[Federal Register Volume 85, Number 232 (Wednesday, December 2, 2020)]
[Rules and Regulations]
[Pages 77684-77895]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-26072]
[[Page 77683]]
Vol. 85
Wednesday,
No. 232
December 2, 2020
Part III
Department of Health and Human Services
-----------------------------------------------------------------------
Office of Inspector General
-----------------------------------------------------------------------
42 CFR Parts 1001 and 1003
Medicare and State Health Care Programs: Fraud and Abuse; Revisions to
Safe Harbors Under the Anti-Kickback Statute, and Civil Monetary
Penalty Rules Regarding Beneficiary Inducements; Final Rule
��Federal Register / Vol. 85, No. 232 / Wednesday, December 2, 2020 /
Rules and Regulations��
[[Page 77684]]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of Inspector General
42 CFR Parts 1001 and 1003
RIN 0936-AA10
Medicare and State Health Care Programs: Fraud and Abuse;
Revisions to Safe Harbors Under the Anti-Kickback Statute, and Civil
Monetary Penalty Rules Regarding Beneficiary Inducements
AGENCY: Office of Inspector General (OIG), Department of Health and
Human Services (HHS).
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: This final rule amends the safe harbors to the Federal anti-
kickback statute by adding new safe harbors and modifying existing safe
harbors that protect certain payment practices and business
arrangements from sanctions under the anti-kickback statute. This rule
is issued in conjunction with the Department of Health and Human
Services' (HHS's) Regulatory Sprint to Coordinated Care and focuses on
care coordination and value-based care. This rule also amends the civil
monetary penalty (CMP) rules by codifying a revision to the definition
of ``remuneration'' added by the Bipartisan Budget Act of 2018 (Budget
Act of 2018).
DATES: These regulations are effective January 19, 2021.
FOR FURTHER INFORMATION CONTACT: Stewart Kameen or Samantha Flanzer,
Office of Counsel to the Inspector General, (202) 619-0335.
SUPPLEMENTARY INFORMATION:
------------------------------------------------------------------------
Social Security Act citation United States Code citation
------------------------------------------------------------------------
1128B, 1128D, 1102, 1128A................. 42 U.S.C. 1320a-7b, 42
U.S.C. 1320a-7d, 42 U.S.C.
1302, 42 U.S.C. 1320a-7a.
------------------------------------------------------------------------
I. Executive Summary
A. Purpose of the Regulatory Action
The Secretary of HHS (the Secretary) has identified transforming
the U.S. health care system to one that pays for value as a top
priority. Unlike the traditional fee-for-service (FFS) payment system,
which rewards providers for the volume of care delivered, a value-
driven health care system is one that pays for health and outcomes.
Delivering better value from the health care system will require the
transformation of established practices and enhanced collaboration
among providers and other individuals and entities. The purpose of this
rulemaking is to finalize modifications to existing safe harbors to the
Federal anti-kickback statute and finalize the addition of new safe
harbors and a new exception to the civil monetary penalty provision
prohibiting inducements to beneficiaries, ``Beneficiary Inducements
CMP,'' to remove potential barriers to more effective coordination and
management of patient care and delivery of value-based care.
The Department launched the Regulatory Sprint with the express
purpose of removing potential regulatory barriers to care coordination
and value-based care created by certain key health care laws and
associated regulations, including the Federal anti-kickback statute and
Beneficiary Inducements CMP.\1\ Through the Regulatory Sprint, HHS aims
to encourage and improve patients' experience of care, providers'
coordination of care, and information sharing to facilitate efficient
care and preserve and protect patients' access to data.
---------------------------------------------------------------------------
\1\ The Federal anti-kickback statute is codified at 42 U.S.C.
1320a-7b(b); the Beneficiary Inducements CMP is codified at 42
U.S.C. 1320a-7a(a)(5). Additionally, the Regulatory Sprint includes
the physician self-referral law, 42 U.S.C. 1395nn, 42 CFR part 2,
and provisions of the Health Insurance Portability and
Accountability Act of 1996 (HIPAA).
---------------------------------------------------------------------------
The Federal anti-kickback statute is an intent-based, criminal
statute that prohibits intentional payments, whether monetary or in-
kind, in exchange for referrals or other Federal health care program
business. Safe harbor regulations describe various payment and business
practices that, although they potentially implicate the Federal anti-
kickback statute, are not treated as offenses under the statute.
Compliance with a safe harbor is voluntary. The Beneficiary Inducements
CMP is a civil, administrative statute that prohibits knowingly
offering something of value to a Medicare or State health care program
beneficiary to induce them to select a particular provider,
practitioner, or supplier.
Stakeholders have raised concerns that these statutes have chilling
effect on innovation and value-based care because arrangements in which
providers and others coordinate the care of patients with other
providers, share resources among themselves to facilitate better care
coordination, share in the benefits of more efficient care delivery,
and engage and support patients can implicate these statutes.
B. The Proposed Rule
On October 17, 2019, OIG published a notice of proposed rulemaking
\2\ (OIG Proposed Rule) to add or amend various regulatory protections
under the Federal anti-kickback statute and Beneficiary Inducements CMP
with the goal of proposing protections for certain value-based
arrangements that would improve quality, outcomes, and efficiency. The
proposals focused on arrangements to advance the coordination and
management of patient care, with an aim to support innovative methods
and novel arrangements, including the use of digital health technology
such as remote patient monitoring and telehealth. We proposed safe
harbors for value-based arrangements where the parties assume full
financial risk, substantial downside financial risk, and no or lower
risk. The proposed safe harbors offered more flexibility for
arrangements where the parties assumed more financial risk. Consistent
with OIG's law enforcement mission and section 1128D(a)(2)(I) of the
Act, the proposals included safeguards tailored to protect Federal
health care programs and beneficiaries from the risks of fraud and
abuse associated with kickbacks, such as overutilization and
inappropriate patient steering, as well as risks associated with risk-
based payment mechanisms, such as stinting on care.
---------------------------------------------------------------------------
\2\ 84 FR 55694 (Oct. 17, 2019). In connection with the
Regulatory Sprint, and to help develop the proposals in the OIG
Proposed Rule, OIG published a Request for Information (OIG RFI)
seeking input on new or modified safe harbors to promote care
coordination and value-based care and protect patients and taxpayer
dollars from harms cause by fraud and abuse. 83 FR 43607 (Aug. 27,
2018).
---------------------------------------------------------------------------
The OIG Proposed Rule proposed new terminology to define the
universe of value-based arrangements that could qualify for the new
safe harbors, proposing to require that providers, suppliers,
practitioners, and others would form value-based enterprises (VBEs) to
collaborate to achieve value-based purposes, such as coordinating and
managing a target patient population, improving quality of care for a
target patient population, and reducing costs. VBEs could be large or
small. VBEs could be formal corporate structures or looser
affiliations. Under the proposed definition, VBEs would be required to
have an accountable body and transparent governance. We proposed that
some types of entities would not be eligible to use the value-based
safe harbors because of heightened fraud risk and because the entities
did not play a central, frontline role in coordinating and managing
patient care.
[[Page 77685]]
The OIG Proposed Rule proposed to modify existing safe harbors that
advance coordinated care for patients, including information sharing.
OIG proposed modifications to existing safe harbors for local
transportation, electronic health records arrangements, and personal
services and management contracts. Further, the OIG Proposed Rule
proposed new protections for outcomes-based payments, cybersecurity
technology and services arrangements, remuneration in connection with
CMS-sponsored models (largely supplanting the need for separate OIG
fraud and abuse waivers for these models), telehealth technologies for
in-home dialysis patients (statutory), and Medicare Shared Savings
Program ACO beneficiary incentives (statutory). For each new safe
harbor or exception, OIG proposed a set of conditions designed to
ensure that the safe harbor or exception protected beneficial
arrangements and reduced risks of fraud and abuse.
Taken as a whole, the OIG Proposed Rule proposed significant new
flexibilities for value-based arrangements and modernization of the
safe harbor regulations to account for the ongoing evolution of the
health care delivery system. OIG developed its proposals in
coordination with the Centers for Medicare & Medicaid Services (CMS),
which concurrently issued proposed regulations in connection with the
Regulatory Sprint (CMS NPRM).\3\ OIG solicited comments on the wide
range of issues raised by the proposals. We received 337 timely
comments, 327 of which were unique, from a broad range of stakeholders.
---------------------------------------------------------------------------
\3\ 84 FR 55766 (Oct. 17, 2019).
---------------------------------------------------------------------------
C. The Final Rule
We are finalizing the proposed new and modified anti-kickback
statute safe harbors and exception to the Beneficiary Inducements CMP,
with modifications and clarifications explained in the preamble to this
rule. Stakeholder reaction was largely positive, although many
commenters raised concerns and expressed preferences about specific
provisions. Some commenters raised concerns about potential risks of
fraud and impacts on competition.
In this final rule, we sought to strike the right balance between
flexibility for beneficial innovation and better coordinated patient
care with necessary safeguards to protect patients and Federal health
care programs. Many beneficial arrangements do not implicate the anti-
kickback statute and do not need protection. For example, the parties
may be exchanging nothing of value between them or the arrangements
might involve no Federal health care program patients or business.
Other beneficial arrangements might implicate the statute (for example,
the arrangement might involve parties that are exchanging something of
value and are in a position to refer Federal health care program
business between them) but will not fit in these or other available
safe harbors. Arrangements are not necessarily unlawful because they do
not fit in a safe harbor. Arrangements that do not fit in a safe harbor
are analyzed for compliance with the Federal anti-kickback statute
based on the totality of their facts and circumstances, including the
intent of the parties. Some care coordination and value-based
arrangements can be structured to fit in existing safe harbors.
Flexibilities to engage in new business, care delivery, and digital
health technology arrangements with lowered compliance risk may assist
industry stakeholders in their response to and recovery from the
current public health emergency resulting from the novel coronavirus
disease 2019 (COVID-19) pandemic. The final rule may also help
providers and others develop sustainable value-based care delivery
models for the future.
1. Final Anti-Kickback Statute Safe Harbors
We are finalizing the following regulations, as explained in
section III of this preamble.
Terminology and Framework. We are finalizing, with modifications,
the proposed terminology that describes VBEs and VBE participants
eligible to use the value-based safe harbors and the tiered framework
of three value-based safe harbors that vary based on the level of risk
assumed by the parties, with more flexibility associated with
assumption of more risk. See section III.2.1-2 for further discussion.
Safe Harbors for Value-Based Arrangements. We are finalizing, with
modifications, three new safe harbors for remuneration exchanged
between or among participants in a value-based arrangement (as further
defined) that fosters better coordinated and managed patient care:
(i) Care coordination arrangements to improve quality, health
outcomes, and efficiency (paragraph 1001.952(ee)) without requiring the
parties to assume risk;
(ii) value-based arrangements with substantial downside financial
risk (paragraph 1001.952(ff)); and,
(iii) value-based arrangements with full financial risk (paragraph
1001.952(gg)).
These safe harbors address a broad range of potential value-based
arrangements for care coordination activities, including use of digital
health technology. We discuss each safe harbor in more detail in
section III.B.3-5. The value-based safe harbors vary, among other ways,
by the types of remuneration protected (in-kind or in-kind and
monetary), the types of entities eligible to rely on the safe harbors,
the level of financial risk assumed by the parties, and the types of
safeguards included as safe harbor conditions. By design, these safe
harbors offer flexibility for innovation and customization of value-
based arrangements to the size, resources, needs, and goals of the
parties to them. The safe harbors allow for emerging arrangements that
reflect up-to-date understandings in medicine, science, and technology.
These three new safe harbors are not the exclusive, available safe
harbors for care coordination or value-based arrangements. All three
value-based safe harbors offer protection for in-kind remuneration,
such as technology or services. However, only the safe harbors for
value-based arrangements with substantial assumption of risk
(paragraphs 1001.952(ff) and (gg)) protect monetary remuneration. The
care coordination arrangements safe harbor at paragraph 1001.952(ee),
which requires little or no assumption of risk, does not. However,
parties to arrangements involving monetary remuneration, such as shared
savings or performance bonus payments, may be eligible for the new
protection for outcomes-based payments at paragraph 1001.952(d)(2).
Parties to arrangements under CMS-sponsored models may prefer to look
to the new safe harbor specifically for those models at paragraph
1001.952(ii).
As explained at section III.B.2.e below, entities ineligible to use
the value-based safe harbors are: Pharmaceutical manufacturers,
distributors, and wholesalers; pharmacy benefit managers (PBMs);
laboratory companies; pharmacies that primarily compound drugs or
primarily dispense compounded drugs; manufacturers of devices or
medical supplies; entities or individuals that sell or rent durable
medical equipment, prosthetics, orthotics and supplies (DMEPOS) (other
than a pharmacy or a physician, provider, or other entity that
primarily furnishes services); and medical device distributors and
wholesalers. However, the care coordination arrangements safe harbor
includes a separate pathway, with specific conditions, that protects
digital technology arrangements (as
[[Page 77686]]
defined at paragraph 1001.952(ee)(14)) involving manufacturers of
devices or medical supplies and DMEPOS.
Patient Engagement and Support Safe Harbor. We are finalizing, with
modifications, a new safe harbor (paragraph 1001.952(hh)) for patient
engagement tools and supports furnished by a participant in a value-
based enterprise to a patient in a target patient population (discussed
in section III.B.6). This safe harbor uses the same ineligible entities
list as the value-based safe harbors, above, but includes a pathway for
manufacturers of devices or medical supplies to provide digital health
technology.
CMS-Sponsored Models Safe Harbor. We are finalizing, with
modifications, a new safe harbor (paragraph 1001.952(ii)) for CMS-
sponsored model arrangements and CMS-sponsored model patient incentives
that would require OIG fraud and abuse waivers. This safe harbor
(discussed at section III.B.7) is intended to provide greater
predictability model participants and uniformity across models. It will
reduce the need for separate OIG fraud and abuse waivers for new CMS-
sponsored models.
Cybersecurity Technology and Services Safe Harbor. We are
finalizing, with modifications, a new safe harbor (paragraph
1001.952(jj)) for remuneration in the form of cybersecurity technology
and services (discussed at section III.B.8). This safe harbor will
facilitate improved cybersecurity in health care and is available to
all types of individuals and entities.
Electronic Health Records Safe Harbor. We are finalizing our
proposal to modify the existing safe harbor for electronic health
records items and services (paragraph 1001.952(y)). We are finalizing,
with modifications, changes to update and remove provisions regarding
interoperability, remove the sunset provision and prohibition on
donation of equivalent technology, and clarify protections for
cybersecurity technology and services included in an electronic health
records arrangement (discussed at section III.B.9).
Personal Services and Management Contracts and Outcomes-Based
Payments. We are finalizing our proposal to modify the existing safe
harbor for personal services and management contracts (paragraph
1001.952(d)(1)). We are finalizing, without modification, changes to
increase flexibility for part-time or sporadic arrangements and
arrangements for which aggregate compensation is not known in advance.
We are also a finalizing, with modifications, new protection for
outcomes-based payments (paragraph 1001.952(d)(2)). These changes are
discussed at section III.B.10. The new safe harbor for outcomes-based
payments protects payments tied to achieving measurable outcomes that
improve patient or population health or appropriately reduce payor
costs. It makes ineligible the same entities that are ineligible for
the value-based safe harbors.
Warranties. We are finalizing our proposal to modify the existing
safe harbor for warranties (paragraph 1001.952(g)). We are finalizing,
without modification, revisions to the definition of ``warranty'' and
to provide protection for warranties for one or more items and related
services (discussed at section III.B.11). This safe harbor is available
to any type of entity.
Local Transportation. We are finalizing our proposal to modify the
existing safe harbor for local transportation furnished to
beneficiaries (paragraph 1001.952(bb)). We are finalizing, with
modifications, changes to expand mileage limits for rural areas (up to
75 miles) and eliminate mileage limits for transportation to convey
patients discharged from the hospital to their place of residence
(discussed at section III.B.12). We also clarify that the safe harbor
is available for transportation provided through rideshare
arrangements.
ACO Beneficiary Incentives. We are codifying, without modification
to our proposal, the statutory exception to the definition of
``remuneration'' at section 1128B(b)(3)(K) of the Act related to ACO
Beneficiary Incentive Programs for the Medicare Shared Savings Program
(paragraph 1001.952(kk)) (discussed at section III.B.13).
2. Beneficiary Inducements CMP
The final rule amends the Beneficiary Inducements CMP regulations
at 42 CFR 1003 as follows:
Telehealth Technologies for In-Home Dialysis Patients. We are
codifying the statutory exception for ``telehealth technologies''
furnished to certain in-home dialysis patients, pursuant to section
50302(c) of the Budget Act of 2018 (discussed at section III.C.1). We
are finalizing our proposal with modifications.
By operation of law, arrangements that fit in the new and modified
Federal anti-kickback statute safe harbors for patient engagement and
support, paragraph 1001.952(hh), and local transportation, paragraph
1001.952(bb), are also protected under the Beneficiary Inducements CMP.
II. Background
A. Purpose and Need for Regulatory Action
HHS's Regulatory Sprint aims to remove potential regulatory
barriers to care coordination and value-based care created by four key
health care laws and associated regulations: (i) The physician self-
referral law, (ii) the Federal anti-kickback statute, (iii) the Health
Insurance Portability and Accountability Act of 1996 (HIPAA),\4\ and
(iv) rules under 42 CFR part 2 related to substance use disorder
treatment.
---------------------------------------------------------------------------
\4\ Public Law 104-191, 110 Stat. 1936.
---------------------------------------------------------------------------
Through the Regulatory Sprint, HHS aims to encourage and improve:
A patient's ability to understand treatment plans and make
empowered decisions;
providers' alignment on end-to-end treatment (i.e.,
coordination among providers along the patient's full care journey);
incentives for providers to coordinate, collaborate, and
provide patients tools and supports to be more involved in their own
care; and
information sharing among providers, facilities, and other
stakeholders in a manner that facilitates efficient care while
preserving and protecting patient access to data.
Since the enactment in 1972 of the Federal anti-kickback statute,
there have been significant changes in the delivery of, and payment
for, health care items and services both within the Medicare and
Medicaid programs and also for non-Federal payors and patients. Such
changes include modifications to traditional FFS Medicare (i.e.,
Medicare Parts A and B), Medicare Advantage, and States' Medicaid
programs. The Department has a longstanding commitment to aligning
Medicare payment with quality of care delivered to Federal health care
program beneficiaries.
The Department identified the broad reach of the Federal anti-
kickback statute \5\ and the CMP law provision prohibiting inducements
to beneficiaries, the ``Beneficiary Inducements CMP'' \6\ as
potentially inhibiting beneficial arrangements that would advance the
transition to value-based care and improve the coordination of patient
care among providers and across care settings in both the Federal
health care programs and commercial sectors.
---------------------------------------------------------------------------
\5\ 42 U.S.C. 1320a-7b(b).
\6\ 42 U.S.C. 1320a-7a(a)(5).
---------------------------------------------------------------------------
[[Page 77687]]
B. Federal Anti-Kickback Statute and Safe Harbors
Section 1128B(b) of the Act, (42 U.S.C. 1320a-7b(b), the anti-
kickback statute), provides for criminal penalties for whoever
knowingly and willfully offers, pays, solicits, or receives
remuneration to induce or reward the referral of business reimbursable
under any of the Federal health care programs, as defined in section
1128B(f) of the Act (42 U.S.C. 1320a-7b(f)). The offense is classified
as a felony and is punishable by fines of up to $100,000 and
imprisonment for up to 10 years. Violations of the Federal anti-
kickback statute also may result in the imposition of CMPs under
section 1128A(a)(7) of the Act (42 U.S.C. 1320a-7a(a)(7)), program
exclusion under section 1128(b)(7) of the Act (42 U.S.C. 1320a-
7(b)(7)), and liability under the False Claims Act (31 U.S.C. 3729-33).
The types of remuneration covered specifically include, without
limitation, kickbacks, bribes, and rebates, whether made directly or
indirectly, overtly or covertly, in cash or in kind. In addition,
prohibited conduct includes not only the payment of remuneration
intended to induce or reward referrals of patients but also the payment
of remuneration intended to induce or reward the purchasing, leasing,
or ordering of, or arranging for or recommending the purchasing,
leasing, or ordering of, any good, facility, service, or item
reimbursable by any Federal health care program.
Because of the broad reach of the statute and concerns that some
relatively innocuous business arrangements were covered by the statute
and therefore potentially subject to criminal prosecution, Congress
enacted section 14 of the Medicare and Medicaid Patient and Program
Protection Act of 1987, Public Law 100-93 (note to section 1128B of the
Act; 42 U.S.C. 1320a-7b). This provision specifically requires the
development and promulgation of regulations, the so-called safe harbor
provisions, that would specify various payment and business practices
that would not be subject to sanctions under the anti-kickback statute,
even though they potentially may be capable of inducing referrals of
business for which payment may be made under a Federal health care
program.
Section 205 of HIPAA established section 1128D of the Act (42
U.S.C. 1320a-7d), which includes criteria for modifying and
establishing safe harbors. Specifically, section 1128D(a)(2) of the Act
provides that, in modifying and establishing safe harbors, the
Secretary may consider whether a specified payment practice may result
in:
An increase or decrease in access to health care services;
an increase or decrease in the quality of health care
services;
an increase or decrease in patient freedom of choice among
health care providers;
an increase or decrease in competition among health care
providers;
an increase or decrease in the ability of health care
facilities to provide services in medically underserved areas or to
medically underserved populations;
an increase or decrease in costs to Federal health care
programs;
an increase or decrease in the potential overutilization
of health care services;
the existence or nonexistence of any potential financial
benefit to a health care professional or provider, which benefit may
vary depending on whether the health care professional or provider
decides to order a health care item or service or arranges for a
referral of health care items or services to a particular practitioner
or provider; or
any other factors the Secretary deems appropriate in the
interest of preventing fraud and abuse in Federal health care programs.
In giving the Department the authority to protect certain
arrangements and payment practices under the anti-kickback statute,
Congress intended the safe harbor regulations to be updated
periodically to reflect changing business practices and technologies in
the health care industry.\7\ Since July 29, 1991, there have been a
series of final regulations published in the Federal Register
establishing safe harbors in various areas.\8\ These safe harbor
provisions have been developed to limit the reach of the statute
somewhat by permitting certain non-abusive arrangements, while
encouraging beneficial or innocuous arrangements.\9\
---------------------------------------------------------------------------
\7\ H.R. Rep. No. 100-85, Pt. 2, at 27 (1987).
\8\ Medicare and State Health Care Programs: Fraud and Abuse;
OIG Anti-Kickback Provisions, 56 FR 35952 (July 29, 1991); Medicare
and State Health Care Programs: Fraud and Abuse; Safe Harbors for
Protecting Health Plans, 61 FR 2122 (Jan. 25, 1996); Federal Health
Care Programs: Fraud and Abuse; Statutory Exception to the Anti-
Kickback Statute for Shared Risk Arrangements, 64 FR 63504 (Nov. 19,
1999); Medicare and State Health Care Programs: Fraud and Abuse;
Clarification of the Initial OIG Safe Harbor Provisions and
Establishment of Additional Safe Harbor Provisions Under the Anti-
Kickback Statute, 64 FR 63518 (Nov. 19, 1999); 64 FR 63504 (Nov. 19,
1999); Medicare and State Health Care Programs: Fraud and Abuse;
Ambulance Replenishing Safe Harbor Under the Anti-Kickback Statute,
66 FR 62979 (Dec. 4, 2001); Medicare and State Health Care Programs:
Fraud and Abuse; Safe Harbors for Certain Electronic Prescribing and
Electronic Health Records Arrangements Under the Anti-Kickback
Statute, 71 FR 45109 (Aug. 8, 2006); Medicare and State Health Care
Programs: Fraud and Abuse; Safe Harbor for Federally Qualified
Health Centers Arrangements Under the Anti-Kickback Statute, 72 FR
56632 (Oct. 4, 2007); Medicare and State Health Care Programs: Fraud
and Abuse; Electronic Health Records Safe Harbor Under the Anti-
Kickback Statute, 78 FR 79202 (Dec. 27, 2013); and Medicare and
State Health Care Programs: Fraud and Abuse; Revisions to the Safe
Harbors Under the Anti-Kickback Statute and Civil Monetary Penalty
Rules Regarding Beneficiary Inducements, 81 FR 88368 (Dec. 7, 2016).
\9\ Medicare and State Health Care Programs: Fraud and Abuse;
OIG Anti-Kickback Provisions, 56 FR at 35958 (July 21, 1991).
---------------------------------------------------------------------------
Health care providers and others may voluntarily seek to comply
with final safe harbors so that they have the assurance that their
business practices would not be subject to any anti-kickback
enforcement action. Compliance with an applicable safe harbor insulates
an individual or entity from liability under the Federal anti-kickback
statute and the Beneficiary Inducements CMP only; individuals and
entities remain responsible for complying with all other laws,
regulations, and guidance that apply to their businesses.
C. Civil Monetary Penalty Authorities
1. Overview of OIG Civil Monetary Penalty Authorities
In 1981, Congress enacted the CMP law, section 1128A of the Act, 42
U.S.C. 1320a-7a, as one of several administrative remedies to combat
fraud and abuse in Medicare and Medicaid. The law authorized the
Secretary to impose penalties and assessments on persons who defrauded
Medicare or Medicaid or engaged in certain other wrongful conduct. The
CMP law also authorized the Secretary to exclude persons from Federal
health care programs (as defined in section 1128B(f) of the Act, 42
U.S.C. 1320a-7b(f)) and to direct the appropriate State agency to
exclude the person from participating in any State health care programs
(as defined in section 1128(h) of the Act, 42 U.S.C. 1320a-7(h)).
Congress later expanded the CMP law and the scope of exclusion to apply
to all Federal health care programs, but the CMP applicable to
beneficiary inducements remains limited to Medicare and State health
care program beneficiaries. Since 1981, Congress has created various
other CMP authorities covering numerous types of fraud and abuse.
2. The Definition of ``Remuneration''
Section 1128A(a)(5) of the Act, 42 U.S.C. 1320a-7a(a)(5), the
``Beneficiary Inducements CMP,'' provides for the
[[Page 77688]]
imposition of civil monetary penalties against any person who offers or
transfers remuneration to a Medicare or State health care program
(including Medicaid) beneficiary that the benefactor knows or should
know is likely to influence the beneficiary's selection of a particular
provider, practitioner, or supplier of any item or service for which
payment may be made, in whole or in part, by Medicare or a State health
care program (including Medicaid). Section 1128A(i)(6) of the Act, 42
U.S.C. 1320a-7a(i)(6), defines ``remuneration'' for purposes of the
Beneficiary Inducements CMP as including transfers of items or services
for free or for other than fair market value. Section 1128A(i)(6) of
the Act also includes a number of exceptions to the definition of
``remuneration.''
Pursuant to section 1128A(i)(6)(B) of the Act, any practice
permissible under the anti-kickback statute, whether through statutory
exception or safe harbor regulations issued by the Secretary, is also
excepted from the definition of ``remuneration'' for purposes of the
Beneficiary Inducements CMP. However, no parallel exception exists in
the anti-kickback statute. Thus, the exceptions in section 1128A(i)(6)
of the Act apply only to the definition of ``remuneration'' applicable
to section 1128A.
Relevant to this rulemaking, the Budget Act of 2018 created a new
exception to the definition of ``remuneration'' for purposes of the
Beneficiary Inducements CMP. This statutory exception applies to
``telehealth technologies'' provided on or after January 1, 2019, by a
provider of services or a renal dialysis facility to an individual with
end stage renal disease (ESRD) who is receiving home dialysis for which
payment is being made under Medicare Part B.
D. Summary of the OIG Proposed Rule
On October 17, 2019, OIG published a proposed rule in the Federal
Register (84 FR 55694) setting forth certain proposed amendments to the
safe harbors under the anti-kickback statute and a proposed amendment
to the Beneficiary Inducements CMP exceptions (the OIG Proposed Rule).
With respect to the anti-kickback statute, we proposed seven new safe
harbors and modifications to four existing safe harbors. Specifically,
we proposed new protection for:
A safe harbor for care coordination arrangements to
improve quality, health outcomes, and efficiency (1001.952(ee));
A safe harbor for value-based arrangements with
substantial downside financial risk (1001.952(ff));
A safe harbor for value-based arrangements with full
financial risk (1001.952(gg));
A safe harbor for arrangements for patient engagement and
support to improve quality, health outcomes, and efficiency
(1001.952(hh));
A safe harbor for CMS-sponsored model arrangements and
CMS-sponsored model patient incentives (1001.952(ii));
A safe harbor for cybersecurity technology and related
services (1001.952(jj)); and
A safe harbor that would codify the statutory exception to
the definition of ``remuneration'' at section 1128B(b)(3)(K) of the Act
related to ACO Beneficiary Incentive Programs for the Medicare Shared
Savings Program (1001.952(kk)).
An exception to the Beneficiary Inducements CMP for
telehealth technologies for in-home dialysis patients (1003.110).
We proposed to modify:
The safe harbor for personal services and management
contracts and outcomes-based payment arrangements (1001.952(d));
The safe harbor for warranties (1001.952(g));
The safe harbor for electronic health records items and
services (1001.952(y)); and
The safe harbor for local transportation (1001.952(bb)).
An overarching goal of our proposals was to develop final rules
that protect low-risk, beneficial arrangements without opening the door
to fraudulent or abusive conduct that increases Federal health care
program costs or compromises quality of care for patients or patient
choice. We solicited comments on our proposed policies to obtain the
benefit of public input from affected stakeholders.
Our proposals are summarized in greater detail in section III of
this preamble, organized by topic, along with summaries of the final
decisions, and summaries of the related comments and our responses.
E. Summary of the Final Rulemaking
In this final rule, we modify existing as well as add new safe
harbors pursuant to our authority under section 14 of the Medicare and
Medicaid Patient and Program Protection Act of 1987 by specifying
certain payment practices that will not be subject to prosecution under
the anti-kickback statute. We intend to protect practices that pose a
low risk to Federal health care programs and beneficiaries, as long as
specified conditions are met. In doing so, we considered the factors
cited by Congress in granting statutory authority to the Secretary
under Section 1128D(a)(2) of the Social Security Act.\10\ Specifically,
the new and modified safe harbors are designed to further the goals of
access, quality, patient choice, appropriate utilization, and
competition, while protecting against increased costs, inappropriate
steering of patients, and harms associated with inappropriate
incentives tied to referrals. We also codify into our regulations a
statutory safe harbor for patient incentives offered by accountable
care organizations (ACOs) to assigned beneficiaries under ACO
Beneficiary Incentive Programs and an exception to the definition of
``remuneration'' in 42 CFR 1003.110 for certain telehealth technologies
for in-home dialysis.
---------------------------------------------------------------------------
\10\ 42 U.S.C. 1320a-7d(a)(2).
---------------------------------------------------------------------------
To facilitate review of the new and modified safe harbors and
exception in context, we summarize the proposals and final regulations
by topic in section III.B below. The following are the safe harbors and
the exception that we are finalizing, together with the citation to
where they appear in our regulations and a reference to the preamble
section of this final rule where they are discussed in greater detail:
Modifications to the existing safe harbor for personal
services and management contracts, including outcomes-based payments,
at paragraph 1001.952(d) (preamble section III.B.10);
modifications to the existing safe harbor for warranties
at paragraph 1001.952(g) (preamble section III.B.11);
modifications to the existing safe harbor for electronic
health records items and services at paragraph 1001.952(y) (preamble
section III.B.9);
modifications to the existing safe harbor for local
transportation at paragraph 1001.952(bb) (preamble section III.B.12)
a new safe harbor for care coordination arrangements to
improve quality, health outcomes, and efficiency at paragraph
1001.952(ee) (preamble sections III.B.1, III.B.2, and III.B.3);
a new safe harbor for value-based arrangements with
substantial downside financial risk at paragraph 1001.952(ff) (preamble
sections III.B.1, III.B.2, and III.B.4);
a new safe harbor for value-based arrangements with full
financial risk at paragraph 1001.952(gg) (preamble sections III.B.1,
III.B.2, and III.B.5);
a new safe harbor for arrangements for patient engagement
and support to improve quality, health outcomes, and
[[Page 77689]]
efficiency at paragraph 1001.952(hh) (preamble section III.B.6);
a new safe harbor for CMS-sponsored model arrangements and
CMS-sponsored model patient incentives at paragraph 1001.952(ii)
(preamble section III.B.7);
a new safe harbor for cybersecurity technology and related
services at paragraph 1001.952(jj) (preamble section III.B.8);
a new safe harbor for accountable care organization (ACO)
beneficiary incentive program at paragraph 1001.952(kk) (preamble
section III.B.13); and
an exception for telehealth technologies for in-home
dialysis at paragraph 1003.110 (preamble section III.C.1)
III. Summary of Final Provisions, Public Comments, and OIG Responses
A. General
OIG received 337 comments, 327 of which were unique, in response to
the OIG Proposed Rule. A range of individuals and entities submitted
these comments, including: Physicians and other types of clinicians,
hospitals and health systems, other health care providers (e.g., post-
acute providers, laboratories, durable medical equipment suppliers, and
dialysis providers), accountable care organizations, pharmaceutical and
medical device manufacturers, health technology entities, pharmacies,
third-party payors, trade associations, law firms, and consumer and
patient advocacy groups.
As a general matter, most commenters strongly supported the
proposed safe harbors and the need for regulatory reform to the safe
harbors and exceptions to the definition of ``remuneration'' under the
Beneficiary Inducements CMP. While the majority of commenters
recommended various revisions to the proposed safe harbors to increase
regulatory flexibility, some commenters acknowledged that increased
regulatory flexibility could increase the risk of harms associated with
fraud and abuse and recommended revisions to add or strengthen
safeguards in the safe harbor proposals. A few did not support the
proposed safe harbor protections for value-based arrangements as
proposed in paragraphs 1001.952(ee), (ff), (gg), primarily citing fraud
and abuse risks. We have considered these comments carefully in
developing the final rule, as described in more detail in responses to
comments.
1. Alignment With CMS
Several of the final safe harbors intersect with the physician
self-referral law exceptions that CMS is finalizing as part of the
Regulatory Sprint: The three new safe harbors for value-based
arrangements at paragraphs 1001.952(ee), (ff), and (gg), the new
cybersecurity safe harbor at paragraph 1001.952(jj), and the
modifications to the electronic records safe harbor at paragraph
1001.952(y).
Comment: We received comments asking OIG and CMS to align our final
rules in connection with the Regulatory Sprint to the greatest extent
possible. Some commenters believed that the CMS and OIG proposals would
perpetuate a dual regulatory environment (where, e.g., an arrangement
could potentially violate one law but meet the requirements for
protection under the other) and that a lack of consistency would make
it more challenging for entities to navigate an already-complex
regulatory framework. Some commenters suggested that the OIG Proposed
Rule was too narrow compared to the CMS NPRM and requested that OIG
protect what they described as a broader universe of arrangements that
would be protected under the CMS proposals. Another commenter asked
that OIG clarify in the final rule that compliance with the physician
self-referral law would rebut any implication of intent under Federal
anti-kickback statute.
Response: We are mindful of reducing burden on providers and other
industry stakeholders, and we have sought to align value-based
terminology and safe harbor conditions with those being adopted by CMS
in its physician self-referral regulations as part of the Regulatory
Sprint wherever possible (CMS Final Rule).\11\ However, complete
alignment is not feasible because of fundamental differences in
statutory structures and sanctions across the two laws. As
aforementioned, the Federal anti-kickback statute is an intent-based,
criminal statute that covers all referrals of Federal health care
program business (including, but not limited to, physician referrals).
In contrast, the physician self-referral law is a civil, strict-
liability statute that prohibits payment by CMS for a more limited set
of services referred by physicians who have certain financial
relationships with the entity furnishing the services. As a result, the
value-based exceptions adopted by CMS do not need to contemplate the
broad range of conduct that implicates the Federal anti-kickback
statute.
---------------------------------------------------------------------------
\11\ The CMS Final Rule is being published elsewhere in this
version of the Federal Register.
---------------------------------------------------------------------------
Federal anti-kickback statute safe harbors and physician self-
referral law exceptions also operate differently. Because the physician
self-referral law is a strict-liability statute, when an arrangement
implicates the law, compliance with an exception is the only option to
avoid overpayment liability. In other words, the exceptions define the
full universe of acceptable arrangements that implicate the physician
self-referral law. Even minor or erroneous deviations from the specific
terms of a physician self-referral law exception can result in non-
compliance and, because of the statute's strict liability,
overpayments. In contrast, compliance with an anti-kickback statute
safe harbor is voluntary, and there are many arrangements that do not
fit in a safe harbor that are lawful under the anti-kickback statute.
Deviating from a safe harbor does not mean that an arrangement violates
the anti-kickback statute. For arrangements that do not fit in a safe
harbor, liability is determined based on the totality of facts and
circumstances, including the intent of the parties.
Because the Federal anti-kickback statute is not a strict liability
law, the value-based safe harbors we are adopting need not capture the
full universe of value-based arrangements that are legal under the
Federal anti-kickback statute in order to accomplish the goals of
removing barriers to more effective coordination and management of
patient care. Thus, in designing our safe harbors, rather than mirror
CMS's exceptions, we have included safe harbor conditions designed to
ensure that protected arrangements are not disguised kickback schemes.
We recognize that, for purposes of those arrangements that implicate
both the physician self-referral law and the Federal anti-kickback
statute, the value-based safe harbors may therefore protect a narrower
universe of such arrangements than CMS's exceptions.
To protect Federal health care programs and beneficiaries, we
believe that it is important for the Federal anti-kickback statute to
serve as ``backstop'' protection against abusive arrangements that
involve the exchange of remuneration intended to induce or reward
referrals and that might be protected by the physician self-referral
law exceptions. In this way, the OIG and CMS rules, operating together,
create pathways for parties entering into value-based arrangements that
are subject to both laws to develop and implement value-based
arrangements that avoid strict liability for technical noncompliance,
while ensuring that the Federal Government can pursue those parties
engaging in arrangements that are intentional kickback schemes.
[[Page 77690]]
Further, many requirements of the final safe harbors and exceptions
are consistent, particularly in the cybersecurity and electronic health
records areas. In addition, the value-based terminology that describes
the value-based enterprises and value-based arrangements that are
eligible for protection under a value-based safe harbor under the anti-
kickback statute or a value-based exception under the physician self-
referral law are aligned in nearly all respects, except with respect to
the definition of ``value-based activities'' and where slightly
different language was required to integrate the new rules into the
existing regulatory structures (points of difference are discussed
later in this preamble). As a practical matter, this means that the
same value-based enterprise or value-based arrangement can seek
protection under both regulatory schemes, provided the relevant
conditions of a safe harbor and an exception are satisfied.
In sum, because of statutory distinctions, compliance with a value-
based safe harbor may require satisfaction of conditions additional to,
or different from, those in a corresponding physician self-referral law
exception. This is by design. We have endeavored to ensure that an
arrangement that fits in a value-based safe harbor has a viable pathway
for protection under a physician self-referral law exception. However,
an arrangement that fits under a physician self-referral law exception
might not fit in an anti-kickback statute safe harbor or might not fit
unless additional features are added to the arrangement. That said, it
is the Department's belief that compliance with one regulatory
structure should not preclude compliance with the other.
We disagree that compliance with the physician self-referral law
rebuts any implication of intent under the Federal anti-kickback
statute. Indeed, it is possible, depending on the facts and
circumstances, that an arrangement may comply with an exception to the
physician self-referral law but violate the Federal anti-kickback
statute. The fact that a party complies with the requirements of the
physician self-referral law is not evidence that the party does or does
not have the intent to induce or reward referrals for purposes of the
Federal anti-kickback statute. Parties may achieve compliance with an
applicable exception to the physician self-referral law regardless of
the intent of the parties. In addition, other differences between the
physician self-referral law and Federal anti-kickback statute could
lead to compliance with the physician self-referral law but not with
the Federal anti-kickback statute. For example, parties may conclude
that there are no ``referrals,'' as that term is defined for purposes
of the physician self-referral law, but such assessment is inconclusive
with respect to whether there are referrals, or the requisite intent to
induce or reward referrals, for purposes of the Federal anti-kickback
statute.
2. Comments Outside the Scope of the Rulemaking
We received some comments that were outside the scope of this
rulemaking. In some cases, comments (e.g., a request to update the
physician self-referral law's in-office ancillary services exception)
were outside the scope of our authority. Other comments and suggestions
were outside the scope of this rulemaking but could be considered for
future guidance or rulemaking. For example, some commenters urged OIG
to modify existing safe harbors or develop entirely new safe harbors
that were not related to the safe harbors and modifications proposed in
the OIG Proposed Rule (e.g., an amendment to the referral services safe
harbor, new safe harbors specific to Indian health care providers, and
a new safe harbor specific to value-based contracting with
manufacturers for the purchase of pharmaceutical products). Others
requested sub-regulatory guidance outside the rule, such as a
Frequently Asked Question feature to respond to specific questions or
common scenarios from stakeholders. These or other topics that are
outside the scope of this particular rulemaking are not summarized or
discussed in detail in this final rule.
In the next sections of this preamble, we summarize each proposal
from the OIG Proposed Rule (full detail of the proposals can be found
at 84 FR 55694); summarize the final rule, including significant
changes from the proposals; and respond to public comments.
B. Federal Anti-Kickback Statute Safe Harbors
1. Value-Based Framework for Value-Based Arrangements
Summary of OIG Proposed Rule: We proposed a set of value-based
terminology, detailed in the next section, to describe the universe of
value-based arrangements that would, as a threshold matter, be eligible
to seek safe harbor protection under three safe harbors specific to
value-based arrangements between VBEs and one or more of their VBE
participants or between or among VBE participants: (i) The care
coordination arrangements to improve quality, health outcomes, and
efficiency safe harbor at 42 CFR 1001.952(ee), (ii) the value-based
arrangements with substantial downside financial risk safe harbor at 42
CFR 1001.952(ff), (iii) and the full financial risk safe harbor at 42
CFR 1001.952(gg) (collectively referred to as the ``value-based safe
harbors''). The value-based safe harbors would offer greater
flexibilities to parties as they assume more downside financial risk.
We proposed this tiered structure to support the transformation of
industry payment systems and in recognition that arrangements involving
higher levels of downside financial risk for those in a position to
make referrals or order products or services could curb, at least to
some degree, FFS incentives to order medically unnecessary or overly
costly items and services.
Summary of Final Rule: We are finalizing the tiered value-based
framework of three safe harbors that vary based on risk assumption of
the parties. Modifications to specific value-based terminology are
discussed in the next section.
Comment: Many commenters expressed support for our value-based
framework. For example, a commenter stated that OIG had achieved a
proper balance between flexibility for beneficial innovation and
safeguards to protect patients and Federal health care programs against
fraud and abuse risks. Others commended OIG for embracing the
transition from no risk to downside financial risk as a central
component of the value-based framework. In particular, commenters
supported OIG's proposal under the care coordination arrangements safe
harbor to afford protection to value-based arrangements in which
parties had yet to take on downside financial risk.
Response: We have finalized the value-based framework of three safe
harbors, as proposed. We have made modifications to some of the value-
based terminology as discussed in Section III.B.2 below. We explain the
specific reasons for the modifications to the value-based terminology
in responses to comments in section III.B.2.
Comment: Several commenters expressed general support for the
proposed value-based safe harbors, while also recommending that OIG
proceed with caution. For example, a payor urged us to maintain in the
final rule the level of rigor reflected in the proposed value-based
safe harbor and not increase the leniency provided under the proposed
regulations.
[[Page 77691]]
Similarly, a trade association suggested that OIG take a limited
``phased-in'' approach to the safe harbors to facilitate identification
of appropriate patient protection and program integrity guardrails.
Another commenter recommended that, at least once every 3 years, OIG
assess and report on the effects of the value-based safe harbors, e.g.,
review clinical benefits, analyze cost savings, and solicit stakeholder
input. A commenter also cautioned that giving more flexible safe harbor
protection to value-based arrangements that include greater risk may
push providers into assuming risk before they are ready to do so.
Response: With this final rule, we have sought to find the
appropriate balance between the policy goals of the Regulatory Sprint
and the need to protect both patients and Federal health care programs.
We decline to adopt the commenters' specific recommendations related to
a potential phased-in approach or the regular publication of related
reports, but we note that we may undertake future reviews of value-
based arrangements in Federal health care programs as part of our
oversight mission. We have included robust safeguards in the value-
based safe harbors to address the commenters' concerns. We note that we
are affording greater flexibilities under the substantial downside and
full financial risk safe harbors in recognition of parties' assumption
of the requisite level of downside financial risk. Others who may not
be ready or willing to assume risk, or who are only ready or willing to
assume risk at a level below that required by the substantial downside
financial risk or full financial risk safe harbors, may look to the
care coordination arrangements safe harbor, which does not require the
assumption of risk, structure arrangements to fit in another safe
harbor that might apply, or enter into arrangements that are not
protected by a safe harbor, given that structuring an arrangement to
satisfy a safe harbor is voluntary.
Comment: Other commenters expressed concerns about potential fraud
and abuse, with several asserting that the value-based safe harbors
would foster an environment vulnerable to fraud and anticompetitive
effects. Commenters had varying rationales for their position,
including, for example, that existing safe harbors would be sufficient
to advance value-based models; evaluation was warranted before
finalizing these safe harbors; and the care coordination focus of the
value-based safe harbors would lead to further industry consolidation.
A state health department broadly asserted that the proposals lacked
sufficient detail and, if finalized, would pose enforcement challenges.
That commenter requested that we add more detail in our rulemaking,
rather than through sub-regulatory guidance, to assist the state with
developing comprehensive policies to support the rule.
Several radiology trade associations expressed concern that the
safe harbors omitted the guiding principle of fair market value and the
restriction on determining the amount or nature of the remuneration
based on the volume or value of referrals, and consequently, the value-
based arrangements could be abused or used as a means for referring
providers to pay less for radiology or imaging services. Generally,
these commenters supported the creation of value-based safe harbors
only to the extent parties to a value-based arrangement had assumed
significant downside financial risk. They recommended that each value-
based safe harbor include provisions prohibiting referring VBE
participants from underpaying for radiology and imaging services within
a VBE or otherwise leveraging their ability to direct referrals.
Response: The commenters raise important concerns about potential
harms resulting from fraud and abuse; we considered these harms
carefully in developing the final rule. In response to comments,
throughout this final rule we have clarified regulatory text to
minimize confusion; offered additional explanations in preamble to
expound upon OIG's interpretation of provisions in the value-based safe
harbors; and provided illustrative examples for the value-based
terminology, which we believe will aid in both enforcement and
compliance. Parties also may request an advisory opinion from OIG to
determine whether an arrangement meets the conditions of a safe harbor
or is otherwise sufficiently low risk under the Federal anti-kickback
statute to receive prospective immunity from administrative sanctions
by OIG.
This final rule aims to protect value-based arrangements that
enhance patient care and deliver value, and we have included safeguards
designed to preclude from protection arrangements that lead to
medically unnecessary care, might involve coercive marketing, or limit
clinical decision-making. These safeguards are described in greater
detail below and throughout this preamble. In addition, certain
entities that present heightened program integrity risk and are less
likely to be at the front lines of care coordination are not eligible
to rely on the value-based safe harbors or subject to additional
safeguards. We believe the potential benefits of the final value-based
safe harbors (e.g., facilitating the transition to value-based care and
encouraging greater care coordination) outweigh the potential risks
related to fraud and competition.
The value-based safe harbors, as finalized, do not include the
traditional fraud and abuse safeguards of fair market value or a broad
prohibition on taking into account the volume or value of any
referrals. However, we have included other safeguards in each of the
value-based safe harbors that are intended to address potential fraud
and abuse risks, e.g., a prohibition on taking into account the volume
or value of referrals outside the target patient population, limits on
directed referrals, and others described elsewhere in this preamble.
The risk sharing required by the substantial downside financial risk
and full financial risk safe harbors reduces some fraud and abuse
concerns associated with a traditional fee-for-service payment system.
We also included safeguards specific to the care coordination
arrangements safe harbor, e.g., a contribution requirement for
recipients, in recognition, in part, of the fact that this value-based
safe harbor does not require parties to assume financial risk or meet
certain traditional safeguards, such as a fair market value
requirement. The care coordination arrangements safe harbor does not
protect monetary payments, including payments for services such as
radiology or imaging. Nothing in the risk-based safe harbors prevents
parties from negotiating fair market value arrangements for services or
from using the personal services and management contracts and outcomes-
based payments safe harbor at paragraph 1001.952(d), which includes
fair market value requirements.
While existing safe harbors could protect many care coordination
arrangements, comments we received in response to the OIG RFI reflected
that existing safe harbors are insufficient to protect the range of
care coordination arrangements envisioned by the Regulatory Sprint. For
example, apart from employment, there is no existing safe harbor
protection for the sharing of personnel or infrastructure at below-
market-value rates. Thus, the value-based safe harbors will provide
protection to a broader range of care coordination arrangements than is
presently available under existing safe harbors. With respect to the
commenter that suggested evaluation was warranted prior to implementing
the value-based safe harbors, we solicited feedback on the anticipated
approach for rulemaking
[[Page 77692]]
in the RFI and solicited comments on specific safe harbors, an
exception, and relevant considerations in the OIG Proposed Rule. We do
not believe further evaluation is needed to inform the issuance of this
final rule; indeed, further formal evaluation could delay regulatory
flexibilities designed to facilitate innovative value-based care and
care coordination arrangements.
With respect to concerns regarding industry consolidation, it is
not the intent of this final rule to foster industry consolidation. The
rule aims to increase options for parties to create a range of care
coordination and value-based arrangements eligible for safe harbor
protection, whether through employment, ownership, or contracts among
otherwise unaffiliated, independent entities that wish to coordinate
care. As explained elsewhere, the definition of a ``value-based
enterprise'' is flexible, allowing for a broad range of participation
and business structures. In addition, ``value-based arrangements'' are
defined such that they can be among many participants or as few as two.
The safe harbors are available to large and small systems and to rural
and urban providers. We intend for this flexibility to ensure that
smaller providers still have the opportunity to develop and enter into
care coordination arrangements.
Comment: Several commenters highlighted the potential harms the
proposed value-based safe harbors could pose to patients, e.g., cherry-
picking, provision of medically unnecessary care, or stinting on care.
Commenters also expressed concern that the safe harbors could
negatively impact patient freedom of choice or impinge on the patient-
physician relationship. To address these concerns, commenters had
varying suggestions. For example, some commenters urged OIG to insert
patient transparency requirements in the value-based safe harbor that
would mirror similar requirements in the Medicare Shared Savings
Program. One such commenter stated transparency is necessary to ensure
public confidence that the benefits of a value-based arrangement would
not be exclusive to those party to the agreement.
Response: We share the commenters' interests in protecting patients
against cherry-picking, the provision of medically unnecessary care,
stinting on care, patient steering, and any inappropriate infringement
on the patient-doctor relationship. Accordingly, we have finalized
safeguards in each of the three value-based safe harbors related to
these issues. We did not propose patient transparency or notice
requirements in the OIG Proposed Rule for the value-based safe harbors
because we believed it potentially would impose undue administrative
burden on providers, and we are not including any such condition in
this final rule.
Comment: We received a number of comments stating that our approach
to the value-based safe harbors was not bold enough and would act as a
barrier to advancing the coordination and management of care. For
example, a commenter stated that the proposals, as drafted, would not
advance care coordination and better quality outcomes because the OIG
sets too many limits and boundaries within the value-based safe
harbors. In addition, several commenters asserted that our definitions
of certain key terms, such as value-based enterprise and VBE
participant, were overly prescriptive. Other commenters asserted that
our view of financial risk was too narrow and failed to recognize,
among other things, that providers are already at substantial financial
risk under existing financial incentives and penalties created by
payment structures.
Response: We disagree with those commenters who stated that our
definitions are too narrow or prescriptive and that the proposed value-
based safe harbors are not bold enough because they would impose limits
on the types of arrangements that are protected.
As discussed in section III.B.2, we have defined the value-based
terminology to allow for a wide range of individuals and entities to
participate in value-based arrangements. The value-based safe harbors
do not attempt to cover the entire universe of potentially beneficial
arrangements, nor the entire universe of what may constitute risk.
Indeed, we acknowledged in the OIG Proposed Rule, and confirm here,
that we understood that participants in value-based arrangements might
assume certain types of risk other than downside financial risk for
items and services furnished to a target patient population (e.g.,
upside risk, clinical risk, operational risk, contractual risk, or
investment risk).\12\ We continue to believe our focus on downside
financial risk is warranted because the assumption of downside
financial risk incentivizes those making the referral and ordering
decisions to control costs and deliver efficient care in a way the
other types of risk may not.
---------------------------------------------------------------------------
\12\ 84 FR 55699 (Oct. 17, 2019).
---------------------------------------------------------------------------
Further, the care coordination arrangements safe harbor requires no
assumption of downside risk by parties to a value-based arrangement.
Accordingly, parties that do not meet the definition of taking on
``substantial downside financial risk'' or ``full financial risk'' may
seek protection for certain value-based arrangements under the care
coordination arrangements safe harbor. They may also look to the new
safe harbor protection for outcomes-based payments at paragraph
1001.952(d)(2).
We have included parameters in the value-based safe harbors to
protect against risks of fraud and abuse, such as overutilization,
inappropriate patient steering, or stinting on care. Nothing in the
rulemaking changes the premise of safe harbors themselves: They offer
protection to certain arrangements that meet safe harbor conditions,
but they do not purport to define all lawful arrangements. Parties with
arrangements that do not fit in a value-based safe harbor may look to
other safe harbors or the language of the statute itself. Parties also
may request an advisory opinion from OIG to determine whether an
arrangement meets the conditions of a safe harbor or is otherwise
sufficiently low risk under the Federal anti-kickback statute to
receive prospective immunity from administrative sanctions by OIG.
Comment: Multiple commenters recommended that, in lieu of a tiered
approach to the value-based framework (i.e., three value-based safe
harbors, based upon the level of risk assumed by parties), OIG should
create a single value-based arrangements safe harbor. The commenters
asserted that such an approach would reduce the complexity of the
value-based safe harbors.
Response: We appreciate the commenters' suggestion regarding ways
to reduce complexity; however, we disagree with the commenters'
recommendations to develop a single value-based arrangements safe
harbor. The tiered approach we are finalizing in this rule supports the
policy goals of the Regulatory Sprint regarding the transformation to
value and offers parties flexibility to undertake arrangements that
suit their needs. We do not believe that a one-size-fits-all approach
would be feasible or effective to promote the transformation to value
because we recognize there are many dimensions of value in health care
that may look different for various stakeholders. To support the
transformation to value, reflect that program integrity vulnerabilities
change as parties assume more risk, and prevent unscrupulous behavior,
we have adopted a tiered approach where the safeguards included in each
of the value-based safe harbors are tailored according to, among other
things, the
[[Page 77693]]
degree of downside financial risk assumed by the parties.
Comment: In response to our solicitation of comments on whether to
define the term ``value,'' we received varying comments. Some
commenters supported our proposal to use the term in a non-technical
way, with one asserting the term ``value'' is not a one-size-fits-all
term of art. Others suggested that we reference--in the final
definitions or otherwise--financial arrangements under advanced
alternative payment models (APMs) to make clear that value-based
arrangements in CMS-sponsored programs would receive protection under
the value-based safe harbors.
Response: We agree with those commenters that noted that ``value''
is not a one-size-fits all term. We decline to use or define the term
``value'' for the purposes of these safe harbors because we believe
industry stakeholders and those participating in value-based
arrangements potentially protected by these safe harbors are best-
positioned to determine value. Notably, however, we define other terms
critical to the value-based safe harbors, including ``value-based
purpose,'' ``value-based activity,'' and ``value-based arrangement.''
These defined terms adequately capture the concept of value without
prescriptively defining ``value,'' which could inhibit flexibility and
innovation. We also are not adopting the commenters' suggestion to
define any term by referencing financial arrangements under advanced
APMs. Financial arrangements under CMS-sponsored APMs may satisfy the
definition of ``value-based arrangement'' and may serve as one of many
sources for considering value in the delivery of care. In addition,
organizations already participating in CMS-sponsored models may wish to
look to the new safe harbor for those models at paragraph 1001.952(ii).
Comment: Several commenters requested that we offer additional
clarity on key terms and concepts used throughout the value-based
framework. For example, some commenters encouraged OIG to issue sub-
regulatory guidance with respect to the value-based safe harbors, while
others requested specific examples of the types of value-based
arrangements that could be protected. Another commenter suggested that,
in order to avoid confusion, OIG more closely align its value-based
safe harbors with the requirements in the Medicare Shared Savings
Program fraud and abuse waivers (e.g., governing body approval of
protected arrangements). Collectively, these commenters expressed
concern that without further guidance from OIG, individuals and
entities would remain too risk-averse to leverage the new safe harbors
for value-based arrangements or would incur significant time and
expense in creating a value-based enterprise that might not meet the
required standards.
Response: Based on these comments, throughout this final rule, we
have endeavored to provide additional clarity and examples of key terms
and concepts. Parties also may use OIG's advisory opinion process to
obtain a legal opinion on the application of OIG's fraud and abuse
authorities to a particular arrangement. Regarding the request for
greater alignment with the Medicare Shared Savings Program, we note
that we drew from our experience with the waivers issued for the
Medicare Shared Savings Program in drafting the value-based safe
harbors, but we do not believe alignment with the waiver conditions
would be appropriate for a number of reasons. First, CMS provides
programmatic oversight of the Medicare Shared Savings Program that it
would not provide to all value-based enterprises under this final rule.
In addition, the waivers apply to certain remuneration related to one
type of alternative payment model, whereas the safe harbors finalized
in this final rule apply to a broader range of arrangements focused on
value-based care. Finally, as discussed in more detail below, all
individuals and entities can be VBE participants, whereas participation
in the Medicare Shared Savings Program is more limited. Parties
participating in CMS-sponsored models may wish to look at the new safe
harbor for those models at paragraph 1001.952(ii), which is closely
aligned with model requirements and takes into account CMS's oversight
of those models and the Medicare Shared Savings Program.
Comment: Multiple commenters requested that OIG speak to the
intersection of the proposed value-based safe-harbors with existing:
(i) Financial arrangements that may not meet the four corners of the
value-based safe harbors, despite otherwise being similar in concept;
(ii) safe harbors; and (iii) state law and corporate practice of
medicine requirements.
Response: By promulgating value-based safe harbors, we are not
opining, directly or indirectly, on the legality of existing financial
arrangements that may be similar in concept to value-based arrangements
that may be protected under the new value-based safe harbors.
Arrangements that do not meet all conditions of an applicable safe
harbor are not protected by that safe harbor. Whether such an
arrangement violates the Federal anti-kickback statute is a fact-
specific inquiry. In addition, and as stated in the OIG Proposed Rule,
parties to value-based arrangements may choose whether to protect such
arrangements under existing safe harbors or under the new value-based
safe harbors finalized in this final rule.
We have attempted to create significant flexibility under the
Federal anti-kickback statute while recognizing that parties still must
comply with applicable State laws. Nothing in these safe harbors
preempts any applicable State law (unless such State law incorporates
the Federal law by reference).
Comment: We received several comments that touched upon the
applicability of the value-based safe harbors to commercial
arrangements. For example, at least two commenters expressed support
for extending the value-based safe harbor protections to participants
in arrangements involving only commercial payor patients. Another
commenter strongly recommended that OIG clarify in the final rule that
the Federal anti-kickback statute is not implicated if a financial
arrangement is strictly limited to commercial payor patients.
Response: Generally speaking, the Federal anti-kickback statute is
not implicated for financial arrangements limited solely to patients
who are not Federal health care program beneficiaries. However, to the
extent the offer of remuneration pursuant to an arrangement involving
only non-Federal health care program beneficiaries is intended to pull
through referrals of Federal health care program beneficiaries or
business, the Federal anti-kickback statute would be implicated and
potentially violated. While nothing in the value-based safe harbors
precludes financial arrangements limited solely to patients who are not
Federal health care program beneficiaries, the parties would need to
meet all requirements of the applicable value-based safe harbor, and a
pull-through arrangement would not meet the requirement, in each value-
based safe harbor found at (ee), (ff), and (gg), that the offeror of
remuneration does not take into account the volume or value of, or
condition the remuneration of referrals of, patients who are not part
of the target patient population, or business not covered under the
value-based arrangement.
Comment: A commenter recommended that OIG apply the value-based
safe harbors retrospectively.
Response: As stated in the OIG Proposed Rule, the value-based safe
[[Page 77694]]
harbors will be prospective only and will be effective as of 60 days
from the date this rule is published in the Federal Register. It is
neither feasible nor desirable to confer safe harbor protection
retrospectively under a criminal statute. Conduct is evaluated under
the statute and regulations in place at the time of the conduct.
Comment: A commenter supported OIG addressing value-based
contracting and outcomes-based contracting for the purchase of
pharmaceutical products in future rulemaking, including rules around
medication adherence. Another commenter urged OIG to promulgate a safe
harbor in this final rule specific to value-based arrangements with
manufacturers for the purchase of pharmaceutical products (as well as
medical devices and related services).
Response: We did not propose, and thus are not finalizing, a safe
harbor specifically for value-based arrangements with manufacturers for
the purchase of their products. We may consider this topic, along with
value-based contracting and outcomes-based contracting, for future
rulemaking.
Comment: Separate and apart from outcomes-based contracting, a
handful of commenters requested that we create new safe harbors or
issue certain guidance. For example, a hospital association urged us to
create a safe harbor to facilitate non-CMS advanced payment models.
Another commenter suggested we issue guidance affording parties
additional regulatory flexibility to the extent their financial
arrangements are consistent with the goals of the value-based safe
harbors but do not otherwise satisfy all conditions.
Response: We did not propose and are not finalizing a safe harbor
specific to non-CMS advanced payment models. However, we refer the
commenter to our substantial downside financial risk safe harbor at
paragraph 1001.952(ff), as remuneration exchanged by the parties to the
advanced payment model arrangement may be eligible for protection under
that safe harbor.
We likewise are not issuing guidance to provide parties with
additional regulatory flexibility to protect financial arrangements
that are consistent with the goals of, but do not meet the requirements
of, a value-based safe harbor. An arrangement must meet all conditions
of the applicable value-based safe harbor for remuneration exchanged
pursuant to the arrangement to receive protection.
Comment: A commenter asserted that the value-based safe harbors do
not satisfy the requirements set forth in section 1128D of the Act for
the promulgation of new safe harbors. Specifically, the commenter
asserted that the value-based safe harbors do not specify payment
practices that are protected under the Federal anti-kickback statute,
as required by section 1128D, because they only outline a set of
general principles.
Response: We disagree with the commenter. Section 1128D of the Act
requires the Secretary to publish a notice soliciting proposals for,
among other things, additional safe harbors specifying payment
practices that shall not be treated as a criminal offense under section
1128B(b) and shall not serve as the basis for an exclusion under
section 1128(b)(7) and to publish proposed additional safe harbors, if
appropriate, after considering such proposals. Consistent with that
authority, the value-based safe harbors specify payment practices that
will be protected if they meet a series of specific, enumerated
requirements. Although a value-based safe harbor may protect
remuneration exchanged pursuant to a diverse universe of value-based
arrangements, all value-based arrangements within that universe share
the features required by the applicable safe harbor.
For example, the payment practice specified in the care
coordination arrangements safe harbor is the exchange of in-kind
remuneration pursuant to value-based arrangement, where, among several
other requirements, the parties establish legitimate outcome measures
to advance the coordination and management of care for the target
patient population; the arrangement is commercially reasonable; and the
recipient contributes at least 15 percent of either the offeror's cost
or the fair market value of the remuneration. If an arrangement fails
to meet any one of the safe harbor's requirements, it cannot receive
protection under the safe harbor. This approach is consistent with the
approach taken in other safe harbors that are not specific as to the
type of arrangement. For example, the personal services and management
contracts safe harbor protects any payments from a principal to an
agent, as long as a series of standards are met.
Comment: Numerous commenters requested that OIG and CMS seek
greater alignment across their respective value-based rules. According
to some of these commenters, further alignment would reduce
administrative burden, confusion, and regulatory uncertainty.
Commenters were generally in favor of OIG revising its proposed value-
based safe harbors to more closely parallel CMS's proposed value-based
exceptions to the physician self-referral law. Commenters suggested
that CMS's proposed value-based exceptions would protect a broader
universe of beneficial innovative arrangements, without greater fraud
and abuse risk. Accordingly, commenters urged OIG to create a safe
harbor for any value-based arrangement that otherwise met a physician
self-referral law exception or, alternatively, state that compliance
with the physician self-referral law would rebut any implication of
intent under the Federal anti-kickback statute. Commenters also
advocated that OIG adopt certain CMS proposed definitions, e.g., CMS's
``volume or value'' definition.
Response: As explained in more detail in section III.A.1 of this
preamble, we are mindful of reducing burden on providers and other
industry stakeholders, and we have sought to align value-based
terminology and safe harbor conditions with those being adopted by CMS
as part of the Regulatory Sprint wherever possible. However, complete
alignment is not feasible because of fundamental differences in
statutory structures and penalties across the two laws, as well as
differences in how anti-kickback statute safe harbors and physician
self-referral law exceptions operate. For example, the physician self-
referral law applies to referrals by physicians for specified
designated health services, whereas the anti-kickback statute applies
to referrals by anyone of any Federal health care program business.
Fitting in an exception to the physician self-referral law is
mandatory, whereas using safe harbors is voluntary. In designing our
safe harbors, we have included conditions designed to ensure that
protected arrangements are not disguised kickback schemes, and we
recognize that, for purposes of those arrangements that implicate both
the physician self-referral law and the Federal anti-kickback statute,
the value-based safe harbors may therefore protect a narrower universe
of arrangements than CMS's exceptions.
We do not agree as a matter of law that compliance with the
physician self-referral law would rebut any implication of intent under
the Federal anti-kickback statute. We did not propose to, and do not,
adopt CMS's proposed interpretation of the term ``takes into account
the volume or value of referrals or other business generated.'' We have
aligned terminology used in the value-based framework and set forth at
paragraph 1001.952(ee) in our rule, as described below.
2. Value-Based Terminology (42 CFR 1001.952(ee))
[[Page 77695]]
We proposed to define at paragraph 1001.952(ee)(12) the following
terms: ``value-based enterprise'' (``VBE''), ``value-based
arrangement,'' ``target patient population,'' ``value-based activity,''
``VBE participant,'' ``value-based purpose,'' and ``coordination and
management of patient care.'' We summarize the proposal for each of
these definitions and the final rule in turn below. These definitions
are now located at paragraph 1001.952(ee)(14) of the final rule and
cross-referenced in the safe harbors at paragraphs 1001.952(ff), (gg),
and (hh). In this final rule, we have added definitions at paragraph
1001.952(ee)(14) for the following terms that are used in connection
with determining eligibility of certain types of entities to use the
safe harbors at paragraphs 1001.952(d)(2), (ee), (ff), (gg), and (hh):
``limited technology participant,'' ``digital health technology,'' and
``manufacturer of a device or medical supply.'' These definitions are
discussed in section III.B.2.e.
a. Value-Based Enterprise (VBE)
Summary of OIG Proposed Rule: We proposed to define the term
``value-based enterprise'' or ``VBE'' as two or more VBE participants:
(i) Collaborating to achieve at least one value-based purpose; (ii)
each of which is a party to a value-based arrangement with the other or
at least one other VBE participant in the value-based enterprise; (iii)
that have an accountable body or person responsible for financial and
operational oversight of the value-based enterprise; and (iv) that have
a governing document that describes the value-based enterprise and how
the VBE participants intend to achieve its value-based purpose(s).
Summary of Final Rule: We are finalizing, with modification, the
definition of ``value-based enterprise.''
i. General
Comment: Multiple commenters supported the definition of ``value-
based enterprise,'' as proposed, and the flexibility the definition
offers. A commenter appeared to ask OIG to revise the definitions of
``value-based enterprise,'' ``value-based arrangement,'' and ``value-
based activity'' so that they do not incorporate and rely on other
defined terms. Another commenter suggested a broader definition of
``VBE'' that would allow affiliates of a VBE to participate within the
VBE without becoming VBE participants.
Response: The definition of ``value-based enterprise'' is intended
to be broad and flexible to encompass a wide range of VBEs, from
smaller VBEs comprised of only two or three parties to large VBEs, such
as entities that function similar to ACOs. We decline to expand the
definition further to allow affiliates of VBE participants to
participate in a VBE without becoming VBE participants. We designed the
value-based framework, including the requirement for parties to be
either a VBE or a VBE participant, to ensure the remuneration that the
safe harbors protect is exchanged pursuant to a value-based arrangement
where all parties are striving to achieve value-based purposes. VBE
participants can continue to enter into arrangements with affiliates
and other non-VBE participants and may look to other available safe
harbors for potential protection for those arrangements.
We also decline to revise the definitions of ``value-based
enterprise,'' ``value-based arrangement,'' and ``value-based activity''
to omit references to other defined terms. The value-based terminology
we are finalizing works in concert to explain the universe of value-
based arrangements under which the exchange of remuneration may receive
safe harbor protection. For example, because the terms ``VBE
participant,'' ``value-based purpose,'' and ``value-based arrangement''
are fundamental to the definition of ``value-based enterprise,'' we are
finalizing a definition of ``value-based enterprise'' that references
those terms.
Comment: A commenter asked whether parties could prove
collaboration to achieve one or more value-based purposes by measuring
the amount of time a VBE participant has been taking part in a value-
based activity.
Response: To accommodate a broad range of VBEs, from small to
large, this final rule does not prescribe how VBE participants prove
that they are collaborating to achieve at least one value-based
purpose, as required by the definition of ``value-based enterprise'';
it is incumbent on the VBE participants to demonstrate that they are
meeting this requirement. For example, time spent on value-based
activities, records of collaboration between parties, and participation
in applicable meetings, could all be relevant factors, depending on the
unique nature and circumstance of the VBE and the arrangements among
the VBE participants.
Comment: A commenter expressed concern that the costs of forming a
VBE could be prohibitive for small and rural providers and providers
serving underserved populations, and it appeared to ask OIG to create
an online portal that parties could use to create VBEs. Another
commenter asked OIG to state expressly that a VBE may add individual
physicians and other clinicians as VBE participants on an ongoing basis
and still meet the definition of ``VBE.''
Response: The definition of ``VBE'' is intended to be both broad
and flexible to accommodate providers, suppliers, and other entities of
varying sizes and financial means seeking to participate in value-based
arrangements. The definition, as finalized, will allow small and rural
providers and providers serving underserved populations to form VBEs
that correspond in scope and design with the VBE participants'
resources. For example, we anticipate that parties could form a VBE
with a single value-based arrangement, and a VBE could be comprised of
only two VBE participants. We did not propose to create an online
portal for the creation of VBEs, and we are therefore not establishing
an online portal in this final rule. We also confirm that VBE
participants may join and leave a VBE throughout the existence of the
VBE, but we note that a VBE always must have two or more VBE
participants to meet the definition of ``value-based enterprise.''
Comment: A commenter recommended that we require a value-based
enterprise to utilize electronic health records so that each entity
participating in the value-based enterprise has a strong data platform
to track and evaluate the VBE's inputs and outcomes. According to the
commenter, data from the EHR systems is critical to care delivery and
care coordination.
Response: We agree that EHR systems can help individuals and
entities within the VBE facilitate the coordination and management of
care but did not propose to require, and thus are not requiring, VBEs
or VBE participants to use them. Moreover, we intend for entities of
varying sizes and with different levels of funding and access to
technology to be able to utilize the value-based safe harbors. While we
continue to support the Department's goal of continued adoption and use
of interoperable EHR technology that benefits patient care, we are
concerned that requiring utilization of EHR may unduly limit the
ability of some entities to form a VBE. Donations of EHR by VBEs to VBE
participants can be protected by the value-based safe harbors if all
conditions are met. Alternatively, VBE and VBE participants may use the
EHR safe harbor that this final rule makes permanent.
Comment: Commenters asked how the definition of ``value-based
enterprise'' would apply to integrated delivery systems, with a
commenter specifically inquiring as to how entities within a
[[Page 77696]]
larger integrated delivery system that enter into arrangements with a
payor for shared savings and losses could subsequently share such
savings or losses with downstream contracted or employed physicians.
The commenter asked whether each party offering or receiving
remuneration would be required to be a party to an agreement with the
payor or if separate agreements between the downstream entities would
suffice. Another commenter asked OIG to confirm whether an already
existing integrated delivery system, ACO, or similar entity could meet
the requirements of a VBE or whether that entity must establish a new
value-based enterprise to use the value-based safe harbors. A commenter
asserted that the value-based definitions and safe harbors should
include integrated delivery systems, accountable care, team-based care,
coordinated care (including for dual eligible beneficiaries), bundled
payments, payments linked to quality or outcomes, Medicaid waiver
programs, and Medicare managed care, value-based, or delivery system
reform directed payments. A commenter recommended that the final rule
deem an existing ACO to be compliant with the requirements of an
applicable safe harbor to help retain ACOs as a central organizational
structure, reduce regulatory burden, reduce risk of whistleblower or
regulatory challenges, and minimize the need for creation of
arrangements outside the ACOs. For each value-based safe harbor the
commenter made specific suggestions: That OIG deem ACO outcome measures
to meet the outcome measures requirement for care coordination
arrangements; and for the substantial downside financial risk and full
financial risk safe harbors, that all safe harbor conditions would be
deemed met if the requisite level of downside financial risk were
present.
Response: The final rule, including the value-based terminology,
value-based safe harbors, and other safe harbors we are finalizing,
offers several potential pathways for protection for the types of
arrangements noted by the commenters, provided all applicable
definitions and safe harbor conditions are satisfied. An existing
integrated delivery system, ACO, or comparable entity could potentially
qualify as a ``value-based enterprise'' and meet all of the
requirements of the definition to use the value-based safe harbors we
are finalizing. Arrangements for shared savings or losses and certain
bundled payments could be protected under the substantial downside and
full financial risk safe harbors, which protect in-kind and monetary
remuneration exchanged between a VBE and a VBE participant. Under these
safe harbors, a hospital that is a VBE participant could enter into a
value-based arrangement with a VBE, pursuant to which the VBE shares
savings or losses with the hospital VBE participant. However, this
arrangement could not be protected under the care coordination
arrangements safe harbor, which does not protect the exchange of
monetary remuneration. Monetary remuneration, including payments linked
to outcomes, could qualify for protection under the safe harbor for
personal services and management contracts and outcomes-based payments
at paragraph 1001.952(d)(2). Neither the substantial downside financial
risk safe harbor nor the full financial risk safe harbor protects the
exchange of remuneration between entities downstream of the VBE (i.e.,
between VBE participants, a VBE participant and a downstream
contractor, or downstream contractors). Apart from the value-based safe
harbors, some managed care arrangements could be structured to fit in
the existing managed care safe harbors at paragraphs 1001.952(t) and
1001.952(u). ACOs and others in CMS-sponsored models could use the new
safe harbor at paragraph 1001.952(ii).
We did not propose and are not adopting a deeming provision for
ACOs, as recommended by the commenter. Under the final value-based safe
harbors, ACOs would need to meet all applicable safe harbor conditions.
We have designed the value-based terminology and safe harbors to be
flexible to accommodate a range of VBE types, structures, and
arrangements, including ACOs. Moreover, when participating in a CMS-
sponsored model, an ACO might rely on an existing fraud and abuse
waiver or the new safe harbor for CMS-sponsored models at paragraph
1001.952(ii), rather than a value-based safe harbor.
To the commenter's question regarding separate agreements, although
the substantial downside financial risk and full financial risk safe
harbors would not protect any shared savings or losses (or other
remuneration) between the hospital VBE participant and its downstream
employed or contracted physicians, the VBE could enter into value-based
arrangements directly with physicians who are VBE participants in order
to share savings or losses with the physicians. We note, however, that,
consistent with all other safe harbors, compliance with the value-based
safe harbors is not compulsory. Parties may enter into lawful
arrangements for value-based care that do not meet a safe harbor. Other
safe harbors may be relevant to protect remuneration exchanged in a
value-based arrangement, such as the personal services and management
contracts safe harbor or a managed care safe harbor, depending on the
circumstances. The OIG advisory opinion process also remains available.
Comment: A commenter asked whether VBEs must undergo a formal
process to receive protection under the new safe harbors.
Response: All safe harbors to the Federal anti-kickback statute,
including the new safe harbors we are finalizing in this final rule,
are voluntary, and parties do not need to undergo any process or
receive any affirmation from the Federal Government in order to receive
protection. We note that qualifying as a value-based enterprise is not
sufficient to obtain protection under the value-based safe harbors. To
be protected, the remuneration exchanged between or among parties to
the VBE must squarely meet all conditions of an available safe harbor.
Parties that wish for OIG to opine on whether an arrangement satisfies
the criteria of a safe harbor may submit an advisory opinion request.
Comment: A commenter stated that an entity that qualifies as a VBE
should be deemed to meet the Federal Trade Commission (FTC) and
Department of Justice (DOJ) requirements for clinical integration.
Response: Whether a value-based enterprise meets the FTC and DOJ
requirements for clinical integration is outside the scope of this
rulemaking and thus the issue raised by the commenter is not addressed
in this rule.
Comment: Several commenters asked OIG to include references to free
clinics, charitable clinics, and charitable pharmacies in the
definition of ``value-based enterprise,'' stating that hospitals
otherwise will remain risk averse to establishing or continuing
partnerships with such entities. Another commenter asked OIG to confirm
that the terms ``value-based enterprise,'' ``value-based arrangement,''
and ``value-based activity'' apply exclusively to the new safe harbors
and not in other contexts, such as state Medicaid programs, to ensure
the new value-based terminology does not disrupt the administration of
existing value-based arrangements.
Response: We do not believe it is necessary to include references
to any specific entities in the definition of ``value-based
enterprise.'' While the commenter requested that we reference these
entities in the definition of ``VBE,'' we note that under this final
rule all individuals and entities are eligible to
[[Page 77697]]
be VBE participants (other than a patient acting in their capacity as a
patient). The definitions we are finalizing for the value-based
terminology, including the terms ``value-based enterprise,'' ``value-
based arrangement,'' and ``value-based activity,'' do not apply outside
of the safe harbors being finalized in this rule. Given OIG's limited
authority in the context of this rulemaking, we do not purport to
define these terms for other purposes, including for State Medicaid
programs; however, the safe harbors could protect remuneration
resulting from value-based arrangements involving Medicaid
beneficiaries (to the extent that all applicable safe harbor conditions
are satisfied). CMS is using the same terminology for its new value-
based exceptions under the physician self-referral law.
Comment: A commenter asserted that the proposed definitions of
``value-based enterprise,'' ``value-based arrangement,'' ``value-based
activity,'' and ``VBE participant'' apply only to the care coordination
arrangements safe harbor and not to the substantial downside financial
risk safe harbor or the full financial risk safe harbor.
Response: The commenter's apparent confusion arises from the
language in proposed paragraph 1001.952(ee) that states, ``[f]or
purposes of this paragraph (ee), the following definitions apply.''
Notwithstanding this language, the substantial downside financial risk
safe harbor and the full financial risk safe harbor expressly
incorporate the definitions of ``value-based enterprise,'' ``value-
based arrangement,'' ``value-based activity,'' and ``VBE participant''
set forth in paragraph 1001.952(ee).
Comment: While supporting the proposed definition of ``value-based
enterprise,'' several commenters requested that OIG and CMS align any
modifications to the final definition of ``VBE.'' According to the
commenter, identical definitions would allow stakeholders to place more
focus on the delivery of value-based care because they would not need
to navigate different legal frameworks under the Federal anti-kickback
statute and the physician self-referral law.
Response: We are finalizing a definition of ``value-based
enterprise'' that remains aligned with the definition finalized by CMS.
Comment: Some commenters asserted that Indian health programs
should be deemed to meet the definition of ``value-based enterprise''
even if they do not meet each requirement of the definition because
Tribes, as sovereign governments, do not enter into agreements in which
another entity has governing authority or control over any part of the
Tribe. In addition, they explained that Indian health programs have
several features of the proposed definition (e.g., Indian health
programs are held accountable by the governing body of the Tribe or the
United States Congress, in the case of IHS-run programs). Such
commenters asserted that requiring Indian health programs to meet any
additional requirements would exclude or unnecessarily burden those
programs.
Similarly, several commenters requested that OIG address whether
Indian health programs could be a VBE participant and recommended that
the definition expressly state that Indian health programs may be VBE
participants. Another commenter expressed concern that Indian health
programs may not meet the proposed definition of VBE participant
because Tribes are sovereign nations that will not enter into
agreements with another entity with authority over the Tribe.
Response: Indian health programs, as well as other individuals and
entities, may themselves constitute VBEs or may form VBEs if they meet
all requirements in the definition of such term. We are not
promulgating any exceptions to the requirement that parties form a VBE
in order to use one of the value-based safe harbors or the patient
engagement and support safe harbor because we believe the definition of
``value-based enterprise'' is sufficiently broad and flexible to allow
Indian health programs to qualify as or form VBEs.
In addition, under our revised definition of a ``VBE participant,''
all types of entities can be VBE participants, including Indian health
programs and Indian health care providers that engage in at least one
value-based activity as part of a VBE.
ii. Accountable Body
Comment: Multiple commenters supported the proposed requirement
that a VBE have an accountable body that is responsible for financial
and operational oversight of the VBE, while some expressed concerns
regarding the requirement. For example, some commenters asserted that
parties would incur significant legal expenses to create an accountable
body, which could discourage participation in VBEs, and questioned
whether small or rural practices have the resources necessary to
implement an accountable body. A commenter suggested OIG exempt smaller
VBEs from the requirement to have an accountable body, particularly
where the VBE is comprised only of individuals or small physician
practices. Another noted that the requirement to have an accountable
body could create tension between VBE participants when determining who
will assume such role.
Response: We do not believe the requirement for a VBE to have an
accountable body or responsible person places an undue financial or
administrative burden on VBEs or VBE participants, particularly because
the definition of ``value-based enterprise'' affords parties the
flexibility to create VBEs and accountable bodies that range in scope
and complexity. We are not exempting small or other VBEs from the
requirement to have an accountable body or responsible person. We do
not expect that small VBEs would have the same resources as larger VBEs
for this function or would structure the function in the same way. A
VBE should have an accountable body or responsible person that is
appropriate for its size and resource and is capable of carrying out
the associated responsibilities. Any potential for conflict among VBE
participants is a matter for the parties to address in their private
contractual or other arrangements and does not warrant an exception to
the accountable body requirement, which serves an important oversight
and accountability function in the VBE.
Comment: Commenters generally supported the flexibility for parties
to tailor the accountable body to the complexity and sophistication of
the VBE. Multiple commenters requested additional clarification on the
nature and composition of the accountable body, including how and by
whom the accountable body would be organized and whether the
accountable body must be comprised of at least one representative from
each VBE participant.
A commenter asked OIG to clarify whether ACOs that already have
governing bodies in place need to establish an additional accountable
body or responsible person to meet the definition of ``VBE.'' Another
commenter asked whether the safe harbor conditions applicable to
accountable bodies are at least as rigorous as the conditions
applicable to governing bodies in the fraud and abuse waivers issued
for purposes of the Medicare Shared Savings Program.
Response: We are not prescribing how VBE participants or VBEs form
or otherwise designate an accountable body or responsible person in
order to give parties flexibility to do so in a manner conducive to the
scope and objectives of the VBE and its resources. For instance, a
representative from each VBE participant in a VBE could, but is not
required to, be part of the VBE's
[[Page 77698]]
accountable body. Where parties already have a governing body that
constitutes an accountable body or responsible person, such parties are
not required to form a new accountable body or designate a responsible
person for purposes of creating a VBE. While the requirements for the
accountable body or responsible person are not as stringent as the
requirements for an ACO's governing body in the fraud and abuse waivers
issued for purposes of the Medicare Shared Savings Program, we have
concluded that the safe harbor requirements for the accountable body
strike the right balance between allowing for needed flexibility for
parties wanting to form and operate VBEs and providing for appropriate
VBE oversight and accountability.
Comment: Multiple commenters supported a range of additional
requirements for VBE participants related to the accountable body,
including requirements to: (i) Recognize the oversight role of the
accountable body affirmatively; (ii) agree in writing to cooperate with
the accountable body's oversight efforts; and (iii) report data to the
accountable body to enable it to access and verify VBE participant data
related to performance under value-based arrangements. Another
commenter opposed additional requirements on VBE participants, stating
that they would be unnecessary formalities that would constrain use of
the value-based safe harbors for existing arrangements that might
otherwise meet a value-based safe harbor's terms. Other commenters also
asked what, if any, oversight OIG would expect from VBE participants,
themselves, in addition to the oversight conducted by the accountable
body.
Response: It is important for the parties to a value-based
arrangement to support and cooperate with the accountable body or
responsible person. However, we are not finalizing requirements for VBE
participants to recognize affirmatively the oversight role of the
accountable body, agree in writing to cooperate with its oversight
efforts, or report data. On balance, such requirements would introduce
a level of unnecessary administrative detail and impose unnecessary
administrative burden on many VBEs, particularly small or rural
entities. Parties can themselves establish mechanisms to ensure the
ability of the accountable body or responsible person to fulfill its
obligations through, by way of example only, a term in arrangements
between the VBE and its VBE participants that requires VBE participants
to cooperate with the accountable body or responsible person's
oversight efforts.
Whether VBE participants must conduct additional oversight depends
on the applicable safe harbor. Parties relying on safe harbor
protection may want to ensure all applicable safe harbor requirements,
including those related to oversight, are met because failure to
satisfy these requirements would result in the loss of safe harbor
protection for the remuneration at issue. Notwithstanding this fact,
where a VBE participant or VBE has done everything that it reasonably
could to comply with the safe harbor requirements applicable to that
party but the remuneration exchanged loses safe harbor protection as a
result of another party's noncompliance, the compliant party's efforts
to take all reasonable steps would be relevant in a determination of
whether such party had the requisite intent to violate the Federal
anti-kickback statute.
Comment: We received support for, and opposition to, a requirement
for the accountable body to have more specific responsibilities for
overseeing certain aspects of the VBE, including utilization of items
and services; cost; quality of care; patient experience; adoption of
technology; and quality, integrity, privacy, and accuracy of data
related to each value-based arrangement. However, several commenters
cautioned against overly prescriptive oversight obligations, with many
commenters noting that the appropriate scope, methodology, and risk
areas for monitoring and oversight will vary significantly based on the
activities an entity is undertaking. According to several commenters,
the program integrity benefits of any additional requirements on the
accountable body would be outweighed by increased administrative
burden.
Response: We are not requiring more specific oversight
responsibilities for the accountable body. The type of data the
accountable body should monitor and assess could vary by VBE and by
value-based arrangement, and therefore we are not imposing more
prescriptive requirements on the accountable body with respect to its
oversight responsibilities. However, in the full financial risk safe
harbor, we are finalizing a requirement that the VBE provide or arrange
for a quality assurance program for services furnished to the target
patient population that protects against underutilization and assesses
the quality of care furnished to the target patient population.
Comment: Multiple commenters supported a requirement for VBEs to
institute a compliance program to facilitate the accountable body's or
responsible person's obligation to identify program integrity issues,
with some also favoring requirements for periodic review of patient
medical records to ensure compliance with clinical standards or for the
designation of a compliance officer to oversee the VBE and its value-
based arrangements. One commenter recommended that VBE participants
agree to a code of ethics related to compliance oversight.
In contrast, multiple commenters opposed a requirement for the VBE
to have a compliance program. Some asserted it would create an
additional burden on VBEs without substantially reducing the risk of
fraud and abuse. Commenters expressed concern that a compliance program
requirement could result in inconsistent policies or duplicative
administrative obligations if VBE participants already have compliance
programs in place. Another commenter stated that such a requirement is
unnecessary because VBEs are independently at risk for safe harbor
compliance. A commenter recommended that, if OIG requires a VBE to have
a compliance program, OIG should permit the VBE to meet such a
requirement by: (i) Developing a compliance program specific to the VBE
and its VBE participants, (ii) adopting an existing compliance program
held by one of the VBE participants, or (iii) requiring an attestation
from each VBE participant that it has a compliance program and conducts
annual compliance reviews. Another commenter recommended that OIG
provide model compliance provisions that could be included in
agreements between parties in a VBE.
Response: For purposes of these safe harbors, we are not requiring
the VBE or its accountable body or responsible person to have a
compliance program or to review patient medical records periodically.
We also are not requiring an attestation or other agreements from each
VBE participant that it has a compliance program and conducts annual
compliance reviews. Compliance programs are an important tool for,
among other things, monitoring arrangements, identifying fraud and
abuse risks, and, where necessary, implementing corrective action
plans. While it is our view that robust compliance programs are a best
practice for all VBEs and VBE participants, we are not including
specific compliance program requirements or providing model compliance
provisions because VBEs of varying sizes and scopes may have and need
different types of compliance programs. We anticipate many VBE
participants already have compliance programs and may want to
[[Page 77699]]
consider updating these programs to reflect any new arrangements
entered into as part of the VBE.
A compliance program requirement for VBEs would necessitate that we
articulate specific compliance program criteria, which we do not
believe would be feasible or desirable, particularly in light of the
expected variation of VBEs. We also are not requiring the VBE to
designate an individual to serve as a compliance officer. For purposes
of this rule, the accountable body or responsible person acts as an
oversight body that performs a compliance function. In this respect,
and as we stated in the OIG Proposed Rule, we believe the accountable
body or responsible person would be well-positioned to identify program
integrity issues and to initiate action to address them, as necessary
and appropriate. VBEs may elect to have designated compliance officers
if they so wish.
Comment: A commenter asked whether the accountable body and VBE
participants should expect a higher degree of auditing and oversight
from OIG than entities not involved in a value-based enterprise.
Response: OIG provides independent and objective oversight of the
programs and operations of the Department. We anticipate that
individuals and entities that are part of a value-based enterprise will
be subject to OIG's program integrity and oversight activities to the
same extent as other individuals and entities that receive Federal
health care program funds or treat Federal health care program
beneficiaries.
Comment: Some commenters supported a requirement for the
accountable body or responsible person to have a duty of loyalty to the
VBE, particularly for accountable bodies serving larger VBEs. The
commenters asserted that a duty of loyalty would be appropriate given
the lack of programmatic oversight as compared to CMS-sponsored models
and would help reduce certain risks (e.g., stinting on care or
providing medically unnecessary care). Other commenters suggested that
the accountable body should have a duty of loyalty to the patients
within the VBE.
Multiple commenters opposed requiring the accountable body or
responsible person to have a duty of loyalty to the VBE, stating that
it would create conflicts of interest for accountable body members that
are, or are employed by, a VBE participant. Some commenters asserted
that a duty of loyalty would necessitate the use of a third-party
entity to serve as the accountable body, which could be cost
prohibitive for small and rural providers, while others noted that
large VBE participants may be unwilling to cede oversight
responsibilities to an independent third party. A commenter proposed an
alternative requirement for the accountable body or responsible person
to act in furtherance of the VBE's value-based purpose(s).
Response: We are not requiring the accountable body or responsible
person to have a duty of loyalty to the VBE because we agree with
commenters that a duty of loyalty often could create conflicts of
interest for VBE participants and employees of VBE participants who
otherwise would serve as members of the accountable body. We also agree
that a duty of loyalty requirement could necessitate the use of
independent third parties to serve as the accountable body, which could
be cost prohibitive for smaller VBEs. While we are not implementing a
requirement for the accountable body or responsible person to have a
duty of loyalty or to act in furtherance of the VBE's value-based
purpose(s), we believe the accountable body or responsible person
necessarily must act in furtherance of the VBE's value-based purpose(s)
to fulfill its oversight responsibilities. Parties are free to include
this duty in their contractual arrangements.
Comment: A commenter asked OIG to require the accountable body to
submit data to the Department to demonstrate continued compliance with
the applicable safe harbor and progress in improving outcomes and
reducing costs. A commenter also asserted that OIG should require the
accountable body or responsible person to implement a process for
patients to express concerns and for the VBE to resolve such concerns,
and others recommended that OIG ensure that VBE participants secure
informed consent for each patient treated within a VBE.
Response: We are not requiring accountable bodies or responsible
persons to submit data to the Department for purposes of safe harbor
compliance because we do not think the program integrity benefits of
requiring data submission for safe harbor compliance would outweigh the
administrative burden on both the government and the individuals and
entities serving as accountable bodies or responsible persons.
Notwithstanding the foregoing, we remind readers that OIG provides
independent, objective oversight of HHS programs. Nothing in this rule
changes OIG's authorities to request data for its oversight purposes.
In addition, and as explained further below in section III.3.n.v, OIG
will continue to evaluate whether to modify the care coordination
arrangements safe harbor in the future to include a requirement that
the VBE affirmatively submit certain data or information.
Due to administrative burden concerns, we are not requiring the
accountable body or responsible person to implement a process for
patients to express concerns or ensure that VBE participants secure
informed consent for each patient treated within a VBE. Such
requirements may be useful processes for VBEs to consider in ensuring
safe harbor compliance.
iii. Governing Document
Comment: Commenters expressed general support for a governing
document requirement. Some commenters asked whether the written
document forming the value-based arrangement could also constitute the
governing document, and another commenter questioned whether an
existing payor contract could serve as a governing document. Another
commenter requested that OIG permit a collection of documents to
constitute a governing document.
Response: A single document could constitute both the VBE's
governing document and the writing required for a value-based
arrangement so long as it includes all of the requisite requirements
for each writing. In addition, an existing payor contract could qualify
as a governing document so long as it describes the value-based
enterprise and how the VBE participants intend to achieve the VBE's
value-based purpose(s). However, we decline to permit a governing
document for a VBE to be set forth in multiple writings. We permit the
writing requirement in each new value-based safe harbor to be satisfied
by a collection of writings because each party to a value-based
arrangement must sign the writing; in contrast, the governing document
of the VBE does not require any signatures. Creation of one governing
document, that may be amended over time as the value-based activities,
VBE participants, or other features of the VBE evolve, will help ensure
that there is a clearly identifiable governance structure for the VBE.
Comment: Some commenters expressed concern that the requirement for
a VBE to have a governing document could be burdensome, particularly
for small and rural practices and practices serving underserved areas.
Another commenter requested a checklist or model terms for a governing
document, and another commenter asked for clarification of requirements
for the document.
Response: We appreciate commenters' concerns regarding the burden
that
[[Page 77700]]
developing a governing document may place on certain individuals or
entities. We are finalizing the proposed definition of ``value-based
enterprise,'' which does not prescribe a specific format or content for
the governing document, other than it must describe the VBE and how the
VBE participants intend to achieve its value-based purpose(s). This
definition is designed to be flexible so that small and rural practices
and practices serving underserved areas wishing to establish VBEs can
craft governing documents appropriate to their size and the nature of
their VBE. We anticipate that VBEs of different sizes and purposes will
have different types of governing documents with different terms. The
core requirement is that the governing document must describe the
value-based enterprise and how the VBE participants intend to achieve
the VBE's value-based purpose(s), regardless of the format of the
document. This definition offers parties significant flexibility to
craft a value-based enterprise and a governing document commensurate
with the scope and sophistication of the VBE.
As we stated in the preamble to the OIG Proposed Rule, the
governing document requirement provides transparency regarding the
structure of the VBE, the VBE's value-based purpose(s), and the VBE
participants' roadmap for achieving the purpose(s). We do not believe a
checklist for creating a governing document is necessary because the
requirements for the governing document are set forth in the definition
of ``value-based enterprise,'' itself. In addition, we decline to
provide model terms because they could inhibit parties from developing
terms that appropriately reflect the unique nature and circumstances of
their value-based enterprises.
b. Value-Based Arrangement
Summary of OIG Proposed Rule: We proposed to define the term
``value-based arrangement'' to mean an arrangement for the provision of
at least one value-based activity for a target patient population
between or among: (i) The value-based enterprise and one or more of its
VBE participants; or (ii) VBE participants in the same value-based
enterprise. This proposed definition reflected our intent to ensure
that each value-based arrangement is aligned with the VBE's value-based
purpose(s) and is subject to its financial and operational oversight.
It further reflected our intent for the value-based arrangement's
value-based activities to be undertaken with respect to a target
patient population.
We noted in the OIG Proposed Rule that we were considering whether
to address a concern about potentially abusive practices that could be
characterized as the coordination and management of care by precluding
some or all protection under the proposed value-based safe harbors for
arrangements between entities that have common ownership, either
through refinements to the definition of ``value-based arrangement'' or
by adding restrictions on common ownership to one or more of the
proposed safe harbors at paragraphs 1001.952(ee), (ff), or (hh).
Summary of Final Rule: We are finalizing, with modification, the
definition of ``value-based arrangement.'' We are modifying the
regulatory text to clarify that only the value-based enterprise and one
or more of its VBE participants, or VBE participants in the same value-
based enterprise, may be parties to a value-based arrangement. We are
not precluding protection for arrangements between entities that have
common ownership in the definition of ``value-based arrangement,'' nor
in the individual safe harbors.
Comment: Many commenters supported the proposed definition of
``value-based arrangement'' and, in particular, appreciated the
flexibility afforded by the definition, which the commenters posited
will allow parties to design a range of arrangements that may qualify
for protection under the value-based safe harbors, including
arrangements between two providers that include only a single value-
based activity. Commenters also supported our proposal in the OIG
Proposed Rule that the definition covers commercial and private insurer
arrangements.
Response: We reiterate in this final rule that the definition of
``value-based arrangement'' is broad enough to capture commercial and
private insurer arrangements. The definition is intended to afford
parties significant flexibility. In addition, in response to comments,
we are modifying the definition text to clarify our intent that
``value-based arrangement'' capture arrangements for care coordination
and certain other value-based activities among VBE participants within
the same VBE, as indicated in the OIG Proposed Rule,\13\ by revising
the definition so that the value-based arrangement may only be between:
(i) The value-based enterprise and one or more of its VBE participants;
or (ii) VBE participants in the same value-based enterprise.
---------------------------------------------------------------------------
\13\ 84 FR 55702 (Oct. 17, 2019).
---------------------------------------------------------------------------
We emphasize that qualification as a value-based arrangement is
necessary, but not sufficient, to protect remuneration exchanged
pursuant to that arrangement; all conditions of an applicable safe
harbor must be met.
Comment: A commenter opposed the definition of ``value-based
arrangement,'' expressing concern that it is too broad and vague and
could be used as a mechanism to force the exclusive use of a particular
product or particular provider. In addition, the commenter believed the
definition could allow health care entities to engage in abusive
practices by using a value-based safe harbor to funnel remuneration
under the guise of a value-based arrangement.
Response: We have addressed the commenter's concern with respect to
exclusive use through a condition in the care coordination arrangements
safe harbor at paragraph 1001.952(ee). We acknowledge and agree with
the commenter's concern that parties might engage in abusive practices
under the guise of a value-based arrangement; to that end, we have
included robust safeguards in each value-based safe harbor to mitigate
these concerns.
Comment: A commenter requested clarification as to whether current
arrangements would be affected and would need to be restructured to
meet the definition of a ``value-based arrangement.''
Response: There is nothing in this final rule that requires parties
to an existing arrangement to restructure that arrangement to meet the
new definition of a ``value-based arrangement.'' Parties to an existing
arrangement that wish to rely on the protection of one of the value-
based safe harbors may want to review their arrangement to assess
whether it fully meets the definition of a ``value-based arrangement''
and, thus, could be eligible for protection under a value-based safe
harbor if all safe harbor conditions are met.
Comment: Several commenters requested clarification regarding the
statement in the OIG Proposed Rule that the definition of ``value-based
arrangement'' is intended to capture arrangements for care coordination
and certain other value-based activities among VBE participants within
the same VBE.\14\ Specifically, commenters requested clarification
regarding how this statement corresponds with the requirement in each
proposed value-based safe harbor that the value-based arrangement have
as a value-based
[[Page 77701]]
purpose the coordination and management of care.
---------------------------------------------------------------------------
\14\ 84 FR 55702 (Oct. 17, 2019).
---------------------------------------------------------------------------
Response: The definition of ``value-based arrangement'' and the
requirements for protection under the value-based safe harbors are
consistent when read together. The term ``value-based arrangement''
means an arrangement for the provision of at least one ``value-based
activity'' for a target patient population. The definition does not
specify which value-based purpose(s) the value-based activity (or
activities) must be designed to achieve. In this respect, the
definition of ``value-based arrangement'' is broader than the
requirements of some of the value-based safe harbors.
Value-based arrangements are not de facto safe harbor protected.
Rather, an arrangement that meets the definition of a ``value-based
arrangement'' is eligible to seek protection in a value-based safe
harbor. For safe harbor protection, it must squarely satisfy all safe
harbor conditions. For reasons explained elsewhere in this preamble,
the care coordination arrangements safe harbor requires a direct
connection to the first value-based purpose, the coordination and
management of patient care, which is a central focus of this
rulemaking. The substantial downside financial risk arrangements safe
harbor requires a direct connection to any one of the first three
value-based purposes, and the full financial risk arrangements safe
harbor requires a connection to any one of the four value-based
purposes, in recognition of the parties' assumption of risk and the
lower risk of traditional fee-for-service fraud. The substantial
downside financial risk safe harbor and the full financial risk safe
harbor, as finalized, do not require a direct connection to the
coordination and management of care for the target patient population.
In addition, the definition of ``value-based arrangement'' is
consistent with the definition used in CMS's final rule. We anticipate
this alignment may ease compliance burden for parties.
Comment: A commenter asserted that neither VBEs nor VBE
participants should be prohibited from entering into non-disclosure
agreements with parties to a value-based arrangement because otherwise
parties could use information learned in an arrangement against another
party in an anticompetitive manner.
Response: Neither the definition of ``value-based arrangement'' nor
other safe harbor provisions in this final rule preclude parties to a
value-based arrangement from entering into non-disclosure agreements.
Comment: Most commenters opposed our proposal to preclude entities
under common ownership from protecting remuneration that they exchange
under the value-based safe harbors, whether through a change to the
definition of ``value-based arrangement'' or by adding restrictions to
one or more of the value-based safe harbors. Commenters asserted that
entities under common ownership (e.g., through an integrated delivery
system) are often best positioned to improve health outcomes and lower
costs through coordinated care. Several commenters also asserted that
such a requirement may preclude protection for entities participating
in large value-based models, like clinically integrated networks or
accountable care organizations. Some commenters also explained that
rural and Indian health care providers are frequently operated through
common ownership models. Others noted that hospitals in states that
restrict direct physician employment often have arrangements with
medical groups under common ownership, and another commenter raised
concerns about the impact on physician-owned hospitals.
Response: We appreciate commenters' responses. To address
commenters' concerns, we are not limiting protection for entities under
common ownership in this final rule. We continue to be concerned that
there is potential for entities under common ownership to use value-
based arrangements to effectuate payment-for-referral schemes, but we
also believe that the combinations of safeguards we are adopting in the
safe harbors should mitigate these risks. For example, the requirement
in the care coordination arrangements safe harbor that the value-based
arrangement is commercially reasonable, considering both the
arrangement itself and all value-based arrangements within the VBE,
helps to ensure that the arrangements, taken as a whole, are calibrated
to achieve the parties' legitimate business purposes.
Comment: A commenter raised concerns about the timing of VBE
participants entering into value-based arrangements and recommended
that VBE participants not be prevented from providing value-based care
to patients before a formal value-based arrangement has been executed.
The same commenter recommended that we adopt a 90-day grace period for
situations of technical non-compliance related to the timing of VBE
participants entering into value-based arrangements.
Response: First, we remind readers that failure to comply with a
safe harbor provision (or any attendant, defined term) does not mean
that an arrangement is per se illegal. Consequently, the value-based
safe harbors do not prevent a physician, clinician, or other VBE
participant from providing value-based care to patients prior to
entering into a value-based arrangement, or at any other time. In
addition, the Federal anti-kickback statute, which focuses on the
knowing and willful offer, solicitation, payment, or receipt of
remuneration in exchange for Federal health care program business,
likely would not be implicated by the provision of only clinical care
to patients. OIG appreciates that many physicians and others currently
furnish value-based care to patients, and nothing in this rule changes
their ability to do so. Stakeholders should assess whether arrangements
that do not satisfy the definition of ``value-based arrangement,'' as
defined in paragraph 1001.952(ee), implicate the statute. Any
arrangements that are not value-based arrangements, as defined, would
not qualify for protection under the value-based safe harbors, but
could qualify under other safe harbors, depending on the facts and
circumstances, or they might not need safe harbor protection. As
finalized in this rule, a provider or other individual or entity
furnishing value-based care may also become a VBE participant, but the
value-based arrangements in which it participates might not need safe
harbor protection if they do not implicate the statute.
We are not adopting a 90-day grace period to execute value-based
arrangements because it is our belief that it is not necessary. When a
VBE participant must execute a value-based arrangement to receive safe
harbor protection is based on the writing requirements of each safe
harbor. For example, in the care coordination arrangements safe harbor
as finalized at paragraph 1001.952(ee), the writing that documents the
value-based arrangement must be set forth in advance of, or
contemporaneous with, the commencement of the value-based arrangement
and any material change to the value-based arrangement. Additionally,
the writing may be a collection of documents. These flexibilities allow
VBE participants to document their participation in a value-based
arrangement with minimal burden. A VBE can add a new VBE participant to
an existing arrangement in a separate document that becomes part of the
collection of documents for that value-based arrangement.
c. Target Patient Population
Summary of OIG Proposed Rule: We proposed to define ``target
patient population'' as an identified patient
[[Page 77702]]
population selected by the VBE or its VBE participants using legitimate
and verifiable criteria that: (i) Are set out in writing in advance of
the commencement of the value-based arrangement; and (ii) further the
value-based enterprise's value-based purpose(s). The proposal would
protect only those value-based arrangements that serve an identifiable
patient population for whom the value-based activities likely would
improve health outcomes or lower costs (or both). In the OIG Proposed
Rule, we noted that the definition was not limited to Federal health
care program beneficiaries but could encompass, for example, all
patients with a particular disease state.
Summary of Final Rule: We are finalizing, without modification, the
definition of ``target patient population.''
Comment: Many commenters supported our proposed definition of
``target patient population,'' including our requirement that the
identified patient population be selected by the VBE or its VBE
participants using ``legitimate and verifiable criteria.'' However, we
received numerous comments about the use of the term ``legitimate'' to
describe the criteria used to identify the target patient population in
the proposed regulatory text, as well as the alternative proposal in
the preamble to use the term ``evidence-based.'' Some commenters
expressed support for the legitimate criteria standard and stated, for
example, that it facilitated a holistic focus on patients' health. This
category of commenters generally expressed opposition to the
alternative evidence-based standard, arguing that it is too restrictive
and would chill innovative value-based arrangements.
Other commenters opposed the use of the term ``legitimate,''
stating that the term is ambiguous. Another commenter suggested that
OIG enumerate the types of specific behavior that it wishes to preclude
in lieu of using the term ``legitimate''; as an example, the commenter
recommended that we state expressly in the definition of ``target
patient population'' that it would preclude selection criteria designed
to avoid costly or non-compliant patients. Multiple commenters
requested that OIG provide additional clarification on the scope and
application of the term, such as whether it could encompass criteria
based on social determinants of health.
Response: We are finalizing the definition of ``target patient
population,'' as proposed, including the ``legitimate and verifiable
criteria'' standard. As stated in the OIG Proposed Rule, we used this
standard, and in particular, the term ``legitimate,'' to ensure the
target patient population selection process is based upon bona fide
criteria that further a value-based arrangement's value-based
purpose(s), and we confirm that, depending on the facts and
circumstances, legitimate criteria could be based on social
determinants of health, such as safe housing or transportation needs.
We are not including an exhaustive list of legitimate or non-legitimate
selection criteria because there are various types of criteria that
parties could use to select a target patient population; moreover, some
criteria may be legitimate for some value-based arrangements but not
for others. For example, as we stated in the OIG Proposed Rule, VBE
participants seeking to enhance access to, and usage of, primary care
services for patients concentrated in a certain geographic region might
base the target patient population on ZIP Code or county of residence.
In contrast, a value-based arrangement focused on enhancing care
coordination for patients with a particular chronic disease might
identify the target patient population based on patients who have been
diagnosed with that disease. Other VBE participants, such as a social
service organization working in conjunction with a pediatric practice,
may identify their target patient population using income and age
criteria, e.g., pediatric patients who have a household income below
200 percent of the Federal poverty level and who are below the age of
18, in an effort to boost pediatric vaccination rates in a given
community.
We are adopting the proposed ``legitimate and verifiable'' standard
in lieu of the alternative we proposed, which would have required the
use of ``evidence based'' criteria, because we believe requiring
``legitimate and verifiable'' criteria will afford parties
comparatively greater flexibility in determining the target patient
population and aligns with CMS's definition of the same term.
Comment: We received at least two comments requesting that we
expressly state in regulatory text that establishing criteria in a
manner that leads to cherry-picking or lemon-dropping would not
constitute ``legitimate and verifiable'' selection criteria. These
commenters expressed concern that the mere promise by VBE participants
not to engage in such behavior would be sufficient to meet the
definition of ``target patient population'' and receive safe harbor
protection. Another commenter urged that OIG clarify the regulatory
language to directly address concerns about cherry-picking or lemon-
dropping certain patient populations, in order to avoid unnecessary
litigation and legal expense.
Response: In response to the commenters' concerns, we confirm that
if VBE participants establish criteria to target particularly lucrative
patients (``cherry-picking'') or avoid high-cost or unprofitable
patients (``lemon-dropping''), such criteria would not be legitimate
for purposes of the target patient population definition. As we stated
in the OIG Proposed Rule, if VBE participants selectively include
patients in a target patient population for purposes inconsistent with
the objectives of a properly structured value-based arrangement, we
would not consider such a selection process to be based on legitimate
and verifiable criteria that further the VBE's value-based purposes, as
required by the definition.\15\ We are not adopting further
modifications to the proposed definition because the definition's
requirement that the criteria be legitimate and verifiable is clear and
would not include VBE participants that establish criteria to cherry-
pick or lemon-drop patients.
---------------------------------------------------------------------------
\15\ See 84 FR 55702 (Oct. 17, 2019).
---------------------------------------------------------------------------
Comment: The vast majority of commenters on this topic opposed our
statement in the OIG Proposed Rule that we were considering narrowing
the definition of ``target patient population'' to patients with a
chronic condition, patients with a shared disease state, or both.
Commenters stated that such an approach would restrict the ability of
value-based arrangements to adapt to different communities and patient
needs and would ignore the importance of preventive care interventions.
For example, a commenter highlighted the fact that many underserved and
at-risk patient populations are defined not by chronic conditions or
shared disease states but instead are identified by socio-economic,
geographic, and other demographic parameters that are synonymous with
need, poor outcomes, or increased cost.
Response: We are retaining our proposed definition of ``target
patient population'' and are not narrowing the definition to include
only individuals with chronic conditions or shared disease states. We
agree with commenters that were we to narrow the definition, we might
exclude underserved and at-risk patient populations who would likely
benefit from care coordination and management activities. We also
recognize and acknowledge that finalizing our proposed definition will
allow for
[[Page 77703]]
value-based arrangements that focus on important preventive care
interventions.
Comment: We received a variety of comments on the role of payors in
identifying or selecting a target patient population. While some
commenters supported requiring payors to select the target patient
population, the majority of commenters urged OIG to make their
involvement optional. For example, a commenter expressed concern that
if OIG were to make payor involvement a requirement, it would impede
collaboration between payors and providers. Others expressed
uncertainty as to how a requirement that payors select or approve the
target patient population would be implemented for Medicare fee-for-
service patients and questioned whether CMS would need to affirmatively
approve each VBE's or value-based arrangement's target patient
population selection criteria.
Response: We are persuaded by commenters that it would not be
operationally feasible to require payor involvement in the target
patient population selection process. Not all value-based enterprises
will include a payor as a VBE participant. Accordingly, while we
encourage payor involvement in the target patient population selection
process, it is not a requirement in this final rule. It is a
requirement that the target patient population be selected by a VBE or
its VBE participant.
Comment: We received comments requesting wholesale changes to our
proposed definition. For example, a commenter recommended that ``target
patient population'' be defined as any set or subset of patients in
which the accountable party of a VBE takes significant or full downside
risk and is focusing efforts to improve their health and well-being.
Another suggested that we eliminate the ``target patient population''
definition altogether and make the value-based safe harbors provider-,
not patient-population-, specific.
Response: We are not adopting the commenter's alternative
definition of ``target patient population,'' which we did not propose
and which would be too narrow to address the use of the term across all
of our value-based safe harbors, one of which does not require the VBE
participants to take on, or meaningfully share in, any risk. We are
also not eliminating the ``target patient population'' definition in
favor of making the value-based safe harbors provider-, not patient-
population-, specific because orienting the value-based safe harbors
around patients is consistent with the goals of value-based care.
Comment: At least two commenters requested that the definition of
``target patient population'' afford parties the flexibility to modify
the target patient population over time. Another commenter sought
clarification that the definition could include patients retroactively
attributed to the target patient population. Another commenter urged
OIG to adopt a flexible definition but suggested that if OIG narrows
its definition, the term should include underserved patients, such as
uninsured and low-income patients; patients with social risk factors;
and those with limited English proficiency.
Response: The definition of ``target patient population'' requires,
among other criteria, that parties identify a patient population using
legitimate and verifiable criteria in advance of the commencement of
the value-based arrangement. The selection criteria--not the individual
patients--must be identified in advance. Whereas parties seeking to
modify their selection criteria may only make such modifications
prospectively (and upon amending their existing value-based
arrangement), no amendment would be required to attribute patients
retroactively to the target patient population, provided such patients
meet the selection criteria established prior to the commencement of
the value-based arrangement.
Comment: Several commenters sought clarification as to whether a
VBE participant's entire patient population could meet the definition
of ``target patient population.''
Response: Nothing in the definition precludes the parties to a
value-based arrangement from identifying the target patient population
as the entire patient population that a VBE participant serves. We
recognize that, in limited cases, such broad selection criteria may be
appropriate. For example, a VBE may identify all patients in a ZIP Code
in order to address an identified population health need specific to
that ZIP Code, and it may be that a practice also draws most or all
patients from that ZIP Code. Certain specialists, such as
geriatricians, might also identify all or most of their patients as
needing improved care coordination and management due to their multiple
comorbidities and complex care needs. In circumstances where a VBE has
assumed full financial risk, as defined in paragraph 1001.952(gg), a
VBE might select an even broader target patient population comprised of
all patients served by its VBE participants in an effort to more
meaningfully control payor costs.
However, we caution that, depending on the value-based arrangement,
selecting a target patient population by selecting the parties' entire
patient population would need to be closely scrutinized for compliance
with the definition to ensure that such broad selection criteria is
``legitimate'' and necessary to achieve the arrangement's value-based
purpose.
Comment: Multiple commenters requested that OIG address whether
specific categories of patients would be covered by the definition of
``target patient population'' or provide examples of permissible target
patient populations. For example, commenters requested confirmation
that a target patient population could include all patients covered by
a certain payor, such as Medicare. Another commenter expressed concern
that transient patient populations who may have different providers in
different geographic locations would not be covered by the definition.
Response: As described above, a target patient population based on
patients who have been diagnosed with a particular disease could, based
on the specific selection criteria, be a permissible target patient
population. Whether a particular patient population, including
transient patient populations with different providers in different
geographic locations, meets the definition of ``target patient
population'' is a fact-specific determination that turns on whether the
VBE participants used legitimate and verifiable selection criteria and
met the other requirements set forth in the definition. While there may
be circumstances, e.g., the assumption of full financial risk (as
defined in paragraph 1001.952(gg)), where a VBE identifies all of the
patients of a particular payor as the target patient population, we
caution that relying on this criterion, without sufficient
justification for such a broad approach, could raise questions
regarding whether it is legitimate or, instead, is a way to capture
referrals of, for example, Medicare business.
d. Value-Based Activity
Summary of OIG Proposed Rule: We proposed to define ``value-based
activity'' as any of the following activities, provided that the
activity is reasonably designed to achieve at least one value-based
purpose of the value-based enterprise: (i) The provision of an item or
service; (ii) the taking of an action; or (iii) the refraining from
taking an action. We further proposed that the making of a referral is
not a value-based activity.
Summary of Final Rule: We are finalizing, without modification, the
definition of ``value-based activity.''
[[Page 77704]]
OIG's final definition of ``value-based activity'' differs from the
definition in the CMS Final Rule because CMS does not specify that the
making of a referral is not a value-based activity. As explained in
CMS's final rule, CMS has not included a comparable restriction because
of the physician self-referral law's separate definition of referral.
Comment: Many commenters supported the definition of ``value-based
activity,'' as proposed. Several commenters asked OIG to clarify the
definition of ``value-based activity'' further by specifying what
activities would or would not qualify as value-based; how VBEs would
demonstrate that the activities they select are reasonably designed to
achieve a value-based purpose; and what it means to refrain from taking
an action. A few commenters asked whether providing services to
patients constitutes a value-based activity.
Response: The term ``value-based activity'' is intended to be broad
and to include the actions parties take or refrain from taking pursuant
to a value-based arrangement and in furtherance of a value-based
purpose. By way of example, where a VBE participant offeror provides a
type of health technology under a value-based arrangement for the
recipient to use to track patient data in order to spot trends in
health care needs and to improve patient care planning, the provision
of the health technology by the offeror would constitute a value-based
activity, and the use of the health technology by the recipient to
track patient data would constitute a value-based activity. If the
remuneration a VBE participant offeror provides is care coordination
services, a value-based activity might be the recipient working with a
care coordinator provided by the offeror to help transition certain
patients between care settings. Giving something of value to patients,
such as a fitness tracker, also may constitute a value-based activity
if doing so is reasonably designed to achieve a value-based purpose.
However, we note that, where VBE participants exchange remuneration
that the recipient VBE participant then transfers to its patients (for
example, where one VBE participant provides fitness trackers to another
VBE participant, who in turn furnishes the fitness tracker to the
patient), the care coordination arrangements safe harbor would be
available only to protect the remuneration exchanged between the VBE
participants. The parties may look to the patient engagement and
support safe harbor to protect the remuneration from the VBE
participant to the patient. An inaction that constitutes a value-based
activity might be refraining from ordering certain items or services in
accordance with a medically appropriate care protocol that reduces the
number of required steps in a given procedure. This final rule does not
prescribe how parties prove that a particular action or inaction
constitutes a value-based activity. Similarly, it is incumbent on the
parties to demonstrate that they selected value-based activities that
are reasonably designed to achieve a value-based purpose. Both of these
analyses would be fact-specific determinations.
Comment: A commenter asked whether this definition could be
combined with the definition of ``value-based purpose'' to reduce
administrative complexity. Another commenter asserted that the
definition of ``value-based activity'' should recognize the importance
of maintaining patient care and outcomes at an acceptable level.
Response: We are finalizing the definition of ``value-based
activity,'' as proposed, and are not combining it with the definition
of value-based purpose. In our view, separate definitions do not
increase administrative complexity, and we have coordinated terminology
with CMS to reduce complexity. We are not changing the definition of
``value-based activity'' to include the maintenance of patient care and
outcomes at an acceptable level because the definition of ``value-based
activity'' is tied to the definition of ``value-based purpose,'' which
sets forth four purposes toward which parties may be striving pursuant
to value-based arrangements. While maintaining patient care and
outcomes at an acceptable level is clearly desirable, we note that
doing so, without more, is not one of the four value-based purposes
needed to establish a VBE for this rulemaking.
Comment: Many commenters supported the alternate proposal to
expressly exclude any activity that results in information blocking
from the definition of ``value-based activity.'' A commenter
recommended that, if OIG expressly excludes information blocking from
the definition of ``value-based activity,'' OIG should do so by
referencing only statutory definitions and requirements in the Cures
Act and not those set forth in ONC's proposed rule, whereas another
commenter noted that, as an alternative to expressly excluding
information blocking activities in the definition of ``value-based
activity,'' OIG could assume that information blocking will no longer
be tolerated and leave the enforcement of information blocking
restrictions to the regulation finalized in 45 CFR part 171.
Response: The final rule does not include the proposed language
regarding information blocking. Regardless of whether parties seek safe
harbor protection, if parties to value-based arrangement are subject to
the regulations prohibiting information blocking, they must comply with
those regulations. This final rule does not change the individuals and
entities subject to the information blocking prohibition in 45 CFR part
171.
Comment: A commenter expressed concern that the definition of
``value-based activity'' is too broad and vague and that VBE
participants will characterize abusive remuneration-for-referral
arrangements as value-based activities. The commenter suggested
requiring that an activity achieve a value-based purpose, as opposed to
requiring that an activity be reasonably designed to achieve a value-
based purpose.
Comments varied regarding how to interpret whether an activity is
``reasonably designed'' to achieve a value-based purpose. While a
commenter supported interpreting ``reasonably designed'' to mean that
the value-based activities are expected to further one or more value-
based purposes, another commenter suggested that such a determination
be based on all relevant facts and circumstances. Other commenters
recommended establishing a rebuttable presumption that value-based
activities are reasonably designed to meet their stated value-based
purpose. Another commenter urged OIG to require that value-based
activities be directly connected to and directly further the
coordination and management of care; not interfere with the
professional judgment of health care providers; not induce stinting on
care; and not incentivize cherry-picking lucrative or adherent patients
or lemon-dropping costly or noncompliant patients.
Lastly, while at least one commenter supported a requirement for
parties to use an evidence-based process to design value-based
activities, several commenters opposed this requirement, stating that
such a standard would be too rigorous and would restrict innovative
activities.
Response: We are finalizing our definition as proposed. We
intentionally crafted a broad definition of ``value-based activity'' to
encourage parties to innovate when developing these activities. For
that reason, we are not requiring that an activity achieve a value-
based purpose but rather are requiring that a value-based activity be
reasonably designed to achieve a value-based purpose. By ``reasonably
[[Page 77705]]
designed,'' we mean that parties should fully expect the value-based
activities they develop to further one or more value-based purposes.
Because any such determination would be fact specific, we do not
believe it is appropriate to establish a rebuttable presumption that
value-based activities are reasonably designed to meet their stated
value-based purpose, as suggested by a commenter.
We note that, while this definition offers parties significant
flexibility, it is not intended to facilitate parties' attempts to mask
fraudulent referral schemes presented under the guise of a value-based
activity. We highlight that the definition provides that merely making
a referral, without more, is not a value-based activity for purposes of
this rule.
Lastly, we do not intend for the value-based safe harbors to
protect activities that inappropriately influence clinical decision-
making, induce stinting on care, or lead to targeting particularly
lucrative patients or avoiding high-cost or unprofitable patients. We
have incorporated a range of safeguards in the safe harbors that are
designed to guard against these abusive practices. In light of these
safeguards, we do not believe that revisions to the definition of
``value-based activity'' are necessary.
Comment: Several commenters asked OIG to clarify what
differentiates care coordination services from inappropriate referrals
and to modify the definition to make clear that a referral could be one
part of a broader value-based activity. Some commenters expressed
concern that the definition of ``value-based activity'' prohibits safe
harbor protection for value-based arrangements in which payments or
other remuneration depend, in part, on referrals made within a
preferred provider network. A commenter asked whether documenting that
a referral was made and the reason for the referral would constitute a
``value-based activity.''
Response: Making referrals, or documenting reasons for referrals,
would not constitute value-based activities. Parties to a value-based
arrangement may make referrals and document the reasons for the
referrals as part of a value-based arrangement without losing safe
harbor protection under an applicable safe harbor, but the parties also
must be performing one or more value-based activities. Thus, making
referrals or documenting reasons for referrals, without also engaging
in a value-based activity, would not be sufficient to meet the
requirements of the definition because making referrals is not itself a
value-based activity. Absent at least one value-based activity, parties
would not have a viable value-based arrangement and would thus not be
eligible for any of the value-based safe harbors.
The provision excluding referrals from the scope of value-based
activities is not intended to interfere with preferred provider
networks; rather, we intend to require parties to engage in activities
other than making referrals, such as coordinating care plans across
providers for a target patient population, to be eligible for safe
harbor protection.
e. VBE Participant
Summary of OIG Proposed Rule: We proposed to define ``value-based
enterprise participant'' or ``VBE participant'' as an individual or
entity that engages in at least one value-based activity as part of a
value-based enterprise. Based on historical concerns regarding fraud
and abuse risk and our understanding that certain types of entities
were less critical to coordinated care, we proposed that the term ``VBE
participant'' would not include a pharmaceutical manufacturer; a
manufacturer, distributor, or supplier of durable medical equipment,
prosthetics, orthotics, or supplies; or a laboratory. We stated that we
were considering and thus seeking comments as to whether other types of
entities should also be ineligible, including pharmacies (including
compounding pharmacies), PBMs, wholesalers, distributors, and medical
device manufacturers. As a result of this proposed definition, these
entities would not be able to participate in VBEs or seek protection
under the value-based safe harbors or the patient engagement and
support safe harbor.
We stated our intent to offer safe harbor protection for
remuneration exchanged by companies that offer digital technologies to
physicians, hospitals, patients, and others for the coordination and
management of patients and their health care. We recognized that
companies providing these technologies may be new entrants to the
health care marketplace or may be existing companies such as medical
device manufacturers. We explained that we would consider for the final
rule several ways to effectuate our desire to ensure safe harbor
protection for remuneration exchanged by health technology companies,
including through modifications to the value-based terminology;
distinctions drawn among entities based on product-types or other
characteristics; or modifications to the safe harbors themselves.
In the OIG Proposed Rule, we considered and solicited comments on
potential additional safeguards to incorporate into the value-based
safe harbors to mitigate risks of abuse that might be presented should
a broader range of entities be eligible to enter into value-based
arrangements, including restrictions on the parties' use of exclusivity
and minimum purchase requirements.
For additional background and rationale for our proposals, we refer
readers to the discussion of the definition of ``VBE participant'' in
the OIG Proposed Rule.\16\
---------------------------------------------------------------------------
\16\ 84 FR 55703-06 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We are finalizing, with modifications, the
definition of ``VBE participant.'' We are finalizing our proposed
policy that a ``VBE participant'' is an individual or entity that
engages in at least one value-based activity as part of a value-based
enterprise. We are not finalizing our proposed regulatory text to make
certain entity types ineligible under the definition of ``VBE
participant.'' However, we are finalizing our proposed policy to make
certain entities ineligible for safe harbor protection under the value-
based safe harbors and the patient engagement and support safe harbor
(see section III.B.e.ii for details). We are also finalizing our
proposed policy to protect some arrangements involving digital health
technologies provided by certain entities that would otherwise be
ineligible for safe harbor protection (see section III.B.e.iii).
To effectuate these objectives, we are finalizing a different
approach to the definition of ``VBE participant'' in the following four
respects.
First, we are revising the definition of ``VBE participant'' to
allow all types of individuals (other than patients) and entities to be
VBE participants. This revision makes our definition more similar to
CMS's corresponding definition and removes a potential impediment to
existing organizations that wish to qualify as VBEs but may include
types of entities we proposed to disallow as VBE participants. We now
define the term ``VBE participant'' to mean an individual or entity
that engages in at least one value-based activity as part of a value-
based enterprise, other than a patient when acting in their capacity as
a patient. This does not, however, mean that every VBE participant will
receive protection under the applicable safe harbors; it is intended to
avoid a barrier to the formation and operation of the VBE itself. The
new definition also makes clear that patients cannot be VBE
participants, consistent with our intent in the OIG Proposed Rule.
Entities seeking safe harbor protection for
[[Page 77706]]
remuneration provided to patients should look to the patient engagement
and support safe harbor for protection, not to the value-based safe
harbors.
Second, rather than making certain entities ineligible under the
definition of ``VBE participant,'' as described in the OIG Proposed
Rule, the final rule takes a different approach to achieve the proposed
policy to make some entities ineligible for safe harbor protections. In
the final rule, within each value-based safe harbor (and the patient
engagement and support safe harbor, as discussed further at section
III.B.6), we identify entities that are not eligible to rely on the
safe harbor to protect remuneration exchanged with a VBE or other VBE
participants. Specifically, the value-based safe harbors each include
an ineligible entity list. Remuneration exchanged by entities on the
list in each safe harbor is not eligible for protection under the safe
harbor.
The following entities are included on the ineligible entity lists
in all of the value-based safe harbors: (i) Pharmaceutical
manufacturers, distributors, and wholesalers (referred to generally
throughout this preamble as ``pharmaceutical companies''); (ii) PBMs;
(iii) laboratory companies; (iv) pharmacies that primarily compound
drugs or primarily dispense compounded drugs (sometimes referred to
generally in this rule as ``compounding pharmacies''); (v)
manufacturers of devices or medical supplies; (vi) entities or
individuals that sell or rent DMEPOS, other than a pharmacy or a
physician, provider, or other entity that primarily furnishes services,
all of which remain eligible (referred to generally throughout this
preamble as ``DMEPOS companies''); and (vii) medical device
distributors or wholesalers that are not otherwise manufacturers of
devices or medical supplies (for example, some physician-owned
distributors).
Third, we proposed to address safe harbor protection for technology
companies by considering how and whether they could fit in the
definition of a VBE participant. In the final rule, we instead focus on
safe harbor protection for the remuneration exchanged with or by them.
Specifically, the care coordination arrangements safe harbor at
paragraph 1001.952(ee) permits protected remuneration in the form of
digital health technology (or other technologies) exchanged between VBE
participants eligible to use the safe harbor. To address protection
under this safe harbor for arrangements with manufacturers of devices
and medical supplies and DMEPOS companies that involve digital health
technology, we have taken a tailored, risk-based approach.
Manufacturers of devices and medical supplies and DMEPOS companies that
are otherwise ineligible for the value-based safe harbors are
nonetheless eligible to rely on the care coordination arrangements safe
harbor for digital health technology arrangements that meet all safe
harbor conditions, including an additional one. Under this pathway, we
define ``limited technology participant'' to include, as further
discussed below, a manufacturer of a device or medical supply or a
DMEPOS company that is a VBE participant that exchanges digital health
technology with another VBE participant or a VBE.
Our revised approach effectively divides the universe of VBE
participants into three categories: (i) VBE participants that are
eligible to rely on the value-based safe harbors for all types of
arrangements that meet safe harbor conditions; (ii) limited technology
participants that are only eligible to rely on the care coordination
arrangements safe harbor for arrangements involving digital health
technology; and (iii) VBE participants that are ineligible to rely on
any of the value-based safe harbors for any types of arrangements. The
first category is the default category, capturing all entities and
individuals who are not expressly included in the second and third
categories. For a discussion of ineligible entities and the treatment
of digital health technology under the patient engagement and support
safe harbor, see the discussion in section III.B.6.b and f. For a
discussion of ineligible entities under the personal services and
management contracts and outcomes-based payments safe harbor, see
sections III.B.10.c and d.
Fourth, to address heightened risk of fraud and abuse and to help
ensure that protected remuneration meets the policy goals of this
rulemaking, we require that the exchange of digital health technology
by a limited technology participant is not conditioned on any
recipient's exclusive use of, or minimum purchase of, any item or
service manufactured, distributed, or sold by the limited technology
participant. Rather than finalizing this condition in the definition of
a VBE participant as contemplated in the OIG Proposed Rule, this is now
a separate condition at paragraph 1001.952(ee)(8).
i. Approach To Defining ``VBE Participant''
Comment: While we received some support for our proposed definition
of ``VBE participant,'' many commenters expressed concerns regarding
the proposed categorical exclusion of certain entities. Several
commenters asserted that no entities should be precluded from
participating in value-based arrangements, and many encouraged us to
adopt an alternative approach based on product type, company structure,
fraud risk, the legitimacy of the party's objectives and deliverables,
or other features. Commenters also noted that many existing value-based
arrangements include entities that we were considering making
ineligible to be a VBE participant. Another commenter asserted that
allowing entities to participate as VBE participants will incentivize
them to understand and expand cost mitigation strategies, which will
help lower the cost of care. Others emphasized that the health care
industry is highly dynamic, with frequent corporate transactions. They
expressed concern that an entire value-based arrangement may
inadvertently fall out of compliance with a safe harbor because one VBE
participant acquires an entity that is not eligible to be a VBE
participant. Other commenters supported placing exclusions directly in
the safe harbor, rather than in the definition, to create greater
flexibility. A commenter recommended that OIG create a new defined
term, ``VBE partner,'' to designate individuals and entities that
provide social determinants of health support and services at the
direction of a VBE or VBE participant but are not themselves part of
the VBE. According to the commenter, this would allow many services
providers, such as rideshare companies, social service organizations,
and foodbanks that already have direct partnerships with a VBE
participant to participate in protected arrangements without having to
become full participants in a VBE.
Response: We recognize that there may be benefits to allowing all
entities to participate as VBE participants, and we also appreciate the
concerns raised by these commenters. In response to comments, our
revised approach, in which any individual (other than a patient) or
entity is eligible to be a VBE participant, will alleviate many of
them.
In the OIG Proposed Rule, we described several approaches we were
considering for determining entities that could be VBE participants in
the final rule and, as such, able to rely on the value-based safe
harbors. We are adopting the approach of making entities ineligible
under the value-based safe harbors rather than through the definition
of ``VBE participant.'' This approach allows for closer alignment with
CMS's terminology, addresses concerns about unintended impacts of
[[Page 77707]]
otherwise ineligible VBE participants on the makeup of a VBE, and does
not impede VBEs from engaging in a wide range of value-based payment
and delivery arrangements, regardless of whether those arrangements
qualify for safe harbor protection. By addressing eligibility in
specific safe harbors rather than through the VBE participant
definition, the final rule creates flexibility for all health care
stakeholders to be part of a VBE and reduces any need for parties to
form VBEs structured solely for purposes of using the new safe harbors.
This approach also facilities our final policy on providing safe harbor
protection for digital health technology arrangements with limited
technology participants (described in more detail later).
While all entities are eligible to be VBE participants, each value-
based safe harbor and the patient engagement and support safe harbor
incorporates a list of entities that are ineligible for safe harbor
protection. As discussed in greater detail below, we determined which
entities should be ineligible based on multiple factors, including the
extent to which the entities are involved in front line care
coordination and program integrity concerns.
Under this final rule, a VBE will not cease to meet the definition
of a ``VBE'' solely because a VBE participant merges with or acquires a
different type of entity or develops a new business line. Nor would a
VBE participant necessarily cease to be eligible to use a value-based
safe harbor solely because it acquires an entity that is not eligible.
To the extent a transaction causes a VBE participant to become an
ineligible entity, the safe harbor would no longer be available to
protect any remuneration exchanged by that entity under a value-based
arrangement.
Consistent with the OIG Proposed Rule discussion of alternatives
for determining which entities are eligible and ineligible for safe
harbor protection, we have adopted a risk-based, policy-focused
approach to determine the scope and applicability of the final safe
harbors. With respect to the ineligible entities in the value-based
safe harbors, those entities are identified based on a number of
attributes, including the products and services they offer, how they
structure their business, and the extent to which they are on the front
line of care coordination and treatment decisions. In the care
coordination arrangements safe harbor, we further distinguish among
entities in part on the basis of product or arrangement type. These
considerations are directly related to the goals of the Regulatory
Sprint and the design of the conditions in each safe harbor to protect
against fraud and abuse.
With respect to the recommendation that we create a new category of
``VBE partners,'' we are not adopting this suggestion. The proposed and
final value-based safe harbors were and are designed for value-based
arrangements between VBEs and one or more of their VBE participants or
between or among VBE participants in the same VBE. The ability to
determine with specificity which individuals and entities are in a VBE
and which are not enhances transparency, certainty, and accountability
for arrangements seeking safe harbor protection. Social services
agencies, rideshare companies, foodbanks, and others are eligible to be
VBE participants if they wish for their arrangements to be eligible for
protection under the value-based safe harbors. If for any reason they
do not wish to be VBE participants or cannot become VBE participants,
nothing in this rule would prevent them from engaging in care
coordination or other arrangements that do not fit in these new safe
harbors. In some cases, the arrangements might fit in other safe
harbors, such as the local transportation safe harbor (e.g., for
rideshare arrangements). For other arrangements, the parties would need
to review the specific facts of the arrangement, including the intent
of the parties, to ensure compliance with the Federal anti-kickback
statute.
Notably, if there is nothing of value given by a social services
agency or foodbank, for example, to an individual or entity in exchange
for or to induce or reward referrals of items or services for which
payment may be made under a Federal health care program, the statute
would not be implicated. We would expect this to be the case for many
social services agencies, foodbanks, and other entities that provide
social services, food, or other supports to patients and (1) do not
bill Federal health care programs and (2) do not refer Federal health
care patients to health care providers for reimbursable services or
otherwise recommend or arrange for such services.
Comment: Several commenters requested that we either confirm in the
preamble, or revise the definition of ``VBE participant'' to state
expressly, that certain types of entities or providers, such as retail
health clinics, charitable clinics and pharmacies, federally qualified
health centers, credentialed orthotists and prosthetists, payors,
physician shareholders and employees of medical groups, and non-
traditional health care entities, among others, qualify as VBE
participants.
Response: Under our revised definition of a ``VBE participant,''
all types of entities can be VBE participants. Entities would need to
refer to the specific safe harbors to determine whether they are
eligible to rely on the safe harbor.
Comment: Some commenters noted that CMS's proposed value-based
terminology does not make any entities ineligible to be a VBE
participant.
Response: Our final definition of ``VBE participant'' is aligned
with CMS's definition, with the exception of a detail around the use of
the term ``individual'' in our rule and ``person'' in CMS's rule and
our policy that patients may not be VBE participants. The
``individual'' versus ``person'' verbiage relates to the difference in
language used elsewhere in the two regulatory schemes and promotes
overall consistency across safe harbors for OIG and exceptions for CMS.
For clarity, we have included an express statement in regulatory
text, not included in CMS's definition, carving patients out of the
definition of ``VBE participant.'' This carve out would extend to the
patient's family members or others acting on the patient's behalf,
consistent with the approach we take elsewhere in this final rule with
respect to the coordination and management of care with patients. The
context and framework of the value-based provisions in the OIG Proposed
Rule made clear that we did not intend patients to be VBE participants
who could engage in value-based arrangements under the value-based safe
harbors. In the proposed regulations, we described VBE participants as
engaging in at least one value-based activity as part of a VBE and
being part of at least one value-based arrangement to provide at least
one value-based activity for a target patient population. The role of
VBE participants in health care business activities of VBEs is not a
role assumed by patients and families, who play a critical role in
patient care in other ways. Our modification in the final rule
clarifies this point.
Under our proposed rule and this final rule, VBE participants
providing remuneration to patients would look to the patient engagement
and support safe harbor for protection, not to the value-based safe
harbors. Our reference to ``individuals'' in the proposed definition
was meant to capture physicians, nurses, and other practitioners,
providers, and suppliers in the health care ecosystem involved in
caring for patients. Our revised regulatory text recognizes that all
individuals will likely be a patient at one point or another and that
our carve-
[[Page 77708]]
out of patients is limited to patients when acting in their capacity as
patients. In other words, a physician remains eligible to be a VBE
participant even if he or she is also sometimes a patient.
Comment: Several commenters encouraged us to consider requiring
additional safeguards within each safe harbor to address concerns
regarding particular types of entities, rather than categorical
exclusions from the definition of ``VBE participant.'' Others opposed
applying additional safeguards, believing the existing safeguards in
the OIG Proposed Rule were sufficient for all types of entities.
Response: For reasons noted above, including input from comments,
we are not adopting categorical exclusions from the definition of ``VBE
participant.'' Instead, relying on factors such as fraud and abuse risk
and level of participation in front line care of patients, we identify
certain entities as ineligible for protection in specified safe
harbors, and include a tailored additional condition for certain high-
risk entities engaged in arrangements involving digital health
technology. The entities that are ineligible for protection and the
rationale for carving them out are addressed in greater detail below in
response to comments specific to these entities. We also provide
greater detail below regarding the entity-specific safeguard we are
adopting in the care coordination arrangements safe harbor for
arrangements involving digital health technology.
Comment: Several commenters challenged OIG's assertion that its
history of law enforcement activities involving certain types of
entities should form the basis for whether entities are entitled to
protection under the value-based safe harbors. Some of these commenters
noted that many other types of parties, including hospitals and
physicians, have likewise been the subject of enforcement actions.
Others asserted that the past bad acts of a few should not dictate the
future compliance risks of the many, particularly where many of the
historic enforcement actions resulted in settlements without admission
of guilt, rather than actual convictions.
Response: We agree with the commenters that the bad acts of the few
should not dictate the compliance risks of the many. We proposed and
are finalizing new safe harbors intended to aid the majority of
stakeholders that are honest and trying to do the right thing for
patients and the health care system. The fact that an entity type is
categorically ineligible for safe harbor protection does not mean that
all entities in the category are bad actors. In crafting the value-
based safe harbors, we have balanced new flexibility under a criminal
statute with protections where we identified elevated risk of fraud and
abuse. Our experience investigating fraud and enforcing the anti-
kickback statute necessarily informs our approach to establishing safe
harbors for specific payment practices consistent with the criteria set
forth at section 1128D(a)(2) of the Act (safe harbor authority under
the Federal anti-kickback statute). Our enforcement and oversight work
offer insights into common fraud schemes, trends, and methods used by
bad actors to circumvent rules. In bringing this experience to bear, we
considered multiple types of entities and arrangements that have been
the subject of our work. The risk of fraud and abuse is one factor in
determining the types of entities eligible for protection under the
safe harbors. Others include, for example, the degree of participation
of the entity type in the care coordination arrangements that are
central to this rulemaking and the level of need for the entity type to
have safe harbor protection to effectuate the policy goals of the
Regulatory Sprint. We acknowledged in the OIG Proposed Rule and
reiterate here that the new safe harbors do not address all beneficial
value-based arrangements.
Comment: A commenter requested confirmation that the definition of
``VBE participant'' would not bar an integrated delivery system from
creating a value-based arrangement within its own system.
Response: There is nothing in the definition of ``VBE participant''
that would preclude an integrated delivery system from creating a
value-based arrangement within its own system.
Comment: A commenter requested that OIG make clear that the safe
harbors do not preclude entities that are ineligible to be VBE
participants from contributing to value-based activities or contracting
with VBEs.
Response: We believe our revised approach, where all entities are
eligible to be a VBE participant, addresses the commenter's concern. We
wish to clarify further that the value-based safe harbors do not
prohibit the VBE from entering into contractual arrangements with any
type of entity, including an entity that is not a VBE participant.
However, an entity that is not a VBE participant will not be eligible
for safe harbor protection. Remuneration exchanged by certain types of
entities, including non-VBE participants and VBE participants on the
carve-out list, will not be protected by a value-based safe harbor, and
parties would need to look to other safe harbors to the extent they
want to protect it.
Comment: A commenter supported the fact that the proposed
definition of ``VBE participant'' did not require VBE participants to
be equity owners of the VBE.
Response: We did not propose requirements related to equity
ownership of VBEs. However, we note that the value-based safe harbors
do not protect remuneration in the form of ownership interests or
returns on those interests.
Comment: A commenter recommended that, if OIG finalizes the
definition of ``VBE participant'' as proposed, it also modify the
advisory opinion process so that opinions may be relied upon by parties
other than just the requesting party.
Response: Modifying the OIG advisory opinion process is beyond the
scope of this rulemaking.
ii. Entities Ineligible for Safe Harbor Protection
The value-based safe harbors deem certain entities ineligible for
safe harbor protection. Those entities are: Pharmaceutical companies;
PBMs; laboratory companies; compounding pharmacies; manufacturers of
devices or medical supplies; DMEPOS companies; and medical device
distributors and wholesalers. Notwithstanding, under the care
coordination arrangements safe harbor (paragraph 1001.952(ee)),
manufacturers of devices and medical supplies and DMEPOS companies are
eligible as limited technology participants to protect certain digital
health technology arrangements to allow them to participate in such
arrangements, along with other types of eligible VBE participants. As
explained in more detail below, these distinctions are rooted in a
functional approach focusing on the items, services, and products
furnished by the different entity types and their roles in care
coordination, along with assessment of program integrity risk based on
enforcement experience. We aim to balance flexibility to achieve the
Regulatory Sprint goals with protection against fraud and abuse.
This preamble section responds to comments about each of these
entity types in turn. The outcomes-based payments safe harbor at
paragraph (d)(2) and the patient engagement and support safe harbor at
paragraph 1001.952(hh) reference these same entities and rely on the
same definitions when doing so.
[[Page 77709]]
(a) Pharmaceutical Manufacturers, Wholesalers, and Distributors
Comment: Many commenters agreed with our proposal not to include
pharmaceutical manufacturers in the definition of ``VBE participant.''
These commenters articulated a variety of supporting rationales,
including that manufacturers are less involved in care coordination and
present an increased risk of abusive arrangements. Many other
commenters encouraged OIG to allow pharmaceutical manufacturers to
participate as VBE participants, arguing, among other things, that
manufacturers are well-positioned to contribute to value-based
arrangements and that their participation is essential given the role
of medications in improving care. For example, commenters noted that
manufacturers can leverage data analytics and technology to improve
both outcomes measurement and care management. Several commenters also
emphasized that manufacturers can provide a variety of services
relating to medication adherence, which may play a central role in
value-based arrangements by managing care and reducing costs.
Commenters also emphasized that manufacturers often know their product
best and are thus in an ideal position to bring value through continued
involvement.
Response: Under the revised framework we are adopting in this final
rule, pharmaceutical companies can be VBE participants, and existing
VBEs that include pharmaceutical companies do not need to be
restructured for purposes of this rulemaking. However, we are
effectuating our intent that pharmaceutical companies would not be
eligible to use the value-based safe harbors by including
pharmaceutical companies on the ineligible entity list in each safe
harbor. We agree with the commenters that pharmaceutical manufacturers
are not as likely as other entities to be involved with front line care
coordination, and we remain concerned, as noted in the OIG Proposed
Rule, about the potential for pharmaceutical manufacturers to use the
value-based safe harbors to protect arrangements that are intended to
market their products or inappropriately tether clinicians to the use
of a particular product rather than as a means to create value by
improving the coordination and management of patient care. As a result,
protection under the value-based safe harbors does not extend to
remuneration that pharmaceutical manufacturers exchange with other VBE
participants.
We recognize that pharmaceutical manufacturers can play important
roles in delivering efficient, high quality care to patients,
including, for example, through medication adherence programs and data
sharing. However, like any arrangement that does not qualify for a safe
harbor, such arrangements would need to be analyzed for compliance with
the anti-kickback statute based on their specific facts, including the
intent of the parties. They are not eligible for protection under these
new safe harbors.
As noted in the OIG Proposed Rule, we continue to consider the role
of pharmaceutical manufacturers in coordinating and managing care as
well as how to address value-based contracting and outcomes-based
contracting for pharmaceutical products and medical devices, including
devices that do not meet the definition of ``digital health
technology'' under this rule.
Comment: Many commenters encouraged OIG to allow pharmaceutical
manufacturers to participate in value-based contracting arrangements
where they take on financial risk. Several of these commenters
specifically supported arrangements where payment for prescription
drugs is tied to clinical endpoints or patient outcomes, such as where
a manufacturer agrees to provide a full or partial refund on a product
if a course of treatment fails to achieve the desired outcome. Other
commenters expressed skepticism about value-based contracting and
encouraged OIG to adopt safeguards to protect against potentially
abusive arrangements. Another commenter suggested that OIG adopt
manufacturer-specific safe harbors with a sliding scale of risk. Among
commenters who supported protecting value-based contracting, many
raised concerns that existing best price requirements in the Medicaid
Drug Rebate Program operate as an actual or perceived impediment to
these types of arrangements and encouraged OIG to work with CMS to
resolve these issues.
Response: We did not propose either a value-based contracting safe
harbor or pharmaceutical manufacturer-specific safe harbors with a
sliding scale of risk in this rulemaking. With respect to commenters'
concerns regarding the potential impact of value-based contracting on
Medicaid best price reporting obligations, those issues are outside the
scope of this rulemaking.
Comment: A trade association representing pharmaceutical
manufacturers requested that OIG clarify that any exclusion of
pharmaceutical manufacturers from the value-based safe harbors is not
intended to discourage manufacturers from participating in arrangements
for value-based care. Another commenter asserted that pharmaceutical
manufacturers' participation in care coordination may be necessary with
the advancement of therapies like personalized cell therapies, which
use a modified version of the patient's own cells to treat disease. A
commenter recommended that a nonprofit generic drug company that
addresses drug shortages in the marketplace be permitted to participate
as a VBE participant, even if pharmaceutical manufacturers are not
eligible.
Response: Nothing in this final rule is intended to discourage
pharmaceutical manufacturers from participating in arrangements for
value-based care. Under this rule as finalized, a pharmaceutical
company can be a VBE participant collaborating with others in a VBE.
Nothing prevents a pharmaceutical company (or any other type of entity)
from participating in care coordination arrangements, but remuneration
exchanged by the pharmaceutical company under those arrangements would
not qualify for protection under the value-based safe harbors. For
example, we appreciate that pharmaceutical companies can work to
address shortages in the marketplace and could enter into arrangements
with a VBE and VBE participants to address those issues. Those
arrangements would need to be analyzed based on their specific facts
for compliance with the anti-kickback statute. The failure to fit in a
safe harbor does not mean an arrangement is unlawful under the anti-
kickback statute. Moreover, safe harbor protection is irrelevant to the
extent that an arrangement does not implicate the anti-kickback
statute. We reiterate that parties may structure arrangements to meet
other safe harbors, such as the safe harbor for personal services
arrangements or the warranties safe harbor and may also use OIG's
advisory opinion process to the extent they want prospective protection
for arrangements they wish to undertake.
Comment: Commenters were divided on whether pharmaceutical
wholesalers and distributors should be eligible to be VBE participants.
Some stated that these entities present the same types of risks and
concerns that manufacturers present (e.g., inappropriately increased
costs to Federal health care programs) and should be ineligible for the
same reasons. Many commenters who supported allowing manufacturers to
be VBE participants also supported allowing wholesalers and
distributors to be VBE participants.
[[Page 77710]]
Response: All entities are permitted to be VBE participants under
this final rule. However, remuneration exchanged by pharmaceutical
companies, including distributors and wholesalers, is not protected by
the value-based safe harbors, consistent with our proposal to make them
ineligible. We adopt this policy for reasons comparable to those for
making manufacturers ineligible, including that wholesalers and
distributors are less likely to have a direct role in front line
patient care coordination. We are not persuaded that pharmaceutical
distributors' and wholesalers' indirect role in support of coordinating
care warrants protection under the value-based safe harbors.
