[Federal Register Volume 84, Number 201 (Thursday, October 17, 2019)]
[Proposed Rules]
[Pages 55694-55765]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-22027]
[[Page 55693]]
Vol. 84
Thursday,
No. 201
October 17, 2019
Part II
Department of Health and Human Services
-----------------------------------------------------------------------
Office of Inspector General
-----------------------------------------------------------------------
42 CFR Parts 1001 and 1003
Department of Health and Human Services
-----------------------------------------------------------------------
Centers for Medicare & Medicaid Services
-----------------------------------------------------------------------
42 CFR Part 411
Medicare and State Healthcare Programs: Fraud and Abuse; Revisions To
Safe Harbors Under the Anti-Kickback Statute, And Civil Monetary
Penalty Rules Regarding Beneficiary Inducements; Medicare Program;
Modernizing and Clarifying the Physician Self-Referral Regulations;
Proposed Rules
��Federal Register / Vol. 84 , No. 201 / Thursday, October 17, 2019 /
Proposed Rules��
[[Page 55694]]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Office of Inspector General
42 CFR Parts 1001 and 1003
RIN 0936-AA10
Medicare and State Healthcare Programs: Fraud and Abuse;
Revisions To Safe Harbors Under the Anti-Kickback Statute, and Civil
Monetary Penalty Rules Regarding Beneficiary Inducements
AGENCY: Office of Inspector General (OIG), Department of Health and
Human Services (HHS).
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: This proposed rule is being issued by the Office of Inspector
General (OIG) in conjunction with the Department of Health and Human
Services' Regulatory Sprint to Coordinated Care. It proposes to add, on
a prospective basis only after a final rule is issued, safe harbor
protections under the Federal anti-kickback statute for certain
coordinated care and associated value-based arrangements between or
among clinicians, providers, suppliers, and others that squarely meet
all safe harbor conditions. It also would add protections under the
anti-kickback statute and civil monetary penalty (CMP) law that
prohibits inducements offered to patients for certain patient
engagement and support arrangements to improve quality of care, health
outcomes, and efficiency of care delivery that squarely meet all safe
harbor conditions. The proposed rule would add a new safe harbor for
donations of cybersecurity technology and amend the existing safe
harbors for electronic health records (EHR) arrangements, warranties,
local transportation, and personal services and management contracts.
Further, the proposed rule would add a new safe harbor pursuant to a
statutory change set forth in the Bipartisan Budget Act of 2018 (Budget
Act of 2018) related to beneficiary incentives under the Medicare
Shared Savings Program and a new CMP exception for certain telehealth
technologies offered to patients receiving in-home dialysis, also
pursuant to the Budget Act of 2018.
DATES: To ensure consideration, comments must be delivered to the
address provided below by 5 p.m. on December 31, 2019. The 75-day
period for public comments being set forth in this proposed rule will
serve to protect the public's interest in this rulemaking process by
allowing for an opportunity for additional input and recommendations,
without unduly delaying any final rulemaking.
ADDRESSES: In commenting, please reference file code OIG-0936-AA10-P.
Because of staff and resource limitations, we cannot accept comments by
facsimile (fax) transmission. However, you may submit comments using
one of three ways (no duplicates, please):
1. Electronically. You may submit electronic comments on this
regulation to http://www.regulations.gov. Follow the ``Submit a
comment'' instructions.
2. By regular, express, or overnight mail. You may send written
comments to the following address: Office of Inspector General,
Department of Health and Human Services, Attention: OIG-0936-AA10-P,
Room 5521, Cohen Building, 330 Independence Avenue SW, Washington, DC
20201.
Please allow sufficient time for mailed comments to be received
before the close of the comment period.
3. By hand or courier. If you prefer, you may deliver your written
comments by hand or courier before the close of the comment period to:
Office of Inspector General, Department of Health and Human Services,
Cohen Building, Room 5521, 330 Independence Avenue SW, Washington, DC
20201.
Because access to the interior of the Cohen Building is not readily
available to persons without Federal Government identification,
commenters are encouraged to schedule their delivery with one of our
staff members at (202) 619-0335.
Inspection of Public Comments: All comments received before the end
of the comment period will be posted on http://www.regulations.gov for
public viewing. Hard copies will also be available for public
inspection at the Office of Inspector General, Department of Health and
Human Services, Cohen Building, 330 Independence Avenue SW, Washington,
DC 20201, Monday through Friday from 8:30 a.m. to 4 p.m. To schedule an
appointment to view public comments, phone (202) 619-0335.
FOR FURTHER INFORMATION CONTACT: Jillian Sparks or Meredith Williams,
(202) 619-0335.
SUPPLEMENTARY INFORMATION:
------------------------------------------------------------------------
Social Security Act citation United States Code citation
------------------------------------------------------------------------
1128B, 1128D, 1102, 1128A................. 42 U.S.C. 1320a-7b, 42
U.S.C. 1320a-7d, 42 U.S.C.
1302, 42 U.S.C. 1320a.-7a.
------------------------------------------------------------------------
I. Executive Summary
A. Purpose and Need for Regulatory Action
The Secretary of Health and Human Services (the Secretary) has
identified transforming our healthcare system to one that pays for
value as one of the top priorities of the Department of Health and
Human Services (the Department or HHS). Unlike the traditional fee-for-
service (FFS) payment system, which rewards providers for the volume of
care delivered, a value-driven healthcare system is one that pays for
health and outcomes. Delivering better value from our healthcare system
will require the transformation of established practices and enhanced
collaboration among providers and other individuals and entities. The
purpose of this proposed rule is to modify existing safe harbors to the
anti-kickback statute and add new safe harbors and a new CMP law
exception to remove potential barriers to more effective coordination
and management of patient care and delivery of value-based care that
improves quality of care, health outcomes, and efficiency.
Since the enactment in 1972 of the Federal anti-kickback statute,
there have been significant changes in the delivery of, and payment
for, healthcare items and services within the Medicare and Medicaid
programs and for non-Federal payors and patients. This has included
changes to traditional FFS Medicare (i.e., Medicare Parts A and B),
Medicare Advantage, and states' Medicaid programs. For some time, the
Department has worked to align payment under the Medicare program with
the quality of the care provided to Federal health care program
beneficiaries. Laws such as the Medicare Prescription Drug,
Improvement, and Modernization Act of 2003 (MMA),\1\ the Deficit
Reduction Act of 2005 (DRA),\2\ and the Medicare Improvements for
Patients and Providers Act of 2008 (MIPPA) \3\ are among statutes that
guided the Department's efforts to move toward healthcare delivery and
payment reform. The Patient Protection and Affordable Care Act (ACA)
\4\ required or encouraged significant changes to the Medicare
program's payment systems and provided the Secretary with broad
authority to test and implement models to promote reforms, including
through the Center for Medicare and Medicaid
[[Page 55695]]
Innovation (the Innovation Center) within the Centers for Medicare &
Medicaid Services (CMS).\5\
---------------------------------------------------------------------------
\1\ Public Law 108-173, 117 Stat. 2066.
\2\ Public Law 109-171, 120 Stat. 4.
\3\ Public Law 110-275, 122 Stat. 2494.
\4\ Public Law 111-148, 124 Stat. 119, as amended by the Health
Care and Education Reconciliation Act of 2010 (Pub. L. 111-152, 124
Stat. 1029).
\5\ The Innovation Center's purpose is to test innovative
payment and service delivery models to reduce the cost of care
furnished to patients in the Medicare and Medicaid programs while
preserving or enhancing the quality of that care. Using its
authority in section 1115A of the Social Security Act (the Act), 42
U.S.C. 1315a, the Innovation Center is testing many healthcare
delivery and payment models in which providers, suppliers, and
individual practitioners participate.
---------------------------------------------------------------------------
The Department has identified the broad reach of the Federal anti-
kickback statute \6\ and the CMP law provision prohibiting inducements
to beneficiaries, the ``beneficiary inducements CMP,'' \7\ as well as
the Federal physician self-referral law (sometimes known as the Stark
law),\8\ as potentially inhibiting beneficial arrangements that would
advance the transition to value-based care and improve the coordination
of patient care among providers and across care settings in both the
Federal health care programs and commercial sectors. Industry
stakeholders have informed the Department that, because the
consequences of potential noncompliance with the physician self-
referral law and the Federal anti-kickback statute could be dire,
providers, suppliers, and others may be discouraged from entering into
innovative arrangements that would improve quality and health outcomes,
produce health system efficiencies, and lower costs (or slow their rate
of growth).
---------------------------------------------------------------------------
\6\ 42 U.S.C. 1320a-7b(b).
\7\ 42 U.S.C. 1320a-7a(a)(5).
\8\ 42 U.S.C. 1395nn.
---------------------------------------------------------------------------
To address these concerns and accelerate the transformation of the
healthcare system into one that better pays for value and promotes care
coordination, HHS launched a Regulatory Sprint to Coordinated Care
(Regulatory Sprint), led by the Deputy Secretary. This Regulatory
Sprint aims to remove potential regulatory barriers to care
coordination and value-based care created by four key healthcare laws
and associated regulations: (i) The physician self-referral law, (ii)
the Federal anti-kickback statute, (iii) the Health Insurance
Portability and Accountability Act of 1996 (HIPAA),\9\ and (iv) rules
under 42 CFR part 2 related to substance use disorder treatment.
---------------------------------------------------------------------------
\9\ Public Law 104-191, 110 Stat. 1936.
---------------------------------------------------------------------------
Through the Regulatory Sprint, HHS aims to encourage and improve:
A patient's ability to understand treatment plans and make
empowered decisions;
providers' alignment on end-to-end treatment (i.e.,
coordination among providers along the patient's full care journey);
incentives for providers to coordinate, collaborate, and
provide patients tools to be more involved in their own care; and
information sharing among providers, facilities, and other
stakeholders in a manner that facilitates efficient care while
preserving and protecting patient access to data.
In connection with the Regulatory Sprint, OIG issued a request for
information (OIG RFI) regarding the Federal anti-kickback statute and
beneficiary inducements CMP on August 27, 2018.\10\ CMS published a
Request for Information Regarding the Physician Self-Referral Law in
June 2018 (CMS RFI).\11\ In the OIG RFI, we sought feedback on ways in
which we might modify or add new safe harbors to the Federal anti-
kickback statute and exceptions to the beneficiary inducements CMP
definition of ``remuneration'' to foster arrangements that would
promote care coordination and advance the delivery of value-based care
while also protecting patients and taxpayer dollars against harms
caused by fraud and abuse. OIG received 359 comments in response to its
RFI from a variety of individuals and organizations.
---------------------------------------------------------------------------
\10\ Medicare and State Health Care Programs: Fraud and Abuse;
Request for Information Regarding the Anti-Kickback Statute and
Beneficiary Inducements CMP, 83 FR 43607 (Aug. 27, 2018), available
at https://oig.hhs.gov/authorities/docs/2018/RFI_Regarding_AKS_Beneficiary_Inducements_CMP.pdf.
\11\ Medicare Program; Request for Information Regarding the
Physician Self-Referral Law, 83 FR 29524 (June 25, 2018), available
at https://www.gpo.gov/fdsys/pkg/FR-2018-06-25/pdf/2018-13529.pdf.
---------------------------------------------------------------------------
While most commenters strongly asserted the need for regulatory
reform to the anti-kickback statute safe harbors and exceptions to the
definition of ``remuneration'' under the beneficiary inducements CMP, a
number of commenters acknowledged that increased regulatory flexibility
could create program integrity vulnerabilities or increase the risk of
harms associated with fraud and abuse and urged OIG to exercise caution
and include adequate safeguards in any regulatory proposals. Comments
supporting regulatory reform encompassed a number of themes, including
requests for:
New safe harbors protecting financial arrangements among
parties participating in alternative payment models (APMs), value-based
arrangements, and care coordination activities;
safe harbor protection for financial arrangements with
entities not participating in Innovation Center models, including
commercial and self-pay APM arrangements;
additional protection for patient tools and supports, such
as in-kind items and services to support patient compliance with
discharge and care plans, services and supports to address unmet social
needs affecting health, and expanded protections under the local
transportation safe harbor;
enhanced safe harbor protection for transfers of
information technology, data, and cybersecurity tools;
modifications to the current ``patchwork'' fraud and abuse
waiver framework for Innovation Center models and the Medicare Shared
Savings Program; and
a variety of protections for pharmaceutical and medical
device manufacturer arrangements, including broad protections for drug
and medical device manufacturer participation in value-based contracts,
pricing arrangements, warranty arrangements, and APMs, as well as
protection for coupons and other means of direct copayment assistance
to Medicare Part D beneficiaries in certain situations.
B. Summary of OIG's Approach and Proposals
These proposed regulations are informed by comments and other
internal and external sources of information, as well as our experience
interpreting and applying the safe harbors and beneficiary inducements
CMP exceptions to a wide variety of arrangements. In developing this
proposed rule, OIG has followed several guiding principles. The first
guiding principle has been to design proposed safe harbors that allow
for beneficial innovations in healthcare delivery. The second guiding
principle has been to avoid promulgating safe harbors and exceptions
that drive such innovation to limited channels that may not reflect up-
to-date understandings in medicine, science, and technology. The third
guiding principle has been to design proposed safe harbors useful for a
range of individuals and entities engaged in the coordination and
management of patient care, including large and small practices and
health systems, rural and urban providers and suppliers, primary care
physicians and specialists, providers and suppliers contracting with
public and private payors, clinically integrated networks, and looser
affiliations of providers and suppliers collaborating to coordinate
care for patients across the continuum of care.
[[Page 55696]]
Designing proposed safe harbors with these principles in mind is
not without challenges and potential pitfalls, particularly with
respect to ensuring sufficient safeguards against potential abuses and
harms by those who might misuse the safe harbors. In this proposed
rule, we have tried to strike the right balance between flexibility for
beneficial innovation and safeguards to protect patients and Federal
health care programs. No final determination has yet been made that the
balance is correct with respect to each proposed safe harbor. Thus, no
final determination has been made that the arrangements described in
the proposals are, or should be, exempt from liability under the anti-
kickback statute. To aid us in making that determination in a final
rule, we solicit public comments throughout this proposed rule about
whether we have achieved the proper balance such that the arrangements
described in the proposed safe harbors should be protected from
criminal liability under the anti-kickback statute. To this end, we
caution that these proposed safe harbors remain subject to change
through the rulemaking process, and that the types of arrangements
described in this proposed rule remain subject to case-by-case review
under the anti-kickback statute, and if applicable, the beneficiary
inducements CMP, including with respect to the requisite intent of the
parties. The proposed safe harbors, if finalized, specifically would
address barriers to coordinated and value-based care posed by the
Federal anti-kickback statute and the beneficiary inducements CMP and
would have no application to any other law. In addition, any final safe
harbors would provide only prospective protection.
OIG's mission is to protect the integrity of the Federal health
care programs as well as the health and welfare of the people they
serve. OIG prevents and detects fraud, waste, and abuse, and promotes
economy, effectiveness, and efficiency in HHS programs. Stakeholders,
including patients, depend upon OIG to be thoughtful, cautious, and
deliberate in promulgating safe harbors to ensure that the arrangements
the safe harbors protect do not inappropriately increase costs to the
Federal health care programs or patients, corrupt practitioners'
medical judgment, or result in overutilization, inappropriate patient
steering, unfair competition, or poor-quality care. These abuses are
sometimes characterized as traditional FFS fraud and abuse risks.
Model design characteristics common to properly structured value-
based payment models could curb some traditional FFS risks. However,
value-based payment models could present other risks, including
stinting on care (underutilization), cherry picking lucrative or
adherent patients, lemon dropping costly or noncompliant patients, and
incentives to manipulate or falsify data used to verify performance and
outcomes for payment purposes. In addition, emerging value-based
payment models might present risks not yet identified by OIG or others
in the healthcare industry. Many new models combine FFS and value-based
payment features, subjecting providers to mixed incentives and
potentially posing all or some of the risks raised by volume- and
value-based payment. We seek comments on how best to address existing
and emerging risks with respect to our proposals below, individually
and collectively.
Section C of this Executive Summary and sections III and IV of this
preamble summarize our specific proposals. Several proposals address
particular types of value-based arrangements designed to promote care
coordination and allow for outcomes-based payments. We have included a
proposed safe harbor for arrangements that engage patients more
actively in preventive care and adhering to treatment and care plans
developed between them and their healthcare providers. We also are
proposing a new safe harbor related to cybersecurity tools, as well as
modifications to the existing safe harbors related to personal services
arrangements, electronic health records, warranties, and local
transportation.
Our proposals in this rulemaking focus on ensuring protected
arrangements: (i) Promote coordinated patient care and foster improved
quality, better health outcomes, and improved efficiency; and (ii)
would not be misused to perpetrate fraud and abuse, including, for
example, schemes in which patients receive unnecessary or substandard
care or Federal health care programs are billed for medically
unnecessary items or services. We have sought to strike an effective
balance among the goals of clarity, objectivity, flexibility,
safeguards (including accountability and transparency), and ease of
implementation.
OIG and CMS coordinated closely to develop our respective proposed
rulemakings in connection with the Regulatory Sprint and strove, where
appropriate, to propose consistent terminology for value-based
arrangements. In many respects, OIG's proposed rules for value-based
arrangements are different or more restrictive than CMS's comparable
proposals, in recognition of the differences in statutory structures
and penalties. For some arrangements, we believe it is appropriate for
the anti-kickback statute, which is a criminal, intent-based statute,
to serve as ``backstop'' protection for arrangements that might be
protected by a less restrictive exception to the civil, strict
liability physician self-referral law. For any final rule, we would
examine our rules in combination with any rules CMS may choose to
finalize with the goal of creating an overall regulatory landscape that
is well-coordinated and serves the intended purpose to allow for
beneficial innovation; that is as streamlined as possible, consistent
with program integrity considerations; and that provides strong
protections for patients and programs, both in terms of promoting value
and ensuring that the Government can take action to protect patients
and address fraud or abuse. Arrangements that might be protected by a
physician self-referral law exception, but might not be explicitly
protected by an anti-kickback statute safe harbor, would not
necessarily be unlawful under the anti-kickback statute. They would
need to be examined on a case-by-case basis, including with respect to
the intent of the parties. We note that OIG's proposed new safe harbor
for cybersecurity items and services and modifications to the existing
safe harbor for electronic health record items and services are closely
aligned with CMS' proposals.
C. Summary of the Major Provisions
1. Anti-Kickback Statute and Safe Harbors
As described in more detail below, we propose to amend 42 CFR
1001.952 by modifying certain existing safe harbors to the anti-
kickback statute and by adding safe harbors that would provide new
protections or codify an existing statutory protection. Subject to
definitions and conditions set forth in the proposed regulations, these
proposed changes include:
Three proposed new safe harbors for certain remuneration
exchanged between or among participants in a value-based arrangement
(as further defined) that fosters better coordinated and managed
patient care: (i) Care coordination arrangements to improve quality,
health outcomes, and efficiency (1001.952(ee)); (ii) value-based
arrangements with substantial downside financial risk (1001.952(ff));
and (iii) value-based arrangements with full financial risk
(1001.952(gg)). These proposed safe harbors vary, among other ways, by
the types of remuneration protected (in-kind or in-kind and
[[Page 55697]]
monetary), the level of financial risk assumed by the parties, and the
types of safeguards included as safe harbor conditions;
a proposed new safe harbor (1001.952(hh)) for certain
tools and supports furnished under patient engagement and support
arrangements to improve quality, health outcomes, and efficiency;
a proposed new safe harbor (1001.952(ii)) for certain
remuneration provided in connection with a CMS-sponsored model, which
should reduce the need for OIG to issue separate and distinct fraud and
abuse waivers for new CMS-sponsored models;
a proposed new safe harbor (1001.952(jj)) for donations of
cybersecurity technology and services;
proposed modifications to the existing safe harbor for
electronic health records items and services (1001.952(y)) to add
protections for certain cybersecurity technology included as part of an
electronic health records arrangement, to update provisions regarding
interoperability, and to remove the sunset date;
proposed modifications to the existing safe harbor for
personal services and management contracts (1001.952(d)) to add
flexibility with respect to outcomes-based payments and part-time
arrangements;
proposed modifications to the existing safe harbor for
warranties (1001.952(g)) to revise the definition of ``warranty'' and
provide protection for warranties for one or more items and related
services;
proposed modifications to the existing safe harbor for
local transportation (1001.952(bb)) to expand and modify mileage limits
for rural areas and for transportation for discharged patients; and
codification of the statutory exception to the definition
of ``remuneration'' at section 1128B(b)(3)(K) of the Act related to ACO
Beneficiary Incentive Programs for the Medicare Shared Savings Program
(1001.952(kk)).
2. Civil Monetary Penalty Authorities
We propose to amend the definition of ``remuneration'' in the CMP
rules at 42 CFR 1003.110 by interpreting and incorporating a new
statutory exception to the prohibition on beneficiary inducements for
``telehealth technologies'' furnished to certain in-home dialysis
patients, pursuant to section 50302(c) of the Budget Act of 2018.
We further note that, if finalized, the proposed new safe harbor
for patient engagement and support arrangements (1001.952(hh)) and the
proposed modifications to the local transportation safe harbor
(1001.952(bb)) would by operation of law serve as exceptions to the
beneficiary inducements CMP prohibition's definition of
``remuneration.''
3. Costs and Benefits
There are no significant costs associated with the proposed
regulatory revisions that would impose any mandates on State, local, or
Tribal Governments or on the private sector.
II. Background
A. Anti-Kickback Statute and Safe Harbors
Section 1128B(b) of the Act, (42 U.S.C. 1320a-7b(b), the anti-
kickback statute), provides for criminal penalties for whoever
knowingly and willfully offers, pays, solicits, or receives
remuneration to induce or reward the referral of business reimbursable
under any of the Federal health care programs, as defined in section
1128B(f) of the Act (42 U.S.C. 1320a-7b(f)). The offense is classified
as a felony and is punishable by fines of up to $100,000 and
imprisonment for up to 10 years. Violations of the anti-kickback
statute also may result in the imposition of CMPs under section
1128A(a)(7) of the Act (42 U.S.C. 1320a-7a(a)(7)), program exclusion
under section 1128(b)(7) of the Act (42 U.S.C. 1320a-7(b)(7)), and
liability under the False Claims Act (31 U.S.C. 3729-33).
The types of remuneration covered specifically include, without
limitation, kickbacks, bribes, and rebates, whether made directly or
indirectly, overtly or covertly, in cash or in kind. In addition,
prohibited conduct includes not only the payment of remuneration
intended to induce or reward referrals of patients but also the payment
of remuneration intended to induce or reward the purchasing, leasing,
or ordering of, or arranging for or recommending the purchasing,
leasing, or ordering of, any good, facility, service, or item
reimbursable by any Federal health care program.
Because of the broad reach of the statute, concern was expressed
that some relatively innocuous business arrangements were covered by
the statute and, therefore, potentially subject to criminal
prosecution. In response, Congress enacted section 14 of the Medicare
and Medicaid Patient and Program Protection Act of 1987, Public Law
100-93 (section 1128B(b)(3)(E) of the Act; 42 U.S.C. 1320a-
7b(b)(3)(E)), which specifically requires the development and
promulgation of regulations, the so-called safe harbor provisions, that
would specify various payment and business practices that would not be
subject to sanctions under the anti-kickback statute, even though they
potentially may be capable of inducing referrals of business for which
payment may be made under a Federal health care program.
Section 205 of HIPAA established section 1128D of the Act (42
U.S.C. 1320a-7d), which includes criteria for modifying and
establishing safe harbors. Specifically, section 1128D(a)(2) of the Act
provides that, in modifying and establishing safe harbors, the
Secretary may consider whether a specified payment practice may result
in:
An increase or decrease in access to healthcare services;
an increase or decrease in the quality of healthcare
services;
an increase or decrease in patient freedom of choice among
healthcare providers;
an increase or decrease in competition among healthcare
providers;
an increase or decrease in the ability of healthcare
facilities to provide services in medically underserved areas or to
medically underserved populations;
an increase or decrease in the cost to Federal health care
programs;
an increase or decrease in the potential overutilization
of healthcare services;
the existence or nonexistence of any potential financial
benefit to a healthcare professional or provider, which benefit may
vary depending on whether the healthcare professional or provider
decides to order a healthcare item or service or arrange for a referral
of healthcare items or services to a particular practitioner or
provider; or
any other factors the Secretary deems appropriate in the
interest of preventing fraud and abuse in Federal health care programs.
We have considered these factors in designing our proposals. We are
interested in public comments on these factors as they relate to our
proposals. Properly structured and operated, we believe that the
arrangements we propose to protect have the potential to increase
access to care, increase quality of care, aid in the provision of items
and services in underserved areas and to underserved populations,
decrease costs to Federal health care programs, and decrease the
potential for overutilization of healthcare services. We are concerned
about reduced patient freedom of choice among providers, potential
decreases in competition among health providers, and potential
financial benefits to
[[Page 55698]]
healthcare professionals or providers that may vary inappropriately
based on their ordering decisions. We solicit comments on whether or
not our proposals adequately address these or other undesired effects;
if commenters believe the proposals would not adequately address these
effects, we solicit comments on the degree to which such effects might
occur and on additional safeguards to mitigate them.
In giving the Department the authority to protect certain
arrangements and payment practices under the anti-kickback statute,
Congress intended the safe harbor regulations to be updated
periodically to reflect changing business practices and technologies in
the healthcare industry.\12\ Since July 29, 1991, there have been a
series of final regulations published in the Federal Register
establishing safe harbors in various areas.\13\ These safe harbor
provisions have been developed ``to limit the reach of the statute
somewhat by permitting certain non-abusive arrangements, while
encouraging beneficial or innocuous arrangements.'' \14\
---------------------------------------------------------------------------
\12\ H.R. Rep. No. 100-85, Pt. 2, at 27 (1987).
\13\ Medicare and State Health Care Programs: Fraud and Abuse;
OIG Anti-Kickback Provisions, 56 FR 35952 (July 29, 1991); Medicare
and State Health Care Programs: Fraud and Abuse; Safe Harbors for
Protecting Health Plans, 61 FR 2122 (Jan. 25, 1996); Federal Health
Care Programs: Fraud and Abuse; Statutory Exception to the Anti-
Kickback Statute for Shared Risk Arrangements, 64 FR 63504 (Nov. 19,
1999); Medicare and State Health Care Programs: Fraud and Abuse;
Clarification of the Initial OIG Safe Harbor Provisions and
Establishment of Additional Safe Harbor Provisions Under the Anti-
Kickback Statute, 64 FR 63518 (Nov. 19, 1999); 64 FR 63504 (Nov. 19,
1999); Medicare and State Health Care Programs: Fraud and Abuse;
Ambulance Replenishing Safe Harbor Under the Anti-Kickback Statute,
66 FR 62979 (Dec. 4, 2001); Medicare and State Health Care Programs:
Fraud and Abuse; Safe Harbors for Certain Electronic Prescribing and
Electronic Health Records Arrangements Under the Anti-Kickback
Statute, 71 FR 45109 (Aug. 8, 2006); Medicare and State Health Care
Programs: Fraud and Abuse; Safe Harbor for Federally Qualified
Health Centers Arrangements Under the Anti-Kickback Statute, 72 FR
56632 (Oct. 4, 2007); Medicare and State Health Care Programs: Fraud
and Abuse; Electronic Health Records Safe Harbor Under the Anti-
Kickback Statute, 78 FR 79202 (Dec. 27, 2013); and Medicare and
State Health Care Programs: Fraud and Abuse; Revisions to the Safe
Harbors Under the Anti-Kickback Statute and Civil Monetary Penalty
Rules Regarding Beneficiary Inducements, 81 FR 88368 (Dec. 7, 2016).
\14\ Medicare and State Health Care Programs: Fraud and Abuse;
OIG Anti-Kickback Provisions, 56 FR at 35958.
---------------------------------------------------------------------------
Healthcare providers and others may voluntarily seek to comply with
final safe harbors so that they have the assurance that their business
practices would not be subject to any anti-kickback enforcement action.
Compliance with an applicable safe harbor insulates an individual or
entity from liability under the anti-kickback statute and the
beneficiary inducements CMP only; individuals and entities remain
responsible for complying with all other laws, regulations, and
guidance that apply to their businesses.
In developing our proposals, we have taken into account information
gleaned from a variety of sources: Industry stakeholder input,
including through comments to the OIG RFI; learnings from OIG's work
(e.g., fraud and abuse waivers for the Medicare Shared Savings Program
and Innovation Center models, investigative and oversight work applying
the fraud and abuse laws, and audits and evaluations of program
effectiveness and efficiency); expertise from CMS and other HHS
agencies; and other sources, including literature on care coordination
and value-based payments.
B. Civil Monetary Penalty Authorities
1. Overview of OIG Civil Monetary Penalty Authorities
In 1981, Congress enacted the CMP law, section 1128A of the Act, 42
U.S.C. 1320a-7a, as one of several administrative remedies to combat
fraud and abuse in Medicare and Medicaid. The law authorized the
Secretary to impose penalties and assessments on persons who defrauded
Medicare or Medicaid or engaged in certain other wrongful conduct. The
CMP law also authorized the Secretary to exclude persons from Federal
health care programs (as defined in section 1128B(f) of the Act, 42
U.S.C. 1320a-7b(f)) and to direct the appropriate State agency to
exclude the person from participating in any State healthcare programs
(as defined in section 1128(h) of the Act, 42 U.S.C. 1320a-7(h)).
Congress later expanded the CMP law and the scope of exclusion to apply
to all Federal health care programs, but the CMP applicable to
beneficiary inducements remains limited to Medicare and State
healthcare program beneficiaries. Since 1981, Congress has created
various other CMP authorities covering numerous types of fraud and
abuse.
2. The Beneficiary Inducements CMP and the Definition of
``Remuneration''
Section 1128A(a)(5) of the Act, 42 U.S.C. 1320a-7a(a)(5), the
``beneficiary inducements CMP,'' provides for the imposition of civil
monetary penalties against any person who offers or transfers
remuneration to a Medicare or State healthcare program (including
Medicaid) beneficiary that the benefactor knows or should know is
likely to influence the beneficiary's selection of a particular
provider, practitioner, or supplier of any item or service for which
payment may be made, in whole or in part, by Medicare or a State
healthcare program (including Medicaid). Section 1128A(i)(6) of the
Act, 42 U.S.C. 1320a-7a(i)(6), defines ``remuneration'' for purposes of
the beneficiary inducements CMP as including ``transfers of items or
services for free or for other than fair market value.'' Section
1128A(i)(6) of the Act also includes a number of exceptions to the
definition of ``remuneration.''
Pursuant to section 1128A(i)(6)(B) of the Act, any practice
permissible under the anti-kickback statute, whether through statutory
exception or regulations issued by the Secretary, is also excepted from
the definition of ``remuneration'' for purposes of the beneficiary
inducements CMP. However, no parallel exception exists in the anti-
kickback statute. Thus, the exceptions in section 1128A(i)(6) of the
Act apply only to the definition of ``remuneration'' applicable to
section 1128A.
Relevant to this proposed rulemaking, the Budget Act of 2018
created a new exception to the definition of ``remuneration'' for
purposes of the beneficiary inducements CMP. This exception applies to
``telehealth technologies'' provided on or after January 1, 2019, by a
provider of services or a renal dialysis facility to an individual with
end-stage renal disease (ESRD) who is receiving home dialysis for which
payment is being made under Medicare Part B.
