electronic prescribing. Other commenters supported making an 
electronic prescribing component a mandatory part of the donated 
electronic health record.
    Response: Nothing in this safe harbor rule prevents parties from 
adopting any particular form of technology. However, to qualify for 
safe harbor protection for arrangements in which the donor provides 
electronic health records technology to actual or potential referral 
sources, we are requiring that the donated electronic health records 
system include an electronic prescribing capability, either through an 
electronic prescribing component or the ability to interface with the 
recipient's existing electronic prescribing system that meets the final 
standards adopted by the Secretary. We are including this requirement, 
in part, because of the critical importance of electronic prescribing 
in producing the overall benefits of health information technology, as 
evidenced by section 101 of the MMA. It is our understanding that most 
electronic health records systems already include an electronic 
prescribing component.
    Comment: We solicited comments on whether the safe harbors should 
require that electronic health records software include a computerized 
physician order entry (CPOE) component. Many commenters said that, 
without either agreed upon standards or product criteria, a CPOE 
component should not be required. These commenters noted that CPOE and 
electronic prescribing functionalities can be quite similar and may be 
redundant. These commenters were concerned that mandating 
implementation of CPOE technology along with electronic health records 
software could deter development of either system. Another commenter 
noted that most of the off-the-shelf generic CPOE programs have proven 
ineffective to date. Some commenters

[[Page 45126]]

supported permitting CPOE as part of the electronic health record 
software, so long as it is not a particular type of CPOE.
    Response: We are persuaded not to require that safe harbored 
transfers of electronic health records technology include a CPOE 
component. We note that nothing in this safe harbor mandates the 
implementation of any particular technology or functions.
    Comment: Most commenters opposed our proposal to require that 
electronic health record software be compatible with Public Health 
Information Network preparedness standards or BioSense standards in 
order to qualify for safe harbor protection. These commenters pointed 
out that there is currently no industry consensus on preparedness 
standards, nor are there product criteria established for these 
programs. These commenters were concerned that clinicians and patients 
might be alarmed by the idea of clinician systems being linked to 
Government systems for Biosurveillance purposes.
    Response: We have not included this requirement in the final safe 
harbor.
2. Interoperability
    We proposed two types of conditions that would make compatibility 
and interoperability of donated technology key features of protected 
arrangements. These features would encourage the adoption of open, 
interconnected, interoperable systems and thereby reduce the risk of 
fraud and abuse. First, we proposed that once interoperability criteria 
had been recognized, electronic health records technology would need to 
be certified in accordance with standards adopted by the Secretary. 
Second, we proposed that donors (or their agents) not limit or restrict 
the use of the technology with other electronic prescription or health 
records systems, or otherwise impose barriers to compatibility.
    Comment: Many commenters supported OIG's proposal to require all 
donations to meet approved functionality, interoperability, and 
security certification criteria. Some commenters supported the 
standards of the Certification Commission for Healthcare Information 
Technology (CCHIT). One commenter suggested that we measure 
interoperability based on accepted, consensus-driven standards that are 
already in place, such as the Electronic Health Record-Lab 
Interoperability and Connectivity Standards or other interoperability 
standards adopted by the Federal Government as part of the Consolidated 
Health Informatics (CHI) initiative. See www.hhs.gov/healthit/chi.
    Some commenters expressed concern that clinicians who adopt health 
information technology prior to the existence of final certification 
standards would be unfairly penalized. These commenters were also 
concerned that some early adoption arrangements might be chilled where 
certification standards are not yet available. These commenters 
requested that we consider ``grandfathering'' clinicians whose existing 
health information technology systems are not compliant with the 
certification standards by permitting them a one-time opportunity to 
upgrade their systems to be compliant. As an alternative, a few 
commenters recommended that we condition the ongoing use of the safe 
harbor on the donated software being capable of exchanging health care 
information in compliance with applicable standards once adopted by the 
Secretary and on no action being taken that would pose a barrier to the 
information exchange.
    Response: Having considered the options, and consistent with 
Department policy, we have concluded that software will qualify for 
safe harbor protection if it is interoperable as defined in this final 
rule (discussed further below). Software will be deemed to be 
interoperable if it is certified by a certifying body recognized by the 
Secretary. Nothing in the final rule precludes donors from providing 
recipients with upgrades to software that meet the definition of 
``interoperable'' in Sec.  1001.952(y) or would make the software 
comply with then-existing certification standards. As noted below, we 
are including a provision requiring that donors refrain from impeding 
interoperability.
    Comment: We indicated in the proposed rulemaking that we were 
considering defining the term ``interoperable'' for purposes of the 
safe harbor to mean ``the ability of different operating and software 
systems, applications, and networks to communicate and exchange data in 
an accurate, secure, effective, useful, and consistent manner.'' See 44 
U.S.C. 3601(6) (pertaining to the management and promotion of 
electronic Government services). One commenter agreed with this 
proposed definition. Another commenter suggested that we incorporate 
the definition of interoperability that has been promulgated by CCHIT. 
Another commenter suggested that we adopt the definition developed by 
the National Alliance for Health Information Technology: ``The ability 
of different information technology systems and software applications 
to communicate, to exchange data accurately, effectively, and 
consistently, and to use the information that has been exchanged.'' One 
commenter suggested that the definition of interoperability be flexible 
to adapt to evolving industry standards. Several commenters suggested 
defining interoperability as ``the uniform and efficient movement of 
electronic healthcare data from one system to another, such that the 
clinical or operational purpose and meaning of the data is preserved 
and unaltered.'' One commenter opposed any definition of 
interoperability that would require a donor to support electronic 
transmissions from technology supplied by other vendors or to host 
applications accessible by software supplied by other vendors.
    Response: Having reviewed the public comments and upon further 
consideration, we have crafted a definition of ``interoperable'' for 
purposes of the safe harbor that combines elements of our original 
proposal and the suggestions of the commenters. Under the final safe 
harbor, ``interoperable'' is defined to mean that, at the time of the 
donation, the software is able to (i) communicate and exchange data 
accurately, effectively, securely, and consistently with different 
information technology systems, software applications, and networks, in 
various settings, and (ii) exchange data such that the clinical or 
operational purpose and meaning of the data are preserved and 
unaltered. This interoperability must apply in various settings, 
meaning that the software must be capable of being interoperable with 
respect to systems, applications, and networks that are both internal 
and external to the donor's or recipient's systems, applications, and 
networks. In other words, software will not be considered interoperable 
if it is capable of communicating or exchanging data only within a 
limited health care system or community.
    We believe this definition reflects our intent to protect only 
those arrangements that will foster open, interconnected, interoperable 
electronic health records systems that help improve the quality of 
patient care and efficiency in the delivery of health care to patients, 
without undue risk that donors might use arrangements to lock in 
referrals from recipients.
    We are mindful that the ability of software to be interoperable is 
evolving as technology develops. In assessing whether software is 
interoperable, we believe the appropriate inquiry is whether the 
software is as interoperable as feasible given the prevailing state of 
technology at the time the items or services are provided to the 
recipient.

[[Page 45127]]