(b) Pharmacy Benefit Managers
Comment: In response to our consideration in the OIG Proposed Rule
related to PBMs, several commenters urged us to make PBMs ineligible to
be VBE participants. A few of these commenters supported making PBMs
ineligible based on concerns about potentially abusive PBM practices
that they believe affect drug prices and limit treatment options for
patients. Other reasons that commenters provided include that PBMs are
not front-line health providers and protecting arrangements involving
PBMs in the value-based safe harbors may inappropriately affect
treatment decisions by health care practitioners. A commenter also
suggested we require VBEs that establish relationships with PBMs to
include information regarding such relationships in relevant VBE
documents and reports.
Conversely, many commenters urged us to allow PBMs to be eligible
to be VBE participants. Commenters asserted that PBMs are engaged in a
number of activities that relate to care coordination and the value-
based purposes we proposed, including, for example, developing
formularies to select drugs based on relative value, leveraging health
information technology to assist in coordinating care and managing
benefits, and operating a variety of care coordination programs, such
as medication adherence, medication therapy management, and chronic
condition education. Commenters emphasized the role that PBMs play with
respect to controlling pharmaceutical costs and promoting quality by
ensuring clinical efficacy. Several commenters sought to distinguish
PBMs from pharmaceutical manufacturers, noting that pharmacy benefit
managers have no connection to any particular drug product and do not
rely on prescriptions or referrals for any particular product. Another
commenter asserted that PBMs are well-suited to enter into risk bearing
arrangements because their business model already involves helping
their clients manage insurance risk.
Response: As described above, all types of entities are eligible to
be VBE participants under this final rule. However, we are finalizing
our proposal for PBMs to be ineligible to rely on the value-based safe
harbors to protect remuneration.
PBMs are less likely to be on the front line of care coordination
and treatment decisions in the same way as other types of VBE
participants eligible to use the value-based safe harbors. We recognize
and appreciate the information that commenters provided on the role
that PBMs serve in supporting value-based care and coordinating care,
for example, by designing formularies based on relative value, using
their expertise to improve medication adherence, and managing insurance
risk. However, we are not persuaded that PBM's indirect role in support
of coordinating care or managing risk warrants protection under the
value-based safe harbors, which focus significantly on the coordination
and management of patient care. PBMs play a unique role in establishing
benefit networks and associated management services connected to
payors, pharmaceutical manufacturers, and pharmacies. As a result, PBM
arrangements raise different program integrity issues from the types of
value-based arrangements contemplated by this rulemaking and would
likely require different safeguards.
Under the final rule, PBMs, as with all individuals (except for
patients) and entities, are eligible to be VBE Participants. This will
allow PBMs to continue supporting value-based care, even though they
are not eligible to rely on the value-based care safe harbors. We note
that some PBMs' value-based activities may not implicate the Federal
anti-kickback statute, depending on the specific facts and
circumstances of each arrangement. Parties may also use OIG's advisory
opinion process to the extent they want prospective protection for
arrangements involving the exchange of remuneration with PBMs.
In response to the suggestion that VBEs that have relationships
with PBMs be required to document and disclose such relationships, the
value-based definitions have relevant documentation and oversight
conditions, including a requirement that the VBE governing
documentation describe how the VBE participants intend to achieve the
VBE's value-based purpose(s).
We recognize that many PBMs are owned, affiliated with, or under
common ownership structures with other entities, particularly payors
and health benefit plans. Considering the role that payors have in the
substantial downside risk and full financial risk safe harbors, it is
important to note that payors would be eligible for safe harbor
protection even if they own, are affiliated with, or are under common
ownership with a PBM. Additionally, a payor would be eligible for safe
harbor protection if it does not contract out its pharmacy benefit
management services and instead performs those functions as part of its
administration of a health benefit plan more broadly. We would consider
the PBM functions, in that context, to be ancillary to the payor's
predominant or core business, which is administering a health benefit
plan. Thus, such a payor would not be considered to be a PBM for
purposes of eligibility for protection under the value-based safe
harbors, notwithstanding the fact that it performs some PBM activities.
See the discussion at section III.B.2.e.5, below regarding entities
with multiple lines of business for further details regarding the
predominant or core business standard.
(c) Laboratory Companies
Comment: While some commenters supported our proposal to make
clinical laboratories ineligible to be VBE participants or suggested
that we only allow them to be VBE participants if we included
additional safeguards, many commenters urged OIG to include clinical
laboratories as VBE participants. Several commenters noted that
laboratories are increasingly providing precision diagnostic services
and posited that this type of personalized medicine is the future of
both preventive medicine and modern oncology care. Commenters expressed
concern that making laboratories ineligible to be VBE participants may
inhibit integration of these types of diagnostic services into
practice. Others asserted that existing safeguards are sufficient to
protect against any risk of fraud and abuse.
Commenters provided various examples of value-based arrangements
involving laboratories. A commenter provided one example of a
laboratory that entered into an arrangement with a payor under which it
reviewed historical test results for a patient population to identify
those likely to have a condition such as diabetes or chronic kidney
disease so as to facilitate patients' enrollment in a disease
management program.
[[Page 77711]]
Response: Under this final rule, laboratory companies may be VBE
participants in a VBE and collaborate with other VBE participants
without affecting the ability of other VBE participants to be eligible
for safe harbor protection. However, laboratory companies are included
on the list of carved out entities for which protection is not
available under value-based safe harbors. As a result, any remuneration
exchanged by a laboratory company will not be protected by a value-
based safe harbor. We expressed our intent in the OIG Proposed Rule to
make clinical laboratories ineligible for safe harbor protection
because of heightened risk of fraud and abuse based on historical
enforcement experience and because they are, like pharmaceutical
companies and DMEPOS companies, heavily dependent on practitioner
prescriptions and referrals. We were, and remain, concerned that these
entities might misuse the value-based safe harbors as a means of
offering remuneration primarily to market their products rather than as
a means to create value for patients, providers, and payors by
improving the coordination and management of patient care, reducing
inefficiencies, or lowering costs. We also continue to believe that
offering protection for remuneration exchanged by a laboratory company
under the value-based safe harbors is unnecessary to effectuate the
goals of the Regulatory Sprint because, as compared to other types of
entities such as hospitals, physicians, and remote patient monitoring
companies, laboratory companies are not on the front lines of care
coordination.
We appreciate the input from commenters who pointed out various
ways in which laboratories may be participating in care coordination.
We are not persuaded that these examples warrant revisiting our policy.
However, we want to be clear that nothing in this rulemaking is
intended to discourage or prevent a laboratory from participating in
care coordination arrangements such as those described by the
commenters so long as the arrangements comply with the anti-kickback
statute. A laboratory may look to other safe harbors, such as the
personal services and management contracts safe harbor, as modified in
this rule, to protect remuneration, and the advisory opinion process
also remains available.
Comment: Several commenters requested that OIG clarify how clinical
laboratories that are owned and operated by entities with other
regulatory classifications, including hospitals, physician group, and
medical device manufacturers, would be treated.
Response: We do not intend for the ineligibility of laboratory
companies to extend to clinical laboratories that are owned and
operated through other types of entities, such as hospitals and
physician practices. Other types of entities, such as hospitals and
physician practices, that operate clinical laboratories that are not
the entity's predominant or core line of business are eligible to use
the value-based safe harbors. This approach ensures that hospitals,
physicians, and other entities with core care coordination roles are
not precluded from using the safe harbors because they happen to
provide some laboratory services, which we understand to be common in
the industry. We also believe that this approach would preclude any
suggestion that entities which have a predominant or core line of
business other than a clinical laboratory (or other ineligible entity),
such as a hospital, need to restructure their operations or corporate
structure or otherwise need to modify the manner in which these
entities operate.
In this final rule, we use the term ``laboratory companies'' to
describe the intended category of ineligible entities, rather than the
term ``clinical laboratory'' that was proposed, because the term
``laboratory company'' better describes the types of entities we intend
to make ineligible to rely on the value-based safe harbors. We have
long used the same terminology in the electronic health records safe
harbor at paragraph 1001.952(y), and we intend for the term to have the
same meaning here. Specifically, it describes independent companies
that operate clinical laboratories and bill for the laboratory services
they furnish through their own billing numbers. Thus, for example, if a
hospital furnishes laboratory services through a laboratory that is a
department of the hospital for Medicare purposes (including cost
reporting) and the laboratory services are billed through the
hospital's provider number, then the hospital would not be considered a
laboratory company for purposes of determining eligibility to rely on a
value-based safe harbor. In contrast, a hospital affiliated or
hospital-owned laboratory company with its own supplier number that
furnishes laboratory services that are billed using a billing number
assigned to the company and not the hospital would not be eligible for
safe harbor protection. This approach is consistent with the approach
we describe in the discussion on entities with multiple business lines,
below, in that it focuses on both the corporate structure and the
predominant or core business function of an entity.
(d) Medical Device Manufacturers, Distributors, and Wholesalers
Comment: Many commenters encouraged OIG to allow medical device
manufacturers, distributors, and wholesalers to be VBE participants,
emphasizing, among other things, the role that these entities play in
collecting, aggregating, analyzing, and sharing data to assist
clinicians with care coordination and management. Others disagreed with
our characterization of medical device manufacturers as not being on
the front line of care coordination.
Another commenter asserted that our concerns that manufacturers may
use value-based arrangements to tether clinicians or patients to a
particular product are misplaced and disregard the improved cost and
clinical outcomes that derive from standardizing the use of a superior
product. Similarly, a commenter objected to the suggestion that
manufacturers' participation in value-based arrangements is driven by
marketing objectives. An integrated delivery system described existing
value-based partnerships with medical device companies that it believes
foster value by optimizing care pathways, improving patient experience,
and sharing accountability for the results; according to this
commenter, the medical device companies have been responsible,
effective, and essential in providing high quality care at a low cost.
Response: We appreciate commenters' perspectives, and we recognize
that manufacturers of devices and medical supplies may play an
important role in some value-based arrangements, including by offering
digital health technologies that can improve coordination and
management of care. However, we continue to believe, as a general
matter, that they are not as directly engaged in care coordination as
other entities, such as providers and clinicians. We continue to have
concerns, as described in the OIG Proposed Rule, based on our
historical law enforcement experience, that manufacturers of devices
and medical supplies could misuse the flexibilities afforded by the
value-based safe harbors to offer kickbacks under the guise of care
coordination activities or to tether a clinician to a particular
product. Further, we believe there is a risk that these arrangements
could result in providers selecting products that may not be clinically
appropriate for, or in the best interest of, a patient. Based on our
enforcement experience, these
[[Page 77712]]
concerns are heightened with respect to implantable devices used in a
hospital or ambulatory surgical care setting, for which there is an
elevated risk for patients undergoing implant surgery if devices are
selected because of financial incentives rather than patients' best
interests.
As discussed at section III.B.2.e.iii, we are adopting a pathway to
protect the exchange of digital health technologies by manufacturers of
devices and medical supplies under the care coordination arrangements
safe harbor, which addresses some of the commenters' concerns. This
pathway, which imposes an additional safeguard that applies only to
manufacturers of devices and medical supplies and DMEPOS companies,
balances our program integrity concerns with our interest in
facilitating the deployment of health technologies for care
coordination.
Comment: Many commenters encouraged OIG not to include device
manufacturers, distributors, and wholesalers as VBE participants.
Several of these commenters asserted that medical device manufacturers
are not on the front line of care coordination. Another commenter
asserted that, while larger companies may be well-positioned to engage
in data-driven care coordination activities, most device manufacturers
do not offer these types of services. The commenter was concerned that
allowing medical device manufacturers to engage as VBE participants
would unfairly advantage large manufacturers over smaller
manufacturers, with larger companies using their size and scale to
leverage their care coordination capabilities in a manner that
disincentivizes purchasers from considering competing products. The
commenter expressed concern that this dynamic may suppress medical
innovation by smaller companies and encouraged OIG to consider a pilot
program to assess potential impacts on smaller manufacturers.
Response: We appreciate the concerns raised by commenters, and, as
we have explained, we share some of them. However, we also believe that
digital health technologies hold great promise for improving
coordination and management of care and achieving the goals of the
Regulatory Sprint, and we believe that many of these promising
technologies are either currently being developed, or will in the
future be developed, by manufacturers of devices and medical supplies.
We also believe that there will be instances where these digital health
technologies are inextricably linked to a medical device. To that end,
we are affording safe harbor protection to the exchange of digital
health technologies by manufacturers of medical devices under the care
coordination arrangements safe harbor.
With respect to the commenter's concerns about potential
anticompetitive effects from allowing manufacturers of devices and
medical supplies to participate, we are adopting a safeguard in the
care coordination arrangements safe harbor that applies to
manufacturers of devices and medical supplies, as limited technology
participants, that prohibits exclusivity provisions and minimum
purchase requirements. We designed this condition to prevent limited
technology participants from locking-in use of their digital health
technology, which may have beneficial effects for competition. For
example, VBE participants may have increased opportunities to use
multiple of types of digital health technology that best fits their
needs.
In response to the commenter's concern about competition between
large manufacturers and small manufacturers, nothing in this safe
harbor is intended to favor large entities over small entities. We
recognize that large manufacturers are likely to have additional
resources to assess arrangements and determine whether they meet this
safe harbor. We have strived to limit potential administrative burden
as much as possible, while also including necessary safeguards against
fraud and abuse. We believe that this safe harbor and the limited
technology participant pathway will not require significant resources
to ensure an arrangement meets all applicable conditions. Furthermore,
use of these safe harbors and associated compliance is only one factor
that may affect competition and innovation. There are several other
factors that impact competition and innovation, but are not subject to
the Federal anti-kickback statute and thus are outside the scope of
this rulemaking.
Comment: With respect to adopting a definition for purposes of
identifying the category of entities not eligible to be VBE
participants, several commenters cautioned that it would be virtually
impossible to define device manufacturers in a manner that would not
preclude the types of digital health technologies that we stated we
wished to include. Some commenters recommended that any definition that
OIG adopts be limited to devices that are separately reimbursed by
Medicare and not include companies that incorporate medical devices as
part of their service offerings.
Many commenters encouraged us not to adopt a new definition, but
instead to rely on existing definitions adopted by other divisions
within the Department of Health and Human Services. However, a
commenter asserted that OIG should not use CMS's definition of
``applicable manufacturer'' in 42 CFR 403.902, which relates to the
Open Payments provisions of the Patient Protection and Affordable Care
Act \17\ (ACA), because that definition would not include manufacturers
that do not have operations in the United States and reliance on this
definition would be confusing because it includes manufacturers of
durable medical equipment, which we proposed not to include in the
definition of ``VBE participant.''
---------------------------------------------------------------------------
\17\ Public Law 111-148, 124 Stat. 119, as amended by the Health
Care and Education Reconciliation Act of 2010 (Pub. L. 111-152, 124
Stat. 1029).
---------------------------------------------------------------------------
Response: Notwithstanding the changes to the definition of ``VBE
participant,'' it remains necessary for us to adopt a definition of
``manufacturer of a device or medical supply'' to identify entities
that are limited technology participants for purposes of the care
coordination arrangements safe harbor.
The definition we are adopting at paragraph 1001.952(ee)(14)(iv)
provides that ``manufacturer of a device or medical supply'' means an
entity that meets the definition of applicable manufacturer in 42 CFR
403.902 because it is engaged in the production, preparation,
propagation, compounding, or conversion of a device or medical supply
that meets the definition of covered drug, device, biological, or
medical supply in 42 CFR 403.902, but not including entities under
common ownership with such entity. For purposes of this definition, we
incorporate and adopt all of the related terminology in 42 CFR 403.902.
We opted to rely on the ``applicable manufacturer'' terminology
described in the Open Payments program and its implementing regulations
because it effectively captures the universe of entities we designate
as limited technology participants and those that will otherwise be
carved out of safe harbor protection. Similarly, we opted to rely on
this terminology because relying on an existing regulatory definition
promotes consistency across the Department and minimizes additional
potential regulatory burden. We are not adopting the alternative
proposed definition that would include any entity that manufacturers
any item that requires premarket approval by, or premarket notification
to, the FDA, or that is classified by the FDA as a medical device
because we believe the
[[Page 77713]]
``applicable manufacturer'' terminology used in the Open Payments
program provides a more fulsome definition that addresses not only the
nature of the product (i.e., whether it is regulated by the FDA as a
device) but also the nature of the entity's functions vis a vis that
product (e.g., production, preparation, propagation, compounding, or
conversion). We also intend to include medical device distributors or
wholesalers on the list of ineligible entities because they are less
likely to have a direct role in front line patient care coordination,
and the ``applicable manufacturer'' definition at 42 CFR 403.902
includes distributors and wholesalers that hold title to the device or
medical supply. Thus, it is a more comprehensive definition that aligns
with our objectives. In order to capture distributors and wholesalers
that do not hold title to the device or medical supply on the
ineligible entity list, the ineligible entity list in each value-based
safe harbor includes a separate category for ``a medical device
distributor or wholesaler that is not otherwise a manufacturer of a
device or medical supplies.''
With respect to the commenter who cautioned that reliance on the
definitions from the Open Payments program would not include
manufacturers that do not have operations in the United States, we
refer the commenter to CMS regulations and guidance regarding how
foreign companies can become subject to reporting obligations under
section 1128G of the Act.
Comment: Many commenters shared our concerns regarding physician-
owned distributorships and encouraged us to make them ineligible to be
VBE participants. A commenter suggested that an entity that generates
more than forty percent of its business from its physician owners
should be not be eligible to be a VBE participant. Another commenter
suggested that we require all VBE participants--regardless of whether
or not they meet the definition of ``applicable manufacturer''--to meet
the reporting obligations under section 1128G of the Act.
Response: We are adopting our proposed policy that physician-owned
distributorships would not be eligible for safe harbor protection.
Physician-owned distributors will be captured by one of two categories
on the ineligible entity lists in each of the value-based safe harbors:
Manufacturers of devices or medical supplies or medical device
distributors or wholesalers that are not otherwise manufacturers of
devices or medical supplies. As described above, the term
``manufacturer of devices or medical supplies'' is defined in paragraph
1001.952(ee).
As we stated in the OIG Proposed rule, physician-owned
distributorships are inherently suspect under the anti-kickback statute
because the financial incentives these companies offer their physician
owners may induce physician owners to perform more procedures (or more
extensive procedures) and to use the devices the physician-owned
distributorships sell in lieu of other, potentially more clinically
appropriate devices. Therefore, as described in greater detail below,
physician-owned distributorships are also ineligible to rely on the
care coordination arrangements safe harbor to protect digital health
technology arrangements, even if they otherwise fit the definition of a
manufacturer of a device or medical supply.
With respect to the commenter that suggested that we require all
VBE participants to meet the reporting obligations under section 1128G
of the Act, such a requirement is outside the scope of this rulemaking.
(e) DMEPOS Companies
Comment: Many commenters encouraged us to include DMEPOS companies
in the definition of ``VBE participant.'' Commenters asserted that
DMEPOS companies are on the front line of care coordination. Many
commenters highlighted, for example, the role of DMEPOS companies in
supporting care coordination through home infusion, home respiratory,
and diabetes management services; others stated that DMEPOS companies
engage directly with patients in a variety of ways, including visiting
patients in their home. Commenters emphasized that DMEPOS companies are
particularly critical in facilitating transitions from one care setting
to another. Commenters also noted that the expansion of remote
monitoring technologies has enhanced the role that DMEPOS companies
play in care coordination and that device manufacturers are
increasingly integrating digital technologies into medical devices that
are classified as DMEPOS. With respect to these and other technologies,
commenters noted that DMEPOS companies may provide useful data to
support care coordination. Other commenters encouraged us to make
DMEPOS companies ineligible for protection under the value-based safe
harbors because they are not involved in front line patient care
coordination. Others encouraged us to adopt additional safeguards
specific to DMEPOS companies.
Response: We are persuaded by commenters that DMEPOS companies may
have an important role in value-based arrangements, particularly in the
context of post-acute care, and that they provide an array of health
technology services, such as remote patient monitoring, that may
facilitate the coordination and management of patient care. We believe
that we must balance the role of these DMEPOS companies with our
continued concerns, informed by our historical law enforcement
experience, that some of these entities might misuse the protections
afforded in the value-based safe harbors as a way to offer kickbacks
under the guise of care coordination.
Given our stated interest in the deployment of digital health
technologies to enhance coordination and management of care and
consistent with the OIG Proposed Rule as explained elsewhere, we have
defined the term limited technology participant to include
manufacturers of medical supplies and entities or individuals that sell
or rent DMEPOS. Limited technology participants, such as DMEPOS
companies, may rely on the care coordination arrangements safe harbor
to protect digital health technologies that they exchange with another
VBE participant or the VBE, provided the arrangement satisfies an
additional safe harbor condition that does not apply to other VBE
participants, discussed in greater detail below. Our approach to DMEPOS
in the final rule strikes a balance between encouraging the use of
beneficial digital health technology, which may be offered by DMEPOS
companies, for care coordination and protecting programs from potential
fraud and abuse.
Comment: Some commenters asserted that DMEPOS companies would be
willing to enter into risk-based arrangements and encouraged OIG to
provide safe harbor protection for these types of arrangements.
Response: We believe the commenter is inquiring as to whether risk-
based arrangements involving DMEPOS companies could satisfy the
conditions of a value-based safe harbor. For the reasons described
above and in the OIG Proposed Rule, DMEPOS companies are not eligible
to rely on the value-based safe harbors, except under the limited
technology participant pathway we have created in the care coordination
arrangements safe harbor.
Comment: A commenter recommended that ``distribution vendors'' not
be considered DMEPOS companies for purpose of any exclusion. The
commenter argued that these vendors are needed to deploy digital
medicine programs effectively by directly supporting patients through
[[Page 77714]]
home delivery of digital medical program items.
Response: All entities can be VBE participants under our revised
approach, but entities that sell or rent covered DMEPOS are included in
the ineligible entity lists in each value-based safe harbor and are
thus ineligible to rely on those safe harbors, except under the limited
technology participant pathway in the care coordination arrangements
safe harbor. In the OIG Proposed Rule we listed manufacturer,
distributor, or supplier of DMEPOS as an ineligible entity type. The
final rule instead lists an entity or individual that sells or rents
DMEPOS as ineligible for safe harbor protection (except that a limited
technology participant is eligible under the care coordination
arrangements safe harbor). The language in the final rule focuses on
the nature of an entity's business--selling and renting DMEPOS--to
better capture the higher risk entities that cannot use the safe
harbors, and avoids potentially broad terms, such as ``supplier,'' that
are defined elsewhere in Medicare regulations for different purposes.
The language ``sells or rents'' is derived from a CMS definition of
DMEPOS supplier.\18\
---------------------------------------------------------------------------
\18\ 42 CFR 424.57(a).
---------------------------------------------------------------------------
We removed the reference to DMEPOS manufacturers because entities
that manufacture DMEPOS would fall under the final rule's definition of
``manufacturer of a device or medical supply,'' and it would have been
duplicative to include these entities under both definitions. Some
DMEPOS distributors will also be captured by the definition of
``manufacturer of a device or medical supply'' and would similarly be
ineligible on that basis. We believe that the universe of entities that
we intended to capture under the ``manufacturer, distributor, or
supplier of DMEPOS'' terminology used in the OIG Proposed Rule will now
be captured by one or both of the categories ``manufacturer of a device
or medical supply'' and ``an entity that sells or rents [DMEPOS].''
Comment: Several commenters noted that many types of providers and
entities, including physician practices, dentists, hospitals, and
pharmacies, may be enrolled in the Medicare program as DMEPOS suppliers
and questioned how an exclusion of DMEPOS companies, or requirements
specific to DMEPOS companies, would apply to them. A commenter
suggested that OIG should distinguish DMEPOS companies who derive only
a small portion of their revenues from furnishing DMEPOS.
Response: In the final rule, the carve-out for DMEPOS companies in
each of the value-based safe harbors does not apply to a pharmacy or to
a physician, provider, or other entity that primarily furnishes
services. In the OIG Proposed Rule, we sought comments on how to ensure
that these types of entities would remain eligible for safe harbor
protection even if they own or operate an entity that is ineligible,
such as a DMEPOS company.\19\ By specifically carving these entities
out of the definition of DMEPOS companies, we ensure that these
entities will not become ineligible for safe harbor protection. These
entities and individuals are likewise not treated as ``limited
technology participants.'' Thus, physicians, dentists, physician
practices, and other providers (including, for example, hospitals), who
primarily furnish services, as well as pharmacies, would not be
considered DMEPOS companies for purposes of either the ineligible
entities list or the ``limited technology participant'' definition.
These parties are therefore able to rely on the three value-based safe
harbors to the same extent as all other eligible VBE participants
(including for arrangements involving digital health technologies), and
they are not required to satisfy the additional condition that applies
only to limited technology participants.
---------------------------------------------------------------------------
\19\ 84 FR 55706 (Oct. 17, 2019).
---------------------------------------------------------------------------
(f) Compounding Pharmacies
Comment: Several commenters responded to our solicitation of
comments regarding the treatment of compounding pharmacies in the rule.
Some commenters encouraged OIG not to distinguish between retail
pharmacies, specialty pharmacies, and compounding pharmacies. One
commenter expressed concern about generally offering protections to all
compounding pharmacies, stating that ongoing vigilance for fraud and
abuse is warranted for the compounding pharmacy industry. The commenter
added that a more nuanced approach that screens for and offers
protections in value-based arrangements for demonstrably good actors
may further access to customized treatments, particularly for patients
with rare diseases as well as pediatric patients. The commenter also
described the risks of compounding without rigorous safety and quality
practices. The commenter suggested that, to address quality, safety,
and program integrity concerns with compounding pharmacies, OIG could
limit participation to compounding pharmacies that exemplify good
compounding practices through adherence to the U.S. Pharmacopeia (USP)
Chapter 795 and attainment of Pharmacy Compounding Accreditation Board
(PCAB) accreditation from the Accreditation Commission for Health Care
(ACHC).
Other commenters believed that compounding is an essential part of
patient care, including for specialty pharmacies such as infusion
pharmacies that treat patients with severe conditions. Commenters
suggested that pharmacists at compounding pharmacies may play a key
role in helping coordinate individualized patient care. Commenters
urged OIG to not exclude pharmacies from the proposed safe harbor based
on the compounding services they provide. Some commenters raised
concerns that excluding compounding pharmacies from the value-based
safe harbors would expose the pharmacies to liability under the Federal
anti-kickback statute for any remuneration they receive for providing
prescription compounded medications or pharmacist-approved care
services.
Some commenters explained their understanding that compounding is
the preparation of a specific medication to meet the prescriber's exact
specifications and to be dispensed directly to an individual patient,
pursuant to a valid prescription for that patient. Such drugs are
prescribed when commercially available products do not meet patient
needs. Commenters noted that compounding should not be confused with
manufacturing or the mass production of drug products, nor should it be
confused with making copies of commercially available drug products,
which is not allowed by law under section 503A(b)(1)(D) of the Federal
Food, Drug, and Cosmetic Act (21 U.S.C. 353a(b)(1)(D)).
Response: We agree that pharmacists, including pharmacists at
compounding pharmacies, can play important roles in coordinating and
managing patient care and as members of care teams, including for
patients with rare and serious conditions. Under the final rule, all
pharmacies and pharmacists can participate in VBEs. As explained
further below, most pharmacies and pharmacists will be eligible to rely
on the value-based safe harbors to protect remuneration, even if the
pharmacy engages in some compounding of drugs.
However, under the final rule, for reasons explained below,
pharmacies that primarily compound drugs or primarily dispense
compounded drugs are ineligible to protect remuneration under the
value-based safe harbors, as well as the safe harbor protections for
patient engagement tools and supports
[[Page 77715]]
(paragraph 1001.952(hh)) and outcomes-based payments (amended paragraph
1001.952(d)). When we refer to compounded drugs in this rule, we refer
to the common industry understanding of them as drugs that are
specifically combined, mixed, or altered and prepared for individual
patients, or that purport to be such drugs. As noted by the commenters,
compounded drugs are often prescribed or dispensed for patients for
whom commercially available products are not clinically suitable.\20\
We are not defining ``compounding'' or ``compounded drugs'' in
regulatory text in this rule. For purposes of this rule, compounding
pharmacies include entities that primarily compound drugs or primarily
dispense compounded drugs, such as topical pain creams, with or without
licensure or valid prescriptions. Accordingly, we are not adopting the
narrower definitional suggestions made by commenters.
---------------------------------------------------------------------------
\20\ See, e.g., FDA, Compounding and the FDA: Questions and
Answers, available at https://www.fda.gov/drugs/human-drug-compounding/compounding-and-fda-questions-and-answers (addressing
what is compounding and why some patients need compounded drugs).
---------------------------------------------------------------------------
We explained in the OIG Proposed Rule that we were considering
whether specific types of pharmacies, such as compounding pharmacies,
should be carved out of safe harbor protection even if others, such as
retail and community pharmacies, are eligible for safe harbor
protection. The OIG Proposed Rule states that pharmacies that
specialize in compounding pharmaceuticals may pose a heightened risk of
fraud and abuse, as evidenced by our enforcement experience, and may
not play a direct role in patient care coordination.\21\ We remain
deeply concerned about fraud and abuse in the compounding pharmacy
industry.
---------------------------------------------------------------------------
\21\ 84 FR 55704 (Oct. 17, 2019).
---------------------------------------------------------------------------
Our recent criminal, civil, and administrative enforcement history
shows an increasing number of fraud allegations, investigations, and
cases related to compounded drugs, including topical compounded drugs
such as creams, gels, and ointments to relieve pain.\22\ OIG's
oversight experience also has found that Medicare Part D spending for
compounded topical drugs was 24 times higher in 2016 than it was in
2010, which raises concerns about fraud and abuse.\23\ According to the
FDA, there are also safety and effectiveness concerns related to
compounded drugs, which are not FDA approved.\24\ This is also an area
of significant growth in Medicare Part D spending; spending for
compounded topical drugs was 24 times higher in 2016 than it was in
2010, some of which may be attributed to suspect billing practices. In
2016, OIG found that about 550 pharmacies had engaged in questionable
Part D billing practices for compounded topical drugs and warranted
further scrutiny. Each pharmacy billed extremely high amounts for at
least one of five measures that OIG has developed as indicators of
possible fraud, waste, and abuse.\25\ In light of this enforcement and
oversight experience, we conclude that the risks of allowing pharmacies
that primarily compound drugs or primarily dispense compounded drugs to
rely on the value-based arrangements, patient engagement tools and
supports, and outcomes-based payments safe harbors outweigh the
potential benefits. As explained further below, other pharmacies are
eligible to rely on the safe harbors. As with other entities ineligible
for protection under the value-based, patient engagement tools and
supports, and outcomes-based payments safe harbors, compounding
pharmacies can still be VBE participants.
---------------------------------------------------------------------------
\22\ See, e.g., Press Release, U.S. Department of Justice,
Compounding Pharmacy, Two of Its Executives, and Private Equity Firm
Agree to Pay $21.36 Million to Resolve False Claims Act Allegations
(Sept. 18, 2019), https://www.justice.gov/opa/pr/compounding-pharmacy-two-its-executives-and-private-equity-firm-agree-pay-2136-million; Press Release, U.S. Department of Justice, Four Florida Men
Charged for Their Roles in a $54 Million Compound Pharmacy Kickback
Scheme (June 5, 2020), https://www.justice.gov/opa/pr/four-florida-men-charged-their-roles-54-million-compound-pharmacy-kickback-scheme; OIG, Civil Monetary Penalties and Affirmative Exclusions,
Texas Company and Owner Agree to Voluntary Exclusion (July 20,
2020).
\23\ OIG, Questionable Billing for Compounded Topical Drugs in
Medicare Part D (Aug. 2018), available at https://oig.hhs.gov/oei/reports/oei-02-16-00440.asp.
\24\ FDA, Compounding and the FDA: Questions and Answers,
available at http://www.fda.gov/Drugs/GuidanceComplianceRegulatoryInformation/PharmacyCompounding/ucm339764.htm.
\25\ OIG, Questionable Billing for Compounded Topical Drugs in
Medicare Part D (Aug. 2018), available at https://oig.hhs.gov/oei/reports/oei-02-16-00440.asp.
---------------------------------------------------------------------------
We recognize that many pharmacies may dispense some compounded
drugs. For purposes of this rule, a pharmacy is only considered to be a
compounding pharmacy (and ineligible for protection under certain safe
harbors) if it primarily compounds drugs or primarily dispenses
compounded drugs. We anticipate that most retail pharmacies and
community pharmacies that offer care coordination and management
services will not be covered by this category and will be eligible to
rely on the safe harbors.
We are not adopting the commenters' suggestions to provide safe
harbor protection for remuneration exchanged by compounding pharmacies
that demonstrate that they are good actors or that exemplify good
compounding practices through adherence to USP Chapter 795 and
attainment of PCAB accreditation from ACHC. We believe the suggested
approaches would introduce additional complexity and uncertainty into
the safe harbors by further attempting to distinguish among different
types of compounding pharmacies.
We do not prescribe a specific standard or test for assessing
whether a pharmacy primarily compounds drugs or primarily dispenses
compounded drugs. Entities may use a variety of different
methodologies, depending on their circumstances. We expect parties to
use a reasonable methodology, which they may wish to document. If an
entity has multiple lines of business, with one line of business being
a compounding pharmacy, the entity should use the multiple lines of
business test as laid out in section III.B.2.e.v of this preamble to
determine whether it is eligible to rely on the safe harbors or a
compounding pharmacy ineligible to rely on the safe harbors.
Entities seeking safe harbor protection that are uncertain as to
whether they are eligible to rely on the value-based safe harbors or
any other safe harbor for a particular arrangement may wish to use the
OIG advisory opinion process.
Finally, we want to clarify that nothing in this rulemaking should
affect patients' access to medically necessary compounded drugs. The
dispensing of compounded drugs pursuant to applicable coverage and
billing rules does not implicate the Federal anti-kickback statute. Nor
does this rule speak to the pricing of such products. With respect to
remuneration paid to compounding pharmacies or pharmacists for services
furnished to patients, whether such payments implicate the statute is a
case-by-case determination and the safe harbors for employment and
personal services and management contracts remain available. As noted
elsewhere, with respect to value-based contracting with pharmaceutical
manufacturers, we may consider safe harbor protection for such
arrangements in future rulemaking.
iii. Digital Health Technologies and Limited Technology Participants
As explained in more detail below, the final rule includes a
pathway for protection of ``digital health technology'' arrangements
involving ``limited technology participants,'' as those terms are
defined under the care coordination arrangements safe harbor.
[[Page 77716]]
This pathway responds to comments supporting protection of digital
technology arrangements involving medical device manufacturers and
DMEPOS companies. VBE participants that are not on the ineligible
entity list may exchange digital health technologies (and any other
technologies) under the care coordination arrangements safe harbor, and
they are not subject to the additional safe harbor condition that
applies to limited technology participants. Further, the pathway for
limited technology participants does not apply to the substantial
downside risk and full financial risk safe harbors. The care
coordination arrangements safe harbor is available for digital health
technology arrangements between limited technology participants and VBE
participants in risk-based arrangements.
For purposes of the pathway for limited technology participants, we
are defining the term ``limited technology participant'' at paragraph
1001.952(ee)(14)(iii) to mean a VBE participant that exchanges digital
health technology with another VBE participant or a VBE and that is:
(A) A manufacturer of a device or medical supply, but not including a
manufacturer of a device or medical supply that was obligated under 42
CFR 403.906 to report one or more ownership or investment interests
held by a physician or an immediate family member during the preceding
calendar year, or that reasonably anticipates that it will be obligated
to report one or more ownership or investment interests held by a
physician or an immediate family member during the present calendar
year (for purposes of this paragraph, the terms ``ownership or
investment interest,'' ``physician,'' and ``immediate family member''
have the same meaning as set forth in 42 CFR 403.902); or (B) an entity
or individual that sells or rents durable medical equipment,
prosthetics, orthotics, or supplies covered by a Federal health care
program (other than a pharmacy or a physician, provider, or other
entity that primarily furnishes services). In short, many manufacturers
of medical devices and supplies (but not physician-owned distributors)
and DMEPOS companies are eligible to be limited technology participants
if they fit in this definition.
We are defining ``digital health technology'' at paragraph
1001.952(ee)(14)(ii) broadly to mean hardware, software, or services
that electronically capture, transmit, aggregate, or analyze data and
that are used for the purpose of coordinating and managing care; such
term includes any internet or other connectivity service that is
necessary and used to enable the operation of the item or service for
that purpose. Importantly, this definition specifies the types of
technology a limited technology participant can exchange under the safe
harbor. It does not constrain the types of technology that can be
exchanged by other VBE participants eligible to use the safe harbor.
Comment: Several commenters emphasized the importance of allowing
health technology companies to participate as VBE participants and
asserted that making medical device manufacturers ineligible to be VBE
participants may impact the availability of digital technologies for
purposes of coordinating and managing care because no meaningful line
can be drawn between medical device companies and health technology
companies. For example, a commenter explained that they offer both
traditional medical devices and other digital health technologies, the
latter of which includes clinical decision support tools and artificial
intelligence-assisted diagnostic support tools. Another commenter noted
that manufacturers of implantable devices often pair their products
with software solutions to support patient diagnosis and treatment. A
trade association representing device manufacturers described a program
where a manufacturer of automated external defibrillators and cardiac
monitoring devices with transmitting capabilities offers a device-
agnostic software solution that permits coordination between EMS
providers and hospitals. According to the commenter, the software
enables receiving hospitals to access cardiac data in real time so they
can have advance notice of patients en route and provide consultation
back to EMS personnel to direct the patient to the appropriate
treatment location (e.g., community hospital, hospital with specialized
services). Another commenter explained how digital health technology is
integrated with medical devices used by patients to provide data to
patients and providers for patient engagement and treatment adherence
purposes. Other commenters emphasized the difficulty of clearly
distinguishing between device manufacturers and digital health
technology companies, and that both may provide a mix of traditional
medical devices and digital health technology. Commenters supported an
approach that would not unintentionally exclude beneficial digital
health technology from protection under the safe harbor.
Response: In the OIG Proposed Rule, we expressed interest in
protecting remuneration in the form of a wide range of mobile and
digital technologies for the coordination and management of patient
care, including, by way of example, remote monitoring, predictive
analytics, data analytics, care consultations, patient portals,
telehealth and other communications, and software and applications that
support services to coordinate and monitor patient care and health
outcomes (for individuals and populations). We noted diabetes
management services that leverage devices and cloud storage services to
monitor blood sugar levels and transmit data as an example.
While recognizing the promise that digital health technologies have
for improving care coordination and health outcomes, in the OIG
Proposed Rule we also raised fraud and abuse concerns associated with
medical device manufacturers based on our historical law enforcement
experience. Section III.B.2.e.d. explains those concerns in more
detail. Recognizing these factors, we solicited comments generally on
how best to protect beneficial digital technologies and mitigate fraud
and abuse risks. This included requesting comment on definitions and
factors to consider for specific types of entities that would protect
digital technology and not be too narrow or broad.
Consistent with this request for comments, the intent in the OIG
Proposed Rule, and to address comments received, we define the term
``digital health technology'' at paragraph 1001.952(ee)(14)(ii) and we
define ``limited technology participant'' at paragraph
1001.952(ee)(14)(iii). These definitions balance the interests we
raised in the OIG Proposed Rule by protecting beneficial digital health
technology and mitigating the fraud and abuse risks by specifying the
types of technology that limited technology participants can furnish
under the care coordination arrangements safe harbor. This approach
also addresses concerns raised by commenters regarding unintentionally
excluding beneficial digital health technology from safe harbor
protection. We discuss each definition in more detail below in this
section.
Digital health technology is defined as hardware, software, or
services that electronically capture, transmit, aggregate, or analyze
data and that are used for the purpose of coordinating and managing
care; such term includes any internet or other connectivity service
that is necessary and used to
[[Page 77717]]
enable the operation of the item or service for that purpose. We intend
for this term to encompass a wide range of digital health technologies,
including technologies that are not yet developed or available. It also
includes associated internet or other connectivity services, including
dial-up, that are necessary and used to enable the operation of the
item or service for the purpose of coordinating and managing care. The
term ``digital health technology'' includes, for example, the software
solution described by the commenter that enables hospitals to access
data from cardiac devices used by EMS providers in the field so that
they can coordinate and manage the care of patients undergoing a
cardiac emergency, including connectivity services, such as mobile
hotspots and plans, necessary to enable the EMS providers to transmit
data from the field to the hospital.
Only limited technology participants are limited to the types of
technology set out in the definition of ``digital health technology.''
Other VBE participants eligible for the safe harbor may provide
additional types of technology so long as the value-based arrangement
squarely meets all safe harbor conditions.
We share commenters' views regarding the desirability of enabling
VBE and VBE participants to leverage digital health tools to support
the coordination and management of care. All individuals (except for
patients) and entities are eligible to be VBE Participants, and this
includes health technology companies, including those that are not
traditionally involved in health care or may be new entrants to health
care. Except as otherwise provided in the safe harbor regulations,
health technology companies are eligible to rely on the protection of
the safe harbors for value-based arrangements with other VBE
participants, provided that their arrangements squarely meet all
applicable safe harbor conditions.
The question arose in the OIG Proposed Rule, and remains relevant
here, whether manufacturers of devices and medical supplies and DMEPOS
companies are health technology companies. For most purposes, as
described above, these entities are carved out of the value-based safe
harbors and are ineligible to rely on them. However, we are creating a
pathway to enable these entities to deploy digital health technologies
under the care coordination arrangements safe harbor at paragraph
1001.952(ee). For purposes of this safe harbor, manufacturers of
devices or medical supplies (as defined in paragraph 1001.952(ee)) and
DMEPOS companies (i.e., entities or individuals that sell or rent
covered DMEPOS, not including physicians or providers that primarily
furnish services and pharmacies) that exchange digital health
technologies with another VBE participant or the VBE are collectively
termed ``limited technology participants'' in paragraph 1001.952(ee).
Limited technology participants may use the care coordination
arrangements safe harbor to protect the exchange of digital health
technologies with other VBE participants or the VBE if the arrangement
meets an additional safe harbor condition, described below. Limited
technology participants may not, by definition, rely on the care
coordination arrangements safe harbor to exchange other forms of
remuneration. All other entities eligible to use the safe harbor can
also exchange remuneration in the form of digital health technology,
and they do not have to meet the additional safe harbor conditions that
apply only to limited technology participants at paragraph
1001.952(ee)(8). For example, physicians and providers that primarily
furnish services are not treated as limited technology participants and
are therefore not obligated to meet the additional conditions that
apply to limited technology participants.
In short, remuneration in the form of digital health technology may
be exchanged under the care coordination arrangements safe harbor by
all entities that are not carved out of the safe harbor, as well as
limited technology participants.
Consistent with our statements in the OIG Proposed Rule reflecting
our intent that physician-owned distributorships not be eligible to
rely on the value-based safe harbors, we do not intend for physician-
owned distributorships to be able to use the limited technology
participant pathway in the care coordination arrangements safe harbor.
To foreclose this possibility, we clarify in paragraph 1001.952(ee)(14)
that the term ``limited technology participant'' does not include
manufacturers of devices or medical supplies that were obligated under
42 CFR 403.906 to report one or more ownership or investment interests
held by a physician or an immediate family member during the preceding
calendar year, or that reasonably anticipate that they will be
obligated to report one or more ownership or investment interests held
by a physician or an immediate family member during the present
calendar year. For purposes of this definition, the term ``manufacturer
of a device or medical supply'' has the meaning set forth in paragraph
1001.952(ee)(14), and the terms ``ownership or investment interest,''
``physician,'' and ``immediate family member'' have the meaning set
forth in 42 CFR 403.902. We take this opportunity to make clear that
this regulatory provision should not be construed as an official
definition of unlawful physician-owned distributorships or physician-
owned entities more broadly. This regulation does not alter our long-
standing guidance regarding physician-owned distributorships, and we
specifically reaffirm the guidance in our 2013 Special Fraud Alert on
Physician-Owned Entities.\26\
---------------------------------------------------------------------------
\26\ See OIG, Special Fraud Alert: Physician-Owned Entities
(Mar. 26, 2013), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/2013/POD_Special_Fraud_Alert.pdf.
---------------------------------------------------------------------------
iv. Pharmacies Other Than Compounding Pharmacies
Comment: The overwhelming majority of commenters on this topic
supported allowing pharmacies to be VBE participants. Commenters cited
a wide range of reasons, including that pharmacies and pharmacists are
already involved in many aspects of care coordination and management
and that they are on the front line of care coordination because they
often serve as the key point of contact between patients and the health
care system due to their geographic proximity to patients. Commenters
emphasized that pharmacies provide many services to patients, not just
items. A commenter also noted that an ACO may be a VBE and that a
number of ACOs currently integrate pharmacists for medication
management and other services. Conversely, another commenter suggested
that pharmacies should not be eligible because they present many of the
same concerns as pharmaceutical manufacturers, wholesalers, and
distributors.
Response: With the exception of compounding pharmacies (as
explained in section III.2.e.ii.f of this preamble), pharmacies can
utilize each of the final value-based safe harbors for value-based
arrangements and are not subject to any pharmacy-specific restrictions
or limitations. Pharmacies other than compounding pharmacies also are
eligible for safe harbor protection under the safe harbors for patient
engagement tools and supports (paragraph 1001.952(hh)) and outcomes-
based payments (amended paragraph 1001.952(d)). We are persuaded that
many pharmacies and pharmacists have the potential to facilitate
coordination and management of care for patients and
[[Page 77718]]
that their participation in value-based arrangements may further the
purposes of this final rulemaking. Except in the case of compounding
pharmacies, these potential benefits outweigh our program integrity
concerns, which are adequately addressed by the requirements of the
value-based safe harbors.
v. Entities With Multiple Business Lines
Comment: We received several comments seeking guidance on how
entities with multiple business lines or with multiple regulatory
classifications would be viewed for purposes of safe harbor
eligibility. Some commenters requested clarification on how the
eligibility standards would be impacted by corporate affiliations or
shared ownership. Another commenter noted that some health systems are
involved in device and technology development.
Some questioned how OIG would view an entity that operates both
eligible and ineligible business lines through separate business units,
with certain commenters suggesting that it would be impossible to
distinguish between types of entities because the health care industry
is not siloed in this manner. Others asserted that the fact that many
companies have multiple business lines is reason enough for OIG not to
make any types of business lines ineligible to be VBE participants.
Another commenter requested that clinical quality improvement and data
registries be eligible to be VBE participants, regardless of their
ownership or other status.
Response: Under the final rule, the question of whether a
particular entity is eligible to rely on a safe harbor, or whether an
entity fits the definition of a limited technology participant, is
assessed at the corporate entity level by considering the corporate
entity's predominant or core line of business. We did not propose, and
we are not finalizing, standards relating to common ownership or
corporate affiliation. Corporate affiliation, whether by majority
ownership, common ownership, or another structure, has no bearing on
eligibility.
For example, a pharmacy (other than a compounding pharmacy as
explained in section III.2.e.ii.f) that is under common ownership with
a PBM would be eligible to rely on the value-based safe harbors,
notwithstanding the fact that the pharmacy is related to a PBM, which
is ineligible to rely on those safe harbors. Likewise, within a health
system that is comprised of multiple corporate entities, the fact that
one or more of those entities might engage in activities that make it a
manufacturer of devices or medical supplies would not impact the
availability of the safe harbor to other corporate entities in the
health system that do not engage in such activities.
Where a single corporate entity operates multiple business lines,
eligibility turns on the entity's predominant or core business. For
example, a pharmacy that is operated within the same corporate entity
as a pharmaceutical manufacturer would not be eligible to rely on these
safe harbors to the extent the corporate entity's core function is the
manufacturing of pharmaceuticals and the pharmacy operation merely
supports the manufacturing line of business. Similarly, where a single
corporate entity manufactures both pharmaceuticals and medical devices,
the question of eligibility would focus on which line of business is
the predominant or core line of business of that corporate entity. For
example, if a corporation's predominant function is the manufacturing
of devices (including, for example, preparation, propagation, assembly,
and processing of devices) and it also manufactures a pharmaceutical
product that is incorporated into and integral to a medical device (for
example, a drug-eluting medical device), the entity would be treated as
a manufacturer of devices or medical supplies because that remains its
core business and function. The question of whether a quality
improvement or data registry will be eligible will similarly turn on
whether it is housed within a corporate entity whose predominant
function places it on the carve-out list.
Large corporations that are organized with multiple business lines
within a single corporate entity will need to assess whether they have
a predominant or core business. We do not prescribe a specific standard
or test for assessing an entity's predominant or core business
function, and we expect that entities may use a variety of different
methodologies, depending on their circumstances. We would expect
parties to use a reasonable methodology, which they may wish to
document. For example, share of revenues may be a relevant metric for
some entities, but for others where one or more products are still in
development, revenues may not be an appropriate metric. Entities
seeking safe harbor protection that are uncertain as to whether they
are eligible to rely on the value-based safe harbors for a particular
arrangement may wish to use the OIG advisory opinion process.
Parties seeking protection under the safe harbors may first need to
assess the regulatory text for ineligible entities in the specific safe
harbor of interest. For example, where an entity's business includes
the sale or rental of DMEPOS covered by a Federal health care program,
the question of eligibility is addressed by the regulatory text, which
specifies that the ineligibility of DMEPOS companies does not apply to
a pharmacy or a physician, provider, or other entity that primarily
furnishes services. Thus, for example, a disease management company
that primarily furnishes a suite of disease management services (e.g.,
wellness coaching, patient education, health technology tools to
promote medication adherence) and also sells or rents DMEPOS in support
of these services would be eligible to rely on the value-based safe
harbors and would not be subject to the constraints imposed on limited
technology participants. Conversely, an entity that sells or rents
covered DMEPOS and does not primarily furnish services would be
ineligible, except as a potential limited technology participant under
the care coordination arrangements safe harbor.
We also note that, wholly apart from any value-based arrangement,
transfers of remuneration from one entity to another may implicate the
Federal anti-kickback statute if those transfers of remuneration are
intended to induce or reward referrals for items and services covered
by a Federal health care program. This potential liability arises even
where the recipient subsequently uses the remuneration in a manner that
is protected by a safe harbor. Thus, for example, if an ineligible
entity transferred remuneration to a VBE participant in order for the
recipient VBE participant to induce or reward referrals back to the
ineligible entity, the initial transfer may result in liability under
the Federal anti-kickback statute, even if the recipient VBE
participant's subsequent transfer of the remuneration to other VBE
participants or to patients is protected under a safe harbor.
Comment: Several commenters noted that many providers, including
hospitals and health systems, often own or operate pharmacies and
questioned how an exclusion of pharmacies would apply to them.
Response: Other than pharmacies that primarily compound drugs or
primarily dispense compounded drugs, pharmacies are not subject to any
limitations or restrictions under this final rule, and thus ownership
or operation of many pharmacies by another provider would have no
impact on eligibility. Should a compounding pharmacy exist within a
health system that is comprised of multiple corporate entities, the
fact that one of the entities may be a pharmacy that primarily
compounds drugs or primarily
[[Page 77719]]
dispenses compounded drugs would not impact the availability of the
safe harbor to other corporate entities in the health system. Moreover,
should a compounding pharmacy exist within a single entity that also
furnishes other services, such as health clinic that furnishes
physician services, the entity would apply the multiple lines of
business test to determine whether or not the entity would be
characterized as a compounding pharmacy.
Comment: Some commenters described companies that are regulated as
both CLIA laboratories and manufacturers of devices or medical supplies
because they perform their own FDA-regulated in-vitro diagnostic tests
at their own CLIA-certified laboratories and sought clarification
regarding how they would be viewed.
Response: We have replaced the term ``clinical laboratory'' with
the term ``laboratory company'' in this final rule to clarify the type
of entities that we intend to make ineligible to rely on the value-
based safe harbors. The term ``laboratory company'' refers to
independent companies that operate clinical laboratories and bill for
the laboratory services they furnish through their own billing numbers.
Consistent with the approach described above, the entity would need to
consider what its predominant or core business function is--
manufacturing (e.g., preparation, propagation, assembly, processing) a
medical device or furnishing laboratory services. Without further
details regarding the commenters' specific business operations, we are
unable to provide a precise response here.
Comment: A commenter noted that a pharmacy is included as a
``laboratory'' under CLIA. Other commenters noted that pharmacies may
be co-located with health clinics or owned and operated by other types
of providers. The commenters sought guidance on how these relationships
between entity types would impact eligibility for protection under the
safe harbors.
Response: As discussed above, and based upon the comments, we have
revised the terminology in this final rule to refer to laboratory
companies rather than clinical laboratories, and we intend for
``laboratory companies'' to mean independent companies that operate
clinical laboratories and bill for the laboratory services they furnish
through their own billing numbers. Consistent with the approach set
forth above, because a pharmacy's predominant or core business function
is to provide pharmacy services, not laboratory services, we would not
consider the fact that pharmacies are treated as laboratories for other
regulatory purposes to impact their eligibility to rely on the value-
based safe harbors. As noted previously, pharmacies that primarily
compound drugs or primarily dispense compounded drugs would not be
eligible for safe harbor protection.
vi. New Safe Harbor Conditions
Comment: With respect to potential additional safeguards for VBE
participants generally, commenters suggested a wide range of options,
some of which we stated that we were considering in the OIG Proposed
Rule (e.g., prohibitions on exclusivity, required data reporting or
monitoring). Some commenters also recommended that we implement these
additional safeguards for certain types of entities (e.g., medical
device manufacturers).
Response: Consistent with the proposal within the OIG Proposed
Rule, we are adopting an additional safeguard in the care coordination
arrangements safe harbor targeted to manufacturers of devices and
medical supplies and DMEPOS companies that exchange digital health
technologies to mitigate the increased risk of abuse presented by
allowing these entities to use this safe harbor.
As discussed above, we have created a new category of VBE
participants, ``limited technology participants,'' which is comprised
of manufacturers of devices and medical supplies and DMEPOS companies
that exchange digital health technology with another VBE participant or
the VBE. Consistent with our proposal in the OIG Proposed Rule, we are
adopting a requirement in the care coordination arrangements safe
harbor that the exchange of digital health technologies by limited
technology participants may not be conditioned on any recipient's
exclusive use, or minimum purchase, of any item or service
manufactured, distributed, or sold by the limited technology
participant. This additional safeguard addresses the specific program
integrity concerns presented by manufacturers of devices and medical
supplies and DMEPOS companies, which are heavily dependent on
practitioner referrals and who might use value-based arrangements to
tether clinicians to their products or to secure guaranteed referral
streams.
Comment: Some commenters suggested that applying safeguards to
specific types of entities, and not others, might deter those entities
from participating in value-based arrangements.
Response: First, we note that we have not imposed any additional
conditions on specific types of entities in the substantial downside
financial risk safe harbor or the full financial risk safe harbor.
Second, we do not concur with the commenter's assertion that the
limited technology participant pathway will disincentivize
participation in value-based arrangements; this framework allows
manufacturers of devices and medical supplies and DMEPOS companies to
participate in value-based arrangements involving digital health
technology and benefit from protection under the care coordination
arrangements safe harbor if they satisfy all safe harbor conditions.
Comment: In response to our proposal to include a safeguard that
prohibits exclusivity provisions, many commenters expressed support for
such a safeguard. Others cautioned that exclusivity provisions in
contractual arrangements can be appropriate in certain situations, such
as where substantial financial investments are required or where
exclusivity is consistent with intellectual property rights and
protections. Some commenters encouraged us to investigate the pros and
cons of prohibiting exclusivity provisions before adopting this
safeguard. At least two commenters opposed any potential prohibition of
exclusivity requirements. One commenter asserted that no manufacturer
has the capability or resources to ensure that all of its value-based
arrangement offerings always operate as a ``plug and play,'' always
interchangeable, product agnostic system. Another commenter stated that
parties to value-based arrangements should have flexibility to require
use of a medical device where clinical evidence dictates that a
particular practice not currently in use would vastly improve outcomes.
Response: We are adopting our proposal to preclude protection for
the exchange of remuneration conditioned on a recipient's exclusive
use, or minimum purchase, of any item or service manufactured,
distributed, or sold by a limited technology participant in the care
coordination arrangements safe harbor. We are only applying this
condition to remuneration exchanged by limited technology participants;
it does not apply to any other VBE participants. We are only adopting
this condition in the care coordination arrangements safe harbor, not
the other value-based safe harbors. We recognize that exclusivity
provisions may be appropriate business terms in certain contexts.
However, precluding safe harbor protection for arrangements that
include exclusivity provisions tied to products offered by limited
technology participants is an important safeguard. This safeguard
mitigates risk that these entities, which
[[Page 77720]]
are heavily dependent on practitioner referrals to sell their products,
will attempt to use the care coordination arrangements safe harbor to
protect arrangements intended to generate product sales or arrangements
that lock practitioners and patients into using products that may not
be in the patients' best interests in the clinical judgment of the
practitioners.
The safe harbor requirement that remuneration exchanged by limited
technology participants may not be conditioned on any recipient's
exclusive use or minimum purchase of the limited technology
participant's products does not prevent use of products based on
clinical best evidence. Nor does it prevent requirements in value-based
arrangements that providers use products based on clinical evidence
showing improved outcomes, when those products are in a patient's best
interests in the judgment of their practitioners. Nor does the
provision require that all value-based arrangements be product-agnostic
or that the digital technology provided under such an arrangement be
fully interchangeable with other products. The provision does mean
that, where remuneration is exchanged by a limited technology
participant, the VBE participants will not be entitled to safe harbor
protection under the care coordination arrangements safe harbor if the
limited technology participant conditions the remuneration on the
exclusive use of its product or a minimum purchase amount. This safe
harbor requirement does not apply to remuneration exchanged by VBE
participants that are not limited technology participants.
f. Value-Based Purpose
Summary of OIG Proposed Rule: We proposed to define a ''value-based
purpose'' as: (i) Coordinating and managing the care of a target
patient population; (ii) improving the quality of care for a target
patient population; (iii) appropriately reducing the costs to, or
growth in expenditures of, payors without reducing the quality of care
for a target patient population; or (iv) transitioning from health care
delivery and payment mechanisms based on the volume of items and
services provided to mechanisms based on the quality of care and
control of costs of care for a target patient population.
Summary of Final Rule: We are finalizing, without modification, our
definition of ``value-based purpose.''
Comment: While several commenters expressed support for our
proposed definition of ``value-based purpose'' as drafted, the majority
of commenters sought clarification on the term. For example, commenters
sought clarification on how quality would be defined and measured under
the value-based purpose and, more specifically, whether certain
measures would be seen as reducing quality. Another commenter requested
that OIG address how parties to a value-based arrangement would need to
document that the arrangement met a value-based purpose. Other
commenters sought confirmation that the definition of ``value-based
purpose'' does not require parties to succeed in achieving the
applicable purpose.
Response: As a threshold matter, the definition of ``value-based
purpose'' was crafted to provide parties with flexibility to develop
innovative care arrangements and strategies specific to the needs of
their target patient populations. We are not prescribing how parties
define and measure quality to qualify for the definition or how parties
document the ways in which they intend to achieve the VBE's value-based
purpose(s). Whether certain measures reduce quality is a fact-specific
inquiry. Further, neither the definition of ``value-based purpose'' nor
the value-based safe harbors requires parties to achieve the VBE's
value-based purpose(s); rather, the definition of ``value-based
purpose'' should be read in conjunction with the definition of ``value-
based activity,'' which requires value-based activities to be
reasonably designed to achieve the VBE's value-based purpose(s).
Documentation requirements are specified in individual safe harbors.
Comment: Multiple commenters requested further guidance on the
fourth value-based purpose of transitioning from health care delivery
and payment mechanisms based on the volume of items and services
provided to mechanisms based on the quality of care and control of
costs of care for a target patient population.
Response: We are finalizing the fourth value-based purpose in
recognition that parties transitioning to value-based care may need to
provide infrastructure and perform other activities necessary to
transition to the assumption of downside financial risk. For example,
as discussed in section III.B.5 below, parties to value-based
arrangements that meet the requirements of the full financial risk safe
harbor may exchange remuneration during a twelve-month phase-in period,
where the VBE is contractually obligated to assume full financial risk
in the next 12 months but has not yet assumed such risk. During this
phase-in period, the parties may have, as a value-based purpose, the
purpose of transitioning from health care delivery and payment
mechanisms based on the volume of items and services provided to
mechanisms based on the quality of care and control of costs of care
for a target patient population, and the parties may exchange, among
other things, remuneration necessary to enable the VBE to transition to
the assumption of full financial risk.
Comment: Other commenters advocated for revisions to the definition
of ``value-based purpose.'' These comments generally focused on two
issues related to the value-based purpose of appropriately reducing the
costs to, or growth in expenditures of, payors without reducing the
quality of care for a target patient population: Whether the definition
of ``value-based purpose'' should protect: (i) Cost-reduction efforts
more broadly, rather than only to the benefit of payors; and (ii) cost-
reduction efforts only when paired with improved quality or maintenance
of already-improved quality of care.
With respect to the first issue, commenters generally were in favor
of expanding the third purpose to cover all cost-reduction efforts, not
just those that benefit payors. At least two commenters asserted that
this expansion would be necessary to protect gainsharing arrangements.
Commenters' opinions varied on the second issue, related to our
proposal that reducing costs to, or the growth in expenditures of,
payors must be accomplished without reducing the quality of care for
the target patient population, with some expressing support and others
opposition. Many commenters opined on our alternative proposal to
include the reduction of costs to, or growth in expenditures of, payors
in the definition of ``value-based purpose'' only where there is also
an improvement in patient quality of care or the parties are
maintaining an improved level of care. On the one hand, certain
commenters believed this alternative standard would be overly
prescriptive and difficult to measure; others expressed support, with
one stating that a reduction in costs alone is not true value and that
the improvement of care should be the first priority.
Response: We are finalizing this portion of the definition, as
proposed. A goal of this rulemaking is to support quality improvements
and cost efficiencies achieved through better care coordination that
benefit patients and the health care delivery system. In our view,
arrangements that do not result in a reduction in costs to, or growth
in expenditures of, payors--such as reductions in surgical suite costs
for a
[[Page 77721]]
hospital--do not further this goal sufficiently to warrant protection
under the third value-based purpose definition. The definition of
``value-based purpose'' that we are finalizing is not intended to
foreclose internal-cost savings arrangements, such as gainsharing, in
their entirety; however, parties must consider whether such
arrangements would further other purposes in the ``value-based
purpose'' definition and the conditions of the applicable value-based
safe harbor. We also do not believe a higher standard of improving or
maintaining already improved quality of care is necessary. We are
persuaded that preventing reductions in quality of care, paired with
the safeguards in each of the value-based safe harbors, provides both
flexibility and sufficient protection against the potential for patient
harm.
Comment: A commenter asserted that VBEs should have at least one
value-based purpose related to patient care improvement and expressed
concern that allowing VBEs to focus solely on cost reduction would
compromise patient care and have a disproportionate impact on patients
with rare conditions.
Response: While a VBE or value-based arrangement may, but is not
required to, have as a value-based purpose improving the quality of
care for a target patient population, none of the value-based purposes
protect value-based arrangements that compromise patient quality of
care. Of the two value-based purposes that incorporate cost control or
cost reduction concepts, one requires the appropriate reduction in
costs to, or growth in expenditures of, payors without reducing the
quality of care for a target patient population; the other requires the
transition of health care delivery and payment mechanisms based on the
volume of items and services provided to mechanisms based on the
quality of care and control of costs of care to payors for a target
patient population. Both of these value-based purposes emphasize the
importance of ensuring patient quality of care.
We further highlight that each of the value-based safe harbors
includes a safeguard precluding safe harbor protection for value-based
arrangements that stint on medically necessary patient care; this
safeguard provides that the value-based arrangement may not induce
parties to furnish medically unnecessary items or services or reduce or
limit medically necessary items or services furnished to any patient.
Comment: A commenter expressed concern that the ``value-based
purpose'' definition may lead to patient harm, fails to protect
adequately against abusive cycling of patients for financial gain, and
potentially impinges on the professional judgment of health care
professionals.
Response: We share the commenter's concerns about patient harm,
abusive cycling of patients for financial gain and compromised
professional judgment. We have addressed these concerns through various
safeguards and requirements of the value-based safe harbors and the
patient engagement and support safe harbor. We note that compliance
with the value-based purpose definition does not necessarily qualify
parties or arrangements for safe harbor protection.
g. Coordination and Management of Care
Summary of OIG Proposed Rule: We proposed to define ``coordination
and management of care,'' the first of the four value-based purposes,
as the deliberate organization of patient care activities and sharing
of information between two or more VBE participants or VBE participants
and patients, tailored to improving the health outcomes of the target
patient population, in order to achieve safer and more effective care
for the target patient population. In defining this term, we sought to
distinguish between referral arrangements, which would not be
protected, and legitimate care coordination arrangements, which
naturally involve referrals across provider settings but also include
beneficial activities beyond the mere referral of a patient or ordering
of an item or service. We expressed particular concern about
distinguishing between coordinating and managing patient care
transitions for the purpose of improving the quality of patient care or
appropriately reducing costs, on one hand, and churning patients
through care settings to capitalize on a reimbursement scheme or
otherwise generate revenue. We proposed in preamble that we would not
consider the provision of billing or administrative services to be the
coordination and management of patient care.
Summary of Final Rule: We are finalizing, with modifications, the
definition of ``care coordination and management.'' First, we have
revised the definition to clarify that the deliberate organization of
patient care activities and sharing of information must occur between
two or more VBE participants, one or more VBE participants and the VBE,
or one or more VBE participants and patients. Second, in response to
comments, we have revised the description of the required goals to
state that the parties' efforts (i.e., the deliberate organization of
patient care activities and sharing of information) must be designed to
achieve safer, more effective, or more efficient care to improve the
health outcomes of the target patient population. These two changes
clarify the regulatory language with respect to the parties that engage
in the care coordination and management to include the VBE itself,
which can be party to a value-based arrangement, and make clear that
efforts to improve efficiency can be part of coordination and
management of care. Third, also in response to comments, we have
revised the definition to clarify that the term does not require
achievement of the stated goals, but rather that the efforts must be
designed to achieve such goals.
Comment: Commenters on this topic varied in their responses to our
proposed definition of ``coordinating and managing care.'' While we
received some comments expressing support, others asserted that the
definition was superfluous. A commenter highlighted that existing CMS
programs already rely on similar terminology and encouraged OIG to
align its definition.
Response: For the reasons stated in the OIG Proposed Rule, we are
finalizing a definition of ``coordination and management of care.''
Among other things, this definition helps ensure that protected
arrangements serve patients and the goals of coordinated care. Further,
given the importance of this value-based purpose in the safe harbors,
the definition provides a standard against which safe harbor compliance
can be measured. This is intended to help providers seeking to comply
with the safe harbors. As noted in the OIG Proposed Rule, we considered
other agency definitions in crafting ours.\27\
---------------------------------------------------------------------------
\27\ 84 FR 55707 (Oct. 17, 2019). For example, the Agency for
Healthcare Research and Quality explains that ``[c]are coordination
is identified by the Institute of Medicine as a key strategy that
has the potential to improve the effectiveness, safety, and
efficiency of the American health care system. Well-designed,
targeted care coordination that is delivered to the right people can
improve outcomes for everyone: patients, providers, and payers.''
https://www.ahrq.gov/ncepcr/care/coordination.html.
---------------------------------------------------------------------------
Although other laws and regulations, including the physician self-
referral law and associated regulations, may utilize the same or
similar terminology, the definition and interpretations we are adopting
in this rule would not affect CMS's (or any other governmental
agency's) interpretation or ability to interpret such term.
Comment: At least two commenters opposed our proposed definition
because they believe it would require
[[Page 77722]]
constant achievement. As an alternative, these commenters proposed
revising the definition of ``coordination and management of care'' from
the deliberate organization of patient care activities and sharing of
information in order to improve health outcomes, to the deliberate
organization of patient care activities and sharing of information in
an attempt to improve health outcomes.
Response: We thank commenters for highlighting this issue. It was
not our intent for the definition of ``coordination and management of
care'' to require constant achievement of improved health outcomes. To
address the issue raised by the commenters and reduce the potential for
confusion, we have revised the definition to clarify that the
organization of patient care activities and the sharing of information
must be designed to achieve safer, more effective, or more efficient
care to improve the health outcomes of the target patient population.
Actual achievement of safer, more effective, or more efficient care
that improves health outcomes is not required. However, the parties
must ensure that their efforts (i.e., deliberate organization of
patient care activities and sharing of information) are designed to
achieve these goals.
Comment: Several commenters questioned whether: (i) Patient
monitoring, patient diagnostic activities, patient treatment, and
communication related to such patient activities; or (ii) predictive
analytics, would constitute the coordination and management of care.
Response: Depending on the facts and circumstances, each of the
actions listed above could qualify as the coordination and management
of care. We intend for the coordination and management of care to
require beneficial activities beyond the mere referral of a patient or
ordering of an item or service. Coordination and management of care
requires some additional, deliberate effort and sharing of information,
across two or more parties, that is designed to augment care delivery
to achieve safer, more effective, or more efficient care to improve
health outcomes.\28\ For example, the ordering of a diagnostic test,
such as an imaging study, by a provider and the sharing of the test
results back to the ordering provider would not, without additional
beneficial activities, constitute the coordination and management of
care under the finalized definition. If, however, the ordering of the
imaging study and the sharing of results was part of a more deliberate,
organized effort between or among the parties to achieve safer and more
effective care and improve health outcomes, such as by implementing
protocols to reduce the number of redundant tests or ensuring that test
results are readily shared with and available to the patient and all
members of the patient's caregiver team and used to inform care
decisions, then the arrangement may constitute coordination and
management of care. We also emphasize that the definition requires not
only the deliberate organization of patient care activities, but also
the sharing of information between (or among) the parties who are
coordinating and managing care. This information sharing must be part
of a design to achieve safer, more effective, or more efficient care to
improve the health outcomes of the target patient population.
---------------------------------------------------------------------------
\28\ See, e.g., NEJM Catalyst, What is Care Coordination? (Jan.
1, 2018), https://catalyst.nejm,org/what-is-care-coordination/
(providing examples and noting that ``[c]are coordination
synchronizes the delivery of a patient's health care from multiple
providers and specialists. The goals of coordinated care are to
improve health outcomes by ensuring that care from disparate
providers is not delivered in silos, and to help reduce health care
costs by eliminating redundant tests and procedures.'').
---------------------------------------------------------------------------
Our final rule endeavors to encompass a wide range of beneficial
care coordination activities, with limitations. As described in the OIG
Proposed Rule, coordination might occur between hospitals and post-
acute care providers, specialists and primary care providers, or
hospitals and physician practices and patients. It could involve using
care managers, providing care or medication management, creating a
patient-centered medical home, helping with effective transitions of
care, sharing and using health data to improve outcomes, or sharing
accountability for the care of a patient across the continuum of care.
These arrangements often naturally involve referrals across provider
settings but include beneficial activities beyond the mere referral of
a patient or ordering of an item or service. We see a clear distinction
between coordinating and managing patient care transitions for the
purpose of improving the quality of care or improving efficiencies,
which would fit in the definition, and churning patients through care
settings to capitalize on a reimbursement scheme or otherwise generate
revenue, which would not fit in the definition. The OIG Proposed Rule
cites a relevant example of cycling patients through skilled nursing
facilities (SNFs) to maximize revenue as the kind of arrangement we do
not intend to fit in the definition or receive protection under any
safe harbor.
Comment: In response to OIG's solicitation of comments on the
intersection of coordination and management of care and cybersecurity,
a commenter stated that cybersecurity items or services should meet the
definition of ``coordination and management of care.'' According to the
commenter, cybersecurity items or services may be needed to share
information between or among VBE participants, and the commenter
expressed concern that parties would overlook opportunities to work
with small practices that cannot afford proper cybersecurity tools.
Response: We appreciate the commenters' input; however, we
respectfully disagree with their recommendation. As a general matter,
the use or sharing of cybersecurity items and services alone would not
meet the definition of ``coordination and management of care.'' Having
reviewed the comments and upon further consideration of the issue, we
view the use or sharing of such items and services to be focused on
ensuring the security of patient care items and related information
exchange, rather than the deliberate organization of patient care
activities and sharing of information, as required by the definition of
``coordination and management of care.'' That being said, an
arrangement involving the exchange of health information technology
that incorporates cybersecurity items and services could meet the
definition of ``coordination and management of care.'' For example,
where a VBE participant provides data analytics software to another VBE
participant to facilitate the VBE participants' coordination and
management of care, security features to control access to data
included within that software would not preclude the data analytics
software from meeting the definition of ``coordination and management
of care.'' However, we note that meeting the definition of
``coordination and management of care'' does not, de facto, afford safe
harbor protection; for safe harbor protection, the remuneration
exchanged must squarely satisfy all safe harbor conditions.
The use or sharing of cybersecurity items and services alone may
meet other value-based purposes, and such remuneration may be eligible
for protection under the substantial downside financial risk safe
harbor (paragraph 1001.952(ff)) or full financial risk safe harbor
(paragraph 1001.952(gg)). The cybersecurity technology and related
services safe
[[Page 77723]]
harbor, paragraph 1001.952(jj), also is available to protect the
exchange of cybersecurity items and services, provided all safe harbor
requirements are met.
Comment: In lieu of making the coordination and management of
patient care a requirement specific to the value-based safe harbors and
arrangements for patient engagement and support safe harbor, a
commenter requested that OIG revise the definition of ``value-based
purpose'' to reflect that one of the value-based purposes must be the
coordination and management of patient care.
Response: We appreciate the commenter's input; however, we decline
to adopt the commenter's suggestion for two reasons. First, the current
structure facilitates alignment between OIG's and CMS's value-based
terminology to ease burden on providers and others working to comply
with both sets of rules. In addition, as finalized, the substantial
downside financial risk and full financial risk safe harbors already
provide parties with additional flexibility to identify value-based
purposes other than the coordination and management of care, in defined
circumstances.
Comment: A commenter requested clarification as to the types of
activities that constitute the provision of billing or administrative
services. This commenter asserted certain administrative services, such
as the more effective management of patient records, could improve the
coordination and management of patient care and should be not be
excluded from the definition of ``value-based purpose.''
Response: Administrative services, depending on the facts and
circumstances, may meet the definition of ``coordination and management
of care.'' We are clarifying our statement in the OIG Proposed Rule
that we would not consider the provision of billing or administrative
services to be the management of patient care \29\ to make clear that
we view any billing or financial management services arrangement that
is characterized as facilitating the coordination and management of
patient care to be outside the scope of this definition for purposes of
this rule. By financial management services, we mean services such as
bookkeeping operations, contract management, revenue cycle management,
or other similar activities. These activities might complement the
organization of patient care activities, but they are not the type of
care coordination activities contemplated in our proposed rule or
covered by the final definition.
---------------------------------------------------------------------------
\29\ 84 FR 55707 (Oct. 17, 2019).
---------------------------------------------------------------------------
We also are mindful that, in certain situations, the remuneration
exchanged by the parties might incidentally assist the recipient with
performing certain of these administrative functions. However, we
believe that any benefit that the remuneration has on the
administrative activities of the recipient should be incidental, at
most. This approach helps ensure that value-based arrangements eligible
for safe harbor protection focus on the delivery of care to patients.
Arrangements that focus on billing and financial management services
arrangements may be structured to fit in another safe harbor, such as
the safe harbor for personal services and management contracts, which
includes protections such as a fair market value requirement. The
value-based safe harbors are not intended to protect billing and
financial management services arrangements, even those that might help
support care coordination and management, that are not fair market
value under the guise of a value-based arrangement.
We address this issue through a new provision in the care
coordination arrangements safe harbor at paragraph
1001.952(ee)(1)(iii)(A), which provides that the remuneration exchanged
pursuant to a value-based arrangement may not be exchanged or used more
than incidentally by the recipient for the recipient's billing or
financial management services. We are not adopting parallel provisions
in the substantial downside financial risk or full financial risk safe
harbors because there are circumstances in which billing and financial
management services could be included in the remuneration that is
protected by those safe harbors. For this same reason, we are not
incorporating this limitation into the definition of coordination and
management of care, which applies across all of the value-based safe
harbors.
Comment: A commenter suggested that we revise this term to require
the ``coordination or management of care'' instead of the
``coordination and management of care.''
Response: We appreciate the commenter's input; however, we are not
adopting the commenter's suggestion. The coordination and management of
care reflects an integrated set of activities for patients, as set out
in the definition we are finalizing in this rule. We are concerned that
management activities, standing alone, would not be appropriately
patient-focused to achieve the intent of the value-based safe harbors.
Comment: A commenter appeared to request that OIG revise its
definition of ``coordination and management of care'' to provide that
the deliberate organization of patient care activities and sharing of
information may be between VBE participants and patients' family
members or caregivers, in addition to those activities being conducted
between VBE participants and patients.
Response: We would consider the deliberate organization of patient
care activities and sharing of information between VBE participants and
patients' family members or others acting on the patients' behalf to
meet the definition of ``coordination and management of care.'' This
may include, for example, intervening caregivers, and family members,
such as for patients who are children. We note that an arrangement that
is solely between a VBE participant and a patient might constitute the
coordination and management of care, but it would not fit in the value-
based safe harbors because those safe harbors do not protect the
exchange of remuneration with patients. Other safe harbors may protect
the exchange of remuneration with patients, including the patient
engagement and support safe harbor at paragraph 1001.952(hh).
Arrangements between VBEs and one or more of their VBE participants or
between or among VBE participants that engage patients in efforts to
coordinate and manage care could qualify under the value-based safe
harbors with respect to remuneration flowing between a VBE and VBE
participant or between VBE participants if all safe harbor conditions
are met. For purposes of the care coordination arrangements safe
harbor, parties exchanging remuneration pursuant to the value-based
arrangement would need to be part of the coordination and management of
care of the target patient population in some fashion, although levels
of involvement in care coordination may differ among VBE participants,
depending on the scope and nature of the arrangement.
3. Care Coordination Arrangements To Improve Quality, Health Outcomes,
and Efficiency Safe Harbor (42 CFR 1001.952(ee))
a. General Comments
Summary of OIG Proposed Rule: We proposed a new safe harbor at
proposed paragraph 1001.952(ee) to protect in-kind remuneration
exchanged between qualifying VBE participants with value-based
arrangements that squarely satisfy all of the proposed safe harbor's
requirements. We developed this safe
[[Page 77724]]
harbor to facilitate value-based care and improved care coordination
for patients by providers and others that may be assuming no or less
than substantial downside financial risk.
Proposed conditions included commercial reasonableness (proposed
paragraph 1001.952(ee)(2)), written documentation (proposed paragraph
1001.952(ee)(3)), record retention (proposed paragraph
1001.952(ee)(11)), and establishment and monitoring of outcomes
measures (proposed paragraph 1001.952(ee)(1)). We proposed that
protected remuneration would be used primarily to engage in value-based
activities that are directly connected to the coordination and
management of patient care for the target patient population (proposed
paragraph 1001.952(ee)(4)(ii)). We further proposed that arrangements
could not induce VBE participants to furnish medically unnecessary care
or reduce or limit medically necessary care (proposed paragraph
1001.952(ee)(4)(iii)); could not be funded by outside sources (proposed
paragraph 1001.952(ee)(4)(iv)); could not limit medical decision-making
or patient freedom of choice (proposed paragraphs 1001.952(ee)(7)(ii)-
(iii)); could not take into account the volume or value of business
outside the value-based arrangement (proposed paragraph
1001.952(ee)(5)); and could not include marketing of items or services
to patients or patient recruitment activities (proposed paragraph
1001.952(ee)(7)(iv)). We proposed a requirement that the recipient of
the remuneration would pay at least 15 percent of the offeror's cost of
the remuneration (proposed paragraph 1001.952(ee)(6)). We also proposed
a requirement that arrangements be terminated within 60 days if the
VBE's accountable body or person determined that the arrangements were
unlikely to further coordination and management of care, were not
achieving the value-based purpose or were resulted in material
deficiencies in quality of care (proposed paragraph 1001.952(ee)(9)).
In addition, we proposed that an exchange of remuneration would not be
protected under the care coordination arrangements safe harbor if the
offeror knows or should know that the remuneration is likely to be
diverted, resold, or used by the recipient for an unlawful purpose
(proposed paragraph 1001.952(ee)(10)). These conditions were proposed
to minimize risks of traditional fee-for-service fraud and abuse and
pay-for-referral schemes, particularly in arrangements where the
parties are not assuming downside risk.
Summary of Final Rule: We are finalizing, with modifications, this
safe harbor. The safe harbor continues to protect in-kind remuneration
exchanged between a VBE and VBE participant or between VBE participants
pursuant to a value-based arrangement that squarely satisfies all of
the proposed safe harbor's requirements. We have modified and clarified
many of the safe harbor requirements in response to public comments, as
described below. The safe harbor includes conditions related to
commercial reasonableness, outcomes measures, written documentation,
record retention, monitoring, termination, marketing and patient
recruitment, and diversion and reselling of remuneration. The safe
harbor requires that protected remuneration be used predominately to
engage in value-based activities that are directly connected to the
coordination and management of care for the target patient population.
Protected arrangements cannot induce VBE participants to furnish
medically unnecessary care or reduce or limit medically necessary care;
cannot limit medical decision-making or patient freedom of choice; and
cannot take into account the volume or value of business outside the
value-based arrangement. Under the final rule, all recipients must pay
15 percent of the offeror's cost or 15 percent of the fair market value
of the remuneration. We are not finalizing the proposed condition
related to outside funding of the remuneration.
As detailed in section III.B.2.e and III.B.2.g of this preamble
relating to the VBE participant definition, we are carving out patients
and certain entities from the safe harbor; those entities are listed at
paragraph 1001.952(ee)(13). We are finalizing a limited pathway for
safe harbor protection in the care coordination arrangements safe
harbor for manufacturers of devices and medical supplies and DMEPOS
companies participating in digital health technology arrangements at
paragraph 1001.952(ee)(13). As discussed in section III.B.2.e.vi of
this preamble, we are finalizing a condition in the care coordination
arrangements safe harbor that restricts those entities from
conditioning the exchange of remuneration on any recipient's exclusive
use, or minimum purchase, of any item or service manufactured,
distributed, or sold by those entities.
This safe harbor protects in-kind remuneration only. Some monetary
compensation associated with care coordination or value-based
activities may be protected under other safe harbors, such as the other
value-based safe harbors or the safe harbor for personal services and
management contracts and outcomes-based payments at paragraph
1001.952(d).
Comment: Many commenters expressed support for the care
coordination arrangements safe harbor and the existence of a value-
based safe harbor that did not mandate the assumption of downside
financial risk. These commenters stated the safe harbor would
facilitate innovative arrangements to improve care coordination and
facilitate community partnerships. Other commenters, while generally
supportive of the safe harbor, asserted that it included too many
burdensome, complex, and subjective conditions; these commenters urged
OIG to reduce the number of requirements in the safe harbor.
Conversely, some commenters opposed the safe harbor, with their
concerns largely falling into two categories: (i) The potential for
fraud and abuse because the safe harbor does not require the parties to
assume downside risk or that there are not strong enough program
integrity guardrails; and (ii) negative effects on competition, i.e.,
unduly benefiting larger providers.
Response: We thank commenters for their feedback. The safe harbor
is intended to protect arrangements by parties who are transitioning to
higher levels of risk or who are engaging in care coordination that
improves quality and efficiency, without assuming risk. We agree with
commenters that there could be increased risk of fraudulent or abusive
behavior (e.g., overutilization) where providers who order items or
services are not at substantial downside financial risk. We structured
the care coordination arrangements safe harbor to reflect and mitigate
that increased risk. The safe harbor includes requirements tailored to
ensure that arrangements protected by the safe harbor--which could
apply to remuneration exchanged between parties who refer Federal
health care program business to each other and where both parties are
paid by Federal health care programs on a fee-for-service basis--do not
result in the traditional FFS fraud and abuse risks. As described in
the OIG Proposed Rule, traditional FFS fraud and abuse risks include
inappropriately increased costs to the Federal health care programs or
patients, corruption of practitioners' medical judgment,
overutilization, inappropriate patient steering, unfair competition, or
poor-quality care.\30\
---------------------------------------------------------------------------
\30\ 84 FR 55696 (Oct. 17, 2019).
---------------------------------------------------------------------------
We aimed to finalize a safe harbor that is not administratively
burdensome, overly complex, or subjective, but we
[[Page 77725]]
acknowledge that parties must satisfy a number of criteria to receive
safe harbor protection and that some parties may find the safe harbor
administratively burdensome, overly complex, and subjective with
respect to their particular arrangements. However, we believe that
these conditions, taken together, ensure the safe harbor protects
legitimate value-based arrangements, fosters improved care
coordination, allows for innovation, adequately addresses the
traditional FFS risks described above, and limits potentially
problematic referral schemes. We acknowledge that larger entities may
be better positioned to afford some types of investments required by
value-based activities, but we have intentionally crafted this safe
harbor for a wide range of care coordination arrangements, including
arrangements between small entities, providers serving rural and
underserved communities, or both, that might not require substantial
investment. As we describe elsewhere, many of the conditions are
flexible (i.e., not one-size-fits-all) and can be satisfied in ways
that take into account the size of, and resources available to, VBE
participants.
Comment: A commenter proposed that, in lieu of the care
coordination arrangements safe harbor, OIG enumerate acceptable value-
based arrangements that are of minimal monetary value to the referral
source.
Response: We did not propose to adopt a list of acceptable value-
based arrangements of minimal monetary value in lieu of the care
coordination arrangements safe harbor, and we are not adopting any such
list as part of this final rule.
Comment: A primary care provider requested that we address whether
or not it would be permissible to waive cost-sharing amounts for select
services under the care coordination arrangements safe harbor.
Response: As a threshold matter, whether cost-sharing is owed for a
particular service covered by Medicare or Medicaid is programmatic
policy under the auspices of CMS and state Medicaid programs. If cost-
sharing is owed by the beneficiary under the applicable programmatic
rules and a provider or supplier waives any such obligations, then a
question arises about whether any benefit stemming from the waiver of
the beneficiary's cost-sharing obligations implicates the Federal anti-
kickback statute or the Beneficiary Inducements CMP.
Cost-sharing waivers furnished to patients would not qualify for
protection under the care coordination arrangements safe harbor. First,
cost-sharing waivers are not in-kind remuneration, and the care
coordination arrangements safe harbor is limited to exchanges of in-
kind remuneration. Second, as explained further in section III.2.e.i of
this preamble, the context and framework of the value-based provisions
in the OIG Proposed Rule made clear that we did not intend patients to
be VBE participants who could engage in value-based arrangements under
the value-based safe harbors. We are finalizing, as proposed, that the
care coordination arrangements safe harbor is available to protect only
the exchange of in-kind remuneration between parties to a value-based
arrangement, not remuneration exchanged with patients. In response to
comments and for clarity, we have: (i) Revised the definition of ``VBE
participant'' to expressly exclude patients; and (ii) revised the
introductory language of the paragraph to expressly limit protection to
exchanges of remuneration between a VBE and VBE participant or between
VBE participants.
In some cases, other existing protections may be available for some
cost-sharing waivers, including cost-sharing waivers by certain
entities that are not offered as part of any advertisement or
solicitation; are not routine; and are made following an individual
determination of financial need.\31\
---------------------------------------------------------------------------
\31\ See, e.g., 42 U.S.C. 1320a-7b(b)(3)(D), (G); 42 CFR
1001.952(k); OIG, Special Fraud Alert: Routine Wavier of Copayments
or Deductible Under Medicare Part B, 59 FR 65372, 65377 (Dec. 19,
1994), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/121994.html.
---------------------------------------------------------------------------
Comment: A hospital association requested that the care
coordination arrangements safe harbor include a 12-month preparation
period that would be analogous to the ''phase-in'' periods in the
substantial downside financial risk and full financial risk safe
harbors. Similarly, at least two commenters requested that OIG protect
initial investments in value-based arrangements or activities by
parties exploring the creation of a VBE, with a commenter requesting
that OIG protect such remuneration prior to any terms being set forth
in a written agreement.
Response: We are not adopting the suggestion for a preparation or
``phase-in'' period for the care coordination arrangements safe harbor.
There may be practical or operational reasons for parties to engage in
financial arrangements or make ``phase-in'' investments as they explore
creating a VBE or before committing to a particular value-based
arrangement with partners. On balance, however, these considerations do
not outweigh the heightened risk of fraud or abuse during a ``phase-
in'' period in advance of the commencement of a value-based
arrangement, particularly in situations where parties have not yet
created a VBE with its attendant accountability and transparency
protections. Moreover, it is OIG's belief that the need for a ``phase-
in'' period is lower in the context of this safe harbor compared to the
risk-based safe harbors because this safe harbor is limited to in-kind
remuneration and does not require the assumption of risk. We allow for
a preparation or ``phase-in'' period in the two risk-based safe harbors
because we recognize that parties to a value-based arrangement may need
to exchange remuneration during a period of time before the VBE
formally takes on downside financial risk in order to prepare the VBE
and the VBE participants for that assumption of risk. The same context
does not exist for the care coordination arrangements safe harbor
because it does not require the assumption of risk. We note, however,
that parties may be able to structure some preparatory arrangements to
fit in this safe harbor, provided that a proper VBE and value-based
arrangement have been established and all other safe harbor
requirements are met, including the requirement that any exchange of
remuneration be used predominantly to engage in value-based activities.
Parties may also look to other potentially available safe harbors for
preparatory arrangements.
Comment: Multiple commenters requested clarification on, and
examples regarding, the types of entities and activities that could
qualify for protection under the care coordination arrangements safe
harbor. For example, a commenter requested that OIG expressly protect
income guarantees for physicians transitioning from traditional
compensation schemes to value-based models.
Response: With respect to the question regarding income guarantees,
income guarantees are not in-kind remuneration and would therefore not
qualify for protection under the care coordination arrangements safe
harbor. While neither exhaustive nor sufficiently detailed to allow for
a comprehensive analysis of the arrangement under the Federal anti-
kickback statute and the care coordination arrangements safe harbor, we
provide the following high-level examples to illustrate arrangements
that could be structured to satisfy the conditions of the care
coordination arrangements safe harbor.
First, to coordinate care and better manage the care of their
shared patients,
[[Page 77726]]
a specialty physician practice may wish to provide data analytics items
(e.g., software designed to present certain data) and services (e.g.,
conducting data analysis) to the primary care physician practice with
which it works closely and from which it receives referrals for
consultations and federally reimbursable items and services. The data
analytics items and services could, for example, identify practice
patterns that deviate from evidence-based protocols or confirm whether
followup care recommended by the specialty physician practice is being
sought by patients or furnished by the primary care physician group.
This provision of data analytics items and services could be structured
to satisfy the care coordination arrangements safe harbor.
Second, hospitals and physicians could work together in new ways to
coordinate and manage care for patients being discharged from the
hospital. The hospital might provide a physician group with care
managers (who identify the physician group's high-risk patients and
help manage patients' care transitions, medications, and home-based
care) to ensure patients receive appropriate followup care post-
discharge; data analytics systems to help the group's physicians ensure
that their patients are achieving better health outcomes; and remote
monitoring technology to alert the group's physicians when a patient
needs a health care intervention to prevent unnecessary emergency room
visits and readmissions.
Third, a medical technology company could partner with physician
practices, to better coordinate and manage care for patients discharged
from a hospital with digitally-equipped devices that collect and
transmit data to the physicians to help monitor the patients' recovery
and flag the need to intervene in real time (e.g., a device that
monitors range of motion that could inform what an appropriate physical
therapy intervention may be). The technology company could provide the
physician group with necessary digital health technology that improves
the physician group's ability to observe recovery and intervene, as
necessary.
We remind parties seeking to structure an arrangement to satisfy
the care coordination arrangements safe harbor that compliance with the
safe harbor requires a fact-specific assessment. In addition, we remind
stakeholders that the advisory opinion process remains available for
parties seeking to determine whether a particular arrangement satisfies
the care coordination arrangements safe harbor or for parties that
would like to request prospective protection for an arrangement that
does not squarely satisfy the terms of the safe harbor.
Comment: A commenter appeared to believe that the statement in the
OIG Proposed Rule that ``each offer of remuneration must be analyzed
separately for compliance with the safe harbor'' \32\ requires each
value-based arrangement to be reviewed by the Department, with the
potential for the Department to deny safe harbor protection for any
proposal.
---------------------------------------------------------------------------
\32\ 84 FR 55708 (Oct. 17, 2019).
---------------------------------------------------------------------------
Response: If there are multiple streams of remuneration flowing
under a single value-based arrangement, the parties would need to
evaluate each such stream separately to assess compliance with the safe
harbor (or, as appropriate, other available safe harbors). In the
context of an enforcement action, the government would likewise analyze
each such stream separately, and consider the totality of the
arrangement, to assess potential liability under the Federal anti-
kickback statute. The care coordination arrangements safe harbor does
not require, nor do any of our other value-based safe harbors require,
the submission of the value-based arrangement to the Department for
review.
Comment: Many commenters urged OIG to align the care coordination
arrangements safe harbor with CMS's value-based exception to the
physician self-referral law, with some asserting that the different
requirements in each would increase regulatory complexity and pose a
barrier to the advancement of value-based care. To facilitate
alignment, commenters suggested that OIG permit monetary remuneration,
remove any contribution requirement, or adopt CMS's definition of
``commercial reasonableness.'' A commenter appeared to request that OIG
and CMS both include a provision requiring a signed agreement.
Response: We aligned our safe harbors with the exceptions being
adopted by CMS as part of the Regulatory Sprint wherever possible. For
the reasons discussed in greater detail in section III.A.1, complete
alignment is not appropriate, including with respect to most of the
provisions of the care coordination arrangements safe harbor referenced
by commenters. In particular, the contribution and exclusion of
monetary remuneration serve to reduce risk of intentional kickback
schemes for reasons explained more fully in the preamble discussions of
each requirement, sections III.B.3.g (contribution requirement) and
III.B.3.e.i (in-kind remuneration). Specific to the recommended
expansion of the safe harbor to protect monetary remuneration, we
continue to believe that providing safe harbor protection for monetary
remuneration presents heightened fraud and abuse risks that outweigh
the potential benefits to Federal health care programs and patients.
This is particularly true where remuneration is exchanged between
parties that are not required to assume substantial financial risk, and
the protected remuneration is not required to be fair market value and
may take into account the volume or value of referrals for the target
patient population. Consistent with this concern, the new safe harbor
for outcomes-based payments at paragraph 1001.952(d)(2), which is
available for monetary remuneration, includes a fair market value
requirement and a limitation on directly taking into account the volume
or value of referrals. With respect to the commenter's request that OIG
and CMS align their respective signed writing requirements, we are
finalizing a requirement that the terms of the value-based arrangement
must be set forth in writing and signed by the parties, and we make
clear that the writing requirement can be satisfied by a collection of
documents, which aligns with the writing requirement in CMS's value-
based exception.
b. Outcome Measures
Summary of OIG Proposed Rule: We proposed to provide flexibility in
selecting outcome measures given the range of arrangements that may be
covered by the proposed safe harbor. We proposed in proposed paragraph
1001.952(ee)(1) to require parties to establish one or more specific
evidence-based, valid outcome measures to serve as benchmarks for
assessing the recipient's performance under the value-based arrangement
and advancement toward achieving the coordination and management of
care for the target population. The measures would not include patient
satisfaction or convenience measures. We expressed our view that
outcome measures should reflect more than maintenance of the status quo
and considered requiring that outcomes measures drive meaningful
improvements in quality, health outcomes, or efficiencies, whether by
driving improvements that are measurable or that are more than nominal
in nature. We indicated that we were considering for the final rule and
solicited comment on whether we should require rebasing of the outcome
[[Page 77727]]
measure (e.g., resetting the benchmark).\33\
---------------------------------------------------------------------------
\33\ 84 FR 55708 (Oct. 17, 2020).
---------------------------------------------------------------------------
Summary of Final Rule: We are finalizing, with modifications, the
outcome measures requirement at paragraph 1001.952(ee)(4). The
modifications are based on public comments. The final rule requires
that the parties to a value-based arrangement establish one or more
legitimate outcome or process measures that the parties reasonably
anticipate will advance the coordination and management of care for the
target patient population based on clinical evidence or credible
medical or health science support. The measure(s) must: (i) Include one
or more benchmarks related to improving, or maintaining improvement, in
the coordination and management of care for the target patient
population; (ii) relate to the remuneration exchanged under the value-
based arrangement; and (iii) not be based solely on patient
satisfaction or patient convenience. The outcome or process measure and
its benchmark must be monitored, periodically assessed, and
prospectively revised, as necessary, so that working towards the
measure continues to advance the coordination and management of care of
the target patient population.
Comment: Commenters generally supported the outcome measures
requirement, as proposed. However, some commenters opposed requiring
the parties to establish outcome measures against which a party would
be measured under a value-based arrangement. For example, the
commenters asserted that requiring the establishment of outcome
measures would be administratively burdensome, would be confusing, and
would not reflect the lack of valid outcome measures for many specialty
practices. Some commenters asked OIG for an exception to the
requirement for small and rural-based VBE participants and Indian
health care providers. A commenter representing Indian health care
providers requested that they be carved out from the outcome measures
requirement because of a concern that the outcome measures would not be
aligned with already reported Tribal outcome measures and would become
an unnecessary administrative burden on understaffed Indian health care
providers. Other commenters suggested that OIG should not finalize the
outcome measures requirement because the writing requirement in the
care coordination arrangements safe harbor is sufficient to protect
against fraud and abuse.
Response: As noted in the OIG Proposed Rule, inclusion of a
meaningful outcome measure in a protected value-based arrangement will
help ensure that the arrangement is designed to advance care
coordination and serves the needs of the target patient population. As
explained below, we have revised the requirement in the final rule to
increase flexibility, broaden options for meeting the requirement, and
reduce administrative burden, including on rural and small providers
and on Indian health care providers. Our revised approach also
addresses the comment regarding lack of standards for specialty
practices because we are not requiring use of industry standard
measures. Specialty practices may create measures using a range of
data, information, and sources, including internally generated data and
information, provided that, among other requirements, the measures are
based on clinical evidence, credible medical support, or credible
health science support, include an appropriate benchmark, and relate to
the remuneration being provided under the arrangement. This last
requirement helps ensure, as we explained in the OIG Proposed Rule,
that the measure bears a close nexus to the value-based activities in
the value-based arrangement and the needs of the target patient
population.
We are not aware of any impediment to Indian health care providers
using existing outcomes measures that they are already required to
report; nothing in the safe harbor requires development of new measures
if existing measures meet the final rule requirements.
We do not agree that a writing requirement is a sufficient
safeguard against fraud or abuse based on our enforcement experience.
While documentation is important for transparency and compliance
verification, it does not prevent fraud or abuse or ensure that
arrangements are carried out in accordance with their terms or serve
their intended purposes.
Comment: Commenters varied in their responses to the terminology we
proposed in the outcome measures requirement (``specific evidenced-
based, valid outcome measures''). For example, commenters asked OIG to
define ``outcome measure'' and ``evidence-based.'' A commenter
supported the concept of ``evidence-based'' outcome measures, stating
that OIG's proposal would provide needed flexibility to allow both
clinical and non-clinical outcome measures and to allow participants to
select up-to-date outcome measures, such as measures related to social
determinants of health. Other commenters pointed out the significant
time and resources needed, particularly for smaller VBEs and VBE
participants, to undertake studies or gather and document evidence for
novel interventions and to develop, implement, and monitor evidence-
based measures. Some commenters explained that using ``evidence-based''
as the standard would chill innovation by precluding innovative models
for which evidence does not already exist or value-based arrangements
that are currently pilots or demonstrations intended to develop
evidence. A commenter expressed concern that conditioning safe harbor
protection on ``valid'' outcome measures was too subjective and
recommended the outcome measures be ``clinically meaningful,'' which
could be based on measurable data or real-world evidence.
Response: We have reconsidered our use of the term ``evidence-
based'' in this rule. Our use of the term may have indicated a level of
scientific rigor and resource investment beyond what we intended for
purposes of this safe harbor, which is intended to be available for
experienced and new entrants into value-based care, including those not
yet ready to assume financial risk, and to promote innovation in care
delivery. We intended to include a standard that captured clinical and
non-clinical measures (including measures related to quality of care,
process improvements, efficiency in care delivery, and social
determinants of health), while also allowing for innovation. We did not
intend to require that protected arrangements be grounded in
experimental research, randomized clinical trials, best available
evidence, or other similar characteristics often associated with the
term ``evidence-based'' in common definitions. We did not intend to be
overly restrictive or to require strict scientific evidence of the
utility of an outcome measure. Having considered the comments, common
definitions, and input from Department experts, we are persuaded that
the term ``evidence-based'' was overly restrictive and not the best
term to describe the outcome measures we envisioned for purposes of
this rule.
We have likewise reconsidered our use of the terms ``valid'' and
``specific'' in the OIG Proposed Rule. These terms dovetailed with our
use of ``evidence-based'' and were intended to convey that the selected
outcome measures needed to be grounded in legitimate, verifiable data,
or other information. That is, we intended that selected measures be
legitimate and not sham measures used to justify an illegitimate
[[Page 77728]]
exchange of remuneration. Our intent is that selected measures be
credible and appropriate for the care coordination and management
purpose of the arrangement. Upon further consideration, the term
``legitimate''--and its common sense meaning--better effectuates our
intent, and we use that term in the final rule.
Accordingly, in this final rule, we are revising the requirement
that parties establish one or more specific evidence-based, valid
outcome measures. Under the final rule, the parties to a value-based
arrangement must establish one or more legitimate outcome or process
measures that the parties reasonably anticipate will advance the
coordination and management of care for the target patient population
based on clinical evidence or credible medical or health science
support. The terms ``clinical evidence or credible medical or health
science support,'' better reflect our intent to have a reasonable,
flexible standard applicable to a wide range of arrangements and to
allow selection of measures based on scientific, clinical, medical,
social science, or industry quality standards, or other legitimate,
verifiable data or information, whether internal to the VBE or
externally generated. By use of the term ``health science'' we intend
to include public health, health informatics, research and development,
and sciences that look at the treatment and prevention of diseases.
Unlike the new protection provided within the personal services and
management contracts safe harbor for outcomes-based payments, in this
safe harbor parties may rely on credible health science as well as
credible medical support, reflecting that this safe harbor covers a
wider variety of care coordination arrangements (including remuneration
in the form of health technology) and protects only in-kind
remuneration, rather than monetary payments, presenting relatively
lower overall risk.
The revised requirement continues to encompass both clinical and
non-clinical measures, and internal or externally generated measures,
and will allow participants to select up-to-date outcome or process
measures over time. Under the final rule, parties will be required to
document the measures they select and the clinical evidence, credible
medical support, or credible health science support upon which they
relied in making the selection by providing a description of the
measures in a signed writing.
Comment: Some commenters requested clarification from OIG regarding
how parties should select outcome measures, and others asked for
additional flexibility in the selection of outcome measures. For
example, parties asked OIG to permit both internally developed
measures, i.e., measures that do not require validation in a medical
journal or by another third-party source, and process-based measures,
such as providing or not providing a specific treatment to improve
patient outcomes or safety. A commenter asserted that outcome measures
should be anticipated to advance the coordination or management of care
of the target patient population rather than the coordination and
management of care of individual patients. Another commenter opposed
the requirement for outcome measures to advance the coordination and
management of care altogether, stating that care coordination is
process-based, not outcomes-based.
Other commenters expressed concern that too much flexibility for
parties to select outcome measures could lead parties to use subjective
measures that do not improve patient outcomes or are otherwise abusive.
A commenter suggested OIG require that: (i) Value-based arrangements
advance the coordination and management of care for the target patient
population; and (ii) in any dispute concerning the applicability of
this safe harbor, the VBE will bear the burden of proving, based upon
objective evidence, that the value-based arrangement advanced the
coordination and management of care of the target patient population.
Some commenters asked OIG to include an express requirement in the
final rule that outcome measures be designed to drive meaningful
improvements in quality, health outcomes, or efficiencies in care
delivery. Others supported a requirement for parties to establish more
than one outcome measure or only measures reflecting the outcomes most
important to patients.
A commenter recommended that parties be able to assess performance
toward achieving outcome measures with respect to the entire patient
population of an integrated delivery system instead of a subset of that
population. A commenter asked OIG to address issues regarding
individual physician participant measurement compared to group
measurement. The commenter expressed concern that individual physicians
may not have sufficient influence on the development of outcome
measures for their target patient population and that physician-level
measures can be challenging to develop (including because of small
sample size and appropriate accountability of individual physicians).
Response: We are modifying the requirement to clarify that parties
must select one or more legitimate outcome or process measures based on
clinical evidence, credible medical support, or credible health science
support. Parties must reasonably anticipate that the measures they
select will advance the coordination and management of the care of the
target patient population, which is the focus of this safe harbor. The
revised measure selection standard offers greater flexibility and
opportunities for innovation over time. The final rule permits clinical
and non-clinical measures, internally or externally developed.
Under the final rule, the outcome or process measures do not need
to be independently validated by a medical or other journal or another
third-party source. They can be process-based, such as, for example, a
measurement of the number of patients with diabetes that had their
blood pressure tested, and we are modifying the regulatory text to
clarify this. Unlike the new protection under the personal services and
management contracts safe harbor for outcomes-based payments, which
requires parties to achieve an outcome measure to receive payment (the
outcome measure may have a process component), the care coordination
arrangements safe harbor measure requirement offers greater
flexibility. It is broader in recognition that the safe harbor: (i)
Protects only in-kind remuneration, such as health technology, for
which process measures may be the most legitimate and useful type of
measure; and (ii) is available to VBE participants that are not taking
on risk for achieving outcomes.
In response to the assertion that outcome measures should be
anticipated to advance the coordination or management of care of the
target patient population rather than the coordination and management
of care, we addressed, and rejected, a similar suggestion in section
III.2.B.g regarding changing ``and'' to ``or'' in the definition of
coordination and management of care. Because the condition requiring
parties to establish outcome measures incorporates the definition of
``coordination and management of care'', it is appropriate to use that
defined term, which, for the reasons offered above, includes an ``and''
rather than an ``or.''
Where available, use of measures validated by a credible third
party would be a prudent practice, but this is not required. We confirm
that parties can select a measure applicable to the entire target
patient population or select a different outcome or process measures
for different segments of the target patient population (e.g., the
measure for
[[Page 77729]]
organ transplant patients within a target patient population may differ
from the appropriate measure for a non-transplant patient). In such
circumstances, the parties must (among other criteria) reasonably
anticipate that all such measures collectively will advance the
coordination and management of care for the entire target patient
population. With respect to selecting the target patient population, we
refer readers to that section of this preamble, section III.B.2.c.
We are further modifying our proposed rule to respond to the
comments and our own concerns regarding parties selecting measures in a
way that does not improve patient care or that could be abusive. In the
OIG Proposed Rule, we considered requiring that outcome measures drive
meaningful improvements in quality, health outcomes, or efficiencies,
whether by driving improvements that are measurable or that are more
than nominal in nature. We expressed concern about measures that merely
reflected the status quo. Arrangements that merely drive nominal change
or reflect only the status quo could be less likely to serve the care
coordination aims of this rulemaking and more likely to be vehicles to
reward referrals than arrangements in which parties receive
remuneration designed to drive meaningful, more than nominal, change in
patient care.
Accordingly, under the final rule, the outcome or process measures
must include one or more benchmarks related to improvements in, or the
maintenance of improvements in, the coordination and management of care
for the target patient population. The measures must relate to the
remuneration exchanged under the value-based arrangement so that there
is a close nexus between the value-based activities under the
arrangement and what the parties are measuring. Further, the measures
cannot be based solely on patient satisfaction or patient convenience,
both of which can be subjective, uninformative with respect to quality
or efficiency of care, and gamed with relative ease, including through
use of rewards or incentives to patients. On this last point, we are
aware that some legitimate patient satisfaction or patient convenience
measurement tools provide valuable information to providers and others
managing patient care. This safe harbor does not preclude use of such
tools (or any other form of measurement) as parties to value-based
arrangements see fit and find useful. But patient satisfaction or
patient convenience cannot be the only measure for purposes of
satisfying the safe harbor. Lastly, we are finalizing a requirement for
monitoring, periodically assessing, and prospectively revising an
outcome or process measure and its benchmark, as necessary, as
described below. This suite of requirements, taken together, is
intended to reduce the likelihood of abuses and ensure that the
selected measures relate to the protected remuneration and aim to
foster meaningful advancements in the coordination and management of
care.
Our revisions to the outcomes measure provision should address the
concerns raised regarding measurement at the individual or group
levels. This rule provides flexibility for parties to design legitimate
measures appropriate to the arrangement, using internal or external
data, and to account for characteristics such as available sample size
and ability of individual physicians to effect change. It is up to the
parties to determine which individual or entity that is a party to the
arrangement, e.g., a VBE participant, is accountable for assessing
progress on measures.
We are not prescribing how many measures parties must use; while we
anticipate value-based arrangements often would have more than one
outcome or process measure (or measures that include process measures
as a component of an outcome measure), some arrangements may lend
themselves to only one measure. Additionally, we are not requiring that
parties use only measures related to those outcomes or processes most
important to patients or that value-based arrangements must, in fact,
successfully advance the coordination and management of care for the
target patient population. The standard we are finalizing is designed
to encourage the selection of outcome and process measures that will
result in improved care for patients. To the comment about the VBE's
burden of proof in matters of dispute about the safe harbor, as with
all safe harbors in the criminal Federal anti-kickback statute, any
party seeking to avail themselves of the protection of a safe harbor
generally bears the burden of proof that they meet the requirements of
the safe harbor.
Comment: Some commenters expressed concern regarding whether
parties must meet the outcome measures in order to have safe harbor
protection, with a few commenters stating such a requirement would
disadvantage providers treating higher-risk patient populations who may
be less likely to meet outcome measures.
Response: We clarify that under the final rule, for purposes of
this safe harbor, parties need not successfully achieve the outcome or
process measure they select to qualify for safe harbor protection (and
if they select more than one, they need not meet any of them). However,
parties will need to monitor and periodically assess their arrangements
and potentially revise measures and benchmarks, as described below.
This will ensure that the selected measures remain a meaningful tool to
advance care coordination goals. Without the requirement to establish
and track progress toward achieving measures, the risk increases that
parties could abuse the care coordination arrangements safe harbor to
inappropriately drive referrals rather than patient care improvement.
We recognize that, despite best efforts, parties to a value-based
arrangement may not always achieve their selected measures due to a
variety of factors, such as uncertainty of patient behavior, lack of
control of results by a VBE participant, or misjudgments.
We note a key distinction between this safe harbor and the
protection of outcomes-based payments under the personal services and
management contracts safe harbor. The personal services and management
contracts safe harbor requires that agents achieve the outcome measure
established for their payments in order to receive those payments. This
is in keeping with a core purpose of the outcomes measure, which is to
be the basis for a party to receive a protected outcomes-based payment.
Comment: A commenter supported adding a requirement for parties to
make information regarding any outcome measures they establish
transparent to the public.
Response: We are not requiring that the outcomes or process
measures for value-based arrangements be made public under this safe
harbor, although parties are free to do so. We did not propose a public
transparency requirement and do not finalize one here. We recognize
transparency serves important accountability and integrity goals.
Consequently, we have included other conditions in the final safe
harbor intended to foster transparency while balancing the potential
burden on the parties seeking safe harbor protection. With respect to
outcome or process measures, we are finalizing the requirement that
parties include a description of the measures in a signed writing and
make available to the Secretary, upon request, all materials and
records sufficient to establish compliance with the conditions of the
care coordination arrangements safe harbor.
Comment: Several commenters stated that OIG should not require the
use of
[[Page 77730]]
measures from CMS's Quality Payment Program (QPP) in the outcome
measure requirement, arguing that existing QPP measures are inadequate
for many specialties. Some commenters suggested OIG could encourage,
but not require, participants to utilize the criteria for the QPP
measures as a framework for establishing outcome measures.
Alternatively, some commenters requested that OIG require the use of
certain measures, such as measures promulgated by the National Quality
Forum, or require all quality and cost measures to be independently
assessed and approved by a third-party, multi-stakeholder organization.
Response: To provide flexibility and avoid triggering concerns that
any specified measures may be inadequate or inappropriate for certain
types of individuals or entities (e.g., specialists), we are not
requiring parties to utilize QPP measures or measures developed by any
particular organizations or to receive third-party approval for the
measures. Parties may use these measures at their discretion for
purposes of this safe harbor.
Comment: Several commenters encouraged OIG to allow patient
satisfaction and experience of care measures, such as timeliness of
care, to qualify as outcome measures under the care coordination
arrangements safe harbor. Along these same lines, a commenter suggested
that OIG include patient satisfaction and efficiency of care measures,
such as creating systems that prevent visits to the emergency room (for
example, rapid outpatient testing and evaluation services) that would
improve outcomes and reduce costs. This commenter observed that
satisfied patients are more likely to keep follow up appointments and
be compliant with care. Some commenters asserted that patient
satisfaction and experience measures reflect quality of care and noted
that CMS recognizes patient satisfaction as a quality measure that
affects reimbursement. Other commenters supported using convenience
measures, such as the availability of treatment times or timeliness of
patient's access to care, as outcome measures because they asserted
that patient adherence to treatment improves when care is convenient.
Another commenter stated that, while convenience, alone, may not be a
valid measure, OIG should permit parties to use convenience measures
when they are tied to other measures, such as utilization. On the other
hand, some commenters did not consider patient satisfaction or
convenience to be a valid outcome measure, noting a lack of evidence
tying patient satisfaction to better clinical outcomes.
Response: The commenters variously describe efficiency of care,
patient satisfaction, patient convenience, and patient experience of
care measures. As explained elsewhere, we have modified the outcomes
measures requirement to include process measures, which addresses the
commenters' suggestions regarding experience of care and efficiency of
care measures, such as rapid access to outpatient testing and
evaluation services. To assist commenters in appropriately categorizing
their outcome or process measures, we provide additional clarification
on patient satisfaction, patient convenience, and patient experience
measures. For purposes of this rulemaking, patient satisfaction is
about whether a patient's expectations for a health care encounter were
met, e.g., a patient's assessment of the responsiveness of hospital
staff. Different patients with different expectations can experience
the exact same care but report different degrees of satisfaction.\34\
Patient convenience could include measures that assess patient access
to care and accessibility of care, or the factors involved in arranging
for the provision of care, e.g., the distance or proximity to a site of
care or the hours during which care can be obtained.
In applying our regulation, patient experience can involve finding
out whether something that should happen in a health care setting
happened, for example, whether all hospital discharge planning
protocols were followed for certain patients. Patient experience
measures can overlap with patient satisfaction or convenience measures;
in particular, patient satisfaction or patient convenience could be a
sub-part of a patient experience measure. Accordingly, whereas patient
satisfaction or patient convenience cannot be the sole measure for
purposes of the care coordination arrangements safe harbor, the same
may not be true for patient experience measures, depending on the facts
and circumstances.
As stated in the OIG Proposed Rule, we are concerned that patient
satisfaction and patient convenience measures may not reflect actual
improvement in the quality of patient care, health outcomes, or
efficiency in the delivery of care. In some cases, such measures can be
subjective, uninformative with respect to quality or efficiency of
care, and potentially gamed with relative ease, including through use
of rewards or incentives to patients. That said, some patient
satisfaction or patient convenience measurement tools provide valuable
information to government programs, providers, and others managing
patient care. This safe harbor does not preclude use of such tools (or
any other form of measurement) as parties to value-based arrangements
see fit and find useful. As noted previously, while patient
satisfaction or patient convenience cannot be the sole measure for
purposes of the care coordination arrangements safe harbor, patient
satisfaction or patient convenience can be tied to other legitimate
measures or can exist alongside such other measures.
Comment: Several commenters encouraged OIG not to require regular
rebasing of outcome measures, and in particular, they opposed specific
timing for when parties must rebase these measures. These commenters
asserted that any timing requirement would be arbitrary, might
discourage participation in value-based arrangements, or may not be
clinically appropriate in all circumstances. A commenter expressed
concern that requiring rebased outcome measures could lead to the
unintended consequence of providers abandoning proven care coordination
programs once they have achieved a maximized performance level. On the
other hand, some commenters supported this requirement; for example, a
commenter supported rebasing pursuant to a specified timeframe, such as
every year, as long as the VBE participants determined that rebasing is
feasible.
Response: In the OIG Proposed Rule, we considered whether to
require parties to rebase outcomes measures (i.e., reset benchmarks
used to determine whether the outcome measure was achieved) where
rebasing is feasible. We indicated our intent to consider specifying a
timeline for rebasing or requiring that it be done periodically. We
solicited comments on whether rebasing should depend on the type of
outcome measure or the nature of the arrangement. We also explained in
the preamble to the OIG Proposed Rule that revisions to outcomes
measures (i.e., modification of outcomes measures) would need to
continue to incentivize the recipient of the remuneration to make
meaningful improvements. We expressed concern that retrospective
revisions could obscure a lack of meaningful improvement.
Upon further consideration of the terminology in the OIG Proposed
Rule, we conclude that we can best express our intended policy by using
the term ``revise'' rather than ``rebase'' in the final rule. The term
``revise'' has a broader common meaning and better reflects the goal
that measures be
[[Page 77731]]
changed or updated to advance improvements in care coordination. In
addition, we view ``rebase'' as a subcategory of ``revise''; in other
words, we recognize that the rebasing of benchmarks may be the best way
to ``revise'' the measure. Because we intended for parties to have the
flexibility to either ``revise'' measures, i.e., modify or update
measures to advance improvements in care coordination, or ``rebase''
benchmarks, and because ``revise'' could serve as an umbrella term
which would include ``rebase,'' we believe ``revise'' encapsulates our
intent.
In practice, parties can meet the requirement by revising the
measure itself or by rebasing the benchmarks for the measure. We
recognize that rebasing may not be necessary for all legitimate outcome
or process measures that advance the coordination and management of
care for a target patient population. For the final rule, measures must
be monitored, periodically assessed, and prospectively revised as
necessary to ensure that the measure and its benchmark continues to
advance the coordination and management of care of the target patient
population. We emphasize that any revisions must be prospective, not
retrospective.
We are requiring a periodic assessment and, as necessary based on
such assessment, revision of outcome or process measures and
benchmarks. Recognizing that different measures should be assessed on
different timelines, we are not implementing a specific timeframe for
assessing or revising measures, as in some cases, outcome measures
could be reviewed annually, whereas for others significant benefits to
patients could reasonably take 2 to 3 years to achieve.
As evidenced by the above discussion, we are also finalizing a
requirement for parties to a care coordination arrangement to have one
or more benchmarks for each outcome or process measure that are related
to improving or maintaining improvements in the coordination and
management of care of the target patient population. Benchmarks help
ensure that the remuneration exchanged pursuant to the value-based
arrangement continues to drive meaningful improvements, or the
maintenance of improvements, in the coordination and management of care
for the target patient population.
Comment: Some commenters opposed a requirement for payors to
identify outcome measures, positing that such a top-down approach would
limit providers that are best situated to identify value-driving
activities and may be impractical when payors are not parties to a
value-based arrangement. Another commenter suggested that the adoption
of payor-identified outcome measures by a VBE should be a favorable
factor when evaluating a value-based arrangement for compliance with
the proposed safe harbor. According to the commenter, payors have
unique capabilities to: (i) Give providers the information they need to
identify patient populations that may benefit most from management and
care coordination interventions; and (ii) recommend benchmarks based on
experience and access to data that are used to assess outcome measures.
Response: The final rule allows, but does not require, the use of
payor-driven or developed outcome measures. Parties are free to use
payor measures if they find them useful or if doing so is required by a
payor.
Comment: We solicited comments on using a different outcomes
measures standard for information technology than for other care
coordination arrangements. Commenters were generally supportive of an
alternative standard, such as an adoption and use standard, stating
that it would allow more flexibility, which is important for
arrangements that are centered on an ever-changing and developing
industry. At least one commenter suggested language for this
alternative standard, namely, ``the parties determine in good faith
that the technology is expected to meaningfully advance achievement of
the targeted health outcomes, patient care quality improvements, or the
appropriate reduction in costs . . . [etc.],'' while another commenter
suggested that VBE participants should have the option, but not be
required, to designate utilization and adoption measures in IT
arrangements as alternatives to outcome measures. A commenter who
supported the use of alternative measures for IT advocated against
OIG's proposal to implement a time frame after which the recipient of
IT would be required to pay fair market value for continued use of the
IT, stating that suddenly requiring fair market value payments may
unnecessarily cause drastic and costly changes to an entire system and
could disrupt continuity of care.
Response: The final rule for establishing the required outcomes or
process measures is flexible enough to address information technology
arrangements. Legitimate process measures (including use and adoption)
or performance measures can be used so long as the parties reasonably
anticipate that the measures will advance the coordination and
management of care of the target patient population and the benchmark
and other requirements are met. No separate outcome measures
requirement is needed for information technology arrangements. We are
not finalizing our proposal that outcomes measures be evidence-based,
which we acknowledged could have been a difficult standard for some
information technology arrangements. Measures must be selected based on
clinical evidence or credible medical or health science support. This
support may be based on external sources or generated internally. The
specific addition of health science as a basis for selection reflects
our intent, among other things, to allow remuneration in the form of
information technology under the care coordination safe harbor. Since
we are not including an IT-specific standard, we are not placing a time
limit on the use of IT-related remuneration in care coordination
arrangements. In light of our modifications to the measurement standard
and other safeguards against fraud and abuse in the safe harbor,
adopting the additional requirements we considered in the OIG Proposed
Rule related to outcomes measures for the exchange of health
information technology is not necessary.
c. Commercial Reasonableness
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ee)(2) to require that the value-based arrangement pursuant to
which the remuneration is exchanged be commercially reasonable,
considering both the arrangement itself and all value-based
arrangements within the VBE. We indicated that we were considering for
the final rule whether to define a ``commercially reasonable
arrangement'' as an arrangement that would make commercial sense if
entered into by reasonable entities of a similar type and size, even
without the potential for referrals. We solicited comments on the need
for a definition of a ``commercially reasonable arrangement.''
Summary of Final Rule: We are finalizing, without modification, our
proposed requirement at paragraph 1001.952(ee)(2). We are not defining
a ``commercially reasonable arrangement'' in the final rule.
Comment: Some commenters supported a commercial reasonableness
requirement while others opposed it. Several commenters noted that this
requirement is inconsistent with the value-based arrangements exception
to the physician self-referral law, which does not require that the
value-based arrangement be commercially reasonable. Others emphasized
that the
[[Page 77732]]
standard introduces complexity and uncertainty that may require parties
to consult with legal counsel, with some of these commenters asserting
that this burden could have a disproportionate impact on small and
rural providers.
Response: In the context of care coordination arrangements where
parties are not required to take on financial risk, the remuneration
does not need to be consistent with fair market value, and the
remuneration may take into account the volume of patients in the target
patient population or the value of referrals or other business
generated between the parties resulting from referrals of the target
patient population, we believe requiring the value-based arrangement to
be commercially reasonable is an important safeguard to ensure that
safe harbor protection is limited to remuneration exchanged pursuant to
value-based arrangements that are designed and implemented to achieve
legitimate objectives rather than merely to induce or reward referrals.
The commercial reasonableness requirement focuses on ensuring that
parties structure the terms of their value-based arrangement, including
but not limited to the amount of the remuneration, in a manner that is
calibrated to achieve the parties' legitimate business purposes. For
example, as described in the OIG Proposed Rule, if VBE participants
were to enter into a value-based arrangement to facilitate the sharing
of patient-outcome data, it may be commercially reasonable for a
hospital VBE participant to donate technology to a group practice VBE
participant to facilitate this process. However, it may not be
commercially reasonable for that same hospital VBE participant to
donate technology substantially more sophisticated, or with enhanced
functionality, beyond that necessary for communicating data on shared
patients between the two parties.\35\ We are concerned that, absent the
commercial reasonableness requirement, the other conditions in this
safe harbor will not sufficiently mitigate the risk of one party
offering more remuneration than is necessary, such as in the example
above, to reward the other party for referrals of target patient
population patients, which is why we are finalizing the requirement in
this final rule that the value-based arrangement itself be commercially
reasonable. Further, the commercial reasonableness requirement is the
only safeguard in the care coordination arrangements safe harbor that
directly addresses the risk that parties might use a series of value-
based arrangements to effectuate a payment-for-referral scheme. For
this reason, we are finalizing the second prong of the commercial
reasonableness requirement that the value-based arrangement must be
commercially reasonable when considering all value-based arrangements
in the VBE.
---------------------------------------------------------------------------
\35\ 84 FR 55709. In the OIG Proposed Rule, we noted in
connection with this example that nothing would prevent the donation
of technology with enhanced functionality when a value-based
arrangement requires that capability or when technology without that
functionality is not practicable.
---------------------------------------------------------------------------
In sum, the commercial reasonableness requirement in this safe
harbor: (i) Helps to ensure that the value-based arrangement, and all
value-based arrangements within in the VBE, serve legitimate
objectives; (ii) mandates that parties structure the terms of their
value-based arrangement, including but not limited to the amount of the
remuneration, in a manner that is calibrated to achieve the parties'
legitimate business purposes; and (iii) reduces the likelihood that the
value-based arrangement might be a payment-for-referral scheme.
With respect to the complexities associated with assessing
commercial reasonableness and the potential need to consult with legal
counsel, we appreciate those concerns and note that the inclusion of a
commercial reasonableness condition in safe harbors is not new. Several
existing safe harbors require protected remuneration to be commercially
reasonable. We believe parties, including small and rural providers,
can apply this concept and that including it as a condition of this
safe harbor will not impose significant additional burden.
In response to those commenters who noted that the proposed safe
harbor is inconsistent with CMS's proposed exception for value-based
arrangements, we note that CMS's exception for value-based arrangements
(42 CFR 411.357(aa)(3)), as finalized, includes a commercial
reasonableness requirement.
Comment: A commenter asserted that the move to value-based care
helps to eliminate many of the program integrity concerns that OIG
might seek to address through a commercial reasonableness requirement.
Response: We agree that a shift to value-based payment models may
curb some of the traditional program integrity concerns associated with
a fee-for-service payment system. However, this safe harbor offers
protection for care coordination arrangements without requiring that
the parties assume financial risk or otherwise participate in a value-
based payment model. As a result, the traditional program integrity
risks resulting from fee-for-service payment are likely to persist. For
example, we are concerned that, in some circumstances and in the
absence of safe harbor guardrails, remuneration furnished pursuant to a
value-based arrangement may lead to overutilization, corruption of
practitioners' medical judgment, inappropriate patient steering, or
unfair competition. By requiring the value-based arrangement to be
commercially reasonable with respect to both the arrangement itself and
all value-based arrangements within the VBE, this condition helps to
safeguard against these program integrity concerns by requiring that
the terms of the value-based arrangement be calibrated to achieve the
parties' legitimate business purposes.
For example, we explained in the OIG Proposed Rule that a single
value-based arrangement in which a hospital VBE participant provides a
necessary number of care coordinators for the target patient population
to a SNF VBE participant may be commercially reasonable. However, if a
VBE includes multiple similar value-based arrangements, each of which
involves the same hospital VBE participant furnishing care coordinators
to the same SNF VBE participant for the same or a similar target
patient population, the commercial reasonableness of the remuneration
exchanged within the value-based arrangements in the aggregate may be
suspect if it lacks a legitimate business purpose.\36\ This arrangement
could lead to the program integrity concerns identified above (e.g.,
inappropriate patient steering) and, absent a commercial reasonableness
requirement, the conditions of the safe harbor might otherwise be met.
---------------------------------------------------------------------------
\36\ 84 FR 55709.
---------------------------------------------------------------------------
Comment: Some commenters asserted that a commercial reasonableness
requirement will create an obstacle to value-based care. Others
asserted that few arrangements would ever satisfy this criterion
because value-based arrangements do not make any commercial sense
without the potential for referrals. These commenters noted that
changes in referral patterns alone are not the goal of a value-based
arrangement but that they may well be the consequence.
Response: We are not persuaded that a commercial reasonableness
requirement will impede the transition to value-based care. We believe
that it is eminently feasible to structure value-based arrangements to
meet the commercial reasonableness requirement by ensuring that the
terms of the value-
[[Page 77733]]
based arrangement, and all value-based arrangements within the VBE, are
reasonably calculated to achieve the VBE participants' legitimate
business purposes.
The framing of the commercial reasonableness condition in the final
rule, which allows for the possibility of referrals, addresses the
commenters' concerns. Specifically, we recognize that a value-based
arrangement may, and often will, result in referrals. The commercial
reasonableness requirement is intended to ensure that the terms of the
value-based arrangement, considering both the arrangement itself and
all value-based arrangements within the VBE, are calibrated to achieve
the value-based purpose(s) of the arrangement, not the generation of
referrals. We agree with the commenters' related assertion that changes
in referral patterns alone are not the goal of a value-based
arrangement but may be the consequence.
For example, a value-based arrangement that provides remuneration
in excess of what is reasonably necessary to coordinate and manage the
care of the target patient population, as contemplated by the terms of
that arrangement, would not be commercially reasonable. Likewise, terms
that are calibrated to secure referrals, rather than to achieve the
value-based purposes of the value-based arrangement, would result in an
arrangement that is not commercially reasonable for purposes of this
safe harbor. The mere fact that referral patterns may change as a
result of a value-based arrangement does not necessarily preclude the
arrangement from meeting the commercial reasonableness requirement.
Comment: With respect to whether we should adopt a definition for a
commercially reasonable arrangement, several commenters expressed
support, but these commenters did not agree on a definition. Some
commenters supported the definition presented in the preamble to the
OIG Proposed Rule, which defined a ``commercially reasonable
arrangement'' as an arrangement that would make commercial sense if
entered into by reasonable entities of a similar type and size, even
without the potential for referrals. Others encouraged us to adopt
CMS's proposed definition, which states that commercially reasonable
means the particular arrangement furthers a legitimate business purpose
of the parties and is on similar terms and conditions as like
arrangements. Other commenters suggested that OIG should focus on
whether the arrangement makes ``value-based'' sense in the context of a
value-based arrangement instead of whether it makes ``commercial''
sense. Other commenters provided alternative definitions that varied in
scope. A commenter asserted that the definition should not preclude
consideration of referrals not covered by Medicare.
Commenters also requested various clarifications and affirmative
statements from OIG, including that: (i) Commercial reasonableness
refers primarily to the non-financial elements of a transaction or
arrangement while the concept of fair market value addresses the
financial aspects, and (ii) an arrangement may be commercially
reasonable even if it operates at a loss.
Response: While we are not adopting a definition of ``commercially
reasonable arrangement,'' we appreciate commenters' requests for
guidance. There are multiple dimensions to commercial reasonableness,
including both the financial and non-financial terms of an arrangement.
The fact that an arrangement generates a loss for a party is one
factor, among many, that could be considered in analyzing whether an
arrangement is commercially reasonable. An arrangement may be
commercially reasonable even if it does not result in profit for one or
more of the parties. Any determination whether a particular value-based
arrangement is commercially reasonable would be based on the totality
of the facts and circumstances of such arrangement, and the financial
aspects of the value-based arrangement would be relevant to that
inquiry.
With respect to the assertion that the commercial reasonableness
definition should not preclude consideration of referrals of non-
Medicare business, as we stated above, we are not adopting this
definition. We reiterate that the commercial reasonableness requirement
in this safe harbor requires that the VBE participants structure the
terms of the value-based arrangement in a manner that is calibrated to
achieve the parties' legitimate business purposes. We also reiterate
our longstanding guidance that arrangements that do not involve
referrals of Federal health care program beneficiaries or business
generated by Federal health care programs may implicate the Federal
anti-kickback statute by disguising remuneration for Federal health
care program business through the payment of amounts purportedly
related to non-Federal health care program business. Arrangements with
this type of disguised remuneration would not be calibrated to achieve
a legitimate business purpose and would thus not be commercially
reasonable. Whether any particular arrangement reflects this type of
disguised remuneration would depend on the specific facts of the
arrangement.
Comment: Some commenters asserted that the definition of
``commercially reasonable arrangement'' in the preamble to the OIG
Proposed Rule, which considered defining such an arrangement as one
that would make commercial sense if entered into by reasonable entities
of a similar type and size, even without the potential for referrals,
is inconsistent with OIG's prior commentary relating to the requirement
in certain other safe harbors that the remuneration must be reasonably
necessary to accomplish the commercially reasonable business purpose of
the arrangement.
Response: We are not further defining a ``commercially reasonable
arrangement'' in this final rule, beyond the test for commercial
reasonableness articulated in the regulatory text (i.e., that
commercial reasonableness must be evaluated by considering both the
value-based arrangement itself and all value-based arrangements within
the VBE). As explained above, the test for commercial reasonableness is
tailored to this particular safe harbor for care coordination
arrangements and is meant to be both flexible to allow for innovative
arrangements that serve legitimate objectives and sufficiently
constrained to limit the risk of schemes to pay for referrals. That
said, our prior guidance remains instructive on the application of the
term ``commercially reasonable'' in the safe harbor context,
particularly with respect to having a legitimate business purpose.\37\
---------------------------------------------------------------------------
\37\ See, e.g., Medicare and State Health Care Programs: Fraud
and Abuse; Clarification of the Initial OIG Safe Harbor Provisions
and Establishment of Additional Safe Harbor Provisions Under the
Anti-Kickback Statute; Final Rule, 64 FR 63518, 63425 (Nov. 19,
1999) available at https://oig.hhs.gov/fraud/docs/safeharborregulations/getdoc1.pdf.
---------------------------------------------------------------------------
d. Writing
Summary of OIG Proposed Rule: We proposed in proposed paragraph
1001.952(ee)(3) to require that each value-based arrangement, pursuant
to which the remuneration is exchanged, be set forth in a signed
writing, established in advance of, or contemporaneous with, the
commencement of the value-based arrangement or any material change to
the value-based arrangement. We proposed in the same paragraph that the
writing state, at a minimum: (i) The value-based activities to be
undertaken
[[Page 77734]]
by the parties to the value-based arrangement; (ii) the term of the
value-based arrangement; (iii) the target patient population; (iv) a
description of the remuneration; (v) the offeror's cost for the
remuneration; (vi) the percentage of the offeror's cost contributed by
the recipient; (vii) if applicable, the frequency of the recipient's
contribution payments for the offeror's ongoing costs; and (viii) the
specific evidence-based, valid outcome measure(s) against which the
recipient would be measured.
Summary of Final Rule: We are finalizing, with modifications, the
writing requirement in paragraph 1001.952(ee)(3). The following
modifications respond to public comments: (i) The writing requirement
can be satisfied by a collection of documents; (ii) parties must
document the fair market value of the remuneration or, alternatively,
the offeror's cost of the remuneration and the accounting methodology
utilized to determine such cost; and (iii) parties must document the
value-based purpose(s) of the value-based activities provided for in
the value-based arrangement. We are also clarifying that the terms of
the value-based arrangement must be established in advance of, or
contemporaneous with, the commencement of the value-based arrangement
``and any material change,'' instead of ``or any material change.'' In
the preamble to OIG Proposed Rule, we described a writing requirement
that would promote transparency of the value-based arrangement, both at
its commencement and when there is a material change. These are the
logical junctures where the writing requirement particularly serves its
transparency purposes. Our proposed regulatory text did not make clear
that the writing was needed at both junctures; our modifications more
clearly express that policy. Lastly, we are modifying the writing
requirement for consistency with changes to the language of the outcome
and process measures condition, discussed in section III.3.b. The
remaining requirements of the writing requirement are finalized as
proposed.
Comment: While several commenters expressed support for the writing
requirement, numerous commenters were concerned that this requirement
does not afford parties the flexibility to document their value-based
arrangement in a ``collection of documents'' and instead requires a
single signed writing.
Response: We have revised the writing requirement to permit a
``collection of documents'' approach in response to commenters'
concerns. To receive safe harbor protection, the terms of the value-
based arrangement must be set forth in writing and signed by the
parties in advance of, or contemporaneous with, the commencement of the
value-based arrangement and any material change to the value-based
arrangement. Under this approach, parties are not required to have a
single, signed writing setting forth the terms of the agreement, but
there must be either a single, signed writing or a collection of
documents in place--in advance of, or contemporaneous with, the
commencement of the value-based arrangement--in order to meet this
condition. In addition, if any material term (e.g., an outcome or
process measure) changes during the course of the value-based
arrangement, the parties would need to set forth such changes in a
signed writing or collection of documents in advance of, or
contemporaneous with, the commencement of the modified value-based
arrangement. We note that, while the terms do not need to be set forth
in a single, signed writing, we believe this approach is a best
practice from a compliance perspective.
Comment: A commenter requested that OIG permit a VBE to sign the
writing required by this safe harbor on behalf of all parties to the
applicable value-based arrangement because, according to the commenter,
it would be challenging to arrange for all parties to sign a single
document in advance of the commencement of the value-based arrangement.
Response: We decline to adopt the commenter's suggestion. To
promote transparency and accountability, each value-based arrangement
must be set forth in writing and signed by all parties to the value-
based arrangement. While the VBE may be a signatory to the value-based
arrangement, its signature alone would not meet the writing requirement
for this or any of the other value-based safe harbors. We believe there
is sufficient flexibility in this requirement insofar as we do not
require the writing to be a single document (i.e., the parties can sign
separate documents), and we allow it to be signed in advance of, or
contemporaneous with, the commencement of the value-based arrangement.
Comment: Some commenters disagreed with the proposed writing
requirement, stating that it was burdensome, was too prescriptive, or
would increase the risk of inadvertent non-compliance. Commenters took
particular issue with the requirement that parties document the
offeror's cost for the remuneration. A commenter asserted that this
provision is unnecessary in light of the condition to maintain and make
available to the Secretary, upon request, all materials and records
sufficient to establish compliance with the conditions of this safe
harbor, while at least two commenters expressed concern that it could
result in the inappropriate disclosure of competitively sensitive
information. One such commenter provided the example of an offeror that
might furnish certain in-kind remuneration to a VBE participant to
benefit the VBE and further its value-based purpose, but who might want
to offer the same in-kind remuneration to the recipient at market rates
for use in other lines of business. According to the commenter, it
would be commercially unreasonable to require the offeror to disclose
its cost structure and requested that we allow parties to satisfy this
condition through a written representation that the contribution amount
equals at least 15 percent of the offeror's cost.
Response: We are not persuaded that our writing requirement is
overly prescriptive or burdensome, rather it is an essential safeguard.
The required contents are of the kind commonly part of business
agreements: The parties, purposes, services, financial and business
terms, duration, and metrics. In addition, for safe harbor purposes, we
view the requirement that the writing set forth the offeror's cost for
the remuneration or the fair market value of the remuneration--detailed
in section III.B.3.g--as a material term to the parties' arrangement
because of the safe harbor's 15 percent contribution requirement. The
inclusion of this term in the writing ensures a transparent
understanding of the arrangement agreed to by the parties.
Accordingly, we are finalizing the writing requirement, including a
requirement that parties document: (i) Either the fair market value of
the remuneration or the offeror's cost of the remuneration, dependent
upon the methodology used by the parties to determine the contribution
amount; and (ii) the percentage and amount contributed by the
recipient. Consistent with revisions to the contribution requirement
methodology discussed in detail in section III.B.3.g, we require that
parties who choose to document the offeror's cost of the remuneration,
instead of the fair market value, also must document the reasonable
accounting methodology used to calculate such costs.
We believe requiring parties to calculate and document the
contribution amount based on the fair
[[Page 77735]]
market value of the remuneration or the offeror's cost of the
remuneration addresses commenters' confidentiality concerns and, for
this reason, we are not adopting the commenter's suggestion to use
written representations of the offeror's cost for the purposes of
satisfying the writing requirement. We understand that information
relating to an offeror's cost may include proprietary or competitively
sensitive information that parties might not wish to put in their
written agreements. We do not believe the same holds true for fair
market value.
In response to commenters' concerns that the writing requirement
increases the risk of inadvertent non-compliance, we note that our
modification to permit a collection of documents to satisfy the
requirement should help address compliance concerns by incorporating
more flexibility in this requirement. Further, should an arrangement
inadvertently fail to comply with a safe harbor condition that would
not mean that the arrangement violates the Federal anti-kickback
statute. Rather, the arrangement would not have safe harbor protection
and would need to be analyzed based on its facts, including the intent
of the parties, for compliance with the statute.
Comment: A commenter requested that we address how parties to a
value-based arrangement would need to document a value-based
arrangement's value-based purpose.
Response: We did not expressly propose--as part of the writing
requirement--that the parties document the value-based purpose(s) of
the value-based activities provided for in the value-based arrangement.
However, such requirement, which we are including in the final rule,
effectuates our intent and logically flows from the intersection of the
following proposals, each which is finalized here: (i) That the writing
state, among other things, the value-based activities to be undertaken
by the parties to the value-based arrangement; (ii) the ``value-based
activity'' definition, which would require, in part, that the activity
is reasonably designed to achieve at least one value-based purpose of
the value-based enterprise; and (iii) the requirement that protected
remuneration be used predominantly to engage in value-based activities
that are directly connected to the coordination and management of care
for the target patient population. In particular, it seems sensible
that in describing the value-based activity--which, by definition, are
reasonably designed to achieve at least one value-based purpose of the
value-based enterprise--and to confirm that one purpose is the
coordination and management of care, the writing would specify the
value-based purpose that the activities are designed to achieve.
Consequently, we finalize a condition requiring that parties
document the value-based purpose(s) of the value-based activities
provided for in the value-based arrangement as part of the required
writing. In particular, we view the documentation of the value-based
purpose(s)--and specifically, documentation of the care coordination
and management of care purpose--to be an important component of a
writing designed to ensure transparency and accountability.
e. Limitations on Remuneration
i. In-Kind Remuneration
Summary of OIG Proposed Rule: We proposed that the remuneration
exchanged must be in-kind under the proposed condition at paragraph
1001.952(ee)(4)(i).
Summary of Final Rule: We are finalizing, without modification, the
requirement that the remuneration be in-kind, and moving it to
paragraph 1001.952(ee)(1)(i).
Comment: While some commenters supported limiting protection under
the care coordination arrangements safe harbor to in-kind remuneration,
a number of commenters requested that OIG expand the safe harbor to
protect monetary remuneration of any amount or, alternatively, monetary
remuneration up to a certain amount annually. Many commenters asserted
that the proposed safe harbor would not protect financial arrangements
that incentivize behavior change, such as shared savings payments or
payments to adhere to care protocols, and further asserted that the
other safeguards in the safe harbor are sufficient to protect against
fraud and abuse. A commenter suggested that OIG only protect shared
savings distributed after the VBE has satisfied its expenses. Some
commenters requested that the safe harbor protect monetary remuneration
distributed under upside-only risk arrangements, particularly where the
remuneration is tied directly or indirectly to achievement under a
value-based arrangement with a payor. Other commenters asserted that
the care coordination arrangements safe harbor should protect
ownership, investment interests, loan arrangements (including interest
payments), and similar transactions to fund infrastructure for the VBE
that will facilitate the development and operation of a value-based
arrangement.
Other commenters asserted that the safe harbor should permit the
exchange of monetary remuneration, so physician practices can receive
remuneration and purchase their own clinical tools or services and
select staff members who best meet the needs of the practice. For
example, a primary care practice explained that it would like to engage
a psychologist or behavioral health professional to assist with
patients presenting with depressive symptoms or needing additional
assistance managing mental health conditions and that expanding this
safe harbor to protect monetary remuneration would allow the practice
to select a behavioral health professional who, among other things,
best meets the needs of the practice's patient population. They
explained that, otherwise, the offeror of in-kind remuneration would
make those purchasing decisions and selections for the recipient.
Another commenter asserted that OIG's and CMS's final rules should
align to protect both in-kind and monetary remuneration or only in-kind
remuneration, arguing that any inconsistency would result in a barrier
to the advancement of value-based care. A commenter suggested that the
safe harbor protect monetary remuneration for specific services; for
example, a hospital might offer to cover the costs of a nurse navigator
at a SNF, instead of providing the nurse navigator directly, because it
wants the SNF to have the contractual relationship with the nurse
navigator. Lastly, several commenters requested that OIG expand the
safe harbor to protect monetary remuneration exchanged under
arrangements involving Indian health programs.
Response: We are finalizing the requirement that the remuneration
exchanged pursuant to this safe harbor must be in-kind. We continue to
believe that providing safe harbor protection to monetary remuneration
exchanged under arrangements where: (i) The parties are not required to
assume financial risk, and (ii) the protected remuneration is not
required to be fair market value and may take into account the volume
or value of referrals for the target patient population, presents
heightened fraud and abuse risks that outweigh the potential benefits
to Federal health care programs and patients. OIG's longstanding
guidance makes clear that remuneration in the form of cash and cash
equivalents pose a higher risk of interfering with clinical decision-
making, incentivizing overutilization or inappropriate utilization, and
increasing costs to Federal health care programs. We do not
[[Page 77736]]
view protection for ownership or investment interests as fundamental to
parties entering into value-based arrangements for the coordination and
management of care for a target patient population. Parties seeking to
protect a particular investment interest may look to existing safe
harbors (e.g., the safe harbor for investment interests at paragraph
1001.952(a)); in addition, the advisory opinion process remains
available. Further, while we understand recipients' desire to select
their own care coordination items and services rather than receiving
items and services an offeror selects, we note that parties do not have
to enter into value-based arrangements and might agree to enter into
such arrangements only where the item(s) or service(s) being offered
are satisfactory to the recipient. We also note that, where a party
offering remuneration desires for the recipient to contract directly
for items and services, the recipient may do so as long as the offeror
pays the vendor of the items and services directly. Further, while we
understand recipients' desire to select their own care coordination
items and services rather than receiving items and services an offeror
selects, we note that parties do not have to enter into value-based
arrangements and might agree to enter into such arrangements only where
the item(s) or service(s) being offered are satisfactory to the
recipient. We also note that, where a party offering remuneration
desires for the recipient to contract directly for items and services,
the recipient may do so as long as the offeror pays the vendor of the
items and services directly. Lastly, we note that individuals and
entities may look to other safe harbors, such as the safe harbor for
personal services and management contracts and outcomes-based payment
arrangements at paragraph 1001.952(d), for protection for certain
monetary remuneration.
Finally, in response to the comment requesting that CMS's and OIG's
final protections align to protect both in-kind and monetary
remuneration or only in-kind remuneration, we refer readers to section
III.A.1, where we discuss fundamental differences in statutory
structures and sanctions across the physician self-referral law and
Federal anti-kickback statute and elaborate on the reasoning behind
conditions that differ in any similar exception and safe harbor
finalized by CMS and OIG, respectively, in each agency's final rule in
connection with the Regulatory Sprint. With respect to OIG's specific
policy to limit the care coordination arrangements safe harbor to in-
kind remuneration, this policy addresses the heightened risk that
fungible monetary remuneration could be misused to make intentional
kickback payments and would be more difficult to track. OIG and CMS
permit monetary and non-monetary remuneration in the value-based safe
harbors and exceptions that require parties to assume risk.
ii. Remuneration Used To Engage in Value-Based Activities
Summary of OIG Proposed Rule: We proposed to require, at proposed
paragraph 1001.952(ee)(4)(ii), that the remuneration provided by, or
shared among, VBE participants be used primarily to engage in value-
based activities that are directly connected to the coordination and
management of care of the target patient population. We recognized that
in-kind remuneration exchanged for value-based activities may
indirectly benefit patients outside of the scope of the value-based
arrangement and that parties may find it difficult to anticipate or
project the scope or extent of these ``spillover'' benefits.
Summary of Final Rule: We are finalizing, with modifications, the
proposed requirement at paragraph 1001.952(ee)(1)(ii). The two
modifications are explained in greater detail in the responses to
comments. First, the remuneration exchanged must be used predominantly
to engage in value-based activities that are directly connected to the
coordination and management of care for the target patient population.
We replaced the word ``primarily'' with the word ``predominantly.''
Second, we added a condition that the remuneration exchanged result in
no more than incidental benefits to persons outside of the target
patient population. Further, for the reasons previously explained in
the value-based terminology section discussing the definition of the
``coordination and management of care'' at section III.B.2.g, we added
a condition to this final safe harbor clarifying that remuneration
exchanged pursuant to a value-based arrangement may not be exchanged or
used more than incidentally by the recipient for the recipient's
billing or financial management services.
Comment: Commenters generally supported our proposal to require
that protected remuneration be primarily used to engage in value-based
activities that are directly connected to the coordination and
management of care for the target patient population and expressed
concerns about our alternative proposal to require that the
remuneration exchanged be limited to value-based activities that only
benefit the target patient population. Commenters asserted a variety of
reasons why prohibiting spillover benefits outside the target patient
population would be unworkable or undesirable in practice. For example,
some commenters asserted that prohibiting spillover benefits would
create a disincentive for innovation, and others emphasized the
complexities in trying to manage benefits to prevent spillover. Some
commenters requested that we expressly state that the benefits of the
value-based arrangement do not need to be limited to the members of a
target patient population. Another commenter stated that the term
``primarily'' is vague, which could make this requirement difficult to
implement and monitor.
Response: We agree with the commenters' concerns that prohibiting
spillover benefits outside of the target patient population would be
unworkable. In the OIG Proposed Rule, and for purposes of this final
rule, we recognize that in-kind remuneration exchanged for value-based
activities may indirectly benefit patients out of the scope of the
associated value-based arrangement and that parties may find it
difficult to anticipate or project the extent of such ``spillover''
benefits. We likewise acknowledge the need to provide parties with
sufficient flexibility while also minimizing the risk of disguised,
improper remuneration unrelated to the coordination and management of
care for the target patient population. To address the commenters'
concerns about spillover effects, in the final rule we have clarified
that the value-based activities for which the remuneration is used can
result in no more than incidental benefits to persons outside of the
target patient population. This language acknowledges the difficulty
VBE participants could face in preventing ``spillover'' benefits and
reflects our intent to permit safe harbor protection for care
coordination arrangements that predominantly benefit the target patient
population.
We are replacing the proposed term ``primarily'' with
``predominantly'' in the final rule. These words are analogous (e.g.,
meaning chiefly, mainly, principally). We make the change for
consistency with comparable language in other safe harbors. The term
``predominantly'' appears for a similar purpose in the EHR and
cybersecurity safe harbors, at paragraphs 1001.952(y) and (jj),
respectively, and our parallel use of the same term in paragraph
1001.952(ee) enhances consistency for stakeholders across safe harbors.