III. Provisions of the Proposed Rule: Anti-Kickback Statute Safe
Harbors
A. Value-Based Framework
This section provides background on, and an overarching summary of,
the framework for value-based arrangements set forth in this proposed
rulemaking; explains proposed terminology used in certain proposed safe
harbors; and explains the specific safe harbor proposals to protect
value-based arrangements (as defined in proposed paragraph
1001.952(ee)) designed to foster better care at lower cost through
improved care coordination for patients.
Our proposals endeavor to remove real or perceived regulatory
barriers to promote flexible, industry-led innovation in the delivery
of more efficient and better coordinated healthcare. Further,
consistent with emerging understandings of the benefits of better care
coordination and the increasing adoption of value-based care and
payment models in the healthcare industry, our proposals may support a
more rapid transition from volume (e.g.,
[[Page 55699]]
FFS reimbursement for office visits, tests, or procedures) toward value
(e.g., paying for patient or population outcomes).
1. Anti-Kickback Statute Implications of Care Coordination and the
Value-Based Framework
Better care coordination--including more effective transitions for
patients across the care continuum, less duplication of items and
services, and open sharing of health data (consistent with privacy and
security rules)--is integrally connected to advancing the transition to
a value-based healthcare system. Care coordination arrangements,
especially when linked to appropriate clinical or other value-driven
outcomes, can help improve health and the patient experience of care;
enable providers to participate successfully in value-based care and
payment models; and advance the goals of value-based care: Delivering
better health outcomes and maximizing desirable efficiency in
healthcare delivery. For example, OIG's recent report entitled, ``ACOs'
Strategies for Transitioning to Value-Based Care: Lessons From the
Medicare Shared Savings Program,'' \15\ highlights the tools--including
care coordination arrangements--that certain accountable care
organizations (ACOs) under the Medicare Shared Savings Program have
deployed successfully to reduce costs and improve quality. Many of the
strategies discussed in this report involve care coordination, care
management, and patient engagement, including: engaging beneficiaries
to improve their own health, managing beneficiaries with costly or
complex care needs to improve their health outcomes, addressing
behavioral health needs and social determinants of health, and using
technology to increase information sharing among providers.\16\
---------------------------------------------------------------------------
\15\ OIG, ACOs' Strategies for Transitioning to Value-Based
Care: Lessons From the Medicare Shared Savings Program (July 2019),
available at https://oig.hhs.gov/oei/reports/oei-02-15-00451.pdf.
\16\ Id.
---------------------------------------------------------------------------
Because care coordination often involves arrangements between
providers that refer Federal health care program patients to one
another and an exchange of remuneration, the anti-kickback statute may
be implicated. Moreover, providing patients with remuneration to engage
and support them in achieving better health outcomes may implicate both
the anti-kickback statute and the beneficiary inducements CMP.
2. Balancing Innovation With Protection Against Fraud and Abuse Risks
To remove regulatory barriers to care coordination and support
value-based arrangements, we are faced with the challenge of designing
safe harbor protections for emerging healthcare arrangements. The
optimal form, design, and efficacy of such emerging arrangements remain
unknown or unproven. This is a key challenge of regulating during a
period of innovation and experimentation. The challenge of designing
appropriate safe harbors is exacerbated by: The substantial variation
in care coordination and value-based arrangements contemplated by the
healthcare industry (meaning that one-size-fits-all safe harbor designs
may be less than optimal), variation among patient populations and
provider characteristics, emerging health technologies and data
capabilities, the still-developing science of quality and performance
measurement, and our desire not to chill beneficial innovation.
It is sometimes difficult to gauge fraud and abuse risk in a
rapidly evolving environment of substantial innovation,
experimentation, and deployment of technology and digital data. In some
cases, innovations and the availability of more actionable, transparent
data may enhance program integrity and protect against fraud and abuse.
There is a compelling concern that uncertainty and regulatory
barriers--real or perceived--could prevent the best and most
efficacious innovations from emerging and being tested in the
marketplace. Our goal is to craft safe harbors that, if finalized,
would protect arrangements that promote value, while also protecting
against fraud, abuse and associated harms. Over time, we expect that
best practices in care coordination and value-based payment will
emerge.
3. Overview of Proposed Safe Harbors
We are proposing safe harbors for value-based arrangements, with
greater flexibilities available to parties as they assume more downside
financial risk for the cost and quality of care. This ``tiered''
structure is intended to support the transformation of industry payment
systems and takes into account that arrangements involving higher
levels of downside risk curb, at least to some degree, FFS incentives
to order medically unnecessary or overly costly items and services. We
propose these safe harbors, recognizing that the transition from an FFS
to a value-based care and payment system will take time. Where parties
may have both FFS and value-based payment incentives, we believe
assuming downside financial risk from a payor for items and services
furnished to patients helps mitigate incentives that often drive fraud
and abuse present in traditional FFS.
For the purposes of this rule, the proposed safe harbors that
require assumption of risk focus on value-based arrangements with
substantial downside financial risk (1001.952(ff)) and value-based
arrangements at full financial risk (1001.952(gg)). While these
proposed safe harbors largely focus on the assumption of downside
financial risk, we understand that participants in value-based
arrangements may assume certain types of risk other than downside
financial risk for items and services furnished to a target patient
population (e.g., upside risk, clinical risk, operational risk,
contractual risk, or investment risk).
We believe that our focus on downside financial risk is appropriate
because the assumption of downside financial risk may shift the
incentives that serve to influence those making the referring and
ordering decisions, the conduct at the center of the anti-kickback
statute. We solicit comments on whether, for purposes of a final rule,
other types of risk would have a comparable effect. We are particularly
interested in fact patterns that illustrate how other types of risk
would operate to change ordering or referring behaviors of providers
and suppliers that might still be paid on an FFS basis or otherwise
help ensure that safe-harbored arrangements would serve appropriate
value-based purposes.
Remuneration has at least two dimensions relevant to this proposed
rulemaking: (i) Payments by payors; and (ii) remuneration exchanged
between clinicians, providers, suppliers, and others. Payor payments
that drive toward value include capitated payments and global budgets
at one end of the ``value-based payments'' spectrum; shared savings and
bundled payment mechanisms in the middle; and bonuses and reductions
applied to FFS payments at the other end of the spectrum. Examples of
remuneration exchanged among clinicians, providers, suppliers, and
others include sharing staff, such as care coordinators, or technology,
such as data analytics tools, to improve quality or efficiency or to
achieve other performance or outcomes targets, whether set by payors or
among themselves. In some cases, these parties also may have value-
based payment arrangements among themselves, such as gainsharing or
shared savings agreements.
We are proposing a suite of safe harbors that, if finalized, would
address a variety of scenarios. Collectively, we
[[Page 55700]]
believe these proposed safe harbors, in combination with existing safe
harbors, would provide pathways for protection for most beneficial care
coordination and value-based care and payment arrangements. In crafting
these safe harbors, we have endeavored to be agnostic with respect to
the composition of the value-based enterprise (VBE), a concept and
defined term described further below, and scope of protected value-
based arrangements to allow for innovation and experimentation in the
healthcare marketplace and to foster a level playing field for those
seeking safe harbor protection, whether they are large health systems
or individual practitioners. The proposed safe harbors would cover
value-based arrangements involving both publicly and privately insured
patients.
The first proposed safe harbor, at 1001.952(ee), covers care
coordination arrangements to improve quality, health outcomes, and
efficiency (``care coordination arrangements'' safe harbor). It covers
certain in-kind remuneration, including services and infrastructure.
The second proposed safe harbor, at 1001.952(ff), with greater
flexibility, covers certain in-kind and monetary arrangements where the
VBE is at substantial downside financial risk from a payor (as
defined). The third proposed safe harbor, at 1001.952(gg), is for in-
kind and monetary arrangements where the VBE is at full downside
financial risk from a payor and allows for even more flexibility. In
addition, we propose to protect certain outcomes-based compensation
(regardless of whether it meets the criteria for substantial downside
financial risk) under the rubric of ``outcomes-based payments'' through
proposed modifications to the personal services and management
contracts safe harbor at 1001.952(d), as discussed in the section
III.J. below.
We are mindful of the role patient engagement can play in improved
coordination of patient care and health outcomes. Thus, we are
proposing a safe harbor at 1001.952(hh) for arrangements for patient
engagement and support to improve quality, health outcomes, and
efficiency (the ``patient engagement and support'' safe harbor). We are
further proposing a separate safe harbor at 1001.952(ii) for care
delivery and payment arrangements as well as beneficiary incentives
pursuant to certain CMS-sponsored models, including Innovation Center
models. This proposed safe harbor would largely, if not entirely,
replace OIG's current model-by-model fraud and abuse waiver process for
CMS-sponsored models. The requirements of each proposed safe harbor are
discussed in detail below.
As always, all safe harbor conditions would need to be precisely
met for safe harbor protections to apply. Many value-based arrangements
and activities may qualify for existing safe harbor protections,
including under the employees safe harbor (1001.952(i)), the EHR items
and services safe harbor (1001.952(y)), the personal services and
management contracts safe harbor (1001.952(d)), the local
transportation safe harbor (1001.952(bb)), and the several safe harbors
pertaining to health plans and managed care organizations set forth at
1001.952(l), (m), (t), and (u). Many others may not raise anti-kickback
issues at all if they do not relate to Federal health care program
beneficiaries or are not tied in any way to the volume or value of
Federal health care program business. (Likewise, with respect to
compliance with the beneficiary inducements CMP, patient engagement and
support arrangements and activities may fit in existing exceptions to
the CMP law, may be within applicable nominal value limits, or may not
raise concerns under that statute if they do not relate to Medicare or
Medicaid patients or are not likely to influence the selection of
providers, practitioners, or suppliers.)
In the next section, we describe the proposed definitions for
several key terms used in the proposed safe harbors for value-based
arrangements at proposed paragraphs 1001.952(ee), (ff), and (gg) for
care coordination arrangements, value-based arrangements with
substantial downside financial risk, and value-based arrangements at
full financial risk, respectively. We then describe each proposed safe
harbor in detail. Related proposed modifications to the personal
services and management contracts safe harbor (1001.952(d)) for
outcomes-based payments (where there is no substantial downside
financial risk) are described at section III.J. The patient engagement
and support safe harbor is described at section III.F. The proposed
safe harbor for CMS-sponsored models, including Innovation Center
models, is described at section III.G.
B. Proposed Value-Based Terminology (1001.952(ee))
We propose definitions for key terms in paragraph 1001.952(ee).
These terms are used consistently in several proposed safe harbors. The
proposed defined terms are intended to work in conjunction with one
another to describe the universe of value-based arrangements
potentially eligible for proposed safe harbor protection and of
individuals and entities that can engage in protected arrangements,
provided all conditions of a specific safe harbor are squarely met.
Generally speaking, when read together, the proposed terminology
and safe harbors are intended to protect care coordination and support
value-based arrangements where, as a threshold matter, the arrangements
are under the auspices of a VBE (of any size, and as further defined in
proposed paragraph 1001.952(ee)) that is essentially a network of
participants (such as clinicians, providers, or suppliers) that has
agreed to collaborate to, for example: (i) Put the patient at the
center of care through improved care coordination, (ii) increase
efficiencies in the delivery of care, and (iii) improve quality of care
and health outcomes for patients or populations. The VBE has value-
based purposes and its participants enter into value-based arrangements
for value-based activities to further those purposes.
Wherever possible and appropriate, it is our intent to align our
proposed value-based terminology with those that CMS proposes in its
notice of proposed rulemaking regarding the physician self-referral
law, ``Modernizing and Clarifying the Physician Self-Referral
Regulations.'' Because of the close nexus between the value-based
terminology in our proposed rule and CMS's proposed terminology, we may
also consider for purposes of making determinations for a final rule
comments submitted about value-based terminology in response to CMS's
proposed rule.
We use the term ``value-based'' in our proposed terminology in a
non-technical way to signal value produced through improved care
coordination, improved health outcomes, lower costs or reduced growth
of costs for patients and payors, and improved efficiencies in the
delivery of care. We recognize that our use of the words ``value'' and
``value-based'' here do not necessarily capture all dimensions of value
in healthcare. We solicit comments on our approach, as well as comments
on whether we should define ``value'' specifically in the final rule,
and if so, how best to define ``value'' as it pertains to care
coordination and value-based payment. For example, we are considering
for the final rule whether ``value'' should be defined with reference
to financial arrangements under advanced APMs (whether HHS or other
payor models).
1. Value-Based Enterprise (VBE)
We propose to use the term ``value-based enterprise'' to describe
the
[[Page 55701]]
network of individuals and entities that collaborate together to
achieve one or more value-based purposes (as defined in proposed
paragraph 1001.952(ee)). As defined in this rulemaking, and as a
general matter, the VBE would delineate the universe of individuals and
entities participating in arrangements eligible for safe harbor
protection, if all safe harbor conditions are fully met. The VBE also
would be accountable for ensuring that such protected arrangements are
conducted under the auspices of the VBE.
a. Two or More VBE Participants
First, we propose that VBE would mean two or more VBE participants
(as defined in proposed paragraph 1001.952(ee)) that are collaborating
to achieve at least one value-based purpose. VBEs may take many
different forms, and we intend for the definition of ``VBE'' to be
flexible. For example, a VBE could be as small as two individual
physician practices collaborating to coordinate care for shared
patients. The same term also could cover a formal or informal network
of hospital systems, post-acute care providers, and physician
practices. An accountable care organization or health system comprised
of hospitals and physician practices, for example, could also
constitute a VBE.
b. Party to a Value-Based Arrangement
Second, we propose that each VBE participant in the VBE must be a
party to a value-based arrangement (as defined below) with at least one
other VBE participant from the same VBE. In the case of a VBE comprised
of two VBE participants, the two VBE participants would need to be
engaged in a value-based arrangement with each other. We intend for
this criterion to ensure that parties qualifying as part of a VBE are
contributing to a value-based arrangement. Consistent with our
intention to provide flexibility for innovation, VBE participants could
engage in one or multiple value-based arrangements, so long as all of
the value-based arrangements further the value-based purpose(s) of the
VBE.
c. Accountable Body
Third, we propose that the VBE must have an accountable body (such
as a board of directors or other governing body) or person (which,
depending on the size and scope of the VBE, may be an entity, such as a
hospital or physician practice that is among the VBE participants, or
an individual) responsible for financial and operational oversight of
the VBE. As part of its oversight role, we expect that the accountable
body or responsible person would serve as the ``gatekeeper'' to the
VBE, with a process and criteria to ensure that those admitted to the
VBE after its formation as VBE participants have a legitimate role in
the VBE and in VBE arrangements and that VBE participants are not
participants in name only. In addition to ensuring operational and
financial oversight, we believe the accountable body or responsible
person would be positioned to identify program integrity issues and to
initiate action to address them, as necessary and appropriate. We are
considering for the final rule, and solicit comment on, whether the VBE
or its participants should be required to have a compliance program
that covers at least those value-based arrangements for which safe
harbor protection is sought and whether the accountable body or person
should have responsibility for the compliance program.
The arrangements that would be protected by these proposed safe
harbors would not have the benefit of programmatic oversight comparable
to CMS-sponsored models. Accordingly, we view this accountability
criterion as important to ensure that arrangements operate for their
designated value-based purpose(s) and as a key safeguard to ensure that
value-based arrangements are aligned with at least one value-based
purpose and not misused for purposes that raise program integrity
concerns (e.g., arrangements that encourage providers to steer patients
in ways that are not in the patients' best interests or stint on
medically necessary care).
The oversight role may include, depending on the applicable
proposed safe harbor at 42 CFR 1001.952(ee), (ff), and (gg) and how the
applicable VBE effectuates safe harbor requirements, monitoring whether
VBE participants are performing under their value-based arrangements in
a manner that furthers the coordination and management of care for the
target patient population. We are considering for the final rule a
requirement that all VBE participants affirmatively recognize the
oversight role of the accountable body or responsible person and
explicitly agree to cooperate with its oversight efforts (e.g., by
requiring the inclusion of a statement to this effect in the applicable
written agreement).
We also are considering for the final rule whether the accountable
body or responsible person (or some other party or parties to value-
based arrangements addressed by the proposed safe harbors) should have
more specific oversight responsibilities, such as oversight related to
utilization of items and services, cost, quality of care, patient
experience, adoption of technology, and the quality, integrity,
privacy, and security of data related to the arrangement (such as
outcomes, quality, and payment data). To facilitate effective
oversight, we are considering for the final rule whether VBEs should be
required to implement reporting requirements for their VBE participants
or mechanisms for obtaining access to, and verifying, VBE participant
data concerning performance under any value-based arrangement.
We welcome comments on this approach or any different or additional
actions that may help ensure effective ongoing oversight.
We intend for VBEs to implement the criterion regarding the
accountable body or responsible person in a manner that is tailored to
the complexity and sophistication of the VBE. For example, a VBE
involving two physician practices with a single value-based arrangement
could designate one of the physician practices (or its compliance
professional) as the individual responsible for this oversight. Where
the VBE is larger and involves numerous sophisticated entities, it
might be advisable and a best practice to create a separate governing
body to serve as the accountable body, overseeing the VBE.
The proposed definition of ``VBE'' does not require the VBE's
accountable body or responsible person to be independent of the
interests of individual VBE participants (which would preclude a VBE
participant from acting as the accountable body or responsible person)
or to have a distinct duty of loyalty to the VBE. However, to provide
further assurances that a VBE's accountable body or responsible person
is acting in furtherance of the VBE's value-based purpose(s) and not
any one VBE participant's individual interests, we are considering for
the final rule imposing a standard requiring either independence or a
duty of loyalty as a criterion of this definition or as a safe harbor
requirement. We solicit comments on the benefits, burdens, and
challenges of this approach.
d. Governing Document
Fourth, we propose that each VBE must have a governing document
that describes the VBE and how the VBE participants intend to achieve
its value-based purpose(s). The intent of this requirement is to
provide transparency regarding the structure of the VBE, the VBE's
value-based purpose(s), and the VBE participants' roadmap for achieving
such purpose(s). This document may include any other terms the VBE
participants deem important. The governing document need not be formal
bylaws or in another specific format.
[[Page 55702]]
Written documentation recording the terms of a value-based arrangement
may serve as the required VBE governing document, provided it describes
the enterprise and how the parties intend to achieve its value-based
purpose(s).
e. VBE's Assumption of Downside Financial Risk
Lastly, we note that two of our proposed safe harbors require that
a VBE has assumed downside financial risk from a payor. We anticipate
that VBEs could contract with payors and other entities in a variety of
ways. For example, a VBE comprised of a large number of VBE
participants across a range of healthcare settings might create a
standalone legal entity that enters into contracts directly with payors
on the VBE participants' behalf. Alternatively, one VBE participant
might contract with payors on behalf of other VBE participants within
the VBE. In the latter example, the VBE would still be required to be
at risk, but it would be through one of its VBE participants rather
than through a contract directly with the payor.
2. Value-Based Arrangement
The proposed safe harbors at 42 CFR 1001.952(ee), (ff), and (gg)
would protect remuneration paid or exchanged pursuant to a ``value-
based arrangement'' if all conditions are met. We propose to define a
value-based arrangement as ``an arrangement for the provision of at
least one value-based activity for a target patient population between
or among: (A) The value-based enterprise and one or more of its VBE
participants; or (B) VBE participants in the same value-based
enterprise.'' We intend for these requirements to ensure that each
value-based arrangement is aligned with the VBE's value-based
purpose(s) and subject to its financial and operational oversight. Our
proposed definition is intended to capture arrangements for care
coordination and certain other value-based activities among VBE
participants within the same VBE.
Addressing each requirement of the definition in turn, we first
propose to require that the value-based arrangement include at least
one value-based activity (as defined in proposed paragraph
1001.952(ee)) to be undertaken by the parties. We would expect that
many value-based arrangements would be comprised of multiple value-
based activities.
Second, we propose that the value-based arrangement's value-based
activities must be undertaken with respect to a target patient
population (as defined in proposed paragraph 1001.952(ee)). That is,
the value-based arrangement, and its value-based activities, must be
tailored to meet the needs of a defined patient population. This
element further ties the value-based arrangement to care coordination
of patients and value-based goals. We note that the definition of
``value-based arrangement'' is broad enough to cover commercial and
private insurer arrangements.
3. Target Patient Population
We propose to define ``target patient population'' as ``an
identified patient population selected by the VBE or its VBE
participants using legitimate and verifiable criteria that: (A) Are set
out in writing in advance of the commencement of the value-based
arrangement; and (B) further the value-based enterprise's value-based
purpose(s).'' Our intent in defining this term is to protect value-
based arrangements that serve an identifiable patient population for
whom the value-based activities likely would improve health outcomes or
lower costs (or both). By using the terms ``legitimate and
verifiable,'' we seek to ensure the target patient population selection
process is transparent and that VBE participants select their target
patient population in an objective manner based on criteria that
further the applicable value-based arrangement's value-based
purpose(s). If VBE participants selectively include patients in a
target patient population for purposes inconsistent with the objectives
of a properly structured value-based arrangement (e.g., cherry picking
or lemon dropping patients), we would not consider such a selection
process to be based on ``legitimate and verifiable criteria that
further the value-based enterprise's value-based purpose(s).''
This proposed definition is not limited to Federal health care
program beneficiaries. For example, VBE participants seeking to enhance
access to, and usage of, primary care services for patients
concentrated in a certain geographic region might base the target
patient population on ZIP Code or county of residence. If a value-based
arrangement is focused on enhancing care coordination for patients with
a chronic disease, the target patient population might be patients with
that disease (e.g., congestive heart failure). VBE participants might
also, for example, use data to identify a target patient population at
increased risk of developing a chronic disease for improved care
coordination under a value-based arrangement.
We are considering for the final rule and solicit comments on
limiting the definition of ``target patient population'' to patients
with a chronic condition, or alternatively, limiting any or all of the
proposed safe harbors that use the target patient population definition
to value-based arrangements for patients with a chronic condition. We
might effectuate this approach through changes to the scope of the
target patient population definition or other definitions, including
value-based activity, value-based arrangement, and value-based purpose.
This alternative proposal is in recognition that patients with
chronic conditions may be more susceptible to comorbidities, requiring
care across the health spectrum, and thus most likely to benefit from
the care coordination central to this proposed rule. To the extent we
include such a limitation in the final rule, either by definition or
through a safe harbor requirement, we are considering how to define
``chronic condition,'' and whether OIG should cross-reference other
Medicare or Medicaid program guidelines or rules related to chronic
conditions. In particular, we are considering and seek comment on
defining ``chronic condition'' as the list of 15 Special Needs Plans
(SNP)-specific chronic conditions developed by the SNP Chronic
Condition Panel, as may be modified from time to time.\17\ As new
chronic conditions are identified, and as existing conditions benefit
from life-prolonging technological advances, we are mindful that any
definition of ``chronic condition'' might need flexibility to expand to
remain appropriately inclusive and consistent with clinical
understandings.
---------------------------------------------------------------------------
\17\ CMS, Chronic Condition Special Need Plans (C-SNP), List of
Chronic Conditions, https://www.cms.gov/Medicare/Health-Plans/SpecialNeedsPlans/Chronic-Condition-Special-Need-Plans-C-SNP.html#s1.
---------------------------------------------------------------------------
As an additional alternative, we are considering for purposes of
the final rule, and solicit comments on, limiting the definition of
``target patient population'' to patients with a shared disease state
that would benefit from care coordination.
We seek comment on how best to address the need for flexibility in
any final rule, especially should we limit a final safe harbor to
patients with a chronic condition or shared disease state. Moreover, we
are interested in feedback on impacts of such limitations on the
ability of VBE participants to provide better coordinated care for
other categories of patients, including patients discharged from
hospitals following acute care, patients requiring maternal
[[Page 55703]]
care, patients needing preventive care, and patients with mental health
conditions.
Additionally, we solicit comments on whether we should replace
``legitimate and verifiable'' in this proposed definition with language
that would require VBE participants to have more parameters and
structure with respect to their selection of the target patient
population and are considering whether use of the term ``evidence-
based'' would achieve this goal. (Our proposed interpretation of
``evidence-based'' is addressed below in our discussion of the proposed
safe harbor for care coordination arrangements.)
Last, we are considering for the final rule, and seek comments on,
whether and if so how, parties other than VBE participants should or
could be involved in selecting the target patient population. For
example, we are considering for the final rule the role of payors in
identifying or selecting the target patient population or establishing
outcome measures with respect to a value-based arrangement. While
payors might not be parties to a value-based arrangement, we believe
many care coordination and other value-based arrangements may be
entered into in order to achieve performance or outcome goals set by
payors. We seek feedback on the potential benefit, including any
reduced program integrity risks, of allowing or requiring payors to
select either or both the target patient population and relevant
outcome measures and targets (for purposes of the definitions, safe
harbors, or both). If there would be benefit in doing so, we seek
feedback on how best to implement such a permission or requirement. We
also seek feedback on whether, for purposes of the final rule, we
should treat as a favorable factor that a value-based arrangement (or
outcomes-based payment arrangement) aligns its target patient
population or its outcome measures and targets with payor-driven
incentives.
4. Value-Based Activity
For purposes of these safe harbors, we propose that the term
``value-based activity'' would mean ``any of the following activities,
provided that the activity is reasonably designed to achieve at least
one value-based purpose of the value-based enterprise: (A) the
provision of an item or service; (B) the taking of an action; or (C)
the refraining from taking an action.'' ``Value-based activity'' does
not include the making of a referral.
We are considering for the final rule whether to interpret
``reasonably designed'' to mean that the value-based activities set
forth in the value-based arrangement are expected to further the value-
based purpose of the arrangement. While this standard would not require
that the value-based purpose actually be achieved, we are considering
whether to require in the final rule that the VBE participants entering
into the value-based arrangement engage in an evidence-based process to
design value-based activities that they believe will reach such a goal.
Our proposed interpretation of ``evidence-based'' for purposes of this
proposed rule is addressed below in our discussion of the proposed care
coordination arrangements safe harbor.
With this definition, we acknowledge that a ``value-based
activity'' may encompass not only affirmative actions taken by VBE
participants (e.g., providing care coordinators to help patients with
complex needs navigate the transition from a hospital to their homes)
but also instances of inaction (e.g., refraining from ordering certain
items or services in accordance with a medically appropriate care
protocol that reduces the number of required steps in a given
procedure). Under no circumstances would simply making a referral
constitute a ``value-based activity.''
Lastly, we are considering for the final rule expressly excluding
from the definition of ``value-based activity'' any activity that
results in information blocking. Similar to the concerns articulated in
the section detailing our proposed modifications to the electronic
health records safe harbor, we seek to preclude from protection under
our proposed safe harbors at 42 CFR 1001.952(ee), (ff), and (gg) any
arrangement that may, on its face, meet our definition of ``value-based
activity'' but that ultimately is used to engage in practices of
information blocking (e.g., the donation of health information
technology that may facilitate care coordination across providers
participating in the VBE, but also prevents or unreasonably interferes
with the exchange of electronic health information with other providers
in order to lock-in referrals between such providers). Information
blocking practices that may affect value-based activities include, but
are not limited to, (i) locking electronic health information into the
VBE or keeping it only between VBE participants, or (ii) preventing
referrals or other electronic health information from leaving the VBE
or being transmitted from a VBE participant to another healthcare
provider. This exclusion would be based on the definition and
exceptions for ``information blocking'' in the 21st Century Cures Act
and the Office of the National Coordinator for Health Information
Technology (ONC), HHS Notice of Proposed Rulemaking ``21st Century
Cures Act: Interoperability, Information Blocking, and the ONC Health
IT Certification Program,'' to the extent such definition and
exceptions are finalized.
5. VBE Participant
We propose to define ``VBE participant'' as ``an individual or
entity that engages in at least one value-based activity as part of a
value-based enterprise.'' Depending upon the terms and requirements of
the value-based arrangement (and the conditions of the relevant safe
harbor), ``engaging in'' a value-based activity may be, for example,
(i) performing an action to achieve certain quality or outcome metrics
and the providing or receiving of payment for such achievement, or (ii)
coordinating care to achieve better outcomes or efficiencies (e.g.,
sharing staff or infrastructure to improve the discharge planning and
care follow-up process between two VBE participants). Subject to the
limitations proposed below, such term would broadly include clinicians,
providers, and suppliers, as well as other individuals and entities.
Potential VBE participants could be, by way of example only, physician
practices, hospitals, payors, post-acute providers, pharmacies, chronic
care and disease management companies, and social services
organizations. Given that our proposed definition may encompass non-
traditional healthcare entities, and our experience with respect to
financial arrangements between such entities and providers and
suppliers is limited, we are considering for the final rule, and
solicit comments on, any fraud and abuse risks that financial
arrangements with these entities may present and what, if any,
additional safeguards we may need to place around these entities'
participation in value-based arrangements under the proposed safe
harbors.
a. Entities Not Included as VBE Participants
The ``VBE participant'' definition expressly excludes
pharmaceutical manufacturers; manufacturers, distributors, or suppliers
of durable medical equipment, prosthetics, orthotics or supplies
(DMEPOS); and laboratories. On the basis of our historical enforcement
and oversight experience, we are concerned that some companies within
these types of entities, which are heavily dependent upon practitioner
prescriptions and referrals, might misuse the proposed
[[Page 55704]]
safe harbors primarily as a means of offering remuneration to
practitioners and patients to market their products, rather than as a
means to create value for patients and payors by improving the
coordination and management of patient care, reducing inefficiencies,
or lowering health care costs. For example, we are concerned that these
entities might create arrangements styled as value-based arrangements
that serve to tether clinicians or patients to the use of a particular
product (e.g., a drug or implantable device, such as a device with a
mechanical or physical effect on the body) when a different product
could be more clinically effective for the patient. Moreover,
pharmaceutical manufacturers, and manufacturers, distributors, and
suppliers of DMEPOS, and laboratories are less likely to be on the
front line of care coordination and treatment decisions in the same way
as other types of proposed VBE entities, such as hospitals, physicians,
and remote monitoring companies that provide care coordination and
management tools and services directly to patients. We solicit comments
on whether this assumption is correct, along with examples of the
specific roles played by these entities in coordinating and managing
care for patients.
We note that we received comments in response to the OIG RFI from
pharmaceutical manufacturers seeking safe harbor protection for a
variety of emerging outcomes-based and value-based contracting
practices for their pharmaceutical products, as well as related patient
medication adherence and similar programs. We also acknowledge that
some pharmaceutical manufacturers may help facilitate care coordination
and management of care through, for example, data analytics associated
with their pharmaceutical products furnished to purchasers of their
products. These kinds of manufacturer arrangements raise different
program integrity issues from those addressed in this rulemaking and
would likely require different safeguards. We are considering
pharmaceutical manufacturers' role in coordination and management of
care and may address it in future rulemaking. We may also consider
specifically tailored safe harbor protection for value-based
contracting and outcomes-based contracting for the purchase of
pharmaceutical products (and potentially other types of products) in
future rulemaking.