Parties should have a reasonable basis for determining that software is 
interoperable. We believe it would be appropriate--and indeed 
advisable--for parties to consult any standards and criteria related to 
interoperability recognized by the Department. Compliance with these 
standards and criteria will provide greater certainty to donors and 
recipients that products meet the interoperability requirement and may 
be relevant in any enforcement activities. We note further that parties 
wishing to avoid any uncertainty can avail themselves of the 
``deeming'' provision, which provides that software that is certified 
by a body recognized by the Secretary will be deemed interoperable for 
purposes of the safe harbor. In order to ensure interoperability, 
products must have an up-to-date certification at the time of donation, 
and we are requiring that, to meet the deeming provision, the software 
must have been certified within 12 months prior to the date of the 
donation.
    We are including a condition that the donor (or any person on the 
donor's behalf) must not take any actions to limit or restrict the use, 
compatibility, or interoperability of the items and services with other 
electronic prescribing or electronic health records technology. We 
believe this language clearly reflects our intent that donors should 
not limit or restrict the use, compatibility, or interoperability of 
donated technology. We note that compliance with this condition in 
Sec.  1001.952(y)(3) is a separate requirement from compliance with 
Sec.  1001.952(y)(2), which requires that products must be 
interoperable and will be deemed interoperable if a certifying body 
recognized by the Secretary has certified the software within no more 
than 12 months prior to the date it is provided to the recipient.
    If a donor takes actions that would cause a certified product to 
fall out of compliance with the interoperability standards that apply 
to the certified product, we would consider that to be an action to 
limit or restrict the use, compatibility, or interoperability of the 
items or services for purposes of Sec.  1001.952(y)(3). We are not 
persuaded to protect arrangements where use, compatibility, or 
interoperability is limited to the products of specific vendors; to the 
contrary, we believe that inherent in the concept of interoperability 
is that technology can communicate with products of other vendors.
    Comment: Many commenters supported the proposed prohibition against 
donors or their agents taking any actions to disable or limit 
interoperability or otherwise impose barriers to compatibility of the 
donated technology with other technology, including technology owned or 
operated by competing providers and suppliers.
    Response: As explained above, we have included this requirement in 
the final safe harbor at Sec.  1001.952(y)(3). We believe this 
condition will help ensure that transfers of health information 
technology will further the policy goal of fully interoperable health 
information systems and will not be misused to steer business to the 
donor.
3. Protected Donors
    We proposed to limit the scope of protected donors under Sec.  
1001.952(y) to hospitals, group practices, PDP sponsors, and MA 
organizations, consistent with the MMA-mandated donors for the 
electronic prescribing safe harbor.
    Comment: Most commenters said that the proposed scope of potential 
donors was too limited. Commenters variously suggested that the 
protected donors include some or all of the following categories: 
Nursing facilities; assisted living and residential care facilities; 
intermediate care facilities for persons with mental retardation; 
mental health facilities; organizations providing population health 
management services (such as disease and care management programs and 
services); all components of an Integrated Delivery System (IDS) 
(including network providers or other entities that operate, support or 
manage network providers); clinical laboratories; pharmaceutical 
manufacturers; durable medical equipment suppliers; radiation oncology 
centers; community health centers; Federally Qualified Health Centers 
(FQHCs), physician-hospital organizations; health plans; Regional 
Health Information Organizations (RHIOs); dialysis facilities; and 
other entities that, from the commenters' perspective, enhance the 
overall health of a community.
    One commenter, representing dialysis facilities, suggested that the 
safe harbor should protect nonmonetary donations by all providers that 
maintain medical staffs to members of the medical staff. Another 
commenter suggested that a clinical data exchange (or community-wide 
health information system) should be included as a protected donor, 
because individual stakeholders in health information technology 
projects are unlikely to develop, purchase, or donate items necessary 
to implement and maintain a true community-wide clinical data exchange.
    A few commenters asserted that health plans and pharmacy benefits 
managers (PBMs) should be protected donors, since, according to the 
commenters, these entities develop health information technology and 
are engaged with physicians on a direct level to increase the 
utilization of electronic prescribing and health records technology. 
These commenters urged that the fraud and abuse risks are reduced 
because health plans and PBMs have business incentives to limit 
utilization of prescriptions. A commenter recommended permitting all 
entities that bill Medicare to donate electronic health records 
technology. A few commenters suggested that any entity that has an 
interest in donating health information technology should be permitted 
to do so.
    Response: Mindful that broad safe harbor protection may 
significantly further the important public policy goal of promoting 
electronic health records, and after carefully considering the 
recommendations of the commenters, we have concluded that the safe 
harbor should protect any donor that is an individual or entity that 
provides patients with health care items or services covered by a 
Federal health care program and submits claims or requests for payment 
for those items or services (directly or pursuant to reassignment) to 
Medicare, Medicaid, or other Federal health care programs (and 
otherwise meets the safe harbor conditions). This approach incorporates 
a bright line test focused on those individuals and entities that 
participate directly in the provision of health care to patients and 
are therefore in the best position to advance the implementation of 
electronic health records adoption through participation in 
interoperable electronic health records systems. In other words, the 
test focuses on those individuals and entities with a substantial and 
central stake in patients' electronic health records. Individuals and 
entities that can satisfy this definition include, for example, 
hospitals, group practices, physicians, nursing and other facilities, 
pharmacies, laboratories, oncology centers, community health centers, 
FQHCs, and dialysis facilities.
    In addition, we are persuaded that health plans, which generally 
arrange for the provision of health care items and services rather than 
providing them directly, should be protected donors. We originally 
proposed including only PDP sponsors and MA organizations. However, in 
the final rule, we are including any health plan that meets the 
definition of ``health plan'' set forth at Sec.  1001.952(l)(2), an 
existing safe harbor

[[Page 45128]]

under the anti-kickback statute for certain managed care arrangements. 
This definition includes a broad array of health plans that may cover 
Federal health care program beneficiaries, including, but not limited 
to, PDP sponsors, MA organizations, and Medicaid managed care plans. We 
note that our decision to include health plans as protected donors does 
not reflect our endorsement of the proposition that health plans 
necessarily present a lower risk of fraud and abuse because they have 
economic incentives to limit utilization. Rather, our decision reflects 
the direction provided by Congress with respect to PDP sponsors and MA 
organizations, as well as the important and central role health plans 
play in the adoption and use of electronic prescribing and health 
records systems.
    In the preamble to the proposed rule, we noted our concern that 
providers and suppliers of ancillary services would not have a 
comparable stake in advancing the goal of interoperable electronic 
health records for patients, as well as our concern about instances of 
abusive referral payments by ancillary services providers, such as 
laboratories. Having reviewed the public comments, we are persuaded 
that ancillary services providers and suppliers have a stake in the 
development of interoperable electronic health records sufficient to 
warrant safe harbor protection. We remain concerned about the potential 
for abuse by laboratories, durable medical equipment suppliers, and 
others, but believe that the safe harbor conditions in the final rule 
and the fact that the safe harbor is temporary should adequately 
address our concerns. We intend to monitor the situation. If abuses 
occur, we may revisit our determination. Among other things, we will be 
alert to patterns of increased utilization correlated with transfers of 
nonmonetary remuneration in the form of electronic health records 
technology. While increased utilization would not necessarily indicate 
fraud or abuse (and might, in some circumstances, reflect improved 
quality of care), the determination must be made on a case-by-case 
basis. We note that, notwithstanding the safe harbor, parties remain 
liable under various Federal and State laws for billing abuses, 
including over-billing and billing for items and services that are not 
medically necessary.
    We have not included as protected donors pharmaceutical, device, or 
durable medical equipment manufacturers, or other manufacturers or 
vendors that indirectly furnish items and services used in the care of 
patients. These entities do not provide health care items or services 
to patients or submit claims for those services. Our enforcement 
experience demonstrates that unscrupulous manufacturers have offered 
remuneration in the form of free goods and services to induce referrals 
of their products. Given this enforcement history, and the lack of a 
direct and central patient care role that justifies safe harbor 
protection for the provision of electronic health records technology, 
we are not including manufacturers as protected donors. We believe 
there is a substantial risk that, in many cases, manufacturers' primary 
interest in offering technology to potential referral sources would be 
to market their products.
    Nothing in this preamble discussion should be construed to suggest 
that only parties that provide covered services or have the ability to 
bill Federal programs are in a position to make unlawful payments for 
referrals. To the contrary, under the anti-kickback statute, the party 
offering or paying the illegal remuneration need not be a party that 
provides a covered service or a party in a position to bill a Federal 
health care program. Rather, in this final regulation we have focused 
on parties that provide covered services and bill the programs as a 
bright line way to identify those individuals and entities with direct, 
frontline patient care responsibilities and, therefore, a substantial 
stake in promoting interoperable electronic health records systems.
    With respect to categories of individuals and entities that are not 
included in the safe harbor, depending on the facts and circumstances, 
safe harbor protection might not be needed or safe harbor protection 
may be available under other safe harbors. The anti-kickback statute is 
implicated by remunerative arrangements that might induce or reward the 
generation of Federally payable health care business. Arrangements 
between parties where there is no potential or actual Federal program 
business of any kind generally should not raise concerns under the 
anti-kickback statute. Moreover, even where the statute is implicated, 
arrangements that do not qualify for safe harbor protection are not 
necessarily illegal. Thus, the fact that an entity is not included as a 
protected donor does not mean that a transfer of electronic health 
records technology by that entity necessarily would violate the anti-
kickback statute. Rather, a determination would depend on the facts and 
circumstances, including the intent of the parties. Parties seeking 
assurance that their arrangement does not violate the anti-kickback 
statute may have the arrangement evaluated through the OIG's voluntary 
advisory opinion process.
    Comment: A commenter requested that the list of protected donors be 
expanded to include research and manufacturing entities and suggested 
that blind trusts could be established utilizing funds from several 
pharmaceutical companies to reduce the risk of fraud and abuse. Another 
commenter requested that we include entities in the research-based 
biopharmaceutical industry as permissible donors, noting that the 
widespread adoption of health information technology could reduce the 
need for proprietary systems used solely for purposes of clinical trial 
programs.
    Response: As noted in the preceding response, we are not including 
research and manufacturing entities, or entities in the research-based 
biopharmaceutical industry, as protected donors for purposes of this 
final safe harbor. These entities do not provide covered services to 
beneficiaries and do not submit claims to a Federal health care 
program. Arrangements involving remuneration in the form of electronic 
health records technology provided by these entities would need to be 
evaluated on a case-by-case basis under the anti-kickback statute. We 
believe the ``blind trust'' proposal offered by the commenter is also 
more appropriately addressed case-by-case under the anti-kickback 
statute based on the totality of facts and circumstances of the 
particular arrangement.
    Comment: One commenter strongly urged OIG to expand the list of 
protected donors to give physicians the opportunity to choose between 
different software offerings. Other commenters suggested that the safe 
harbor require an open, transparent Request for Proposal (RFP) process 
whereby the donating entity would be required to offer technology from 
a minimum of three vendors for the recipient to select. These 
commenters expressed the view that a multi-vendor, open RFP process 
would ensure competitive market pricing and would allow recipients to 
participate in the selection process to ensure that services meet the 
needs of their clinical practices, while also protecting against the 
recipient being locked-in by the donating entity. Another commenter 
requested that the rulemaking clearly state that physicians should be 
free to choose their own electronic health records systems or should be 
offered a choice by entities providing subsidies or assistance for 
purchasing these systems.
    Response: Physicians and other recipients remain free to choose any 
electronic health technology that suits