To the commenter's concern about vagueness,
[[Page 77737]]
we are not quantifying with specificity the degree to which
remuneration is used to engage in value-based activities to offer
flexibility for the range of value-based arrangements for which safe
harbor protection may be sought.
Comment: Several commenters requested that we clarify that a device
with multiple functions does not violate the Federal anti-kickback
statute or the Beneficiary Inducements CMP when it is primarily used
for managing a patient's health care. Commenters noted that
increasingly medical devices are being produced with multiple
functions, or they rely on non-medical platforms such as consumer
electronic products (e.g., smartphones, tablets).
Response: It appears that the commenters are asking whether the
furnishing of a multi-function device, or a device that relies on a
multi-use technology platform, can meet the safe harbor requirement
that the remuneration is predominantly used to engage in value-based
activities that are directly connected to the coordination and
management of care for the target patient population. We also presume
for purposes of this response that the device would be furnished to the
recipient for less than fair market value.
As a threshold matter, compliance with the care coordination
arrangements safe harbor depends on whether the device is furnished
from one VBE participant to another VBE participant or if the device is
furnished directly from a VBE participant to a patient. If the device
is furnished by a VBE participant to another VBE participant, then the
care coordination arrangements safe harbor may protect the remuneration
if the device will be used predominantly to engage in value-based
activities that are directly connected to the coordination and
management of care for the target patient population, and all other
safe harbor requirements are met.
For example, a health information technology tool that enables both
remote patient monitoring and two-way telehealth capabilities may
satisfy the predominant use requirement if the remote patient
monitoring and two-way telehealth technologies will be used by the
recipient to coordinate and manage care for the target patient
population. However, a health information technology tool that includes
some functionalities that the recipient may use to coordinate and
manage care for the target patient population and other functionalities
that the recipient may use for purposes other than to coordinate and
manage care for the target patient population may not meet this
standard. For example, a health information technology tool that the
recipient VBE participant uses to collect, track, and analyze data
relevant to the outcome measures established by the VBE participants
and is also used to collect, track, and analyze the VBE participant's
internal financial metrics for purpose of operating its own business
would likely not meet the predominant use standard, unless the use for
financial metrics is minimal.
In the above example, if the VBE participants wish to protect the
health information technology tool under this safe harbor, the
financial monitoring functionalities could be disabled to ensure that
the predominant use test is met. Alternatively, if the recipient VBE
participant pays fair market value for the financial monitoring
functionalities, then the parties might conclude that they do not need
to protect that aspect of the arrangement under this safe harbor, or
they may look to another safe harbor, such as the personal services and
management contracts safe harbor at paragraph 1001.952(d), to protect
that aspect of the arrangement. To be protected under paragraph
1001.952(ee), the remaining remuneration for which fair market value
has not been paid would need to meet the predominant use condition and
all other safe harbor conditions.
We note that if the collecting, tracking, and analyzing data for
the outcomes measures for the target patient population results in the
VBE participant observing something that prompts a change to how it
delivers care for all patients, not just the target patient population,
this additional use would constitute an incidental benefit to persons
outside the target patient population; such incidental benefit would
not be a disqualifying feature of the remuneration under this provision
in paragraph 1001.952(ee).
If a multi-function device is being furnished by a VBE participant
directly to a patient, then the VBE participant would look to the
patient engagement and support safe harbor, at paragraph 1001.952(hh),
for protection, not the care coordination arrangements safe harbor. As
explained above, the care coordination arrangements safe harbor does
not protect remuneration--including a free or discounted device--
flowing from VBE participants to patients. Note that, among other
requirements, the patient engagement and support safe harbor requires
that the remuneration has a direct connection to the coordination and
management of care of the target patient population.
With respect to the Beneficiary Inducements CMP, we note that
remuneration that is protected under a safe harbor to the Federal anti-
kickback statute is not considered remuneration for purposes of the
Beneficiary Inducements CMP.
Comment: Some commenters argued that this proposed limitation on
the exchange of remuneration--in particular, the requirement that the
remuneration be used to engage in value-based activities directly
connected to the coordination and management of care of the target
patient population--is unduly restrictive. Commenters stated that this
condition should not be limited to the first of the four value-based
purposes (the coordination and management of care for the target
patient population) and should be expanded to permit a direct
connection to any of the value-based purposes. Commenters further
asserted that expanding this condition to require a direct connection
to any value-based purpose would reduce regulatory burden, foster
innovation, and facilitate alignment with CMS's value-based exceptions
to the physician self-referral law.
Response: The care coordination arrangements safe harbor does not
preclude a value-based arrangement from furthering other value-based
purposes; however, the safe harbor does require that the remuneration
exchanged be used predominantly to engage in value-based activities
that are directly connected to the coordination and management of care
for the target patient population. By requiring that each party to a
value-based arrangement under the care coordination arrangements safe
harbor include the coordination and management of care for the target
patient population as at least one of the value-based purposes, we seek
to distinguish between referral arrangements, which would not be
protected, and legitimate care coordination arrangements, which
naturally involve referrals across provider settings but include
beneficial activities beyond the mere referral of a patient or ordering
of an item or service.
Comment: Some commenters supported using alternative language to
the direct connection standard, such as ``reasonably related and
directly tied'' or ``directly connected or reasonably related.'' Many
of these commenters asserted that alternative language would better
convey the close nexus between this safe harbor and the coordination
and management of care of a target patient population. Other commenters
advocated for other changes to the standard, e.g., replacing ``directly
connected'' with only ``connected.''
Response: We are finalizing the standard, proposed at paragraph
[[Page 77738]]
1001.952(ee)(1), now codified at paragraph 1001.952(ee)(1)(ii)
requiring that remuneration be used predominately to engage in value-
based activities that are directly connected to the coordination and
management of care for the target patient population. We are not
finalizing the similar standard proposed at paragraph 1001.952(ee)(7)
requiring that the value-based arrangement is directly connected to the
coordination and management care of the target patient population,
because doing so would introduce unnecessary duplication to the safe
harbor. We believe the direct connection standard we are finalizing
appropriately captures the relationship we are requiring (i.e., a close
nexus) between the value-based activities (for which protected
remuneration must be used predominantly to engage in) and the
coordination and management of care for the target patient population.
Comment: A commenter sought clarification as to whether
remuneration tied to either receiving referrals or being included in a
preferred provider network would be a value-based activity directly
connected to the coordination and management of care.
Response: As stated elsewhere in this final rule, the making of a
referral, standing alone, is not a value-based activity. Accordingly,
neither the exchange nor use of remuneration tied solely to receiving
patient referrals or being included in a preferred provider network
would be a value-based activity, let alone one that is directly
connected to the coordination and management of care. Were such conduct
combined with other value-based activities, the ``direct connection''
standard could be met, depending on the facts and circumstances.
iii. No Furnishing of Medically Unnecessary Items or Services or
Reduction in Medically Necessary Items or Services
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ee)(4)(iii) to require that the remuneration exchanged not
induce VBE participants to furnish medically unnecessary items or
services or reduce or limit medically necessary items or services
furnished to any patient.
Summary of Final Rule: We are finalizing, with modification, this
condition at paragraph 1001.952(ee)(7)(iii). The modification provides
that the value-based arrangement (rather than merely the remuneration)
cannot induce the parties to furnish medically unnecessary items or
services or reduce or limit medically necessary items or services.
Comment: Commenters universally supported this safeguard. A
commenter separately encouraged OIG to develop clear guidelines to
enforce this provision that do not unduly hinder the provision of
health care or second-guess physicians' medical decision-making.
Response: We are finalizing this proposed protection for patient
care and Federal program expenditures, with additional modifications to
fully effectuate our intent. As stated in the OIG Proposed Rule,
remuneration that induces a provider to order or furnish medically
unnecessary care is inherently suspect. We likewise stated that a
reduction in medically necessary services would be contrary to the
goals of this rulemaking and could, in certain instances, be a
violation of the CMP law provision relating to gainsharing
arrangements.\38\ We do not intend to protect arrangements that do
either. Upon further consideration, we have determined that our choice
of language for the regulatory text too narrowly focused on the
remuneration in the care coordination arrangement and did not capture
the full range of ways through which ill-intentioned parties might seek
to use a value-based arrangement to induce medically unnecessary care
or limit medically necessary care. Accordingly, to better reflect our
intent, the final regulation text prohibits the value-based arrangement
from inducing parties to order or furnish medically unnecessary items
or services or reduce or limit medically necessary items or services
furnished to any patient.
---------------------------------------------------------------------------
\38\ Section 1128A(b) of the Act.
---------------------------------------------------------------------------
In response to the commenter's concern that this safeguard not
unduly hinder physicians' medical judgment, this condition is not
intended to interfere with medical decision-making; rather, it is
intended to support decision-making in the best interests of patients
without inappropriate financial influence. This requirement is a
hallmark safeguard against fraudulent and abusive practices that could
lead to inappropriate utilization, inappropriate steering of patients,
or stinting on care. We note that a separate condition of the safe
harbor prohibits potential limitations on VBE participant's ability to
make decisions in the best interests of the target patient population.
iv. Remuneration From Individuals or Entities Outside the Applicable
VBE
Summary of OIG Proposed Rule: We proposed at 1001.952(ee)(4)(iv)
that the remuneration exchanged could not be funded by, or otherwise
result from the contributions of, any individual or entity outside of
the applicable VBE. We stated that we were considering a requirement
that remuneration be provided directly from the offeror to the
recipient.
Summary of Final Rule: We are not finalizing the proposed funding
limitation or a requirement that remuneration be provided directly from
the offeror to the recipient.
Comment: A few commenters supported the requirement prohibiting
remuneration from individuals or entities outside the applicable VBE.
Other commenters asked for exceptions to the requirement, such as
exceptions for remuneration that would benefit the VBE's patients and
where the donating third-party would have no direction or control over
how the remuneration could be used. Other commenters opposed the
requirement, stating that it would prevent VBE participants from
deriving remuneration from a wide variety of appropriate outside
funding sources, such as payors. Another commenter raised concerns that
a VBE participant could lose safe harbor protection unfairly if it
receives remuneration from another VBE participant that was funded by
another party without recipient of the renumeration knowing that source
of funding. We also received comments on OIG's consideration of whether
to require that remuneration be provided directly from the offeror to
the recipient, with such commenters stating that such a requirement
would create unnecessary practical impediments.
Response: We are not finalizing the proposed requirement
prohibiting parties to a value-based arrangement from exchanging any
remuneration funded by, or otherwise resulting from the contributions
of, an individual or entity outside of the applicable VBE. The purpose
of these proposals was to ensure that protected arrangements would be
closely related to the VBE, that VBE participants would be committed to
the VBE and striving to achieve the coordination and management of care
for the target patient population, and that non-VBE participants could
not indirectly use the safe harbor to protect arrangements that are
designed to influence the referrals or decision-making of VBE
participants. On balance, we do not believe the proposed conditions
would add appreciably to the program integrity protection offered by
the combination of safeguards we are including in the final safe
harbor, which address these same concerns. We seek to minimize
practical impediments to use of the safe harbor by avoiding conditions
we do not believe are needed. However, we emphasize that remuneration
exchanged outside of
[[Page 77739]]
a value-based arrangement would not be protected by any of the value-
based safe harbors.
We also are not finalizing the requirement considered in preamble
to the OIG Proposed Rule that remuneration be provided directly from
the offeror to the recipient. As explained in the OIG Proposed Rule,
this requirement would have prohibited the involvement of individuals
and entities other than the VBE or a VBE participant in the exchange of
remuneration under a value-based arrangement, including, potentially
third-party vendors and contractors. We agree with commenters asserting
that this requirement could create unnecessary practical impediments
that would be outweighed by any potential benefit of such a condition.
f. Taking Into Account the Volume or Value of, or Conditioning
Remuneration on, Business or Patients Not Covered Under the Value-Based
Arrangement
Summary of OIG Proposed Rule: We proposed in proposed paragraph
1001.952(ee)(5) to prohibit the offeror of the remuneration from taking
into account the volume or value of, or conditioning an offer of
remuneration on: (i) Referrals of patients that are not part of the
value-based arrangement's target patient population; or (ii) business
not covered under the value-based arrangement.
Summary of Final Rule: We are finalizing, without modification, the
requirement in paragraph 1001.952(ee)(5).
Comment: While some commenters supported our proposal, asserting
that the requirement appropriately differentiates between actual care
coordination arrangements and improper pay-for-referral schemes, a few
commenters did not support the requirement for various reasons. A
commenter expressed concern that this requirement will be difficult to
administer if recipients of remuneration have any business arrangements
outside the VBE and posited that adequate remedies exist under current
law to address the type of sham or abusive arrangements this provision
intends to preclude from safe harbor protection, although the commenter
did not identify any specific remedies. Another commenter asserted that
this requirement should be removed to align physician incentives with
the delivery of value-based care.
Conversely, a commenter opposed the proposed standard on the basis
that it is too narrow and encouraged us to prohibit parties from taking
into account the volume or value of referrals within the target patient
population and to also prohibit exclusivity or minimum-purchase
requirements in value-based arrangements. The commenter advocated for a
modified condition that would restrict any remuneration that depends on
or is calculated based on the volume or value of any Federal health
care referrals, whether inside or outside the target patient
population.
Response: We are finalizing this condition, as proposed. For
purposes of the safe harbor, value-based care, including coordinated
care, may take into account the volume of patients in the target
patient population or value of referrals or other business generated
between the parties resulting from referrals of the target patient
population (e.g., an offeror may base the number of hours it provides
care coordination services to the recipient on the volume of patients
in the target patient population). A complete prohibition on
remuneration that takes into account the volume or value of referrals
could operate as an actual or perceived barrier to safe harbor
protection for the kinds of innovative care coordination arrangements
that are the goal of this rulemaking. We are finalizing the limitation
with respect to referrals of patients and business generated outside
the target patient population under the value-based arrangement as an
important safeguard to protect against remuneration offered under the
guise of a value-based arrangement that is intended to induce the
recipient's referrals of patients or business not covered under the
value-based arrangement.
g. Contribution Requirement
Summary of OIG Proposed Rule: We proposed in paragraph
1001.952(ee)(6) to condition safe harbor protection on the recipient's
payment of at least 15 percent of the offeror's cost for the in-kind
remuneration (i.e., a 15 percent contribution requirement). We also
proposed at paragraph 1001.952(ee)(6) that the recipient make such a
contribution in advance of receiving the in-kind remuneration, if a
one-time cost, or at reasonable, regular intervals if an ongoing cost.
Summary of Final Rule: We are finalizing, with modification, the
contribution requirement in paragraph 1001.952(ee)(6). Based on
comments, we are revising the contribution requirement methodology to
require recipients to pay at least 15 percent of either the offeror's
cost of the remuneration, as determined using any reasonable accounting
methodology, or the fair market value of the remuneration. We are
finalizing, with only a minor technical modification to address syntax,
our proposal that, if the remuneration is a one-time cost, the
recipient must make the contribution in advance of receiving the in-
kind remuneration; if the remuneration is an ongoing cost, the
recipient must make any contributions at reasonable, regular intervals.
Comment: Many commenters expressed support for the proposed 15
percent contribution requirement or otherwise acknowledged that some
level of contribution likely would be an appropriate safeguard to hold
VBE participants accountable, promote engagement, and lower the risk
that unnecessary or improper remuneration would be furnished pursuant
to a value-based arrangement. The majority of commenters opposed any
contribution requirement, with several asserting that such a
requirement would be administratively burdensome; would necessitate
onerous documentation and analysis, e.g., documenting and tracking the
exchange of remuneration, in addition to undertaking an analysis as to
whether the items or services exchanged constitute remuneration in the
first place; and would discourage parties from entering into beneficial
value-based arrangements.
Response: We are retaining a 15 percent contribution requirement
for purposes of the care coordination arrangements safe harbor. We
proposed the contribution requirement to: (i) Increase the likelihood
that the recipient would use the care coordination item(s) and
service(s); (ii) ensure that the remuneration would be well-tailored to
the recipient; and (iii) promote the recipient's vested interest in
achieving the intended purpose of the value-based arrangement, namely,
furthering the coordination and management of care of the target
patient population.
We are not persuaded that the contribution requirement would be
overly burdensome or chill participation in value-based arrangements.
While there may be some administrative burden associated with a
contribution requirement, on balance we believe this requirement is
important to mitigate what OIG identified in the OIG Proposed Rule as
traditional fraud and abuse risks, e.g., inappropriately increased
costs to the Federal health care programs or patients, corruption of
practitioners' medical judgment, overutilization, and inappropriate
patient steering.
Comment: Many commenters supported a lower contribution amount (or
no contribution amount) for arrangements involving certain providers
with financial constraints.
[[Page 77740]]
These commenters generally asserted that, absent an exemption from, or
significant reduction in the amount of, the contribution requirement,
many providers would not be able to afford to participate in value-
based arrangements. Commenters had varying suggestions for who should
qualify as a provider with financial constraints, including, for
example, essential hospitals, critical access hospitals, Indian health
care providers, not-for-profit social services organizations, free and
charitable clinics, small and rural practices, and practices serving
medically underserved areas. Some commenters offered potential
definitions while others favored existing definitions, such as those
promulgated by the U.S. Small Business Administration, CMS, and the
Health Resources and Services Administration.
Response: Having considered the comments and the goals of this
rulemaking, we are not reducing or eliminating the contribution amount
for arrangements involving certain providers with financial
constraints. While we remain sensitive to the limited resources of many
types of potential VBE participants, including those cited by
commenters, we believe that the contribution requirement serves as an
important guardrail to prevent fraud and abuse under the guise of a
value-based arrangement and an incentive for parties to develop
arrangements that are both effective in coordinating and managing care
and economically prudent. We believe the contribution requirement will
help ensure that parties are serious about collaborating to achieve the
purpose of coordinating and managing patient care and will deliberately
design care coordination arrangements most likely to be effective at
achieving quality and efficiency aims in an economically prudent
manner. In addition, we decline to make exceptions to the 15 percent
contribution requirement for categories of VBE participants (e.g.,
small and rural practices) for several reasons. First, some
designations can change over time (for example, a physician practice
may qualify as a small practice at some points in time but not at
others, depending on staffing changes), which could create confusion
about the implementation of the contribution requirement when such a
change occurs. Second, the same types of fraud and abuse risks
associated with potentially valuable in-kind remuneration from a
referral source apply equally to both larger or urban recipients, for
example, and the types of recipients that requested an exemption from
the 15 percent contribution requirement or a lower contribution
percentage, such as small or rural providers. OIG's enforcement
experience demonstrates that fraud is perpetrated by both small and
large entities and happens across all geographic areas. Third, the 15
percent contribution requirement is based on the electronic health
records items and services safe harbor at paragraph 1001.952(y)(11),
which does not differentiate among recipients. Finally, in the context
of the flexibilities of the overall safe harbor, the advantages from a
compliance perspective of a single bright line standard outweigh the
potential benefits of variable standards based on geographic location
or other characteristics. Moreover, we have no basis for determining
different amounts for different parties. Should the 15 percent
contribution requirement pose a barrier to use of the safe harbor,
parties are reminded that failure to fit in a safe harbor does not mean
that an arrangement is necessarily unlawful and that OIG's advisory
opinion process is also available.
Comment: At least one commenter suggested that the safe harbor
except certain forms of in-kind remuneration (e.g., remuneration that
consists of cybersecurity technology and related services and IT-
related updates, upgrades, and patches) from the contribution
requirement.
Response: We decline to include any exceptions to the contribution
requirement under the care coordination arrangements safe harbor
because we believe that, in the context of this safe harbor, this
requirement is important to mitigate traditional fraud and abuse risks
and ensure that parties enter into arrangements that serve value-based
purposes. However, we remind parties seeking safe harbor protection for
the exchange of cybersecurity technology and related services that the
cybersecurity technology and related services safe harbor, paragraph
1001.952(jj), is available to protect the exchange of cybersecurity
items and services, provided all safe harbor requirements are met, and
note that such safe harbor does not include a contribution requirement.
Comment: Commenters generally opposed the proposal that the
contribution requirement be calculated based upon the offeror's cost.
For example, a commenter asserted that an offeror's cost may be
difficult to determine where the offeror has substantial development
costs but small marginal costs for each individual recipient or user.
Another commenter posited that this standard would provide insufficient
flexibility because the benefit of the remuneration exchanged may be
realized by one party more than the other, for example, where the
remuneration exchanged between two or more parties primarily benefits
the offeror versus the recipient. Commenters suggested various
methodologies to calculate the contribution requirement, including: (i)
The offeror's cost or fair market value; (ii) the offeror's cost or a
price charged by the offeror to purchasers outside of the VBE; (iii)
any reasonable accounting methodology; and (iv) an amount based on the
price for that product or service (or a reasonably comparable product
or service if it is new to the market) typically charged by the offeror
to reasonably comparable customers outside VBEs. Another commenter
recommended we define ``offeror's cost,'' whereas another commenter
expressed concern that the standard would be difficult to implement
because items or services that benefit patients could have little or no
quantifiable independent value to the VBE recipient.
A commenter asserted that calculating cost may be difficult when
tools and software are developed internally by the developer or
manufacturer and made available by a VBE participant or acquired as
part of a bundled sale under the discount safe harbor. A commenter also
stated that there may be substantial development costs but only
marginal costs for each individual recipient and that costs could be
subject to proprietary and confidentiality obligations.
Response: In the OIG Proposed Rule, in addition to our proposal
that the contribution requirement be calculated based upon the
offeror's cost, we stated we were considering two other methodologies
for determining the 15 percent requirement: Fair market value of the
remuneration to the recipient or the reasonable value of the
remuneration to the recipient. To afford parties additional
flexibility, we are revising the contribution requirement methodology
in this final rule to require recipients to pay at least 15 percent of
either: (i) The offeror's cost of the remuneration, as determined using
any reasonable accounting methodology; or (ii) the fair market value of
the remuneration. As indicated in the OIG Proposed Rule, we are not
requiring that parties obtain an independent fair market valuation. We
selected fair market value rather than reasonable value because fair
market value is a more specific standard, a widely used term in
valuation, and common to many existing safe harbors such that many
stakeholders and the government have experience with it. We are
finalizing the
[[Page 77741]]
requirement as ``fair market value'' instead of ``fair market value of
the remuneration to the recipient'' because we believe the inclusion of
``to the recipient'' could confuse generally accepted valuation
methodologies due to its focus on only one party. We expect that
parties to a value-based arrangement seeking protection under this safe
harbor would use generally accepted valuation methodologies and
principles in any determination of ``fair market value'' in relation to
the contribution requirement, which could incorporate factors related
to the recipient.
To provide parties flexibility we are not specifically defining
``offeror's cost'' or requiring a specific methodology for determining
fair market value. To the extent costs are proprietary or confidential,
depending on the circumstances, parties could meet this condition
through the use of contractual provisions in their value-based
arrangements to protect information from further disclosure or rely on
the fair market value option to determine the 15 percent contribution
requirement.
We are finalizing our proposal that, if the remuneration is deemed
by the parties to be a one-time cost, e.g., a one-time purchase of
telehealth-related technology, the recipient must make the contribution
in advance of receiving the in-kind remuneration; to the extent the
remuneration is deemed by the parties to be an ongoing cost, e.g., a
subscription service to a data analytics tool, the recipient must make
any contributions at reasonable, regular intervals, with the frequency
of such payments documented in writing. We note that parties have the
flexibility to structure the recipient's contribution payment as either
a one-time or ongoing payment, depending upon the facts and
circumstances of the arrangement and the parties' preference.
Comment: We received several comments advocating for or against the
adoption of alternative proposals noted in the OIG Proposed Rule. For
example, many commenters favored an across-the-board reduction in the
contribution requirement from 15 percent to 5 percent. Other commenters
backed an exemption to, or a significant reduction in, the contribution
requirement for certain categories of remuneration, such as technology
and technology-related items, although at least one commenter opposed
this approach due to administrative burden concerns. Another commenter
urged OIG to calibrate the contribution based on the financial need of
the target patient population.
Response: We are retaining the 15 percent contribution requirement,
as proposed, with the aforementioned methodology modifications. We
believe that a contribution requirement lower than 15 percent would not
achieve a sufficient level of accountability and engagement of the
recipient. Moreover, we decline to vary the contribution requirement
based upon the type of remuneration at issue or the arrangement's
target patient population; such variation would introduce unnecessary
operational complexity.
Comment: A commenter recommended that OIG take into account
nonmonetary contributions from the recipient to the offeror for
purposes of calculating the contribution requirement.
Response: To meet this safe harbor's contribution requirement, a
recipient must pay at least 15 percent of the offeror's cost of the
remuneration (as determined using any reasonable accounting
methodology) or at least 15 percent of the fair market value of the
remuneration. Parties to a care coordination arrangement where any
nonmonetary contributions flow in both directions--from the offeror to
the recipient and the recipient to the offeror--would need to assess
any potential Federal anti-kickback statute implications for both
streams of contributions. To the extent that both streams of
contributions constitute remuneration, implicate the Federal anti-
kickback statute, and the parties seek protection under the care
coordination arrangements safe harbor, the parties must satisfy the
contribution requirement for each stream of remuneration. There may be
circumstances under which the parties could appropriately offset
payments made to satisfy the contribution requirement for each stream,
but any such assessment would be fact specific. For example, it would
be appropriate for parties to offset payment amounts to satisfy the
contribution requirement for separate streams of remuneration to reduce
administrative burden, provided each stream of remuneration complied
with the Federal anti-kickback statute. In contrast, it would be
inappropriate for parties to offset payment amounts in an attempt to
reduce a party's contribution requirement below 15 percent and any
associated arrangement would not be protected by this safe harbor.
Comment: A commenter recommended that, for purposes of applying the
15 percent contribution requirement in the care coordination
arrangements safe harbor, OIG recognize a VBE's good faith allocation
of the in-kind remuneration across various arrangements. The commenter
identified a number of manners in which it believed a reasonable
allocation could be made (e.g., patient needs associated with a
particular arrangement, such as a chronic care program), and noted that
in some cases, a reasonable allocation might be a per capita allocation
of in-kind remuneration across all VBE participants.
Response: First, for the purposes of our response, we assume that
the commenter means that the in-kind remuneration provided by the VBE
or VBE participant to other VBE participants would be shared by various
VBE participants to a value-based arrangement, or various value-based
arrangements, under the same VBE (e.g., a shared care coordinator or
shared information technology system). To the extent that VBE
participants to a value-based arrangement or various value-based
arrangements are sharing in-kind remuneration provided by the VBE or
another VBE participant, it would be reasonable--under both
methodologies that parties can use to determine the contribution
requirement--to reasonably and in good faith allocate the ``offeror's
cost for the in-kind remuneration'' or the ``fair market value'' of the
shared resources between the various VBE participants sharing in the
resources.
As stated above, we would expect that parties to a value-based
arrangement seeking protection under this safe harbor would use
reasonable accounting methodologies and generally accepted valuation
methodologies and principles in determining any appropriate allocation
of the shared resources for the purposes of determining the ``offeror's
cost for the in-kind remuneration'' or the ``fair market value'' in
relation to the contribution requirement. We acknowledge that
reasonable accounting methodologies and commonly accepted valuation
principles would allow for consideration of the shared nature of the
in-kind remuneration. We further highlight that we would not expect
that any aggregate contribution amounts--from VBE participants sharing
in any in-kind remuneration--result in a windfall to the offeror.
Comment: Some commenters expressed concern that a contribution
requirement would upend the existing regulatory framework that parties
rely on to assess whether an item or service constitutes remuneration.
For example, a dialysis provider stated that a contribution requirement
may unintentionally create a presumption that many care coordination
activities
[[Page 77742]]
that do not constitute remuneration for purposes of the Federal anti-
kickback statute are, in fact, remuneration with a specific value. The
same commenter illustrated its concern by explaining that multiple
Medicare conditions for coverage require dialysis facilities to
coordinate dialysis patients' care with other providers, including
physicians and nursing homes. The dialysis provider requested that OIG
confirm that the following does not constitute remuneration: (i) The
provider performs care coordination services because they are required
to do so by Medicare or other payors' rules, other law, or to meet the
clinical standard of care, and (ii) the care coordination services
provided do not relieve another party of an obligation assigned to it
by Medicare or other payors' rules or other law.
Response: The contribution requirement does not change the current
regulatory framework for assessing whether an item or service exchanged
between two or more parties constitutes remuneration under either the
Federal anti-kickback statute or the Beneficiary Inducements CMP. As we
have stated in prior OIG guidance on this issue, we view
``remuneration'' under the Federal anti-kickback statute to consist of
anything of value in any form or manner whatsoever.\39\ With respect to
the request for guidance as to whether (i) care coordination services
performed by a provider because they are required to do so by Medicare
or other payors' rules, other law, or to meet the clinical standard of
care, and (ii) care coordination services that do not relieve another
party of an obligation assigned to it by Medicare or other payors'
rules or other law, such services could constitute remuneration under
the Federal anti-kickback statute. However, we remind readers that even
if care coordination services constitute remuneration, the Federal
anti-kickback statute is not necessarily implicated. For example, the
Federal anti-kickback statute generally is not implicated for financial
arrangements limited solely to patients who are not Federal health care
program beneficiaries. Further, depending on the facts and
circumstances (including the intent of the parties), the provision of
care coordination services may implicate the Federal anti-kickback
statute but not violate it.
---------------------------------------------------------------------------
\39\ See, e.g., OIG, Special Fraud Alert, 59 FR 65372, 65377
(Dec. 19, 1994), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/121994.html; OIG, Medicare and State Health Care
Programs: Fraud and Abuse; OIG Anti-Kickback Provisions, 56 FR
35952, 35978 (July 29, 1991), available at https://oig.hhs.gov/fraud/docs/safeharborregulations/freecomputers.htm. See also OIG
advisory opinions generally, e.g., OIG Adv. Op. No. 20-02, where OIG
states, ``For purposes of the anti-kickback statute, `remuneration'
includes the transfer of anything of value, directly or indirectly,
overtly or covertly, in cash or in kind.''
---------------------------------------------------------------------------
Comment: Some commenters asserted that the proposed 15 percent
contribution requirement is arbitrary or that there is no evidence a
contribution requirement would mitigate fraud and abuse concerns. Other
commenters suggested that the contribution requirement is duplicative
of existing safeguards included in the care coordination arrangements
safe harbor, e.g., the requirement that remuneration must be used
primarily to engage in value-based activities that are directly
connected to the coordination and management of care of the target
patient population.
Response: We disagree with the commenters. We believe the
contribution requirement will promote accountability, fiscal
responsibility, and greater engagement by the recipient. We note that
contribution requirements have been implemented in other contexts, such
as those included in the electronic health records items and services
(EHR) safe harbor at paragraph 1001.952(y) and the Federal
Communications Commission's Rural Health Care Pilot Program.\40\
Moreover, we do not believe the contribution requirement is duplicative
of other safeguards. While several conditions in the safe harbor
promote accountability, the contribution requirement provides an
objective, bright-line standard for parties that requires recipients in
value-based arrangements to have a financial stake in the arrangement
and encourages a tangible commitment to achieving the value-based
arrangement's goals.
---------------------------------------------------------------------------
\40\ See, e.g., Federal Communication Commission, Rural Health
Care Pilot Program FAQs, available at https://www.fcc.gov/general/rural-health-care-pilot-program#faqs (requiring eligible recipients
to fund 15 percent of the cost of infrastructure design and
construction of broadband networks for health care purposes, in
recognition that a contribution requirement will ``incentiviz[e]
participants to choose the most cost-effective services and
equipment and refrain from purchasing a higher level of service or
equipment than needed'') (as cited to by the Federal Communication
Commission, Promoting Telehealth for Low-Income Consumers, 84 FR
36865, 36869 (July 30, 2019)).
---------------------------------------------------------------------------
Comment: At least two commenters drew attention to the parallel
contribution requirements in the care coordination arrangements and EHR
safe harbors. For example, a commenter highlighted the perceived
inconsistency of relying on the EHR safe harbor to justify our
contribution requirement on the one hand and indicating that we were
considering revisiting or eliminating the contribution requirement in
the EHR safe harbor on the other. Another commenter sought to
distinguish the care coordination arrangements safe harbor from the EHR
safe harbor by stating that a contribution requirement may be
appropriate in the EHR safe harbor because the EHR safe harbor has less
stringent standards, but a contribution requirement is not warranted in
the care coordination arrangements safe harbor. The commenter further
asserted that the EHR safe harbor protects items and services that have
clear independent value to the recipient, while items and services
exchanged pursuant to value-based arrangements may not always have such
independent value.
Response: In the OIG Proposed Rule, we considered removing the
contribution requirement in the EHR safe harbor, but as discussed
subsequently in this final rule, we are retaining the EHR safe harbor's
contribution requirement. Accordingly, both the care coordination
arrangements safe harbor and the EHR safe harbor, as finalized, include
a 15 percent contribution requirement. We disagree that the EHR safe
harbor has less stringent standards. The care coordination arrangements
and EHR safe harbors have distinct requirements tailored to the type of
remuneration that may be protected by the respective safe harbor. With
respect to the commenter's suggestion that items and services exchanged
pursuant to the care coordination arrangements safe harbor may not
always have independent value to the recipient (in contrast to the EHR
safe harbor), we note that any such determination would be fact
specific. Moreover, the contribution requirement does not change any
assessment of whether an item or service exchanged between two or more
parties constitutes remuneration under the Federal anti-kickback
statute. We remind stakeholders that to implicate the Federal anti-
kickback statute, there must be ``remuneration'' offered, paid,
solicited, or received in the transaction or arrangement at issue. If
the Federal anti-kickback statute is not implicated by a transaction or
arrangement, then safe harbor protection is not necessary.
Consequently, we would expect arrangements that qualify under the care
coordination arrangements safe harbor to involve remuneration exchanged
between the parties.
h. Direct Connection to the Coordination and Management of Care
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ee)(7)(i) that a value-based arrangement must have a direct
connection to the
[[Page 77743]]
coordination and management of care for the target patient population.
Summary of Final Rule: We are not finalizing the condition at
proposed paragraph 1001.952(ee)(7)(i) because it would substantially
duplicate the condition at paragraph 1001.952(ee)(1)(ii), which
requires the remuneration to be used predominantly to engage in value-
based activities that are directly connected to the coordination and
management of care.
Comment: Commenters generally did not support the condition
proposed at paragraph 1001.952(ee)(7)(i), albeit for varying reasons.
Some took issue with the fact that the condition did not afford parties
the flexibility to select any one of the value-based purposes available
to VBEs, and rather tied parties to the value-based purpose relating to
the coordination and management of care. Some commenters argued that
this condition was not necessary in light of other safeguards included
in the care coordination arrangements safe harbor.
Response: We are not finalizing the condition proposed at paragraph
1001.952(ee)(7)(i) because it would substantially duplicate the
condition we are finalizing at paragraph 1001.952(ee)(1)(ii). With
respect to the commenters that argued that the proposed condition did
not afford parties the flexibility to select any one of the value-based
purposes available to VBEs, and rather tied parties to the value-based
purpose relating to the coordination and management of care, we refer
commenters to the discussion of the condition we finalize at paragraph
1001.952(ee)(1)(ii), in section III.B.3.e.ii. of the preamble. There we
explain, in part, that the care coordination arrangements safe harbor's
conditions do not preclude a value-based arrangement from furthering
other value-based purposes; however, the safe harbor does require that
the remuneration exchanged be used predominantly to engage in value-
based activities that are directly connected to the coordination and
management of care for the target patient population.
i. Preserving Clinical Decision-Making
Summary of OIG Proposed Rule: In proposed paragraph
1001.952(ee)(7)(ii), we proposed that the value-based arrangement must
not limit parties' ability to make decisions in the best interests of
their patients.
We also proposed in proposed paragraph 1001.952(ee)(7)(iii) that
value-based arrangements cannot direct or restrict referrals if: (i) A
patient expresses a preference for a different practitioner, provider,
or supplier; (ii) the patient's payor determines the provider,
practitioner, or supplier; or (iii) such direction or restriction is
contrary to applicable law or regulations under titles XVIII and XIX of
the Act.
Summary of Final Rule: We are finalizing, with modification, the
proposed condition that the value-based arrangement must not limit the
VBE participant's ability to make decisions in the best interests of
its patients and relocating it to paragraph 1001.952(ee)(7)(i). We are
making a technical correction to change ``their patients'' to ``its
patients.'' In paragraph 1001.952(ee)(7)(ii), we are finalizing the
condition related to directing or restricting referrals with one
clarification. We are deleting ``or regulations'' because
``regulations'' is already captured by the term ``applicable law'' in
the final regulation. Thus, a value-based arrangement cannot direct or
restrict referrals if such direction or restriction is contrary to
applicable law under titles XVIII and XIX of the Act.
Comment: Commenters were very supportive of prohibiting any
limitation on VBE participants' ability to make decisions in the best
interests of their patients and limiting how the value-based
arrangement can direct or restrict referrals to a particular provider,
practitioner, or supplier. Many commenters asserted that these
standards will protect patient choice and ensure the independence of
medical or professional judgment.
Response: We agree with the commenters, and we are finalizing these
two requirements--a prohibition on any limitation of VBE participants'
ability to make decisions in the best interests of their patients, and
limiting the circumstances in which parties to a value-based
arrangement may direct or restrict referrals--to support patient choice
and independent medical and professional judgment. Based on these
conditions, remuneration exchanged as part of arrangements that unduly
restrict patient choice or the independence of medical or professional
judgment through inappropriate direction or restriction of referrals
will not be protected. This requirement aims to ensure that VBEs and
VBE participants that are parties to a value-based arrangement maintain
their independent, medical, or other professional judgment without
undue restriction. This condition is not intended to bar VBEs or VBE
participants from communicating the benefits of receiving care from
other VBE participants in the VBE.
Comment: Several commenters urged the OIG to adopt more robust
safeguards to protect patient choice and ensure the independence of
medical or professional judgment. A commenter recommended that health
care professionals be given the ability to override any (i) practice
guideline or standard; (ii) electronic health record technology; (iii)
clinical-decision support software; (iv) computerized order entry
program; or (v) policies that may be imposed or implemented by a VBE or
payor if such an override is, in the professional judgment of the
health care professional, consistent with their determination of
medical necessity and appropriateness or nursing assessment, in the
best interests of the individual patient, and consistent with the
patient's wishes.
Another commenter asserted that the OIG Proposed Rule appears to
give a provider the authority to direct a referral unless the patient
otherwise expresses an alternative choice. The commenter recommended
that we include a requirement that the VBE provide notice to patients
informing them that: (i) The entity is participating in a financial
risk-based program where the entity receives financial benefits under
applicable conditions; (ii) referrals for care may be made to a
restricted list of providers and practitioners; and (iii) the patient
has the freedom to choose any qualified provider or practitioner and
the right to reject any referral to a particular provider or
practitioner if they have an alternative preferred provider or
practitioner. Another commenter urged OIG to provide consumer-tested
templates for VBEs to communicate with patients that they retain their
rights to choose providers.
Response: With respect to the commenter's assertion that the OIG
Proposed Rule appears to give the provider the authority to direct a
referral unless the patient otherwise expresses an alternative choice,
we note that the provision we are finalizing also prohibits the value-
based arrangement from directing or restricting referrals where the
patient's payor determines the provider, practitioner, or supplier, or
where the direction or restriction is contrary to applicable law under
titles XVIII and XIX of the Act. Moreover, nothing in this safe harbor
gives providers authority to direct referrals. This provision describes
one among several conditions of safe harbor protection, in this case a
limitation on what a protected value-based arrangement can do.
With respect to the suggestion that providers be permitted to
override various care protocols, guidelines, policies, or technology-
driven systems, this safe harbor does not affect the authority of
providers to do so. A
[[Page 77744]]
provider's obligation to comply with care protocols, guidelines,
policies, or technology-driven systems is outside the scope of this
final rule. This safe harbor speaks only to the conditions under which
a value-based arrangement would receive prospective safe harbor
protection under the Federal anti-kickback statute. The value-based
arrangement may not limit the VBE participant's ability to make
decisions in the best interests of its patients. Facts and
circumstances demonstrating that the value-based arrangement has
limited a VBE participant's ability to make decisions in the best
interest of its patients would disqualify the remuneration exchanged
pursuant to the value-based arrangement from protection under this safe
harbor. In drafting the final rule on this point, we have been guided
in part by experience with long-established rules in the physician
self-referral law \41\ and the Medicare Shared Savings Program \42\
that address preservation of patient preferences and clinician judgment
choice in the context of directed referrals.
---------------------------------------------------------------------------
\41\ See, e.g., 42 CFR 411.354(d)(4)(iv).
\42\ See, e.g., 42 CFR 425.305(b).
---------------------------------------------------------------------------
While we appreciate the commenters' suggestions regarding patient
notice, we did not propose a patient notice requirement in the OIG
Proposed Rule for any of the three value-based safe harbors, and we are
not including a patient notice requirement in this final rule. Such a
requirement would add administrative burden without appreciably adding
benefits, including protections against fraud and abuse, given the
combination of conditions we are finalizing. Further, such notices, if
executed poorly, could confuse patients. Parties may wish to provide
notifications, and nothing in this rule prevents them from doing so. We
are not providing templates for communications with patient regarding
patient choice, and defer to providers, payors, and others to develop
best practices for notices and other relevant communications.
Comment: A commenter urged the OIG to preclude safe harbor
protection for any arrangement that involves paying for referrals and
to protect against any given market player requiring referrals only to
certain facilities. Another commenter recommended that VBEs be
prohibited from taking any adverse action against a patient that
chooses an alternative provider or practitioner.
Response: We share the commenter's concerns regarding abusive, pay-
for-referral arrangements. We also recognize that legitimate care
coordination arrangements may involve an exchange of remuneration
between parties that are in a position to give or receive referrals and
that referrals may be made between VBE participants coordinating and
managing a patient's care through a value-based arrangement. One of the
objectives of the care coordination arrangements safe harbor is to
identify and define attributes of legitimate care coordination
arrangements and afford protection only to remuneration exchanged under
such arrangements. The requirements of this safe harbor and the value-
based terminology (e.g., value-based purpose, value-based activity,
value-based arrangement) work together to achieve this objective.
Abusive, pay-for-referral arrangements, such as an arrangement where an
individual or entity is required to offer remuneration to a provider in
order to receive that provider's referrals or an arrangement that
encourages providers to steer patients in ways that are not in the
patients' best interests, will not be able to meet the requirements of
the safe harbor.
With respect to the commenter's concern regarding a particular
person or entity requiring referrals only to certain entities, we
believe these types of directed referral provisions may be problematic
in certain instances but also are common features of many legitimate
care coordination arrangements. As explained in the preceding response,
the limitations we are adopting in this final rule reflect important
safeguards to protect patient choice and independence of medical and
professional judgment and effectuate an appropriate balance between the
competing concerns of protecting legitimate care coordination
arrangements and preventing inappropriate pay-for-referral schemes.
With respect to the recommendation that, as a condition of safe
harbor protection, VBEs should be prohibited from taking any adverse
action against a patient that chooses an alternative provider or
practitioner, we note that nothing in the safe harbor limits or directs
a patient's choice of provider or services, including a patient's
choice to seek care outside the VBE. As indicated in the OIG Proposed
Rule and implemented in this final rule, it is our intent that a
patient can express a preference for a different practitioner,
provider, or supplier and the value-based arrangement cannot restrict
or limit that choice. Further, safe harbor protection does not extend
to any arrangement where the value-based arrangement directs or
restricts referrals to a particular provider, practitioner, or supplier
if the patient's payor determines the provider, practitioner, or
supplier or the direction or restriction is contrary to applicable law
under titles XVIII and XIX of the Act.
j. Marketing of Items or Services or Patient Recruitment Activities
Summary of OIG Proposed Rule: We proposed in proposed paragraph
1001.952(ee)(7)(iv) that the value-based arrangement could not include
marketing to patients of items or services or engaging in patient
recruitment activities. We stated that we did not intend for this
limitation to prohibit a VBE participant that is a party to a value-
based arrangement from educating patients in the target patient
population regarding permissible value-based activities.
Summary of Final Rule: We are finalizing, with modifications, this
requirement at paragraph 1001.952(ee)(1)(iii). We have revised the
language of the text at paragraph 1001.952(ee)(1)(iii) to clarify that
the protected remuneration under the value-based arrangement may not be
exchanged or used for the purpose of marketing items or services
furnished by the VBE or a VBE participant to patients or for patient
recruitment activities.
Comment: Several commenters strongly supported our proposal, or,
alternatively, advocated for the imposition of additional conditions to
protect against abusive marketing practices. However, the majority of
commenters on this topic either sought clarification on the parameters
of the condition or opposed it altogether. A commenter asked OIG to
define allowable educational activities and prohibited marketing
activities, and another commenter questioned whether a distinction
between marketing and educational activities is possible when,
according to the commenter, the line between marketing and education is
subjective and requires an intent-based inquiry. Another commenter
suggested that OIG prohibit marketing and patient recruitment
activities but permit efforts to make patients aware of the
availability of items or services at times when the patient could
reasonably benefit from such information. Other commenters requested
that OIG provide guidance on, and specific examples of, the distinction
between marketing and patient recruitment activities on the one hand,
and patient education activities on the other. For example, a commenter
asked whether a program to screen patients for fall risk and educate
them on their risks and appropriate next steps would be considered
patient education or a marketing activity. Another
[[Page 77745]]
commenter asked whether a hospice's provision of free home-based
palliative care services or room and board to patients unable to pay
would constitute marketing or patient recruitment activities.
Numerous commenters opposed the prohibition on patient marketing
and patient recruitment activities altogether, asserting that the
condition is too broad. A commenter declared that marketing activities
are necessary in order to meaningfully educate patients on their health
care options, and another commenter claimed that a marketing and
patient recruitment prohibition would limit a value-based enterprise's
ability to leverage technology that might empower patients to make
informed decisions and gain timely access to appropriate care. This
commenter encouraged OIG to provide an exception for marketing-based
technology that is used to achieve a defined health outcome under a
value-based arrangement.
Response: We are finalizing a narrower condition than the condition
proposed in the OIG Proposed Rule because we agree with the commenters
that our proposed condition was broader than necessary to prevent the
fraud and abuse concerns addressed by the condition. Rather than
prohibiting all marketing and patient recruitment activities under a
value-based arrangement, as proposed, the requirement we are finalizing
prohibits the exchange of or use of remuneration for the purpose of
marketing items or services provided by the VBE or VBE participants or
for patient recruitment activities.
We use the terms ``marketing'' (e.g., promoting or selling
something), ``education'' (e.g., informing, instructing, or teaching),
and ``recruitment'' (e.g., enlisting someone to do something) in
accordance with their commonsense meanings. We are not defining in
regulatory text ``marketing,'' ``patient recruitment activities,'' or
``education,'' or a similar term (note that the regulatory text does
not use ``education'' or ``educational activities'' but we use such
terms in our preamble explanation). We decline to define these terms:
(i) In recognition that these terms are commonly understood; and (ii)
to avoid overly prescriptive definitions that may chill appropriate
educational activities. In lieu of regulatory definitions, we offer
illustrative examples below to aid stakeholders in applying the safe
harbor provision.
As noted in the OIG Proposed Rule, the proposed marketing and
recruitment restriction would prevent misuse of the safe harbor by
those seeking to use purported value-based arrangements to perpetuate
fraud schemes through the purchase of beneficiaries' medical identity
or other inducements to lure beneficiaries to obtain unnecessary care.
As stated in the OIG Proposed Rule, our enforcement experience
demonstrates that fraud schemes often involve a mixture of both
inducements to lure beneficiaries to obtain unnecessary care and the
use of marketing-like activities to steal patients' medical identities.
In particular, OIG has long-standing concerns about marketing
activities that involve personal contact with beneficiaries. For
example, OIG has previously explained that door-to-door marketing,
telephone solicitations, direct mailings, and in-person sales pitches
or ``informational'' sessions can be extremely coercive, particularly
when such activities target senior citizens, Medicaid beneficiaries,
and other particularly vulnerable patients.\43\
---------------------------------------------------------------------------
\43\ OIG, OIG Adv. Op. No. 08-20 (Nov. 19, 2008), available at
https://oig.hhs.gov/fraud/docs/advisoryopinions/2008/AdvOpn08-20.pdf.
---------------------------------------------------------------------------
Consequently, we believe that remuneration used for marketing and
patient recruitment activities, regardless of whether the activities
are driven by technology or tied to achieving a defined health outcome,
remains suspect and requires fact-specific scrutiny under the Federal
anti-kickback statute; therefore, we decline to provide safe harbor
protection for such remuneration in this safe harbor.
Nevertheless, we acknowledge the benefits of objective educational
materials to provide patients with general health care information and
information about their health care options. We do not consider
remuneration exchanged between parties to a value-based arrangement to
(i) provide objective patient educational materials or (ii) engage in
objective patient informational activities to constitute marketing or
patient recruitment activities for purposes of this safe harbor
condition. As we explained in the OIG Proposed Rule, this condition
would not prohibit a VBE participant that is a party to the value-based
arrangement from educating patients in the target patient population
about permissible value-based activities.
A determination regarding whether remuneration is being exchanged
or used for the purposes of marketing items or services or patient
recruitment activities or for an educational activity requires a fact-
specific analysis; however, the following examples illustrate how we
distinguish between marketing and patient recruitment, on the one hand,
and education on the other. Using examples from the OIG Proposed
Rule,\44\ if a SNF or home health agency placed a staff member at a
hospital to assist patients in the discharge planning process, and in
doing so, the staff member educated patients regarding care management
processes used by the SNF or home health agency, this would not
constitute marketing of items and services (provided the staff member
only worked with patients that had already selected the SNF or home
health agency and SNF or home-health agency care was medically
appropriate for such patient). However, if the SNF or home health
agency placed a staff member at a hospital to perform care coordination
services and to market the SNF's or home health agency's services to
hospital patients, the arrangement would not comply with this
requirement because the remuneration being exchanged pursuant to the
arrangement--the services offered by the staff member--would be
exchanged for the purpose of engaging in marketing.
---------------------------------------------------------------------------
\44\ 84 FR 55712 (Oct. 17, 2019).
---------------------------------------------------------------------------
As an additional example, we would not consider actions, such as
notifying a patient of the criteria used by a VBE participant to
determine patient eligibility for care coordination services or
informing the target patient population of potential health benefits
that may be derived from care coordination for a patient's chronic
condition, to be marketing or patient recruitment activities. This sort
of targeted education to the patient is distinguishable from broader
marketing and recruiting campaigns designed to sell products or
services or recruit patients.
Notably, in some circumstances, it may not be necessary to make a
distinction between marketing and education to determine whether an
arrangement fits in a value-based safe harbor. If remuneration is
exchanged pursuant to an arrangement that does not qualify as a
``value-based arrangement,'' as defined here, it is not eligible for
safe harbor protection. For example, an arrangement solely for a
direct-mail marketing campaign or other advertising would need to
qualify as a value-based arrangement under the definition at paragraph
1001.952(ee) to be eligible to use a value-based safe harbor. We cannot
envision a circumstance where such an arrangement would be a ``value-
based arrangement'' as defined in this final rule or be eligible under
this safe harbor. Should one VBE participant wish to
[[Page 77746]]
engage in a direct-mail campaign that markets, in part, another VBE
participant's services and the parties seek safe harbor protection for
such arrangement, they should look to the personal services and
management contracts safe harbor at paragraph 1001.952(d).
In response to the commenter's inquiry regarding a screening
program for fall risk, it is not clear from the commenter's description
whether the program would be part of a coordinated plan of care for a
target patient population to improve outcomes or a marketing or patient
recruitment activity to attract patients to the VBE or its
participants. If the former, the arrangement could qualify for safe
harbor protection, if all safe harbor conditions are met. If the
latter, it would not be protected. Based on our oversight experience,
we are concerned that a fall risk screening program could be misused as
a marketing or patient recruitment activity if the screening program
was not part of the coordination and management of care or an objective
educational program. There is a risk that such a program could be used
to lure beneficiaries to obtain unnecessary care. Whether a particular
fall risk screening program is a marketing program, an educational
program, or a value-based arrangement will depend on its specific facts
and circumstances.
Additionally, we note that remuneration exchanged between parties
to a value-based arrangement that is used to offer something of value
to patients to incentivize them to obtain a fall screening examination
from one of the parties would not be protected by this safe harbor. We
have modified the regulatory text to make clear that prohibited
marketing includes not only exchanging remuneration for the purpose of
engaging in patient recruitment activities or marketing but also using
remuneration for such purposes. This change effectuates our intent
articulated in the preamble to the OIG Proposed Rule to limit the risk
of the value-based arrangement being used as a marketing or recruiting
tool to generate federally payable business for the VBE
participant.\45\ To illustrate how this condition would operate, the
parties cannot exchange remuneration for the purpose of engaging in
patient recruitment activities or marketing (e.g., a SNF or home health
agency placed a care coordinator at a hospital to market the SNF's or
home health agency's services to hospital patients). In addition, the
parties cannot use the remuneration for marketing or engaging in
patient recruitment activities (e.g., the hospital asks the care
coordinator placed by the SNF or home health agency to send out
mailings to the local community regarding the hospital's services).
---------------------------------------------------------------------------
\45\ 84 FR 77712 (Oct. 17, 2019).
---------------------------------------------------------------------------
Regarding the question about a hospice's provision of free home-
based palliative care services or room and board to patients unable to
pay, such an arrangement would not be protected by the care
coordination arrangements safe harbor. This safe harbor is limited to
remuneration exchanged between parties to a value-based arrangement,
i.e., between a VBE and VBE participant or between VBE participants. It
does not encompass arrangements involving the exchange of remuneration
to patients. Other safe harbors or exceptions to the Beneficiary
Inducements CMP may be available to protect the provision of such items
and services to patients, depending upon the facts and circumstances.
We reiterate that nothing in this safe harbor prevents VBEs or VBE
participants from marketing their services. Indeed, arrangements need
not have safe harbor protection to be lawful, and we observe that many
legitimate health care entities lawfully market services without
benefit of a safe harbor. However, value-based arrangements that
include the exchange or use of remuneration for the purpose of
marketing or patient recruitment would not be eligible for protection
under the care coordination arrangements safe harbor.
Comment: A commenter requested that OIG address whether a VBE
participant that is a payor and owns a company that provides remote
monitoring devices or has a vendor relationship with a company that
provides such devices could suggest certain device utilization for
purposes of improved care.
Response: The commenter describes the recommendation or referral of
a device by a VBE participant that is a payor and is affiliated with a
company that provides remote monitoring devices but does not identify
remuneration provided under the value-based arrangement. Without
additional facts, we can only respond generally to the comment. First,
we would highlight that this safe harbor does not protect free or
reduced-priced items or services that sellers provide either as part of
a product sale arrangement or ancillary to a value-based arrangement.
Free or reduced-priced items and services provided either as part of a
product sale arrangement or ancillary to a value-based arrangement may
not need safe harbor protection or may be protected by other safe
harbors.
Second, nothing in the safe harbor would prohibit a VBE participant
from using remuneration it received pursuant to a value-based
arrangement to inform the target patient population of the availability
of care coordination activities it provides to patients (e.g., patient
monitoring) in a targeted, objective, and educational manner so long as
the remuneration is not exchanged or used for marketing or patient
recruitment activities. In this final rule, we have clarified that the
content of the marketing the safe harbor prohibits is the marketing of
items and services furnished by the VBE or a VBE participant to
patients.
To the extent that payors or other VBE participants provide
remuneration to patients in the form of a free device, such
remuneration would not be protected by this safe harbor. We note that
other safe harbors or exceptions to the Beneficiary Inducements CMP may
be available to protect the provision of such items and services,
depending upon the facts and circumstances.
Comment: A health system recommended that provider affiliation
announcements be carved out of the definition of marketing or
recruitment activities so that providers can inform patients that they
participate in value-based arrangements. Another commenter similarly
urged OIG to permit individuals or entities participating in a VBE to
market themselves as VBE participants to patients.
Response: Remuneration exchanged between parties to a value-based
arrangement may be used to inform patients in the target patient
population that the VBE participant participates in the value-based
arrangement without such information being considered a marketing or
recruitment activity. However, whether broader advertising (that
includes VBE participant-related information) would be considered a
prohibited marketing or recruitment activity for safe harbor purposes
would be a fact-specific determination. For example, as part of a
larger value-based arrangement between a physician group and a
hospital, a hospital provides tablets to the physician group, which the
physician group uses for in-office patient asthma management education.
If the education application used on the tablet identifies all VBE
participants capable of helping the patients manage their asthma and
provide other services, the tablet would not run afoul of the marketing
prohibition because it is not being used to market or recruit patients.
It informs patients of VBE participants
[[Page 77747]]
capable of providing disease management and other services. However, if
the hospital also used the tablets to send text messages,
notifications, and other pop-ups that solicit the patient to receive
services from VBE participants, the tablet would be marketing under
this safe harbor because it is being used for broader advertising or
patient recruitment activity. A tablet, as part of a care coordination
arrangement, could be protected remuneration; however, if it is part of
a larger marketing scheme, the tablet would not be protected because
that scheme would not be eligible for protection under this safe harbor
and would be subject to a separate analysis under the Federal anti-
kickback statute. Similarly, if the tablet was used as part of larger
data harvesting scheme for marketing purposes, that scheme would not be
eligible for protection under this safe harbor and be subject to a
separate analysis under the Federal anti-kickback statute.
Comment: A commenter sought clarification on how to interpret the
marketing and patient recruitment prohibition in the context of
Medicare Advantage beneficiaries, and, specifically, whether compliance
with existing CMS and OIG requirements associated with marketing to,
and recruitment of, Medicare Advantage patients would be sufficient to
maintain protection under the value-based safe harbors. In a similar
vein, a health insurer requested that OIG clarify its definition of
marketing and patient recruitment activities, as it relates to pre-
enrollment activities.
Response: While acknowledging that payors may be subject to a wide
range of other regulations, including CMS regulations and guidance
specific to Medicare Advantage plans, we do not believe that compliance
with CMS marketing requirements is sufficient for purposes of the safe
harbor. Medicare Advantage regulations relating to patient enrollment
and marketing are specific to payor-patient interactions in that
program. In contrast, the conditions of this safe harbor are focused on
facilitating beneficial care coordination and addressing potential
fraud and abuse risks related to the exchange of remuneration between
and among providers and suppliers. We remind the commenter that
compliance with the care coordination arrangements safe harbor, as with
all Federal anti-kickback statute safe harbors, is voluntary, and
Medicare Advantage plans, or their contractors, may continue to seek
protection under other existing safe harbors.
Comment: Several commenters expressed concern that the prohibition
on marketing and patient recruitment activities may conflict with
existing CMS rules regarding discharge planning, or, at the very least:
(i) Be inconsistent with the concept of a preferred provider network
operating within the context of a VBE; or (ii) potentially limit VBE
participants' ability to inform patients of the availability of items
and services during the discharge planning process.
Response: The prohibition on the marketing of items and services
and patient recruitment activities, as finalized, relates specifically
to the remuneration exchanged. Thus, for example, if a skilled nursing
facility provides remuneration to a hospital under a value-based
arrangement in the form of a discharge planner, the discharge planner
could not market or recruit patients to the skilled nursing facility;
doing so would prevent the value-based arrangement from qualifying for
safe harbor protection. Nothing in the safe harbor prevents the
hospital from informing patients about available skilled nursing
facilities during the discharge planning process.
This prohibition is not inconsistent with current CMS hospital
conditions of participation regarding discharge planning, which require
(among other conditions) that hospitals provide a comprehensive list of
certain post-acute care providers, as applicable, to patients prior to
discharge.\46\ Providing a comprehensive list of post-acute care
providers would not constitute exchanging or using remuneration for
marketing or patient recruitment for safe harbor purposes. This would
be true even if the discharge planner provided to the hospital in the
prior example were the person furnishing the list to patients, provided
the discharge planner did not market or recommend the skilled nursing
facility or another VBE participant on the list.
---------------------------------------------------------------------------
\46\ 42 CFR 483.42(c).
---------------------------------------------------------------------------
This prohibition is not inconsistent with the potential for a
preferred provider network to operate within the context of a VBE.
Using the above discharge planner example, the remuneration could
comply with the marketing and patient recruitment activity prohibition
if, for example, the discharge planner only provides written
educational materials regarding the preferred provider network to
target patient population members and does not actively recruit
patients to the skilled nursing facilities in the preferred provider
network and does not market or recommend any particular provider on the
list. It is incumbent on parties seeking to establish and operate
preferred provider networks to do so in a manner that complies with all
pertinent regulations, and our safe harbor requirements are not
intended to interfere with or supplant other compliance obligations.
Comment: A commenter expressed concern that the proposed
prohibition on marketing and patient recruitment would bar a VBE from
publishing quality improvement or cost reduction data. The commenter
declared that VBEs should be permitted to share performance data
regarding VBE participants to help inform patient choice.
Response: We would not consider the publication of quality and cost
data to constitute marketing or patient recruitment activity.
Therefore, parties to a value-based arrangement could exchange
remuneration for the purpose of publishing such data, and we believe
such data may be beneficial to inform patient choice.
Comment: To mitigate OIG's concerns regarding marketing, a
manufacturer suggested that OIG include as an additional safe harbor
requirement that VBE participants disclose their participation in the
VBE to patients, similar to the Medicare Shared Savings Program
beneficiary notice requirements.
Response: We thank the commenter for its suggestion. As noted
elsewhere in this rule, we did not propose a patient notice requirement
in the OIG Proposed Rule and are not including a patient notice
requirement for reasons explained elsewhere. However, VBE participants
are not prohibited, as noted above, from utilizing notices to
transparently disclose their participation in a VBE to patients.
k. Monitoring and Assessment
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ee)(8) that the VBE, a VBE participant in the value-based
arrangement acting on the VBE's behalf, or the VBE's accountable body
or responsible person monitor and assess, no less frequently than
annually, or once during the term of the value-based arrangement for
arrangements with terms of less than 1 year: (i) The coordination and
management of care for the target population in the value-based
arrangement; (ii) any deficiencies in the delivery of quality care
under the value-based arrangement; and (iii) progress toward achieving
the evidence-based, valid outcome measure(s) in the value-based
arrangement. We further proposed to require that the party conducting
such monitoring and
[[Page 77748]]
assessment report the results of the monitoring and assessment to the
VBE's accountable body or responsible person (if the VBE's accountable
body or responsible person is not itself conducting the monitoring and
assessment).
Summary of Final Rule: We are finalizing the monitoring and
assessment requirement, with modifications, at paragraph
1001.952(ee)(9). We are requiring that the VBE, a VBE participant in
the value-based arrangement acting on the VBE's behalf, or the VBE's
accountable body or responsible person reasonably monitor and assess
the following, no less frequently than annually, or once during the
term of the value-based arrangement for arrangements with terms less
than 1 year: (i) The coordination and management of care for the target
patient population in the value-based arrangement; (ii) any
deficiencies in the delivery of quality care under the value-based
arrangement; and (iii) progress toward achieving the legitimate outcome
or process measure(s) in the value-based arrangement. We are revising
the proposed language--from specific evidence-based, valid outcome
measure(s) to legitimate outcome or process measure(s)--to align with
the standard for outcomes measures finalized in paragraph
1001.952(ee)(4), discussed at section III.B.3.b.
We also require that the party conducting such monitoring and
assessment report their findings to the VBE's accountable body or
responsible person (if the VBE's accountable body or responsible person
is not itself conducting the monitoring and assessment). Finally, we
are making a technical correction by adding ``the following'' and ``of
the following'' to the introductory language of the paragraph for
greater clarity about what must be monitored and assessed.
Comment: Many commenters supported an annual monitoring and
assessment requirement, where monitoring is tailored to the complexity
and sophistication of the VBE and VBE participants. A physician trade
organization recommended that OIG require monitoring and assessment of
a value-based arrangement's value-based activities instead of the
coordination and management of care for the target patient population,
and another commenter asserted that OIG should require monitoring and
assessment of whether value-based activities meet any of the value-
based purposes. A commenter urged that the monitoring and assessment
provision require monitoring of utilization, referral patterns, and
expenditure data to ensure that abuse is curtailed, and gaming is
reduced. Another commenter supported heightened standards and
conditions for monitoring and assessment but did not specify any such
standards and conditions. Some commenters opposed a monitoring and
assessment requirement, with a commenter stating that writing-related
safeguards are sufficient to protect against fraud and abuse.
Response: We are finalizing a monitoring and assessment requirement
because we believe it is a critical safeguard to ensure oversight of
the value-based arrangement. We are not adopting the suggestion to
expand the condition to require monitoring of all value-based
activities instead of the coordination and management of the care for
the target patient population. Paragraph 1001.952(ee)(1)(ii) of this
safe harbor requires the remuneration exchanged to be used
predominantly to engage in value-based activities related to the
coordination and management of care for the target patient population;
consequently, we believe that it is appropriate to require the
monitoring and assessment to focus on this value-based purpose. Under
this requirement, the responsible party must monitor and assess whether
and how the coordination and management of care is being implemented.
``Coordination and management of care'' is defined at paragraph
1001.952(ee)(14) for purposes of this safe harbor as the deliberate
organization of patient care activities and sharing of information
between two or more VBE participants or VBE participants and patients,
tailored to improving the health outcomes of the target patient
population, in order to achieve safer and more effective care for the
target patient population. Thus, we expect any monitoring and
assessment to evaluate how the value-based arrangement is or is not
achieving this value-based purpose, as defined in this final rule. The
monitoring and assessment may identify opportunities to reevaluate the
value-based activities the parties are undertaking and the manner in
which they are undertaking them to improve their chances of achieving
this value-based purpose.
While we are not requiring monitoring and assessment of
utilization, referral patterns, and expenditure data, monitoring and
assessment of such data may be a best compliance practice for many
arrangements, depending on the complexity and sophistication of the VBE
participants, the VBE, and the value-based arrangement and available
resources. We have added ``reasonably,'' to the monitoring and
assessment provision to codify that, for all value-based arrangements,
monitoring and assessment should be reasonable in relation to the
complexity and sophistication of the VBE participants, the VBE, and the
value-based arrangement and available resources.\47\ We would expect
parties to do as much as is appropriate based on the complexity and
sophistication of the VBE participants, the VBE, and the value-based
arrangement and available resources, but nothing in this provision
should be construed to stop parties from having more robust monitoring
and assessment processes than those described herein. This requirement
both: (i) Provides flexibility for VBE participants associated with
smaller, less-sophisticated VBEs and value-based arrangements to
effectuate relatively more modest monitoring and assessment processes;
and (ii) requires VBE participants associated with more complex and
sophisticated VBEs and value-based arrangements to develop and operate
appropriately complex and robust monitoring and assessment processes.
---------------------------------------------------------------------------
\47\ 84 FR 55713 (Oct. 17, 2019).
---------------------------------------------------------------------------
Comment: A commenter expressed concern that the annual monitoring
and assessment requirement may have limited impact unless: Patients
have a clearly articulated pathway for communicating and resolving
concerns; outcome measures are valid and reflect outcomes important to
patients; and results are reported to the Department or another
oversight entity. Another commenter asked OIG to provide more
information on the monitoring and assessment requirement and,
specifically, to outline the reporting, auditing, and general oversight
requirement of each VBE participant in the VBE.
Response: We appreciate the commenter's concern regarding the
potential limited impact of the monitoring and assessment requirement.
We are not requiring parties to value-based arrangements to establish
specific protocols for receiving and addressing patient concerns or to
report data to the Department, except as otherwise set forth in
paragraph 1001.952(ee)(12), which requires that the VBE or VBE
participant make available to the Secretary, upon request, all
materials and records sufficient to establish compliance with the
conditions of this safe harbor. However, we are finalizing the
requirement for parties to establish one or more legitimate outcome or
process measures, and to monitor and assess certain information.
[[Page 77749]]
Specifically, to comply with the monitoring and assessment
requirement, either the VBE, a VBE participant in the value-based
arrangement acting on the VBE's behalf, or the VBE's accountable body
or responsible person must reasonably monitor and assess: (i) The
coordination and management of care for the target patient population
in the value-based arrangement; (ii) any deficiencies in the delivery
of quality care under the value-based arrangement; and (iii) progress
toward achieving the legitimate outcome or process measure(s) in the
value-based arrangement. While, as stated above, the final safe harbor
does not require the establishment of specific monitoring and
assessment protocols or prescribe how VBEs must receive and address any
patient concerns, we note that, as part of any VBE's regular monitoring
activities, it would be a good compliance practice to establish a
mechanism through which patients and others could submit reports
related to, for example, deficiencies in the delivery of quality care
under the value-based arrangement. Further, it would be a good
compliance practice, as part of any VBE's regular monitoring and
assessment activities, to assess any credible reports of, for example,
deficiencies in the delivery of quality care under the value-based
arrangement to determine their validity and any potential triggering of
the termination and corrective action provision.
Again, the final rule does not prescribe a one-size-fits-all
approach for monitoring and assessment, nor does it specify the
reporting, auditing, and general oversight requirement of each VBE
participant in the VBE. This lack of specificity is designed to allow
VBEs (and their VBE participants) flexibility to establish a monitoring
and assessment program that is reasonable for that particular VBE and
value-based arrangement. As stated above, the monitoring and assessment
processes for each value-based arrangement should be reasonable in
relation to the complexity and sophistication of the VBE, VBE
participants, and value-based arrangement. Given the flexibility
parties have to form VBEs and value-based arrangements of varying
levels of complexity, we anticipate that the monitoring and assessment
processes for the diverse value-based arrangements that could be
protected by this safe harbor may vary.
Comment: A commenter expressed concern that, if the party
responsible for monitoring and assessment does not comply with the
requirements of the safe harbor, that party's noncompliance places
other parties at risk through no fault of their own.
Response: A safe harbor applies only where each condition of the
safe harbor is squarely met. Therefore, if the party responsible for
monitoring and assessment does not perform its responsibility in
accordance with the safe harbor requirements, the remuneration
exchanged pursuant to the value-based arrangement would not receive
protection. However, where another party has done everything that it
reasonably could to comply with the safe harbor requirements applicable
to that party but the remuneration exchanged loses safe harbor
protection as a result of another party's noncompliance, the party's
efforts to take all possible reasonable steps would be relevant in a
determination of whether such party had the requisite intent to violate
the Federal anti-kickback statute.
Comment: Commenters expressed concern regarding, and urged
flexibility for, the requirement for monitoring and assessment of
progress toward evidence-based outcome measures. For example, a
commenter asserted that participants to a new value-based arrangement
need time to achieve success, as evidenced by the performance results
of Medicare Shared Saving Program, and may not be able to progress
quickly towards the outcome measures. Commenters noted that factors
beyond a provider's control can impact outcomes and that interventions
such as primary care, preventive services, and chronic care management
may yield benefits that take numerous years to materialize.
Response: For a number of reasons, we believe the responsible party
or parties should monitor and assess progress toward the outcome or
process measure(s) the parties establish. Such monitoring and
assessment may reveal whether efforts to achieve the outcome measure(s)
have led to improvements or deficiencies in patient care; whether the
outcome measure(s) the parties initially established continue to be the
best goalposts for achieving one or more value-based purposes; and
whether the items or services the offeror provided under the value-
based arrangement, such as care coordination services, are effective
tools for driving beneficial changes in care delivery. We agree with
commenters that factors beyond a VBE participant's control could impact
outcomes and that benefits of outcome measures could manifest over a
longer timeframe; for this reason, the requirement for monitoring and
assessment does not mandate that the parties achieve the outcome or
process measure(s) on any particular timeframe.
l. Termination of the Arrangement
Summary of OIG Proposed Rule: We proposed at proposed paragraph
1001.952(ee)(9) that the parties terminate the value-based arrangement
within 60 days if the VBE's accountable body or responsible person
determines that the value-based arrangement: (i) Is unlikely to further
the coordination and management of care for the target patient
population; (ii) has resulted in material deficiencies in quality of
care; or (iii) is unlikely to achieve the evidence-based, valid outcome
measure(s). We said we were considering for the final rule, and sought
comments on, an alternative to the proposed termination requirement
that would instead allow for remediation--within a reasonable
timeframe--before any required termination.
Summary of Final Rule: We are finalizing, with modifications, a
termination provision for this safe harbor at paragraph
1001.952(ee)(10). Under the final rule, if the VBE's accountable body
or responsible person determines, based on the monitoring and
assessment conducted pursuant to paragraph 1001.952(ee)(9), that the
value-based arrangement has resulted in material deficiencies in
quality of care or is unlikely to further the coordination and
management of care of the target patient population, the parties must,
within 60 days, either terminate the arrangement or develop and
implement a corrective action plan designed to remedy the deficiencies
within 120 days and, if the corrective action plan fails to remedy the
deficiencies within 120 days, terminate the value-based arrangement.
Comment: Some commenters expressed support for our proposed
termination requirement, but many expressed concerns about what it
would mean in practice. Many commenters supported the alternative we
described in the preamble to the proposed rule that would allow for
remediation, within a reasonable timeframe, before any required
termination. These commenters noted a variety of operational and policy
concerns with mandating termination within 60 days. For example, some
commenters noted that complex arrangements may require more than 60
days to unwind responsibly. Some commenters suggested that a cure
period be permitted where the VBE determines that a plan of correction
may be devised to cure the deficiencies, and others suggested that
remediation should be an option, but not a requirement. With respect to
the length of a remediation
[[Page 77750]]
period during which parties could develop and implement a corrective
action plan, commenters suggested a variety of time periods, ranging
from 90 days to 1 year. Multiple commenters suggested a 120-day period.
Another commenter suggested that any termination requirement should be
suspended indefinitely as long as the parties are working in good faith
to implement a corrective action plan. A commenter also noted that
there is a difference between arrangements that are not making progress
and those that are causing harm and suggested that the latter require
immediate termination. Finally, a commenter requested that OIG clarify
that parties do not have an obligation to assess for any events that
trigger the termination provision on an ongoing basis, but instead are
required to do so annually or prior to renewal of an agreement.
Response: We appreciate commenters' concerns regarding the
potential challenges associated with requiring termination within 60
days if the VBE's accountable body or responsible person determines one
or more of the triggering events has occurred. Several changes in the
final rule address many of the concerns expressed by the commenters.
The final rule provides more flexibility by requiring the parties,
within 60 days, either to terminate the arrangement or to develop and
implement a corrective action plan in the event the VBE's accountable
body or responsible person determines that the value-based arrangement
has resulted in material deficiencies in quality of care or is unlikely
to further the coordination and management of care for the target
patient population. The option for corrective action plans is
consistent with our statements in the OIG Proposed Rule that we were
considering allowing for remediation within a reasonable timeframe and
that our goal is a reasonable but also prompt termination of
arrangements that are no longer serving the goals for which safe harbor
protection is offered.
The final rule does not require the parties to terminate the
arrangement or implement a corrective action plan if the VBE's
accountable body or responsible person determines that the value-based
arrangement is unlikely to achieve its legitimate outcome or process
measures. This safe harbor does not require the recipient to achieve an
outcome or process measure. Also, the safe harbor permits the parties
to the value-based arrangement to modify outcome or process measures
prospectively, as long as other elements of the safe harbor continue to
be met (for example, a change to an outcome measure would be a material
change to the value-based arrangement that would need to be documented
in writing and signed by the parties, in accordance with paragraph
1001.952(ee)(3)).
With respect to the option to develop and implement a corrective
action plan, the final rule requires that such plan be designed to
remedy the identified deficiencies within 120 days. If the corrective
action plan fails to remedy the deficiencies within 120 days, the
parties are required to terminate the value-based arrangement, and safe
harbor protection for remuneration exchanged pursuant to the value-
based arrangement would no longer be available. We selected a 120-day
period based on recommendations from commenters and because we believe
this time period is both long enough to allow a meaningful opportunity
to remediate the deficiencies and short enough to necessitate diligent
attention by the parties.
With respect to the commenter who asserted that a determination
that the value-based arrangement has resulted in patient harm should
require immediate termination, we appreciate the commenter's concern,
and we agree that such a determination is a serious finding that should
prompt immediate attention by the parties. We did not include a
``patient harm'' provision in the OIG Proposed Rule because incidents
of patient harm will always be ``material deficiencies in quality of
care,'' that would trigger this condition. However, not all material
deficiencies in quality of care necessarily mean that there has been
patient harm.
Finally, with respect to the commenter that requested clarification
regarding the frequency with which parties must assess for any events
that would trigger the termination or corrective action provision, we
note that, consistent with the OIG Proposed Rule, this final rule ties
the termination of the value-based arrangement or implementation of a
corrective action to certain triggering events identified through
``monitoring and assessment.'' Monitoring and assessment must occur no
less frequently than annually or at least once during the term of the
value-based arrangement for arrangements with terms of less than 1
year. Thus, at a minimum, the party or parties responsible for
monitoring and assessment must monitor the matters listed in the
regulation at paragraph 1001.952(ee)(9) and report the results so that
the accountable body or person can make a determination as to whether
any of the events that trigger the termination or corrective action
provision have occurred. We note that it would be a best compliance
practice to ensure monitoring and assessment also involves receiving
and assessing reports and other information related to the
circumstances that must be monitored and assessed (e.g., deficiencies
in the delivery of quality care under the value-based arrangement).
These reports would inform the accountable body or responsible person's
determination regarding termination or corrective action under
paragraph 1001.952(ee)(10).
Comment: A commenter expressed concern that the safe harbor
contains too much deference to the subjective beliefs and
determinations of the VBE participants, who the commenter asserts are
self-interested. The commenter recommended that the termination
provision in the safe harbor be revised to require termination if the
information available to the VBE's accountable body or responsible
person indicates that a triggering event has occurred. The commenter
also recommended that the safe harbor specify that the VBE bears the
burden of proof with respect to the question of whether the information
available to the VBE's accountable body or responsible person required
termination of the value-based arrangement.
Response: We believe that the revisions we are adopting in this
final rule, which require termination or a corrective action plan if
the VBE's accountable body or responsible person reaches one of two
determinations help to mitigate the commenter's concerns regarding
excessive deference to the subjective beliefs of the VBE participants.
We do not believe it is necessary to specify that the VBE bears the
burden of proof with respect to whether termination was required
because any party seeking to avail themselves of the protection of a
safe harbor generally bears the burden of proof that they meet the
requirements of the safe harbor.
Comment: Several commenters raised concerns regarding our proposal
to require termination if the VBE's accountable body or responsible
person determines that the value-based arrangement is unlikely to
achieve the evidence-based, valid outcome measure(s). For example,
several commenters noted that it may take time to see results and that
results may plateau at certain times. Commenters suggested that this
provision may result in parties' prematurely judging an arrangement's
success or failure and that 60 days was an arbitrary timeframe. Another
commenter expressed concern that the termination provision implies that
an arrangement could move in and
[[Page 77751]]
out of compliance with the safe harbor as performance changes from
month to month. Another commenter requested that participants be
permitted to modify measures prospectively, rather than have to
terminate the value-based arrangement.
Response: We appreciate the concerns raised by commenters, and we
are not finalizing the proposed requirement that the parties terminate
the arrangement if the VBE's accountable body or responsible person
determines that the value-based arrangement is unlikely to achieve the
outcome measure(s). We believe that requiring termination, or a
corrective action plan, upon such a determination is at odds with other
elements of this safe harbor. As we have stated elsewhere, this safe
harbor does not require that the value-based arrangement result in a
particular level of performance on the outcome or process measure. It
requires that the parties identify an outcome or process measure and
that the outcome or process measure relates to the remuneration
exchanged under the arrangement. We also wish to clarify that the safe
harbor permits the parties to modify the outcome or process measure
prospectively during the term of the agreement, as long as the other
elements of the safe harbor continue to be met and the modification is
memorialized in a writing signed by the parties.
We caution, however, that this safe harbor separately requires the
VBE, a VBE participant in the value-based arrangement acting on the
VBE's behalf, or the VBE's accountable body or responsible person to
reasonably monitor, assess, and report progress toward achieving the
outcome or process measure. There may be circumstances where such
monitoring and assessment of outcome or process measure progress may
generate a finding that indicates that the value-based arrangement no
longer meets all of the requirements of the safe harbor. For example,
the finding may indicate that the remuneration exchanged is not being
used predominantly to engage in value-based activities that are
directly connected to the coordination and management of care for the
target patient population. Thus, while we are not creating an
affirmative obligation to terminate or enter into a corrective action
plan based on a determination that the value-based arrangement is
unlikely to achieve the selected outcome or process measure, we caution
that parties to a value-based arrangement who wish to be protected
under the safe harbor should periodically evaluate compliance with safe
harbor standards.
m. Diversion, Resell, or Use for Unlawful Purposes
Summary of OIG Proposed Rule: In proposed paragraph
1001.952(ee)(10), we proposed that an exchange of remuneration would
not be protected under the care coordination arrangements safe harbor
if the offeror knows or should know that the remuneration is likely to
be diverted, resold, or used by the recipient for an unlawful purpose.
Summary of Final Rule: We are finalizing, without modification,
this requirement at paragraph 1001.952(ee)(11).
Comment: We received very few comments on this proposal. Some
commenters expressed support for the provision, while another commenter
raised concerns that this standard would be difficult for individual
providers and small group practices to understand and comply with
because the standard is not specifically defined.
Response: We believe that the standard is straightforward. Where an
offeror knows, or should know, that the recipient is likely to divert
or resell the remuneration, or otherwise use it for an unlawful
purpose, the remuneration is not protected by the safe harbor. This
could arise in cases where the recipient's intended diversion is overt.
For example, where a recipient expressly states its intent to sell the
items received from the offeror to third parties, it would make clear
its intended diversion. It can also arise, for example, where the
nature or scope of the remuneration offered to the recipient is such
that the offeror should know that diversion or resale is likely, such
as where a VBE participant provides remuneration far in excess of what
could reasonably be needed for the recipient to undertake the value-
based activity for which the remuneration is intended and the
remuneration is transferable in nature. For example, if a VBE
participant provides handheld tablets to another VBE participant to
facilitate coordination and management of care, but the offeror
provides substantially more tablets than could reasonably be used by
the recipient for the intended purpose (e.g., 100 tablets when ten are
objectively sufficient for the intended use), then the offeror might
reasonably know that the recipient is likely to divert or resell the
excess tablets. In sum, this standard is an explicit statement of what
is otherwise implicit in the conditions of the care coordination
arrangements safe harbor: The exchange of remuneration that the offeror
knows or should know is likely to be diverted, resold, or used by the
recipient for purposes other than the coordination and management of
care of a target patient population would not be protected under this
safe harbor.
n. Materials and Records
Summary of OIG Proposed Rule: To enhance transparency, we proposed
a requirement at proposed paragraph 1001.952(ee)(11) that VBE
participants or the VBE make available to the Secretary, upon request,
all materials and records sufficient to establish compliance with the
conditions of this safe harbor. We solicited comments regarding whether
we should require parties to maintain materials and records for a set
period of time (e.g., at least 6 years or 10 years).
Summary of Final Rule: We are finalizing, with modifications, the
materials and records requirement at paragraph 1001.952(ee)(12). The
final rule specifies that, for a period of at least 6 years, the VBE or
its VBE participants must maintain records and materials sufficient to
establish compliance with the conditions of the safe harbor.
Comment: While we received relatively few comments on this
condition, commenters were generally supportive of our proposal. In
response to our solicitation regarding whether we should require
parties to maintain materials and records for a set period of time,
e.g., 6 years or 10 years, multiple commenters were in favor of a 6-
year retention period, with one stating that this approach would
facilitate alignment with CMS's proposed rule and existing HIPAA
requirements.
Response: We are persuaded that a 6-year retention period will
promote transparency while aligning with the corresponding requirement
in CMS's final rule. We have modified the relevant provisions in the
care coordination arrangements, substantial downside financial risk,
and full financial safe harbors.
Comment: A commenter questioned the need for a materials and
records requirement because maintenance of these materials is already
part of any compliance program. The same commenter further questioned
whether OIG would bring an investigation or pursue a Federal anti-
kickback statute case based solely on the failure to satisfy a
documentation requirement rather than the underlying substantive
safeguards.
Response: We continue to believe this requirement promotes
transparency and gives parties notice that the Secretary may request
materials and records
[[Page 77752]]
sufficient to demonstrate compliance with the care coordination
arrangements safe harbor. We further note that not all parties seeking
protection under this safe harbor may have a compliance program or may
have developed one that requires maintenance of materials and records
for less than 6 years.
Safe harbors offer voluntary protection from liability under the
Federal anti-kickback statute for specified arrangements, and no entity
or individual is required to fit within a safe harbor. Failure to fit
within a safe harbor does not mean a party has violated--or even
implicated--the Federal anti-kickback statute, it simply means the
party may not look to the safe harbor for protection for that
arrangement. For a party to assert safe harbor protection, all of the
safe harbor's conditions must be satisfied, including any condition
related to materials and records. Further, it would be prudent for any
party relying on a safe harbor to protect certain remuneration to
document in some form compliance with that safe harbor. Decisions
regarding enforcement actions are made based on application of the
Federal anti-kickback statute to the specific facts and circumstances
presented by an arrangement.
Comment: A commenter stated that OIG should adopt additional
requirements related to materials and records, including
contemporaneous documentation of, among other things, the VBE's belief
that the value-based arrangement is reasonably designed to achieve a
value-based purpose, the specific basis for such belief, and the VBE's
reasonable anticipation that particular evidence-based, valid outcome
measures will advance the coordination and management of care of the
target patient population.
Response: We decline to require the specific requested
certifications. We intentionally drafted the materials and record
requirement broadly to avoid creating a list of all documentation that
parties must develop and maintain to comply with this condition of the
safe harbor. Moreover, we do not seek to increase administrative burden
by prescribing the manner in which parties must document their
compliance.
Comment: A health system stated that the proposed care coordination
arrangements safe harbor included burdensome reporting requirements and
expressed concern about the large volume of paperwork that would go
back and forth between ACOs and HHS or CMS.
Response: We disagree with the commenters' assertion that the
materials and records requirement is burdensome. To the extent parties
wish to avail themselves of the protection of this safe harbor, we
believe it is reasonable to require them to maintain documentation that
demonstrates their compliance with its terms. With respect to the
commenter's concern about the exchange of large volumes of paperwork,
we note that parties must only furnish such documentation to the
Secretary upon request. We do not anticipate this requirement will
necessitate frequent exchange of paperwork between, for example, an ACO
and OIG.
Comment: A medical device manufacturer expressed concern that
materials and records submitted to the Secretary pursuant to this
condition would be subject to the Freedom of Information Act or other
disclosure requirements. The manufacturer stated such materials could
include proprietary and confidential trade secret information.
Response: OIG is subject to the Freedom of Information Act (FOIA)
and the Department's FOIA regulations set forth at 45 CFR part 5. These
regulations provide that submitters of records may designate in writing
that all or part of the information contained in such records is exempt
from disclosure under FOIA exemption 4--covering trade secrets and
confidential commercial or financial information--at the time they
submit such records or within a reasonable time thereafter. The
Department, including OIG, will make reasonable efforts to notify
submitters of records if the Department determines that material that
submitters have designated as exempt from disclosure under FOIA
exemption 4 may have to be disclosed in response to a FOIA request.
Under the Department's FOIA regulations, submitters have an opportunity
to respond and, if desired, file a court action to prevent disclosure
of exempt records.
o. Additional Proposed Safeguards
i. Bona Fide Determination
Summary of OIG Proposed Rule: We considered a condition that would
require that, in advance of, or contemporaneous with, the commencement
of the applicable value-based arrangement, the VBE's accountable body
or responsible person make two bona fide determinations with respect to
the value-based arrangement: (i) The value-based arrangement is
directly connected to the coordination and management of care for the
target patient population; and (ii) the value-based arrangement is
commercially reasonable, considering both the arrangement and all
value-based arrangements within the VBE.\48\
---------------------------------------------------------------------------
\48\ 84 FR 55714 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We are not finalizing the proposed
condition.
Comment: We received relatively few comments on this proposal.
Commenters either expressed general statements of support or
opposition, with a commenter who opposed the condition asserting that
such bona fide determinations would add unnecessary complexity to
demonstrating compliance with the safe harbor.
Response: We are not finalizing this requirement. We believe the
goal of this proposed safeguard--ensuring appropriate oversight by the
VBE's accountable body or responsible person--is achieved through the
combination of other conditions included in this safe harbor. We do not
believe this condition is needed to prevent fraud or abuse in light of
the totality of other conditions we are finalizing in this rule.
ii. Prohibition on Cost-Shifting
Summary of OIG Proposed Rule: We considered, and sought comment on,
a condition prohibiting VBEs or VBE participants from billing Federal
health care programs, other payors, or individuals for the remuneration
exchanged under the value-based arrangement; claiming the value of the
remuneration exchanged under the value-based arrangement as a bad debt
for payment purposes under a Federal health care program; or otherwise
shifting costs to a Federal health care program, other payors, or
individuals.
Summary of Final Rule: We are not finalizing the proposed
condition.
Comment: We received comments expressing either general support for
or opposition to this proposed safeguard. For example, in support of
finalizing a cost-shifting prohibition, a commenter stated that a
value-based enterprise's decision to offer remuneration in the context
of a value-based arrangement should not make other parties financially
responsible for such payments. A commenter argued that this proposed
safeguard, among others, would be duplicative of other requirements in
the safe harbor or be incompatible with or irrelevant in a value-based
system. The commenter asserted that the additional safeguards proposed
by OIG, including a prohibition on cost-sharing, would create an
additional barrier to value-based arrangements rather than breaking
down barriers that already exist. Other commenters, including Tribal
organizations, advocated against the
[[Page 77753]]
inclusion of a cost-shifting prohibition, stating such a safeguard is
unnecessary because improvements in care coordination result in overall
savings to the Federal Government even if they result in additional
referrals or payments by Medicare and Medicaid.
Response: Having considered the comments, we are not finalizing a
cost-shifting prohibition. On balance, we conclude that the combination
of conditions in the final safe harbor will adequately protect against
fraud and abuse risks, and an additional safeguard related to cost-
shifting is not necessary in the context of the value-based safe
harbors. We did not intend to limit appropriate billing of Federal
health care programs or other payors for medically necessary items and
services furnished in connection with value-based care. As we explained
in the OIG Proposed Rule, we do not want to exclude arrangements from
safe harbor protection that involve legitimate shifting of costs that
result from achieving care coordination goals or other value-based
purposes. As we explained, depending on the arrangement, one might
expect to see increases in primary care costs or costs for care
furnished in home and community settings paired with reductions in
unnecessary hospitalizations, duplicative testing, and emergency room
visits; one also might see increases in remote monitoring or care
management services. Parties remain responsible for billing Federal
health care programs and other payors in accordance with their program
rules.
iii. Fair Market Value Requirement and Restriction on Remuneration Tied
to the Volume or Value of Referrals
Summary of OIG Proposed Rule: We stated that we were considering
including one or both of the following conditions in the care
coordination arrangements safe harbor: (i) A fair market value
requirement on any remuneration exchanged pursuant to a value-based
arrangement; and (ii) a prohibition on VBE participants determining the
amount or nature of the remuneration they offer, or the VBE
participants to whom they offer such remuneration, in a manner that
takes into account the volume or value of referrals or other business
generated, including both business or patients that are part of the
value-based arrangement and those that are not.
Summary of Final Rule: We are not finalizing either proposed
condition in the care coordination arrangements safe harbor.
Comment: While we received some comments expressing support for
these conditions, the overwhelming majority of commenters opposed the
inclusion of a fair market value requirement or of a prohibition on
determining the amount or nature of the remuneration in a manner that
takes into account the volume or value of referrals or other business
generated. While varying in their rationales, commenters generally
asserted that including either safeguard would constrain care
coordination efforts. Several commenters supported the condition that
would prohibit taking into account the volume or value of referrals but
recommended limiting this condition to patients who are not part of the
value-based arrangement.
Response: In this final rule, we are not adopting a blanket
prohibition on determining the amount or nature of remuneration in a
manner that takes into account the volume or value of referrals or
other business generated; rather, we are finalizing a narrower
prohibition that the offeror of the remuneration cannot take into
account the volume or value of, or condition an offer of remuneration
on: (i) Referrals of patients that are not part of the value-based
arrangement's target patient population; or (ii) business not covered
under the value-based arrangement. We stated in the OIG Proposed Rule,
and we continue to believe, that fair market value requirements and
restrictions that prohibit paying remuneration based on the volume or
value of referrals help ensure that protected payments are for
legitimate purposes and are not kickbacks. For this reason, we included
a safeguard in paragraph 1001.952(ee)(5) that requires, as a condition
of safe harbor protection, that the offeror not take into account the
volume or value of, or condition remuneration on, business or patients
not covered under the value-based arrangement. This approach is
consistent with our proposal in paragraph 1001.952(ee)(5), as well as
the comments summarized above recommending that we limit any volume or
value condition to patients who are not part of the value-based
arrangement.
However, we also acknowledge commenters' concerns that legitimate
care coordination arrangements may naturally involve referrals across
provider settings. In this final rule, therefore, we have not finalized
a fair market value requirement or a prohibition on determining the
amount or nature of remuneration in a manner that takes into account
the volume or value of referrals or other business generated. Instead,
we have relied on other program integrity safeguards so that the safe
harbor will protect beneficial care coordination arrangements while
precluding protection for pay-for-referral schemes that do not serve,
and may be contrary to, the goals of coordinated care and the shift to
value. These safeguards operate to preclude safe harbor protection for
abusive arrangements such as a provider churning patients through care
settings to capitalize on a reimbursement scheme or otherwise generate
revenue and arrangements where VBE participants offer, or are required
to provide, remuneration to receive referrals or to be included in a
``preferred provider network'' (i.e., ``pay-to-play'' arrangements).
In response to commenters' concerns that a fair market value
requirement would constrain the kinds of care coordination arrangements
that we intend to protect, we also are not finalizing a fair market
value requirement. However, we have included a commercial
reasonableness standard in this safe harbor, which requires that the
value-based arrangement be commercially reasonable, considering both
the arrangement itself and all value-based arrangements within the VBE.
We believe this commercial reasonableness standard, in combination with
the other safe harbor conditions, appropriately balances program
integrity concerns and the need to facilitate innovative value-based
arrangements.
iv. Additional Requirements for Dialysis Providers
Summary of OIG Proposed Rule: In recognition of the unique
attributes of the dialysis industry (e.g., market dominance by a
limited number of dialysis providers), we expressed concern in the OIG
Proposed Rule that participation by dialysis providers in value-based
arrangements could present increased fraud and abuse risks.
Accordingly, we solicited comments on potential additional safe harbor
conditions specific to dialysis providers to ensure that their care
coordination arrangements operate to improve the management and care of
patients and are not pay-for-referral schemes. We stated that we were
considering including conditions such as enhanced monitoring,
reporting, or data submission.
Summary of Final Rule: We are not finalizing additional conditions
on dialysis providers in the care coordination arrangements safe
harbor.
Comment: Commenters generally opposed additional conditions on
dialysis providers on the basis of one or both of the following
arguments: (i)
[[Page 77754]]
ESRD patients would stand to benefit the most from the care
coordination arrangements safe harbor (highlighting, for example, the
fact that such patients require care across multiple providers); and
(ii) OIG's concerns regarding market consolidation were misplaced.
Other commenters stated additional safeguards were not necessary for
dialysis providers based on data indicating improved quality of care
for ESRD patients and reduction of costs. In contrast, an association
representing dialysis providers shared OIG's concerns that the unique
characteristics of the highly concentrated dialysis market posed unique
and significant fraud and abuse risks and encouraged OIG to develop
detailed methodologies and metrics to facilitate OIG's monitoring and
assessment of market consolidation and possible pay-for-referral
schemes, before permitting dialysis providers to use the value-based
safe harbors.
Response: While we are mindful of concerns created by a potential
decrease in competition among dialysis providers, we are persuaded that
the potential benefits of care coordination within the dialysis
community outweigh the concerns for a potential decrease in
competition. Accordingly, we are not imposing additional requirements
specific to dialysis providers in the care coordination arrangements
safe harbor.
v. Submission of Information to Department
Summary of OIG Proposed Rule: To promote transparency, we solicited
comments in the OIG Proposed Rule on a requirement, specific to the
care coordination arrangements safe harbor, for VBEs to submit certain
data to the Department that would identify the VBE, VBE participants,
and value-based arrangements.
Summary of Final Rule: We are not finalizing this proposed
requirement in the care coordination safe harbor.
Comment: Some commenters strongly supported a requirement for VBEs
to submit data to the Department or to a publicly available database
that would identify the VBE, VBE participants, and value-based
arrangements. A commenter supported an optional reporting requirement
and appeared to believe that any such data submission would result in
the applicable parties' automatically satisfying the safe harbor's
writing requirement.
Other commenters urged OIG not to adopt such a requirement and
provided various reasons for their position. For example, some
commenters stated that the requirement would be unduly burdensome or
that the administrative burden would outweigh any program integrity
benefit to the Department, while at least one commenter believed the
requirement could discourage implementation of value-based arrangements
or full compliance with the safe harbor. Another commenter asserted
that a requirement for VBEs to submit certain data to the Department
would be unnecessary in light of the proposed requirement for parties
to make available to the Secretary, upon request, all materials and
records sufficient to establish compliance with the conditions of the
care coordination arrangements safe harbor. A commenter also expressed
concern that the materials and records submitted to the Department
could be subject to the Freedom of Information Act and misused by some
to gain access to potentially competitive, proprietary information
regarding trade secrets, commercial relationships, or value-based
arrangement business model information.
Response: To minimize burden, the final care coordination
arrangements safe harbor does not require VBEs to submit data to the
Department (e.g., data or information relating to the identity the VBE,
VBE participants, and value-based arrangements), unless records are
requested by the Secretary under the materials and records requirement.
OIG will continue to evaluate whether to modify this safe harbor in the
future. A better understanding of the structure of VBEs, likely VBE
participants, and the form of value-based arrangements could allow for
more effective oversight and identification of potential problems. OIG
maintains its oversight authorities to conduct audits and evaluations,
as well as criminal, civil, and administrative investigations of fraud
and misconduct related to Federal health care programs, operations, and
beneficiaries. Finally, we remind parties that they must make available
to the Secretary, upon request, all materials and records sufficient to
establish compliance with the conditions of a safe harbor, a required
at paragraph 1001.952(ee)(12).
p. Alternative Regulatory Structure
Summary of OIG Proposed Rule: In the OIG Proposed Rule, we stated
that we were considering an alternative regulatory structure and
approach to protect care coordination and other value-based
arrangements that are not at full financial risk and are not part of a
CMS-sponsored model.\49\ Under the alternative approach, we stated that
we would rely on the personal services and management contracts safe
harbor at paragraph 1001.952(d) to allow greater flexibility for
innovation as arrangements become more closely aligned with value-based
purposes and the parties take on more downside financial risk.
---------------------------------------------------------------------------
\49\ 84 FR 55715-16 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We are not finalizing the alternative
regulatory structure.
Comment: Several commenters opposed this alternative regulatory
approach. Some argued that it would not provide as clear a mechanism
for obtaining safe harbor protection for value-based arrangements as
the proposed value-based safe harbors and that a fair market value
requirement would create operational challenges. Another commenter
asserted that the alternative approach would not provide sufficient
protection against fraud and abuse and encouraged OIG to proceed with
the proposed value-based safe harbors. Another commenter expressed
support for the alternative regulatory structure to the extent OIG did
not adopt the value-based exceptions proposed by CMS.
Response: We thank commenters for their insights. While we believe
that the alternative approach of creating tiered protection using the
personal services and management contracts safe harbor at paragraph
1001.952(d) also would accomplish the objective of allowing greater
flexibility for innovation as the arrangements become more closely
aligned with value-based purposes and the parties take on more downside
financial risk, we concluded that the value-based framework described
in section III.B.1 of this preamble is better calibrated to achieve the
objectives of the Regulatory Sprint to Coordinated Care. We elected to
finalize the value-based framework because we agree with those
commenters who stated that the value-based framework would better
protect against fraud and abuse, and we were mindful of those
commenters who stated that the alternative approach would create
operational challenges.
Comment: A commenter suggested that OIG adopt a safe harbor
specific to value-based activities undertaken by an integrated delivery
system that includes a non-profit payor and a dedicated physician group
that includes physician owners and employees. According to the
commenter, the remuneration paid among the system's components presents
a low risk of fraud and abuse. Another commenter recommended that OIG
adopt a safe harbor for a limited set of arrangements that are pre-
approved by OIG to promote care coordination and management, reduce
costs, or
[[Page 77755]]
facilitate a transition to value-based care. According to the
commenter, the safe harbor should be limited to specific value-based
purposes delineated by OIG, with certification required for any
arrangements that have value-based purposes outside those identified by
OIG.
Response: We did not propose these suggested safe harbors, and
thus, we are not adopting them in this final rule. Depending on the
facts and circumstances, remuneration exchanged pursuant to an
arrangement between or among parties in an integrated delivery system
could be protected under one of the value-based safe harbors we are
finalizing in this final rule. With respect to the comment requesting a
safe harbor for arrangements that would be pre-approved by OIG and, in
certain instances, subject to certification requirements, we believe
that such an approach would be administratively unworkable and overly
burdensome. Parties who would like to recommend new safe harbors not
finalized in this rulemaking may do so by responding to OIG's annual
solicitation regarding the development of new or modified safe harbor
regulations.\50\
---------------------------------------------------------------------------
\50\ Section 1128D(a) of the Act (42 U.S.C. 1320a-7d(a)).
---------------------------------------------------------------------------
4. Value-Based Arrangements With Substantial Downside Financial Risk
(42 CFR 1001.952(ff))
Summary of OIG Proposed Rule: We proposed at paragraph 1001.952(ff)
a safe harbor for certain value-based arrangements involving the
exchange of remuneration between a VBE that assumes substantial
downside financial risk from a payor and a VBE participant that
meaningfully shares in the VBE's downside financial risk. We proposed
methodologies for determining substantial downside financial risk and
what it means to meaningfully share in risk (discussed further at
III.B.4.b). We proposed that the safe harbor would protect both
monetary and in-kind remuneration and explained that the safe harbor
would offer greater flexibility, compared to the care coordination
arrangements safe harbor at paragraph 1001.952(ee), in recognition of
the VBE's assumption of substantial downside financial risk. We
explained in the OIG Proposed Rule that the safe harbor could apply,
for example, to a value-based arrangement between an accountable care
organization that is a VBE and a network provider to share savings and
losses earned or owed by the accountable care organization, or between
a VBE that has contracted with a payor for an episodic payment and a
hospital and post-acute care provider that would be coordinating care
for the patients under the episodic payment. We proposed additional
conditions that would apply under the safe harbor, detailed in sections
III.B.4.c-q.
Summary of Final Rule: We are finalizing, with modifications, the
requirements of this safe harbor at paragraph 1001.952(ff). For a
value-based arrangement to be protected under this safe harbor, a VBE
must assume substantial downside financial risk from a payor under one
of three methodologies, and a VBE participant must assume a meaningful
share of the VBE's total risk, which share has been reduced, under the
first methodology, from 8 percent in the proposed rule to at least 5
percent in the final rule. The final provisions governing these levels
of risk are discussed at section III.B.4.b of this preamble. The safe
harbor, as finalized, protects both monetary and in-kind remuneration
exchanged pursuant to value-based arrangements between VBEs and VBE
participants. Other conditions finalized in the rule are explained in
detail at sections III.B.4.c-q. These conditions include: Ineligible
entities; inclusion of a 6-month ``phase-in'' period; requirements that
certain remuneration be used to engage in value-based activities and
directly connect to certain value-based purposes; writing and record
retention requirements; protections for patient choice and clinical
decision-making; protections against medically unnecessary services;
limits on marketing or patient recruitment; and limits on remuneration
that takes into account business or patients outside the value-based
arrangement. We are not finalizing the proposed limit on outside
funding of protected remuneration. The final safe harbor does not offer
protection for arrangements downstream of a VBE participant, such as
arrangements between two VBE participants. The final safe harbor
permits protection for payments made under the upstream risk-assumption
contracts between the VBE and the payor from whom the VBE assumes risk.
The final safe harbor at paragraph 1001.952(ff) may be used by
participants in CMS-sponsored models, if safe harbor conditions are
met, but it is primarily for other kinds of value-based arrangements,
including arrangements in the commercial market. We are separately
finalizing a safe harbor at paragraph 1001.952(ii) for CMS-sponsored
models (as defined) (see discussion at section III.B.7).
a. General Comments
Comment: While some commenters supported the substantial downside
financial risk safe harbor, others expressed concern that the safe
harbor is too complicated to be useful.
Response: We appreciate commenters highlighting their concerns. We
have revised the substantial downside financial risk safe harbor by
streamlining and clarifying its defined terms and conditions, which we
believe addresses these concerns. For example, in paragraph
1001.952(ff)(9), we provided additional clarity about the manner in
which parties must calculate savings and losses pursuant to
methodologies in the definition of ``substantial downside financial
risk.''
Comment: Multiple commenters urged OIG to align this safe harbor
with CMS's exception to the physician self-referral law for value-based
arrangements with meaningful downside financial risk in order to
facilitate their compliance efforts. Commenters generally favored the
risk thresholds proposed in the meaningful downside financial risk
exception to the physician self-referral law over the substantial
downside financial risk thresholds proposed in OIG's safe harbor.
Response: As with the OIG Proposed Rule, we coordinated with CMS in
the development of this final rule and aimed to promote alignment
between the two rules where possible. For a general discussion of the
rationale for our decision to finalize safe harbors that diverge in
certain aspects from the parallel exceptions to the physician self-
referral law, we refer readers to section III.A.1 of the preamble to
this final rule. With respect to the risk thresholds in CMS's rule, and
as discussed further below, we have determined that CMS's methodology
is not appropriate for this safe harbor because it focuses on physician
risk arrangements and remuneration rather than risk assumed at the VBE
level.
b. Definitions
i. Substantial Downside Financial Risk
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ff)(8)(i) that a VBE would be at substantial downside
financial risk if it were subject to risk pursuant to one of four
methodologies: (i) Shared savings with a repayment obligation to the
payor of at least 40 percent of any shared losses, where loss is
determined based upon a comparison of costs to historical expenditures,
or to the extent such data is unavailable, evidence-based, comparable
expenditures; (ii) a
[[Page 77756]]
repayment obligation to the payor under an episodic or bundled payment
arrangement of at least 20 percent of any total loss, where loss is
determined based upon a comparison of costs to historical expenditures,
or to the extent such data is unavailable, evidence-based, comparable
expenditures; (iii) a prospectively paid population-based payment for a
defined subset of the total cost of care of a target patient
population, where such payment is determined based upon a review of
historical expenditures, or to the extent such data is unavailable,
evidence-based, comparable expenditures; or (iv) a partial capitated
payment from the payor for a set of items and services for the target
patient population where such capitated payment reflects a discount
equal to at least 60 percent of the total expected fee-for-service
payments based on historical expenditures or, to the extent such data
is unavailable, evidence-based, comparable expenditures of the VBE
participants to the value-based arrangements.
Summary of Final Rule: We are finalizing, with modifications, the
definition of ``substantial downside financial risk'' at paragraph
1001.952(ff)(9)(i). Based on comments, we are reducing the risk
threshold that parties must assume in order to meet the definition of
``substantial downside financial risk'' for the first payment
methodology (the ``Shared Savings and Losses Methodology'') to 30
percent, and we are clarifying that, under this methodology, savings
and losses must be calculated by comparing current expenditures for all
items and services that are covered by the applicable payor and
furnished to the target patient population to a bona fide benchmark
designed to approximate the expected total cost of such care. We are
clarifying that, for the second methodology, savings and losses must be
calculated by comparing current expenditures for all items and services
furnished to the target patient population pursuant to a defined
clinical episode of care that is covered by the applicable payor to a
bona fide benchmark designed to approximate the expected total cost of
care for the defined clinical episode of care (the ``Episodic Payment
Methodology''). We also clarify that, for the Episodic Payment
Methodology, the parties must design the clinical episode of care to
cover items and services furnished collectively in more than one care
setting. We are finalizing a revised partial capitation methodology
(the ``VBE Partial Capitation Methodology'') pursuant to which the VBE
is at substantial downside financial risk if the VBE receives from the
payor a prospective, per-patient payment that is: (i) Designed to
produce material savings; and (ii) paid on a monthly, quarterly, or
annual basis, for a predefined set of items and services furnished to
the target patient population designed to approximate the expected
total cost of expenditures for the predefined set of items and
services. Finally, we are not finalizing the proposed population-based
payment methodology because population-based payments may not, in all
circumstances, involve downside financial risk. For example, we
understand that at least some population-based payments do not put
providers at risk of receiving a lower reimbursement amount and instead
are used as a cash-flow mechanism to support provider investments in
care management tools.
Comment: Although we received some statements of support, the
overwhelming majority of commenters on this topic opposed our proposed
definition of ``substantial downside financial risk.'' These commenters
generally asserted that our proposed risk thresholds were too high,
particularly for the Shared Savings and Losses Methodology and
suggested other thresholds, such as 10 percent for the Shared Savings
and Losses Methodology. For example, a commenter asserted that our
proposed definition of ``substantial downside financial risk'' was not
aligned with the levels of risk assumed under other public and private
sector value-based payment initiatives and would serve as a barrier to
providers entering into risk-based arrangements. The same commenter
suggested that, in setting qualifying risk levels too high, OIG would
promulgate safe harbors that would be available only to sophisticated
entities that are able to take on high levels of financial risk (e.g.,
ACOs associated with large health systems). Another commenter stated
that our identified risk thresholds were arbitrary and biased against
smaller and rural health care providers because such providers likely
lack the capital reserves necessary to assume substantial downside
financial risk. Other commenters asserted that our view of risk was too
narrow by failing to consider the importance of upside financial risk,
contractual risk, clinical risk related to treating complex patients,
operational risk, and investment risk. At least one commenter urged OIG
to include financial risk that is assumed only in the event certain
quality benchmarks are not met.
Response: We solicited comments on whether the proposed risk
thresholds should be higher or lower, or whether some or all of the
methodologies should be modified to better capture the assumption of
substantial downside financial risk for items and services furnished to
patients or omitted from the final rule entirely. In response to
comments and based on further consideration of risk assumption
requirements used by Innovation Center models, we are reducing the risk
threshold required for the Shared Savings and Losses Methodology from
40 to 30 percent, and we are not including a risk threshold in the VBE
Partial Capitation Methodology. We are retaining the 20 percent risk
threshold for the Episodic Payment Methodology because we believe the
risk threshold proposed and finalized is consistent with the design of
episodic payment models in which health care stakeholders currently
participate, including Innovation Center models that adopt a similar
payment methodology. The risk thresholds in the final rule reasonably
reflect substantial downside financial risk under the three
methodologies for purposes of this safe harbor. Moreover, we believe
risk thresholds are necessary to mitigate traditional fraud and abuse
risks associated with payment systems that incorporate, in whole or in
part, fee-for-service reimbursement methodologies. Arrangements with
lower risk levels would be analyzed for compliance with the anti-
kickback statute on a fact-specific basis.
The requirement for the VBE to assume substantial downside
financial risk, as opposed to upside financial risk, contractual risk,
clinical risk related to treating complex patients, operational risk,
or investment risk, or financial risk that is assumed only in the event
certain quality benchmarks are not met, is appropriate because we are
not persuaded that other types of risk would provide as strong an
incentive to change ordering or referring behaviors of providers and
suppliers that might still be paid on a fee-for-service basis or
otherwise help ensure that safe-harbored arrangements would serve
appropriate value-based purposes. We believe the risk levels set in the
final rule will be substantial enough to reduce any traditional volume-
driven incentives to overutilize or increase program costs by ordering
and referring providers and to increase incentives to promote efficient
delivery of health care.
This safe harbor does not prevent the VBE from assuming other types
of risk from the payor suggested by commenters, e.g., investment risk,
contractual risk, and clinical risk related
[[Page 77757]]
to treating complex patients, as long as the VBE also assumes
substantial downside risk from a payor. However, we note that these
other types of risk may result in an exchange of remuneration that
implicates the Federal anti-kickback statute and must be separately
considered for compliance with the statute.
As discussed in section III.B.4.d below, a VBE and a payor that is
a VBE participant can enter into value-based arrangements to protect
remuneration under this safe harbor. The types of risk suggested by
commenters may be protected by this safe harbor if remuneration
exchanged and the associated value-based arrangements meet all
applicable conditions.
We appreciate the challenges associated with assuming risk that
certain smaller and rural providers may face. The definition of ``VBE''
affords parties significant flexibility and places no limit on the
number of providers that can participate in the VBE and work together
to assume substantial downside financial risk. We also highlight that
other safe harbors, including the care coordination arrangements safe
harbor, at paragraph 1001.952(ee), and the outcomes-based payments safe
harbor at paragraph 1001.952(d)(2), may be available for parties that
are not ready to assume the level of risk required by this safe harbor.
Comment: Commenters requested clarification on the practical
application of the methodology OIG proposed in the ``substantial
downside financial risk'' definition--shared savings with a repayment
obligation to the payor of at least 40 percent of any shared losses.
For example, a commenter asked whether the shared savings and losses
repayment calculation must be applicable to the entire value-based
enterprise or if it could be limited to a particular shared savings and
losses arrangement between specified VBE participants. Other commenters
asked whether the shared savings and losses repayment obligation could
be in the form of a forfeited withhold or risk-pool payment, as opposed
to an actual repayment of cash. Similarly, another commenter asserted
that this methodology should permit the assumption of risk through
front-end withholds or dues assessments. Another commenter asked how
the shared savings and losses percentage threshold should be calculated
if the sharing rate varies based on quality performance and other
adjustments.
Response: In response to commenters' request for additional detail,
we are clarifying that the Shared Savings and Losses Methodology
expressly requires that any losses and savings calculations take into
account all items and services that are covered by the applicable payor
and furnished to the target patient population, not simply those items
and services furnished by specified VBE participants. In other words,
the Shared Savings and Losses Methodology is dependent on the items and
services covered by the payor and provided to the target patient
population, not the specific composition of the VBE and its VBE
participants. For example, a VBE could not limit its risk for shared
savings and losses under this methodology for certain outpatient items
and services by only entering into value-based arrangements with a
narrow set of providers that only furnish care in outpatient settings.
In response to comments, we also are clarifying that this
methodology permits the assumption of risk prospectively or
retrospectively. As long as the VBE meets the requirements of the
Shared Savings and Shared Losses Methodology, as finalized, including
the requirement that losses and savings be calculated by comparing
certain expenditures to a bona fide benchmark designed to approximate
the expected total cost of the applicable care, this safe harbor does
not prescribe how the payor and VBE structure payments to effectuate
the VBE's risk.
Finally, under the Shared Savings and Losses Methodology, financial
risk must equal at least 30 percent of loss, where loss is determined
by comparing current expenditures for all items and services that are
covered by the applicable payor and furnished to the target patient
population to a bona fide benchmark designed to approximate the
expected total cost of such care. To satisfy the Shared Savings and
Losses Methodology, any adjustments based on quality performance or
other factors may not bring the financial risk below 30 percent of such
loss.
Comment: With respect to the second proposed methodology (the
Episodic Payment Methodology), some commenters asked whether such
arrangements could be prospective or retrospective. A commenter
asserted that we should add another episodic or bundled payment
arrangement methodology, similar to this methodology, but that requires
any repayment obligation for losses to equal, at a minimum, 20 percent
of historical expenditures. The commenter also requested that we
clarify that this methodology applies only to an ``episode of care''
that involves multiple care settings. Finally, a commenter, asserting
that it was unaware of any value-based arrangement that can provide
quality care at 80 percent of episode costs, recommended we reframe
this substantial downside financial risk methodology as ``discount-
based.''
Response: As an initial matter, we clarify that the Episodic
Payment Methodology is with respect to a set of defined items and
services related to a clinical condition and, as a result, have
replaced the OIG Proposed Rule term ``episodic or bundled payment
methodology'' with ``clinical episode of care'' in order to better
convey this requirement. We also confirm that financial risk assumed
pursuant to the Episodic Payment Methodology may be prospective or
retrospective.
In response to the commenter that requested we clarify that this
methodology applies only to an ``episode of care'' that involves
multiple care settings, we are requiring in paragraph
1001.952(ff)(9)(i)(B)(2) that the parties design the clinical episode
of care to cover items and services collectively furnished in more than
one care setting. The VBE and the payor can meet this requirement as
long as they design the clinical episode of care to cover a collection
of items and services that they anticipate will be provided in more
than one care setting even if a particular patient in the target
patient population undergoing a clinical episode of care ultimately
does not receive items and services in more than one care setting. We
believe this requirement is consistent with episodic or bundled payment
methodologies that involve services delivered by more than one provider
and promotes collaboration across providers and suppliers that may
otherwise operate independently and deliver care in silos.
To illustrate these clarifications, the Episodic Payment
Methodology could include a clinical episode of care for an inpatient
procedure for which the payor and the VBE design the clinical episode
of care to cover items and services furnished across care settings in a
hospital and post-acute care setting, such as a physician clinic or a
skilled nursing facility. In contrast, we do not consider a bundled
payment to a provider for an episode of care that occurs in a single
setting, such as a DRG payment to a hospital for inpatient services, to
be an episodic payment for purposes of this rule.
Lastly, we are not finalizing an episodic payment methodology that
requires a repayment obligation for losses equal to, at a minimum, 20
percent of historical expenditures or reframing the Episodic Payment
Methodology as ``discount based,'' as suggested by a commenter. We
clarify that the Episodic Payment Methodology,
[[Page 77758]]
as finalized, does not require the payor to discount the cost of items
and services included in the defined clinical episode of care by 20
percent. Rather, the VBE must assume risk for at least 20 percent of
any loss realized pursuant to a defined clinical episode of care, with
losses (and savings) calculated by comparing current expenditures for
all items and services included in the defined clinical episode of care
and furnished to the target patient population to a bona fide benchmark
designed to approximate the expected total cost of such care.
Comment: Commenters generally expressed confusion regarding the
application of the fourth prong included in the proposed ``substantial
downside financial risk'' definition--a partial capitation payment that
reflects a discount equal to at least 60 percent of the total expected
fee-for-service payments. For example, a commenter asked why this
methodology includes a discount because capitation itself places a
physician at risk through a per-member, per-month payment. Another
commenter suggested that we revise this prong to encompass capitated
payments for a limited set of services, e.g., primary care. Some
commenters asserted that the 60 percent discount level was not
economically feasible and suggested that OIG lower the discount level.
Response: In response to comments, we are finalizing the VBE
Partial Capitation Methodology, with modifications. We are removing the
discount percentage requirement in recognition that the partial
capitation payment, as set forth in paragraph 1001.952(ff)(9)(i)(C),
itself, constitutes the assumption of substantial downside financial
risk. In keeping with the intent of the prior discount percentage
requirement, we also are requiring that this methodology be designed to
result in material savings. In other words, the VBE Partial Capitation
Methodology is designed to achieve cost efficiencies by incentivizing
better care coordination that benefits patients and the health care
delivery system by placing the VBE at substantial downside financial
risk.
We are not defining material savings in regulatory text to provide
parties flexibilities in designing partial capitation payments. There
are a number of ways that parties might design a partial capitation
payment consistent with this methodology to generate material savings.
For example, the parties may design a capitation payment with
utilization targets that are intended to lower costs versus historical
utilization, or the parties may use other methodologies that
incentivize the VBE to operate more efficiently and lower costs. We
recognize that, as the VBE and its VBE participants become more
efficient, the opportunity to achieve materials savings, as that term
is commonly understood, may become more difficult. As a VBE
successfully reduces costs in one year, it becomes harder to further
reduce costs in subsequent years. Under this methodology, and because
we are not defining ``material savings,'' parties have flexibility to
design partial capitation payment rates to account for such issues. For
example, the parties could use national or regional utilization data in
designing the partial capitation payment to appropriately adjust the
payment rates to account for the efficiency of the VBE.
Additionally, given the complexity of establishing a partial
capitation payment, payors, from whom the VBE assumes risk under this
methodology, will have a significant role in their design. Payors have
experience and expertise in designing actuarial models to assess and
project costs for their plans and establish rates. Capitation payments
designed consistent with generally accepted actuarial principles can,
for example, ensure that a partial capitation payment: (i) Captures all
reasonable, appropriate, and attainable costs; (ii) is sufficient,
based on past and anticipated service utilization by the target patient
population; (iii) reflects cost trends; (iv) is risk adjusted as
appropriate; and (iv) provides documentation and transparency on how
the rate was developed. While not an exhaustive list, these factors
would be relevant in assessing whether a capitation payment is designed
to generate material savings.
We also are clarifying the form in which the VBE must receive a
partial capitation payment. Specifically, we are requiring that the VBE
receive from a payor a prospective, per-patient payment, paid on a
monthly, quarterly, or annual basis. This methodology would not include
fee-for-service payments under the Medicare inpatient prospective
payment system or other fee-for-service payments under Medicare Parts A
or B. The per-patient payment must be for a predefined set of items and
services furnished to the target patient population, designed to
approximate the expected total cost of expenditures for the predefined
set of items and services. As noted above, this payment must be
intended to result in material savings.
We emphasize that, under the VBE Partial Capitation Payment
Methodology, the VBE is assuming risk for a predefined set of items or
services that are less than all of the items and services covered by
the payor, in contrast to the full financial risk safe harbor, which
requires the VBE to assume full financial risk for all items and
services from a payor. For example, a partial capitation payment under
this methodology may cover primary care services only for a target
patient population but not inpatient services, prescription drugs, or
other items and services covered by the payor.
While we are not specifying a percentage or scope of items and
services that must be reimbursed on a capitated basis, the requirement
that partial capitation payments be intended to result in material
savings achieves a similar purpose. A VBE assuming substantial downside
risk is afforded flexibility under this safe harbor because, as
explained previously, this level of risk mitigates the traditional
risks of fraud and abuse associated with fee-for-service payments. The
effectiveness of that mitigation is directly connected to the incentive
associated with substantial downside risk methodologies; increased risk
means the VBE has a greater incentive to reduce costs and improve
outcomes for patients. In the context of the VBE Partial Capitation
Methodology, the substantial downside risk is partly dependent on the
scope of items and services covered by the partial capitation payment.
For example, a VBE that receives a partial capitation payment for
inpatient services associated with one DRG has less incentive than a
VBE that receives a partial capitation payment for all inpatient
services.
We recognize that payors are unlikely to contract with a VBE under
a partial capitation payment for a narrow set of items or services.
However, ensuring that VBEs have the appropriate level of incentives by
assuming risk is a key safeguard in this safe harbor and is the reason
why we are finalizing the requirement that partial capitation payments
be designed to generate material savings. We note that the scope of
services is just one factor for determining whether the capitation
payment was designed to generate material savings. For example, a VBE
and a payor could design a partial capitation payment that meets this
methodology if the VBE receives capitation payments for a narrow set of
services that are typically high cost as long as the capitation
payments for that limited set of high-cost items or services were
designed to generate material savings.
We also note that this safe harbor conditions protection on the VBE
assuming substantial downside
[[Page 77759]]
financial risk from the payor for the predefined items and services. It
does not require the VBE to assume other functions from the payor, such
as enrollment, grievance and appeals, solvency standards, and other
administrative functions performed by payors.
Comment: In response to our solicitation of comments regarding
alternative means to calculate savings and losses (and in particular,
how best to establish a baseline that appropriately assesses the VBE's
financial performance), we received a number of comments recommending
modifications to the proposed requirement that, for each methodology
under the ``substantial downside financial risk'' definition, parties
would need to determine any savings or losses realized based upon a
review of historical expenditures, or to the extent such data was
unavailable, evidence-based, comparable expenditures. For example,
several commenters questioned our reliance on historical expenditures
as a reliable datapoint, with several expressing concern that such a
standard may not be adequately risk-adjusted or an accurate benchmark
to the extent parties are providing new treatments, items, and services
(representing the latest advances in technology, for example) that
exceed the cost of treatment in benchmark years. At least two
commenters recommended that we add ``projected spending'' as a method
to compare costs, with one asserting that historical expenditures may
not be appropriately risk adjusted. A commenter also suggested that we
allow parties to adjust payments as needed to cover the costs of new
treatment options.
Response: We are no longer requiring that parties rely on
historical expenditures or evidence-based, comparable expenditures to
determine a benchmark used in calculating any losses or savings
realized. We recognize, as highlighted by commenters, that historical
expenditures could be volatile or otherwise result in an inaccurate
benchmark, particularly for smaller entities, and that other data, such
as national or regional data, may be appropriate factors that can be
used for setting an accurate benchmark. Consequently, we are revising
this requirement to provide that, for two of the methodologies
finalized in the ``substantial downside financial risk'' definition--
the Shared Savings and Losses Methodology and the Episodic Payment
Methodology--parties must calculate any losses or savings based upon a
bona fide benchmark, i.e., a legitimate benchmark, designed to
approximate the cost of care.\51\ Specifically, for the Shared Savings
and Shared Losses Methodology, we require that the parties calculate
losses by comparing current expenditures for all items and services
that are covered by the applicable payor and furnished to the target
patient population to a bona fide benchmark designed to approximate the
expected total cost of such care. Similarly, for the Episodic Payment
Methodology, we require that parties calculate losses by comparing
current expenditures for all items and services that are covered by the
applicable payor, furnished to the target patient population, and
relate to a defined clinical episode of care to a bona fide benchmark
designed to approximate the expected total cost of care for the defined
clinical episode of care.
---------------------------------------------------------------------------
\51\ We are not requiring that parties compare current
expenditures to a bona fide benchmark designed to approximate the
expected total cost of care for the VBE Capitation Payment
Methodology because of its prospective nature and per-patient, per-
month, per-quarter, or per-year payment structure. Instead, for this
methodology, parties must establish a capitated payment for a
predefined set of items and services furnished to the target patient
population, designed to approximate the expected total cost of
expenditures for the predefined set of items and services. The
capitated payment must also (among other criteria) be intended to
result in material savings.
---------------------------------------------------------------------------
This revision has two aims. First, we seek to protect against the
selection of benchmarks that artificially create savings or
inappropriately insulate any VBE participant from losses. This is based
on our intent to ensure that parties are truly assuming downside
financial risk. Second, we seek to provide parties with the flexibility
necessary to establish a baseline tailored to the contract or value-
based arrangement between the VBE and the payor. Thus, under these
revised methodologies, a bona fide benchmark does not need to be based
on historical expenditures or, to the extent such data is unavailable,
evidence-based, comparable expenditures, as proposed in the OIG
Proposed Rule. With this revised standard, a bona fide benchmark may be
appropriately adjusted, e.g., through a prospective or retrospective
risk-adjustment to account for outlier health care expenditures,
provided the methodology for such adjustment is established in advance.
We emphasize that any such adjustment must be consistent with the
requirement that the bona fide benchmark be designed to approximate the
expected total cost of care.
We note that there are several ways that parties may demonstrate
that a benchmark is bona fide. Parties seeking examples of bona fide
benchmarks may look to Innovation Center models, the Medicare Shared
Savings Program, Medicaid programs, or private payors that have adopted
and validated benchmarks for their participants in similar risk-based
models. Bona fide benchmarks may incorporate concepts such as risk
adjustments, cost projections (including those related to new
treatments), and peer comparisons, as applicable. Given the complexity
of establishing a benchmark, we anticipate that payors from whom the
VBE assumes risk will be involved in their design. Similar to the
design of a partial capitation payment, payors have relevant experience
and expertise in designing actuarial models to assess and project costs
for their plans that will support the development of bona fide
benchmarks. Benchmarks that are validated or designed consistent with
generally accepted actuarial principles will likely be bona fide.
Parties will need to assess and ensure the validity and appropriateness
of the benchmark based on the specific facts and circumstances of their
VBE, the value-based arrangement, the scope of the items and services
covered, and the target patient population.
Comment: Several commenters requested that OIG include a cap or
stop-loss threshold in the substantial downside financial risk safe
harbor that would limit the amount of loss incurred by the VBE. For
example, specific to the clinical episode of care methodology, a
commenter recommended that we limit potential losses to 20 percent of
historical expenditures; specific to the shared savings methodology, a
commenter encouraged protection for arrangements that include stop-loss
thresholds for shared losses set at a certain percentage of historical
benchmark costs, akin to the Medicare Shared Savings Program.
Alternatively, other commenters urged OIG to simply clarify that
reinsurance arrangements, or other like arrangements to protect against
catastrophic losses, would not fall outside of our proposed definition
of ``substantial downside financial risk.'' According to these
commenters, reinsurance arrangements are critical to encouraging the
assumption of downside financial risk.
Response: Given the inherent differences in target patient
populations, the sophistication of parties participating in value-based
arrangements, and varying risk methodologies that parties may adopt, we
decline to include a specific cap, stop-loss threshold, or reinsurance
threshold. This provides parties
[[Page 77760]]
flexibility to adopt various risk methodologies that still satisfy the
safe harbor's definition of ``substantial downside financial risk.''
Parties entering into a contract or a value-based arrangement to assume
substantial downside financial risk should have the flexibility to
determine the appropriate cap, stop-loss, or reinsurance threshold, if
any, and we clarify that neither the safe harbor's conditions nor the
definition of ``substantial downside financial risk'' precludes parties
from entering into reinsurance arrangements or other like arrangements
to protect against catastrophic losses. Nevertheless, we caution that
such arrangements should not be used as a vehicle to materially shift
the substantial downside financial risk a VBE is otherwise required to
assume pursuant to this safe harbor.
Comment: Several commenters supported OIG's alternate proposal to
adopt risk levels more closely aligned with advanced APMs and other
payor advanced APMs, as both terms are defined at 42 CFR 414.1305, or
requested that the definition of ``substantial downside financial
risk'' include advanced APMs. In addition, a commenter noted that the
risk levels proposed by OIG exceeded those required in advanced APMs.
Response: We are not revising the risk levels set forth in the
``substantial downside financial risk'' definition to align with those
of advanced APMs and other payor advanced APMs, as both terms are
defined at 42 CFR 414.1305. Different risk thresholds between this safe
harbor and advanced APMs and other payor advanced APMs are appropriate
in light of the differing objectives between this rulemaking and the
Quality Payment Program, the Medicare payment program that relies on
the defined terms advanced APMs and other payor advanced APMs. For
example, the advanced APM track of the Quality Payment Program is
specific to eligible clinicians and offers a potential five percent
Medicare bonus payment, among other benefits. By contrast, this safe
harbor protects arrangements of a wide variety of industry stakeholders
beyond eligible clinicians from liability under a criminal statute and
sets out the conditions under which that protection is available.
It is possible that participants in an advanced APM might assume
risk at levels that meet the requirements of this safe harbor. Further,
some advanced APM participants may be eligible for safe harbor
protection under the new CMS-sponsored model arrangements safe harbor
found at paragraph 1001.952(ii).
Comment: Multiple commenters requested that we opine on whether
certain arrangements would meet our proposed definition of
``substantial downside financial risk.'' For example, at least two
commenters requested that we address whether a bonus pool or
gainsharing arrangement, tied to the achievement of certain outcome
measures, could potentially meet our definition of ``substantial
downside financial risk.'' The commenters argued in favor of such an
interpretation, asserting that the potential to earn a bonus payment
constitutes downside risk to the extent the bonus is (i) otherwise
considered part of the recipient's aggregate compensation, and (ii)
withheld if outcome measures are not met.
Response: The definition of ``substantial downside financial risk''
requires, among other criteria, that the VBE assume the potential for
realizing losses. This definition would permit parties to design a two-
sided risk methodology that would place the VBE at downside financial
risk and upside financial risk. In other words, the definition
requires, at a minimum, the VBE to assume substantial downside
financial risk, but does not preclude the parties from including other
risk methodologies, so long as all other conditions of the safe harbor
are met. For example, arrangements that include a bonus pool or
gainsharing, along with the VBE assuming the required substantial
downside financial risk, may be protected by this safe harbor. However,
a risk methodology that only includes upside risk would not meet this
requirement.
ii. Meaningful Share
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ff)(2) that this safe harbor would protect remuneration
exchanged between a VBE and a VBE participant if the VBE participant
meaningfully shares in the VBE's substantial downside financial risk
for providing or arranging for items and services for the target
patient population. We proposed that a VBE participant would
meaningfully share in the VBE's risk if the VBE participant met one of
the following three methodologies: (i) A risk-sharing payment pursuant
to which the VBE participant is at risk for 8 percent of the amount for
which the VBE is at risk under its agreement with the applicable payor
(e.g., an 8-percent withhold, recoupment payment, or shared losses
payment); (ii) a partial or full capitated payment or similar payment
methodology (excluding certain enumerated reimbursement methodologies);
or (iii) in the case of a VBE participant that is a physician, a
payment that meets the requirements of the physician self-referral
law's regulatory exception for value-based arrangements with meaningful
downside financial risk at 42 CFR 411.357(aa)(2).
Summary of Final Rule: We are finalizing, with modifications, at
paragraph 1001.952(ff)(3) a requirement for the VBE participant to be
at risk for a meaningful share of the VBE's substantial downside
financial risk for providing or arranging for the provision of items
and services for the target patient population. We are finalizing, with
modifications, the proposed definition of ``meaningful share'' at
paragraph 1001.952(ff)(9)(ii). Specifically, based on comments we are:
(i) Revising the first methodology of the ``meaningful share''
definition (the ``Risk-Sharing Payment Methodology'') to clarify that
any risk assumed by a VBE participant pursuant to this methodology must
be two-sided risk; (ii) lowering the risk threshold for the Risk-
Sharing Payment Methodology from 8 percent to at least 5 percent of the
losses and savings, as applicable, realized by the VBE pursuant to its
assumption of substantial downside financial risk; (iii) revising the
second methodology of the ``meaningful share'' definition to apply to
prospective, per-patient payments for a predefined set of items and
services furnished to the target patient population (the ``Meaningful
Share Partial Capitation Methodology''); and (iv) not finalizing the
proposed methodology applicable to physician payments that meet the
requirements of the physician self-referral law's regulatory exception
for value-based arrangements with meaningful downside financial risk at
42 CFR 411.357(aa)(2) (the ``CMS Exception Methodology'').
Comment: While we received comments in favor of our proposed
requirement for the VBE participant to assume a meaningful share of the
VBE's substantial downside financial risk, many advocated against it,
suggesting no or optional risk requirements for VBE participants
downstream from the VBE assuming substantial downside financial risk.
These commenters highlighted varying Innovation Center models that do
not require the downstream assumption of risk.
Response: We are finalizing a requirement for VBE participants,
other than the payor from which the VBE is assuming risk, to be at risk
for a meaningful share of the VBE's substantial downside financial risk
pursuant to a value-based arrangement
[[Page 77761]]
with the VBE. This safe harbor is not chiefly designed for Innovation
Center models, which may not have downside financial risk, and which
may fit more readily in the new safe harbor at paragraph 1001.952(ii)
for CMS-sponsored models. The requirement to assume a meaningful share
of the VBE's risk is foundational to the structure of the safe harbor,
which does not include certain established safeguards, such as a fair
market value requirement, designed to mitigate risks inherent to a
traditional fee-for-service payment methodology, nor additional
safeguards present in the care coordination arrangements safe harbor,
such as a bar on monetary compensation or a contribution requirement,
that protect against payment for referral schemes. The requirement to
assume a meaningful share of the VBE's risk helps ensure that VBE
participants ordering or arranging for items and services for the
target patient population share in the VBE's value-based purposes and
cost-reduction goals.
The payor from which the VBE is assuming substantial downside
financial risk is exempt from the requirement to meaningfully share in
the VBE's substantial downside financial risk in paragraph
1001.952(ff)(3). As discussed in greater detail in section III.B.4.d,
this carve-out applies to those payors from which VBEs are assuming
risk that elect to also be a VBE participant and enter into a value-
based arrangement with a VBE. In such circumstances, the payor, as a
VBE participant, need not share again in the risk that the VBE assumed
from it in the value-based arrangement.
Comment: While at least one commenter supported the risk threshold
in the first proposed methodology for meaningfully sharing in the VBE's
risk (a risk-sharing payment pursuant to which the VBE participant is
at risk for 8 percent of the amount for which the VBE is at risk under
its agreement with the applicable payor), the majority of commenters
advocated that we lower the risk threshold, such as to 5 percent.
Commenters highlighted varying Innovation Center models that impose
lower risk requirements or rely on a broader risk framework. Other
commenters suggested that this methodology should be expanded to
encompass other types of risk, for example, operational or contractual
risk. Commenters suggested that a more expansive methodology would
encourage a greater number of providers to take on downside risk
arrangements while still effectively deterring potential fraudulent
behavior. A commenter recommended that OIG revise the first proposed
methodology for meaningfully sharing in the VBE's risk to state that
the VBE participant is at risk for ``at least 8 percent'' of the VBE's
risk to allow for other arrangements that involve greater downside
risk.
Response: We are revising the Risk-Sharing Payment Methodology to
reduce the required minimum risk threshold from 8 percent to at least 5
percent and requiring two-sided risk (e.g., savings and losses). We
believe this level of risk is appropriate to ensure VBE participants
share the VBE's goal of cost reduction and to reduce fraud and abuse
risks while making this safe harbor more accessible to individuals and
entities that want to exchange remuneration with the VBE pursuant to
this safe harbor. As finalized, this methodology aligns with the Shared
Savings and Losses Methodology in the definition of ``substantial
downside financial risk.'' This modification will provide VBE and VBE
participants additional flexibilities to align risk-sharing
methodologies and protect similar exchanges of remuneration (e.g.,
savings and losses) in value-based arrangements.
We are not permitting VBE participants to meet the Risk-Sharing
Payment Methodology by assuming other types of risk, such as
operational or contractual risk. We are concerned these types of risk
would not adequately align a VBE participant's financial incentives
with that of the VBE's cost-reduction goals resulting from the VBE's
assumption of substantial downside financial risk.
Comment: Some commenters opposed pegging the first risk-sharing
payment methodology of the ``meaningful share'' definition to the total
risk assumed by the VBE. For example, a commenter noted that VBE
participants, and in particular smaller providers, are unlikely to
accept risk for 8 percent of the total amount for which the VBE is at
risk from the payor. The commenter urged OIG to revise its meaningfully
share standard to require that the VBE participant assume risk only for
its own costs and suggested 20 percent as a potential risk assumption
threshold.
Response: As finalized, the Risk-Sharing Payment Methodology
continues to require that the VBE participant share in a certain
percentage of the VBE's total risk. However, in response to comments,
we are finalizing a lower risk threshold of 5 percent for this
methodology and clarifying that this methodology requires two-sided
risk.
We also clarify that, to the extent a VBE realizes catastrophic
losses, triggering any reinsurance or other like arrangement into which
the VBE has entered, the VBE participant would calculate any amount
owed to the VBE pursuant to this methodology based on the VBE's losses,
as adjusted by the reinsurance or other like arrangement.
Comment: A commenter requested that OIG define ``partial capitation
arrangements'' in the context of the second proposed methodology for
meaningfully sharing in the VBE's risk--a partial or full capitation
payment or similar payment methodology, excluding the Medicare
inpatient prospective payment system or other like payment methodology.
The commenter also asked whether there is a minimum amount that would
qualify as partial capitation.
Response: In response to comments, we are finalizing the Meaningful
Share Partial Capitation Methodology with revisions that, for clarity,
more fully describe the permissible capitation methodology. Pursuant to
this revised methodology, a VBE participant must: (i) Receive from the
VBE a prospective, per-patient payment on a monthly, quarterly, or
annual basis for a predefined set of items and services furnished to
the target patient population by the VBE participant designed to
approximate the expected total cost of those expenditures for the
predefined items or services; and (ii) not separately claim payment
from the payor for the predefined set of items and services covered by
the partial capitated payment. Consistent with our stated goal in the
OIG Proposed Rule, we believe this methodology ensures that those VBE
participants assuming a meaningful share of the VBE's risk pursuant to
the Meaningful Share Partial Capitation Methodology do so in a manner
that is aligned with the payor's cost-reduction goals.
For the same reasons we are not specifying the percentage or scope
of items and services that must be included in the VBE Partial
Capitation Methodology, we are not specifying a minimum amount of items
and services that must be covered to meet the Meaningful Share Partial
Capitation Methodology. Likewise, we note that this methodology would
not include fee-for-service payments under the Medicare inpatient
prospective payment system or other fee-for-service payments under
Medicare Parts A or B. Payments must be made on a monthly, quarterly,
or annual basis to satisfy this methodology.
A VBE participant may be at risk through this methodology not only
where the VBE is at substantial downside financial risk through the VBE
Partial Capitation Methodology but
[[Page 77762]]
also any other substantial downside financial risk methodology. For
example, VBE participants could be at risk through the Meaningful Share
Partial Capitation Methodology, and the VBE could assume substantial
downside financial risk from a payor through the Episodic Payment
Methodology.
Comment: We received varying comments on the third proposed
methodology for meaningfully sharing in the VBE's risk: Physician VBE
participants would be deemed to meaningfully share in the VBE's risk if
they meet the definition of ``meaningful downside financial risk''
under the physician self-referral law at 42 CFR 411.357(aa)(2). Some
commenters either opposed this provision altogether or advocated for a
lower threshold than the 25 percent threshold for sharing in the costs
of the remuneration exchanged under a value-based arrangement, with a
few commenters suggesting between 5 and 15 percent. On the other hand,
some commenters supported this provision stating, for example, that it
facilitated alignment across OIG's and CMS's rules. Another commenter
requested that OIG amend this provision to apply more broadly to other
VBE participants and not just physicians.
Response: We are not finalizing the third proposed methodology (the
CMS Exception Methodology). Pursuant to the final meaningful downside
financial risk exception at 42 CFR 411.357(aa)(2), a physician must be
at ``meaningful downside financial risk'' for failure to achieve the
value-based purpose(s) of the value-based enterprise during the entire
duration of the value-based arrangement. A physician assumes
``meaningful downside financial risk'' if the physician is responsible
to repay or forgo no less than 10 percent of the total value of the
remuneration the physician receives (or is entitled to receive) under
the value-based arrangement in the event of the failure to achieve the
value-based purpose(s) of the value-based enterprise.
Upon further consideration of the varied comments we received
regarding the CMS Exception Methodology, we believe the CMS Exception
Methodology does not fit within the framework of the substantial
downside financial risk safe harbor, which is different from the
meaningful downside financial risk exception CMS is finalizing. Unlike
CMS's meaningful downside financial risk exception, OIG's safe harbor
requires the VBE participant to assume risk for a meaningful share of
the VBE's substantial downside financial risk. Risk under the CMS
Exception Methodology is tied to a percentage of the total value of the
remuneration the physician receives under the value-based arrangement
rather than a percentage of the risk the VBE assumes from the payor.
The CMS Exception Methodology does not require the physician to
meaningfully share in financial risk assumed by the VBE, a requirement
of the safe harbor.
Comment: A commenter expressed concern that the differing standards
for the assumption of downside risk in the safe harbor (i.e.,
``substantial downside financial risk'' and ``meaningfully sharing in
the VBE's substantial downside financial risk'') would confuse parties
to value-based arrangements and discourage participation. The commenter
appeared to suggest that OIG adopt a single, low risk threshold in the
substantial downside financial risk safe harbor.
Response: While we appreciate the commenter's input, we
respectfully disagree. It is appropriate to have differing risk
assumption requirements for the VBE and the VBE participant. The VBE is
contracting or entering into a value-based arrangement with a payor to
assume substantial downside financial risk, most likely for items and
services provided across care settings and by multiple VBE
participants. Conversely, the VBE participant contracting with the VBE
is not only one step removed from the payor contract, but its
performance of value-based activities is likely to have a narrower
focus, specific to the items and services it furnishes to the target
patient population. As such, we believe a lower risk assumption
threshold is appropriate for the VBE participant.
Comment: A commenter recommended that ``advanced APMs'' and ``other
payer APMs,'' as both terms are defined at 42 CFR 414.1305, should be
expressly included in the safe harbor and automatically qualify as
assuming a meaningful share of the VBE's substantial downside financial
risk. Another commenter suggested that we adopt the ``more than nominal
risk'' standard for advanced APMs instead of the proposed
``meaningfully share'' standard.
Response: Because this safe harbor has broader applicability to the
health care industry than the regulations in which the defined terms
referenced by the commenter are used (which apply to a Medicare payment
program for physicians), we decline to revise the definition of
``meaningful share'' to encompass the potentially lower risk thresholds
set forth in the ``advanced APM'' and ``other payer APM'' definitions
as set forth in 42 CFR 414.1305 or adopt, in lieu of ``meaningful
share,'' the ``more than nominal risk'' standard. Thus, participants in
advanced APMs and other payer APMs will not automatically qualify as
having a ``meaningful share'' of the VBE's substantial downside
financial risk and must meet the risk thresholds we are finalizing.
Comment: A commenter asked whether a VBE participant could join an
existing value-based arrangement between a VBE and one or more VBE
participants and satisfy the safe harbor requirement to assume a
meaningful share of the VBE's risk by sharing in such risk only for the
duration of its participation in the value-based arrangement, as
opposed to the duration of the value-based arrangement.
Response: If the VBE has already entered into a value-based
arrangement with one or more VBE participants for purposes of this safe
harbor, a party may join the existing value-based arrangement as a VBE
participant provided all safe harbor requirements are met, including
amending the signed writing to include a description of the manner in
which the new VBE participant will have a meaningful share of the VBE's
substantial downside financial risk.
We note that, other than during the 6-month phase-in period that is
available under this safe harbor, the VBE participant must be at risk
for a meaningful share of the VBE's risk throughout its participation
in the value-based arrangement. This requirement does not apply if the
VBE participant is the payor from which the VBE is assuming risk.
Comment: A commenter asserted that OIG should add language to the
safe harbor stating that VBE participants' meaningful share of risk can
be through front-end withholds or dues assessments and need not be
through back-end repayment.
Response: For the risk methodologies under the definition of
``meaningful share,'' we did not propose, and the final rule does not
prescribe, how the parties to a value-based arrangement may effectuate
the VBE participant's risk, and as such, the parties could effectuate
risk prospectively or retrospectively.
iii. Other Defined Terms
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ff)(8)(ii) that the terms ``coordination and management of
care,'' ``target patient population,'' ``value-based activity,''
``value-based arrangement,'' ``value-based enterprise,'' ``value-based
purpose,'' and ``VBE participant'' would
[[Page 77763]]
have the meaning set forth in proposed paragraph 1001.952(ee).
Summary of Final Rule: We are finalizing, with modifications, our
proposed use of the value-based terminology at paragraph
1001.952(ff)(9)(iii). We no longer use the term ``coordination and
management of care'' in this safe harbor. Additionally, because we are
finalizing at paragraph 1001.952(ff)(1) a requirement making certain
entities ineligible to use the safe harbor, we adopt for this safe
harbor the definition of ``manufacturer of a device or medical supply''
at paragraph 1001.952(ee)(12).
Comment: A few commenters requested that OIG define the term
``payor,'' with a commenter specifically suggesting that we define such
term to include a managed care organization that has a contract with
Medicare, Medicaid, or another Federal health care program that is
subject to 1128B of the Act. A commenter also asked OIG to define the
term ``used'' in relation to the requirement that remuneration be used
primarily to engage in value-based activities that are directly
connected to the items and services for which the VBE is at substantial
downside financial risk and that are set forth in writing. The
commenter also asked OIG to define the term ``offeror's cost'' in
relation to the requirement that the writing state all material terms
of the value-based arrangement, including the offeror's cost of the
remuneration.
Response: We are not defining the term ``payor.'' The term has its
commonsense meaning of a payor of health care items and services on
behalf of patients. We confirm that, for purposes of this safe harbor,
such term would include managed care organizations that have contracted
with Medicare, Medicaid, and other Federal health care programs. We
also are not defining the term ``used'' in regulatory text but use the
term consistent with its commonsense, well-understood meaning (e.g., to
put into action or service, utilize). Further, we decline to define the
term ``offeror's costs'' because, as explained at section III.B.4.k, we
are not finalizing the requirement that the writing include the
offeror's costs.
c. Entities Ineligible for Safe Harbor Protection
Summary of OIG Proposed Rule: We proposed in proposed paragraph
1001.952(ee) to limit the entities that could qualify as VBE
participants, which would have the effect of limiting availability of
the value-based safe harbors, including the substantial downside
financial risk safe harbor at proposed paragraph 1001.952(ff), for
those ineligible entities. The proposed definition of ``VBE
participant'' is summarized more fully in section III.B.2.e of this
preamble.
Summary of OIG Final Rule: As explained at section III.B.2.e, we
are not finalizing our proposal in proposed paragraph 1001.952(ee) to
limit the entities that could qualify as VBE participants. Rather, in
the final rule we are identifying parties ineligible to rely on safe
harbors in the safe harbors themselves. For the substantial downside
financial risk safe harbor, we are finalizing a requirement that
remuneration is not exchanged by any of the following entities: (i)
Pharmaceutical manufacturers, wholesalers, and distributors; (ii) PBMs;
(iii) laboratory companies; (iv) pharmacies that primarily compound
drugs or primarily dispense compounded drugs; (v) manufacturers of
devices or medical supplies; (vi) entities or individuals that
manufacture, sell, or rent DMEPOS (other than a pharmacy or a
physician, provider, or other entity that primarily furnishes services,
all of whom remain eligible); and (vii) medical device distributors or
wholesalers that are not otherwise manufacturers of devices or medical
supplies.
Summaries of comments, our responses, and policy decisions
regarding this issue can be found in the discussion of VBE participants
in section III.B.2.e of this preamble.
d. VBE's Assumption of Risk From a Payor
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ff)(1) that the VBE must assume substantial downside financial
risk from a payor and that the VBE could assume such risk directly from
a payor or through a VBE participant acting on behalf of the VBE (i.e.,
as an agent of, and accountable to, the VBE).
Summary of Final Rule: We are finalizing, with modifications, this
requirement at paragraph 1001.952(ff)(2). First, we are modifying the
safe harbor to provide two options to VBEs assuming substantial
downside financial risk from a payor. A VBE can assume risk from the
payor through an arrangement that meets the definition of ``value-based
arrangement,'' or a VBE can assume risk from a payor through a contract
that places the VBE at substantial downside financial risk. The first
option provides protection for the remuneration exchanged between the
payor and the VBE, if all safe harbor requirements are met. To
effectuate this, the payor must be a VBE participant and the VBE must
assume risk from the payor through a value-based arrangement. Under the
second option, if a payor does not wish to be part of the VBE, the VBE
can assume substantial downside financial risk from the payor through a
written contract. Under this option, the contract that places the VBE
at risk is not a value-based arrangement and the safe harbor would not
protect remuneration exchanged pursuant to it.