We are considering for the final rule whether some or all of the
entities we propose to exclude from the definition of a ``VBE
participant'' and from the proposed safe harbor for outcomes-based
compensation under the personal services and management contracts safe
harbor should be included in the definition of ``VBE participant'' and
potentially protected by the applicable safe harbors. We are interested
in comments with examples of how and the extent to which the entities
we propose to exclude participate in the coordination and management of
care for patients and whether and how they may be involved in providing
beneficial health technology, including digital technology, used to
coordinate and manage care and improve health outcomes. We also are
considering and are interested in comments on additional safeguards we
could include in the safe harbors to: (i) Prevent abusive marketing
practices with respect to the items and services these entities (or
other entities, not excluded from the proposed definition of ``VBE
participant'') sell to patients, payors, and providers (e.g., practices
that include payments to physicians, hospitals, or patients to reward
them for ordering the entity's products); (ii) protect clinical
decision-making about products that are in the patient's best medical
interests and patient freedom of choice; and (iii) reduce the risk of
inappropriate cost-shifting to Federal health care programs and
inappropriate increased costs to Federal health care programs. We are
considering whether to include a safeguard, in the applicable proposed
safe harbors, that would preclude protection for value-based
arrangements and outcomes-based payments that include exclusivity
requirements, such as a requirement that the VBE participant is the
exclusive provider of care coordination items or services or the
exclusive provider of a reimbursable item or service. We are further
considering whether to impose certain heightened standards and
conditions on certain entities that would receive safe harbor
protection, such as enhanced monitoring, reporting, or data submission
requirements or some or all of the conditions presented in the
discussion of proposed 1001.952(ee) below.
While pharmaceutical manufacturers and other listed entities would
not be eligible for protection under the proposed safe harbors for
value-based arrangements, patient engagement and support, and revisions
related to outcomes-based payments included in the personal services
and management contracts safe harbor, other elements of this proposed
rule would be available to them. As explained below, we propose certain
other modifications to the personal services and management contracts
safe harbor that would be available, including greater flexibility for
part-time arrangements and arrangements in which the aggregate
compensation is not known in advance. These entities also would be
eligible under the proposed safe harbors for cybersecurity items and
services and for CMS-sponsored models, as well as for the proposed
modifications to the warranties safe harbor. Further, we solicit
comments on potential revisions to the reporting requirements in the
warranties safe harbor that could accommodate outcomes-based warranty
arrangements that excluded manufacturers and suppliers may want to
undertake. Lastly, we note that pharmaceutical manufacturers or other
entities we propose to exclude from the definition of ``VBE
participant'' may use the OIG's advisory opinion process for value-
based or other arrangements they may want to undertake.
We are considering for the final rule, and seek comments on,
whether we should exclude other entities from the definition of ``VBE
participant.'' For example, we are considering excluding pharmacies
(including compounding pharmacies) from the definition of ``VBE
participant.'' We acknowledge that some pharmacies (and pharmacists)
have the potential to contribute to the type of beneficial value-based
arrangements this rulemaking is designed to foster (e.g., through
medication adherence programs or educational services for patients with
diabetes). However, pharmacies, like the entities we propose to exclude
from the definition of ``VBE participant,'' primarily provide items,
and we are concerned that their participation in value-based
arrangements may not further the care coordination purposes of this
rulemaking. We seek comments on beneficial arrangements pharmacies may
want to undertake under the new value-based framework and any
safeguards we could implement in the final rule if we were to allow
such entities to participate in value-based arrangements eligible for
safe harbor protection. We are further considering for the final rule
whether specific types of pharmacies, such as compounding pharmacies,
should be excluded as VBE participants even if others, such as retail
and community pharmacies, are included. In particular, we are concerned
that pharmacies that specialize in compounding pharmaceuticals may pose
a heightened risk of fraud and abuse, as evidenced by our enforcement
experience, and would not play a direct role in patient care
coordination.
[[Page 55705]]
We also are considering for the final rule excluding pharmacy
benefits managers (PBMs), wholesalers, and distributors from the
definition of ``VBE participant'' for reasons comparable to those for
excluding pharmaceutical manufacturers.\18\ We may further consider the
role of these entities in care coordination and management in future
rulemaking. We are aware that PBMs are increasingly providing services
related to the coordination of care for patients. We are interested in
comments with examples demonstrating how PBMs engage in care
coordination and management with healthcare providers and suppliers, as
well as insights into the risks and benefits of including PBMs as VBE
participants eligible to enter into value-based arrangements that could
qualify for safe harbor protection if all conditions are satisfied.
---------------------------------------------------------------------------
\18\ Note that, should we adopt, as discussed below, the
definition of ``applicable manufacturer'' set forth in 42 CFR
403.902, such definition would include distributors and wholesalers
(which include re-packagers, re-labelers, and kit assemblers) that
hold title to a covered drug, device, biological, or medical supply.
---------------------------------------------------------------------------
b. Health Technology Companies
We are mindful that a growing number of companies are providing
mobile health and digital technologies to physicians, hospitals,
patients, and others for the coordination and management of patients
and their healthcare, and such companies are eligible to be VBE
participants under the proposed definition. These companies provide a
range of services such as remote monitoring, predictive analytics, data
analytics, care consultations, patient portals, and telehealth and
other communications that may be used by providers, clinicians, payors,
patients, and others to coordinate and manage care, improve the quality
and safety of care, and increase efficiency. These companies also
furnish a variety of devices, technologies, software, and applications
that support their services, are used by customers to coordinate and
monitor patient care and health outcomes (for individuals and
populations), or are used directly by patients and their caregivers to
monitor their health, manage treatment, and communicate and access
patient medical information. For example, we are aware of companies
that provide diabetes management services, leveraging devices that can
be worn or attached to the body to monitor blood sugar levels and
transmit that data, through an application to a cloud storage service,
for review by patients and the clinicians managing the patients'
diabetes care.
We are further aware that mobile health and digital health
technology companies may be newer entrants to the healthcare
marketplace or they may be existing companies. In some cases, they are
existing healthcare companies that have developed new lines of business
in digital health technology. For example, in some cases, they are
companies that have historically manufactured medical devices
reimbursed by Federal health care programs and have developed digital
technologies that are used in conjunction with medical devices, such as
pacemakers. It is our understanding that, depending on the company's
business model, what is included as part of the Food and Drug
Administration (FDA)-approved device, and payor coverage
determinations, the digital technologies and associated functionalities
may be included as part of the customer's cost of the medical device,
or they may be part of a separate services arrangement.
These technologies hold promise for improving care coordination and
health outcomes through monitoring of real-time patient data and
detection and prevention of health problems. We are concerned, however,
and solicit public comments, about the risk that some companies that
manufacture medical devices covered by Federal health care programs,
particularly implantable devices used in a hospital or ambulatory
surgical center setting, might misuse value-based arrangements to
disguise improper payments for care coordination intended as kickbacks
to purchase the medical devices they manufacture. This concern arises
from historical law enforcement experience, including large False
Claims Act settlements involving kickbacks paid to physicians,
hospitals, and ambulatory surgery centers to market various medical
devices, such as devices used for invasive procedures; in some cases,
these schemes resulted in patients getting medically unnecessary
surgeries. OIG also has longstanding anti-kickback concerns about
physician-owned distributorships because the financial incentives
physician-owned distributorships offer to their physician-owners may
induce the physicians both to perform more procedures (or more
extensive procedures) than are medically necessary and to use the
devices the physician-owned distributorships sell in lieu of other,
potentially more clinically appropriate, devices.\19\
---------------------------------------------------------------------------
\19\ OIG, Special Fraud Alert: Physician-Owned Entities (Mar.
26, 2013), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/2013/POD_Special_Fraud_Alert.pdf.
---------------------------------------------------------------------------
To address these concerns, we are considering for the final rule
the exclusion of some or all device manufacturers under the definition
of ``VBE participant'' and from protection under the various proposed
safe harbors, including the exclusion from participation in outcomes-
based payment arrangements under proposed 1001.952(d)(2) and (3). As
with pharmaceutical manufacturers, it is not clear that all device
manufacturers play a comparable role in the coordination and management
of patient care as those entities proposed to come within the
definition of a VBE participant. We solicit comments about this
assumption and the roles that traditional device manufacturers play in
care coordination and management. Also, as with issues raised by
arrangements involving pharmaceutical manufacturers, we are considering
future safe harbor rulemaking to address specifically tailored
protection for value-based and outcomes-based contracting for device
manufacturers. This proposed rule focuses primarily on arrangements to
coordinate and manage the care of patients, and does not, for example,
address purchase and sale arrangements for covered items and services.
We may take up the issue of purchase and sale arrangements, including
consideration of modifications to the discount safe harbor or
additional modifications to the warranties safe harbor, in future
rulemaking.
We recognize that defining a universe of device manufacturers that
would be excluded would present difficulties, and we are interested in
public feedback on the following issues. First, there is no specific
definition of a device manufacturer or medical device manufacturer in
the Medicare program. As explained below, in the absence of a Medicare
definition, we are considering several other approaches. Second, any
definition of the term ``device manufacturer'' may be so broad as to
sweep in virtually any kind of device or health technology, including
the kinds of digital and remote monitoring technology that may support
and improve care coordination. Relatedly, given that many companies
pursue multiple lines of business and that digital technologies are
being integrated into traditional medical devices, it may not be
possible to distinguish clearly a traditional medical device
manufacturer from a health technology company.
OIG is considering for the final rule, and seeks comments
regarding, whether to define medical device manufacturers using CMS's
definition of ``applicable manufacturer'' in 42 CFR 403.902,
[[Page 55706]]
which relates to the ``Sunshine'' provisions of the ACA (section 6002
of the ACA, which added section 1128G to the Act). We also are
considering, and seek comment on, whether any definition of ``device
manufacturer'' should include an entity that manufacturers any item
that requires premarket approval by, or premarket notification to, the
FDA or that is classified by the FDA as a medical device. We are
further considering whether we could define a device manufacturer, in
whole or in part, with respect to whether the item it manufactures is
eligible for separate or bundled payment from a Federal health care
program or other payor or is used in a test that is eligible for
separate or bundled payment from a Federal health care program or other
payor. We are considering whether the definition of a device
manufacturer should include distributors or wholesalers when they are
distributing or selling devices manufactured by a device manufacturer.
With respect to these proposed definitional approaches, we solicit
public comments on whether the proposals would be too broad or too
narrow, including whether they would have the effect of excluding from
the safe harbors companies that develop and provide digital or other
health technologies for care coordination and patient engagement. We
are interested in other recommended definitions that would exclude
medical device manufacturers without limiting beneficial digital
technologies, or recommended factors that we should consider if we were
to craft a definition of ``device manufacturer'' or ``medical device
manufacturer.''
Finally, apart from excluding device manufacturers, we are
considering, and solicit comments on, whether to include additional
safeguards in the final safe harbors to mitigate risks of abuse. These
safeguards might apply specifically to arrangements involving VBE
participants that are health technology companies or device
manufacturers or more broadly to all VBE participants. Specifically, as
stated above, we are considering and are interested in comments on
safeguards that (i) prevent abusive marketing practices with respect to
the items and services these the companies sell to patients, payors,
and providers (e.g., practices that include payments to physicians,
hospitals, or patients to reward them for ordering the company's
products); (ii) protect independent clinical decision making about
products that are in the patient's best medical interests and patient
freedom of choice; and (iii) reduce the risk of inappropriate cost-
shifting or inappropriately increasing costs to Federal health care
programs. We are considering whether to include a safeguard in the
final rule that would preclude protection for value-based arrangements
that include exclusivity requirements, such as a requirement that the
VBE participant is the exclusive provider of care coordination items or
services or the exclusive provider of a reimbursable item or service.
We are furthering considering whether heightened standards and
conditions could include enhanced monitoring, reporting, or data
submission requirements or some or all of the conditions presented in
the proposed rule's discussion of proposed 1001.952(ee).
c. Alternatives to ``VBE Participant'' Exclusion List
We are interested in comments on whether, instead of excluding
broad categories of entities from the definition of ``VBE
participant,'' we should distinguish among entities that would be
included or excluded from the definition on the basis of factors such
as product type, company structure, heightened fraud risk, or other
features. We solicit similar input with respect to exclusions from the
proposed revisions to the personal services and management contracts
safe harbor related to outcomes-based payments.
Making distinctions by product or arrangement type might alleviate
some of the difficulty presented by the increasing integration of
healthcare company business lines and the movement of traditional
healthcare companies into digital health technology. In this regard, we
are considering for the final rule whether to address program integrity
concerns regarding potentially abusive drug, device, DMEPOS, and
laboratory arrangements by regulating the type of items, goods, or
services that can be included in an arrangement eligible for safe
harbor protection (under any of the proposed safe harbors) rather than
regulating the types of entities included and excluded. For example, we
might include arrangements involving the use of mobile or digital
technology to coordinate care or achieve outcomes-based payments but
exclude arrangements for the sale or distribution of implantable
medical devices (e.g., devices with a mechanical or physical effect on
the body) or durable medical equipment. In determining for a final rule
which products or arrangements would be included and excluded from safe
harbor protection, we would take into account any heightened fraud risk
based on enforcement experience, CMS's experience administering
provider enrollment, claims analysis, and other data sources. We are
interested in feedback on which kinds of products or arrangements, if
any, should be excluded from safe harbor protection based on heightened
fraud risk and examples of such arrangements.
As another alternative to finalizing specific exclusions in the
definition of ``VBE participant,'' we are considering excluding
entities under the proposed paragraphs (ee), (ff), (gg), and (hh).
These paragraphs could each include a condition excluding certain
specified entities from protection under the safe harbor. Specifically,
we would consider excluding from each of these safe harbors one or more
of the following entities: Pharmaceutical manufacturers; manufacturers,
distributors, or suppliers of DMEPOS; laboratories; pharmacies
(including compounding pharmacies or only compounding pharmacies);
device manufacturers; PBMs; pharmaceutical wholesalers; and
pharmaceutical distributors. If we include safe harbor-specific
conditions excluding certain specified entities from protection under
each of (ee), (ff), (gg), and (hh), the entities excluded from each
safe harbor could differ.
We also solicit public comment on how best to treat hospitals,
health systems, and other types of entities that we have not proposed
to exclude under the definition of ``VBE participant'' when they own or
operate an entity that we propose to exclude, such as a DMEPOS supplier
or laboratory. For example, we are considering for the final rule
whether the exclusion should apply only to independent or free-standing
DMEPOS suppliers and laboratories and to DMEPOS suppliers and
laboratories owned or operated in whole or part by another entity
excluded as a VBE participant. For the final rule, we are considering,
and solicit comments on, how best to treat health systems and others
that may be entering into the device or technology development arenas.
6. Value-Based Purpose
We propose to define a ``value-based purpose'' as: (i) Coordinating
and managing the care of a target patient population; (ii) improving
the quality of care for a target patient population; (iii)
appropriately reducing the costs to, or growth in expenditures of,
payors without reducing the quality of care for a target patient
population; or (iv) transitioning from healthcare delivery and payment
mechanisms based on the volume of items and services provided to
mechanisms based on the quality of
[[Page 55707]]
care and control of costs of care for a target patient population. With
respect to purpose (iii), we are considering whether appropriately
reducing the costs to, or growth in expenditures of, payors should be a
value-based purpose only when there is improvement in patient quality
of care or the parties are maintaining an improved level of care.
We intend for this definition to include infrastructure investment
and operations necessary to redesign care delivery to better coordinate
care for patients across settings, including technology, data
analytics, and training. For example, this could include investing in
application programming interface (API) technology that facilitates the
exchange of data between VBE participants regarding the target patient
population.
Each of our proposed safe harbors at 1001.952(ee), (ff), and (gg)
requires that the protected arrangement include value-based activities
that directly further the first of the four value-based purposes: The
coordination and management of care for the target patient population.
We are considering for the final rule, and seek comments on, whether we
should include other objectives in the definition of ``value-based
purpose'' to reflect our goal of promoting care coordination and the
shift toward value-based care and whether any other or different
objectives should be prerequisites to protection under our proposed
safe harbors. We also are considering for the final rule, and solicit
comments on, whether, instead of requiring that some value-based
activities directly further the coordination and management of care, we
require only that value-based activities be directly connected to, or
be reasonably designed to achieve, any of the value-based purposes.
We propose that the first value-based purpose in the definition is
the coordination and management of care for a target patient
population. This purpose may include taking significant steps to
prepare or position oneself to coordinate and manage the care of
patients effectively. We propose to define ``coordination and
management of care'' and ``coordinating and managing care''
synonymously to mean, for purposes of the anti-kickback statute safe
harbors, the deliberate organization of patient care activities and
sharing of information between two or more VBE participants or VBE
participants and patients, tailored to improving the health outcomes of
the target patient population, in order to achieve safer and more
effective care for the target patient population.'' \20\ For example,
such coordination might occur between hospitals and post-acute care
providers, between specialists and primary care physicians, or between
hospitals or physician practices and patients. Coordinating and
managing care could include using care managers, providing care or
medication management, creating a patient-centered medical home,
helping with transitions of care, sharing and using health data to
improve outcomes, or sharing accountability for the care of a patient
across a continuum of care.\21\ Importantly, our proposed definition of
``coordination and management of care'' relates only to the application
of the proposed safe harbor regulations. Although other laws and
regulations, including the physician self-referral law and associated
regulations, may utilize the same or similar terminology, the
definition and interpretations proposed here would not affect CMS's (or
any other governmental agency's) interpretation or ability to interpret
such term.
---------------------------------------------------------------------------
\20\ See, e.g., Agency for Healthcare Research and Quality, Care
Coordination Measures Atlas 6 (2014) (citing K. McDonald et al.,
Closing the Quality Gap: A Critical Analysis of Quality Improvement
Strategies (2007)), https://www.ahrq.gov/sites/default/files/publications/files/ccm_atlas.pdf.
\21\ See, e.g., NEJM Catalyst, What is Care Coordination? (Jan.
1, 2018), https://catalyst.nejm.org/what-is-care-coordination/
(providing examples and noting that ``[c]are coordination
synchronizes the delivery of a patient's health care from multiple
providers and specialists. The goals of coordinated care are to
improve health outcomes by ensuring that care from disparate
providers is not delivered in silos, and to help reduce health care
costs by eliminating redundant tests and procedures.'').
---------------------------------------------------------------------------
Through the proposed definition of ``coordination and management of
care,'' we seek to distinguish between referral arrangements, which
would not be protected, and legitimate care coordination arrangements,
which naturally involve referrals across provider settings but include
beneficial activities beyond the mere referral of a patient or ordering
of an item or service. We are particularly concerned about
distinguishing between coordinating and managing patient care
transitions for the purpose of improving the quality of patient care or
appropriately reducing costs, on one hand, and churning patients
through care settings to capitalize on a reimbursement scheme or
otherwise generate revenue, on the other. For example, the coordination
and management of care of a target patient population would not include
cycling patients through skilled nursing facilities (SNFs) and assisted
living facilities for the purpose of maximizing revenue under any
applicable Federal health care program reimbursement payment systems.
We are considering for the final rule, and solicit comments on,
ways in which we could revise the definition of the ``coordination and
management of care'' or additional elements we could include in the
definition to protect against fraudulent and abusive practices that
parties attempt to characterize as the coordination and management of
patient care.
One approach we are considering for the final rule to address these
concerns would be to preclude some or all protection under the proposed
safe harbors for arrangements between entities that have common
ownership. We might do this through refinements to the definition of
``value-based arrangement'' or by adding restrictions to one or more of
the proposed safe harbors at paragraphs (ee), (ff), (gg), or (hh). We
recognize that while this approach might protect against abusive
cycling of patients for financial gain among entities with common
ownership, it might also preclude protection for care coordination
arrangements among entities in integrated health systems that could
otherwise qualify for proposed safe harbor protection. We solicit
comments on this potential exclusion, and specifically, how best to (i)
define ``common ownership''; and (ii) appropriately demarcate
beneficial versus problematic financial arrangements between commonly
owned entities. We are interested in feedback on the extent to which
integrated health systems believe they need new safe harbor protection
for care coordination arrangements in light of currently available
protections.
We would not consider the provision of billing or administrative
services to be the management of patient care for purposes of this
proposed rulemaking; we would consider the sharing or use of health
information technology and data to identify a target patient
population, coordinate care, or measure outcomes to fit our definition.
We solicit comments on the unique intersection between
cybersecurity and the coordination and management of care, and
specifically, whether remuneration in the form of cybersecurity items
or services could ever meet definition of the ``coordination and
management of care'' for a target patient population. For example, we
solicit feedback on whether we should consider cybersecurity items or
services to only meet this defined term when such remuneration is
donated and used in conjunction with health information
[[Page 55708]]
technology that meets this definition of ``coordination and management
of care.'' As entities engage in care coordination, increased
connectivity and information exchanges may further the need for
donating or sharing cybersecurity technology or services to ensure that
appropriate cybersecurity safeguards are used to address the
cybersecurity risks arising from connections among the entities engaged
in care coordination. We recognize the patient safety risks and risk of
harm attributed to cybersecurity vulnerabilities and threats.\22\ We
also solicit comments on whether parties should simply seek protection
for cybersecurity items or services under the proposed cybersecurity
safe harbor at 1001.952(jj) explained below.
---------------------------------------------------------------------------
\22\ See, e.g., Health Care Industry Cybersecurity Task Force
Report, available at https://www.phe.gov/preparedness/planning/cybertf/documents/report2017.pdf.
---------------------------------------------------------------------------
In addition to undertaking value-based activities that are directly
connected to the coordination and management of care for the target
patient population, our proposed definition of ``value-based purpose''
recognizes that a VBE could have additional value-based purposes and
qualify under the value-based framework, namely to: (i) Improve the
quality of care for a target patient population; (ii) appropriately
reduce the costs to, or growth in expenditures of, payors without
reducing the quality of care for a target patient population; and (iii)
transition from healthcare delivery and payment mechanisms based on the
volume of items and services provided to mechanisms based on the
quality of care and control of costs.
C. Care Coordination Arrangements to Improve Quality, Health Outcomes,
and Efficiency Safe Harbor (42 CFR 1001.952(ee))
The first proposed safe harbor for value-based arrangements would
protect certain care coordination arrangements. Numerous commenters to
the OIG RFI noted that individuals and entities may promote value-based
care and facilitate care coordination even when assuming no financial
risk. We agree. This proposed safe harbor would protect in-kind
remuneration exchanged between qualifying VBE participants with value-
based arrangements that squarely satisfy all of the proposed safe
harbor's requirements. (Certain monetary remuneration associated with
care coordination or other value-based activities may be protected
under other proposed safe harbors, including those at proposed 42 CFR
1001.952(ff), (gg), (ii), as well as the proposed modifications to the
personal services and management safe harbor at 1001.952(d) for
outcomes-based payment arrangements.)
Under this proposal, each offer of remuneration must be analyzed
separately for compliance with the safe harbor. For example, in a
value-based arrangement between a hospital and a SNF, the hospital
might provide a behavioral health nurse to follow designated inpatients
with mental health disorders in the event of discharge to the SNF. In
turn, the SNF might provide certain staff to assist the hospital in
coordinating designated patients' care through the discharge planning
process or might provide office space for the behavioral health nurse.
The hospital's offer of the behavioral health nurse to the SNF must be
analyzed separately from the SNF's offer of certain staff members or
office space to the hospital.
This proposed safe harbor does not require parties to bear or
assume downside financial risk. We are concerned that the offer or
provision of remuneration under value-based arrangements could present
opportunities for the types of fraud and abuse traditionally seen in
the FFS system, particularly where the parties offering or receiving
the remuneration have not assumed downside financial risk for the care
of the target patient population. For this reason and to ensure that
the safe harbored arrangements operate to achieve their value-based
purposes, we propose the conditions and safeguards described below.
1. Outcome Measures
We propose to require that parties to a value-based arrangement
establish one or more specific evidence-based, valid outcome measures
against which the recipient of remuneration will be measured, and which
the parties reasonably anticipate will advance the coordination and
management of care of the target patient population. We intend for the
outcome measures to serve as benchmarks for assessing the recipient's
performance under the value-based arrangement and advancement toward
achieving the coordination and management of care for the target
patient population. Accordingly, we expect such outcome measures to
have a close nexus to the value-based activities undertaken by the
parties to the value-based arrangement and to the needs of the target
patient population.
For purposes of this proposed rule, we would consider ``evidence-
based'' to mean the selected outcome measures must be grounded in
legitimate, verifiable data or other information, whether the
information is internal to one or more of the VBE participants or from
a credible external source, such as a medical journal, social sciences
journal, scientific study, an established industry quality standards
organization, or results of a payor- or a CMS-sponsored model or
quality program. For example, a specific evidence-based, valid outcome
measure in the context of a hospital's provision of a care coordinator
to a SNF could be an increase in the target patient population's
average mobility functional score by a certain percentage over the
course of a year, contributing to earlier, medically appropriate
discharges of patients to their homes and fewer readmissions to acute
care. We do not consider measures related to patient satisfaction or
convenience (e.g., timeliness of appointments) to be valid outcome
measures for purposes of this proposed requirement because we are
concerned that such measures may not reflect actual improvement in the
quality of patient care, health outcomes, or efficiency in the delivery
of care. We solicit comments on whether there are categories of
evidence-based outcomes measures in the areas of patient satisfaction
or convenience that we should permit in the final rule because they
reflect quality or efficiency of care.
Any identified evidence-based, valid outcome measures against which
the recipient of remuneration will be measured should not simply
reflect the status quo. Consequently, we are considering for the final
rule an express requirement that outcome measures be designed to drive
meaningful improvements in quality, health outcomes, or efficiencies in
care delivery. We intend to provide flexibility given the range of
arrangements that may be covered by the proposed safe harbor. For
example, an outcome measure may drive meaningful improvements if it
drives improvements that are measurable or that are more than nominal
in nature. Additionally, we are considering for the final rule, and
solicit comment on, whether the outcome measures requirement should be
broader or narrower than the standard we are proposing.
We also are considering for the final rule, and solicit comments
on, whether to require parties to rebase the outcome measures (i.e.,
reset the benchmark used to determine whether the outcome measure was
achieved) where rebasing is feasible. We are considering whether
parties should rebase measures (or determine whether rebasing is
feasible)
[[Page 55709]]
periodically or pursuant to a specified timeframe, such as at least
every 1 year, 3 years, or other time period. We are interested in
comments addressing whether and, if so, why the appropriate time frame
for rebasing should depend on the type of outcome measure or nature of
the arrangement, and what rebasing time periods would be best for
different types of measures or arrangements. We are interested in
feedback on whether rebasing should be tied to any relevant
requirements set by payors. We further solicit comments on whether we
should specify a particular party that should be responsible for
implementing the rebasing and which party would be best positioned to
do so (e.g., the VBE or the offeror of the remuneration). We would
anticipate any rebasing requirement would align with the rebasing
proposal set forth in our proposed modifications to the personal
services and management contracts safe harbor related to outcomes-based
payments.
If parties to a value-based arrangement revise the evidence-based,
valid outcome measure(s) through an amendment during the term of the
arrangement, the revised outcome measure(s) would need to continue to
incentivize the recipient of the remuneration to make meaningful
improvements. Were parties retrospectively to revise their outcome
measures (e.g., modify the outcome measures and make such modifications
effective 6 months prior), such revisions would raise questions
regarding whether the modified measures were designed to obscure a lack
of meaningful improvement by the recipient of the remuneration. For
purposes of the final rule, we are considering whether to incorporate
the CMS Quality Payment Program measures into the requirement to
establish outcome measures.
As described below, the parties to the arrangement also must
include a description of the outcome measure(s) in a signed writing,
and the VBE, the VBE's accountable body or responsible person, or a VBE
participant in the value-based arrangement acting on the VBE's behalf
must monitor and assess the recipient's progress toward achieving the
outcome measure(s). In addition, as described below, should the VBE's
accountable body or responsible person determine through monitoring or
otherwise that the value-based arrangement is (i) unlikely to achieve
the evidence-based, valid outcome measure(s) or further the
coordination and management of care for the target patient population
or (ii) has resulted in material deficiencies in quality of care, the
parties must terminate the arrangement within 60 days of such a
determination or lose safe harbor protection thereafter.
We recognize that it may be difficult for parties giving
information technology pursuant to a value-based arrangement to
establish an outcome measure upon which to assess the recipient's
performance that is ``evidence-based'' as we propose to interpret the
term. For this reason, we are considering for the final rule imposing a
requirement that information technology meet a different standard than
the proposed specific evidence-based, valid outcome measures standard.
Specifically, we may require an adoption and use standard (i.e., has
the technology been adopted and used in a meaningful way for the
intended purposes, such that it advances the coordination and
management of care for the target patient population), a performance
standard (i.e., has the technology been used to achieve a certain
result, such as efficiencies), or a similar standard that serves as a
benchmark for assessing a recipient's use of remuneration without
requiring the parties to establish evidence-based outcome measures to
measure performance. As part of this adoption and use, performance, or
similar standard, we are considering requiring parties to a value-based
arrangement for the provision of information technology to set forth,
in a signed writing, the specific reasons for which the technology is
being provided, which would be required to directly relate to health
outcomes, patient care quality improvements, or the appropriate
reduction in costs to, or growth in expenditures of, payors or
patients. For example, parties giving information technology, such as
accessibility to a patient portal or data analytics platform, would be
required to have health-outcome, quality-related, or efficiency-related
reasons, such as improving efficiencies by increasing patient access to
health information.
In addition, under an adoption and use, performance, or similar
standard, we may require that the parties set forth specific,
meaningful measures that relate to the remuneration's intended purpose
against which the recipient will be measured. For example, under an
adoption and use standard, parties to a value-based arrangement may set
a percentage adoption and use measure for a patient portal platform,
pursuant to which the recipient would be measured by its adoption and
use of the patient portal for a specified percentage of the target
patient population.
Lastly, we are considering for the final rule adding the following
safeguards for the exchange of information technology: (i) The
requirements set forth in paragraph (4) of the current electronic
health records items and services safe harbor (1001.952(y)),
prohibiting making the receipt of items or services a condition of
doing business with the offeror); (ii) a requirement limiting the time
frame during which a recipient can receive information technology to,
for example, 1, 3, or 5 years, after which time the recipient would be
required to pay fair market value for the continued use of the
information technology; and (iii) a remedy for the failure to achieve
the applicable standard, such as discontinued use of the information
technology.
2. Commercial Reasonableness
We propose to require that the value-based arrangement is
commercially reasonable, considering both the arrangement itself and
all value-based arrangements within the VBE. By way of example with
respect to the first prong of the commercial reasonableness
requirement, if VBE participants enter into a value-based arrangement
to facilitate the sharing of patient-outcome data, it may be
commercially reasonable for a hospital VBE participant to donate
technology to a group practice VBE participant to facilitate this
process. However, it may not be commercially reasonable for that same
hospital VBE participant to donate technology substantially more
sophisticated, or with enhanced functionality, beyond that necessary
for communicating data on shared patients between the two parties. (We
note that nothing would prevent the donation of technology with
enhanced functionality when a value-based arrangement requires that
capability or when technology without that functionality is not
practicable.) With respect to the second prong of the commercial
reasonableness assessment, again by way of example, a single value-
based arrangement in which a hospital VBE participant provides a
necessary number of care coordinators for the target patient population
to a SNF VBE participant may be commercially reasonable. However, if a
VBE includes multiple similar value-based arrangements, each of which
involves the same hospital VBE participant furnishing care coordinators
to the same SNF VBE participant for the same or a similar target
patient population, the commercial reasonableness of the remuneration
exchanged within the value-based arrangements in the aggregate may be
suspect if it lacks a legitimate business purpose.