[[Page 45129]]

their needs. Nothing in the safe harbor is to the contrary. However, we 
are not requiring donors to facilitate that choice for purposes of the 
safe harbor. Donors must offer interoperable products and must not 
impede the interoperability of any technology they decide to offer. We 
decline to require the type of RFP process requested by the commenter, 
as it would be unnecessarily burdensome and impractical and would 
potentially impose substantial transaction costs on donors. In 
addition, nothing in this safe harbor requires donors to give any 
particular level, scope, or combination of items and services. Some 
donors may choose to offer comprehensive packages, while others may 
elect to offer only individual components of an electronic health 
records system.
    Comment: Commenters from the laboratory industry strongly urged OIG 
to include laboratories as protected donors. They argued that reducing 
duplicative laboratory testing is a potential benefit to the 
implementation of interoperable electronic health records. These 
commenters stated that clinical laboratories should be included in the 
safe harbor to achieve a level playing field and the goal of widespread 
adoption of technology. They also objected to OIG's characterization of 
the industry with respect to historical and current fraud and abuse 
concerns.
    Response: We are including clinical laboratories as protected 
donors for the reasons noted above. However, in our experience, 
laboratories and others have used free or deeply discounted goods, such 
as computers and fax machines, to influence referrals improperly, and 
we remain concerned about potentially abusive kickback schemes 
involving free or deeply discounted goods. However, we believe the 
potential public benefit from interoperable electronic health records 
is so significant that some additional safe harbor protection is 
warranted for the limited purposes of this safe harbor. In this rule, 
it is our expectation that the combination of conditions in the safe 
harbor, including the sunset provision, will protect the programs from 
abuse during a limited period of time for the purpose of spurring 
widespread adoption of interoperable electronic health records 
technology. We intend to monitor the situation; if we discover 
instances of abuse, we may revisit our determination to include 
clinical laboratories (or any other category of potential donor).
    Comment: A commenter requested that health information technology 
vendors be included as protected donors.
    Response: We decline to include health information technology 
vendors as protected donors. In many cases, no safe harbor protection 
will be needed. Moreover, we are concerned that if vendors are included 
as protected donors, entities that are not included in the safe harbor 
will expand their lines of business to become vendors to circumvent the 
safe harbor limitations.
    Comment: Some commenters suggested that the safe harbor should 
protect nonmonetary donations offered by partnerships or consortia of 
otherwise permissible donors, so that parties could work together and 
share the cost of expanding needed health information technology in the 
community.
    Response: Because consortia and partnerships can be structured in 
various ways, it is difficult for us to conclude with confidence that 
in all circumstances they would not pose an undue risk of abuse. We 
believe the better approach to the issue of consortia and partnerships 
is a case-by-case approach.
4. Protected Recipients
    Comment: Most commenters expressed the view that the categories of 
protected recipients were too limited and urged OIG to be more 
expansive. Commenters suggested that all or some of the following 
should be included: Non-staff physicians; physicians who are network 
providers; physicians who have contracted with an IDS; physicians and 
other licensed health care professionals whose patients regularly 
receive inpatient and/or outpatient care at the donor hospital or 
health system; hospitalists; intensivists; physician assistants; nurse 
practitioners; audiologists; and independent contractors of group 
practices. Commenters noted that many non-physician providers would 
greatly benefit from safe harbor protection, given the fact that non-
physician providers generally have limited resources available to fund 
office technology. A commenter suggested including all non-physician 
providers that furnish Medicare or Medicaid covered services and might 
benefit from the adoption of electronic health records systems.
    Many commenters suggested that the categories of permissible 
recipients be expanded to include the following providers and suppliers 
and their staffs: nursing facilities, assisted living and residential 
care facilities, intermediate care facilities for persons with mental 
retardation, mental health facilities, clinical laboratories, durable 
medical equipment providers, pharmacies (including long-term care 
pharmacies), community health centers, network providers or other 
entities that operate, support or manage network providers, physician-
hospital organizations, health plans, RHIOs, and other entities 
designed to enhance the overall health of the community. Commenters 
also requested that FQHCs, as defined in the Medicaid statute and 
Medicare regulations, be included as permissible recipients.
    Response: We agree with the commenters that additional protection 
would further the goal, and achieve the benefits, of widespread 
adoption of electronic health records technology and, given the overall 
design of the safe harbor, can be accomplished without undue risk of 
fraud and abuse. The final rule permits donation of protected 
remuneration to any individual or entity engaged in the delivery of 
health care, without regard to whether the recipient is on a medical 
staff, is a member of a group practice, or is in network of a PDP 
sponsor or MA organization. Protected recipients would include 
practitioners, providers, and suppliers that furnish services directly 
to Federal health care program beneficiaries, as well as those that 
furnish services to health plan enrollees. Protected recipients can 
include, among others, physicians, group practices, physician 
assistants, nurse practitioners, nurses, therapists, audiologists, 
pharmacists, nursing and other facilities, FQHCs and community health 
centers, laboratories and other suppliers, and pharmacies.
    Comment: Many commenters requested that protected donors be 
permitted to donate technology to all members of a group practice, or 
to the group practice as a whole, even if all members do not routinely 
provide services to the donor. Some commenters suggested that group 
practices should be permitted to donate to other group practices. One 
commenter asked for clarification as to whether the proposed safe 
harbor would apply only to the specific physician recipient of the 
donated technology or whether, for example, all members of a group 
practice could use the technology that was donated to the physician.
    Response: The final rule contains no limitation on the recipient's 
membership on a donor's medical staff. Further, the safe harbor 
protects the donation of the technology to a physician or group 
practice. As such, donors are permitted to provide technology to the 
group practice as a whole, which should address the concerns raised by 
the commenters.
    Comment: Some commenters stated that hospital donors may not want 
to donate the full value of an electronic health records system to 
physicians