Second, we are modifying the risk assumption requirement to clarify
that the payor cannot act on behalf of the VBE; the VBE must be a
distinct legal entity or represented by a VBE participant, other than a
payor, that acts on the VBE's behalf.
Comment: Some commenters opposed the proposed requirement that a
VBE assume risk from a payor, asserting payor involvement should not be
a prerequisite to safe harbor protection. For example, a post-acute-
care provider asserted that, where the financial risk shared between
providers is significant, the safe harbor should be available
regardless of whether a payor is directly involved.
Response: We are finalizing the requirement that the VBE assume
substantial downside financial risk from a payor because we view it as
a critical safeguard against the potential for fraud and abuse. Payors
are ultimately responsible for the cost of the items and services
furnished to a target patient population, which informs our decision to
require that they be party to the risk arrangement that serves as the
foundation for this safe harbor. Moreover, the payor serves as an
entity with both a holistic view of, and a financial interest in
reducing, total expenditures for the target patient population, which
we believe mitigates the risks traditionally associated with fee-for-
service systems, such as overutilization or inappropriate utilization.
Consistent with our emphasis in the OIG Proposed Rule that parties
assuming substantial downside financial risk have more flexibility, we
have modified the safe harbor so that payors and VBEs have two options
for entering into the risk arrangement--entering into either a value-
based arrangement or a written contract for the VBE to assume risk from
the payor.
Under the first option for risk arrangements, payors must be a VBE
participant, which is permitted under our final definition of ``VBE
participant.'' The payor (as a VBE participant) and the VBE can enter
into a value-based arrangement for the VBE to assume substantial
downside
[[Page 77764]]
financial risk. As we proposed and are finalizing in this rule, the
introductory paragraph to 1001.952(ff) protects remuneration exchanged
between a VBE and a VBE participant pursuant to a value-based
arrangement. Therefore, remuneration exchanged pursuant to a payor's
and a VBE's value-based arrangement could be protected by this safe
harbor, including remuneration exchanged to implement a substantial
downside financial risk methodology (e.g., shared savings and losses),
if the value-based arrangement meets all applicable conditions of the
safe harbor. We do not believe this option would pose an unreasonable
burden on the payor because a value-based arrangement requires only the
provision of at least one value-based activity for a target patient
population, and the payor and VBE already must enter into an agreement
to effectuate the VBE's assumption of risk for the target patient
population. We believe any burden would be outweighed by the benefits
of safe harbor protection.
Under the second option, payors that do not wish to be part of the
VBE may choose to enter into a written contract for purposes of the VBE
assuming substantial downside financial risk. Under this option, payors
would not be VBE participants, the written contract between the payor
and the VBE would not be a value-based arrangement, and the payor would
not be subject to the other conditions of the safe harbor. In such
circumstances, these contracts must only meet the condition at
paragraph 1001.952(ff)(2), i.e., they must evidence the VBE's
assumption of substantial downside financial risk from the payor.
Remuneration exchanged pursuant to a risk assumption contract that is
not a value-based arrangement is not protected by this safe harbor. The
VBE and the payor would need to assess any potential remuneration
exchanged pursuant to the risk arrangement contract and its compliance
with the Federal anti-kickback statute.
In response to the commenter suggesting that providers should be
permitted to assume risk without a payor, we recognize that there may
be risk-based arrangements between and among providers that facilitate
the goals set forth in the definition of ``value-based purpose'' and
that seek to reduce overall costs. However, this safe harbor does not
protect such arrangements. Other safe harbors may be available to
protect such arrangements, such as the care coordination arrangements
safe harbor or the personal services and management contracts and
outcomes-based payment arrangements safe harbor.
Comment: Commenters requested that we clarify how the safe harbor
would apply to arrangements involving certain categories of Federal
health care program beneficiaries, such as Medicare fee-for-service
patients or Indian Health Service (IHS) beneficiaries. In particular,
multiple commenters expressed concern that, because Indian health care
is compensated through IHS appropriations and the Medicare, Medicaid,
and CHIP programs, Indian health care providers could not be risk-
bearing entities, as required in the proposed substantial downside
financial risk safe harbor.
Response: Given the requirement that the VBE assume substantial
downside financial risk from a payor, this safe harbor will be
available only for contracts or value-based arrangements where the
target patient population is comprised of patients insured by a payor
with which a VBE can enter into a risk arrangement. For example,
whereas the safe harbor may be available for certain Medicaid direct
contracting or managed care models,\52\ it likely would not currently
be available for an arrangement with a target patient population
comprised of patients enrolled only in Medicare Parts A and B (i.e.,
Medicare fee-for-service) because, outside of Innovation Center models
and the Medicare Shared Savings Program, we are not aware of a
mechanism that would allow a VBE to contract with the Medicare program
to assume substantial downside financial risk for items and services
for those patients.
---------------------------------------------------------------------------
\52\ See Center for Health Care Strategies, Inc., Value-Based
Payments in Medicaid Managed Care: An Overview of State Approaches
(Feb. 2016), available at https://www.chcs.org/media/VBP-Brief_022216_FINAL.pdf.
---------------------------------------------------------------------------
It is also possible that Indian health care providers might not be
risk-bearing entities for purposes of this safe harbor. This would not
foreclose Indian health care providers from engaging in care
coordination arrangements and seeking safe harbor protection under the
care coordination arrangements safe harbor, which does not require the
assumption of any risk (but is available for non-monetary remuneration
in risk-bearing arrangements), or other available safe harbors, such as
the personal services and management contracts and outcomes-based
payments safe harbor that protects monetary payments for achieving
quality outcomes. Moreover, the fact that an arrangement does not fit
in a safe harbor does not make the arrangement unlawful, and the OIG
advisory opinion process is also available for parties seeking a
determination about a specific existing or proposed arrangement.
Comment: At least two commenters expressed support for the ability
of a VBE participant to contract and assume risk on behalf of the VBE.
Response: We confirm that, for purposes of this final rule, parties
have this flexibility. A VBE may assume risk from the payor directly or
through a single VBE participant acting on its behalf because we
recognize that not all VBEs may be a separate legal entity.
Comment: While acknowledging patients' right to choose a provider,
a commenter requested that OIG not require parties to assume downside
financial risk for those patients who choose to receive health care
items or services from parties outside of the VBE. According to the
commenter, physicians participating in VBEs that are clinically
integrated need to refer patients within high-functioning networks that
follow care management programs, and providers should not be required
to assume downside financial risk for those patients who seek care
outside the network.
Response: We are not adopting the commenter's suggestion to exclude
those patients who choose to receive care outside a VBE from the
calculation of downside financial risk. While we recognize that
patients in the target patient population ultimately could select
providers and suppliers both inside and outside the VBE, we believe the
VBE and its VBE participants can still coordinate and manage the care
of these patients and should be required to assume risk for these
patients in order to benefit from the increased flexibility afforded by
this safe harbor. In addition, allowing providers to remove patients
from the calculation of downside risk if they choose any provider
outside the VBE could lead to manipulation of the target patient
population in ways that could compromise the quality of patient care,
e.g., providers might encourage more costly patients to obtain care
elsewhere. This approach is consistent with the Medicare Shared Savings
Program.
Comment: A medical device manufacturer asserted that this safe
harbor should be expanded to recognize that, in many cases, the items
or services for which the VBE is at risk will not necessarily be
provided directly to patients in the target patient population but
instead may be an ancillary part of their care under the value-based
arrangement, such as products and services deployed by medical device
manufacturers.
Response: We require that the VBE be at substantial downside
financial risk
[[Page 77765]]
for providing or arranging for the provision of items and services for
a target patient population and that the VBE participant assume a
meaningful share of that risk. There is no requirement that such items
and services be provided directly to the target patient population, and
there is nothing in the safe harbor that prevents the VBE's risk from
encompassing items and services for, but not provided directly to, the
target patient population, such as ancillary products and services.
However, pursuant to paragraph 1001.952(ff)(1)(v), manufacturers of
devices or medical supplies are not eligible to use this safe harbor to
exchange remuneration.
e. Phase-In Period
Summary of OIG Proposed Rule: To address start-up arrangements for
parties preparing to take on risk, we proposed at paragraph
1001.952(ff)(1) that this safe harbor would protect remuneration
exchanged between the VBE and a VBE participant during the 6 months
prior to the date by which the VBE must assume substantial downside
financial risk. We proposed that, during this phase-in period, the VBE
must be contractually obligated to assume such risk from a payor.
Summary of Final Rule: We are finalizing the 6-month phase-in
period, with modification, and relocating it to paragraph
1001.952(ff)(2).
Comment: Commenters overwhelmingly supported a phase-in period,
noting that many providers and organizations will need time to assume
downside financial risk. However, many commenters asserted that the
proposed 6-month time period was insufficient and recommended a longer
phase-in period, such as 1 or 2 years. These commenters expressed
concern that, absent a longer phase-in period, the safe harbor would be
available to only highly sophisticated and large organizations that
already have the capacity to take on high levels of financial risk.
Another commenter argued that a longer phase-in period is essential in
order to allow newly formed or small VBEs the flexibility to establish
baselines against which to measure losses or savings. Some commenters
highlighted other justifications for a longer phase-in period,
including the significant training and integration needed for the
adoption of new software systems and the need for providers with less
experience with value-based arrangements, including small or rural
providers, to have more time to assume financial risk. Other commenters
requested that OIG extend the phase-in period only in defined
circumstances, e.g., for VBEs created by independent medical practices
or in circumstances where the 6-month phase-in period would place an
undue burden on the parties to the arrangement. Finally, another
commenter suggested a capacity-building period of 2 years where an
entity would take on lower levels of downside financial risk and
gradually build up to the thresholds set forth in the definition of
``substantial downside financial risk.''
Response: We solicited comments on whether 6 months was a
sufficient timeframe for a phase-in period or whether a longer or
shorter timeframe would be appropriate. Having reviewed the comments
and considered the issue, we have determined that, while some parties
interested in assuming substantial downside financial risk might
benefit from a phase-in period of more than 6 months, a 6-month phase-
in period, paired with the availability of the care coordination
arrangements safe harbor, should provide a sufficient on-ramp for
parties seeking safe harbor protection for start-up or capacity-
building arrangements to prepare to assume substantial downside
financial risk.
In addition, the changes we have made to the definition of
``substantial downside financial risk'' to replace the previous
requirements for comparisons to historical benchmarks should allay
concerns raised by newly formed or small entities about the time needed
to establish baselines against which to measure losses or savings. In
particular, the new standard for setting a benchmark provides
flexibility to individuals and entities that may not have historical
benchmarks to establish benchmarks using other appropriate data, such
as regional or national data.
Comment: A commenter requested that OIG confirm that all
remuneration exchanged during the phase-in period related to VBE
participants' good faith efforts to set up the VBE or value-based
arrangement would be protected, even if the value-based arrangement
ultimately did not move forward.
Response: To qualify for protection during the phase-in period, the
VBE must have a contract or a value-based arrangement with the payor to
assume risk within the next 6 months. To illustrate, if a VBE enters
into a contract with a payor on January 1, the VBE must assume
substantial downside financial risk no later than July 1st. The phase-
in period runs from January 1 to July 1 (or an earlier date if the VBE
assumes risk sooner). We recognize that a VBE might discover during the
phase-in period that it is unable to assume the planned risk because,
for example, of a failure to achieve an adequate network or necessary
infrastructure. Remuneration exchanged between a VBE and a VBE
participant during the phase-in period would be protected even if the
VBE ultimately does not assume substantial downside financial risk at
the conclusion of the phase-in period, provided the VBE had entered
into a contract or a value-based arrangement with the payor to assume
substantial downside financial risk and all other safe harbor
requirements were met.
With respect to the question about setting up a VBE, under the
final rule, parties may not use the 6-month phase-in period to protect
remuneration exchanged in order to set up a VBE because, as a condition
of meeting the safe harbor, the VBE must already be in existence. In
addition, there must be a value-based arrangement between the VBE and
VBE participant that includes the exchange of payments or something of
value for which safe harbor protection is sought. The remuneration
under this value-based arrangement could relate to efforts to set up
necessary infrastructure to assume risk for the target patient
population.
Comment: A commenter asked OIG to protect all legitimate pre-
arrangement activities associated with assuming risk, even where the
VBE is not under a contractual obligation to assume risk. Another
commenter asked whether payments by an academic medical center to
physicians to maintain income levels during the phase-in period are
protected.
Response: We decline to protect pre-arrangement activities when the
VBE has not entered into a contract or a value-based arrangement to
assume risk from a payor, although the actual assumption of risk need
not occur for 6 months. The requirement that the VBE enter into a
contract or value-based arrangement to assume risk is a critical
safeguard to protect against parties' attempts to exploit the phase-in
period of this safe harbor to protect problematic payments when they
have no intention of entering into the risk arrangements required by
the safe harbor.
Income guarantee payments would not satisfy any of the risk-based
methodologies set forth in the definitions of ``substantial downside
financial risk'' or ``meaningful share.'' Whether income guarantee
payments to physicians could otherwise be protected by this safe harbor
would depend on whether such remuneration satisfies all requirements of
the safe harbor. For example, such payments likely would not satisfy
the requirement that remuneration be directly connected to at least one
of the three value-based
[[Page 77766]]
purposes defined in paragraph 1001.952(ee)(14)(x)(A)-(C). It seems
unlikely that income guarantee payments would be directly connected to
the deliberate organization of patient care activities and sharing of
information to improve care for the target patient population, as the
definition of coordination and management of care requires.
Additionally, while we acknowledge that income guarantees could result
in ancillary benefits to patients or could contribute to appropriate
cost reductions, we consider it unlikely that income guarantee payments
could be directly connected to improvements in the quality of care or
appropriate reductions in costs.
f. Remuneration Used To Engage in Value-Based Activities
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ff)(3)(i) that the remuneration exchanged pursuant to this
safe harbor must be used primarily to engage in value-based activities
that are directly connected to the items and services for which the VBE
is at substantial downside financial risk.
Summary of Final Rule: We are finalizing, with modifications, this
requirement at paragraph 1001.952(ff)(4)(ii). First, for the reasons
set forth in section III.B.3.e.ii of this preamble, we are replacing
the word ``primarily'' with ``predominantly'' so that the safe harbor
now requires the remuneration exchanged to be used predominantly to
engage in value-based activities that are directly connected to the
items and services for which the VBE has assumed (or has entered into a
written contract or value-based arrangement to assume within the next 6
months) substantial downside financial risk. Second, we are modifying
this requirement to provide that the remuneration exchanged pursuant to
a methodology for the assumption of risk does not need to meet this
condition if the remuneration is part of a value-based arrangement that
meets all other safe harbor conditions. That is, remuneration exchanged
between either a VBE and a payor (as a VBE participant) pursuant to a
methodology that meets the definition of ``substantial downside
financial risk,'' or between a VBE and a VBE participant (other than a
payor) pursuant to a methodology that meets the definition of
``meaningful share,'' need not be used predominantly to engage in
value-based activities that are directly connected to the items and
services for which the VBE is at substantial downside financial risk.
Lastly, we are clarifying that the items and services to which the
value-based activities must be directly connected are those for which
the VBE has assumed (or has entered into a written contract or value-
based arrangement to assume within the next 6 months) substantial
downside financial risk. This clarification is in recognition that
parties to a value-based arrangement may exchange remuneration during
the phase-in period when the VBE has not yet assumed substantial
downside financial risk but has entered into a written contract or
value-based arrangement to assume such risk within the next 6 months.
Comment: Some commenters expressed general concern that this
proposed requirement would be administratively burdensome, and at least
one commenter more specifically stated that it would be burdensome to
track how monetary remuneration is spent in order to ensure compliance
with this requirement. Another commenter suggested that this
requirement would preclude protection of remuneration in the form of
shared savings. These commenters appeared to request that OIG remove
this condition either in its entirety (thereby permitting parties to
use any remuneration protected under this safe harbor for any purpose
permissible under applicable law) or only with respect to monetary
remuneration or a subset of monetary remuneration, such as shared
savings and other performance-based payments. Alternatively, a
commenter asserted that OIG should treat certain payments, such as
bonus distributions and performance-based payments, as payments for the
past performance of activities directly connected to the items and
services for which the VBE is at risk.
Response: The commenters' concerns and recommendations appear to
stem from a perceived difficulty with tracking and monitoring the VBE
participant's use of the remuneration. In response to the commenter's
concerns, we are revising this requirement to include the following
modifier at the start of paragraph 1001.952(ff)(4)(i): Unless exchanged
pursuant to risk methodologies defined in paragraph (9)(i) or (ii).
With this modifier, monetary remuneration exchanged pursuant to a risk
methodology that meets the definition of ``substantial downside
financial risk'' or ``meaningful share,'' i.e., the risk methodologies
defined in paragraph 1001.952(ff)(9)(i) and (ii), does not need to be
used predominantly to engage in value-based activities. Because such
remuneration effectuates the assumption of risk required by the safe
harbor, it is appropriate to exempt this remuneration from the
requirement for remuneration to be used predominantly to engage in
value-based activities.
All other remuneration exchanged must be used predominantly to
engage in value-based activities that are directly connected to the
items and services for which the VBE has assumed substantial downside
financial risk. With respect to the commenters' concerns regarding
tracking another party's use of such remuneration, we emphasize that
the safe harbor does not require the offeror of remuneration to track
the recipient's use to determine whether such use is consistent with
the safe harbor requirement to predominantly use remuneration to engage
in value-based activities for the target patient population. We
recognize that all parties to the value-based arrangement would lose
safe harbor protection if the recipient fails to satisfy the
predominant use requirement, but we believe there are ways for an
offeror to protect itself against this risk, such as by including terms
in the signed writing requiring the recipient to use funds in a
particular manner. With respect to a commenter's concern that this
condition would preclude the protection of shared savings, this
condition, as finalized, would not preclude the protection of shared
savings, as long as the shared savings arrangement satisfies all of the
safe harbor's conditions.
We are not persuaded by the suggestion that we allow remuneration
to be used for any purpose permissible under applicable law. In order
to use this safe harbor, the parties must have formed a value-based
enterprise that has one or more value-based purposes. We believe that
requiring remuneration to be used predominately for value-based
activities associated with the target patient population is an
important mechanism to help ensure that the parties are working toward
these purposes.
Comment: Commenters stated that the requirement for parties to
exchange remuneration that is used to engage in value-based activities
that are ``directly connected'' to the items and services for which the
VBE has assumed (or has entered into a contract to assume within the
next 6 months) substantial downside financial risk could subject
parties seeking protection under this safe harbor to undue scrutiny
regarding what constitutes a direct connection.
Response: We believe parties are well-positioned to demonstrate
that the value-based activities they undertake have a direct connection
to the items and services provided to patients in the target patient
population. Pursuant to paragraph 1001.952(ff)(5) of the safe
[[Page 77767]]
harbor, the value-based activities must be set forth in writing, which
provides an opportunity for parties to document how such activities are
directly connected to the items and services for which the VBE is at
substantial downside financial risk.
By way of example, in a value-based arrangement where a VBE is at
risk for an episode of care involving hospital and post-acute care, if
the VBE furnishes or finances the provision of additional clinical
staff or social workers for use by both a VBE participant hospital and
a VBE participant skilled nursing facility, the clinical staff or
social workers must predominantly engage in value-based activities that
are directly connected to the items and services furnished during the
episode of care for which the VBE is at substantial downside financial
risk. In the OIG Proposed Rule, we provided an example involving a
target patient population undergoing hip replacement surgery to show
what it means to have a direct connection between the value-based
activities and items and services for the target patient population.
Using this same example under the final rule, if a VBE is at
substantial downside financial risk for the items and services provided
to patients in a target patient population undergoing hip replacement
surgery, the VBE could give a VBE participant money to hire a staff
member who predominately coordinates patients' transitions between care
settings after hip replacement surgery. The VBE could not give the VBE
participant money to hire a staff member who coordinates transitions
between care settings for patients undergoing an array of surgical
procedures other than hip replacement surgery.\53\
---------------------------------------------------------------------------
\53\ 84 FR 55694, 55718 (Oct. 17, 2019).
---------------------------------------------------------------------------
g. Direct Connection to Value-Based Purposes
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ff)(3)(ii) that the protected remuneration must be directly
connected to one or more of the VBE's value-based purposes, at least
one of which must be the coordination and management of care for the
target patient population.
Summary of Final Rule: We are finalizing, with modification, this
condition at paragraph 1001.952(ff)(4)(i). The final rule provides that
protected remuneration must be directly connected to at least one of
the three value-based purposes defined in paragraph
1001.952(ee)(13)(x)(A)-(C). Remuneration may advance more than one
value-based purpose.
We summarize and respond to comments specific to the substantial
downside financial risk safe harbor regarding this condition below. For
a more detailed discussion and a summary of the general comments
received regarding the requirement for a direct connection to the
coordination and management of care, as proposed in both the care
coordination arrangements safe harbor and this safe harbor, and our
responses, we refer readers to the care coordination arrangements safe
harbor section discussion at section III.B.3.h.
Comment: A commenter asserted that all payment arrangements
protected by this safe harbor should have as a value-based purpose a
focus on cost reduction and quality improvement.
Response: In the context of remuneration exchanged pursuant to
value-based arrangements where parties have met the requirements of the
definitions of ``substantial downside financial risk'' and ``meaningful
share,'' we recognize that it may be appropriate for parties to have
value-based purposes related to achieving appropriate cost reductions
or quality improvements. Accordingly, we are revising this condition to
provide parties additional options for remuneration to be directly
connected to at least one of three value-based purposes defined in
paragraph 1001.952(ee)(13)(x)(A)-(C). Remuneration must be directly
connected to one or more of the following value-based purposes: The
coordination and management of care for the target patient population;
improving the quality of care for the target patient population; and
appropriately reducing the costs to, or growth in expenditures of,
payors without reducing the quality of care for the target patient
population. Parties may choose to meet one or more of these three
value-based purposes to satisfy this condition. For a more detailed
discussion regarding these value-based purposes see section III.B.2.f.
h. Reductions in Medically Necessary Items or Services
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(ff)(3)(iii), we proposed to require that the remuneration
exchanged not induce the VBE participants to reduce or limit medically
necessary items or services furnished to any patient.
Summary of Final Rule: We are finalizing, with modification, this
condition at paragraph 1001.952(ff)(7)(iii). We are modifying the
condition to clarify that the value-based arrangement (not merely the
remuneration exchanged) may not induce the VBE or VBE participants to
reduce or limit medically necessary items or services furnished to any
patient. We summarize and respond to comments specific to the
substantial downside financial risk safe harbor regarding this
provision below. For a more detailed discussion and a summary of
additional comments received regarding this requirement, as proposed in
both the care coordination arrangements and substantial downside
financial risk safe harbors, and our responses, we refer readers to the
care coordination arrangements safe harbor discussion at section
III.B.3.e.iii.
Comment: Multiple commenters supported additional conditions to
safeguard against the risks of cherry-picking, lemon-dropping, and
stinting on care. For example, a commenter stated that the assumption
of downside financial risk presented a heightened risk for cherry-
picking patients, discharging highly complex, rare, or costly patients,
and stinting on care for patients with high medical needs. The
commenter appeared to recommend Federal Government oversight of value-
based arrangements to address these risks. Another commenter
recommended OIG formally monitor for cherry-picking or lemon-dropping
activities and eliminate eligibility for safe harbor protection for
parties inappropriately engaged in these activities.
Response: We acknowledge that assuming downside financial risk may
heighten the risks identified by the commenter. We believe that the
parameters created by the value-based definitions as well as the
safeguards in this safe harbor protect against such conduct. For
example, the definition of ``target patient population'' requires that
the VBE or its VBE participants identify the target patient population
using legitimate criteria, and criteria that seek to exclude costly or
noncompliant patients would not be legitimate. However, in response to
the comment that the nature of value-based arrangements, themselves,
can create incentives for stinting or cherry-picking, we are expanding
this prohibition to apply to not only the remuneration exchanged
between the parties but also all terms and conditions of a value-based
arrangement.
With respect to OIG's oversight, we anticipate that individuals and
entities that are part of a value-based enterprise will be subject to
OIG's program integrity and oversight activities to the same extent as
other individuals and entities that engage in Federal health care
program business.
[[Page 77768]]
i. Ownership or Investment Interests
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(ff)(3)(iv), we proposed that this safe harbor would not
protect an ownership or investment interest in the VBE or any
distributions related to an ownership or investment interest.
Summary of Final Rule: We are finalizing, without modification,
this condition and relocating it to paragraph 1001.952(ff)(4)(iii).
Comment: A few commenters opposed this condition. For example, a
commenter asserted that some potential participants may not be
comfortable investing in a VBE where such investment is unprotected by
safe harbors and therefore may avoid involvement in otherwise
beneficial substantial downside financial risk arrangements. Another
commenter urged OIG to clarify that it was not our intent to prohibit
VBE participants from establishing a corporate structure for a VBE in
which the participants may receive an equity interest, stating that,
without such a clarification, the safe harbor would unnecessarily
restrict the ability of individuals and entities to dictate the
corporate structure of VBEs they create.
Response: We do not view protection for ownership or investment
interests as fundamental to removing barriers to parties entering into
value-based arrangements and are not protecting them under this safe
harbor. Parties seeking to protect a particular ownership or investment
interest may look to other safe harbors (e.g., the safe harbor for
investment interests, paragraph 1001.952(a), which protects certain
investment interests if all requirements of the safe harbor are met),
and the advisory opinion process remains available.
j. Remuneration From Individuals or Entities Outside the Applicable VBE
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(ff)(3)(v), we proposed that the safe harbor would not protect
remuneration funded, or otherwise resulting from contributions, by an
individual or entity outside of the applicable VBE.
Summary of Final Rule: We are not finalizing this condition.
Comment: A commenter asserted that imposing this requirement would
inhibit contributions or funding by an affiliate of a VBE or a VBE
participant (e.g., a parent organization). Another commenter suggested
OIG permit ``outside'' donations under the substantial downside
financial risk safe harbor when the donation would benefit a VBE's
patients and the third-party donor would have no direction or control
over how the funds would be spent.
Response: We are not finalizing this condition because of concerns
that it may be unduly prescriptive and for the reasons described at
section III.3.e.iv related to the similar proposal for the care
coordination arrangements safe harbor. However, the exchange of
remuneration between parties other than the VBE and a VBE participant
(e.g., remuneration exchanged between a third-party donor and a VBE
participant or a VBE) would not be protected by this or any value-based
safe harbor. Similarly, in the circumstances presented by the
commenter, we would not view contributions or funding from an affiliate
of a VBE (that is not a VBE participant) to that VBE as qualifying for
protection under this or any value-based safe harbor. However, under
this final rule, the mere fact that an affiliate of a VBE exchanges
remuneration with that VBE would not preclude safe harbor protection
for value-based arrangements between that VBE and its VBE participants.
Comment: A commenter requested that we address how the exclusion of
safe harbor protection for remuneration funded, or otherwise resulting
from contributions, by an individual or entity outside of the
applicable VBE would operate where a VBE sought to enter into a value-
based arrangement with a payor that was not, itself, a VBE participant.
Response: As noted above, we are not finalizing the proposed
condition. For purposes of the value-based safe harbors, we are
finalizing a definition of ``value-based arrangement'' in paragraph
1001.952(ee)(14)(vii) that requires the arrangement to be only between
or among the VBE and one or more of its VBE participants or between or
among VBE participants in the same VBE.
However, the modification explained in section III.B.4.d above,
addresses the commenter's concern regarding assuming risk from a payor
that is not a VBE participant. In that section, we explained that,
while a payor could opt to be a VBE participant, it need not do so in
order for a VBE to contract to assume substantial downside financial
risk from a payor. However, unless the payor is a VBE participant, this
safe harbor would not protect the remuneration exchanged between the
payor and the VBE.
k. Writing
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(ff)(4), we proposed that the terms of the value-based
arrangement must be set forth in a signed writing that contains, among
other information, a description of the nature and extent of the VBE's
substantial downside financial risk for the target patient population
and a description of the manner in which the recipient meaningfully
shares in the VBE's substantial downside financial risk.
Summary of Final Rule: We are finalizing, with modifications, this
condition at paragraph 1001.952(ff)(5). The modifications are based on
public comments. First, parties must document the manner in which the
VBE assumes risk from a payor and the VBE participant assumes a
meaningful share of such risk. Second, the writing requirement can be
satisfied by a collection of documents. Third, we are not requiring
documentation of the offeror's costs. Fourth, the writing must be
established in advance of, or contemporaneous with, the commencement of
the value-based arrangement ``and any material change,'' instead of
``or any material change.'' Thus, the initial terms of the value-based
arrangement must be set forth in the signed writing, in advance of, or
contemporaneous with the commencement of the arrangement, and any
material change to the value-based arrangement also must be set forth
in the signed writing in advance of, or contemporaneous with the
commencement of the material change. As with the similar modification
we are making to the writing requirement in the care coordination
arrangements safe harbor, these are the logical junctures where the
writing requirement particularly serves its transparency purposes. Our
proposed regulatory text did not make clear that the writing was needed
at both junctures; our modifications more clearly express that policy.
This writing requirement does not apply to the contracts between a
payor and a VBE in circumstances where the payor is not a VBE
participant. Such contracts would not constitute value-based
arrangements, subject to this condition. However, as set forth in
paragraph 1001.952(ff)(2), such contracts must be in writing.
For further discussion of the general comments we received
regarding a writing requirement in the value-based safe harbors, we
refer readers to section III.B.3.d discussing the writing requirement
for purposes of the care coordination arrangements safe harbor; in this
section, we respond only to the comments specific to the proposed
substantial downside financial risk safe harbor's writing requirement.
[[Page 77769]]
Comment: A commenter recommended that OIG revise this condition of
the substantial downside financial risk safe harbor to remove the
requirement that parties specify the type and the offeror's cost of the
remuneration. The commenter stated that the offeror's cost is not
material to the arrangement because the safe harbor does not include a
contribution requirement and, furthermore, may be difficult to
determine.
Response: We agree and are removing the requirement that the
parties include the offeror's costs in the writing.
l. Does Not Take Into Account the Volume or Value of, or Condition
Remuneration on, Business or Patients Not Covered Under the Value-Based
Arrangement
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(ff)(5), we proposed that the VBE or VBE participant offering
the remuneration could not take into account the volume or value of, or
condition the remuneration on, referrals of patients outside of the
target patient population or business not covered under the value-based
arrangement. This safeguard is identical to that proposed for the care
coordination arrangements safe harbor.
Summary of Final Rule: We are finalizing this condition, without
modification and relocating it to paragraph 1001.952(ff)(6). For a more
detailed discussion and a summary of our responses to the comments
received on this condition and our rationale for finalizing it, we
refer readers to the care coordination arrangements safe harbor
discussion at III.B.3.f. Comments received on this topic addressed the
condition as it applied to the value-based safe harbors generally; we
did not receive separate comments on this condition specific to this
safe harbor.
m. Preserving Clinical Decision-Making
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(ff)(6)(i), we proposed that value-based arrangements must not
limit VBE participants' ability to make decisions in the best interests
of their patients. In addition, at proposed paragraph
1001.952(ff)(6)(ii) we proposed that value-based arrangements cannot
direct or restrict referrals to a particular provider, practitioner, or
supplier if: (i) A patient expresses a preference for a different
practitioner, provider, or supplier; (ii) the patient's payor
determines the provider, practitioner, or supplier; or (iii) such
direction or restriction is contrary to applicable law or regulations
under titles XVIII and XIX of the Act. We proposed to interpret this
condition consistent with the parallel condition proposed for the care
coordination arrangements safe harbor.
Summary of Final Rule: We are finalizing, with modification, the
proposed condition that the value-based arrangement must not limit the
VBE participant's ability to make decisions in the best interests of
its patients at paragraph 1001.952(ff)(7)(i). We are making a technical
correction to change ``their patients'' to ``its patients.'' We also
are finalizing, with modification, the condition related to directing
or restricting referrals, at paragraph 1001.952(ff)(7)(ii). We are
deleting ``or regulations'' from the proposed provision because
regulations are captured by the term ``applicable law.''
For a more detailed discussion, summaries of comments we received
regarding this requirement, as proposed in each of the value-based safe
harbors, and our responses, we refer readers to the discussion of this
condition in the care coordination arrangements safe harbor at section
III.B.3. Below we discuss the comments we received on this condition
specific to the proposed substantial downside financial risk safe
harbor.
Comment: A commenter requested that OIG clarify how this
requirement would apply to an arrangement involving patients who are
covered by managed care payors, where patient preferences are likely to
be limited.
Response: If a managed care payor determines the providers,
practitioners, or suppliers from whom patients may seek health care
items and services under a managed care plan, then the value-based
arrangement could not direct or restrict referrals to a particular
provider, practitioner, or supplier in a contrary manner.
n. Materials and Records
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(ff)(7), we proposed to require that the VBE or its VBE
participants make available to the Secretary, upon request, all
materials and records sufficient to establish compliance with the
conditions of the safe harbor. We solicited comments regarding whether
we should require parties to maintain materials and records for a set
period of time (e.g., at least 6 years or 10 years).
Summary of Final Rule: We are finalizing, with modification, the
materials and records requirement. We are specifying that, for a period
of at least 6 years, the VBE or its VBE participants must maintain
records and materials sufficient to establish compliance with the
conditions of the safe harbor.
This requirement will promote transparency and facilitate alignment
with CMS's parallel value-based exception. For a more detailed
discussion and a summary of and responses to the comments received
about the records requirement, as proposed in each of the value-based
safe harbors, we refer readers to the discussion of this condition in
the care coordination arrangements safe harbor at section III.B.3.n.
Comments received on this topic addressed the requirement as it applied
to the value-based safe harbors generally; we did not receive separate
comments on this requirement specific to this safe harbor.
o. Marketing of Items or Services or Patient Recruitment Activities
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(ff)(6)(iii) a condition to bar protection for remuneration
exchanged pursuant to value-based arrangements that include marketing
to patients of items or services or engaging in patient recruitment
activities. We proposed to interpret this condition consistent with our
interpretation of the same proposed requirement in the care
coordination arrangements safe harbor.
Summary of Final Rule: We are finalizing this requirement, with
modifications and relocating it to paragraph 1001.952(ff)(4)(v). As
with the care coordination arrangements safe harbor, rather than
prohibiting all marketing and patient recruitment activities, we are
modifying this provision to prohibit the exchange of remuneration for
the purpose of marketing items or services furnished by the VBE or VBE
participants to patients or for the purpose of patient recruitment
activities. Comments received on this topic addressed the requirement
as it applied to the value-based safe harbors generally; we did not
receive separate comments on this requirement specific to this safe
harbor. Consequently, we refer readers to the discussion in section
III.B.3.j of this condition in the care coordination arrangements safe
harbor for a summary of applicable comments, our responses, and a more
detailed discussion of this standard, including our rationale for the
modification being made.
p. Downstream Arrangements
Summary of OIG Proposed Rule: We proposed to protect only
remuneration exchanged between a VBE and a VBE participant at paragraph
1001.952(ff).
Summary of Final Rule: We are finalizing, without modification, the
requirement that the exchange of remuneration be between the VBE and
[[Page 77770]]
a VBE participant in the introductory paragraph of 1001.952(ff).
Comment: A commenter agreed with our proposal to limit this safe
harbor to remuneration exchanged solely between the VBE and a VBE
participant and acknowledged the potential fraud and abuse risks
inherent in downstream arrangements where a contracting party has
assumed little or no financial risk. However, the majority of
commenters advocated for extending safe harbor protection to
remuneration that passes between and among VBE participants, or between
VBE participants and downstream contractors. A commenter stated that
downstream arrangements are essential to facilitating care coordination
efforts, while another commenter asserted that requiring a VBE
participant to meaningfully share in the VBE's substantial downside
financial risk appropriately curtails any fee-for-service incentives. A
commenter posited that this requirement would result in value-based
activities being inefficiently routed through the VBE, and another
commenter questioned why this safe harbor only protects remuneration
between a VBE and VBE participant when the care coordination
arrangements safe harbor more broadly protects remuneration between a
VBE and a VBE participant or between VBE participants.
Response: We did not propose to protect arrangements where
remuneration is passed from one VBE participant to another VBE
participant or from a VBE participant to a downstream contractor. In
this final rule, we are limiting safe harbor protection to the exchange
of remuneration between the VBE and a VBE participant for which the
combination of safe harbor conditions was designed. This safe harbor
provides greater regulatory flexibility than the care coordination
arrangements safe harbor, and as a result, we decline to extend safe
harbor protection to downstream financial arrangements to which the VBE
is not a party and that may not include all of the safeguards required
by this safe harbor, including requirements related to the assumption
of downside financial risk. A VBE participant seeking to exchange
remuneration with another VBE participant may look to the care
coordination arrangements safe harbor or other safe harbors, such as
the personal services and management contracts and outcomes-based
payments safe harbor.
Comment: A commenter expressed concern that limiting safe harbor
protection to remuneration exchanged between the VBE and a VBE
participant would be unworkable if the applicable VBE were comprised of
an informal network of individuals and entities (versus a separate
legal entity). In particular, the commenter seemed to believe that, in
such circumstances, the VBE participants would not be able to protect
any remuneration using this safe harbor.
Response: This safe harbor requires that a VBE assume substantial
downside financial risk for certain items and services provided to the
target patient population. In circumstances where the VBE is not a
formal legal entity, but rather is comprised of a network of VBE
participants, a single VBE participant may act on behalf of the VBE to
contract or enter into a value-based arrangement with a payor to assume
substantial downside financial risk. In such circumstances, this safe
harbor could protect the exchange of remuneration between the VBE
participant acting on behalf of the VBE and other VBE participants. We
note that, while different VBE participants may act on behalf of the
VBE at different times during the term of the value-based arrangement,
only remuneration between a VBE participant acting on behalf of the VBE
and another VBE participant may be protected. The safe harbor would not
protect remuneration exchanged between two VBE participants, neither of
whom are currently acting on behalf of the VBE.
q. Possible Additional Safeguards
Summary of OIG Proposed Rule: We stated in the preamble to the OIG
Proposed Rule that we were considering adopting specified additional
safeguards in the final rule, including a commercial reasonableness
requirement, a monitoring standard, a cost-shifting prohibition, and a
requirement to submit information to the Department regarding the VBE,
the VBE participants, and the value-based arrangement.
Summary of Final Rule: We are not finalizing these proposed
conditions. Upon further consideration, we do not consider them
necessary to mitigate fraud and abuse risk given the overall structure
and totality of conditions in the final safe harbor.
Comment: We received a variety of comments regarding potential
additional safeguards in the substantial downside financial risk safe
harbor. A commenter opposed the addition of a commercial reasonableness
requirement, asserting that it would be inconsistent with CMS's similar
exception and potentially would chill innovation where parties have
assumed downside risk. Several commenters suggested including
additional transparency requirements for patients. A commenter
recommended that we include a prohibition on inappropriate cost
shifting to Federal health care programs. A few commenters suggested
that OIG require objective and quantifiable outcome measures to show
the remuneration exchanged enhances patient outcomes. Another commenter
urged us to include a termination provision similar to that in the care
coordination arrangements safe harbor.
Response: We are not imposing a commercial reasonableness
requirement in this safe harbor in recognition of the VBE and its VBE
participants assuming substantial downside financial risk. We believe
the assumption of downside financial risk helps to ensure that the
remuneration is exchanged in order to achieve value-based purposes
rather than to pay for referrals, which is at the core of the
commercial reasonableness standard in other safe harbors. We did not
propose patient transparency or notice requirements and are not
including such conditions in this final rule. While parties may choose
to provide patient notifications, such a condition in the safe harbor
would not add appreciable additional protection against payments for
referrals. We also are not including a cost-shifting prohibition, in
recognition that the assumption of substantial downside financial risk
is intended to drive a reduction in costs, which may include Federal
health care program costs.
While parties may include termination provisions or outcome measure
requirements as part of their value-based arrangements, we are not
requiring these terms as a condition of the safe harbor.
5. Value-Based Arrangements With Full Financial Risk (42 CFR
1001.952(gg))
Summary of OIG Proposed Rule: We proposed at paragraph 1001.952(gg)
a full financial risk safe harbor that would protect remuneration
exchanged between a VBE and a VBE participant pursuant to a value-based
arrangement where the VBE has assumed, or is contractually obligated to
assume within the next 6 months, full financial risk, as set out at
proposed paragraph 1001.952(gg)(1). We proposed to define ``full
financial risk'' at proposed paragraph 1001.952(9)(i) to mean that
``the VBE is financially responsible for the cost of all items and
services covered by the applicable payor for each patient in the target
patient population and is prospectively paid by the applicable payor.''
We proposed that the full financial risk safe harbor would include
certain safeguards, such as requirements that:
[[Page 77771]]
(i) The VBE have a signed writing with the payor that specifies the
target patient population and terms evidencing full financial risk
(proposed paragraph 1001.952(gg)(1)); (ii) the parties have a signed
writing that specifies the material terms of the value-based
arrangement (proposed paragraph 1001.952(gg)(2)); and (iii) the VBE
participant not claim payment from a payor (proposed paragraph
1001.952(gg)(3)). Further, we proposed at paragraph 1001.952(gg)(4)
that the remuneration exchanged be used primarily to engage in value-
based activities; be directly connected to one or more of the VBE's
value-based purposes, at least one of which must be the coordination
and management of care for the target patient population; not induce
reductions or limitations of medically necessary care; and not be
funded by outside contributions. At proposed paragraph 1001.952(gg)(5),
we proposed a restriction on taking into account the volume or value of
business outside the value-based arrangement, and at proposed paragraph
1001.952(gg)(6), we proposed that the VBE provide or arrange for an
operational utilization review program and quality assurance program.
At proposed paragraph 1001.952(gg)(7), we proposed a restriction on
marketing and patient recruitment, and at proposed paragraph
1001.952(gg)(8), we proposed a requirement to make available materials
and records to the Secretary.
Summary of Final Rule: We are finalizing, with modifications, the
safe harbor at paragraph 1001.952(gg). We are modifying the definition
of ``full financial risk'' at paragraph 1001.952(gg)(10)(ii) to require
the VBE to be at risk on a prospective basis for the cost of all items
and services covered by the applicable payor for each patient in the
target patient population for a term of at least 1 year. We are
defining ``prospective basis'' at paragraph 1001.952(gg)(10)(ii) to
mean the VBE has assumed financial responsibility for the cost of all
items and services covered by the applicable payor prior to the
provision of items and services to patients in the target patient
population.
We are finalizing the proposed safeguards, with some modifications
at paragraphs 1001.952(gg)(2)-(8), as explained in more detail in the
topical discussions below. In addition, we have added a list of
entities ineligible to use the safe harbor at paragraph 1001.952(gg)(1)
for the reasons set forth in the discussion of the definition of ``VBE
participant'' at section III.B.2.e.
a. General Comments
Comment: While some commenters expressed support for this proposed
safe harbor, multiple commenters conveyed their concerns that this safe
harbor may have limited application. For example, some commenters noted
that the proposed safe harbor requirements, including the definition of
``full financial risk,'' would limit the safe harbor to only large
integrated delivery systems capable of providing nearly all Medicare
and Medicaid covered services to a target patient population and would
disadvantage small and rural practices and practices serving
underserved areas. Other commenters highlighted a potential
intersection between certain state insurance and licensure laws and the
proposed safe harbor requirements that could, according to the
commenters, limit the availability of safe harbor protection only to
those entities that could comply with such state laws, some of which
may require a VBE to be licensed as a health care services plan. To
address this issue, a commenter requested revisions to the proposed
safe harbor to make safe harbor protection available to advanced, risk-
bearing provider networks in states with such licensure requirements.
Response: We designed this safe harbor to provide significant
flexibility under the Federal anti-kickback statute in light of the
level of financial risk assumed by the parties. We crafted the ``full
financial risk'' definition, as well as the conditions of this safe
harbor, to balance the additional flexibilities under the anti-kickback
statute with appropriate safeguards against both risks associated with
fee-for-service payment systems, such as overutilization and skewed
decision-making, and risks present in risk-based arrangements,
including stinting on care (underutilization), cherry-picking lucrative
or adherent patients, and lemon-dropping costly or noncompliant
patients. We believe that the definition of ``full financial risk,''
combined with the conditions of this safe harbor, appropriately balance
the flexibilities afforded by this safe harbor with any identified
program integrity risks.
We understand that there currently are a limited number of
providers assuming the level of risk required by this safe harbor. The
purpose of implementing a full financial risk safe harbor is to remove
one potential barrier to providers taking on more risk and having
additional financial incentives to coordinate care. Providers assessing
whether they can move to full financial risk in the future can consider
this safe harbor and the flexibilities it offers under the Federal
anti-kickback statute as one factor in that determination. There are
other factors that parties would consider in the decision to assume a
higher level of risk, including some considerations raised by the
commenters. While safe harbors cannot address all factors that may
prohibit a provider from taking on full financial risk, this safe
harbor is designed to encourage more providers to do so. We also note
that this safe harbor conditions protection on the VBE assuming full
financial risk from the payor for the items and services. It does not
require the VBE to assume other functions from the payor, such as
enrollment, grievance and appeals, solvency standards, and other
administrative functions performed by payors.
We recognize that some states may have laws that limit providers
and other health care entities from taking on full financial risk
unless they form licensed health care plans or meet other licensure
requirements. We have attempted to create significant flexibility under
the Federal anti-kickback statute while recognizing that parties still
must comply with applicable state laws. For example, this safe harbor
provides flexibility around how the VBE assumes full financial risk
from a payor. Such flexibilities provide payors, VBEs, and VBE
participants with options to structure arrangements that are consistent
with the safe harbor and state laws. Nothing in these safe harbors
preempts any applicable state law (unless such state law incorporates
the Federal law by reference). Other safe harbors may be available to
parties unable--by virtue of any state law requirements--to structure
an arrangement that satisfies the conditions of this safe harbor.
Comment: A commenter suggested that we consider a new safe harbor
or a fraud and abuse waiver for Medicare Advantage plans testing value-
based arrangements. The commenter asserted that such a safe harbor or
waiver would allow entities not otherwise eligible for protection under
the value-based safe harbors to participate in value-based
arrangements.
Response: We did not propose a safe harbor or a fraud and abuse
waiver specific to Medicare Advantage plans, and thus we are not
finalizing such safe harbor or waiver in this final rule. This safe
harbor may be available to protect remuneration exchanged under certain
Medicare Advantage plan arrangements, provided the plan enters into a
contract or a value-based arrangement with a VBE pursuant to which the
VBE assumes full financial risk from the
[[Page 77772]]
plan. We also note that there may be other existing safe harbors not
modified by this final rule that are available to protect financial
arrangements involving a Medicare Advantage plan, such as paragraphs
1001.952(t) and (u), and the advisory opinion process remains
available.
Comment: While a commenter expressed support for OIG's and CMS's
consistent definitions of full financial risk, others requested that
OIG finalize a full financial risk safe harbor that further aligns with
CMS's parallel full risk exception. These commenters generally urged
OIG and CMS to impose the same risk thresholds and requirements for
purposes of the full financial risk safe harbor and the CMS full risk
exception.
Response: As with the OIG Proposed Rule, in this final rule, we
have endeavored to align our full financial risk safe harbor to the
greatest extent possible with CMS's full risk exception. The definition
of ``full financial risk'' we are finalizing is more closely aligned
with the definition of ``full financial risk'' that CMS is finalizing
in its full risk exception. However, reflecting statutory differences
that exist between the Federal anti-kickback statute and the physician
self-referral law, explained further in section III.A.1, the full
financial risk safe harbor differs from CMS's full risk exception. For
example, in recognition of the statutory differences between the two
laws, the safe harbor includes conditions that differ from those in
CMS's parallel exception, such as the requirement that the value-based
arrangement be set forth in writing and that the VBE provide or arrange
for a quality assurance program for services furnished to the target
patient population.
b. Definitions
i. Full Financial Risk
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(9)(i) that a VBE would be at ``full financial risk'' for
the cost of care of a target patient population if the VBE is
financially responsible for the cost of all items and services covered
by the applicable payor for each patient in the target patient
population and is prospectively paid by the applicable payor.
Summary of Final Rule: We are finalizing, with modifications, a
definition of ``full financial risk'' at paragraph 1001.952(gg)(9)(i).
The modifications, based on public comments, provide parties with
additional flexibility in the manner in which the VBE assumes risk from
the applicable payor. The definition of ``full financial risk'' now
requires the VBE to be at risk on a prospective basis for the cost of
all items and services covered by the applicable payor for each patient
in the target patient population for a term of at least 1 year.
``Prospective basis,'' as defined at paragraph 1001.952(gg)(9)(ii),
means the VBE has assumed financial responsibility for the cost of all
items and services covered by the applicable payor prior to the
provision of items and services to patients in the target patient
population.
Comment: While at least one commenter supported the definition of
``full financial risk,'' as proposed, the vast majority of commenters
recommended that we revise the definition to encompass arrangements
where the VBE assumes risk for less than all of the items and services
covered by the applicable payor. For example, many commenters
recommended that the VBE be required to have risk only for
``substantially all'' items and services furnished to the target
patient population, which commenters suggested could be defined as 75
percent of such items and services. Other commenters requested that
full financial risk include assuming risk for a much more specifically
defined set of services (e.g., hospital inpatient and outpatient care
or ongoing services related to breast care). Other commenters asked OIG
to carve out certain high-cost or specialty items and services (e.g.,
organ transplants or pharmacy benefits) or new technologies that were
not incorporated into rate calculations from the scope of items and
services for which a VBE must be at risk.
Some commenters requested that the definition of ``full financial
risk'' include risk only for all of the items and services required to
treat a particular disease or condition or an episode of care (e.g.,
risk for all of the items and services required to treat diabetes for
patients with diabetes in the target patient population or an episode
of care for a knee replacement). Another commenter asked OIG to permit
partial capitation arrangements and, lastly some commenters contended
that full financial risk should include risk for only the items and
services to which the remuneration relates. Many of these commenters
asserted that VBE participants would still be incentivized to maximize
quality and efficiency of care even where the VBE assumes risk for less
than all items and services provided to the target patient population
by the applicable payor.
Response: We are finalizing a definition of ``full financial risk''
that requires the VBE to be at risk on a prospective basis for the cost
of all items and services covered by the applicable payor for each
patient in the target patient population for a term of at least 1 year.
We decline to extend safe harbor protection under this safe harbor
where a VBE has assumed risk for only a subset of items and services,
such as for 75 percent of items and services, for all items and
services except certain high-cost or specialty items and services, or
for only the items and services to which the remuneration relates,
although we note that the substantial downside financial risk safe
harbor may be available for such arrangements. Additionally, a VBE
could assume full financial risk for patients with a particular disease
condition (e.g., patients with diabetes) by selecting a target patient
population comprised only of patients with diabetes, but the VBE must
cover all items and services for those patients. Therefore, while a VBE
must be at risk for all items and services furnished to the target
patient population, the VBE can limit the number of patients for whom
it assumes full financial risk through its selection of the target
patient population, as long as the VBE selects the target patient
population using legitimate and verifiable criteria, among other
requirements.
In light of the significant flexibility we are offering under this
safe harbor, we believe the risk level we are requiring for VBEs is
necessary to reduce traditional fraud and abuse concerns associated
with payment systems that incorporate, in whole or in part, fee-for-
service reimbursement methodologies. While we appreciate the challenges
associated with assuming risk for certain high-cost or specialty items
and services or new technologies, VBEs may address such challenges
through arrangements to protect against catastrophic losses, such as
risk-adjustment or reinsurance agreements, without losing safe harbor
protection.
Comment: Some commenters asked OIG to clarify whether the VBE and
its VBE participants can collectively be at risk for items and services
to the target patient population, such as by each VBE participant being
at risk only for the services it provides.
Response: A value-based enterprise is a collection of two or more
VBE participants. As such, some or all of the VBE participants that
comprise the VBE can combine their respective risk to satisfy the
definition of ``full financial risk'' as long as the VBE participants'
collective risk amounts to risk for all items and services covered by
the
[[Page 77773]]
applicable payor for the target patient population.
Comment: A physicians' trade organization expressed concern that
smaller practices that attempt to assume too much risk could result in
the closures of community practices and consolidation. Another
commenter highlighted that there may be substantial up-front
investments that can strain any physician practice's limited resources
but can be particularly challenging for small, rural, or underserved
practices with smaller patient pools to spread risk.
Response: We recognize that the full financial risk safe harbor
requires a level of risk that many in the health care industry may not
currently be able to assume. For parties seeking protection for
remuneration exchanged pursuant to risk arrangements requiring a lower
level of risk, the substantial downside financial risk safe harbor or
the care coordination arrangements safe harbor may be available. This
safe harbor does not require small, rural, or community practices or
practices serving underserved populations to assume full financial risk
or make substantial up-front investments on their own. Parties have
flexibility in establishing a VBE, which must have at least two VBE
participants but can have any number of additional VBE participants. We
believe the ``VBE participant'' definition and the safe harbors in this
final rule provide small, rural, and community practices and practices
serving underserved populations options to enter into arrangements to
assume higher levels of risk without having to integrate practices or
become part of a larger health care system.
Further, we believe that establishing a VBE with other providers,
either similarly situated entities or larger entities, could help
practices (including small, rural, and community practices) take on
more risk and mitigate potential financial shocks. As value-based
arrangements continue to proliferate, we believe there may be
opportunities for these types of practices to form VBEs, take on risk,
and potentially have success in reducing costs and coordinating care.
Comment: Commenters requested that the definition of ``full
financial risk'' expressly include payments based on global budgets, as
well as capitation and other alternative payment methodologies.
Response: While the definition of ``full financial risk'' does not
expressly list global budget or capitation payment methodologies as
permissible payment methodologies, we confirm that such prospective
payment methodologies would satisfy the definition of ``full financial
risk'' as long as the global budget or capitation payments covered the
cost of all items and services covered by the applicable payor for the
target patient population for a term of at least 1 year. Without
additional detail related to the alternative payment methodologies
referenced by the commenter, we are unable to opine on whether such
payment methodologies would meet the definition of ``full financial
risk.'' Parties also may request an advisory opinion from OIG to
determine whether an arrangement meets the definition of ``full
financial risk'' and the conditions of the full financial risk safe
harbor or is otherwise sufficiently low risk under the Federal anti-
kickback statute to receive prospective immunity from administrative
sanctions by OIG.
Comment: A commenter requested that OIG explain why the proposed
definition of ``full financial risk'' required that the payor
prospectively pay the VBE.
Response: We proposed a definition of ``full financial risk'' that
required prospective payment, and we stated in the OIG Proposed Rule
that we interpreted ``prospective'' to mean the anticipated cost of all
items and services covered by the applicable payor for the target
patient population had been both determined and paid in advance (as
opposed to billing under the otherwise applicable payment systems and
undergoing a retrospective reconciliation after items and services have
been furnished). In this final rule, we are revising the definition of
full financial risk to require risk on a prospective basis and defining
``prospective basis'' to mean the VBE has assumed financial
responsibility for the cost of all items and services covered by the
applicable payor prior to the provision of items and services to
patients in the target patient population. As such, the VBE no longer
needs to be prospectively paid by the applicable payor prior to the
provision of items and services to each patient in the target patient
population. Instead, the VBE must simply assume financial
responsibility prior to the provision of items and services.
We are requiring the assumption of risk on a prospective basis not
only in recognition of the additional flexibilities under the Federal
anti-kickback statute that this safe harbor affords but also because
risk assumption can serve to limit the potential harms that may result
from financial incentives inherent to fee-for-service payments systems,
such as overutilization and skewed medical decision-making. For
example, if providers know the amount of reimbursement they will
receive for providing items and services to the target patient
population before providing such items and services, then the providers
may be less likely to order excessive tests or otherwise provide
unnecessary items and services to the patients.\54\
---------------------------------------------------------------------------
\54\ Mark W. Friedberg, Peggy C. Chen, Chapin White et al.,
Effects of Health Care Payment Models on Physician Practice in the
United States, RAND Corporation (2015); K. John McConnell, Stephanie
Renfro, Richard C. Lindrooth et al., Oregon's Medicaid Reform And
Transition To Global Budgets Were Associated With Reductions In
Expenditures, Health Affairs (Mar. 2017); James C. Robinson, Stephen
M. Shortnell et al., Quality-Based Payment for Medical Groups and
Individual Physicians, INQUIRY: The Journal of Health Care
Organization, Provision, and Financing (May 2009).
---------------------------------------------------------------------------
Comment: We received various comments regarding how a payor could
transfer risk to the VBE. For example, a commenter requested
confirmation that the payor and VBE could engage in retrospective
reconciliations. Another commenter asserted that OIG should add
language to the safe harbor stating that risk, both at the enterprise
level and at the VBE participant level, can be through front-end
withholds or dues assessments and need not be through a back-end
repayment. A commenter further asked whether, as long as the payment
covers a particular period, the payor could pay the VBE at the end or
in the middle of the coverage period.
Response: Under the revised definition of ``full financial risk,''
a payor could pay the VBE at any point in the coverage period and
engage in retrospective reconciliations, as long as the VBE has assumed
full financial risk for a term of at least 1 year prior to the
provision of items and services to patients in the target patient
population. We also are not dictating the manner in which the VBE
exchanges remuneration with VBE participants, so a VBE could impose
front-end withholds or dues assessments on VBE participants.
Comment: A commenter asserted that the OIG Proposed Rule's proposed
definition of ``full financial risk'' allowed a payor to make payments
to physician practices to offset losses that the practices incurred.
Response: This safe harbor would not protect payments from a payor
to a physician practice that is a VBE participant to offset losses the
practice incurred because the safe harbor prohibits a VBE participant
from claiming payment in any form from a payor for the items and
services covered under the value-based arrangement. In other words,
under the terms of this safe harbor, the VBE must assume full financial
risk for the cost of all items
[[Page 77774]]
and services covered by the applicable payor; this means that any
claims submitted to a payor by a VBE participant related to such items
and services--including a claim for payment to offset losses incurred--
would fail this requirement. The VBE, however, may enter into
reinsurance or other risk-adjustment arrangements and could address
losses incurred by VBE participants by using reinsurance payments, for
example, to reimburse VBE participants for such losses.
Comment: Many commenters appreciated OIG's position that the
definition of ``full financial risk'' would not prohibit a VBE from
entering into arrangements to protect against catastrophic losses.
Multiple commenters requested guidance on the risk mitigation terms
that full-risk arrangements can include while satisfying the
requirements of the safe harbor, including whether there is a
particular threshold on the amount of loss coverage. A commenter
specifically asked whether incentive arrangements requiring stop-loss
protection to meet existing physician incentive regulations in Federal
health care programs would qualify as protecting against catastrophic
losses under the full financial risk safe harbor.
Response: We are not imposing a specific limit on the amount of
loss coverage a VBE may have, but as we stated in the OIG Proposed
Rule, we would expect any stop-loss or other risk adjustment
arrangements to act as protection for the VBE against catastrophic
losses and not as a means to shift material financial risk back to the
payor. Whether stop-loss protection required by the existing physician
incentive regulations would be appropriate stop-loss protection for a
VBE assuming risk pursuant to this safe harbor may depend on a number
of factors, including the structure of the VBE, scope of the target
patient population, and items and services covered by the applicable
payor.
Comment: A commenter expressed concern that, because the proposed
definition of ``full financial risk'' requires the assumption of risk
for the cost of all items and services covered by the applicable payor,
it would by default necessitate the involvement of hospitals as VBE
participants. The commenter appeared to believe that this would lead to
further consolidation of the health care industry.
Response: It is not the intent of this rule to foster industry
consolidation. Rather, this rule aims to increase options for parties
to create a range of innovative arrangements eligible for safe harbor
protection. The safe harbor does not require all parties providing
items and services to the target patient population to be VBE
participants and thus does not require the VBE to enter into value-
based arrangements with all such parties. For example, a VBE may enter
into a services contract with a hospital that is not a VBE participant
for the provision of items and services to the target patient
population, although we note that the VBE must be at risk from the
payor for the items and services provided by such hospital to the
target patient population.
Accordingly, we do not view a hospital's participation in a value-
based arrangement as a driver of industry consolidation; rather, we
view the voluntary nature of a hospital's participation, as well as the
voluntary participation of all other individuals or entities in a
value-based arrangement, as facilitating collaboration and the
transition to value-based care. Individuals and entities are not
required to integrate their practices or corporations to meet the
definition of ``VBE,'' to be a VBE participant, or to rely on this safe
harbor. These definitions provide individuals and entities flexibility
to determine how best to structure a VBE and the associated value-based
arrangements to meet value-based purposes. VBEs and VBE participants
that assume full financial risk from a payor and enter into value-based
arrangements that meet the conditions of this safe harbor likely
require different, more closely coordinated arrangements than VBEs and
VBE participants that rely on the care coordination arrangements safe
harbor. However, both sets of entities have flexibility to determine
with what types of VBE participants to work and what types of
arrangements work best.
ii. Items and Services
Summary of OIG Proposed Rule: We proposed to define ``items and
services'' at paragraph 1001.952(gg)(9)(ii) as having the same meaning
as that set forth in paragraph 1001.952(t)(2)(iv).
Summary of Final Rule: We are finalizing, with modification, the
proposed definition of ``items and services'' at paragraph
1001.952(gg)(9)(iii) to mean health care items, devices, supplies, and
services.
Comment: A commenter expressed concern that the proposed definition
of ``items and services'' would inadvertently exclude arrangements that
the health care industry views as full risk because ``items and
services'' was defined to include services reasonably related to the
provision of health care items, devices, supplies, or services,
including, but not limited to, non-emergency transportation, patient
education, attendant services, social services (e.g., case management),
utilization review and quality assurance. According to the commenter,
the scope of ``items and services'' could add significant potential
costs to parties seeking protection under the safe harbor. The
commenter recommended that OIG revise the definition of ``items and
services'' to include covered medical items and services but not items
and services more in the nature of optional supplemental benefits.
Response: In response to the commenter's concerns, we are modifying
the proposed definition of ``items and services'' to mean only health
care items, devices, supplies, and services. We are no longer cross-
referencing and incorporating the definition of ``items and services''
found in paragraph 1001.952(t)(2)(iv). Thus, a VBE may assume risk for
items and services reasonably related to the provision of health care
items, devices, supplies, or services such as non-emergency
transportation, patient education, and social services (as provided for
in the definition of ``items and services'' found in paragraph
1001.952(t)(2)(iv)), but doing so is no longer a safe harbor
requirement.
The scope of items and services for which a VBE must be at risk
depends on the items and services covered by the payor. We recognize
that, across the health industry, what constitutes full risk for health
care items, devices, supplies, and services varies greatly from program
to program and plan to plan, and we have tailored this safe harbor
requirement accordingly. For example, Medicare Advantage generally does
not cover items and services for long-term care at nursing facilities,
but Medicaid does. This safe harbor does not change the scope of items
and services a payor must cover in order for a VBE to meet the
definition of ``full financial risk.''
As we explained in the OIG Proposed Rule, a VBE would be at ``full
financial risk'' if it contracts or enters into a value-based
arrangement with a Medicaid managed care organization and receives a
fixed per-patient per-month amount to be at full financial risk if the
fixed amount covered the cost of all items and services covered by the
Medicaid managed care plan and furnished to the target patient
population. Similarly, we would consider a VBE to be at ``full
financial risk'' if it contracts or enters into a value-based
arrangement with a Medicare Advantage plan to receive a prospective,
capitated payment for all items and services covered by the
[[Page 77775]]
Medicare Advantage plan for a target patient population. Under this
safe harbor, we are not protecting partial capitated arrangements that
require the VBE to assume risk for only a limited set of items and
services.
Parties may utilize OIG's advisory opinion process to determine
whether an arrangement meets the conditions of this safe harbor or is
otherwise sufficiently low risk under the Federal anti-kickback statute
to receive prospective immunity from administrative sanctions by OIG.
Comment: While recognizing that the proposed definition of ``full
financial risk'' ties risk to payor coverage, a commenter requested
that OIG explicitly state the extent to which medication costs may be
included in the items and services for which a VBE must be at risk
under the safe harbor. Another commenter stated that, if prescription
drugs are included in the definition of all items and services for
purposes of the full financial risk safe harbor, it is important that
pharmaceutical manufacturers be eligible to participate in the VBE.
Response: To the extent the payor with which the VBE contracts to
assume full financial risk covers prescription drugs, the VBE's risk
must encompass prescription drugs. The definition of ``full financial
risk'' requires that the VBE assume financial responsibility on a
prospective basis for the cost of all items and services covered by the
applicable payor for each patient in the target patient population.
Conversely, if the contracting payor does not cover prescription drugs,
the VBE does not need to assume risk for such costs.
While we recognize that prescription drugs may be included in the
definition of ``full financial risk,'' manufacturers of a drug or
biological remain ineligible to give or receive protected remuneration
under this safe harbor as finalized here. Such parties may be VBE
participants, but they cannot exchange remuneration protected by this
safe harbor. We refer readers to the section of this final rule
addressing the definition of ``VBE participant'' for a discussion of
our rationale.
iii. Other Defined Terms
Summary of OIG Proposed Rule: We proposed in proposed paragraph
1001.952(gg)(9) that the terms ``coordination and management of care,''
``target patient population,'' ``value-based activity,'' ``value-based
arrangement,'' ``value-based enterprise,'' ``value-based purpose,'' and
``VBE participant'' would have the meaning set forth in proposed
paragraph 1001.952(ee).
Summary of Final Rule: We are finalizing, with modifications, our
proposed use of the value-based terminology at paragraph
1001.952(gg)(9)(iv). We no longer use the term ``coordination and
management of care'' in this safe harbor. Additionally, because
paragraph 1001.952(gg)(1) makes certain entities ineligible to use the
value-based safe harbors, we are finalizing the term ``manufacturer of
a device or medical supply,'' with the same meaning set forth in
paragraph 1001.952(ee)(14).
c. Entities Ineligible for Safe Harbor Protection
Summary of OIG Proposed Rule: We proposed in proposed paragraph
1001.952(ee) to limit the entities that could qualify as VBE
participants, which would have the effect of limiting availability of
the value-based safe harbors, including the full financial risk safe
harbor at proposed paragraph 1001.952(gg), for those ineligible
entities. The proposed definition of ``VBE participant'' is summarized
more fully in section III.B.2.e of this preamble.
Summary of Final Rule: We are not finalizing our proposal in
proposed paragraph 1001.952(ee) to limit the entities that could
qualify as VBE participants. As explained at section III.B.2.e, in the
final rule we are identifying parties ineligible to rely on safe
harbors in the safe harbors themselves. For the full financial risk
safe harbor, we are finalizing a requirement that remuneration is not
exchanged by any of the following entities: (i) Pharmaceutical
manufacturers, wholesalers, and distributors; (ii) PBMs; (iii)
laboratory companies; (iv) pharmacies that primarily compound drugs or
primarily dispense compounded drugs; (v) manufacturers of devices or
medical supplies; (vi) entities or individuals that manufacture, sell,
or rent DMEPOS (other than a pharmacy or a physician, provider, or
other entity that primarily furnishes services, all of whom remain
eligible); and (vii) medical device distributors or wholesalers that
are not otherwise manufacturers of devices or medical supplies. This
list, set forth at paragraph 1001.952(gg)(1), effectuates proposals in
the OIG Proposed Rule to make these entities ineligible to use this
safe harbor for the exchange of remuneration pursuant to a value-based
arrangement.
Comments, our responses, and policy decisions regarding this issue
can be found in the discussion of VBE participants in section III.B.2.e
of this preamble.
d. VBE's Assumption of Risk From a Payor
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(1)that the VBE must assume full financial risk from a
payor. We proposed that VBEs could assume full financial risk directly
from a payor or through a VBE participant acting on behalf of the VBE.
Summary of Final Rule: We are finalizing this requirement at
paragraph 1001.952(gg)(2), with the following modifications. First,
VBEs have two options to assume full financial risk from a payor. A VBE
can assume risk from the payor through an arrangement that meets the
definition of ``value-based arrangement,'' or a VBE can assume risk
from a payor through a contract that places the VBE at full financial
risk.
The first option for risk arrangements requires the payor to be a
VBE participant, which is permitted under our final definition of ``VBE
participant.'' The payor (as a VBE participant) and the VBE can enter
into a value-based arrangement for the VBE to assume full financial
risk. As we proposed and are finalizing in this rule, the introductory
paragraph to 1001.952(gg) protects remuneration exchanged pursuant to a
value-based arrangement. Therefore, remuneration exchanged pursuant to
a payor's and a VBE's value-based arrangement could be protected by
this safe harbor, including remuneration exchanged to implement the
full financial risk methodology, if the value-based arrangement meets
all applicable conditions of the safe harbor.
Under the second option, payors that do not wish to be part of the
VBE may choose to enter into a written contract with the VBE that is
not a value-based arrangement for the purposes of the VBE's assumption
of full financial risk. Under this option, payors would not be VBE
participants, the written contract between the payor and the VBE would
not be a value-based arrangement, and the payor would not be subject to
the other conditions of the safe harbor. In such circumstances, these
contracts must only meet the condition at paragraph 1001.952(gg)(2),
i.e., they must evidence the VBE's assumption of full financial risk
from the payor. Remuneration exchanged pursuant to a risk assumption
contract that is not a value-based arrangement is not protected by this
safe harbor. The VBE and the payor would need to assess any potential
remuneration exchanged pursuant to the risk arrangement contract and
its compliance with the Federal anti-kickback statute.
[[Page 77776]]
To enable the payor and VBE to use this safe harbor to protect
remuneration exchanged pursuant to their value-based arrangement, we
are providing at paragraph 1001.952(gg)(4) of the safe harbor that,
even though the payor is a VBE participant, the payor is exempt from
the prohibition against a VBE participant claiming payment in any form
from the payor for items or services covered under the value-based
arrangement.
We are also modifying this requirement to clarify that the payor
cannot act on behalf of the VBE; the VBE must be a distinct legal
entity or represented by a VBE participant, other than a payor, that
acts on the VBE's behalf.
We summarize and respond to comments regarding this proposed
condition as applied only to the full financial risk safe harbor below.
For a summary of the comments received regarding the requirement that a
VBE assume financial risk from a payor pursuant to a value-based
arrangement, in both the substantial downside financial risk and full
financial risk safe harbors and our responses, we refer readers to the
discussion of this condition in the substantial downside financial risk
safe harbor at section III.B.4.d.
Comment: Commenters requested that OIG clarify that payors can act
on behalf of the VBE to assume full financial risk.
Response: We are revising the regulatory text in response to these
comments to clarify that a single VBE participant may act on behalf of
the VBE to assume full financial risk from a payor, provided it is not
itself a payor. That is, the agent of the VBE and the payor from which
the VBE is assuming full financial risk from may not be the same
entity.
Comment: Multiple commenters expressed concern that, because Indian
health care is compensated through Indian Health Service appropriations
and the Medicare, Medicaid, and CHIP programs, Indian health care
providers could not be risk-bearing entities, as required in the
proposed full financial risk safe harbor.
Response: It is possible that Indian health care providers might
not be risk-bearing entities for purposes of this safe harbor; that
would be a programmatic matter outside the scope of this rulemaking.
There may be other providers of varying types that are not able to, or
choose not to, meet the requirements of this safe harbor. This would
not foreclose Indian health care providers or other providers from
engaging in care coordination arrangements and seeking safe harbor
protection under the care coordination arrangements safe harbor at
paragraph 1001.952(ee), which does not require the assumption of any
risk (but is available for risk-bearing arrangements), or other
available safe harbors, such as the safe harbor for personal services
and management contracts and outcomes-based payments at paragraph
1001.952(d). Moreover, the fact that an arrangement does not fit in a
safe harbor does not make the arrangement unlawful. The OIG advisory
opinion process is also available for providers seeking a legal opinion
regarding their arrangements.
Comment: A commenter requested that the safe harbor not be limited
to items and services covered by a particular payor, but rather
extended to all items and services provided to a VBE participant's
patients, regardless of payor. For example, the commenter requested
that the safe harbor protect risk-based arrangements between a health
system and providers where the VBE assumes risk for all of the
providers' patients, regardless of the patients' payors.
Response: A VBE could assume full financial risk for all of the
items and services provided to all of a VBE participant's patients,
provided the VBE and VBE participant have defined the target patient
population to include all of the VBE participant's patients, and if the
VBE participant's patients are insured by multiple payors, the VBE has
assumed full financial risk from each payor that insures a patient who
is part of the target patient population. The risk that a VBE assumes
is not limited to the items and services covered by the applicable
payor that a VBE participant provides (e.g., only the items and
services provided by the health system); rather, the VBE's risk
encompasses all items and services covered by the applicable payor,
regardless of whether a VBE participant or another provider provides
such items and services.
e. Phase-In Period
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(1) that the full financial risk safe harbor would protect
remuneration exchanged pursuant to value-based arrangements between a
VBE and a VBE participant where the VBE is contractually obligated to
assume full financial risk in the next 6 months. We solicited comments
on whether such lead time should be shorter or longer.
Summary of Final Rule: We are finalizing, with modification, a
protected ``phase-in'' period at paragraph 1001.952(gg)(2). In response
to comments requesting a longer phase-in period, we are extending the
protected phase-in period for parties that have entered into a contract
or a value-based arrangement to assume full financial risk from the
proposed 6 months to 1 year.
In contrast to the substantial downside financial risk safe harbor,
we believe an extended 1-year phase-in period is warranted where a VBE
is preparing to assume full financial risk for the total cost of items
and services covered by the applicable payor for the target patient
population.
We refer readers to the substantial downside financial risk safe
harbor section at III.B.4.e regarding the phase-in requirement for a
summary of comments we received on this phase-in period, and our
responses, as applicable to both the substantial downside financial
risk safe harbor and full financial risk safe harbor and for a more
detailed discussion of this standard. We did not receive comments
regarding the phase-in period specific to the full financial risk safe
harbor. Among other comments, commenters recommended a 1-year phase-in
period for both safe harbors.
f. Writing
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(2) that the parties to the value-based arrangement must
set forth the material terms of the value-based arrangement in a signed
writing that includes the value-based activities to be undertaken by
the parties. At proposed paragraph 1001.952(gg)(1), we proposed that
the VBE have a signed writing with the payor that specifies the target
patient population and contains terms evidencing the VBE's full
financial risk.
Summary of Final Rule: We are finalizing, with modification, a
writing requirement for value-based arrangements at paragraph
1001.952(gg)(3). The modification, based on public comments, clarifies
that the writing requirement can be satisfied by a collection of
documents. The writing requirement now states that the value-based
arrangement must be set forth in writing, signed by the parties, and
specify all material terms, including the value-based activities and
the term. This writing requirement does not apply to contracts between
a VBE and a payor that are not value-based arrangements.
For further discussion of and responses to the general comments we
received regarding a writing requirement, we refer readers to section
III.B.3.d that discusses the writing requirement for purposes of the
care coordination arrangements safe harbor. The general comments
addressed
[[Page 77777]]
aspects of the writing requirement that were common to all three value-
based safe harbors. In this section, we discuss only the comments
specific to the proposed full financial risk safe harbor's writing
requirement.
Comment: A commenter asked OIG to clarify whether, to the extent
parties have multiple value-based arrangements for which they are
seeking protection under this safe harbor, each value-based arrangement
must be set forth in separate writings or whether one agreement could
suffice.
Response: This safe harbor, like the substantial downside financial
risk safe harbor, does not dictate the manner in which parties document
their value-based arrangements. For example, a VBE could choose to
document the value-based arrangement it entered into with a payor and
the value-based arrangement it entered into with a downstream VBE
participant in a single writing; alternatively, it could maintain two
separate writings for the two distinct value-based arrangements.
g. 1-Year Minimum Term of Value-Based Arrangement
Summary of OIG Proposed Rule: In the OIG Proposed Rule, we proposed
in paragraph 1001.952(gg)(2) to require that the term of the value-
based arrangement be for a period of at least 1 year.
Summary of Final Rule: We are not finalizing this proposed
requirement.
Comment: A few commenters opposed the proposed requirement that the
term of the value-based arrangement be for at least 1 year, with one
commenter asserting that a value-based arrangement term requirement
could impose unnecessary obstacles to beneficial innovation. Commenters
also asked whether an arrangement would meet this requirement of the
safe harbor if the parties terminate the arrangement during the first
year but do not enter into a substantially similar arrangement until
the expiration of the first year.
Response: We are not finalizing the proposed requirement that the
term of the value-based arrangement be for a period of at least 1 year.
We believe the requirement for a VBE to assume full financial risk from
the payor for a period of at least 1 year is a sufficient safeguard
against gaming without also requiring the value-based arrangement to
have a 1-year minimum term. Parties must still document the term of
their value-based arrangement as a condition of meeting this safe
harbor's writing requirement.
h. Remuneration Used To Engage in Value-Based Activities
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(4)(i) to require that the remuneration exchanged be used
primarily to engage in the value-based activities set forth in the
parties' signed writing.
Summary of Final Rule: We are not finalizing this proposed
requirement.
Comment: A commenter asked whether, given the requirement that
remuneration must be used primarily to engage in value-based
activities, all activities of an integrated delivery system subject to
global budget arrangements, either upstream or downstream, will relate
to the value-based activities for the target patient population.
Another commenter requested that we interpret this requirement to mean
that, if substantially all of an integrated delivery system's
activities include the assumption of financial risk for all services,
the remaining incidental activities and associated remuneration among
VBE participants also would be protected.
Response: We are not finalizing the proposed requirement that all
remuneration exchanged pursuant to the full financial risk safe harbor
be used primarily to engage in value-based activities for the target
patient population. We intended this proposed condition to safeguard
against the exchange of remuneration to inappropriately induce
referrals. However, based on comments received to this safe harbor and
the substantial downside financial risk safe harbor (as detailed in
section III.B.4.f), we do not think this safeguard is necessary in the
full financial risk safe harbor, given this safe harbor's unique
combination of safeguards, and in particular, the requirement that the
VBE assume full financial risk from a payor for a target patient
population and the safe harbor's limitation on exchanges of
remuneration to those between the VBE and a VBE participant. For
purposes of the substantial downside financial risk safe harbor, we
addressed this issue more narrowly, excluding monetary remuneration
exchanged pursuant to a risk methodology that meets the definition of
``substantial downside financial risk'' or ``meaningful share'' from
the requirement that remuneration exchanged be used predominantly to
engage in value-based activities. However, for the reasons set forth
above, we believe a more flexible approach is warranted in this safe
harbor, and we are not finalizing the proposed condition.
With respect to the comment regarding safe harbor protection for
incidental activities and associated remuneration where substantially
all of an entity's activities include the assumption of financial risk
for all services, we note that the value-based safe harbors do not
protect business models or necessarily all activities and remuneration
flowing under, for example, an integrated delivery system. Rather, the
full financial risk safe harbor, like the other value-based safe
harbors, protects discrete streams of remuneration exchanged pursuant
to a value-based arrangement, and parties would need to evaluate each
stream separately to assess compliance with the Federal anti-kickback
statute, and as applicable, any available safe harbor.
i. Direct Connection to Value-Based Purposes
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(4)(ii) to require that the remuneration be directly
connected to one or more of the VBE's value-based purpose(s), at least
one of which must be the coordination and management of care for the
target patient population. We proposed that this condition would be
interpreted consistent with the similar condition in the care
coordination arrangements safe harbor.
Summary of the Final Rule: We are finalizing, with modification,
the requirement that remuneration exchanged between the VBE and a VBE
participant under this safe harbor be connected to one or more value-
based purposes at paragraph 1001.952(gg)(5)(i). Based on public
comment, we are modifying the provision to remove the requirement that
all remuneration be connected to the purpose of coordinating and
managing care for the target patient population.
Comment: Commenters asked for examples of the types of arrangements
the safe harbor could protect, and a commenter specifically asked
whether the safe harbor would protect fee-for-service payments, bonus
payments based on quality outcomes, or both from a VBE to a VBE
participant. A commenter also asked whether a VBE could give
remuneration to an owner of the VBE, where the owner is a VBE
participant.
Response: This safe harbor could protect arrangements for bonus
payments based on quality outcomes or shared savings and losses
arrangements, among other types of payment arrangements, as long as all
requirements of the safe harbor are satisfied, including the
requirement that
[[Page 77778]]
the remuneration exchanged must be directly connected to one or more
value-based purposes. With respect to the commenter's question about
fee-for-service payment, this safe harbor does not dictate the manner
of payment between the VBE and the VBE participant for items and
services rendered to the target patient population. Provided the VBE
has assumed full financial risk from a payor and the VBE participant
does not claim payment from the payor for the items and services
furnished to the target patient population, the VBE could pay the VBE
participant on a fee-for-service basis.
Whether a VBE could give remuneration to an owner of the VBE, where
the owner is a VBE participant, is a fact-specific determination. While
the safe harbor, by its terms, does not preclude remuneration exchanged
between a VBE and an owner of the VBE where the owner is a VBE
participant, we highlight that this safe harbor does not protect an
ownership or investment interest in the VBE or any distributions
related to an ownership or investment interest.
Unlike the similar requirement in the other value-based safe
harbors, we are not requiring a direct connection to any specific
value-based purpose under this safe harbor. This safe harbor is
designed to protect the broadest scope of remuneration, and some
remuneration may be more closely connected to one of the other value-
based purposes. Therefore, we are providing more flexibility for a VBE
assuming full financial risk to determine the value-based purpose(s) to
which the exchange of remuneration is directly connected. This includes
remuneration exchanged pursuant to a value-based arrangement between
the VBE and the payor (as a VBE participant) that effectuates the VBE's
assumption of full financial risk from the payor. For a summary of
comments received regarding the requirement for a direct connection to
the coordination and management of care and further discussion of this
requirement as proposed in the care coordination arrangements safe
harbor, the substantial downside financial risk safe harbor, and the
full financial risk safe harbor, we refer readers to the applicable
section of this final rule for each safe harbor.
j. No Reduction in Medically Necessary Items or Services
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(4)(iii) to require that remuneration must not induce the
VBE or VBE participants to reduce or limit medically necessary items or
services furnished to any patient. We proposed to interpret this
condition consistent with the similar condition proposed in the care
coordination arrangements safe harbor.
Summary of Final Rule: We are finalizing, with modification, this
condition at paragraph 1001.952(gg)(6). The modification provides that
the value-based arrangement (not merely the remuneration exchanged) may
not induce the VBE or VBE participants to reduce or limit medically
necessary items or services furnished to any patient.
For a summary of comments received and our responses regarding this
condition, as proposed in each of the value-based safe harbors, we
refer readers to the care coordination arrangements and substantial
downside financial risk safe harbor sections discussing this
requirement at III.B.3.e and III.B.4.h, respectively.
k. Taking Into Account the Volume or Value of, or Conditioning
Remuneration on, Business or Patients Not Covered Under the Value-Based
Arrangement
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(5) that the VBE or VBE participant offering the
remuneration could not take into account the volume or value of, or
condition the remuneration on, referrals of patients outside of the
target patient population or business not covered under the value-based
arrangement. This proposed safeguard is identical to that included in
the proposed care coordination arrangements and substantial downside
financial risk safe harbors.
Summary of Final Rule: We are finalizing, without modification,
this condition, and relocating it to paragraph 1001.952(gg)(7).
Comments received on this topic addressed the requirement as it applied
to the value-based safe harbors generally; we did not receive separate
comments on this requirement specific to this safe harbor.
Consequently, we refer readers to the care coordination arrangements
safe harbor section regarding this requirement at III.B.3.f for a
summary of applicable comments, our responses, and a more detailed
discussion of this standard.
l. Offer or Receipt of Ownership or Investment Interests
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(4)(iv) that the full financial risk safe harbor would not
protect an ownership or investment interest in the VBE or any
distributions related to an ownership or investment interest, and we
solicited comments on this approach and, in particular, any operational
challenges this approach might present.
Summary of Final Rule: We are finalizing, without modification,
this condition and relocating it to paragraph 1001.952(gg)(5)(ii).
Comment: Similar to the substantial downside financial risk safe
harbor, several commenters opposed this condition or, alternatively,
requested that OIG clarify that it does not intend to prohibit VBE
participants from establishing a corporate structure for a VBE in which
participants may each receive some equity. A commenter asserted that,
without modifying or clarifying OIG's approach to protecting an
ownership or investment interest in the VBE or any distributions
related to an ownership or investment interest, the safe harbor would
unnecessarily restrict individuals and entities from dictating the
corporate structure of the VBEs they elect to create. Another commenter
stated that the safe harbor should protect ownership or investment
interests where payors require that only a single entity, as opposed to
a collection of entities, enter into the full financial risk
arrangement.
Response: We do not view protection for ownership or investment
interests in a VBE as fundamental to parties entering into value-based
arrangements under this safe harbor and decline to protect them under
this safe harbor. We are concerned that, were we to protect such
remuneration streams, such protection would serve only to align
financial interests of the parties without benefitting the payor or
target patient population. Remuneration in the form of ownership or
investment interests presents a higher risk that offers of investment
interests or returns on investment will be for the purpose of inducing
referrals, without attendant care coordination, quality, or cost-
reduction benefits related to the target patient population or the
payor. Parties seeking to protect a particular ownership or investment
interest may look to existing safe harbors (e.g., the safe harbor for
investment interests found at paragraph 1001.952(a)), and the advisory
opinion process remains available.
Regardless of whether a payor requires that a single entity, as
opposed to a collection of entities, enter into a contract or a value-
based arrangement to assume full financial risk, the safe harbor itself
requires a single individual or entity to contract or enter into a
value-based arrangement with the payor to assume full financial risk
(e.g., the VBE may directly contract with the
[[Page 77779]]
payor or a single VBE participant (other than a payor) may act on
behalf of the VBE to contract with the payor). If a VBE participant
that has assumed full financial risk as an agent of the VBE seeks to
share its risk with other parties to the VBE, the safe harbor is
available to protect such risk-sharing arrangements, provided they meet
all requirements of the safe harbor.
m. No Remuneration From Individuals or Entities Outside the Applicable
VBE
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(4)(v) that the full financial risk safe harbor would not
protect any remuneration funded by, or otherwise resulting from
contributions by, any individual or entity outside of the applicable
VBE.
Summary of Final Rule: We are not finalizing this proposed
requirement, based on concerns--raised by commenters in the context of
the same provision in the care coordination arrangements safe harbor--
that this condition could inadvertently restrict the exchange of
beneficial remuneration that we intend to protect. While we are not
finalizing this condition, we emphasize that remuneration exchanged
outside of a value-based arrangement would not be protected by any of
the value-based safe harbors. We did not receive separate comments on
this requirement specific to this safe harbor. Consequently, we refer
readers to the care coordination arrangements safe harbor and
substantial downside financial risk safe harbor sections at III.B.3.e
and III.B.4.j discussing this requirement for a summary of applicable
comments, our responses, and a more detailed explanation of our
rationale for not finalizing this standard.
n. Utilization Review and Quality Assurance Programs
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(6) that the VBE must provide or arrange for an operational
utilization review program and a quality assurance program that
protects against underutilization and specifies patient goals,
including measurable outcomes, where appropriate. We noted that such
proposed conditions would mirror those found in the managed care safe
harbor at paragraph 1001.952(u) but explained that we were considering
other ways to frame these proposed conditions to reflect the
utilization review and quality assurance mechanisms in place today.
Summary of Final Rule: We are finalizing, with modifications, this
proposed condition at paragraph 1001.952(gg)(8). Based on public
comment, the modifications afford parties additional flexibility in
conducting quality and utilization reviews. Specifically, VBEs seeking
protection under this safe harbor must provide or arrange for a quality
assurance program for services furnished to the target patient
population that: (i) Protects against underutilization of items and
services furnished to the target patient population; and (ii) assesses
the quality of care furnished to the target patient population. We are
not finalizing the proposed requirement to have an operational
utilization review program.
Comment: Some commenters supported our proposal to require the VBE
to provide or arrange for an operational utilization review program and
a quality assurance program, while another commenter requested that OIG
reconsider this requirement, stating that VBEs are not the equivalent
of a managed care organization and that operational utilization review
programs and quality assurance programs are robust, expensive programs
that require significant lead time to implement. A couple of commenters
asked OIG to explain the term ``operational,'' and a commenter
specifically asked whether a utilization review program that is used
only on an annual basis would be considered ``operational.'' Another
commenter asked whether an existing utilization review program of a
contracting payor or provider would meet this requirement.
Response: We are revising the terminology used in order to afford
parties additional flexibility consistent with our intent that a VBE
provide or arrange for a program to protect against underutilization
and specify patient goals. Specifically, VBEs must provide or arrange
for a quality assurance program for services furnished to the target
patient population that: (i) Protects against underutilization of items
and services furnished to the target patient population; and (ii)
assesses the quality of care furnished to the target patient
population. Such a quality assurance program may include an operational
utilization review program and specify patient goals; however, an
operational utilization review program is no longer a requirement.
Pursuant to this revised standard, parties may determine what
activities and mechanisms are most suitable to assess the quality and
appropriateness of care furnished to the target patient population,
provided such mechanisms meaningfully protect against underutilization
and assess the quality of care furnished to the target patient
population.
The flexibility we are providing to parties is in recognition that
VBEs may be subject to varying requirements related to quality
assurance programs based on State law or the terms of its value-based
arrangement with the payor. Notwithstanding this additional
flexibility, as with the condition proposed in the OIG Proposed Rule,
this revised requirement effectuates our intent that a VBE provide or
arrange for a program to protect against underutilization and specify
patient goals.
In response to commenters' specific inquiries, we acknowledge that,
even with the additional flexibility afforded by our revisions to this
condition, quality assurance programs are robust and potentially
expensive undertakings. Thus, we are highlighting that this condition
does not mandate that VBEs establish such review programs themselves;
the VBE may also arrange for such programs. For example, VBEs may look
to payors with which they are contracting or entering into value-based
arrangements to assume full financial risk to share, or fully assume,
this responsibility. In such circumstances, the VBE may reasonably rely
on the payor's existing quality assurance program infrastructure
provided it meets all safe harbor requirements.
o. No Marketing of Items or Services or Patient Recruitment Activities
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(7) to exclude safe harbor protection for remuneration
exchanged pursuant to a value-based arrangement that included marketing
items or services to patients or engaging in patient recruitment
activities. We proposed to interpret this condition consistent with our
interpretation of this same proposed requirement in the care
coordination arrangements safe harbor.
Summary of Final Rule: We are finalizing, with modifications, the
limitation on marketing and patient recruitment at paragraph
1001.952(gg)(5)(iii). Rather than prohibiting all marketing and patient
recruitment activities, we modified the provision to prohibit the
exchange or use of remuneration for the purpose of marketing items or
services furnished by the VBE or VBE participants to patients or for
the purpose of patient recruitment activities. We received only one
comment on this requirement specific to this safe harbor, detailed
below. We refer readers to the care coordination arrangements safe
harbor's discussion regarding this requirement at section III.B.3.j for
a summary of applicable comments, our responses, additional
[[Page 77780]]
explanation regarding this standard, and a rationale for the
modification we are making.
Comment: Without further explaining its position, a commenter
stated that there is no need for any marketing or patient recruitment
limitations in the full financial risk safe harbor.
Response: Consistent with the other value-based safe harbors, we
have modified the marketing requirement to be more limited in scope but
to preclude protection for remuneration exchanged or used for the
purpose of marketing items or services furnished by the VBE or a VBE
participant to patients or patient recruitment activities. Although we
agree that the VBE's assumption of full financial risk generally
warrants greater flexibility in this safe harbor, we continue to
believe that a prohibition on certain marketing and patient recruitment
practices is an important fraud and abuse safeguard across all three
value-based safe harbors for the reasons set forth in the discussion of
the marketing condition in the care coordination arrangements safe
harbor. In particular, with respect to the full financial risk safe
harbor, we are concerned that remuneration under the value-based
arrangement may be exchanged or used to engage in inappropriate patient
recruitment activities to incentivize, for example, beneficiary
enrollment in, or alignment to, a particular health plan.
p. Materials and Records
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(gg)(8) that the VBE or its VBE participants maintain
documentation sufficient to demonstrate compliance with the safe
harbor's conditions and to make such records available to the Secretary
upon request. We solicited comments regarding whether we should require
parties to maintain materials and records for a set period of time
(e.g., at least 6 years or 10 years). We proposed to interpret this
requirement as described in the OIG Proposed Rule's preamble discussing
the proposed care coordination arrangements safe harbor.
Summary of Final Rule: We are finalizing, with modification, the
materials and records requirement at paragraph 10001.952(gg)(9). The
final rule includes new language to specify that, for a period of at
least 6 years, the VBE or its VBE participants must maintain materials
and records sufficient to establish compliance with the conditions of
the safe harbor. We did not receive separate comments on this
requirement specific to this safe harbor; the comments received related
to the value-based safe harbors generally. Consequently, for a more
detailed discussion and a summary of and responses to the comments
received regarding this requirement, we refer readers to section
III.B.3.n discussing the materials and records condition in the care
coordination arrangements safe harbor.
q. Downstream Arrangements
Summary of OIG Proposed Rule: In the preamble, we noted that the
proposed full financial risk safe harbor would apply only to
remuneration exchanged between a VBE and a VBE participant pursuant to
a value-based arrangement. We stated that the proposed safe harbor
would not protect remuneration exchanged between or among VBE
participants that are part of the same VBE, between a VBE participant
and a downstream contractor, or between two downstream contractors. We
explained that we were concerned about extending safe harbor protection
to remuneration exchanged pursuant to these arrangements because the
downstream parties may have assumed little or no financial risk, which
could result in fee-for-service incentives, and therefore, a risk of
overutilization or other traditional harms associated with fee-for-
service payments. We solicited comments on a variety of alternate
approaches to protecting remuneration exchanged pursuant to certain
downstream arrangements (e.g., additional safeguards in either the full
financial risk safe harbor or another safe harbor).
Summary of Final Rule: We are finalizing, without modification, the
requirement that the exchange of remuneration must be between the VBE
and a VBE participant in the introductory paragraph to 1001.952(gg). We
are not extending safe harbor protection to remuneration that passes
from one VBE participant to another VBE participant or a downstream
contractor. As articulated in the substantial downside financial risk
safe harbor section discussing downstream arrangements, we are limiting
safe harbor protection to the exchange of remuneration between the VBE
and a VBE participant because we believe it is important to provide the
protection and regulatory flexibility the risk-based safe harbors
afford only where the VBE is a party to the value-based arrangement. We
are concerned that, without the VBE as a party, where neither party has
assumed full financial risk and may continue to bill the applicable
payor on a fee-for-service-basis, there is a heightened concern about
traditional FFS fraud and abuse risks. We note that a VBE participant
seeking to exchange remuneration with another VBE participant may look
to the care coordination arrangements safe harbor or other safe
harbors, such as the personal services and management contracts and
outcomes-based payments safe harbor.
For a summary of the comments received regarding this limitation,
our responses, and a detailed explanation regarding our decision not to
extend this safe harbor to downstream arrangements, we refer readers to
our discussion of the parallel provision in the substantial downside
financial risk safe harbor in section III.B.4.p. We did not receive
comments on this requirement specific to this safe harbor that diverged
from the comments summarized in the section describing the parallel
provision in the substantial downside financial risk safe harbor.
r. Potential Additional Safeguards
Summary of OIG Proposed Rule: We stated in the preamble that we
were considering adopting two additional safeguards for purposes of the
final rule: A cost-shifting prohibition and a requirement that parties
submit information to the Department regarding their value-based
arrangement.
Summary of Final Rule: We are not finalizing the two additional
proposed safeguards. Similar to the substantial downside financial risk
safe harbor, we are not including a cost-shifting prohibition, in
recognition that the assumption of full financial risk is intended to
drive a reduction in costs, which may include Federal health care
program costs. We did not receive comments on this alternative
condition specific to this safe harbor that diverged from the comments
summarized in section III.B.4.q of the substantial downside financial
risk safe harbor preamble, and we refer readers to that section for a
summary of comments received and our responses.
We are likewise not finalizing a requirement for parties to submit
information to the Department for the reasons previously articulated in
the care coordination arrangements safe harbor's discussion of this
alternative safeguard, including minimizing administrative burden. We
did not receive comments on this condition specific to this safe harbor
that diverged from the comments previously summarized in section
III.B.4.p of the care coordination arrangements safe harbor preamble,
and we refer readers to that section for a summary of comments and our
responses.
We received comments requesting additional safeguards to the full
financial risk safe harbor that we did not
[[Page 77781]]
propose, and we summarize such comments below.
Comment: Several commenters supported the addition of other
safeguards that we did not propose in the preamble to the full
financial risk safe harbor. For example, some commenters supported a
requirement for value-based arrangements to include objective and
quantifiable outcome measures, and a commenter asserted that the
outcome measures, the methodology for measuring them, and how the
measures affect cost should be transparent to the public. Other
commenters suggested that we include the requirement that neither the
value-based arrangement nor VBE participants limit parties' ability to
make decisions in the best interest of their patients.
Response: We are not requiring, in the context of the full
financial risk safe harbor, that value-based arrangements include
outcome measures (or any public transparency requirements related to
such outcome measures) because we did not propose this as a
requirement, and we do not believe that such a requirement would
appreciably mitigate risk, given other conditions of the safe harbor.
However, we note that we are separately requiring that the VBE provide
or arrange for a quality assurance program for services furnished to
the target patient population that: (i) Protects against
underutilization of items and services furnished to the target patient
population; and (ii) assesses the quality of care furnished to the
target patient population. While outcome measurement is not a
requirement of this safe harbor, as a practical matter, we anticipate
that an assessment of the quality of care furnished to the target
patient population pursuant to a quality assurance program may include
quantitative or qualitative measures assessing, for example,
performance on certain outcome measures. We did not propose and are not
finalizing a requirement that neither the value-based arrangement nor
VBE participants limit the parties' ability to make decisions in the
best interest of their patients, nor do we think it would be necessary
given other protections in the safe harbor.
6. Arrangements for Patient Engagement and Support To Improve Quality,
Health Outcomes, and Efficiency (42 CFR 1001.952(hh))
Summary of OIG Proposed Rule: We proposed to establish a new safe
harbor at paragraph 1001.952(hh) to protect remuneration in the form of
patient engagement tools and supports furnished directly by VBE
participants to patients in a target patient population. The tools and
supports could not be funded by anyone outside the VBE (proposed
paragraph 1001.952(hh)(2)). We proposed to protect only in-kind
preventive items, goods, or services, or in-kind items, goods, or
services, such as health-related technology, patient health-related
monitoring tools and services, or supports and services designed to
identify and address a patient's social determinants of health
(proposed paragraph 1001.952(hh)(3)(i)). We proposed that protected
remuneration would need to have a direct connection to the coordination
and management of care (proposed paragraph 1001.952(hh)(3)(ii)) and
advance one of six enumerated goals related to patient care (proposed
paragraph 1001.952(hh)(3)(vii)). The proposal included a $500 cap on
the amount of protected remuneration a VBE participant could furnish to
a patient on an annual basis, with an exception based on the good
faith, individualized determination of a patient's financial need
(proposed paragraph 1001.952(hh)(5)). The proposed safe harbor included
several additional conditions, such as a requirement that provision of
a tool or support would not result in medically unnecessary or
inappropriate items or services reimbursed in whole or in part by a
Federal health care program. Other proposed conditions are summarized
more fully below.
Summary of Final Rule: We are finalizing, with modifications, the
patient engagement and support safe harbor at paragraph 1001.952(hh).
The bases for the modifications are explained the preamble sections
that follow. In particular, we have revised the language at paragraph
1001.952(hh)(3)(i) to remove the specific illustrative categories of
health-related technologies, patient health-related monitoring tools
and services, and supports and services designed to identify and
address a patient's social determinants of health. With respect to
preventive items, goods, and services, we have moved the element of
prevention to the list of enumerated goals that can be advanced by
protected remuneration at paragraph 1001.952(hh)(3)(vi). The final
language at paragraph 1001.952(hh)(3)(i) articulates our policy to be
agnostic as to the types of in-kind tools and supports that can be
protected by the safe harbor if all safe harbor conditions are met.
Further, we are finalizing at paragraph 1001.952(hh)(1) a list of
entities that may not furnish or otherwise fund or contribute to
protected tools and supports under this safe harbor, which includes
manufacturers, distributors, and wholesalers of pharmaceuticals;
pharmacy benefit managers; laboratory companies; pharmacies that
primarily compound drugs or primarily dispense compounded drugs;
manufacturers of devices and medical supplies (unless the tool or
support is digital health technology); entities or individuals that
sell or rent DMEPOS (other than a pharmacy, a manufacturer of a device
or medical supply, or a physician, provider, or other entity that
primarily furnishes services); medical device distributors and
wholesalers; and physician-owned medical device companies. Similar to
our approach in the care coordination arrangements safe harbor at
paragraph 1001.952(ee), a tool or support furnished or funded by a
manufacturer of a device or medical supply (as defined in paragraph
1001.952(ee)(14)) is eligible for safe harbor protection only if the
tool or support is digital health technology (defined at paragraph
1001.952(ee)(14)). As explained at section III.B.2.e above, we are
listing ineligible entities in each safe harbor rather than excluding
them in the definition of VBE participant.
The final safe harbor protects only in-kind remuneration. The final
safe harbor includes at paragraph 1001.952(hh)(5) the proposed $500
annual, aggregate cap provision (without the proposed exception for
tools and supports above the cap furnished based on good faith,
individualized determinations of a patient's financial need). The final
safe harbor also includes at paragraph 1001.952(hh)(3)(iv) the proposed
requirement that the provision of a tool or support not result in
medically unnecessary or inappropriate items or services reimbursed in
whole or in part by a Federal health care program. Additional
conditions of the final safe harbor are summarized by topic in
discussions that follow.
a. General Comments
Comment: Among the commenters offering general feedback on the
proposed safe harbor, some commenters supported the proposed
safeguards, others supported adding some or all of the additional
considered safeguards on which we solicited comments, and others stated
that certain proposed or additional safeguards would impose a
significant administrative burden on stakeholders seeking protection
under the safe harbor. A number of comments noted that the safe harbor
would promote patient engagement, encourage adherence to treatment, and
improve outcomes. Other commenters requested
[[Page 77782]]
specific changes or clarifications to various proposals.
Response: We appreciate the commenters' suggestions regarding the
scope and impact of this safe harbor, including the conditions we
proposed and considered. As discussed below, we are finalizing a number
of the proposed conditions, in some cases with modifications suggested
by commenters. We also are removing or modifying some conditions in
response to comments and adding some of the proposed conditions for
which we solicited comments.
b. Entities Ineligible for Protection
Summary of OIG Proposed Rule: We proposed to protect only tools and
supports furnished by VBE participants, as defined in proposed
paragraph 1001.952(ee)(12). This proposed definition excluded
pharmaceutical manufacturers, laboratories, and manufacturers,
distributors, and suppliers of DMEPOS. As a result, these entities
would be ineligible to use this proposed safe harbor. The entities we
proposed to make ineligible to participate in a VBE are described in
more detail in section III.B.2.e of this preamble. We also indicated
that the final rule might exclude additional entities from furnishing
patient engagement tools and supports, including physician-owned device
companies, compounding pharmacies, and medical device and supply
manufacturers, wholesalers, and distributors.\55\ We solicited comments
on several alternative frameworks for protected offerors and conditions
related to protected offerors under this safe harbor, including whether
the offeror should assume at least some downside financial risk.
---------------------------------------------------------------------------
\55\ 84 FR 55703-06, 55722 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: As explained in section III.B.2.e of this
preamble, the final definition of VBE participant has been expanded to
make all entity types eligible as VBE participants. However, within
each value-based safe harbor, we identify entities that are ineligible
to rely on that particular safe harbor. For the patient engagement and
support safe harbor, and as set forth in paragraph 1001.952(hh)(1), we
are finalizing the following entities as ineligible to use the safe
harbor to furnish protected remuneration to patients: (i)
Pharmaceutical manufacturers, wholesalers, and distributors; (ii) PBMs;
(iii) laboratory companies; (iv) pharmacies that primarily compound
drugs or primarily dispense compounded drugs; (v) manufacturers of
devices or medical supplies (except with respect to digital health
technology, as described below); (vi) entities or individuals that sell
or rent DMEPOS (other than a pharmacy, a medical device or supply
manufacturer that also sells or rents DMEPOS, or a physician, provider,
or other entity that primarily furnishes services, all of whom remain
eligible); (vii) medical device distributors or wholesalers that are
not otherwise manufacturers of devices or medical supplies; and (viii)
medical device manufacturers, distributors, or wholesalers with
ownership or investment interests held by physicians. This expanded
list of excluded entities addresses our concerns, based on our
longstanding enforcement and oversight experience, that certain types
of entities present a higher risk of misusing this safe harbor
primarily or significantly to offer remuneration to beneficiaries as a
means to market their products and services rather than to improve the
coordination and management of patient care.
In this final rule, OIG recognizes the important role that digital
health technology plays in advancing the Department's goals in
connection with the Regulatory Sprint, including improving the
coordination and management of patient care. Accordingly, at paragraph
1001.952(hh)(1)(v), this final rule permits manufacturers of devices
and medical supplies to furnish patient engagement tools or supports
that constitute digital health technology, as defined at paragraph
1001.952(ee)(14). On balance and in consideration of the full set of
applicable safe harbor conditions, we have concluded that this policy
would advance the benefits of improved care coordination without undue
risk to patients or programs.
With respect to whether an entity falls into a category of
ineligible entities, we refer readers to the discussion of the various
types of ineligible entities and entities with multiple lines of
business at section III.B.2.e of this preamble. The same rationale set
forth there for excluding each type of entity from the value-based safe
harbors and the same analysis for categorizing entities with multiple
lines of business apply to the patient engagement and support safe
harbor.
Comment: A number of commenters supported OIG's proposal to limit
safe harbor protection to tools and supports furnished by VBE
participants, as defined in the OIG Proposed Rule, because it helps
ensure that the tools and supports are aligned with the goals of well-
coordinated care and improving value by incentivizing coordination and
collaboration among a patient's providers. Commenters also supported
making specific types of entities ineligible for protection under this
safe harbor, such as pharmaceutical manufacturers and manufacturers,
distributors, and suppliers of DMEPOS.
Response: We are finalizing our policy that safe harbor eligibility
is limited to VBE participants and, consequently, that tools and
supports furnished or funded by certain types of entities would not be
eligible for safe harbor protection. The final patient engagement and
support safe harbor protects only remuneration provided by a VBE
participant; this term, as defined in this final rule, does not limit
or restrict what type of entity may be a VBE participant. However, this
safe harbor does not protect tools and supports furnished or funded by
the entities listed in paragraph 1001.952(hh)(1), even if such entities
are VBE participants.
We continue to believe that offering and furnishing patient
engagement tools and supports by these ineligible entities elevates the
risk of fraud and abuse. For example, as we stated in the OIG Proposed
Rule, offers of tools or supports by pharmaceutical manufacturers to a
patient could improperly influence the patient, as well as a
clinician's decision to prescribe one drug over another. Such
remuneration could influence a patient to request a particular drug
that is more expensive or less clinically efficacious than other
clinically equivalent drugs. This could both improperly influence
patient choice and increase costs to Federal health care programs--two
factors cited by Congress to consider when developing safe harbors--
without necessarily increasing quality. Similarly, we remain concerned
that the entities identified as ineligible for this safe harbor may
inappropriately use patient engagement tools and supports to induce the
use of medically unnecessary items and services; market their products;
or divert patients from a more clinically appropriate item or service,
provider, or supplier without regard to the best interests of the
patient. Accordingly, we are finalizing paragraph 1001.952(hh)(1) to
specify that the entities listed above are ineligible to furnish, fund,
or contribute to remuneration protected by the patient engagement and
support safe harbor.
Comment: Several commenters urged OIG to broaden the safe harbor to
protect tools and supports offered by entities that are not VBE
participants. Another commenter noted that many payors and providers
have developed effective patient incentive programs that
[[Page 77783]]
have occurred outside the value-based care setting but nonetheless
advance OIG's goals of improving adherence to a followup care plan,
improving adherence to a treatment or drug regimen, enhancing the
management of a disease or condition, or ensuring patient safety.
Commenters also expressed concern that requiring VBE participation
imposes an increased administrative burden on providers, which could be
a barrier to offering patient engagement tools and supports. Another
commenter added that limiting the safe harbor to VBE participants would
effectively preclude single-provider entities from safe harbor
protection.
Response: As noted above, we are finalizing a condition that safe
harbor protection is only available for tools and supports furnished by
VBE participants, subject to additional conditions. In the preamble to
the OIG Proposed Rule, we explained that safe harbor protection would
only be available to VBE participants in order to align the proposed
patient engagement and support safe harbor with the value-based
framework proposed in that rule.\56\ Limiting safe harbor protection to
VBE participants is an important condition because it requires entities
to adhere to certain formalities that promote value-based objectives
including, for example, articulating a value-based purpose and
identifying a target patient population based on legitimate and
verifiable criteria that are set out in writing and further the VBE's
value-based purpose.
---------------------------------------------------------------------------
\56\ 84 FR 55722 (Oct. 17, 2019).
---------------------------------------------------------------------------
Moreover, we believe the modest administrative steps required to
establish a VBE--namely, establishing an accountable body and creating
a governing document--require that entities determine how to
effectively promote value-based care (e.g., how the VBE participant
intends to achieve its value-based purpose). In the context of patient
engagement tools and supports, the VBE must connect the provision of
tools and supports to the goal of furthering value-based care that
underlies this rulemaking. We emphasize that we perceive the
administrative steps required to establish a VBE as relatively minimal,
and they should not pose a significant burden on providers and others
that desire to furnish protected tools and supports. We also note that
solo practitioners are not foreclosed from protection under this safe
harbor. A solo practitioner could partner with another entity or
individual--without changing the membership of the practitioner's own
practice--to form a VBE. As a VBE participant, the solo practitioner
would then be eligible to offer protected tools and supports to
patients, provided the other conditions of the safe harbor are
satisfied.
Comment: Several commenters urged OIG to extend safe harbor
protection to providers in rural or underserved areas even if they are
not VBE participants. According to commenters, these practices may not
have sufficient patient populations or resources to create or
participate in a VBE.
Response: We do not believe the modest administrative steps
required to establish a VBE will be a barrier to most entities--
including providers serving rural or underserved patients--that are
seeking to offer tools and supports to beneficiaries. Moreover, we
believe that requiring entities to fulfill certain VBE-related
requirements will help ground any offer or provision of patient
engagement tools and supports in the value-based objectives central to
this rule, namely the coordination and management of patient care. A
VBE does not require a target patient population to be a particular
size, and in any event a small practice or a provider in a rural or
underserved community may partner with larger providers or other
entities with more resources to form VBEs. Accordingly, the final rule
does not offer providers in rural or underserved areas an exception to
the safe harbor's condition that requires that the individual or entity
offering or furnishing protected tools and supports be a VBE
participant.
Comment: Commenters recommended that tools and supports furnished
or funded by various specific types of entities should be eligible for
protection under this safe harbor. In particular, commenters
recommended that pharmaceutical manufacturers; manufacturers,
distributors, and suppliers of DMEPOS; and laboratories--all of which
were ineligible for VBE participation per the definition of ``VBE
participant'' in the OIG Proposed Rule--should be eligible to furnish
or fund protected tools and supports under this safe harbor. Commenters
also noted that pharmaceutical manufacturers; manufacturers,
distributors, and suppliers of DMEPOS; and laboratories increasingly
are diversified entities that include corporate affiliates and business
units that provide a wide range of items and services, including health
technologies, care coordination and clinical management, and other
offerings and services. Commenters also urged that pharmacists,
pharmacies, pharmacy benefit managers, dialysis facilities, and health
technology companies should be eligible for protection under the
patient engagement and support safe harbor.
Response: Under the final rule, tools and supports furnished or
funded by manufacturers, distributors, and wholesalers of
pharmaceuticals; individuals and entities that sell or rent DMEPOS;
pharmacy benefit managers; laboratory companies; pharmacies that
primarily compound drugs or primarily dispense compounded drugs;
medical device distributors and wholesalers; and physician-owned
medical device companies are not eligible for protection under the
patient engagement and support safe harbor. Based on our longstanding
enforcement and oversight experience, there is a risk that these
entities could misuse this safe harbor to offer remuneration to
beneficiaries as a means to market their products and services rather
than advancing the goal of improving the coordination and management of
patient care. For the same reasons, medical device manufacturers are
not eligible for protection under this safe harbor except to the extent
the tools or supports provided are digital health technology.
Similar to the care coordination arrangements safe harbor, we have
taken a tailored, risk-based approach to address protection for the
provision of digital health technology to patients. Among the entities
that are otherwise ineligible for this safe harbor, we have identified
manufacturers of devices or medical supplies as an entity type that
should, to advance the policy goals of this rulemaking, have a limited
pathway for protection when they provide digital health technologies as
defined in this rule. Under the final rule, manufacturers of devices or
medical supplies as defined in paragraph 1001.952(ee)(14) are eligible
for protection under the patient engagement and support safe harbor,
but only to the extent that the tools and supports they provide to
patients meet the definition of digital health technology, as also
defined in paragraph 1001.952(ee)(14). All VBE participants that are
eligible to use this safe harbor may provide patients with digital
health technology. Eligible VBE participants, other than a manufacturer
of a device or medical supply, are not limited to digital heath
technology as defined at paragraph 1001.952(ee)(14) as long as all safe
harbor conditions are met.
Under the final care coordination arrangements safe harbor, DMEPOS
companies (i.e., entities or individuals that sell or rent DMEPOS
(other than a pharmacy, a manufacturer of a device or medical supply,
or a physician,
[[Page 77784]]
provider, or other entity that primarily furnishes services)) are also
eligible for the limited technology participant pathway. However, for
the patient engagement and support safe harbor, we are finalizing our
proposal to make companies that sell or rent DMEPOS ineligible for the
safe harbor without exception. We make this distinction based on the
different roles and risks associated with entities and individuals that
sell or rent DMEPOS when they interact directly with patients. Our
enforcement experience reveals persistent and troubling fraud and abuse
in sectors of the DMEPOS industry, including inducements paid to
beneficiaries to order medically unnecessary products or to disclose
their Medicare beneficiary identifier or other personal information.
Entities and individuals that sell or rent DMEPOS have more pervasive
and personal relationships with individual patients and sell more
products directly to patients than manufacturers of medical devices and
supplies. This restriction does not mean that patients cannot receive
digital tools and supports related to DMEPOS under the safe harbor, but
they cannot be provided or funded by entities and individuals that sell
or rent DMEPOS. Arrangements between entities and individuals that sell
or rent DMEPOS and patients would be subject to a case-by-case analysis
for compliance with the Federal anti-kickback statute.
Consistent with the discussion in section III.B.2.e.ii, the final
rule lists ``an entity or individual that sells or rents'' DMEPOS as
ineligible for safe harbor protection unless the entity or individual
is a pharmacy, a manufacturer of a device or medical supply, or a
physician, provider, or other entity that primarily furnishes services.
This approach focuses on the nature of the entity's business rather
than relying on unrelated definitions of ``distributor'' or
``supplier.'' As explained in section III.B.2.e.ii, carving out
pharmacies, providers, and other entities that primarily furnish
services will ensure that these entities--which are likely to be at the
front lines of care coordination--remain eligible for safe harbor
protection.
For purposes of the patient engagement and support safe harbor, a
manufacturer of a device or medical supply is eligible for protection,
as provided in paragraph 1001.952(hh)(1)(vi), even if it rents or sells
DMEPOS. The multiple business lines analysis would not be needed. The
definition for DMEPOS companies at paragraph 1001.952(hh)(1)(vi) is
different from the definition of DMEPOS companies for the care
coordination arrangements safe harbor to effectuate and clarify the
policy goal that the patient engagement and support safe harbor protect
digital technology provided by medical device and supply manufacturers.
Regarding commenters' concern about the potential impact of the
safe harbor's entity carve-outs on diversified entities that include
corporate affiliates and business units that provide a wide range of
items and services, we reiterate the discussion in section III.B.2.e.v
above regarding entities with multiple lines of business.
Among other specific entity types addressed by commenters, we note
that the only entities not eligible to provide protected remuneration
under this safe harbor are those entities listed in paragraph
1001.952(hh)(1). Accordingly, many of the entities mentioned by
commenters including many pharmacists and pharmacies and dialysis
facilities could furnish protected tools and supports, provided all
conditions of the safe harbor are satisfied. Pharmacy benefit managers
are not eligible to furnish protected tools and supports under this
safe harbor for the reasons set forth at section III.B.2.e. Health
technology companies are eligible to be VBE Participants and furnish
protected tools and supports. If the health technology company is a
manufacturer of a device or medical supply, then it may only furnish
protected tools and supports in the form of digital health technology.
If the health technology company is an entity or individual that sells
or rents DMEPOS covered by a Federal health care program (other than a
pharmacy, a manufacturer of a device or medical supply, or a physician,
provider, or other entity that primarily furnishes services) or any
other type of ineligible entity, it may not use this safe harbor.
As explained in more detail in section III.B.2.e.ii.f, pharmacies
that primarily compound drugs or primarily dispense compounded drugs
are ineligible for protection under the patient engagement and support
safe harbor. We have significant concerns about fraud and abuse risks
based on enforcement and oversight experience involving compounding
pharmacies. Although pharmacies that primarily compound drugs or
primarily dispense compounded drugs are ineligible for safe harbor
protection, we believe most community pharmacies would remain eligible.
As explained in section III.B.2.e.iv, we believe that many community
and retail pharmacies have the potential to be VBE participants and
further the coordination and management of patient care, including
through the provision of patient engagement tools and supports.
Accordingly, pharmacies (other than compounding pharmacies) are fully
eligible for protection under this safe harbor.
Comment: Some commenters objected to categorically limiting
protection based on entity type altogether, urging OIG to focus on
program integrity safeguards that could prohibit inappropriate behavior
rather than carving out categories of entities from protection. A
commenter suggested that, to the extent OIG retains its categorical
approach in the final rule, it should clarify that parties will not be
ineligible for safe harbor protection on the basis of corporate
affiliates, shared ownership, or separate business units.
Response: As noted in our response to the prior comment, the
entities listed in paragraph 1001.952(hh)(1) may not furnish protected
tools and supports under this safe harbor because of the risk that
tools and supports from these entities could improperly influence
patients or physicians. The final rule does not explicitly prohibit an
entity that is a corporate affiliate or under shared ownership with an
ineligible entity from offering protected tools and supports. For
entities with multiple business lines, this preamble at section
III.B.2.e.v describes the analysis to determine whether such an entity
would be considered one of the ineligible entity types under this safe
harbor. Notably, corporate affiliation--whether by majority ownership,
common ownership, or another structure--has no bearing on eligibility
for safe harbor protection under the patient engagement and support
safe harbor.
Comment: Several commenters recommended that OIG structure the
patient engagement and support safe harbor to protect tools and
supports offered by Indian health programs.
Response: We are mindful of the important work done by Indian
health programs and the critical needs of their patient populations for
improved coordination and delivery of care. Indian health care
providers that become VBE participants are eligible to use this safe
harbor to provide tools and supports to beneficiaries. We did not
propose and have not structured a specific safe harbor for Indian
health programs. Providers interested in patient engagement programs
can also use the local transportation safe harbor. It is important to
note that arrangements that do not fit in a safe harbor are not
necessarily unlawful, and the OIG advisory opinion process remains
[[Page 77785]]
available for providers seeking a legal opinion regarding an existing
or proposed arrangement.
Comment: In response to our solicitation of comments in the OIG
Proposed Rule regarding a potential condition that safe harbor
protection is only available to entities that assume downside financial
risk, several commenters urged OIG not to adopt such a financial risk
assumption requirement. One commenter opined that there is no logical
connection between a provider's financial risk and the benefits of
patient engagement. Another commenter noted that adding a financial
risk requirement could limit application of this safe harbor to large
practices and health systems, positing that small, rural, and
underserved practices are unable to take on financial risk and
therefore would not be able to provide tools and supports protected by
the safe harbor should it include a requirement that protected offerors
assume downside financial risk. A commenter noted that for a VBE with
downside financial risk there is no incentive to provide an item, tool,
support, or service that is not related to treating or preventing a
disease or injury among a target patient population. As such,
inherently, the VBE participant must believe the tool or support will
provide a medical or health benefit to the patient to whom it is being
given. Another commenter with experience as a risk-bearing ACO entity
supported limiting this safe harbor to VBEs engaged in risk-bearing
arrangements, citing a learning curve in the appropriate use of tools
and supports, and highlighting that the assumption of downside
financial risk may offset some of the traditional fraud and abuse
concerns, such as overutilization.
Response: We agree with commenters and believe that various
providers and other entities--including those who have not assumed
downside financial risk--could engage in beneficial patient engagement
and support. Consequently, in an attempt to promote flexibility and
innovation related to patient engagement and support, the safe harbor
as finalized in this rule does not contain a financial risk
requirement.
c. Limitations on Recipients
Summary of OIG Proposed Rule: The proposed safe harbor protected
only tools and supports furnished by a VBE participant to a patient
within a defined ``target patient population,'' as that term is defined
at proposed paragraph 1001.952(ee)(12)(ii), and without regard to payor
type. We solicited comments on whether to broaden the category of
patients who can receive protected tools and supports under this safe
harbor to include, for example, any patient, so long as the tools and
supports predominantly address needs of the target patient population
and the tools and supports have a direct connection to the coordination
and management of care for the patient.\57\
---------------------------------------------------------------------------
\57\ 84 FR 55723 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We finalize, with modification, our proposal
to limit safe harbor protection to tools and supports provided to
patients in a target patient population. The final safe harbor
clarifies our intent that, to qualify for safe harbor protection, a
tool or support must be furnished by a VBE participant to a patient in
the target patient population of a value-based arrangement to which the
VBE participant is a party. This language ensures that the remuneration
is linked to the target patient population relevant to the VBE to which
the VBE participant is a party. It further ensures that the
remuneration has a direct connection to the coordination and management
of care of the relevant target patient population, as set forth in the
condition at paragraph 1001.952(hh)(3)(ii).
Comment: Several commenters appreciated that we proposed protection
for patient engagement tools and supports offered to a target patient
population, notwithstanding payor type, and agreed as a general matter
that the provision of protected tools and supports should be limited to
the target patient population.
Response: We have finalized the condition, as proposed. The safe
harbor only protects remuneration provided to a patient in a target
patient population.
Comment: Some commenters suggested that this safe harbor not
incorporate the definition of ``target patient population'' proposed at
paragraph 1001.952(ee)(12)(ii), or that this safe harbor protect tools
and supports given to certain patients outside the target patient
population. Other commenters proposed alternative ``target patient
population'' definitions or exceptions for rural and underserved
communities outside of the VBE construct, as well as exceptions
designed to address social determinants of health. Commenters also
asked us to finalize a broad category of protected recipients without
any defined parameters, such as limiting the scope of protected
recipients to patients with a specific disease state or certain chronic
conditions. Several commenters highlighted problems with and sought
clarity regarding a VBE participant's inability to retrospectively or
prospectively identify or assign patients to the target patient
population, and whether a precise population was required to satisfy
the definition of ``target patient population'' for purposes of this
safe harbor.
Response: The final safe harbor retains the conditions that a
protected tool or support must be provided to a patient in the target
patient population and must have a direct connection to the
coordination and management of care of the target patient population.
We believe that requiring a VBE participant to specify a target patient
population prior to offering patient engagement tools and supports will
help tie the tools and supports to the underlying value-based purposes
of the VBE and will necessitate careful consideration of the objective
characteristics of the patient population that likely will benefit from
any offered tools and supports. We also believe that a connection to an
objectively defined target patient population decreases the risk that
valuable remuneration will be offered to patients as an inducement to
seek care. We have incorporated the definition of ``target patient
population'' as finalized at paragraph 1001.952(ee)(14)(v) for the sake
of consistency and because VBE participants will have familiarity with
the defined term through the creation of a VBE.
As noted in the summary above, we also are finalizing the proposed
requirement that only tools and supports furnished by VBE participants
are eligible for protection under this safe harbor. This provision does
not impose additional burdens on VBE participants. Establishing a VBE
requires articulating a value-based purpose and defining a target
patient population, which significantly contributes to meeting this
condition. The requirement that a patient engagement tool or support be
furnished by a VBE participant to a patient in a target patient
population does not include any exceptions for patients in rural or
underserved areas, or for remuneration intended to address social
determinants of health. We emphasize, however, that VBE participants
have considerable flexibility in determining how to define a target
patient population, as long as the population is selected using
legitimate and verifiable criteria that are set out in writing and
further the VBE's value-based purpose. In addition, VBE participants
could establish multiple target patient populations for the purposes of
furnishing tools and supports to be protected by this safe harbor as
long as all safe harbor conditions are satisfied.
Comment: Many commenters supported the alternative language for
[[Page 77786]]
which we solicited comments, which would have protected tools and
supports furnished to any patient, as long as the tools and supports
predominantly address the needs of the target patient population, and
the tools and supports have a direct connection to the coordination and
management of care for the patient, noting, for example, that it can be
challenging to make accurate prospective predictions of which patients
are aligned with a target patient population at any given time.
Response: In this final rule, we decline to protect remuneration
furnished to patients outside a specified target patient population.
Limiting protected tools and supports only to patients within the
target patient population will help to ensure the tools and supports
have a nexus to the VBE's underlying value-based purpose in a way that
might be more attenuated under our alternative proposal.
Comment: Some commenters recommended that the safe harbor protect
the provision of tools or supports for patients whose conditions or
circumstances are similar to those of the target patient population,
highlighting the risk of penalties associated with providing tools and
supports to patients who could benefit from them despite falling
outside of the target patient population.
Response: The final safe harbor requires VBE participants seeking
protection under the patient engagement and support safe harbor to
define the scope of the applicable target patient population to include
patients likely to benefit from the relevant tools and supports. As
discussed above in more detail in section III.B.2.c, the selection
criteria--not the individual patients--must be identified in advance.
Parties may modify their target patient population selection criteria
prospectively by amending their existing value-based arrangement. VBE
participants can retroactively attribute patients to the target patient
population without amending the value-based arrangement if such
patients meet the selection criteria established prior to the
commencement of the value-based arrangement.
d. Furnished Directly to the Patient
Summary of OIG Proposed Rule: We proposed to include a condition at
proposed paragraph 1001.952(hh)(1) that the tool or support must be
furnished directly to the patient by a VBE participant. We solicited
comments on arrangements through which a VBE participant might order or
arrange for the delivery of a tool or support from an independent third
party. We also sought comment on whether to expressly permit a VBE
participant to furnish the tool or support through someone acting on
the VBE participant's behalf and under the VBE's direction, such as a
physician practice that is a VBE participant providing a tool or
support through an individual member of the practice or a nurse
employed by the practice. We also solicited comments regarding whether
to require patient notice if third parties are involved in the
furnishing of the tool or support.
Summary of Final Rule: We are finalizing, with modification, this
condition at paragraph 1001.952(hh)(2). The final rule extends safe
harbor protection to a VBE participant that provides patient engagement
tools or supports through a third party that qualifies as an ``eligible
agent,'' as defined in paragraph 1001.952(hh)(9).
Comment: Most commenters did not support the condition requiring
that tools or supports be furnished directly to the patient by the VBE
participant, for several reasons. For example, commenters asserted
that, depending on the size or sophistication of the VBE participant's
practice, the VBE participant may outsource the furnishing of the tool
or support, or otherwise not be present at the time it is furnished.
Others suggested that a partner or an agent of a VBE participant, such
as a vendor, contractor, or employee of the participant, should also be
permitted to furnish the patient engagement tools or supports at the
direction of the VBE participant, noting that for entities and
individuals furnishing tools and supports, outsourcing the provision of
such tools and supports to independent third parties is a common
practice. Other commenters recommended protection of tools and supports
provided by nontraditional or nonclinical (but health-related) third
parties that address social determinants of health or transportation
needs. For example, a health system commenter indicated that it
contracts with vendors to provide digital devices and tools to
patients. Another commenter also provided an illustrative example,
explaining that to furnish a patient with a ``grab bar'' at home, it
would purchase a grab bar through an online retailer and then contract
with a local hardware vendor to install the grab bar. Another commenter
recommended safe harbor protection for the provision of tools and
supports through which the third party is under the control and
oversight of the VBE participant and is otherwise eligible to
participate in a VBE (as proposed in the OIG Proposed Rule).
Response: We agree that the safe harbor should protect the
provision of tools and supports through a person or entity acting on
behalf of the VBE participant and under the VBE participant's
direction, but only if certain conditions are met. Requiring that the
tool or support be furnished directly to the patient by the VBE
participant prevents entities that are ineligible to participate in a
VBE from directly or indirectly furnishing tools or supports to
patients. Also, as we explained in the OIG Proposed Rule, the
requirement would help patients understand who is furnishing the tool
or support and why. Notwithstanding, we have finalized a provision at
paragraph 1001.952(hh)(2) that extends protection to tools and supports
furnished through a VBE participant's ``eligible agent,'' assuming the
other conditions of the safe harbor are met. For purposes of this
paragraph, ``eligible agent'' means any person or entity that is not
identified in paragraph 1001.952(hh)(1)(i)-(viii) as ineligible to
furnish protected tools and supports. Thus, the eligible agent must be
an individual or entity that could furnish protected tools and supports
under paragraph 1001.952(hh)--even though the eligible agent does not
itself need to become a VBE participant. The VBE participant's eligible
agent could be, for example, employees and contractors of a practice
when the VBE participant is the practice itself, or other third parties
such as technology vendors or retailers. This condition also means that
an entity precluded from furnishing or funding protected tools and
supports under paragraph 1001.952(hh)(1) cannot be an eligible agent of
a VBE participant for purposes of furnishing a protected patient
engagement tool or support. Furthermore, this safe harbor does not
protect any remuneration that flows through or is furnished by a third
party that is not an eligible agent.
Comment: Some commenters recommended that a tool or support be
eligible for safe harbor protection if it is furnished to a caregiver
or family member of a patient in the target patient population.
Response: We agree that a tool or support should be eligible for
safe harbor protection if it is furnished to a caregiver or family
member of a patient in the target population, as long as the tool or
support satisfies all conditions of the safe harbor conditions. As we
stated in the OIG Proposed Rule, a tool or support would not be
considered ``diverted'' if furnished to the patient indirectly through
the patient's caregivers or family members, or through another
individual acting on behalf of the patient. We provided
[[Page 77787]]
examples of such scenarios, including one in which a patient is unable
to care for himself or herself and another person has legal authority
or the patient's consent to do so, such as when a parent caring for a
minor child with asthma accepts and installs an air purifier on behalf
of the child.\58\ Although we included this discussion in the context
of a proposed condition to mitigate potential diversion of patient
engagement tools and supports--which is not being finalized in this
rule--we nevertheless believe the discussion is applicable to the
``furnished directly'' condition at paragraph 1001.952(hh)(2).
Accordingly, intervening caregivers and family members or others acting
on behalf of the patient may facilitate the provision of the tool or
support without the remuneration running afoul of the ``furnished
directly'' requirement if all other conditions of the safe harbor are
satisfied.
---------------------------------------------------------------------------
\58\ 84 FR 55728 (Oct. 17, 2019).
---------------------------------------------------------------------------
Comment: Some commenters suggested that when a third party is
providing the tool or support, the patient should be notified in
writing or otherwise about the sponsor and other details about the
vendor and the purpose of the tool or support. Other commenters
objected to any additional notification requirements as burdensome to
the provider and the patient.
Response: We appreciate the commenters' suggestion but decline to
impose such a notification requirement. The safe harbor only protects
the provision of tools and supports that are recommended by a patient's
health care professional, and many of the enumerated goals in the safe
harbor also require the involvement of the patient's licensed health
care professional. Based on these conditions, we believe beneficiaries
are unlikely to receive tools or supports that otherwise meet the
conditions of the safe harbor without an awareness of the source and
purpose of those items or services. Furthermore, lack of awareness of
the source and purpose also may diminish the likelihood for improved
patient engagement. To best promote patient engagement and ensure the
benefits of any tools and supports are realized, VBE participants have
an incentive to clearly communicate about the tools and supports they
provide without a formal patient notification requirement.
e. Funding Limitations
Summary of OIG Proposed Rule: In proposed paragraph
1001.952(hh)(2), we proposed to prohibit any third-party entity or
individual outside of the VBE from financing or otherwise contributing
to the provision of patient engagement tools or supports. In the OIG
Proposed Rule, this condition would have prevented entities not
eligible to become VBE participants from circumventing that limitation
and seeking protection for tools and supports they furnished to
patients under the patient engagement and support safe harbor.
Summary of Final Rule: We are finalizing, with modifications, this
condition at paragraph 1001.952(hh)(4). Specifically, the final
regulation text states that the patient engagement tool or support must
not be funded or contributed by a VBE participant that is not a party
to the applicable value-based arrangement or by an entity listed at
paragraph 1001.952(hh)(1)(i) through (viii). The modifications have
been made to ensure that the specified entities ineligible for
protection under this safe harbor at paragraph 1001.951(hh)(1) are not
able to circumvent that restriction by indirectly funding or
contributing to tools and support protected under this safe harbor.
This condition also clarifies our intent that the VBE participant must
be a party to the ``applicable value-based arrangement.'' In other
words, the patient receiving the tool or support must be a member of
the target patient population of a VBA to which the VBE participant is
a party. This also ensures that the remuneration has a direct
connection to the coordination and management of care of the target
patient population of the applicable VBA to which the VBE participant
is a party. The condition at paragraph 1001.952(hh)(4) effectuates our
proposed policy to bar safe harbor protection for tools and supports
funded by entities that, under the proposed rule, could not have been
in a VBE (see section III.B.2.e.ii for discussion of these entities).
The safe harbor does not protect any patient engagement tools and
supports funded by or involving contributions from entities identified
at paragraph 1001.952(hh)(1)(i) through (viii).
Comment: Several commenters found this condition unduly
restrictive, citing potential challenges with meeting this condition
when delegating the provision of tools and supports or sharing a care
coordinator with someone outside of the VBE. Another commenter stated
that entities explicitly ineligible for participation in a VBE under
the OIG Proposed Rule's definition of ``VBE participant'' play a vital
role in supporting the care of patients, and without funding from such
entities, hospitals and payors would be limited regarding what types of
patient engagement tools and supports they could provide.
Response: We are finalizing this condition with modifications. This
condition is an important safeguard that prevents entities ineligible
for safe harbor protection from circumventing the conditions of the
safe harbor by doing indirectly what they cannot do directly. Regarding
commenters' concerns about the impact of this condition on the ability
to delegate the provision of tools or supports, we emphasize that, as
discussed in the prior section of this preamble, VBE participants may
provide tools and supports via an eligible agent, which can be any
third party as long as the third party is not otherwise ineligible to
furnish protected tools and supports under this safe harbor.
Comment: A commenter supported this condition, noting that outside
funding or contributions pose a risk of inappropriate steering to
specific suppliers of products or services. Other commenters
appreciated the purpose of this limitation but asked OIG to allow for
certain donations from foundations or charities to a VBE, together with
a safeguard prohibiting the donating third party from having direction
or control over how the funds are spent. Another commenter stated that
other types of entities such as construction companies may offer to
modify homes with ramps and wider doors, among other things, without
charge, and that this condition could prevent protection for such
donations.
Response: We appreciate that many entities would like to fund or
otherwise contribute to protected patient engagement tools and supports
provided by a VBE participant, including through charitable or
otherwise arm's-length donations made to a VBE. Our goal in
implementing the funding and contribution limitations is to ensure that
entities that may not furnish protected tools and supports directly are
unable to indirectly provide or fund protected tools and supports. We
believe that limiting the types of entities that may fund protected
tools and supports is an important safeguard against circumvention
schemes, including potential arrangements involving foundations or
charities. Without the funding and contribution limitations, it is
possible that entities ineligible to provide tools and supports could
indirectly fund such items or services through a foundation, charity,
or other entity, which could make it difficult to determine the
ultimate source of funding. We believe the final funding and
contribution limitations described
[[Page 77788]]
here provide sufficient flexibility for VBE participants to provide
protected tools and supports while safeguarding against the heightened
risk of fraud and abuse related to tools and supports furnished to
patients by the types of entities that are ineligible for safe harbor
protection.
Nothing in this condition would prevent a charity or foundation
from providing tools and supports directly to patients, assuming such
an arrangement complies with the Federal anti-kickback statute or
Beneficiary Inducements CMP, if either statute is implicated. If the
charity or foundation is not funded by health care entities, the
arrangement might not implicate the statutes. Further, nothing in this
safe harbor would prevent construction companies from modifying homes
with ramps, widening doors, or providing other construction services
for free to patients, provided those arrangements comply with the
statute. Free services offered to a patient directly by a construction
company that does not provide Federally reimbursable items or services
or make referrals for them would not implicate the statutes, and
therefore, safe harbor protection would not be needed. However, such
free services offered through an intermediary that provides federally
reimbursable items and services, such as a hospital, would need to be
evaluated on a case-by-case basis under the statute; the arrangement
between the construction company and hospital would not implicate the
statute, but the arrangement between the hospital and patient might.
f. Nature of the Remuneration
Commenters provided numerous suggestions regarding specific types
of remuneration potentially protected under this safe harbor. In the
sections below, we respond to such comments and provide examples of
potentially protected types of remuneration, but we note that the
examples or categories of items, goods, and services included here are
neither exhaustive nor presumptively protected under this safe harbor.
Specifically, we remind stakeholders that all conditions of the safe
harbor must be squarely satisfied for the tools and supports to be
protected by the safe harbor.
i. In-Kind Remuneration
Summary of OIG Proposed Rule: At proposed paragraph
1001.952(hh)(3)(i), we proposed to protect any in-kind preventive item,
good, or service, or an in-kind item, good, or service such as health-
related technology, patient health-related monitoring tools and
services, or supports and services designed to identify and address a
patient's social determinants of health.
Summary of Final Rule: We are finalizing, with modifications, the
provision at paragraph 1001.952(hh)(3)(i). The final rule protects
patient engagement tools and supports that are in-kind items, goods,
and services provided they meet all applicable safe harbor conditions.
We are not finalizing the regulatory text at proposed paragraph
1001.952(hh)(3)(i) that provided specific examples of protected in-kind
items, goods, or services (i.e., health-related technology, patient
health-related monitoring tools and services, supports and services
designed to identify and address social determinants of health). As
finalized by this rule, paragraph 1001.952(hh)(3)(i) specifies that
protection is offered only for in-kind items, goods, or services,
without specifying categories of items, goods, or services. We believe
including nonexhaustive categories in regulatory text was not necessary
or helpful to explain the meaning of an ``in-kind item, good, or
service.'' These changes are intended to ensure the final rule does not
inadvertently preclude types or categories of tools or supports that
could receive protection under the safe harbor. Provided that all safe
harbor requirements are satisfied, the final rule protects a broad
range of tools and supports that may include, among others, health-
related technology, patient health-related monitoring tools and
services, and supports and services designed to identify and address a
patient's social determinants of health. We have modified and
reorganized the regulatory text to better effectuate this policy.
Based on public comments, we confirm that preventive items, goods,
or services can be protected under this safe harbor. However, we are
not finalizing the proposed regulatory text at paragraph
1001.952(hh)(3)(i) regarding preventive care. To make clear that
preventive items, goods, or services can fit in the safe harbor, we
have amended the goal of ``management of a disease or condition'' to
read ``prevention or management of a disease or condition'' at
paragraph 1001.952(hh)(3)(vi)(D).
Comment: A number of commenters supported our overall approach to
identify categories of protected in-kind remuneration instead of
endeavoring to provide a comprehensive list of tools and supports
eligible for safe harbor protection and believed that the categories
proposed are--and should remain--sufficiently flexible to encompass a
range of tools and supports across various care settings. Commenters
stated that VBEs should have flexibility to determine the most
appropriate tools and supports to provide as a part of the arrangements
and recommended against OIG specifying a list of tools and supports
that could, ultimately, stifle innovation, particularly with respect to
tools and supports designed to address social determinants of health.
Alternatively, some commenters encouraged us to provide greater
specificity and more examples of protected patient engagement tools and
supports based on comments received in response to the OIG Proposed
Rule. For example, a commenter urged OIG to provide as many examples as
possible of the tools and supports that would and would not be
protected by this safe harbor in the preamble to the final rule. Others
requested some examples but urged us to clarify that any examples are
illustrative, not exhaustive.
A commenter supported protection for tools and supports that impact
positive behavioral change, such as receiving an annual wellness visit,
participating in a smoking cessation program, or seeking care from a
lower cost provider (e.g., receiving imaging services in a freestanding
setting as opposed to a hospital outpatient department). The commenter
also supported addressing a barrier to adhering to a care plan, such as
providing cooking classes to facilitate the preparation of healthy
meals, providing condition-specific groceries, or providing condition-
specific technology (e.g., electronic scales, internet service to
facilitate data collection, or both). Another commenter listed examples
of additional dialysis-related tools and supports that should be
covered.
Response: Rather than listing specific examples of tools and
supports potentially eligible for protection under this safe harbor,
the final safe harbor contains a list of goals at paragraph
1001.952(hh)(3)(vi), at least one of which a tool or support must
advance in order to qualify for safe harbor protection. We believe this
provides substantial flexibility for VBE participants to offer a wide
range of tools and supports.
As noted above, we have omitted the examples of remuneration listed
in proposed paragraph 1001.952.(hh)(3)(i). With respect to tools and
supports designed to address a patient's social determinants of health,
such remuneration is protected if it meets one of the final safe
harbor's enumerated goals listed at paragraph 1001.952(hh)(3)(vi). This
change is intended to ensure the final rule is agnostic about the
specific types or
[[Page 77789]]
categories of tools and supports protected by this safe harbor. As a
result, health-related technology and patient health-related monitoring
tools and services are eligible for safe harbor protection if they meet
the other conditions of the safe harbor, including at least one of the
goals at paragraph 1001.952(hh)(3)(vi).
We have provided some examples of categories and specific tools and
supports in the discussion below at section III.B.6.f.iv related to
social determinants of health, as well as general descriptions of
certain health technologies potentially protected by this safe harbor.
We also agree with commenters who suggested that any examples provided
in this final rule's preamble should be illustrative rather than
exhaustive, to provide for flexibility and innovation in the provision
of patient engagement tools and supports. We intend for the safe harbor
to protect a range of in-kind remuneration and agree that many of the
tools and supports described by the commenters may satisfy the safe
harbor if all other conditions of the safe harbor are met.
Comment: A commenter stated that the proposed safe harbor is too
narrow to truly drive patient engagement because, although it protects
the provision of tools and supports to patients, it does not protect
efforts to encourage the utilization of those tools or otherwise
protect efforts to incentivize care adherence.
Response: We disagree that the safe harbor lacks sufficient
regulatory flexibility for the provision of tools and supports that
promote patient engagement. In response to the suggestion that the safe
harbor should protect efforts to encourage the utilization of protected
tools and supports, we note that nothing in the safe harbor would limit
the ability of VBE participants to educate patients about available
tools and supports as long as the VBE participant does not use the
patient engagement tools or supports to market other reimbursable items
or services, or for patient recruitment purposes, as prohibited at
paragraph 1001.952(hh)(6).
In response to the suggestion that the safe harbor should protect
efforts to incentivize care adherence, we note that a VBE participant
must ensure that the tool or support advances an enumerated goal at
paragraph 1001.952(hh)(3)(vi), several of which involve patient
adherence. For example, the safe harbor protects tools and supports
that advance goals for adherence to a treatment regimen, adherence to a
drug regimen, and adherence to a followup care plan if all other
conditions are met. In addition, we think that the conditions requiring
a licensed health care professional to recommend the tool or support
and requiring that the tool or support be directly connected to the
coordination and management of care require the offeror to evaluate
whether the tool or support will advance the enumerated goals listed in
the safe harbor.
Comment: A commenter requested OIG clarify its interpretation of
the phrase ``preventive care item or service'' for the purposes of this
safe harbor to ensure that the definition remains flexible enough to
encompass rapidly advancing technology. Another commenter requested
that we add ``primary and secondary prevention'' to the regulatory text
of this safe harbor to clarify that various forms of preventive efforts
are protected by the safe harbor. Another commenter requested that we
add ``tertiary'' prevention. Commenters generally supported OIG's
proposal to defer to VBE participants or physicians in determining: (i)
What constitutes a preventive item or service for the purposes of this
safe harbor; and (ii) the appropriate tools and supports to address
such preventive care, asserting that physicians are in the best
position to assess whether a particular item or service is preventive.
Response: Tools and supports in furtherance of preventive care and
services can be protected under this safe harbor if the other
conditions are satisfied. The final safe harbor regulation does not
identify a specific category of remuneration for preventive care items,
goods, or services. Instead, preventive items, goods, and services
could be protected under the safe harbor's general protection of in-
kind items, goods, or services that satisfy the conditions of the safe
harbor, including advancing one of the safe harbor's enumerated goals.
For example, a preventive item, good, or service could advance the goal
of ``prevention or management of a disease or condition'' at paragraph
1001.952(hh)(3)(vi)(D).
ii. Cash, Cash Equivalents, and Gift Cards
Summary of OIG Proposed Rule: We proposed at proposed paragraph
1001.952(hh)(3)(iii) to exclude protection for remuneration in the form
of cash, cash equivalents, and gift cards, and we sought additional
comments on whether the safe harbor should protect those forms of
remuneration.
Summary of Final Rule: We are finalizing, with modification, the
proposed condition at paragraph 1001.952(hh)(3)(iii). The final
regulatory text does not reference gift cards because some gift cards
would be considered in-kind remuneration eligible for safe harbor
protection. Cash, cash equivalents, and most gift cards are excluded in
the final rule because the safe harbor is limited to in-kind
remuneration.
Comment: Several commenters echoed the concerns we raised in the
OIG Proposed Rule regarding the risks of protecting cash, cash
equivalents, and gift cards under the safe harbor, urging us to limit
safe harbor protection to in-kind remuneration to reduce the risk of
inappropriate patient steering or coercion.
Response: We agree with these comments, and we believe restricting
protection to in-kind remuneration in the final rule reflects OIG's
longstanding concern about the fraud and abuse risks inherent to
providing cash, cash equivalents, or gift cards to beneficiaries.
Comment: A number of commenters urged OIG to protect gift cards
under this safe harbor. In particular, several commenters suggested
that we clarify that a voucher provided through a debit card-like
mechanism that could be used to acquire tools or supports, such as food
or transportation, would be considered ``in-kind'' under the safe
harbor. Another commenter urged OIG to protect the provision of gift
cards but suggested that prepaid debit cards should be excluded from
protection, similar to existing OIG guidance regarding cash and cash
equivalents.
A commenter recommended protecting gift cards that may be redeemed
only at certain stores for certain purposes consistent with OIG's
previous guidance on cash and cash equivalents, as long as they are not
advertised or otherwise included in prospective marketing or
promotional efforts, and earned via active, verifiable participation in
core elements of a beneficiary's treatment plan.
A commenter noted that gift cards provide sufficient flexibility
with less risk than cash, noting that a gift card may be exchanged for
cash, but typically at a reduced value.
Response: As we stated in the preamble to the OIG Proposed Rule, we
would consider a voucher for a particular tool or support (e.g., a meal
voucher or a voucher for a taxi) to satisfy the safe harbor's in-kind
requirement. However, consistent with our treatment of these issues in
prior regulations,\59\ we consider debit cards, rebate checks, and most
gift cards to be cash equivalents and not a protected
[[Page 77790]]
form of in-kind remuneration under this safe harbor.
---------------------------------------------------------------------------
\59\ 81 FR 88393 (Dec. 7, 2016).
---------------------------------------------------------------------------
We are not, however, departing from OIG's existing guidance
regarding limited-use gift cards.\60\ Gift cards that can be redeemed
only for certain categories of items (such as fuel-only gift cards
redeemable at gas stations) could meet the in-kind requirement under
this safe harbor. Gift cards meet the in-kind requirement only if their
potential use is limited to certain categories of items or services
that meet the conditions of the safe harbor. For instance, a gift card
for a service that delivers the ingredients necessary for a healthy
meal would meet the in-kind requirement and could be protected if the
other conditions of the safe harbor are satisfied. Gift cards offered
by large retailers or online vendors that sell a wide variety of items
(e.g., big-box stores) could easily be diverted from their intended
purpose or converted to cash; we would consider such gift cards to be
cash equivalents and therefore not eligible for protection under this
safe harbor.
---------------------------------------------------------------------------
\60\ 81 FR 88393 n. 19 (Dec. 7, 2016).
---------------------------------------------------------------------------
Comment: A commenter posited that when gift cards are furnished to
patients within the VBE context, the financial model of VBEs serves as
an inherent safeguard against unnecessary and excessive utilization.
The commenter asserted that when a VBE is financially at risk for
improving outcomes, the VBE likely would not furnish gift cards to
patients to drive unwarranted utilization and would be financially
incentivized to encourage only beneficial utilization that improves
health and helps manage the total cost of care.
Response: Although we recognize that VBEs assuming downside
financial risk may have incentives to avoid offering tools and supports
to beneficiaries that could drive medically unnecessary utilization, we
are not, as discussed above, requiring VBE participants under this safe
harbor to assume some degree of financial risk. We believe that some of
the risks associated with fee-for-service payment systems--such as
overutilization--may continue to exist in VBEs where VBE participants
continue to be paid on a fee-for-service basis. Therefore, there is a
risk that VBEs would furnish gift cards to patients to drive
inappropriate utilization, but such conduct would not be protected by
this safe harbor and may implicate the Federal anti-kickback statute.
Comment: Several commenters urged OIG to protect cash, cash
equivalents, and gift cards under this safe harbor but to attach
additional safe harbor conditions to such means of remuneration. For
example, a commenter suggested that cash, cash equivalents, and gift
cards should be protected as a reward for taking a particular action,
but that remuneration should be provided only after a patient has taken
the required action. Another commenter suggested that OIG protect cash,
cash equivalents, and gift cards but impose a separate monetary cap
that parallels OIG's nominal value guidance. The commenter also urged
OIG to consider requiring that any patient eligible to receive a cash
or cash-equivalent incentive would need to be an ``established
patient'' as defined in the local transportation safe harbor, paragraph
1001.952(bb).