[[Page 55710]]
We are considering for the final rule whether to define
``commercially reasonable arrangement'' as an arrangement that would
make commercial sense if entered into by reasonable entities of a
similar type and size, even without the potential for referrals. We
solicit comments on the need for a definition of ``commercially
reasonable arrangement,'' and if we incorporate a definition, whether
we should select this particular definition or an alternative
definition.
3. Writing
To promote transparency and accountability, we propose a
requirement that the value-based arrangement be set forth in a writing.
We propose that the writing be signed by the parties and established in
advance of, or contemporaneous with, the commencement of the value-
based arrangement or any material change to the value-based
arrangement. We propose that the writing state, at a minimum: (i) The
value-based activities to be undertaken by the parties to the value-
based arrangement; (ii) the term of the value-based arrangement; (iii)
the target patient population; (iv) a description of the remuneration;
(v) the offeror's cost for the remuneration; (vi) the percentage of the
offeror's costs contributed by the recipient; (vii) if applicable, the
frequency with which the recipient will make payments for ongoing
costs; and (viii) the specific evidence-based, valid outcome measures
against which the recipient would be measured. In the final rule, we
would align the writing requirements in (v) and (vi) with the
requirements for the contribution requirement described below; in other
words, if we were to change the contribution requirements, we would
correspondingly change the writing requirement.
We believe that a writing, setting forth the above terms in advance
of, or contemporaneous with the commencement of or any material change
to the value-based arrangement, constitutes a key safeguard to ensure
that VBE participants are not using the value-based arrangement merely
to incentivize and reward referrals of business. We are interested in
comments regarding whether a requirement to have a single writing
signed by all parties may be burdensome, especially for large-scale
arrangements, and whether we should instead permit a collection of
writings provided that every party to the arrangement has signed a
writing acknowledging consent to the arrangement.
4. Limitations on Remuneration
a. In-Kind Remuneration
We propose to protect only in-kind, non-monetary remuneration,
provided all other conditions of the safe harbor are met. (While
monetary remuneration is not protected by this proposed safe harbor,
certain outcomes-based payment arrangements may be protected by
proposed modifications to the personal services and management
contracts safe harbor, as subsequently addressed.) We further propose
that this safe harbor would exclude protection for gift cards,
regardless of whether they may be considered cash equivalents. By way
of example, we intend for this safe harbor to allow a VBE participant
to share a care coordinator with another VBE participant if the
conditions of this safe harbor are met (including the proposed
contribution requirement). However, this safe harbor would not protect
cash provided from one VBE participant to another to hire a care
coordinator. Lastly, we note that by virtue of our exclusion of
monetary remuneration, the proposed safe harbor would not protect an
ownership or investment interest in the VBE or any distributions
related to an ownership or investment interest. In addition to our
long-standing view that the exchange of monetary remuneration poses
heightened and different fraud and abuse risks and thus should be
subject to safeguards such as a fair market value requirement, we do
not view the offer or receipt of ownership or investment interests as
integral to the coordination and management of care for a target
patient population.
b. Primarily Engaged in Value-Based Activities
We propose to require that the remuneration provided by, or shared
among, VBE participants be used primarily to engage in value-based
activities that are directly connected to the coordination and
management of care of the target patient population. As set forth in
proposed paragraph 1001.952(ee), we propose to define a ``value-based
activity'' as ``any of the following activities, provided that the
activity is reasonably designed to achieve at least one value-based
purpose of the value-based enterprise: (i) the provision of an item or
service; (ii) the taking of an action; or (iii) the refraining from
taking an action.'' In the definition of ``value-based activity'', we
specify that it does not include the making of a referral. We also
propose to require that the value-based arrangement be set forth in a
signed writing stating the value-based activities to be undertaken by
the parties in the value-based arrangement.
We recognize that in-kind remuneration exchanged for value-based
activities may indirectly benefit patients outside of the scope of the
value-based arrangement, and furthermore, that parties may find it
difficult to anticipate or project the scope or extent of such
``spillover'' benefits. This, in and of itself, would not result in the
loss of safe harbor protection, provided the parties primarily use the
remuneration for its intended purposes (i.e., the specific value-based
activities for which the remuneration is being provided, as set forth
in the parties' signed writing). We are mindful of the need to provide
parties with sufficient flexibility, while also minimizing the risks of
potentially abusive arrangements that disguise remuneration unrelated
to the coordination and management of care for the target patient
population.
For purposes of the final rule, as an alternative to the
requirement that remuneration exchanged between VBE participants be
used primarily to engage in value-based activities, we are considering
requiring that the remuneration exchanged be limited to value-based
activities that only benefit the target patient population. Under this
approach, arrangements with ``spillover'' benefits would not be
protected by the safe harbor. We solicit comments on this alternative
approach.
c. No Furnishing of Medically Unnecessary Items or Services or
Reduction in Medically Necessary Items or Services
We propose to require that the remuneration exchanged not induce
the parties to furnish medically unnecessary items or services or
reduce or limit medically necessary items or services furnished to any
patient. Remuneration that induces a provider to order or furnish
unnecessary care is inherently suspect. In addition, a reduction in
medically necessary services would be contrary to the goals of this
rulemaking and, in some instances involving hospitals and physicians,
could be a violation of the CMP law provision relating to gainsharing
arrangements at sections 1128A(b)(1) and (2) of the Act (42 U.S.C.
1320a-7a(b)(1) and (2)).
d. No Remuneration From Individuals or Entities Outside the Applicable
VBE
We propose that this safe harbor would not protect any remuneration
funded by, or otherwise resulting from the contributions of, an
individual or entity outside of the applicable VBE. This proposal is
intended to ensure that protected arrangements are closely
[[Page 55711]]
related to the VBE, that VBE participants are committed to the VBE and
striving to achieve the coordination and management of care of the
target patient population, and that non-VBE participants cannot
indirectly use the safe harbor to protect arrangements that are
designed to influence the referrals or decision making of VBE
participants. For example, a pharmaceutical manufacturer could not
circumvent the proposed exclusion of pharmaceutical manufacturers from
the definition of ``VBE participant'' by providing funds to a third-
party entity and then directing or otherwise controlling any aspect of
the third-party entity's participation as a VBE or a VBE participant.
We solicit comments on this approach and whether there may be defined,
limited circumstances in which non-VBE participants should be able to
contribute to a value-based arrangement eligible for safe harbor
protection.
As a corollary to this requirement, we are considering for the
final rule whether to require that remuneration be provided directly
from the offeror to the recipient. This requirement would prohibit the
involvement of individuals or entities other than the VBE or a VBE
participant in the exchange of remuneration under a value-based
arrangement, including, potentially, third-party vendors and
contractors. We solicit comments on any practical impediments such as
restriction would create.
5. The Offeror Does Not Take Into Account the Volume or Value of, or
Condition Remuneration on, Business or Patients Not Covered Under the
Value-Based Arrangement
We propose a requirement that prohibits the offeror of the
remuneration from taking into account the volume or value of, or
conditioning an offer of remuneration on: (i) Referrals of patients
that are not part of the value-based arrangement's target patient
population, or (ii) business not covered under the value-based
arrangement. This proposal is modeled on a similar safeguard contained
in the existing safe harbor at paragraph 1001.952(t)(1)(ii)(B), which
provides that ``neither party gives or receives remuneration in return
for or to induce the provision or acceptance of business (other than
business covered by the agreement) for which payment may be made in
whole or in part by a Federal health care program on a fee-for-service
or cost basis.'' Our purpose in proposing this requirement is to
prohibit protection for remuneration offered under the guise of a
value-based arrangement when that remuneration actually is intended to
induce referrals of patients or business not covered under the value-
based arrangement (sometimes called ``swapping'' arrangements).
This requirement would exclude safe harbor protection for any
remuneration that is explicitly or implicitly offered, paid, solicited,
or received in return for, or to induce or reward, any referrals or
other business generated outside of the value-based arrangement. Under
our proposal, VBE participants could encourage referrals of the target
patient population as part of value-based activities (e.g., a hospital
could develop a ``preferred network'' of post-acute care providers that
meet certain quality criteria). However, VBE participants could not
offer remuneration in connection with the preferred network to induce
business or the referral of patients that fall outside the scope of the
value-based arrangement.
In lieu of the proposed requirement that prohibits the offeror of
the remuneration from taking into account the volume or value of, or
conditioning an offer of remuneration on: (i) Referrals of patients
that are not part of the value-based arrangement's target patient
population, or (ii) business not covered under the value-based
arrangement, we are considering for the final rule, and solicit
comments on, an alternative requirement that would require that the
aggregate compensation paid by the offeror is not determined in a
manner that takes into account the volume or value of referrals or
business generated between the parties for which payment may be made by
a Federal health program. While we believe that this condition could
potentially better protect against bad actors who may seek to use the
care coordination arrangements safe harbor as an affirmative defense
for an unlawful referral arrangement or to disguise arrangements that
result in unnecessary increases in utilization and expenditures, we
seek comments on whether and to what extent this requirement might
impede to goal of this rulemaking, namely to remove barriers for
beneficial care coordination and value-based arrangements. We are
interested in specific examples of arrangements that would be unable to
use this safe harbor were we to adopt this requirement.
6. Contribution Requirement
The goal of this proposed rulemaking is to remove barriers to
improved care coordination and to promote efficient, value-driven care.
To this end, it is important that protected remuneration be used to
facilitate the coordination and management of care for the target
patient population. We are proposing a recipient contribution
requirement as a safeguard to help ensure that the use of any
remuneration exchanged pursuant to this safe harbor would be for the
coordination and management of the target patient population's care.
Specifically, the proposed rule would condition safe harbor
protection on the recipient's payment of at least 15 percent of the
offeror's cost for the in-kind remuneration. This requirement is
intended to mirror that set forth in the current electronic health
records items and services safe harbor, 1001.952(y). We are considering
for the final rule, and solicit comments on, whether we should require
a more specific methodology for determining value, such as either the
fair market value of the remuneration to the recipient or the
reasonable value of the remuneration to the recipient. If we were to
require that parties assess the fair market value of the remuneration
to the recipient in order to determine the required contribution
amount(s), we would not require parties to obtain an independent fair
market valuation. We are interested in feedback on whether the method
for determining the contribution requirement should be different for
services than for goods.
We believe that requiring financial participation by a recipient
should: Increase the likelihood that the recipient actually would use
the care coordination items and services, ensure that the remuneration
is well-tailored to the recipient, and promote the recipient's vested
interest in achieving the intended purpose of the value-based
arrangement, namely, furthering the coordination and management of care
of the target patient population.
In proposing this contribution requirement, we solicit feedback on
the proposed contribution amount, whether certain recipients, such as
rural providers, small providers, Tribal providers, providers who serve
underserved populations, or critical access hospitals should be
exempted from the contribution requirement or pay a lower contribution
percentage and if so, why. We are considering for the final rule
alternative contribution amounts ranging from 5 percent to 35 percent
and solicit comments on an appropriate amount (or amounts) that would
invest recipients in using the remuneration they receive to advance the
coordination and management of care of the target patient population,
while still allowing flexibility for parties with fewer financial
resources to engage in value-based arrangements. We are considering
whether we should require different contribution amounts for
[[Page 55712]]
different types of remuneration (e.g., a higher or lower contribution
amount for technology and a higher or lower contribution amount for
care coordinators or other services arrangements).
We also are considering whether in the final rule we should impose
different contribution requirements for different recipients. Because a
contribution requirement may impose a significant financial burden on
certain recipients, we are considering for the final rule, and solicit
comments on, whether a lower contribution amount, or no contribution
amount, would be appropriate for arrangements involving certain
providers with financial constraints, such as providers in rural or
underserved areas, providers serving underserved populations, small
providers, Tribal providers, and critical access hospitals.
For consideration of this potential contribution requirement
condition, and whether a lower contribution amount, or no contribution
amount, is appropriate for arrangements involving such providers, we
cross-reference the proposals discussed more fully in relation to the
electronic health records arrangements safe harbor's 15 percent
contribution requirement. We will review and consider comments received
about those proposals in relation to our consideration of this
potential condition. Based on feedback on the contribution requirement
in our existing electronic health records safe harbor, we are mindful
of the potential administrative burdens of a contribution requirement
and seek comments on this issue.
We also solicit comments on how to apply the contribution
requirement for ongoing costs and unexpected ``add-ons'' (e.g., updates
or upgrades to software that trigger additional costs). Under the
proposed contribution requirement, if the remuneration represents a
one-time cost, the recipient would be required to make a contribution
in advance of receiving the remuneration. However, for any ongoing
costs, the proposed rule would require that the recipient make any
contributions on reasonable, regular intervals, with the frequency of
such payments documented in writing. We are considering for the final
rule, and seek comment on, an alternative requirement for the recipient
to make a contribution with respect to the initial provision of
remuneration but not with respect to any update, upgrade, or patch of
the remuneration already provided. This is similar to an option being
considering for the electronic health records arrangements safe harbor,
1001.952(y). We recognize that this alternative option may affect
contribution requirements only for technology-based remuneration that
is most likely to need upgrades, updates, and patches to continue
operating as intended.
7. Requirements of a Value-Based Arrangement
a. Direct Connection to the Coordination and Management of Care
We propose that the value-based arrangement has a direct connection
to the coordination and management of care for the target patient
population. We interpret this requirement to mean that any remuneration
offered pursuant to a value-based arrangement has a close nexus to the
coordination and management of care for the target patient population,
as opposed to the VBE participants' referral patterns and business
generated. By way of example only, arrangements where VBE participants
offer, or are required to provide, remuneration to receive referrals or
to be included in a ``preferred provider network'' (i.e., ``pay-to-
play'' arrangements) would not have a direct connection to the
coordination and management of care. We are considering for purposes of
the final rule, and solicit comments on, whether we should use
alternative language to ``direct connection'' (e.g., ``reasonably
related and directly tied'') in order to better convey the close nexus
that this safe harbor requires between each value-based arrangement and
the coordination and management of care of a target patient population.
b. No Limitation on Decision Making; Restrictions on Directing or
Restricting Referrals
We propose that the value-based arrangement must not limit parties'
ability to make decisions in the best interests of their patients. That
is, VBEs and VBE participants to a value-based arrangement must
maintain their independent, medical, or other professional judgment.
Additionally, we are aware that some payors and others, such as
employers, direct or restrict where their networks or employees refer
patients; moreover, we are aware that under some value-based
arrangements, referrals would be directed within a network or continuum
of preferred providers (based on quality and other legitimate
considerations). We propose that, in addition to not limiting parties'
ability to make referral decisions in the patients' best medical
interests, value-based arrangements cannot direct or restrict referrals
if: (i) A patient expresses a preference for a different practitioner,
provider, or supplier; (ii) the patient's payor determines the
provider, practitioner, or supplier; or (iii) such direction or
restriction is contrary to applicable law or regulations under titles
XVIII and XIX of the Act. This provision is intended, in part, to
preserve patient freedom of choice among healthcare providers and
ensure the VBE's and VBE participants' independent medical or
professional judgment is not unduly restricted. That being said, we do
not intend for this criterion to bar VBEs or VBE participants from
communicating the benefits of receiving care from other VBE
participants in the VBE.
c. No Marketing of Items or Services or Patient Recruitment Activities
We propose to exclude safe harbor protection for value-based
arrangements that include marketing items or services to patients or
patient recruitment activities. Our enforcement experience demonstrates
that fraud schemes often involve the purchase of beneficiaries' medical
identity or other inducements to lure beneficiaries to obtain
unnecessary care. This proposed safe harbor condition would protect
beneficiaries and make clear that such coercive arrangements are not
value-based arrangements protected by the proposed safe harbor.
Accordingly, the proposed safe harbor would offer flexibility to
improve quality of care, health outcomes, and efficiency while limiting
the risk of the value-based arrangement being used as a marketing or
recruiting tool to generate federally payable business for a VBE
participant. Specifically, this requirement would restrict any party to
a value-based arrangement, or such party's agent, from marketing, or
engaging in patient recruitment activities related to, any items or
services offered or provided to patients in the target patient
population under a value-based arrangement.
We do not intend for this limitation to prohibit a VBE participant
that is a party to a value-based arrangement from educating patients in
the target patient population regarding permissible value-based
activities. For example, if a SNF or home health agency placed a staff
member at a hospital to assist patients in the discharge planning
process, and in doing so, the staff member educated patients regarding
care management processes used by the SNF or home health agency, this
would not constitute marketing of items and services (provided the
staff member only worked with patients that had already selected the
SNF or home health agency and SNF or home-health agency care was
[[Page 55713]]
medically appropriate for such patient). However, if the SNF or home
health agency placed a staff member at a hospital to market its
services to hospital patients, the arrangement would not comply with
this proposed requirement. We solicit comments on this approach.
8. Monitoring and Assessment
We propose a requirement that the VBE, a VBE participant in the
value-based arrangement acting on the VBE's behalf, or the VBE's
accountable body or responsible person monitors and assesses, no less
frequently than annually, or once during the term of the value-based
arrangement for arrangements with terms of less than 1 year: (i) The
coordination and management of care for the target population in the
value-based arrangement, (ii) any deficiencies in the delivery of
quality care under the value-based arrangement, and (iii) progress
toward achieving the evidence-based, valid outcome measure(s) in the
value-based arrangement. We further propose to require that the party
conducting such monitoring and assessment reports such monitoring and
assessment to the VBE's accountable body or responsible person (if the
VBE's accountable body or responsible person is not itself conducting
the monitoring and assessment). Through this proposal, we seek to
ensure that the VBE's accountable body or responsible person
periodically assesses the parties' performance of certain key metrics
under each value-based arrangement. We note that this proposal does not
mandate how this monitoring should be performed. We intend for the
monitoring to be tailored based on the complexity and sophistication of
the VBE participants, the VBE, and the value-based arrangement and
available resources. We are considering for the final rule, and solicit
comments on, whether to require that both the party offering the
remuneration and its recipient jointly conduct monitoring and
assessment responsibilities. We further solicit comments on the role
monitoring of utilization, referral patterns, and expenditure data
could play in ensuring that the potential for abuses or gaming is
reduced.
The proposed rule would further require that if the VBE's
accountable body or responsible person determines, through reports of
monitoring and assessment, that the value-based arrangement (i) is
unlikely to further the coordination and management of care for the
target patient population, (ii) has resulted in material deficiencies
in quality of care, or (iii) is unlikely to achieve the evidence-based,
valid outcome measure(s), the parties terminate the arrangement within
60 days of such a determination. To the extent the parties do not
terminate an arrangement within 60 days of such determination, the
parties would lose safe harbor protection under this proposal. We
solicit comments on whether to adopt a longer or shorter timeframe for
termination; our goal is a reasonable but also prompt termination of
arrangements that are no longer serving the goals for which safe harbor
protection is offered. In addition, we are considering for the final
rule and seek comment regarding whether, in lieu of the proposed
termination requirement for the above subsections (i) through (iii),
the safe harbor should instead allow for remediation--within a
reasonable timeframe--before any required termination.
We are not proposing to define ``material deficiency in quality of
care.'' We believe that such ``material deficiency'' may vary depending
on the nature of the VBE and the value-based arrangements of its VBE
participants. Examples of a ``material deficiency in quality of care''
may include, but are not limited to, identified instances of potential
patient harm or a pattern of diminished quality of care.
Our proposals with respect to monitoring and assessment stem from a
recognition that most arrangements protected by this proposed care
coordination arrangements safe harbor would not be subject to
governmental programmatic requirements, oversight, or monitoring
comparable to CMS-sponsored models. Accordingly, to aid in protecting
against abusive arrangements, to further facilitate the government's
understanding and awareness of value-based arrangements and their
impacts on Federal health care program beneficiaries and expenditures,
and to create incentives for VBEs to exercise due diligence when
establishing them, we are considering for the final rule requiring VBEs
to submit certain data to the Department that would identify the VBE,
VBE participants, and value-based arrangements, as a requirement for
safe harbor protection. We solicit comments on whether such a
requirement would present compliance or operational burdens for VBEs
seeking the protection of this safe harbor.
Were such a proposal finalized, required data might include the
National Provider Identifier (NPI) number or other identifying
information of each VBE participant in the VBE, each party
participating in the value-based arrangement, as well as information
regarding the arrangement, such as its duration. This data could be
used, for example, by the government for data analysis to understand
whether value-based arrangements are associated with increased or
decreased utilization or outlier levels of utilization (taking into
account that in some value-based arrangements one would expect to see
increased utilization of some types of items and services and decreases
in others). Should we adopt this approach, information would be
submitted in a form and manner and at times specified by the Secretary
in guidance. We solicit comments on the types of data that the parties
availing themselves of safe harbor protection should be required to
submit to the Department, potential reporting and compliance burdens
for small and large value-based enterprises, and any different or
additional actions that may help ensure appropriate oversight.
9. No Diversion, Resell, or Use for Unlawful Purposes
We propose that the exchange of remuneration under this safe harbor
would not be protected if the offeror knows or should know that the
remuneration is likely to be diverted, resold, or used by the recipient
for an unlawful purpose. Here, we state expressly what is otherwise
implicit in the design of a value-based arrangement under this proposed
safe harbor: The exchange of remuneration that the offeror knows or
should know is likely to be diverted, resold, or used by the recipient
for purposes other than the coordination and management of care of a
target patient population would not be protected.
10. Materials and Records
To ensure transparency, we propose a requirement that VBE
participants or the VBE make available to the Secretary, upon request,
all materials and records sufficient to establish compliance with the
conditions of this safe harbor. We are not proposing parameters
regarding the creation or maintenance of documentation to allow VBE
participants the flexibility to determine what constitutes best
documentation practices, but welcome comments on whether such
parameters may be needed. In particular, we seek comment regarding
whether we should require, in the final rule, a requirement that
parties maintain materials and records sufficient to establish
compliance with the conditions of this safe harbor for a set period of
time (e.g., at least 6 years or 10 years).
[[Page 55714]]
11. Possible Additional Safeguards
a. Bona Fide Determination
We are considering for the final rule a condition that would
require that, in advance of, or contemporaneous with, the commencement
of the applicable value-based arrangement, the VBE's accountable body
or responsible person make two bona fide determinations with respect to
the value-based arrangement. First, we are considering a condition
requiring that the accountable body or responsible person make a bona
fide determination that the value-based arrangement is directly
connected to the coordination and management of care for the target
patient population. Second, we are considering a condition requiring
that the accountable body or responsible person make a bona fide
determination that the value-based arrangement is commercially
reasonable, considering both the arrangement and all value-based
arrangements within the VBE.
b. Cost-Shifting Prohibition
We are considering for the final rule, and seek comment on, a
condition prohibiting VBEs or VBE participants from billing Federal
health care programs, other payors, or individuals for the
remuneration; claiming the value of the remuneration as a bad debt for
payment purposes under a Federal health care program; or otherwise
shifting costs to a Federal health care program, other payors, or
individuals.
This proposal would not exclude arrangements from safe harbor
protection that involve legitimate shifting of some costs that result
from achieving care coordination goals or other value-based purposes.
For example, depending on the arrangement, one might expect to see
increases in primary care costs or costs for care furnished in home and
community settings paired with reductions in unnecessary
hospitalizations, duplicative testing, and emergency room visits; one
also might see increases in remote monitoring or care management
services.
c. Fair Market Value Requirement and Restriction on Remuneration Tied
to the Volume or Value of Referrals
Commenters to the OIG RFI pointed to fair market value requirements
and restrictions on remuneration based on the volume or value of
business in existing safe harbors as barriers to arrangements that
facilitate coordinated and value-based care, so we have crafted this
proposed safe harbor without them, relying instead upon other program
integrity safeguards. However, fair market value requirements and
restrictions that prohibit paying remuneration based on the volume or
value of referrals help ensure that protected payments are for
legitimate purposes and are not kickbacks. We have endeavored to draft
this safe harbor to distinguish between beneficial care coordination
arrangements and payment-for-referral schemes that do not serve, and
may be contrary to, the goals of coordinated care and the shift to
value. We solicit comments from stakeholders for safeguards that may
help distinguish payments to reward or induce referrals from
remuneration provided to promote or support legitimate care
coordination activities.
To this end, we are considering as an alternate proposal for the
final rule's care coordination arrangements safe harbor: (i) Whether we
should include a fair market value requirement on any remuneration
exchanged pursuant to a value-based arrangement, and (ii) whether we
should include a further or alternate requirement prohibiting VBE
participants from determining the amount or nature of the remuneration
they offer, or the VBE participants to whom they offer such
remuneration, in a manner that takes into account the volume or value
of referrals or other business generated, including both business or
patients that are part of the value-based arrangement and those that
are not. To the extent these requirements would impede value-based and
care coordination arrangements, we are interested in feedback on
potential, alternative safe harbor conditions that might mitigate such
effects.
We are further considering for the final rule whether we could best
achieve the goals of this rulemaking through a safe harbor design that
requires value-based arrangements to be fair market value but that does
not prohibit determining the amount or nature of the remuneration on
the volume or value of referrals or other business generated. This
approach would recognize the anti-kickback statute compliance challenge
that the restriction on the volume or value of referrals or other
business generated poses for arrangements that inherently reflect the
volume of patients for whom care is coordinated or the value of
services offered under a value-based arrangement. In addition, or as an
alternative, we are considering a restriction that would prohibit
remuneration based directly on the volume or value of business
generated between the parties (thus permitting remuneration based
indirectly on the volume or value of referrals or other business
generated between the parties).
d. Additional Requirements for Dialysis Providers
Dialysis providers furnish vital services to patients with critical
and extensive care needs. Patients with end stage renal disease (ESRD)
stand to benefit substantially from better coordinated, more efficient
care as envisioned by this proposed rule. Dialysis providers play a
central role in coordinating the care of individuals with ESRD.
However, the dialysis industry has unique attributes--in particular,
market dominance by a limited number of dialysis providers--that may
increase fraud and abuse risks attendant to financial relationships
between dialysis providers and others. We are concerned that present
levels of market consolidation could impact access to dialysis care,
quality of care, and associated health outcomes.\23\ In addition, we
are concerned that, because of the aforementioned market dominance of a
limited number of providers, the conduct that would be protected by
this proposed safe harbor could lead to a decrease in competition among
dialysis providers. We seek comment on whether and how the potential
protection of financial arrangements between dialysis providers and
others under this proposed safe harbor could affect the concentration
of the dialysis market, access to care, quality of care, and associated
health outcomes. We are considering whether to include in the final
rule certain conditions specific to dialysis providers to further
ensure that their care coordination arrangements operate to improve the
management and care of patients and are not pay-for-referral schemes.
These conditions could include enhanced monitoring, reporting, or data
submission requirements or some of the conditions discussed in sections
a., b., and c. directly above, including fair market value requirements
and restrictions that prohibit paying remuneration based on the volume
or value of referrals.
---------------------------------------------------------------------------
\23\ See Kevin F. Erickson et al., Consolidation in the Dialysis
Industry, Patient Choice, and Local Market Competition, 28 Clinical
J. of the American Society of Nephrology 3 (Mar. 7, 2017).
---------------------------------------------------------------------------
12. Example of a Value-Based Arrangement Analyzed Under the Proposed
Care Coordination Arrangements Safe Harbor
The following example demonstrates how parties might analyze the
proposed care coordination arrangements safe harbor's various
requirements with
[[Page 55715]]
respect to the following fact pattern: To coordinate care between an
acute care hospital and a SNF for mental health patients, the hospital
and SNF enter into a care coordination arrangement under which the
hospital engages in the value-based activity of providing a behavioral
health nurse for to the SNF to follow designated inpatients with
certain mental health disorders for a 1-year time period, who comprise
the target patient population, following discharge from the hospital
and during admission to and while receiving care at the SNF. In this
example, both the hospital and the SNF stand to benefit from this
arrangement because they participate in a value-based payment
arrangement that offers them shared savings payments for improved
quality and patient outcomes and reduced emergency room visits. The
hospital and SNF are the only VBE participants in a VBE that is
designed to accomplish the value-based purpose of coordinating and
managing the care of patients with mental health disorders (namely, by
improving the quality of care they receive during the care transition
process from acute care to skilled nursing care and during their SNF
stay).
This proposed arrangement would implicate the anti-kickback
statute, because the hospital would be providing the SNF with
remuneration (the behavioral health nurse services) and the SNF could
refer Medicare, Medicaid, or other Federal health care program patients
to the hospital. Safe harbor protection is afforded only to those
arrangements that precisely meet all of a safe harbor's conditions.
Consequently, the hospital and SNF might engage in the following
analysis to determine whether their proposed arrangement satisfies the
proposed care coordination arrangements safe harbor's requirements.
First, the hospital and SNF must establish specific evidence-based,
valid outcome measures against which the SNF will be measured
throughout the arrangement, and which the parties reasonably anticipate
will advance the coordination and management of care for the target
patient population.
Second, the parties must ensure that devoting one full-time nurse
to oversee these patients would be commercially reasonable, considering
both the arrangement itself and all value-based arrangements in the
VBE.
Third, the hospital and SNF must execute a signed writing
documenting the terms of the value-based arrangement prior to, or
contemporaneous with, its commencement or any material changes to the
arrangement. The writing must include: (i) The term of the value-based
arrangement; (ii) the value-based activities to be undertaken; (iii)
the target patient population; (iv) a description of the remuneration
(e.g., the assignment of a full-time nurse to the SNF and the cost of
the nurse's services to the offeror); (v) the offeror's cost of the
remuneration; (vi) the percentage of the offeror's cost contributed by
the recipient; (vii) if applicable, the frequency of the recipient's
contribution payments for ongoing costs; and (viii) set forth the
specific, evidence-based valid outcome measure(s) against which the SNF
would be measured.
Fourth, the remuneration must: (i) Be in-kind; (ii) be used
primarily to engage in one or more value-based activities that have a
direct connection to the coordination and management of care for the
target patient population; and (iii) not induce VBE participants to
furnish medically unnecessary items or services or reduce or limit
medically necessary items and services furnished to any patient. In
addition, the hospital could not provide the nurse to the SNF if any
part of the cost of the nurse would be funded by, or otherwise result
from the contributions of, an individual or entity outside of the VBE,
such as a pharmaceutical or medical device manufacturer.
Fifth, the hospital's provision of the nurse to the SNF must not
take into account the volume or value of, or condition the remuneration
on, referrals of patients who are not part of the target patient
population and business not covered under the value-based arrangement.
Sixth, the SNF must pay for at least 15 percent of the hospital's
cost of the care coordination services provided by the nurse over the
arrangement's one-year term. Assuming the nurse provides periodic
services throughout the year, the SNF must pay its required
contribution amount at reasonable, regular intervals, such as on a
monthly basis.
Seventh, the value-based arrangement must be directly connected to
the coordination and management of care of the target patient
population. In addition, the value-based arrangement must not place any
limitation on the VBE participants' ability to make decisions in the
best interest of their patients. Further, if the value-based
arrangement restricts or directs referrals, the value-based arrangement
may not require referrals to a particular provider, practitioner, or
supplier: (i) If a patient expresses a preference for a different
practitioner, provider, or supplier; (ii) if the patient's payor
determines the provider, practitioner, or supplier; or (iii) such
direction or restriction is contrary to applicable law or regulations
under titles XVIII and XIX of the Act. For example, the hospital could
not require physicians on its medical staff to refer patients in the
target patient population to the SNF if a patient expresses a
preference for a different facility or if the patient's payor does not
cover services at the SNF.