[[Page 45130]]

outside of their medical staff. These commenters suggest permitting 
outside physicians to have access to the information in the hospital's 
electronic health records system by allowing the outside physicians to 
use or sublicense the hospital's electronic health records system at 
the hospital's cost. These commenters also suggested allowing outside 
physicians to take advantage of the pricing obtained by the hospitals 
for electronic health records technology and related services.
    Response: The final safe harbor has been expanded to include all 
physicians as recipients, regardless of whether the physician is a 
member of the donor's medical staff. Nothing in the safe harbor 
requires hospitals or other donors to offer recipients a full 
electronic health records system. We interpret the commenters' 
suggestion that community physicians be permitted to access electronic 
data at the hospital's cost to be a comment seeking clarification that 
any aggregate dollar limit on donated technology be calculated based on 
the donor's costs rather than retail value to the recipient. In this 
regard, the final safe harbor incorporates a cost sharing requirement 
based on the donor's costs. It does not incorporate an aggregate dollar 
limit.
5. Selection of Recipients
    In light of the enhanced protection against some types of fraud and 
abuse offered by certified, interoperable systems, the final rule 
permits donors to use selective criteria for choosing recipients, 
provided that neither the eligibility of a recipient, nor the amount or 
nature of the items or services, is determined in a manner that 
directly takes into account the volume or value of referrals or other 
business generated between the parties. We have enumerated several 
selection criteria which, if met, are deemed not to be directly related 
to the volume or value of referrals or other business generated between 
the parties (for example, a determination based on the total number of 
hours that the recipient practices medicine or a determination based on 
the size of the recipient's medical practice). Selection criteria that 
are based upon the total number of prescriptions written by a recipient 
are not prohibited, but the final regulation does prohibit criteria 
based upon the number or value of prescriptions written by the 
recipient that are dispensed or paid by the donor, as well as any 
criteria directly based on any other business generated between the 
parties. The final safe harbor would not protect arrangements that seek 
to induce a recipient to change loyalties from other providers or plans 
to the donor.
    We expect that this approach will ensure that donated technology 
can be targeted at recipients who use it the most in order to promote a 
public policy favoring adoption of electronic health records, while 
discouraging especially problematic direct correlations with Federal 
health care program referrals. This approach is a deliberate departure 
from other safe harbors under the anti-kickback statute based on the 
unique public policy considerations surrounding electronic health 
records and the Department's goal of encouraging widespread adoption of 
interoperable electronic health records. We caution, however, that 
outside of the context of electronic health records, as specifically 
addressed in this final rule, both direct and indirect correlations 
between the provision of free or deeply discounted goods or services 
and the volume or value of referrals or other business generated 
between the parties are highly suspect under the anti-kickback statute 
(and may evidence outright violations) and do not meet the requirements 
of other safe harbors under the statute or Sec.  1001.952.
    Comment: Several commenters commended OIG for its efforts to 
prevent fraud and abuse by prohibiting efforts to increase referrals or 
other changes in practice patterns. Some commenters noted that donors 
should not be allowed to choose physicians selectively based upon the 
volume of their prescribing, size of practice, or whether they would be 
likely to adopt the technology, and stated that donors should give 
technology to all of their physicians. One commenter suggested 
eliminating the criteria permitting donors to select recipients based 
on any reasonable and verifiable manner that is not directly related to 
the volume or value of referrals or other business generated between 
the parties. The commenter stated that this criteria is too open-ended 
and subjective and could become a major loophole.
    Other commenters supported the use of such criteria and expressed 
the view that the use of selection criteria to select recipients will 
improve quality of care and ensure successful adoption of health 
technology by physicians. These commenters offered suggestions on the 
standards for selection criteria. Some commenters suggested that OIG 
consider broad criteria for selection of recipients, and that donors 
should be permitted to make this decision based upon their own 
financial model. One commenter requested that OIG confirm that 
donations based on total number of prescriptions are allowed under all 
of the proposed safe harbors.
    One commenter recommended that selection criteria related to the 
volume or value of referrals should be permitted, as long as the 
criteria are linked to achieving greater improvement in quality of 
patient care or greater success in adoption of health information 
technology. The commenter provided the following examples: 
Participation in hospital quality improvement activities; participation 
in medical staff meetings and activities; specialty; department (if 
information technology is rolled out by department); readiness to use 
health information technology; consistent use of hospital based 
information technology systems; acting as a ``physician champion'' of 
hospital based information technology systems; willingness to serve as 
a trainer for other physicians; size of medical practice; or 
willingness to contribute some resources to the information technology 
project. Another commenter requested that any list of criteria included 
in the regulation be inclusive, rather than exclusive, and that we 
provide further guidance on how to interpret the criteria.
    Response: Some of the commenters' suggestions are too subjective, 
impractical, and insufficiently bright line to be ``deeming'' 
provisions for purposes of this rulemaking. Although we believe it is 
important to provide some guidance with respect to selection criteria, 
we do not think it is possible to enumerate a comprehensive list. 
Therefore, we are providing several bright line criteria in the final 
rule, along with a general provision that permits other reasonable and 
verifiable selection criteria that do not relate directly to the volume 
or value of referrals or other business generated between the parties. 
Specifically, we are including the following criteria:
     The determination is based on the total number of 
prescriptions written by the recipient (but not the volume or value of 
prescriptions dispensed or paid by the donor or billed to a Federal 
health care program);
     The determination is based on the size of the recipient's 
medical practice (for example, total patients, total patient 
encounters, or total relative value units);
     The determination is based on the total number of hours 
that the recipient practices medicine;
     The determination is based on the recipient's overall use 
of automated technology in his or her medical practice (without 
specific reference to the use of technology in connection with 
referrals made to the donor);

[[Page 45131]]

     The determination is based on whether the physician is a 
member of the donor's medical staff, if the donor is a hospital or 
other entity with a formal medical staff;
     The determination is based on the level of uncompensated 
care provided by the recipient; or
     The determination is made in any reasonable and verifiable 
manner that does not directly take into account the volume or value of 
referrals or other business generated between the parties.
    Comment: Some commenters inquired whether it would be permissible 
under the safe harbor for a donor to offer a staggered roll-out of 
electronic health records technology, so that the technology could be 
provided on a selective basis, either by specialty, hospital 
department, or otherwise. These commenters suggested that the safe 
harbor should not enumerate specific examples of when a staggered 
offering is deemed ``not directly related to'' referrals or other 
business, but rather should allow donors to offer information 
technology, as appropriate for each hospital's individual financial 
situation.
    Response: The final rule prohibits the selection of recipients 
using any method that takes into account directly the volume or value 
of referrals from the recipient or other business generated between the 
parties. The final rule provides some examples of acceptable criteria 
and also permits any other determination that is reasonable and 
verifiable. Given the potential variation in arrangements, it is not 
entirely clear to us how the commenters would implement their 
``staggered roll-out.'' Such arrangements should be evaluated for 
compliance with the safe harbor on a case-by-case basis. We note that 
nothing in the safe harbor requires that technology be provided to all 
potential recipients contemporaneously.
    Comment: One commenter recommended that OIG reaffirm that 
physicians who receive donated technology remain free to choose what 
health information may or may not be shared with the hospital or entity 
providing the technology, consistent with current law and the wishes of 
patients and physicians.
    Response: Nothing in this final rule regulates the sharing of 
health information. Nothing in this final rule permits donors to 
influence the medical decision-making of recipients or requires 
recipients to act in a manner that would violate any law or ethical 
obligation to patients.
    Comment: A commenter requested that OIG prohibit donors from 
selecting recipients in a manner that punishes or rewards past 
prescribing practices or influences future prescribing practices. 
Another commenter recommended that any incidental increase in the 
volume of referrals that results from increased quality and patient 
care be expressly permitted.
    Response: Any selection criteria directly related to past, present, 
or future volume of prescriptions dispensed or paid by the donor or 
billed to a Federal health care program, or to any other business 
generated between the parties are strictly prohibited. Any selection 
criteria that punish or reward past prescribing practices or influence 
future prescribing practices would give rise to an inference that the 
selection criteria are tied directly to the volume or value of 
referrals. We are not adopting the commenter's suggestion that we 
expressly permit increases in the volume or value of referrals 
attributable to increased quality and patient care. Whether an increase 
in the volume of referrals between a donor and recipient is 
attributable to increased quality and patient care, rather than an 
impermissible incentive, requires an evaluation of the particular facts 
and circumstances.
    Comment: A commenter requested that PDP sponsors and MA 
organizations be permitted to determine eligibility, or the amount or 
nature of the items and services, in a manner that takes into account 
the volume and value of prescriptions written by the recipient that are 
paid by the PDP sponsor or MA organization. This commenter believed 
that PDP sponsors and MA organizations have the financial incentive to 
control drug utilization costs to compete effectively in the Medicare 
Part D marketplace.
    Response: We are not persuaded. The fact that PDP sponsors and MA 
organizations have some incentives to control costs is not sufficient 
to warrant different safe harbor treatment. Neither eligibility for, 
nor the amount or nature of the items or services, may be determined by 
taking into account the volume or value of prescriptions written by the 
recipient for enrollees of the MA organization or PDP sponsor. Nothing 
in the safe harbor precludes PDP sponsors and MA organizations from 
offering protected items and services to health care professionals with 
whom they have network agreements.
    Comment: One commenter requested that we protect donations when 
provided to a physician or clinic that provides a certain level of 
uncompensated charity care or combination of charity care and volume of 
Medicaid patients.
    Response: The provision of uncompensated care would be an 
acceptable selection criterion (e.g., a hospital can elect to provide 
technology only to rural and solo practitioners that provide high 
levels of uncompensated care when selecting among eligible recipients). 
We have included a criterion in the final regulations at Sec.  
1001.952(y)(5) that expressly permits selection of recipients based on 
the level of uncompensated care provided by the recipient. We do not 
believe it would be appropriate for us to establish a particular level 
of uncompensated care necessary to qualify for safe harbor protection. 
Donors should have flexibility to respond to the particular needs of 
their communities by selecting recipients based on levels of 
uncompensated care that reflect those needs. The total number of 
Medicaid patients served by the practice could also be acceptable, so 
long as there is no direct correlation with Medicaid patients referred 
between the donor and recipient.
    Comment: We proposed including a requirement that the prescribing 
health care professional, practitioner, pharmacy, or pharmacist (or any 
affiliated group, employee, or staff member) does not make the receipt 
of items or services a condition of doing business with the donor. 
Those commenters that commented on this condition favored it. A 
commenter noted that, as proposed by CMS for the proposed exception 
under the physician self-referral law, the anti-solicitation provision 
would be a core protection against fraud and abuse. The commenter 
suggested that our final rule should mirror the language proposed by 
CMS, which barred making the receipt, as well as the amount or nature, 
of items or services a condition of doing business with the donor. See 
70 FR 59182, 59187 (October 11, 2005).
    Response: We agree that a provision barring recipients from 
conditioning their business on donations of technology can safeguard 
against fraud and abuse and should be included in the final safe 
harbor. We further agree that, in this regard, the safe harbor under 
the anti-kickback statute should be consistent with the exception under 
the physician self-referral law. Accordingly, we are including a 
provision that mirrors the provision proposed by CMS, with 
modifications appropriate to the different nature of recipients 
addressed by the two rules. For consistency, we are making the same 
modifications to the comparable condition in the electronic prescribing 
arrangements safe harbor.