Other safeguards recommended by commenters specific to cash, cash
equivalents, and gift cards include: Prohibiting the advertising of
rewards; tying incentives to outcomes associated with the prescribed
course of treatment; a requirement that incentives cannot be utilized
to generate business or otherwise promote the utilization of
unnecessary or inappropriate items and services; limiting the use of
such incentives to items that promote health and wellness, such as
nutritious food, exercise equipment, or health monitoring and tracking
devices; and requiring entities to have an evidence-based reason to
believe that cash, cash equivalents, or gift cards can increase patient
adherence to recommended medical guidance. A commenter suggested that
retrospective evaluation and auditing could be used to identify any
potentially fraudulent activity relating to cash, cash equivalents, and
gift cards.
Response: We appreciate the commenters' suggestions for additional
safe harbor conditions specific to the provision of cash, cash
equivalents, and gift cards. Based on longstanding program integrity
concerns, the final safe harbor only protects in-kind remuneration to
include limited types of gift cards as described further above. OIG
historically has had significant concerns about providing protection
for providers' and other health care stakeholders' offers of cash or
cash equivalents to patients, and our oversight experience suggests
that cash and cash-equivalent remuneration raises substantial fraud and
abuse risks, including the potential for inappropriate utilization of
medically unnecessary items and services and improper patient steering.
OIG tailored the final safe harbor's safeguards to in-kind tools and
supports; therefore, it is not necessary to adopt additional conditions
recommended by commenters specific to the provision of cash, cash
equivalents, and gift cards.
Comment: Commenters noted that cash and cash equivalents are a
useful way to address social determinants of health and noted that cash
and cash equivalents could facilitate patient access to transportation,
counseling and coaching, meal preparation, existing and emerging self-
monitoring health technologies, and other supports that promote
independence and positive health outcomes.
Response: We recognize that cash and cash equivalents may be a
useful way to address social determinants of health. We remain
concerned, however, for the reasons explained above, that cash or cash-
equivalent remuneration to Federal health care program beneficiaries
presents an elevated risk of fraud and abuse, and we are finalizing our
proposal to protect only in-kind remuneration. Parties can structure a
wide range of arrangements involving in-kind remuneration to address
social determinants of health under the final safe harbor. For example,
in lieu of cash, protected tools and supports could include vouchers or
limited-use gift cards (e.g., to address transportation access to
medical appointments to advance adherence to a followup care plan, a
ride share voucher or gas card could be protected, provided all other
safe harbor conditions are satisfied). Arrangements involving cash or
cash equivalents used to address social determinants of health are not
necessarily illegal; they would need to be evaluated under the anti-
kickback statute on a case-by-case basis, including the intent of the
parties.
Comment: A commenter asserted that expanding the safe harbor to
protect gift cards, discount cards, and coupons toward future services
would support the viability of smaller independent practices that
operate in consolidated markets and are competing against hospitals and
health systems.
Response: We appreciate the commenter's concern regarding
consolidation and the potential effects of our safe harbors on
competition. This final safe harbor protects certain, limited
categories of gift cards in accordance with OIG's previous guidance on
cash equivalents and limited-use gift cards. We note that discount
cards and coupons may qualify as protected in-kind remuneration as long
as the other conditions of this safe harbor are satisfied. We do not,
however, intend for this safe harbor to protect waivers or reductions
in patient cost-sharing obligations, as discussed below. For example, a
coupon designed
[[Page 77791]]
to cover only a patient's cost-sharing obligation would not be
protected by this safe harbor. We also note that to the extent parties
wish to have safe harbor protection for any discounts offered to
beneficiaries, they would need to comply with the terms of the discount
safe harbor at paragraph 1001.952(h) in order to receive safe harbor
protection. Finally, to the extent the commenter is referencing gift
cards, discount cards, and coupons that would reward patients for
seeking care, such arrangements may not satisfy the prohibition on
marketing and patient recruitment at paragraph 1001.952(hh)(6).
Comment: A number of commenters offered general support for
extending safe harbor protection to cash, cash equivalents, and gift
cards provided to patients as rewards or incentives to promote various
behaviors, including attending necessary appointments, adherence to a
treatment regimen, or participation in a substance abuse treatment or
behavioral modification program. Several commenters cited a body of
research suggesting that cash incentives can be effective at improving
patient engagement and adherence or behavioral modification. For
example, a commenter cited behavioral economics research findings that
even nominal amounts of cash or cash-equivalent remuneration can
produce substantial improvements in overall health outcomes when used
as an incentive to motivate patients to lead healthier lifestyles.
Commenters also noted that gift cards may be employed as rewards
for healthy patient behaviors and activities in a number of other
contexts, including pursuant to certain section 1115 waiver programs,
some Medicaid managed care organizations, and programs or initiatives
related to Medicaid Incentives for the Prevention of Chronic Diseases.
Response: In the OIG Proposed Rule, we solicited comments on
including gift cards when they are provided to patients with certain
conditions, such as substance abuse disorders and behavioral health
conditions, as part of an evidence-based treatment program for the
purpose of effecting behavioral change. We appreciate the responses
from commenters and understand that incentives can effectively drive
patient adherence to treatment programs, lead patients to follow
healthier lifestyles, or effect other behavioral changes.
For example, we recognize that research shows that contingency
management interventions are the most effective currently available
treatment for stimulant use disorders. Substance use disorder treatment
programs utilizing contingency management often involve payments to the
patient in the form of the opportunity to earn vouchers, gift cards, or
even, in some models, salaries in exchange for desired prosocial
behaviors or meeting specified goals. We also understand and
acknowledge that there is a growing problem with stimulant (e.g.,
cocaine and methamphetamine) co-use with opioids. Combatting the opioid
epidemic, including ensuring that patients have access to effective
treatment programs, has been a top priority for the Administration, the
Department, and OIG. In addition, many treatments involving contingency
management interventions have been developed over decades by scientists
supported by the Federal government through the National Institutes of
Health.
After weighing the potential benefits of contingency management and
other programs designed to motivate beneficial behavioral change with
the potential risks to program integrity--and understanding that many
of these programs involve cash and cash-equivalent payments to
patients--we are not expanding the patient engagement and support safe
harbor to include cash and cash-equivalent payments offered as part of
contingency management interventions or other programs to motivate
beneficial behavioral changes. This does not mean that all such cash or
cash-equivalent payments are unlawful, but they would be subject to
case-by-case analysis under the Federal anti-kickback statute and
Beneficiary Inducements CMP. In addition, we emphasize--as further
discussed below--that in-kind remuneration and certain limited-use gift
cards offered as part of contingency management interventions or other
programs to motivate beneficial behavioral changes could receive
protection under the patient engagement and support safe harbor if all
safe harbor conditions are satisfied. Indeed, OIG's final rule offers
many opportunities for those treating patients for substance use
disorders to improve the coordination and management of patient care
through value-based arrangements between providers that band together
to improve care, the provision of in-kind incentives to patients to
motivate them to meet treatment goals, and broader flexibilities for
transportation arrangements under the existing local transportation
safe harbor, which would meet an identified need for patients in rural
areas seeking treatment. While not all such arrangements implicate the
fraud and abuse statutes, arrangements involving community recovery
support systems such as clubhouses and peer-to-peer focused support
services would have broader access to safe harbor protection under the
final rule.
With respect to nominal amounts of cash or cash-equivalent
remuneration mentioned by the commenter, we understand that some
industry stakeholders believe OIG's guidance permits cash and cash-
equivalent incentive payments up to $75. This is a misunderstanding of
OIG's guidance. The Conference Committee report accompanying the
enactment of the Beneficiary Inducements CMP expressed Congress' intent
that inexpensive gifts of nominal value be permitted.\61\ OIG has
interpreted inexpensive gifts of nominal value to mean in-kind items
and services with a retail value of no more than $15 per item or $75 in
the aggregate per beneficiary on an annual basis.\62\ Gifts that
implicate the Beneficiary Inducements CMP that exceed these dollar
limits are not prohibited but are analyzed on a case-by-case basis for
compliance under the statute. We highlight, however, that this nominal
value guidance applies to the value of in-kind items and services, not
to the value of incentive payments in the form of cash or cash
equivalents. In other words, cash and cash-equivalent payments under
$75 would not be covered by this guidance. Moreover, this guidance
applies only with respect to the Beneficiary Inducements CMP and not to
the Federal anti-kickback statute. Furthermore, we are aware that some
industry stakeholders may be under a misimpression that OIG prohibits
contingency management program incentives above $75. There is no OIG-
imposed $75 limitation on contingency management program incentives.
Rather, the Federal anti-kickback statute may constrain the ability of
individuals or entities to offer contingency management program
incentives of any value to Federal health care program beneficiaries,
depending on the facts of the arrangement. Moreover, in-kind incentives
above the $75 annual, aggregate limit, and all cash or cash-equivalent
incentives regardless of the amount, must be analyzed on the basis
[[Page 77792]]
of their specific facts for compliance with the Beneficiary Inducements
CMP.
---------------------------------------------------------------------------
\61\ See Joint Explanatory Statement of the Committee of
Conference, section 231 of HIPAA, Public Law 104-191.
\62\ OIG, Office of Inspector General Policy Statement Regarding
Gifts of Nominal Value To Medicare and Medicaid Beneficiaries (Dec.
7, 2016), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/OIG-Policy-Statement-Gifts-of-Nominal-Value.pdf.
---------------------------------------------------------------------------
With respect to contingency management program incentives and other
programs that offer incentives to motivate healthy behaviors--whether
above or below $75 in value--we offer the following observations. In-
kind remuneration in connection with such programs can fit in the
patient engagement and support safe harbor if all safe harbor
conditions are met (including the $500 annual cap). As further
explained in this section, the final safe harbor protects certain
limited-use gift cards that advance one or more of the enumerated goals
at paragraph 1001.952(hh)(3)(vi) and meet other safe harbor conditions,
including that the remuneration must have a direct connection to the
coordination and management of care of the target patient population.
To the extent that a program involves salary payments to a bona fide
employee for services furnished by the employee, the payments might
qualify under the existing safe harbor for employees at paragraph
1001.952(i).
If a contingency management incentive that implicates the Federal
anti-kickback statute, Beneficiary Inducements CMP, or both does not
satisfy an existing safe harbor or exception (as applicable), that does
not mean that such incentive automatically violates the statutes and is
illegal. Contingency management incentive arrangements that do not
comply with a safe harbor must be analyzed on a case-by-case basis for
compliance with the Federal anti-kickback statute and Beneficiary
Inducements CMP. In addition, incentives that are included in a service
covered by a Federal health care program (i.e., the coverage includes
the incentive itself) would not implicate the Federal anti-kickback
statute or the Beneficiary Inducements CMP, provided that the
applicable billing and coverage rules are followed including collection
of any applicable patient cost-sharing obligations. In addition,
incentives offered as part of a CMS-sponsored model may qualify for
protection under the new safe harbor at paragraph 1001.952(ii).
Further, we are aware that some incentives may be provided pursuant to
or in connection with other government-sponsored demonstrations or
other government-sponsored programs (including studies initiated,
organized, funded, and managed by the National Institutes of Health).
Participation in and adherence to the requirements of such
demonstrations or programs would be a relevant factor in assessing the
intent of the parties and the risk posed by the arrangement.\63\
Incentives offered to commercially insured patients or uninsured
patients would not implicate the statutes. Application of the statutes
is discussed in further detail in sections II.B and II.C of this
preamble.
---------------------------------------------------------------------------
\63\ See, e.g., OIG, OIG Adv. Op. No. 08-14 (Oct. 2, 2008),
available at https://oig.hhs.gov/fraud/docs/advisoryopinions/2008/AdvOpn08-14.pdf (regarding a substance abuse treatment center's use
of motivational incentives to reward a patient's achievement of
certain treatment-related goals; in this advisory opinion,
Requestor's program was developed and refined in connection with
National Institute on Drug Abuse's government-sponsored research
into implementation of motivational incentives as a treatment
option, a fact that OIG viewed favorably).
---------------------------------------------------------------------------
With respect to incentives in the form of cash or cash equivalents,
we are concerned about heightened fraud and abuse risk. As noted in the
OIG Proposed Rule, OIG historically has had significant concerns with
allowing providers and others to offer cash or cash equivalents to
patients, and our oversight and enforcement experience suggests that
cash incentives can result in medical identity theft and misuse of
patients' Medicare numbers, lead to inappropriate utilization (in the
form of medically unnecessary items and services), and cause improper
patient steering (including patients selecting a provider because the
provider offers the most valuable incentives and not because of the
quality of care the provider furnishes).\64\
---------------------------------------------------------------------------
\64\ 84 FR 55275 (Oct. 17, 2019).
---------------------------------------------------------------------------
Moreover, in the area of substance use disorder treatment, OIG and
its law enforcement partners have substantial enforcement experience
that demonstrates the pervasiveness of fraud in treatment programs that
serve neither the best interests of patients nor taxpayers. For
example, OIG has participated in enforcement actions resulting from
allegations of significant fraud by substance use disorder treatment
facilities, or ``sober homes,'' that take advantage of individuals with
substance abuse disorders.\65\
---------------------------------------------------------------------------
\65\ See, e.g., Press Release, U.S. Department of Justice,
National Health Care Fraud and Opioid Takedown Results in Charges
Against 345 Defendants Responsible for More than $6 Billion in
Alleged Fraud Losses (Sept. 30, 2020), https://www.justice.gov/criminal-fraud/hcf-2020-takedown/press-release.
---------------------------------------------------------------------------
We preclude cash or cash equivalents from protection under this
safe harbor in recognition of the critical need to protect vulnerable
patients from fraud. That said, as stated above, arrangements involving
cash or cash equivalents used to promote adherence or healthy behavior
modification do not necessarily violate the Federal anti-kickback
statute; they would need to be evaluated under the anti-kickback
statute on a case-by-case basis, including the intent of the parties.
Parties may seek an OIG advisory opinion if they want assurance that
their arrangement(s) comply with the statutes or would not be subject
to OIG administrative enforcement sanctions, but having an advisory
opinion is not mandatory. Declining to seek an OIG advisory opinion is
not evidence that parties have improper intent under the Federal anti-
kickback statute.
As stated above, in-kind incentives in connection with contingency
management or other motivational programs can fit in the final safe
harbor if all conditions are met. We note that offering incentives to
patients as a reward for accessing care may not satisfy the prohibition
on marketing and patient recruitment at paragraph 1001.952(hh)(6),
depending on the facts and circumstances. We also emphasize that
remuneration offered as a reward or incentive is not protected if it
results in a beneficiary being furnished medically unnecessary care or
inappropriate items or services reimbursed by a Federal health program,
pursuant to the condition at paragraph 1001.952(hh)(3)(iv).
Finally, to the extent that existing safe harbors might not address
all facets of contingency management incentive programs, we are
considering addressing them in future rulemaking.
Comment: A commenter urged OIG to consider extending safe harbor
protection to benefits such as direct payments from a provider to
utility companies and the direct provision of technology (e.g.,
electronic scales and tablets to provide continuing condition-specific
education).
Response: Because the beneficiary does not directly receive cash or
cash-equivalent remuneration, we consider the specific examples
provided by the commenter to be in-kind remuneration, which may be
protected by this safe harbor if the other conditions of the safe
harbor are satisfied.
Comment: A commenter observed that Congress has recognized the
value of providing incentive payments to patients in allowing
Accountable Care Organizations (ACOs) participating in the Medicare
Shared Savings Program to make payments to patients who receive
qualifying primary care services from providers participating in those
ACOs.
Response: We recognize that the ACO Beneficiary Incentive Program,
which is administered by CMS as part of the Medicare Shared Savings
Program, allows an ACO to make incentive payments to beneficiaries of
up to $20 per qualifying service as an incentive to
[[Page 77793]]
encourage utilization of medically necessary primary care services if
certain eligibility, recordkeeping, and notification requirements are
met. Nothing in the new patient engagement and support safe harbor
would prevent ACOs from continuing to participate in that program or
from structuring ACO Beneficiary Incentive Payment programs to satisfy
the requirements of the new safe harbor set forth at paragraph
1001.952(kk), which protects payments under the ACO Beneficiary
Incentive Program. Although we are not protecting similar incentives in
this safe harbor, this decision does not reflect the programmatic value
of the ACO Beneficiary Incentives.
The patient engagement and support safe harbor will protect tools
and supports furnished outside of the context of a program administered
and monitored by CMS. Without that programmatic oversight, we believe
the safeguards in this final rule, including limiting safe harbor
protection to in-kind remuneration, are appropriate and necessary to
protect Federal health care programs and beneficiaries from harms
associated with fraud and abuse.
Comment: A commenter urged OIG to update its 2016 Policy Statement
Regarding Gifts of Nominal Value to Medicare and Medicaid Beneficiaries
to revise its interpretation of ``nominal value'' from $15 per instance
to $20 per instance, and from $75 in the aggregate per year to $100 in
the aggregate per year.
Response: We decline commenter's request to update our guidance on
``nominal value'' \66\ in this rulemaking. We note that our nominal
value guidance focuses only on OIG's Beneficiary Inducements CMP
authorities, and not the anti-kickback statute.
---------------------------------------------------------------------------
\66\ See OIG, Office of Inspector General Policy Statement
Regarding Gifts of Nominal Value to Medicare and Medicaid
Beneficiaries (Dec. 7, 2016), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/OIG-Policy-Statement-Gifts-of-Nominal-Value.pdf.
---------------------------------------------------------------------------
iii. Waiver or Reduction of Cost-Sharing Obligations
Summary of OIG Proposed Rule: In the OIG Proposed Rule, we sought
comments on a variety of issues relating to potential safe harbor
protection for waivers or reductions of patient cost-sharing
obligations in different circumstances, including waivers or reductions
of patient cost-sharing in the context of the proposed value-based
framework. We also noted that the requirements related to cost-sharing
in the Medicare and Medicaid programs are a programmatic matter; cost-
sharing is required pursuant to statute, regulations, and other rules
set forth by CMS and state Medicaid programs.
Summary of Final Rule: We are not finalizing a condition to protect
cost-sharing waivers or reductions under this safe harbor.
Comment: Many commenters expressed support for protecting waivers
of beneficiary cost-sharing obligations for remote patient monitoring,
chronic care management, digital technologies that include care
coordination functionality, and other care coordination services. A
commenter argued that both patients and Federal health care programs
benefit from waiving cost-sharing requirements for these items and
services because reducing barriers to accessing preventive care can
improve health outcomes for patients while also ensuring efficient use
of taxpayer resources. Commenters also asserted that cost-sharing
obligations can serve as a significant barrier to patient access for
these and other care coordination items and services, and that
providers' concerns regarding patients' fulfilling cost-sharing
obligations could discourage providers from even offering these
services. A commenter pointed out that protecting cost-sharing waivers
could give flexibility to certain manufacturers to structure rewards
programs that could incentivize patient behavior that may improve
health outcomes, such as treatment adherence. One commenter noted that
waivers of cost-sharing obligations are less prone to abuse than
providing cash to patients but posited that waivers can still lead to
undesirable effects such as cherry-picking and patient steering.
Commenters also noted that collecting cost-sharing amounts may be
administratively burdensome for providers, and for certain items and
services the cost of collection often exceeds the cost-sharing amount
to be collected. In order to address this issue, a commenter
recommended that OIG protect waivers of cost-sharing amounts when the
amount owed by the beneficiary is nominal, similar to OIG's Policy
Statement Regarding Gifts of Nominal Value to Medicare and Medicaid
Beneficiaries, or that OIG amend its interpretation of ``reasonable
collection efforts'' under section 1128A(i)(6)(A)(iii)(II) of the Act
so that these collection efforts do not include situations where the
cost of collection by the provider exceeds the cost-sharing amount that
the provider would potentially collect.
Commenters also urged OIG to implement safe harbor protection for
waivers or reductions of other types of cost-sharing obligations,
including cost-sharing for services furnished through patient-centered
medical homes and patient-centered specialty practices, such as visits
that promote medication adherence, preventive care, and kidney disease
education. A commenter suggested that OIG should protect full or
partial cost-sharing waivers where care coordination arrangements
result in cost savings to the health care system, which would allow
patients to share in savings resulting from compliance with disease
management or treatment programs.
A number of commenters urged OIG to protect waivers of IHS
beneficiaries' cost-sharing obligations for items and services
furnished by Indian health programs, noting that the imposition of
cost-sharing obligations can be a barrier to care coordination for
those patients.
Response: Cost-sharing waivers, or other tools and supports
designed to effectuate a waiver of beneficiary cost-sharing, are not
protected under the final patient engagement and support safe harbor.
We appreciate commenters' suggestions regarding potential safe harbor
protection for waivers or reductions of certain cost-sharing
obligations, particularly in the context of value-based care and
coordination of care. However, for a number of reasons we are not
convinced that a safe harbor promulgated by OIG through regulation
would be the appropriate mechanism to protect the waiver or reduction
of a programmatic requirement. As we stated in the OIG Proposed Rule,
beneficiary cost-sharing obligations are a programmatic requirement,
and we do not believe it would be appropriate to broadly protect cost-
sharing waivers that could obviate a programmatic requirement created
by statute to the extent requested by commenters. On several occasions,
Congress has enacted limited and individualized statutory protection
for cost-sharing waivers. For example, Congress enacted an exception to
the anti-kickback statute that allows pharmacies to waive Medicare Part
D cost-sharing under certain conditions, and we have promulgated
corresponding, implementing regulations.\67\
---------------------------------------------------------------------------
\67\ Section 1128B(b)(3)(G) of the Act; 42 CFR 1001.952(k)(3).
---------------------------------------------------------------------------
In addition, commenters requested OIG provide safe harbor
protection for the waiver of beneficiary cost-sharing for certain items
and services (e.g., remote patient monitoring, chronic care management,
digital technologies that include care coordination functionality, and
other care coordination services). We do not think it would be
appropriate or feasible for this rule to make
[[Page 77794]]
distinctions regarding cost-sharing waivers based on particular
categories of services. We do not discern a reasonable basis for making
such distinctions. We note that longstanding OIG guidance allows for
waivers of cost-sharing amounts based on individualized, good faith
determinations of financial need.
In the OIG Proposed Rule, we stated that we were considering
protecting cost-sharing waivers for certain specified services (e.g.,
care management services). We are not adopting the commenter's
recommendation to waive nominal cost sharing amounts. As discussed
above, we do not view a safe harbor to the Federal anti-kickback
statute as an appropriate vehicle to address programmatic rules related
to beneficiary cost sharing.
In addition, we did not propose to amend our interpretation of
``reasonable collection efforts'' under section 1128A(i)(6)(A)(iii)(II)
of the Act and decline to do so in this final rule.
iv. Social Determinants of Health
Summary of OIG Proposed Rule: For reasons described in the OIG
Proposed Rule, including the connection of social determinants to
health outcomes and costs,\68\ we proposed to protect at paragraph
1001.952(hh)(3)(i) an in-kind item, good, or service such as, among
others, supports or services designed to identify and address a
patient's social determinants of health. In the OIG Proposed Rule, we
cited the existence of substantial evidence that ``unmet social needs''
related to social determinants of health such as transportation,
nutrition, and safe housing play a critical role in health outcomes and
expenditures,\69\ two key policy goals of this rulemaking. We sought
comment on which social determinants are most crucial to improving care
coordination and transitioning to value-based care and payment.\70\ We
also sought comments on how or whether to protect tools and supports
designed to address social determinants of health, including whether to
make distinctions among various categories of social determinants or to
list specific permissible tools and supports.
---------------------------------------------------------------------------
\68\ 84 FR 55723 (Oct. 17, 2019).
\69\ 84 FR 55723 (Oct. 17, 2019).
\70\ 84 FR 55724 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We are finalizing, with modifications,
paragraph 1001.952(hh)(3)(i). The modifications remove the illustrative
example related to social determinants of health from paragraph
1001.952(hh)(3)(i). Notwithstanding, the final rule at paragraph
1001.952(hh) protects in-kind tools and supports that identify and
address a patient's social determinants of health, provided that the
tools and supports otherwise meet all applicable safe harbor
conditions, including, among others, the $500 annual cap, the
requirement for a direct connection to the coordination and management
of the care of the target patient population, the requirement that the
tool or support is recommended by the patient's licensed health care
professional, and the requirement that the tool or support advances at
least one of the enumerated goals set forth at paragraph (hh)(3)(vi) of
the final rule. The five enumerated goals ensure that protected tools
and supports have a close nexus to care coordination, quality of care,
and health outcomes for patients.
As with health-related technology and patient health-related
monitoring tools and services, we are no longer including the specific
example of tools and supports that identify and address social
determinants of health in the final paragraph 1001.952(hh)(3)(i).
Explicitly listing illustrative categories of protected remuneration is
not necessary to effectuate the policy set out in the proposed rule
that these categories and other types of tools and supports can be
protected if all safe harbor conditions are met. This change ensures
the final rule does not inappropriately limit the type or range of in-
kind tools and supports that could be protected by this safe harbor.
This will allow the licensed health care professional to determine the
specific type of tool or support that works best for the patient, as
long as all conditions of the safe harbor are met.
Comment: Numerous commenters urged us to extend explicit safe
harbor protection to address various social determinants of health,
focusing primarily on tools and supports to address food insecurity,
housing instability, and transportation needs. Commenters also noted
that identifying and addressing patients' social determinants of health
through patient engagement tools and preventive care items will allow
entities to improve patient outcomes while also reducing health care
costs.
Response: We agree that these types of tools and supports have the
potential to improve patient outcomes while producing savings to
Federal health care programs and patients. Tools and supports to
address the categories of social determinants cited by the commenters
may be eligible for safe harbor protection if they meet all safe harbor
conditions including, among others, one of the safe harbor's enumerated
goals at paragraph 1001.952(hh)(3)(vi). For examples of how the safe
harbor could protect tools and supports that identify and address
social determinants of health, we refer readers to the response
directly below. We are finalizing this safe harbor without including
tools and supports designed to identify and address social determinants
of health as an example of protected remuneration in the regulatory
text. This change will ensure the final rule avoids inadvertently
constraining the types or categories of in-kind tools and supports
protected by this safe harbor in order to foster beneficial innovation.
Comment: We received a number of comments addressing the question
of how to define social determinants of health and related tools and
supports for the purpose of this new safe harbor. Many commenters urged
us not to specify permissible tools and supports, but instead to adopt
a flexible approach. Other commenters requested OIG provide a
nonexclusive and nonexhaustive list illustrative of the types of
permissible tools and supports that could receive protection under the
safe harbor, indicating that such a list would provide clarity to the
industry regarding the scope of tools and supports this safe harbor
would protect without limiting flexibility and innovation. Another
commenter sought clarification regarding how to interpret our proposed
protection for tools and supports that address social determinants of
health and other items and services such as preventive care items and
services and health-related technology, including how to interpret the
list of illustrative examples we provided in the preamble.
Commenters provided examples of a wide range of categories of
social determinants of health and the tools and supports that
commenters argued should be protected under this safe harbor, which
they consider most crucial to improving coordination and management of
care and transitioning to value-based care and payment. The social
determinants of health--and tools and supports to address such social
determinants of health--cited by commenters include food insecurity,
housing instability, transportation, nutrition education, supervised
exercise, fitness training programs, household or vehicle modifications
to promote mobility and independence, addiction recovery programs,
mental health programs, payment of utility bills, and supports related
to interpersonal violence.
Some commenters offered extensive lists of social determinants of
health relevant to specific health issues, such
[[Page 77795]]
as determinants that impact musculoskeletal care or chronic diseases.
Another commenter urged OIG to use the framework developed by the
Kaiser Family Foundation to make distinctions among categories of
social determinants using the following categories: (i) Economic
stability; (ii) neighborhood and physical environment; (iii) food; (iv)
community and social context; and (v) health care system. Another
commenter suggested OIG reference services offered as supplemental
benefits within Medicare Advantage as well as the special supplemental
benefits for the chronically ill included in the Creating High-Quality
Results and Outcomes Necessary to Improve Chronic (CHRONIC) Care Act.
Response: We appreciate commenters' suggestions regarding how best
to identify and protect categories of social determinants of health and
related tools and supports that should be protected under this safe
harbor. We agree with the concern that an exclusive list of protected
tools or supports in regulatory text could inappropriately constrain
entities from offering the most useful types of tools and supports, and
a rigid definition of social determinants of health could limit
innovation related to tools and supports that may be protected by this
final rule, if all conditions of the safe harbor are met. We are not
providing a specific definition of ``social determinants of health''
for the purpose of this final rule, as one is not needed, nor are we
providing an exclusive list of the types of tools and support that will
receive safe harbor protection. We agree with the commenters that
recommended flexibility.
We offer below illustrative, but not exhaustive, examples of tools
and supports related to identifying and addressing patients' needs
related to social determinants of health that may qualify under the
safe harbor if all safe harbor conditions are met. We provide this list
of representative tools and supports to readers to explain our
interpretation of the safe harbor; we emphasize that this list is
neither exhaustive nor does it point to the Government's view of the
effectiveness of the listed examples. Furthermore, we remind readers
that the safe harbor is specifically focused on the coordination and
management of patient care. There are other important aspects of
addressing social determinants of health that are not covered by this
rulemaking because they do not relate to the coordination and
management of patient care. In some cases, other safe harbors such as
the local transportation safe harbor, or other exceptions to the
Beneficiary Inducements CMP, such as the financial-need-based exception
and the promote access to care exception (both found at paragraph
1003.110), may be available for incentives that address patients' needs
related to social determinants of health.\71\ OIG's advisory opinion
process is also available, and OIG has issued several advisory opinions
addressing areas such as nutrition, lodging, and transportation.
---------------------------------------------------------------------------
\71\ We remind readers that exceptions to the definition of
``remuneration'' under the Beneficiary Inducements CMP apply only
for the purposes of the definition of ``remuneration'' applicable to
section 1128A of the Act (the Beneficiary Inducements CMP); they do
not apply for purposes of section 1128B(b) of the Act (the Federal
anti-kickback statute).
---------------------------------------------------------------------------
Illustrative examples of tools and supports related to social
determinants of care that could be structured to fit in the safe
harbor, depending on the facts and circumstances, include the
following: Provision of in-kind transportation, such as transit
vouchers or rideshares organized by the VBE participant; home
modifications such as grab bars, air filters or purifiers, and other
physical or structural modifications that allow patients to live safely
at home; temporary housing for an individual experiencing homelessness
or living far from a hospital following a surgical discharge; providing
broadband access to a patient to enable remote patient monitoring or
virtual care; grocery or meal delivery services, nutrition supplements,
and nutrition education; exercise or fitness programs or equipment;
vehicle modifications; incentives as part of addiction recovery
programs, including peer-to-peer programs and contingency management
programs; incentives as part of mental health programs; and supports
related to interpersonal violence. For each of the preceding examples,
all safe harbor conditions would need to be met, including that the
tool or support advances one of the goals enumerated in paragraph
1001.952(hh)(3)(vi).
In contrast, some tools and supports that could help address needs
related to social determinants of health would be very unlikely to fit
in the safe harbor. For example, tools and supports related to finding
employment or housing-related tools and supports of a routine nature,
such as routine or ongoing rent or utility payments, are unlikely to
meet the requirements that they be directly related to coordination and
management of patient care, be recommended by the patient's licensed
health care professional, and advance an enumerated goal at paragraph
1001.952(hh)(3)(vi).
We emphasize that the changes to the regulatory text ensure this
final rule is agnostic about the specific types of in-kind tools or
supports protected by this safe harbor. This will give licensed health
care professionals flexibility to determine and recommend the tool or
support that would best address a patient's social determinants of
health to foster coordination and management of patient care.
Comment: A commenter urged OIG to identify an additional goal under
paragraph 1001.952(hh)(3)(vi) for ``management of activities of daily
living,'' to clarify that tools and supports may be protected if used
to address social determinants of health.
Response: We are not adopting this suggestion. As explained above,
in-kind tools and supports used to address social determinants of
health may be protected by the safe harbor if they meet all safe harbor
conditions. Depending on the specific facts and circumstances, in-kind
tools and supports for the management of activities of daily living
could meet several of the enumerated goals in paragraph (hh)(3)(vi)
including, for example, goals related to adherence to a followup
treatment plan, prevention or management of a disease or condition, and
ensuring patient safety. Such tools and supports would need to meet all
other safe harbor conditions as well. The goals proposed in the OIG
Proposed Rule and finalized in paragraph 1001.952(hh)(3)(vi) are
intended to have a close nexus to the coordination and management of
patient care. Ensuring that beneficiaries have the support they need to
manage activities of daily living is critically important. However, for
purposes of this safe harbor, a separate goal related to ``management
of activities of daily living'' would not have the same close nexus.
We note that nothing in this rule alters any existing program rules
or benefits available to support activities of daily living.
In particular, some health care benefits, such as long-term care
services covered by Medicaid, utilize assessments of activities of
daily living to determine the appropriate level of care for a patient.
This safe harbor does not affect those rules. Additionally, some long-
term care benefits may also provide coverage for items or services to
help manage a patient's activities of daily living that are similar or
the same as the tools and supports protected by this safe harbor.
Consistent with the discussion in section III.B.6.l on cost-shifting,
if a provider furnishes covered
[[Page 77796]]
items or services that are covered by a Federal health care program and
billed following normal rules, the provision of those items or services
alone would not implicate the Federal anti-kickback statute.
v. Health-Related Technology and Patient Monitoring
Summary of OIG Proposed Rule: Proposed paragraph 1001.952(hh)(3)(i)
included health-related technology and patient health-related
monitoring tools and services as examples of permissible tools and
supports.
Summary of Final Rule: We are not finalizing our proposal to
include these examples in regulatory text. Paragraph 1001.952(hh)(3)(i)
simply requires an in-kind item, good, or service, without qualifiers
or examples. We confirm that health-related technology and patient
health-related monitoring tools and supports can be protected
remuneration if all safe harbor conditions are met.
Comment: Commenters were encouraged that the OIG Proposed Rule
recognized wearable monitoring devices as ``health-related technology
and patient health-related monitoring tools and services'' that were
potentially protected tools and supports, noting the power of such
technologies in managing chronic illness and promoting patient
adherence. A commenter asked OIG to consider how to ensure that the
safe harbor does not stifle innovative health care provider
arrangements for care coordination implemented via remote patient
monitoring. The same commenter urged OIG to reexamine what constitutes
an inducement and help health care stakeholders better understand these
regulations by offering FAQs, guidance, or web-based access to
additional information.
Response: As noted above in the discussion relating to preventive
care, we have simplified the safe harbor language to reflect the
breadth of protected categories of remuneration. Accordingly, the safe
harbor no longer specifically references health-related monitoring
tools and services but instead requires that tools or supports are in
the form of an in-kind item, good, or service that meets the other
requirements of the safe harbor. This revision is in no way intended to
limit the scope of remuneration protected by the safe harbor to exclude
or otherwise limit health-related technology; rather, we intend the new
text at paragraph 1001.952(hh)(3)(i) to reflect the breadth of tools
and supports eligible for protection under the safe harbor.
We believe the safe harbor, including this broadened language, will
expand opportunities for innovation in how industry stakeholders engage
and support patients, including arrangements involving remote patient
monitoring. For instance, tools such as connected scales or blood
pressure monitors that track and transmit data to a patient's licensed
health care professional, or applications that allow a patient's mobile
devices to monitor activity or other health data, could be protected,
if all other conditions of the safe harbor are satisfied.
Comment: Commenters sought clarification as to how telehealth tools
and supports fit within the category of health-related technology. In
particular, a commenter asked whether the new patient engagement and
support safe harbor may be used to protect the provision of non-device-
based telehealth platforms and aggregators. Another commenter urged OIG
to clarify that, as a general matter, multifunction equipment could
comply with the Federal anti-kickback statute through a safe harbor and
exception to the Beneficiary Inducements CMP.
Response: In-kind telehealth supports can be protected under this
safe harbor if the provision of such supports satisfies all of the safe
harbor's conditions.\72\ For instance, a smartphone that facilitates
telehealth services with a patient's licensed health care professional,
or a platform or software that facilitates telehealth services, may be
a protected form of remuneration under this safe harbor if all safe
harbor conditions are satisfied. The commenter's request for additional
OIG guidance on whether the provision of multifunctional equipment
would implicate the Federal anti-kickback statute and Beneficiary
Inducements CMP is a fact-specific inquiry. Tools and supports that may
be protected by this safe harbor could include multifunctional
equipment, as long as the tool or support advances one of the
enumerated goals at paragraph 1001.952(hh)(3)(vi).
---------------------------------------------------------------------------
\72\ We acknowledge that Federal health care program coverage of
telehealth services and other care provided remotely has expanded
and the regulatory framework applicable to telehealth services and
other virtual care has shifted, at least temporarily, since the
publication of the OIG Proposed Rule. In particular, in response to
the unique circumstances resulting from the outbreak of COVID-19,
the Secretary determined, pursuant to section 319 of the Public
Health Service Act, that a public health emergency (PHE) exists and
has existed since January 27, 2020 (COVID-19 Declaration). See
Department of Health and Human Services, Determination that a Public
Health Emergency Exists (Jan. 31, 2020), available at https://www.phe.gov/emergency/news/healthactions/phe/Pages/2019-nCoV.aspx.
As a result of the PHE, various agencies have adopted temporary
rules and guidance designed to ease access to telehealth services
and other virtual care during the PHE. See for example CMS, Interim
Final Rule with Comment Period, Medicare and Medicaid Programs;
Policy and Regulatory Revisions in Response to the COVID-19 Public
Health Emergency, 85 FR 19230 (Apr. 6, 2020).
---------------------------------------------------------------------------
Comment: A commenter urged that patient communication and
counseling services are aligned with the spirit of the proposed safe
harbor and requested confirmation that these services constitute
patient health-related monitoring tools and services.
Response: We agree that patient communication and counseling
services may qualify as protected in-kind remuneration if the
conditions of the safe harbor are satisfied.
vi. Not Duplicative
Summary of OIG Proposed Rule: We solicited comments on whether to
require the VBE participant to confirm that the tool or support is not
duplicative of, or substantially the same as, tools and services the
patient already has.
Summary of Final Rule: We are not finalizing this condition.
Comment: A commenter supported requiring the patient to confirm
that the tool or support is not duplicative of something already owned
by the patient. A commenter stated that restrictions related to
providing duplicative tools or services that the patient already has
are unnecessary in light of the proposed safe harbor requirement
prohibiting the sale or diversion of the item or service. Moreover,
some commenters stated that this type of requirement would prove
difficult to implement because even if a patient has a similar device
or service, it does not mean that it has enough or the correct
technology to accomplish the VBE's or VBE participant's care objectives
and goals. Some commenters stated that this condition would be
difficult to interpret and enforce, and some commenters asserted that
the provision of duplicative tools and supports would be unlikely to
result in patient inducement. Another commenter highlighted concern
related to any such condition's intersection with providing updated or
upgraded tools and supports that might technically duplicate tools and
supports to which a patient already has access. A commenter asked what
would be considered duplicative or substantially the same, asking
specifically whether an updated smartphone to support the use of a
monitoring application would be duplicative if a patient already owns a
cell phone. The same commenter also inquired whether providing other
updated technology--such as a newer version of a patient's glucose
monitor--would be considered duplicative.
[[Page 77797]]
A commenter stated that OIG should not require confirmation that
the tools and supports provided to a patient are not duplicative of, or
substantially the same as, tools and supports the patient already has,
which the commenter believed fails to recognize that VBE participants
may want to rely on the safe harbor to test the effectiveness of a
particular tool or support.
Response: In this final rule, we are not adopting a requirement
that a VBE participant confirm that a tool or support is not
duplicative of, or substantially the same as, tools or supports the
patient already has. We appreciate the concerns raised by commenters
regarding the practical challenges in implementing this requirement,
including that it is difficult to determine which tools or supports
would be considered duplicative.
However, tools or supports that are duplicative of items or
services that a patient already owns or has access to may not advance
one of the goals listed at paragraph 1001.952(hh)(3)(vi) and therefore
may not be eligible for safe harbor protection. For example, providing
a patient with a new smartphone would not necessarily advance any of
the enumerated goals if the patient already has a cell phone with
sufficient functionality. For instance, the licensed health care
professional's recommendation of a smartphone to transmit medication
adherence reminders may not advance the patient's adherence to a drug
regimen if the identified need for the smartphone--to transmit
medication adherence reminders--is already achievable with the
patient's existing cell phone. On the other hand, provision of a
smartphone could promote adherence to a treatment regimen determined by
the patient's licensed health care professional (pursuant to the goal
listed at paragraph 1001.952(hh)(3)(vi)(A)) if, for example, the new
smartphone adds functionality needed for remote monitoring that is not
available on the patient's existing cell phone.
In response to the comment regarding using the patient engagement
and support safe harbor to test the effectiveness of tools or supports,
the safe harbor protects remuneration that advances one or more of the
enumerated goals under paragraph 1001.952(hh)(3)(vi). While protection
under this safe harbor is not conditional on achieving one or more of
these enumerated goals, a tool or support would not be eligible for
safe harbor protection without a reasonable basis that it would advance
at least one of the enumerated goals. The requirement to advance one or
more of the listed goals means, at a minimum, that the VBE participant
reasonably expects the tool or support to be effective in advancing a
goal.
g. Marketing and Patient Recruitment
Summary of OIG Proposed Rule: We proposed a condition at proposed
paragraph 1001.952(hh)(3)(iv) that would exclude from safe harbor
protection tools or supports used for patient recruitment or marketing
of items or services to patients. Separately, we sought comment on
whether to include a condition that would prohibit advertising of the
patient engagement tools or supports offered by a VBE participant. We
solicited comments on how best to preclude using tools and supports as
a marketing or advertising strategy to recruit patients or otherwise
influence referral sources, patients or otherwise, while still
permitting beneficial educational efforts and activities that promote
patient awareness of care coordination activities and available tools
and supports.
Summary of Final Rule: We are finalizing, with modifications, the
proposed condition at paragraph 1001.952(hh)(6). Under the final rule,
neither the VBE participant, nor an eligible agent of the VBE
participant, may use the patient engagement tools or supports to market
other reimbursable items or services or for patient recruitment
purposes. The final safe harbor condition clarifies the limitation on
marketing and patient recruitment consistent with our intent in the OIG
Proposed Rule to preclude protection of tools and supports used solely
for patient recruitment purposes or used to market other reimbursable
items and services to patients. The final condition clarifies that the
marketing prohibition only applies with respect to the marketing of
items and services reimbursable by Federal health care programs.
Providing remuneration to patients in order to market items or services
not reimbursable by Federal health care programs is unlikely to
implicate the anti-kickback statute and therefore would not need safe
harbor protection. As discussed further below, this condition does not
preclude a VBE participant from educating patients, such as providing
objective patient educational materials to a patient or engaging in
objective patient informational activities with respect to patients in
the target population.
Comment: Commenters generally supported our proposed prohibitions
on marketing and patient recruitment but urged OIG to clarify that
certain activities would not be prohibited, such as providing education
and information to established patients or members of the target
patient population about available resources, tools, and supports. For
example, a commenter suggested that a health care facility operating an
onsite food pantry should be able to post basic information, such as
the food pantry's hours of operation, to ensure patient access. Another
indicated that providers should be able to educate beneficiaries about
how to access care and to increase awareness and utilization of
services by describing available tools and supports on a provider's
website or by offering free marketing items such as refrigerator
magnets, stickers, and notepads.
Other commenters opposed these conditions altogether or requested
that we clarify the delineations between prohibited marketing,
advertising, and patient recruitment as opposed to permissible patient
education and awareness activities. Commenters warned that
dissemination of information to patients and their providers is
necessary for patients to achieve the health benefits intended by a
particular patient engagement program. A commenter added that
restricting advertising requires providers to determine which patients
may benefit from available resources, rather than empowering patients
to self-identify whether they may benefit from a given tool or support.
Response: We agree with the commenters who supported conditions
relating to marketing and patient recruitment, and we are finalizing
these concepts in a revised safe harbor condition at paragraph
1001.952(hh)(6). The patient engagement and support safe harbor does
not protect the provision of tools or supports if the VBE participant
uses the tools or supports to market other reimbursable items or
services or for patient recruitment purposes. As noted in the proposed
rule, the proposed condition was designed to preclude a VBE using a
tool or support to market other reimbursable items and services, or
using a tool for patient recruitment while permitting beneficial
educational efforts and activities that promote patient awareness of
care coordination activities and available tools and supports. We do
not intend to protect tools or supports that serve solely as patient
recruitment incentives.\73\
---------------------------------------------------------------------------
\73\ 84 FR 55727 (Oct. 17, 2019).
---------------------------------------------------------------------------
This condition does not preclude providers from educating their
patients or otherwise providing information about available tools and
supports to established patients. In other words, this
[[Page 77798]]
condition does not limit providers from offering objective information,
education, and reminders to their patients, nor does it limit providers
from offering tools and supports designed to educate patients and
increase awareness and utilization of appropriate services.
As an example, the following activity would not violate this
condition: A physician VBE participant informs a patient with asthma
that clean air in the home is important for keeping asthma symptoms
under control. The physician explains that clean air conditioning
filters and other air purifying machines are important for keeping the
air in a home clean and healthy. The physician informs the patient that
the VBE has a program to provide air filters, and the patient may be
eligible to receive free air filters provided by the physician.
However, the safe harbor does not protect a tool or support if used
to recruit patients or used to market other reimbursable items or
services. This condition protects against abusive marketing schemes
where the patients are inappropriately induced to select providers or
use items or services because they are being provided with free or low-
cost tools and supports. Importantly, the patient engagement and
support safe harbor protects the provision of tools and supports to
patients; it does not protect any marketing, advertising, or patient
recruitment arrangements.
As with the care coordination arrangements safe harbor's marketing
and patient recruitment provision discussed in section III.B.3.j we use
the terms marketing (e.g., promoting or selling something), recruitment
(e.g., enlisting someone to do something), and education (e.g.,
informing, instructing, or teaching) in accordance with their common
sense meanings. Additionally, we consider ``advertising'' to be a
subset of ``marketing,'' so the prohibition of using tools or supports
to market other reimbursable items or services also prohibits
advertising. This approach best allows flexibility for VBE participants
to engage in appropriate educational efforts. We offer illustrative
examples in response to comments to aid stakeholders in applying the
safe harbor provision.
For example, a VBE participant could operate a non-billable
diabetes remote monitoring program to help patients manage their
diabetes and coordinate their care. As part of the program, the VBE
participant offers patients with diabetes a free tablet to facilitate
the remote monitoring program. Should the VBE participant seek to
protect the tablet under this safe harbor, it would need to satisfy the
marketing and patient recruitment condition at paragraph
1001.952(hh)(6). To illustrate the scope of this condition, we offer
the following examples of educational activities that would comply with
this condition. First, the VBE participant may counsel a patient with
diabetes about the benefits of the non-billable remote monitoring
program and explain that such program includes a free tablet to
facilitate the program. Second, the VBE may explain that the tablet is
used to convey information such as nutritional information, recipes,
wellness tips, and appointment reminders. In these illustrative
examples, the VBE participant is not using the tablet to market other
reimbursable items or services or for patient recruitment.
By contrast, if the VBE participant uses the tablet to send
patients text messages and notifications to induce them to obtain
tests, equipment, supplies, or other reimbursable items and services,
the condition at paragraph 1001.952(hh)(6) would not be satisfied; the
VBE participant is using the tool and support (the tablet) to market
other reimbursable items and services. Similarly, if the VBE
participant advertises that patients will receive a free tablet if they
register for the remote monitoring program and receive services, the
VBE participant is using the tool and support to recruit patients and
the provision of the tablet does not qualify for safe harbor
protection. It would be the same result if the VBE participant used the
provision of the tablet to market other reimbursable services or
recruit patients through door-to-door marketing, telephone
solicitations, direct mailings, or through sales pitches masquerading
as ``informational'' sessions.
In response to commenters, we clarify that notification to an
entire target patient population about the availability of tools and
supports does not necessarily raise concerns under this condition.
Whether a notification to an entire patient population satisfies this
condition would require a highly fact-specific assessment. For example,
if a physician used an announcement to an entire target patient
population about the availability of free air conditioning filters if
those patients come in for an office visit (e.g., as an inducement to
attract patients to schedule an appointment billable to a Federal
health care program), that would constitute prohibited marketing or
patient recruitment, even if the announcement also had an educational
purpose. In contrast, if the announcement provided information on the
need for asthma patients to ensure the air in the home is clean and to
contact the physician for further information, that type of
notification would not violate this condition. Again, we highlight that
whether any particular communication satisfies this marketing condition
would require a highly fact-specific assessment.
Among the examples described by the commenters, a hospital posting
general information such as the hours of operation of its food pantry
to make patients aware of when the food pantry is open and enhance
patient access would not run afoul of this condition. Providing free
marketing items as described by a commenter such as refrigerator
magnets, stickers, and notepads likely would not be protected by this
safe harbor for multiple reasons. If provided for the purpose of
marketing or patient recruitment, such items would not meet this
condition. Furthermore, these items are unlikely to advance one of the
enumerated goals at paragraph 1001.952(hh)(3)(vi) or have a direct
connection to the coordination and management of care of the target
patient population.\74\
---------------------------------------------------------------------------
\74\ We note, however, that such items may be excluded from the
definition of remuneration under the Beneficiary Inducements CMP if
they are of nominal value. See for example 65 FR 24411 (Apr. 26,
2000), available at https://oig.hhs.gov/authorities/docs/cmpfinal.pdf, and Special Advisory Bulletin: Offering Gifts and
Other Inducements to Beneficiaries, August 2002, available at http://oig.hhs.gov/fraud/docs/alertsandbulletins/SABGiftsandInducements.pdf (Special Advisory Bulletin); Office of
Inspector General Policy Statement Regarding Gifts of Nominal Value
to Medicare and Medicaid Beneficiaries (Dec. 7, 2016), available at
https://oig.hhs.gov/fraud/docs/alertsandbulletins/OIG-Policy-Statement-Gifts-of-Nominal-Value.pdf.
---------------------------------------------------------------------------
In response to the commenter who asserted that restricting
advertising requires providers to determine which patients may benefit
from available resources, rather than empowering patients to self-
identify whether they may benefit from a given tool or support, we note
that this condition is intended to preserve patient choice and protect
vulnerable patients from the undue influence of coercive marketing. We
also remind readers that any protected tool or support must satisfy the
other conditions of the safe harbor as well, including that the patient
engagement tool or support is recommended by the patient's licensed
health care professional and advances one or more of the goals
enumerated in the safe harbor. The protections in the safe harbor are
designed to emphasize the patient's relationship with their provider in
developing plans for treatment and care and the appropriate provision
of tools and supports.
[[Page 77799]]
Consequently, the final safe harbor preserves patient choice and
empowerment by relying on close communication and collaboration between
patient and provider.
A prohibition on marketing and patient recruitment serves as an
important protection against inappropriate patient steering and
overutilization of federally reimbursable items and services. Our
enforcement experience demonstrates that using tools and supports to
recruit patients or to otherwise market reimbursable items and services
presents a risk of harms associated with fraud and abuse (e.g.,
overutilization, provision of unnecessary services to patients, and
theft of patient's medical identity information).
We highlight that this prohibition extends to eligible agents of
the VBE participant. More specifically, to qualify for safe harbor
protection, neither the VBE participant nor any eligible agent may
exchange or use the patient engagement tools or supports to market
other reimbursable items or services or for patient recruitment
purposes. Under paragraph 1001.952(hh)(2), the patient engagement tool
or support may be furnished directly to the patient (or the patient's
caregiver, family member, or other individual acting on the patient's
behalf) by a VBE participant that is a party to the value-based
arrangement or its eligible agent. The modification of the marketing
and patient recruitment prohibition in paragraph 1001.952(hh)(6)
reflects the changes to paragraph 1001.952(hh)(2) related to eligible
agents. The marketing and patient recruitment prohibition applies
equally to the VBE participant and to the eligible agent that may be
furnishing the tool or support as an agent of the VBE participant. For
example, this final rule precludes safe harbor protection for tools and
supports used by a patient recruiter to induce or recruit beneficiaries
to receive items or services reimbursed by a Federal health care
program.
Comment: A commenter warned that an overly broad limit on
advertising could be a barrier to providers giving basic information to
patients. The commenter noted that OIG recognized this risk by limiting
the scope of its advertising prohibition in the local transportation
safe harbor, which explicitly allows posting shuttle route and schedule
details.
Response: First, we remind readers that arrangements need not have
safe harbor protection to be lawful, and we observe that many health
care entities lawfully provide basic information to patients (which may
not even implicate the Federal anti-kickback statute) and even market
services without the benefit of a safe harbor. Second, we believe the
final prohibition on marketing and patient recruitment is not overly
broad. It prohibits using patient engagement tools and supports to
market other reimbursable items and services or for patient
recruitment. It does not limit providers giving basic information
directly to their patients; indeed, as explained above, many types of
basic information would not even implicate the Federal anti-kickback
statute (e.g., appointment reminders and mailings explaining the best
hygiene practices to prevent influenza).
As the commenter states, the local transportation safe harbor
provides protection for a shuttle service that is not marketed or
advertised (other than posting necessary route and schedule details).
We do not believe a specific exception, similar to the route and
schedule details exception included in the shuttle services provision
of the local transportation safe harbor, is needed in the patient
engagement and support safe harbor, nor would such an exception be
feasible to address the wide range of tools and supports potentially
protected by this safe harbor. The final safe harbor's condition
related to marketing and patient recruitment does not prohibit a VBE
participant from providing basic information relating to available
patient engagement tools and supports to patients.
For example, a hospital that also runs a food pantry could post the
hours of operation of a food pantry. In contrast, should the hospital
conduct a general advertisement to the public indicating, for example,
that it has a free food program available to patients with diabetes
(the target patient population) who come to the hospital to receive
services, providing the support in the form of the free food program
would fail to satisfy this condition and would not be protected by this
safe harbor.
We emphasize that the provision of tools and supports to Federal
health care program beneficiaries by certain entities (which could be
VBE participants consistent with revisions made by this final rule)--
such as a social services agency that does not bill Federal health care
programs--would not implicate the Federal anti-kickback statute and,
consequently, would not require safe harbor protection.\75\ Therefore,
such entities would not be subject to this marketing and patient
recruitment condition.
---------------------------------------------------------------------------
\75\ We recognize the possibility that a hospital or other
entity that bills Federal health care programs could provide funding
to an entity that does not bill Federal health care programs in
order to support the provision of tools and supports to Federal
health care program beneficiaries. Such funding could constitute an
indirect financial relationship between the funding source and the
beneficiary that could implicate the Federal anti-kickback statute
and, if so, that relationship would need to be assessed separately.
---------------------------------------------------------------------------
Comment: A commenter urged OIG to ensure that the safe harbor
allows sufficient flexibility to inform patients of the types of
interventions designed to address social determinants of health that
the VBE participant offers to support patients in achieving improved
health outcomes and to furnish the best possible patient care. The
commenter highlighted that in the context of tools and supports
designed to address unmet social needs, patients may be reticent to
self-identify absent appropriate outreach and advertising due to
potential social stigmas associated with such needs. A commenter stated
that a safe harbor condition prohibiting advertising could: (i) Reduce
the ability of patients and providers to make fully informed decisions;
(ii) lower the number of patients who have access to beneficial tools
and supports; and (iii) hinder the ability to achieve the entity's
value-based goals.
Response: The safe harbor condition prohibiting use of the patient
engagement tools and supports to market other reimbursable items and
services or for patient recruitment is not intended to constrain a
licensed health care professional from informing patients of the types
of available tools and supports. The safe harbor also would not
prohibit other types of VBE participants from providing educational
information about available tools and supports to patients in the
target population.
Comment: A commenter asserted that a facility should be able to
advertise the patient engagement tools and supports it offers, and if a
patient elects a certain facility on that basis, then the patient has
demonstrated active engagement in their care options.
Response: We recognize the importance of activated and engaged
patients and consumer choice. As previously stated, potential donors
may provide educational information and inform patients about the
availability of engagement tools and supports. This condition prohibits
only using tools and supports to market other reimbursable items and
services or for patient recruitment. This final condition is designed
to prevent VBE participants from influencing patients' decision-making
regarding billable health care items and services based on the offer of
free tools and supports. We are
[[Page 77800]]
concerned that patients might be coerced into selecting items and
services that are not in their medical best interests. We emphasize,
however, that nothing in this final rulemaking constrains patient
decision-making; notably, patients are free to select (or decline to
select) providers based on their participation in a VBE, on the care
coordination and management services they furnish, or on the tools and
supports they offer.
Comment: A commenter noted that a prohibition on advertising could
disproportionately impact skilled nursing facilities and assisted
living facilities whose patients are more likely to rely upon
traditional advertising methods to understand their treatment options
and alternatives.
Response: This condition restricts VBE participants who wish to use
the safe harbor from using the tools and supports to market other
reimbursable items or services (e.g., an advertisement that offers to
provide a free smartphone after a patient receives a service) or using
such tools for patient recruitment. It does not prohibit a VBE
participant, which could be a skilled nursing facility or assisted
living facility, from otherwise advertising or marketing the patient
care items and services they offer.
h. Direct Connection
Summary of OIG Proposed Rule: At proposed paragraph (hh)(3)(ii), we
proposed that the tool or support furnished to the patient must have a
``direct connection'' to the coordination and management of care of the
target patient population. We proposed to interpret ``direct
connection'' to mean that the VBE participant has a good faith
expectation that the tool or support will further the coordination and
management of care for the patient. We solicited comments on whether to
require a ``reasonable connection'' instead of a ``direct connection.''
We also solicited comments on an alternative proposal that would have
required the VBE participant to make a bona fide determination that an
arrangement to provide tools and supports is directly connected to the
coordination and management of care for the patient. We solicited
comments on whether the ``direct connection'' should be to any of the
four value-based purposes described at proposed paragraph
1001.952(ee)(12)(vii) instead of requiring a direct connection to the
coordination and management of care for the patient.
Summary of Final Rule: We are finalizing the condition, without
modification, at paragraph 1001.952(hh)(3)(ii). Specifically, any
protected tool or support must have a ``direct connection'' to the
coordination and management of care of the target patient population.
We are not finalizing any of the alternative proposals considered in
the OIG Proposed Rule.
Comment: A number of commenters supported our proposal to require
that any protected tool or support furnished to a patient have a direct
connection to the coordination and management of care.
Response: We are finalizing this condition as proposed. As we
explained in the OIG Proposed Rule, we do not believe it should be
difficult for a VBE participant providing the patient engagement tool
or support to clearly articulate the nexus between the tool or support
and the coordination and management of care.
Comment: We received several comments recommending that we require
only a ``reasonable connection'' to coordination and management of
care, rather than a ``direct connection.'' Many commenters expressed a
preference for the ``reasonable connection'' standard because it gives
entities greater flexibility in the provision of patient engagement
tools and supports and is better aligned with the standard that a VBE
participant must have a good faith expectation that the tool or support
will promote the VBE's objectives. A commenter opposed the ``reasonable
connection'' alternative because it would weaken the partnership
between providers that are collaborating to coordinate and manage a
patient's care.
Response: We decline to modify the condition to require only a
``reasonable connection.'' The safe harbor protects the provision of
potentially valuable in-kind remuneration furnished to patients. It is
appropriate for the offerors of potentially valuable remuneration to
carefully evaluate the nexus between the tool or support and the
coordination and management of patient care. In the final rule, we
opted for the ``direct connection'' standard, which will ensure that
the remuneration is closely linked to the goals of the Regulatory
Sprint, including promoting care coordination and value-based care. In
particular, the final safe harbor is designed to protect tools and
supports that are designed to result in higher value and better
coordinated care. The ``direct connection'' standard will help ensure
that protected remuneration specifically and intentionally advances the
goals of the Regulatory Sprint over other possible objectives.
Comment: One commenter supported a condition requiring the VBE to
make a bona fide determination that tools or supports have a direct
connection to the coordination and management of care for a patient.
However, numerous other commenters urged OIG not to adopt such a
requirement, warning that it would be unduly burdensome and create
administrative hurdles that would unnecessarily duplicate the
determination made by a VBE in establishing value-based activities of
the VBE and the role of the VBE participants in carrying out those
activities.
Response: To avoid introducing unnecessary administrative burdens,
and because we believe the other safeguards sufficiently mitigate the
risk of patient harm and program integrity concerns, we are not
finalizing a requirement--considered in the preamble to the OIG
Proposed Rule--that the VBE make a bona fide determination that the
tool or support has a direct connection to the coordination and
management of care. We note, however, that while safe harbors are
voluntary, parties that seek protection for tools and supports under
this safe harbor must strictly satisfy each of the safe harbor's
conditions, including the requirement that the tool or support has a
direct connection to the coordination and management of care. The VBE
and VBE participants may establish satisfaction of this condition in a
variety of ways without such a bona fide determination; of course,
making such a bona fide determination could support satisfaction of
this safe harbor condition.
Comment: Several commenters suggested that OIG broaden the safe
harbor to protect tools and supports that are directly connected to any
of the four value-based purposes articulated in proposed paragraph
1001.952(ee)(12)(vii), rather than requiring a direct connection to a
single value-based purpose, that is, coordination and management of
patient care. Commenters suggested that this would provide greater
flexibility for entities to offer tools and supports connected to the
other three value-based purposes.
Response: We appreciate the commenters' input. However, we
respectfully decline to adopt the commenters' suggestion. We believe
the safe harbor is appropriately limited to the protection of tools and
supports that are directly connected to the coordination and management
of care, which empowers patients to fully participate in the care
coordination activities that are the spirit of the
[[Page 77801]]
Regulatory Sprint. The other three value-based purposes described in
paragraph 1001.952(ee)--improving the quality of care; appropriately
reducing the costs to, or growth in expenditures of, payors without
reducing the quality of care; and transitioning the health care
delivery and payment systems to value-based care--are purposes that the
applicable VBE participants, not patients, are in the best position to
deliver.
In contrast, the coordination and management of care more directly
relates to the patient engagement goals of this safe harbor. At
paragraph 1001.952(ee)(14)(i)), this final rule defines ``coordination
and management of care'' to mean the deliberate organization of patient
care activities and sharing of information between two or more VBE
participants, one or more VBE participants and the VBE, or one or more
VBE participants and patients, that is designed to achieve safer, more
effective, or more efficient care to improve the health outcomes of the
target patient population. This definition provides sufficient
flexibility in designing arrangements for patient engagement that would
be protected by this safe harbor because a broad range of tools and
supports could be tailored to improving health outcomes and achieving
safer and more effective care, while advancing one of the five
enumerated goals at paragraph 1001.952(hh)(3)(vi). For instance, a
program to provide grab bars or handrails to patients recovering from
knee surgery to prevent falls at home could be properly tailored to
improving health outcomes for these patients and designed to achieve
safer, more effective care for this population.
Comment: A commenter sought clarification regarding when an item
has a direct connection to coordination and management of care,
specifically requesting a list of scenarios that would qualify. Another
commenter suggested that we not finalize a description of specific
tools or supports that would be considered to have a direct connection
to the coordination and management of care because doing so could
frustrate the goals of fostering flexibility, adaptability, and
innovation.
Response: We agree with the commenter who suggested that we not
finalize a description of specific tools or supports that would be
considered to have a direct connection to the coordination and
management of care. Consequently, we decline to provide a list of
scenarios linking which tools and supports would qualify as having a
direct connection to the coordination and management of a patient's
care. In taking this approach, we hope to foster innovation and allow
VBEs and VBE participants flexibility in appropriately identifying the
nexus between the tool or support and the coordination and management
of care. Revisiting our example of providing grab bars to patients
recovering from knee surgery, the tool or support in that example has a
direct connection to the coordination and management of care because it
is intended to prevent falls and therefore provides safer and more
effective care for the target patient population (knee surgery
patients).
i. Medical Necessity
Summary of OIG Proposed Rule: In the OIG Proposed Rule's paragraph
1001.952(hh)(3)(v), we proposed that the tool or support must not
result in medically unnecessary or inappropriate items or services
reimbursed in whole or in part by a Federal health care program.
Summary of Final Rule: We are finalizing, without modification,
this condition and relocating it to paragraph 1001.952(hh)(3)(iv).
Comment: A hospital association supported our proposal to protect
only tools and supports that do not result in medically unnecessary or
inappropriate items or services reimbursed by Federal health care
programs.
Response: We are finalizing this safeguard as proposed at paragraph
1001.952(hh)(3)(iv).
Comment: A commenter stated that any incentives protected by the
final safe harbor should not be limited to incentives furnished to
patients for attendance at medically necessary primary care or other
clinically appropriate medical appointments, but also expanded to
incentives for participating in community-based services that could
impact clinical outcomes through addressing patients' social
determinants of health.
Response: This safe harbor protects tools and supports that advance
one or more enumerated goals set out at paragraph 1001.952(hh)(3)(vi),
which include goals related to adherence to treatment regimens and
followup care plans, and prevention and management of diseases and
conditions. For a specific discussion of our treatment of tools and
supports that address social determinants of health, please see the
discussion at III.B.6.f.iv. of this preamble. To qualify for protection
under the safe harbor, any incentives for participation in community-
based services also would need to meet all other safe harbor
conditions, including the condition that the remuneration cannot result
in medically unnecessary or inappropriate items or services reimbursed
in whole or in part by a Federal health care program. We also note that
such community-based services would need to be recommended by the
patient's licensed health care professional (per the condition at
paragraph 1001.952(hh)(3)(v)) and have a direct connection to the
coordination and management of care of the target population (per the
condition at paragraph 1001.952(hh)(3)(ii)).
j. Licensed Health Care Professional Recommendation
Summary of OIG Proposed Rule: We proposed a safe harbor condition
at proposed paragraph 1001.952(hh)(3)(vi) that would provide safe
harbor protection only for tools or supports recommended by the
patient's licensed health care provider. Relatedly, we sought comments
on whether to require a written certification, under 18 U.S.C. 1001 and
1519, from a patient's licensed health care provider certifying that
the particular tool or support is recommended solely to treat a
documented chronic condition of a patient in a target patient
population.
Summary of Final Rule: We are finalizing, with modification, this
condition at paragraph 1001.952(hh)(3)(v). Based on public comment, we
are revising the language to clarify that the tool or support must be
recommended by the patient's licensed health care ``professional''
rather than ``provider.'' The term ``provider'' is often used to mean a
hospital or other entity that furnishes institutional health care
services. We believe ``professional'' is a clearer description of our
intent in the OIG Proposed Rule that this requirement emphasizes the
importance of a health care professional's medical judgment, as well as
the patient's relationship with a health care professional. We have
made conforming changes in each enumerated goal in paragraph
1001.952(hh)(3)(vi) that referenced a licensed health care provider. We
are not finalizing the written certification requirement.
Comment: A trade association representing physicians supported the
proposal to require that a tool or support must be recommended by the
patient's licensed health care provider. Another commenter stated that
this requirement is a key fraud and abuse protection to ensure that the
safe harbor is not used for improper purposes such as marketing or
patient recruitment, or to steer patients to particular treatments. A
commenter also noted that this requirement helps ensure the centrality
of the patient-provider relationship.
[[Page 77802]]
Another commenter expressed concern that a safe harbor condition
requiring a licensed health care provider's recommendation would lead
to underutilization of valuable tools and supports to treat social
comorbidities. The commenter stated that many tools and supports that
address social comorbidities do not stem from a single condition in
isolation and, therefore, may not be evident to a treating clinician.
Another commenter warned that this requirement could deter use of the
new safe harbor because physicians do not typically recommend the types
of tools and supports that would be most beneficial to patients. More
often, according to the commenter, social workers, case workers, or
others who may not be licensed clinicians would be in a better position
to recommend such patient tools, including those that would address
social determinants of health.
A commenter also urged OIG to include a requirement that clinicians
offering any patient engagement tools and supports instruct patients on
how to use them appropriately.
Response: We agree with commenters who support the condition
because it protects against harms resulting from fraud and abuse and
supports the centrality of the patient-provider relationship. As we
explained in the preamble to the OIG Proposed Rule, this condition is
designed to ensure that the remuneration is specifically focused on
patient care and to underscore the importance of quality of care, the
health care provider's medical judgment, and the patient's relationship
with their provider in developing plans for treatment and care. The
condition also ensures that the professional recommending the tool or
support has undergone some degree of review and is subject to some
level of oversight by a licensing body.
In response to the assertion that this condition would lead to
underutilization of valuable services to treat social comorbidities, we
believe the patient's licensed health care professional is in the best
position to determine whether the tool or support is directly connected
to the coordination and management of the patient's care, advances an
enumerated goal at paragraph 1001.952(hh)(3)(vi), and will not result
in medically unnecessary or inappropriate reimbursable items and
services, as required by the safe harbor. The licensed health care
professional recommending the tool or support can be any type of
licensed health care professional, which should be sufficiently broad
to ensure this safe harbor protects beneficial patient engagement tools
and supports, including those cited by commenters in various
submissions. We recognize that social workers, case workers, and others
who may not be licensed clinicians play an important role in patient
care and are often well-positioned to recommend patient tools,
including those that would address social determinants of health.
However, for purposes of this safe harbor, we are requiring a
recommendation by a licensed health care professional for the reasons
noted above.
We did not propose a definition of ``licensed health care
provider'' or ``licensed health care professional.'' We intended to
require the recommendation of a licensed health care professional, who
would be a person chosen by the patient. The term ``licensed health
care professional'' could include, for example, the following health
care professionals, assuming they are appropriately licensed by an
appropriate State licensing body for each respective profession:
Physicians (including doctors of medicine, osteopathy, dental surgery,
dental medicine, podiatric medicine, and optometry); osteopathic
practitioners; chiropractors; physician assistants; nurse
practitioners; clinical nurse specialists; certified registered nurse
anesthetists; physical therapists; occupational therapists; clinical
psychologists; qualified speech-language pathologists; qualified
audiologists; and registered dietitians or nutrition professionals.\76\
---------------------------------------------------------------------------
\76\ This illustrative list of health care professionals
includes professionals eligible as of 2020 to participate in the
Merit-based Incentive Payment System (MIPS), available at https://qpp.cms.gov/mips/how-eligibility-is-determined.
---------------------------------------------------------------------------
Comment: A commenter warned that requiring a licensed provider's
recommendation could incentivize a provider to recommend a tool or
support for which the provider can subsequently receive remuneration.
Response: To the extent the tool or support is a billable item or
service, we would expect the provider to bill appropriately. The tool
or support would not require safe harbor protection because it would be
furnished by the provider as a covered service. If the provider were to
waive any beneficiary cost-sharing, such cost-sharing waiver would not
be protected by this safe harbor.
Comment: We solicited comments on whether to require a written
certification, under 18 U.S.C. 1001 and 1519, from a patient's licensed
health care provider certifying that the particular tool or support is
recommended solely to treat a documented chronic condition of a patient
in a target patient population. A commenter opined that requiring a
licensed health care provider to document in writing their
recommendation of the tool or support along with the justification, and
requiring the offeror to maintain this documentation, is a reasonable
safeguard. The commenter surmised that such documentation need not be
in the form of a prescription or physician referral but could take the
form of a recommendation that is documented in the care plan or
approved by the care team. A commenter supportive of the certification
requirement recommended that it be enforced through administrative or
civil penalties, rather than potential criminal liability under 18
U.S.C. 1001 and 1519. Other commenters warned that imposing a
certification requirement would be overly burdensome and could have a
chilling effect on provider recommendations, even where the benefits of
the tool or support are clear.
A commenter warned that requiring physicians to certify that a tool
or support is used to treat a documented chronic condition could lead
to a fragmented approach that looks at each condition in isolation,
rather than offering coordinated support for all of a patient's health
care needs.
Response: We are not finalizing a requirement that the patient's
licensed health care professional certify that the tool or support is
recommended solely to treat a documented chronic condition. The final
safe harbor includes a number of other conditions designed in
combination to safeguard against the risk of harms resulting from fraud
and abuse including, among other conditions in the safe harbor, that
the patient engagement tool or support must have a direct connection to
the coordination and management of care, be recommended by the
patient's licensed health care professional, and advance one or more
enumerated goals.
Comment: Commenters also noted that the proposed certification
requirement, especially with criminal penalties attached, would create
a significant barrier to providing patient engagement tools and
supports under this safe harbor. In addition, commenters cited concerns
that a focus on documented chronic conditions would inappropriately
narrow the protections afforded by this safe harbor.
Response: As stated above, we are not finalizing a requirement that
the patient's licensed health care professional certify that the tool
or support is recommended solely to treat a documented chronic
condition. We
[[Page 77803]]
believe the other safeguards are sufficient to allow innovative tools
and supports for a wide array of enumerated goals while safeguarding
against the harms resulting from fraud and abuse.
k. Advances Specified Goals
Summary of OIG Proposed Rule: Under the proposed condition at
paragraph 1001.952(hh)(3)(vii), the tools and supports must advance one
or more of the following enumerated goals: (i) Adherence to a treatment
regimen as determined by the patient's licensed health care provider;
(ii) adherence to a drug regimen determined by the patient's licensed
health care provider; (iii) adherence to a followup care plan
established by the patient's licensed health care provider; (iv)
management of a disease or condition as directed by the patient's
licensed health care provider; (v) improvement in measurable evidence-
based health outcomes for the patient or the target patient population;
or (vi) ensuring patient safety.
Summary of Final Rule: We are finalizing, with modifications, the
requirement at paragraph 1001.952(hh)(3)(vi). Specifically, we are not
finalizing the proposed goal relating to improvement in measurable
evidence-based health outcomes for the patient or for the target
patient population because it is largely captured by the other goals.
The final rule revises the goal of ``management of a disease or
condition'' to read ``prevention or management of a disease or
condition'' to incorporate the element of prevention that was included
at proposed paragraph 1001.952(hh)(3)(i). We are replacing references
in this section to ``licensed health care providers'' with ``licensed
health care professionals'' consistent with the preamble discussion in
the previous section regarding this terminology.
Comment: Several commenters supported protection for these
enumerated goals and appreciated that we did not specify which tools
and supports would advance the specific goals to allow flexibility for
VBE participants and promote innovation in patient engagement
mechanisms, tools, and supports, particularly with respect to rapidly
evolving technologies. A commenter requested that OIG add protection
for adherence to a ``prevention regimen'' and prevention of a disease
to the safe harbor's list of specified goals. Another commenter noted
that the enumerated goals proposed could limit the offering of
innovative tools and supports designed to address social determinants
of health because such tools and supports may not directly link to the
goals set forth in the OIG Proposed Rule.
Response: We are finalizing these goals as proposed, with the
omission of the proposed goal relating to evidence-based health
outcomes and modifications to include prevention of a disease or
condition and to use the term licensed health care professionals. To
avoid inadvertently limiting which tools and supports advance specified
goals and provide VBE participants flexibility and the opportunity to
innovate, we are not providing an exhaustive list of tools and
supports. Indeed, one particular patient engagement tool may satisfy a
number of these enumerated goals. For instance, a device or program
that reminds a patient to take a medication or attend a scheduled
office visit might advance the goals related to adherence to a
treatment regimen, drug regimen, or follow-up care plan, or advance
goals related to prevention or management of a disease or ensuring
patient safety depending, in part, on the functionality and purposes of
the device or program. In response to a commenter's suggestion, we
revised the goal at paragraph 1001.952(hh)(3)(vi)(D) to read ``the
prevention or management of a disease or condition'' so that this safe
harbor is available to protect preventive items, goods, or services
that meet the other safe harbor conditions. Adding a specific goal
relating to preventive items and services also effectuates a change
discussed above, in section III.B.6.e.i, in which we removed the
reference to preventive items, goods, or services that had appeared in
proposed paragraph 1001.952(hh)(3)(i). Furthermore, we note that this
change is consistent with section 1128A(i)(6)(D) of the Act, which
excepts certain remuneration given to individuals to promote the
delivery of preventive care from the definition of ``remuneration'' for
purposes of the Beneficiary Inducements CMP, as further interpreted in
the regulatory exception at paragraph 1003.101.
l. Prohibition on Cost-Shifting
Summary of OIG Proposed Rule: We sought comments on whether the
final rule should include a safe harbor condition that would prohibit
VBE participants that furnish patient engagement tools and supports
from: (i) Billing Federal health care programs, other payors, or
individuals for those tools or supports; (ii) claiming the value of a
tool or support as a bad debt for payment purposes under a Federal
health care program; or (iii) otherwise shifting the burden of the
value of a tool or support on a Federal health care program, other
payors, or individuals.
Summary of Final Rule: We are not finalizing this proposed
condition.
Comment: Several commenters supported this proposed condition. A
commenter agreed that entities offering tools and supports should not
receive payment for the value of those items or services, but the
commenter asserted that an explicit safe harbor condition prohibiting
receiving payment for tools and supports is unnecessary.
Other commenters suggested different variations on this
prohibition, urging that any safe harbor condition related to billing
for tools and supports should permit entities to bill commercial payors
for tools and supports when, for example, a provider has negotiated
reimbursement terms that permit certain costs to be passed on to third-
party payors. Another commenter urged that OIG prohibit all direct
billing of any costs related to protected tools and supports to
patients but otherwise allow direct billing for tools and supports to
nonpatient third parties. One commenter opposed this cost-shifting
prohibition altogether, arguing that because tools and supports could
result in overall cost savings to payors, those items and services
should be reimbursable.
Response: We are not finalizing this condition. In light of the
combination of safeguards in the final rule, we do not believe the
addition of a cost-shifting prohibition would add appreciable
additional protection for programs or patients. We acknowledge that VBE
participants may have a variety of arrangements with payors, including
reimbursement terms that permit certain costs to be passed on to third-
party payors, and we do not want to foreclose safe harbor protection
for such VBE participants. With respect to direct billing of payors or
individuals for tools and supports, if the tool or support is a covered
item or service under a Federal health care program and a VBE
participant appropriately obtains full payment for such tools or
supports in accordance with applicable coverage and billing rules, then
the VBE participant has not transferred any remuneration to a
beneficiary, and the arrangement would not implicate the Federal anti-
kickback statute. In other words, if a provider or supplier furnishes
items or services that are covered items or services under a Federal
health care program, the provision of those items or services alone
would not implicate the Federal anti-kickback statute.
However, we would note there could be circumstances under which a
VBE participant, when furnishing a covered item or service, does give a
Federal
[[Page 77804]]
health care program beneficiary something of value, thereby implicating
the Federal anti-kickback statute. For example, the Federal anti-
kickback statute would be implicated by a provider waiving or reducing
any required cost-sharing obligations for the covered item or service
incurred by a Federal health care program beneficiary or providing
extra items and services--those that are not part of the covered item
or service--for free. Furthermore, nothing in this rule exempts parties
from responsibility for compliance with all applicable coverage and
billing rules. In addition, nothing in this safe harbor transforms an
item or service--which is not otherwise billable or allowable under the
relevant cost-reporting rules--into a billable or allowable item or
service.
Comment: Several commenters warned that the proposed prohibition on
billing Federal health care programs would render Indian health care
providers ineligible for protection under this new safe harbor because
they are federally funded.
Response: As noted, we are not finalizing this condition.
m. No Selection Based on Payor
Summary of OIG Proposed Rule: In the OIG Proposed Rule, we stated
that we were considering and solicited comments on whether to include a
``consistent provision'' condition, which would require VBE
participants to provide the same patient engagement tools or supports
to an entire target patient population or otherwise consistently offer
tools or supports to all patients who satisfy specified, uniform
criteria.\77\ We noted that such condition would protect against a VBE
participant targeting certain patients to receive tools and supports
based on, for example, the patient's insurance or health status,
resulting in targeting of particularly lucrative patients to receive
tools and supports (cherry-picking) while avoiding high-cost patients
(lemon-dropping). We solicited comments regarding: (i) Whether such a
provision would limit certain VBE participants' ability to offer tools
and supports due to financial constraints; and (ii) why offering tools
and supports to a smaller subset of a target patient population would
be appropriate and not elevate fraud and abuse risks, including cherry-
picking and lemon-dropping.
---------------------------------------------------------------------------
\77\ 84 FR 55729 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We are finalizing a condition at paragraph
1001.952(hh)(8) that the availability of patient engagement tools and
supports cannot be determined in a manner that takes into account the
type of insurance coverage of the patient.
Comment: A number of commenters expressed concern that a consistent
provision requirement could result in requiring VBE participants to
provide tools and supports to an overly broad population, including
patients for whom such tools or supports are not clinically appropriate
or who do not want the tools or supports. Some commenters posited that
VBE participants need flexibility to tailor the types of tools or
supports to the particular patient and recommended that we protect
remuneration directed at particular subsets or subpopulations of target
patient populations of a VBE, such as higher-risk or higher-cost
patients, or only those patients within the target patient population
who achieve a certain goal. Other commenters suggested that because not
all patients within the target patient population may benefit from any
tool or support, offerors should be permitted to establish in advance
specified criteria by which to evaluate patients for the
appropriateness of any tool or support. For instance, a commenter
suggested that it would be appropriate to limit the provision of
particular tools and supports to subpopulations (e.g., it would be
appropriate to exclude patients residing in an assisted living facility
who receive significant support with their activities of daily living
when furnishing a support such as installing grab bars in patients'
homes to prevent falls). A commenter also noted that some patients may
refuse tools and supports, which could undermine compliance with a
consistent provision requirement.
Response: We acknowledge commenters' concerns regarding the
practical challenges of including a consistent provision requirement
for safe harbor protection. We have instead adopted a condition that
the availability of patient engagement tools and supports cannot be
determined in a manner that takes into account the type of insurance
coverage of the patient, which largely addresses the concerns that
caused us to consider a consistent provision requirement, with fewer
practical challenges. Under this condition, VBE participants offering
protected tools or supports must do so without regard to the patient's
payor type, but nothing in this safe harbor would require a VBE
participant to offer tools or supports when they cannot be used or
accepted, nor would it require patients to accept unwanted tools or
supports in order for the safe harbor to apply. As a practical matter,
this condition also would prevent a VBE--assuming at least one VBE
participant intends to provide protected tools and supports to
patients--from defining its target patient population in a manner that
takes into account patients' payor type.
This requirement addresses the concern we expressed in the OIG
Proposed Rule related to the possibility of discriminatory provision of
tools and supports based on a patient's payor type, but without some of
the complications highlighted by commenters, including concerns
regarding cost. It is possible that a particular tool or support if
offered on a neutral basis unrelated to payor type could result in the
provision of tools and supports primarily to Federal health care
program beneficiaries. Such remuneration would still be protected under
the safe harbor as long as the decision to offer tools and supports was
based on a patient's individual need rather than the patient's payor
type, and assuming the remuneration otherwise meets the requirements of
the safe harbor. More specifically, offering or furnishing tools and
supports to patients based on clinical characteristics, such as
presence of a specified chronic condition, or geographical
considerations, such as a common ZIP Code, would not be precluded even
if the patient population receiving the tools and supports
disproportionally has the same insurance. By way of further
illustration, in the case of a geriatric practice providing tools and
supports to patients above a certain age or with a particular illness,
it is possible that all or virtually all patients would be Medicare
beneficiaries. However, so long as patients receiving the tools and
supports are not selected based on their Medicare insurance status, the
requirement would not be violated. Stated another way, for purposes of
this safe harbor, we would not view a VBE participant offering or
furnishing tools and supports to a population disproportionately
comprised of Medicare beneficiaries to run afoul of this condition
provided that the decision to offer tools or supports is not based upon
the patient's Medicare insurance status. As another further example, a
VBE could define its target patient population--and therefore limit the
scope of potential recipients of tools and supports--based on
individual or family income, which might overlap substantially with
Medicaid or dual-eligible populations but would not be strictly
determined based on an individual's enrollment in Medicaid or as dually
eligible for both Medicare and Medicaid.
[[Page 77805]]
This condition ensures that a potential donor uses actual needs or
related characteristics outside of payor status to determine the
appropriate target patient population rather than the potential value
of future Federally reimbursable items and services provided to such
population. In addition, nothing in this condition would prevent a VBE
participant from offering protected tools and supports only to a
population of uninsured individuals, which we would not consider to be
a determination based on the type of insurance coverage (indeed, as a
preliminary matter, such remuneration would be unlikely to implicate
the Federal anti-kickback statute or Beneficiary Inducements CMP).
Comment: A commenter posited that requiring consistent provision
across the entire target patient population undercuts the requirement
that the tool or support be recommended by the patient's licensed
health care practitioner, which includes clinical judgment of the
clinician and avoids unnecessary waste and other fraud and abuse
concerns. The commenter also noted that VBEs would be forced to create
many iterations of the target patient population with minute
differences to avoid these concerns, which it described as unfeasible.
Response: We believe the final safe harbor does not raise the risks
identified by the commenter because the condition in its final form
does not require consistent provision of tools or supports to every
patient in an entire target patient population specified by the VBE
participant. The final safe harbor also would not require VBE
participants to establish different target patient populations merely
to satisfy a consistent provision requirement. The commenter is correct
that the condition requiring a licensed health care professional's
recommendation is designed to preclude from safe harbor protection
tools and supports provided to patients who do not need them to advance
one of the enumerated goals of this safe harbor.
Comment: Several commenters suggested that providers should have
the ability to test the effectiveness of the tool or support before
committing to widespread provision, noting that VBE participants are in
the best position to make determinations regarding how to allocate
limited resources, including whether to offer tools and supports to
patients. Other commenters highlighted that small practices may be
unable to offer any tools or supports due to financial constraints if
they were required to provide them consistently across a population.
Response: We appreciate these comments regarding potential
challenges associated with requiring consistent provision of tools and
supports across a target patient population. The condition limiting
selection based on payor, as finalized, largely accomplishes the goals
of a consistent provision requirement without triggering the types of
limitations highlighted by these and other commenters. In addition, we
agree that VBE participants in collaboration with any applicable VBE
are in the best position to make a determination regarding whether to
offer and provide a tool or support to patients and emphasize that this
determination remains solely at the discretion of a VBE participant (in
collaboration with the VBE(s) in which the VBE participant
participates).
We are confident the final safe harbor affords VBE participants
sufficient flexibility to furnish protected tools and supports and
assess their effectiveness, as long as all conditions of the safe
harbor are met. For example, a VBE participant may wish to initially
establish a narrowly construed target patient population based on
specific criteria that limits the size and scope of the patients to
whom the VBE participant offers or provides certain tools and supports.
After engaging with that limited target patient population, the VBE
participant could then identify a new, broader target patient
population to whom it offers or provides the same tools and supports.
This type of assessment period--and subsequent expansion to a larger,
more broadly construed target patient population--could be protected if
all conditions of the safe harbor are met, including that the tool or
support advances one of the safe harbor's enumerated goals. The
requirement to advance one or more of the listed goals means, at a
minimum, that the VBE participant reasonably expects the tool or
support to be effective in advancing a goal.
We reiterate that safe harbors are voluntary and that this safe
harbor does not require any individual or entity to offer free or
reduced-cost tools or supports to patients; it sets forth conditions
and limitations to ensure safe harbor protection for the provision of
such tools or supports. VBE participants are free to evaluate the costs
and overall cost savings associated with the provision of patient
engagement tools and supports, and to structure such arrangements in
economically viable ways as long as such structure does not directly
take into account a patient's payor status.
Comment: A commenter supported a prohibition on discriminating
based on insurance or payor type to avoid lemon-dropping or cherry-
picking.
Response: We appreciate the comment and note that we have adopted a
condition designed to prevent lemon-dropping or cherry-picking as it
relates to payor type or lack of insurance. In addition, requirements
for selecting a target patient population and for involvement of the
patient's licensed health care professional provide additional
protections against selecting only lucrative patients (cherry-picking)
or selectively refusing tools and supports for expensive patients
(lemon-dropping).
n. Monitoring Effectiveness
Summary of OIG Proposed Rule: We solicited comments on whether to
add a condition requiring offerors to use reasonable efforts to monitor
the effectiveness of the tool or support in achieving the intended
coordination and management of care for the patient. We also solicited
comments on whether to add a safeguard that would require monitoring to
ensure that the tool or support does not result in diminished quality
of care or patient harm.
Summary of Final Rule: We are not finalizing these conditions
because they are not necessary in light of the totality of other
conditions we are finalizing in this rule.
Comment: Some commenters supported our proposal to require offerors
to use reasonable efforts to monitor: (i) The effectiveness of the tool
or support in achieving its intended purpose; and (ii) to ensure the
tool or support does not result in diminished care or patient harm.
Other commenters opposed this proposal, warning that it would impose an
administrative burden that could negatively impact the ability of
small, rural, and underserved practices to offer tools and supports.
Another commenter noted that it can take a substantial period of time
to realize the effects of any intervention and the measurement of these
effects often utilize outcome measures that may be unreliable. Some
commenters stated that it would be reasonable for the safe harbor to
require the offeror of a particular tool or support to document and
demonstrate outcomes associated with the tool or support, and monitor
use, impact, and quality of such tools and supports. A commenter
recommended that if OIG adopts a monitoring requirement, it should
allow flexibility to entities in designing a monitoring program in
acknowledgment
[[Page 77806]]
of the good faith monitoring efforts undertaken.
Response: We acknowledge the concerns raised by commenters, and we
are not finalizing a monitoring requirement in this final rule. We note
that the safe harbor separately requires that tools and supports must
advance one or more of the specific goals articulated at paragraph
1001.952(hh)(3)(vi). Although the final safe harbor does not contain a
prospective monitoring requirement, the requirement to advance one or
more of the listed goals means, at a minimum, that the VBE participant
reasonably expects the tool or support to be effective in advancing a
goal.
o. Retrieval of Items and Goods
Summary of OIG Proposed Rule: We solicited comments on whether to
include a condition requiring the offeror to make a reasonable effort
to retrieve the tool or support in certain circumstances, such as when
the patient is no longer in the target patient population or the
offeror is no longer a VBE participant. We also solicited comments on
whether a minimum value should trigger any retrieval requirement and
other issues related to the practicality of retrieval.
Summary of Final Rule: We are not finalizing a retrieval
requirement in the final safe harbor.
Comment: Some commenters supported the proposal to require a
reasonable effort to retrieve the tool or support if certain conditions
are met, such as when the patient is no longer within the target
patient population or when the tool or support is valued above a
certain threshold (applying appropriate depreciation). Others requested
that we clarify that any required retrieval efforts would only need to
be reasonable and not hold offerors to unrealistic requirements to
retrieve tools or disable software.
One commenter suggested that in order to ensure that an offeror's
decision to cease retrieval is not driven by an attempt to
inappropriately influence beneficiaries, we could require that
decisions regarding whether and how to retrieve items be reviewed and
approved by the VBE's accountable body or person responsible for the
financial and operational oversight of the VBE.
Other commenters stated that a retrieval requirement would be
administratively burdensome, impossible or wasteful for nontransferable
consumables, counter to clinical recommendations where a patient still
benefits from the tool or support and may prevent potential offerors
from providing tools and supports or discourage patients from accepting
them. Some commenters noted that the reduced value or obsolescence of
the tool or support could render recovery unnecessary, futile, or
disproportionate in cost to the value of the tool or support. Another
commenter noted that retrieval could be impractical or insensitive
following a patient's death and urged us not to finalize the
requirement for that reason. Other commenters recommended that if we do
finalize this requirement, we include exceptions for patient harm and
death and consider only two written attempts at retrieval to be
reasonable.
One commenter noted that offerors may have limited legal right to
tools and may be unable to retrieve them. Commenters asked us to
clarify that if retrieval is not required, offerors still retain the
right to recover tools and supports if they deem it reasonable and
necessary or otherwise make a business decision to retrieve the tool or
support.
Response: We agree with commenters who highlighted the
administrative burdens and other challenges associated with any
retrieval requirement, and we are not finalizing this requirement. We
note, however, that offerors are free to make retrieval efforts or
require the return of tools and supports where it would not harm the
patient, as long as the decision to retrieve or the extent to which
retrieval policies are applied is consistent and not undertaken in a
manner that takes into account the volume or value of referrals of
Federal health care program business. We further note that the safe
harbor separately requires that tools and supports must advance one or
more of the specific goals articulated at paragraph
1001.952(hh)(3)(vi). Although the final safe harbor does not contain a
retrieval requirement, the requirement to advance one or more of the
listed goals means that the VBE participants should cease providing
tools or supports they find to be ineffective. In addition, we note
that the structure of the safe harbor would necessitate termination of
ongoing services (e.g., recurring monthly fees associated with a
fitness center membership) if the individual is no longer part of the
target patient population or the entity is no longer a VBE participant.
p. Monetary Cap
Summary of OIG Proposed Rule: We proposed a monetary cap on the
tools and supports protected under this safe harbor. Specifically, at
proposed paragraph 1001.952(hh)(5), we proposed that the aggregate
retail value of protected tools or supports furnished to a patient by a
VBE participant may not exceed $500 per year unless the tools and
supports are furnished to a patient based on a good faith,
individualized determination of the patient's financial need. We
solicited comments on whether this figure strikes the right balance
between: (i) Flexibility for beneficial tools and supports; and (ii) a
limit on the amount of protected remuneration to shield patients from
being improperly influenced by valuable gifts and to protect Federal
health care programs from overutilization or inappropriate utilization.
We asked whether $500 was too high or too low, and whether a number of
other safeguards or alternatives would be more appropriate.
Summary of Final Rule: We are finalizing, with modifications, an
annual $500 monetary cap at paragraph 1001.952(hh)(5). The final rule
does not include an exception to the cap requirement that would permit
exceeding the monetary cap for patients with demonstrated financial
need. Based on public comments, we are including an inflation adjuster.
Comment: Several commenters supported a monetary cap for many
reasons, including that it provides a bright-line safeguard for program
integrity purposes. Other commenters disagreed with any monetary cap
for several reasons, such as finding it unnecessary due to the
combination of other proposed conditions or asserting that any monetary
cap would be unreasonable because the delivery of care--and tools and
supports related to such care--depends on each patient's particular
needs. Many commenters supported an exception to the proposed cap based
on financial need, while some were concerned with the administrative
burden associated with administering a financial need policy, which
would require individualized determinations of financial need rather
than bright-line limits. A commenter suggested that OIG define
financial need using a validated social need screening tool, such as
the Hunger Vital Sign, a validated, two-question tool used by health
care providers and community-based organizations to identify risk for
food insecurity among youth, adolescents, and adults.
Response: We agree with commenters who stated that a monetary cap
provides bright-line guidance to VBE participants on the value of
acceptable tools and supports. To this end, we are finalizing a
straightforward annual, aggregate $500 cap, subject to an inflation
adjuster. The final rule does not include the proposed condition that
would have allowed the cap to be exceeded, without limitation
[[Page 77807]]
on amount, in instances of good faith, individualized determination of
a patient's financial need. Because we are not finalizing this
condition, we do not need to define financial need.
OIG is mindful that different patients may have different needs and
for some patients tools and supports exceeding a retail value of $500
in the aggregate per year could help improve coordination of their
care, improve health outcomes, and have other beneficial impacts,
particularly for patients with financial need. Nothing in this final
rule makes it necessarily unlawful, in individual cases, for a provider
or other party to furnish for free or below fair market value tools and
supports that exceed $500 per year (nor does this rule make
remuneration under $500 automatically immune from sanctions under the
Federal anti-kickback statute and Beneficiary Inducements CMP unless it
meets all safe harbor conditions). Such arrangements would be evaluated
on a case-by-case basis under the statutes, including with respect to
the intent of the parties. We note that there may be lawful avenues for
providers to offer tools and supports to patients who need tools and
supports that exceed an aggregate of $500 annually, particularly those
experiencing financial need. For example, the local transportation safe
harbor, found at paragraph 1001.952(bb), remains available to protect
certain local transportation furnished to patients, provided that the
local transportation satisfies the requirements of the safe harbor.
With respect specifically to the Beneficiary Inducements CMP,
exceptions exist for remuneration that promotes access to care and
poses a low risk of harm and for renumeration offered to patients
experiencing financial need; the requirements for these exceptions are
found at paragraph 1003.110.\78\
---------------------------------------------------------------------------
\78\ We remind readers that exceptions to the definition of
``remuneration'' under the Beneficiary Inducements CMP apply only
for the purposes of the definition of ``remuneration'' applicable to
section 1128A of the Act (the Beneficiary Inducements CMP); they do
not apply for purposes of section 1128B(b) of the Act (the Federal
anti-kickback statute).
---------------------------------------------------------------------------
In addition, for arrangements involving tools and supports that may
exceed the monetary cap, that implicate the Federal anti-kickback
statute, Beneficiary Inducements CMP or both, and do not meet any other
safe harbor to the Federal anti-kickback statute or exception to the
Beneficiary Inducements CMP, the advisory opinion process remains
available. OIG has previously issued favorable advisory opinions to
health care industry stakeholders seeking to furnish free or below fair
market value tools and supports to patients when such tools and
supports do not squarely satisfy a safe harbor to the Federal anti-
kickback statute, an exception to the Beneficiary Inducements CMP, or
both.\79\
---------------------------------------------------------------------------
\79\ See, e.g., OIG, OIG Adv. Op. No. 17-01, available at
https://oig.hhs.gov/fraud/docs/advisoryopinions/2017/AdvOpn17-01.pdf
(Mar. 10, 2017) (regarding a hospital system's proposal to provide
free or reduced-cost lodging and meals to certain financially needy
patients); OIG, OIG Adv. Op. No. 19-03 (Mar. 6, 2019), available at
https://oig.hhs.gov/fraud/docs/advisoryopinions/2019/AdvOpn19-03.pdf
(regarding a program offered by a medical center that provides free,
in-home followup care to eligible individuals with congestive heart
failure and the proposed expansion of this program to include
certain individuals with chronic obstructive pulmonary disease).
---------------------------------------------------------------------------
Comment: Several commenters asked for clarity regarding how to
calculate the ``retail value'' of the tools or supports. A commenter
asked OIG to define retail value as the commercial value of the tool or
support to the recipient instead of its fair market value. Several
commenters agreed that if OIG finalized any cap to the annual aggregate
value of protected tools and supports, the cap should apply separately
to each VBE participant, rather than at the VBE level or the value-
based arrangement level, citing the administrative burden associated
with tracking caps for patients receiving tools and supports from
different VBE participants. Others suggested that the cap should adjust
for inflation over time automatically or through other mechanisms.
Response: The aggregate retail value of patient engagement tools
and supports furnished by a VBE participant to a patient may not exceed
$500 on an annual basis. The retail value of the tools and supports
should be measured at the time they are provided to the patient.
Specifically, for purposes of this safe harbor, the retail value is the
commercial cost the patient would have incurred at the time the VBE
participant provides the tool or support if the patient had procured
the tool or support on the open market on their own. We note that, as
proposed, this cap applies per VBE participant and per patient, not at
the VBE level or the value-based arrangement level. A patient may
receive a number of tools and supports from a number of VBE
participants (in one or more VBE) through the course of a year, as long
as no single VBE participant individually provides more than $500 in
aggregate value to the patient per year. The VBE participant providing
the tool or support is responsible for tracking the aggregate retail
value of the tools or supports that it--and only it--provides to the
patient through the course of a year.
VBE participants are not required to monitor the value of tools and
supports provided by other parties--even within the same VBE--to a
particular patient. This should ease any burden of tracking the value
of tools in connection with the aggregate, annual cap. Finally, in
response to commenters' suggestions, we are finalizing an annual
adjustment to the monetary cap to account for inflation. Under this
provision, the monetary cap will be adjusted for inflation to the
nearest whole dollar effective January 1 of each calendar year using
the Consumer Price Index-Urban All Items (CPI-U) for the 12-month
period ending the preceding September 30. OIG will publish an
announcement on its website after September 30 of each year reflecting
the increase in the CPI-U for the 12-month period ending September 30,
and the new monetary cap applicable for the following calendar year.
Comment: A number of commenters suggested increasing the dollar
limit of the cap for all tools and supports. Some commenters suggested
alternatives, such as per-occurrence limitations on value, coupled with
a higher cap. Others proposed increasing the cap or adding additional
exceptions to the cap for categories of tools and supports or specific
tools and supports such as disposable and nondurable items and
supplies; recurring services; ongoing costs for the tool or support
(e.g., batteries and software upgrades); transportation; housing and
home safety items and services; certain digital or other health-related
technologies; home monitoring devices; tools and supports that address
chronic or complex disease management; tools and supports for the
seriously injured; harm-reduction items (e.g., helmets and medication
lockboxes); and other tools and supports that address a patient's
social determinants of health. Several commenters asked OIG to consider
increasing the cap to account for changes in technology or care
innovation over time. Some commenters recommended permitting a higher
cap when the VBE's accountable body or responsible person determines
the circumstances support it. Others recommended a tiered cap system
based on outcomes or on the amount of risk a VBE participant bears.
Response: The generally applicable $500 cap establishes a bright-
line limitation for VBE participants seeking protection under this safe
harbor. We believe the safe harbor conditions, including the monetary
cap, strike an appropriate balance between giving flexibility to VBE
participants to provide beneficial tools and supports to
[[Page 77808]]
patients and protecting programs and patients from the improper
influence of valuable remuneration. We are not finalizing exceptions to
the $500 cap because we believe exceptions would add complexity to this
safe harbor and would raise compliance challenges. Further, tools and
supports of higher value could improperly influence patients to select
treatments or providers not in their best interests, potentially
leading to the harms against which the Federal anti-kickback statute is
designed to protect.
q. Diversion or Resale
Summary of Proposed Rule: We proposed, at proposed paragraph
1001.952(hh)(4), a condition that would have excluded from safe harbor
protection tools or supports if the offeror knew, or should have known,
that the tool or support was likely to be diverted, sold, or utilized
by the patient other than for the express purpose for which the tool or
support was provided.
Summary of Final Rule: We are not finalizing this proposed
condition.
Comment: Several commenters supported this condition, while another
urged us to consider how such limitation may inadvertently restrict
access to these tools. A commenter posited that it is not feasible for
a VBE participant to determine the likelihood of diversion and proposed
instead limitations on categories of tools and supports that are likely
to be abused, such as cell phones. The commenter suggested protection
only for tools and supports that are not likely to be abused or those
likely to improve health, such as helmets, car seats, and medication
lockboxes.
Response: We agree with the commenter who questioned the
feasibility of a VBE participant determining the likelihood of
diversion. We are not finalizing this provision. Other safeguards we
are finalizing in this safe harbor adequately address the concern that
a recipient of a tool or support is receiving it for appropriate
purposes. For instance, the requirement that a licensed health care
professional recommend the tool or support and that it be directly
connected to the coordination and management of care should mitigate
the risk that a tool or support is likely to be diverted or resold.
Similarly, the monetary cap, the requirement that a tool or support
advance an enumerated goal, and the restriction on marketing and
patient recruitment further limit the risk of diversion or resale.
r. Materials and Records
Summary of Final Rule: We proposed at proposed paragraph
1001.952(hh)(6) that VBE participants providing tools and supports
under this safe harbor make available to the Secretary, upon request,
all materials and records sufficient to establish that the tool or
support was distributed in compliance with the conditions of the safe
harbor. We noted that we were considering a requirement that VBE
participants retain materials and records sufficient to establish
compliance with the safe harbor for a set period of time, such as 6 or
10 years. We did not propose specific parameters regarding the creation
or maintenance of documentation in order to allow for flexibility. We
solicited comments on several alternative safeguards.
Summary of Final Rule: We are finalizing, with modification, a
requirement at paragraph 1001.952(hh)(7) that materials and records
sufficient to establish compliance with the safe harbor be made
available to the Secretary, including that those records be kept for a
period of at least 6 years.
Comment: One commenter stated that a rigid documentation
requirement would make clinicians hesitant to use the safe harbor.
Another commenter questioned the need for the proposed condition,
noting that such documentation is already part of the existing
compliance programs. The same commenter further questioned whether OIG
would bring an investigation or pursue a Federal anti-kickback case
based solely on the failure to satisfy a documentation requirement
rather than underlying substantive safeguards. A commenter found
documentation--particularly regarding the goals proposed at paragraph
1001.952(hh)(3)(vii)--to be excessive or impractical. Another commenter
suggested that it would be appropriate for offerors to retain
documentation under this condition for a period of 6 years.
Response: We disagree with the characterization of this
documentation requirement as rigid. The condition does not require a
signed writing in advance of the provision of tools and supports to a
patient, nor does it propose any specific parameters on the type or
form of documentation. It simply requires that parties make available,
on request, documentation sufficient to show that tools or supports
were provided in accordance with the safe harbor's conditions. Safe
harbors offer voluntary protection from liability under the Federal
anti-kickback statute for specified arrangements, and no entity or
individual is required to fit within a safe harbor. Failure to fit
within a safe harbor does not mean a party has violated--or even
implicated--the Federal anti-kickback statute; it simply means the
party may not look to the safe harbor for protection for that
arrangement. It would be prudent for any party relying on a safe harbor
to protect certain arrangements to document compliance with that safe
harbor in some form. For purposes of this safe harbor, we are requiring
VBE participants to retain relevant documentation for a minimum of 6
years. This retention period was recommended by a number of commenters
and it is consistent with the retention period required by the value-
based safe harbors finalized in this rule. In addition, because a 6-
year retention requirement is already present in several existing CMS
regulations, we expect that many parties are familiar with this
retention period and that the maintenance of records is part of their
routine business practices.
s. Notice to Patients
Summary of OIG Proposed Rule: We solicited comments on whether to
require the VBE to provide a patient receiving a tool or support with
written notice identifying the VBE participant and describing the
nature and purpose of the tool or support.
Summary of Final Rule: We are not finalizing this requirement.
Comment: A commenter suggested that verbal, not written, notice
should suffice. Another commenter stated that if such notice is
required, OIG should develop consumer-tested templates to convey the
information in an objective, easily understood way that will not
mislead beneficiaries or create false expectations or reliance on
protected tools and supports. Another commenter objected to any notice
requirement as burdensome and questioned whether OIG would use
investigative resources based on a claim of deficient notice.
Response: We are not finalizing this requirement. We believe that
the appropriate time for the patient to understand the purpose of the
tool or support is at the time a licensed health care professional is
recommending it for the individual patient. While we are not requiring
any formal notice to a patient in this final rule, we expect providers
will naturally communicate the purpose of the tool or support to the
patient at the time it is recommended in furtherance of the
coordination and management of care.
[[Page 77809]]
t. Other Comments
Comment: A commenter asked OIG to clarify that its proposed rule
does not mean that certain existing or hypothetical practices involving
tools and supports to beneficiaries implicate, or constitute violations
of, the Federal anti-kickback statute, such as certain group education
or certain types of gift cards. Other commenters requested that OIG
clarify, in the context of value-based arrangements or otherwise, that
the safe harbor protects remote physiologic monitoring tools and
services at no or low cost, and furthermore that providing access to
software-based platforms for patient-generated health data analytics or
telemedicine at no or low cost does not violate the Federal anti-
kickback statute.
Response: We decline to provide further guidance related to the
various comments summarized above because any analysis of whether any
of the various practices and conduct implicate the Federal anti-
kickback statute or would be protected by this safe harbor would depend
on the facts and circumstances specific to the practice or conduct. We
note, however, that the provision of at least some of the tools and
supports described above (e.g., tools that facilitate remote
monitoring) could be protected by this safe harbor. Parties may seek an
OIG advisory opinion for a determination regarding a proposed or
existing arrangement.
Comment: A commenter requested clarification regarding the
intersection of the proposed safe harbor and the existing safe harbors
or exceptions to the definition of ``remuneration'' under the
Beneficiary Inducement CMP. Another commenter asked whether an entity
is precluded from using the so-called ``promotes access to care
exception'' \80\ if it becomes a VBE. Furthermore, the commenters asked
whether an entity that is a VBE can use both the new safe harbor and
the existing exception with the same patients. A commenter asked that
we adopt a CMP exception corresponding to the patient engagement and
support safe harbor.
---------------------------------------------------------------------------
\80\ Section 1128A(i)(6)(F) of the Act; 42 CFR 1003.110.
---------------------------------------------------------------------------
Response: The Federal anti-kickback statute and Beneficiary
Inducements CMP are separate statutes with separate safe harbors and
exceptions, respectively. Any remuneration implicating the Federal
anti-kickback statute need only satisfy one safe harbor to be protected
under the statute. Similarly, any remuneration implicating the
Beneficiary Inducements CMP need only satisfy one exception under that
statute to be protected. As a matter of law, arrangements that fit in
an anti-kickback safe harbor are also protected under the Beneficiary
Inducements CMP.\81\ This means that the final safe harbor for patient
engagement and support offers protection under the Beneficiary
Inducements CMP as well as the Federal anti-kickback statute. The
converse is not true, however. Arrangements that fit in an exception to
the Beneficiary Inducements CMP are not automatically protected under
the anti-kickback safe harbor. A party that is a VBE participant can
use any exception under the Beneficiary Inducements CMP for which its
arrangement qualifies. In some cases, an arrangement that does not fit
in the new safe harbor for patient engagement and support might qualify
for protection under the ``promotes access to care exception'' or
another CMP exception; this protection would not apply to the anti-
kickback statute.
---------------------------------------------------------------------------
\81\ A practice permissible under the Federal anti-kickback
statute, whether through statutory exception or regulations issued
by the Secretary, is also excepted from the Beneficiary Inducements
CMP. Section 1128A(i)(6)(B) of the Act.
---------------------------------------------------------------------------
Comment: A commenter noted that this safe harbor does not have a
corresponding exception under the physician self-referral law.
Response: The commenter is correct. The physician self-referral
law, section 1877 of the Act, does not prohibit remuneration exchanged
between physicians or entities and patients, so a corresponding
exception would not be necessary.
7. CMS-Sponsored Model Arrangements and CMS-Sponsored Model Patient
Incentives (42 CFR 1001.952(ii))
Summary of OIG Proposed Rule: We proposed to create a new safe
harbor at paragraph 1001.952(ii) to: (i) Permit remuneration between
and among parties to arrangements (e.g., distribution of capitated
payments, shared savings or losses distributions) under a model or
other initiative being tested or expanded by the Innovation Center
under section 1115A of the Act or under the Medicare Shared Savings
Program under section 1899 of the Act (collectively ``CMS-sponsored
models''); and (ii) permit remuneration in the form of incentives
provided by CMS-sponsored model participants and their agents under a
CMS-sponsored model to patients covered by the CMS-sponsored model. We
proposed certain additional conditions, including a requirement that
patient incentives have a direct connection to the patient's health
care.
Summary of Final Rule: We are finalizing, with modifications, the
safe harbor as proposed at paragraph 1001.952(ii). We are revising the
introductory text of paragraphs 1001.952(ii)(1) and (2) to clarify that
CMS determines the specific types of financial arrangements and
incentives to which safe harbor protection will apply; safe harbor
protection will not necessarily apply to every possible financial
arrangement or incentive that CMS-sponsored model parties may wish to
implement as they participate in the Medicare Shared Savings Program or
an Innovation Center model. We are finalizing without substantive
change the remainder of proposed paragraph 1001.952(ii)(1) regarding
the conditions for safe harbor protection of financial arrangements
under a CMS-sponsored model.
We are finalizing with some modification the conditions for safe
harbor protection of CMS-sponsored model patient incentives at
paragraph 1001.952(ii)(2). First, this final rule specifies at
paragraph 1001.952(ii)(2)(ii) that the patient incentive must have a
direct connection to the patient's health care unless the participation
documentation expressly specifies a different standard, in which case
that standard must be met. Second, as explained more fully below, we
are moving certain language from the proposed definition of ``CMS-
sponsored model patient incentive'' in paragraph 1001.952(ii)(3) to the
conditions of safe harbor protection in paragraph 1001.952(ii)(2).
Third, we are modifying the safe harbor to provide at paragraph
1001.952(ii)(2)(iii) that an individual other than the CMS-sponsored
model participant or its agent may furnish an incentive to a patient
under a CMS-sponsored model if that is specified by the participation
documentation.
Finally, we are relocating the general substance of the provision
that permits patients to retain incentives they received under the CMS-
sponsored model from paragraph 1001.952(ii)(2)(v) to new paragraph
1001.952(ii)(4)(iii). We are finalizing the safe harbor definitions at
paragraph 1001.952(ii)(3) largely as proposed. As noted above, we are
relocating a portion of the definition of ``CMS-sponsored model patient
incentive'' to the conditions of safe harbor protection in paragraph
1001.952(ii)(2). In addition, we are clarifying the definition of
``CMS-sponsored model arrangement'' to refer to ``a financial
arrangement,'' which is consistent with our discussion of the
definition in the OIG Proposed Rule.\82\ Last, we made two minor
technical
[[Page 77810]]
revisions to the definition of ``CMS-sponsored model party.''
---------------------------------------------------------------------------
\82\ 84 FR 55731 (Oct. 17, 2019).
---------------------------------------------------------------------------
We are addressing the duration of safe harbor protection at new
paragraph 1001.952(ii)(4). We are making a technical edit to the
introductory language in proposed paragraph 1001.952(ii)(2) to replace
the phrase ``if all of the conditions of paragraph (ii)(2)(i) through
(v) are met of this section'' with ``if all of the following conditions
are met.''
Modifications to the scope of the safe harbor, conditions of
protection, and its duration are summarized and explained in the
preamble sections that follow.
a. General Comments
Comment: We received several comments that generally supported
finalizing a safe harbor for CMS-sponsored models and agreed with the
goals set forth in the OIG Proposed Rule. For example, a commenter
posited that the safe harbor could encourage greater voluntary
participation in new CMS-sponsored models. Commenters also expressed
support for a simplified and standardized approach rather than
disparate OIG waivers, with tailored conditions, for CMS-sponsored
models.
Some commenters expressed concern about the impact of any safe
harbor on existing waivers of the fraud and abuse laws issued by OIG
that currently apply to CMS-sponsored models, and about our ability or
willingness to issue future waivers. For example, a commenter noted
that there are benefits to model-specific waivers that may not be
realized in a safe harbor.
Response: A goal of this safe harbor is to provide uniformity and
predictability for those participating in CMS-sponsored models, which
are testing innovations to improve quality and lower cost. As we stated
in the OIG Proposed Rule, this safe harbor does not supersede OIG's
existing fraud and abuse waivers for CMS-sponsored models. Existing
model waivers will continue in effect in accordance with the waiver
terms. A CMS-sponsored model party may structure arrangements that
might otherwise implicate the Federal anti-kickback statute,
Beneficiary Inducements CMP, or both to meet the terms of an applicable
fraud and abuse waiver or any applicable safe harbor. In addition, the
promulgation of this safe harbor does not preclude OIG from issuing
model-specific waivers in the future. We note, however, that we would
expect OIG's issuance of model-specific waivers in the future to be
infrequent. We expect that model participants in new CMS-sponsored
models will be able to use this new safe harbor.
b. Scope of the Safe Harbor and Definitions
Summary of OIG Proposed Rule: We proposed to create a new safe
harbor at paragraph 1001.952(ii) to protect certain financial
arrangements and patient incentives related to the Medicare Shared
Savings Program under section 1899 of the Act and models established
and tested by CMS under section 1115A of the Act. At proposed paragraph
1001.952(ii)(3), we proposed to define the following terms that shape
the scope of the safe harbor: ``CMS-sponsored model, ``CMS-sponsored
model arrangement,'' ``CMS-sponsored model participant,'' ``CMS-
sponsored model party,'' ``CMS-sponsored model patient incentive,'' and
``participation documentation.''
Summary of Final Rule: We are finalizing, with modifications, the
defined terms. We have modified the definition of ``participation
documentation'' by removing the phrase ``is currently in effect.'' This
phrase is unnecessary in the context of a definition. Temporal language
is more appropriate in the new paragraph 1001.952(ii)(4) that specifies
the duration of safe harbor protection. In addition, we have modified
the definition of ``participation documentation'' by replacing the
reference to ``cooperative agreement'' with the phrase ``legal
instrument setting forth the terms and conditions of a grant or
cooperative agreement.'' The purpose of this change is to accommodate
future CMS-sponsored models that may be implemented by a type of grant
that is not a cooperative agreement and to accurately characterize the
relevant documentation for such forms of Federal funding.
Comment: We received several comments recommending that we expand
the safe harbor beyond ``CMS-sponsored models,'' as we proposed to
define that term. For example, some commenters requested protection for
arrangements and patient incentives related to other waivers,
demonstrations, value-based arrangements, and commercial payors such
as: (i) Arrangements under State Innovation Waivers granted pursuant to
section 1332 of the Affordable Care Act; (ii) arrangements involving
commercially insured patients that operate ``alongside'' an arrangement
related to the CMS-sponsored model if the commercial arrangement is
identical in all respects to the CMS-sponsored model arrangement; (iii)
arrangements needed to support CMS-approved Medicaid Alternative
Payment Models and delivery system initiatives; (iv) arrangements
established in the Medicare Physician Fee Schedule and Merit-based
Incentive Payment System (MIPS); and (v) arrangements between
organizations participating in any CMS-led or CMS-supported
demonstration authorized by statute.
Some commenters also sought to have the safe harbor protect tools
and supports furnished to patients who are: (i) Approved by CMS through
a Medicaid section 1115 waiver; (ii) approved by CMS as a State Plan
Amendment; or (iii) allowed through Supplemental Benefit for
Chronically Ill Enrollees in the Medicare Advantage program. Another
commenter recommended that the safe harbor protect arrangements under
any model where the Secretary has sufficient authority to waive the
Federal fraud and abuse laws.
In contrast, we received support for limiting the scope of
protection to what we set forth in the OIG Proposed Rule, with some
commenters opposing broadening the safe harbor to protect remuneration
for models or demonstrations under other sections of the Act. For
example, a commenter opposed broadening the scope of the safe harbor,
suggesting that it is appropriate for the Federal anti-kickback statute
to serve as ``backstop.''
Response: We have carefully considered the comments requesting
expansion of this safe harbor beyond CMS-sponsored models, as that term
is as defined in the OIG Proposed Rule. We are finalizing the scope of
the safe harbor as proposed. This safe harbor is designed to work in
tandem with the Innovation Center's models under section 1115A of the
Act and the Medicare Shared Savings Program under section 1899 of the
Act. It permits a certain amount of flexibility, which is sufficiently
low risk because CMS includes program integrity safeguards in the
Medicare Shared Savings Program and the Innovation Center models. There
may be variation in program integrity safeguards and oversight in other
initiatives, even if the authorizing statute permits the waiver of
fraud and abuse laws.
We are tailoring the scope of the safe harbor to include the
Medicare Shared Savings Program under section 1899 of the Act and
models established and tested by CMS under sections 1115A and of the
Act. Both the Medicare Shared Savings Program and Innovation Center
models are: (i) Designed to coordinate and redesign care; and (ii)
contain program integrity oversight and safeguards. In addition, the
Innovation Center oversees the development, testing, and monitoring of
models.
[[Page 77811]]
Furthermore, CMS-sponsored model participants may undergo certain
screening to participate in a model or the Medicare Shared Savings
Program and may be subject to documentation and reporting requirements
to promote transparency in the model or program. This level of CMS
involvement and oversight may not be present in many of the programs,
waivers, and demonstrations cited by the commenters. To the extent that
the Department has the authority to issue fraud and abuse waivers for
the Medicare Shared Savings Program or Innovation Center models, the
issuance of any such waivers remains an option to protect certain
arrangements in those programs. In addition, other safe harbors may
protect many arrangements that may otherwise implicate the Federal
anti-kickback statute and Beneficiary Inducements CMP, and that
participants in the types of programs described above may desire to
implement.
Comment: A commenter asked that this safe harbor protect a broad
range of incentives given to patients such as transportation, nutrition
support, home monitoring technology, and gift cards.
Response: This safe harbor protects patient incentives for which
CMS has determined that this safe harbor is available. Thus, CMS
defines in the participation documentation the scope of the model or
program and the arrangements or incentives permitted under the model or
program. Depending on the particular CMS-sponsored model's parameters,
the safe harbor could protect a broad range of incentives, including
those cited by the commenter. If the CMS-sponsored model prohibits a
particular type of incentive, then it would not be protected by this
safe harbor. Similarly, we note that CMS defines which entities may
provide an incentive. For example, if the CMS-sponsored model is a
State-based model where the State or State Medicaid agency implements
the model through care-delivery partners in a State, the Innovation
Center may expressly specify that such State partners may provide CMS-
sponsored model patient incentives under the model on behalf of the
State.
We are modifying the proposed definition of ``CMS-sponsored model
patient incentive'' at paragraph 1001.952(ii)(3)(v) for simplicity and
to consolidate at paragraph 1001.952(ii)(2) language regarding the
conditions of safe harbor protection.
We proposed to define ``CMS-sponsored model patient incentive'' to
mean remuneration not of a type prohibited by the participation
documentation and is furnished consistent with the CMS-sponsored model
by a CMS-sponsored model participant (or by an agent of the CMS-
sponsored model participant under the CMS-sponsored model participant's
direction and control) directly to a patient under the CMS-sponsored
model. We are moving the phrase ``furnished consistent with the CMS-
sponsored model'' to paragraph 1001.952(2)(v), and we are moving the
requirement regarding who may furnish the patient incentive to
paragraph 1001.952(2)(iii). We are relocating the language so it will
appear where the other conditions for patient incentives are enumerated
under paragraph 1001.952(ii)(2), rather than including these
requirements within the definition of ``CMS-sponsored model patient
incentive.'' We do not intend for this to be a substantive change.
Comment: A commenter recommended expanding the safe harbor to
include incentives given to patients who the CMS-sponsored model
participant believes in good faith are covered, or within a reasonable
period will be covered, by a CMS-sponsored model. The commenter noted
as an example that the Comprehensive ESRD Care Model has shown that 120
or more days may elapse between the time when a Medicare beneficiary
commences dialysis treatment and the time by which the ESRD Seamless
Care Organization receives confirmation of beneficiary alignment.
Response: As with the scope of permissible types of incentives, the
Innovation Center defines the scope of patients who may be eligible to
receive such incentives. We recognize that, depending on how the
Innovation Center has designed the model, a CMS-sponsored model
participant may not know exactly which beneficiaries are in the model
or aligned to the model participant at the time the beneficiary could
benefit from a patient incentive. By definition, a ``CMS-sponsored
model patient incentive'' is remuneration that is not of a type that is
prohibited by the participation documentation. Also, as a condition of
safe harbor protection, the incentive must be furnished consistent with
the CMS-sponsored model. To the extent that the Innovation Center
intends for incentives to be furnished before any beneficiary alignment
is finalized, and the participation documentation or programmatic
requirements do not prohibit such incentives, an incentive given before
final alignment could still meet the condition set forth in paragraph
1001.952(ii)(2)(v) and qualify for safe harbor protection if all other
terms of the safe harbor are met.
Comment: A commenter noted that we proposed to define ``CMS-
sponsored model'' to include a model expanded under section 1115A(c) of
the Act and requested further clarity on how this safe harbor would
apply to ``Phase II'' testing of an Innovation Center model. The
commenter noted that risks and benefits of financial arrangements and
patient incentives under a model may change within a given model's
design due to a change in scope.
Response: The safe harbor would protect arrangements and incentives
consistent with the CMS-sponsored model regardless of the model's phase
of testing. We agree with the commenter that risks and benefits of
financial arrangements and patient incentives under such models may
change, but the Innovation Center would continue to set the parameters
of what is being tested. If a CMS-sponsored model participant's
arrangements or incentives meet the terms of the safe harbor, which
incorporates elements of the model design, then the arrangements or
incentives would be protected.
c. Conditions for Safe Harbor Protection
Summary of OIG Proposed Rule: We proposed safeguards to ensure that
arrangements protected by this safe harbor operate as intended by CMS,
including requirements that: The remuneration not induce the furnishing
of medically unnecessary services or reduce or limit medically
necessary care (proposed at paragraph 1001.952(ii)(1)(ii)); the
remuneration not induce referrals of patients outside the CMS-sponsored
model (proposed at paragraph 1001.952(ii)(1)(iii)); the parties make
materials and records available to the Secretary upon request (proposed
at paragraphs 1001.952(ii)(1)(v) and 1001.952(ii)(2)(iii)); the parties
satisfy programmatic requirements imposed by CMS (proposed at
paragraphs 1001.952(ii)(1)(vi) and 1001.952(ii)(2)(iv)); and a patient
incentive offered under the safe harbor have a direct connection to
patient care (proposed at paragraph 1001.952(ii)(2)(ii)).
Summary of Final Rule: We are finalizing, with modifications, the
conditions of this safe harbor. Specifically, paragraph
1001.952(ii)(2)(ii) is finalized with a modification to provide that
the CMS-sponsored model patient incentive must have a direct connection
to the patient's health care, unless the participation documentation
specifies a different standard. We are liberalizing and relocating to
paragraph 1001.952(ii)(2)(iii) language regarding
[[Page 77812]]
who may furnish a CMS-sponsored model patient incentive. Specifically,
a CMS-sponsored model patient incentive must be furnished by a CMS-
sponsored model participant (or by an agent of the CMS-sponsored model
participant under the CMS-sponsored model participant's direction and
control), unless otherwise specified by the participation
documentation. We also are moving to paragraph 1001.952(ii)(2)(v) the
proposed language specifying that a CMS-sponsored model patient
incentive must be ``furnished consistent with the CMS-sponsored
model.'' As proposed, the relocated provisions were essentially
conditions of safe harbor protection. To improve the clarity of the
final rule, we are moving the provisions to appear with the other
conditions for protecting CMS-sponsored model patient incentives.
Comment: A commenter suggested that safe harbor protection should
apply as long as the remuneration at issue meets all programmatic
requirements and the terms of the model participation agreements or
other participation documentation. The commenter expressed concern that
incorporating additional substantive requirements in the safe harbor
beyond the model's contractual and programmatic requirements could: (i)
Limit the ability to tailor program integrity requirements for specific
models; and (ii) potentially lead to inconsistent or conflicting
formulations of similar concepts such as between the safe harbor and
the model's contractual and programmatic requirements. The commenter
illustrated this concern by explaining that the Innovation Center may
test a model that allows for the provision of patient incentives that
have no direct connection to the patient's health care and instead
includes a different safeguard. Another commenter, while supporting the
all-encompassing approach to the safe harbor, stated that the specific
requirements regarding protected parties are redundant because they are
already currently embedded within most of the Innovation Center model
participation requirements. Another commenter urged OIG to look
carefully at the safe harbor conditions and modify any conditions that
impose an undue burden or that are unclear.
Response: We appreciate the desire to streamline the safe harbor's
conditions as much as possible. However, if we were to add a condition
requiring satisfaction of all programmatic requirements and all terms
of the model participation agreements and other participation
documentation to ensure safe harbor protection, then some arrangements
or incentives might not be protected due to potentially inadvertent
failures to satisfy model requirements that may not bear on the
particular financial arrangement or patient incentive. We recognize
that implementing a safe harbor rather than continuing with model-by-
model fraud and abuse waivers may result in an approach less tailored
to the specific model. Similarly, in an effort to encompass an array of
possible models, we may have introduced some redundancy through defined
terms or safe harbor conditions that also could appear in programmatic
requirements for a particular CMS-sponsored model. However, we believe
the benefits of having a safe harbor available that provides
consistency and certainty to parties considering participation in a
CMS-sponsored model outweigh the concerns related to any possible
redundancy.
The conditions we are finalizing generally either rely on
parameters CMS will specify as part of the CMS-sponsored model or
address important program integrity concerns and resemble conditions
previously included in model-specific waivers (e.g., the condition
prohibiting parties from offering, paying, soliciting, or receiving
remuneration in return for, or to induce or reward, any Federal health
care program referrals or other Federal health care program business
generated outside of the CMS-sponsored model). CMS defines the
parameters of the model, which includes the types of financial
arrangements and incentives that could receive safe harbor protection.
Finally, as we noted in the OIG Proposed Rule, the condition requiring
that the patient incentive have a direct connection to the patient's
health care is consistent with the design of all CMS-sponsored models
contemplated as part of this safe harbor.
However, to provide additional flexibility for the Innovation
Center to design future models and in response to commenters, we are
modifying the condition such that CMS may specify in the participation
documentation a standard other than ``direct connection to the
patient's health care.'' If CMS does not specify a particular standard
that would contrast with a ``direct connection to the patient's health
care,'' then this standard remains. In other words, if CMS does not
specify any particular standard to which the incentive must relate,
then the standard is that it must directly relate to the patient's
health care. If, for example, a CMS-sponsored model permitted
incentives related to social determinants that might not ``directly''
relate to a patient's health, and the participation documentation
specified that the incentive must bear a ``reasonable'' connection to
the patient's health, then compliance with the ``reasonable
connection'' standard would satisfy the safe harbor condition.
As we stated in the OIG Proposed Rule, to reduce administrative
burden, parties under a CMS-sponsored model would have flexibility to
determine which type of documentation would best memorialize the
arrangement such that they could demonstrate safe harbor compliance,
including through a collection of documents as opposed to one
agreement.\83\
---------------------------------------------------------------------------
\83\ 84 FR 55732 (Oct. 17, 2019).
---------------------------------------------------------------------------
Comment: A commenter expressed concern that the safe harbor
condition requiring an arrangement to satisfy ``other programmatic
requirements'' would leave the protection for these arrangements
significantly uncertain.
Response: The regulatory text that we proposed and are finalizing
requires that the CMS-sponsored model participant satisfies (or CMS-
sponsored model parties satisfy) such programmatic requirements as may
be imposed by CMS in connection with the use of this safe harbor. The
phrase ``other programmatic requirements'' appeared in the preamble of
the OIG Proposed Rule \84\ and needed to be considered in the context
of the totality of the condition. The programmatic requirements that
parties would have to satisfy to qualify for safe harbor protection
would be set out in the CMS-sponsored model's participation
documentation or would be otherwise publicly available. Therefore, we
disagree with the commenter that the protection would be uncertain,
since any programmatic requirements specified by the Innovation Center
and incorporated into the safe harbor by reference in this condition
would be in participation documentation or otherwise would be publicly
available.
---------------------------------------------------------------------------
\84\ Id.
---------------------------------------------------------------------------
Comment: A commenter recommended that OIG specify that the safe
harbor is automatically applicable to CMS-sponsored models absent any
affirmative exclusion of a CMS-sponsored model from protection by the
safe harbor by OIG, rather than requiring the Innovation Center to
specify that the safe harbor applies to a particular model.
Response: We did not propose and are not adopting this
recommendation because safe harbor protection may not be necessary to
test all models or for every arrangement within a model that the
Innovation Center may test under section 1115A of the Act. This
approach
[[Page 77813]]
allows the Innovation Center to evaluate each model and determine
whether waivers are necessary for parties to enter into certain
arrangements to effectuate the purposes of the particular model. CMS
has broad authority to develop and define the Innovation Center models,
what the models are testing, and the scope of participation in the
models. It is important, therefore, that CMS affirmatively state that
the safe harbor would be available for specific CMS-sponsored model
arrangements and CMS-sponsored model patient incentives within a
particular model or initiative. As we stated in the OIG Proposed Rule,
CMS would determine whether the safe harbor protection would be
available for arrangements or patient incentives under the particular
CMS-sponsored model.\85\ We also explained that we would expect CMS to
notify CMS-sponsored model participants, through participation
documentation, or other public means as determined by CMS, when CMS-
sponsored model participants may use this safe harbor under a CMS-
sponsored model.\86\ To ensure that it is clear that CMS determines the
arrangements or incentives (and not just the models, in general) for
which safe harbor protection is available, this final rule makes a
technical correction to the proposed regulatory text to remove ``in a
model'' in paragraph 1001.952(ii)(1) and ``under a model'' in paragraph
1001.952(ii)(2).
---------------------------------------------------------------------------
\85\ 84 FR 55731 (Oct. 17, 2019).
\86\ Id.
---------------------------------------------------------------------------
Because this safe harbor was not available when existing models
began, we recognize that the applicable participation documentation
would not affirmatively reference that this safe harbor is available
for particular arrangements or incentives as required by paragraphs
1001.952(ii)(1) and (2). Consequently, we clarify that for the Medicare
Shared Savings Program and any existing model that has a fraud and
abuse waiver issued by OIG, CMS may determine that this safe harbor is
available for specific CMS-sponsored model arrangements and CMS-
sponsored model patient incentives that began prior to issuance of this
final rule. To do so, CMS would at its discretion issue a public notice
or notice to individual CMS-sponsored model participants that such
parties can seek protection for such arrangements under this safe
harbor as of the effective date of that notice. For example, if a
particular CMS-sponsored model has a waiver for patient engagement
incentives, the parties may rely either on the fraud and abuse waiver
or, following notice from CMS that this safe harbor may be available
for protection of future incentives, this safe harbor provided all of
the waiver's or safe harbor's conditions, as applicable, are met.
d. Duration
Summary of OIG Proposed Rule: We proposed that the duration of safe
harbor protection would align with the duration of the participation
documentation under a CMS-sponsored model, including a period of time
after that model ends to allow for reconciliation.\87\ We indicated
that we might finalize one or a combination of the following options:
(i) Terminating protection after the end of the performance period or
within a certain time period after the end of a performance period;
(ii) terminating protection upon termination of the CMS-sponsored model
participation documentation or within a certain period of time after
that; and (iii) terminating protection after the last payment or
exchange of anything of value made by a CMS-sponsored model party under
a CMS-sponsored model occurs, even if the model has otherwise
terminated. We also solicited comments on whether a CMS-sponsored model
participant should be able to continue to provide the outstanding
portion of any service to a patient if the service was initiated before
its participation documentation terminated or expired.
---------------------------------------------------------------------------
\87\ Specifically, the OIG Proposed Rule stated that the ``safe
harbor would protect the last payment or exchange of value made by
or received by a CMS-sponsored model party following the final
performance period that the CMS-sponsored model participant that is
a party to the arrangement participates in the CMS-sponsored
model.'' 84 FR 55733 (Oct. 17, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We are adding a new paragraph
1001.952(ii)(4) that specifies timeframes for when safe harbor
protection begins and ends. The details of each timeframe are explained
in greater detail below.
Comment: While generally agreeing with our proposal that most safe
harbor protections should end at the conclusion of the model, a
commenter suggested that there are some instances when OIG should
consider extended safe harbor protection for CMS-sponsored model
patient incentives. For example, a commenter recommended that OIG
continue safe harbor protection if ceasing protection would affect
continuity of care for patients or if the protected incentives promoted
positive outcomes for the patient. Similarly, another commenter
recommended that patients be allowed to retain any incentives received
prior to the termination or expiration of the participation
documentation of the CMS-sponsored model participant. Furthermore, the
commenter also recommended protecting participants who continue to
provide the same service to a patient for a terminated model if the
service was initiated before the model was terminated or expired.
Response: We agree with commenters, in part. The proposed
regulatory text at paragraph 1001.952(ii)(2)(v) stated that patients
would be permitted to retain any incentives received prior to the
termination or expiration of the participation documentation of the
CMS-sponsored model participant. We are finalizing that proposed
provision in this final rule, but it is now included in paragraph
1001.952(ii)(4)(iii).
We also agree that there are circumstances where it may be
appropriate to continue protection for patient incentives given after
the date on which the model concludes. However, this safe harbor
protects only patient incentives that are furnished consistent with the
CMS-sponsored model. In the OIG fraud and abuse waiver context, we have
protected patient incentives that continued past expiration or
termination of an agreement for a certain period of time. For example,
in connection with the Bundled Payments for Care Improvement (BPCI)
Advanced Model, we indicated that the waiver for beneficiary incentives
would continue to apply for patients who were in a ``clinical episode''
that began during an ``Agreement Performance Period,'' as those terms
were defined in the Participation Agreement for that particular model,
recognizing that the clinical episode might not conclude before the end
of the Agreement Performance Period.\88\ However, not all models may be
tied to particular clinical episodes. If a model ends, or a particular
CMS-sponsored model participant's participation documentation
terminates, the safe harbor would not protect patient incentives
indefinitely, even if the incentive benefits or improves outcomes for a
particular patient. More specifically, we are providing at new
paragraph 1001.952(ii)(4)(iii) that safe harbor protection would
continue for incentives given on or after the first day on which
patient care services may be furnished under the CMS-sponsored model as
specified by CMS in the
[[Page 77814]]
participation documentation and no later than the last day on which
patient care services may be furnished under the CMS-sponsored model,
unless a different timeframe is established in the participation
documentation (e.g., a clinical episode if such a concept is
incorporated into a model). Thus, if the participation documentation
expressly specifies a period of time beyond the end of a final
performance period or other termination event during which a CMS-
sponsored model patient incentive may be given, then that incentive
would be protected during that extended timeframe, assuming all other
safe harbor conditions are met. If the participation documentation does
not specify an extended timeframe, then this safe harbor protects only
incentives furnished until the last day on which patient care services
may be furnished under the CMS-sponsored model (e.g., the last day of
the final performance period). In addition, for clarity, we are
specifying that protection for CMS-sponsored model patient incentives
begins on or after the first day on which patient care services may be
furnished under the CMS-sponsored model as specified by CMS in the
participation documentation. In general, this would be the first day of
the first performance period during the model.
---------------------------------------------------------------------------
\88\ See Notice of Amended Waivers of Certain Fraud and Abuse
Laws in Connection With the Bundled Payments for Care Improvement
Advanced Model (Jan. 1, 2020), available at https://www.cms.gov/files/document/notice-amended-waivers-certain-fraud-and-abuse-laws-connection-bundled-payments-care-improvement.pdf.
---------------------------------------------------------------------------
This approach is generally consistent with timeframes incorporated
into fraud and abuse waivers for existing models. We further note that
some arrangements that cease to meet the requirements of this safe
harbor could be structured to fit into the safe harbor for patient
engagement and support at paragraph 1001.952(hh).
Comment: With respect to CMS-sponsored model arrangements, a
commenter recommended that the safe harbor protect the last payment or
exchange of value made or received by a CMS-sponsored model party
following the final performance period in which the CMS-sponsored model
participant that is a party to the arrangement participates, even if
the model has otherwise terminated.
Response: We agree, and it was our intent in the OIG Proposed Rule
that the safe harbor protect remuneration exchanged pursuant to CMS-
sponsored model arrangements for a limited period of time after the
CMS-sponsored model expires or is terminated to allow for necessary
reconciliation. We are addressing the duration of safe harbor
protection in new paragraph 1001.952(ii)(4), which provides greater
clarity than addressing the issue in certain defined terms. We address
both the start date and end date for protection in a manner that aligns
with the particular CMS-sponsored model. The start or end date for
protection may differ depending on whether the CMS-sponsored model is
governed by participation documentation in the form of a legal
instrument setting forth the terms and conditions of a grant or a
cooperative agreement. For remuneration provided in connection with
arrangements under a CMS-sponsored model governed by participation
documentation other than a legal instrument setting forth the terms and
conditions of a grant or cooperative agreement, the safe harbor
protects the exchange of remuneration between CMS-sponsored model
parties that occurs on or after the first day on which services under
the CMS-sponsored model begin and no later than six months after the
final payment determination made by CMS. The first day on which
services begin is often the first day of the first performance period
of a model, which may be referred to in the participation documentation
as the ``Start Date.'' If a CMS-sponsored model has an ``implementation
period'' included in the participation documentation, the first day on
which ``services under the CMS-sponsored model begin'' would be the
first day of the implementation period, unless otherwise specified by
CMS in the participation documentation. For a CMS-sponsored model
governed by a legal instrument setting forth the terms and conditions
of a grant or cooperative agreement, the safe harbor protects the
exchange of remuneration between CMS-sponsored model parties that
occurs on or after the first day of the period of performance (as
defined at 45 CFR 75.2), which is specified in the Notice of Award, or
such other date specified in the participation documentation and no
later than six months after closeout occurs pursuant to 45 CFR 75.381.
We emphasize, however, that the safe harbor protects only
remuneration between or among CMS-sponsored model parties under a CMS-
sponsored model arrangement for which CMS has determined that this safe
harbor is available, and that a ``CMS-sponsored model arrangement''
includes only ``a financial arrangement between or among CMS-sponsored
model parties to engage in activities under the CMS-sponsored model . .
. .'' Therefore, the safe harbor does not protect remuneration
exchanged between CMS-sponsored model parties for activities such as
care coordination or other patient-care activities that occur before
the model begins or beyond the termination or expiration of the model.
Any such activities that are undertaken after the model expires or is
terminated are not ``activities under the model.'' \89\ Payment that is
made within the specified timeframe in paragraph 1001.952(ii)(4)(i) or
(ii) for such services that were completed prior to termination or
expiration of the final model performance period can be protected,
similar to reconciliation payments that would necessarily be completed
after expiration or termination of the final model performance period.
In addition, CMS may specify that no remuneration may be exchanged
after termination of the participation documentation if a participant
is terminated from the CMS-sponsored model for cause. Any such
remuneration would be prohibited by the model and thus not protected by
the safe harbor. We also recognize that some CMS-sponsored model
participants might want protection for certain arrangements that begin
before a model starts (``pre-participation''). This safe harbor
protects only financial arrangements among, and patient incentives
furnished by, parties participating in the CMS-sponsored model. Any
pre-participation arrangements not governed by participation
documentation (in contrast to arrangements in an implementation period
that is part of a CMS-sponsored model, as explained above) would need
to comply with existing law, including another safe harbor, or CMS
could request a fraud and abuse waiver be issued to cover activities in
the pre-participation time period.
---------------------------------------------------------------------------
\89\ In contrast, some CMS-sponsored models may require various
administrative or analytical services that can occur only after a
model terminates or expires (e.g., data or financial analysis,
including services related to the reconciliation process).
Remuneration related to those required activities, which would be
described in the participation documentation, would be protected by
this safe harbor, if all conditions are met.
---------------------------------------------------------------------------
8. Cybersecurity Technology and Related Services (42 CFR 1001.952(jj))
Summary of OIG Proposed Rule: We proposed to establish a new safe
harbor at paragraph 1001.952(jj) to protect nonmonetary donations of
certain cybersecurity technology and related services to help improve
the cybersecurity posture of the health care industry. We proposed to
define ``cybersecurity'' as the process of protecting information by
preventing, detecting, and responding to cyberattacks, and we proposed
to include within the scope of covered technology any software or other
types of information technology, other than hardware. In an effort to
foster
[[Page 77815]]
beneficial cybersecurity donation arrangements without permitting
arrangements that might negatively impact beneficiaries or Federal
health care programs, we proposed a number of conditions on
cybersecurity donations protected by the safe harbor. We also included
an alternative proposal to protect donations of cybersecurity hardware
in more limited circumstances. These proposals are summarized in more
detail in following sections of this preamble.
Summary of Final Rule: We are finalizing, with modifications, the
safe harbor at paragraph 1001.952(jj). The modifications are summarized
in more detail in following sections. This safe harbor will protect
arrangements intended to address the growing threat of cyberattacks
impacting the health care ecosystem. In addition to software and other
types of information technology, the final safe harbor will protect
certain cybersecurity hardware donations that meet conditions in the
safe harbor. We are not finalizing our alternative proposal to require
parties to conduct a risk assessment prior to donating hardware.
a. General Comments
Comment: Most commenters generally supported OIG's proposed
cybersecurity technology and related services safe harbor, with several
commenters supporting the safe harbor as proposed. Some commenters
highlighted that patients and providers of all sizes benefit when small
and under-resourced providers can better protect themselves against
cybersecurity threats. For example, a commenter stated that the safe
harbor would significantly benefit small and rural provider groups that
lack the required resources to install needed cybersecurity measures.
Another commenter stated that four in five physicians in the United
States currently have experienced some form of cybersecurity attack
compromising patient privacy.\90\ According to a commenter, with the
growing cost of cybersecurity software, it is essential that
stakeholders be able to donate cybersecurity software to entities with
which they interact that may not be able to afford the software. This
commenter highlighted the threat that infiltrated data systems could
lead to the corruption of health records, while another commenter
explained that patient safety is the most critical concern when
cyberattacks occur, especially when they impact a patient's electronic
health records or medical devices. At least one of these commenters
noted that cyberattacks could result in disclosure of sensitive patient
information and could alter the treatment that a patient is prescribed,
among other negative consequences.
---------------------------------------------------------------------------
\90\ See Healthcare and Public Health Sector Coordinating
Councils, Health Industry Cybersecurity Practices: Managing Threats
and Protecting Patients, available at https://www.phe.gov/Preparedness/planning/405d/Documents/HICP-Main-508.pdf.
---------------------------------------------------------------------------
Response: We agree that there is an urgent need to improve
cybersecurity hygiene in the health care industry to protect patients
and the health care ecosystem overall. As discussed in more detail
below, we are finalizing the safe harbor, with several modifications.
Comment: A small number of commenters expressed general concerns
about the proposal. One commenter warned that the safe harbor should
not be used to further intentional or unintentional anticompetitive
behavior, while another commenter stated that a safe harbor of this
kind is bound to be abused, regardless of the types of safeguards OIG
implements. Another commenter asked OIG to reconsider this safe harbor
and whether cybersecurity protection and any donations related to the
same are understood sufficiently at this time to warrant a safe harbor.
Response: While we appreciate the concerns expressed by these
commenters, we believe that this safe harbor can be an important tool
to help the health care industry address the prevalent and increasing
cybersecurity threats facing the industry, which can negatively impact
the quality of care delivered to beneficiaries, among other things.\91\
Any donation of valuable technology or services to physicians or other
sources of Federal health care program referrals may pose the risk of
harms associated with fraud and abuse, and such risk may increase as
the value of the donated technology or services increases. Similarly,
any time a health care industry stakeholder is permitted to give
something for free or at a reduced cost to actual or potential referral
sources, there is a risk that such donation or discount will affect
competition because entities with greater financial resources may be in
a better position to provide the donation or discount or a more
valuable donation or discount. However, we believe that the combination
of safeguards in the safe harbor, as finalized, appropriately balances
the risks against the potential benefits of properly structured
donations to help address the critical cybersecurity needs of the
health care industry.
---------------------------------------------------------------------------
\91\ See for example Health Care Industry Cybersecurity Task
Force, Report on Improving Cybersecurity in the Health Care
Industry, June 2017 (HCIC Task Force Report), available at https://www.phe.gov/preparedness/planning/cybertf/documents/report2017.pdf
(recommending safe harbor protection for cybersecurity donations).
---------------------------------------------------------------------------
b. Purpose of Donation
Summary of OIG Proposed Rule: We proposed in proposed paragraph
1001.952(jj)(1) to limit safe harbor protection to donated technology
and services that are necessary and used predominantly to implement and
maintain effective cybersecurity. We solicited comments on the breadth
of protected technology and services, particularly surrounding
multifunctional technologies and services that might have use or value
to a recipient beyond implementing and maintaining effective
cybersecurity, such as donations that are otherwise used in the normal
course of a recipient's business, which we did not propose to protect.
Summary of Final Rule: We are finalizing, with modifications, our
proposal to limit the applicability of the cybersecurity safe harbor to
technology and services that are necessary and used predominantly to
implement, maintain, or reestablish cybersecurity. However, in the
final cybersecurity safe harbor as established here, this limitation
will be placed in the introductory paragraph of 1001.952(jj), instead
of a condition in 1001.952(jj)(1). (The remaining conditions of the
safe harbor will be finalized with redesignated numbering to account
for this organizational change; for example, proposed paragraph
1001.952(jj)(2)(i) will be finalized at paragraph 1001.952(jj)(1)(i),
and so forth). We are also removing the phrase ``certain types of''
before ``cybersecurity technology and services'' from the introductory
paragraph to avoid ambiguity regarding the scope of the safe harbor. As
finalized, the cybersecurity safe harbor introductory paragraph will
read as follows: As used in section 1128B of the Act, `remuneration'
does not include nonmonetary remuneration (consisting of cybersecurity
technology and services) that is necessary and used predominantly to
implement, maintain, or reestablish effective cybersecurity, if all of
the conditions in paragraphs (jj)(1) through (4) of this section are
met.
This organizational change does not alter the scope of remuneration
protected by the safe harbor. This reorganization of the final
cybersecurity safe harbor is intended to ensure consistency with the
EHR safe harbor, without altering or affecting the substance of the
``necessary and used predominantly'' standard as discussed in the
proposed rule. As finalized, the introductory paragraph of the
[[Page 77816]]
cybersecurity safe harbor mirrors the introductory paragraph in the EHR
safe harbor at paragraph 1001.952(y), which provides that donated items
or services must be necessary and used predominantly to create,
maintain, transmit, receive, or protect electronic health records. We
believe this consistency is especially important insofar as certain
cybersecurity software may be donated under both safe harbors.
Comment: A number of commenters supported the ``necessary and used
predominantly'' standard. A commenter noted that this provision would
ensure the legitimacy of donations and help differentiate the
technology and services that may have multiple uses beyond
cybersecurity. Another commenter urged OIG to require a clear nexus
between the cybersecurity donation and the business relationship. The
commenter explained that the cybersecurity technology should be
necessary for the provision of the services involved, such as when a
hospital donates cybersecurity technology to a physician to ensure the
secure transfer of personal health information and thus improve care
coordination for shared patients. The commenter stated that this safe
harbor should not protect cybersecurity technology donations that are
used as a way to entice new business.
Response: The goal of this condition is to ensure that donations
are made to address the legitimate cybersecurity needs of donors and
recipients, not to induce new Federal health care program business. We
decline to adopt the ``clear nexus'' standard suggested by the
commenter, and we reiterate that the donation must be ``necessary''
under this condition. It is unlikely that a donation would be necessary
for the donor or recipient to implement, maintain, or reestablish
effective cybersecurity if it is not connected to the underlying
services furnished by either party (e.g., ensuring the secure transfer
of information between the parties).
We explained in the OIG Proposed Rule that the core function of the
donated technology or service must be to protect information by
preventing, detecting, and responding to cyberattacks. We also provided
a nonexhaustive list of examples of technology and services that we
believed would be necessary and used predominantly to implement,
maintain, or reestablish effective cybersecurity.\92\
---------------------------------------------------------------------------
\92\ These examples included any services associated with
developing, installing, and updating cybersecurity software; any
kind of cybersecurity training services, such as training recipients
how to use cybersecurity technology, how to prevent, detect, and
respond to cyber threats, and how to troubleshoot problems with the
cybersecurity technology (e.g., ``help desk'' services specific to
cybersecurity); and any kind of cybersecurity services for business
continuity and data recovery services to ensure the recipient's
operations can continue during and after a cyberattack. 84 FR 55735-
55736 (Oct. 17, 2019). Additional examples are in this final rule.
---------------------------------------------------------------------------
We are not finalizing a risk assessment condition (described in
more detail in section III.B.8.g), but parties remain free and are
encouraged as a general matter to obtain a risk assessment to evaluate
their cybersecurity needs. We are finalizing a condition whereby donors
may not directly take into account the volume or value of referrals or
other business generated between the parties when determining the
eligibility of a potential recipient for donated technology or
services, or the amount or nature of the technology or services to be
donated. This should address the concern regarding parties that
improperly use the safe harbor for donations to entice new business.