Eighth, the arrangement must not include marketing to patients of
items or services or engaging in patient recruitment activities.
Ninth, the VBE (or alternatively, the SNF or hospital acting on the
VBE's behalf), or the VBE's accountable body or responsible person must
monitor and assess at least annually (or once during the agreement's
term if the agreement is for less than a year): (i) The coordination
and management of care of the target patient population; (ii) any
deficiencies in the delivery of quality care under the value-based
arrangement; and (iii) progress toward achieving the evidence-based,
valid outcome measure(s) in the value-based arrangement. If, through
monitoring and assessment, the VBE's accountable body or responsible
person determines that the value-based arrangement is: (i) Is unlikely
to further the coordination and management of care for the target
patient population, (ii) has resulted in material deficiencies in
quality of care, or (iii) is unlikely to achieve the evidence-based,
valid outcome measure(s), the parties terminate the arrangement within
60 days of such a determination.
Tenth, the hospital does not, and should not, know that the
behavioral nurse's services are likely to be ``diverted'' by the SNF
(e.g., used by the SNF to perform tasks unrelated to the care
coordination and management of the target patient population) or used
for an unlawful purpose (e.g., the provision of medically unnecessary
services).
Finally, the VBE participants must provide documentation, such as
the signed writing, to the Secretary, upon request, showing that the
parties complied with the safe harbor provisions.
13. Alternative Regulatory Structure
This proposed rule provides protections for certain care
coordination and value-based arrangements through a combination of
proposed revisions to the personal services and management contracts
safe harbor at 1001.952(d), the proposed care coordination arrangements
safe harbor at 1001.952(ee), the proposed substantial downside
financial risk safe harbor at
[[Page 55716]]
1001.952(ff), and the full downside financial risk safe harbor at
1001.952(gg). As an alternative to this suite of protections, we are
considering for the final rule a different regulatory structure and
approach to protect care coordination and other value-based
arrangements that are not at full financial risk (as defined at
proposed 1001.952(gg)) and are not part of a CMS-sponsored model (as
defined at proposed 1001.952(ii)). For this alternate approach, we
would rely solely on the personal services and management contracts
safe harbor at paragraph 1001.952(d) as a platform to create tiered
protection for value-based arrangements, each step of which would
remove additional conditions of paragraph 1001.952(d) to allow greater
flexibility for innovation as the arrangements become more closely
aligned with value-based purposes (as defined in proposed paragraph
1001.952(ee)) and the parties take on more downside financial risk.
First, as proposed and described in our proposed modifications to
the personal services and management contracts safe harbor, we would
remove the requirement that aggregate compensation under service
arrangements be set forth in advance, substituting a requirement that
the methodology for determining the compensation be set in advance.
This would offer broader protection for certain outcomes-based payment
arrangements that are fair market value and do not take into account
the volume or value of referrals or other business. Protected
arrangements would not be required to meet the proposed definition of
``value-based arrangement.''
Second, for value-based arrangements that meet applicable
requirements of the VBE framework previously outlined (e.g., the
parties to the arrangement are VBE participants in a VBE), we would
provide additional flexibility under the personal services and
management contracts safe harbor by removing the requirements that the
aggregate compensation: (i) Be set in advance (but requiring that the
compensation methodology be set in advance); and (ii) not be determined
in a manner that takes into account the volume or value of referrals.
We may also incorporate safeguards from our proposed care coordination
arrangements safe harbor (e.g., the monitoring requirement). To ensure
that protected arrangements meet their value-based purposes, we might
incorporate additional accountability and transparency requirements,
such as those proposed for new safe harbor 1001.952(ee). We envision
this framework would be similar to our current proposal to add new
protections for outcomes-based payments at proposed new paragraph
1001.952(d)(2).
Third, for parties that meet the requirements of the value-based
framework and also assume substantial downside financial risk (as
defined in proposed 1001.952(ff)), we would provide increased
flexibility under the personal services and management contracts safe
harbor for their arrangements by removing the requirements that the
aggregate compensation: (i) Be set in advance (but requiring that the
compensation methodology be set in advance); (ii) not be determined in
a manner that takes into account the volume or value of any referrals;
and (iii) be consistent with fair market value in arm's-length
transactions. This additional flexibility would be afforded in
recognition of the parties' assumption of downside financial risk.
With respect to the volume or value requirement, we are considering
for the final rule several alternative ways we might remove it in the
second and third steps of this approach. We might remove it entirely or
remove it in part by retaining a requirement that the compensation not
relate directly to the volume or value of referrals or other business
generated between the parties (allowing for indirect correlations).
With respect to a fair market value requirement, we might remove it
entirely; remove it only for monetary remuneration or only for in-kind
remuneration; or remove it where the non-fair market value arrangement
primarily benefits the offeror of the remuneration, with such benefit
independent of any increase in the volume or value of referrals (e.g.,
a hospital offering care managers to a post-acute care facility to
better coordinate care and prevent avoidable readmissions for which the
hospital might be penalized). We might also permit a broader set of
free or below fair market value arrangements for providers coordinating
care in rural or underserved areas or providers serving underserved
populations.
We are cognizant that this alternative approach may present
operational challenges for parties, particularly with respect to
determining fair market value for value-based arrangements. Moreover,
we solicit comments on this approach as a whole and, in particular, on
the following: (i) How to include in any safe harbor finalized
consistent with this approach protection for the exchange of
information technology and infrastructure that might not be part of a
personal services or management contract, with a scope of protection
equivalent to the protection collectively proposed under paragraphs
1001.952(ee) and (ff); and (ii) how parties would determine that a
payment for quality outcomes is consistent with fair market value. As
with the second tier described above, to ensure that protected
arrangements meet their value-based purposes, we might incorporate
additional accountability and transparency requirements, such as those
proposed for new safe harbor 1001.952(ee).
We are also interested in comments regarding any special problems a
fair market value requirement would pose for providers in rural or
underserved areas, providers serving underserved populations, or
others. With respect to other proposed safe harbors where we have
indicated that we are considering including in the final rule a
restriction related to the volume or value of referrals and other
business generated or a requirement for fair market value, we will
consider comments to this alternative regulatory structure addressing
how these criteria would operate in connection with value-based
arrangements.
D. Value-Based Arrangements With Substantial Downside Financial Risk
(1001.952(ff))
We are proposing a new safe harbor for certain value-based
arrangements involving VBEs that assume substantial downside financial
risk (as defined in the proposed regulation) from a payor. We propose
to incorporate the definitions of ``coordination and management of
care,'' ``target patient population,'' ``value-based activity,''
``value-based arrangement,'' ``value-based enterprise,'' ``value-based
purpose,'' and ``VBE participant'' found in proposed paragraph
1001.952(ee).
This safe harbor, which would protect both monetary and in-kind
remuneration, would offer greater flexibility than the safe harbor for
care coordination arrangements in recognition of the VBE's assumption
of substantial downside financial risk. It could apply, for example, to
an arrangement between an accountable care organization that is a VBE
and a network provider to share savings and losses earned or owed by
the accountable care organization, or between a VBE that has contracted
with a payor for an episodic payment and a hospital and post-acute care
provider that would be coordinating care for patients under the
episodic payment. However, as proposed, this safe harbor would apply
only to the exchange of remuneration between VBEs that have assumed
substantial downside financial
[[Page 55717]]
risk and VBE participants that meaningfully share in the VBE's downside
financial risk (as further described below).
In other words, where a VBE participant agrees to spread the VBE's
financial risk and coordinate care, additional safe harbor flexibility
would be available. For the same reasons articulated in our discussion
of the care coordination arrangements safe harbor, we propose that this
safe harbor would not protect an ownership or investment interest in
the VBE or any distributions related to an ownership or investment
interest. We solicit comments on this approach and, in particular,
whether this proposal presents any operational challenges with respect
to the creation of a VBE as a separate legal entity. We are considering
for the final rule whether this safe harbor should protect ownership or
investment interests with respect to VBEs that must contract with a
payor on behalf of VBE participants for purposes of value-based
arrangements with substantial downside financial risk.
Additionally, for the same reasons articulated in our discussion of
the care coordination arrangements safe harbor, we propose that this
safe harbor would not protect any remuneration funded by, or otherwise
resulting from contributions by, an individual or entity outside of the
applicable VBE.
We are considering for the final rule whether, and if so, how, to
extend this safe harbor to remuneration that passes from one VBE
participant to another (without the risk-bearing VBE being party to the
arrangement) when the VBE has assumed substantial downside financial
risk from a payor. We are concerned that under many such downstream
arrangements, the VBE participant receiving the remuneration may have
assumed little or no financial risk and may be billing for his or her
services on an FFS basis, thus retaining FFS incentives with respect to
ordering or arranging for items and services for patients. We note the
proposed care coordination arrangements safe harbor, with its
additional safeguards, may be available for such arrangements, where
they involve only in-kind remuneration, and the personal services and
management safe harbor's proposed modifications for outcomes-based
payments may be available for monetary remuneration.
This proposed safe harbor would protect remuneration exchanged
between a VBE and a VBE participant pursuant to a value-based
arrangement if several standards are met. First, the VBE must have
assumed, or be contractually obligated to assume, substantial downside
financial risk from a payor for providing or arranging for the
provision of items and services for a target patient population. The
VBE can assume this risk directly if the VBE is an entity or through a
VBE participant acting as an agent of, and accountable to, the VBE. (We
note, to the extent a VBE participant wholly assumes risk on behalf of
the VBE, it may act in both its capacity as a VBE participant and an
agent of the VBE.)
To balance the need to protect start-up arrangements while also
limiting potential program integrity risks, this safe harbor would
protect arrangements between the VBE and the VBE participant during the
6 months prior to the date by which the VBE must assume substantial
downside financial risk (as defined below). We solicit comments on
whether 6 months is a sufficient timeframe, and if not, what longer or
shorter timeframe would be appropriate.
For purposes of this safe harbor, we are proposing specific
methodologies that would qualify as substantial downside financial
risk. Under any of our proposed methodologies, the VBE would assume
risk from a payor for the provision of items and services to a target
patient population for the entire term of the value-based arrangement.
Our intent is for such risk to be of a degree likely to ensure that the
value-based arrangements of the VBE are designed to appropriately
reduce (or slow the growth of) costs, improve efficiencies, or improve
health outcomes for the target patient population (and are not likely
to increase over- or under-utilization or costs to payors or patients).
We propose that a VBE would be at substantial downside financial risk
if it is subject to risk pursuant to one of the following methods,
drawn from the Department's experience: \24\
---------------------------------------------------------------------------
\24\ For clarity, we note that we would not consider a
prospective payment system for acute inpatient hospitals, home
health agencies, hospice, outpatient hospitals, inpatient
psychiatric facilities, inpatient rehabilitation facilities, long-
term-care hospitals, and SNFs, or other like payment methodologies
to meet any of the prongs of our proposed definition of
``substantial downside financial risk.''
---------------------------------------------------------------------------
(i) Shared savings with a repayment obligation to the payor of at
least 40 percent of any shared losses, where loss is determined based
upon a comparison of costs to historical expenditures, or to the extent
such data is unavailable, evidence-based, comparable expenditures;
(ii) A repayment obligation to the payor under an episodic or
bundled payment arrangement of at least 20 percent of any total loss,
where loss is determined based upon a comparison of costs to historical
expenditures, or to the extent such data is unavailable, evidence-
based, comparable expenditures;
(iii) A prospectively paid population-based payment for a defined
subset of the total cost of care of a target patient population, where
such payment is determined based upon a review of historical
expenditures, or to the extent such data is unavailable, evidence-
based, comparable expenditures; or
(iv) A partial capitated payment from the payor for a set of items
and services for the target patient population where such capitated
payment reflects a discount equal to at least 60 percent of the total
expected FFS payments based on historical expenditures, or to the
extent such data is unavailable, evidence-based, comparable
expenditures of the VBE participants to the value-based
arrangements.\25\
---------------------------------------------------------------------------
\25\ To afford VBE participants flexibility, we are not
prescribing how parties may determine the basis for shared savings,
shared losses, population-based payments, or partial capitation
payments. However, we expect any such approach will reflect a
legitimate compensation methodology, not one that simply manipulates
numbers to artificially inflate savings or decrease losses, as may
be applicable.
---------------------------------------------------------------------------
We are soliciting comments on this proposed definition of
``substantial downside financial risk,'' including whether: (i) These
benchmarks should be higher or lower to ensure appropriate incentives;
(ii) there are other methodologies not captured by this list that
should qualify as substantial downside financial risk, such as those
listed under 42 CFR 1001.952(u)(1)(i)(C); and (iii) some or all of
these benchmarks should be omitted from this rule or modified to better
capture true assumption of substantial downside financial risk for
items and services furnished to patients. With respect to (i) through
(iii), we are considering and solicit comments on whether the
requirement to compare losses to, or determine payments based on,
historical expenditures or evidence-based, comparable expenditures and
whether additional means to establish a baseline against which to
measure losses or payments is feasible for new or small VBEs or whether
new or small VBEs should be allowed additional means to establish a
baseline, such as allowing new or small VBEs to establish such
baselines after a reasonable period of operation, such as 1 year. We
also solicit comments on whether the assumption of substantial downside
financial risk by the VBE as contemplated here, in combination with the
safeguards proposed for this safe harbor, results in meaningful
protections that will ensure that the
[[Page 55718]]
benefits of the arrangements that would be protected by this safe
harbor outweigh any risk of misuse of the safe harbor to protect
fraudulent or abusive arrangements.
Lastly, we are considering for the final rule, and seek comment
regarding, whether we should include advanced APMs and other payor
advanced APMs, as both terms are defined at 42 CFR 414.1305, in the
definition of ``substantial downside financial risk.'' Specifically, we
seek comment on the following: (i) If advanced APM participants would
likely rely on this safe harbor versus the CMS-sponsored model
arrangements safe harbor; and if so, what barriers, if any, our
proposed definition of ``substantial financial risk'' and
``meaningfully share'' (as outlined in further detail below) may pose;
and (ii) whether our current definition of ``substantial financial
risk'' is too narrow, such that we have excluded advanced APMs or other
payor advanced APMs that encourage participants to meaningfully assume
downside financial risk.
This safe harbor proposes to protect remuneration from a VBE to a
VBE participant pursuant to a value-based arrangement. As a condition
of this safe harbor, the terms of the value-based arrangement require
the VBE participant to meaningfully share in the VBE's substantial
downside financial risk for providing or arranging for items and
services for the target patient population. This condition is intended
to ensure that VBE participants ordering or arranging for items and
services for patients (in other words, those making care decisions)
closely share the VBE's goals and share in accountability if those
goals are not achieved.
For purposes of this condition, we propose that a VBE participant
``meaningfully shares'' in the VBE's substantial downside financial
risk if the value-based arrangement contains one of the following: (i)
A risk-sharing payment pursuant to which the VBE participant is at risk
for 8 percent of the amount for which the VBE is at risk under its
agreement with the applicable payor (e.g., an 8-percent withhold,
recoupment payment, or shared losses payment); (ii) a partial or full
capitated payment or similar payment methodology (excluding the
prospective payment systems for acute inpatient hospitals, home health
agencies, hospice, outpatient hospitals, inpatient psychiatric
facilities, inpatient rehabilitation facilities, long-term care
hospitals, and SNFs or other like payment methodologies); or (iii) in
the case of a VBE participant that is a physician, a payment that meets
the requirements of the physician self-referral law's regulatory
exception for value-based arrangements with meaningful downside
financial risk at section 411.357(aa)(2).
Under (i), the proposed percentage of the VBE's substantial
downside financial risk in which the VBE participant must share is
based on the 8-percent nominal risk standard under the CMS regulation
governing advanced APM and other payor advanced APM criteria at 42 CFR
414.1415 and 414.1420, respectively. We solicit comments on additional
or alternative, specific thresholds we could include in the final rule
to help ensure that the VBE participant is meaningfully engaged with
the VBE in delivering value through its ordering and referring
decisions, as well as data to support suggestions.
To protect against risks of stinting on care, we further propose
that the remuneration must not induce limitations on, or reductions of,
medically necessary items or services furnished to any patient. We are
considering for the final rule additional conditions to safeguard
against risks of cherry picking or lemon dropping of patients, which
could affect the quality of care patients receive. In addition, we are
considering and solicit comments on whether to include a length-of-time
requirement (e.g., 1 year) for the VBE to be at substantial downside
financial risk to avoid gaming (as highlighted in our subsequent
discussion of this issue in the full financial risk safe harbor).
We are proposing to include the following conditions similar to
certain conditions we are proposing for the care coordination
arrangements safe harbor and would interpret these conditions, where
applicable, as described previously in the discussion of the care
coordination arrangements safe harbor:
(i) The value-based arrangement must be set forth in a writing that
contains, among other information, a description of the nature and
extent of the VBE's substantial downside financial risk for the target
patient population and a description of the manner in which the
recipient meaningfully shares in the VBE's substantial downside
financial risk;
(ii) the VBE or VBE participant offering the remuneration does not
take into account the volume or value of, or condition the remuneration
on, referrals of patients outside of the target patient population or
business not covered under the value-based arrangement;
(iii) the value-based arrangement does not: (1) Place any
limitation on VBE participants' ability to make decisions in the best
interest of their patients, or (2) direct or restrict referrals to a
particular provider, practitioner, or supplier if:
(A) A patient expresses a preference for a different practitioner,
provider, or supplier;
(B) the patient's payor determines the provider, practitioner, or
supplier; or
(C) such direction or restriction is contrary to applicable law or
regulations under titles XVIII and XIX of the Act;
(iv) the value-based arrangement does not include marketing to
patients of items or services or engaging in patient recruitment
activities; and
(v) the VBE or its VBE participants maintain documentation
sufficient to demonstrate compliance with the safe harbor's conditions
and make such records available to the Secretary upon request.
Note that we are considering, and seek comment regarding whether we
should include in the final rule, a condition regarding the maintenance
of materials and records sufficient to establish compliance with the
conditions of this safe harbor for a set period of time (e.g., at least
6 years or 10 years).
In addition to the foregoing standard, under this proposed safe
harbor, the remuneration must be used primarily to engage in value-
based activities that are directly connected to the items and services
for which the VBE is at substantial downside financial risk. For
example, a VBE is at substantial downside financial risk through an
agreement with a payor to assume a percentage of shared losses for
items and services provided in connection with hip replacements to the
target patient population. Remuneration provided by the VBE to a VBE
participant would be protected under this proposed safe harbor only if
the VBE participant primarily uses the remuneration to engage in value-
based activities that have a direct connection to the items and
services provided to patients in the target patient population
undergoing hip replacement surgery (i.e., the items and services for
which the VBE is at substantial downside financial risk). Thus, while
the VBE could give the VBE participant money that it uses to hire a
staff member who primarily coordinates patients' transitions between
care settings after undergoing hip replacement surgery, the VBE could
not give the VBE participant money that it uses to hire a staff member
who coordinates transitions between care settings for patient
undergoing an array of surgical procedures. In addition, we propose
that the remuneration exchanged must be directly connected to one or
more of the
[[Page 55719]]
VBE's value-based purposes, at least one of which must be the
coordination and management of care for the target patient population.
We believe these safeguards are necessary to ensure transparency
and accountability, as well as to reduce the potential for protected
arrangements to be used to pay for referrals unrelated to coordinating
care and improving health outcomes and value for programs and patients.
For example, as with other safe harbors proposed in this rulemaking, we
do not intend to protect arrangements nominally characterized as a care
coordination or value-based arrangement but that in reality are schemes
intended merely to buy or sell referrals. To further protect against
such arrangements, we are considering including in the final rule a
commercial reasonableness requirement and a monitoring standard, each
of which would be similar to those included in our proposed care
coordination arrangements safe harbor at 1001.952(ee). In addition, to
heighten transparency of any value-based arrangements and to ensure
that the value-based arrangement is known by and closely related to the
VBE itself, we are considering for the final rule whether to require
that, in advance of, or contemporaneous with, the commencement of the
applicable value-based arrangement, the VBE's accountable body or
responsible person make a bona fide determination that the value-based
arrangement is directly connected to a value-based purpose, at least
one of which must be the coordination and management of care for the
target patient population.
As discussed previously, we remain aware that the arrangements
protected by the proposed substantial downside financial risk safe
harbor would not be subject to programmatic requirements, oversight, or
monitoring comparable to CMS-sponsored models. Accordingly, we are
considering for the final rule including a requirement to submit
information to the Department about the VBE, VBE participants, and the
value-based arrangement similar to the requirement we are considering
for the care coordination safe harbor at 1001.952(ee). As discussed in
the care coordination arrangements safe harbor section, we also are
considering for the final rule a condition prohibiting VBEs or VBE
participants from billing Federal health care programs, other payors,
or individuals for remuneration exchanged pursuant to the safe harbor;
claiming the value of the remuneration as a bad debt for payment
purposes under a Federal health care program; or otherwise shifting
costs to a Federal health care program, other payors, or individuals.
Through the substantial downside financial risk safe harbor, we
seek to provide more flexibility for entities that assume a substantial
amount of financial risk such that the risk incentivizes a shift from
volume-based decision making to value-based decision making. By
allowing parties this enhanced flexibility in exchange for assuming
risk with respect to only a subset of items and services furnished to a
target patient population, we are mindful of the potential for parties
to assume financial risk for such a narrow subset of items and services
that the offeror's risk does not equate to substantial downside
financial risk. We solicit comments on safeguards against this risk and
the overall approach we have taken with respect to the substantial
downside financial risk safe harbor.
E. Value-Based Arrangements With Full Financial Risk (1001.952(gg))
We propose to protect certain arrangements (including in-kind and
monetary remuneration) involving VBEs that have assumed ``full
financial risk,'' as that term is defined in the proposed regulation,
for a target patient population. Because we recognize that VBEs that
have assumed full financial risk present fewer traditional FFS fraud
and abuse risks, this proposed safe harbor would include more flexible
conditions than the proposed care coordination arrangements and
substantial downside financial risk safe harbors, which we believe
would reduce burden for the VBE and its VBE participants. We intend for
the safe harbor to offer this category of VBEs the greatest ability to
innovate with respect to coordinated care arrangements in light of
their assumption of the highest level of risk contemplated in this
proposed rulemaking. We propose to incorporate the definitions of
``coordination and management of care,'' ``target patient population,''
``value-based activity,'' ``value-based arrangement,'' ``value-based
enterprise,'' ``value-based purpose,'' and ``VBE participant'' found in
proposed paragraph 1001.952(ee). For the same reasons discussed
previously with respect to the care coordination arrangements safe
harbor, we propose that this safe harbor would not protect an ownership
or investment interest in the VBE or any distributions related to an
ownership or investment interest. We solicit comments on this approach
and, in particular, whether this proposal presents any operational
challenges with respect to the creation of a VBE as a separate legal
entity. We are considering for the final rule whether we should protect
ownership or investment interests with respect to VBEs that must
contract with a payor on behalf of VBE participants for purposes of
value-based arrangements with full financial risk.
We also propose, for the same reasons discussed previously with
respect to the care coordination arrangements safe harbor, that this
safe harbor would not protect any remuneration funded by, or otherwise
resulting from contributions by, an individual or entity outside of the
applicable VBE.
We propose that a VBE would be at ``full financial risk'' for the
cost of care of a target patient population if the VBE is financially
responsible for the cost of all items and services covered by the
applicable payor for each patient in the target patient population and
is prospectively paid by the applicable payor. By ``prospective,'' we
mean the anticipated cost of all items and services covered by the
applicable payor for the target patient population, has been determined
and paid in advance (as opposed to billing under the otherwise
applicable payment systems and undergoing a retrospective
reconciliation after items and services have been furnished).
By way of example, a VBE would be at ``full financial risk'' if it
received a prospective, capitated payment for all items and services
covered by Medicare Parts A and B for a target patient population.
Similarly, we would consider a VBE that contracts with a Medicaid
managed care organization and receives a fixed per-patient per-month
amount to be at full financial risk if the fixed amount covered the
cost of all Medicaid-covered items and services furnished to the target
patient population.
In contrast, our proposal would not protect an entity that receives
a partial capitated payment, be it either: (i) A capitated payment that
covers a limited set of items or services or (ii) a payment arrangement
where an entity receives a combination of reduced FFS and capitation
payments for a defined set of items or services. For example, a
hospital that participates in a bundled payment program for patients
who receive knee replacements, and that receives an episodic payment to
cover all costs associated with the knee replacement surgeries and
follow-up care for 90 days, would not be eligible for protection under
this safe harbor. The hospital is at full financial risk for the knee
surgeries and related services but not for the patients' total cost of
care. We note that other proposals in
[[Page 55720]]
this rulemaking may be available for such arrangements.
We note that our proposed definition of ``full financial risk''
would not prohibit a VBE from entering into arrangements--like global
risk adjustments, risk corridors, reinsurance, or stop loss
agreements--to protect against catastrophic losses. We emphasize that
it is our intent for such arrangements to be limited to catastrophic
losses; a VBE may not use risk corridors or other like arrangements as
a mechanism to shift an amount of financial risk that does not meet the
spirit of this safe harbor. Similarly, we note that our proposed
definition of ``full financial risk'' would not prohibit a VBE from
conducting a ``back-end'' reconciliation, with resulting payment
adjustments due to quality or financial performance metrics, provided
again, that the reconciliation is not used as a mechanism to shift
material financial risk back to the contracting payor.
We also are considering other ways to define ``full financial
risk'' in the final rule. For example, we are considering for purposes
of the final rule including an actuarial equivalence standard similar
to that used in the Medicare Part D context, and we request comments on
the use of this potential standard. In addition, we seek comments about
other situations that stakeholders believe should qualify as a VBE
assuming ``full financial risk.'' We request that commenters provide
specific examples of arrangements that they believe constitute ``full
financial risk'' but that would not be covered by the definition
proposed above.
We propose to require that the VBE assume full financial risk
either directly, or through a VBE participant with the legal authority
to obligate the VBE. We note, to the extent a VBE participant wholly
assumes risk on behalf of the VBE, it may act in both its capacity as a
VBE participant and an agent of the VBE.
In addition, we propose that this safe harbor would cover both
value-based arrangements between a VBE and a VBE participant where the
VBE has assumed full financial risk as of the date the VBE and VBE
participant enter into the value-based arrangement, as well as value-
based arrangements between a VBE and a VBE participant where the VBE is
contractually obligated to assume such risk but has not yet done so. We
are mindful that a VBE that is contractually obligated to take on full
financial risk may need lead time to develop and implement arrangements
in anticipation of taking on full financial risk. However, we also are
concerned about providing safe harbor protection for arrangements
involving parties that have not yet assumed the risk that operates as a
prerequisite and key safeguard for this safe harbor. To balance the
need to protect start-up arrangements with our program integrity
concerns, the safe harbor would protect arrangements between the VBE
and the VBE participant only during the 6 months prior to the date by
which the VBE must assume full financial risk. We solicit comments on
whether 6 months is a sufficient timeframe, and if not, what an
appropriate timeframe might be. We could include a longer or shorter
timeframe in the final rule.
We propose writing requirements in this safe harbor that are
designed to promote transparency and accountability. First, we propose
that the VBE have a signed writing with a payor that specifies the
target patient population and contains terms sufficient to demonstrate
that the VBE is at full financial risk for the target patient
population for at least 1 year. Our intent in proposing a length-of-
time requirement is to minimize gaming opportunities that could arise
if the VBE assumes full financial risk for a short time period in order
to take advantage of the proposed safe harbor's flexibility but without
meaningfully committing to the transition to full financial risk.
Second, we propose that the parties set forth the material terms of the
value-based arrangement in a signed writing, including the value-based
activities to be undertaken by the parties, and that the arrangement
must be for a period of at least 1 year.
We propose that the term of the value-based arrangement must be for
a period of at least 1 year to ensure that the VBE participant is
committed to coordinating care for the target patient population of the
VBE that has taken on full financial risk.
We propose that the VBE participant cannot claim additional or
separate payment in any form directly or indirectly from a payor for
items or services covered under the value-based arrangement. For
purposes of this safe harbor, we propose that the phrase ``items or
services'' would have the meaning set forth in paragraph
1001.952(t)(2)(iv), which defines ``items and services'' as: ``Health
care items, devices, supplies or services or those services reasonably
related to the provision of health care items, devices, supplies or
services including, but not limited to, non-emergency transportation,
patient education, attendant services, social services (e.g., case
management), utilization review and quality assurance. Marketing and
other pre-enrollment activities are not `items or services' for
purposes of this section.''
If the VBE participant is permitted to seek additional payment for
items or services furnished to the target patient population from a
payor, the safe harbor would not protect the value-based arrangement.
For example, protection under the safe harbor would not extend to
payment made by a VBE to a VBE participant for telehealth services
furnished to the target patient population if the VBE participant could
also claim separate payment for such services from a payor. Value-based
arrangements that permit VBE participants to claim separate payment
from a payor are not ``full risk.'' Such arrangements potentially
involve mixed financial incentives for providers, and parties would
need to seek protection for such arrangements under one of the other
proposed safe harbors. This requirement would permit VBE participants
to bill a payor but not claim payment (e.g., through a ``no-pay
claim'') if required by a payor, including Medicare.
We also propose requirements related to the remuneration. First, we
propose that remuneration exchanged must: (i) Be used primarily to
engage in the value-based activities set forth in the parties' signed
writing; (ii) is directly connected to one or more of the VBE's value-
based purpose(s), at least one of which must be the coordination and
management of care for the target patient population; and (iii) not
induce the VBE or VBE participants to reduce or limit medically
necessary items or services furnished to any patient. We propose to
interpret these conditions consistent with the similar conditions in
the proposed care coordination arrangements safe harbor at
1001.952(ee).
Second, we propose to require that the VBE and VBE participant must
not take into account the volume or value of, or condition the
remuneration exchanged on: (i) Referrals of patients who are not part
of the target patient population or (ii) business not covered under the
value-based arrangement. This requirement would preclude protection
under the safe harbor for remuneration that is part of a broader
``swapping'' arrangement to steer patients outside of the target
patient population to the party offering the remuneration. We solicit
comments on this condition and any additional safeguards that we should
include in this safe harbor to mitigate the risk of problematic
swapping arrangements in order to prevent the safe harbor from being
used to protect payments for referrals that are not part of the value-
[[Page 55721]]
based arrangement. We would have significant concerns with a VBE
participant entering into a purported value-based arrangement in which
it offers the VBE a reduced rate for patients in the target patient
population in exchange for gaining access to that VBE's other patients.
We propose to require that the VBE provide or arrange for: (i) An
operational utilization review program and (ii) a quality assurance
program that protect against underutilization and specify patient
goals, including measurable outcomes, where appropriate. These
conditions mirror those found in the existing safe harbor at paragraph
1001.952(u), which were derived from the then-current regulatory
requirements for plans operating under section 1876 of the Act. We are
considering for the final rule whether there may be other ways to frame
this requirement that meet the spirit of the conditions in paragraph
1001.952(u) but are updated to reflect the utilization review and
quality assurance mechanisms in place today.