[[Page 45132]]

6. Value of Technology
    We proposed, as a further safeguard against fraud and abuse, to 
limit the aggregate value of the qualifying electronic prescribing 
technology that a donor could provide to a recipient. We solicited 
public comment on the applicable amount and methodology for limiting 
the aggregate value of donated technology.
    We also indicated that we were considering setting an initial cap, 
for both the electronic prescribing and electronic health records safe 
harbors, which would be lowered after a certain period of time 
sufficient to promote the initial adoption of the technology. This 
approach would have the effect of encouraging investments in the 
desired technology while also ensuring that, once the technology has 
been widely adopted and, as often occurs with technology, costs 
decrease as technology becomes more widely adopted, the safe harbor 
cannot be abused to disguise payments for referrals.
    Comment: We solicited public comments that address the retail and 
nonretail costs (i.e., the costs of purchasing from manufacturers, 
distributors, or other nonretail sources). Only a few commenters 
provided concrete information on the cost of health information 
technology, while most commenters simply noted the cost was high, that 
financial incentives were imperative, and that adoption was not equally 
affordable by all sectors of the health care field.
    Response: We appreciate commenters providing this information, and 
we have taken the information into consideration in finalizing the safe 
harbor. The Administration supports the adoption of health information 
technology as a normal cost of doing business to ensure patients 
receive high quality care.
    Comment: Most commenters shared the opinion that there should not 
be a cap on the value of donated technology, stating that there is not 
a consistent or appropriate way to determine fair market value or 
establish a monetary cap that would accommodate all situations and 
account for the rapid advancement in technology. Some commenters 
believed that the attempt to ascertain the value of donations for the 
purpose of fraud protection would become a barrier to adoption of 
electronic health records, unnecessarily discourage potential donors 
from providing technology, or would result in a reduction on the 
``return on investment'' for electronic prescribing and electronic 
health records. Other commenters expressed concern that a low cap might 
discourage the implementation of electronic health records technology, 
while a high cap may serve to pressure hospitals to provide the maximum 
allowable amount.
    However, a few commenters shared the concern of OIG that allowing 
donors to provide items or services without limiting the value of such 
support could provide a potential for fraud and abuse. One commenter 
asserted that the value of donations will be self-limiting, because 
donors are unlikely to spend more than is necessary, thereby 
eliminating the need for a cap. Another commenter argued that a cap is 
not necessary so long as the donation is made without limiting or 
restricting the use of the electronic prescribing or electronic health 
records technology to services provided by the donating entity, and so 
long as the donation does not take into account the volume or value of 
referrals. Another commenter recommended that OIG limit the design or 
utility of the protected donated technology by requiring that it not 
have more than incidental value to the recipient, beyond the function 
for which it is intended.
    Response: We agree with the commenters that determining the value 
of donated technology poses certain difficulties, and we are not 
including a cap on the amount of protected donations in the final safe 
harbor. While gifts of valuable items and services to existing or 
potential referral sources typically pose a high risk of fraud and 
abuse, we believe that the combination of safe harbor conditions in the 
final safe harbor, including the sunset provision, should adequately 
safeguard against abusive electronic health records arrangements.
    Comment: Many commenters, while opposing the imposition of a cap, 
offered other suggestions for limiting the value of protected 
nonmonetary remuneration. Several commenters suggested a limit on the 
value of protected nonmonetary remuneration in the form of a percentage 
contribution from the recipient, i.e., cost sharing by the recipient. 
These commenters suggested requiring either a set percentage 
contribution by the recipient or a scaled percentage contribution by 
the recipient that would lower the required percentage contribution 
once a pre-determined threshold amount was reached. Some commenters 
also suggested that we consider a cost sharing method that would be 
based on set amounts that would be donated, with the recipient paying 
any remaining costs. The amounts could be revised over time to account 
for the fluctuating expense of technology and other changes that may 
arise. One commenter noted that studies have shown that individuals 
value services more when a portion of the cost is shared. This 
commenter suggested that recipients should, at a minimum, be required 
to contribute towards the purchase of wireless internet access.
    Response: We agree that cost sharing is an appropriate method to 
address some of the fraud and abuse risks inherent in unlimited 
donations of technology. Accordingly, the safe harbor establishes a 
percentage contribution that must be incurred by the recipient of the 
electronic health records technology. Specifically, the final rule 
offers safe harbor protection only if the recipient pays 15 percent of 
the donor's cost of the technology. We believe the 15 percent cost 
sharing requirement is high enough to encourage prudent and robust 
electronic health records arrangements, without imposing a prohibitive 
financial burden on recipients. Requiring financial participation by a 
recipient should result in selection of technology appropriate for the 
recipient's practice and increase the likelihood that the recipient 
will actually use the technology. Moreover, this approach requires 
recipients to contribute toward the benefits they may experience from 
the adoption of interoperable electronic health records (for example, a 
decrease in practice expenses or access to incentive payments related 
to the adoption of health information technology). We note that, 
depending on the circumstances, a differential in the amount of cost 
sharing imposed by a donor on different recipients could give rise to 
an inference that an arrangement is directly related to the volume or 
value of referrals or other business generated between the parties, 
thus rendering the arrangement ineligible for safe harbor protection. 
In this regard, the reason and basis for the differential should be 
closely scrutinized.
    We note that all donated software and health information technology 
and training services would be subject to the cost sharing 
requirements. It is our understanding that many updates and upgrades 
are included in the initial purchase price of the technology and would 
not trigger additional cost sharing responsibility on the part of the 
recipient at the time the update or upgrade is provided to the 
recipient. Any updates, upgrades, or modifications to the donated 
electronic health records system that were not covered under the 
initial purchase price for the donated technology would be subject to 
separate cost sharing obligations by the recipient (to the extent that 
the donor incurs