Comment: Another commenter suggested that in cases where
cybersecurity is built into software that gives physicians access to a
hospital's computer system, the technology and services should be
deemed to be necessary and used predominantly to implement and maintain
cybersecurity.
Response: Software that gives physicians access to a hospital's
computer system may be protected if it meets all conditions of the safe
harbor. However, software that has multiple functions, one of which is
cybersecurity, would not meet the necessary and predominant use
standard in the introductory paragraph at 1001.952(jj). Conversely, if
software has multiple functions but cybersecurity is the predominant
function, then that software may be eligible for protection under this
safe harbor. Available safe harbor protection of specific software
would require an analysis of the facts and circumstances specific to
particular arrangement. The advisory opinion process remains available
for parties that seek an individualized determination from our office.
Comment: A commenter representing the dental industry urged OIG to
permit, with appropriate safeguards, both nonmonetary donations and
monetary remuneration for the purchase of cybersecurity technologies
and services. The commenter suggested that permitting monetary
remuneration in appropriate circumstances could help alleviate the
final rule's unintended adverse effects on competition, such as when a
donor wishes to supply cybersecurity technology to two competing small
providers, and one of the small providers has already purchased the
technology but the other has not. The commenter asserted that
protecting monetary reimbursement to the first provider and an in-kind
donation to the second provider would be fairer than protecting a
donation to one competitor and not the other.
Response: We respectfully disagree with the suggestion to protect
monetary remuneration or reimbursement for cybersecurity technology and
services. As explained elsewhere in this final rule, we view cash and
cash-equivalent remuneration to potential referral sources as
inherently higher risk under the Federal anti-kickback statute and the
Beneficiary Inducements CMP. We also highlight that the example
provided by the commenter likely would not satisfy the other conditions
of this safe harbor even if it protected monetary remuneration in the
form of reimbursement. For instance, reimbursing a provider for
technology and services already obtained by a provider would not
satisfy the condition that the donation be necessary and predominantly
used to implement, maintain, or reestablish effective cybersecurity. In
particular, if the recipient already has an effective cybersecurity
program, any monetary reimbursement likely would be viewed as
duplicative and not used to implement, maintain, or reestablish
effective cybersecurity, in addition to being outside the scope of
remuneration protected by this safe harbor, which is limited to in-kind
remuneration.
Comment: A commenter suggested that the scope of permissible
cybersecurity services under paragraph 1001.952(jj)(1) should be broad
and varied, provided that the donated services substantially further
the interests of strengthening cybersecurity for the end user. The
commenter agreed with our proposal that donors should have the
discretion to choose the level of cybersecurity technology and services
they donate to physicians (or other health care providers) based on a
risk assessment of the potential recipient or based on the risks
associated with the type of interface between the parties.
Response: We are not adopting the commenter's suggestion. Requiring
the donation to be necessary and used predominantly to implement,
maintain, or reestablish effective cybersecurity is an appropriate
safeguard that limits safe harbor protection to the legitimate
cybersecurity needs of donors and recipients.
[[Page 77817]]
a. Protected Donors
Summary of OIG Proposed Rule: We did not propose in regulatory text
to restrict the types of individuals and entities that may qualify for
protection under this safe harbor as donors, but we indicated that we
were considering some restrictions. We solicited comments on whether
particular types of individuals and entities should be ineligible for
protection under the safe harbor.
Summary of Final Rule: We are finalizing a policy to protect all
donors, without any limitations on the type of individual or entity
donating cybersecurity technology and services, as long as the other
conditions of the safe harbor are satisfied.
Comment: A number of commenters recommended that the safe harbor
protect a broad range of donors, with commenters suggesting that
limitations on donors could stifle advances in care coordination,
health information security, or both. Commenters stated that other
conditions of the safe harbor, including the written agreement
requirement and restrictions on taking into account referrals, would
effectively safeguard against potential abuses. Commenters provided a
number of examples of entities encompassing a range of stakeholder
types that desire to make cybersecurity donations. A commenter
highlighted potential industry confusion regarding whether the proposed
safe harbor would protect donations by cybersecurity vendor firms to
patients and requested clarification that such donations do not
implicate the Federal anti-kickback statute.
Response: We agree with the commenters who urged protection for a
broad range of donor entities and individuals, and we are finalizing an
agnostic approach to the types of individuals and entities that may
donate technology and services protected by this safe harbor. The need
to improve the cybersecurity posture of the health care industry is
paramount to restrictions on donors traditionally found in other safe
harbors, such as paragraph 1001.952(y). Donations of cybersecurity
technology and services are self-protective measures the industry can
take because a cybersecurity breach to a recipient's system can have a
devastating impact on the donor and others connected to its system.
As we stated in the OIG Proposed Rule, the donor-type restrictions
included in the EHR safe harbor at paragraph 1001.952(y) are necessary
in that safe harbor and distinguishable from the cybersecurity safe
harbor because donations under the EHR safe harbor facilitate the
exchange of clinical information between a recipient referral source
and the donor, and present a greater risk that the donation is for the
donor to secure additional referrals from the recipient or otherwise
influence referrals or other business generated. We are confident that
the other safeguards in this safe harbor appropriately address the
risks associated with permitting parties to donate valuable technology
and services to potential referral sources such that a limitation on
the scope of protected donors is not necessary.
In response to the comment inquiring about donations from
cybersecurity vendor firms, such donations may not implicate the
Federal anti-kickback statute or the Beneficiary Inducements CMP (e.g.,
when the donor is not in a position to induce, influence, or even
receive referrals of Federal health care program business or to
influence a beneficiary's selection of a particular practitioner,
provider, or supplier). Any analysis of donations by cybersecurity
vendor firms would require an evaluation of the facts and circumstances
to determine whether the Federal anti-kickback statute or the
Beneficiary Inducements CMP is implicated.
Comment: Several organizations representing individuals and
entities in the laboratory industry recommended making laboratories
ineligible as protected donors. For example, a commenter stated that
the same concerns surrounding inclusion of pathology practices and
laboratories under the EHR safe harbor apply to cybersecurity
donations. According to a commenter, when laboratories were protected
donors under the EHR safe harbor, physicians implicitly or explicitly
conditioned referrals on EHR donations, and EHR vendors encouraged
physicians to request more costly EHR software and services from
laboratories, putting laboratories in an untenable position. The
commenter expressed concern that the same could happen with
cybersecurity donations if laboratories were protected under this safe
harbor. Another commenter added that protecting laboratories and
pathology practices under the safe harbor could negatively affect
access to health care services, quality, competition, costs to Federal
health care programs, and utilization, and that the proposed condition
related to the volume and value of referrals would not sufficiently
curb the risk of abuse.
Response: We appreciate the concerns raised by commenters
representing the laboratory industry, particularly in light of the
industry's experience with the EHR safe harbor. As finalized, the
cybersecurity safe harbor does not contain any limitations on the type
of individual or entity eligible for protection. All individuals and
entities, including laboratories, play a role in protecting the health
care ecosystem from cybersecurity threats. The promulgation of this
regulation, however, does not require laboratories to donate
cybersecurity technology or services, nor does it restrict laboratories
from charging fair market value for any cybersecurity technology and
services furnished.
To address the concerns about potential recipients conditioning
referrals on donations, we are finalizing a condition at paragraph
1001.952(jj)(1)(ii) that prohibits recipients from conditioning
referrals and future business on a cybersecurity donation. Donations or
solicitations of cybersecurity technology and services conditioned on
business or in exchange for Federal health care program referrals would
not be protected by this new safe harbor and would be highly suspect
under the Federal anti-kickback statute.
b. Permitted Recipients
Summary of OIG Proposed Rule: The proposed safe harbor would
protect donations of cybersecurity technology and related services to
any individual or entity without limitation, including when the
recipient is a patient. We indicated that we were considering whether
additional or different safeguards would be appropriate, particularly
when the recipient is a patient, and solicited comments on this topic.
Summary of Final Rule: We are finalizing, without modification, our
proposal to protect donations of cybersecurity technology and related
services to any individual or entity without limitation and without any
additional or different safeguards for any recipient.
Comment: A number of commenters agreed with the proposal to protect
all potential recipients of cybersecurity donations, including
patients. A commenter stated that it is valuable to provide patients
with a limited amount of cybersecurity protection to protect patient
medical records, particularly as patients and providers become more
interconnected. Another commenter recommended protecting donations to
patients to facilitate secure transmission of data from devices
prescribed to patients and secure communication between the patient and
the health care provider. A commenter noted that with the expected
increase of patient-generated health data there will be an increased
need to ensure that all data
[[Page 77818]]
sources and endpoints, including remote monitoring systems used by
patients, use good cybersecurity practices.
Response: We agree with commenters that the scope of protected
recipients should be unrestricted and should include patients; in
particular, cybersecurity donations to patients can serve as a valuable
tool in protecting health information, devices, and communications in
an increasingly interconnected environment.
Comment: Commenters suggested additional safeguards to ensure
prevention of fraud and abuse with respect to donations to patients
including: (i) A monetary limit on the donation; (ii) measures that
would limit the donation to something the patient does not already
possess; and (iii) restrictions against any type of multifunctional
software or device. Another commenter perceived, with the growth of
application programming interface (API) connections, a need to use
techniques such as those outlined by the Open Web Application Security
Project (OWASP) to protect the confidentiality and integrity of the
patient's health record. Conversely, another commenter suggested that
it is unlikely that a patient would be incentivized to seek treatment
from a provider solely because of the offer of cybersecurity protection
due to the limited nature of these cybersecurity donations.
Response: We believe that the final rule has appropriate safeguards
against fraud and abuse with respect to donations to patients without
the addition of conditions specific to such donations. For example, we
are finalizing the restrictions against donors and recipients
conditioning referrals and other business on cybersecurity donations.
We also are finalizing the requirement in the introduction paragraph to
1001.952(jj) that a donation be necessary and used predominantly for
cybersecurity purposes, as explained in more detail section III.B.8.b.
If a patient already possesses appropriate technology and services,
a donation of duplicative or equivalent technology and services likely
is unnecessary for cybersecurity purposes, and multifunctional
donations are unlikely to satisfy the predominant use standard. There
may be specific facts and circumstances in which the safe harbor would
protect replacement cybersecurity technology. For example, if a
potential recipient's technology is outdated and poses a security risk,
replacement cybersecurity technology would likely be necessary
depending on the specific facts and circumstances.
We have designed this safe harbor while recognizing the critical
need to protect patient data and privacy from cyberattacks. The safe
harbor conditions, as finalized, help ensure that cybersecurity
donations to patients address that critical need and mitigate the risk
of fraud or abuse stemming from such donations. Additional safeguards
specific to donations to patients are not needed. This safe harbor also
does not change other laws, regulations, or other requirements related
to the privacy and security of patient data. Parties seeking to donate
cybersecurity technology to a patient may have other obligations under
other laws to safeguard patient data.
The safe harbor does not require donations to meet specific
standards to protect patient data from cyberattacks or other
cybersecurity threats. Parties are free to choose the cybersecurity
technology or services that best meet their needs and achieve
cybersecurity goals as long as the donation meets all conditions of the
safe harbor. For example, while not required for safe harbor
protection, parties could elect to agree that any donated technology
must satisfy certain third-party standards, is certified by a third
party, or is certified or approved through another method to ensure the
donation can provide necessary cybersecurity safeguards. Voluntarily
meeting a third-party standard does not mean the donation is protected
by this safe harbor. To receive safe harbor protection, donated
technology or services must otherwise satisfy the conditions of the
safe harbor.
Comment: A commenter recommended that OIG consider limiting
recipients to those entities with an ``established relationship'' with
the donor, such that there is evidence that the donor and recipient
interface. The commenter offered as an example a requirement that a
physician practice has to have providers who are members of a health
system's medical staff in order for such practice to receive a
protected donation from the health system. For a protected donation by
a physician practice to a patient, the commenter suggested requiring
the patient be an ``established patient'' of the practice.
Response: For this cybersecurity safe harbor, we are not adopting
the commenter's recommendation to require an established relationship
between the donor and the recipient. Although we have incorporated a
similar ``established patient'' concept in the local transportation
safe harbor at paragraph 1001.952(bb), we believe such limitation might
work against the stated goal of this safe harbor to enable widespread
improvements to the cybersecurity of the connected health care
ecosystem through appropriate donations. We note that other safeguards
included in the final safe harbor, such as the requirement in the
introduction paragraph to 1001.952(jj) that the donation be necessary
and used predominantly to implement, maintain, or reestablish effective
cybersecurity, as well as restrictions against marketing or related to
the volume and value of referrals and other business generated, serve
to protect against the concerns addressed by the ``established
patient'' concept in other safe harbors, such as the local
transportation safe harbor, and are more workable for this safe harbor.
Comment: A commenter stated that donations of technology to a
patient may need to be treated differently from donations to a practice
or provider because any donation to a patient would rely on a single
software use license, which is difficult to implement and manage.
Furthermore, the commenter stated that a donation to a patient may
require additional services to implement such technology on patients'
devices, which is not practical to offer on a large scale. According to
the commenter, providers donating such technology may not have the
resources to provide support services to patients and may wish to
donate technical support services via third parties. But the commenter
highlighted that using third parties to provide such services may
create additional risks for providers and confusion for patients.
Response: We appreciate that cybersecurity technology and services
donations to patients involve different considerations, and we
anticipate that donors will evaluate those considerations before making
donations to patients. Safe harbors are voluntary, and providers are
under no obligation to donate cybersecurity technology and services to
patients or to structure arrangements to satisfy the conditions of the
safe harbor finalized here. As we stated in the OIG Proposed Rule,
protected donations may include services associated with installing and
updating cybersecurity software as well as cybersecurity training
services, such as training recipients on how to use the technology and
troubleshoot problems with the cybersecurity technology. The donor
could furnish such donated services on its own or contract with a third
party to furnish such services.
We reiterate that a donation to patients also must be necessary.
The determination of which cybersecurity technology and services are
necessary for patients likely will look much different than such
determination with
[[Page 77819]]
respect to health care entities. Patients' interaction with or access
to a health care provider's system or network is often more limited
than another health care provider's interaction or access. For example,
patients may interact or access a health care provider's system through
a patient portal or by authorizing a third party to access their
electronic health data through a mobile application. In those
instances, cybersecurity likely is built into the patient portal, the
authentication mechanism, or the API services used by the mobile
application. We expect that providers evaluating potential donations to
patients would take into account existing cybersecurity measures and
the nature of the patient's interaction with or access to systems when
determining whether any donation to the patient is necessary.
e. Definition of ``Cybersecurity''
Summary of OIG Proposed Rule: We proposed to define
``cybersecurity'' as the process of protecting information by
preventing, detecting, and responding to cyberattacks. The proposed
definition was derived from the National Institute for Standards and
Technology (NIST) ``Framework for Improving Critical Infrastructure
Cybersecurity'' (NIST CSF).\93\ We intended to define cybersecurity
broadly to avoid unintentionally limiting donations.
---------------------------------------------------------------------------
\93\ See NIST CSF, Version 1.1 (Apr. 2018), available at https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf.
---------------------------------------------------------------------------
Summary of Final Rule: We are finalizing this definition with
certain clarifications at paragraph 1001.952(jj)(5)(i).
Comment: Several commenters agreed with the proposed definition of
``cybersecurity,'' derived from the NIST CSF, and commenters generally
agreed that the final rule should include a broad definition to provide
sufficient flexibility. A commenter was generally supportive of the
definition of ``cybersecurity'' but believed it should include the
process of protecting information through ``identifying'' and
``recovering'' from cyberattacks, to account for the entire lifecycle
of a cyberattack. The commenter surmised that the addition of
``recovering'' would protect ``backup services'' that support
reestablishing cybersecurity and reduce the impact of ransomware
extortion. Relatedly, several commenters noted that the OIG Proposed
Rule omitted the word ``reestablish'' in the first condition at
paragraph 1001.952(jj)(1), making it inconsistent with the parallel
exception to the physician self-referral law as proposed by CMS.
Commenters urged OIG to adopt text that includes ``reestablish'' in
the first condition at paragraph 1001.952(jj)(1). Specifically, several
commenters recommended that paragraph 1001.952(jj)(1) read, ``[t]he
technology and services are necessary and used predominantly to
implement, maintain, or reestablish effective cybersecurity'' (emphasis
added). Commenters asserted that the inclusion of ``reestablish'' in
the safe harbor would make explicit that the safe harbor protects post-
incident activities, such as the donation of a consultant's time to
assist with conducting root cause analyses and identifying needed
procedural improvements.
Response: We agree that we should rely on the NIST CSF as a basis
to define ``cybersecurity'' and believe that this definition, as
finalized, provides sufficient flexibility while also providing an
appropriately defined scope of what is protected under the safe harbor
consistent with the goals of the safe harbor. As explained in the OIG
Proposed Rule, the goal of this definition is to broadly define
cybersecurity and avoid unintentionally limiting the scope of
donations. For this reason, we also removed the phrase ``certain types
of'' before ``cybersecurity technology and services'' from the initial
paragraph at 1001.952(jj) to avoid ambiguity; cybersecurity technology
and services that meet all conditions of the safe harbor are protected.
We are not adding additional terms to the definition because the
definition of ``cybersecurity'' is derived from the NIST CSF
glossary.\94\ We believe the use of the NIST CSF definition, in
combination with the conditions of this safe harbor, provides donors
and recipients needed flexibility while also mitigating the risks of
fraud and abuse. The NIST CSF is widely accepted across public and
private sectors, all types of industries, and international
organizations. It provides a commonly understood language for donors
and recipients seeking to use this safe harbor to improve their
cybersecurity posture. While this safe harbor does not condition
protection of donations on compliance with the NIST CSF, we encourage
potential donors and recipients to ensure a comprehensive, systematic
approach to identifying, assessing, and managing cybersecurity risks.
---------------------------------------------------------------------------
\94\ Id. at 45.
---------------------------------------------------------------------------
The additional terms suggested by commenters, such as
``identifying'' and ``recovering,'' also appear in the NIST CSF. The
NIST CSF organizes basic ``cybersecurity activities'' into five
functions: Identify, protect, detect, respond, and recover.\95\ The
definition of ``cybersecurity'' in this safe harbor likely would apply
to donations of cybersecurity technology and services that are used
predominantly and are necessary for these five functions and the
related subfunctions and cybersecurity outcomes that are part of the
NIST CSF. We have not been persuaded to adopt a more specific
definition of cybersecurity by incorporating specific terminology from
the NIST CSF and we are finalizing the definition as proposed for the
policy reasons explained above.
---------------------------------------------------------------------------
\95\ Id. at 6.
---------------------------------------------------------------------------
In response to commenters who said that the term ``reestablish''
was not in the first condition at paragraph 1001.952(jj)(1), we are
finalizing a clarification to extend protection to donations that are
necessary and used predominantly to implement, maintain or reestablish
effective cybersecurity. This change is reflected in the final version
of the initial paragraph for 1001.952(jj). As we noted in the preamble
to the OIG Proposed Rule, protected donations would include business
continuity software that mitigates the effects of a cyberattack and
data recovery services to ensure that the recipient's operations can
continue during and after a cyberattack. Additionally, as we stated in
the OIG Proposed Rule, we intend to align closely with the
corresponding CMS exception where appropriate.\96\
---------------------------------------------------------------------------
\96\ 84 FR 55734 (Oct. 17, 2019).
---------------------------------------------------------------------------
We note that the safe harbor does not, however, protect payments of
any ransom to or on behalf of a recipient in response to a cyberattack,
which we would not view as ``reestablishing'' effective cybersecurity
(nor would we view it as nonmonetary remuneration, as required for
protection under the safe harbor). Although we believe the proposal
sufficiently included this concept, for the reasons stated above we
have added the word ``reestablish'' in the final version of the
introductory paragraph to 1001.952(jj) to provide clarity and to align
with CMS's corresponding physician self-referral law exception for
cybersecurity donations.
Comment: A commenter applauded the definition of ``cybersecurity''
for being fairly broad and including donations of APIs. The commenter
requested, however, that the definition be modified to account for the
so-called three pillars of information security: Confidentiality of
information, integrity of information, and availability of information.
[[Page 77820]]
Response: We are not modifying the definition of cybersecurity. As
discussed previously, our intention was to broadly define
``cybersecurity'' and use terminology within an industry-recognized
standard. We believe the NIST CSF definition of cybersecurity meets
those policy goals.
We recognize, however, that the three pillars of confidentiality,
integrity, and availability of information are fundamental concepts to
cybersecurity. The NIST CSF similarly recognizes these pillars. An
outcome category under the ``protect'' function includes that data
``are managed consistent with the organization's risk strategy to
protect the confidentiality, integrity, and availability of
information.'' \97\ Therefore, the definition of ``cybersecurity,''
which includes ``the process of protecting information,'' accounts for
these principles while also providing flexibility and certainty to
donors as to the scope of protected cybersecurity donations.
---------------------------------------------------------------------------
\97\ See NIST CSF, Version 1.1, pg. 32 (Apr. 16, 2018) available
at https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf.
---------------------------------------------------------------------------
Comment: A commenter stated that the proposed definition of
cybersecurity seems oversimplified and is not comprehensive. The
commenter suggested that the definition of ``cybersecurity'' should be
inclusive of any unauthorized use, even without deliberate criminal
activity or a specific cyberattack, and recommended broadening the
definition accordingly. Another commenter noted that the proposed
definition of ``cybersecurity'' includes the term ``cyberattack,''
which the commenter found both vague and representative of only one
type of threat to electronic data. The commenter encouraged OIG to
adopt the definition found on the Department of Homeland Security (DHS)
website, which describes cybersecurity as ``the process of protecting
networks, devices, and data from unauthorized access or use and the
practice of ensuring confidentiality, integrity, and availability of
information.'' The commenter requested that any change to the
definition be employed consistently across other relevant safe harbors
(e.g., paragraph 1001.952(y)).
Response: We decline to modify the definition. First, the safe
harbor definition of ``cybersecurity'' does not limit donations of
cybersecurity technology and services to those that prevent only
criminal misconduct. The definition of ``cybersecurity'' is agnostic to
the intent--criminal or otherwise--of an ``unauthorized user.'' We also
believe the definition used in this final rule, derived from the NIST
CSF, is broad enough to address the commenter's concerns about
``unauthorized users'' as well as the definition from the DHS website.
Specifically, our final regulatory definition of ``cybersecurity'' is
broad enough to result in safe harbor protection for technology and
services that protect networks, devices, and data from unauthorized
access or use, including those that ensure the confidentiality,
integrity, and availability of information.
Comment: One commenter stated that the proposed definition of
``cybersecurity'' fails to capture all aspects of security controls
relevant to patient information, systems processing, or retention of
patient information. The commenter recommended the following definition
for cybersecurity: ``[p]revention of damage to, protection of, and
restoration of computers, electronic communications systems, electronic
communications services, wire communication, and electronic
communication, including information contained therein, to ensure its
availability, integrity, authentication, confidentiality, and
nonrepudiation; or the prevention of damage to, unauthorized use of,
exploitation of, and--if needed--restoration of electronic information
and communications systems, and the information they contain, in order
to strengthen the confidentiality, integrity, and availability of these
systems; or the process of protecting information by preventing,
detecting, and responding to attacks.''
Response: We are not adopting this suggestion. Notwithstanding, we
believe that the principles underlying the commenter's definition,
which are derived from NIST and other Federal Government sources,
generally are included in the definition of ``cybersecurity.'' Further,
we are not modifying the definition of cybersecurity as suggested by
the commenter because some of the commenter's proposed additions to
regulatory text could be misread to protect multifunctional equipment.
For example, ``restoration of computers, electronic communications
systems, electronic communications services, wire communication, and
electronic communication,'' could be misread by donors to protect
donations of multifunctional hardware and other multifunctional
donations (e.g., computers or entire communications systems) as part of
restoration efforts, which are not protected by this safe harbor. The
safe harbor protects donations of cybersecurity technology and services
that are necessary and used predominantly to implement, maintain, or
reestablish effective cybersecurity.
Comment: Several commenters suggested that OIG finalize a broad and
industry-neutral definition of ``cybersecurity'' to permit flexibility
for future changes, adaptions, and variations in the dynamic world of
cybersecurity. A commenter stated that the proposed safe harbor is
shortsighted and should include a more comprehensive definition of
potential technology solutions for cybersecurity attacks.
Response: We agree with commenters that the cybersecurity safe
harbor should be broad and rely on an industry-neutral definition.
Consequently, we are finalizing a definition derived from the NIST CSF.
The NIST CSF is industry agnostic and applies to any critical
infrastructure in the United States, which includes health care. We are
not using a definition that would incorporate specific technology
solutions for cyberattacks. Such an approach could make the safe harbor
definition obsolete as new cybersecurity technologies are developed and
implemented. We believe the broad, neutral definition finalized here
allows donors and recipients the flexibility to determine which
cybersecurity technology and services are necessary and predominantly
used to implement, maintain, or reestablish effective cybersecurity.
Additionally, we note that effective cybersecurity is broader than
technology solutions. Protected donations of cybersecurity technology
and services are just one component of cybersecurity. Regardless of the
conditions of this safe harbor, we encourage parties to consult
cybersecurity industry standards such as the NIST CSF to ensure a
comprehensive, systematic approach to identifying, assessing, and
managing cybersecurity risks.
f. Definitions of ``Technology'' and Protection of Hardware
Summary of OIG Proposed Rule: We proposed at proposed paragraph
1001.952(jj)(6) to define ``technology'' as any software or other type
of information technology, other than hardware. In the preamble to the
OIG Proposed Rule, we noted our concern about donations of valuable,
multifunctional hardware being disguised as payments for referrals, but
also recognized that some hardware may in fact be limited to
cybersecurity functionality, such as two-factor authentication dongles,
and indicated that we were considering including such hardware in the
safe harbor.
[[Page 77821]]
Summary of Final Rule: We are finalizing, with modification, our
proposed definition at paragraph 1001.952(jj)(5)(ii). Based on public
comments, the modified final rule provides that donations of certain
hardware will be permitted under the exception as long as the donation
satisfies the other conditions of the safe harbor. In particular, we
highlight that the introductory paragraph for 1001.952(jj) requires
that donations be necessary and used predominantly for effective
cybersecurity. In most cases, multifunctional hardware would not be
used predominantly for effective cybersecurity and thus would fall
outside the scope of protection of this safe harbor.
Comment: Some commenters agreed with using the NIST CSF as a basis
for the definition of ``technology'' and recommended that any final
regulation allow sufficient latitude for various types of technology
classifications (software and certain hardware components) and not be
limited to a one-size-fits-all paradigm. Some commenters agreed with
excluding hardware from the definition of ``technology'' and,
therefore, from protection under this safe harbor, citing program
integrity risks. A large number of commenters objected to the exclusion
of hardware from the definition of ``technology.'' Many commenters
highlighted that the line between hardware, software, services, and
other technology that is neither hardware, software, nor a service, is
increasingly blurred and such technologies are often packaged together
as a bundle. Others suggested that hardware donations are a
foundational requirement to operationalize cybersecurity best
practices. Some commenters noted that certain cybersecurity software
requires specific hardware and sought protection for such hardware. For
example, a commenter noted that firewalls involve the use of both
hardware and software and suggested that many clinicians would not have
the technical knowledge to configure the firewalls. A commenter
recommended permitting donation of low-cost hardware and possibly
adding a dollar threshold that could not be exceeded for the total
donation.
Other commenters highlighted that failing to extend safe harbor
protection to multifunctional cybersecurity hardware (or software)
would limit the utility of the safe harbor because cybersecurity
technology often is not standalone in nature. Commenters provided
examples of multifunctional hardware they deemed beneficial to
cybersecurity hygiene, such as encrypted servers, encrypted drives,
upgraded wiring, physical security systems, fire retardant or warning
technology, and high-security doors.
Response: Consistent with our solicitation of comments in the OIG
Proposed Rule and in careful consideration of the responses from
commenters, this final rule expands the definition to include certain
hardware. To receive safe harbor protection, donations of such hardware
must satisfy all of the conditions of the safe harbor, and specifically
the requirement that the hardware be necessary and used predominantly
to implement, maintain, or reestablish effective cybersecurity. We
intend this condition to make donations of multifunctional hardware
ineligible for safe harbor protection in most cases, even if such
hardware is low-cost, because such donations likely would not satisfy
the predominant use condition. For instance, some of the examples
provided by commenters would not satisfy the predominant use standard
because by design they have functions that extend well beyond
cybersecurity, including servers, drives, upgraded wiring, physical
security systems, fire retardant or warning technology, and high-
security doors. For example, although the donation of an encrypted
server might improve the recipient's cybersecurity, the server likely
would not be used predominantly for effective cybersecurity because the
recipient is likely to use it predominately for other purposes, such as
hosting its computing infrastructure. We note, however, that the safe
harbor protects services, including installing cybersecurity software.
Therefore, if an entity donates cybersecurity software, it can also
install and configure such software on a recipient's system. We do not
believe a monetary cap is necessary for this safe harbor.
Comment: A number of commenters urged OIG to expand protection for
single-function hardware technologies that have limited or no
functionality outside of cybersecurity, such as computer privacy
screens, two-factor authentication dongles and security tokens, facial-
recognition cameras for secure access, biometric authentication, secure
identification card and device readers, intrusion detection systems,
data backup systems, and data recovery systems. Some commenters opposed
any such expansion.
Response: We agree with commenters that certain hardware is limited
to cybersecurity uses and, as stated above, have finalized the
definition of ``technology'' so that safe harbor protection includes
such hardware. However, in order to receive safe harbor protection,
donations of hardware must satisfy all of the conditions of the safe
harbor and, specifically, the predominant use requirement in the
initial paragraph to 1001.952(jj). Some of the examples provided by
these commenters including computer privacy screens, two-factor
authentication dongles, security tokens, facial-recognition cameras for
secure access, biometric authentication, secure identification card and
device readers, intrusion detection systems, data backup, and data
recovery systems could be protected by the safe harbor if all
conditions of the safe harbor are satisfied because their functionality
could be predominantly for effective cybersecurity.
We are not finalizing the additional proposed condition that would
have required donors and recipients to conduct a risk assessment prior
to donating hardware as a means of attaining safe harbor protection for
hardware. As finalized, the safe harbor protects hardware donations the
same way that software and service donations are protected, that is by
meeting all conditions of the safe harbor.
Comment: A commenter explained that it is important for OIG to
recognize and make clear that typically it is not the actual software
that is purchased by providers because the software is owned by the
vendor. Instead, providers purchase the rights to use the software,
which is accomplished through licensing. Therefore, with regards to
donations, the software itself will not be donated; it will be the
license to use that software. The commenter also recommended allowing
installment and repairs to be among the types of technology and
services, the donation of which is protected by the safe harbor.
Response: We also recognize that in some instances, providers
purchase the rights to use the software, which is accomplished through
licensing, and donate that use or license rather than the software
itself. Donating such licenses can be protected under this safe harbor
in the same way that donating software is protected, if all conditions
of the safe harbor are met. We also agree with the commenter that
installment and repairs can be included among the protected technology
and services, provided that the donations of such installment and
repairs squarely satisfy the safe harbor's conditions, including that
the donation is necessary and used predominantly to implement,
maintain, or reestablish effective cybersecurity.
g. Alternate Proposal
Summary of OIG Proposed Rule: We included an alternate proposal to
allow parties to donate hardware, subject to
[[Page 77822]]
the other conditions of the proposed safe harbor, if such hardware is
reasonably necessary based on a risk assessment of the donor and
recipient.
Summary of Final Rule: We are not finalizing this alternate
proposal.
Comment: Several commenters supported including hardware and did
not agree that a risk assessment should be required for protected
donations of hardware. A commenter observed that while donors should be
free to require and even donate a cybersecurity risk assessment,
adopting such a requirement to protect donations of hardware could slow
the proliferation of cybersecurity technology. A commenter objected to
requiring a written risk assessment from either party, or in multiparty
arrangements from any party. Another commenter stated that OIG should
not adopt a security framework tying cybersecurity technology to
particular industry standards and should not require the preparation of
special security risk assessments or management documents. Instead, the
commenter recommended that OIG recognize any safeguard that advances
the HIPAA security standards.
Response: For the reasons stated above, we are not finalizing this
alternative proposal. Parties may have other legal obligations to
conduct risk assessments, and this safe harbor does not affect any such
requirements. Furthermore, we are not requiring cybersecurity
technology and service donations to meet specific standards. Parties
also remain free to donate cybersecurity risk assessments under this
safe harbor if all of the other conditions are satisfied. Parties are
encouraged to perform risk assessments to determine donor and recipient
vulnerability to cyberattacks and to assist in creating their own
cybersecurity programs.
Comment: Several commenters recommended requiring a risk assessment
to receive protected hardware or other donated cybersecurity products
for various reasons. For example, a commenter highlighted that a risk
assessment can determine what type of protection is needed when there
are vulnerabilities and ensure that the cybersecurity product is
effective once implemented. A commenter requested that it not be a
requirement for the recipient to perform any risk assessment, as they
may not have the appropriate knowledge and expertise to do so. Instead,
the commenter suggested that the recipient have the option to perform
the risk assessment if they have the knowledge and expertise to do so;
otherwise, it could be completed by the donor or a qualified third
party.
Several commenters suggested that any definition or scope of ``risk
assessments'' should rely on definitions set out by NIST publications
and further suggested that OIG should rely on the comprehensive NIST
definition. Some commenters requested that OIG provide template risk
assessment documentation.
A commenter suggested that parties be required to maintain the
initial risk assessment, which could be used to compare the
``baseline'' risk assessment to a future risk assessment to help
understand whether any previously identified gaps were resolved.
Response: For reasons previously stated, we are not requiring a
risk assessment as a condition of this safe harbor. We agree that
cybersecurity risk assessments are valuable tools that can evaluate
vulnerabilities and identify cybersecurity solutions, and parties
remain free to obtain such risk assessments, or to donate them as long
as the conditions of this safe harbor are met. For example, one method
parties might use to establish that a donation was necessary for
cybersecurity is to utilize findings from a legitimate risk assessment
to demonstrate that a recipient had a vulnerability that was necessary
to mitigate.
h. Scope of Protected Technology and Services
Summary of OIG Proposed Rule: We proposed to protect a broad range
of technology and services, excluding hardware, and solicited comments
on this approach.
Summary of Final Rule: We are finalizing protection for a broad
range of technology and services, including certain hardware. We
provide additional clarity on the scope of this protection and several
examples below.
Comment: Most commenters recommended that we finalize protection
for a broad range of donations, and some requested specific language or
clarifications. In particular, several commenters asked OIG to consider
the implications of cloud-based and subscription-based products and
services. Another commenter requested OIG provide clarity related to
the scope of protected donations through examples of the types of
software and services allowed (e.g., provision of a full-time
cybersecurity officer). Some commenters also noted that a
cybersecurity-specific help desk may not be realistic and recommended
that OIG protect donations of general help desk services, whether
through the donor's IT department or the vendor's help desk services. A
commenter urged OIG to protect patches and software updates.
Response: As finalized, the safe harbor protects donations of a
broad range of cybersecurity technology and services. This includes
certain cybersecurity hardware, as discussed above, as well as a
multitude of cybersecurity services and technology. Cybersecurity
services and technology would include both locally installed
cybersecurity software and cloud-based cybersecurity software,
including patches and updates of such software or patches and updates
of other software or programs if the patch or update is predominantly
for cybersecurity purposes. Protected donations, however, are
constrained by the initial paragraph to 1001.952(jj), which requires
that the donation is necessary and used predominantly to implement,
maintain, or reestablish effective cybersecurity. This safe harbor is
intended to cover a wide range of cybersecurity technology and services
that have specific functionality, as constrained by the initial
paragraph for 1001.952(jj). This approach means that most technology
and services that include cybersecurity as one function of multiple
functions will not be protected by this safe harbor. For instance,
depending on the facts and circumstances of a particular arrangement,
donating a virtual desktop that includes access to programs and
services beyond cybersecurity software likely would not be protected
because the donation likely would include functions not necessary and
predominantly used to implement, maintain, or reestablish effective
cybersecurity, such as claims and billing applications. We explicitly
decided not to protect technology or services that may provide some
beneficial cybersecurity effects as one feature of a broader suite of
services because that broad scope of protection could apply to nearly
any technology or service. We believe such a broad scope of protection
under this safe harbor would elevate the risk that valuable donations
could improperly influence the recipient. Understanding those
tradeoffs, we conclude that the significant need for the health care
system to improve cybersecurity is better served by this safe harbor
only protecting cybersecurity technology and services that have
specific functionality, as constrained by the initial paragraph to
1001.952(jj), but with fewer other conditions that would limit certain
aspects of a donation (e.g., a monetary cap on the value of a
donation).
Donors and recipients that would like to protect the donation of
technology or services that are not necessary or are
[[Page 77823]]
used predominantly to implement, maintain, or reestablish cybersecurity
should assess those potential arrangements under the Federal anti-
kickback statute as well as other potentially applicable safe harbors,
such as the EHR safe harbor at paragraph 1001.952(y). Alternatively,
the advisory opinion process remains available to parties seeking a
legal opinion regarding the scope of the safe harbor as applied to a
specific set of facts and circumstances.
For the same reasons, we are not extending protection for donations
of general IT help desk services because cybersecurity is not the
predominant use of such services. However, we are aware of
cybersecurity-specific software and services that include customer
service and help desk features for cybersecurity assistance. Such help
desk services, if they are necessary and predominantly used for
implementing, maintaining, or reestablishing cybersecurity, could meet
the introductory paragraph for 1001.952(jj) and may be protected by
this safe harbor if all other conditions are met. Relatedly, donating
services through a donor organization's primary service desk or IT help
desk, limited to reporting cybersecurity incidents, could satisfy this
requirement because the service or help desk responsibilities would be
used predominately for cybersecurity incident reporting. Staffing a
recipient's practice with a full-time cybersecurity officer, however,
would only be protected by this safe harbor if that officer's duties
were used predominately for implementing, maintaining, or
reestablishing effective cybersecurity and were necessary. If the
officer performed general information technology services or provided
other non-cybersecurity value to the recipient's business, then the
donation may not meet the requirements in the initial paragraph for
1001.952(jj).
Comment: A commenter asked OIG to clarify that services such as
assurance, assessment, and certification programs that incorporate
cyber-risk management could receive safe harbor protection.
Response: To the extent the assurance, assessment, and
certification programs that incorporate cybersecurity risk management
suggested by the commenter satisfy all of the conditions of the safe
harbor, including the requirements in the initial paragraph for
1001.952(jj), they could be protected. We note, however, that if
cybersecurity is just one component or feature of the assurance,
assessment, and certification programs referenced by the commenter,
then the other features are not likely to be necessary and used
predominantly to implement, maintain, or reestablish effective
cybersecurity, and the cybersecurity safe harbor would not protect the
referenced services, although they could be protected under another
safe harbor.
Comment: A commenter expressed concern that the OIG Proposed Rule
would create separate safe harbors for various types of technology,
resulting in a piecemeal approach to tools that must work together to
drive care coordination. The commenter urged OIG to broaden the
cybersecurity items and services safe harbor and the EHR safe harbor to
be flexible enough to protect technology that can help facilitate the
movement to value-based care. Several commenters specifically
recommended that any final cybersecurity safe harbor protect data
analytics and reporting functionalities. Another commenter asked that
OIG clarify that arrangements involving sharing data and technology,
including cybertechnologies that keep the data secure, are not illegal
remuneration when used for care coordination purposes.
Response: We recognize that multiple safe harbors may protect
various types of technology donations. Several safe harbors finalized
elsewhere in this final rule protect certain remuneration to facilitate
care coordination and the transition to value-based care, such as the
value-based safe harbors at 1001.952(ee)-(gg). Data analytics,
reporting functionalities, and other information technology used to
facilitate the movement to value-based care may be protected under
these safe harbors, provided the arrangement squarely satisfies the
conditions of any applicable safe harbor. However, we note that
cybersecurity items in and of themselves likely would not meet the
definition of the ``coordination and management of care,'' as explained
in the preamble above. Relatedly, data analytics and other information
technology, when coupled with a cybersecurity donation, would not meet
the requirement that the donation be necessary and used predominantly
to implement, maintain, or reestablish effective cybersecurity.
We emphasize that arrangements involving sharing data could
potentially involve remuneration that implicates the Federal anti-
kickback statute. For instance, while standing on its own, basic
sharing of patient records for purposes of care coordination or
treatment of patients is unlikely to implicate the statute, the
provision of data analysis, data aggregation, or other services of
independent value to the recipient likely would be the sort of
remuneration that implicates the statute. Any assessment of Federal
anti-kickback statute implications, available safe harbor protection,
and potential liability under the statute, would require an analysis of
the facts and circumstances specific to the particular arrangement.
Data analytics and other information technology that may be
protected by the value-based safe harbors at 1001.952(ee)-(gg) can
include built-in cybersecurity protections. For example, those safe
harbors do not require the data analytics software to be free from
cybersecurity protections to meet their conditions. Such software might
normally include security features, such as a secure login and
authentication, as part of the normal software development and could be
protected by the value-based safe harbors, depending on the facts and
circumstances.
Where parties seek safe harbor protection for the donation of
technology, parties do not need to protect separate functions of that
technology under different safe harbors if the donation meets the terms
of a single safe harbor. This cybersecurity safe harbor is intended
only to protect cybersecurity technology and services. Other safe
harbors protect donations that may include cybersecurity features as
part of a broader donation, without regard to whether the cybersecurity
features would meet the requirements of the cybersecurity safe harbor
(e.g., a donation of data analytics software that includes
cybersecurity features may be protected by the value-based safe harbors
at 1001.952(ee)-(gg), or an EHR system with cybersecurity features may
be protected by the EHR safe harbor at 1001.952(y)).
Unless the data analytics and reporting functionality is
predominantly used to analyze and report on cybersecurity threats or
attacks (rather than more broadly facilitating the movement to value-
based care), then it typically would not satisfy the initial paragraph
for 1001.952(jj), which requires that the cybersecurity donation be
necessary and used predominantly to implement, maintain, or reestablish
effective cybersecurity.
Comment: A commenter recommended that OIG clarify the scope of what
the cybersecurity technology and services must protect, such as
cybersecurity to protect electronic health records, medical devices, or
other information technology that uses, captures, or maintains
individually identifiable health information. The commenter stated that
the proposed safe harbor was silent as to the ``object'' of the
cybersecurity protection and an explicit statement setting broad
parameters about the purpose of
[[Page 77824]]
donated cybersecurity technology and services would provide guidance
and cover future technology advances. Another commenter encouraged OIG
to permit donations related to medical device cybersecurity, which the
commenter identified as a growing area of vulnerability. The commenter
posited that promoting the security of medical devices would create
added protection for patient privacy and safety.
Response: We are not defining the ``object'' or ``subject'' of the
cybersecurity protection. The safe harbor protects a wide range of
cybersecurity technology and services that are necessary and used
predominantly to implement, maintain, or reestablish effective
cybersecurity. If all other conditions of the safe harbor are
satisfied, this could include cybersecurity donations in connection
with medical devices, EHR, and other information technology.
Comment: A commenter supported the inclusion of a broad array of
cybersecurity services as part of the safe harbor, including numerous
examples from the OIG Proposed Rule. In addition, the commenter
recommended adding services to the list included in the OIG Proposed
Rule, such as consulting services deployed not to conduct only a risk
assessment or analysis, but to work with the practice to develop and
implement specific cybersecurity policies and procedures. The commenter
also suggested protection for subscription fees to vendor security
products that assist practices in developing policies and procedures in
support of a risk assessment. Another commenter requested that OIG
provide further examples of what would and would not be protected by
the safe harbor.
Response: We provided examples of items and services that would be
protected by this safe harbor in the preamble to the OIG Proposed Rule
that are still valid under the final rule and provide additional
examples in this final rule.\98\ The examples included in the OIG
Proposed Rule apply to the safe harbor, as finalized, and continue to
illustrate the scope of the technology and services potentially
protected by the safe harbor. We emphasize that we intend for the safe
harbor to protect a broad array of technology and services. Donations
of services that meet all conditions of this safe harbor would be
protected. That would include donations where the donor arranges for or
otherwise pays for third-party vendors or consultants to provide
cybersecurity services that are necessary and used predominantly to
implement, maintain, or reestablish effective cybersecurity. We note,
however, that reimbursing a recipient or providing monetary
remuneration for such services would not be protected by this safe
harbor because the safe harbor only protects nonmonetary remuneration.
---------------------------------------------------------------------------
\98\ 84 FR 55735-6 (Oct. 17, 2019).
---------------------------------------------------------------------------
The advisory opinion process remains available for parties seeking
a legal opinion regarding the scope of the safe harbor as applied to a
specific set of facts and circumstances.
Comment: A commenter asked OIG to include protection for
implementation, management, and remediation services within the scope
of this safe harbor, as these will fully optimize donations.
Response: The safe harbor would protect donations that include
implementation, management, and remediation services, including those
provided through a third party, if all conditions of the safe harbor
are satisfied. As we stated in the OIG Proposed Rule, the safe harbor
may protect services such as developing, installing, and updating
cybersecurity software, and training recipients how to use it. We also
stated in the OIG Proposed Rule that ``cybersecurity as a service'' may
be protected, which includes third-party services for managing and
monitoring the cybersecurity of a recipient.
Comment: While many commenters expressed concern about the
effectiveness of the safe harbor if it does not protect a broad scope
of technology and services, other commenters recommended limiting the
scope of protected technology and services. A commenter noted that
effective cybersecurity protection could require a whole suite of
services, such as active management, monitoring, and developing an
effective response system if an issue arises, and it may not be
possible for an outside entity to provide such a broad range of
services.
Response: This safe harbor protects a wide range of cybersecurity
technology and services that satisfy the conditions of the safe harbor.
It is intended to remove one actual or perceived barrier to improving
the cybersecurity posture of the health care industry. While this safe
harbor does not and cannot solve all cybersecurity issues for the
health care industry, OIG believes that cybersecurity donations are
just one tool that the health care system can use to improve its
cybersecurity. We encourage providers and other actors to engage in
other cybersecurity efforts, consistent with industry standards and
applicable laws, to improve the cybersecurity of the entire health care
system.
i. Monetary Cap
Summary of OIG Proposed Rule: We solicited comments on whether the
safe harbor should include a monetary value limit on the total amount
of donations that a donor can make to a recipient.
Summary of Final Rule: We are not finalizing a condition imposing
any monetary limit.
Comment: A commenter recommended that if the final safe harbor
protects hardware, OIG should not impose any cap on the value of the
donated hardware. Another commenter encouraged OIG to finalize the safe
harbor without imposing a monetary limit on the value of applicable
remuneration. Some commenters recommended a cap as a potential
safeguard.
Response: We are not finalizing any monetary cap on the value of
remuneration protected by this safe harbor. We believe most
cybersecurity donations are made for purposes of self-preservation from
the risk of cyberattack. Therefore, donors are incentivized to donate
what is required to achieve effective cybersecurity and not make
excessive donations beyond the scope of what is needed to protect
themselves. Furthermore, the initial paragraph for 1001.952(jj) limits
donations of technology and services to those necessary and used
predominantly to implement, maintain, or reestablish cybersecurity,
which also serves to limit any excessive value of donations. The
conditions at paragraphs 1001.952(jj)(1) and (2) ensure that the
cybersecurity safe harbor does not protect donations that are tied to
Federal health care program referrals or are otherwise conditioned on
Federal health care program business. These conditions help mitigate
the risk that more valuable donations may lead to more referrals or
future business.
The threat-reduction purpose of cybersecurity technology and the
conditions of the safe harbor work together to limit the risk of fraud
or abuse caused by improper donations and a monetary cap is not needed
for the cybersecurity safe harbor.
j. Deeming Provision
Summary of OIG Proposed Rule: We solicited comments on whether to
create a provision in the final rule that would allow donors and
recipients to demonstrate compliance with the condition at paragraph
1001.952(jj)(1) by meeting certain additional standards. Specifically,
we suggested a ``deeming provision'' that would allow donors or
recipients to demonstrate that the donation satisfies proposed
paragraph
[[Page 77825]]
1001.952(jj)(1) if it furthers a recipient's ability to comply with a
written cybersecurity program that reasonably conforms to a widely
recognized framework or set of standards, such as one developed or
endorsed by the National Institute of Standards and Technology (NIST)
or another American National Standards Institute-accredited standards
body, such as the International Organization for Standardization.
Summary of the Final Rule: We are not finalizing a ``deeming
provision.''
Comment: A number of commenters supported the inclusion of a
``deeming provision'' in the final rule and offered suggestions on how
to implement such a provision. Several commenters suggested that the
``deeming provision'' should apply if the donation furthers a
recipient's compliance with a written cybersecurity program that
reasonably conforms to a widely recognized cybersecurity framework,
such as one developed by NIST, or guidelines developed by the
Department of Health and Human Services Office for Civil Rights (OCR)
in collaboration with the Office of the National Coordinator for Health
Information Technology (ONC). One commenter recommended that any
reference to cybersecurity standards, frameworks or risks be based on
existing independent frameworks, ideally drawn from NIST standards.
Response: We are not finalizing a ``deeming provision'' for the
cybersecurity safe harbor. We are concerned that a deeming provision
could have the inadvertent effect of protecting multifunctional
hardware, software, or other technology and services because the
donation conforms to a written cybersecurity protocol following
industry standards. Specifically, if a donor or recipient were to
demonstrate that a donation of hardware furthered its compliance with a
written cybersecurity program that includes items such as laptops,
servers, or other types of multifunctional hardware, parties may use
the ``deeming provision'' in attempting to protect hardware that is not
necessary or used predominantly to implement, maintain, or reestablish
effective cybersecurity. Although we are not finalizing a voluntary
``deeming provision,'' parties are encouraged to consider implementing
cybersecurity programs that follow widely recognized industry
frameworks. Parties may also voluntarily include their own standards to
apply to donations.
However, even if donations further compliance with a written
cybersecurity program that is consistent with a widely recognized
industry cybersecurity framework or a party's own standards, that does
not automatically mean that any cybersecurity donation is ``deemed''
necessary or used predominantly to implement, maintain, or reestablish
effective cybersecurity. Parties should undertake a careful analysis of
any donations for which they seek safe harbor protection to ensure
compliance with all conditions of the safe harbor.
Comment: Some commenters urged that any reference to standards or
frameworks used in any ``deeming provision'' be illustrative and not
exclusive, so as to avoid unnecessary constraints and allow for the
application of future frameworks. Another commenter agreed with
inclusion of a ``deeming provision'' but recommended that such
provision remain voluntary. Several commenters objected to any
``deeming provision,'' noting that it would add an unnecessary burden
without providing any meaningful protection against fraud and abuse. A
commenter stated that physicians may struggle to understand what
``reasonable conformance'' looks like or when a framework or standard
is considered ``widely recognized.'' A commenter stated that a
stringent ``deeming provision'' could create additional barriers to
mitigating the risks of cybersecurity threats. One commenter sought
clarity on the ``deeming provision,'' asking whether the recipient must
show financial need to satisfy the ``deeming provision,'' and another
commenter supported a ``deeming provision'' when the cost of the
donation of technology and services exceeds a specified monetary limit.
Response: Safe harbors are voluntary; this safe harbor does not
require any individual or entity to offer free or discounted
cybersecurity technology or services, nor does it require any
individual or entity to structure any donations of cybersecurity
technology and services to satisfy the conditions of the safe harbor.
Notwithstanding, for the reasons stated above we are not finalizing a
``deeming provision'' in this safe harbor. We also agree with the
commenter that parties may struggle to understand what ``reasonable
conformance'' looks like or when a framework or standard is considered
``widely recognized.'' Without selection of one or more specific
frameworks, any ``deeming provision'' could be subject to manipulation.
Comment: One commenter suggested that OIG adopt the same ``deeming
provision'' that appears in the EHR safe harbor at paragraph
1001.952(y)(2).
Response: We decline to adopt the commenter's suggestion. The
``deeming provision'' included in the EHR safe harbor at paragraph
1001.952(y)(2) relates to donations of EHR items and services
satisfying the interoperability condition in paragraph 1001.952(y)(2)
using ONC Certification standards rather than the ``necessary and used
predominantly'' standard in this cybersecurity safe harbor. Therefore,
the commenter's suggested ``deeming provision'' is not applicable in
this context and, for the reasons stated above, we are not finalizing
any ``deeming provision'' in this safe harbor.
k. Volume and Value Condition
Summary of OIG Proposed Rule: We proposed at paragraph
1001.952(jj)(2) that donations would not be protected under this safe
harbor if donors directly take into account the volume or value of
referrals or other business generated between the parties when
determining the eligibility of a potential recipient for the technology
or services, or the amount or nature of the technology or services to
be donated. Donations also would not be protected if donors condition
donations of technology or services, or the amount or nature of the
technology or services to be donated, on future referrals. Similarly,
we proposed at paragraph 1001.952(jj)(3) that donations would not be
protected if the recipient or the recipient's practice (or any
affiliated individual or entity) makes the receipt of technology or
services, or the amount or nature of the technology or services, a
condition of doing business with the donor.
Summary of Final Rule: We are finalizing, without modification,
these conditions, but renumbering them as 1001.952(jj)(1) and (2).
Comment: Commenters generally supported the provision restricting
donors from directly taking into account the volume or value of
referrals or other business generated between the parties when
determining the eligibility of a potential recipient for the technology
or services, or the amount or nature of the technology or services
donated. Commenters also supported OIG's proposal that potential
recipients should not be permitted to condition future business with
the donor on the receipt of cybersecurity donations. A commenter
recommended that OIG set guardrails to ensure that industry
stakeholders do not donate cybersecurity in order to influence referral
patterns. Some commenters also agreed that OIG should not finalize a
list of selection criteria that, if met, would be deemed not to
directly take into account the volume or value of referrals or other
business generated between the parties, similar to the provision within
the EHR safe harbor at paragraph
[[Page 77826]]
1001.952(y)(5). A commenter agreed that donations of cybersecurity
technology and services do not present the same risks as donations of
EHR software and information technology. Thus, a list is unnecessary.
Response: We are finalizing paragraphs 1001.952(jj)(1) and (2) as
proposed. We agree with commenters who recommended that we not include
a list of selection criteria deemed not to directly take into account
the volume or value of referrals, similar to paragraph 1001.952(y)(5).
We agree with the commenter who described such a list as unnecessary.
Additionally, the safe harbor conditions we are finalizing, viewed in
their totality, guard against donations to influence referral patterns,
so additional guardrails are unnecessary.
Comment: A commenter representing hospitals and health systems
expressed concern that the provision of cybersecurity technology and
related services to physician practices could increase the risk of
fraud and abuse if the donations are used as a bargaining chip, thus
facilitating cost-shifting from entities in need of such services and
potential donors, rather than cooperation between the entities. Another
commenter representing the laboratory industry expressed concerns about
physicians starting or encouraging ``bidding wars'' between
laboratories, insinuating that the laboratory that offers or makes the
most generous donation will get the physician's referrals (and,
likewise, some laboratories in fact may act inappropriately and promise
a donation in exchange for future referrals).
Response: We acknowledge the commenters' concerns about
inappropriate donations designed to induce referrals. We are finalizing
paragraphs 1001.952(jj)(1) and (2) as proposed to preclude such conduct
from protection under this safe harbor. Like the commenters, we are
concerned about the ``bargaining chip'' and ``bidding war'' scenarios,
and we emphasize that donors that condition donations on referrals--and
potential recipients who demand donations as a condition of doing
business or continuing to do business--would not qualify for protection
under this safe harbor. Furthermore, such offers and solicitations may
violate the Federal anti-kickback statute.
Comment: A provider trade association noted that donations of
cybersecurity technology and services are typically made by software
developers and medical device manufacturers, not providers. The same
trade association cautioned that cybersecurity-related donations should
be based on risk to the donor's own software, systems, or network, and
suggested that such donations should be available to all similar
entities with similar risk assessments and without regard to business
relationships or affiliations.
Response: As we stated above, this safe harbor is agnostic to the
types of individuals and entities donating the protected cybersecurity
technology and services. We believe the requirement that donations be
necessary and used predominantly to implement, maintain, or reestablish
effective cybersecurity, combined with requirements related to the
volume and value of referrals and other business generated, provide
safeguards to ensure that donations are made for necessary
cybersecurity purposes.
In response to the commenter's suggestion that donations should be
made available to similarly situated entities, we note that the safe
harbor is voluntary. A donor can choose the entities to which it
donates. Furthermore, it is likely impracticable that donors would make
donations available to all similar entities with similar risk
assessments. Even in those circumstances, the donor and a potential
recipient may have needs that are different than those for other
similarly situated entities based on the specific cybersecurity needs
inherent in connecting to the specific systems with which the donor
interacts. We emphasize that determining whether a cybersecurity
donation meets the conditions of the safe harbor requires an analysis
of the specific facts and circumstances.
l. Recipient Contribution
Summary of OIG Proposed Rule: We did not propose a requirement that
donors of cybersecurity technology and services collect a monetary
contribution from recipients. In connection with our alternative
proposal that would cover hardware, we solicited comments on whether we
should require a contribution from a recipient if a donation included
hardware.
Summary of Final Rule: We are not finalizing a contribution
requirement as a condition to this safe harbor, regardless of whether
hardware is included in the donation.
Comment: Many commenters agreed with our proposal not to require a
recipient of protected cybersecurity technology and services to
contribute to the overall cost of the donation. Commenters suggested
that a contribution requirement in the context of this safe harbor may
act as a barrier to donations because it may be: (i) Administratively
burdensome to calculate or track contributions; (ii) imprecise; or
(iii) cost-prohibitive for recipients who lack adequate resources to
contribute. A commenter stated that the pressing requirement to upgrade
the cybersecurity of the nation's health care systems should not be
held hostage to the ability of capital-constrained medical practices to
pay money for such security. Several commenters agreed with our
conclusion in the OIG Proposed Rule that forgoing a contribution
requirement in this safe harbor would free recipients' resources to
invest in other technology not protected by the safe harbor, such as
updating legacy technologies. Several commenters requested that donors
have the option to require a contribution from recipients.
Response: We agree with commenters who recommended against
including a contribution requirement in this safe harbor. Rather than
investing resources in a contribution, the final rule frees up
recipients to invest resources in other technology not protected by the
safe harbor, such as updating legacy multifunctional hardware that may
pose a cybersecurity risk or simply investing in their own computers,
phones, and other hardware foundational to their businesses, caring for
patients, and interacting with their providers. Additionally, we are
finalizing only those conditions that are critical to guarding against
fraud and abuse in the context of cybersecurity donations in order to
provide regulatory flexibility for donations intended to counterbalance
the significant cybersecurity threats against the nation's health care
ecosystem.
We have concluded that a contribution requirement would be
burdensome in the context of cybersecurity donations because the
necessity of donated services may vary unpredictably--varying weekly or
even daily--in response to cybersecurity threats. We understand that
cybersecurity patches and updates are frequent and would need to be
applied or aggregated across an entire set of recipients using the same
technology or services, further complicating contribution amounts for
each end user. Also, we are concerned that recipients might be
unwilling or unable to accept cybersecurity donations due to
potentially unpredictable costs they might incur after the initial
donation. In the context of cybersecurity donations, a contribution
requirement would pose a barrier to donations that, on balance, is
outweighed by the need for widespread improvement of
[[Page 77827]]
cybersecurity hygiene in the health care industry.
As we stated in the OIG Proposed Rule, donors are free to require
recipients to contribute to the costs of donated cybersecurity
technology and services as long as the determination of a contribution
requirement, or the amount of the contribution, does not take into
account the volume or value of referrals or other business between the
parties. For example, if a donor donates without any required
contribution cybersecurity services to a high-referring physician
practice but requires a low-referring physician practice to contribute
to the cost of such services, the donor could violate the conditions at
paragraph 1001.952(jj)(1)(i) and (ii).
Comment: Several commenters supported a contribution requirement
for various reasons. One commenter representing the laboratory industry
discussed that industry's experience with the EHR safe harbor at
paragraph 1001.952(y), concluding that absent a contribution
requirement, vendors have little incentive to offer competitive
pricing. The commenter stated that its experience with EHR donations
may extend to cybersecurity donations, and cybersecurity technology
vendors' sales representatives may urge physicians that require
cybersecurity software and services to direct their requests to
laboratories likely to make a donation, increasing the demand for the
vendors' cybersecurity technology. Another commenter suggested that
although recipients should have a vested interest in the products they
are using, a 15 percent contribution may be too high for some
providers, suggesting that a smaller contribution could be a fair
compromise. A number of commenters requested a carve-out to any
finalized contribution requirement for small and rural providers, those
in medically underserved areas, and federally qualified health centers.
Several commenters argued for consistency in any contribution
requirement across safe harbors, noting that because cybersecurity is
part and parcel of other technology it could impose undue complications
to require recipients to contribute to some donations but not others.
Several commenters asserted that OIG should consider a flexible
contribution requirement that would provide for a comparable investment
across provider types rather than a flat percentage contribution.
Response: For the reasons stated in the preceding response, we have
concluded that a contribution requirement of any percentage is not
appropriate for this safe harbor. Donations of cybersecurity technology
and services do not present the same type or magnitude of risks as
donations of electronic health records software and other information
technology. As we stated in the OIG Proposed Rule, cybersecurity
donations, if legitimate, are more likely to be based on considerations
such as security risks--especially the exposure of the donor when
connecting to the recipient--and are less likely to be based on
considerations relating to the volume and value of referrals or other
business generated. We believe the safeguards in the final safe harbor,
including restrictions against recipients conditioning their referrals
or business on donations, are sufficient to account for the potential
pressure from vendors. Furthermore, suspected fraud and abuse can be
reported to OIG's hotline at https://oig.hhs.gov/fraud/report-fraud/index.asp.
m. Patching and Updates
Summary of Proposed Rule: Related to the issue of recipient
contribution, the OIG Proposed Rule discussed the unique, practical
difficulties of a contribution in the context of cybersecurity patching
and updates.
Summary of Final Rule: We are not finalizing any specific
regulatory text relating to patching and updates. We view these as
protected under the safe harbor if all other conditions of the safe
harbor are satisfied.
Comment: Several commenters asked that we protect the costs or
services associated with ongoing cybersecurity software updates and
other patches. A commenter highlighted that patching and updates are
critical to managing cybersecurity risks, and that prohibiting their
donation could neutralize any benefits resulting from any final safe
harbor. A commenter noted that, given the fast-paced nature of
developments in cybersecurity, it is likely that new tools will need to
be deployed on at least an annual basis. Another commenter requested
clarification regarding whether accepting a routine or critical update
would result in loss of safe harbor protection, noting that patching is
sometimes given to providers for free (because it is built into the
contracts with vendors) and some patches may be focused on security
while others may be more general.
Response: We agree with commenters that patching and updates are
critical to managing cybersecurity risks, and this final safe harbor
protects such patches and upgrades if all conditions of the safe harbor
are squarely satisfied. We note that this final rule does not require a
contribution from the recipient, as discussed above, so routine patches
and upgrades given for free to recipients will not result in loss of
safe harbor protection, as long as all safe harbor conditions are met.
Donors who collect a percentage contribution from any recipient,
according to the written agreement with the recipient, may need to
collect a contribution for any patches and updates pursuant to the
terms of the parties' agreement. It is possible for donors to structure
any required recipient contribution in a number of ways as long as
neither the decision to collect the contribution nor the amount or
nature of the contribution is based on the volume or value of referrals
or other business generated between the parties. For example, a donor
is free to structure donations that require a percentage or sum certain
contribution for the initial cybersecurity donation but not for
subsequent patches and upgrades as long as the donor does so
consistently and according to the terms of the written agreement.
n. Writing Requirement
Summary of OIG Proposed Rule: We proposed at proposed paragraph
1001.952(jj)(4) that a donor and recipient set forth a written
agreement that is signed by the parties and that describes the
technology and services being provided, and the amount of the
recipient's contribution, if any.
Summary of Final Rule: We are finalizing, with modification, a
writing requirement at paragraph 1001.952(jj)(3). We are not requiring
that the writing be a single document, and we made certain
clarifications, including that the signed documentation must include a
general description of the technology and services provided.
Comment: Commenters generally supported a writing requirement. A
commenter asserted that a written agreement between donors and
recipients of cybersecurity technology and services will bring
transparency to the donation process. Another commenter agreed that a
signed agreement is necessary to ensure that both parties understand
what is being donated and the terms of the agreement, including long-
term maintenance and support of the technology.
Response: We agree with commenters that a writing requirement will
bring transparency to the donation process and ensure that the parties
understand the scope of the donation and the responsibilities of both
parties. The safe harbor's writing requirement mandates that parties
articulate in writing a general description of the donation, and if the
donor will require a contribution
[[Page 77828]]
the parties must specify that amount. We anticipate that parties would
include in their general description of the donation some details about
the initial technology or service provided as well as any provision of
long-term maintenance, support, patching, or updates they intend to
include within the scope of the donation. We do not anticipate that
parties will specify every unforeseen item or service that might be
necessitated by a future update.
Comment: A commenter stated that a written agreement between donors
and recipients is an acceptable safeguard as long as any requirement
for such agreement is reasonable in scope. The commenter stated that
required terms and conditions in the agreement should be limited, given
the nature of the donation and the relationship between the parties.
For example, the commenter stated that the safe harbor's writing
requirement should not compel written terms other than to describe: (i)
The technology, services, or both to be donated; (ii) commercial terms
as necessary to meet the safe harbor; and (iii) warranties by each
party to use such technology in compliance with applicable laws and
regulations. The commenter also urged OIG to provide a publicly
accessible template cybersecurity donation agreement or standard
cybersecurity donation terms.
Response: We have designed the final writing requirement to be
reasonable in the context of the other conditions in the cybersecurity
safe harbor. We decline to add the specific examples of terms and
conditions to regulation text or provide any template cybersecurity
donation agreement or standard cybersecurity donation terms for parties
to use, as suggested by the commenter. This condition requires that
parties include a general description of the cybersecurity technology
and services to be provided and, if any contribution is required, the
parties must specify the amount. The parties are free to add other
terms to their documentation related to a cybersecurity donation.
Comment: A commenter appreciated our preamble explanation of the
safe harbor's writing requirement but requested that the proposed
regulatory text include the word ``general'' or ``generally'' so that
donors and recipients do not unnecessarily include every item or
potential service in a written agreement. The commenter urged OIG to
revise the regulatory text of the writing requirement to read as
follows: ``[generally] describes the technology and services being
provided. . . .'' The commenter also requested clarification concerning
any value-related writing requirements. The commenter stated that the
proposed regulatory language includes the amount of the recipient's
contribution (if any), while the preamble states that the written
agreement requires a reasonable estimate of the value of the donation.
The commenter supported only including the recipient's contribution (if
any), but requested that if we include a writing requirement related to
specifying the value of the donation, then OIG should require the
writing to include a reasonable estimate of the value of the donation
so as to not introduce any concept of fair market value or the need to
hire a valuation consultant to determine a reasonable estimate.
Response: We appreciate the commenter's concern about the language
included in the proposed regulation text at proposed 1001.952(jj)(4),
and we are finalizing a writing requirement that includes some changes
suggested by the commenter. Specifically, the final regulatory text of
this safe harbor's writing requirement at paragraph 1001.952(jj)(3)
requires that the signed writing include a general description of the
technology and services being provided and the amount of the
recipient's contribution, if any. Through this final writing
requirement, we do not intend to: (i) Introduce any fair market value
requirement; (ii) force parties to determine the fair market value of
the donation; or (iii) compel the parties to hire a valuation
consultant. For purposes of this condition, we interpret ``the amount
of the recipient's contribution, if any'' to mean either the sum
certain a donor will collect as contribution or, if the donor will
collect a percentage of the total value of the donation, the percentage
that will be applied. To be clear, this safe harbor does not include a
recipient contribution requirement; however, if the donor chooses to
require that the recipient contribute, that contribution must be
documented in writing. We also note that if the scope of the donation
changes materially over time, such as when a donor provides more or
fewer technology or services than originally anticipated in the scope
of the arrangement, or if the parties alter the contribution
requirement (if any), we think that best practices would have the
parties document such modifications in writing. If the donor requires a
contribution that applies to the initial value of the donation but not
the subsequent value of patching and upgrades, we anticipate that the
writing would specify such terms.
Comment: A commenter objected to OIG's proposed documentation
requirement, stating that it should be scaled back to avoid imposing
burdensome writing requirements on the parties. The same commenter
argued that a simple acknowledgement that the software donation has
been or will be made available should be sufficient.
Response: We do not believe the writing requirement should be
scaled back. This condition, as finalized, imposes no greater--and
indeed, may require less--burden on the parties to the written
agreement than would otherwise be expected in a commercial transaction
involving the exchange or use of cybersecurity technologies or services
of this nature between parties, such as a user agreement or purchase
order.
Comment: A commenter noted that the OIG safe harbor would require a
signed written agreement between a donor and recipient, while the
corresponding physician self-referral law exception would require only
``written documentation.'' The commenter recommended that OIG revise
the safe harbor to require only written documentation, as opposed to a
formal written agreement.
Response: The formality of a signed writing serves as an important
safeguard by transparently documenting the parties' donation and formal
agreement to any obligations in connection with such donation. However,
we are persuaded not to require that the writing be set forth in a
single, written agreement. We have revised the writing requirement to
permit a ``collection of documents'' approach. To receive safe harbor
protection, the general description of the technology and services
being provided and the amount of the recipient's contribution, if any,
must be set forth in writing and signed by the parties. The terms do
not need to be set forth in a single, signed writing, although we
believe this approach is a best practice from a compliance perspective.
As explained in section III.A.1. of this preamble, some conditions of
our safe harbors are different from CMS's final rule by design in light
of the different statutory schemes.
o. Cost-Shifting
Summary OIG Proposed Rule: We proposed at proposed paragraph
1001.952(jj)(5) that the donor not shift the costs of the technology or
services to any Federal health care program.
Summary of Final Rule: We are finalizing, without modification, the
condition at paragraph 1001.952(jj)(4). We received general support for
the proposed safeguards in the safe harbor, but we did not receive
specific
[[Page 77829]]
comments on the proposed prohibition against cost-shifting. Donor
Liability
Comment: Several commenters urged OIG to provide guidance on a
donor's potential liability for cybersecurity events affecting any
recipients of cybersecurity donations. Several commenters, including an
organization dedicated to serving chief information officers, chief
medical information officers, chief nursing information officers, and
other senior health care IT leaders asserted that without some way to
protect cybersecurity donors from being held responsible for
cybersecurity incidents involving recipients, providers would be
reluctant to donate technology or services for fear of the downstream
risk they might incur. A few commenters suggested that OIG create
protections for donors that safeguard them from risks stemming from
cybersecurity incidents experienced by recipients. Another commenter
similarly urged OIG to collaborate with OCR to develop a mechanism to
limit the donor's liability for cybersecurity events that may occur at
the recipient's location. Commenters recommended that OIG create
protections for donors that indemnify them from risks stemming from
cybersecurity incidents experienced by donors and clarify whether a
donor can be indemnified from an OCR action related to a breach when
such indemnification provisions are included in the parties' written
contract.
Response: Issues relating to downstream liability, indemnification,
or other contracting and business tort issues are beyond the scope of
this rulemaking. However, we highlight that the safe harbor does not
prevent parties from addressing these issues through contracts or other
agreements, and we note that the facts and circumstances of any
remuneration under such agreements may require separate analysis under
the Federal anti-kickback statute.
Comment: One commenter characterized the safe harbor as protecting
recipients from liability concerning fines, ransom, and litigation
risk.
Response: We agree that the general effect of a cybersecurity
donation should help improve a recipient's cybersecurity, thereby
potentially reducing the recipient's liability risk for fines, ransom,
and litigation stemming from a cyberattack. We clarify, however, that
donations protected under this safe harbor do not include monetary
remuneration to a recipient, or on behalf of a recipient, for any
fines, ransom, or litigation stemming from a cyberattack.
p. Other Comments
Comment: A provider trade association cautioned that hospitals and
health systems that donate or subsidize cyber products and services
should not use those as a pretext for discouraging or inhibiting the
exchange of patient health information between providers.
Response: We note that this safe harbor does not exempt entities
and individuals from other applicable State and Federal laws and
regulations related to the commenter's concerns about entities' conduct
that may inappropriately interfere with, prevent, or materially
discourage the exchange of patient health information between
providers. The ONC regulation entitled ``21st Century Cures Act:
Interoperability, Information Blocking, and the ONC Health IT
Certification Program'' \99\ implements provisions of the 21st Century
Cures Act \100\ (Cures Act) that are designed to address occurrences of
information blocking. If patients, providers, or others believe that a
health care provider, health IT developer of certified health IT, or
health information network or health information exchange is engaging
in information blocking, we encourage reporting complaints to HHS
through the Report Information Blocking portal (https://healthit.gov/report-info-blocking).
---------------------------------------------------------------------------
\99\ 85 FR 25642 (May 1, 2020).
\100\ 21st Century Cures Act, Public Law 114-255, 130 Stat.
1033.
---------------------------------------------------------------------------
Comment: In the preamble to the OIG Proposed Rule related to this
safe harbor, we distinguished certain features of cybersecurity
donations from EHR donations. A commenter asked OIG to clarify its
statement that electronic health record donations ``present a greater
risk that [sic] one purpose of the donation is for the donor to secure
additional referrals from the recipient or otherwise influence
referrals or other business generated.'' \101\ Specifically, the
commenter urged us to clarify that this reference to ``one purpose'' is
not intended to introduce the one-purpose test into the rulemaking.
---------------------------------------------------------------------------
\101\ 84 FR 55737 (Oct. 17, 2019).
---------------------------------------------------------------------------
Response: The Federal anti-kickback statute has been interpreted to
cover any arrangement in which one purpose of the remuneration was to
obtain money for the referral of services or to induce further
referrals, and nothing in this final rule changes such interpretation.
In other words, offering remuneration to a purchaser or referral source
potentially implicates the Federal anti-kickback statute if one purpose
is to induce the purchase or referral of Federal health care program
business. Donations of EHR, like any other thing of value, constitute
remuneration for purposes of the Federal anti-kickback statute. Whether
a particular arrangement including a donation of EHR or cybersecurity
technology and services violates the statute would depend on the facts
and circumstances of such an arrangement, including whether the
arrangement complies with a safe harbor.
With respect to the statement the commenter cited from the OIG
Proposed Rule, we confirm that we are not introducing the so-called
one-purpose test as a condition of the safe harbor at 1001.952(jj).
9. Electronic Health Records Items and Services (42 CFR 1001.952(y))
Summary of OIG Proposed Rule: We proposed changes to the EHR safe
harbor at paragraph 1001.952(y), which protects certain arrangements
involving the donation of interoperable EHR software or information
technology and training services. First, we proposed to amend the safe
harbor to clarify that safe harbor protection has always been available
for certain cybersecurity software and services, and to expand the safe
harbor's potential protection of the donation of software and services
related to cybersecurity. Next, we proposed to update the condition at
paragraph 1001.952(y)(2) to specify that for software to be ``deemed''
interoperable, it must be certified by a certifying body on the date it
is donated. We proposed to modify paragraph 1001.952(y)(3), which
already prohibited conduct similar to ``information blocking'' to align
with the proposed information blocking definition and related
exceptions in the ONC, HHS Notice of Proposed Rulemaking ``21st Century
Cures Act: Interoperability, Information Blocking, and the ONC Health
IT Certification Program'' (ONC NPRM).\102\ We also proposed to
eliminate: (i) The condition at paragraph 1001.952(y)(7) that prohibits
the donation of equivalent items or services to allow donations of
replacement technology; and (ii) the sunset provision at paragraph
1001.952(y)(13) to make the safe harbor permanent. Finally, we proposed
to revise the definitions of ``interoperable'' and ``electronic health
record'' and add a definition of ``cybersecurity,'' and include all
definitions relevant to the safe harbor at proposed paragraph
1001.952(y)(14). We also solicited comments on whether we should modify
or eliminate the 15 percent contribution requirement and whether
[[Page 77830]]
we should expand the scope of protected donors.
---------------------------------------------------------------------------
\102\ 84 FR 7424 (Mar. 4, 2019).
---------------------------------------------------------------------------
Summary of Final Rule: We are finalizing, with modifications, the
changes we proposed to paragraph 1001.952(y). We are finalizing our
proposal to eliminate the sunset provision and the provision that
prohibits the donation of equivalent EHR items and services. We are
finalizing the language explicitly protecting cybersecurity software
and services and the definition of ``cybersecurity.'' We also are
finalizing our revision to paragraph 1001.952(y)(2) to update the
deeming provision, with a minor clarification. We are not finalizing
paragraph 1001.952(y)(3) related to information blocking or our
proposed modifications to the definition of ``electronic health
record.'' We are finalizing our modifications to the definition of
``interoperable,'' but we are not including the phrase ``without
special effort on the part of the user.'' This final rule also revises
paragraph 1001.952(y)(1) to expand the scope of protected donors to
certain entities such as accountable care organizations and health
systems. The final rule maintains the 15 percent contribution
requirement but also includes flexibilities in connection with
administering that requirement.
a. Cybersecurity
Summary of OIG Proposed Rule: To clarify that the safe harbor
protected cybersecurity software and services related to EHRs, we
proposed to amend the introductory language of paragraph 1001.952(y) by
including the phrase ``including certain cybersecurity software and
services'' and adding the term ``protect.'' We also proposed to include
in paragraph 1001.952(y)(14) a definition for ``cybersecurity'' to mean
``the process of protecting information by preventing, detecting, and
responding to cyberattacks.''
Summary of Final Rule: We are finalizing, without modification, the
introductory language of paragraph 1001.952(y) except for a technical
correction by not including the word ``certain.'' We also finalize the
definition of ``cybersecurity,'' as proposed.
Comment: We received several comments in support of expressly
providing safe harbor protection for certain cybersecurity software and
services that protect electronic health records.
Response: We are finalizing protection for cybersecurity software
and services, as described in more detail below. We note that, to avoid
confusion, we made a technical correction by removing the term
``certain'' in the introductory paragraph of the EHR safe harbor. This
change has no substantive effect. This safe harbor protects
cybersecurity software and services as long as the donation meet all
conditions.
Comment: A commenter expressed concern that the EHR safe harbor's
cybersecurity proposal and the separately proposed cybersecurity safe
harbor (proposed at paragraph 1001.952(jj)) have significant overlap
and could lead to confusion if both were finalized. As such, the
commenter suggested that if OIG were to finalize a separate
cybersecurity safe harbor, the proposed cybersecurity-related
clarifications to the EHR safe harbor would not be necessary. The
commenter requested that if OIG were to finalize protection for certain
cybersecurity software and services within the EHR safe harbor, the
agency clarify that the predominant purpose of the software or service
must be cybersecurity associated with the electronic health records.
Similarly, another commenter suggested that creating separate safe
harbors for electronic health records and cybersecurity is taking a
piecemeal approach to tools that must work together for care
coordination.
Response: We recognize that there is a certain amount of overlap
between the cybersecurity safe harbor finalized in this rule and the
EHR safe harbor amended by this final rule. Regardless of this
acknowledged overlap, it is useful to clarify in the EHR safe harbor
that cybersecurity software and services with the predominant purpose
of protecting electronic health records can be protected under the EHR
safe harbor provided the donation satisfies all other safe harbor
conditions. For example, if one party is donating an EHR system that
could be protected under the EHR safe harbor and that EHR system
includes cybersecurity functions to protect the electronic health
records that might not have appeared to meet the safe harbor's previous
standard of being necessary and used predominantly to create, maintain,
transmit, or receive electronic health records, then parties seeking
safe harbor protection may want to structure the donation arrangement
to satisfy the conditions of the EHR safe harbor rather than
potentially also looking to the cybersecurity safe harbor. However, the
new cybersecurity safe harbor also would remain available for the
protection of cybersecurity technology and services if conditions of
that safe harbor were met. If, in contrast to the example above, the
cybersecurity donation were to include a broader suite of products and
services that do not have a predominant purpose to protect the
electronic health records (but are used predominantly to implement,
maintain, or reestablish effective cybersecurity), then parties seeking
safe harbor protection may want to evaluate the arrangement in the
context of the standalone cybersecurity safe harbor.
Comment: Some commenters asked us to broaden the scope of
cybersecurity protection within the EHR safe harbor to, for example,
protect cybersecurity hardware such as network appliances. One
commenter asked that the safe harbor protect without exception
cybersecurity hardware, software, infrastructure, and services. Another
commenter suggested that if the expanded safe harbor does not protect
hardware, it should permit donors to place cybersecurity hardware at
the recipient's location as long as the donor retains title to or a
leasehold interest in the equipment. A commenter noted that in order to
protect donors from cyberattacks, the safe harbor should protect the
donation of any cybersecurity technology and related services without a
contribution requirement to protect any protected health information
shared for groups of patients.
Response: We are not expanding this safe harbor to protect
additional services or hardware, regardless whether the hardware is
donated or loaned to a recipient. The EHR safe harbor is designed to
protect donations of EHR software and services, and expressly excludes
hardware. By including the word ``protect'' in paragraph 1001.952(y),
we are clarifying that the scope of the safe harbor applies to
cybersecurity software or information technology and training services
that are necessary and used predominantly to protect electronic health
records. There is a separate, standalone safe harbor intended to
protect broader cybersecurity donations available at paragraph
1001.952(jj). That safe harbor, as finalized in this rule, protects
cybersecurity hardware and does not have a contribution requirement.
b. Deeming Provision
Summary of OIG Proposed Rule: We proposed minor modifications to
the deeming provision at paragraph 1001.952(y)(2) by changing ``it has
been certified by a certifying body'' to read ``it is certified by a
certifying body.'' We also proposed to remove reference to ``editions''
of certification criteria to align with proposed changes to the
certification program.
Summary of Final Rule: We are finalizing, with modification, our
proposal to revise the condition at
[[Page 77831]]
paragraph 1001.952(y)(2). We are clarifying that for software to be
``deemed'' interoperable, it must be certified by a certifying body
authorized by ONC to certification criteria identified in the then-
applicable version of 45 CFR part 170. We are making a technical edit
to conform the terminology in our deeming provision to the terminology
used in 45 CFR part 170. Specifically, we are removing the phrase
``electronic health record'' preceding ``certification criteria''
because it has been removed from 45 CFR 170 as of June 30, 2020. We are
also deleting the word ``editions.''
Comment: Commenters generally agreed with our proposal to clarify
that software would be deemed interoperable under the safe harbor if,
on the date it is donated, it ``is certified'' by a certifying body
authorized by ONC rather than ``has been certified.'' Some commenters
had questions about our removal of the phrase ``an edition'' before
``the electronic health record certification criteria'' and inquired
whether we should specify that the criteria are the ``latest'' or
``current'' certification criteria.
Response: We agree with comments that we should clarify our
intention for the software to be certified to the then-current
certification criteria. However, rather than inserting new language the
deeming provision will read: ``[f]or purposes of this paragraph (y)(2),
software is deemed to be interoperable if, on the date it is provided
to the recipient, it is certified by a certifying body authorized by
the National Coordinator for Health Information Technology to
certification criteria identified in the then-applicable version of 45
CFR part 170.'' The version of paragraph 1001.952(y)(2) being finalized
maintains nearly identical language from OIG's 2013 final rule
addressing the electronic health records safe harbor (2013 EHR Final
Rule) except that we changed ``it has been certified by'' to ``it is
certified by'' \103\ and, as noted above, we removed the phrase
``electronic health record'' before ``certification criteria.'' We note
that this latter change does not alter the scope of remuneration
protected under this safe harbor; despite removing the phrase in the
deeming provision, the safe harbor continues to protect only items and
services that are used predominantly to create, maintain, transmit,
receive, or protect electronic health records that meet all criteria of
the safe harbor.
---------------------------------------------------------------------------
\103\ 78 FR 79202 (Dec. 27, 2013).
---------------------------------------------------------------------------
Comment: A commenter opposed the concept of an ``optional'' deeming
provision, asserting that it is critical to require that software be
certified by a certifying body authorized by ONC to further support the
goal of value-based arrangements.
Response: We agree that interoperability is a critical condition of
the EHR safe harbor, but we disagree with the commenter that
certification by a certifying body authorized by ONC should be the only
way of meeting this standard. This certification provides donors and
recipients with assurance that their product is interoperable for
purposes of this safe harbor, but such certification is not a
requirement for safe harbor protection.
Comment: A commenter suggested that the proposed change to the
deeming provision creates compliance uncertainty in the context of an
ongoing software donation. In particular, the commenter was concerned
that the proposed wording change would mean that any time after the
initial donation the EHR software loses its certification, the
continued provision of the software including maintenance would
implicate the fraud and abuse laws. Other commenters supported the
proposal to require software to be certified at the time it is provided
to a recipient, with a commenter noting that any updates to donated
systems should also be certified to the most recent standards. A
commenter asked that physicians not participating in the Quality
Payment Program be granted a 5-year grace period under the
interoperability deeming provision so that their donated EHR software
need only be certified to the 2015 edition.
Response: The deeming provision in paragraph 1001.952(y)(2) is
optional. Certification of donated software by a certifying body
authorized by ONC is not required to meet the terms of the safe harbor;
the safe harbor requires that, to receive protection, the software must
be interoperable at the time it is provided to the recipient. To the
extent physicians or other health care providers are seeking protection
of donated EHR items and services under the safe harbor, the donated
EHR software need only be interoperable (as defined at paragraph
1001.952(y)(14)(iii)) to satisfy the condition at paragraph
1001.952(y)(2).
If an EHR item or service loses its certification, it would no
longer satisfy the deeming provision. Therefore, new donations of such
EHR items or services, including updates and patches of the software
would not satisfy the safe harbor's deeming provision. However, if the
EHR items or services were still interoperable (as defined at paragraph
1001.952(y)(14)(iii)), then the safe harbor would protect continued
donation of such software and services, including patches, as long as
all other conditions are met.
c. Information Blocking
Summary of OIG Proposed Rule: We proposed modifying paragraph
1001.952(y)(3) by incorporating a reference to the information blocking
definition and related exceptions in 45 CFR part 171. We solicited
comments on this approach.
Summary of Final Rule: We are not finalizing the proposed
modification to paragraph 1001.952(y)(3) and instead are deleting this
condition from the safe harbor.
Comment: We received a number of comments about our proposal to
incorporate the ``information blocking'' prohibition from the 21st
Century Cures Act (Cures Act) \104\ or the ONC NPRM into the safe
harbor at paragraph 1001.952(y)(3). While commenters did not
necessarily disagree that information blocking should be prohibited,
commenters raised a number of questions and concerns regarding how such
a provision would work in a safe harbor. For example, although we
received from commenters support for our proposal to update the safe
harbor to include a condition that would preclude safe harbor
protection for arrangements that lead to ``information blocking'' as
that term is used in the Cures Act, a number of commenters expressed
concern about relying on the ONC NPRM, which was not yet final.
Commenters were particularly concerned about the array of exceptions to
the definition of ``information blocking'' and incorporation of the
definition of ``electronic health information'' as proposed in the ONC
NPRM.
---------------------------------------------------------------------------
\104\ 21st Century Cures Act, Public Law 114-255, 130 Stat.
1033.
---------------------------------------------------------------------------
Some commenters asked that we clarify which party is responsible to
ensure that information blocking does not occur. For example, some
commenters noted that a donor cannot control what happens to software
after it is donated. Similarly, several commenters recommended removing
or revising the condition that a donor (or any person on a donor's
behalf) does not engage in a practice constituting information
blocking, explaining that a vendor may engage in information blocking
without the donor's knowledge. Commenters expressed contrasting
opinions about the proposed knowledge standard, with some commenters
recommending that it apply to both health care providers and health
plans that voluntarily use the safe
[[Page 77832]]
harbor to protect donations under this safe harbor, while others
recommending that health plans be subject to the ``knows, or should
know'' standard because health plans are not health care providers and
do not have direct patient care responsibilities.
Another commenter noted that if a determination of information
blocking against either a donor or recipient occurs at some time after
a donation, the recipient may be vulnerable to unexpected costs or lose
access to its health information technology if the arrangement suddenly
ends.
Another commenter suggested that, rather than including a
prohibition on information blocking (as such term is defined in the
Cures Act or in 45 CFR part 171) as a safe harbor condition, OIG should
assume that information blocking will not be tolerated and will be
enforced through other authorities.
Response: Based on the comments and assessing the final rule
published by ONC, ``21st Century Cures Act: Interoperability,
Information Blocking, and the ONC Health IT Certification Program''
(ONC Final Rule),\105\ we are not finalizing the proposed information
blocking condition, and we are removing the existing paragraph
1001.952(y)(3), which prohibits the donor or any person on the donor's
behalf from taking any action to limit or restrict the use,
compatibility, or interoperability of the donated EHR items or
services. This condition, when originally implemented in OIG's 2006
final rule creating the electronic health records safe harbor (2006 EHR
Final Rule),\106\ was intended to help ensure that transfers of health
information technology will further the policy goal of fully
interoperable health information systems and will not be misused to
steer business to the donor.\107\ The 2013 EHR Final Rule also
explained that the Department was considering other policies to improve
interoperability, and noted that those policy efforts are better suited
than this anti-kickback statute safe harbor to consider and respond to
evolving functionality related to the interoperability of electronic
health record technology.\108\ At that time, the Department had few
other authorities to directly address information blocking. However,
there are now other enforcement authorities designed to address
information blocking. For example, the Cures Act gave ONC and OIG more
direct authority to address information blocking.\109\ Additionally,
CMS has separate authority to require certain providers and suppliers
to attest that they have not knowingly and willfully limited or
restricted the compatibility or interoperability of their certified
electronic health record technology.\110\
---------------------------------------------------------------------------
\105\ 85 FR 25642 (May 1, 2020).
\106\ 71 FR 45110 (Aug. 8, 2006).
\107\ 71 FR 45127.
\108\ 78 FR 79214 (Dec. 27, 2013).
\109\ Sec. 4002 and 4004 of the Cures Act.
\110\ See 81 FR 77008, 77028 (Nov. 4, 2016).
---------------------------------------------------------------------------
In addition, the Cures Act and the ONC Final Rule recognize that
certain practices likely to interfere with, prevent, or materially
discourage access, exchange, or use of electronic health information
may nonetheless be reasonable and necessary. That is why the Cures Act
directed the Secretary to identify exceptions to the definition of
``information blocking.'' The ONC Final Rule implements eight
exceptions that apply to practices likely to interfere with, prevent,
or materially discourage access, exchange, or use of electronic health
information provided the practice meets the conditions of an exception.
However, the condition at paragraph 1001.952(y)(3) as implemented by
the 2006 EHR Final Rule conditioned safe harbor protection on a party
not taking ``any action to limit or restrict the use, compatibility, or
interoperability'' of the donated EHR items or services. The condition
did not account for actions that may be reasonable and necessary, such
as implementing privacy and security measures.
Recognizing these developments, we agree with the commenter that
these new authorities are better suited than a safe harbor condition to
deter information blocking and penalize individuals and entities that
engage in information blocking. We also agree with commenters that a
recipient is unlikely to have the capabilities to determine whether a
donor (or someone on the donor's behalf) engaged in information
blocking, which includes a level of intent set by statute, or met an
exception to information blocking as set forth in the ONC Final Rule.
Given these potential issues with the proposed modifications to
paragraph 1001.952(y)(3) and limitations of the original condition in
paragraph 1001.952(y)(3) discussed previously, the condition may no
longer be an effective way to achieve the policy goals that served as
the original basis for this condition. Removing the condition at
paragraph 1001.952(y)(3) is responsive to commenters that had questions
about the scope of information blocking practices, how OIG would
determine the party responsible, how the information blocking knowledge
standard in the Cures Act and ONC Final Rule would be assessed in
context of this safe harbor, and how the condition would apply to
parties that may not be subject to the information blocking provision
in section 3022 of the Public Health Service Act (PHSA).
We emphasize, however, that we are maintaining the interoperability
condition in paragraph 1001.952(y)(2). We believe this condition and
the optional deeming provision will ensure that donations of EHR items
and services that meet the conditions of this safe harbor further the
Department's policy goal of an interoperable health system and prevent
donations being made with the intent to lock in referrals by limiting
the flow of electronic health information.
OIG remains committed to taking action against individuals and
entities that engage in information blocking, using specific
authorities to do so. Separate from this rule, OIG published a notice
of proposed rulemaking related to information blocking
enforcement.\111\ That proposed rule, among other things, proposes the
basis and procedures for information blocking enforcement. As stated in
that proposed rule, addressing the negative effects of information
blocking is consistent with OIG's mission to protect the integrity of
HHS programs as well as the health and welfare of program
beneficiaries.\112\
---------------------------------------------------------------------------
\111\ 85 FR 22979 (Apr. 24, 2020).
\112\ Id.
---------------------------------------------------------------------------
d. Sunset Provision
Summary of OIG Proposed Rule: We proposed to eliminate the sunset
provision at paragraph 1001.952(y)(13). As an alternative, we also
proposed an extension of the sunset date for the final rule.
Summary of Final Rule: We are finalizing this proposal by deleting
the sunset provision at paragraph 1001.952(y)(13).
Comment: We received nearly universal support for removing the
sunset provision in paragraph 1001.952(y)(13), which requires that all
protected EHR donations must occur on or before December 31, 2021.
Commenters asserted that the elimination of the sunset date would
provide certainty for the ongoing protection of donations of EHR items
and services. One commenter who generally supported making the safe
harbor permanent recommended that OIG delay doing so until the ONC NPRM
is finalized and available for stakeholder consideration.
Response: We agree that eliminating the sunset provision provides
certainty,
[[Page 77833]]
and we are finalizing our proposal to make this safe harbor permanent
and, as we note above, the ONC Final Rule was issued on May 1, 2020.
e. Contribution Requirement
Summary of OIG Proposed Rule: We did not propose specific changes
to the 15 percent contribution requirement at paragraph
1001.952(y)(11). Instead, we considered and solicited comments on three
alternatives: (i) Eliminating or reducing the percentage of the
contribution required for small or rural practices; (ii) reducing or
eliminating the 15 percent contribution requirement in this safe harbor
for all recipients; or (iii) modifying or eliminating the contribution
requirement for updates to previously donated EHR software or
technology.
Summary of Final Rule: We are retaining the 15 percent contribution
requirement at paragraph 1001.952(y)(11) but removing the requirement
that payment of the contribution be made in advance for updates to
existing EHR systems. To make this modification, we have added new
paragraphs at 1001.952(y)(11)(i) and (ii). Paragraph 1001.952(y)(11)(i)
describes that contributions for initial and replacement EHR items and
services must be made in advance of the donation and contributions for
updates to previously donated EHR item and services need not be paid in
advance. Paragraph 1001.952(y)(11)(ii) is the new location of the
condition that the donor does not finance the recipient's contribution
amount; it does not include any substantive changes.
Comment: A large number of commenters on this topic recommended
that we remove the 15 percent contribution requirement for all
donations and for all recipients. Commenters provided several reasons
to remove the contribution requirement (paragraph 100.952(y)(11)). For
example, some commenters suggested that this requirement restricts the
use of EHRs with interoperable capabilities; that this is not an
effective deterrent to inappropriate EHR donations; and that the
percentage is an arbitrary amount that limits the use of important
patient tools. Commenters noted that any transition to improve EHR
technology can streamline physicians' workflows; alleviate burdens;
allow physicians to spend more time with their patients; and allow
(assuming that the donated technology is truly interoperable) the
sharing of patient records with near equal ease with other providers
using certified EHR technology. Some commenters questioned whether a
recipient contribution reduces the risk of steering and inappropriate
referrals.
Commenters noted that the donation of EHR technology can be
beneficial to recipients who may be unsatisfied with their EHR platform
but lack the resources to transition to a new platform. A commenter
noted that the contribution requirement may be an unreasonable
constraint on how health systems and hospitals finance the needed
infrastructure to implement new value-based payment models and promote
the coordination of care. Commenters cited the added burden involved in
setting the contribution amount in writing and the necessary, ongoing
monitoring to ensure compliance. Commenters also highlighted that
eliminating the requirement would align this safe harbor with the
proposed cybersecurity safe harbor at paragraph 1001.952(jj) for which
OIG did not propose to include a contribution requirement.
Commenters that supported eliminating the contribution requirement
as a condition to this safe harbor still supported allowing the donor
to require a contribution. For example, a commenter suggested that any
contribution requirement should be left up to market forces and
negotiation between the parties. Another commenter stated that the
contribution amount should be at the discretion of the donor as long as
the donor consistently and fairly applies their policy to all
recipients. Finally, a commenter suggested that the contribution
requirement should only be eliminated if the scope of protected donors
remains the same.
Response: We understand the donation recipients' desires to
eliminate the 15 percent contribution requirement. However, after
careful consideration, we continue to believe that the contribution
requirement is an important safeguard against fraud and abuse in light
of the specific risks of inappropriate generation of referrals
presented by donation of EHR items and services. When recipients of
valuable remuneration have some responsibility to contribute to the
cost of the items or services, they are more likely to make
economically prudent decisions and accept only what they need or will
use. As we note below, however, we are adding some flexibilities in
connection with administering the contribution requirement.
Comment: Some commenters raised concerns about eliminating the
contribution requirement. For example, one commenter believed that
physician adoption and use of an EHR system is improved when they have
a certain level of buy-in and share in the financial cost. Similarly,
other commenters suggested that 15 percent represents a fair
contribution amount, serves as a reasonable safeguard to reduce
wasteful spending, and that it is important for recipients to have a
stake in the purchased technology.
Response: We agree with commenters that the contribution amount is
fair and provides a reasonable safeguard. For these and other reasons
discussed in this final rule, we are maintaining the 15 percent
contribution requirement.
Comment: We received support for eliminating the recipient
contribution requirement for at least a subset of recipients. Some
commenters specifically referenced removing the requirement for all
physicians. A majority of these commenters recommended removing the
contribution requirement for at least small and rural providers or
providers serving underserved populations. Some commenters expressed
concern about how we would define ``small'' or ``rural'' if we limited
the exception to those classes of individuals or entities. A number of
commenters requested that the concept of ``small and rural'' practices
be defined broadly and to specifically include free clinics, charitable
clinics, and charitable pharmacies. We also received a recommendation
to adopt the definition of ``small practice'' used in the CMS Quality
Payment Program.\113\ Various commenters requested that the
contribution requirement be eliminated for safe harbor protection
applicable to Indian health care provider recipients. We also received
comments regarding other potential recipients for whom the contribution
requirement may be a financial burden, such as critical access
hospitals, disproportionate share hospitals, and essential hospitals. A
commenter recommended that ``underserved practices'' should be defined
as those in: (i) Medically underserved areas, as designated by the
Secretary under section 330(b)(3) of the PHSA; (ii) primary health care
geographic health professional shortage areas, as designated by the
Secretary under section 332(a)(1)(A) of the PHSA; or (iii) a critical
access hospital. A commenter recommended defining ``rural practices''
as those located in rural areas, as defined in the local transportation
safe harbor at paragraph 1001.952(bb).
---------------------------------------------------------------------------
\113\ 42 CFR 414.1305.
---------------------------------------------------------------------------
Commenters noted that for cash-strapped entities, the contribution
requirement is a financial burden. For example, certain tribal
organizations
[[Page 77834]]
highlighted the financial burden of the EHR safe harbor's contribution
requirement for Indian health care providers and asserted any
contribution requirement may inappropriately divert funding away from
patient care. Some commenters noted that the 15 percent contribution
can be a significant barrier for physician adoption of EHR technology,
even for practices that may not qualify as small or rural practices.
Some commenters noted that the burden is not only in the actual cost of
the contribution but also the administrative tasks associated with
tracking and calculating the 15 percent.
Response: As we explain above, we are retaining the 15 percent
contribution requirement for all recipients seeking protection for EHR
donations under the EHR safe harbor. We agree with the commenters who
expressed concern about defining subgroups of entities to exempt from
this requirement. Even if we were to adopt certain definitions existing
in other regulations or definitions suggested by commenters, some of
those designations can change over time (e.g., a physician practice may
qualify as a ``small practice'' at some but not other points in time
depending on staffing changes), which could create confusion about
implementation of the contribution requirement and raise corresponding
safe harbor compliance concerns. In addition, the fraud and abuse risks
associated with EHR donations apply regardless of the geography or size
of the donation recipient. If cost is a barrier for a particular
recipient, the recipient could request an advisory opinion about an
arrangement without a 15 percent contribution requirement.
Comment: In response to our solicitation of comments on
possibilities to reduce any uncertainty and administrative burden
associated with assessing a contribution for each update, some
commenters addressed other aspects of the contribution requirement. For
example, a commenter expressed concern about the requirement that
contributions must be made in advance. This commenter noted that
recipients may unintentionally fall outside the safe harbor due to
inadvertent late payments and requested that OIG add a remedy period
for mistakes to be corrected without losing safe harbor protection.
Another commenter recommended eliminating the requirement that fees be
collected prior to the receipt of services and recommended instead to
require a commercially reasonable collections process.
Response: Consistent with our solicitation of comments on
uncertainty and administrative burden, and our statement in the OIG
Proposed Rule that we were considering modifying the contribution
requirement as it relates to updates, we are removing the requirement
that payment of the contribution be made in advance for updates to
existing EHR systems. We recognize that updates may need to take place
quickly to remedy security or other problems in an EHR system, and we
understand the commenter's concern about inadvertent late payments
under such circumstances. We believe it is reasonable and does not
create additional risk to bill a recipient for its contribution after
providing the update. The safe harbor does not require a specific
billing method. In other words, a donor could choose to bill a
recipient separately for each update or could bill the recipient
monthly or quarterly to combine the contribution claims for all updates
during a select period of time.
We are not, however, removing the requirement that contributions be
made in advance of an initial donation (including the donation of a
replacement system). Parties seeking safe harbor protection can
effectively plan for an initial donation, with all expenses known up
front, so that there is not the same administrative burden or
uncertainty that parties may experience when invoicing for periodic
updates, and, therefore, there is less risk of inadvertent late
payments. Because the need for safe harbor protection would not be
triggered until the initial donation happens, and the parties have the
ability to wait to make the donation until the contribution is paid, we
are not adopting a cure period for late payments associated with
initial or replacement donations.
Comment: A number of commenters asked that if OIG retains a
contribution requirement on the initial EHR donation, the contribution
requirement be eliminated for updates to the original donation.
Commenters noted that the updates may ensure that the donation
continues to function as needed and to meet current Federal standards
for data exchange. In contrast, a commenter recommended OIG consider
retaining a contribution requirement only for the provision of
replacement technology while eliminating it for the original donation
and any updates to that original system.
Response: As explained above, we are retaining the contribution
requirement for updates but will no longer require that the
contribution for updates be made in advance. We recognize that updates
are crucial for the continuing functionality of a system. However, we
do not think it is feasible to retain a contribution requirement for
certain donations and eliminate it for others. If we were to adopt that
policy, parties might structure donations to game the difference
between donation types. For example, if a recipient were not required
to contribute to updates, parties could structure the ``initial''
donation to consist of a functionality with a small cost and
consequently a small required contribution, with the most valuable
functionality deemed to be an ``update'' with no required contribution.
We believe the risk posed by such arrangements would reduce the
effectiveness of the contribution requirement as a safeguard against
fraud and abuse. For this reason, all donations protected by this safe
harbor require a recipient contribution.
Comment: A commenter requested that if a contribution requirement
is retained, the parties use either the fair market value or the
underlying cost of the donation as the base amount from which the
contribution is calculated. The commenter believed that this would
reduce the administrative burden of compliance, which might allow
smaller providers to donate protected EHR.
Response: The relevant standard in the safe harbor is that ``the
recipient pays 15 percent of the donor's cost for the items and
services.'' We did not propose to change this cost-based standard and
are not finalizing any change. In 2006, when we initially finalized the
EHR safe harbor, we provided an explanation about calculating the cost
of these items and services.\114\ The cost should be clear when a donor
is purchasing an item or service from a vendor. However, we recognized
some software or other modules may be internally developed. We
recommended that parties should use a reasonable and verifiable method
for allocating costs and maintain documentation of such allocation. We
explained there, and maintain here, that the method for allocating
costs would be scrutinized to ensure that they do not inappropriately
shift costs in a manner that provides an excess benefit to the
recipient or results in the recipient effectively paying less than 15
percent of the donor's true cost for the technology.\115\
---------------------------------------------------------------------------
\114\ 71 FR 45133 (Aug. 8, 2006).
\115\ 71 FR 45133 (Aug. 6, 2006).
---------------------------------------------------------------------------
Comment: A commenter encouraged HHS to study whether the 15 percent
recipient contribution requirement has in fact prevented some or many
physicians practices from adopting EHR technology, whether the safe
harbor has produced lasting partnerships and ongoing incentives to use
technology, and whether technology donations
[[Page 77835]]
potentially protected by the safe harbor have resulted in market
consolidation or channel capture that has led to increased costs for
consumers.
Response: Any decision by HHS to study the effectiveness or other
impact of the safe harbor and its conditions is outside the scope of
this rulemaking.
Comment: A commenter recommended not requiring the 15 percent
contribution for cybersecurity donations under this safe harbor. The
commenter noted that some organizations will permit practices to use
their EHR systems only if the practice has certain cybersecurity
protections, and thus the commenter suggested that the party requiring
the cybersecurity protection should pay any costs associated with it.
Response: We are not finalizing separate requirements for different
types of donations within this safe harbor. If a party seeks to protect
a donation of cybersecurity software or services under the conditions
of the EHR safe harbor, then a contribution is required. However,
parties that seek to protect a cybersecurity donation without a
recipient contribution could structure the donation to meet the safe
harbor for cybersecurity technology and related services at paragraph
1001.952(jj).
f. Equivalent Technology and Scope of Protected Donations
Summary of OIG Proposed Rule: We proposed to delete the condition
that prohibits the donation of equivalent items or services at
paragraph 1001.952(y)(7) to allow donations of replacement EHR
technology.
Summary of Final Rule: We are finalizing this proposal by deleting
paragraph 1001.952(y)(7).
Comment: Commenters broadly supported removing the safe harbor
condition at paragraph 1001.952(y)(7) that prohibits the protection of
EHR donations if a recipient possesses items or services equivalent to
those to be donated. Commenters provided a number of reasons for their
support of the elimination of this condition, highlighting that some
physician practices may be working with an EHR system that no longer
meets their needs, is outdated, or is otherwise substandard because
they cannot afford the full cost to replace the system. A commenter
recommended that OIG eliminate this condition but require a documented
rationale for a need for replacement technology.
Response: We agree with the commenters and are finalizing our
proposal to remove the condition at paragraph 1001.952(y)(7) that
prohibits the donation of equivalent items and services. We recognize
that there may be valid business or clinical reasons for a recipient to
replace an entire system rather than update existing technology. Under
this safe harbor, replacement technology is treated the same as a new
donation and would need to meet all conditions of the safe harbor to
receive protection. For example, a recipient of replacement technology
would be required to pay at least 15 percent of the donor's cost for
the items and services before receiving the items and services. We
believe that treating a donation of replacement technology the same as
a new donation strikes an appropriate balance by making necessary
replacements financially feasible for recipients while maintaining
safeguards to limit the risk of recipients inappropriately soliciting
or accepting unnecessary technology.
Comment: Commenters recommended revisions to the language related
to the scope of protected donations. For example, a commenter requested
that the safe harbor be expanded to include training, maintenance, and
upgrades of EHRs. Similarly, a commenter recommended revising the
language to items and services in the form of software, other
information technology, and related services, including implementation,
training and support services. A commenter asked whether the safe
harbor would still potentially protect the ``services'' listed as
examples in the 2006 EHR Final Rule such as connectivity, broadband,
wireless, clinical support, information services related to patient
care, and maintenance. Another commenter was concerned that the safe
harbor protected only donations of technology that have been certified
by ONC. Other commenters asked for a significantly expanded scope of
potentially protected donations including but not limited to: (i)
Hardware; (ii) technology related to information sharing; (iii) cloud-
based items and services; (iv) practice management and revenue cycle
systems and services; (v) clearinghouse services; and (vi) industry-
supported data collection and analytics.
Response: As we note elsewhere in this section, we are removing the
condition at 1001.952(y)(7) from the safe harbor to protect donations
of replacement technology and clarifying the safe harbor to explicitly
protect cybersecurity software and services if all safe harbor
conditions are satisfied. The safe harbor already could protect some of
the items or services suggested by commenters, such as maintenance and
training. The modifications to this safe harbor as finalized, do not
narrow the scope of items or services that could receive safe harbor
protection; the examples listed in the 2006 EHR Final Rule could still
receive safe harbor protection under the amended safe harbor finalized
in this rule.\116\ We also wish to highlight, as we explain elsewhere,
that the safe harbor does not require that donated software is
certified as interoperable by a certifying body authorized by ONC; the
safe harbor requires that donated software is interoperable. Per the
terms of the ``deeming provision,'' certified software is deemed to be
interoperable. The scope of electronic health record items and services
protected by this safe harbor and the optional deeming provision give
donors and recipients appropriate flexibility to determine which items
and services should be donated given their circumstances. For example,
long-term care and post-acute care recipients may need different types
of electronic health record items and services than a physicians group
practice needs.
---------------------------------------------------------------------------
\116\ Specifically, we stated in the 2006 EHR Final Rule that we
interpret `` `software, information technology and training services
necessary and used predominantly' for electronic health records
purposes to include the following, by way of example: Interface and
translation software; rights, licenses, and intellectual property
related to electronic health records software; connectivity
services, including broadband and wireless internet services;
clinical support and information services related to patient care
(but not separate research or marketing support services);
maintenance services; secure messaging (e.g., permitting physicians
to communicate with patients through electronic messaging); and
training and support services (such as access to help desk
services). We interpret the scope of covered electronic health
records technology to exclude: Hardware (and operating software that
makes the hardware function); storage devices; software with core
functionality other than electronic health records (e.g., human
resources or payroll software, or software packages focused
primarily on practice management or billing); or items or services
used by a recipient primarily to conduct personal business or
business unrelated to the recipient's clinical practice or clinical
operations. Furthermore, the safe harbor does not protect the
provision of staff to recipients or their offices. For example, the
provision of staff to transfer paper records to the electronic
format would not be protected.'' 71 FR 45125.
---------------------------------------------------------------------------
We did not propose and thus are not finalizing in this safe harbor
any expansion that would protect donated hardware. For any of the other
software or services for which commenters requested safe harbor
protection, the standard remains as we proposed, i.e., that the items
or services must be necessary and used predominantly to create,
maintain, transmit, receive, or protect electronic health records. For
example, some technology related to information sharing could meet this
standard, such as the donation of software or services related to
application programming interfaces (APIs) used to support the exchange
of
[[Page 77836]]
electronic health information. Parties seeking to rely on the safe
harbor need to analyze the EHR donation arrangement to ensure that it
squarely meets all of the safe harbor's conditions.
g. Protected Donors
Summary of OIG Proposed Rule: We solicited comments on either
removing the restrictions on protected donors in paragraph
1001.952(y)(1)(i) or revising the paragraph to protect donations from
entities with indirect responsibilities for patient care, such as
health systems or accountable care organizations that are neither
health plans nor submit claims for payment.
Summary of Final Rule: This final rule expands the scope of
protected donors to certain entities that are comprised of the types of
individuals or entities listed as protected donors in paragraph
1001.952(y)(1)(i)(A). To effectuate this change, we added paragraphs
1001.952(y)(1)(i)(A) and (B), which describe the entities previously
considered protected donors to include the new entities considered
protected donors as established by this final rule.
This final rule expands the scope of protected donors to certain
entities that are comprised of the types of individuals or entities
listed as protected donors in paragraph 1001.952(y)(1)(i)(A), as
described in more detail below.
Comment: We received a range of comments in response to our
suggestion that we may consider expanding the scope of protected
donors. At one end of the spectrum, we received a suggestion not to
change the scope of protected donors at all. At the other end, a
commenter stated that the safe harbor should protect donations from all
entities. However, the most common recommendation from commenters on
this topic was to expand the scope of protected donors to entities with
indirect responsibility for patient care such as health systems,
accountable care organizations, clinically integrated entities, and
other entities that bear financial risk in patient outcomes. Commenters
noted that these types of entities have little incentive to abuse the
safe harbor and that protecting donations from certain entities that do
not bill the Federal health care programs would facilitate expanded use
of technology that may reduce the cost of care and increase care
coordination. We also received a request to continue excluding
laboratories from the scope of protected donors.
Response: We agree with commenters who recommended expanding the
scope of protected donors to include entities comprised of the types of
entities currently covered as protected donors (e.g., parent companies
of hospitals, health systems, and accountable care organizations). We
see little added risk to protecting donations of interoperable
electronic health records software or information technology and
training services by entities such as health systems or accountable
care organizations. These entities may have financial risk for patient
outcomes and generally do not directly receive referrals. However, we
believe the risk is too high to expand safe harbor protection to
donations from all entities. We continue to have concerns about
protecting EHR donations made by laboratories or manufacturers or
suppliers of items. Accordingly, donations made by these entities will
continue to be ineligible for protection under the EHR safe harbor.
Comment: A commenter asked whether the safe harbor protects
donations from pharmaceutical manufacturers that participate in Federal
health care programs.
Response: Pharmaceutical manufacturers generally do not bill
Federal health care programs and are not comprised of entities that
bill Federal health care programs and therefore are not protected
donors under the safe harbor. While we recognize that some
manufacturers have implemented programs that include more direct
contact with patients and payors, the concerns we expressed in the
preamble to the 2006 EHR Final Rule \117\ continue to exist today. If a
manufacturer that operates its business in a way that it believes would
meet the terms of this safe harbor has questions about whether any
donation would be protected by the safe harbor or present a low risk of
fraud and abuse under the Federal anti-kickback statute, the advisory
opinion process remains available.
---------------------------------------------------------------------------
\117\ 71 FR 45128 (``We have not included as protected donors
pharmaceutical . . . manufacturers. . . . These entities do not
provide health care items or services to patients or submit claims
for those services. Our enforcement experience demonstrates that
unscrupulous manufacturers have offered remuneration in the form of
free goods and services to induce referrals of their products. Given
this enforcement history, and the lack of a direct and central
patient care role that justifies safe harbor protection for the
provision of electronic health records technology, we are not
including manufacturers as protected donors. We believe there is a
substantial risk that, in many cases, manufacturers' primary
interest in offering technology to potential referral sources would
be to market their products.'')
---------------------------------------------------------------------------
Comment: A commenter requested that the safe harbor protect
donations made only by donors that provide EHR access to pharmacists.
The commenter stated that some health information technology systems
block pharmacists' visibility into relevant clinical information from
other health care providers.
Response: The safe harbor does not limit the scope of protected
donors to donors that grant EHR access to a specified range of
providers or suppliers. However, for a donation to be protected, it
must be interoperable and should not inappropriately interfere with,
prevent, or materially discourage access, exchange, or use of
electronic health information (e.g., inappropriately limit visibility
to relevant clinical information). To the extent that patients,
providers, or others believe that a health care provider, health IT
developer of certified health IT, health information network, or health
information exchange is engaging in information blocking, we encourage
reporting complaints to HHS through the Report Information Blocking
portal, which is available at https://healthit.gov/report-info-blocking.
Comment: A commenter requested that the EHR safe harbor protect
donations made by multiple donors for different types of technology to
a single recipient, as long as the technology meets the
interoperability requirements. The commenter recommended the safe
harbor specifically protect the donation of supplemental, nonequivalent
EHR applications that supplement a recipient's current EHR system and
noted that such applications could come from different donors. The
commenter further proposed the safe harbor require a clinical necessity
analysis for ``add-on'' EHR applications in addition to replacement
technology.
Response: Nothing in the amended safe harbor, as it is being
finalized, would prevent safe harbor protection of donations of ``add-
on'' EHR applications or donations from multiple donors. Protection
offered by this safe harbor is not limited to EHR products that include
within a single product a sufficiently comprehensive array of functions
to constitute an ``EHR system.'' Instead, as explained in the 2006 EHR
Final Rule, the safe harbor also applies to donations of software that
serve a specific function related to electronic health records, such as
interface and translation software and secure messaging. In some
instances, those functions may be part of a larger EHR software
product, or they may be implemented via standalone software that
interacts with a provider's electronic health record system. If each
donation squarely satisfies the requirements of the amended safe
harbor--including the requirement that the software is or the
information technology and training services are
[[Page 77837]]
necessary and used predominantly to create, maintain, transmit,
receive, or protect electronic health records--such donations could be
protected regardless of whether the technology is donated by one or
multiple donors.
We did not propose and thus are not finalizing a condition that
requires a clinical necessity analysis of donations. Such condition
would not be necessary in the safe harbor given the totality of its
conditions.
h. Definitions
i. Electronic Health Record
Summary of OIG Proposed Rule: We proposed to modify the definition
of ``electronic health record'' in paragraph 1001.952(y)(14)(iv) to
mean: ``a repository of electronic health information that: (A) Is
transmitted by or maintained in electronic media; and (B) relates to
the past, present, or future health or condition of an individual or
the provision of healthcare to an individual.''
Summary of Final Rule: We are not finalizing the proposed
definition of electronic health record and instead retain the previous
definition. This final rule moves the definition of ``electronic health
record'' to paragraph 1001.952(y)(14)(iv).
Comment: Several commenters expressed general support for our
proposed revision to the definition of ``electronic health record,''
particularly to the extent that the definition would align with the
definition included in the Cures Act. However, a number of commenters
were concerned about our proposal to use the term ``electronic health
information'' as the ONC NPRM proposed to define such term. Commenters
asserted that the regulatory definition proposed by ONC is overly broad
and may extend far beyond what Congress intended under the Cures Act.
For example, a commenter argued that under the proposed definition a
patient's computer or mobile telephone could be considered an
electronic health record if the patient obtained a copy of their health
record through electronic transmittal. Commenters also made several
suggestions to limit the scope of ``electronic health information.''
Response: As we stated in the OIG Proposed Rule, we did not intend
for our proposed modifications to the definition of ``electronic health
record'' to make a substantive change to the scope of protection.\118\
We thank commenters for highlighting the complexities that our changes
inadvertently might have introduced. To remain true to our intent, we
are not finalizing any proposed changes to the definition of
``electronic health record.'' We will retain the existing definition in
the safe harbor, which appears at paragraph 1001.952(y)(14)(iv).
---------------------------------------------------------------------------
\118\ See 84 FR 55742 (Oct. 17, 2019).
---------------------------------------------------------------------------
Comment: A commenter recommended that the definition of
``electronic health record'' should be standardized across all Federal
regulations, as permitted by the relevant statutory framework. However,
the commenter expressed doubt that changing the definition of
``electronic health record'' as OIG proposed would keep up with a
dynamic redefinition of how electronic health care is provided.
Response: A suggestion to standardize definitions across Federal
regulations is outside the scope of this final rule. As noted above, we
are not finalizing any changes to the definition.
Comment: A commenter recommended that OIG define the parameters of
the EHR safe harbor to ensure that the scope of covered technology
under the ``electronic health record'' definition protects products
beyond those that are standalone EHRs (e.g., products that connect to,
amplify the capabilities of, or leverage the data in EHRs to promote
coordination and management of care). According to the commenter, there
are emerging technologies that leverage data in EHRs without creating
new records and enable patients to leverage technology to maintain
longitudinal records. To modernize the safe harbor to accommodate these
developments, a commenter asked that OIG clarify that the term
``repository'' in the current and proposed definition of EHR is not
limited to existing models of EHR. The commenter also recommended that
OIG delete ``predominantly'' from the safe harbor or otherwise broaden
the remuneration protected by the safe harbor by adding the italicized
words in the following phrase from the EHR definition: ``software or IT
functionality necessary and used predominantly to support or improve
[italics added] the creation, maintenance, transmission, receipt or use
of EHR.''
Response: By proposing to revise the definition of ``electronic
health record,'' we did not intend to change the scope of protection
under the safe harbor. We are retaining the existing definition of
``electronic health record'' and are not adopting the commenter's
suggestion. Emerging technologies that leverage EHR data may be
protected by the safe harbor. The term ``repository'' carries its
common meaning: A place where something such as data can be stored and
managed. If emerging technologies are necessary and used predominantly
to create, maintain, transmit, receive, or protect electronic health
records, and all of other conditions of the safe harbor are met, then
donations of such technologies would be protected.
Donations of software or information technology services do not
need to be necessary and used predominately for all five functions
listed in paragraph 1001.952(y)(1) to be protected. Rather, the
software or information technology services must meet at least one of
the five functions. For example, if software is not used to create an
electronic health record but is necessary and used predominately to
transmit electronic health records, donations of such software may be
protected by this safe harbor if all other conditions are met. If an
entity has questions about whether specific technology donations would
be protected by the safe harbor or present a low risk of fraud and
abuse under the Federal anti-kickback statute, the advisory opinion
process remains available.
Comment: A commenter supported the current definition of
``electronic health record'' rather than the proposed revisions to the
definition. However, the commenter asked OIG to further clarify this
definition so that it would include a longitudinal electronic record of
patient health information generated by one or more encounters in any
care delivery setting that automates and streamlines the clinician's
workflow.
Response: We are adopting the recommendation to retain our current
definition of ``electronic health record.'' We agree that the
commenter's example of a longitudinal electronic record appears to meet
this definition. However, we recommend that parties conduct their own
analysis of the particular facts and circumstances of any arrangement
as applied to the definition. The advisory opinion process remains
available for parties that seek an individualized determination.
ii. Interoperable
Summary of OIG Proposed Rule: We proposed to update the definition
of the term ``interoperable'' to align with the statutory definition of
``interoperability'' added by the Cures Act to section 3000(9) of the
PHSA and move it to paragraph 1001.952(y)(14)(iii). We proposed to
define ``interoperable'' as able to ``(A) securely exchange data with,
and use data from other health information technology without special
effort on the part of the user; (B) allow for complete access,
exchange, and use of all electronically accessible health information
for authorized use under applicable State or Federal law; and (C)
[[Page 77838]]
does not constitute information blocking as defined in 45 CFR part
171.''
Summary of Final Rule: We are finalizing, with modifications, an
updated definition of ``interoperable'' in paragraph
1001.952(y)(14)(iii). We are removing the phrase ``without special
effort on the part of the user'' in paragraph 1001.952(y)(14)(iii)(A),
and we are not finalizing proposed paragraph 1001.952(y)(14)(iii)(C)
that would have incorporated the information blocking regulations in
the definition of interoperability.
Comment: We received general support for our effort to update the
definition of ``interoperable.'' However, some commenters asked for
further clarification of the phrase ``without special effort on the
part of the user.''
Response: First, we are finalizing the first two proposed criteria
of the ``interoperability'' definition except, as explained below, we
are removing the phrase ``without special effort on the part of the
user.'' We are removing the third criterion we proposed in the
``interoperable'' definition: ``[d]oes not constitute information
blocking as defined in 45 CFR part 171.'' That criterion raises similar
issues that we discussed in section 9.c above regarding the information
blocking condition at former paragraph 1001.952(y)(3). Removal of that
condition is consistent with our rationale described in more detail
above.
We had proposed for the first prong of the definition of
``interoperable'' that it mean able to ``[s]ecurely exchange data with
and use data from other health information technology without special
effort on the part of the user.'' While the phrase ``without special
effort on the part of the user'' is used in the definition of
``interoperability'' in the Cures Act,\119\ the phrase ``without
special effort'' also is used in conditions of certification in the
Cures Act.\120\ As we make clear above in section 9.b, while software
certified by ONC is ``deemed'' to be interoperable, certification is
not required for safe harbor compliance. Therefore, to avoid any
implication that we are incorporating a certification requirement into
the definition of ``interoperable'' as it is used in this safe harbor,
we are removing the reference to ``without special effort on the part
of the user.''
---------------------------------------------------------------------------
\119\ Section 4003(a)(2), Public Law 114-255, 130 Stat. 1033.
\120\ Id.
---------------------------------------------------------------------------
Comment: A commenter expressed concern about the Federal
Government's definition of ``interoperability,'' as defined in the ONC
NPRM, which the commenter believes inappropriately focuses solely on
high volumes of data transferred or access to every piece of health
information ever collected. The commenter asserted that we should
prioritize the transfer of and access to secure, meaningful data in
order to avoid: (i) Confusing patients who lack context; and (ii)
overburdening physicians with irrelevant information.
Response: First, as we note elsewhere in this section, we are
revising this safe harbor such that the definition of ``interoperable''
no longer refers to the definition proposed in the ONC NPRM. Second,
interoperability of donated EHR items and services is an important
condition of the safe harbor. The definition adopted in this final rule
states that ``interoperable'' means ``able to'' securely exchange data
and ``allow for complete access, exchange, and use of'' certain health
information. In other words, this definition does not require the
transfer of massive quantities of data; it requires that such transfers
be possible.
i. Other Comments
Comment: A commenter suggested that OIG continue to consider how
data is being shared and ensure that information blocking is not
occurring. The commenter specifically recommended that the safe harbor
require that all VBE participants be able to review and have access to
information on different EHR systems used in any value-based
arrangement and have the ability to import and export data that can
help further the purpose of the value-based arrangement. In addition,
the commenter recommended that physicians and others providing care to
beneficiaries under value-based arrangements should have the ability to
select the EHRs that are best suited for the applicable patient
population.
Response: The safe harbor does not mandate how or which types of
EHR software or information technology services a donor or recipient
may select. Because we are finalizing a change to eliminate the
restriction on donations of equivalent technology, we hope that parties
will have more flexibility to receive protected donations of EHR
software that best suit the needs of the parties. However, we emphasize
that this safe harbor is not specific to or limited to EHR software or
information technology services donated in the context of value-based
arrangements. The value-based safe harbors finalized here at paragraphs
1001.952(ee),(ff), and (gg) could be available to protect the donation
of health information technology pursuant to a value-based arrangement,
provided all conditions of an applicable safe harbor are squarely
satisfied. In addition, for the reasons that we explain in detail
above, we are not finalizing information blocking provisions as
conditions of this safe harbor.
OIG remains committed to addressing information blocking through
other authorities. Parties should submit information blocking
complaints to HHS through the Report Information Blocking portal
(https://healthit.gov/report-info-blocking).
Comment: A commenter asked OIG to clarify when certain arrangements
such as data sharing arrangements could implicate the Federal anti-
kickback statute. The commenter posited that when technology is shared
for transitions of care or to streamline and improve the referral
process as a matter of CMS policy, it does not implicate the Federal
anti-kickback statute.
Response: A ``data sharing arrangement'' can vary greatly in the
scope of data or services being exchanged. Simply transmitting
individual patient data for transitions of care between, for example,
an acute care provider and post-acute care provider would not implicate
the statute. However, sharing specific patient data for care of that
patient is distinct from a data sharing arrangement that involves
aggregating data for research, marketing, or other purposes unrelated
to treating the specific patients whose data is being shared. With
respect to technology for data sharing, many types of ``technology''
would constitute remuneration under the Federal anti-kickback statute
but, as we have repeatedly stated, certain limited-use technology that
is integral to the services an individual or entity provides would not
implicate the statute.\121\ The parties to a particular data sharing
arrangement would need to perform an analysis of the facts and
circumstances to determine whether any data or technology shared
constitutes remuneration under the statute and, if so, whether a safe
harbor such as the EHR safe harbor could protect the donation. The
advisory opinion process is also available for a legal opinion
regarding the facts and circumstances of a particular arrangement.
---------------------------------------------------------------------------
\121\ 78 FR at 79210 (``The donation of free access to an
interface used only to transmit orders for the donor's services to
the donor and to receive the results of those services from the
donor would be integrally related to the donor's services. As such,
the free access would have no independent value to the recipient
apart from the services the donor provides and, therefore, would not
implicate the anti-kickback statute.'').
---------------------------------------------------------------------------
[[Page 77839]]
10. Personal Services and Management Contracts and Outcomes-Based
Payment Arrangements (42 CFR 1001.952(d))
Summary of OIG Proposed Rule: We proposed to modify the existing
safe harbor for personal services and management contracts at paragraph
1001.952(d). For paragraph 1001.952(d)(1) we proposed to: (i)
Substitute for the requirement that aggregate compensation under these
agreements be set in advance a requirement that the methodology for
determining compensation be set in advance; (ii) eliminate the
requirement that if an agreement provides for the services of an agent
on a periodic, sporadic, or part-time basis, the contract must specify
the schedule, length, and the exact charge for such intervals; and
(iii) change the paragraph numbering. These proposals are summarized at
sections III.B.10.a and b below.
We also proposed to create new paragraphs 1001.952(d)(2) and (3) to
protect certain outcomes-based payments (as defined). The proposals for
this new protection are summarized at section III.B.10.c, d, and e
below.
Summary of Final Rule: We are finalizing the modifications to the
existing safe harbor for personal services arrangements at paragraph
1001.952(d)(1), as proposed. We are finalizing the new provisions for
outcomes-based payments at paragraphs 1001.952(d)(2) and (3), with
modifications summarized at sections III.B.10.c, d, and e below.
a. Elimination of Requirement To Set Aggregate Compensation in Advance
Summary of OIG Proposed Rule: We proposed to substitute for the
requirement that aggregate compensation under these agreements be set
in advance a requirement that the methodology for determining
compensation be set in advance in paragraph 1001.952(d)(1).
Summary of Final Rule: We are finalizing this modification as
proposed.
Comment: Commenters on this topic overwhelmingly supported the
proposed removal of the requirement to set aggregate compensation in
advance and its replacement with a requirement that the compensation
methodology be set in advance. Commenters offered a variety of reasons
for their support. For example, a commenter valued these changes
because they provide enhanced flexibility to independent medical groups
and other providers seeking to develop innovative care delivery models.
Another commenter suggested that this change allows for greater
flexibility in personal services arrangements while continuing to
incorporate safeguards that limit potential abuse.
Another commenter explained a view that incentive compensation in
comanagement arrangements or bundled payment arrangements often has to
be structured in a formulaic manner, and it is not possible for
hospitals and physicians to know at the beginning of the arrangement
whether and to what extent the physicians may meet the requirements for
earning incentive compensation or the actual amount of compensation
available. The commenter believed the proposed change would address
this existing impediment to safe harbor protection. The commenter also
appreciated that the proposed change would more closely parallel the
set-in-advance requirement under the physician self-referral law
exception for personal services arrangements at 42 CFR 411.357(d),
which would simplify a stakeholder's analysis of protection under the
safe harbor and exception when both laws apply to an arrangement.
Response: We are finalizing this provision as proposed. This change
modernizes the safe harbor and should provide enhanced flexibility to
the health care industry to undertake innovative arrangements,
including arrangements that support the transition to value and better
coordinated care for patients.
Comment: A commenter expressed concern that certain proposed
changes to this safe harbor were not specific enough. In particular,
the commenter warned that replacing a requirement to set aggregate
compensation in advance with a requirement to identify the methodology
for determining compensation could allow entities to structure
agreements that look acceptable on the surface, but actually take into
account the volume and value of referrals.
Response: We agree with the commenter that implementing a more
flexible approach to specifying compensation could protect arrangements
that differ in structure from arrangements the safe harbor currently
protects. However, we believe that other safe harbor conditions
mitigate the risk identified by the commenter, namely the protection of
arrangements that take into account the volume and value of referrals.
For example, we continue to require parties seeking protection under
the safe harbor to adhere to the safe harbor's other conditions (e.g.,
aggregate compensation must be consistent with fair market value in an
arm's length transaction and may not be determined in a manner that
takes into account the volume or value of any referrals or other
business generated between the parties). Arrangements that do not
squarely satisfy these conditions would not be protected by the safe
harbor. In other words, despite the safe harbor's increased flexibility
related to specifying compensation, the safe harbor would not protect
an arrangement by which the aggregate compensation is determined in a
manner that takes into account the volume or value of referrals or
other business generated.
Comment: Some commenters requested further guidance on whether a
payment methodology based on ``actual expenses incurred'' constitutes a
methodology that is sufficiently set in advance to satisfy the safe
harbor condition as proposed. For example, a commenter inquired about
compensation in an arrangement wherein a hospital leases an employed
clinician from a physician practice on a full- or part-time basis.
Specifically, the commenter sought clarification regarding whether the
safe harbor would protect compensation under the employee lease from
the hospital to the practice based on a methodology related to the
physicians practice's actual expenses incurred for employing such
clinician (e.g., salary, benefits, bonus, liability insurance,
overhead). Another commenter requested guidance as to whether payment
based on annual aggregate costs could be prorated to an hourly rate and
charged based on completion of time records.
Response: We appreciate the commenter's examples of potential
arrangements that may be structured to comply with the personal
services safe harbor as finalized. It is possible to structure an
arrangement to fit within the safe harbor by using an hourly rate or
other set, verifiable formula provided that all other conditions of the
safe harbor are met. However, whether compensation under an employee
lease that is based on actual expenses incurred would satisfy the
requirement that the compensation methodology be set in advance or
otherwise meet the safe harbor would depend on the facts and
circumstances. The commenter specifically cited salary, benefits,
liability insurance, overhead expenses, and a bonus. For example,
assume that the hospital leases the physician part-time from the
physician's practice and agrees to pay the practice the percent of the
practice's actual expenses in employing that physician that correlate
to the percentage of the physician's work actually performed for the
hospital. We would expect that an
[[Page 77840]]
employee's salary, benefits, and liability insurance typically would be
set in advance; overhead expenses possibly also would be set in
advance. Consequently, the parties could structure these elements of
the part-time employee's expenses to satisfy the condition that the
compensation methodology be set in advance. However, depending on the
structure and criteria for receiving a ``bonus,'' that portion of the
practice's expenses--and therefore, the compensation methodology for
the part-time employee lease--might not be set in advance and might not
meet other criteria of the safe harbor. For example, if a bonus that
took into account the volume or value of referrals between the parties
was part of the compensation under the lease, the hospital's
compensation to the practice for the part-time employee lease would not
be protected by the safe harbor.
The intent behind these modifications is to provide enhanced
flexibility while mitigating the risk of parties periodically adjusting
the agent's compensation to reward referrals or to promote unnecessary
utilization of services. Parties seeking protection under this safe
harbor must evaluate the specific facts and circumstances of their
arrangement to determine whether the compensation methodology over the
term of the agreement is set in advance before any payment under the
arrangement is made. Any remuneration also must meet all other
conditions of the safe harbor for protection.
Comment: Some commenters agreed with our proposals but asked OIG to
define certain terminology under the safe harbor such as ``fair market
value'' and ``does not take into account the volume or value of
referrals,'' and asked OIG to harmonize OIG's interpretations of this
terminology under the Federal anti-kickback statute with CMS's
interpretations of this terminology under the physician self-referral
law in the proposed rule CMS issued in connection with the Regulatory
Sprint (CMS NPRM),\122\ to the extent possible given the differences in
the two laws. For example, a commenter recommended that OIG adopt CMS's
interpretation of the volume or value standard as proposed by CMS in
the CMS NPRM. Another commenter sought clarification from OIG that
incentive compensation paid to a physician under a comanagement,
bundled payment, or internal cost savings arrangement would not take
into account the volume or value of referrals under the Federal anti-
kickback statute if the physician is paid a percentage of savings per
``case.'' According to the commenter, the more cases performed may
result in more savings, more losses, or something in between. A
commenter asserted that ``value'' in the construct of ``fair market
value'' should not solely relate to what an entity would pay regardless
of the outcome. According to the commenter, OIG should consider
defining ``fair market value'' in a manner that recognizes the value of
savings attributable to the services to the entity paying the incentive
compensation rather than the time value of the services or the value of
the services based on metrics, or any relevant fee schedule. A
commenter recognized that OIG cannot opine on ``fair market value'' in
an advisory opinion but requested that OIG explain whether certain
compensation methodologies (e.g., using an hourly rate as a
compensation methodology or a percentage of savings attributable to an
agent) could constitute fair market value under the Federal anti-
kickback statute.
---------------------------------------------------------------------------
\122\ 84 FR 55766 (Oct. 17, 2019).
---------------------------------------------------------------------------
Another commenter sought confirmation that OIG interprets the term
``commercially reasonable'' consistent with CMS's proposed
interpretation in the CMS NPRM, specifically ``that the particular
arrangement furthers a legitimate business purpose of the parties and
is on similar conditions as like arrangements. An arrangement may be
commercially reasonable even if it does not result in profit for one or
more of the parties.''
Response: We did not propose to define or interpret fair market
value, commercially reasonable, or the phrase ``takes into account the
volume or value of referrals or business otherwise generated,'' nor are
we adopting the commenter's suggestion that we interpret these terms,
for purposes of applying the Federal anti-kickback statute and safe
harbor regulations, consistent with CMS's interpretations of such
terms. These terms have long existed throughout our existing safe
harbors at section 1001.952 without further definition or
interpretation by OIG and are well-established. Whether or not fair
market value is or was paid or received for any personal services
provided by an agent to a principal under this safe harbor depends on
the specific arrangement's facts and circumstances, and we decline to
interpret examples with limited information.
Comment: Certain commenters were concerned that Indian health care
service providers cannot utilize this safe harbor because of the
requirement that each party in the arrangement pay fair market value
for services. According to commenters, the fair market value for Indian
health facility jobs and services may not align with the fair market
value elsewhere. Some of these commenters recommended that the fair
market value for Indian health facilities be lowered and relate more to
the economic realities of provider recruitment and retention in tribal
communities. Commenters also noted that some part-time contractors
currently use the fair market value standard to extract pay that
exceeds the fair market value for jobs within Indian health programs.
Response: We understand the commenters' concerns with respect to
establishing personal services arrangements in facilities or regions
where salaries might be lower than the fair market value found in other
nearby areas. We are not defining fair market value or further
specifying the appropriate methodologies for parties to use when
determining fair market value in this final rule. Based on our law
enforcement experience, arrangements in which parties offer or provide
free or below fair market services to those in a position to refer
federally payable business to the offeror can be problematic under the
Federal anti-kickback statute. However, we agree that fair market value
can vary by region, setting, or other factors. For example, an hourly
rate for certain specialist services in Manhattan likely would be
higher than the hourly rate for the same services in rural Mississippi
or at an Indian health facility.
Comment: A commenter recommended that OIG expand the writing
requirement within the safe harbor to include contemporaneous
documentation rather than a signed agreement. The commenter noted that
the CMS NPRM proposed to remove the formality of a signed agreement and
modified this requirement in certain physician self-referral law
exceptions to allow documentation that constitutes an agreement under
applicable state law, which the commenter believes will ease the
regulatory burden for stakeholders to document the arrangement.
Response: We did not propose to modify the requirement that an
agency agreement be set out in writing, thus we are not finalizing any
change to that requirement. As we explained above, the physician self-
referral law and the Federal anti-kickback statute are different laws
with different standards for liability. Having a signed, written
agreement that meets all requirements of the safe harbor is a core
safeguard that is necessary for parties to demonstrate that they intend
to comply with all requirements of the safe harbor, have structured the
compensation
[[Page 77841]]
methodology appropriately, and have a meeting of the minds on the
services and payment to be provided under the arrangement. However, we
note that the safe harbor does not specify a particular format for the
agreement. The written agreement requirement can be met either through
a single, formal, signed agreement or through a collection of documents
if such collection of documents includes all of the required elements
of the safe harbor and is signed by the parties (e.g., by signing each
document that makes up the agreement, or by signing a single signed
document that incorporates separate documents by reference).
b. Elimination of Requirement To Specify Schedule of Part-Time
Arrangements
Summary of OIG Proposed Rule: We proposed to eliminate the
condition in the safe harbor paragraph 1001.952(d)(5) that requires
that if an agreement provides for the services of an agent on a
periodic, sporadic or part-time basis, the contract must specify the
schedule, length, and the exact charge for such intervals.
Summary of Final Rule: We are finalizing this modification as
proposed.
Comment: Commenters generally appreciated the proposed removal of
the requirement that, for part-time arrangements, the contract must
specify the schedule, length, and the exact charge for such intervals.
Multiple commenters stated that eliminating the requirement that part-
time contractual arrangements specify exact interval schedules allows
for greater flexibility in protected personal services arrangements,
while the safe harbor continues to incorporate safeguards that limit
potential abuse. For example, a commenter noted the proposal could
apply to dialysis facility medical directors who provide their services
on a part-time basis. The commenter highlighted the unpredictable
nature of dialysis care and that the frequent need to respond to urgent
medical emergencies can impede the ability of nephrologists serving as
dialysis facility medical directors to adhere to predetermined
schedules. In contrast, a commenter expressed concern that eliminating
this requirement may increase the risk that either services will not be
rendered or that the payment for services may vary based on referrals
and recommended additional documentation requirements.
Response: We are finalizing the removal of the requirement to
specify the exact schedule of part-time arrangements, as proposed. We
note that this change to the safe harbor should accommodate a broad
range of part-time or sporadic-need value-based payment and care
arrangements in furtherance of the Department's goals in connection
with the Regulatory Sprint. We did not propose additional documentation
requirements, and we continue to believe, as we stated in the OIG
Proposed Rule, that other conditions sufficiently safeguard against the
harms mentioned by a commenter.\123\
---------------------------------------------------------------------------
\123\ 84 FR 55744-45 (Oct. 17, 2019).
---------------------------------------------------------------------------
c. Proposal To Protect Outcomes-Based Payments
Summary of OIG Proposed Rule: At proposed paragraphs 1001.952(d)(2)
and (3), we proposed to protect outcomes-based payment arrangements
between a principal and an agent that reward improving patient or
population health by achieving one or more outcome measures that
effectively and efficiently coordinate care across care settings, or by
achieving one or more outcome measures that appropriately reduce payor
costs while improving, or maintaining the improved, quality of care. We
proposed several safeguards. Under proposed paragraphs 1001.952(d)(2),
protected payments would be between parties collaborating to measurably
improve or maintain improvement in quality of care or appropriately and
materially reduce costs of payments (without diminution of the quality
of care), and the agent receiving the payment would need to meet at
least one evidence-based, valid outcomes measure meeting specified
criteria, including selection based on credible medical support. Under
proposed paragraph 1001.952(d)(2)(iii), the payment methodology would
be set in advance, commercially reasonable, consistent with fair market
value, and not determined in a manner that directly takes into account
the volume or value of referrals or other business generated between
the parties.
Additionally, at paragraph 1001.952(d)(2), we proposed safeguards
to protect clinical decision-making, guard against stinting on care,
and ensure written documentation, monitoring, periodic rebasing of
outcome measures, and corrective action of deficiencies in the quality
of care. The term of protected arrangements would be at least 1 year.
At proposed paragraph 1001.952(d)(3), we proposed making certain
entities ineligible for safe harbor protection under the outcomes-based
payments provisions in a manner similar to the proposed definition of
VBE participant at proposed paragraph 1001.952(ee)(12), and we proposed
that outcomes-based payments would exclude payments related solely to
achievement of internal cost savings for the principal. We indicated
that we were considering excluding payments based on patient
satisfaction or convenience measures.
Summary of Final Rule: We are finalizing, with modifications, the
new protection for outcomes-based payments at paragraphs 1001.952(d)(2)
and (3). We revised the definition of ``outcomes-based payment'' in
paragraph 1001.952(d)(3)(ii) to clarify that the payment may be a
reward for successfully achieving an outcome measure or a recoupment or
reduction in payment for failure to achieve an outcome measure.
Paragraph 1001.952(d)(2)(i) consolidates and streamlines proposed
paragraphs 1001.952(d)(2)(i) and (ii) related to acceptable outcomes
measures; to receive a protected outcomes-based payment, the agent must
achieve one or more legitimate outcome measure selected based on
clinical evidence or credible medical support and with specified
benchmarks related to quality of care, a reduction in costs, or both.
At paragraph 1001.952(d)(2)(vii)(B), we revised our proposal related to
``rebasing'' of outcomes measures to clarify that the parties must
periodically (i) assess and (ii) revise benchmarks and remuneration
under the agreement as necessary to ensure that any remuneration is
consistent with fair market value in an arm's-length transaction as
required by paragraph 1001.952(d)(2)(ii).
We finalize the proposed requirements related to fair market value,
commercial reasonableness, and the volume or value of business at
paragraph 1001.952(d)(2)(ii). At paragraph 1001.952(d)(2)(iii), we
finalize the writing requirement proposed at paragraph
1001.952(d)(2)(viii). In paragraph 1001.952(d)(2), we finalize
additional safeguards related to clinical decision-making, stinting on
care, a 1-year term, monitoring, and counseling and promotion of
unlawful business, as proposed.
At paragraph 1001.952(d)(3)(iii), we finalized the scope of
entities ineligible for safe harbor protection for making outcomes-
based payments to include: (i) Pharmaceutical companies; (ii) PBMs;
(iii) laboratory companies; (iv) pharmacies that primarily compound
drugs or primarily dispense compounded drugs; (v) manufacturers of a
device or medical supply, as defined in paragraph (ee)(14)(iv); (vi)
medical device distributors or wholesalers that are not otherwise
manufacturers of a device or medical
[[Page 77842]]
supply, as defined in paragraph (ee)(14)(iv) of this section; or (vii)
DMEPOS companies. In the same paragraph, we finalize our policy to
exclude payments for internal cost savings or payments based solely on
patient satisfaction or patient convenience measures.
We clarify in both paragraph 1001.952(d)(2)(ii) and paragraph
1001.952(d)(3)(ii) that the remuneration may be ``between or among''
the parties, rather than being limited to remuneration from the
principal to the agent. We reordered the provisions from paragraphs
(d)(2)(iii)-(vii) without making additional substantive changes. We
made technical corrections in paragraph 1001.952(d)(2) to replace the
word ``satisfy'' with the word ``achieve'' in order to use a consistent
term throughout the safe harbor.
Comment: Many commenters supported OIG's proposal to expand the
existing safe harbor for personal services and management contracts by
creating new provisions at paragraphs 42 CFR 1001.952(d)(2)-(3) to
protect certain outcomes-based payments. Some expressed support for
protection for outcomes-based payments but encouraged OIG to provide
greater specificity regarding the types of payment arrangements,
specific outcome measures, and specific requirements for measuring
achievement of outcomes that would qualify for protection under these
proposed provisions to the safe harbor. A commenter asked OIG to
clarify that the list of examples in the OIG Proposed Rule's preamble
was not all-inclusive, but merely a representative list of the types of
arrangements that may be protected under the safe harbor. Another
commenter cautioned against referencing or creating an exhaustive list
of specific types of payments that could qualify as ``outcomes-based
payments'' because that approach would be too limiting. Another
commenter requested that OIG reiterate its recognition that outcomes-
based payment arrangements may vary in structure and that the safe
harbor should provide flexibility for arrangements designed to achieve
appropriate quality of patient care as well as appropriate efficiency
and cost-saving goals. Many commenters believed the proposals were
unnecessarily limited, overly complex, and potentially difficult for
physicians to implement, and another commenter found the monitoring of
arrangements overly burdensome.
Response: We intend for the outcomes-based payments safe harbor to
support outcomes-based payments that facilitate care coordination,
encourage provider engagement across care settings, and advance the
transition to value. At the outset, we note that in response to general
comments regarding the complexity of this safe harbor and for the sake
of clarity, we streamlined the language we had proposed in paragraphs
1001.952(d)(2)(i) and (ii) such that the safe harbor still expressly
specifies that the agent must achieve one or more legitimate outcome
measures selected based on clinical evidence or credible medical
support, but we are not finalizing the proposed language relating to
the measures being specific, evidence-based, and valid. As we explain
in greater detail in section III.B.3.b above in our discussion of
outcome measures in the care coordination safe harbor, based on public
comment, we changed the terms ``evidence-based'' and ``valid'' to
``clinical evidence'' and ``legitimate'' to offer some additional
flexibility while reflecting our intention that measures be credible
and appropriate. In selecting outcome measures, parties have broad
latitude under this safe harbor to identify opportunities for improving
or maintaining the improvement of patient care and reducing costs to
payors in ways that are scientifically valid, measurable, and
transparent.
We are not limiting protection under the safe harbor to a specific
set of arrangements such as value-based arrangements. In the OIG
Proposed Rule, we listed certain arrangements that may be protected
under the safe harbor, provided the arrangement meets every requirement
of the safe harbor.\124\ We are not limiting the protection provided by
this safe harbor to a particular list of arrangements or particular
types or structures of arrangements or measures.
---------------------------------------------------------------------------
\124\ 84 FR 55745 (Oct. 17, 2019).
---------------------------------------------------------------------------
We take a broader approach by providing additional protection to a
variety of stakeholders, which should facilitate innovation in
designing compensation arrangements that are value-based. As we stated
in the OIG Proposed Rule, we strive to provide flexibility in this safe
harbor, but we also must include appropriate safeguards, such as
monitoring and assessment requirements, to protect patients and Federal
health care programs.
Comment: We received comments on our proposed definition of
``outcomes-based payment'' and its interaction with other requirements.
For example, a commenter recommended that we remove the language in the
``outcomes-based payment'' definition that appears to make effectively
and efficiently coordinating care across care settings a required
factor in an outcome measure. A commenter also asked that we harmonize
the terms we use to describe ``outcome measures'' throughout the safe
harbor. For example, a commenter indicated that the definition of
``outcomes-based payment'' is not consistent with the way payments are
made under existing alternative payment models. A commenter recommended
a technical change to paragraph 1001.952(d)(2) to specify that the safe
harbor protects outcomes-based payments made by a principal to an agent
as compensation for the services of the agent.
Response: We are not making the change to paragraph 1001.952(d)(2)
suggested by a commenter to refer to payments from a principal to an
agent. However, we note that the safe harbor protects any ``outcomes-
based payment,'' and that term is defined in paragraph 1001.952(d)(3).
In this final rule, we revised that definition to protect payments
``between or among a principal and an agent'' that meet certain
criteria, as described in more detail below.
In addition, we removed the language in the definition of
``outcomes-based payment'' regarding effectively and efficiently
coordinating care across care settings, and instead rely on a reference
to paragraph 1001.952(d)(2)(i) in which outcome measures are described.
We believe that this change also addresses the commenter's concern
about different terminology in those two sections. We also are revising
the proposed requirement that the outcome measure measurably improves
quality of patient care or appropriately and materially reduces payor
costs to provide that the measure must be used to quantify: (i) Quality
improvements (or maintenance of improvements in quality); (ii) material
reductions in payor costs or expenditure growth while maintaining or
improving the quality of care for patients; or (iii) both. Finally, we
note that this safe harbor is not the only option for protecting
payments under alternative payment models. Participants in such models
may be able to look to the safe harbor for CMS-sponsored models at
paragraph 1001.952(ii), or the value-based safe harbors at paragraphs
1001.952(ee)-(gg).