Like the proposed care coordination arrangements and substantial
downside financial risk safe harbors and for the reasons explained in
connection with those proposals, we are considering for the final rule
requiring the submission to the Department of information about VBEs,
VBE participants, and value-based arrangements for safe harbor
protection. We welcome comments on this. As discussed in the care
coordination arrangements safe harbor section, we also are considering
for the final rule a condition prohibiting VBEs or VBE participants
from billing Federal health care programs, other payors, or individuals
for remuneration exchanged pursuant to the safe harbor; claiming the
value of the remuneration as a bad debt for payment purposes under a
Federal health care program; or otherwise shifting costs to a Federal
health care program, other payors, or individuals.
We also propose requirements that (i) the value-based arrangement
does not include marketing to patients of items or services or engaging
in patient recruitment activities; and (ii) the VBE or its VBE
participants maintain documentation sufficient to demonstrate
compliance with the safe harbor's conditions and make such records
available to the Secretary upon request. We are considering for the
final rule and seek comment regarding whether we should include, in the
final rule, a condition regarding the maintenance of materials and
records sufficient to establish compliance with the conditions of this
safe harbor for a set period of time (e.g., at least 6 years or 10
years). We would interpret these requirements as described with respect
to the care coordination arrangements safe harbor and would include
them in this safe harbor for the reasons articulated there.
In addition, we note that, as proposed, this safe harbor would
apply only to remuneration exchanged between a VBE and a VBE
participant pursuant to a value-based arrangement. The proposed full
financial risk safe harbor would not protect remuneration exchanged
between or among VBE participants that are part of the same VBE,
remuneration exchanged between a VBE participant and a downstream
contractor, or remuneration between two downstream contractors.
However, nothing prevents these parties from turning to other available
safe harbors for protection.
We are considering for the final rule and solicit comments on
whether to extend this safe harbor to remuneration that passes from a
VBE participant to a downstream contractor (which also could be, but
may not be required to be, a VBE participant). While we recognize that
increased flexibility at the VBE participant level may foster
innovation, we are concerned that these downstream arrangements present
higher risks of fraud and abuse because the VBE participants and
downstream contractors exchanging the remuneration may have assumed
little or no financial risk. As such, they may continue to be subject
to the potential risks inherent in any FFS financial arrangements,
namely, incentives to order medically unnecessary or overly costly
items and services. For these reasons, we are considering for the final
rule, and solicit comments on, the following:
In addition to the safeguards proposed in paragraph
1001.952(gg), whether additional safeguards could be implemented under
the full financial risk safe harbor (or a different proposed safe
harbor) to ensure that legitimate arrangements between VBE participants
and downstream contractors that advance the value-based purpose(s) of
the VBE are protected.
For purposes of protecting downstream arrangements,
whether we should incorporate some of the safeguards proposed in the
safe harbor for care coordination arrangements or the safe harbor for
parties at substantial downside financial risk. If so, whether certain
safeguards would best capture our need to protect against fraud and
abuse risks with the recognition that we do not want to impose undue
burden on parties to these arrangements.
If we were to protect certain downstream arrangements,
whether we should limit protection to arrangements between VBE
participants that are part of the same VBE, or we should extend
protection to arrangements between: (i) A VBE participant and a
downstream contractor, (ii) arrangements between two downstream
contractors, or (iii) both. We request that any comments include
specific examples of downstream arrangements that may not be protected
under existing safe harbors or any of the safe harbors proposed under
this rulemaking but warrant protection under this proposed safe harbor
because of the level of risk assumed by the VBE.
F. Arrangements for Patient Engagement and Support To Improve Quality,
Health Outcomes, and Efficiency (1001.952(hh))
We propose to establish a new safe harbor at proposed paragraph
1001.952(hh) to protect certain arrangements for patient engagement
tools and supports to improve quality, health outcomes, and efficiency
furnished by VBE participants, as defined in proposed paragraph
1001.952(ee), to specified patients. This safe harbor, hereinafter the
``patient engagement and support safe harbor,'' is intended to remove
barriers presented by the anti-kickback statute and the beneficiary
inducements CMP \26\ to providers offering patients beneficial tools
and supports to improve quality, health outcomes, and efficiency, by
promoting patient engagement with their care and adherence to care
protocols. Commenters to the OIG RFI overwhelmingly supported such a
safe harbor, with appropriate safeguards.
---------------------------------------------------------------------------
\26\ A practice permissible under the anti-kickback statute,
whether through statutory exception or regulations issued by the
Secretary, is also excepted from the beneficiary inducements CMP.
Section 1128A(i)(6)(B) of the Act.
---------------------------------------------------------------------------
Achieving well-coordinated care and improving value require
patients to actively participate and engage in their preventive care,
treatment, and general health. To prevent illness or disease or to
manage a disease or condition effectively, patients must be involved in
their healthcare and be empowered to make informed healthcare-related
decisions. Appropriate patient engagement tools and supports can foster
successful behavior modifications that improve health, ensure that
patients receive the medically necessary care and other nonclinical,
but health-related, items and services they need, and improve adherence
to an appropriate treatment regimen.
In some cases, improved care coordination may be facilitated
through various supports, including, for
[[Page 55722]]
example, providing supports that aim to improve patients' safety at
home or during care transitions (including discharge from facility care
to the community) or that allow providers to communicate more
efficiently and effectively with patients and their families and to
monitor their patients' care. However, we also are cognizant of the
potential for improper patient engagement tools and supports to result
in inappropriate utilization, the steering of patients to particular
providers, suppliers, or products that might not be in their best
interests, increased costs to payors and patients, and anti-competitive
effects.
Depending on the facts and circumstances, providing patient
engagement tools and supports may implicate the Federal anti-kickback
statute and the beneficiary inducements CMP. Some tools and supports
may be protected under existing safe harbors or exceptions to the
definition of ``remuneration'' under the beneficiary inducements CMP
(e.g., the local transportation safe harbor, 42 CFR 1001.952(bb); the
exception for remuneration that promotes access to care and poses a low
risk of harm to patients and Federal health care programs, 42 CFR
1003.110; and the exception for incentives given to individuals to
promote the delivery of preventive care, 42 CFR 1003.110). In addition,
for CMS-sponsored models, some patient engagement tools and supports
may qualify for protection under the Medicare Shared Savings Program's
waiver for patient incentives \27\ or a waiver available for
beneficiary incentives offered under an applicable Innovation Center
model.\28\ However, under certain facts and circumstances, no safe
harbor, exception, or waiver may be available to protect beneficial
patient engagement tools and supports that implicate the anti-kickback
statute, beneficiary inducements CMP, or both. These arrangements must
be evaluated on a case-by-case basis for compliance with the statutes.
---------------------------------------------------------------------------
\27\ Medicare Program; Final Waivers in Connection With the
Shared Savings Program, 80 FR 66726, 66743 (Oct. 29, 2015).
\28\ See, e.g., Notice of Waivers of Certain Fraud and Abuse
Laws in Connection with the Bundled Payments for Care Improvement
Advanced Model (May 25, 2018), available at https://www.cms.gov/Medicare/Fraud-and-Abuse/PhysicianSelfReferral/Downloads/BPCI-Advanced-Model-Waivers.pdf.
---------------------------------------------------------------------------
Under the proposed patient engagement and support safe harbor at
paragraph 1001.952(hh), ``remuneration'' under the Federal anti-
kickback statute would not include in-kind patient engagement tools or
supports (as specified in proposed paragraph 1001.952(hh)) furnished
directly by a VBE participant (as defined in proposed paragraph
1001.952(ee)) to a patient in a target patient population (as defined
in proposed paragraph 1001.952(ee)), that are directly connected to the
coordination and management of care (as defined in proposed paragraph
1001.952(ee)), provided that all of the conditions of proposed
paragraph 1001.952(hh) are satisfied.
1. Limitations on Offerors
Under this proposal, only patient engagement tools and supports
furnished by a VBE participant, as defined in proposed paragraph
1001.952(ee), would receive protection. Our intent in proposing to
limit safe harbor protection to VBE participants is to align the safe
harbor with the value-based framework set forth in this proposed
rulemaking. We are mindful that this approach would require the offeror
of the remuneration to be part of a VBE (of any size) as defined at
proposed paragraph 1001.952(ee). We are soliciting comments, including
illustrative fact patterns, about potential patient engagement tools
and supports that would improve care coordination and health outcomes
where the offeror does not meet the proposed definition of a VBE
participant because the offeror is not part of a VBE.
For example, we are considering for the final rule safe harbor
protection for, and seek comments regarding, a hospital's or physician
group practice's provision of patient engagement tools and supports
that would advance coordination and management of care for a patient
and otherwise satisfy conditions similar to those set forth in the
proposed safe harbor, but where such hospital or physician group
practice is not part of a VBE. We seek comments on the fraud and abuse
risks associated with removing the requirement that the offeror is a
VBE participant and what additional safeguards would be appropriate to
offset those risks.
Pharmaceutical manufacturers, distributors, and suppliers of
DMEPOS, and laboratories are not included in the proposed definition of
``VBE participant'' in paragraph 1001.952(ee) for the reasons described
earlier in this preamble. In addition to the reasons for exclusion of
pharmaceutical manufacturers in the definition of ``VBE participant''
previously articulated, we believe that offers of remuneration by such
manufacturers to patients could improperly influence the patient, as
well the patient's clinician's decision to prescribe one drug over
another. Such remuneration could influence a patient to request a
particular drug that is more expensive or less clinically efficacious
than other clinically equivalent drugs. This could both improperly
influence patient choice and increase costs to Federal health care
programs--two factors cited by Congress to consider when developing
safe harbors--without necessarily increasing quality.
As noted above, we also are excluding manufacturers, distributors,
and suppliers of DMEPOS and laboratories from the definition of a VBE
participant. Based on long-standing enforcement and oversight
experience, we are concerned that manufacturers, distributors, and
suppliers of DMEPOS and laboratories may inappropriately use patient
engagement tools and supports to market their products or divert
patients from a more clinically appropriate item or service, provider,
or supplier without regard to the best interests of the patient or to
induce medically unnecessary demand for items and services.
We are interested in comments on the impact of any such exclusions,
if included in the final rule, for the patient engagement and support
safe harbor in particular and any negative impact on the provision of
potentially beneficial tools and supports. We seek comments regarding
whether the proposed exclusion of these entities from the definition of
``VBE participant,'' and the proposed condition at (hh)(2), limiting
funding by and other contributions from non-VBE participants, might
negatively impact patients' ability to receive beneficial items and
services, including new technologies that may foster better access to
care and improve health outcomes.
As noted above, we also are considering whether to exclude other
categories of suppliers and other entities, including pharmacies, PBMs,
wholesalers, and distributors from the definition of ``VBE
participant.'' \29\ We solicit comments on the potential impact of our
considered exclusion of pharmacies, PBMs, wholesalers, and
distributors, if included in the final rule, for the patient engagement
and support safe harbor in particular.
---------------------------------------------------------------------------
\29\ Note that, should we adopt the definition of ``applicable
manufacturer'' as set forth in in 42 CFR 403.902, such definition
would include distributors and wholesalers (which include re-
packagers, re-labelers, and kit assemblers) that hold title to a
covered drug, device, biological or medical supply.
---------------------------------------------------------------------------
We also are considering, and seek comment on, whether this proposed
safe harbor should protect only in-kind tools and supports furnished by
VBE participants that assume at least some
[[Page 55723]]
financial risk, so as to better align protected remuneration with
value-based purposes. In particular, if we were to limit safe harbor
protection to only VBE participants that assume financial risk, we are
considering, and seek comments regarding, the appropriate level of
financial risk to require of such VBE participants (e.g., VBE
participants that assume at least some downside financial risk or VBE
participants that assume substantial downside financial risk).
2. Limitations on Recipients
This proposed safe harbor would protect patient engagement tools
and supports furnished to patients in a target patient population (as
defined in proposed paragraph 1001.952(ee)). We note that the scope of
this proposed safe harbor would not be limited to Federal health care
program beneficiaries in recognition that the VBE or VBE participants
may define the target patient population without regard to payor type.
We solicit comments on whether we should instead provide safe harbor
protection for tools and supports VBE participants furnish to a broader
universe of patients by, for example, protecting patient engagement
tools and supports furnished by VBE participants to any patient, so
long as the tools and supports predominantly address needs of the
target patient population and the tools and supports have a direct
connection to the coordination and management of care for the patient.
We recognize that some VBEs may not be able to prospectively
identify the individual patients in the target patient population. For
example, in some accountable care organization (ACO) arrangements under
CMS-sponsored models, beneficiaries are assigned to the ACO, which
could be a VBE, retrospectively or on a preliminary prospective basis
(e.g., for agreement periods beginning on July 1, 2019, ACOs
participating in the Medicare Shared Savings Program may select
preliminary prospective assignment with retrospective
reconciliation).\30\ We are interested in stakeholder comments on the
challenges, if any, presented by the safe harbor's protection of only
patient engagement tools and supports furnished to patients in the
target patient population when the VBE's assigned beneficiaries are
identified retrospectively or on a preliminary prospective basis.
---------------------------------------------------------------------------
\30\ 42 CFR 425.400(a)(4)(ii). We offer this as an illustrative
example. Participants in the Medicare Shared Savings Program and
Innovation Center ACO models have existing fraud and abuse law
waivers and may not need new safe harbor protection.
---------------------------------------------------------------------------
3. Limitations on Type of Remuneration
The proposed safe harbor would protect only tools or supports, as
specified in proposed 1001.952(hh), furnished by a VBE participant to a
patient in the target patient population. As proposed in
1001.952(hh)(3)(i), (ii) and (iii), we would limit a patient engagement
``tool or support'' to in-kind, preventive items, goods, or services,
or items, goods, or services such as health-related technology, patient
health-related monitoring tools and services, or supports and services
designed to identify and address a patient's social determinants of
health, that have a direct connection to the coordination and
management of care of the target patient population. This limitation on
tools or supports would exclude gift cards, cash, and any cash
equivalent (e.g., a check or pre-paid debit card).
We do not propose a specific definition of ``preventive care item
or service'' to provide flexibility for VBE participants that seek to
furnish preventive care items and services as a means to improve
patient outcomes and better overall patient health.\31\ OIG is mindful
of the evolving nature of clinical practice guidelines and
recommendations for practices that are categorized as ``preventive
care,'' and we intend to allow this proposed safe harbor to protect the
provision of tools and supports that a VBE participant reasonably
determines, within the medical judgment of the applicable practitioner
treating the patient, to be preventive care. VBE participants would
need to exercise caution in ensuring that tools and supports for which
they desire safe harbor protection are reasonably considered preventive
care.
---------------------------------------------------------------------------
\31\ We do not intend to incorporate the definition of
``preventive care'' found in the regulations interpreting the
beneficiary inducements CMP, 42 CFR 1003.110. Note that the
definitions found at 42 CFR 1003.110 apply to part 1003, not part
1001, where the proposed 42 CFR 1001.952(hh) would be located.
---------------------------------------------------------------------------
We solicit comments on whether the categories of patient engagement
tools and supports listed above that would receive protection (i.e.,
health-related technology, patient health-related monitoring tools and
services, or supports and services designed to identify and address a
patient's social determinants of health) are sufficiently flexible but
also sufficiently targeted to protect against the risks of fraud and
abuse associated with providing inappropriate remuneration to patients.
For instance, we believe ``health-related technology'' and ``patient
health-related monitoring tools and services'' might include wearable
monitoring devices, such as a smart watch or tracker designed to
collect information and transmit data to a patient's physician for
treatment or disease monitoring. We are considering for purposes of the
final rule requiring that the VBE participant confirm that the tools
and services provided to a patient are not duplicative of, or
substantially the same as, tools and services the patient already has.
For example, we are considering whether the safe harbor should protect
the provision of a new cell phone or wireless service to a patient who
needs an application for remote patient monitoring if the patient
already has these products and only needs the application.
With respect to the provision of supports and services designed to
identify and address social determinants of health, many commenters to
the OIG RFI urged us to consider ``social determinants of health,''
also described as ``health-related nonmedical'' items, goods, and
services, that address basic needs essential to patients' health, such
as food, shelter, safety, clothing, income, and transportation, in
designing any proposed safe harbors. There is substantial evidence that
unmet social needs related to these determinants of health, such as
transportation, nutrition, and safe housing, play a critical role in
health outcomes and expenditures.\32\ These needs must be considered
when thinking about maximizing health outcomes and lowering healthcare
costs.
---------------------------------------------------------------------------
\32\ See, e.g., Michael Marmot et al., on behalf of the World
Health Organization and Commission on Social Determinants of Health,
Closing the gap in a generation: Health equity through action on the
social determinants of health, 372 Lancet 9650 (2008), available at
https:/www.thelancet.com/journals/lancet/issue/vol372no9650/PIIS0140-6736(08)X6047-7; Gayle Shier et al., Strong Social Support
Services, Such As Transportation And Help For Caregivers, Can Lead
To Lower Health Care Use And Costs, 32 Health Affairs 3 (2013),
available at https://www.healthaffairs.org/doi/pdf/10.1377/hlthaff.2012.0170.
---------------------------------------------------------------------------
Evidence indicates that efforts that target home and neighborhood-
level factors, such as healthcare accessibility for low-income
individuals, physical and environmental obstructions to healthy living,
and housing and case management, can lead to improved health outcomes
for people of all ages.\33\ These improved health outcomes include
decreased mortality, delay or prevention of preventable and chronic
[[Page 55724]]
diseases, and lowered healthcare utilization, indicating a higher
quality of life.\34\
---------------------------------------------------------------------------
\33\ See, e.g., J. Michael McGinnis, Pamela Williams-Russo, and
James R. Knickman, The Case For More Active Policy Attention To
Health Promotion, 21 HEALTH AFFAIRS 2 (Mar. 2002), available at
https://www.healthaffairs.org/doi/10.1377/hlthaff.21.2.78.
\34\ Marmot, supra.
---------------------------------------------------------------------------
By addressing health disparities that emerge from the social
determinants of health, some research suggests that the United States
could save over $230 billion in medical care costs.\35\ Moreover, there
is research suggesting that policy interventions that focus on the
social determinants of health can produce an estimated economic return
of $1.02 trillion.\36\
---------------------------------------------------------------------------
\35\ McGinnis, supra.
\36\ McGinnis, supra.
---------------------------------------------------------------------------
Based on the connection of social determinants to healthcare
outcomes and costs, we are considering for purposes of the final rule
whether explicitly to include protection for tools and supports that
address some social determinants of health that meet all other safe
harbor conditions. While all social determinants have the potential to
improve health outcomes, some social determinants may be more
specifically aligned with preventive care and the coordination and
management of care for patients (e.g., transportation to medical
appointments, nutrition to address clinical conditions, safe housing
for patients discharged to their homes) than others (e.g., a more
general need for income through employment). We seek public input on
which social determinants are most crucial to improving care
coordination and transitioning to value-based care and payment, with
respect both to needed arrangements between providers or others in a
position to generate Federal health care program referrals between
them, and needed arrangements between beneficiaries and providers or
others in a position to influence the selection of providers,
practitioners, and suppliers.
We are considering, and solicit comments on, how the final safe
harbor should make distinctions among the categories of social
determinants, such as protecting some types of tools and supports but
not others. We are considering for the final rule whether we should
specify specific tools and supports that would be permissible,
including whether to base such a list on the types of tools and
supports described in CMS guidance for the Medicare and Medicaid
programs. We are interested in illustrative examples and data
supporting commenters' views on this topic, including data supporting
(or not supporting) the efficacy from a quality, effectiveness, and
cost perspective of particular types of tools and supports related to
addressing social determinants of health. Regardless, whether a
particular tool or support would, in fact, be protected under the safe
harbor when offered by a VBE participant to a patient in a target
patient population would depend on the facts and circumstances and
whether all safe harbor conditions were satisfied.
We solicit comments on whether, instead of using the proposed
categories, the final rule should list specific tools and supports that
could be protected under the safe harbor. We are interested in feedback
on which tools and supports should be listed and how the rule could
account for emerging tools and supports that improve patient
engagement, care coordination, and health outcomes.
We do not intend for tools and supports protected by this proposed
safe harbor, which includes only in-kind items, goods, and services, to
be limited to items or services covered by a Federal health care
program (as the term of art, ``items or services,'' when used in the
context of the Medicare program, could suggest).\37\ In general, the
provision of covered items and services to patients does not require
safe harbor protection provided that all normal billing rules are
followed. That said, the proposed description of a permissible tool or
support would include federally reimbursable items and services, and
provided that the other requirements of the safe harbor are satisfied,
the provision of federally reimbursable items and services could
receive safe harbor protection.
---------------------------------------------------------------------------
\37\ While OIG's regulations found at 42 CFR 1003.110 define
``items and services or items or services,'' we do not cross-
reference such definition in this proposed safe harbor, nor do we
propose to limit the items, goods, and services potentially
protected by this proposed safe harbor to the items and services
that would satisfy the definition found at 42 CFR 1003.110. Note
also that the definitions found at 42 CFR 1003.110 apply to part
1003, not part 1001, where the proposed 42 CFR 1001.952(hh) would be
located.
---------------------------------------------------------------------------
We seek comment on potential fraud and abuse risks presented by
including items and services that could be reimbursable by a Federal
health care program as permitted tools or supports. We are aware of,
and deeply concerned about, fraud schemes that involve the provision of
items and services, including prescription opioids or other drugs, that
are not needed by patients or that are harmful to them. We do not
propose to protect such arrangements in this rulemaking, and such
arrangements would not be protected in any final rule. Further, as OIG
has previously stated, we are concerned that the provision of
potentially reimbursable items and services, for free, could result in
steering or unfair competition or could create a seeding arrangement,
where, for example, a physician could be influenced to prescribe an
item or service, which may be free at some point, but would be covered
by a third-party payor (including Federal health care programs) in the
future.\38\ Because of the risks presented by allowing safe harbor
protection for the provision of potentially reimbursable items and
services, including inappropriate seeding arrangements or the provision
of medically unnecessary or harmful items or services, we are
considering, and seek comment on, excluding in the final rule federally
reimbursable items and services as a protected tool or support. As
discussed further below, the proposed patient engagement and support
safe harbor would not protect cost-sharing waivers, and thus would not
protect billing a Federal program while waiving the beneficiary's share
of payment.
---------------------------------------------------------------------------
\38\ Adv. Op. No. 18-14, available at https://oig.hhs.gov/fraud/docs/advisoryopinions/2018/AdvOpn18-14.pdf.
---------------------------------------------------------------------------
The in-kind requirement means that the patient must receive the
actual tool or support and not funds to purchase the tool or support.
For example, patients may not be given cash reimbursements for items or
goods they purchase directly. While cash reimbursements for tools and
supports would not satisfy the in-kind requirement, we would consider a
voucher for a particular tool or support (e.g., a meal voucher or a
voucher for a taxi) to satisfy the in-kind requirement.
a. Cash and Cash Equivalent Incentives
A number of commenters responding to the OIG RFI urged OIG to
protect the distribution of cash incentives to patients as a reward for
engaging in certain healthcare-related activities. For example,
providers responding to the OIG RFI stated that they would like
protection to provide cash rewards to patients both for attending
appointments (e.g., $10 for patients who attend an initial primary care
visit) and for engaging in activities designed to promote the adoption
and maintenance of healthy behaviors (e.g., a $25 check offered to
patients who complete milestones in a behavioral modification program
related to substance use disorders). Commenters cited a number of
studies in support of this recommendation.\39\
---------------------------------------------------------------------------
\39\ See, e.g., Cathy J. Bradley & David Neumark, Small Cash
Incentives Can Encourage Primary Care Visits by Low-Income People
with New Health Care Coverage, 36 Health Affairs 8 (2017), https://www.healthaffairs.org/doi/10.1377/hlthaff.2016.1455; Scott D.
Halpern, MD, Ph.D. et al., Randomized Trial of Four Financial-
Incentive Programs for Smoking Cessation, 372 New Eng. J. Med. 2108
(2015), https://www.nejm.org/doi/full/10.1056/NEJMoa1414293.
---------------------------------------------------------------------------
[[Page 55725]]
Commenters to the OIG RFI noted that incentives and supports in the
form of cash could help improve patients' adherence to treatment plans,
encourage participation in medically necessary care, and motivate
patients to lead healthier lifestyles. In addition, commenters to the
OIG RFI posited, and some research suggests, that patients prefer cash
to in-kind items, goods, or services and that cash may be more
effective at maintaining patient engagement and encouraging and
reinforcing positive behavioral change. We also have observed
congressional interest in allowing providers to offer beneficiaries
cash through, by way of example, the recent enactment of the ACO
Beneficiary Incentive Program, section 1899(m) of the Act. However, OIG
historically has had significant concerns with allowing providers to
offer cash or cash equivalents to patients, and our oversight and
enforcement experience suggests that cash incentives can: (i) Result in
medical identity theft and misuse of patients' Medicare numbers, (ii)
lead to inappropriate utilization (in the form of medically unnecessary
items and services), and (iii) cause improper steering (including
patients selecting a provider because the provider offers the most
valuable incentives and not because of the quality of care the provider
furnishes).
Notwithstanding, we are considering for the final rule, and seek
comment on, whether to protect patient incentives and supports in the
form of cash and cash equivalents in certain circumstances.\40\ If we
do so, we might set a monetary limit on the aggregate amount of
remuneration provided annually (such as up to $75 per year, or higher
or lower amounts) \41\ or include other safeguards to prevent the
misuse of cash incentives to steer patients to items or services to
influence them to allow others to use their personal information to
order unnecessary or inappropriate items and services. Further, we
likely would limit the use of cash remuneration to reward patients for
attending medically necessary primary care or other clinically
prescribed treatment visits, or for successful participation in a
clinically appropriate behavioral modification or substance use
disorder treatment program. If we were to adopt this approach, we would
consider requiring offerors to have an evidence-based reason for using
cash to influence patients' adherence to a treatment regimen or
clinical program. (This might be the case, depending on the evidence,
with respect to a substance use disorder treatment or smoking cessation
program.) We solicit comment on potential criteria a party may apply to
ensure that the arrangement is evidence-based, such as ensuring the
arrangement is supported by the Joint Commission, the Agency for
Healthcare Research and Quality, or other independent organization that
develops national quality standards or quality measures.
---------------------------------------------------------------------------
\40\ OIG continues to consider items convertible to cash (such
as a check) or that can be used like cash (such as a general purpose
debit card) to be cash equivalents.
\41\ The $75 amount parallels OIG's 2016 ``Office of Inspector
General Policy Statement Regarding Gifts of Nominal Value to
Medicare and Medicaid Beneficiaries Policy Statement,'' which
currently sets the retail value of permissible ``inexpensive'' or
``nominal value'' gifts at $15 per item and $75 in the aggregate per
patient on an annual basis. See OIG, Office of Inspector General
Policy Statement Regarding Gifts of Nominal Value to Medicare and
Medicaid Beneficiaries (Dec. 7, 2016), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/OIG-Policy-Statement-Gifts-of-Nominal-Value.pdf.
---------------------------------------------------------------------------
b. Waiver or Reduction of Cost-Sharing Obligations
A number of the comments we received in response to the OIG RFI
advocated broad protection from potential anti-kickback statute and
beneficiary inducements CMP liability for routinely waived or reduced
cost-sharing obligations. As an initial matter, we note that the
requirement for cost-sharing in Medicare and Medicaid is a programmatic
matter; cost-sharing is required pursuant to statute and regulations
set forth by CMS and State Medicaid programs. We do not believe safe
harbors to the anti-kickback statute are the right tool to obviate
these programmatic requirements. Our concerns regarding routine waivers
of cost-sharing amounts are longstanding; \42\ such routine waivers may
constitute prohibited remuneration to induce referrals. Therefore, as
proposed, the patient engagement and support safe harbor would not
protect the routine waiver or reduction of cost-sharing obligations
(including coupons leading to such waivers or reductions).
---------------------------------------------------------------------------
\42\ See, e.g., Special Fraud Alert: Routine Waiver of
Copayments or Deductibles Under Medicare Part B, 59 FR 65372, 65374
(Dec. 19, 1994).
---------------------------------------------------------------------------
We are interested in comments that identify potential benefits of
permitting in the final rule the waiver or offset of cost-sharing
obligations where the cost-sharing waiver or offset of obligations is
part of a value-based arrangement under our value-based framework. In
addition, we solicit comments on any safeguards that would mitigate
concerns that routine waivers of cost-sharing amounts might undermine
prudent consumer incentives of cost-sharing or might allow for abusive
``insurance-only billing'' marketing schemes targeting patients for
unnecessary or poor-quality items or services.
Long-standing OIG guidance allows for non-routine, good-faith
financial need cost-sharing waivers,\43\ and several safe harbors and
beneficiary inducements CMP exceptions already offer protection for
certain reductions, waivers, and differentials in cost-sharing, such as
the exception for the waiver of cost-sharing amounts found at section
1128A(i)(6)(A) of the Act and 42 CFR 1003.110. Those safe harbors and
exceptions remain available and unchanged by this proposal. We also are
proposing protection for certain cost-sharing waivers or reductions
under the CMS-sponsored model patient incentives safe harbor, proposed
at 1001.952(ii). As noted above, many VBE participants that would avail
themselves of the patient engagement and support safe harbor would not
be subject to programmatic requirements, oversight, or monitoring
comparable to CMS-sponsored models. Therefore, cost-sharing waivers or
reductions offered and provided under the CMS-sponsored models may
present fewer risks.
---------------------------------------------------------------------------
\43\ See, e.g., OIG, Special Fraud Alert, 59 FR 65372, 65374
(Dec. 19, 1994).
---------------------------------------------------------------------------
We are aware of concerns expressed by some stakeholders about the
collection of small beneficiary cost-sharing amounts associated with
certain care coordination services, such as care management and remote
monitoring, where the costs of collection exceed the amount to be
collected. Stakeholders would like safe harbor protection for waivers
of such cost-sharing amounts. We are considering for the final rule
whether limited safe harbor protection for such waivers might be
appropriate, including whether such safe harbor protection would be
consistent with the program rules establishing such beneficiary cost-
sharing amounts. We are considering for the final rule, and seek
comment regarding, what conditions we should include in any safe harbor
for limited cost-sharing waivers that would protect only cost-sharing
waivers associated with certain specified services, such as care
management and remote monitoring. If we were to finalize such a safe
harbor, we likely would include conditions similar to those set forth
in proposed 1001.952(hh).
Finally, we are aware of interest among some stakeholders in
offering patients a share of savings the patients help generate for a
payor. For example, a patient who selects a clinically
[[Page 55726]]
appropriate but less costly setting to obtain services (e.g., home-
based services instead of a treatment in a facility) might share in the
savings realized from the lower cost care setting. We believe that in
many cases, this type of program would be part of a plan's benefit
design. The need for new safe harbor protection for this type of
arrangement is unclear, and we solicit comments on this issue.
c. Gift Cards
OIG has never considered gift cards to be in-kind items, goods, or
services. The limitation of ``tool or support'' proposed in paragraph
1001.952(hh) would be consistent with OIG's position that gift cards
are not in-kind items, goods, and services. OIG recognizes certain
risks attendant to providing gift cards as patient engagement tools and
supports, some of which may make gift cards indistinguishable from cash
(e.g., we recognize that consumers can sell or trade gift cards through
gift card redemption sites, which could result in a gift card morphing
into cash). Similar to cash and cash equivalents, OIG is concerned that
tools and supports in the form of gift cards could induce patients to
seek medically unnecessary items and services--leading to inappropriate
utilization--and could result in providers improperly steering patients
through offering valuable incentives in the form of gift cards.