[[Page 45133]]

additional costs). To ensure that recipients incur the requisite 15 
percent of the costs, donors (and their affiliates) are prohibited from 
providing financing or making loans to recipients to fund the 
recipient's payment for the technology.
    With respect to calculation of the costs for internally-developed 
(``homegrown'') software (that is, software that is not purchased from 
an outside vendor), and internally-developed add-on modules and 
components (that is, software purchased from an outside vendor and 
internally customized to ensure operational functionality), parties 
should use a reasonable and verifiable method for allocating costs and 
are strongly encouraged to maintain contemporaneous and accurate 
documentation. Methods of cost allocation will be scrutinized to ensure 
that they do not inappropriately shift costs in a manner that provides 
an excess benefit to the recipient or results in the recipient 
effectively paying less than 15 percent of the donor's true cost of the 
technology.
    Comment: One commenter suggested that the entire electronic health 
records safe harbor sunset no later than five years from the date of 
publication of the final rulemaking, with the possibility for the 
sunset to be delayed upon an administrative finding by the Secretary 
that there is still a need for the safe harbor. The commenter observed 
that, in the future, electronic health records technology will be a 
standard and necessary part of a medical practice, and there will no 
longer be a need for third parties to donate it to physicians to spur 
adoption of the technology. Moreover, the commenter observed that 
incompatibility across a network of providers will cease to be an issue 
once interoperability of technology becomes the norm. For these 
reasons, the commenter concluded that the rationale for establishing a 
safe harbor to the anti-kickback statute will decrease over time.
    Response: We agree with this commenter that the need for a safe 
harbor for donations of electronic health records technology should 
diminish substantially over time as the use of such technology becomes 
a standard and expected part of medical practice. Over time, physicians 
and others who receive donated technology from third parties may begin 
to realize the economic benefits from increased efficiencies and 
quality of care, at which point they may be expected to shoulder the 
costs associated with producing those benefits. As we indicated earlier 
in this rulemaking, we are promulgating an anti-kickback safe harbor 
for donations of valuable technology to promote its use in the 
interests of quality of care, patient safety, and health care 
efficiency, notwithstanding the substantial risk of fraud and abuse 
normally associated with gifts of valuable goods and services to 
referral sources. Our goal is to promote the beneficial uses of 
technology without undue risk of fraud and abuse. As the technology 
becomes widely used and an accepted part of medical practice, the 
balance between promoting health information technology and preventing 
fraud and abuse changes.
    A sunset provision would also address some of our concerns about 
gifts of unlimited amounts of valuable technology. As noted above, we 
have concluded that we cannot readily develop an appropriate cap on the 
amount of protected technology. A sunset provision, in effect, would 
cap the amount of protected technology that could be donated by third 
parties in a different way, thereby safeguarding against fraud and 
abuse in the long run. All arrangements occurring after the sunset date 
would be subject to case-by-case evaluation under the anti-kickback 
statute.
    We solicited comments on our overall approach to crafting a set of 
safe harbor conditions and how we might ensure that the conditions, 
taken as a whole, provide sufficient protection against fraud and 
abuse. Given the difficulties inherent in limiting the value of donated 
technology and our relaxing of the ordinary principle that remuneration 
cannot be linked in any manner to the volume or value of referrals, we 
believe the sunset provision suggested by the commenter will provide 
appropriate additional protection.
    For all of these reasons, we are adopting the suggestion of the 
commenter, with modifications. We are sunsetting the safe harbor on 
December 31, 2013. This date is consistent with the President's goal of 
adoption of electronic health records technology by 2014. See President 
George W. Bush's Health Information Technology Plan announced April 26, 
2004; http://www.whitehouse.gov/infocus/technology/economic_policy200404/ chap3.html. Under Sec.  1001.952(y)(13), all transfers of 
items and services must occur, and all conditions of the safe harbor 
must have been satisfied, on or before December 31, 2013. Nothing in 
the safe harbor would preclude the Secretary from extending the time 
period in accordance with notice-and-comment rulemaking. However, we do 
not believe it would be appropriate to have a condition in a regulation 
that is contingent on an administrative determination.
    We observe that the sunset provision is also consistent with the 
language in the preamble to the proposed rule that stated:

    ``We are considering setting an initial cap, which would be 
lowered after a certain period of time sufficient to promote the 
initial adoption of the technology. This would have the effect of 
encouraging investments in the desired technology while also 
ensuring that, once the technology has been widely adopted and its 
costs have come down, the safe harbor cannot be abused to disguise 
payments for referrals.'' 70 FR at 59020.

(We note that we are not similarly sunsetting the electronic 
prescribing safe harbor at Sec.  1001.952(x), as that safe harbor is 
mandated by statute, and we do not have authority to limit its 
duration. Moreover, the risk of fraud and abuse is substantially 
greater with respect to donations of electronic health records 
technology than it is for donations of technology necessary and used 
solely for electronic prescribing under Sec.  1001.952(x).)
    Comment: A few commenters suggested that we not sunset the pre-
interoperability safe harbor once the post-interoperability safe harbor 
was finalized, as we had proposed.
    Response: We are not finalizing a separate pre-interoperability 
safe harbor.
    Comment: One commenter stated that CMS should study the issue of a 
cap since health information technology capabilities and costs are 
rapidly evolving.
    Response: This comment addresses matters outside the scope of this 
rulemaking.
    Comment: A few commenters suggested that the final rule should 
allow the donors to reimburse recipients for previously implemented 
electronic health records systems in an amount equal to the lesser of 
the fair market value of the donated technology or the donated value 
cap, should a cap be adopted. These commenters also requested that 
recipients be given assurance by the donor that any technology 
previously purchased that is equivalent to donated technology and meets 
the applicable interoperability standards would be integrated into the 
donor's system.
    Response: We are not adopting these suggestions. The commenters' 
suggestions go beyond the scope of the safe harbor and appear to be a 
request for the safe harbor to provide retroactive protection for 
previously purchased technology. The safe harbor protects the donation 
of technology that meets all of the conditions of the safe harbor.

[[Page 45134]]

Reimbursement for previously incurred expenses is not protected and 
poses a substantial risk of fraud and abuse.
    Comment: We solicited comment in the proposed rulemaking about our 
proposal to prohibit donors from shifting the financial burden of 
providing electronic health records technology to the Federal health 
care programs or beneficiaries. Some commenters suggested that a cap on 
the value of donated technology would address our concern. One 
commenter suggested that the Department mandate savings that must be 
realized over a particular period of time. This commenter believed that 
pay for performance incentives should eventually mitigate the risk of 
cost shifting.
    Response: For the reasons noted above, we are not including a cap 
on the value of donated technology. Moreover, we do not believe it is 
feasible for us to mandate particular levels of savings as a condition 
of safe harbor protection or to rely on the future implementation of 
pay for performance incentives. We continue to believe that our 
proposed condition is prudent and the best way to prevent cost shifting 
to the Federal programs and their beneficiaries. We have included the 
condition in the final safe harbor at Sec.  1001.952(y)(12).
7. Documentation
    Comment: One commenter suggested omitting any requirement that the 
written agreement documenting the arrangement specify the covered items 
and services and their values. Another commenter requested 
clarification as to whether all parties to a three-tier technology 
arrangement (i.e., the donor-distributor of the technology, the vendor 
of the technology, and the recipient of the technology) would be 
required to sign the written agreement required by the safe harbor.
    Response: In light of the cost sharing condition of the final safe 
harbor, we are requiring documentation of the cost to the donor of the 
donated technology, and the recipient's expected contribution thereto. 
Moreover, we are requiring that the cost sharing contribution be made 
and documented before the items and services can qualify for safe 
harbor protection. The documentation must be specific as to the items 
and services donated, the actual cost to the donor, and the amount of 
the recipient's cost sharing obligation. The documentation must cover 
all of the electronic health records items and services to be provided 
by the donor (or affiliated parties) to the recipient. With respect to 
this requirement, we have added language to the final safe harbor 
clarifying that the written documentation requirement can be satisfied 
by incorporating by reference the agreements between the parties or by 
the use of cross references to a master list of agreements between the 
parties that is maintained and updated centrally, is available for 
review by the Secretary upon request, and preserves the historical 
record of agreements. Nothing in the safe harbor requires that 
agreements between donors and recipients also be signed by third-party 
vendors; however, such documentation may be a prudent business 
practice.

D. Community-Wide Health Information Systems

    Comment: Some commenters responded to our request for public 
comments on the need for, and the conditions that should pertain to, a 
safe harbor for community-wide health information systems. These 
commenters supported the creation of a safe harbor and suggested the 
safe harbor mirror the community-wide health information systems 
exception under section 1877 of the Act, with certain suggested 
revisions, including, for example, that the safe harbor should protect 
all types of providers, not just physicians. Another commenter offered 
suggestions on revisions to the section 1877 exception.
    Response: We are not addressing a safe harbor for community-wide 
health information systems at this time; however, we will take into 
consideration the comments received should we develop a proposal for 
such a safe harbor. Comments on the section 1877 exception should be 
addressed to CMS.

III. Regulatory Impact Statement

    We have examined the impact of this rule as required by Executive 
Order 12866, the Unfunded Mandates Reform Act of 1995, the Regulatory 
Flexibility Act (RFA) of 1980, and Executive Order 13132.