Comment: A commenter urged OIG to use ``outcome measures'' under
paragraph 1001.952(d)(2) consistently with the use of the term under
paragraph 1001.952(ee) to reduce complexity.
Response: We interpret the term ``outcome measure'' under this safe
harbor to have the same meaning as
[[Page 77843]]
under any other safe harbor that uses it, including paragraph
1001.952(ee). We note, however, that different safe harbors protect
different types of remuneration, include different safeguards, and use
additional terms. For example, in the safe harbor for care coordination
arrangements, the ``outcome or process measure'' must have a benchmark
related to improving or maintaining improvements in the coordination
and management of care for the target patient population, while
``outcome measures'' under this safe harbor must have benchmarks that
relate to improving or maintaining the quality of patient care,
reducing costs or growth in expenditures to payors, or both. If a party
seeks safe harbor protection for a particular arrangement, the
arrangement need only meet one safe harbor to qualify for protection
but the arrangement must comply with all conditions of the chosen safe
harbor.
Comment: A commenter urged that outcomes-based payments should
include a service component to prevent sham arrangements that simply
maintain the status quo. Similarly, a few commenters suggested that OIG
limit parties that may pay outcomes-based payments to parties
participating within a VBE to prevent fraud and abuse, such as sham
arrangements through which no service is provided. A commenter asked
whether an outcomes-based payment agreement that requires exclusive or
minimum level of use of a product (e.g., product standardization) to
achieve an outcomes-based payment could be protected by the safe harbor
as long as the principal makes a determination that such the
requirement for exclusivity or minimum use will not preclude it from
making decisions in its patients' best interests.
Response: As we stated in the OIG Proposed Rule, measures that
simply seek to reward the status quo would not meet the safe harbor
condition that requires parties to select legitimate outcome
measures.\125\ However, we are not limiting the scope of entities that
may make outcomes-based payments to VBEs or VBE participants. We
believe that the conditions parties must meet for safe harbor
protection will sufficiently mitigate the risk of fraud and abuse.
---------------------------------------------------------------------------
\125\ 84 FR 55746 (Oct. 17, 2019).
---------------------------------------------------------------------------
We agree that the safe harbor does not necessarily preclude product
standardization. If the product standardization measures selected by
the parties under the outcomes-based payment arrangement do not limit
any party's ability to make decisions in their patients' best interest
and meet the other terms of the safe harbor, then they could be part of
an outcomes-based payment arrangement.
Comment: A trade association commented that only sophisticated
health systems with advanced data analytics have the capability to
internally develop outcome measures while small, underserved, and rural
practices would not have the resources to develop these measures
internally. For example, a commenter noted that measuring outcomes can
be a challenging and resource-intensive process that takes time to
evaluate, especially on the individual participant level in a large
entity with significant numbers of participants and multiple specialty
areas.
Response: We recognize that structuring and implementing outcomes-
based payment arrangements that satisfy the conditions of this safe
harbor may be more onerous than structuring and implementing
traditional personal service arrangements under the existing personal
services and management contracts safe harbor (e.g., a party striving
to satisfy the outcomes-based payment arrangements provisions must
determine legitimate outcome measures, establish the types of services
to be performed to achieve an outcome measure, set benchmarks, monitor
and assess achievement, and ultimately achieve outcome measures). We
understand the commenter's concern regarding the potential
administrative and financial impact that developing outcome measures
may have on small, underserved, and rural providers. Participation in
an outcomes-based payment arrangement is entirely voluntary, as is
structuring outcomes-based payments to satisfy the conditions of this
safe harbor. To the extent that parties wish to enter into an outcomes-
based payment arrangement and structure such arrangement to satisfy the
conditions of this safe harbor, the parties have discretion in the
selection of outcome measures. Providers serving small, underserved, or
rural communities may select outcome measures that would not impose an
inappropriate financial burden on the parties to effectuate.
Comment: A commenter asked OIG to include process measures (e.g.,
providing or not providing a specific treatment) that are supported by
strong evidence of improving an outcome within the types of valid
outcome measures that may serve as the basis for payment under the safe
harbor. Another commenter recommended that we require outcomes-based
arrangements to include a service component.
Response: We agree that process measures supported by strong
evidence of improving an outcome may serve as a component of outcome
measures that an agent must achieve to receive an outcomes-based
payment. For example, an outcomes-based payment arrangement may measure
the agent's compliance with certain steps of a care process (e.g.,
providing mammograms) to improve a specific health outcome. In section
III.B.3.b above, we explain the rationale for permitting process
measures to be included in the care coordination arrangements safe
harbor but not in the outcomes-based payment provisions discussed here
(although a process measure could be included as part of an outcomes
measure); that rationale focuses on the different remuneration
permitted under the two safe harbors and the different standards set
forth by each safe harbor.
Under the modified regulatory text, outcome measures must be
selected based on clinical evidence or credible medical support and be
used to: (i) Quantify improvements or maintenance of improvements in
the quality of patient care; (ii) quantify a material reduction in
costs to, or growth in expenditures of, payors while maintaining or
improving quality of care for patients; or (iii) both. In addition, as
we proposed in the OIG Proposed Rule a ``measure'' related to patient
satisfaction or convenience would not meet the criteria of an outcome
measure.\126\ For similar reasons to those we discuss in connection
with outcomes measures for paragraph 1001.952(ee), the final rule at
paragraph 1001.952(d)(3)(iii)(C) provides that an outcomes-based
payment based solely on patient satisfaction or patient convenience
measures would not be protected. We recognize that patient satisfaction
and patient convenience can be relevant factors in patient care.
However, we do not consider these types of measures, standing alone, to
provide adequate protection against abusive or sham payment
arrangements for purposes of granting safe harbor protection.
---------------------------------------------------------------------------
\126\ 84 FR 55708 (Oct. 17, 2019).
---------------------------------------------------------------------------
We anticipate that most outcomes-based arrangements would include
certain services to meet the conditions of the safe harbor, and the
regulatory text includes several references to services. However, we
believe that adding a separate requirement specific to performing
services could add confusion, and that existing conditions in paragraph
1001.952(d)(2) safeguard against sham arrangements.
[[Page 77844]]
Comment: A commenter asked OIG not to require outcome measures to
measurably improve the quality of patient care once the quality of care
metric has been achieved. Instead, the commenter suggested that OIG
focus on payment incentives that reduce costs after quality targets are
met. On the other hand, a commenter expressed concern that allowing
payment for ``maintaining improvement'' would invite sham arrangements
that disguise payments in exchange for referrals for merely maintaining
the status quo.
Response: We share the concern about the potential for sham
arrangements associated with maintaining cost or quality. However, we
also recognize that parties may succeed in reaching the desired outcome
on quality or cost containment but need to be incentivized to maintain
it to prevent subsequent reductions in attained quality or cost
containment. To achieve the desired outcome, parties may need to invest
resources at the beginning of an arrangement (e.g., to develop new
protocols and engage in training). However, a continued expenditure of
resources also may be necessary to avoid regression from any progress
made. These are the types of issues we would expect parties to assess
and, as necessary, revise benchmarks and remuneration under the
arrangement to benchmarks to continue to achieve the desired outcome on
a periodic basis. For example, if parties had an outcome measure
related to reducing falls to a certain level from a starting benchmark
point in a skilled nursing facility, and they eventually achieve a fall
rate benchmark that no longer has room for improvement, a revised
outcome measure might be to maintain that low fall rate (i.e., the new
fall rate becomes the starting benchmark, and the outcome measure is to
maintain it rather than reduce it). Any outcomes-based payment made for
a new outcome measure would still have to meet all conditions of the
safe harbor, including that the methodology for setting compensation is
consistent with fair market value. For example, the fair market value
of an outcomes-based payment made to an agent to maintain the desired
level of quality of care may be lower than the fair market value of an
initial outcomes-based payment made for implementing operational
changes necessary to achieve the quality of care outcome measure.
Comment: A commenter indicated that it currently operates outcomes-
based payment arrangements and suggested that OIG impose the following
three requirements to ensure that all outcomes-based payments are
legitimately made toward advancing the clinical and cost-saving goals
of the arrangement and not merely payments for referrals: (i) Require
outcome measures to be well-defined, meaningful to patients, achievable
in a defined timeframe, and agreed upon by the parties; (ii) require
outcome measures to be tracked through claims data, existing
registries, EHRs, or other low-cost mechanisms; and (iii) require the
arrangement to deliver measurable outcomes that improve patient quality
of care and other benefits to the health care system through lower cost
of care, other efficiencies, or shared accountability, or both.
Response: We appreciate the commenter's helpful suggestions. While
we are not using the precise wording offered by the commenter, we
believe the language finalized in the regulation captures many of the
concepts suggested by the commenter. Similar to the commenter's
suggestion of requiring meaningful, well-defined outcome measures, we
require that the outcome measures be selected based on clinical
evidence or other credible medical support and be used to quantify
improvements to or maintenance of improvements in the quality of care
or material reductions in cost to (or growth in expenditures of)
payors, while maintaining or improving the quality of care of patients.
We are not setting a timeline by which parties must achieve outcomes or
requiring that parties must specify a timeline under which outcomes
must be achieved because we recognize that the timeframe necessary to
achieve certain outcome measures can vary greatly, depending on the
measure and other characteristics, and that it may be challenging for
parties to specify a certain timeline to achieve outcomes. Likewise, we
do not specify any particular mechanism for tracking progress toward
meeting outcome measures. We are not requiring parties to track outcome
measures through claims data. However, the parties must regularly
monitor and assess the agent's performance under the specified outcome
measure(s), including its impact on patient quality of care and make
any necessary adjustments. Parties also must periodically assess and,
as necessary, revise the benchmarks and remuneration under the
arrangement to ensure remuneration is consistent with fair market
value. We do not believe mandating specific documentation methods is a
necessary safeguard against fraud and abuse; parties may conduct and
document such monitoring in any way that makes sense for the particular
arrangement.
Comment: A commenter asked OIG to remove the proposed requirement
that an outcome measure ``appropriately and materially'' reduce costs
or growth in expenditures for payors because the commenter believed
this provision was too subjective. A commenter requested that OIG
provide greater certainty to stakeholders by establishing concrete
methods that parties could use to determine whether an outcome measure
improves quality of care under an arrangement. Another commenter
disagreed with the proposed safe harbor requirement that the agent
achieve the outcome measure in order to receive payment, asserting that
constant achievement of any outcome measure is not practical in health
care.
Response: We are making certain changes to ensure that parties
appropriately measure and quantify the results of the arrangement on
patient quality of care and costs. We are finalizing our proposal
requiring the agent to achieve the outcome measure for the payment to
be protected.\127\ We believe this requirement serves as an important
safeguard to ensure that remuneration is for legitimate outcomes
anticipated through implementing the arrangement and is not a vehicle
for rewarding referrals. We are not requiring particular methods to
evaluate quality improvements (or maintenance of improvements in
quality) under any protected arrangement because we believe that
evaluation methods may be specific to each arrangement and may evolve
in the future as parties innovate in new ways. We are modifying the
proposed language by replacing ``appropriately and materially'' with a
requirement that the agent achieve one or more legitimate outcome
measures that meet conditions described elsewhere in this preamble. We
believe this modification will allow parties additional flexibility to
determine how to quantify quality improvements (or maintenance of
improvements in quality) to accommodate different types of outcomes-
based payment arrangements among a variety of stakeholders.
---------------------------------------------------------------------------
\127\ We recognize that the Federal anti-kickback statute
applies both to the offer and the receipt of remuneration, and
parties may not know at the time of the offer of an outcomes-based
payment (i.e., when the parties develop and initiate the
arrangement) whether the outcome measure(s) will be achieved.
Assuming all other safe harbor conditions are met when the
remuneration is offered under an outcomes-based payment arrangement,
the offer would be protected, even if the agent fails to achieve the
outcome measure. However, any payment made for an outcome measure
not successfully achieved would not meet the safe harbor conditions
under paragraph 1001.952(d)(i) and would not be protected.
---------------------------------------------------------------------------
[[Page 77845]]
Comment: Numerous commenters urged OIG to broaden its proposal to
protect payments that solely provide cost savings to a payor to include
cost savings to providers. Some commenters argued that limiting
protection to arrangements that achieve cost savings to a payor would
make the safe harbor unworkable in practice and encouraged OIG to
include arrangements that achieve cost savings to a provider to
incentivize changes in physician behavior that are necessary to
facilitate the transition to value-based care. A commenter posited that
outcomes-based payments by nature involve standardization on a given
system, protocol, or both to improve efficiencies and better coordinate
and deliver care.
A few commenters indicated that cost savings arrangements for cost-
reporting providers would not immediately produce cost reductions for
payors but may eventually lower Medicare costs because the cost
reductions may be reflected in future bundled payment rates.
Response: Having considered the comments, we decline to broaden the
safe harbor to protect outcomes-based payments for arrangements that
reduce internal costs only to the providers making the payments. We are
concerned that such payments, while potentially beneficial in
generating efficiencies, pose risks to patient care that outweigh the
potential for the arrangements to further the care coordination and
efficiency goals of this rulemaking if protected.
In some cases, such as hospital-physician gainsharing, arrangements
that reduce internal costs may benefit only the hospital making the
payments without necessarily contributing to better care coordination,
improvements in quality of care, or appropriate reductions in costs. We
are concerned that some payments, such as a payment to select a less
expensive device or to discharge a patient more quickly, could lead to
reductions in the quality or safety of patient care. Moreover, apart
from quality of care concerns such payments would not offer a
corresponding reduction in the payments made by Medicare or another
Federal health care program. In the absence of a potential efficiency
benefit to Federal health care programs, and in light of patient care
concerns, we are not protecting payments that relate solely to the
achievement of internal cost savings for the principal making the
payment as an ``outcomes-based payment.''
However, properly structured arrangements that compensate
physicians for services performed and achieve hospital internal cost
savings can serve legitimate business and medical purposes. Depending
on the specific facts and circumstances, such arrangements could
potentially be structured in a manner that complies with paragraph
1001.952(d)(1), as finalized.
Comment: Numerous commenters opposed the proposed safe harbor
requirement that the methodology for determining the aggregate
compensation (including any outcomes-based payments) paid between or
among the parties over the term of an agreement be consistent with fair
market value, commercially reasonable, and not be determined in a
manner that directly takes into account the volume or value of
referrals or other business generated between the parties, arguing that
there are no industry standards applicable to outcomes-based payments
available to date. A commenter expressed concern about only prohibiting
the aggregate compensation from being determined in a way that
``directly'' takes into account the volume or value of referrals.
Others supported these safe harbor requirements but asked for
clarification from OIG on these terms, or asked OIG to align OIG's view
of these standards to be consistent with the definitions of these terms
proposed in the CMS NPRM as they relate to the physician self-referral
law.
Others argued that legitimate, outcomes-based arrangements should
be able to take into account the volume or value of referrals within
the payment methodology. A few commenters suggested that OIG remove the
fair market value requirement.
Response: We recognize that the process of evaluating whether an
outcomes-based payment arrangement is consistent with fair market value
may evolve and adapt as the health care industry shifts to value-based
care payment models and outcomes-based payments. However, we believe
that ensuring that the aggregate remuneration is consistent with fair
market value helps ensure that monetary remuneration is paid for
services that achieve legitimate outcome measures rather than
referrals.
We are not adopting any particular standard for determining that
the aggregate compensation methodology is consistent with fair market
value to provide parties sufficient flexibility to analyze fair market
value as applicable to specific arrangements and in arrangements that
may not currently exist today. As explained above in our discussion of
the elimination of the requirement to set aggregate compensation in
advance, we decline to adopt the fair market value standard proposed by
CMS under the physician self-referral law. We are finalizing our
proposal to require that the compensation methodology for determining
the outcomes-based payment not directly take into account the volume or
value of referrals or other business generated between the parties. We
believe this will provide parties flexibility to structure arrangements
that incentivize providers to achieve an outcome measure, even if the
methodology indirectly takes into account the volume or value of
referrals.
Comment: A commenter questioned whether the safe harbor protects
``reverse-flow payments'' from an agent to a principal and recommended
that OIG revise the definition for ``outcomes-based payment'' to
protect payments from an agent to a principal when a targeted outcome
or cost metric has not been achieved (i.e., shared-losses payments).
Response: In the OIG Proposed Rule, we explained that a shared-
losses payment could constitute an ``outcomes-based payment.'' \128\ We
are finalizing this position through revisions to the regulatory text
at paragraph 1001.952(d)(3)(ii) to clarify that an outcomes-based
payment is a payment ``between or among a principal and an agent'' that
meets the criteria listed in paragraphs 1001.952(d)(3)(ii)(A) and (B),
and includes payments in the form of recoupment from or reduction in
payment to an agent.
---------------------------------------------------------------------------
\128\ 84 FR 55745 (Oct. 17, 2019).
---------------------------------------------------------------------------
Comment: Several commenters objected to the safe harbor including a
specific timeframe after which parties seeking protection for outcomes-
based payments would have to rebase their benchmarks. Commenters noted
that any such time limits would be artificial. A commenter concerned
with the negative effects of annual rebasing on preventive care
provided the following example: One clinician takes preventive care
steps to prevent colon cancer or to identify cancer at an earlier stage
(e.g., through colonoscopies, blood work) in the first year, which has
the effect of reducing the risk of cancer for 5 years, while another
clinician does not take any preventive care steps for a patient and the
patient develops cancer 4 years later. According to the commenter, if
rebasing is done on an annual basis, the second clinician would be
rewarded for providing care at no cost and good outcomes during that 1
year, while the first clinician would not be rewarded because the
clinician provided high-cost care with no discernible improvement of
outcomes during that limited timeframe.
[[Page 77846]]
Some commenters noted that finalizing a safe harbor condition that
specifies timeframes for rebasing may have a negative impact on
participation in outcomes-based arrangements. For example, because
margins for improvement against benchmarks may be more challenging or
impossible to meet over time, parties may be disincentivized to enter
into these arrangements in the first place, or incentivized to unwind
them after initial improvements, due to concerns about having an
arrangement structure that does not squarely meet a safe harbor. Some
of the commenters noted that, if there must be a specific timeframe in
the safe harbor, that timeframe should be at least 5 to 10 years. In
contrast, a commenter recommended that benchmarks be adjusted at least
yearly to limit the risk that ``evergreen'' arrangements could be used
as a vehicle to evade legitimate outcome obligations and instead to
reward referrals.
Several commenters supported the standard we proposed in the OIG
Proposed Rule requiring outcome measures to be periodically rebased, as
applicable, during the term of the agreement. As an alternative, a
commenter suggested that OIG revise this provision to require that the
parties periodically reevaluate whether an outcome measure should be
rebased throughout the term or expressly state that under some
circumstances it may be appropriate upon review to maintain an existing
outcome-based measure. In support of a nonspecific periodic review
approach, commenters noted that the time period for implementing
interventions and other actions needed to influence outcome measures
can vary greatly, as can the time period needed for results to fully
appear in outcome measures data. In addition, commenters asserted that
some outcomes measures may not be tied to a baseline performance level
at all. Commenters also highlighted that outcomes-based payments may be
made for maintaining improvement in quality of patient care, in which
case the targets for the outcomes-based payment would not be altered. A
commenter noted that providers and collaborators continually analyze
their results, and value-based purchasing programs incentivize parties
to adjust outcome measures in a timely manner. We also received a
request for clarification on any durational limits on outcome-based
payments or if there are parameters related to when they must end
(i.e., whether an arrangement must end upon achieving the initial
outcome measure or if it can continue through implementing a new
outcome measure or maintaining the initial achievement).
Response: We note first that for an agent to receive a protected
outcomes-based payment under the final safe harbor, the agent must have
achieved a specified, legitimate outcome measure. For an outcome to be
measurable, there must be some sort of benchmark, whether that
benchmark is a starting point (e.g., a 10 percent reduction from X) or
reflects an end point (e.g., 90 percent of the time, X happened or was
avoided). We agree with commenters that a one-size-fits-all approach is
not appropriate for assessing benchmarks. However, we also agree with
the commenter who highlighted the concern we raised in the OIG Proposed
Rule about ``evergreen'' arrangements \129\ in which outcome measures
are not properly monitored and the remuneration is paid in exchange for
referrals, after any intended benchmarks have been met (or without
determining that the outcome measure was achieved).
---------------------------------------------------------------------------
\129\ 84 FR 55747 (Oct. 17, 2019).
---------------------------------------------------------------------------
To illustrate, we point to the example from a commenter as it is
summarized above, with two clinicians taking different approaches to
patients with respect to colon cancer prevention and detection. Setting
aside the potentially disparate impact on patient health, health
outcomes, and quality of care, and looking only at costs for purposes
of this example, one clinician may increase costs to payors in the
short term by increasing preventive care but may save money in the
longer term, while the other clinician may have limited costs in the
short term, but by failing to detect the cancer early may increase
costs to payors in the long term. However, it is not clear in the
example what the outcome measure might be. By way of example for
illustrative purposes, the U.S. Preventive Services Task Force
recommends colon cancer screening beginning at age 50. A reasonable
outcome measure might be a specific percentage increase in the
practice's patient population first getting screened between age 50 and
55. Parties would need to evaluate an appropriate benchmark year (i.e.,
a percentage increase in first screenings from which year), and whether
over time the percentage change should be updated, the benchmark year
should be changed, or both. In addition, the amount of remuneration
paid for achieving the outcome measure should be reassessed to
determine whether it is fair market value. For example, a practice may
need to develop new processes, training, and take other steps initially
to achieve an outcome measure. While certain work must continue in
future years to continue achieving the desired outcomes (whether it is
for continuing to improve quality of patient care or materially reduce
cost, or to maintain the achieved improvements in those areas), the
outcomes-based payment may be less than it was during the initial
year(s). If the outcome measure was based on the cost savings over the
course of a year, an annual reassessment of the benchmark and
remuneration would be appropriate to meet that safe harbor requirement.
We also recognize that some outcome measures might be on a longer
timetable for reassessment (e.g., a percentage reduction in costs over
a 5-year time span). Therefore, the outcome measure might not need to
be reassessed for 5 years (but an outcomes-based payment also would not
be protected by this safe harbor until such outcome is achieved).
We have revised the regulatory text in the final rule to address
many of the issues the commenters raised. These revisions are
consistent with the substance of what we proposed in the OIG Proposed
Rule. In the OIG Proposed Rule, we had solicited comments on defining
the term ``rebasing'' and had described the fraud and abuse risk we
were trying to prevent (e.g., arrangements in which outcome measures
are not properly monitored or assessed and could be used as a vehicle
to reward referrals well after the desired provider behavior change or
savings benchmark has been met \130\). Specifically, in this final
rule, rather than stating that, for each outcome measure, the parties
must ``rebase during the term of the agreement, to the extent
applicable,'' we are stating that the parties must ``[p]eriodically
assess and, as necessary, revise benchmarks and remuneration under the
agreement to ensure that the remuneration is consistent with fair
market value in an arm's-length transaction as required by
(d)(2)(ii).'' Thus, for safe harbor protection, all parties must assess
the arrangement periodically (e.g., determine whether continued use of
a benchmark or a measure is appropriate and whether the remuneration is
appropriate for achieving that outcome measure), and then the parties
should make any adjustments to benchmarks or remuneration that may be
necessary to meet other conditions of the safe harbor.
---------------------------------------------------------------------------
\130\ 84 FR 55747 (Oct. 17, 2019).
---------------------------------------------------------------------------
[[Page 77847]]
d. Outcomes-Based Payments: Entities Not Eligible for Protection
Summary of the OIG Proposed Rule: We proposed making certain
entities ineligible for safe harbor protection under the outcomes-based
payments provisions, as described in section III.B.10.c.
Summary of the Final Rule: We are finalizing our policy to make
certain entities ineligible for safe harbor protection. Specifically,
the following entities will be ineligible to use the safe harbor: (i)
Pharmaceutical companies; (ii) PBMs; (iii) laboratory companies; (iv)
pharmacies that primarily compound drugs or primarily dispense
compounded drugs; (v) manufacturers of a device or medical supply, as
defined in paragraph (ee)(14)(iv); (vi) medical device distributors or
wholesalers that are not otherwise manufacturers of a device or medical
supply, as defined in paragraph (ee)(14)(iv) of this section; and (vii)
DMEPOS companies. In addition, the final rule clarifies that DMEPOS
companies do not include a pharmacy or a physician, provider, or other
entity that primarily furnishes services.
Comment: Numerous commenters, including stakeholders representing
pharmaceutical and medical device manufacturers and laboratories,
opposed carving out pharmaceutical and medical device manufacturers,
manufacturers, distributors, and suppliers of DMEPOS, and laboratories
from the protection under the safe harbor. For example, a commenter
suggested that medical device manufacturers should be protected because
they can make valuable contributions to value-based care. Other
commenters supported OIG's proposal, with some commenters requesting
that we make additional entities ineligible for protection, such as
device manufacturers, distributors, wholesalers, PBMs, and pharmacies.
Response: As laid out in the OIG Proposed Rule, we remain concerned
that pharmaceutical and medical device companies, DMEPOS companies, and
laboratories may inappropriately use outcomes-based payment
arrangements to market their products or divert patients from a more
clinically appropriate item or service, provider, or supplier without
regard to the best interests of the patient or to induce medically
unnecessary demand for items and services.\131\ In the OIG Proposed
Rule, we proposed to exclude from safe harbor protection payments made
directly or indirectly by a pharmaceutical manufacturer; a
manufacturer, distributor, or supplier of durable medical equipment,
prosthetics, orthotics, or supplies, or a laboratory. We proposed to
exclude these parties based on our enforcement and oversight experience
and for reasons similar to the reasons for proposed exclusion of these
entities from the definition of VBE participant (for further discussion
of these reasons, readers are referred to section III.B.2.e.ii above).
We explained that this provision reflected our concerns that these
types of entities are heavily dependent on prescriptions and referrals
and might use outcomes-based payments primarily to market their
products to providers and patients. We further said we were considering
excluding pharmacies (including compounding pharmacies), PBMs,
wholesalers, and distributors for the same reasons we proposed to
exclude them from the definition of VBE participant. With respect to
PBMs, wholesalers, and distributors, their businesses are closely
connected to the sale of manufacturer products, which provides an
additional reason to exclude them along with manufacturers.
---------------------------------------------------------------------------
\131\ 84 FR 55746 (Oct. 17, 2019).
---------------------------------------------------------------------------
Additionally, we said in the OIG Proposed Rule that we were
considering for the final rule the exclusion of medical device
manufacturers from participation in the outcomes-based payments
arrangements safe harbor.\132\ We explained our historical law
enforcement experience with matters involving kickbacks paid to
physicians, hospitals, and ambulatory surgical centers to market
various medical devices, such as devices used for invasive procedures;
in some cases, these schemes resulted in patients getting medically
unnecessary care. We also explained our longstanding concern with
physician-owned distributorships of medical devices because of
financial incentives to perform more (or more extensive) procedures
than are medically necessary and to use the devices sold by the
distributorship instead of more clinically appropriate devices.\133\
---------------------------------------------------------------------------
\132\ 84 FR 55705 (Oct. 17, 2019).
\133\ Id.
---------------------------------------------------------------------------
For the reasons stated in the OIG Proposed Rule, we are finalizing
the provision as follows: Outcomes-based payments made directly or
indirectly by the following entities are ineligible for protection
under this safe harbor: (i) A pharmaceutical manufacturer, distributor,
or wholesaler; (ii) a pharmacy benefit manager; (iii) a laboratory
company; (iv) a pharmacy that primarily compounds drugs or primarily
dispenses compounded drugs; (v) a manufacturer of a device or medical
supply, as that term is defined in paragraph 1001.952(ee)(14)(iv) of
this section; (vi) a medical device distributor or wholesaler that is
not otherwise a manufacturer of a device or medical supply, as defined
in paragraph (ee)(14)(iv) of this section; or (vii) an entity or
individual that sells or rents durable medical equipment, prosthetics,
orthotics, or supplies covered by a Federal health care program (other
than a pharmacy or a physician, provider, or other entity that
primarily furnishes services). We are not making payments made by
pharmacies ineligible for safe harbor protection (except with respect
to pharmacies that primarily compound drugs or primarily dispense
compounded drugs for the reasons described in section III.B.2.e.ii.f
above), although we suspect outcomes-based payments made by pharmacies
might be relatively rare. As noted in a comment and response summarized
in section III.B.2.e.iv above, pharmacies often serve as the key point
of contact between patients and the health care system and provide many
services to patients. For the same reasons we describe in that section,
we do not believe that program integrity concerns warrant excluding
them from protection under this safe harbor. We have modified the
language describing DMEPOS companies to clarify that a pharmacy (other
than a compounding pharmacy) or physician, provider, or other entity
that primarily furnishes services remains eligible to make protected
payments even if they also have some DMEPOS business. We did not
propose, and did not intend, to exclude physicians or other providers.
We are mindful that there may be legitimate uses for outcomes-based
payments by these sectors. However, we are concerned that the proposed
safe harbor conditions were not intended to be, and are not, tailored
to outcome-based contracting or payments in these sectors. As noted in
the OIG Proposed Rule, we may consider outcomes-based contracting for
pharmaceutical products and medical device manufacturers in future
rulemaking. Outcomes-based payment arrangements involving these sectors
should be analyzed for compliance with the Federal anti-kickback
statute based on their facts and circumstances, including the intent of
the parties. The entities that are ineligible to receive protection
under this safe harbor for making outcomes-based payments remain
eligible to use the modified personal services and management contracts
safe harbor at paragraph 1001.952(d)(1).
[[Page 77848]]
e. Writing and Monitoring
Summary of OIG Proposed Rule: With paragraph 1001.952(d)(2)(viii),
we proposed a requirement of a signed writing evidencing the outcomes-
based payments agreement. We proposed at paragraph 1001.952(d)(2)(vii)
a requirement that the parties regularly monitor and assess the agent's
performance for each outcome measure, including the impact of the
outcomes-based payments arrangement on quality of care, and rebase
outcomes measures periodically.
Summary of Final Rule: We are finalizing, with modifications, the
writing requirement for outcomes-based payments and we moved the
requirement from paragraph 1001.952(d)(2)(viii) to paragraph
1001.952(d)(2)(iii). As modified, the written agreement must include at
a minimum a general description of the types of services to be
performed under an outcomes-based payment arrangement. We are also
finalizing the monitoring and assessment requirement with clarification
regarding the rebasing requirement. Under the final rule parties must
periodically assess and, as necessary revise, benchmarks and
remuneration under the agreement to ensure that any remuneration is
consistent with fair market value in an arm's-length transaction as
required by paragraph 1001.952(d)(2)(ii).
Comment: Commenters generally agreed that some type of written
agreement should be required for safe harbor protection, but commenters
did not necessarily agree with the specific condition OIG proposed. On
the one hand, a commenter was concerned about arrangements losing safe
harbor protection by not technically meeting the requirement of all
services being documented, considering the need for some arrangements
to be flexible. On the other hand, a commenter recommended that the
safe harbor include additional documentation requirements, such as:
Documentation of benchmarking methodologies; metrics for how to assess
objectively its outcome measure(s) and documentation of the execution
of any such assessment; records created at the time they entered into
the agreement identifying the basis for the determination of
compensation and the clinical evidence or credible medical support
considered; and contemporaneous documentation of the services performed
and the outcomes achieved. This commenter asserted that these
additional documentation requirements would help prevent post-hoc
justifications for conduct that the parties did not actually believe
was permissible at the time, and that a lack of documentation is a way
individuals and entities try to hide lack of compliance with a safe
harbor.
Response: We understand the need for flexibility in outcomes-based
arrangements. However, the safe harbor must include safeguards to avoid
protecting arrangements that reward referrals. In the OIG Proposed
Rule, we proposed that the written agreement include at a minimum: (i)
The services to be performed by the parties for the term of the
agreement; (ii) the outcome measure(s) the agent must achieve to
receive an outcomes-based payment; (iii) the clinical evidence or
credible medical support relied upon by the parties to select the
outcome measure(s); and (iv) the schedule for the parties to regularly
monitor and assess the outcome measure(s). We believe it is critical
for parties to include the outcome measures, the basis for selecting
the outcome measures, and the monitoring and assessment schedule in an
agreement at the outset of the arrangement.
However, we are modifying the requirement that the agreement
specify the services to be performed over the term of the agreement. We
recognize that the parties may not be aware of every step necessary to
achieve a certain outcome measure when the agreement becomes effective
and that the needed services might change over time to achieve the
desired outcome measure. Protected remuneration under paragraph
1001.952(d)(2) is dependent upon meeting the outcome measure, not
necessarily the specific steps a party may have taken to achieve that
measure. Therefore, we are modifying the regulatory text to specify
that the agreement must include at a minimum a general description of
the types of services to be performed. We note, however, that other
conditions of the safe harbor (e.g., monitoring the arrangement to
assess the agent's performance and impact on patient care) would
necessitate some type of documentation of services or other activities
performed to achieve the outcome measure. We believe that requiring a
general description of the anticipated services, coupled with the other
required elements of the written agreement, strikes the appropriate
balance between transparency needed to protect patients and Federal
health care programs and flexibility for parties to create innovative
arrangements that may need to evolve to achieve the desired results.
Comment: A commenter asked whether an agreement to provide
outcomes-based payments can be signed in advance of the establishment
of the outcome measure(s) and whether the parties' eligibility for
compensation commences on the date the outcome measure(s) are mutually
agreed upon in writing signed by the parties or at some other time.
Response: There may be certain other existing written agreements
between the parties in advance of commencing an outcomes-based payment
arrangement. But for purposes of meeting the writing requirement for
protection under this safe harbor, the parties must agree to the
outcome measure(s) in writing and sign such an agreement in advance of,
or contemporaneous with, the commencement of the terms of the outcomes-
based payment arrangement. Furthermore, eligibility for protected
compensation under this safe harbor commences after achievement of the
outcomes measure (or failure to achieve it by the designated time in
the case of a shared losses payment), assuming all safe harbor
conditions are met.
11. Warranties (42 CFR 1001.952(g))
Summary of OIG Proposed Rule: We proposed to modify the existing
safe harbor for warranties at paragraph 1001.952(g) to: (i) Protect
certain warranties for one or more items and related services upon
certain conditions, such as all federally reimbursable items and
services subject to bundled warranty arrangements must be reimbursed by
the same Federal health care program and in the same payment (``same
program/same payment requirement''); (ii) exclude beneficiaries from
the reporting requirements applicable to buyers; and (iii) define
``warranty'' directly and not by reference to 15 U.S.C. 2301(6).
Summary of Final Rule: We are finalizing the modifications to the
warranties safe harbor as proposed in the OIG Proposed Rule. In
addition, in response to concerns raised by commenters, we are
clarifying in this preamble the scope of buyers' reporting obligations
to make clear the safe harbor is designed to accommodate the various
reimbursement systems under which buyers may report price reductions.
a. Inclusion of Services in Bundled Warranties
We are finalizing our proposal to protect warranties that warranty
a bundle of items or a bundle of items and services. This revision
protects, for the first time, warranties covering services, although
the safe harbor does not provide protection to warranties that warranty
only services. As explained in the OIG Proposed Rule, we believe
warranties for services that are not tied
[[Page 77849]]
to one or more related items could present heightened fraud and abuse
risks.
Comment: Commenters generally supported our proposal to revise the
warranties safe harbor to protect bundled warranties for one or more
items and related services. A commenter noted sellers and buyers, such
as health systems, would have greater flexibility under the safe harbor
to protect related services that are often integral to determining
whether the terms of a warranty, such as a clinical outcome, have been
met. According to the commenter, such services might include, for
example, data collection and analytics, verification of product use
consistent with labeling and governing clinical protocols (including
through confirmatory laboratory testing), and monitoring patient
adherence to prescribed treatment regimens.
Response: We agree with commenters that the revised safe harbor
will offer greater flexibility to buyers and sellers to enter into
innovative arrangements that warranty the value of an entire bundle of
items or that include bundled items and services. We would highlight,
however, that this revision to the warranties safe harbor does not
protect free or reduced-priced items or services that sellers provide
either as part of a bundled warranty arrangement or ancillary to a
warranty arrangement. Instead, it merely protects the offer and
exchange of warranty remedies under a warranty arrangement, provided
all of the safe harbor's conditions are satisfied. As discussed further
below, items and services provided either as part of or ancillary to a
warranty arrangement may not need safe harbor protection or may be
protected by other safe harbors.
Comment: A commenter supported our proposal not to protect
warranties covering only services. Another commenter, however,
recommended that OIG should protect warranties that cover services
only, explaining that medical device manufacturers can play a role in
offering data analytics via software solutions, for example to predict
post-treatment health care conditions and costs and thereby reduce
utilization of higher-acuity post-acute services. According to the
commenter, offering warranties that guarantee outcomes from using such
services would provide an incentive for investment from both parties--
the vendor and the provider.
Response: We appreciate the commenter's explanation regarding the
potential benefits of services offerings. As we discussed in the OIG
Proposed Rule, however, we believe services-only warranty arrangements
present a heightened risk of fraud and abuse. In particular, we noted
that the determination of whether services meet a clinical outcomes
goal established by a warranty arrangement can be more subjective than
warranties involving items. We also expressed concern that the
potential to receive a monetary remedy under a services-only warranty
could induce patients to select a particular provider, particularly if
the clinical results are not easily achievable. Parties seeking to
enter into outcomes-based arrangements for only services may look to
the revised personal services and management contracts and outcomes-
based payment arrangements safe harbor at paragraph 1001.952(d) for
potential protection.
Comment: A commenter requested that if OIG finalizes limitations on
the items and services that may qualify for bundled warranties, OIG
should clarify that a warrantied bundle of items and services could
encompass limited support services offered by the manufacturer that are
not federally reimbursable and are offered free of charge. The
commenter asked for this clarification in light of preamble language
from the OIG Proposed Rule stating that the modified safe harbor would
not protect free or reduced-priced items or services that sellers
provide either as part of a bundled warranty arrangement or ancillary
to a warranty arrangement. As an example, the commenter asked OIG to
confirm that the safe harbor would protect a manufacturer's warranty of
the clinical effectiveness of a self-injected drug contingent on the
patient receiving product administration and use education through
nurse support offered by the manufacturer.
Response: We confirm that, under the safe harbor as modified, a
warrantied bundle of items and services could encompass services
offered by the manufacturer that are not federally reimbursable and are
offered free of charge, although we emphasize that the safe harbor only
protects remuneration provided as a warranty remedy; services offered
for free by manufacturers would not themselves be protected under this
safe harbor. The same program/same payment requirement does not
prohibit the inclusion of non-federally reimbursable items or services
in the bundle of items and services being warrantied. Therefore, under
the safe harbor, a manufacturer could offer a bundled warranty that
warranties the clinical effectiveness of a self-injected drug
contingent on the patient receiving post-prescribing product
administration and use education through nurse support offered by the
manufacturer. We also want to confirm and clarify that the modified
safe harbor does not protect free or reduced-priced items or services
that sellers provide either as part of a bundled warranty arrangement
or ancillary to a warranty arrangement. The modifications to the safe
harbor provide protection for warranty remedies stemming from
warranties covering more than one item or more than one item and
service, whereas the original safe harbor for warranties provided
protection for warranty remedies stemming from warranties on only one
item. If non-reimbursable items or services offered for free as part of
a bundled warranty have independent value to a buyer, the parties to
the warranty arrangement may look to other safe harbors to protect the
exchange of those items and services, such as the personal services and
management contracts and outcomes-based payments safe harbor.
Comment: In response to our solicitation of comments regarding the
potential anticompetitive effects that bundled warranties may have--
including barriers to entry for manufacturers and suppliers that cannot
offer bundled warranties--a commenter stated that it did not believe
competitive barriers to entry were a likely outcome, and that any risks
of anticompetitive behavior that may exist are better addressed through
the government's other enforcement authorities to police
anticompetitive behavior. According to the commenter, it is not
uncommon for vendors to partner in selling and offering a warranty for
a bundle of products containing items from different vendors.
Response: We appreciate this comment and recognize that a variety
of models exist in the marketplace for bundled-sale arrangements. We
are not finalizing additional safeguards designed to limit the
potential anticompetitive effects of bundled warranties. We continue to
believe, however, that anticompetitive risks can be reduced by the safe
harbor's provisions prohibiting exclusive-use or minimum-purchase
requirements as a condition of a warranty offering.
Comment: A commenter warned that bundled warranties may harm
competition and limit clinician and patient choice because, even with
the prohibition on exclusivity and minimum-purchase requirements,
sellers could condition a warranty on the purchase of a bundle of
products and services. The commenter suggested that OIG include
language in the safe harbor that no warranty shall interfere
[[Page 77850]]
with a health care provider's autonomy and responsibility to make
clinical decisions with regard to patient care and safety.
Response: We appreciate the commenters' concerns and recognize that
providing protection for bundled warranties could result in some
anticompetitive effects. However, the safeguards we are finalizing in
this rule, including prohibiting exclusivity and minimum-purchase
requirements and limiting the scope of what may be included in a
bundled warranty, provide meaningful protection against anticompetitive
behavior that otherwise may occur. As noted in the OIG Proposed Rule,
protection for bundled warranties may foster beneficial arrangements
that facilitate the use of higher-value items and services. While we
have not included an express requirement that protected warranties
cannot interfere with a health care provider's autonomy and
responsibility to make clinical decisions with regard to patient care
and safety, we emphasize that the modifications to the safe harbor that
we are finalizing are not intended to--and should not--affect
providers' ongoing responsibilities to make clinical decisions in the
best interests of their patients.
Comment: Some commenters recommended that we include other
additional safeguards within the safe harbor. For example, a commenter
urged OIG to consider a safeguard that would prohibit any unfair or
deceptive practice in the marketing of a service warranty. Another
commenter urged us to add a requirement that for a warranty to be
protected under the safe harbor, the manufacturer or supplier must
determine that the warranty is reasonably related to an evidence-based
clinical improvement objective and is commercially reasonable.
Response: As noted above, we believe the safeguards in the OIG
Proposed Rule strike the right balance between protecting beneficiaries
and Federal health care programs while promoting beneficial and
innovative arrangements, such as bundled warranties. In particular, we
have not added a separate prohibition against unfair or deceptive
practices because deceptive commercial practices are already prohibited
by numerous State and Federal laws. We do not believe providing a
separate requirement here is necessary.
We also decline to impose a requirement that warranty arrangements
relate to evidence-based clinical improvement objectives. Although some
warranties may relate to evidence-based clinical improvement outcomes,
many warranty arrangements that the safe harbor could protect, such as
those guaranteeing that an item is defect-free or otherwise functions
as intended, may not have an evidence-based clinical improvement
component.
Finally, we decline to impose a commercial reasonableness
requirement within the warranties safe harbor for the same reasons
articulated above. It is not clear that a commercial reasonableness
requirement would provide additional, meaningful protection against
fraud and abuse in the context of the warranties safe harbor, given the
limited scope of protected remuneration and, in particular, that a
seller may not pay any individual (other than a beneficiary) or entity
for any medical, surgical, or hospital expense incurred by a
beneficiary other than for the cost of the items and services subject
to the warranty.
Comment: Some commenters opposed restrictions on the manner in
which sellers could provide warrantied medication adherence services as
part of a bundled warranty, with those commenters pointing to the
importance of medication adherence services generally and the alignment
that exists between manufacturers' incentives and patients' health
outcomes. Commenters noted that adherence programs can play an
important role in helping patients follow their prescribed treatment
regimens, which has been shown to lead to better patient outcomes,
including fewer hospitalizations and emergency room visits. Commenters
also pointed out that medication nonadherence--the problem of patients
not taking medications in accordance with their health care providers'
directions or otherwise not following their providers' treatment
recommendations--is a major health problem, leading to poor clinical
outcomes and increased health care spending. Commenters also asserted
that the fraud and abuse risks of manufacturers providing medication
adherence services is low because manufacturers have financial,
regulatory, reputational, ethical, and legal incentives to ensure their
products are used only to the extent that they continue to be safe and
effective for patients. Commenters further noted that, when medication
adherence programs are included in outcomes-based contracts,
manufacturers are rewarded for their product working as intended to
promote patients' health and safety and penalized for their product not
working well for patients, which improves the alignment between
manufacturer incentives and patient health and safety.
Although most commenters on the topic did not support restrictions
on the manner in which sellers could provide warrantied medication
adherence services, a few commenters expressed support for a possible
safeguard discussed in the OIG Proposed Rule. In particular, a
commenter expressed support for OIG's proposal to require sellers' use
of independent intermediaries for direct patient adherence activities,
while another commenter supported a prohibition on any direct patient
outreach by a seller offering a warranty. A commenter who shared the
concerns expressed in the OIG Proposed Rule regarding patient outreach
services being provided by manufacturers and suppliers recommended a
safeguard requiring that warrantied patient outreach services be
approved by a licensed medical professional. In doing so, the commenter
expressed concern that drug manufacturers may abuse any safeguard
requiring sellers to use independent intermediaries to perform direct
patient outreach services.
Response: OIG agrees that medication adherence services can have a
significant beneficial impact on patient health and health care costs.
Although we also recognize the potential for greater alignment of
manufacturers' incentives and patient health outcomes in value-based
arrangements, at this time most arrangements for the sale of a drug
reimbursed by a Federal health care program are not outcome-driven, and
we continue to have concerns regarding the direct provision of
medication adherence services by sellers of warrantied items because
their financial incentive to sell their products could result in
medication adherence services that increase fraud and abuse risks, such
as patient harm and overutilization.
Despite these risks, we are not imposing any restriction in this
final rule on the manner in which warrantied medication adherence
services may be provided when offered as part of a bundled warranty. A
limitation on the manner in which sellers of one or more warrantied
items provide such services as part of a bundled warranty may not
materially reduce any fraud and abuse risks, particularly because a
limitation on warranties would not affect the provision of medication
adherence services in contexts other than bundled warranties. For the
same reason, we are declining to impose a requirement that warrantied
medication adherence services must either be provided via an
independent intermediary or subject to the approval of a licensed
medical professional. We emphasize that the warranties safe harbor
would not protect the provision of free or reduced-cost
[[Page 77851]]
medication adherence services furnished by a seller.
Comment: A few commenters asserted that, consistent with existing
OIG guidance, medication adherence services do not constitute
remuneration because they do not have independent value to a buyer but
rather are integrally related to the underlying product. A commenter
noted that, although OIG has expressed concern that manufacturer-
sponsored adherence supports could replace actions that a health care
provider might otherwise take to support medication adherence, the
likelihood of manufacturer adherence supports leading providers to
reduce their own efforts to improve their patients' medication
adherence is very small.
Response: We disagree with the assertion that medication adherence
services never constitute remuneration and thus never implicate the
anti-kickback statute. For example, in Advisory Opinion No. 11-07, we
noted that the vaccine reminder program offered by a manufacturer could
have independent value to health insurers and health care entities and
could confer an additional financial benefit on physicians because the
vaccine reminders were intended to encourage the recipients to schedule
an appointment with their children's health care practitioners, who
likely would be reimbursed for administering the vaccine and possibly
for an associated office visit. As highlighted in this example,
medication adherence services could result in a provider's opportunity
to earn income. We also recognize that medication adherence services
provided to beneficiaries as part of warranty arrangements could have
independent value to the beneficiary, depending on how those
arrangements are structured.
Although the OIG Proposed Rule stated that the provision of free or
below fair market value medication adherence services ``would implicate
the anti-kickback statute,'' \134\ we clarify in this final rule our
position that such services could implicate the statute but would not
necessarily implicate the statute in all circumstances, and that such
analysis would be dependent upon the facts and circumstances of a
specific offering.
---------------------------------------------------------------------------
\134\ 84 FR 55748 n.83 (Oct. 17, 2019).
---------------------------------------------------------------------------
Comment: A commenter urged OIG to ensure that pharmacies can
continue to provide adherence and medication therapy management
services, including when such activities are compensated at fair market
value by payors, manufacturers, and others within the supply and
payment chain.
Response: The modifications to the warranties safe harbor set forth
in this final rule do not change pharmacies' ability to provide
adherence and medication therapy management services. Any financial
arrangement between pharmacies and payors, manufacturers, and others
within the supply and payment chain could implicate the anti-kickback
statute and should be analyzed on a case-by-case basis for compliance
with the statute. Depending on the facts, other safe harbors may be
available, including the personal services and management contracts and
outcomes-based payments safe harbor.
Comment: A commenter expressed support for a standalone safe harbor
protecting manufacturer-supported patient adherence programs, and other
commenters asked OIG to promulgate an additional rule that expressly
defines how value-based arrangements for drugs can include all relevant
health care entities (including manufacturers, payors, providers, and
patients) and medication adherence programs without running afoul of
the Federal anti-kickback statute.
Response: We appreciate the commenters' requests for further
rulemaking. However, they are outside the scope of this rulemaking.
Comment: A commenter expressed concern regarding the statement in
the OIG Proposed Rule regarding the provision of free or reduced-price
laboratory testing as part of a warranty arrangement. The commenter
asserted that the inclusion of confirmatory laboratory testing under a
warranty arrangement could fit within the revised warranties safe
harbor where a seller engages an independent laboratory under a fair
market value arrangement to perform testing solely to determine whether
the terms of a clinical outcome or other value-based warranty have been
met.
Response: Regardless of whether items and services used to
determine the efficacy of a warranty have independent value to the
buyer, the warranties safe harbor provides protection only for sellers'
offer and provision of warranty remedies, not the offer or sale of the
items and services being warrantied or any items or services used to
determine whether a clinical outcome or other value-based outcome has
been achieved. We recognize that warranty arrangements in some
circumstances may require laboratory testing or other data to
determine, for example, whether clinical or other outcomes have been
met or whether the buyer or patient has adhered to the terms of the
warranty.
We did not intend to suggest in the OIG Proposed Rule that, in all
instances, confirmatory laboratory testing for purposes of determining
whether warrantied outcomes have been achieved would implicate the
anti-kickback statute. Where a seller provides free items and services
ancillary to a warranty arrangement that could have independent value
to the buyer, sellers should analyze such arrangements on a case-by-
case basis to determine whether they implicate the anti-kickback
statute and may look to other safe harbors, such as the safe harbor for
personal services and management contracts and outcomes-based payments,
for protection. In the case of confirmatory laboratory testing relating
to a warranty arrangement, such testing could have independent value to
the buyer if, for example, it alleviates administrative or financial
burdens the buyer otherwise would incur to obtain laboratory testing
for purposes other than the warranty.
b. Requirement for Federally Reimbursable Items and Services Subject to
Bundled Warranty Arrangements To Be Reimbursed by the Same Federal
Health Care Program and in the Same Payment
We recognize the possibility that bundling of one or more items and
related services that are reimbursed under different methodologies or
different payments could create incentives for overutilization or the
potential for cost-shifting. The final rule protects warranties that
apply to one or more items and related services only if the federally
reimbursable items and services subject to the warranty arrangement are
reimbursed by the same Federal health care program and in the same
Federal health care program payment. The same program/same payment
requirement provides important protection against these risks.
Comment: A number of commenters objected to the condition that
federally reimbursable items and services in a bundled warranty
arrangement must be reimbursed by the same Federal health care program
and in the same Federal health care program payment in order to qualify
for protection under the safe harbor. Commenters expressed concern that
this condition would constrain innovation by limiting what items may or
may not be included in a bundle based on reimbursement status, rather
than focusing on clinical efficacy. A trade association representing
providers noted that care coordination arrangements often require
payments
[[Page 77852]]
from different reimbursement methodologies. For example, a joint
replacement can occur in a hospital or ambulatory surgical center and
then a patient may be discharged to a skilled nursing facility or to
home health care. The commenter expressed concern that a warranty
covering this episode of care would not be eligible for safe harbor
protection because of the different payment methodologies. The
commenter recommended OIG implement alternative safeguards in lieu of
the same program/same payment requirement, such as limiting application
of the safe harbor to medically necessary items and services,
prohibiting stinting, and requiring the warranty to be part of a
written care plan by a licensed medical professional.
Other health care providers commented that the proposed same
program/same payment requirement is outdated and unworkable in light of
value-based arrangements that utilize a combination of items, services,
or both, and that it is impracticable to determine that the same
program/same payment requirement will be satisfied for every patient.
Commenters also noted that warranties allow manufacturers to help
providers manage risk when testing out new combinations of devices and
supports, even if they are reimbursed under separate prospective or
composite rate systems.
Response: Although the warranties safe harbor could be used to
protect a wide range of innovative arrangements, it is not designed to
protect warranties involving items purchased by multiple buyers across
different care settings or reimbursed by different payment systems. As
explained further in this final rule, we believe a bundle of products
paid for separately and potentially across different payment systems
poses an increased risk of inappropriate utilization and
overutilization. Such arrangements may qualify for protection under the
value-based safe harbors described in this final rule, such as the safe
harbors for care coordination arrangements (paragraph 1001.952(ee)),
value-based arrangements with substantial downside financial risk
(paragraph 1001.952(ff)), and value-based arrangements with full
financial risk (paragraph 1001.952(gg)). We do not believe that the
proposed alternative safeguards would be as effective--or as
straightforward to apply and interpret--as the same program/same
payment requirement we are finalizing.
Comment: A commenter noted that a manufacturer or supplier seldom
knows all of the ways in which providers might be reimbursed for items
and services included in a bundled warranty arrangement.
Response: As noted above, the warranties safe harbor is not
designed to protect warranty arrangements that span different care
settings or that involve multiple payment systems. Sellers should be
able to craft warranty offerings that meet the terms of the safe
harbor, even if a particular bundle of items or items and services
could potentially be reimbursed in different ways. For example, a
seller's written warranty could specify that warranty remuneration is
available only in circumstances in which the bundle is reimbursed under
the same Federal health care program and in the same payment.
Comment: Commenters noted that the bundled warranty arrangement
approved under Advisory Opinion No. 18-10 would not meet the revised
safe harbor because some of the items in the bundle were separately
reimbursable under certain States' Medicaid programs. Commenters also
observed that various State Medicaid programs employ different
reimbursement methodologies and that even within a single State,
reimbursement methodologies can differ depending on whether
beneficiaries are covered by the State's fee-for-service program or a
Medicaid managed care plan.
Response: We acknowledge that Medicaid programs reimburse items and
services with a variety of payment methodologies, which can include
separate, unbundled reimbursement for some items. We remain concerned,
however, that providing safe harbor protection to warranties containing
separately reimbursable items would introduce a higher risk of fraud
and abuse in the form of potential overutilization, inappropriate
steering, or inappropriate utilization. For example, a buyer may have
an incentive to purchase separately reimbursable items in order to
receive the benefit of a warranty on those items because the buyer will
be reimbursed for each item separately, and if even one item does not
meet the specified level of performance, the buyer could receive the
cost of all items in the bundle. By comparison, if a buyer receives one
warranty payment for all items covered by a bundled warranty, the buyer
has a greater incentive to contain its costs and not purchase
unnecessary items (or services).
The arrangement described in Advisory Opinion No. 18-10 included
the possibility that bundled devices could be separately reimbursed by
State Medicaid programs, although the opinion specified that these
instances would be infrequent and that Medicaid-reimbursed cases
represented a very small part of the requestor's business. Although
warranty remuneration paid resulting from the failure of a separately
reimbursable item or service would not be covered by the warranties
safe harbor, the advisory opinion process remains available for a legal
opinion regarding facts and circumstances that may not be protected by
the safe harbor.
Although we solicited comments on instances when an exception may
be necessary to the provision requiring reimbursement by the same
Federal health care program payment, upon further consideration we do
not believe an exception is necessary. The modified safe harbor
requires that federally reimbursable items and services covered by a
bundled warranty must be reimbursed by the same Federal health care
program payment--not that the items and services be only reimbursable
by one Federal health care program payment. In other words, the
possibility that an item or service is reimbursable under a different
program or by a different payment does not foreclose a manufacturer or
supplier from offering a bundled warranty covering the item or service
as long as the item or service is in fact reimbursed by the same
Federal health care program payment as the other item(s) and service(s)
comprising the warranty bundle.
Although we recognize that it may be difficult for a seller to know
under which reimbursement methodology a particular item or service will
be reimbursed, we believe parties entering into bundled warranty
arrangements could specify in the warranty's written terms that only
items and services reimbursed by the same Federal health care program
payment will be eligible for the warranty. Because warranty remedies
are by their nature furnished after the use of items and services, a
buyer likely knows before making a warranty claim whether the items and
services are or will be reimbursed by the same Federal health care
program payment. Consequently, a warranty undertaking could explicitly
state that warranty remedies are available only for patients or
procedures in which the bundled items and services are reimbursed by
the same program and same payment even where alternative reimbursement
methodologies for those items and services exist.
Comment: A commenter noted that in many cases items or services
included in a bundle are not reimbursed specifically but might be
deemed reimbursed indirectly as part of a payment for another item or
service. In such cases, there might be numerous
[[Page 77853]]
potential payments or reimbursement methodologies which could be viewed
as providing such indirect reimbursement.
Response: The warranties safe harbor does not attempt to address
every possible variation in reimbursement methodologies. We continue to
believe that limiting safe harbor protection to warranties involving
bundled items and services reimbursed under the same program and same
payment is an important safeguard to protect against inappropriate
steering, inappropriate utilization, or overutilization of federally
reimbursable health care items and services. We believe that, in most
circumstances, health care providers can identify the reimbursement
source for a particular item and can also determine whether items and
services subject to a bundled warranty are reimbursed by the same
payment.
Comment: A commenter urged OIG to abandon the same program/same
payment requirement and instead extend protection for bundled
warranties involving items and services reimbursed under multiple
prospective payment or composite rate systems, which the commenter
asserted would protect a broader range of warranties but pose a low
risk of fraud and abuse due to cost-shifting because no warrantied
items would be separately reimbursable. Another commenter suggested
that the safe harbor should protect bundled warranties involving items
and services that are not specifically reimbursed under bundled or fee-
for-service payments but that could be reflected in some manner in a
provider's Medicare cost report.
Response: Although we recognize that warrantying only bundled items
and services reimbursed under prospective payment bundles or composite
rate systems could reduce the risk of cost-shifting between Federal
health care programs, we remain concerned that protecting bundled
warranties across such methodologies could complicate both the
administration of warranties and reporting obligations, and we decline
to expand the safe harbor provision according to the commenter's
suggestion.
Comment: A commenter stated that the same program/same payment
requirement would not protect a warranty bundle consisting of a
particular federally reimbursed drug product when used in conjunction
with a companion diagnostic. According to the commenter, the drug would
be reimbursed under Medicare at the negotiated price (for a Part D
drug) or at ASP plus 6 percent (for a Part B drug), while the companion
diagnostic would be reimbursed under the clinical laboratory fee
schedule.
Response: We appreciate the commenter's concern and acknowledge
that the safe harbor would not protect the type of arrangement
described in this comment. However, the safe harbor could protect a
warranty covering a drug product, and where the seller wants to provide
a companion diagnostic to determine if a warrantied outcome has been
achieved, the seller could look to other safe harbors to protect the
provision of the companion diagnostic to the extent the provision of
the companion diagnostic implicates the anti-kickback statute.
Comment: A commenter asserted that the same program/same payment
requirement could foreclose protection for even one-drug warranties
because drugs are virtually always reimbursed by Medicare, Medicaid
(and usually additional Federal health care programs), with each
program having different payment methodologies for outpatient drugs.
Response: As noted in proposed paragraph 1001.952(g)(5), the same
program/same payment requirement would only apply when a manufacturer
or supplier offers a warranty for more than one item or one or more
items and related services. This requirement would not apply to single-
item warranties.
Comment: A number of commenters expressed concern that the
requirement that federally reimbursable bundled items and services be
reimbursed by the same Federal health care program payment could
inhibit innovative warranties based on the performance of warrantied
items and related services across a patient population (population-
based warranties). A commenter argued that the safe harbor should
accommodate value-based arrangements that study a representative sample
of a patient population and use the results observed from the sample to
determine the price or price concession that is appropriate for product
utilization more broadly. Another commenter asserted that warranties
offered across a patient population have a low risk of fraud and abuse
where none of the items or services is separately reimbursable.
Response: As discussed in the preamble to the OIG Proposed Rule, we
believe the expanded warranties safe harbor will facilitate beneficial
and innovative arrangements between buyers and sellers, such as bundled
warranties. While population-based warranties would not necessarily
pose the same fraud and abuse risk of problematic cost-shifting between
Federal health care programs as warranties covering a bundle of items
and services that are reimbursable under different Federal health care
programs, population-based warranties could pose different fraud and
abuse risks. Specifically, population-based warranties may result in
steering to particular products in a manner that inappropriately limits
patient choice and providers' clinical decision-making and could result
in overutilization or inappropriate utilization of items or services
where a buyer feels compelled to use a certain quantity of a seller's
product in order to be eligible for a warranty remedy. We appreciate
the commenter's request for the warranties safe harbor to protect
value-based arrangements that could inform the price of a product, and
while the modified safe harbor does not specifically protect
population-based warranties, we emphasize our statement in the OIG
Proposed Rule that we may consider specifically tailored safe harbor
protection for value-based contracting and outcomes-based contracting
for the purchase of pharmaceutical products (and potentially other
types of products) in future rulemaking.
c. Capped Amount of Warranty Remedies
The existing safe harbor for warranties contains the limitation
that a manufacturer or supplier must not pay remuneration to any
individual (other than a beneficiary) or entity for any medical,
surgical, or hospital expense incurred by a beneficiary other than for
the cost of the item itself. In the OIG Proposed Rule, at proposed
paragraph 1001.952(g)5), we proposed to adapt this limitation to
accommodate the safe harbor's expanded protection of bundled
warranties. In the modifications to the safe harbor we are finalizing
here, warranty remuneration for any medical, surgical, or hospital
expense incurred by a beneficiary is capped at the cost of the items
and services subject to the warranty.
This cap plays an important role in safeguarding against sellers
providing excess remuneration to providers to induce referrals. The
revised safe harbor offers sellers more flexibility by protecting both
a broader scope of warranties and a potentially higher amount of
warranty remuneration reflecting the cost of the entire bundle of items
or bundle of items and services. This adaptation allows sellers to
offer a valuable remedy to their customers if a product fails to meet a
specified level of performance.
Comment: Although some commenters expressed support for OIG's
proposal to limit the remuneration a
[[Page 77854]]
manufacturer or supplier may pay to any individual (other than a
beneficiary) or entity for any medical, surgical, or hospital expense
incurred by a beneficiary other than for the cost of items and services
subject to the warranty, several commenters objected to this proposed
safeguard. For example, a commenter argued that warranty remedies that
exceed the aggregate value of the warrantied items and related services
are likely to be the key drivers in realizing the potential of value-
based care. Another commenter stated that capping the warranty remedy
based on the collective cost of the warrantied items and services is
insufficient because providers expect vendors offering warranties
addressing long-term population health issues to be financially
accountable for costs greater than the cost of the items and services
subject to the warranty.
Response: As proposed, the revised safe harbor would protect
warranties in which vendors offer to reimburse any medical, surgical,
or hospital expense incurred, up to the cost of the warrantied items
and services incurred by the buyer to acquire those items and services.
The safe harbor could be used to protect reimbursement for hospital
expenses incurred as a result of, for example, a bundle of items that
failed to meet the clinical outcomes guaranteed by a warranty
arrangement. The total warranty remuneration provided, however--
including the cost of any replacement items--would be limited to the
original cost of the items and services incurred by the buyer. We
believe the proposed expansion of this safe harbor provides a
significant and sufficient opportunity for vendors to offer a
meaningful and valuable remedy to their customers to account for the
failure of an item, a bundle of items, or a bundle of items and
services to meet warrantied standards.
Comment: Commenters stated that capping the amount of warranty
remuneration will negatively impact patient care and unnecessarily
stifle innovative value-based arrangements because vendors will not be
able to offer appropriate remedies if warrantied outcomes are not
achieved, such as the provision or payment for medical, surgical,
hospital, or other services and related items in connection with the
replacement or supplementation of a warrantied item, or as an
alternative or supplemental treatment.
Response: We continue to believe that the proposed cap strikes an
appropriate balance between protecting remuneration for warrantied
products and safeguarding against excessive remuneration paid by
vendors to induce referrals. Furthermore, as we explained in the
preamble to the OIG Proposed Rule, the safe harbor, as finalized,
already is broad enough to protect certain value-based arrangements,
such as warranties that offer a clinical outcomes guarantee, as long as
the safe harbor's other requirements are met.
Comment: A commenter stated that there is negligible risk that
manufacturers and suppliers would use warranties to provide excess
remuneration because vendors entering into warranty arrangements face
steep exposure and will take all possible precautions to avoid future
payments under such warranties.
Response: We continue to believe that without limiting the amount
of protected warranty remuneration there is a risk of vendors paying
excessive remuneration to induce further Federal health care business.
For example, without a cap on warranty remuneration, a vendor could pay
for a wide range of consequential expenses resulting from the failure
of a device including, for example, hospitalization expenses, revision
surgery, and other downstream expenses, in addition to providing a
replacement for the faulty device. We believe that would provide too
great an opportunity for sellers to offer generous remuneration to
buyers.
d. Prohibition on Exclusivity and Minimum-Purchase Requirements
We proposed a new safeguard at proposed paragraph 1001.952(g)(6)
that would preclude warranty arrangements from being conditioned on the
exclusive use or minimum purchase of one or more items or services. We
are finalizing this safeguard because we believe it provides important
protection against patient steering that could interfere with clinical
decision-making and against potential anticompetitive effects.
Comment: Some commenters expressed support for the proposed
prohibition on warranties conditioned on a buyer's exclusive use of any
of the manufacturer's or supplier's items or services. Other commenters
argued that these safeguards are unnecessary and possibly contravene
the intent of the proposal. For example, a commenter noted that
warranties constitute a means by which sellers compete against one
another by providing assurances of performance. In addition, commenters
noted that providers can standardize their use of any one of a number
of similar, competitive products, and that such standardization through
exclusivity and minimum-purchase requirements can promote competition
and lower costs without triggering any concerns regarding patient
access to medically necessary items.
Response: We are finalizing the prohibition against sellers
conditioning a warranty on a buyer's exclusive use or minimum purchase
of any of the seller's items or services. Although exclusivity and
minimum-purchase requirements may allow for certain efficiencies, we
view exclusivity and minimum-purchase requirements tied to the offer of
a warranty as potentially abusive steering practices that could result
in, among other things, interference with clinical decision-making,
overutilization or inappropriate utilization, or anticompetitive
effects. Because warranty arrangements can be valuable tools for buyers
to defray the costs associated with an item (and under the modified
safe harbor, multiple items or items and services) that does not
function as expected, the potential for sellers to require exclusivity
and minimum-purchase requirements in exchange for a warranty may lock
buyers into a particular item (and under the modified safe harbor,
multiple items or items and services) and thereby could result in, for
example, a buyer using a particular item in a given case that is not in
the patient's best interest.
Comment: A commenter asserted that exclusivity and minimum-purchase
requirements are features that can promote competition and lower costs,
as in the case of purchase discounts conditioned on the volume of
products purchased. The commenter observed that a warranty might be
conditioned on a minimum- or exclusive-purchase requirement, and that
such requirement would not preclude a buyer from purchasing competitive
products in violation of the requirement; the provider would simply
lose the benefit of the warranty by doing so.
Response: Because warranties can be valuable tools for buyers to
defray the costs associated with an item (or items and services) that
do not function as expected, we reiterate our concerns that
conditioning warranties on exclusivity or minimum-purchase requirements
increases certain fraud and abuse risks, as described above, and thus
we are finalizing the modifications to the safe harbor with the
prohibition on conditioning warranties on such requirements.
Comment: A number of commenters urged OIG to omit or revise the
prohibition against conditioning warranties on minimum-purchase or
exclusivity requirements. In particular, commenters asserted that
population-based warranties typically require that there be some
minimum level of use of the product (and any related services) so
[[Page 77855]]
as to make the outcomes measure statistically meaningful. For example,
a manufacturer might state in a warranty, consistent with clinical
studies, that use of its device will produce the warrantied outcome a
given percentage of the time, but that the warranty is only available
if the device has been used on a large enough number of patients
(typically determined through a minimum-purchase requirement) to
produce a statistically relevant outcomes measure.
Response: We agree that population-based warranties could require a
certain amount of use of a product and any related services to make the
outcomes measure(s) set forth in a warranty undertaking statistically
meaningful. However, for the reasons set forth in this preamble, we are
finalizing the same program/same payment requirement, which means that
protection under the safe harbor as modified does not extend to
warranties for items used across a patient population. Particularly
given this limitation in the safe harbor, we do not believe
conditioning warranties on exclusivity or minimum-purchase requirements
is necessary for sellers to engage in beneficial warranty arrangements
that promote the value of the items and services being warrantied.
Comment: A commenter urged OIG to adopt a permissive approach,
which would protect warranties conditioned upon exclusive-use
arrangements under the safe harbor as long as manufacturers or
suppliers: (i) Have good-faith reasons for adopting exclusive-use
requirements; (ii) take and document reasonable precautions to avoid
stinting on care, cherry-picking, lemon-dropping, or inappropriate
utilization; and (iii) otherwise ensure that neither clinical decision-
making nor patient care choices are adversely impacted.
Response: We appreciate the commenter's recommended safeguards and
the commenter's focus on reducing the fraud and abuse risks associated
with exclusivity requirements. However, for the reasons articulated
above, we view certain risks as an inherent part of warranties
conditioned on the exclusive use of any of a seller's products or
services, and thus we are finalizing a safe harbor provision
restricting warranties conditioned on exclusivity requirements.
Comment: Commenters noted that sellers of items reimbursed under
Federal health care programs are not subject to any general
prohibitions on imposing exclusivity or minimum-purchase requirements
as a condition of making discounts available or otherwise.
Response: To the extent that the commenter refers to the discount
safe harbor and the warranties safe harbor, those safe harbors were
designed to protect remuneration paid under different circumstances,
and therefore it is appropriate to include different safeguards in the
safe harbors.
Comment: A number of commenters asserted that many of the
innovative, risk-based warranty arrangements proposed by manufacturers
may include equipment and consumables that must be used together,
resulting in a requirement to exclusively utilize a manufacturer's
goods in order to obtain warranty protection. The proposed limitation
on exclusive use could hinder these manufacturers from creating and
proposing such warranty-based risk-sharing arrangements.
Response: The revised warranties safe harbor, consistent with the
description in the OIG Proposed Rule, would expand the safe harbor to
explicitly protect warranties in which a bundle of items or a bundle of
items and services must be used together to obtain warranty protection.
The exclusive-use and minimum-purchase prohibitions provide meaningful
protections against inappropriate steering practices and
anticompetitive effects without impacting the ability of manufacturers
and suppliers to offer bundled warranties.
Comment: A commenter requested clarification on how OIG will
interpret the exclusive-use limitation if, for example, a provider
enters into an arrangement to purchase an ``exclusive'' or
``preferred'' product independent of any potential unrelated bundled
warranty offered by the product's manufacturer.
Response: OIG is aware that arrangements exist in which providers
agree to the exclusive purchase of a particular item or designate an
item as ``preferred'' in exchange for favorable commercial terms. The
revised safe harbor is not intended to impact those arrangements.
Rather, the exclusive-use and minimum-purchase provisions in the
revised safe harbor prevent a manufacturer or supplier from receiving
safe harbor protection for a warranty that is conditioned on the
buyer's exclusive use or minimum purchase of items or services offered
by the manufacturer or supplier. We interpret the ``conditioned on''
standard to mean that a causal connection exists between receiving a
warranty (or continuing eligibility for warranty coverage) and
maintaining exclusivity or minimum-purchase levels. The safe harbor
does not prohibit exclusive-use or minimum-purchase provisions that are
conditioned upon commercial terms unrelated to the offer of a warranty.
e. Reporting Requirements
As discussed in the OIG Proposed Rule, industry stakeholders have
expressed concern that the safe harbor's existing reporting requirement
could limit the ability of sellers to offer innovative warranty
arrangements, including warranties that span multiple years.
Stakeholders also have noted that the reporting requirement could make
safe harbor protection unavailable for providers that lack specific
reporting obligations under Federal health care programs or providers
that do not file cost reports.
We are addressing these concerns in this final rule by: (i)
Clarifying in the preamble discussion below that the safe harbor can be
used to protect warranty arrangements that span multiple years; (ii)
changing references in the safe harbor from ``the price reduction'' to
``any price reduction'' to make clear that more than one price
reduction may occur pursuant to a warranty arrangement; and (iii)
clarifying in this preamble that buyers are obligated to report price
reductions in a manner compatible with the reimbursement methodology
for the warrantied items or services, including circumstances in which
a provider does not submit cost reports or a formal ``claim for
payment'' unless the payor does not provide a reporting mechanism.
Lastly, we are making a technical, non-substantive correction to
paragraph 1001.952(g)(3) to remove a comma after ``and'' and before
``when any price reduction becomes known.''
Comment: A commenter noted that many items and services are
reimbursed by Medicare Advantage plans or Medicaid managed care
organizations, and therefore buyers have no obligations to report price
reductions in a ``cost reporting mechanism'' or ``claim for payment,''
as referenced in the warranties safe harbor. The commenter asked OIG to
clarify that a buyer should only be required to report a price
reduction or replacement product obtained as part of a warranty if it
has an obligation to do so under applicable requirements of the Federal
health care program payor making payment for the warrantied item or
service to which the price reduction relates.
Response: In the preamble to the OIG Proposed Rule, we solicited
comments on the burden of current reporting requirements and the need
for more flexible reporting requirements for warranties tied to
clinical outcomes. We emphasize that buyers, other than beneficiaries,
are obligated under the
[[Page 77856]]
safe harbor to report price reductions in a manner compatible with the
reimbursement methodology for the item(s) or service(s) which, as a
commenter pointed out, may not in all circumstances be reported in a
``cost reporting mechanism'' or a ``claim for payment.'' We affirm that
this requirement applies to buyers even when buyers do not have an
express obligation to report a price reduction or replacement product
under applicable requirements of the Federal health care program payor
making payment for the warrantied item or service to which the price
reduction relates. In the event that a payor does not provide any
mechanism for reporting of costs, such reporting is not required in
order for a buyer to obtain safe harbor protection.\135\
---------------------------------------------------------------------------
\135\ We remind parties to warranty arrangements that they must
comply with all legal obligations associated with Medicare cost
reporting and other applicable requirements of any Federal health
care program payor, including those related to billing and payment
for replaced devices offered without cost or with a credit. For
example, we note that under the Medicare inpatient prospective
payment system if a provider received full credit for the cost of a
device, CMS requires that the credit be reported to the Medicare
program and the cost of the device is subtracted from the DRG
payment. See 42 CFR 412.89; 42 CFR 412.2(g) and Medicare Claims
Processing Manual, CMS Pub. 100-04, Ch. 3, Sec. 100.8.
---------------------------------------------------------------------------
Comment: In light of our preamble discussion regarding the timing
of reporting requirements, including the protection for outcomes-based
warranty arrangements in which buyers could receive return payments
from manufacturers over several years, commenters requested additional
clarification with respect to reporting requirements. In particular,
commenters requested clarification that multiple warranty payments
related to the same item or bundle of items and services could be
reported at various points throughout a warranty arrangement, and that
buyers are obligated to report such payments at the time they are
received. A commenter suggested that OIG revise the manufacturer
reporting requirements such that price reductions must appear either on
an invoice or a statement, or on a series of invoices or statements.
The commenter also suggested revising paragraph 1001.952(g)(3)(ii) such
that the manufacturer is obligated to provide the buyer with
documentation of the price reduction calculation in the same fiscal
year as the purchase or the following fiscal year.
Response: We agree with the commenters that, under the warranties
safe harbor, buyers can report multiple warranty payments related to
the same item or bundle of items and services at various points
throughout a warranty arrangement. Paragraph 1001.952(g)(1) already
requires buyers to report ``any price reduction'' obtained as part of
the warranty. We are finalizing corresponding revisions to paragraph
1001.952(g)(3) to change all references to ``the price reduction'' to
``any price reduction'' to make clear that more than one price
reduction may occur pursuant to a warranty arrangement. With respect to
the commenter's suggestion to allow sellers to report price reductions
on a series of invoices or statements, we believe this expansion of the
safe harbor is unnecessary because sellers must either: (i) Report
price reductions on the initial invoice or statement the manufacturer
sends to the buyer; or (ii) when the amount of any price reduction is
not known at the time of sale, report the existence of the warranty on
the invoice or statement, and later provide the buyer with
documentation of the calculation of any price reduction resulting from
the warranty. Therefore, sellers must provide information regarding all
price reductions to the buyer regardless of whether sellers report them
on an invoice or statement or otherwise. Lastly, the modifications to
the warranties safe harbor set forth in this final rule do not include
a requirement for the seller to provide the buyer with documentation of
the price reduction calculation in the same or following fiscal year of
the buyer. We expect buyers and sellers to fulfill their reporting
obligations under paragraphs 1001.952(g)(1) and 1001.952(g)(3) in a
timely manner but are not otherwise prescribing a timeline for doing
so.
Comment: A commenter requested clarification that buyers are
entitled to use any reasonable methodology for purposes of allocating a
rebate that does not relate to a specific item or service across all
bundled items and services to which the warranty rebate relates.
Response: We understand that, in some circumstances, remuneration
paid pursuant to a bundled warranty will be related to more than one
item or service that fails to meet the specifications set forth in the
warranty undertaking. The safe harbor does not set forth a specific
methodology to allocate reporting across multiple items or a
combination of items and services. OIG believes that in most cases a
warranty remedy paid pursuant to a bundled warranty should be reported
proportionately to the cost of each bundled item or service, but we
wish to provide flexibility for buyers to adopt different but
reasonable allocation methodologies in circumstances in which, for
example, the failure of the bundle to meet the agreed specifications
results disproportionately from the failure of a particular item or
service.
Comment: A commenter supported the proposal to expressly exclude
beneficiaries from the reporting requirements applicable to other
buyers.
Response: We appreciate the commenter's support, and we are
finalizing revisions to the warranties safe harbor to exempt
beneficiaries from the reporting requirement for buyers.
Comment: A commenter noted that a cost reduction under a warranty
might be received long after the warrantied item has been purchased by
a provider, particularly when the clinical outcome from the use of the
item may be measured several years after the initial purchase of the
item. Accordingly, the commenter recommended that OIG specifically
provide for safe harbor purposes that such a rebate must be reported
only after it is received.
Response: We agree that the reporting requirement is not triggered
until remuneration is received under the warranty arrangement. We also
recognize that the failure of an item or service to meet specifications
might not occur until a period of years after purchase.
f. Definition of ``Warranty''
We proposed and are finalizing at paragraph 1001.952(g)(7) to
define ``warranty'' directly and not by reference to 15 U.S.C. 2301(6).
By defining ``warranty'' directly, we clarify that the warranties safe
harbor is available for drugs and devices regulated under the Federal
Food, Drug, and Cosmetic Act, whereas the definition set forth in 15
U.S.C. 2301(6) potentially excludes FDA-regulated drugs and devices.
The safe harbor protects not only warranties covering a ``product'' but
warranties covering an item or bundle of items, or services in
combination with one or more related items. Finally, the new definition
parallels the prior definition's language requiring a written promise
that an item, bundle of items, or bundle of items and services is
defect-free or will meet a specified level of performance over a
specified period of time.
As we explained in the OIG Proposed Rule, we interpret the
definition of ``warranty'' to apply to warranty arrangements
conditioned on clinical outcomes guarantees, provided other safe harbor
requirements are met.
Comment: Commenters expressed support for the proposed revisions to
the warranties safe harbor, including adopting a new definition of the
term ``warranty.'' Several commenters offered proposed revisions to the
types of remuneration articulated in proposed
[[Page 77857]]
paragraph 1001.952(g)(7)(ii). In particular, commenters urged OIG to
confirm that a partial refund or retrospective rebate resulting in a
price adjustment would constitute a ``refund'' or ``other remedial
action,'' as those terms are used in paragraph 1001.952(g)(7)(ii).
Response: As explained in the preamble to the OIG Proposed Rule,
OIG's proposed definition is largely modeled after the definition of
``warranty'' in the Magnuson-Moss Act, codified at 15 U.S.C. 2301(6),
which defines ``refund'' as refunding the actual purchase price (less
reasonable depreciation based on actual use where permitted by rules of
the Commission). Although we have not explicitly adopted this
definition, it provides persuasive guidance as to how we would
interpret the term ``refund.''
Regardless of how ``refund'' is defined, our proposed safe harbor
contemplates that manufacturers or suppliers may ``take other remedial
action'' if an item fails to meet the specifications set forth in the
written arrangement. It is conceivable that a partial refund or
retrospective rebate resulting in a price adjustment would constitute
``other remedial action'' as long as all other conditions of the safe
harbor were met.
Comment: Several commenters recommended that OIG expand the list of
permissible types of remuneration in paragraph 1001.952(g)(7)(ii) to
allow for ``reperformance of services.''
Response: Our definition of ``warranty'' includes an arrangement
``to refund, repair, replace, or take other remedial action. . . .'' If
a warranty arrangement is connected to the sale of a bundle of items
and services, ``reperformance of services'' likely would be an ``other
remedial action'' under the safe harbor as long as all other safe
harbor conditions were satisfied, including that the total remuneration
provided (in whatever form) cannot exceed the cost of the items and
services subject to the bundled warranty arrangement.
Comment: A commenter recommended that in addition to protecting
warranty arrangements that provide remuneration in the event of product
failure, the safe harbor should allow vendors to receive success
payments in the event legitimate value-based objectives are achieved.
Response: The warranties safe harbor is designed to protect
warranty arrangements in which vendors offer remuneration to their
customers in the event one or more items, or a bundle of one or more
items and related services, fails to meet a specified level of
performance. The safe harbor does not by its terms protect arrangements
in which customers pay success fees to vendors contingent upon
achieving certain outcomes. Depending on how such an arrangement is
structured, remuneration paid by a customer to a vendor might not
implicate the anti-kickback statute, or it might fall within a
different safe harbor, such as the revised safe harbor for personal
services and management contracts and outcomes-based payment
arrangements. Any such arrangements should be reviewed and analyzed
under the anti-kickback statute on a case-by-case basis.
Comment: A commenter urged OIG to provide examples of the types of
clinical outcomes guarantees that could be protected under the
warranties safe harbor. Another commenter expressed concern regarding
whether outcomes can properly be guaranteed by suppliers or
manufacturers of warrantied items.
Response: As noted above, we believe the expanded warranties safe
harbor could be used to protect a wide range of warranty arrangements
including, as we discussed in the preamble to the OIG Proposed Rule,
warranty arrangements conditioned on clinical outcomes guarantees. In
this final rule, we decline to provide specific examples of the types
of clinical outcomes guarantees that might be protected because we do
not wish to narrow the scope of innovative arrangements that might seek
coverage under the safe harbor.
Comment: A commenter asked OIG to clarify that the warranties safe
harbor would protect an arrangement in which a warranty payment could
vary depending on the product's performance on one or more dimensions
specified in the warranty arrangement, as opposed to the warranty
payment being a fixed amount.
Response: The warranties safe harbor--both in its existing form and
as modified by this final rule--is silent on whether a warranty
arrangement protected under the safe harbor can have a single
triggering condition or multiple triggering conditions in order to
qualify for safe harbor protection. We believe, however, that a
warranty arrangement could have multiple triggering conditions based on
specifications set forth in the warranty undertaking. In such an
arrangement, the seller must still comply with paragraph 1001.952(g)(4)
in determining the maximum amount of remuneration it could offer for
any given item, bundle of items, or bundle of items or services.
Comment: Some commenters encouraged OIG to make clear that a
``buyer'' as referenced in the safe harbor includes an indirect buyer
such as a payor or pharmacy benefit manager. Another commenter asked
OIG to coordinate with CMS to recognize that reimbursement for or
replenishment of items and services, pursuant to a warranty
arrangement, is excludable from price reporting under CMS's government
pricing regulations and guidance, including determining how warranty
arrangements involving pharmaceutical products and manufacturer-
supported adherence programs impact CMS's determination of best price.
Response: The warranties safe harbor does not contain a definition
of the term ``buyer,'' and the modifications to the safe harbor that we
are finalizing do not affect the scope of individuals and entities that
may receive protection under the safe harbor as buyers. Consistent with
our approach elsewhere in this final rule, we decline to label certain
individuals or entities as ``buyers'' in order to encourage innovation.
The commenter's request regarding price reporting under CMS pricing
regulations and guidance is outside the scope of this rulemaking.
Comment: A commenter expressed concern that the safe harbor's
definition of warranty is not sufficiently broad to protect warranties
that guarantee achievement of value-based outcomes.
Response: As modified, the safe harbor protects arrangements that
guarantee ``a specified level of performance'' of an item, a bundle of
items, or a bundle of items and services. We clarified in the preamble
to the OIG Proposed Rule that the warranties safe harbor's protection
could extend to arrangements conditioned on clinical outcomes
guarantees, which could include warranties conditioned upon ``value-
based'' outcomes that meet the safe harbor's other requirements. We
believe this offers buyers and sellers significant flexibility to
structure arrangements that guarantee achievement of value-based
objectives in the context of a warranty. The advisory opinion process
remains available for parties seeking OIG's legal opinion on a specific
arrangement.
12. Local Transportation (42 CFR 1001.952(bb))
Summary of OIG Proposed Rule: We proposed to modify the existing
safe harbor for local transportation at paragraph 1001.952(bb) to: (i)
Expand the distance limitations applicable to residents of rural areas
from 50 to 75 miles (including for shuttle services); and (ii) remove
any mileage limitation for a patient transported from an inpatient
facility from which the patient has been discharged after admission as
[[Page 77858]]
an inpatient to the patient's residence or another residence of the
patient's choice. We indicated that we were considering and solicited
comments on whether to eliminate the mileage limitation for patients
discharged from certain settings and to extend the safe harbor to
protect transportation for nonmedical purposes that may improve or
maintain patient health. We provided preamble guidance to clarify that
we believe nothing in the language of the safe harbor precludes
protection for transportation offered through ride-sharing services and
invited commenters to share any basis for disagreement. We also
proposed a technical change to move undesignated definitions set forth
in the note to paragraph 1001.952(bb) to a new paragraph
1001.952(bb)(3).
Summary of Final Rule: We are finalizing the proposed modifications
to the safe harbor at paragraph 1001.952(bb), with modifications. With
respect to transportation following an inpatient admission, we clarify
that the mileage limits do not apply when the patient is discharged
from an inpatient facility following inpatient admission or released
from a hospital after being placed in observation status for at least
24 hours. We retain our guidance regarding rideshare programs and do
not extend protection under the safe harbor to transportation for non-
medical purposes. We finalize the technical reorganization.
a. Expansion of Mileage Limit for Patients Residing in Rural Areas
Comment: Many commenters supported our proposal to increase the
mileage limit for safe harbor protection of transportation of residents
of rural areas to 75 miles. One such commenter explained that an
expansion to 75 miles would meaningfully ``capture'' the communities
and patients it serves and enable those patients who live farther away
to access specialty services such as cancer care, neurology,
transplant, and other specialties that are typically concentrated in
larger hospitals located in urban areas. Another commenter stated that
because many rural residents must travel more than 50 miles to obtain
medically necessary services, increasing the limit to 75 miles likely
would improve access to health care for many rural residents.
However, not all commenters agreed. A commenter explained that
rural areas are increasingly reporting shutdowns of local health care
providers, which increases the distance traveled to receive necessary
care. The commenter pointed to examples of closings of nursing homes
resulting in patients being moved farther away. The commenter explained
that a mileage limitation of 75 miles in rural areas would be
insufficient because it is not uncommon for skilled nursing facilities
and assisted living facilities to be located 150 miles or more from
hospitals, physician's offices, outpatient facilities, and other
clinical locations. The commenter advocated for OIG to expand the
mileage limitation to 150 miles in rural areas; alternatively, the
commenter suggested that OIG expand to 75 miles for all patients and
150 miles for transports originating in a rural area as defined under
the U.S. Census Bureau's classification guidelines.
Response: We are finalizing the proposed expansion to 75 miles for
residents of rural areas. In the OIG Proposed Rule, we explained that
commenters to the OIG RFI stated that the existing local transportation
safe harbor's 50-mile limit for rural areas was insufficient because
many residents of rural areas needed to travel more than 50 miles to
obtain medically necessary services. We proposed to increase the
mileage limit for rural areas to 75 miles and solicited comments on
whether this increase would be sufficient. We further solicited data
and evidence about appropriate distances, as well as information about
patients needing transportation and how longer distance transportation
would be provided. We indicated that we would use the information to
assist us in determining whether an increased distance limit is
necessary and practical and whether it is likely to be subject to
abuse.
For the following reasons, we have determined that an increase to
75 miles is necessary and practical, and we are finalizing the 75-mile
limit. In combination with all of the conditions of the safe harbor, we
conclude that the increased mileage limit is not likely to be subject
to abuse. Commenters on this topic universally supported an expanded
mileage limit for rural areas, and many supported our specific proposal
of 75 miles. The final safe harbor will expand safe harbor protection
and facilitate access to health care for residents of rural areas,
including those seeking types of specialty care often concentrated in
urban areas. The expanded mileage limit facilitates access to care for
rural area patients whose travel distances have increased due to
provider closings.
The existing safe harbor contains a single, uniform mileage limit
for rural areas, offering a bright line standard that is practical and
clear to administer from a compliance perspective. Our final rule
preserves this structure. Accordingly, we are not adopting the
suggestion to create a longer distance standard applicable only to
transports originating in rural areas. Nor are we adopting the
suggestion to extend the mileage limit for rural areas to 150 miles.
The safe harbor is intended for local transportation and this limit to
local transportation is rooted in the legislative history in connection
with the Beneficiary Inducements CMP. In enacting the CMP provision
prohibiting inducements to Federal and state health care program
beneficiaries, Congress intended that the statute not preclude the
provision of complimentary local transportation of nominal value.\136\
We are concerned that 150 miles would be neither local nor
appropriately address risks of abuse, such as inducing beneficiaries to
travel long distances for care when they might prefer and be able to
obtain comparable care more locally.
---------------------------------------------------------------------------
\136\ H.R. Conf. Rep. No. 104-736 at 255. See also 79 FR 59717,
59722-23 (Oct. 3, 2014); 81 FR 88368, 88379 (Dec. 7, 2016).
---------------------------------------------------------------------------
We are mindful of the disruptions and burdens on patients in rural
areas when local providers close and patients are transferred or must
seek care at more distant locations. The news reports cited by the
commenter describe some patients being transferred from closed nursing
facilities between 50 and 75 miles away and others moving longer
distances. We believe the expanded limit we are finalizing should help
many patients facing longer travel distances. We recognize that the
safe harbor will not protect every instance of needed transportation.
This does not mean that programs offering transportation for rural area
patients at greater distances are unlawful. To the contrary, such
programs may be lawful depending on their facts and circumstances and
would need to be evaluated on a case-by-case basis under the statute,
including with respect to the intent of the parties. We remind
stakeholders that the OIG advisory opinion process remains available
for parties seeking to determine whether a particular arrangement
complies with the law. We note that our further modification of the
safe harbor to eliminate any distance limit for beneficiaries needing
transportation from hospital inpatient or observation stay services to
their residences, which can include nursing facilities, will also
assist residents in rural areas facing longer travel distances to
obtain health care.
Comment: While some commenters found the increase of the limit for
transportation of residents of rural communities to 75 miles to be
sufficient
[[Page 77859]]
to address patient needs, many commenters advocated for OIG to expand
the mileage limit further for certain categories of patients, such as
those patients who live in areas without public transportation, those
who have no health care facilities within 75 miles of their home, or
those who lack access to specialty health care services due to the
closures of nearby rural hospitals. For example, a transportation
company shared OIG's desire to expand transportation access in rural
areas and explained that 20 percent of Americans live in rural areas
but that rural hospital closures have increased significantly in recent
years. The commenter suggested that OIG remove the distance limit so
that it could provide transportation for rural patients who now have to
travel longer distances to receive care. According to the commenter,
rural communities face limited transportation options, and reliable
transportation could effectively close gaps in access to care.
Commenters suggested various options that generally would tie
protection for transportation beyond 75 miles to a patient's medical
need. For example, a commenter recommended that we protect
transportation that is greater than 75 miles if the eligible entity
determines that a patient requires a medical procedure and the nearest
provider of such procedure is more than 75 miles from the patient's
residence. At least one commenter suggested that we impose additional
monitoring requirements when transportation in excess of the proposed
mileage limit is necessary.
Another commenter suggested protection for transportation exceeding
75 miles when the provider certifies in writing that there is no
alternative provider available within 75 miles of the patient's home
and that the transportation is furnished based on patient need using a
good faith, individualized determination that the transport is
necessary to facilitate the patient's access to medically necessary
items or services. However, some commenters expressed concern that
requiring a demonstration of need for transportation exceeding 75 miles
would unnecessarily complicate the provision of transportation
services, could lead to administrative burden, and would not further
the objectives of the safe harbor. At least one of these commenters
suggested that, if it does impose such a condition, OIG should
recognize a range of need assessment tools.
Another commenter suggested that OIG should expand the mileage
limitation beyond 75 miles for ``frontier areas'' (which the commenter
recommended that we define using selected levels from either commuting
codes or frontier and remote codes), but it recommended that we include
safeguards to prohibit bypassing locally available health care. At
least one commenter asserted that no demonstration of financial,
medical, or transportation need should be required for transportation
above the current limits because the requirement for transportation to
be for medically necessary items or services serves as sufficient
protection.
Response: For the reasons in the prior response, we are finalizing
our proposal to increase the rural area mileage limit from 50 miles to
75 miles but are not extending it farther. For the reasons that follow,
we are not adopting the suggestions to expand safe harbor protection
for distances beyond 75 miles in the specific circumstances suggested
by commenters (e.g., instances where eligible entities determine or
certify that there is a medical need, areas lacking public
transportation or access to specialty health care services, or areas
where rural hospitals have closed).
We are maintaining the current safe harbor design of a single,
uniform mileage limit for rural areas, which offers bright-line
guidance and reduces administrative burden, including the
administrative burden associated with the need to obtain certifications
and/or other evidence of need determinations. We acknowledge and agree
with commenters' concerns that imposing a patient need standard for
exceptions to the general mileage limitations in the safe harbor could
be administratively burdensome, and we are not adopting a patient need
standard as a condition of the safe harbor. In the 2016 rule finalizing
the local transportation safe harbor, we stated that while we
understand that a set mileage limit is not a one-size-fits-all
solution, we believe that a bright-line rule is easier for all parties
to apply.\137\ This remains true. Specifically, the expansion of the
mileage limitation combined with the bright-line rule should benefit
many patients in rural and underserved areas and should be easy for
eligible entities to apply in practice.
---------------------------------------------------------------------------
\137\ 81 FR 88388 (Dec. 7, 2016).
---------------------------------------------------------------------------
Furthermore, if we were to expand the mileage limit for specific
types of patient need, we are concerned that providers could develop
arbitrary criteria that do not reflect legitimate need and are subject
to abuse. We are also concerned that, in many instances, exceptions
could swallow the mileage-limitation rule, which we view as a
fundamental safeguard and consistent with the safe harbor's intended
focus on local transportation.\138\ On balance, including additional
monitoring or certification conditions would not mitigate these
concerns sufficiently to warrant the extra administrative burden.
---------------------------------------------------------------------------
\138\ 81 FR 88387-89 (Dec. 7, 2016).
---------------------------------------------------------------------------
In finalizing this proposal, we aim to balance the needs of rural
patients to have access to quality health care with our concerns that
patients could be transported for unnecessary care or be swayed to use
a more distant provider even when they may prefer to receive items or
services from a local provider. Transportation arrangements in rural
areas or to address specific fact patterns such as hospital closures,
lack of public transportation, or access to specialty health care
services are not necessarily unlawful and would be evaluated for
compliance with the statute on a case-by-case basis, including with
respect to the intent of the parties. Individuals and entities that
participate in value-based enterprises as VBE participants may look to
the patient engagement and support safe harbor paragraph 1001.952(hh)
as an additional or alternative avenue of protection for certain
transportation services. Parties may also use OIG's advisory opinion
process for specific facts and circumstances that may fall outside safe
harbor protection.
Comment: Some commenters requested wholesale exemption from any
mileage limitations under the safe harbor. Several commenters
representing Indian health care providers asked that the safe harbor
not include any mileage limitations for transportation provided by
Indian health care providers; in addition, some of these commenters
advocated removing any restrictions regarding the use of Federal funds
by Indian health care providers for the cost of transportation
furnished to their beneficiaries. Some of these commenters recommended
that OIG expand the safe harbor to protect free emergency
transportation and air transportation for patients of Indian health
care providers.
A commenter that represents community health centers recommended
that OIG exempt certain health centers from the mileage limits because
Federal regulations issued by the Health Resources and Services
Administration require certain health centers to provide transportation
services as needed for adequate patient care.\139\
---------------------------------------------------------------------------
\139\ 42 U.S.C. 254b(b)(1)(A)(iv).
---------------------------------------------------------------------------
Another commenter suggested that OIG expand the safe harbor for
[[Page 77860]]
transportation for homeless individuals in a manner that aligns with
California Health and Safety Code section 1265.2(o), which requires
documentation that a hospital prior to discharge of a homeless patient
has offered the homeless patient transportation to a specified
destination if that destination is within a maximum travel time of 30
minutes or a maximum travel distance of 30 miles of the hospital.
Numerous commenters suggested that OIG expand the mileage limit for
``special patient populations,'' such as patients undergoing cancer or
behavioral health treatment or receiving dialysis services, regardless
of whether such patients reside in a rural or urban area. According to
these commenters, these special patient populations often need
transportation services to care facilities over much greater distances
than 25 or 75 miles in order to access quality care to treat their
medical conditions. At least one such commenter recommended that OIG
require providers to use ``reasonable measures'' (e.g., a shortage of
appropriate medical facilities or health care professionals in a
geographic area) that would be evaluated based on the totality of the
circumstances for each individual.
Response: In developing this final rule, we considered the comments
offered by entities that provide services for communities with unique
health care needs. The commenters raise important considerations about
access to care for Tribal, rural, and underserved communities, an area
of ongoing interest for OIG in our work to look at the effectiveness of
HHS programs. Here, however, we have concerns regarding the fairness of
eliminating the mileage limitation for populations of patients with
specific health conditions while imposing mileage restrictions on
patients with other health conditions. It would also be difficult to
craft a fair and sufficiently bright-line rule allowing for exceptions
to the mileage limitation based on ``reasonable measures'' evaluated on
a case-by-case basis. Furthermore, any such exception would be
difficult to administer.
We note that lack of access to care in a particular geographic area
could be a relevant factor in determining on a case-by-case basis
whether a particular local transportation arrangement involves an
improper inducement to a beneficiary under the Federal anti-kickback
statute or Beneficiary Inducements CMP. Depending on the specific facts
and circumstances of the arrangement, arrangements could comply with
the statutes even if they do not fit in the safe harbor. OIG's advisory
opinion process is better suited than the local transportation safe
harbor to evaluate arrangements on a case-by-case basis.\140\ Moreover,
depending on the specific facts of the arrangement, transportation
furnished by a VBE participant to patient populations including those
identified by the comments summarized above could be structured to
qualify for protection under the patient engagement and support safe
harbor paragraph 1001.952(hh) that we are finalizing in this rule.
---------------------------------------------------------------------------
\140\ OIG, OIG Adv. Op. Nos. 00-07, 09-01, 15-13, and 16-02.
(OIG has issued several favorable advisory opinions in this area.)
---------------------------------------------------------------------------
In response to commenters that requested OIG remove any
restrictions regarding the use of Federal funds for the cost of
transportation furnished to their patients, we did not propose to
modify the existing prohibitions on shifting the cost of protected
transportation to any Federal health care program, other payors, or
individuals, and we are not finalizing any such changes here. The
existing prohibition serves important program integrity purposes, as
described in the 2016 final rule.\141\ In addition, we recognize that
other statutes or regulations may govern an entity's provision of
transportation to patients and may impact the ability of an entity to
structure an arrangement that squarely satisfies the conditions of the
local transportation safe harbor.
---------------------------------------------------------------------------
\141\ 81 FR 88389 (Dec. 7, 2016).
---------------------------------------------------------------------------
Where parties are required by Federal or State law to provide
transportation services to certain patients or to provide
transportation services as part of a service covered by a Federal
health care program or other Department program, those arrangements
might not implicate the Federal anti-kickback statute. If the patient
is entitled to receive services under their Federal health care program
coverage, the parties should assess whether there is any remuneration
passing to the patient; providing a covered item or service paid for by
a Federal health care program alone would not result in an exchange of
any remuneration under the Federal anti-kickback statute. However,
there could be circumstances under which a provider or supplier, when
furnishing a covered item or service, does give a Federal health care
program beneficiary something of value, or remuneration, thereby
implicating the Federal anti-kickback statute. For example, the Federal
anti-kickback statute would be implicated by a provider waiving or
reducing any required cost-sharing obligations for the covered item or
service incurred by a Federal health care program beneficiary or
providing ``extra'' items and services for free that are not part of
the covered item or service. Furthermore, we remind stakeholders that
an arrangement that does not satisfy all conditions of the local
transportation safe harbor does not necessarily violate the Federal
anti-kickback statute. The advisory opinion process remains available
to stakeholders seeking prospective protection for transportation
arrangements that do not fit within the four corners of the safe
harbor.
As an initial matter, we note that this safe harbor, as finalized,
does not modify existing Federal law regarding IHS appropriations for
transportation services furnished to its beneficiaries. While some
commenters sought safe harbor protection for air transportation
furnished to certain populations, we note that we exclude protection
for free or discounted air transportation under the existing local
transportation safe harbor and we did not propose changes to this
provision. Although we are not adopting this suggestion, we are
promulgating clear mileage limits to provide additional flexibilities
to stakeholders to benefit all patients, including patients served by
Indian health care providers and community health centers. With respect
to the comment requesting protection for free emergency transportation,
we did not propose changing the safe harbor's restriction on ambulance-
level transportation and are not making this change. To the extent free
emergency transportation means waiving beneficiary cost-sharing--cost-
sharing waivers based on good faith--individualized determinations of
the beneficiary's financial need have long been acceptable under OIG
guidance.
Comment: A commenter asked OIG to consider protecting
transportation to an alternative health care provider without a mileage
limitation in the event that one of a provider's locations must divert
scheduled patients with urgent needs due to a disaster or similar
emergency circumstances.
Response: We are not adopting this recommendation to remove the
mileage limitation for the reasons noted above with respect to other
commenter suggestions for specific exceptions to the mileage limit
based on various types of need. OIG is mindful of the need to protect
patients whose availability of care is impacted by natural disasters,
public health emergencies, and other exigent circumstances. For
example, in response to the COVID-19 public health emergency, OIG has
publicly answered inquiries from the health care community regarding
the application of
[[Page 77861]]
OIG's administrative enforcement authorities under the Federal anti-
kickback statute and the Beneficiary Inducements CMP, including to
transportation arrangements.\142\ It is important to note that the
presence of exigent circumstances can be a relevant factor in
determining whether the Federal anti-kickback statute would be
implicated or violated by a particular transportation arrangement.
---------------------------------------------------------------------------
\142\ See FAQs-Application of OIG's Administrative Enforcement
Authorities to Arrangements Directly Connected to the Coronavirus
Disease 2019 (COVID-19) Public Health Emergency, available at
https://oig.hhs.gov/coronavirus/authorities-faq.asp (describing
that, under the unique and exigent circumstances resulting from the
COVID-19 outbreak, certain modest transportation assistance would
present a low risk of fraud and abuse under the Federal anti-
kickback statute and the Beneficiary Inducements CMP).
---------------------------------------------------------------------------
Comment: Numerous commenters encouraged OIG to expand the mileage
limitation for transportation furnished to patients that reside in
urban areas, as defined by the existing safe harbor. A commenter
asserted that many Metropolitan Statistical Areas extend beyond 25
miles, and some health care providers in those communities have
developed evidenced-based clinical quality intervention strategies for
high-risk patients that rely on free patient transportation. At least
one commenter suggested that providing urban patients with safe,
reliable transportation over a distance greater than 25 miles is a low-
cost, high-value way to ensure access to care, and advocated for OIG to
expand the mileage limit for urban areas from 25 miles to at least 50
miles. Another commenter urged OIG to add flexibility in instances when
the nonrural patient demonstrates a financial, medical, or
transportation need.
Response: We did not propose to expand the mileage limits for
protected transportation furnished to patients residing in urban areas
and, therefore, we are not finalizing any such expansion here.
b. Elimination of Distance Limitations on Transportation of Discharged
Patients to Their Residence
Comment: Many commenters strongly supported OIG's proposal to
eliminate any distance limit on transportation furnished to a patient
who has been discharged from a facility after admission as an
inpatient, regardless of whether the patient resides in an urban or
rural area, if the transportation is to the patient's residence or
another residence of the patient's choice. Numerous commenters
recommended that OIG clarify in the final rule that a ``residence''
includes custodial care facilities, including but not limited to
nursing facilities, which can serve as a patient's residence on a
permanent basis. Another commenter asked OIG to confirm that a
patient's residence may include a homeless shelter.
Response: We confirm that we intend for the term ``residence'' as
used in paragraph 1001.952(bb)(1)(iv)(B) to include custodial care
facilities that may serve as a patient's permanent or long-term
residence provided that the patient established the custodial care
facility as a residence before receiving treatment by the facility from
where the patient is being transported. In addition, we intend the term
``residence'' to include a homeless shelter when a patient is homeless
or established the homeless shelter as a residence prior to hospital
admission. While not raised by commenters, we also affirm our statement
in the OIG Proposed Rule that a residence of the patient's choice can
include the residence of a friend or relative who is caring for the
patient post-discharge.\143\ As long as the other requirements of this
safe harbor are met, transportation to these locations would be
protected. We also confirm our intention, as noted in the OIG Proposed
Rule's preamble and raised in the comment above, that this post-
discharge analysis is not dependent on whether the patient resides in a
rural or urban setting.\144\
---------------------------------------------------------------------------
\143\ 84 FR 55751 (Oct. 17, 2019).
\144\ 84 FR 55751 (Oct. 17, 2019).
---------------------------------------------------------------------------
c. Transportation to Locations Other Than a Patient's Residence or a
Residence of the Patient's Choice
Comment: Many commenters, including multiple associations
representing health care providers, advocated for OIG to modify the
safe harbor to protect transportation to any location of the patient's
choice, including to another health care facility when there is a
medical need for the transfer. Commenters provided various examples of
instances when they believe hospitals, other providers, and patients
could benefit when patients are transferred to other facilities. For
example, some commenters explained that individuals seen in the
emergency room may require transportation to another health care
facility, while a trade association representing hospitals stated that
a patient's medical needs may require being discharged from an
inpatient facility directly to post-acute care.
Another commenter expressed concern that, without the ability to
provide transportation to another health care facility, skilled nursing
facilities may be limited in their ability to transport discharged
patients to a hospital, to a hospice, or to other long-term care
facilities. Another commenter added that SNF patients often require
transportation services following discharge to accommodate any mobility
limitations.
Response: After considering the comments, we are not extending safe
harbor protection to transportation of patients to any location of
their choice or another provider or facility. In developing this final
rule, we reviewed and weighed the examples provided by commenters of
situations when they believed it would be beneficial for a patient to
be transported to another provider following discharge as an inpatient
from a facility. We agree that the examples described by the commenters
could benefit patients in many circumstances. However, we believe that
protecting transportation between health care providers in a position
to refer to each other is not sufficiently low risk to warrant safe
harbor protection because of the risk that such transportation
arrangements could be used to steer patients to health care facilities
that may not be in the patients' best interests; for instance, the
entity sponsoring the transportation might limit transportation
improperly to affiliated facilities to generate system revenue and as a
result may interfere with patient choice. Arrangements that do not fit
in the safe harbor are not necessarily prohibited under the anti-
kickback statute. Under the final rule, patients discharged from
inpatient facilities may be offered transportation to a nursing
facility if it is their residence.
In this final rule, OIG is finalizing a new safe harbor at
paragraph 1001.952(hh) that may protect certain patient engagement
tools and supports including transportation when the offeror of the
transportation is a VBE participant. As long as all of the safe
harbor's conditions are satisfied, the safe harbor at paragraph
1001.952(hh) could protect transportation of patients from an inpatient
hospital to another health care facility for post-acute care treatment.
In addition, we emphasize that safe harbors are voluntary and that
any assessment of liability under the Federal anti-kickback statute
requires an analysis of the facts and circumstances specific to the
arrangement, including the intent of the parties. For arrangements that
do not meet all requirements of the safe harbor, the party could seek
an advisory opinion.
[[Page 77862]]
d. Elimination of Distance Limitations for Patients Other Than Those
Discharged After an Inpatient Admission
Comment: Numerous commenters requested that OIG expand the proposed
exemption from distance limitations beyond discharged hospital
inpatients to include patients treated in a hospital outpatient
department, ambulatory surgery center, or hospital emergency room, as
well as patients held in observation status at the hospital for a
substantial period of time but who are not admitted. For example, a
trade association representing hospitals asserted that patients may
travel a significant distance to obtain treatment that does not require
an admission, and the commenter believed that transportation home for
these patients without a limitation on distance would be appropriate.
The commenter suggested that OIG could provide parameters for protected
transportation so that it is not used as a workaround to the mileage
limitations that otherwise serve as a condition of the safe harbor. To
this point, a commenter suggested that an appropriate safeguard to
limit potential fraud concerns would be to require a medical
justification to receive transportation home for reasons other than an
inpatient discharge (e.g., after a colonoscopy or after receiving
stitches, a licensed medical professional could determine that a
patient is unable to travel home safely).
Response: As finalized in this rule, the mileage limitation of this
safe harbor does not apply in two circumstances. First, we confirm our
intention, as noted in the OIG Proposed Rule's preamble, that the
elimination of the mileage limitation applies after admission as an
inpatient. Second, we are persuaded by commenters that we should expand
the safe harbor by removing the mileage limitation when a patient is
discharged after spending 24 hours in observation status. We indicated
in the OIG Proposed Rule that we were considering including
transportation for patients who have been under observation status for
a timeframe of at least 24 hours. We are including this provision in
the final rule because we believe that transportation home following an
extended stay in observation status at a hospital is sufficiently
similar to transportation home following an inpatient discharge and to
prevent any safe harbor compliance challenges resulting from a
patient's status as an inpatient or outpatient in the hospital.
We also solicited comments regarding transportation home for
patients seen in the emergency department or following a procedure at
an ambulatory surgery center. We are mindful that available
transportation home for these patients could help address a legitimate
need. However, we are not removing the mileage limitation for other
patients categorized as outpatients, including patients who are seen in
the emergency room but not under observation for at least 24 hours, or
patients discharged from an ambulatory surgical center. It is not clear
that we could define acceptable medical justifications or make
distinctions about categories in this safe harbor. Moreover, creating
an exception to the mileage limitations in the safe harbor for local
transportation for these categories of patients would make the
exception so expansive and overly broad so as to limit the utility of
the mileage limitations as safeguards against potentially abusive
arrangements. The OIG advisory opinion process remains available for
particular transportation programs not covered by this safe harbor.
In promulgating this safe harbor, we observed that Congress did not
intend to preclude the provision of local transportation of nominal
value in the context of beneficiary inducements. Although the Federal
anti-kickback statute has no such exception for remuneration of nominal
value, we stated that protection of complimentary local transportation
that met certain requirements that limit the risk of fraud and abuse
was warranted.\145\ We believe that transportation home following
inpatient discharge or a stay in observation status at a hospital for
at least 24 hours poses a sufficiently low risk of inducing patient
referrals to the hospital, provided all safe harbor conditions are met.
---------------------------------------------------------------------------
\145\ 81 FR 88379 (Dec. 7, 2016).
---------------------------------------------------------------------------
e. Local Transportation for Health-Related, Nonmedical Purpose
Comment: Commenters generally supported extending protection under
this safe harbor to transportation furnished for nonmedical purposes.
For example, some commenters, including trade associations whose
members are hospitals or nurse practitioners, encouraged OIG to protect
transportation to obtain services that address social determinants of
health (e.g., nutrition counseling, chronic disease counseling
services, housing services), even if those services do not constitute
medical care. The commenters posited that these services have a direct
effect on a patient's health outcomes and well-being and are critical
to achieving effective care transitions and improved outcomes,
including reduced readmissions. One such commenter asked OIG to support
hospitals' efforts to connect patients to nonmedical care and foster
innovative community collaboration.
Another commenter advocated for protection of transportation to
access nutritious foods, suggesting that patients living in a ``food
desert'' may have difficulties obtaining such foods, which the
commenter asserted could potentially lead to increased health care
costs later if the patients develop nutritional issues that require
medical attention. A commenter also suggested that transportation to
food stores, food banks, other non-health care social services (e.g.,
housing assistance), or agencies that offer employment or vocational
training would be appropriate for safe harbor protection. A commenter
asked OIG to clarify the types of non-medical purposes that OIG
believes should not be protected by any expansion of the safe harbor.
Some commenters suggested potential safeguards for expanded safe
harbor protection for transportation for non-medical purposes.
Recognizing the need to minimize the risk of fraud and abuse that may
arise in conjunction with non-medical transportation, such as inducing
beneficiaries to receive unnecessary health care items and services,
these commenters suggested a variety of safeguards such as: (i)
Imposing restrictions on an entity's ability to condition receipt of
non-medical transportation support on continued receipt of health care
services from a particular provider; (ii) requiring the entity to
utilize an independent transportation vendor to arrange for
transportation; (iii) requiring the entity to tie any transportation
service to a specific quality improvement, social determinant of
health, or public health initiative; (iv) requiring that the
transportation is unlikely to interfere with, or skew, clinical
decision-making; and (v) requiring providers to document the patient's
need for such non-medical transportation (e.g., patient's income,
medical condition).
Another commenter suggested the existing conditions of the safe
harbor, combined with an appropriately tailored scope of nonmedical
transportation purposes (e.g., a direct connection to the coordination
and management of care), would be a sufficient safeguard against
abusive transportation initiatives.
Response: We are not expanding the local transportation safe harbor
to protect patient transportation for nonmedical purposes. In response
to the OIG RFI, we received comments suggesting that transportation for
nonmedical purposes may improve
[[Page 77863]]
patient health, and we solicited comments on whether the safe harbor
could be expanded to protect transportation for these purposes without
creating an unacceptable risk of fraud and abuse, such as inducing
beneficiaries to receive unnecessary health care items and services.
Some commenters suggested potential safeguards (e.g., requiring the
entity to tie any transportation service to a specific quality
improvement, social determinant of health, or public health
initiative). While we do not doubt that properly structured
transportation for non-medical needs can help patients maintain or
improve their health, we believe that protecting transportation for
non-medical purposes under paragraph 1001.952(hh), which limits
protection of transportation to tools and supports furnished by VBE
participants, rather than under the safe harbor for local
transportation, presents the lowest risk approach to protecting
patients and Federal health care programs from fraudulent and abusive
transportation schemes.
We continue to believe that the risk of beneficiaries being
improperly induced to obtain items or services is too high for safe
harbor protection when the transportation is for non-medical purposes.
As we explained in the 2016 final rule establishing the local
transportation safe harbor, a transportation program offered by a
provider or supplier inherently poses a risk both of inducing patients
to get items or services that they might otherwise not have obtained
and to get services from that provider or supplier. In the case of
transportation for medically necessary items and services, we think
that risk is acceptable. However, we believe the risk is too high when
the transportation is for non-health-related purposes.\146\ We noted
that it would be difficult to determine whether non-medical
transportation is related to the patient's health care (e.g.,
transportation to a shopping center that includes both a grocery store
and a movie theater). We went on to say that transportation for
nonmedical purposes very well might be more frequent than
transportation for medical appointments, which would give larger
providers a significant competitive advantage over smaller entities or
individual suppliers.\147\ We explained that transportation for
nonmedical purposes would not violate the statute if it is not for the
purpose of inducing individuals to obtain federally reimbursable items
and services.
---------------------------------------------------------------------------
\146\ 81 FR 88384 (Dec. 7, 2016).
\147\ 81 FR 88384 (Dec. 7, 2016).
---------------------------------------------------------------------------
Notwithstanding the foregoing, we are mindful of the importance of
addressing social determinants of health, and for this reason among
others we are finalizing a new safe harbor at paragraph 1001.952(hh)
that protects nonmedical transportation offered by VBE participants if
such transportation has a direct connection to the coordination and
management of care of the target patient population and meets the other
conditions of the safe harbor. In promulgating paragraph 1001.952(hh),
we recognize that transportation to address social determinants of
health could improve patients' overall health and reduce health care
costs. However, without the safeguards embedded within the VBE
framework, including accountability for advancing value-based purposes,
we are concerned that transportation for non-medical purposes could be
used improperly to recruit patients or incentivize overutilization of
items or services; therefore, OIG is not extending the local
transportation safe harbor to include transportation for nonmedical
purposes.
f. Use of Ride-Sharing Services
Comment: Commenters supported OIG's clarification in the OIG
Proposed Rule that transportation furnished through ride-sharing
services could be protected by the safe harbor and that, for purposes
of this safe harbor, there is no difference between taxis and ride-
sharing services. A commenter emphasized the importance of these
services with respect to patients with driving restrictions, cognitive
impairments, and mobility limitations. While some commenters did not
believe a change to the regulatory text was needed, at least one
commenter recommended that we amend the safe harbor to protect
transportation via ride-sharing services explicitly; according to this
commenter, the safe harbor is ambiguous with respect to ride-sharing
services, which discourages some providers from entering into
arrangements with ride-sharing services.
A commenter recommended that OIG clarify whether a ride-share
service can advertise a partnership with a hospital or health system to
promote patient awareness and utilization of such services. Another
commenter urged OIG not to make providers responsible for knowing or
controlling the advertising practices of taxi companies, ride-sharing
services, or other transportation providers.
Response: We support the use of ride-sharing services or other
patient transportation services similar to a taxi service by eligible
entities to make local transportation available for their patients. The
safe harbor protects certain free or discounted local transportation
made available by an eligible entity, and we confirm that an eligible
entity may make such transportation available through ride-sharing
arrangements or through other means of local transportation that may
exist in the future (e.g., self-driving cars). We do not believe an
amendment to the regulatory text is necessary. Indeed, nothing in the
language of the safe harbor prevents the use of ride-sharing services
by eligible entities as long as all other conditions of the safe harbor
are met. As we explained in the OIG Proposed Rule, although we do not
explicitly refer to ride-sharing services within the safe harbor, we
see no meaningful differences between these services and taxis, or
other similar technology that serve as a taxi service should they
become available in the future.\148\ We are not explicitly including
specific transportation methods within the regulatory text to avoid
being overly proscriptive and to allow eligible entities sufficient
flexibility to outsource these services appropriately while satisfying
every condition of the safe harbor.
---------------------------------------------------------------------------
\148\ 84 FR 55752 (Oct. 17, 2019).
---------------------------------------------------------------------------
We note that eligible entities that make transportation services
available to patients by using ride-sharing or other similar
transportation service providers must meet all requirements of the safe
harbor and ensure such service providers also meet all requirements of
the safe harbor to receive protection, including for example the
prohibitions against luxury transportation and publicly marketing or
advertising the free or discounted local transportation services.
In the OIG Proposed Rule, we explained that a taxi company, ride-
sharing service, or other provider of transportation could advertise
that it provides transportation to medical appointments and suggest to
patients that they contact their medical providers to determine whether
free or discounted transportation is available to their facilities. We
stated, however, that it cannot advertise that it provides free or
discounted transportation to a particular health care provider or group
of providers because such customer-specific advertising is within the
control of the customer (i.e., the eligible entity paying for the
transportation) to prohibit, and therefore would be imputed to the
customer and would disqualify transportation furnished by
[[Page 77864]]
the customer from safe harbor protection.\149\ Accordingly, we strongly
suggest that eligible entities that furnish local transportation to
patients and choose to rely on this safe harbor have mechanisms in
place to ensure this condition of the safe harbor is satisfied.
---------------------------------------------------------------------------
\149\ 84 FR 55752 (Oct. 17, 2019).
---------------------------------------------------------------------------
13. Accountable Care Organization (ACO) Beneficiary Incentive Program
(42 CFR 1001.952(kk))
Summary of OIG Proposed Rule: We proposed at proposed paragraph
1001.952(kk) to codify the statutory exception to the definition of
``remuneration'' at section 1128B(b)(3)(K) of the Act, as added under
section 50341 of the Budget Act of 2018, for ACOs operating a CMS-
approved beneficiary incentive program under the Medicare Shared
Savings Program, as defined under section 1899(m) of the Act. We
proposed to clarify that an ACO may furnish incentive payments only to
assigned beneficiaries and to interpret the statutory language in the
Budget Act of 2018 stating, ``if the payment is made in accordance with
the requirements of such subsection [section 1899(m) of the Act],'' to
mean ``if the incentive payment is made in accordance with the
requirements found in such subsection.'' We did not propose any
additional safe harbor conditions that incentive payments made by an
ACO to an assigned beneficiary under an ACO Beneficiary Incentive
Program established under section 1899(m) of the Act would have to
satisfy, and we solicited comments on the proposed lack of additional
conditions.
Summary of Final Rule: We are finalizing the safe harbor without
modifications.
Comment: Several commenters expressed support for the ACO
Beneficiary Incentive Program safe harbor. For example, a commenter
posited that incentivizing patients to attend primary care appointments
may improve patient outcomes and reduce downstream medical expenses.
Another commenter agreed with OIG's proposal not to establish
additional safe harbor conditions to protect incentives under an ACO
Beneficiary Incentive Program that satisfies the statutory exception
and regulatory requirements.
Response: We are finalizing the regulation text as proposed. We
note that we do not interpret the statutory exception found at section
1128B(b)(3)(K) of the Act, nor the safe harbor finalized at paragraph
1001.952(kk), to require satisfaction of any requirements found outside
section 1899(m) of the Act (e.g., the regulatory requirements
established by CMS implementing the ACO Beneficiary Incentive Program
found at 42 CFR 425.304(c)).
Comment: A commenter supported the codification of the ACO
Beneficiary Incentive Program exception in a safe harbor but
recommended that OIG broaden the exception to protect any future
beneficiary incentives covered under CMS-sponsored payment models and
beneficiary incentive options that may be available in the future.
According to the commenter, the ACO Beneficiary Incentive Program is
too limited and the commenter has advised CMS that ACOs, and
alternative payment models (APM) more broadly, should be able to
provide beneficiary incentives to subsets of their population. Another
commenter requested that OIG expand the safe harbor to protect ACOs
participating in any Innovation Center demonstration, noting that
several ACO demonstrations have risk-bearing standards that exceed
those in the Medicare Shared Savings Program.
Response: This safe harbor codifies a statutory safe harbor that is
specific to ACO Beneficiary Incentive Programs; the commenters'
suggestions are beyond the scope of the statute and our proposal. To
the extent the commenters are requesting safe harbor protection for
beneficiary incentives provided through existing CMS-sponsored models
developed pursuant to section 1115A(d)(1) of the Act, any fraud and
abuse waiver applicable to beneficiary incentives under the relevant
model would potentially provide protection as long as the beneficiary
incentive arrangement squarely satisfies the conditions of the
applicable waiver. Moreover, we are finalizing a new safe harbor for
CMS-sponsored models at paragraph 1001.952(ii) that protects certain
CMS-sponsored model patient incentives under models for which CMS has
determined that paragraph 1001.952(ii)(2) should apply. This new safe
harbor is described more fully in section III.B.7 of this preamble.
Comment: A trade association representing community pharmacists
recommended that pharmacists be included in the definition of an ``ACO
professional'' and that pharmacy services should constitute qualifying
services for purposes of the ACO Beneficiary Incentive Program safe
harbor. According to the commenter, including pharmacy services as
qualifying services would give pharmacists more resources to provide
medication adherence services more efficiently to further enhance care
coordination.
Response: The commenter's suggestion is beyond the scope of the ACO
Beneficiary Incentive Program statutory exception found at section
1128B(b)(3)(K) of the Act that OIG proposed to codify at paragraph
1001.952(kk). Section 1899(h) of the Act defines an ACO professional
for purposes of the Medicare Shared Savings Program, and section
1899(m) of the Act sets forth the scope of qualifying services. CMS
administers the Medicare Shared Savings Program on behalf of the
Secretary, which includes promulgating regulations interpreting the
statutory definition of ACO professional and the scope of qualifying
services; for this reason, any requests to expand these terms should be
directed to CMS.
Comment: A commenter supported the proposed safe harbor but
recommended that OIG consider the administrative burden associated with
the ACO Beneficiary Incentive Program. In particular, the commenter
noted that several requirements of the ACO Beneficiary Incentive
Program (e.g., recordkeeping requirements) are burdensome.
Response: The commenter's suggestion is beyond the scope of this
rulemaking. Section 1899(m) of the Act contains certain programmatic
reporting and documentation requirements for beneficiary incentives
under the Medicare Shared Savings Program, and CMS has promulgated
additional regulations implementing the ACO Beneficiary Incentive
Program.\150\ The new safe harbor at paragraph 1001.952(kk) does not
alter existing documentation requirements or impose any additional
documentation requirements. Furthermore, section 50341(b) of the Budget
Act of 2018 does not give OIG authority to waive programmatic
documentation requirements set forth in section 1899(m) of the Act or
in CMS regulations.
---------------------------------------------------------------------------
\150\ 42 CFR 425.304(c)(4)(i).
---------------------------------------------------------------------------
Comment: A commenter requested additional guidance on the specifics
of the protected remuneration under this safe harbor.
Response: The new safe harbor at paragraph 1001.952(kk) protects
incentive payments made by an ACO to an assigned beneficiary under a
beneficiary incentive program established under section 1899(m) of the
Act if the incentive payment is made in accordance with the
requirements found in section 1899(m) of the Act. We interpret the
statutory language in the
[[Page 77865]]
Budget Act of 2018 stating, ``if the payment is made in accordance with
the requirements of such subsection [section 1899(m) of the Act]'' to
mean ``if the incentive payment is made in accordance with the
requirements found in such subsection.''
We read this provision broadly to incorporate all the requirements
found in section 1899(m) of the Act as requirements of the ACO
Beneficiary Incentive Program statutory exception to the definition of
``remuneration'' under the Federal anti-kickback statute. In other
words, as we stated in the preamble to the OIG Proposed Rule, we
interpret this statutory requirement to mean that for an incentive
payment to satisfy the ACO Beneficiary Incentive Program statutory
exception, and the corresponding safe harbor interpreting the statutory
exception, all of the requirements enumerated at section 1899(m) of the
Act--related both to ACO Beneficiary Incentive Programs and incentive
payments made pursuant to such programs--must be satisfied. We do not
interpret the statutory exception at section 1128B(b)(3)(K) of the Act
to require satisfaction of any requirements found outside of section
1899(m) of the Act. For instance, CMS, which administers the Medicare
Shared Savings Program, has promulgated programmatic regulations
setting forth more detailed requirements for implementing an ACO
Beneficiary Incentive Program in accordance with section 1899(m) of the
Act. While compliance with these regulations is not a condition of
satisfying the safe harbor, it would be prudent for ACOs to review
these regulations to ensure that their ACO Beneficiary Incentive
Programs meet all applicable programmatic requirements.
C. Civil Monetary Penalty Authorities: Beneficiary Inducements CMP
1. Exception for Telehealth Technologies for In-Home Dialysis (42 CFR
1003.110)
Summary of OIG Proposed Rule: We proposed to amend the definition
of ``remuneration'' under the Beneficiary Inducements CMP by codifying
the statutory exception enacted as part of the Budget Act of 2018.
Specifically, we proposed to add an exception to the definition of
``remuneration'' in paragraph 1003.110 at proposed paragraph
1001.110(10) for the provision of certain telehealth technologies
related to in-home dialysis services. The proposed exception would
protect the provision of telehealth technologies by a provider of
services or renal dialysis facility to an individual with end-stage
renal disease (ESRD) who is receiving home dialysis paid for by
Medicare Part B, provided the donation meets conditions proposed in the
OIG Proposed Rule. We proposed a condition that would require uniform
provision of technology. In addition, we proposed to define
``telehealth technologies'' as multimedia communications equipment that
includes at a minimum audio and video equipment permitting two-way,
real-time interactive communication between the patient and distant
site physician or practitioner used in the diagnosis, intervention, or
ongoing care management--paid for by Medicare Part B--between a patient
and the remote healthcare provider.
Summary of Final Rule: We are finalizing this provision with
several modifications at paragraph 1003.110(10) to align with the
statutory exception in 1128A(i)(6)(J). As explained in more detail
below, we are removing most of the additional proposed conditions and
proposed regulatory text language that were not in the statutory
exception. Additionally, the final rule modifies the definition of
``telehealth technologies'' and includes physicians as a type of
practitioner that can donate telehealth technologies to a patient. We
are not finalizing the other proposed conditions on which we solicited
comments.
a. General Comments
Comment: Commenters on this topic overwhelmingly supported our
proposed exception, in many cases as proposed. For example, a commenter
stated that the exception would enhance access to telehealth services
for vulnerable patients, including those who are immobile or located in
rural areas, and would encourage patients to appropriately address
their chronic condition. Commenters observed that telehealth
technologies will provide an important tool for dialysis facilities and
other providers to ease patients' adoption of home dialysis as their
treatment modality of choice and that increased use of telehealth
services benefit patients, including through reduced travel to and from
physician visits. A commenter expressed that broad protection under the
Beneficiary Inducements CMP would be consistent with policy priorities
of Congress and the Department, as well as under the Executive Order
entitled ``Advancing American Kidney Health.'' Another commenter noted
the Administration's policy goal of increased rates of uptake and
retention of in-home dialysis and urged OIG to consider the impact
technologies have outside of an isolated clinical visit, such as
dialysis modality education and support group access.
Some commenters raised concerns about the need for safeguards
against risks such as inappropriate steering, lemon-dropping, and
cherry-picking of patients by providers and the use of free at-home
technologies to entice patients to use a particular provider,
especially when the technology could also be used for other purposes
beyond the provision of telehealth services. Some commenters urged us
to adopt the statutory exception without any additional conditions that
could create barriers to patients accessing telehealth services, more
administrative burden, or additional duties on staff. A commenter
stated that the additional conditions and other potential safeguards in
the OIG Proposed Rule preamble are unnecessary.
Response: We have made several modifications to the final exception
that address the commenters' general concerns. Consistent with the
statutory exception at section 1128A(i)(6)(J) of the Act and the OIG
Proposed Rule, these modifications finalize a broader definition of
``telehealth technologies,'' reduce the number of conditions from the
OIG Proposed Rule, and modify the proposed conditions to more closely
align to the statute. The final exception incorporates the statutory
text from section 1128A(i)(6)(J) and the two statutory conditions at
1128A(i)(6)(J)(i) and (ii). We describe the specific rationale for each
of these modifications in greater detail below.
These modifications reflect our understanding as stated in the OIG
Proposed Rule that this is a narrow exception to the CMP beneficiary
inducement statute. Primarily, the exception is limited to a subset of
patients receiving in-home dialysis and certain, enumerated providers
in the statutory exception.\151\ Because the exception finalized here
is only available to established patients who are receiving specific
services paid for by Medicare Part B, the potential for fraud and abuse
is reduced. Similar to our rationale related to the definition and use
of target patient population in the patient engagement and support safe
harbor at paragraph 1001.952(hh), we believe that remuneration
connected to an objectively defined set of patients decreases the risk
that valuable remuneration will be offered to patients as an inducement
to seek care or as a reward for receiving care. For the purposes of
this exception, Congress established the patient population as
[[Page 77866]]
those receiving in-home dialysis paid for by Medicare Part B.
---------------------------------------------------------------------------
\151\ 84 FR 55754 (Oct. 17, 2019).
---------------------------------------------------------------------------
Additionally, the two statutory conditions address common risks of
fraud and abuse associated with remuneration furnished to
beneficiaries. The first, which bars telehealth technologies from being
offered as part of any advertisement or solicitation, protects against
improper marketing schemes that entice beneficiaries to receive
unnecessary services or select providers or services based on promises
of valuable gifts rather than medical best interests. The second
statutory condition requires that the telehealth technologies are
provided for the purpose of furnishing telehealth services related to
the recipient's ESRD; this condition tailors the statutory protection
to arrangements that assist beneficiaries in managing their ESRD,
reducing risk that the provision of telehealth technologies induce
orders or purchases of other, unrelated items and services. These
statutory limitations reduce the risks of fraud and abuse associated
with providing certain beneficiaries with free telehealth technologies.
We share commenters' concerns that offering valuable technology for
free to patients has the potential to impact a patient's selection of a
provider, and we agree that this exception should not be used to
effectuate inappropriate steering, lemon-dropping, or cherry-picking of
patients. The risk of fraud and abuse associated with selectively
deciding which patients receive telehealth technologies is mitigated by
conditions finalized in this rule (e.g., telehealth technologies are
protected if provided to a beneficiary already receiving in-home
dialysis paid for by Medicare Part B and if that patient initiated
contact or scheduled an appointment with the donor (paragraphs (10)(i)
and (ii) in 42 CFR 1003.110)).
This final rule strives to foster the policy goal of: (i) Ensuring
that beneficiaries can choose and benefit from medically appropriate
in-home dialysis care, as determined by the beneficiary and their
provider, physician, or renal dialysis facility; (ii) protecting
beneficiaries against coercive marketing schemes that do not serve
their best interests; and (iii) ensuring that providers, physicians,
and renal dialysis facilities are seeking the protection of the
exception use telehealth technologies for purposes related to
beneficiaries' ESRD as contemplated in the statutory exception. We have
endeavored to reduce administrative and staff burden wherever possible,
consistent with these goals.
b. Definition of ``Telehealth Technologies''
Summary of OIG Proposed Rule: Using the definition of ``interactive
telecommunications system'' pursuant to 42 CFR 410.78(a)(3) as a
basis,\152\ we proposed to define ``telehealth technologies'' as
multimedia communications equipment that includes, at a minimum, audio
and video equipment permitting two-way, real-time interactive
communication between the patient and distant site physician or
practitioner used in the diagnosis, intervention, or ongoing care
management--paid for by Medicare Part B--between a patient and the
remote healthcare provider. We proposed to exclude telephones,
facsimile machines, and electronic mail systems from the definition.
However, we proposed that smartphones with two-way, real-time
interactive communication through secure video conferencing
applications would not be considered ``telephones.'' We sought comments
on this definition and whether ``telehealth technologies'' should
include technologies such as software, a webcam, data plan, or
broadband internet access that facilitates the telehealth encounter.
---------------------------------------------------------------------------
\152\ In response to the COVID-19, HHS and CMS have exercised
emergency authorities and regulatory flexibilities to help health
care providers respond to the COVID-19 public health emergency.
Specific to telehealth covered by Medicare Part B, CMS has expanded
the types of technology that can be used to provide telehealth
services, the types of services that can be provided via telehealth,
certain coverage requirements related to originating and distant
sites, and other flexibilities. Most of these flexibilities will
remain in place until the Secretary ends the declaration of a public
health emergency for COVID-19. See for example 85 FR 19230 (Apr. 6,
2020), COVID-19 Emergency Declaration Blanket Waivers for Health
Care Providers, available at https://www.cms.gov/files/document/summary-covid-19-emergency-declaration-waivers.pdf; 85 FR 27550 (May
8, 2020), Additional Policy and Regulatory Revisions in Response to
the COVID-19 Public Health Emergency and Delay of Certain Reporting
Requirements for the Skilled Nursing Facility Quality Reporting
Program, available at https://www.govinfo.gov/content/pkg/FR-2020-05-08/pdf/2020-09608.pdf.
---------------------------------------------------------------------------
Summary of Final Rule: We are finalizing, with modifications, the
regulatory text defining ``telehealth technologies'' in response to
comments and in a way that is technology agnostic, as described further
below.
Comment: Several commenters agreed with our proposed definition of
``telehealth technologies'' based on 42 CFR 410.78(a)(3), including our
proposal to exclude smartphones from our interpretation of what
consists of a ``telephone'' for the purposes of our proposed
``telehealth technologies'' definition because it would help expand
access to medically necessary care. A commenter suggested OIG finalize
a technology-neutral definition of ``telehealth technologies'' and
urged us not to detail specific technologies or services, which are
likely to change over time to facilitate the development of more
efficient means of delivering the same services. While a commenter
agreed with excluding telephones, facsimile machines, and electronic
mail systems from the definition of ``telehealth technologies'' because
the commenter did not view them as providing the required services,
other commenters asserted that these technologies should not be
included. For example, a commenter explained that these technologies do
not constitute ``telehealth technologies'' as standalone items but can
be used to supplement a telehealth encounter.
Several commenters were supportive of including the broader range
of technologies considered in the OIG Proposed Rule (e.g., software and
data plans). Commenters suggested that these technologies, which alone
will not facilitate a telehealth encounter, may be required by some
patients to access telehealth services. A commenter asserted that the
exception should protect any type of technology as long as it
contributes to accomplishing the telehealth service. The commenter also
urged OIG to consider that software protected under the exception must
be easily downloadable, be easy to use for patients, and meet HIPAA
standards.
Another commenter supported narrowly defining ``telehealth
technologies'' as the ``interactive communications system'' necessary
for the telehealth service. According to the commenter, a broader
definition could inappropriately induce a beneficiary to consider in-
home dialysis because of the availability of technology benefits rather
than the clinical appropriateness of the treatment approach. A
commenter also suggested that if necessary we include a list of items
ineligible for protection under this exception.
Response: We agree with those commenters that recommended a broader
definition that includes items and services that facilitate telehealth
services because the goal of this exception, as explained in the OIG
Proposed Rule, is to protect a wide range of technologies to better
support in-home dialysis. Specifically, this final rule modifies the
definition of ``telehealth technologies'' by removing references to
specific types of technology, limits on the type of communication, and
a requirement that telehealth services be paid for by Medicare Part B.
We are revising language to clarify that the definition means
technology used to support
[[Page 77867]]
communication between providers and patients in instances when the
communication is distant or remote, and when the communication is for
diagnosis, intervention, or ongoing care management. For purposes of
the telehealth technologies exception to the definition of
``remuneration'' authorized under section 1128A(i)(6)(J) of the Act,
this final rule defines ``telehealth technologies'' to mean hardware,
software, and services that support distant or remote communication
between the patient and provider, physician, or renal dialysis facility
for the diagnosis, intervention, or ongoing care management. We note
that the revised definition includes all of the technologies that we
proposed would constitute telehealth technologies and be protected if
all conditions of the exception were met: that is, multimedia
communications equipment, including audio and video equipment
permitting two-way, real-time interactive communication with the
patient.
The revised definition also now includes technologies that we
proposed to specifically exclude from the definition: Telephones,
facsimile machines, and electronic mail systems. The final definition
is technology agnostic. We emphasize that the revised definition
retains the element that the technology supports provider and patient
communication for diagnosis, intervention, or ongoing care management.
Additionally, for a donation of technology to be protected it must meet
all conditions of this exception, not just satisfy the revised
definition of ``telehealth technologies.'' This includes the condition
at paragraph (10)(i) in 42 CFR 1003.110 that requires the telehealth
technology be provided for the purpose of furnishing telehealth
services related to the recipient's end-stage renal disease. If a
provider, physician, or facility determines that a fax machine meets
this condition and the revised definition (and the donation meets all
other conditions) then it would be protected by this exception.
This modification is consistent with the statutory exception and
our solicitation of comments in the proposed rule. In the OIG Proposed
Rule, we proposed to define ``telehealth technologies'' to encompass
``multimedia communications equipment'' that included at a minimum
audio and video equipment with distant site, interactive communications
functionality between patients and physicians or practitioners. We
considered whether to broaden the definition to include technology such
as software, webcams, data plans, and broadband internet access that
facilitate a telehealth encounter and solicited specific comments on
the treatment of telephones, facsimile machines, and electronic mail
systems.
We are modifying the definition to focus on the functionality of
the technology to support telehealth rather than specific types. The
revised definition is technology neutral to provide flexibility to
providers, physicians, and renal dialysis facilities to determine what
telehealth technology is needed for the purpose of furnishing
telehealth services related to an individual's ERSD. By ``technology
agnostic,'' we mean that the technology is not limited to specific
technologies or services, which are likely to change over time. For
telehealth and virtual care specifically, we believe a technology-
agnostic approach is especially important given, for example, the
widespread and rapid changes to telehealth during the response to the
COVID-19 public health emergency. This approach will also allow the
exception to continue to be available to support telehealth services
for ESRD beneficiaries as technology evolves. We recognize that the
revised definition will allow for a wider range of technology to be
provided to beneficiaries than the proposed regulatory text. We also
recognize the potential for ``telehealth technologies'' as defined more
broadly in this final rule to inappropriately induce patients to pursue
in-home dialysis over a dialysis facility or select a particular
provider or physician. However, we believe the risk is mitigated
because the exception is available for a defined set of patients
already receiving in-home dialysis, marketing is not allowed, and other
conditions provide safeguards against fraud and abuse.
The revised definition is supported by the statutory exception in
section 1128A(i)(6)(J) of the Act. The statute gives the Secretary
authority to define ``telehealth technologies'' and protects
technologies provided for the purpose of furnishing telehealth services
related to the individual's ESRD. The statute did not limit the
telehealth technology or technology services under the exception to any
related Medicare definitions. In contrast, section 1128A(i)(6)(J) of
the Act states that a provider of services or a renal dialysis facility
are defined as those terms are used in title XVIII (Medicare).
``Telehealth technologies'' in section 1128A(i)(6)(J) and the term
``telehealth services'' in 1128A(i)(6)(J)(ii) do not include a
reference to specific statutory or regulatory definitions. Therefore,
the statute provides the Secretary additional flexibility to interpret
these terms differently than any related Medicare definitions. We
similarly interpret the term ``telehealth services'' differently than
the scope of telehealth services paid for by Medicare Part B. For a
more detailed discussion of the term ``telehealth services'' used in
paragraph (10)(ii) in 42 CFR 1003.110, see section III.C.1.e below.
Based on the statutory exception and flexibility afforded by the
statutory exception and the response to our solicitation on the
appropriate scope of technology covered by this exception, we are
modifying the definition in the regulatory text of ``telehealth
technologies'' to focus on core functionality to support telehealth
services and be technology agnostic. As several commenters noted,
telehealth technologies are ineffective without the ability to connect
any device facilitating telehealth services, and the purpose of this
exception would not be advanced without those capabilities. We agree
and have expanded the definition of telehealth technologies to include
services that support distant or remote communication between the
patient, provider, or renal dialysis facility for diagnosis,
intervention, or ongoing care management. For example, the finalized
definition would include internet service or data plans.
We emphasize that although this definition would encompass various
technologies, to receive protection under the exception arrangements
for providing telehealth technologies to beneficiaries must squarely
satisfy the other conditions in the exception, including that the
technologies are provided for the purpose of furnishing telehealth
services related to the recipient's ESRD.
In this preamble we offer examples of technology we view as within
the scope of the final definition of ``telehealth technologies.'' We
are not providing an exhaustive list in regulatory text or preamble to
avoid inadvertently limiting telehealth technologies that donors
determine are best suited to facilitate telehealth services to
beneficiaries with ESRD and to allow for the evolution of technology.
We are not including a condition related to ease of use for telehealth
technologies furnished to patients, which we believe is a consideration
for the patient and the clinician and is not needed as a fraud and
abuse safeguard. Parties would need to comply with any other applicable
government regulations that address ease of use or functioning of
telehealth technology. Similarly, HIPAA and other Federal and State
privacy and security laws apply notwithstanding this exception;
therefore, we do not believe
[[Page 77868]]
an additional condition within this exception is necessary.
Comment: Several commenters asserted that limiting ``telehealth
technologies'' to two-way, real-time interactive communications
equipment is overly narrow and could bar protection of many beneficial
technologies that pose no greater risk than technologies included in
the proposed definition. As an example, some commenters suggested that
equipment used to monitor and report data to physicians and dialysis
facilities (e.g., Bluetooth-enabled stethoscopes and thermometers)
would not qualify under the proposed definition but could provide
valuable clinical benefits. A commenter suggested that OIG follow the
example provided in the current Kidney Care Choices Model operated by
the Innovation Center that allows the use of asynchronous store-and-
forward technologies and the forwarding of health history to a
clinician for review outside of a real-time interaction. Several
commenters recommended including real-time (synchronous) and store-and-
forward (asynchronous) audio and video platforms. A commenter stated
that an audio-only platform may be appropriate to assess whether the
patient's condition necessitates an office visit.
Response: We agree with commenters who suggest revising the
definition to include broader forms of technology, including
technologies that enable asynchronous communications between the
patient and a distant site physician or practitioner. We have revised
the definition of ``telehealth technologies'' to cover a more expansive
range of technology than the proposed definition. This modification to
the definition would cover technology based on its function, rather
than specific types of technology. This would include equipment that
could be used to monitor and report data to physicians and dialysis
facilities (e.g., Bluetooth-enabled stethoscopes and thermometers)
where appropriate, provided such technologies satisfy the other
conditions of the exception. We believe the donor of any protected
telehealth technologies--who per the terms of the exception must be
currently providing the in-home dialysis, telehealth services, or other
ESRD care to the patient--is in the best position to determine whether
real-time or asynchronous information is appropriate and whether such
technologies serve the purpose of furnishing telehealth services
related to the recipient's ESRD. We do not believe the distinction
between two-way, real-time technology and asynchronous technology
materially changes the fraud and abuse analysis associated with
providing patients valuable technology. Relatedly, we agree that some
audio-only technology may be appropriate to assess whether the
patient's condition necessitates an office visit and could contribute
substantially to the provision of telehealth services to a patient.
As explained above, the definition of ``telehealth technologies''
set forth in this final rule is technology agnostic and is not limited,
for example, to technologies used for two-way, real-time interactive
communication. We believe this final definition will extend protection
to many of the specific technologies identified by commenters as long
as other conditions of the exception are met.
Comment: A commenter encouraged OIG to define the minimum set of
capabilities required for a telehealth physician visit to include at
least real-time bidirectional video interaction with audio. The
commenter recommended the definition for ``telehealth technologies''
include tools such as peripheral devices or applications that the
physician deems necessary to complete a proper assessment of the
patient during a telehealth service, including remote monitoring and
asynchronous messaging.
Another commenter recommended OIG adopt the full definition of
``interactive telehealth system'' at 42 CFR 410.78 in lieu of the
proposed ``telehealth technologies'' definition but expand the
definition to protect the use of asynchronous technologies in certain
geographic areas (e.g., areas that are medically underserved). The same
commenter also recommended including peripheral or supporting
technology in the definition, which could support the use of remote
patient monitoring.
Response: As described above, we have modified the definition of
``telehealth technologies'' to clarify the scope of technologies with
telehealth capabilities protected by this exception. With respect to
real-time bidirectional video interaction with audio, we view such
technology as within the scope of the proposed definition as well as
the definition finalized here. We also agree with the commenter that
the definition should include tools such as peripheral devices or
applications that the physician deems necessary to complete a proper
assessment of the patient during a telehealth service. The definition
of ``telehealth technologies'' encompasses the peripheral or supporting
technologies for remote patient monitoring noted by the commenter.
Asynchronous technologies would also meet the definition of telehealth
technologies and could be protected if all conditions of the exception
are met. For example, many types of remote patient monitoring
technology are asynchronous and used to support remote communication
between a patient and their physician for diagnosis, intervention, and
ongoing care management. We did not propose and are not adopting any
geographic limitation. Such restrictions are not necessary due to the
other safeguards in the safe harbor, and further narrowing the limited
statutory exception is not consistent with the statutory text (e.g.,
section 1128A(i)(6)(J) of the Act is not connected to telehealth
services paid for by Medicare Part B, which are historically subject to
geographic limitations).
We note that policies regarding what constitutes a physician
telehealth service are outside the scope of this rulemaking because it
is limited to requirements for an exception to the Beneficiary
Inducements CMP.
Comment: Another commenter recommended aligning the exception with
the list of services payable under the Medicare Physician Fee Schedule
when furnished via telehealth by expanding the definition of
``telehealth technologies'' to include communications-based
technologies in addition to telehealth technologies.
Response: We believe the commenter is referring to the telehealth
technologies used to furnish ``communications technology-based
services'' such as virtual check-in and remote assessment services that
are separately billable under Medicare Part B. As discussed above, we
have revised the definition of ``telehealth technologies,'' and it
would include technologies that facilitate communications for these
services including, by way of example, virtual check-in services. This
exception protects a wide range of telehealth technologies that are
provided for the purposes of furnishing remote or distant services
through various modalities, including telehealth services, virtual
check-in services, e-visits, monthly remote care management, and
monthly remote patient monitoring.
Consistent with this approach, as explained more fully above, we
have modified the telehealth technologies definition so that it is not
dependent on Medicare Part B payment for telehealth services.
Relatedly, as explained more fully below, we are also modifying
paragraph 10(iii) under the definition of ``remuneration'' in 42 CFR
1003.110 so that protection of telehealth
[[Page 77869]]
technologies is not conditioned on their being provided for the purpose
of furnishing ``telehealth services'' paid for by Medicare Part B.
c. Furnished by Specified Individuals and Entities Currently Providing
Care to the Patient
Summary of OIG Proposed Rule: Section 1128A(i)(6)(J) of the Act
limits the exception to technologies provided ``by a provider of
services or a renal dialysis facility (as such terms are defined for
purposes of title XVIII) to an individual with end-stage renal disease
who is receiving home dialysis for which payment is being made under
part B of such title . . . .'' We proposed to implement this statutory
provision in two ways. First, we proposed to use the precise statutory
text in the introductory text in paragraph (10) under the definition of
``remuneration'' in 42 CFR 1003.110. Second, we proposed a condition at
paragraph (10)(i) that interprets the statutory language so that the
exception would be available only to the provider of services or the
renal dialysis facility that is currently providing in-home dialysis,
telehealth services, or other ESRD care to the patient. We explained
that the intent of this condition was to ensure that the exception only
protected the provision of telehealth technologies to patients with
whom the provider or renal dialysis facility had a prior clinical
relationship. A beneficiary has a prior clinical relationship with the
donor if the patient is receiving home dialysis, telehealth services,
or other ESRD care from the donor. We also specifically solicited
comment on this interpretation recognizing that this limitation may
pose challenges.
We also sought comment on but did not propose specific regulatory
text for whether we should interpret the statutory exception to apply
not only to the ``provider of services or the renal dialysis facility
(as those terms are defined in title XVIII of the Act)'' but also
``suppliers,'' as defined in title XVIII of the Act, so that the
exception would be consistent with the broader goals to expand patient
access to in-home dialysis care furnished by their physician in section
50302(b) of the Budget Act of 2018.