Nevertheless, because gift cards may be effective at promoting
behavioral change, OIG is considering whether to include protection for
gift cards in limited circumstances, for example, where they are
provided to patients with certain conditions, such as substance use
disorders and behavioral health conditions, as part of an evidence-
based treatment program, for the purpose of effecting behavioral
change. OIG seeks comments on the potential inclusion of gift cards in
limited circumstances such as these and requests citations to any
recent studies assessing the positive or negative effects of gift card
incentives on promoting behavioral change. OIG also solicits comments
on whether and how including gift cards as allowable ``tools or
supports'' in the circumstances described above would raise the risk of
fraud and abuse and specifically whether it would present any anti-
competitive effects, particularly for smaller providers and suppliers.
OIG also is considering and seeks comment on what additional
safeguards, such as limiting protection for gift cards to those that
are not pre-paid debit cards,\44\ we should include to the extent the
safe harbor protects the provision of gift cards.
---------------------------------------------------------------------------
\44\ OIG recognizes that gift cards can take a number of forms,
including tangible gift cards, electronic gift cards, and the
replenishment of funds available, through a smartphone application,
to purchase items, goods, or services at a particular entity.
---------------------------------------------------------------------------
4. Additional Proposed Conditions
The patient engagement and support safe harbor would impose a
number of conditions on the provision of protected patient engagement
tools and supports. The intent of these safeguards is to balance the
potential benefits of tools and supports with safeguards that minimize
the risk of harm to patients, payors, or both.
a. Furnished Directly to the Patient
Under the proposed condition at 1001.952(hh)(1), the tool or
support must be furnished directly to the patient by a VBE participant.
The reasons for this proposed condition are two-fold. First, the
condition would prevent entities that are excluded from participating
in a VBE from directly or indirectly furnishing tools and supports to
patients. Second, we believe that this condition would help patients
understand which entity or individual is furnishing the tool or
support, which could aid patients in deciding whether to participate in
the program or treatment regimen offered. We are considering for the
final rule and seek comment on whether we should include a condition in
the final safe harbor that would require the VBE participant to provide
any patient receiving a patient engagement tool or support a written
notice describing: (i) The VBE participant that is giving the patient
the tool or support; (ii) what the remuneration is; and (iii) the
purpose of, or reason for, the remuneration. We solicit comments on
whether we should expressly permit the VBE participant to furnish the
tool or support through someone acting on the VBE participant's behalf
and under the VBE participant's direction (e.g., a physician practice
that provides the tool or support through an individual member of the
practice or nurse employed by the practice). We also seek comments on
the applicability of the proposed safe harbor to potential arrangements
by which a VBE participant orders or arranges for the delivery of a
tool or support from an independent third party.
b. Funding Limitations
Under the proposed condition at 1001.952(hh)(2), we limit who can
fund or otherwise contribute to patient engagement tools and supports
furnished by a VBE participant. We propose to interpret the requirement
at 1001.952(hh)(2) to prohibit the VBE participant from accepting or
using funds or free in-kind items or services furnished by any
individual or entity outside of the VBE to finance or otherwise
facilitate its patient engagement tools, supports, or both, including
both the cost of the tool or support and any associated operating costs
incurred through the provision of such tool or support (e.g., staff
time dedicated to ordering or distributing blood pressure cuffs or
technology expenses or help desk services associated with a patient
support). We believe this requirement is necessary to reduce the
likelihood of undue influence that could result in inappropriate
patient steering to specific products, providers, or suppliers.
In addition, this proposed condition would ensure that the entities
we propose to exclude as VBE participants would not indirectly furnish
patient engagement tools and supports under the safe harbor. For
example, a pharmaceutical manufacturer, manufacturer, distributor, or
supplier of DMEPOS, or laboratory could not circumvent the proposed
exclusion from the definition of ``VBE participant'' by providing funds
to a third-party entity and then directing or otherwise controlling any
aspect of the third-party entity's provision of patient engagement
tools and supports as a VBE participant. Further, this proposed
condition would prohibit a non-VBE participant's contribution of in-
kind items and services for a VBE participant to provide to patients as
tools or supports. By way of example, a pharmaceutical manufacturer's
provision of free product to a VBE participant (e.g., a physician) for
the VBE participant's distribution to patients as free product samples
would not be protected by this proposed safe harbor.\45\ We solicit
comments on this approach and whether there may be defined, limited
circumstances in which non-VBE participants should be able to
contribute or otherwise participate in the provision of tools and
supports eligible for safe harbor protection.
---------------------------------------------------------------------------
\45\ For further information regarding the Federal anti-kickback
statute and beneficiary inducements CMP implications of free product
samples, see e.g., OIG, Compliance Program Guidance for
Pharmaceutical Manufacturers, 68 FR 23731, 23739 (May 5, 2003); Adv.
Op. No. 08-04, available at https://oig.hhs.gov/fraud/docs/advisoryopinions/2008/AdvOpn08-04.pdf; Adv. Op. No. 15-11, available
at https://oig.hhs.gov/fraud/docs/advisoryopinions/2015/AdvOpn15-11.pdf.
---------------------------------------------------------------------------
We note that this proposed safe harbor does not address, or
otherwise
[[Page 55727]]
prohibit, arrangements between VBE participants and others (including
vendors and manufacturers) for the purchase and sale of tools and
supports that the VBE participant would furnish under the safe harbor.
Such arrangements must be assessed on a case-by-case basis for
compliance with the Federal anti-kickback statute and any other
applicable law.
c. Prohibition on Marketing and Patient Recruitment
Under the proposed condition at 1001.952(hh)(3)(iii), the
remuneration must not include any in-kind item, good, or service used
for patient recruitment or marketing of items or services to patients.
We do not intend to protect tools or supports that serve solely as
patient recruitment incentives. Similarly, we do not intend to protect
tools or supports offered to patients where the party knows or should
know that the patient would not use the item as intended under the
arrangement and would instead resell the item.
We seek comments on this proposed condition, and in particular, any
benefits of permitting in the final rule some targeted marketing or
similar outreach to the target patient population for the purposes of
engaging them in evidence-based prevention or wellness activities, or
in improving population health outcomes, particularly for VBEs or VBE
participants at financial risk for the health outcomes of the target
patient population. As with our proposal at paragraph 1001.952(ee), we
also are interested in comments on how best to preclude marketing of
reimbursable items and services and patient recruitment while still
permitting beneficial educational efforts and activities that promote
patient awareness of care coordination activities and available tools
and supports.
d. Direct Connection
Under the proposed condition at 1001.952(hh)(3)(i), the tool or
support furnished to the patient must have a ``direct connection'' to
the coordination and management of care for the patient. We interpret
``direct connection'' to mean that the VBE has a good faith expectation
that the tool or support will further the VBE's coordination and
management of care for the patient, as that concept is described in the
proposed conditions at 1001.952(ee). Where a direct connection exists,
it should not be difficult for the VBE and the VBE participant
providing the patient engagement tool or support to clearly articulate
the nexus between the tool or support and a care coordination and
management purpose of the VBE. We believe that this requirement
effectively balances the goals of patient engagement tools and
supports, such as patient compliance with a plan of care and adherence
to behavior modifications to improve overall health, with the risk that
VBE participants could use extravagant tools or supports to steer
beneficiaries or incentivize unnecessary or inappropriate care.
Consistent with our goals of fostering flexibility, adaptability, and
innovation, we are not further describing specific patient engagement
tools and supports that would be considered to have a direct connection
to the coordination and management of care for the patient. We are
considering for the final rule and solicit comments on whether we
should require a ``reasonable connection'' rather than a ``direct
connection.''
As an alternative or in addition to this approach, we are
considering whether, to heighten transparency of patient engagement
tools and supports and to ensure that qualifying patient engagement
tools and supports are known by and closely related to the VBE itself,
we should require the VBE to make a bona fide determination that the
VBE participant's arrangement to provide tools and supports to patients
is directly connected to the coordination and management of care for
the patient, as that term is used in the proposed 1001.952(ee). We
solicit comments on this approach.
Lastly, we are considering for the final rule, and solicit comment
on, whether we should require that patient engagement tools and
supports be directly connected to any of the four value-based purposes,
as opposed to requiring a direct connection specifically to the
coordination and management of the patient's care.
e. Medical Necessity
Under the proposed condition at 1001.052(hh)(3)(iv), the tool or
support furnished to the patient must not result in medically
unnecessary or inappropriate items or services reimbursed in whole or
in party by a Federal health care program. We believe that this is an
important protection for patient safety and quality of care.
f. Nature of the Remuneration
Under the proposed conditions at 1001.952(hh)(3)(vi), the tool or
support must be recommended by the patient's licensed healthcare
provider. This condition seeks not only to ensure that the remuneration
is focused specifically on patient care, but also underscore the
importance of quality of care, the healthcare provider's medical
judgment, and the patient's relationship with his or her chosen
healthcare providers in developing plans for treatment and care.
We are considering and solicit comment on, whether we should
include as a safeguard a requirement that the patient's licensed
healthcare provider certify in writing, under 18 U.S.C. 1001 and 1519,
that the particular item or service is recommended solely to treat a
documented chronic condition of a patient in a target patient
population. We solicit comments on how providers would most efficiently
meet such a requirement and whether and how providers should be
required to make the certification available.
For all types of remuneration contemplated under this proposed safe
harbor, we are considering for the final rule and seek comment on
whether we should impose further limitations on the nature of
remuneration furnished or other conditions to safeguard against the
risks associated with fraud and abuse. For example, we are considering
for the final rule and seek comment on some or all of the following
additional safeguards:
A requirement that VBE participants furnishing patient
engagement tools and supports demonstrate and document the desired
adherence to a treatment regimen, adherence to a drug regimen,
adherence to a follow-up care plan, management of a disease or
condition, improvement in measurable health outcomes, or patient
safety; and
a monitoring requirement to ensure that the patient
engagement tools and supports do not result in diminished quality of
care or patient harm.
In addition, we seek specific examples of any other types of
remuneration that stakeholders believe should be covered (or should not
be covered) by this proposed safe harbor and why, as well as input on
whether we can better define categories of remuneration, and any
limitations or safeguards necessary to protect against fraud and abuse
risks specific to such examples or categories.
g. Advancement of Specified Goals
Under the proposed condition at 1001.952(hh)(3)(vii), the
incentives and supports must advance specifically enumerated goals,
namely: Adherence to a treatment regimen as determined by the patient's
licensed healthcare provider; adherence to a drug regimen as determined
by the patient's licensed healthcare provider; adherence to a follow-up
care plan established by the patient's licensed healthcare provider;
management of a disease or condition as directed by the patient's
licensed
[[Page 55728]]
healthcare provider; improvement in evidence-based measurable health
outcomes for a patient or the target patient population; ensuring
patient safety; or some combination of the above.\46\ We are not
proposing to specify which tools and supports would advance the named
goals to provide flexibility for VBE participants and promote
innovation. We intend for this proposed condition to protect a range of
tools and supports. For example, an item, such as a smart pill bottle,
that dispenses medications at preset times for a patient could meet
this condition because it is a tool that enables the patient to access
the right medication at the appropriate dosage and time. Offering a
parking voucher or providing free childcare during medical appointments
also could satisfy this condition because these supports would allow a
patient to comply with his or her treatment regimen. Conversely,
offering a patient movie tickets to reward compliance with a treatment
regimen would not satisfy this condition.
---------------------------------------------------------------------------
\46\ We note here that the word ``drug'' is synonymous with and
inclusive of ``medication,'' neither of which terms we are defining
for purposes of this proposed safe harbor. Similarly, ``followup
care plan'' would include so-called ``discharge plans.''
---------------------------------------------------------------------------
While we are concerned about the potential for abuse when patients
are offered rewards to induce them to receive items or services, we
also are aware that, in some circumstances, patients, or persons at
risk of becoming patients with more serious conditions, might be
offered tools or supports that result in lower healthcare costs
(without compromising quality) or that promote patient wellness and
healthcare.
h. No Diversion or Resell
Under the proposed condition at 1001.952(hh)(4), this safe harbor
would not protect the provision of a tool or support if the offeror of
the remuneration knows or should know that the tool or support is
likely to be diverted, sold, or utilized by the patient other than for
the express purpose for which the patient engagement tool or support is
provided. This proposed condition is designed to prevent VBE
participants from providing tools and supports to patients if they
likely would divert or sell or otherwise use for purposes other than
the coordination and management of care and the goals outlined in
(hh)(3)(vi). We seek comments on this approach.
Notwithstanding the foregoing, for the purposes of this safe
harbor, we would not consider a tool or support to be diverted if it is
furnished to patients indirectly through their caregivers or family
members or others acting on patients' behalf if the remuneration
otherwise satisfies the conditions of the safe harbor. Specifically, if
a patient is unable to care for herself or himself and another person
(e.g., a family member or other caregiver) has legal authority or the
patient's consent to act on the patient's behalf, then remuneration
furnished to that person, on the patient's behalf and for the patient's
benefit, would be protected if all conditions of the safe harbor are
met. For example, if the patient is a child suffering from asthma, the
child's parent or guardian may accept in-kind remuneration, such as a
new air purifier for the child's bedroom, on the child's behalf without
violating this requirement.
i. Monetary Cap
Under the proposed condition at 1001.952(hh)(5), the aggregate
retail value of patient engagement tools and supports furnished by a
VBE participant to a patient could not exceed $500 on an annual basis,
with certain limited exceptions. With this condition, we have attempted
to strike the right balance between flexibility for beneficial patient
tools and supports and a bright-line limit on the amount of protected
remuneration to protect patients from being improperly influenced by
valuable gifts; to protect the Federal health care programs from
potential abuse through overutilization and inappropriate utilization
due to such gifts; and to allow for innovation and beneficial
arrangements that benefit patients and payors. As noted elsewhere in
this preamble, our enforcement experience shows that incentives offered
to beneficiaries can be used to coerce them into obtaining unnecessary
services or harmful care, and this risk may be heightened when the
value of remuneration is high or unlimited. However, we are unsure
whether a monetary cap would present a barrier to achieving the
intended benefits for patients envisioned by this proposed safe harbor.
In lieu of a monetary cap, we are considering for the final rule, and
seek comments on, whether other combinations of safeguards proposed in
this rule would offer meaningful protection against fraud and abuse
involving patients and programs, while still achieving the policy goal
of promoting value-based care.
We solicit comments on whether this proposed monetary limit of $500
is appropriate, whether $500 per year is too low or too high, and if
so, what other figures are more appropriate and the reasons for such
other figures (e.g., $100, $200, $1,000, $1,500, or another amount that
would be of sufficient magnitude to protect the most beneficial
arrangements while also preventing the most abusive ones). For purposes
of measuring retail value, we propose that such value be measured at
the time the patient engagement tool or support is provided, and we are
considering for the final rule whether to interpret ``retail value'' to
mean the fair market value to the recipient or commercial value to the
recipient. We also solicit comments on the proposed requirement
applying the cap to individual VBE participants and whether the
requirement should instead apply the annual cap to the VBE as a whole.
Under this alternative, we are considering whether only one VBE
participant within a VBE could offer remuneration to a patient during
the year. If we limited the cap to the VBE instead of a VBE
participant, we are interested in comments regarding how this might
negatively impact opportunities for patients and providers or create
burdensome tracking and recordkeeping obligations for a VBE or VBE
participants. We also solicit comments on whether we should apply the
annual cap on a value-based arrangement basis; in other words, under
each value-based arrangement, a patient could receive aggregate
remuneration up to the cap (whether from one or more VBE participants
in the arrangement). We are interested in comments about any negative
impacts or burdens from this approach.
We propose that the cap could be exceeded for certain patients who
lack financial resources. Specifically, the proposed condition at
1001.952(hh)(5) provides that the aggregate retail value of patient
engagement tools or supports furnished to a patient by a VBE
participant may exceed $500 per year if the patient engagement tools
and supports are furnished to a patient based on a good faith,
individualized determination of the patient's financial need. OIG has
existing guidance related to individualized, good faith determinations
of financial need in the context of cost-sharing waivers, and
accounting for financial need generally aligns with an existing
exception under the CMP. We are not specifying any particular method of
determining financial need because we believe what constitutes
``financial need'' varies depending on the circumstances. However, it
would be important for VBE participants to make determinations of
financial need on a good faith, individualized, case-by-case basis in
accordance with a reasonable set of income and resource guidelines
[[Page 55729]]
uniformly applied in all cases. The guidelines would need to be based
on objective criteria and appropriate for the applicable locality. A
patient's medical costs and liabilities could be taken into account,
among other factors, as part of the determination. We seek comments on
this approach as applied to the proposed safe harbor as well as whether
we should include a cap but not allow for the cap to be exceeded.
We seek comments regarding whether the monetary limit imposed at
1001.952(hh)(5) is necessary and appropriate, or if alternatives that
better protect patients and payors exist, such as a limitation on the
frequency of such remuneration (e.g., a one-time provision of
remuneration, once per year, or once per month), or a per-occurrence
limitation, in place of, or in addition to, an aggregate limit. If a
per occurrence limitation is desirable, we seek feedback on its amount
standing alone and in relation to an aggregate cap (e.g., if the
aggregate cap were to be $500 per year, should the per occurrence cap
be $100, $200, or some higher or lower figure). We seek comments about,
and supporting data for selecting, cap amounts. Finally, we seek
comments regarding how we should treat ongoing costs associated with
tools and supports (such as batteries, maintenance costs, or upgrades).
j. Materials and Records
Under the proposed condition at 1001.952(hh)(6), the VBE or a VBE
participant would be required to make available to the Secretary, upon
request, all materials and records sufficient to establish compliance
with the conditions of this safe harbor. We are not proposing
particular parameters regarding the creation or maintenance of
documentation to allow individuals and entities the flexibility to
determine what constitutes best documentation practices but welcome
comments on whether particular parameters are needed. In particular, we
are considering for the final rule and seek comment regarding whether
we should include, in the final rule, a requirement that VBE
participants retain materials and records sufficient to establish
compliance with the conditions of this safe harbor for a set period of
time (e.g., at least 6 years or 10 years). Were an entity to be under
investigation and assert this safe harbor as a defense, it would need
to be able to demonstrate compliance with each condition of the safe
harbor.
5. Potential Safeguards
In addition to the proposed conditions set forth above, for the
purposes of the proposed patient engagement and support safe harbor, we
are considering and seek comment on additional potential safeguards for
the final rule. We are considering and seek comment on the possible
safeguards outlined below for this proposed safe harbor because many
VBE participants that would avail themselves of the proposed patient
engagement and support safe harbor would not be subject to governmental
programmatic requirements, oversight, or monitoring comparable to CMS-
sponsored models (addressed in the proposed safe harbor at
1001.952(ii)).
a. Prohibition on Cost-Shifting
We are considering for the final rule, and seek comment on, a
condition prohibiting VBE participants from billing Federal health care
programs, other payors, or individuals for the tool or support;
claiming the value of the tool or support as a bad debt for payment
purposes under a Federal health care program; or otherwise shifting the
burden of the value of the tool or support onto a Federal health care
program, other payors, or individuals. This requirement, if included in
any final rule, would be designed to protect against tools and supports
resulting in inappropriately increased costs to Federal health care
programs, other payors, and patients. We are considering, and seek
comments on, prohibiting both: (1) Directly billing any third party,
including patients, for the patient engagement tool or support or any
operational costs attendant to the provision of the patient engagement
tools and supports; and (2) claiming the cost of the patient engagement
tool or support and any operational costs attendant to the provision of
patient engagement tools and supports as bad debt for payment purposes
under Medicare or a State healthcare program.
b. Consistent Provision of Patient Incentives
We are considering for the final rule, and seek comment on, whether
to require VBE participants to provide the same patient engagement
tools or supports to an entire target patient population or otherwise
consistently offer tools and supports to all patients satisfying
specified, uniform criteria. We believe that including such a condition
in the safe harbor would protect against a VBE participant targeting
certain patients to receive tools and supports based on, for example,
the patient's insurance status. We solicit comments on this issue. In
particular, we are interested in understanding whether this proposed
safeguard would limit certain VBE participants' ability to offer tools
and supports due to the potential cost of furnishing the tool or
support to an entire target patient population rather than a smaller
subset of the target patient population. Similarly, we are interested
in comments explaining why offering remuneration to a smaller subset of
a target patient population instead of to the entire target population
would be appropriate and not increase the risk of fraud and abuse, such
as the targeting of particularly lucrative patients to receive tools
and supports (cherry picking) or failure to provide tools and supports
to high-cost patients (lemon dropping).
c. Monitoring Effectiveness
We are considering adding a condition to the final rule that would
require VBE participants to use ``reasonable efforts'' to monitor the
effectiveness of the tool or support in achieving the intended
coordination and management of care for the patient and would require
the VBE or the VBE participant to have policies and procedures in place
to address any identified material deficiencies. We believe that
including such a condition in the safe harbor would help ensure that
the tools and supports VBE participants furnish to patients achieve the
stated purpose(s), and in turn, could help prevent VBE participants
from offering patients engagement tools and supports that induce them
to seek more, potentially unnecessary, care. We solicit comments on
whether we should include such a monitoring provision and, if so, any
anticipated burdens and ways OIG could minimize any burden. We would
apply a facts and circumstances analysis to the ``reasonable efforts''
employed by parties under this condition, using an objective standard
of reasonableness. We solicit comments on this approach.
d. Retrieval of Items and Goods
We are considering for the final rule and seek comment on a
condition that would require offerors to engage in reasonable efforts
to retrieve an item or good furnished as a tool or support in certain
circumstances. For example, we are considering requiring that the
offeror make reasonable efforts to retrieve the patient engagement tool
or support (if it is an item or good) when the patient is no longer in
the target patient population, the VBE no longer exists, or the offeror
is no longer a VBE participant. This would prevent the safe harbor from
being misused to protect inducements to beneficiaries that do not
promote value. If we were to include such a requirement, we are
considering
[[Page 55730]]
setting a minimum value for the item or good above which offerors would
be required to make reasonable retrieval efforts (e.g., $100, $200,
$500 or a higher or lower amount). We believe such a provision would
reduce the burden associated with retrieval efforts. We also are
interested in comments regarding whether any retrieval requirement
should be limited to tools and supports that are practicable to
recover, such as those which are not fixtures or were for short-term
use or an otherwise temporary benefit, and where harm to the patient or
disproportionate expense to the VBE participant would not result.
e. Advertising
We are considering for the final rule and seek comment on a
condition that would require that the VBE participant does not publicly
advertise the patient engagement tool or support (to patients or others
who are potential referral sources). This would prohibit advertising in
the media or posting information for public display or on websites
about the availability of free items or services, similar to the local
transportation safe harbor, 42 CFR 1001.952(bb). Such prohibition on
public advertising would inhibit the use of patient engagement tools
and supports as a marketing tool, thus keeping the focus of the safe
harbor on improving care coordination and management of patients' care.
We solicit comments on this potential safeguard. In particular, we are
interested in comments on whether this condition would impose a barrier
to the success of care coordination and value-based arrangements by
restricting information available to patients about options for
receiving better coordinated care.
G. CMS-Sponsored Model Arrangements and CMS-Sponsored Model Patient
Incentives (1001.952(ii))
OIG and CMS have jointly issued fraud and abuse waivers of certain
provisions of the Federal anti-kickback statute, the physician self-
referral law and, for OIG only, certain CMP law authorities for
numerous payment models established and tested by CMS under section
1115A(d)(1) of the Act (pertaining to models tested by the Innovation
Center) \47\ and section 1899 of the Act (pertaining to the Medicare
Shared Savings Program).\48\ Waivers apply only to: (i) Arrangements
described by the models and (ii) model participants and other specified
individuals and entities. Further, any protection furnished by the
waivers is limited in duration.
---------------------------------------------------------------------------
\47\ See, e.g., CMS, Fraud and Abuse Waivers for Select CMS
Models and Programs, available at https://www.cms.gov/Medicare/Fraud-and-Abuse/PhysicianSelfReferral/Fraud-and-Abuse-Waivers.html.
\48\ See, e.g., 76 FR 67992 at 67992 (Nov. 2, 2011); 80 FR 66726
at 66726 (Oct. 29, 2015) (Medicare Shared Savings Program is
designed to promote the formation of accountable care organizations
that are accountable for a Medicare patient population, coordinate
items and services under Parts A and B, and encourage investment in
infrastructure and redesigned care processes for high-quality and
efficient service delivery).
---------------------------------------------------------------------------
Commenters to the OIG RFI generally asked us to simplify and
standardize our approach to protecting CMS-sponsored model arrangements
under the anti-kickback statute and beneficiary inducements CMP.
Waivers issued to date are tailored to the particular CMS model and
CMS's design for the model, pursuant to the waiver authorities.
Commenters requested that OIG promulgate regulatory protections that
would provide uniformity and predictability for parties participating
in CMS models.
We propose to create a new anti-kickback statute safe harbor at 42
CFR 1001.952(ii) to: (i) Permit remuneration between and among parties
to arrangements (e.g., distribution of capitated payments, shared
savings or losses distributions) under a model or other initiative
being tested or expanded by the Innovation Center under section 1115A
of the Act and the Medicare Shared Savings Program under section 1899
of the Act (collectively, ``CMS-sponsored models'') and (ii) permit
remuneration in the form of incentives and supports provided by CMS
model participants and their agents under a CMS-sponsored model to
patients covered by the CMS-sponsored model. The objective of the
proposed safe harbor is to standardize and simplify anti-kickback
statute compliance for CMS-sponsored model participants in models for
which CMS has determined participants should have the protection that
would be afforded by this safe harbor \49\ (rather than requiring
participants to comply with the law as it would exist without this safe
harbor) by applying uniform conditions across all models or initiatives
sponsored by CMS.
---------------------------------------------------------------------------
\49\ For example, CMS might specify in a participation agreement
whether or not this safe harbor would apply to any arrangement under
the CMS-sponsored model or to particular types of arrangements under
the CMS-sponsored model.
---------------------------------------------------------------------------
This proposal focuses on models under sections 1115A and 1899 of
the Act; we are considering for the final rule, and solicit comments
on, broadening the scope of this safe harbor to protect remuneration
between and among parties to arrangements under CMS initiatives that
are authorized under other sections of the Act with statutory authority
to waive the fraud and abuse laws.
By proposing this safe harbor, we aim to simplify application of
the anti-kickback statute and CMP authorities for individuals and
entities that participate in CMS-sponsored models in a manner that is
consistent with CMS's authorities to operate and test new models and to
reduce the need to issue model-by-model waivers of fraud and abuse
laws. As with fraud and abuse waivers, our goal is to accommodate CMS's
testing and operation of innovative, value-based care delivery and
payment models that CMS has determined could improve quality of care,
reduce growth in costs, or both, while also including program integrity
protections against fraud and abuse. To the extent that an arrangement
under a CMS-sponsored model implicates the anti-kickback statute or
beneficiary inducements CMP, parties within CMS-sponsored models for
which we have issued fraud and abuse waivers may continue to use
applicable CMS-sponsored model waivers to protect their arrangements or
may choose to structure arrangements to comply with this new safe
harbor or any other applicable anti-kickback statute safe harbor or CMP
exception.
The degree of flexibility offered by this proposed safe harbor
recognizes CMS's ability to oversee and monitor CMS-sponsored models
and initiatives and to embed program integrity protections in such
models and initiatives in ways that do not necessarily apply to
arrangements outside the models. For this reason, this proposal does
not extend to commercial and private insurance arrangements that may
operate alongside, but outside, a CMS-sponsored model. However, nothing
in this proposed safe harbor would prevent commercial and private
insurers from implementing arrangements that cover both public and
private patients; such arrangements could be structured to satisfy
other proposed safe harbor protections that do not distinguish between
public and private patient populations.
We are proposing a number of definitions for purposes of this safe
harbor. We propose to define a ``CMS-sponsored model party'' as a CMS-
sponsored model participant or another individual or entity that the
CMS-sponsored model's participation documentation specifies may enter
into a CMS-sponsored model arrangement. We propose to define
``participation documentation'' for purposes of this safe harbor as the
participation agreement, cooperative agreement, regulations, or model-
specific
[[Page 55731]]
addendum to an existing contract with CMS that: (i) Is currently in
effect, and (ii) specifies the terms of a CMS-sponsored model.
We propose to define a ``CMS-sponsored model participant'' as an
individual or entity that is subject to, and is operating under,
participation documentation with CMS to participate in a CMS-sponsored
model. We propose to define a ``CMS-sponsored model arrangement'' as a
financial arrangement between or among CMS-sponsored model parties to
engage in activities under the CMS-sponsored model and that is
consistent with, and is not a type of arrangement prohibited by, the
participation documentation. Finally, we propose to define a ``CMS-
sponsored model patient incentive'' as remuneration that is not of a
type prohibited by the participation documentation and is furnished
consistent with the CMS-sponsored model by a CMS-sponsored model
participant (or by an agent of the CMS-sponsored model participant
under the CMS-sponsored model participant's direction and control)
directly to a patient under the CMS-sponsored model.
We would expect CMS to notify CMS-sponsored model participants,
through participation documentation, or other public means as
determined by CMS, when CMS-sponsored model participants may use this
safe harbor under a CMS-sponsored model. For example, CMS may specify
the types of CMS-sponsored model patient incentives that a CMS-
sponsored model participant may provide under the CMS-sponsored model
within a CMS-sponsored model participation agreement. The CMS-sponsored
model participant also must satisfy certain programmatic requirements
imposed by CMS in connection with the use of this safe harbor. CMS also
may require CMS-sponsored model participants to disclose to CMS when
they use this safe harbor under a CMS-sponsored model as a condition of
participation in the CMS-sponsored model. If this safe harbor is
finalized and CMS determines that it be made available for a CMS-
sponsored model, the safe harbor would not be available to protect any
remuneration that does not satisfy program requirements as may be
imposed by CMS on CMS-sponsored model participants.
We solicit comments on these definitions. In particular, we solicit
comments regarding the scope of the definition of ``CMS-sponsored model
patient incentive,'' recognizing that a CMS-sponsored model participant
may not always know whether a particular patient is in a CMS-sponsored
model at any given point in time. We are considering for the final rule
and solicit comments on extending the definition of ``CMS-sponsored
model incentive'' to include patients beyond those under a CMS-
sponsored model or, in the alternative, defining ``CMS-sponsored model
patient'' such that a CMS-sponsored model participant could provide
incentives to any patient (or any beneficiary) that meets the other
conditions of the safe harbor.
As proposed, this safe harbor would provide CMS-sponsored model
parties an additional pathway to protection from sanctions under the
anti-kickback statute and the beneficiary inducements CMP. An
arrangement needs to meet the requirements of only one safe harbor to
ensure immunity from criminal and civil prosecution under the statute.
For example, CMS-sponsored model parties would be able to choose to
structure an arrangement to comply with the conditions of this proposed
safe harbor, the proposed value-based arrangements safe harbors
(paragraphs (ee), (ff), and (gg)), the patient engagement and support
safe harbor (paragraph (hh)), any other applicable existing safe
harbors or exceptions, or fraud and abuse waivers issued for the CMS-
sponsored model. However, to ensure protection, an arrangement must
meet all conditions of a particular safe harbor or waiver. We note that
depending on the facts and circumstances, an arrangement may comply
with fraud and abuse laws absent specific safe harbor or waiver
protection.