Executive Order 12866

    Executive Order 12866 directs agencies to assess all costs and 
benefits of available regulatory alternatives and, if regulation is 
necessary, to select regulatory approaches that maximize net benefits 
(including potential economic, environmental, public health and safety 
effects, distributive impacts, and equity). A regulatory impact 
analysis must be prepared for major rules with economically significant 
effects (i.e., $100 million or more in any given year).
    This is not a major rule, as defined at 5 U.S.C. 804(2), and it is 
not economically significant, since it will not have a significant 
effect on program expenditures, and there are no additional substantive 
costs to implement the resulting provisions. This final rule will 
create new safe harbors under the anti-kickback statute for certain 
entities to provide technology-related items and services to certain 
parties for electronic prescribing and health records purposes in doing 
so, this rulemaking imposes no requirements on any party. Parties may 
voluntarily seek to comply with this provision so that they have 
assurance that their actions will not subject them to any enforcement 
actions under the anti-kickback statute.
    The safe harbors should facilitate the adoption of electronic 
prescribing and health records technology by filling a gap rather than 
creating the primary means by which physicians or other recipients will 
adopt these technologies. In other words, donors will not fund all of 
the health information technology used by recipients. However, since we 
cannot predict which entities will offer these items and services, we 
cannot determine with certainty the aggregate economic impact of this 
final rulemaking. We do not believe, however, that the impact of this 
electronic prescribing safe harbor rule would approach $100 million 
annually. Therefore, this final rule is not a major rule. We note that 
this final rule will remove a perceived obstacle to the provision of 
qualifying electronic prescribing technology and electronic health 
records software or information technology and training services (for 
purposes of this Regulatory Impact Statement, herein referred to as 
``qualifying health information technology'') by certain entities, 
which effort advances the goal of the adoption of interoperable 
information technology. Although this final rule applies to donations 
of qualifying health information technology by hospitals, group 
practitioners, PDP sponsors, MA plans, and other donors, we do not 
expect that all entities would use these final safe harbors (in some 
cases, existing safe harbors may also be available or parties may use 
the OIG's advisory opinion process).
    Our analysis under Executive Order 12866 of the expenditures that 
entities may choose to make under this final rule is restricted by 
potential effects of outside factors, such as technological progress 
and other market forces, future certification standards, and the 
companion final physician self-referral exceptions. Furthermore, both 
the costs and potential savings of electronic prescribing, electronic 
health records,

[[Page 45135]]

and other functional components vary to the extent to which each 
element operates as a stand alone system or as part of an integrated 
system.
    As noted in the proposed electronic prescribing standards rule, 
which was published on February 4, 2005 (70 FR 6256, 6268-6273), donors 
may experience net savings with electronic prescribing in place and 
patients would experience significant, positive health effects. We have 
not repeated that analysis in this final rule. Moreover, we have not 
replicated the extensive analysis of costs, benefits, and potential 
impact on patient care contained in the companion physician self-
referral final rule. We believe the analysis set forth there may be 
similarly relevant to the potential impact of the final safe harbors. 
As also noted there, we assume that qualifying health information 
technology costs and benefits will be realized eventually. Even without 
government intervention, there is a lively market today, and as 
consensus standards evolve, that market will grow. The question as to 
the regulatory impact of this final rule is: to what extent would the 
use of these final anti-kickback safe harbors accelerate adoption of 
electronic prescribing and electronic health records, taking into 
account available policy instruments, notably the development of 
interoperability criteria? The baseline information is uncertain. As 
described in more detail in the physician self-referral final rule, 
there are numerous estimates of adoption of electronic prescribing by 
health plans, hospitals, physicians, and (for prescribing of drugs 
only) pharmacies. As noted there, these estimates are highly sensitive 
to assumptions. For example, the costs may be higher or lower depending 
on the nature of, and information technology needs of, donors and 
recipients. The rate of adoption might be higher or lower than 
estimated. We believe the substantial majority of recipients will be 
physicians. The proportion receiving remuneration could be lower or 
higher than estimated, depending on willingness of hospitals, group 
practices, MA organizations, and PDP sponsors and other donors to 
subsidize investments in health information technology.
    The Office of Management and Budget (OMB) has reviewed this rule in 
accordance with Executive Order 12866.

Unfunded Mandates Reform Act

    Section 202 of the Unfunded Mandates Reform Act of 1995 requires 
that agencies assess the anticipated costs and benefits of Federal 
mandates before issuing any rule that may result in the mandated 
expenditure by State, local, or tribal Governments, in the aggregate, 
or by the private sector, of $100 million in 1995 dollars (a threshold 
adjusted annually for inflation and now approximately $120 million). 
This final rule would impose no mandates. Any actions taken under this 
rule would be voluntary. Any expenditures would be undertaken by 
Government-owned hospitals in their business capacity, without any 
necessary impact on State, local, or tribal Governments, or their 
expenditure budgets, as such.

Regulatory Flexibility Act

    The Regulatory Flexibility Act (RFA) and the Small Business 
Regulatory Enforcement and Fairness Act of 1996, which amended the RFA, 
require agencies to analyze options for regulatory relief of small 
businesses. For purposes of the RFA, small entities include small 
businesses, nonprofit organizations, and Government agencies. Most 
hospitals and most other providers and suppliers are small entities, 
either by nonprofit status or by having revenues of $6 million to $29 
million in any one year. Individuals and States are not included in the 
definition of a small entity. We are not preparing an analysis for the 
RFA because we have determined that this final rule will not have a 
significant impact on small businesses. We base our decision on the 
fact that we expect the rulemaking on electronic prescribing and health 
records to be beneficial to the affected entities because it will allow 
them to better reap the benefits of increased use of electronic 
prescribing and health records technology, including reduction of 
medical errors and increased operational efficiencies.
    In addition, section 1102(b) of the Act requires us to prepare a 
regulatory impact analysis if a rule may have a significant impact on 
the operations of a substantial number of small rural hospitals. This 
analysis must conform to the provisions of section 603 of the RFA. For 
purposes of section 1102(b) of the Act, we define a small rural 
hospital as a hospital that is located outside of a Metropolitan 
Statistical Area and has fewer than 100 beds. We are not preparing an 
analysis for section 1102(b) of the Act because we have determined that 
this rule will not have a substantial negative impact on the operations 
of a substantial number of small rural hospitals. If this rule has any 
impact, it would be a substantial positive impact in reducing medical 
errors and increasing operational efficiencies through the use of 
technology.

Executive Order 13132

    Executive Order 13132 establishes certain requirements that an 
agency must meet when it promulgates a final rule that imposes 
substantial direct requirement costs on State and local Governments, 
preempts State law, or otherwise has Federalism implications. Since 
this regulation does not impose any costs on State or local 
Governments, preempt State or local law, or otherwise have Federalism 
implications, the requirements of Executive Order 13132 are not 
applicable.

IV. Paperwork Reduction Act

    In accordance with section 3506(c)(2)(A) of the Paperwork Reduction 
Act of 1995, we are required to solicit public comments, and receive 
final OMB approval, on any information collection requirements set 
forth in rulemaking. The safe harbors promulgated in this final rule 
impose some minimal information collection requirements. Specifically, 
for an arrangement to fall within the final safe harbors it would have 
to fulfill the following documentation requirements: (1) There must be 
a writing signed by the parties; (2) the written agreement must 
identify the items or services being provided and their cost; and (3) 
the written agreement must incorporate or cross-reference prior 
relevant agreements.
    Compliance with a safe harbor under the Federal anti-kickback 
statute is voluntary, and no party is ever required to comply with a 
safe harbor. Instead, safe harbors merely offer an optional framework 
for structuring business arrangements to ensure compliance with the 
anti-kickback statute. All parties remain free to enter into 
arrangements without regard to a safe harbor, so long as the 
arrangements do not involve unlawful payments for referrals under the 
anti-kickback statute. Thus, we believe that the documentation 
requirements necessary to enjoy safe harbor protection do not qualify 
as an added paperwork burden in accordance with 5 CFR 1320.3(b)(2), 
because the requirements are consistent with usual and customary 
business practices and because the time, effort, and financial 
resources necessary to comply with the requirements would largely be 
incurred in the normal course of business activities.

List of Subjects in 42 CFR Part 1001

    Administrative practice and procedure, Fraud, Health facilities, 
Health professionals, Medicare.

0
Accordingly, 42 CFR part 1001 is amended as follows:

[[Page 45136]]

PART 1001--[AMENDED]

0
1. The authority citation for part 1001 is revised to read as follows:

    Authority: 42 U.S.C. 1302, 1320a-7, 1320a-7b, 1395u(j), 
1395u(k), 1395w-104(e)(6), 1395y(d), 1395y(e), 1395cc(b)(2)(D), (E) 
and (F), and 1395hh; and sec. 2455, Pub. L. 103-355, 108 Stat. 3327 
(31 U.S.C. 6101 note).