Summary of Final Rule: We are finalizing, with modifications, the
proposed condition at paragraph (10)(i) that interprets the statutory
language so that the exception would be available only to the provider
of services or the renal dialysis facility that is currently providing
in-home dialysis, telehealth services, or other ESRD care to the
patient. The final rule limits the exception to telehealth technologies
furnished by a provider of services, physicians, or a renal dialysis
facility currently providing in-home dialysis, telehealth services, or
other ESRD care to the patients or has been selected or contacted by
the patient to schedule an appointment or provide services.
Comment: Several commenters supported both of our proposals
implementing section 1128A(i)(6)(J) of the Act, including the
interpretation that the provision of telehealth technologies is limited
to patients with whom the donors have a prior clinical relationship.
Several commenters shared OIG's concern that expanding the exception to
protect the provision of telehealth technologies to new patients or to
patients who are not currently receiving ESRD services or care from the
individual or provider of services or the facility may result in
inappropriate steering.
However, another commenter expressed concern that this
interpretation would be operationally difficult to implement and could
reduce the benefits of the otherwise permissible telehealth
technologies. According to the commenter, once patients have selected a
provider, they should not have to wait for telehealth services
furnished through protected arrangements until they are already
receiving in-home dialysis. The commenter asserted that delaying
telehealth technologies in this context may disrupt normal care
delivery methods.
Response: Consistent with section 1128A(i)(6)(J) of the Act and our
proposed interpretation, limiting the exception to telehealth
technologies furnished by a provider of services, physicians, or a
renal dialysis facility currently providing in-home dialysis,
telehealth services, or other ESRD care to the patients is consistent
with the statutory language and an appropriate safeguard against
inappropriate steering and patient recruitment. As such, we are
finalizing the introductory language of paragraph (10) under the
definition of remuneration in 42 CFR 1003.110 as proposed.
We also are finalizing the condition at paragraph (10)(i) under the
definition for ``remuneration'' in 42 CFR 1003.110 with modifications.
Specifically, we have modified this condition by adding the following
clause: ``or has been selected or contacted by the individual to
schedule an appointment or provide services.''
We agree with the commenter who suggested that once a patient has
selected a provider, physician, or facility, the patient should be
eligible to receive telehealth technologies. The purpose of the
proposed condition was to limit the risk of the technologies being used
as a recruiting tool or to facilitate the provision of unnecessary
services. However, because protected telehealth technologies may not be
offered as part of any advertisement or solicitation, we believe that
making telehealth technologies available to patients who contact the
provider, physician, or facility on their own initiative is
sufficiently low risk to warrant protection by this exception. Thus a
provider, physician, or facility may offer or furnish telehealth
technologies to a patient with ESRD who is receiving home dialysis paid
for by Medicare Part B after the patient selects and initiates contact
with a provider, facility, or physician to schedule an appointment or
other services.\153\ This approach is consistent with our intent in the
OIG Proposed Rule to prevent arrangements from being protected by the
exception where the donor does not have a preexisting clinical
relationship with the patient and to reduce the risk of inappropriate
patient recruitment or marketing schemes.
---------------------------------------------------------------------------
\153\ If a patient is unable to call a provider or physician
himself or herself, or has otherwise given consent for a person
(e.g., a family member, a case manager, or a provider or supplier
when the patient is attending an appointment or receiving services)
to schedule appointments or upcoming services for him or her, then a
request for an appointment or upcoming services made on behalf of
the patient is sufficient to meet the patient-initiated contact
requirement.
---------------------------------------------------------------------------
We view a patient reaching out to schedule an appointment or other
services and asking whether assistance in facilitating telehealth
services might be available as low risk in light of the other
conditions in the exception, such as the limitation on advertisement
and solicitation discussed further below. Patient-initiated contact is
also distinguishable from a provider, facility, or physician initiating
contact with a new patient (or to the patient's case manager) and
soliciting the patient to elect in-home dialysis or to switch
providers, coupled with an offer of telehealth technologies. The former
would be protected (if all other conditions of the exception are met)
and the latter would not.
Comment: Several commenters opposed extending the exception to
apply to suppliers as defined in title XVIII of the Act because it
could result in telehealth technologies being offered to patients
without any provider reviewing whether the technology is an appropriate
offering for the particular patient's clinical condition and, more
generally, increases the risk for
[[Page 77870]]
inappropriate use or offering of technologies. A commenter also
asserted that expanding protected donors to include protection for
suppliers is not consistent with congressional intent. A commenter
asserted that protection under the exception should be limited only to
nephrologists and dialysis providers who are directly responsible for
the provision of care to home dialysis patients.
Response: This final exception, consistent with our solicitation in
the OIG Proposed Rule, protects telehealth technologies provided by
physicians as defined in title XVIII of the Act who are providing in-
home dialysis, telehealth services, or other ESRD care to the
recipient. This modification will be included in the introductory
language of paragraph (10) and in paragraph (10)(i) under the
definition to remuneration in 42 CFR 1003.110. As explained in the OIG
Proposed Rule and further below, this modification is consistent with
section 50302 of the Budget Act of 2018. In particular, physicians--
notably but not exclusively nephrologists--are central to the provision
of telehealth services related to ESRD care that would be furnished
using the telehealth technologies, as described in the statute. For
example, without the inclusion of physicians, telehealth technologies
furnished by a patient's nephrologist could not receive protection
under this exception.
As part of the Creating High-Quality Results and Outcomes Necessary
to Improve Chronic Care Act of 2018,\154\ section 50302 of the Budget
Act of 2018 amends section 1881(b)(3) of the Social Security Act to
permit an individual with ESRD receiving home dialysis to elect to
receive their monthly ESRD-related clinical assessments via telehealth,
if certain other conditions are met. CMS implemented these statutory
changes through amendments to 42 CFR 410.78 and 414.65.\155\ Under
those CMS rules, the newly covered monthly ESRD-related clinical
assessments furnished via telehealth would be provided by a physician
at the distant site who is licensed under State law to furnish the
covered monthly ESRD-related clinical assessments.\156\ It is
consistent with the OIG Proposed Rule and section 50302 of the Budget
Act of 2018 that this exception protect the provision of telehealth
technologies offered by physicians (e.g., nephrologists) furnishing
monthly ESRD-related clinical assessments via telehealth for patients
receiving home dialysis. Under the new CMS rules, the physicians
performing these clinical assessments are well positioned to understand
what telehealth technologies should be provided to the ESRD patient for
the purpose of furnishing telehealth services.
---------------------------------------------------------------------------
\154\ S. 870, 115th Congress (Sept. 26, 2017).
\155\ 83 FR 59495 (Nov. 23, 2018).
\156\ 42 CFR 410.78(b) specifies in part that ``Medicare Part B
pays for covered telehealth services included on the telehealth list
when furnished by an interactive telecommunications system if the
following conditions (are met, such as) . . . [t]he physician or
practitioner at the distant site must be licensed to furnish the
service under State law. The physician or practitioner at the
distant site who is licensed under State law to furnish a covered
telehealth service described in this section may bill, and receive
payment for, the service when it is delivered via a
telecommunications system.''
---------------------------------------------------------------------------
We agree with commenters that expanding the exception to a broad
range of practitioner types by using ``suppliers'' poses risk and, upon
further review, we see no support in the statute for doing so. Section
1128J(i)(6)(J) of the Act conditions protection on the connection
between the provider of services or renal dialysis facility and caring
for an individual with ESRD. The definition of ``suppliers'' in title
XVIII includes a physician or other practitioner, a facility, or other
entity (other than a provider of services) that furnishes items or
services under this title. That definition covers numerous practitioner
and entity types, many of which are not providing ESRD services. We are
concerned that including these practitioners and entities would not
further the ESRD-related purposes of the exception, were not
contemplated by Congress, and could pose risk that these parties would
offer telehealth technologies to steer beneficiaries to select them as
a supplier or to their products and services. In light of that risk and
consistent with the section 1128J(i)(6)(J) of the Act, we are
finalizing the exception by including ``physicians'' but not
``suppliers'' (as that term is defined in title XVIII).
Section 1861(r) of the Act defines the term ``physician.'' That
definition includes a limited set of practitioners including doctors of
medicine or osteopathy, doctors of dental surgery, doctors of podiatric
medicine, doctors of optometry, and chiropractors. Under this final
exception, a physician must meet this definition in 1861(r) of the Act
and, consistent with paragraph 10(i) in 42 CFR 1003.110, be providing
in-home dialysis, telehealth services, or other ESRD care to the
patient. Consequently, it is unlikely that all practitioner types under
1861(r) would be eligible for protection for providing telehealth
technologies under this exception. For example, it is unlikely that
dental surgeons, doctors of podiatric medicine, or chiropractors would
be providing telehealth services to ERSD patients.
d. Prohibition on Advertisement or Solicitation
Summary of OIG Proposed Rule: We proposed to incorporate the
statutory requirement in section 1128A(i)(6)(J)(i) of the Act that the
telehealth technologies are not offered as part of any advertisement or
solicitation. We proposed to interpret the terms ``advertisement'' and
``solicitation'' consistent with their common usage in the health care
industry.
Summary of Final Rule: We are finalizing this condition as
proposed.
Comment: A commenter expressed support for the proposal precluding
the protection of telehealth technologies offered as part of an
advertisement or solicitation.
Response: We are including this protection in the final rule,
consistent with the statute. As stated in the OIG Proposed Rule, we
interpret the terms ``advertising'' and ``solicitation'' consistent
with prior rulemakings. We emphasize that whether a particular means of
communication constitutes an advertisement or solicitation will depend
on the facts and circumstances.\157\
---------------------------------------------------------------------------
\157\ 81 FR 88373 (Dec. 7, 2016).
---------------------------------------------------------------------------
Additionally, consistent with our interpretation in the OIG
Proposed Rule, we note that it is important for patients to receive
information about their health care options, and that not all
information provided to beneficiaries is advertising or solicitation.
Stakeholders should interpret the terms ``advertisement'' and
``solicitation'' consistent with their common usage in the health care
industry.
e. Provided for the Purpose of Furnishing Telehealth Services Related
to an Individual's End Stage Renal Disease
Summary of OIG Proposed Rule: We proposed to interpret the
condition at section 1128A(i)(6)(J)(ii) of the Act that the telehealth
technologies are provided ``for the purpose of furnishing telehealth
services related to the individual's [ESRD]'' to mean that the
technologies: (i) Contribute substantially to the provision of
telehealth services related to the individual's ESRD; (ii) are not of
excessive value; and (iii) are not duplicative of technology that the
beneficiary already owns if that technology is adequate for telehealth
purposes. We proposed to interpret ``telehealth services related to the
individual's ESRD'' to mean only those telehealth services paid for by
Medicare
[[Page 77871]]
Part B. We stated that we would consider technology to be of excessive
value if the retail value of the technology were substantially more
than required for the telehealth purpose.
We sought comment on but did not propose regulatory text on the
following issues: (i) Whether we should require that the person
furnishing the telehealth technologies make a good faith determination
that the individual to whom the technology is furnished does not
already have the necessary technology and that such technology is
necessary for the telehealth services provided; (ii) whether we should
adopt a more restrictive exception that would protect technologies that
provide the beneficiary with no more than a de minimis benefit for any
purpose other than furnishing telehealth services related to the
individual's ESRD; (iii) whether we should adopt a different standard
that would protect telehealth technologies only when furnished
predominantly for the purpose of furnishing telehealth services related
to the individual's ESRD; and (iv) whether the exception should require
the provider or facility to retain ownership of any hardware and make
reasonable efforts to retrieve the hardware once a beneficiary no
longer needs it for the permitted telehealth purposes.
Summary of Final Rule: We finalizing this condition, with
modification, to use the statutory language in section
1128J(i)(6)(J)(ii) of the Act. We are finalizing this condition
consistent with the statutory exception to read: The telehealth
technologies are provided for the purpose of furnishing telehealth
services related to the individual's end-stage renal disease.
Comment: Several commenters supported our interpretation of section
1128A(i)(6)(J)(ii) of the Act as proposed. Commenters appreciated what
they believed to be meaningful guardrails to ensure that the provision
of telehealth technology does not serve as an inducement to select a
particular provider and shared our concerns regarding the potential for
providers to offer such remuneration to steer patients with whom they
do not have a prior clinical relationship to themselves.
Some commenters argued that our proposed interpretation of ``for
the purpose of furnishing telehealth services related to the
individual's [ESRD]'' was more restrictive than the statutory language
required. For example, a commenter supported removing the word
``substantially'' from the phrase ``contributes substantially to the
provision of telehealth services,'' observing it adds a restriction
that does not appear expressly in the statute.
A commenter noted that certain telehealth technologies may have
some benefit to a patient beyond facilitating telehealth services
related to the individual's ESRD, but most uses can be limited from a
technical standpoint. For those services for which it would not be
feasible to limit use, such as data services, the commenter believed
that such services could be provided based on a patient's clinical
need, geographic need, or both, and removed when the patient no longer
has a clinical or geographic need for the services (e.g., the patient
is no longer treated in the home).
Response: We are not finalizing our proposed language. Instead, we
are modifying this condition to use the statutory language in section
1128J(i)(6)(J)(ii) of the Act. We agree with commenters that the
proposed condition added additional requirements not included in the
statute. To the extent that the exception needed additional safeguards,
the Secretary has the authority to implement those under section
1128J(i)(6)(iii) of the Act. Therefore, we are finalizing this
condition consistent with the statutory exception to read: The
telehealth technologies are provided for the purpose of furnishing
telehealth services related to the individual's end-stage renal
disease.
As explained in the OIG Proposed Rule, we have concerns about the
provision of valuable technology improperly inducing a beneficiary to
choose a particular provider, physician, or facility. The limited
nature of the exception and the conditions finalized in this rule
provide reasonable and necessary safeguards against fraud and abuse.
For example, the conditions at paragraphs 10(i) and (ii) work together
to prevent protection under the exception if the provider, physician,
or renal dialysis facility is marketing or using the potential
provision of technology to induce and obtain new patients.
Based on the statutory language and matching condition finalized
here, we believe a wide range of technologies could be protected.
However, we emphasize that a determination regarding whether the
provision of telehealth technologies meets the condition at paragraph
10(ii) in the definition of ``remuneration'' at 42 CFR 1003.110
requires a case-by-case assessment of the functionality of the
technologies to be provided and telehealth services being furnished to
the ESRD patient.
We are not including a condition as suggested by the commenter that
would require a donor to technically limit the telehealth technologies
provided. Under this condition and the definition of ``telehealth
technologies'' as finalized, technologies that are multifunctional and
have purposes in addition to furnishing telehealth services related to
the individual's ESRD are not precluded and may be protected. For
example, this condition could protect a tablet that a patient would use
to access telehealth services for their ESRD care, even though the
tablet has other purposes or functionalities (e.g., ability to download
any mobile application) as long as such provision meets all conditions
of the exception.
Comment: Several commenters opposed OIG's considered interpretation
of this statutory condition--``the telehealth technologies are provided
for the purpose of furnishing telehealth services related to the
individual's [ESRD]''--that would restrict telehealth technologies to
those that do not provide the beneficiary with more than a de minimis
benefit outside of the telehealth services related to the individual's
ESRD. Commenters suggested that such a condition would limit access to
needed technology, add unnecessary burden and uncertainty, or impede
the objective of expanding in-home dialysis patients' use of telehealth
services. A commenter recognized that allowing devices with non-health
care functions could be considered an inducement but highlighted that
patients who receive such devices also must accept the obligations and
responsibilities of home dialysis, which the commenter believes serves
as an appropriate safeguard.
Another commenter expressed concerns that the de minimis benefit
standard might create complications for patients with multiple health
needs that could be fulfilled by the same device, and the commenter
asserted that it would not be a good use of resources for a patient to
be prescribed two separate digital health tools when one would meet all
of the patient's clinical needs.
Response: We agree with commenters and are not finalizing a de
minimis benefit standard in this exception.
Comment: Several commenters supported prohibiting providers from
giving patients telehealth technologies for home dialysis that are of
excessive value or duplicative of technology that the beneficiary
already owns. A commenter found these guardrails particularly important
given the limited number of vendors currently offering home dialysis
equipment and supplies. The commenter asserted that the limited
competition in the home dialysis market would make acquisition costs of
telehealth technologies particularly
[[Page 77872]]
significant for small and independent providers who lack market share
advantages used in negotiations with vendors. Another commenter
requested further clarification on what donations would be considered
of ``excessive value.''
Response: For the reasons noted above, we are finalizing paragraph
(10)(iii) in 42 CFR 1003.110 to mirror the statutory language at
section 1128J(i)(6)(J)(ii) of the Act, without a requirement that the
telehealth technologies not be of excessive value. Additionally, we are
not finalizing a condition elsewhere that requires the telehealth
technologies not be of excessive value. The limited nature of the
exception and the other conditions provide appropriate safeguards.
The value of the telehealth technologies provided to a patient may
be a fact or circumstance used to assess whether the provision of such
technology meets the finalized condition at paragraph 10(iii) in the
definition of ``remuneration'' at 42 CFR 1001.130. In other words,
depending on the facts and circumstances, technology of excessive value
could indicate that the technology is not being provided for the
purpose of furnishing telehealth services related to the individual's
ESRD. Excessively valuable technology beyond what is reasonable for
furnishing telehealth services related to ESRD could also indicate that
the technology is part of a prohibited advertisement or solicitation
under paragraph (10)(ii).
As stated in the OIG Proposed Rule, providing telehealth technology
with substantial independent value might serve to inappropriately
induce the beneficiary. In the context of this exception, that risk
materializes because excessive value of the telehealth technology may
make the purpose of the donation suspect and call into question whether
it is related to furnishing telehealth services. For example, if a $50
per month data plan would facilitate the connection needed for the
patient to access telehealth services, the provision of a $100 per
month data plan might raise concerns that the data plan is being
offered for a purpose other than access to telehealth services.
Similarly, if the donor knows that the patient already has a data or
internet service plan that would facilitate the furnishing of
telehealth services and furnishes such a plan anyway, a question could
arise about the purpose of the remuneration to the patient.
Comment: A commenter stated that if telehealth technologies are
provided for the purpose of furnishing telehealth services related to
the individual's end-stage renal disease, and if the donated telehealth
technologies meet the other elements of the exception, no dollar value
limit should be necessary because the purpose cannot be to induce
beneficiaries to select particular providers. Two other commenters
recommended including a condition requiring the recipient's payment of
at least 15 percent of the offeror's cost for the in-kind remuneration.
Another commenter recommended a $500 annual cap to ensure the
technology did not act as an inducement for referrals.
Response: We did not propose a contribution requirement or an
annual monetary cap. We believe the combination of safeguards we are
finalizing implement the statutory conditions in section 1128A(i)(6)(J)
of the Act and safeguard against risks of fraud and abuse.
Comment: Related to the proposed requirement that the telehealth
technologies be necessary and nonduplicative of technology the patient
already has, a commenter stated that a patient's existing personal use
technology may have some of the necessary capabilities but also may
lack all components necessary to be reliable and fully functional for
accessing telehealth services. The commenter further asserted it would
not be efficient or practical to require that the provider furnish
additional necessary components to the patient's existing technology--
and any associated installation and support services--to make it fully
capable of accessing telehealth services. For example, the commenter
referenced a patient who has a personal computer without video
capabilities. The commenter surmised that it is more logical and cost-
effective to provide a ready-to-use integrated device focused solely on
their ESRD clinical assessments and related ESRD care support to the
patient instead of trying to retrofit the computer, which could involve
identifying and installing missing components and providing
technological support for this personal-use equipment. The commenter
recommended that if the patient's personal technology does not have all
the necessary components for telehealth, provision of fully integrated
telehealth technology should be protected under the exception.
Response: We are not finalizing a requirement that the telehealth
technologies not be duplicative of technology that the beneficiary
already owns in paragraph 10(iii) in the definition of ``remuneration''
at 42 CFR 1001.130. This condition is being finalized consistent with
the statutory condition at section 1128J(i)(6)(J)(ii) of the Act.
Additionally, we are not finalizing a condition elsewhere that requires
the telehealth technologies not be duplicative of technology that the
beneficiary already owns. The limited nature of the exception and the
other conditions provide appropriate safeguards.
Assessing whether telehealth technologies would be duplicative of
technology that the beneficiary already has may be a fact or
circumstance used to determine whether the provision of such technology
meets the finalized condition at paragraph 10(iii) in the definition of
``remuneration'' at 42 CFR 1001.130. For example, if a patient has
existing telehealth technology and is already able to receive
telehealth services, providing the patient with additional telehealth
technology may not have the purpose of furnishing telehealth services.
A true determination would have to be based on the specific facts and
circumstances of the additional provision of telehealth technologies,
including the telehealth services provided to the patient and the
patient's condition.
We highlight that if a patient's existing technology does not have
all the necessary components or capabilities to support the telehealth
services, then those facts are favorable in determining that the
provision of telehealth technology to that patient meets the condition
at paragraph (10)(iii). With respect to the decision between
``retrofitting'' a patient's existing technology or providing fully
integrated telehealth technology, meeting this exception is not
specifically conditioned on whether the technology is fully integrated
or retrofitted. In making a determination about the technology to
provide and potential protection under this exception, providers,
physicians, and renal dialysis facility will have to assess the
particular facts and circumstances for that patient and the potential
technology. To be clear, we do not intend for this exception to result
in providers, physicians, and renal dialysis facilities that provide
telehealth technologies attempting to retrofit a patient's existing
technology. To the extent that technology already owned or used by a
patient with ESRD would not be adequate for the telehealth services,
that fact weighs favorably in determining that providing new telehealth
technology meets the condition at 10(iii) under the definition of
``remuneration'' in 42 CFR 1003.110.
Comment: Many commenters objected to the proposed additional
requirement that the party furnishing the technology make a good faith
determination that the
[[Page 77873]]
individual to whom the technology is furnished does not already have
the necessary telehealth technology. Some commenters stated that the
primary proposal--that the technology is not of excessive value and is
not duplicative of technology that the beneficiary already owns if that
technology is adequate for the telehealth purposes--provides adequate
protection against technologies being used as inducements for
duplicative or unnecessary telehealth services. Other commenters
supported the proposed ``good faith determination'' requirement.
Another commenter asked us to clarify what a ``good faith'' effort to
determine that the patient does not have the necessary technology
means, because the commenter is concerned that this provision could
lead to increased physician burden. A commenter stated that requiring
facilities or providers to make a good faith determination regarding
whether the recipient already has access to telehealth technologies
places a potentially ongoing burden to investigate a home dialysis
patient's personal life to ensure that they do or do not possess such
technology. The commenter asked whether a facility or provider must
consistently audit patient technology access to ensure that the loaned
or donated technology does not become duplicative over time. The
commenter suggested that patients should be able to opt out of
telehealth technologies furnished by a provider or facility, even if
specified in their plan of care, because they already have access to
such technology. In this way, the responsibility falls to the patient
to report access to technology, not on the facility or provider to
ensure that the patient does or does not possess such a device. Some
commenters supported the proposed additional ``good faith
determination'' requirement.
Response: We are not including a condition in this final exception
that requires a good faith determination that the individual to whom
the technology is furnished does not already have the necessary
telehealth technology. Consistent with the discussion related to the
condition on duplicative technology, we note that assessing whether
providing telehealth technologies would be duplicative of technology
that the beneficiary already has may be a fact or circumstance used to
determine if the provision of such technology meets the finalized
condition at paragraph 10(iii) in the definition of remuneration at 42
CFR 1003.110.
In response to the commenters' questions regarding what constitutes
a good faith effort, we want to clarify that this exception does not
condition protection on investigating the patient's personal life or
auditing the technology that a patient may already have available. When
determining whether the provision of telehealth technology meets this
condition, specific facts and circumstances about the patient will need
to be considered. This would include the patient's health condition,
telehealth services provided to the patient, and how the telehealth
technologies support furnishing telehealth services relating to the
patient's condition. Most of the information about the patient is
likely gathered as part of the clinical and monthly assessments that
patients receiving in-home dialysis receive or is gathered through the
normal course of patient and provider interaction about the patient's
condition and treatment.
That said, nothing in this exception prevents physicians,
providers, and facilities from asking patients about their existing
technology needs and capabilities; nothing requires patients to answer
such inquiries. We would expect that conversations about patients'
existing technology would inform donors' decision-making with respect
to furnishing telehealth technologies consistent with this exception.
We do not prescribe how providers, physicians, and facilities make the
determination whether providing telehealth technologies meets the
condition that the technology be for the purpose of furnishing
telehealth services related to the patient's ESRD.
As modified, we do not believe this final exception will increase
provider, physician, or renal dialysis facility burden, nor expose
patients to unwarranted intrusions. Conditions of this exception
implement the statutory exception in section 1128A(i)(6)(J) of the Act.
The statutory exception gives providers, physicians, and renal dialysis
facilities the flexibility to provide telehealth technologies for the
purpose of furnishing telehealth services related to patients' ESRD.
This may help increase options for ESRD patients to manage their care
by making telehealth more widely available. We also note that use of
this exception is voluntary.
Comment: A commenter recommended that as a condition for
protection, the telehealth technology provided to the patient should be
necessary for the provision of the telehealth services and, where
possible, restricted to the functions that facilitate the provision of
care (e.g., a tablet that can only be used for telehealth services),
and ensure a secure, safe, and satisfactory user experience. However,
the commenter explained that some telehealth technologies may be
duplicative or overlap with technology the patient may already have
access to and that the condition may result in an overly burdensome
patient intake process, to include an accounting of all of the
patient's technology (e.g., items in a patient's possession as well as
the operating systems and compatibility with the telehealth offering).
The commenter suggested that instead of protecting only nonduplicative
telehealth technologies, OIG limit protected telehealth technologies to
what is reasonably necessary for the furnishing of telehealth services
and require that providers, suppliers, and facilities provide the
patient with disclosure language that the telehealth equipment is
provided for their ESRD-related treatment and care, and that it is the
responsibility of the patient to use the device for these specific
purposes only.
Response: We did not propose a condition that the telehealth
technology be necessary for the provision of telehealth services and
are not finalizing such a condition. As explained above, we are also
not finalizing a condition that requires a good faith determination
that the individual to whom the technology is furnished does not
already have the necessary telehealth technology. We emphasize
telehealth technology is not protected unless the technology is
provided for the purpose of furnishing telehealth services related to
the individual's end-stage renal disease.
We are not finalizing the condition that would require the person
who furnishes the telehealth technologies to take reasonable steps to
limit the use of the telehealth technologies by the individual to the
telehealth services described on the Medicare telehealth list. We agree
with the commenter that there may be practical and operational
challenges with such a requirement. Additionally, the combinations of
safeguards finalized in this rule appropriately protect against
potential fraud and abuse and this condition, which we considered in
the OIG Proposed Rule, is not necessary.
Comment: A commenter expressed support for our proposal to
interpret ``telehealth services related to the individual's [ESRD]'' to
mean telehealth services paid for by Medicare Part B because the
proposal ensures that all Part B telehealth services are treated
consistently by defaulting to the statutory definition for telehealth
services. Another commenter suggested that we clarify that, in order to
qualify for protection under the exception, the telehealth technologies
must be used for
[[Page 77874]]
the Part B clinical assessment and also may be used for additional
clinical support and patient monitoring directly related to the ongoing
ESRD care.
Many other commenters urged us not to adopt this interpretation,
asserting that it was too narrow. Commenters noted that patients with
ESRD could benefit from telehealth services that might not be covered
by Part B--including patient education, dietary counseling, and
monitoring vital signs--that may assist with managing comorbidities
(which may or may not be related to the patient's ESRD) and preventing
further progression of kidney disease. A commenter stated that while
the care provided via telehealth technologies should be primarily
related to the management of ESRD, dialysis providers are well-suited
to treat the ``whole person'' with the assistance of telehealth
technologies. The commenter sought to provide telehealth technologies
that might support virtual ESRD management (e.g., nurse assessment,
social worker support, dietician care), as well as telehealth
technologies that may address ESRD-related issues and comorbidities
possibly included in value-based care models (e.g., fistula evaluation
and specialty visits for comorbidity management). Commenters also
asserted that protecting a broader range of telehealth services would
further the Department's goal of encouraging care coordination and
Congress' intent in enabling in-home dialysis. Some commenters asserted
that the statute does not require limiting the telehealth services to
those paid for by Medicare Part B. A commenter also noted that payment
for ESRD services under Medicare Part B is through a bundled payment
and it is therefore impossible to have the technology tied to any
particular reimbursed service.
Response: We are not finalizing our proposed interpretation of
``telehealth services related to the individual's [ESRD]'' to mean
telehealth services paid for by Medicare Part B. We did not propose
regulatory text to implement this interpretation, and therefore, are
not making corollary modifications to the regulatory text. We explain
in more detail below that we broadly interpret the term ``telehealth
services'' to apply a wide range of services that are provided with
telehealth technologies. However, we are not adopting a specific
definition of ``telehealth services'' for this exception. We provide
additional explanation about our interpretation of the term
``telehealth services'' below.
We agree with commenters that section 1128A(i)(J)(6) of the Act
does not limit telehealth services to those paid for by Medicare Part
B. The definition of ``telehealth technologies'' in section
1128A(i)(6)(J) and the term ``telehealth services'' in
1128A(i)(6)(J)(ii) are not limited to related definitions in Medicare.
The statute provided the Secretary flexibility to interpret these terms
differently than the Medicare definitions in Title XVIII of the Act.
Consistent with the statutory exception and for the purpose of this
exception, we are not limiting the term ``telehealth services'' to
those that would be paid for by Medicare Part B. We recognize that this
means providers, physicians, and renal dialysis facilities will have
flexibility to determine whether telehealth technologies are provided
for the purpose of furnishing telehealth services related to the
individual's ERSD. The limited nature of the exception and the other
safeguards appropriately limit the risk of fraud and abuse. For
example, one risk of inappropriate beneficiary inducements is that they
will lead to a practitioner providing medically unnecessary services to
the patient. The limited nature of this exception mitigates that risk
(e.g., this exception is limited to Medicare Part B beneficiaries
receiving in-home dialysis). It is unlikely that a beneficiary could be
induced to receive medically unnecessary in-home dialysis to receive
free telehealth technologies. In-home dialysis is invasive treatment
and requires significant up-front training.
Additionally, under the same sections the beneficiary must be
receiving in-home dialysis paid for by Medicare Part B. That mitigates
and provides additional protection against providers, physicians, and
renal dialysis facilities that seek to use telehealth technologies to
induce and bill for medically unnecessary telehealth services related
to the patient's ESRD condition. If the provider is seeking to bill
Medicare for telehealth services that use telehealth technologies
protected by this exception, those services must meet all Medicare
requirements, including medical necessity. This exception does not
affect Medicare requirements for ESRD services or telehealth services.
Furthermore, billing for medically unnecessary telehealth services is
not protected by this exception and such conduct would implicate
criminal and civil health care fraud statutes. Therefore, this
exception does not need to link the term ``telehealth services'' to
those paid for by Part B as an additional safeguard for the purposes of
this exception. To the contrary, we agree with commenters that limiting
telehealth services to services currently paid for by Medicare Part B
would unnecessarily limit the utility of the exception to support
patients' ESRD care and use of home dialysis. To the extent that the
telehealth services are not billable to Medicare, there is reduced risk
that free telehealth technology is being offered as an inducement for
billable services.
We are not finalizing a definition of ``telehealth services''
specific for this exception. Instead, we are providing an
interpretation of the term in the preamble of this rule. The exception
protects the provision of a broad range of telehealth technologies, as
we explained above in the discussion of that definition. If we were to
limit the term to telehealth services paid for by Medicare Part B, then
the types of technology would be limited to those identified in section
1834(m) of the Act and 42 CFR 410.78 (i.e., audio and video equipment
permitting two-way, real-time interactive communication). Similarly, if
we were to define ``telehealth services,'' we might inadvertently limit
the scope of the telehealth technologies definition that is intended to
be broad.
As stated previously, we intend for this exception to apply to all
types of telehealth technology that are provided for the purposes of
furnishing distant or remote services through various modalities. At a
minimum, such services include the following types covered by Medicare:
Telehealth services, virtual check-in services, e-visits, remote care
management, and remote patient monitoring. To receive protection,
telehealth technologies do not need to be provided for the purpose of
furnishing a payable Medicare service related to the individual's end-
stage renal disease.
To provide additional examples, this exception would protect
telehealth technology provided for the purpose of furnishing the
following types of telehealth services raised by commenters as long as
the arrangement meets all conditions of the exception: Virtual ESRD
management (e.g., nurse assessment, social worker support, dietician
care), patient education, dietary counseling, and monitoring vital
signs. Other services not listed here may also be considered telehealth
services for the purposes of this exception based on the facts and
circumstances of the care being provided. Accepted clinical and care
practices for use of telehealth, physician judgment, and patient and
caregiver needs and preferences with respect to modalities would be
relevant considerations in assessing the telehealth services under this
specific condition. This exception provides significant flexibility to
providers,
[[Page 77875]]
physicians, and renal dialysis facilities to assess how telehealth
technologies can be provided to support a wide range of telehealth
services related to an individual's ESRD.
Again, this exception does not change the coverage or payment
requirements related to the provision of these services or submitting
claims for reimbursement. Even though this exception may protect a
physician, provider, or renal dialysis facility from CMP liability for
providing a patient telehealth technology for the purpose of furnishing
telehealth services, that does not mean the physician, provider,
facility, or any other individual or entity can bill for those
services.
The other limitation in this condition is that the telehealth
technologies be provided for the purposes of furnishing telehealth
services related to the individual's ESRD. In response to commenters
who recommended that this include telehealth services that address
ESRD-related issues and comorbidities, we agree that this language is
not specifically limited to ESRD. We recognize that patients with ESRD
are likely receiving care for comorbidities that affect their ESRD. It
would be difficult to define in this Beneficiary Inducement CMP
exception criteria that a provider, physician, or renal dialysis
facility could apply to assess whether a telehealth service is or is
not related to an individual's ESRD. We believe the appropriate
approach is to give health care providers flexibility to make this
determination reasonably based on the specific facts and circumstances
of the patient's condition and telehealth services furnished to care
for such condition. Although not required, we believe it would be a
best practice for the donor to document contemporaneously how the
telehealth services relate to the individual's ESRD care, such as to
management of care, monitoring of health, or treatment, potentially
including reference to appropriate clinical or other relevant health or
patient-reported indicators.
Furthermore, we note that several other exceptions and safe harbors
may apply to certain items and services for which commenters sought
protection under this exception, depending on the facts and
circumstances, such as the patient engagement and support safe harbor
finalized in this rule at 42 CFR 1001.952(hh) and the exception to the
definition of ``remuneration'' under the Beneficiary Inducements CMP
for certain remuneration that poses a low risk of harm and promotes
access to care, 42 CFR 1003.110.
f. Ownership and Retrieval of Technology
Summary of OIG Proposed Rule: In the OIG Proposed Rule, we
considered and sought comment on a condition that would require the
provider or facility to retain ownership of any hardware and make
reasonable efforts to retrieve the hardware once the beneficiary no
longer needs it for the permitted telehealth purposes.
Summary of Final Rule: After a consideration of relevant comments,
we are not finalizing this condition.
Comment: Many commenters on this topic expressed support for the
overall concept of requiring the provider or facility to retain
ownership and make reasonable efforts to retrieve the hardware once the
beneficiary no longer needs it. Some commenters did not support a
requirement that the provider or facility retain ownership. Some of
these commenters noted that the concept of ownership in this context
may be rendered moot because the useful life of the device may expire
during the period of use by the patient. Some commenters also
questioned the utility of requiring retrieval of items that are no
longer state-of-the-art or otherwise have minimal value. Many
commenters also expressed concern regarding the administrative burden
associated with tracking and monitoring compliance with a retrieval
requirement.
Many commenters on this topic described potential scenarios in
which technology may be provided to a patient who then ceases to need
it (e.g., the patient receives a transplant). In these circumstances,
commenters were generally supportive of requiring the provider or
facility to retrieve the technology. Several commenters supported
requiring ``reasonable efforts'' to retrieve the hardware in
circumstances when it will not harm the patient, with exceptions for
circumstances when retrieval is impractical, the hardware has greatly
reduced utility or value, or the patient has died. A commenter also
asserted that if the hardware is provided in such a way that the use is
limited to telehealth services, it will not provide substantial
independent value to the beneficiary, and thus the failure to retrieve
after reasonable recovery efforts does not create meaningful inducement
risks.
Response: We are not finalizing a requirement that a provider,
physician, or facility retain ownership of the technology. We also are
not finalizing a retrieval requirement. We note that the condition that
the telehealth technologies be provided to an individual with ESRD and
who is receiving home dialysis for which payment is being made under
Medicare Part B would necessitate termination of technology services
(e.g., recurring monthly data plan fees or applications that require
ongoing subscription fees) if the individual is no longer receiving
home dialysis payable by Medicare Part B. Likewise, technology services
would need to be terminated if the patient is no longer using them for
ESRD-related telehealth services. Further, the exception does not
protect sham donations of technology given to individuals to keep
indefinitely.
g. Prohibition on Cost-Shifting
Summary of OIG Proposed Rule: We proposed to require as a condition
of protection under the exception that the provider of services or a
renal dialysis facility not separately bill Federal health care
programs, other payors, or individuals for the telehealth technologies,
claim the costs of the telehealth technologies as a bad debt for
payment purposes, or otherwise shift the burden of the costs of the
telehealth technologies to a Federal health care program, other payors,
or individuals.
Summary of Final Rule: We are not finalizing this condition.
Comment: Commenters expressed support for the proposed prohibition
on cost-shifting. No commenters expressed opposition.
Response: Upon consideration of the combination of safe harbor
conditions implemented by this final rule, we are not finalizing the
proposed cost-shifting prohibition. We have concluded that the
combination of final conditions and the limited-nature of this
statutory exception will adequately protect against fraud and abuse
risks, and an additional safeguard related to cost-shifting is not
necessary.
We proposed the cost-shifting condition to protect against the
telehealth technologies resulting in inappropriately increased costs to
Federal health care programs, other payors, and patients. However, we
do not want to exclude arrangements from this exception that involve
furnishing telehealth or other service to the ESRD patient receiving
in-home dialysis and that are also billable to Medicare. We recognize
that those services, as long as applicable Medicare rules are met, may
appropriately result in Medicare paying for costs of certain telehealth
technologies or an appropriate increase in certain Medicare costs.
We did not intend to suggest any limit on appropriate billing of
Federal health care programs or other payors for
[[Page 77876]]
medically necessary items and services furnished in connection with
telehealth technologies provided to ERSD patients receiving in-home
dialysis. If a provider furnishes items or services that are covered as
part of a Federal health care program, the provision of those items or
services alone would not implicate the Federal anti-kickback statute at
all. However, there could be circumstances under which a provider, when
furnishing covered items or services, does give a Federal health care
program beneficiary something of value, or remuneration, thereby
implicating the Federal anti-kickback statute. For example, the Federal
anti-kickback statute would be implicated by a provider waiving or
reducing any required cost-sharing obligations for the covered items
and services incurred by a Federal health care program beneficiary or
providing ``extra'' items and services--that is, that are not part of
the covered item or service--for free. Furthermore, nothing in this
rule exempts parties from responsibility for compliance with all
applicable coverage and billing rules.
Additionally, this final exception covers a wider range of
telehealth technologies used to support the furnishing of telehealth
services than types of technology used to provide Medicare Part B
covered ``telehealth services.'' There may be other Medicare covered
services that would cover the costs of telehealth technologies, as
defined in this exception, as part of a service provided to a
beneficiary receiving in-home dialysis. For example, the remote patient
monitoring services described by the chronic care remote physiologic
monitoring family of codes are covered by Medicare Part B but are not
``telehealth services'' within the meaning of the Medicare statute.
However, remote patient monitoring technologies would meet the
definition of ``telehealth technologies'' in this final exception.
h. Other Potential Safeguards
i. Consistent Provision of Telehealth Technologies
Summary of OIG Proposed Rule: The OIG Proposed Rule considered
several other potential conditions for this exception, including
prohibiting providers and renal dialysis facilities from discriminating
in the offering of telehealth technologies. We solicited comments on
this potential safeguard and whether it would limit the ability of
providers and facilities to offer technologies due to the potential
cost of furnishing the technology to all qualifying patients rather
than a small subset. We also solicited comments on why offering
technology to a smaller subset of qualifying patients might be
appropriate and not increase the risk of fraud and abuse.
Summary of Final Rule: We are not finalizing this condition.
Comment: A few commenters supported some form of a
nondiscrimination standard as appropriate. On the other hand, several
commenters raised concerns regarding a possible condition to the
exception requiring that a provider or facility provide the same
telehealth technologies to any Medicare Part B patient receiving in-
home dialysis, or to otherwise consistently offer telehealth
technologies to all patients, including that the uniform provision of
telehealth technologies would be cost-prohibitive for many providers
and facilities and could result in their decision not to offer any
telehealth technologies. Several commenters encouraged us to adopt more
flexible standards that would allow the provider or facility to
exercise discretion in offering telehealth technologies to ensure that
the patients to whom they offer the technologies are most likely to
benefit from them.
At least one of these commenters suggested that providers and
facilities be permitted to provide telehealth technologies
differentially to patients based on clinical risk assessments, clinical
appropriateness determinations from the patient's physician, or other
clinical or means-based criteria, with another commenter noting that it
is common for providers and payors to focus interventions on higher
risk or higher cost patients. A dialysis provider specified that they
would like the exception to protect the deployment of certain
technologies, such as remote monitoring or wearable devices, to
specific patient populations that may have higher assessed clinical
risk, such as patients that have experienced a recent hospitalization
event.
Other commenters supported the approach of requiring providers or
facilities to consistently offer telehealth technologies to all
patients satisfying specified, uniform criteria, and a commenter
requested that we make clear that a provider or facility would have
flexibility to establish criteria under which only a subset of patients
would be offered telehealth technologies. A commenter noted that
legitimate criteria may include for example patient mobility, access to
transportation options, financial status, and health condition. A
commenter suggested that we identify and carve out criteria that would
not be appropriate, such as the patient's payor or provider.
A dialysis provider encouraged OIG to ensure flexibility to provide
and customize certain telehealth technology offerings to patients based
on for example means-based or rural location needs, and to allow for
changes resulting in the development of new technology. The commenter
noted that the availability and cost of data plans and devices with
wireless cellular service may vary from location to location, and thus
a requirement to furnish the same telehealth technologies to all
patients may not be feasible.
Response: We appreciate the comments that explain why providing the
same telehealth technologies to any Medicare Part B eligible patient
receiving in-home dialysis may be impractical or impossible, and we are
not finalizing that condition. We also are not finalizing a condition
that would require providers, physicians, and facilities to
consistently offer telehealth technologies to all patients satisfying
specified, uniform criteria. As stated in section III.C.1.a above, this
is a narrow statutory exception to the Beneficiary Inducement CMP.
Because the exception finalized here is only available to established
patients who are receiving specific services paid for by Medicare Part
B, the potential for fraud and abuse is reduced.
We recognize that patient need for technology may vary based on
location, availability of transportation, financial status, diagnosis
and treatment plan, or other legitimate and appropriate factors. We
believe the donor is in the best position to identify whether provision
of the technology is appropriate only to a subset of patients receiving
in-home dialysis paid for by Medicare Part B. We are providing
additional flexibilities to donors to determine which beneficiaries
receive telehealth technologies by not finalizing this condition. The
risk of fraud and abuse associated with selectively deciding which
patients receive telehealth technologies is mitigated by other
conditions finalized in this rule (e.g., telehealth technologies are
protected only if provided to beneficiary already receiving in-home
dialysis). Additionally, providers, physicians, and facilities must
still meet Medicare requirements for services provided to the
beneficiary; they cannot bill for medically unnecessary services.
Schemes to submit false claims would implicate other criminal and civil
fraud statutes and would not be protected by this exception to the
Beneficiary Inducement CMP.
Comment: Several commenters encouraged us to adopt a standard that
allows for providing technology on an as-needed basis, recognizing that
some
[[Page 77877]]
patients may choose not to have telehealth services and some patients
may prefer to use their own technology. Other commenters encouraged us
to ensure patients retain the right to choose whether to participate in
telehealth services or utilize telehealth technology.
Response: The design of the final rule allows providers to take
into account patient choice and preferences. We are not finalizing a
condition that would have required physicians, providers, and
facilities to provide telehealth technologies in accordance with
specified criteria applied uniformly. We agree with commenters that
patient choice is paramount, and the decision to select a home dialysis
modality or telehealth services related to the patient's ESRD rests
with the patient. Patients are under no obligation to dialyze in the
home or to receive telehealth services, notwithstanding the
availability of telehealth technologies. We emphasize that protected
telehealth technologies cannot be offered as part of an advertisement
or solicitation, nor should offers of free telehealth technology be
made for the purpose of persuading patients to make clinical decisions
about treatment modalities. In such cases, the telehealth technologies
are not being provided for the purpose of furnishing telehealth
services as required by the statute and this exception.
ii. Notice to Patients
Summary of OIG Proposed Rule: In the OIG Proposed Rule, we stated
that we were considering adding a condition that would require
providers or facilities to provide a written explanation of the reason
for the technology and any potential ``hidden'' costs associated with
the telehealth services to any patient who elects to receive telehealth
technology. We considered this condition in response to concerns raised
in comments submitted in response to the OIG RFI \158\ that patients
may be confused by the technology or the reason they are receiving a
piece of technology and may be unaware of costs associated with
telehealth services. We sought comment on these perceived risks to
patients, whether to include a written notice requirement in the final
rule and, if so, what that notice should state.
---------------------------------------------------------------------------
\158\ 83 FR 43607 (Aug. 27, 2018).
---------------------------------------------------------------------------
Summary of Final Rule: For the reasons stated below, we are not
finalizing this requirement.
Comment: Most commenters on this topic supported the principle of
providing information to patients, but commenters disagreed as to
whether we should adopt a formal notice requirement as a standard for
meeting the exception. Some commenters asserted that there was no need
for a formal notice requirement as a condition of the exception because
this type of communication should be a part of the normal physician-
patient relationship. Others stated that conveying this type of
information is the current standard of medical practice for home
dialysis patients. Other commenters supported having a formal notice
requirement as a condition of the exception, emphasizing the need to
ensure patients have a clear and transparent understanding of the care
they are receiving and the costs of such care. A commenter requested
that OIG provide a sample of any required notice.
Response: We agree that patients need to have a clear understanding
of the care they are receiving and the costs of such care. However, we
also agree with commenters that this information should be conveyed
through the physician-patient relationship or in the normal facility-
patient communications for patients dialyzing at home. We are not
finalizing any notice requirement as part of the exception. Parties are
free to provide written notice explaining the reason for the technology
and any potential costs associated with the telehealth services if they
so choose.
iii. Patient Freedom of Choice
Summary of OIG Proposed Rule: The OIG Proposed Rule considered a
condition to the telehealth technologies exception designed to preserve
patient freedom of choice among health care providers and the manner in
which a patient receives dialysis services (i.e., in-home or in a
facility). Specifically, we considered adding a condition to the
exception that would require offerors of telehealth technologies to
advise patients when they receive such technology that they retain the
freedom to choose any provider or supplier of dialysis services and
receive dialysis in any appropriate setting.
Summary of Final Rule: As explained below, we are not finalizing
this requirement.
Comment: Several commenters, while supportive of patient autonomy
and ensuring that patients are aware of the right to choose
practitioners, providers, suppliers, and dialysis modalities, disagreed
with additional documentation requirements related to informing
patients of these rights for a number of reasons. For example, one
commenter suggested that patients may not wish to receive this
information. The commenter advocated instead for broader protections
for freedom of choice, such as a prohibition on restricting referrals.
Other commenters highlighted the administrative burden of additional
documentation. Commenters stated that notice already is part of the
provider and patient relationship, noting that for certain facilities
any additional documentation requirement would be duplicative of the
notice requirements found in the ESRD Conditions for Coverage (CFCs). A
commenter requested a carve-out for facilities that meet the
requirement under the CFCs. A commenter asserted that it would not add
sufficient value that outweighs the burden of providing a written
explanation of the reason for the technology and any potential
``hidden'' costs associated with the telehealth services to any patient
who elects to receive telehealth technology.
Other commenters supported the proposed requirement and asserted
that patients should be informed that they have the choice whether to
use technologies and that their choice will not in any way influence
the care to which they are entitled. Another commenter suggested that
this should be standard information given to patients receiving ESRD-
related care, regardless of the treatment modality they use. The
commenter shared a concern raised that some patients may be persuaded
to opt for telehealth services due to generous telehealth technologies
and services being offered rather than clinical appropriateness, and
believes this step could prevent any such inappropriate care from
occurring. One commenter proposed to further clarify that the patient
notice or patient consent for use of telehealth technologies include
that the patient is not required to utilize or accept the provision of
such technologies.
Response: We are not finalizing this condition because we believe
in part that existing laws are better suited to protecting patient
freedom of choice and the patient's best interest than a statutory-
based exception to the Beneficiary Inducement CMP, including those
discussed by the commenters. Furthermore, discussion of clinical
appropriateness of in-home dialysis and telehealth services related to
a patient's ESRD is inherent in the physician-patient relationship or
facility-patient relationship, which serves first-and-foremost to
protect the patient's best interest and preserve patient choice. The
condition finalized at paragraph (10)(i) in 1003.110 limits the offer
or furnishing of telehealth technologies to a patient that initiates
contact with the provider, facility, or physician to schedule an
appointment or other
[[Page 77878]]
service also supports patient autonomy, and marketing is not allowed by
the condition at paragraph (10)(ii) in 1003.110. These conditions will
help preserve a patient's choice to select any provider, physician, or
facility without inappropriate influence from such entities.
Comment: A commenter supported informing recipients of their
freedom to choose any provider or supplier of dialysis services but
requested clarification regarding whether telehealth technologies
furnished to certain in-home dialysis patients would also be covered
under the exception to the definition of ``remuneration'' for items or
services that promote access to care and pose a low risk of harm to
Federal health care programs at 1128A(i)(6)(F) of the Act.
Response: As stated above, we believe existing laws are better
suited to protecting patient freedom of choice and nothing in this rule
limits patient's freedom of choice. As we stated in the OIG Proposed
Rule, the provision of telehealth technologies might qualify for
protection under other existing exceptions or safe harbors. Whether a
particular arrangement for the provision of telehealth technologies
meets the requirements of, for example, the exception for arrangements
that promote access to care and poses low risk of harm at
1128A(i)(6)(F) of the Act (and the corresponding regulatory exception
at 42 CFR 1003.110) is a fact-specific analysis beyond the scope of
this rulemaking. We note that parties are also free to request an OIG
advisory opinion.
iv. Materials and Records Requirement
Summary of OIG Proposed Rule: We did not propose a condition
related to the development or retention of materials and records or
another documentation requirement but solicited comments on the fraud
and abuse risks presented by not including such a condition in this
exception.
Summary of Final Rule: We are not finalizing a materials and
records retention requirement.
Comment: Commenters agreed with our approach to omit a materials
and records or other documentation requirement. A commenter noted that
this approach reduces unnecessary administrative burden. Another
commenter pointed to other documentation requirements required by law,
highlighting that these obviate the need for a documentation
requirement in this exception.
Response: We agree that omitting a documentation requirement for
this exception may reduce administrative burden for donors of
telehealth technologies. We believe that in the case of telehealth
technologies provided to individuals with ESRD under this exception,
the absence of a documentation requirement does not materially impact
the attendant fraud and abuse risks. We note, however, that while this
exception is voluntary, parties that rely on it have the burden of
demonstrating that all the conditions are met. Maintaining
documentation that the provision of telehealth technologies satisfies
the exception's conditions may be prudent for compliance purposes.
a. Other Offerors
Comment: Several commenters stated that free and charitable clinics
and charitable pharmacies, especially in rural areas, rely on the use
of telehealth technologies to provide access to specialty care to
uninsured and medically underserved patients. The commenters posited
that eliminating barriers to allow free and charitable clinics and
charitable pharmacies to furnish telehealth technologies to patients
without implicating the physician self-referral law or the Federal
anti-kickback statute would enhance their ability to serve the target
population of uninsured and medically underserved. The commenters
suggest that expanded access to telehealth technologies would enhance
health equity and care coordination, specifically for those who are
uninsured and in rural areas. Another commenter was supportive of the
exception and suggested expansion to allow for the provision of
telehealth technologies by behavioral health providers.
Response: We appreciate the commenters' suggestion that telehealth
technologies may benefit a broader range of patients. Charitable
clinics or charitable pharmacies that meet the conditions in paragraphs
(10)(i) and (ii) (e.g., a provider, physician, or renal dialysis
facility that is currently providing the in-home dialysis, telehealth
services, or other end-stage renal disease care to the patient or has
been selected or contacted by the individual to schedule an appointment
or provide services) may be eligible to protect the provision of
telehealth technologies under this exception. Such a determination must
be based on the facts and circumstance of the specific clinic or
pharmacy, and whether the provision of the telehealth technology meets
all conditions of the exception.
We note that several other exceptions and safe harbors may apply to
the provision of telehealth technologies to patients, depending on the
facts and circumstances, such as the patient engagement and support
safe harbor, finalized in this rule at 42 CFR 1001.952(hh), and the
exception to the definition of ``remuneration'' under the Beneficiary
Inducements CMP for certain remuneration that poses a low risk of harm
and promotes access to care, found at 42 CFR 1003.110.
j. Recipient
Comment: A commenter stated that it is critical to ensure that the
provision without charge of these same technologies to nephrologists
and other treating physicians of home dialysis patients is permissible
under anti-kickback statute. The commenter highlighted that every
dialysis patient is required to have an attending nephrologist, and the
nephrologist is the only individual who is part of the required care
team who is not otherwise employed by the dialysis provider.
Accordingly, the commenter urged us to clarify that the dialysis
provider can also provide members of the care team who are not employed
by the dialysis provider with the technology and software necessary to
accommodate telehealth for dialysis patients.
Response: We appreciate the commenter's concerns, but the
commenter's recommendations are outside the scope of the statutory
exception we codify here, which is an exception to the definition of
``remuneration'' under the Beneficiary Inducements CMP. Specifically,
the regulatory exception we finalize here implements the corresponding
statutory exception in section 50302 of the Budget Act of 2018, which
protects the provision of telehealth technologies ``to an individual
with end-stage renal disease. . . .'' This exception does not protect
remuneration between a dialysis provider and other members of a
patient's care team. As the commenter notes, remuneration among and
between providers and practitioners may implicate the Federal anti-
kickback statute. Parties seeking to protect such arrangements may seek
protection under a safe harbor, such as the care coordination
arrangements safe harbor finalized in this rule at 1001.952(ee).
Parties are also free to request an advisory opinion pursuant to 42 CFR
1008 et seq. related to the facts and circumstances described in this
comment.
Comment: A commenter requested clarity regarding situations in
which technologies provided to beneficiaries could also result in
potential indirect benefits to other providers who may be in a referral
source relationship with the donor of the telehealth technologies,
[[Page 77879]]
including in the context of an integrated care delivery system.
Response: We appreciate the commenter's concern. The Federal anti-
kickback statute is a criminal statute that serves as an important
sanction against fraud when parties intentionally offer or pay
kickbacks to influence referrals. Any indirect benefit to a provider
who may be a referral source for a donor would need to be analyzed
under the Federal anti-kickback statute which, as explained above, is
outside the scope of the statutory exception to the Beneficiary
Inducements CMP that we codify here. As a matter of law, arrangements
that fit in an exception to the Beneficiary Inducements CMP are not
automatically protected from liability under the Federal anti-kickback
statute. Parties seeking to protect remuneration implicating the
Federal anti-kickback statute should assess arrangements to determine
if the arrangement qualifies for protection under a safe harbor.
IV. Provisions of the Final Regulation
This final rule incorporates the regulations and amendments we
proposed in the OIG Proposed Rule, but with changes to the regulatory
text. In this final rule, we modify existing as well as add new safe
harbors pursuant to our authority under section 14 of the Medicare and
Medicaid Patient and Program Protection Act of 1987 by specifying
certain payment practices that will not be subject to prosecution under
the Federal anti-kickback statute. We also codify into our regulations
a statutory safe harbor for patient incentives offered by ACOs to
assigned beneficiaries under ACO Beneficiary Incentive Programs and a
statutory exception to the definition of ``remuneration'' in 42 CFR
1003.110 for certain telehealth technologies furnished to in-home
dialysis patients.
The following is a list of the safe harbors and the exception that
we are finalizing: Modifications to the existing safe harbor for
personal services and management contracts at 42 CFR 1001.952(d);
modifications to the existing safe harbor for warranties at 42 CFR
1001.952(g); modifications to the existing safe harbor for electronic
health records items and services at 42 CFR 1001.952(y); modifications
to the existing safe harbor for local transportation at 42 CFR
1001.952(bb); a new safe harbor for care coordination arrangements to
improve quality, health outcomes, and efficiency at 42 CFR
1001.952(ee); a new safe harbor for value-based arrangements with
substantial downside financial risk at 42 CFR 1001.952(ff); a new safe
harbor for value-based arrangements with full financial risk at 42 CFR
1001.952(gg); a new safe harbor for arrangements for patient engagement
and support to improve quality, health outcomes, and efficiency at 42
CFR 1001.952(hh); a new safe harbor for CMS-sponsored model
arrangements and CMS-sponsored model patient incentives at 42 CFR
1001.952(ii); a new safe harbor for cybersecurity technology and
related services at 42 CFR 1001.952(jj); a new safe harbor for
accountable care organization (ACO) beneficiary incentive program at 42
CFR 1001.952(kk); and an exception for telehealth technologies for in-
home dialysis at 42 CFR 1003.110.
V. Regulatory Impact Statement
As set forth below, we have examined the impact of this final rule
as required by Executive Order 12866, the Regulatory Flexibility Act
(RFA) of 1980, the Unfunded Mandates Reform Act of 1995, Executive
Order 13132, and Executive Order 13771. In section A, we provide an
overview of our analysis of the impact of this final rule. We also
provide additional supporting analysis in section F.
Summary of OIG Proposed Rule: We determined that the aggregate
economic impact of the proposals would be minimal and would have no
effect on the economy or on Federal or State expenditures. We also
determined that the proposals would not significantly affect small
providers. Further, we determined that the rule was neither regulatory
nor deregulatory under Executive Order 13771.
Summary of Final Rule: We are finalizing the determinations set
forth in the OIG Proposed Rule except for the determination under
Executive Order 13771. Here we explain that this final rule is a
deregulatory action under Executive Order 13771. In addition, we
provide additional explanation about our determinations here.
A. Overview of Analysis
By making available the new protections established in this final
rule, we expect health care industry stakeholders will realize
increased flexibility and legal certainty when entering into value-
based, care coordination, and other arrangements that have the
potential to reduce Federal health care program expenditures and
improve the quality of care without sacrificing program integrity.
However, we are unable to quantify--with certainty--the overall
aggregate impact or effect on small providers related to changes in
industry behavior that we can reasonably expect following the effective
date of this final rule. Even so, we believe that our final policies
are reasonably likely to permit, if not encourage, behavior that will
reduce waste in the U.S. health care system, including Medicare and
other Federal health programs, and that these changes will result in
lower costs for both patients and payors, and generate other benefits,
such as improved quality of patient care and lower compliance costs for
providers and suppliers. Below we describe: (1) The need for new and
modified safe harbors and exceptions; (2) an overview of the estimated
impact of the final rule; (3) anticipated outcomes of the final rule;
(4) expanded protections under the final rule and examples of
anticipated arrangements; (5) anticipated beneficial impact of value-
based, care coordination, and patient engagement and support
arrangements; (6) anticipated beneficial impact of the new safe harbor
for cybersecurity technology and services; and (7) anticipated costs.
1. Need for New and Modified Safe Harbors and Exceptions
The Federal anti-kickback statute provides for criminal penalties
for whoever knowingly and willfully offers, pays, solicits, or receives
remuneration to induce or reward, among other things, the referral of
business reimbursable under any of the Federal health care programs,
including Medicare and Medicaid. Health care providers and others may
voluntarily seek to comply with safe harbors so that they have the
assurance that their business practices will not be subject to any
Federal anti-kickback enforcement action. Compliance with an applicable
safe harbor insulates an individual or entity from liability under the
Federal anti-kickback statute. Parties may use any applicable safe
harbor into which they can squarely fit.\159\ However, failure to fit
in a safe harbor does not mean that an arrangement violates the law.
---------------------------------------------------------------------------
\159\ Existing safe harbors that may apply to some care
coordination and value-based arrangements include the employee safe
harbor (42 CFR 1001.952(i)), the personal services and management
contracts safe harbor (42 CFR 1001.952(d)), the various managed care
safe harbors (e.g., 42 CFR 1001.952(t)), and the local
transportation safe harbor (42 CFR 1001.952(bb)). However,
stakeholders have informed us that many arrangements they would like
to enter into cannot fit in the existing safe harbors as currently
structured.
---------------------------------------------------------------------------
The Beneficiary Inducements CMP provides for the imposition of
civil monetary penalties against any person who offers or transfers
remuneration to a Medicare or State health care program (including
Medicaid) beneficiary that
[[Page 77880]]
the benefactor knows or should know is likely to influence the
beneficiary's selection of a particular provider, practitioner, or
supplier of any item or service for which payment may be made, in whole
or in part, by Medicare or a State health care program (including
Medicaid). Compliance with an applicable exception to the definition of
``remuneration'' under the Beneficiary Inducements CMP or compliance
with an exception or safe harbor to the Federal anti-kickback statute
protects such practice from liability under the Beneficiary Inducements
CMP.
In many cases, emerging coordinated care and value-based delivery
and payment arrangements, which encourage functional integration and
coordination between and among providers and other industry
stakeholders, often using financial incentives, may not fit easily or
at all under current safe harbors to the Federal anti-kickback statute,
exceptions to the Beneficiary Inducements CMP, or both. Many value-
based and care coordination arrangements also rely on improving patient
engagement in care through tools or supports (e.g., free or reduced-
cost technology, free local transportation services), potentially
implicating both the Federal anti-kickback statute and the Beneficiary
Inducements CMP. Such tools or supports may not fit easily (or at all)
under existing safe harbors to the Federal anti-kickback statute or
exceptions to the definition of ``remuneration'' under the Beneficiary
Inducements CMP.
Public stakeholders have asserted--through comments to both the OIG
RFI and OIG Proposed Rule, as well as other public forums--that this
lack of clear legal protection has a chilling effect on the development
of effective care coordination arrangements, value-based arrangements,
and arrangements engaging or supporting patients. As a consequence,
this final rule provides greater certainty and protection for care
coordination arrangements, value-based arrangements, patient engagement
tools and supports, and other beneficial arrangements from potential
liability under the Federal anti-kickback statute and Beneficiary
Inducements CMP (as applicable), if the arrangements are properly
structured to satisfy an applicable safe harbor's or exception's
conditions (as applicable).
2. Overview of Estimated Impact of the Final Rule
There is not enough available information to estimate this final
rule's effect on the economy, Federal or State expenditures, or small
providers. In other words, we are not able to provide quantitative
estimates of savings to or expenditures for the Federal health care
programs, providers, and others that will result from this final rule.
More specifically, we lack a basis for determining the scope and
magnitude of financial arrangements for which parties may seek safe
harbor protection.
We lack a basis for making any quantitative estimates for the
following reasons. First, we cannot estimate how many providers and
other industry stakeholders will enter in value-based and care
coordination arrangements or other arrangements protected by these
final safe harbors and exception. This is in part because using and
complying with the safe harbors and exception to the definition of
``remuneration'' under the Beneficiary Inducements CMP finalized here
are voluntary. Indeed, providing remuneration in the context of a care
coordination arrangement and engaging Federal health care program
beneficiaries through the provision of tools and supports are voluntary
as well. Stated otherwise, parties are not required either to enter
into financial relationships that implicate the Federal anti-kickback
statute and Beneficiary Inducements CMP, or to structure any financial
relationships that implicate these statutes to satisfy a safe harbor or
exception, as applicable. Failure to satisfy a safe harbor or
exception, as applicable, does not mean that an arrangement is illegal
under the Federal anti-kickback statute or Beneficiary Inducements CMP.
Parties are free to conduct financial arrangements that do not fit
within the protections set forth in these final regulations provided
that they otherwise comply with the law. Further, while parties often
use safe harbors and exceptions as tools to structure compliant
arrangements, parties may also wait to assert compliance with a safe
harbor as a defense should the Government bring an enforcement action.
For this reason, it is further difficult to estimate usage of these
regulations.
Second, while we can provide examples--as noted below--of
arrangements we believe health care industry stakeholders may enter
into under the protection of these final safe harbors and exception, we
cannot predict the form of all of the arrangements, nor which industry
stakeholders will enter into what form of arrangements. More
specifically, based on comments submitted by stakeholders, our
understanding of currently existing value-based and care coordination
arrangements, and our assumption that there will be continued
innovation, we expect significant heterogeneity in value-based and care
coordination arrangements that seek protection under these safe harbors
and exception. Applying a ``conceptual framework'' developed by RAND
Corporation in an assessment of value-based programs illuminates how
the attributes of value-based care and care coordination arrangements
could vary across the industry, making any basis for quantitative
estimates regarding the impact of the regulatory flexibilities set
forth in this final rule highly speculative.\160\
---------------------------------------------------------------------------
\160\ Cheryl L. Damberg et al., RAND Corp., Measuring Success in
Health Care Value-Based Purchasing Programs (2014), available at
https://www.rand.org/content/dam/rand/pubs/research_reports/RR300/RR306/RAND_RR306.pdf.
---------------------------------------------------------------------------
In particular, the RAND conceptual framework highlights how various
aspects of the arrangements for which parties may seek safe harbor and
exception protection could differ, including: (1) Overarching program
design features with respect to the value-based arrangement (e.g.,
measures, incentive structure, targets for incentives, and quality
improvement support and resources); (2) the characteristics of the
providers and the settings in which they practice, including whether or
not the providers are employees, as well as the characteristics of
other parties to the arrangement; and (3) external factors (e.g., other
payment policies, other quality initiatives, consumer behavior, market
characteristics, and regulatory changes) that can enable or hinder any
response to the incentive. In addition, we expect wide variation in the
patient populations served and their particular needs with respect to
care coordination and tools and supports. To provide an example related
to external factors, whether a provider might need to use the patient
engagement and support safe harbor (paragraph 1001.952(hh)) may depend
on whether the beneficiary's Federal health care program covered the
desired tool and support. An arrangement for the provision of digital
technology that is a covered item or service, when provided in
accordance with coverage and payment rules, does not likely require
safe harbor protection and additional regulatory flexibility in this
final rule. On the other hand, an arrangement for the provision of
noncovered tools and supports for free to a Federal health care program
beneficiary likely implicates the Federal anti-kickback statute and may
implicate the Beneficiary Inducements CMP, may need safe harbor
protection, and would
[[Page 77881]]
benefit from such flexibility. Variation in coverage and payment rules
and changes in such rules over time impact the analysis of the
application of the statutes to arrangements and whether parties would
seek to use the final regulations.
In sum, any estimation of behavioral change--and any resulting
increases or decreases in costs to Federal or State health care
programs, providers and other stakeholders, or patients--would be
highly speculative and too uncertain to be appropriately quantifiable.
While we cannot gauge with certainty savings or costs that may result
from this final rule, the rule reflects our effort to remove barriers
impeding wider adoption of beneficial care coordination and value-based
arrangements identified by stakeholders, while prohibiting arrangements
that would improperly increase utilization, promote anti-competitive
behavior, or result in fraud or abuse. Below we elaborate on the
intended and anticipated beneficial outcomes related to the final rule
as well as some potential costs.
3. Anticipated Outcomes of the Final Rule
We can reasonably predict, however, that the final rule likely will
result in changes to stakeholder behavior. The rule may increase
providers' or others' participation in beneficial value-based, care
coordination, patient engagement and support, and other arrangements to
the extent that providers or others have been concerned that such
arrangements would otherwise implicate the Federal anti-kickback
statute and Beneficiary Inducements CMP. In this regard, and with
respect to the intended outcomes and benefits related to this final
rule, we anticipate that the policies in this final rule may: (1)
Remove barriers to robust participation in beneficial value-based
health care delivery and payment systems, including those administered
by CMS and non-Federal payors; (2) facilitate arrangements for
beneficial patient care coordination among affiliated and unaffiliated
health care providers, practitioners, suppliers, and others; (3) remove
barriers to providing tools and supports to patients to better engage
them in their care and improve health outcomes; (4) provide certainty
for participants in the Medicare Shared Savings Program and Innovation
Center models; (5) facilitate the continued adoption and use of
electronic health records by making permanent the safe harbor for the
donation of such items and services; and (6) promote more robust
cybersecurity throughout the health care system. Some of the benefits
that we anticipate will arise from these intended outcomes are: (1)
Improved care coordination for patients, including Federal health care
program beneficiaries; (2) improved quality of care and outcomes for
patients, including Federal health care program beneficiaries; (3)
potential reduction in compliance costs to individuals and entities to
which the Federal anti-kickback statute's and Beneficiary Inducements
CMP's prohibitions apply; (4) reduction in administrative complexity
and related waste from continued progress toward interoperability of
data and electronic health records; (5) protection against the
corruption of or access to health records and other information
essential to the safe and effective delivery of health care; and (6)
reduction in impacts of cybersecurity attacks, including the improper
disclosure of protected health information (PHI), and reduction in
costs associated with cybersecurity attacks, including ransom payments,
costs to patients whose PHI is improperly disclosed, and costs to
providers, suppliers, and others to reestablish cybersecurity.
With respect to the final rule's impact on parties currently
participating in the Medicare Shared Savings Program and Innovation
Center models, we have determined that this Final Rule would not
significantly alter the conditions upon which such providers and
suppliers operate. Such parties currently must comply with the fraud
and abuse statutes and receive fraud and abuse waivers as needed for
CMS to operate the Medicare Shared Savings Program and test models, as
authorized by statute. Finalizing safe harbors protecting value-based
arrangements, care coordination, and certain patient engagement tools
and supports would not significantly alter these conditions. This is
particularly true in light of the new final safe harbor for CMS-
sponsored models, which is designed to streamline the current fraud and
abuse waiver process and make model participation more uniform with
respect to compliance with fraud and abuse laws.
4. Expanded Protections Under Final Rule and Examples of Anticipated
Arrangements
As explained in greater detail in the preamble above, this final
rule expands safe harbor protection under the Federal anti-kickback
statute to protect the following types of arrangements that, in most
cases, would not fit squarely or with certainty in existing safe
harbors:
Certain remuneration exchanged between or among eligible
participants in a value-based arrangement that fosters better
coordinated and managed patient care.
Certain tools and supports furnished to patients to
improve quality, health outcomes, and efficiency.
Certain remuneration provided in connection with a CMS-
sponsored model.
Certain donations of cybersecurity technology and
services.
Certain donations of electronic health records items and
services.
Certain outcomes-based payments and remuneration in
connection with part-time personal services and management contracts
arrangements.
Certain remuneration in connection with bundled warranties
for one or more items and related services.
Certain free or discounted local transportation given to
Federal health care program beneficiaries.
In addition, this final rule extends protection under the
Beneficiary Inducements CMP to protect certain ``telehealth
technologies'' furnished to certain in-home dialysis patients.
Based on the Department's experience with the Medicare Shared
Savings Program and Innovation Center models, information provided by
commenters on the OIG RFI and the OIG Proposed Rule, and information
shared publicly by providers, suppliers, practitioners, health plans,
and others, following the issuance of this final rule we reasonably
expect parties may seek protection under the final safe harbors and
exception such as the following:
A hospital--in recognition that new reimbursement models
may extend hospital accountability for a patient's health beyond
inpatient or outpatient care--may wish to provide recently discharged
patients with free health coaching, technology that facilitates remote
monitoring, a non-reimbursable home visit, or nutritional supplements
to promote the best health outcomes after discharge.
A hospital, recognizing that clinical collaboration and
care coordination may improve patient transitions from one care
delivery point to the next, may wish to provide care coordinators that
furnish individually tailored case management services for patients
requiring post-acute care.
A medical device manufacturer may wish to offer a
physician practice or hospital a data analysis service to track
clinical practices, clinical outcomes, and patient impact as they
relate to hospital- or health-care-acquired pressure injuries.
A hospital may wish to provide support and to reward
institutional post-acute providers for achieving outcome measures that
effectively and
[[Page 77882]]
efficiently coordinate care across care settings and reduce hospital
readmissions. Such measures would be aligned with a patient's
successful recovery and return to living in the community.
A physician may wish to offer--for free-- a prescription
pickup service to retrieve filled prescriptions from the pharmacy and
get them to the patient to expedite the patient's adherence to the
physician's ordered treatment.
A primary care physician, dialysis facility, or other
provider could furnish a smart tablet that is capable of two-way, real-
time interactive communication between the patient and his or her
physician. In turn, the Federal health care program beneficiary's
access to a smart tablet could facilitate communication through
telehealth and the provision of in-home dialysis services.
5. Anticipated Beneficial Impact of Value-Based, Care Coordination, and
Patient Engagement and Support Arrangements
As explained further below, to the extent that providers and others
elect to use these safe harbors and exception to the definition of
``remuneration'' under the Beneficiary Inducements CMP to protect care
coordination, value-based, and other arrangements, there could be
significant beneficial impacts should the intended effect of the
regulatory flexibilities afforded by this final rule--promoting the
adoption of beneficial value-based arrangements and improved care
coordination--come to fruition.
As noted above, we are unable to quantify with certainty any impact
related to the changes in industry behavior that we can reasonably
expect following the effective date of this final rule. Despite the
inability to quantify impact, we believe that the value-based
arrangements, care coordination arrangements, and patient engagement
and support arrangements protected by this final rule ultimately will
reduce waste in the U.S. health care system.
In particular, a recent review of literature from January 2012 to
May 2019 focusing on unnecessary spending, or waste, in the U.S. health
care system (the 2019 study) indicates that waste related to the
failure of care coordination alone results in annual costs of $27
billion to $78 billion.\161\ Much of the research on waste and
improvement reviewed in the 2019 study was conducted in Medicare
populations. The 2019 study noted empirical evidence that
interventions, such as aligning payment models with value or supporting
delivery reform to enhance care coordination, safety, and value, can
produce meaningful savings and reduce waste by as much as half. The
2019 study also identified waste from administrative complexity
(resulting from fragmentation in the health care system) as the
greatest contributor to waste in the U.S. health care system at an
estimated $266 billion annually, and highlighted the opportunity to
reduce waste in this category from enhanced payor collaboration with
health care providers and clinicians in the form of value-based payment
models. According to the 2019 study, as value-based care continues to
evolve, there is reason to believe that such interventions can be
coordinated and scaled to produce better care at lower cost for all
U.S. residents. Moreover, in value-based and care coordination
arrangements, improvements could reduce waste related to overtreatment
and low-value care, a separate category of waste in the U.S. health
care system.
---------------------------------------------------------------------------
\161\ William H. Shrank et al., Waste in the US Health Care
System, Estimated Costs and Potential for Savings, 322 JAMA 1501
(2019), available at https://jamanetwork.com/journals/jama/fullarticle/2752664.
---------------------------------------------------------------------------
OIG studies regarding the Medicare Shared Savings Program and
participating ACOs have found beneficial impacts through improved
quality of care and reduced spending. A June 2019 evaluation found that
Medicare Shared Savings Program ACOs have developed a number of
strategies that the ACOs found successful in reducing Medicare spending
and improving quality of care.\162\ These strategies include, among
others, engaging beneficiaries to improve their own health, reducing
avoidable hospitalizations and improving hospital care through better
care coordination, and using technology for information sharing. For
example, one ACO in the study used tablets to issue medication
reminders and digital scales to transmit information directly to care
coordinators to help manage the health of beneficiaries with end-stage
congestive heart failure. The ACO reported that hospitalizations for
this group declined, on average, from four times a year to one time.
The evaluation observes that the successful strategies can apply not
only to ACOs but also to other providers committed to transforming the
health care system toward value.
---------------------------------------------------------------------------
\162\ OIG, ACOs' Strategies for Transitioning to Value-Based
Care: Lessons From the Medicare Shared Savings Program (OEI-02-15-
00451), July 19, 2019. Available at https://oig.hhs.gov/oei/reports/oei-02-15-00451.asp.
---------------------------------------------------------------------------
An August 2017 OIG report analyzed spending and quality data from
the first 3 years of the Medicare Shared Savings Program to determine
the extent to which ACOs reduced Medicare spending and improved
quality.\163\ During the period studied, most of the 428 participating
ACOs (serving 9.7 million beneficiaries) reduced Medicare spending
compared to their benchmarks, achieving a net spending reduction of
nearly $1 billion. At the same time, ACOs generally improved their
performance on most of the individual quality measures. ACOs also
outperformed fee-for-service providers on most of the quality measures.
A small subset of ACOs showed substantial reductions in Medicare
spending while providing high-quality care. These high-performing ACOs
reduced spending by an average of $673 per beneficiary for key Medicare
services during the review period. This included significant spending
reductions for high[hyphen]cost services such as inpatient hospital
care and skilled nursing facility care. These ACOs also maintained high
use of primary care services, which can lower utilization and costs for
other care, and reduced the use of costly services such as emergency
department visits. In contrast, other Medicare Shared Savings Program
ACOs and the national average for fee-for-service providers showed an
increase in per beneficiary spending for key Medicare services.
---------------------------------------------------------------------------
\163\ OIG, Medicare Shared Savings Program Accountable Care
Organizations Have Shown Potential for Reducing Spending and
Improving Quality (OEI-02-15-00450), Aug. 28, 2017. Available at
https://oig.hhs.gov/oei/reports/oei-02-15-00450.asp.
---------------------------------------------------------------------------
In addition, we are aware that certain other innovative value-based
and care coordination arrangements exist that have resulted in cost
savings for third-party payors, quality of care improvements, or
both.\164\ While we cannot extrapolate these results to the possible
impact of this final rule, we
[[Page 77883]]
believe the reported success of some of these programs suggests the
promising nature of value-based care and improved care coordination. In
describing the results below, we do not mean to suggest that this rule
prescribes or endorses the interventions inherent to these results.
Further, we emphasize that this final rule simply removes certain
regulatory barriers to implementing value-based and care coordination
arrangements that may be similar to those described below.
---------------------------------------------------------------------------
\164\ See e.g., Brian W. Powers et al., Impact of Complex Care
Management on Spending and Utilization for High-Need, High-Cost
Medicaid Patients, 26 Am. J. Managed Care e57 (2020), available at
https://doi.org/10.37765/ajmc.2020.42402 (finding, in a study of a
complex care management program implemented in Tennessee for high-
need, high-cost Medicaid patients, that the program reduced total
medical expenditures by 37 percent and inpatient utilization by 59
percent); Shreya Kangovi et al., Evidence-Based Community Health
Worker Program Addresses Unmet Social Needs and Generates Positive
Return on Investment, 39 Health Aff. 207 (2020), available at
https://www.healthaffairs.org/doi/full/10.1377/hlthaff.2019.00981
(finding that every dollar invested in the Individualized Management
for Patient-Centered Targets (IMPaCT) intervention, which is ``a
standardized community health worker intervention that addresses
socioeconomic and behavioral barriers to health in low-income
populations,'' yielded a return of $2.47 within a single fiscal year
from the perspective of a Medicaid payer).
---------------------------------------------------------------------------
For example, a case study targeted at determining the specific
factors that reduce Medicare payments and lead to hospital savings in
bundled payment models for lower extremity joint replacement surgeries
(which provide a lump sum payment to be shared among providers for an
episode of care instead of payment for every service performed) in one
Texas health system found that, between July 2008 and June 2015, the
system's five hospitals were able to reduce total Medicare spending per
episode of care by $5,577, or 20.8 percent, in cases without
complications, and by $5,321, or 13.8 percent, in cases with
complications.\165\ The hospitals also recognized $6.1 million in
internal cost savings, along with slight decreases in emergency room
visits and readmission rates, and a decrease in cases with a prolonged
length-of-stay admission. Over half of the internal cost savings were
attributable to reduced implant costs.\166\ We note that the product
standardization incentive programs that contribute to such internal
cost savings involve compensation arrangements between hospitals and
physicians which, depending on their structure, may not satisfy the
requirements of any current safe harbors to the Federal anti-kickback
statute, but to which the new and modified safe harbors may apply.
Relatedly, in 2018, a large health plan announced that it was expanding
a bundled payment program for spinal surgeries and hip/knee
replacements to new markets, after finding savings of $18,000 per
procedure,\167\ and a health network reported over $10 million in
savings in 2017 with more anticipated savings in 2018.\168\
---------------------------------------------------------------------------
\165\ Amol S. Navathe, et al., Cost of Joint Replacement Using
Bundled Payment Models, 177(2) JAMA Internal Med. 214-222 (Feb.
2017), available at https://jamanetwork.com/journals/jamainternalmedicine/article-abstract/2594805.
\166\ Vera Gruessner, 3 Ways Bundled Payment Models Brought
Hospital Cost Savings, Health Payer Intelligence (Jan. 16, 2017),
https://healthpayerintelligence.com/news/3-ways-bundled-payment-models-brought-hospital-cost-savings.
\167\ David Muhlestein et al., Recent Progress In The Value
Journey: Growth Of ACOs And Value-Based Payment Models In 2018,
Health Affairs Blog (Aug. 14, 2018), https://www.healthaffairs.org/do/10.1377/hblog20180810.481968/full/.
\168\ Shane Wolverton, Providers partner with payers for bundled
payments, Becker's Payer Issues (May 10, 2018) https://www.beckershospitalreview.com/payer-issues/providers-partner-with-payers-for-bundled-payments.html.
---------------------------------------------------------------------------
As another example of the potential for cost savings associated
with value-based arrangements, a recent survey of more than 100
commercial payors showed that, in 2018, ``pure FFS'' payment--where
each medical service is billed and paid for separately--accounts for
only 37.2 percent of reimbursement and is expected to drop to 26
percent by 2021.\169\ According to the payors surveyed, payors that
adopted value-based health care delivery and payment models reduced
health care costs by an average of 5.6 percent, improved provider
collaboration, and created more impactful member engagement.
---------------------------------------------------------------------------
\169\ Thomas Beaton, Value-Based Payment Adoption Drives 5.6%
Reduction in Care Costs, Health Payer Intelligence (June 18, 2018),
https://healthpayerintelligence.com/news/value-based-payment-adoption-drives-5.6-reduction-in-care-costs.
---------------------------------------------------------------------------
Further, there are studies that suggest that improved care
coordination may decrease costs and enhance health outcomes. One
randomized, controlled trial evaluated the cost[hyphen]effectiveness of
a home[hyphen]based care coordination program that targeted older
adults with problems self[hyphen]managing their chronic illnesses.\170\
Study participants in the test group received care coordination
services from a nurse and a pill organizer. The results of this study
showed that, for those beneficiaries who participated in the study for
more than 3 months, total Medicare costs were $491 lower per month than
in the control group. Another study conducted by the Centers for
Disease Control and Prevention demonstrated that certain interventions,
such as team-based or coordinated care, increase patient medication
adherence rates.\171\ Specifically, in a 2015 study, patients assigned
to team-based care--including pharmacist-led medication reconciliation
and tailoring, pharmacist-led patient education, collaborative care
between pharmacist and primary care provider or cardiologist, and two
types of voice messaging--were significantly more adherent with their
medication regimen 12 months after hospital discharge (89 percent)
compared with patients not receiving team-based care (74 percent).
---------------------------------------------------------------------------
\170\ Karen Dorman Marek et al., Cost analysis of a home-based
nurse care coordination program, 62 J. Am. Geriatrics Soc'y 2369
(2014).
\171\ Andrea B. Neiman et al., CDC Grand Rounds: Improving
Medication Adherence for Chronic Disease Management--Innovations and
Opportunities, 66 Morbidity & Mortality Wkly. Rep. 1248 (2017),
available at https://www.cdc.gov/mmwr/volumes/66/wr/mm6645a2.htm.
---------------------------------------------------------------------------
In addition, there are reported examples of value-based health care
delivery and payment programs developed and implemented by commercial
health plans that report success. For example, one health plan recently
reported that it saved $1 billion through avoided costs in 3 years of
its recent primary care pay-for-value program that offers primary care
practices rewards for their performance on quality, cost, and
utilization measures, while also improving outcomes for the plan's
members.\172\ According to this plan, members treated by a primary care
provider in the program had 11 percent fewer emergency room visits in
2017 than members treated by a primary care physician not in the
program. The plan also stated that members with a primary care
physician in the program experienced 16 percent fewer inpatient
admissions in 2017 compared to members seeing a primary care physician
not in the program, potentially saving the plan $224 million in
inpatient care costs.\173\
---------------------------------------------------------------------------
\172\ Press Release, Highmark, Inc., Highmark saves more than $1
billion in avoided cost with True Performance program (Oct. 5,
2020), available at https://www.highmark.com/newsroom/press-releases.html#!release/highmark-saves-more-than-1-billion-in-avoided-cost-with-true-performance-program.
\173\ Press Release, Highmark, Inc., Highmark's True Performance
Program Avoided Health Care Costs by More Than $260 Million in 2017
(June 26, 2018), available at https://www.highmark.com/newsroom/press-releases.html#!release/highmarks-true-performance-program-avoided-health-care-costs-by-more-than-260-million-in-2017.
---------------------------------------------------------------------------
A collaboration between a physician-led ACO and a health plan in
North Carolina similarly reportedly reduced costs while improving
quality of care.\174\ Specifically, an analysis conducted by the plan
concluded that the 47 primary care practices that participated in the
collaboration: (1) Reduced the total cost of care by 4.7 percent for
commercial patients; (2) reduced the total cost of care by 6.1 percent
for Medicare Advantage patients; and (3) improved their Medicare star
ratings, on average, from 3 to 4.5 stars. Another analysis by a
different health plan determined that primary care physicians paid
under global capitation improved certain patient outcomes related to
preventive care and chronic conditions, such as
[[Page 77884]]
higher screening rates for colorectal and breast cancer, higher rates
of medication review, and higher controlled blood sugar levels.\175\
---------------------------------------------------------------------------
\174\ Press Release, Blue Cross and Blue Shield of North
Carolina, Primary Care ACOs from Blue Cross NC and Aledade Show
Significant Savings and Quality Improvements (July 20, 2020),
available at https://mediacenter.bcbsnc.com/news/primary-care-acos-from-blue-cross-nc-and-aledade-show-significant-savings-and-quality-improvements.
\175\ UnitedHealth Group, Physicians Provide Higher Quality Care
Under Set Monthly Payments Instead of Being Paid Per Service,
UnitedHealth Group Study Shows (Aug. 11, 2020), available at https://www.unitedhealthgroup.com/newsroom/2020/uhg-study-shows-higher-quality-care-under-set-monthly-payments-403552.html.
---------------------------------------------------------------------------
6. Anticipated Beneficial Impact of New Safe Harbor for Cybersecurity
Technology and Services
The health care sector is among the most targeted industries for
cyberattacks and is also under-resourced to prevent such attacks and
data breaches. As a result, the cost of cybersecurity attacks and
breaches within the health care industry is significant. A study
estimated that data breaches may have cost U.S hospitals $6.2 billion
between 2015 and 2016.\176\ Additionally, other estimates indicate that
a health care organization that is breached faces $8 million dollars in
costs on average as a result of the breach, or $400 per patient record
involved.\177\ The impact of cyberattacks extends beyond increased and
unnecessary recovery and ransom costs. It may limit patient access to a
provider or directly affect patient care. For example, a September 2020
cyberattack on a large health care system in the United States
reportedly affected nearly 400 facilities, causing hospitals to divert
ambulances during the initial stages of the attack. In addition, staff
reported that some lab test results were delayed. The system responded
by suspending user access to its information technology applications
related to operations across the United States, requiring the use of
backup processes, including paper medical record charting and labeling
medications by hand, for nearly 3 weeks.\178\
---------------------------------------------------------------------------
\176\ Ponemon Institute, Sixth Annual Benchmark Study on Privacy
& Security of Healthcare Data (May 2016), available at https://www.ponemon.org/local/upload/file/Sixth%20Annual%20Patient%20Privacy%20%26%20Data%20Security%20Report%20FINAL%206.pdf.
\177\ Health Sector Cybersecurity Coordination Center, A Cost
Analysis of Healthcare Sector Data Breaches (Apr. 4, 2019),
available at https://www.hhs.gov/sites/default/files/cost-analysis-of-healthcare-sector-data-breaches.pdf.
\178\ Jeff Lagasse, Universal Health Services hit with
cyberattack that shuts down IT systems, Healthcare Finance (Sept.
29, 2020), https://www.healthcarefinancenews.com/news/universal-health-services-hit-cyberattack-shuts-down-it-systems-1; Jessica
Davis, UPDATE: UHS Health System Confirms All US Sites Affected by
Ransomware Attack, Health IT Security (Oct. 5, 2020) https://healthitsecurity.com/news/uhs-health-system-confirms-all-us-sites-affected-by-ransomware-attack; Jessica Davis, 3 Weeks After
Ransomware Attack, All 400 UHS Systems Back Online, Health IT
Security (Oct. 13, 2020), https://healthitsecurity.com/news/3-weeks-after-ransomware-attack-all-400-uhs-systems-back-online; and Press
Release, Universal Health Services (Oct. 29. 2020), https://www.uhsinc.com/statement-from-universal-health-services/.
---------------------------------------------------------------------------
According to the Health Sector Cybersecurity Coordination Center
(HC3), health care organizations should consider implementing strong
risk management practices to help prevent data breaches and minimize
any disruptions or loss if a breach occurs.\179\ HC3 highlights that
adequate prevention and preparation for data breaches will protect
patients, minimize direct and indirect costs, and allow for more
efficient operations of a health care organization.\180\ Separately,
the HCIC Task Force's June 2017 report, among other things, highlighted
its review of many concerns related to potential constraints imposed by
the physician self-referral law and the Federal anti-kickback statute.
The report encouraged Congress to evaluate an amendment to these laws
specifically for cybersecurity software that would allow health care
organizations the ability to assist physicians in the acquisition of
this technology, through either donation or subsidy.\181\ The HCIC Task
Force noted that the existing regulatory exception to the physician
self-referral law (42 CFR 411.357(w)) and the safe harbor to the
Federal anti-kickback statute (42 CFR 1001.952(y)) applicable to
certain donations of EHR items and services could serve as an ideal
template for an analogous cybersecurity provision.\182\
---------------------------------------------------------------------------
\179\ Health Sector Cybersecurity Coordination Center, A Cost
Analysis of Healthcare Sector Data Breaches (Apr. 4, 2019), https://www.hhs.gov/sites/default/files/cost-analysis-of-healthcare-sector-data-breaches.pdf.
\180\ Id.
\181\ HCIC Task Force Report, https://www.phe.gov/Preparedness/
planning/CyberTF/Documents/report2017.pdf.
\182\ Id.
---------------------------------------------------------------------------
Further substantiating the need for increased flexibility related
to the donation of cybersecurity technology and services, in 2018, the
American Medical Association surveyed over 1,300 physicians in a
cybersecurity-related survey. Approximately 83 percent of the
participants reported having experienced some sort of cybersecurity
attack.\183\ The study also highlighted that 50 percent of the surveyed
physicians wished they could receive donations of security-related
hardware and software from other providers, and recommended that OIG
develop a safe harbor to permit it.
---------------------------------------------------------------------------
\183\ American Medical Association, Tackling Cyber Threats in
Healthcare, https://www.ama-assn.org/sites/ama-assn.org/files/corp/media-browser/public/government/advocacy/medical-cybersecurity-findings.pdf and https://www.ama-assn.org/sites/ama-assn.org/files/corp/media-browser/public/government/advocacy/infographic-medical-cybersecurity.pdf.
---------------------------------------------------------------------------
As described in section III.B.8 of this final rule, we received
overwhelming support from across the health care industry in response
to our proposal to establish the new safe harbor for cybersecurity
items and services, and we anticipate significant expansion of
cybersecurity efforts through donations following the effective date of
this final rule, similar to the expanded adoption of EHR items and
services reported by stakeholders following the establishment of the
EHR safe harbor in 2006. Support for the new cybersecurity safe harbor
came from many well-resourced organizations that are potential future
donors of cybersecurity technology, such as health plans and large
health systems, as well as from likely recipients of donations and
trade groups representing practitioners.
Because of the cost of cybersecurity attacks to organizations that
wish to donate or receive cybersecurity technology and services, and
the general support among donors and recipients for the new
cybersecurity exception, we anticipate significant investment in
improvements to the cybersecurity hygiene of the health care industry.
An organization's cybersecurity posture is only as strong as its
weakest link, including weaknesses of downstream providers, suppliers,
and practitioners that wish to receive donations; thus, donors are
incented to protect themselves by donating cybersecurity technology and
services that improves their cybersecurity.
There are a variety of factors integral to determining the impact
of this final safe harbor's effect on the cybersecurity hygiene of the
health care industry that remain too speculative to make a quantitative
estimate of the impact of this final rule. We cannot predict with
sufficient certainty various elements that will determine the impact of
this safe harbor. For example, we cannot predict: (1) How many health
care industry stakeholders will donate cybersecurity technology or
services for which parties may seek safe harbor protection; (2) the
specific combinations of items and services that will be donated or how
such donations will improve the cybersecurity hygiene of recipients,
donors, and the health care industry as a whole; and (3) external
factors (e.g., other policies promoting cybersecurity within the health
care industry, how cyber criminals will proliferate and develop new
strategies, how cyberattack recovery costs and ransom costs will
change) that can enable or hinder improved cybersecurity hygiene and
potentially
[[Page 77885]]
result in increased or decreased costs associated with cyberattacks.
Despite this, we expect that the flexibility to donate cybersecurity
technology and services will benefit the ecosystem as a whole, improve
cybersecurity across the industry, and reduce costs associated with
cyberattacks (by improving prevention and detection of cybersecurity
weaknesses and reducing successful cyberattacks, and consequently,
ransom fees and recovery costs). However, we cannot predict the
specific impacts of the flexibility afforded by the cybersecurity
technology and services safe harbor on the costs or benefits to Federal
health care programs, beneficiaries, or the health care industry as a
whole.
7. Anticipated Costs
We also acknowledge that there could be some costs associated with
this final rule. For example, providers and other stakeholders
voluntarily complying with the safe harbors and exception finalized
here may incur legal and administrative costs to appropriately
structure an arrangement to satisfy an applicable safe harbor or
exception. In addition, it is possible providers and others may misuse
the protection afforded by the safe harbors and exception which could
result in increased costs to Federal health care programs or
beneficiaries. It also is possible that providers and other
stakeholders will appropriately use the safe harbors, but a care
coordination or value-based arrangement developed in good faith might
not result in savings to the Federal health care programs or
beneficiaries or improvements in quality of care.
Designing safe harbors with sufficient safeguards against potential
abuses and harms by those who might misuse the safe harbors is not
without challenges. In this final rule, we have tried to strike the
right balance between flexibility for beneficial innovation and
safeguards to protect patients and Federal health care programs.
However, we cannot quantify whether we have struck the appropriate
balance; in particular, we cannot quantify whether achievement of the
intended outcomes (e.g., improved coordination of patient care,
improved quality of patient care, reduced costs to payers) will
outweigh any potential costs.
B. Executive Order 12866
Executive Order 12866 directs agencies to assess all costs and
benefits of available regulatory alternatives and if regulations are
necessary, to select regulatory approaches that maximize net benefits
(including potential economic, environmental, public health and safety
effects; distributive impacts; and equity). A regulatory impact
analysis must be prepared for major rules with economically significant
effects (i.e., $100 million or more in any given year). This final rule
codifies a new exception to the definition of ``remuneration'' under
the Beneficiary Inducements CMP and implements new or revised anti-
kickback statute safe harbors. As explained more fully above, we
believe the changes in the final rule to the safe harbors and the new
exception to the Beneficiary Inducements CMP will provide flexibility
for providers and others to enter into certain beneficial arrangements.
In doing so, this final rule imposes no requirements on any party.
Providers and others will be allowed to voluntarily seek to comply with
these provisions so that they have assurance that participating in
certain arrangements will not subject them to liability under the
Federal anti-kickback statute and the Beneficiary Inducements CMP.
These safe harbors and exception facilitate providers' and others'
ability to provide important health care and related services to
communities in need. We estimated that this rule would be
``economically significant'' as measured by the $100 million threshold,
and hence also a major rule under the Congressional Review Act.
Accordingly, we prepared an RIA that presented our estimates of the
costs and benefits of this rulemaking. Thus, this rule has been
reviewed by the Office of Management and Budget.
C. Regulatory Flexibility Act
The RFA and the Small Business Regulatory Enforcement and Fairness
Act of 1996, which amended the RFA, require agencies to analyze options
for regulatory relief of small businesses. For purposes of the RFA,
small entities include small businesses, nonprofit organizations, and
Government agencies. Most providers are considered small entities by
having revenues of $7 million to $35.5 million or less in any one year.
For purposes of the RFA, most physicians and suppliers are considered
small entities.
Comment: We received comments from two associations representing
small and rural providers or Indian health care providers regarding the
level of administrative burden and potential costs associated with
implementing the requirements in certain proposed safe harbors (e.g.,
requiring a writing signed by the parties under certain proposed safe
harbors and requiring a financial contribution by a recipient of
remuneration under the care coordination arrangements safe harbor and
EHR safe harbor), particularly for small and rural providers and Indian
health care providers. For example, a commenter suggested that if OIG
reduced administrative burden on physicians under its final rule, it
would allow physicians to focus on the patient-physician relationship
and the patient's welfare. In addition, a commenter representing Indian
health care providers expressed concern that its stakeholders would
need to make changes to current practices and operations in response to
this rulemaking in order to comply with the Federal anti-kickback
statute and to avoid severe criminal, civil, and administrative
penalties. The commenter also raised concerns regarding potential
administrative burden that may occur if Indian health care providers
revise or amend existing agreements with the Health Resources and
Services Administration to participate in arrangements protected under
new safe harbors. The commenter also asked OIG to exempt Indian health
programs from certain proposed safe harbor contribution requirements.
Response: We reiterate that this final rule does not impose any
obligations on any entity, including Indian health care providers, nor
does this final rule require any entity to make changes to current
practices and operations to comply with the Federal anti-kickback
statute or Beneficiary Inducements CMP. This final rule provides
additional flexibilities for providers and others to enter into care
coordination arrangements with potentially reduced legal risk. As
explained above, structuring financial arrangements to satisfy a safe
harbor or exception is voluntary; indeed, even entering into such
financial arrangements is voluntary. We believe the changes to the safe
harbors and the addition of a new exception to the definition of
``remuneration'' under the Beneficiary Inducements CMP provide industry
stakeholders with additional flexibility if they desire to enter into
certain beneficial arrangements.
We understand the commenter's concern regarding potential costs
associated with contribution requirements included within certain safe
harbors that we are finalizing. However, after careful consideration,
we continue to believe that the contribution requirement is an
important safeguard against fraud and abuse in light of the specific
risks of inappropriate generation of referrals presented by donations
of EHR items and services that could be protected by the EHR safe
harbor(paragraph 1001.952(y)) and care
[[Page 77886]]
coordination arrangements safe harbor (paragraph 1001.952(ee)). As we
explain in our discussion of these safe harbors in sections III.B.3.g
and III.B.9.e above, when recipients of valuable remuneration have some
responsibility to contribute to the cost of the items or services, they
are more likely to make economically prudent decisions and accept only
what they need or will use. The final rule reflects our efforts to
balance additional flexibility for beneficial arrangements that have
potential to reduce costs and improve care with safeguards to protect
against potential abuses, including inappropriate increases in costs to
Federal health care programs and beneficiaries.
We recognize that small or rural entities or Indian health care
providers may incur costs to avail themselves of the safe harbor and
exception protections under the final rule. However, we expect the
costs to be no greater than parties currently incur to comply with the
Federal anti-kickback statute and the Beneficiary Inducements CMP. We
do not expect this final rule to have a significant impact on a
substantial number of small entities or Indian health care providers
because the rules are completely voluntary (i.e., providers are not
required to comply with the conditions of any safe harbor in order to
avoid violating the Federal anti-kickback statute). Furthermore, we
believe the net impact on small businesses that choose to take
advantage of the new flexibilities will be low because we anticipate
that the potential burden associated with certain provisions may be
mitigated by other provisions offering greater flexibility to
providers.
We estimate the changes to the exception to the Beneficiary
Inducements CMP and the Federal anti-kickback statute safe harbors will
impose no incremental burden on covered entities. We are providing
covered entities with the option to adjust their business practices to
better serve patients without adversely affecting their profitability.
As a result, we have concluded that this final rule likely will not
have a significant impact on a substantial number of small providers
and that a regulatory flexibility analysis is not required for this
rulemaking. In addition, section 1102(b) of the Act requires that we
prepare a regulatory impact analysis if a rule under titles XVIII or
XIX or section B of title XI of the Act may have a significant impact
on the operations of a substantial number of small rural hospitals. For
the reasons stated above, we do not believe that any provisions or
changes finalized here will have a significant impact on the operations
of rural hospitals. Thus, an analysis under section 1102(b) of the Act
is not required for this rulemaking.
D. Unfunded Mandates Reform Act
Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law
104-4, also requires that agencies assess anticipated costs and
benefits before issuing any rule that may result in expenditures in any
one year by State Governments, Tribal Governments, or local
governments, in the aggregate, or by the private sector, of $100
million, adjusted for inflation. We believe that no significant costs
will be associated with this final rule that would impose any mandates
on State Governments, Tribal Governments, local governments, or the
private sector that would result in an expenditure of $154 million
(after adjustment for inflation) in any given year.
D. Executive Order 13132
Executive Order 13132 establishes certain requirements that an
agency must meet when it promulgates a rule that imposes substantial
direct requirements for costs on State and local governments, preempts
State law, or otherwise has Federalism implications. In reviewing this
rule under the threshold criteria of Executive Order 13132, we have
determined that this final rule will not significantly affect the
rights, roles, and responsibilities of State or local governments.
E. Executive Order 13771
Executive Order 13771 (January 30, 2017) requires that the costs
associated with significant new regulations ``to the extent permitted
by law, be offset by the elimination of existing costs associated with
at least two prior regulations.'' This final rule has been designated a
significant regulatory action as defined by Executive Order 12866 but
imposes no more than de minimis costs and is a deregulatory action
under Executive Order 13771. This designation has been informed by
public comments.
F. Statement of Need
The Department has identified the broad reach of the Federal anti-
kickback statute and Beneficiary Inducements CMP as potentially
inhibiting beneficial arrangements that would advance the ability of
providers, suppliers, and others to transition more effectively and
efficiently to value-based care and to better coordinate care among
providers, suppliers, and others in both the Federal health care
programs and commercial sectors. Industry stakeholders have informed us
that, because the consequences of potential noncompliance with the
Federal anti-kickback statute and Beneficiary Inducements CMP could be
significant, providers, suppliers, and others may be discouraged from
entering into innovative arrangements that could improve quality
outcomes, produce health system efficiencies, and lower health care
costs (or slow their rate of growth). To the extent providers are
discouraged from entering into these innovative arrangements, patient
care may not be provided as efficiently as possible. In addition, the
potential consequences of noncompliance with these statutes may impede
the ability of providers, suppliers, and others, including small
providers and suppliers or those serving rural or medically underserved
populations, to raise capital to invest in the transition to value-
based care or to obtain infrastructure necessary to coordinate patient
care, including technology. This unnecessarily slows the transition
toward more efficient patient care. This final rule attempts to address
these concerns by removing unnecessary impediments to the
transformation of the health care system into one that better pays for
and delivers value.
To remove regulatory barriers to care coordination and support
value-based arrangements, we faced the challenge of designing safe
harbor protections for emerging health care arrangements, the optimal
form, design, and efficacy of which remain unknown or unproven. These
arrangements will be driven by the determinations and experiences of a
wide range of providers, suppliers, and others as they innovate in
delivering value-based care. This challenge is further complicated by
the substantial variation in care coordination and value-based
arrangements contemplated by the health care industry and others
(meaning that one-size-fits-all safe harbor designs may not be
optimal), variation among patient populations and provider
characteristics, emerging health technologies and data capabilities,
the still-developing science of quality and performance measurement,
and our desire not to have a chilling effect on beneficial innovations.
As described above, it is difficult to gauge the effects of this
regulatory action in a rapidly evolving and diverse health care
ecosystem of substantial innovation, experimentation, and deployment of
technology and digital data. For example, as explained above, while a
recent article projected potential savings of $29.6 billion to $38.2
billion across the U.S. health care system for
[[Page 77887]]
reducing waste from failure of care coordination,\184\ it is difficult,
if not impossible to gauge reductions in wasteful health care spending
and improved health outcomes as a result of new arrangements made
possible by this final rule. It is also difficult, if not impossible,
to quantify savings or losses that could occur as a result of new
fraudulent or abusive conduct that could increase costs or lead to poor
outcomes as a result of new arrangements. In some cases, innovations
may enhance program integrity and protect against fraud and abuse,
reducing costs and increasing benefits. There is a compelling concern
that uncertainty and regulatory barriers under current regulations
could prevent the best and most efficacious innovations from emerging
and being tested in the marketplace. Our goal in finalizing safe
harbors is to protect arrangements that foster beneficial arrangements
and facilitate value, while also protecting programs and beneficiaries
against harms cause by fraud and abuse.
---------------------------------------------------------------------------
\184\ William H. Shrank et al., Waste in the US Health Care
System, Estimated Costs and Potential for Savings, 322 JAMA 1501
(2019), available at https://jamanetwork.com/journals/jama/article-abstract/2752664.
---------------------------------------------------------------------------
VI. Paperwork Reduction Act
The provisions of this final rule will not impose any new
information collection and recordkeeping requirements. Consequently, it
need not be reviewed by the Office of Management and Budget under the
authority of the Paperwork Reduction Act of 1995.
List of Subjects
42 CFR Part 1001
Administrative practice and procedure, Fraud, Grant programs--
health, Health facilities, Health professions, Maternal and child
health, Medicaid, Medicare, Social Security.
42 CFR Part 1003
Fraud, Grant programs--health, Health facilities, Health
professions, Medicaid, Reporting, and recordkeeping.
For the reasons set forth in the preamble, the Office of Inspector
General, Department of Health and Human Services, amends 42 CFR parts
1001 and 1003 as follows:
PART 1001--PROGRAM INTEGRITY--MEDICARE AND STATE HEATH PROGRAMS
0
1. The authority citation for part 1001 continues to read as follows:
Authority: 42 U.S.C. 1302, 1320a-7, 1320a-7a, 1320a-7b, 1320a-
7d, 1395u(j), 1395u(k), 1395w-104(e)(6), 1395y(d), 1395y(e),
1395cc(b)(2)(D), (E) and (F), and 1395hh; and sec. 2455, Pub. L.
103-355, 108 Stat. 3327 (31 U.S.C. 6101 note).
0
2. Section 1001.952 is amended by:
0
a. Revising paragraphs (d), (g) introductory text, (g)(1), (3), and
(4);
0
b. Adding paragraphs (g)(5) and (g)(6) before the undesignated text at
the end of paragraph (g);
0
c. Designating the undesignated text at the end of paragraph (g) as
paragraph (g)(7) and revising newly redesignated (g)(7);
0
d. Revising paragraph (y) introductory text, paragraph (y)(1), the
second sentence of paragraph (y)(2);
0
e. Removing and reserving paragraphs (y)(3) and (7);
0
f. Revising paragraph (y)(11);
0
g. Removing and reserving paragraph (y)(13);
0
h. Redesignating the note to paragraph (y) as paragraph (y)(14) and
revising newly redesignated (y)(14);
0
i. Revising paragraphs (bb)(1)(iv)(B) and (bb)(2)(iii);
0
j. Redesignating the note to paragraph (bb) as paragraph (bb)(3) and
revising newly redesignated (bb)(3);
0
k. Adding and reserving paragraphs (cc) and (dd); and
0
l. Adding paragraphs (ee) through (kk).
The revisions and additions read as follows:
Sec. 1001.952 Exceptions.
* * * * *
(d) Personal services and management contracts and outcomes-based
payment arrangements. (1) As used in section 1128B of the Act,
``remuneration'' does not include any payment made by a principal to an
agent as compensation for the services of the agent, as long as all of
the following standards are met:
(i) The agency agreement is set out in writing and signed by the
parties.
(ii) The agency agreement covers all of the services the agent
provides to the principal for the term of the agreement and specifies
the services to be provided by the agent.
(iii) The term of the agreement is not less than 1 year.
(iv) The methodology for determining the compensation paid to the
agent over the term of the agreement is set in advance, is consistent
with fair market value in arm's-length transactions, and is not
determined in a manner that takes into account the volume or value of
any referrals or business otherwise generated between the parties for
which payment may be made in whole or in part under Medicare, Medicaid,
or other Federal health care programs.
(v) The services performed under the agreement do not involve the
counseling or promotion of a business arrangement or other activity
that violates any State or Federal law.
(vi) The aggregate services contracted for do not exceed those
which are reasonably necessary to accomplish the commercially
reasonable business purpose of the services.
(2) As used in section 1128B of the Act, ``remuneration'' does not
include any outcomes-based payment as long as all of the standards in
paragraphs (d)(2)(i) through (viii) of this section are met:
(i) To receive an outcomes-based payment, the agent achieves one or
more legitimate outcome measures that:
(A) Are selected based on clinical evidence or credible medical
support; and
(B) Have benchmarks that are used to quantify:
(1) Improvements in, or the maintenance of improvements in, the
quality of patient care;
(2) A material reduction in costs to or growth in expenditures of
payors while maintaining or improving quality of care for patients; or
(3) Both.
(ii) The methodology for determining the aggregate compensation
(including any outcomes-based payments) paid between or among the
parties over the term of the agreement is: Set in advance; commercially
reasonable; consistent with fair market value; and not determined in a
manner that directly takes into account the volume or value of any
referrals or business otherwise generated between the parties for which
payment may be made in whole or in part by a Federal health care
program.
(iii) The agreement between the parties is set out in writing and
signed by the parties in advance of, or contemporaneous with, the
commencement of the terms of the outcomes-based payment arrangement.
The writing states at a minimum: A general description of the services
to be performed by the parties for the term of the agreement; the
outcome measure(s) the agent must achieve to receive an outcomes-based
payment; the clinical evidence or credible medical support relied upon
by the parties to select the outcome measure(s); and the schedule for
the parties to regularly monitor and assess the outcome measure(s).
(iv) The agreement neither limits any party's ability to make
decisions in their patients' best interest nor induces any party to
reduce or limit medically necessary items or services.
[[Page 77888]]
(v) The term of the agreement is not less than 1 year.
(vi) The services performed under the agreement do not involve the
counseling or promotion of a business arrangement or other activity
that violates any State or Federal law.
(vii) For each outcome measure under the agreement, the parties:
(A) Regularly monitor and assess the agent's performance, including
the impact of the outcomes-based payment arrangement on patient quality
of care; and
(B) Periodically assess, and as necessary revise, benchmarks and
remuneration under the arrangement to ensure that the remuneration is
consistent with fair market value in an arm's length transaction as
required by paragraph (d)(2)(ii) of this section during the term of the
agreement.
(viii) The principal has policies and procedures to promptly
address and correct identified material performance failures or
material deficiencies in quality of care resulting from the outcomes-
based payment arrangement.
(3) For purposes of this paragraph (d):
(i) An agent of a principal is any person other than a bona fide
employee of the principal who has an agreement to perform services for
or on behalf of the principal.
(ii) Outcomes-based payments are limited to payments between or
among a principal and an agent that:
(A) Reward the agent for successfully achieving an outcome measure
described in paragraph (d)(2)(i) of this section; or
(B) Recoup from or reduce payment to an agent for failure to
achieve an outcome measure described in paragraph (d)(2)(i) of this
section.
(iii) Outcomes-based payments exclude any payments:
(A) Made directly or indirectly by the following entities:
(1) A pharmaceutical manufacturer, distributor, or wholesaler;
(2) A pharmacy benefit manager;
(3) A laboratory company;
(4) A pharmacy that primarily compounds drugs or primarily
dispenses compounded drugs;
(5) A manufacturer of a device or medical supply as defined in
paragraph (ee)(14)(iv) of this section;
(6) A medical device distributor or wholesaler that is not
otherwise a manufacturer of a device or medical supply, as defined in
paragraph (ee)(14)(iv) of this section; or
(7) An entity or individual that sells or rents durable medical
equipment, prosthetics, orthotics, or supplies covered by a Federal
health care program (other than a pharmacy or a physician, provider, or
other entity that primarily furnishes services); or
(B) Related solely to the achievement of internal cost savings for
the principal; or
(C) Based solely on patient satisfaction or patient convenience
measures.
* * * * *
(g) Warranties. As used in section 1128B of the Act,
``remuneration'' does not include any payment or exchange of anything
of value under a warranty provided by a manufacturer or supplier of one
or more items and services (provided the warranty covers at least one
item) to the buyer (such as a health care provider or beneficiary) of
the items and services, as long as the buyer complies with all of the
following standards in paragraphs (g)(1) and (2) of this section and
the manufacturer or supplier complies with all of the following
standards in paragraphs (g)(3) through (6) of this section:
(1) The buyer (unless the buyer is a Federal health care program
beneficiary) must fully and accurately report any price reduction of an
item or service (including a free item or service) that was obtained as
part of the warranty in the applicable cost reporting mechanism or
claim for payment filed with the Department or a State agency.
* * * * *
(3) The manufacturer or supplier must comply with either of the
following standards:
(i) The manufacturer or supplier must fully and accurately report
any price reduction of an item or service (including free items and
services) that the buyer obtained as part of the warranty on the
invoice or statement submitted to the buyer and inform the buyer of its
obligations under paragraphs (g)(1) and (2) of this section.
(ii) When the amount of any price reduction is not known at the
time of sale, the manufacturer or supplier must fully and accurately
report the existence of a warranty on the invoice or statement, inform
the buyer of its obligations under paragraphs (g)(1) and (g)(2) of this
section, and when any price reduction becomes known, provide the buyer
with documentation of the calculation of the price reduction resulting
from the warranty.
(4) The manufacturer or supplier must not pay any remuneration to
any individual (other than a beneficiary) or entity for any medical,
surgical, or hospital expense incurred by a beneficiary other than for
the cost of the items and services subject to the warranty.
(5) If a manufacturer or supplier offers a warranty for more than
one item or one or more items and related services, the federally
reimbursable items and services subject to the warranty must be
reimbursed by the same Federal health care program and in the same
Federal health care program payment.
(6) The manufacturer or supplier must not condition a warranty on a
buyer's exclusive use of, or a minimum purchase of, any of the
manufacturer's or supplier's items or services.
(7) For purposes of this paragraph (g), the term warranty means:
(i) Any written affirmation of fact or written promise made in
connection with the sale of an item or bundle of items, or services in
combination with one or more related items, by a manufacturer or
supplier to a buyer, which affirmation of fact or written promise
relates to the nature of the quality of workmanship and affirms or
promises that such quality or workmanship is defect free or will meet a
specified level of performance over a specified period of time;
(ii) Any undertaking in writing in connection with the sale by a
manufacturer or supplier of an item or bundle of items, or services in
combination with one or more related items, to refund, repair, replace,
or take other remedial action with respect to such item or bundle of
items in the event that such item or bundle of items, or services in
combination with one or more related items, fails to meet the
specifications set forth in the undertaking which written affirmation,
promise, or undertaking becomes part of the basis of the bargain
between a seller and a buyer for purposes other than resell of such
item or bundle of items; or
(iii) A manufacturer's or supplier's agreement to replace another
manufacturer's or supplier's defective item or bundle of items (which
is covered by an agreement made in accordance with this paragraph (g)),
on terms equal to the agreement that it replaces.
* * * * *
(y) Electronic health records items and services. As used in
section 1128B of the Act, ``remuneration'' does not include nonmonetary
remuneration (consisting of items and services in the form of software
or information technology and training services, including
cybersecurity software and services) necessary and used predominantly
to create, maintain, transmit, receive, or protect electronic health
records, if all of the conditions in paragraphs (y)(1) through (13) of
this section are met:
(1) The items and services are provided to an individual or entity
[[Page 77889]]
engaged in the delivery of health care by:
(i) An individual or entity, other than a laboratory company, that:
(A) Provides services covered by a Federal health care program and
submits claims or requests for payment, either directly or through
reassignment, to the Federal health care program; or
(B) Is comprised of the types of individuals or entities in
paragraph (y)(1)(i)(A) of this section; or
(ii) A health plan.
(2) * * * For purposes of this paragraph (y)(2) of this section,
software is deemed to be interoperable if, on the date it is provided
to the recipient, it is certified by a certifying body authorized by
the National Coordinator for Health Information Technology to
certification criteria identified in the then-applicable version of 45
CFR part 170.
* * * * *
(11) The recipient pays 15 percent of the donor's cost for the
items and services. The following conditions apply to such
contribution:
(i) If the donation is the initial donation of EHR items and
services, or the replacement of part or all of an existing system of
EHR items and services, the recipient must pay 15 percent of the
donor's cost before receiving the items and services. The contribution
for updates to previously donated EHR items and services need not be
paid in advance of receiving the update; and
(ii) The donor (or any affiliated individual or entity) does not
finance the recipient's payment or loan funds to be used by the
recipient to pay for the items and services.
* * * * *
(14) For purposes of this paragraph (y), the following definitions
apply:
(i) Cybersecurity means the process of protecting information by
preventing, detecting, and responding to cyberattacks.
(ii) Health plan shall have the meaning set forth at Sec.
1001.952(l)(2).
(iii) Interoperable shall mean able to:
(A) Securely exchange data with and use data from other health
information technology; and
(B) Allow for complete access, exchange, and use of all
electronically accessible health information for authorized use under
applicable State or Federal law.
(iv) Electronic health record shall mean a repository of consumer
health status information in computer processable form used for
clinical diagnosis and treatment for a broad array of clinical
conditions.
* * * * *
(bb) * * *
(1) * * *
(iv) * * *
(B) Within 25 miles of the health care provider or supplier to or
from which the patient would be transported, or within 75 miles if the
patient resides in a rural area, as defined in this paragraph (bb)
except that, if the patient is discharged from an inpatient facility
following inpatient admission or released from a hospital after being
placed in observation status for at least 24 hours and transported to
the patient's residence, or another residence of the patient's choice,
the mileage limits in this paragraph (bb)(1)(iv)(B) shall not apply;
and
* * * * *
(2) * * *
(iii) The eligible entity makes the shuttle service available only
within the eligible entity's local area, meaning there are no more than
25 miles from any stop on the route to any stop at a location where
health care items or services are provided, except that if a stop on
the route is in a rural area, the distance may be up to 75 miles
between that stop and any providers or suppliers on the route;
* * * * *
(3) For purposes of this paragraph (bb), the following definitions
apply:
(i) An eligible entity is any individual or entity, except for
individuals or entities (or family members or others acting on their
behalf) that primarily supply health care items.
(ii) An established patient is a person who has selected and
initiated contact to schedule an appointment with a provider or
supplier, or who previously has attended an appointment with the
provider or supplier.
(iii) A shuttle service is a vehicle that runs on a set route, on a
set schedule.
(iv) A rural area is an area that is not an urban area, as defined
in paragraph (bb)(3)(v) of this section.
(v) An urban area is:
(A) A Metropolitan Statistical Area (MSA) or New England County
Metropolitan Area (NECMA), as defined by the Executive Office of
Management and Budget; or
(B) The following New England counties, which are deemed to be
parts of urban areas under section 601(g) of the Social Security
Amendments of 1983 (Pub. L. 98-21, 42 U.S.C. 1395ww (note)): Litchfield
County, Connecticut; York County, Maine; Sagadahoc County, Maine;
Merrimack County, New Hampshire; and Newport County, Rhode Island.
(cc)-(dd) [Reserved]
(ee) Care coordination arrangements to improve quality, health
outcomes, and efficiency. As used in section 1128B of the Act,
``remuneration'' does not include the exchange of anything of value
between a VBE and VBE participant or between VBE participants pursuant
to a value-based arrangement if all of the standards in paragraphs
(ee)(1) through (13) of this section are met:
(1) The remuneration exchanged:
(i) Is in-kind;
(ii) Is used predominantly to engage in value-based activities that
are directly connected to the coordination and management of care for
the target patient population and does not result in more than
incidental benefits to persons outside of the target patient
population; and
(iii) Is not exchanged or used:
(A) More than incidentally for the recipient's billing or financial
management services; or
(B) For the purpose of marketing items or services furnished by the
VBE or a VBE participant to patients or for patient recruitment
activities.
(2) The value-based arrangement is commercially reasonable,
considering both the arrangement itself and all value-based
arrangements within the VBE.
(3) The terms of the value-based arrangement are set forth in
writing and signed by the parties in advance of, or contemporaneous
with, the commencement of the value-based arrangement and any material
change to the value-based arrangement. The writing states at a minimum:
(i) The value-based purpose(s) of the value-based activities
provided for in the value-based arrangement;
(ii) The value-based activities to be undertaken by the parties to
the value-based arrangement;
(iii) The term of the value-based arrangement;
(iv) The target patient population;
(v) A description of the remuneration;
(vi) Either the offeror's cost for the remuneration and the
reasonable accounting methodology used by the offeror to determine its
cost, or the fair market value of the remuneration;
(vii) The percentage and amount contributed by the recipient;
(viii) If applicable, the frequency of the recipient's contribution
payments for ongoing costs; and
(ix) The outcome or process measure(s) against which the recipient
will be measured.
(4) The parties to the value-based arrangement establish one or
more legitimate outcome or process measures that:
(i) The parties reasonably anticipate will advance the coordination
and
[[Page 77890]]
management of care for the target patient population based on clinical
evidence or credible medical or health sciences support;
(ii) Include one or more benchmarks that are related to improving
or maintaining improvements in the coordination and management of care
for the target patient population;
(iii) Are monitored, periodically assessed, and prospectively
revised as necessary to ensure that the measure and its benchmark
continue to advance the coordination and management of care of the
target patient population;
(iv) Relate to the remuneration exchanged under the value-based
arrangement; and
(v) Are not based solely on patient satisfaction or patient
convenience.
(5) The offeror of the remuneration does not take into account the
volume or value of, or condition the remuneration on:
(i) Referrals of patients who are not part of the target patient
population; or
(ii) Business not covered under the value-based arrangement.
(6) The recipient pays at least 15 percent of the offeror's cost
for the remuneration, using any reasonable accounting methodology, or
the fair market value of the in-kind remuneration. If it is a one-time
cost, the recipient makes such contribution in advance of receiving the
in-kind remuneration. If it is an ongoing cost, the recipient makes
such contribution at reasonable, regular intervals.
(7) The value-based arrangement does not:
(i) Limit the VBE participant's ability to make decisions in the
best interests of its patients;
(ii) Direct or restrict referrals to a particular provider,
practitioner, or supplier if:
(A) A patient expresses a preference for a different practitioner,
provider, or supplier;
(B) The patient's payor determines the provider, practitioner, or
supplier; or
(C) Such direction or restriction is contrary to applicable law
under titles XVIII and XIX of the Act; or
(iii) Induce parties to furnish medically unnecessary items or
services, or reduce or limit medically necessary items or services
furnished to any patient.
(8) The exchange of remuneration by a limited technology
participant and another VBE participant or the VBE must not be
conditioned on any recipient's exclusive use or minimum purchase of any
item or service manufactured, distributed, or sold by the limited
technology participant.
(9) The VBE, a VBE participant in the value-based arrangement
acting on the VBE's behalf, or the VBE's accountable body or
responsible person reasonably monitors and assesses the following and
reports the monitoring and assessment of the following to the VBE's
accountable body or responsible person, as applicable, no less
frequently than annually or at least once during the term of the value-
based arrangement for arrangements with terms of less than 1 year:
(i) The coordination and management of care for the target patient
population in the value-based arrangement;
(ii) Any deficiencies in the delivery of quality care under the
value-based arrangement; and
(iii) Progress toward achieving the legitimate outcome or process
measure(s) in the value-based arrangement.
(10) If the VBE's accountable body or responsible person
determines, based on the monitoring and assessment conducted pursuant
to paragraph (ee)(9) of this section, that the value-based arrangement
has resulted in material deficiencies in quality of care or is unlikely
to further the coordination and management of care for the target
patient population, the parties must within 60 days either:
(i) Terminate the arrangement; or
(ii) Develop and implement a corrective action plan designed to
remedy the deficiencies within 120 days, and if the corrective action
plan fails to remedy the deficiencies within 120 days, terminate the
value-based arrangement.
(11) The offeror does not and should not know that the remuneration
is likely to be diverted, resold, or used by the recipient for an
unlawful purpose.
(12) For a period of at least 6 years, the VBE or VBE participant
makes available to the Secretary, upon request, all materials and
records sufficient to establish compliance with the conditions of this
paragraph (ee).
(13) The remuneration is not exchanged by:
(i) A pharmaceutical manufacturer, distributor, or wholesaler;
(ii) A pharmacy benefit manager;
(iii) A laboratory company;
(iv) A pharmacy that primarily compounds drugs or primarily
dispenses compounded drugs;
(v) Except to the extent the entity is a limited technology
participant, a manufacturer of a device or medical supply;
(vi) Except to the extent the entity or individual is a limited
technology participant, an entity or individual that sells or rents
durable medical equipment, prosthetics, orthotics, or supplies covered
by a Federal health care program (other than a pharmacy or a physician,
provider, or other entity that primarily furnishes services); or
(vii) A medical device distributor or wholesaler that is not
otherwise a manufacturer of a device or medical supplies.
(14) For purposes of this paragraph (ee), the following definitions
apply:
(i) Coordination and management of care (or coordinating and
managing care) means the deliberate organization of patient care
activities and sharing of information between two or more VBE
participants, one or more VBE participants and the VBE, or one or more
VBE participants and patients, that is designed to achieve safer, more
effective, or more efficient care to improve the health outcomes of the
target patient population.
(ii) Digital health technology means hardware, software, or
services that electronically capture, transmit, aggregate, or analyze
data and that are used for the purpose of coordinating and managing
care; such term includes any internet or other connectivity service
that is necessary and used to enable the operation of the item or
service for that purpose.
(iii) Limited technology participant means a VBE participant that
exchanges digital health technology with another VBE participant or a
VBE and that is:
(A) A manufacturer of a device or medical supply, but not including
a manufacturer of a device or medical supply that was obligated under
42 CFR 403.906 to report one or more ownership or investment interests
held by a physician or an immediate family member during the preceding
calendar year, or that reasonably anticipates that it will be obligated
to report one or more ownership or investment interests held by a
physician or an immediate family member during the present calendar
year (for purposes of this paragraph, the terms ``ownership or
investment interest,'' ``physician,'' and ``immediate family member''
have the same meaning as set forth in 42 CFR 403.902); or
(B) An entity or individual that sells or rents durable medical
equipment, prosthetics, orthotics, or supplies covered by a Federal
health care program (other than a pharmacy or a physician, provider, or
other entity that primarily furnishes services).
(iv) Manufacturer of a device or medical supply means an entity
that meets the definition of applicable manufacturer in 42 CFR 403.902
because it is engaged in the production, preparation, propagation,
compounding, or conversion of a device or medical supply that meets the
definition of covered drug, device, biological, or
[[Page 77891]]
medical supply in 42 CFR 403.902, but not including entities under
common ownership with such entity.
(v) Target patient population means an identified patient
population selected by the VBE or its VBE participants using legitimate
and verifiable criteria that:
(A) Are set out in writing in advance of the commencement of the
value-based arrangement; and
(B) Further the value-based enterprise's value-based purpose(s).
(vi) Value-based activity. (A) Means any of the following
activities, provided that the activity is reasonably designed to
achieve at least one value-based purpose of the value-based enterprise:
(1) The provision of an item or service;
(2) The taking of an action; or
(3) The refraining from taking an action; and
(B) Does not include the making of a referral.
(vii) Value-based arrangement means an arrangement for the
provision of at least one value-based activity for a target patient
population to which the only parties are:
(A) The value-based enterprise and one or more of its VBE
participants; or
(B) VBE participants in the same value-based enterprise.
(viii) Value-based enterprise or VBE means two or more VBE
participants:
(A) Collaborating to achieve at least one value-based purpose;
(B) Each of which is a party to a value-based arrangement with the
other or at least one other VBE participant in the value-based
enterprise;
(C) That have an accountable body or person responsible for
financial and operational oversight of the value-based enterprise; and
(D) That have a governing document that describes the value-based
enterprise and how the VBE participants intend to achieve its value-
based purpose(s).
(ix) Value-based enterprise participant or VBE participant means an
individual or entity that engages in at least one value-based activity
as part of a value-based enterprise, other than a patient acting in
their capacity as a patient.
(x) Value-based purpose means:
(A) Coordinating and managing the care of a target patient
population;
(B) Improving the quality of care for a target patient population;
(C) Appropriately reducing the costs to or growth in expenditures
of payors without reducing the quality of care for a target patient
population; or
(D) Transitioning from health care delivery and payment mechanisms
based on the volume of items and services provided to mechanisms based
on the quality of care and control of costs of care for a target
patient population.
(ff) Value-based arrangements with substantial downside financial
risk. As used in section 1128B of the Act, ``remuneration'' does not
include the exchange of payments or anything of value between a VBE and
a VBE participant pursuant to a value-based arrangement if all of the
following standards in paragraphs (ff)(1) through (8) of this section
are met:
(1) The remuneration is not exchanged by:
(i) A pharmaceutical manufacturer, distributor, or wholesaler;
(ii) A pharmacy benefit manager;
(iii) A laboratory company;
(iv) A pharmacy that primarily compounds drugs or primarily
dispenses compounded drugs;
(v) A manufacturer of a device or medical supply;
(vi) An entity or individual that sells or rents durable medical
equipment, prosthetics, orthotics, or supplies covered by a Federal
health care program (other than a pharmacy or a physician, provider, or
other entity that primarily furnishes services); or
(vii) A medical device distributor or wholesaler that is not
otherwise a manufacturer of a device or medical supplies.
(2) The VBE (directly or through a VBE participant, other than a
payor, acting on the VBE's behalf) has assumed through a written
contract or a value-based arrangement (or has entered into a written
contract or a value-based arrangement to assume in the next 6 months)
substantial downside financial risk from a payor for a period of at
least 1 year.
(3) The VBE participant (unless the VBE participant is the payor
from which the VBE is assuming risk) is at risk for a meaningful share
of the VBE's substantial downside financial risk for providing or
arranging for the provision of items and services for the target
patient population.
(4) The remuneration provided by, or shared among, the VBE and VBE
participant:
(i) Is directly connected to one or more of the VBE's value-based
purposes, at least one of which must be a value-based purpose defined
in Sec. 1001.952(ee)(14)(x)(A), (B), or (C);
(ii) Unless exchanged pursuant to risk methodologies defined in
paragraph (ff)(9)(i) or (ii) of this section, is used predominantly to
engage in value-based activities that are directly connected to the
items and services for which the VBE has assumed (or has entered into a
written contract or value-based arrangement to assume in the next 6
months) substantial downside financial risk;
(iii) Does not include the offer or receipt of an ownership or
investment interest in an entity or any distributions related to such
ownership or investment interest; and
(iv) Is not exchanged or used for the purpose of marketing items or
services furnished by the VBE or a VBE participant to patients or for
patient recruitment activities.
(5) The value-based arrangement is set forth in writing, is signed
by the parties in advance of, or contemporaneous with, the commencement
of the value-based arrangement and any material change to the value-
based arrangement, and specifies all material terms including:
(i) Terms evidencing that the VBE is at substantial downside
financial risk or will assume such risk in the next 6 months for the
target patient population;
(ii) A description of the manner in which the VBE participant
(unless the VBE participant is the payor from which the VBE is assuming
risk) has a meaningful share of the VBE's substantial downside
financial risk; and
(iii) The value-based activities, the target patient population,
and the type of remuneration exchanged.
(6) The VBE or VBE participant offering the remuneration does not
take into account the volume or value of, or condition the remuneration
on:
(i) Referrals of patients who are not part of the target patient
population; or
(ii) Business not covered under the value-based arrangement.
(7) The value-based arrangement does not:
(i) Limit the VBE participant's ability to make decisions in the
best interests of its patients;
(ii) Direct or restrict referrals to a particular provider,
practitioner, or supplier if:
(A) A patient expresses a preference for a different practitioner,
provider, or supplier;
(B) The patient's payor determines the provider, practitioner, or
supplier; or
(C) Such direction or restriction is contrary to applicable law
under titles XVIII and XIX of the Act; or
(iii) Induce parties to reduce or limit medically necessary items
or services furnished to any patient.
(8) For a period of at least 6 years, the VBE or VBE participant
makes available to the Secretary, upon request, all materials and
records sufficient to establish compliance with the conditions of this
paragraph (ff).
(9) For purposes of this paragraph (ff), the following definitions
apply:
[[Page 77892]]
(i) Substantial downside financial risk means:
(A) Financial risk equal to at least 30 percent of any loss, where
losses and savings are calculated by comparing current expenditures for
all items and services that are covered by the applicable payor and
furnished to the target patient population to a bona fide benchmark
designed to approximate the expected total cost of such care;
(B) Financial risk equal to at least 20 percent of any loss, where:
(1) Losses and savings are calculated by comparing current
expenditures for all items and services furnished to the target patient
population pursuant to a defined clinical episode of care that are
covered by the applicable payor to a bona fide benchmark designed to
approximate the expected total cost of such care for the defined
clinical episode of care; and
(2) The parties design the clinical episode of care to cover items
and services collectively furnished in more than one care setting; or
(C) The VBE receives from the payor a prospective, per-patient
payment that is:
(1) Designed to produce material savings; and
(2) Paid on a monthly, quarterly, or annual basis for a predefined
set of items and services furnished to the target patient population,
designed to approximate the expected total cost of expenditures for the
predefined set of items and services.
(ii) Meaningful share means the VBE participant:
(A) Assumes two-sided risk for at least 5 percent of the losses and
savings, as applicable, realized by the VBE pursuant to its assumption
of substantial downside financial risk; or
(B) Receives from the VBE a prospective, per-patient payment on a
monthly, quarterly, or annual basis for a predefined set of items and
services furnished to the target patient population, designed to
approximate the expected total cost of expenditures for the predefined
set of items and services, and does not claim payment in any form from
the payor for the predefined items and services.
(iii) Manufacturer of a device or medical supply, target patient
population, value-based activity, value-based arrangement, value-based
enterprise, value-based purpose, and VBE participant shall have the
meaning set forth in paragraph (ee) of this section.
(gg) Value-based arrangements with full financial risk. As used in
section 1128B of the Act, ``remuneration'' does not include the
exchange of payments or anything of value between the VBE and a VBE
participant pursuant to a value-based arrangement if all of the
standards in paragraphs (gg)(1) through (9) of this section are met:
(1) The remuneration is not exchanged by:
(i) A pharmaceutical manufacturer, distributor, or wholesaler;
(ii) A pharmacy benefit manager;
(iii) A laboratory company;
(iv) A pharmacy that primarily compounds drugs or primarily
dispenses compounded drugs;
(v) A manufacturer of a device or medical supply;
(vi) An entity or individual that sells or rents durable medical
equipment, prosthetics, orthotics, or supplies covered by a Federal
health care program (other than a pharmacy or a physician, provider, or
other entity that primarily furnishes services); or
(vii) A medical device distributor or wholesaler that is not
otherwise a manufacturer of a device or medical supplies.
(2) The VBE (directly or through a VBE participant, other than a
payor, acting on behalf of the VBE) has assumed through a written
contract or a value-based arrangement (or has entered into a written
contract or a value-based arrangement to assume in the next 1 year)
full financial risk from a payor.
(3) The value-based arrangement is set forth in writing, is signed
by the parties, and specifies all material terms, including the value-
based activities and the term.
(4) The VBE participant (unless the VBE participant is a payor)
does not claim payment in any form from the payor for items or services
covered under the contract or value-based arrangement between the VBE
and the payor described in paragraph (2).
(5) The remuneration provided by, or shared among, the VBE and VBE
participant:
(i) Is directly connected to one or more of the VBE's value-based
purposes;
(ii) Does not include the offer or receipt of an ownership or
investment interest in an entity or any distributions related to such
ownership or investment interest; and
(iii) Is not exchanged or used for the purpose of marketing items
or services furnished by the VBE or a VBE participant to patients or
for patient recruitment activities.
(6) The value-based arrangement does not induce parties to reduce
or limit medically necessary items or services furnished to any
patient.
(7) The VBE or VBE participant offering the remuneration does not
take into account the volume or value of, or condition the remuneration
on:
(i) Referrals of patients who are not part of the target patient
population; or
(ii) Business not covered under the value-based arrangement.
(8) The VBE provides or arranges for a quality assurance program
for services furnished to the target patient population that:
(i) Protects against underutilization; and
(ii) Assesses the quality of care furnished to the target patient
population.
(9) For a period of at least 6 years, the VBE or VBE participant
makes available to the Secretary, upon request, all materials and
records sufficient to establish compliance with the conditions of this
paragraph (gg).
(10) For purposes of this paragraph (gg), the following definitions
apply:
(i) Full financial risk means the VBE is financially responsible on
a prospective basis for the cost of all items and services covered by
the applicable payor for each patient in the target patient population
for a term of at least 1 year.
(ii) Prospective basis means that the VBE has assumed financial
responsibility for the cost of all items and services covered by the
applicable payor prior to the provision of items and services to
patients in the target patient population.
(iii) Items and services means health care items, devices,
supplies, and services.
(iv) Manufacturer of a device or medical supply, target patient
population, value-based activity, value-based arrangement, value-based
enterprise, value-based purpose, and VBE participant shall have the
meaning set forth in paragraph (ee) of this section.
(hh) Arrangements for patient engagement and support to improve
quality, health outcomes, and efficiency. As used in section 1128B of
the Act, ``remuneration'' does not include a patient engagement tool or
support furnished by a VBE participant to a patient in the target
patient population of a value-based arrangement to which the VBE
participant is a party if all of the conditions in paragraphs (hh)(1)
through (9) of this section are met:
(1) The VBE participant is not:
(i) A pharmaceutical manufacturer, distributor, or wholesaler;
(ii) A pharmacy benefit manager;
(iii) A laboratory company;
(iv) A pharmacy that primarily compounds drugs or primarily
dispenses compounded drugs;
(v) A manufacturer of a device or medical supply, unless the
patient engagement tool or support is digital health technology;
[[Page 77893]]
(vi) An entity or individual that sells or rents durable medical
equipment, prosthetics, orthotics, or supplies covered by a Federal
health care program (other than a pharmacy, a manufacturer of a device
or medical supply, or a physician, provider, or other entity that
primarily furnishes services);
(vii) A medical device distributor or wholesaler that is not
otherwise a manufacturer of a device or medical supply; or
(viii) A manufacturer of a device or medical supply that was
obligated under 42 CFR 403.906 to report one or more ownership or
investment interests held by a physician or an immediate family member
during the preceding calendar year, or that reasonably anticipates that
it will be obligated to report one or more ownership or investment
interests held by a physician or an immediate family member during the
present calendar year, even if the patient engagement tool or support
is digital health technology (for purposes of this paragraph, the terms
``ownership or investment interest,'' ``physician,'' and ``immediate
family member'' have the same meaning as set forth in 42 CFR 403.902).
(2) The patient engagement tool or support is furnished directly to
the patient (or the patient's caregiver, family member, or other
individual acting on the patient's behalf) by a VBE participant that is
a party to the value-based arrangement or its eligible agent.
(3) The patient engagement tool or support:
(i) Is an in-kind item, good, or service;
(ii) That has a direct connection to the coordination and
management of care of the target patient population;
(iii) Does not include any cash or cash equivalent;
(iv) Does not result in medically unnecessary or inappropriate
items or services reimbursed in whole or in part by a Federal health
care program;
(v) Is recommended by the patient's licensed health care
professional; and
(vi) Advances one or more of the following goals:
(A) Adherence to a treatment regimen determined by the patient's
licensed health care professional.
(B) Adherence to a drug regimen determined by the patient's
licensed health care professional.
(C) Adherence to a followup care plan established by the patient's
licensed health care professional.
(D) Prevention or management of a disease or condition as directed
by the patient's licensed health care professional.
(E) Ensure patient safety.
(4) The patient engagement tool or support is not funded or
contributed by:
(i) A VBE participant that is not a party to the applicable value-
based arrangement; or
(ii) An entity listed in paragraph (hh)(1) of this section.
(5) The aggregate retail value of patient engagement tools and
supports furnished to a patient by a VBE participant on an annual basis
does not exceed $500. The monetary cap set forth in this paragraph
(hh)(5) is adjusted each calendar year to the nearest whole dollar by
the increase in the Consumer Price Index--Urban All Items (CPI-U) for
the 12-month period ending the preceding September 30. OIG will publish
guidance after September 30 of each year reflecting the increase in the
CPI-U for the 12-month period ending September 30 and the new monetary
cap applicable for the following calendar year.
(6) The VBE participant or any eligible agent does not exchange or
use the patient engagement tools or supports to market other
reimbursable items or services or for patient recruitment purposes.
(7) For a period of at least 6 years, the VBE participant makes
available to the Secretary, upon request, all materials and records
sufficient to establish that the patient engagement tool or support was
distributed in a manner that meets the conditions of this paragraph
(hh).
(8) The availability of a tool or support is not determined in a
manner that takes into account the type of insurance coverage of the
patient.
(9) For purposes of this paragraph (hh), the following definitions
apply:
(i) Eligible agent means any person or entity that is not
identified in paragraphs (hh)(1)(i) through (viii) of this section as
ineligible to furnish protected tools and supports under this
paragraph.
(ii) Coordination and management of care, target patient
population, value-based arrangement, VBE, VBE participant, manufacturer
of a device or medical supply, and digital health technology shall have
the meaning set forth in paragraph (ee) of this section.
(ii) CMS-sponsored model arrangements and CMS-sponsored model
patient incentives.
(1) As used in section 1128B of the Act, ``remuneration'' does not
include an exchange of anything of value between or among CMS-sponsored
model parties under a CMS-sponsored model arrangement for which CMS has
determined that this safe harbor is available if all of the following
conditions are met:
(i) The CMS-sponsored model parties reasonably determine that the
CMS-sponsored model arrangement will advance one or more goals of the
CMS-sponsored model;
(ii) The exchange of value does not induce CMS-sponsored model
parties or other providers or suppliers to furnish medically
unnecessary items or services, or reduce or limit medically necessary
items or services furnished to any patient;
(iii) The CMS-sponsored model parties do not offer, pay, solicit,
or receive remuneration in return for, or to induce or reward, any
Federal health care program referrals or other Federal health care
program business generated outside of the CMS-sponsored model;
(iv) The CMS-sponsored model parties in advance of or
contemporaneous with the commencement of the CMS-sponsored model
arrangement set forth the terms of the CMS-sponsored model arrangement
in a signed writing. The writing must specify at a minimum the
activities to be undertaken by the CMS-sponsored model parties and the
nature of the remuneration to be exchanged under the CMS-sponsored
model arrangement;
(v) The parties to the CMS-sponsored model arrangement make
available to the Secretary, upon request, all materials and records
sufficient to establish whether the remuneration was exchanged in a
manner that meets the conditions of this safe harbor; and
(vi) The CMS-sponsored model parties satisfy such programmatic
requirements as may be imposed by CMS in connection with the use of
this safe harbor.
(2) As used in section 1128B of the Act, ``remuneration'' does not
include a CMS-sponsored model patient incentive for which CMS has
determined that this safe harbor is available if all of the following
conditions are met:
(i) The CMS-sponsored model participant reasonably determines that
the CMS-sponsored model patient incentive will advance one or more
goals of the CMS-sponsored model;
(ii) The CMS-sponsored model patient incentive has a direct
connection to the patient's health care unless the participation
documentation expressly specifies a different standard;
(iii) The CMS-sponsored model patient incentive is furnished by a
CMS-sponsored model participant (or by an agent of the CMS-sponsored
model participant under the CMS-sponsored model participant's direction
and control), unless otherwise specified by the participation
documentation;
(iv) The CMS-sponsored model participant makes available to the
[[Page 77894]]
Secretary, upon request, all materials and records sufficient to
establish whether the CMS-sponsored model patient incentive was
distributed in a manner that meets the conditions of this safe harbor;
and
(v) The CMS-sponsored model patient incentive is furnished
consistent with the CMS-sponsored model and satisfies such programmatic
requirements as may be imposed by CMS in connection with the use of
this safe harbor.
(3) For purposes of this paragraph (ii), the following definitions
apply:
(i) CMS-sponsored model means:
(A) A model being tested under section 1115A(b) of the Act or a
model expanded under section 1115A(c) of the Act; or
(B) The Medicare shared savings program under section 1899 of the
Act.
(ii) CMS-sponsored model arrangement means a financial arrangement
between or among CMS-sponsored model parties to engage in activities
under the CMS-sponsored model that is consistent with, and is not a
type of arrangement prohibited by, the participation documentation.
(iii) CMS-sponsored model participant means an individual or entity
that is subject to and is operating under participation documentation
with CMS to participate in a CMS-sponsored model.
(iv) CMS-sponsored model party means:
(A) A CMS-sponsored model participant; or
(B) Another individual or entity whom the participation
documentation specifies may enter into a CMS-sponsored model
arrangement.
(v) CMS-sponsored model patient incentive means remuneration not of
a type prohibited by the participation documentation that is furnished
to a patient under the terms of a CMS-sponsored model.
(vi) Participation documentation means the participation agreement,
legal instrument setting forth the terms and conditions of a grant or
cooperative agreement, regulations, or model-specific addendum to an
existing contract with CMS that specifies the terms of a CMS-sponsored
model.
(4) For purposes of remuneration that satisfies this paragraph
(ii), the safe harbor protects:
(i) For a CMS-sponsored model governed by participation
documentation other than the legal instrument setting forth the terms
and conditions of a grant or a cooperative agreement, the exchange of
remuneration between CMS-sponsored model parties that occurs on or
after the first day on which services under the CMS-sponsored model
begin and no later than 6 months after the final payment determination
made by CMS under the model;
(ii) For a CMS-sponsored model governed by the legal instrument
setting forth the terms and conditions of a grant or cooperative
agreement, the exchange of remuneration between CMS-sponsored model
parties that occurs on or after the first day of the period of
performance (as defined at 45 CFR 75.2) or such other date specified in
the participation documentation and no later than 6 months after
closeout occurs pursuant to 45 CFR 75.381; and
(iii) For a CMS-sponsored model patient incentive, an incentive
given on or after the first day on which patient care services may be
furnished under the CMS-sponsored model as specified by CMS in the
participation documentation and no later than the last day on which
patient care services may be furnished under the CMS-sponsored model,
unless a different timeframe is established in the participation
documentation. A patient may retain any incentives furnished in
compliance with paragraph (ii)(2) of this section.
(jj) Cybersecurity technology and related services. As used in
section 1128B of the Act, ``remuneration'' does not include nonmonetary
remuneration (consisting of cybersecurity technology and services) that
is necessary and used predominantly to implement, maintain, or
reestablish effective cybersecurity if all of the conditions in
paragraphs (jj)(1) through (4) of this section are met.
(1) The donor does not:
(i) Directly take into account the volume or value of referrals or
other business generated between the parties when determining the
eligibility of a potential recipient for the technology or services, or
the amount or nature of the technology or services to be donated; or
(ii) Condition the donation of technology or services, or the
amount or nature of the technology or services to be donated, on future
referrals.
(2) Neither the recipient nor the recipient's practice (or any
affiliated individual or entity) makes the receipt of technology or
services, or the amount or nature of the technology or services, a
condition of doing business with the donor.
(3) A general description of the technology and services being
provided and the amount of the recipient's contribution, if any, are
set forth in writing and signed by the parties.
(4) The donor does not shift the costs of the technology or
services to any Federal health care program.
(5) For purposes of this paragraph (jj) the following definitions
apply:
(i) Cybersecurity means the process of protecting information by
preventing, detecting, and responding to cyberattacks.
(ii) Technology means any software or other types of information
technology.
(kk) ACO Beneficiary Incentive Program. As used in section 1128B of
the Act, ``remuneration'' does not include an incentive payment made by
an ACO to an assigned beneficiary under a beneficiary incentive program
established under section 1899(m) of the Act, as amended by Congress
from time to time, if the incentive payment is made in accordance with
the requirements found in such subsection.
PART 1003--CIVIL MONEY PENALTIES, ASSESSMENTS AND EXCLUSIONS
0
3. The authority citation for part 1003 continues to read as follows:
Authority: 42 U.S.C. 262a, 1302, 1320-7, 1320a-7a, 1320b-10,
1395u(j), 1395u(k), 1395cc(j), 1395w-141(i)(3), 1395dd(d)(1),
1395mm, 1395nn(g), 1395ss(d), 1396b(m), 11131(c), and 11137(b)(2).
0
4. Section 1003.110 is amended--
0
a. In the definition of ``Remuneration'' by adding paragraph (10); and
0
b. By adding in alphabetical order a definition for ``Telehealth
technologies.''
The additions read as follows:
Sec. 1003.110 Definitions.
* * * * *
Remuneration * * *
* * * * *
(10) The provision of telehealth technologies by a provider of
services, physician, or a renal dialysis facility (as such terms are
defined for purposes of title XVIII of the Act) to an individual with
end-stage renal disease who is receiving home dialysis for which
payment is being made under part B of such title, if:
(i) The telehealth technologies are furnished to the individual by
the provider of services, physician, or the renal dialysis facility
that is currently providing the in-home dialysis, telehealth services,
or other end-stage renal disease care to the individual, or has been
selected or contacted by the individual to schedule an appointment or
provide services;
(ii) The telehealth technologies are not offered as part of any
advertisement or solicitation; and
(iii) The telehealth technologies are provided for the purpose of
furnishing telehealth services related to the individual's end-stage
renal disease.
* * * * *
[[Page 77895]]
Telehealth technologies, for purposes of paragraph (10) of the
definition of the term ``remuneration'' as set forth in this section,
means hardware, software, and services that support distant or remote
communication between the patient and provider, physician, or renal
dialysis facility for diagnosis, intervention, or ongoing care
management.
* * * * *
Christi A. Grimm,
Principal Deputy, Inspector General.
Alex M. Azar II,
Secretary.
[FR Doc. 2020-26072 Filed 11-20-20; 4:30 pm]
BILLING CODE 4152-01-P