0
2. Section 1001.952 is amended by republishing the introductory text, 
by adding and reserving paragraph (w), and by adding new paragraphs (x) 
and (y) to read as follows:


Sec.  1001.952  Exceptions.

    The following payment practices shall not be treated as a criminal 
offense under section 1128B of the Act and shall not serve as the basis 
for an exclusion:
* * * * *
    (x) Electronic prescribing items and services. As used in section 
1128B of the Act, ``remuneration'' does not include nonmonetary 
remuneration (consisting of items and services in the form of hardware, 
software, or information technology and training services) necessary 
and used solely to receive and transmit electronic prescription 
information, if all of the following conditions are met:
    (1) The items and services are provided by a--
    (i) Hospital to a physician who is a member of its medical staff;
    (ii) Group practice to a prescribing health care professional who 
is a member of the group practice; and
    (iii) A PDP sponsor or MA organization to pharmacists and 
pharmacies participating in the network of such sponsor or organization 
and to prescribing health care professionals.
    (2) The items and services are provided as part of, or are used to 
access, an electronic prescription drug program that meets the 
applicable standards under Medicare Part D at the time the items and 
services are provided.
    (3) The donor (or any person on the donor's behalf) does not take 
any action to limit or restrict the use or compatibility of the items 
or services with other electronic prescribing or electronic health 
records systems.
    (4) For items or services that are of the type that can be used for 
any patient without regard to payor status, the donor does not 
restrict, or take any action to limit, the recipient's right or ability 
to use the items or services for any patient.
    (5) Neither the recipient nor the recipient's practice (or any 
affiliated individual or entity) makes the receipt of items or 
services, or the amount or nature of the items or services, a condition 
of doing business with the donor.
    (6) Neither the eligibility of a recipient for the items or 
services, nor the amount or nature of the items or services, is 
determined in a manner that takes into account the volume or value of 
referrals or other business generated between the parties.
    (7) The arrangement is set forth in a written agreement that--
    (i) Is signed by the parties;
    (ii) Specifies the items and services being provided and the 
donor's cost of the items and services; and
    (iii) Covers all of the electronic prescribing items and services 
to be provided by the donor (or affiliated parties). This requirement 
will be met if all separate agreements between the donor (and 
affiliated parties) and the recipient incorporate each other by 
reference or if they cross-reference a master list of agreements that 
is maintained and updated centrally and is available for review by the 
Secretary upon request. The master list should be maintained in a 
manner that preserves the historical record of agreements.
    (8) The donor does not have actual knowledge of, and does not act 
in reckless disregard or deliberate ignorance of, the fact that the 
recipient possesses or has obtained items or services equivalent to 
those provided by the donor.


    Note to paragraph (x): For purposes of paragraph (x) of this 
section, group practice shall have the meaning set forth at 42 CFR 
411.352; member of the group practice shall mean all persons covered 
by the definition of ``member of the group or member of a group 
practice'' at 42 CFR 411.351, as well as other prescribing health 
care professionals who are owners or employees of the group 
practice; prescribing health care professional shall mean a 
physician or other health care professional licensed to prescribe 
drugs in the State in which the drugs are dispensed; PDP sponsor or 
MA organization shall have the meanings set forth at 42 CFR 423.4 
and 422.2, respectively; prescription information shall mean 
information about prescriptions for drugs or for any other item or 
service normally accomplished through a written prescription; and 
electronic health record shall mean a repository of consumer health 
status information in computer processable form used for clinical 
diagnosis and treatment for a broad array of clinical conditions.


    (y) Electronic health records items and services. As used in 
section 1128B of the Act, ``remuneration'' does not include nonmonetary 
remuneration (consisting of items and services in the form of software 
or information technology and training services) necessary and used 
predominantly to create, maintain, transmit, or receive electronic 
health records, if all of the following conditions are met:
    (1) The items and services are provided to an individual or entity 
engaged in the delivery of health care by--
    (i) An individual or entity that provides services covered by a 
Federal health care program and submits claims or requests for payment, 
either directly or through reassignment, to the Federal health care 
program; or
    (ii) A health plan.
    (2) The software is interoperable at the time it is provided to the 
recipient. For purposes of this subparagraph, software is deemed to be 
interoperable if a certifying body recognized by the Secretary has 
certified the software within no more than 12 months prior to the date 
it is provided to the recipient.
    (3) The donor (or any person on the donor's behalf) does not take 
any action to limit or restrict the use, compatibility, or 
interoperability of the items or services with other electronic 
prescribing or electronic health records systems.
    (4) Neither the recipient nor the recipient's practice (or any 
affiliated individual or entity) makes the receipt of items or 
services, or the amount or nature of the items or services, a condition 
of doing business with the donor.
    (5) Neither the eligibility of a recipient for the items or 
services, nor the amount or nature of the items or services, is 
determined in a manner that directly takes into account the volume or 
value of referrals or other business generated between the parties. For 
the purposes of this paragraph (y)(5), the determination is deemed not 
to directly take into account the volume or value of referrals or other 
business generated between the parties if any one of the following 
conditions is met:
    (i) The determination is based on the total number of prescriptions 
written by the recipient (but not the volume or value of prescriptions 
dispensed or paid by the donor or billed to a Federal health care 
program);
    (ii) The determination is based on the size of the recipient's 
medical practice (for example, total patients, total patient 
encounters, or total relative value units);
    (iii) The determination is based on the total number of hours that 
the recipient practices medicine;
    (iv) The determination is based on the recipient's overall use of 
automated technology in his or her medical practice (without specific 
reference to the use of technology in connection with referrals made to 
the donor);

[[Page 45137]]

    (v) The determination is based on whether the recipient is a member 
of the donor's medical staff, if the donor has a formal medical staff;
    (vi) The determination is based on the level of uncompensated care 
provided by the recipient; or
    (vii) The determination is made in any reasonable and verifiable 
manner that does not directly take into account the volume or value of 
referrals or other business generated between the parties.
    (6) The arrangement is set forth in a written agreement that --
    (i) Is signed by the parties;
    (ii) Specifies the items and services being provided, the donor's 
cost of those items and services, and the amount of the recipient's 
contribution; and
    (iii) Covers all of the electronic health records items and 
services to be provided by the donor (or any affiliate). This 
requirement will be met if all separate agreements between the donor 
(and affiliated parties) and the recipient incorporate each other by 
reference or if they cross-reference a master list of agreements that 
is maintained and updated centrally and is available for review by the 
Secretary upon request. The master list should be maintained in a 
manner that preserves the historical record of agreements.
    (7) The donor does not have actual knowledge of, and does not act 
in reckless disregard or deliberate ignorance of, the fact that the 
recipient possesses or has obtained items or services equivalent to 
those provided by the donor.
    (8) For items or services that are of the type that can be used for 
any patient without regard to payor status, the donor does not 
restrict, or take any action to limit, the recipient's right or ability 
to use the items or services for any patient.
    (9) The items and services do not include staffing of the 
recipient's office and are not used primarily to conduct personal 
business or business unrelated to the recipient's clinical practice or 
clinical operations.
    (10) The electronic health records software contains electronic 
prescribing capability, either through an electronic prescribing 
component or the ability to interface with the recipient's existing 
electronic prescribing system, that meets the applicable standards 
under Medicare Part D at the time the items and services are provided.
    (11) Before receipt of the items and services, the recipient pays 
15 percent of the donor's cost for the items and services. The donor 
(or any affiliated individual or entity) does not finance the 
recipient's payment or loan funds to be used by the recipient to pay 
for the items and services.
    (12) The donor does not shift the costs of the items or services to 
any Federal health care program.
    (13) The transfer of the items and services occurs, and all 
conditions in this paragraph (y) have been satisfied, on or before 
December 31, 2013.


    Note to paragraph (y): For purposes of paragraph (y) of this 
section, health plan shall have the meaning set forth at Sec.  
1001.952(l)(2); interoperable shall mean able to communicate and 
exchange data accurately, effectively, securely, and consistently 
with different information technology systems, software 
applications, and networks, in various settings, and exchange data 
such that the clinical or operational purpose and meaning of the 
data are preserved and unaltered; and electronic health record shall 
mean a repository of consumer health status information in computer 
processable form used for clinical diagnosis and treatment for a 
broad array of clinical conditions.


    Dated: June 15, 2006.
Daniel R. Levinson,
Inspector General.
    Approved: July 14, 2006.
Michael O. Leavitt,
Secretary.
[FR Doc. 06-6666 Filed 8-1-06; 8:45 am]
BILLING CODE 4152-01-P