1. Proposed Conditions for CMS-Sponsored Model Arrangements and CMS-
Sponsored Model Patient Incentives
We are proposing below important safeguards to ensure that
arrangements protected by this proposed safe harbor operate as intended
by the CMS-sponsored models, and the CMS-sponsored models are not
undermined by arrangements that might lead to stinting on medically
necessary care or induce inappropriate utilization. These safeguards
are necessary to ensure that a CMS-sponsored model party's financial
arrangements and patient incentives are consistent with the quality,
care coordination, and cost-reduction goals of a CMS-sponsored model
and can be readily overseen by CMS and OIG.
As a threshold matter, CMS would determine whether the safe harbor
protection would be available for arrangements or patient incentives
under the particular CMS-sponsored model. CMS may limit participation
in a CMS-sponsored model to certain providers or entities (e.g.,
certain CMS-sponsored models may exclude pharmaceutical manufacturers
from participating in a CMS-sponsored model or participating in
arrangements under the CMS-sponsored model). CMS has discretion to
determine the scope of entities, arrangements, or incentives that may
be protected under this safe harbor on a model-by-model basis. Unlike
the proposed safe harbors at 42 CFR 1001.952(ee), (ff), (gg) and (hh),
which propose to exclude pharmaceutical manufacturers; manufacturers,
distributors, and suppliers of DMEPOS; and laboratories from
arrangements and tools and supports that would receive protection under
the safe harbors, this proposed safe harbor would not exclude any
entities from potential protection under the safe harbor. We do not
propose any such exclusions to allow: (i) The Innovation Center the
discretion to determine the scope of the models it wishes to test and
expand and (ii) CMS the discretion to determine how to implement the
Medicare Shared Savings Program. In addition, OIG notes that CMS-
sponsored models include programmatic rules, monitoring, and oversight
not present in value-based arrangements and the provision of patient
tools and supports outside of such models, which may mitigate some of
the fraud and abuse risks presented by the inclusion of pharmaceutical
manufacturers; manufacturers, distributors, and suppliers of DMEPOS;
and laboratories in such models.
a. Conditions for CMS-Sponsored Model Arrangements
Proposed paragraph (ii)(1) sets forth the terms for protection of
certain remuneration between or among CMS-sponsored model parties under
a CMS-sponsored model arrangement in a model for which CMS has
determined that the safe harbor is available.
We propose six conditions parties would need to meet to receive
safe harbor protection. The first condition would require that CMS-
sponsored model participants reasonably determine that the CMS-
sponsored model arrangement will advance one or more goals of the CMS-
sponsored model. We intend to interpret ``reasonably determine'' to
mean that the activities set forth in the written agreement are fairly
and verifiably anticipated to achieve at least one or more goals of the
CMS-sponsored model. For example, CMS-sponsored model parties may wish
to create an implementation protocol explaining the activities and
evidence-based processes or guidance relied upon to develop and
[[Page 55732]]
implement an arrangement that would advance a goal of a CMS-sponsored
model through the CMS-sponsored model arrangement.
The safe harbor would be flexible to permit parties to pursue a
wide array of activities under the CMS-sponsored model; however, the
arrangement must be consistent with the purposes of the CMS-sponsored
model. As stated above, CMS determines the scope of its models and what
is being tested. As we propose to reflect in the definition of ``CMS-
sponsored model arrangement,'' if an arrangement is a type of
arrangement prohibited by the participation documentation, then it does
not qualify as a CMS-sponsored model arrangement. If an arrangement
does not qualify as a CMS-sponsored model arrangement, then it would
not be protected by this safe harbor even if the CMS-sponsored model
parties determined that it would advance a purpose of the CMS-sponsored
model.
In the second proposed condition, we specify that the exchange of
value must not induce CMS-sponsored model parties or other providers or
suppliers to furnish medically unnecessary items or reduce or limit
medically necessary items or services furnished to CMS-sponsored model
patients. We believe that this is an important protection for patient
safety and quality of care, and it would be consistent with every CMS-
sponsored model.
In the third proposed condition, we are incorporating a key
safeguard that we have consistently utilized in our fraud and abuse
waivers to prohibit remuneration that is explicitly or implicitly
offered, paid, solicited, or received in return for, or to induce or
reward, any referrals or other business generated outside of the CMS-
sponsored model.
The fourth condition would require CMS-sponsored model parties, in
advance of, or contemporaneously with the commencement of, the CMS-
sponsored model arrangement, to set forth the terms of the CMS-
sponsored model arrangement in a signed writing.
The fifth condition would require parties to the CMS-sponsored
model arrangement to make available to the Secretary materials and
records sufficient to establish whether the remuneration was exchanged
between the parties in a manner that meets the conditions of this safe
harbor. We are not proposing particular parameters regarding
documentation, but rather specifying only that the writing must
describe the activities to be undertaken by the CMS-sponsored model
parties and the nature of the remuneration to be exchanged. Therefore,
parties under a CMS-sponsored model would have flexibility to determine
what type of documentation would best memorialize the arrangement such
that they could demonstrate safe harbor compliance to the Secretary or
OIG upon request. Nothing in this proposed condition would change or
alter any requirements related to documentation (or any other model
feature) imposed by CMS as part of its model.
Finally, we propose to include a condition requiring CMS-sponsored
model participants to satisfy such other programmatic requirements as
may be imposed by CMS in connection with the use of this safe harbor.
Because CMS has authority to test and design models, it can also create
programmatic requirements integral to testing and monitoring its model
design for CMS-sponsored model participants. We are proposing this
condition to ensure that parties comply with any additional
programmatic requirements as may be imposed by CMS related to the
arrangements for which they might seek safe harbor protection. We would
expect CMS to set forth these requirements within the CMS-sponsored
model's participation documentation or otherwise make such requirements
publicly available.
b. Conditions for CMS-Sponsored Model Patient Incentives
With respect to patient incentives, the proposed safe harbor would
apply to certain incentives offered by a CMS-sponsored model
participant or by an agent of the CMS-sponsored model participant under
the CMS-sponsored model participant's direction and control directly to
a patient receiving healthcare items and services under the CMS-
sponsored model that will advance one or more goals of the CMS-
sponsored model.
CMS would determine whether the safe harbor protection would be
available for the particular CMS-sponsored model. As stated above, CMS
has discretion to determine which entities may avail themselves of this
safe harbor or to determine the types of patient incentives CMS-
sponsored model parties may provide on a model-by-model basis. We would
expect CMS to notify CMS-sponsored model participants of the scope of
permissible patient incentives within its participation documentation
or to make such determination publicly available.
If CMS determines a type of incentive is prohibited, then it would
not qualify as a CMS-sponsored model patient incentive for purposes of
this proposed safe harbor.\50\ Similarly, some CMS-sponsored models
might have their own requirements for giving patient incentives, and
this proposed safe harbor would not obviate those programmatic
requirements. For example, in making incentive payments to an assigned
Medicare beneficiary under the ACO Beneficiary Incentive Program, ACOs
are expected to satisfy the programmatic requirements governing such
incentive payments at section 1899(m) of the Act and 42 CFR 425.304(c);
if this safe harbor is finalized and CMS determines that it be made
available for the ACO Beneficiary Incentive Program, the safe harbor
would not be available for any incentive payment that does not satisfy
such programmatic requirements.
---------------------------------------------------------------------------
\50\ Unlike the patient engagement and support safe harbor
proposed at 1001.952(hh), under the CMS-sponsored model patient
incentives safe harbor, CMS would determine the types of patient
incentives CMS-sponsored model parties may provide on a model-by-
model basis.
---------------------------------------------------------------------------
Depending on the goals set forth by CMS for the CMS-sponsored
model, we would expect a CMS-sponsored model participant would use this
safe harbor to provide its patients with free or below-fair-market-
value incentives that advance the goals of the CMS-sponsored model,
such as preventive care, adherence to a treatment regimen, or
management of a disease or condition. The proposed protection would
cover a broad range of incentives, such as, transportation, nutrition
support, home monitoring technology, and gift cards, as determined by
CMS through the CMS-sponsored model's design. Certain CMS-sponsored
models or future models might permit waivers of cost-sharing amounts
(for example, copayments and deductibles) or cash incentives to certain
patients to promote certain clinical goals of a CMS-sponsored model.
All of these patient incentives, when determined by CMS to be
appropriate for the CMS-sponsored model design and not prohibited by
the participation documentation, could fit within the proposed safe
harbor, provided that the arrangement otherwise complies with all safe
harbor conditions. We are proposing safeguards specific to the
protected patient incentives.
Under the proposed condition at paragraph (ii)(2)(i), the CMS-
sponsored model participant must reasonably determine that the patient
incentive the CMS-sponsored model participant furnishes to its patients
under the CMS-sponsored model will advance one or more goals of the
CMS-sponsored model. As stated above, we would expect CMS to notify
CMS-sponsored
[[Page 55733]]
model participants, through participation documentation, or other means
as determined by CMS, when CMS-sponsored model participants may use
this safe harbor under a CMS-sponsored model and the types of patient
incentives they may offer. CMS-sponsored model participants may look to
their participation documentation for potential descriptions or
guidance on patient incentives that would be consistent with the goals
of the CMS-sponsored model. For example, the participation
documentation might specify that any incentives furnished must be
preventive care items or services or must advance one or more clinical
goals for patients under the CMS-sponsored model by engaging him or her
in better managing his or her own health.
Under the second proposed condition, we propose to require that the
patient incentive have a direct connection to the patient's healthcare.
We believe this condition to be consistent with the design of all CMS
models and initiatives contemplated as part of this safe harbor. This
condition is consistent with requirements we have imposed previously
within our fraud and abuse waivers for a number of CMS-sponsored
models. For the same reasons described further in our discussion of the
proposed patient engagement and support safe harbor at proposed
paragraph 1001.952(hh), we propose that this requirement would warrant
a dual consideration: Whether a direct connection exists from a
healthcare perspective and whether a direct connection exists from a
financial perspective.
We are not proposing specific documentation under the third
condition for patient incentives offered by CMS-sponsored model
participants; however, CMS-sponsored model participants must maintain
documentation sufficient to establish whether the patient incentive was
distributed in a manner that meets the conditions of the safe harbor.
Under this proposed condition, CMS-sponsored model participants would
have flexibility to determine what type of documentation would best
establish whether the CMS-sponsored model patient incentive was
distributed appropriately.
Finally, as described above, if this safe harbor is finalized and
CMS determines that it would be available for a particular CMS-
sponsored model, the safe harbor would not protect remuneration that
does not satisfy such programmatic requirements as may be imposed by
CMS under the CMS-sponsored model in connection with the use of this
safe harbor.
c. Duration of Protection
Under our proposal, as reflected in the defined terms, the duration
of safe harbor protection aligns with the duration of the participation
documentation under a CMS-sponsored model. For example, the proposed
definition of ``CMS-sponsored model arrangement'' specifies that the
protected arrangement is to ``engage in activities under the CMS-
sponsored model.'' Similarly, the proposed definition of
``participation documentation'' specifies that it is ``currently in
effect.'' The CMS-sponsored models, and arrangements between parties
operating under CMS-sponsored models, have various terms, some of which
are described in a CMS-sponsored model's participation documentation.
In order to meet the conditions set forth in the proposed safe harbor,
the CMS-sponsored model arrangement or a CMS-sponsored model patient
incentive must begin and end while the parties are operating under an
existing CMS-sponsored model.
The safe harbor would protect arrangements during the period under
which a CMS-sponsored model participant participates in the CMS-
sponsored model but would not extend to protect remuneration exchanged
after participation in the CMS-sponsored model ends. In some cases,
certain activities associated with a CMS-sponsored model may extend
beyond the last performance period during which a CMS-sponsored model
participant provides services under the CMS-sponsored model. For
example, the participation documentation might provide for a certain
period of time after a termination date or after the end of the
performance period to conduct reconciliation or make final payment to
providers (e.g., a shared savings distribution). This safe harbor would
protect the last payment or exchange of value made by or received by a
CMS-sponsored model party following the final performance period that
the CMS-sponsored model participant that is a party to the arrangement
participates in the CMS-sponsored model. We are considering each of the
following options for 1001.952(ii) and may finalize one or a
combination of these options: (i) Terminating protection after the end
of the performance period or within a certain time period after the end
of a performance period; (ii) terminating protection upon termination
of the CMS-sponsored model participation documentation or within a
certain period of time after that; and (iii) until the last payment or
exchange of anything of value made by a CMS-sponsored model party under
a CMS-sponsored model occurs, even if the model has otherwise
terminated. We solicit comments on whether the final rule should allow
safe harbor protection for one or a combination of the above options.
Similarly, we solicit comments on whether under the final rule a
CMS-sponsored model participant should be able to continue to provide
the outstanding portion of any service to a patient if the service was
initiated before its participation documentation terminated or expired.
If we provide additional time under the final rule, we are interested
in including conditions to prevent gaming of the length of time
remuneration is provided after a CMS-sponsored model participant has
been terminated from a model (or the model has terminated) to protect
beneficiaries from improper inducements unrelated to a CMS-sponsored
model. We note that, under our proposal, patients would be able to
retain any incentives received prior to the termination or expiration
of the participation documentation.
H. Cybersecurity Technology and Related Services (1001.952(jj))
We propose a safe harbor to protect donations of certain
cybersecurity technology and related services with appropriate
safeguards. We believe this proposed safe harbor could help improve the
cybersecurity posture of the healthcare industry by removing a real or
perceived barrier that would allow parties to address the growing
threat of cyberattacks that infiltrate data systems and corrupt or
prevent access to health records and other information essential to the
delivery of healthcare.
In recent years we have received numerous comments and suggestions
urging the creation of a safe harbor to protect donations of
cybersecurity technology and services.\51\ The digitization of the
healthcare delivery system and related rules designed to increase
interoperability and data sharing in the delivery of healthcare create
numerous targets for cyberattacks. The healthcare industry and the
technology used to deliver healthcare have been described as an
interconnected ``ecosystem'' where the ``weakest link'' in the system
can compromise the entire system.\52\ Given
[[Page 55734]]
the prevalence of protected electronic health information and other
personally identifiable information stored within these systems, as
well as the processing and transmission of this information and other
critical information within a given provider's systems as well as
across the healthcare industry, the risks associated with cyberattacks
may be most immediate for the ``weak links'' but have implications for
the entire healthcare system.
---------------------------------------------------------------------------
\51\ See, e.g., OIG, Semiannual Report to Congress, Apr. 1,
2018-Sept. 30, 2018, at 84.
\52\ See, e.g., Health Care Industry Cybersecurity Task Force,
Report on Improving Cybersecurity in the Health Care Industry, June
2017 (HCIC Task Force Report), available at https://www.phe.gov/preparedness/planning/cybertf/documents/report2017.pdf.
---------------------------------------------------------------------------
In response to the OIG RFI, we received overwhelming support for a
cybersecurity technology donation safe harbor. Many commenters
highlighted the increasing prevalence of cyberattacks and other
threats. Commenters noted that cyberattacks pose a fundamental risk to
the healthcare ecosystem and that data breaches can result in patient
harm as well as high costs to the healthcare industry. Moreover,
disclosures of PHI through a data breach can result in identity fraud.
Relatedly, protecting Department data, systems, and beneficiaries
from cybersecurity threats, and otherwise securing the exchange and use
of health information technology and data, are challenges that OIG has
identified in the Department's annual Top Management and Performance
Challenges for the last decade.\53\
---------------------------------------------------------------------------
\53\ See, e.g., OIG, 2018 Top Management & Performance
Challenges Facing HHS, available at https://oig.hhs.gov/reports-and-publications/top-challenges/2018/.
---------------------------------------------------------------------------
The Health Care Industry Cybersecurity (HCIC) Task Force, created
by the Cybersecurity Information Sharing Act of 2015 (CISA),\54\ was
established in March 2016 and is comprised of government and private
sector experts. The HCIC Task Force produced its HCIC Task Force Report
in June 2017.\55\ The HCIC Task Force recommended, among other things,
that Congress ``evaluate an amendment to [the physician self-referral
law and the anti-kickback statute] specifically for cybersecurity
software that would allow healthcare organizations the ability to
assist physicians in the acquisition of this technology, through either
donation or subsidy'' and noted that the regulatory exception to the
physician self-referral law and the safe harbor for electronic health
records technology could serve as a template for a new statutory
exception.\56\
---------------------------------------------------------------------------
\54\ Public Law 114-113, 129 Stat. 2242.
\55\ HCIC Task Force Report, available at https://www.phe.gov/preparedness/planning/cybertf/documents/report2017.pdf.
\56\ Id. at 27.
---------------------------------------------------------------------------
However, in general, any donation of valuable technology or
services to physicians or other sources of Federal health care program
referrals can pose risks of fraud or abuse that may increase as the
value of the donated technology or services increases. In some
respects, the fraud and abuse risks posed by the donation of
cybersecurity technology or services to physicians or other healthcare
providers or suppliers are similar to the risks associated with the
provision of electronic health records technology because, like
electronic health records technology, cybersecurity technology is
inherently valuable to recipients in terms of actual cost, avoided
overhead, and administrative expenses. Additionally, the types of
cybersecurity technology and services are highly variable; their costs
and value also vary greatly. For example, cybersecurity technology or
services may consist only of anti-virus software for a single
workstation in a physician's office or it may include incident response
services for several primary and specialty group practices. Further,
adding robust cybersecurity technology and services may provide
recipients a valuable shield from liability for fines, ransom, and
litigation risk given the prevalence of cybersecurity threats to
healthcare providers and breaches involving protected health
information and electronic health records. Finally, responses to the
OIG RFI indicate that the cost, or value, of cybersecurity technology
and services has increased dramatically, to the point where some
providers and suppliers are unable to adequately invest in
cybersecurity measures.
We believe that this proposed safe harbor would (i) minimize the
risks inherent in any type of valuable remuneration between referral
sources and (ii) remove an actual or perceived barrier that will allow
the healthcare industry to take additional action to mitigate the risks
posed by cybersecurity threats. Specifically, we believe this proposed
safe harbor would promote increased security for interconnected and
interoperable healthcare information technology systems without
protecting arrangements that either serve as marketing platforms or
inappropriately influence clinical decision-making.
This proposed safe harbor would protect certain cybersecurity
donations. CMS is proposing a similar exception to the physician self-
referral law. We coordinated closely with CMS to ensure as much
consistency as possible between our proposed safe harbor and CMS's
proposed exception, despite the differences in the respective
underlying statutes. Because of the close nexus between this proposed
rule and CMS's proposed rule, we may consider and take additional
actions based on comments submitted in response to CMS's proposed rule
in addition to those submitted in response to this rulemaking, if
warranted.
We propose to protect nonmonetary remuneration in the form of
certain types of cybersecurity technology and services. Specifically,
as explained below, we propose to define ``cybersecurity'' to mean
``the process of protecting information by preventing, detecting, and
responding to cyberattacks.'' We propose to include within the scope of
covered technology, ``any software or other types of information
technology, other than hardware.'' In an effort to foster beneficial
cybersecurity donation arrangements without permitting arrangements
that negatively impact beneficiaries of Federal health care programs,
this safe harbor would impose a number of conditions on cybersecurity
donations, as set forth below. Most notably, the first proposed
condition of the safe harbor requires the donation to be necessary and
used predominantly to implement and maintain effective cybersecurity.
We also have included an alternative proposal for an additional,
optional condition to this proposed safe harbor. The optional condition
imposes an additional safeguard that parties can satisfy in exchange
for protecting certain cybersecurity hardware.
1. Definitions
We propose two definitions at 1001.952(jj)(6): ``cybersecurity''
and ``technology.'' These definitions are integral to understanding the
conditions of the safe harbor, so we first elaborate on the
definitions. For purposes of this safe harbor, we propose to define the
terms ``cybersecurity'' and ``technology'' as follows:
``Cybersecurity'' means the process of protecting
information by preventing, detecting, and responding to cyberattacks.
``Technology'' means any software or other types of
information technology, other than hardware.
This proposed definition of ``cybersecurity'' is derived from the
National Institute for Standards and Technology (NIST) ``Framework for
[[Page 55735]]
Improving Critical Infrastructure.'' \57\ We intend for the definition
to be broad and propose to rely on a definition in a NIST framework
that does not apply directly to the healthcare industry but applies
generally to any United States critical infrastructure. Our goal is to
broadly define cybersecurity and avoid unintentionally limiting
donations by relying on a narrow definition or a definition that might
become obsolete over time. We solicit comment on this approach and
whether a definition tailored to the healthcare industry would be more
appropriate.
---------------------------------------------------------------------------
\57\ Appendix B, Version 1.1 (Apr. 16, 2018) available at
https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf.
---------------------------------------------------------------------------
Similarly, the proposed definition of ``technology'' is broad, but
for the exclusion of hardware. The intent of the safe harbor is to be
agnostic to specific types of non-hardware cybersecurity technology. We
intend for this safe harbor to be broad enough to include cybersecurity
software and other information technology (e.g., an Application
Programming Interface (API), which is neither software nor a service as
those terms are generally used) that is available now and technology
that may become available as the industry continues to develop.
The proposed definition of ``technology'' excludes hardware under
this new safe harbor. While we recognize that effective cybersecurity
may require hardware that meets certain standards (e.g., encrypted
endpoints, updated servers), we remain concerned that donations of
valuable, multifunctional hardware pose a higher risk of constituting a
disguised payment for referrals. Consistent with the proposed condition
at 1001.952(jj)(1), we believe that donations with multiple uses
outside of cybersecurity present a greater risk that the donation is
being made to influence referrals. Hardware is most likely to be
multifunctional and, as a result, would not be necessary and used
predominantly to implement and maintain effective cybersecurity. For
example, the safe harbor would not protect a laptop computer or tablet
used in the general course by a physician to enter patient visit
information into an electronic health record and respond to emails.
However, it would protect encryption software for a laptop. This also
is consistent with a similar exclusion of hardware in the electronic
health record donation safe harbor at 1001.952(y), which identifies a
similar rationale for excluding hardware from protection.\58\ We
solicit comments on this approach.
---------------------------------------------------------------------------
\58\ 71 FR 45110, 45120 (Aug. 8, 2006).
---------------------------------------------------------------------------
As we describe below, however, we are not proposing a requirement
for recipients to contribute a portion of the donor's costs. Consistent
with the HCIC Task Force Report, we recognize that many providers do
not have adequate resources to significantly invest in the
cybersecurity items and services protected by this proposed safe
harbor. Consequently, we believe that omitting a contribution
requirement may allow providers with limited resources to receive
protected cybersecurity donations while also using their own resources
to invest in other technology not protected by the safe harbor, such as
updating legacy hardware that may pose a cybersecurity risk, or simply
investing in their own computers, phones, and other hardware that are
core to their businesses, notwithstanding their relationship with a
donor who contributes cybersecurity technology. We solicit comments on
excluding donations of hardware from this safe harbor and the omission
of a contribution requirement, and in particular, any specific
cybersecurity risks or limitations that would result from such
exclusion and omission.
We are considering for the final rule adding limited protection for
specific hardware that is necessary for cybersecurity, is stand-alone
(i.e., is not integrated within multifunctional equipment), and serves
only cybersecurity purposes (e.g., a two-factor authentication dongle),
and solicit comments on what types of hardware might qualify and
whether we should protect them under this safe harbor.
Finally, we note that this proposed safe harbor only protects
cybersecurity technology and services as defined. It does not extend to
other types of cybersecurity measures outside of technology or
services. For example, this safe harbor would not protect donations of
installation, improvement, or repair of infrastructure related to
physical safeguards, even if they could improve cybersecurity (e.g.,
upgraded wiring or installing high security doors). Donations of
infrastructure upgrades are extremely valuable and have multiple
benefits in addition to cybersecurity, together which pose an increased
risk that one purpose of the donation is to pay for or influence
referrals.
2. Conditions on Donation and Protected Donors
To be protected non-monetary remuneration, donations of
cybersecurity technology and services must meet five conditions in
1001.952(jj)(1)-(5). The first two conditions relate to the purpose of
the donation and prohibit donors taking into account the volume or
value of referrals or other business generated.
First, at 1001.952(jj)(1), we propose to limit safe harbor
protection to donated technology and services that are necessary and
used predominantly to implement and maintain effective cybersecurity.
The goal of this condition is to ensure that donations are being made
for the purposes of addressing legitimate cybersecurity needs of donors
and recipients. Explained differently, the core function of the donated
technology or service must be to protect information by preventing,
detecting, and responding to cyberattacks. Our intent is to protect a
wide range of technology and services that are specifically donated for
the purpose of, and are necessary for, ensuring that donors and
recipients have effective cybersecurity.
As stated previously, our intent is to be technology agnostic,
including as to the types and versions of software that can receive
protection. By way of example, the types of technology protected by
this safe harbor may include, but are not limited to, software that
provides malware prevention, software security measures to protect
endpoints that allow for network access control, business continuity
software that mitigates the effect of cyberattacks, data protection and
encryption, and email traffic filtering. We believe these examples are
indicative of the types of technology that are necessary and used
predominantly for effective cybersecurity. We also do not distinguish
between cloud-based software or software that must be installed
locally. We solicit comments on the proposed breadth of protected
technology as well as whether we should expressly include other
technology or categories of technology in this safe harbor.
Similarly, we propose to protect a broad range of services. Such
services could include, for example:
Any services associated with developing, installing, and
updating cybersecurity software;
any kind of cybersecurity training services, such as
training recipients on how to use the cybersecurity technology, how to
prevent, detect, and respond to cyber threats, and how to troubleshoot
problems with the cybersecurity technology (e.g., ``help desk''
services specific to cybersecurity);
any kind of cybersecurity services for business continuity
and data recovery services to ensure the recipient's operations can
continue during and after a cyberattack;
any kind of ``cybersecurity as a service'' model that
relies on a third-
[[Page 55736]]
party service provider to manage, monitor, or operate cybersecurity of
a recipient;
any services associated with performing a cybersecurity
risk assessment or analysis, vulnerability analysis, or penetration
test; or
any services associated with sharing information about
known cyber threats, and assisting recipients responding to threats or
attacks on their systems.
We believe these types of services are indicative of the types of
services that are necessary and used predominantly for effective
cybersecurity. We solicit comments on the proposed breadth of protected
services as well as whether we should expressly include other services
or categories of services in this safe harbor. We note, in addition,
that the donation of services must be non-monetary. For example,
donating the time of a consultant to implement a cybersecurity program
could be protected, but if an entity were to experience a cyberattack
that involved ransomware, payment of the ransom amount on behalf of a
recipient or paying the recipient the ransom amount would not be
protected.
We do not intend to protect donations of technology or services
that have multiple, general uses outside of cybersecurity. As explained
in our discussion of the definition of ``hardware'' above, we remain
concerned that donations of valuable multi-use technology or services
pose a higher risk of constituting a disguised payment for, or
otherwise influencing, referrals. Similarly, we do not intend to
protect donations of technology or services that are otherwise used in
the normal course of the recipient's business (e.g., general help desk
services related to use of a practice's information technology). We
solicit comment on this approach and whether this proposed condition
unintentionally limits the donation of cybersecurity technology and
services that are vital to improving the cybersecurity posture of the
healthcare industry.
For the purposes of meeting the proposed condition at
1001.952(jj)(1), we are considering for the final rule, and seek
comment on, whether to add a deeming provision that would allow donors
or recipients to demonstrate that donations are necessary and
predominantly used to implement and maintain effective cybersecurity.
This deeming provision would allow donors and recipients to demonstrate
that the donation furthers a recipient's ability to comply with a
written cybersecurity program that reasonably conforms to a widely
recognized cybersecurity framework or set of standards, such as one
developed or endorsed by NIST, another American National Standards
Institute-accredited standards body, or an international voluntary
standards body such as the International Organization for
Standardization. Any such provision would not require compliance with a
particular framework or set of standards, but rather would provide an
option for donors to demonstrate that the donation is necessary and
predominantly used to implement and maintain effective cybersecurity.
We believe such a provision may provide some assurance to donors and
recipients about how to demonstrate that donations are necessary and
predominantly used to implement and maintain effective cybersecurity.
If we were to finalize this deeming provision, we would add a sentence
to 1001.952(jj)(1) that would deem a donation to meet this condition if
the parties demonstrate that the donation furthers a recipient's
ability to comply with a written cybersecurity program that reasonably
conforms to a widely recognized cybersecurity framework or set of
standards. We solicit comments on incorporating this proposed deeming
provision in 1001.952(jj)(1).
Regarding this proposed deeming provision, we also solicit comments
on how donors and recipients could practically demonstrate that a
donation furthers a recipient's ability to comply with a written
cybersecurity program that reasonably conforms to a widely recognized
cybersecurity framework or set of standards. We are not proposing to
condition protection on demonstrating compliance with a specific
framework or set of standards, but we seek to provide a practical
method that allows parties to demonstrate that a donation meets the
potential deeming provision we are considering for 1001.952(jj)(1).
Understanding that our intent is not to incorporate a specific
framework or set of standards, we seek comments on whether there are
other ways that parties could reliably demonstrate that a donation
meets the potential cybersecurity deeming provision in 1001.952(jj)(1).
For instance, we are interested in comments regarding whether parties
could demonstrate that a donation meets the cybersecurity deeming
provision through documentation, certifications, or other methods not
prescribed by regulation.
Second, at 1001.952(jj)(2), we propose to require that donors do
not directly take into account the volume or value of referrals or
other business between the parties when determining the eligibility of
a potential recipient for the technology or services, or the amount or
nature of the technology or services to be donated. In addition, we
propose that donors do not condition the donation of technology or
services, or the amount or nature of the technology or services to be
donated, on future referrals. In other words, we propose that a donor
cannot require, explicitly or implicitly, that a recipient either refer
to the donor or recommend the donor's business as a condition of
receiving a cybersecurity donation. We understand that the purpose of
donating cybersecurity technology and services is to guard against
threats that come from interconnected systems, and we understand and
expect that a donor would provide the cybersecurity technology and
services only to individuals and entities that connect to its systems,
which includes those that refer to it (or that receive referrals from
it). However, this condition would restrict a donor from conditioning
the donation on referrals or other business generated.\59\
---------------------------------------------------------------------------
\59\ We note that, if a system is only as strong as its weakest
link, then even a very low-referring entity poses a cybersecurity
risk.
---------------------------------------------------------------------------
This proposed condition would not require a donor to donate
cybersecurity technology and services to every individual or entity
that connects to its system. Donors would be able to use selective
criteria for choosing recipients, provided that neither a recipient's
eligibility, nor the amount or nature of the cybersecurity technology
or services donated, is determined in a manner that directly takes into
account the volume or value of referrals or other business generated
between the parties. For example, a donor could perform a risk
assessment of a potential recipient (or require a potential recipient
to provide the donor with a risk assessment) before determining whether
to make a donation, or the scope of a donation. Similarly, for example,
if a donor is a hospital, the hospital might choose to limit donations
to physicians who are on the hospital's medical staff. Additionally,
selective criteria might be based on the type of connection between a
donor and recipient, such as a simple read-only connection to a
properly implemented, standards-based API that enables only the secure
transmission of a copy of the patient's record at the patient's request
to the recipient. That type of connection poses less risk to a donor's
systems than a connection that allows for information to be written
directly into the donor's systems. Thus, a donor contemplating allowing
a higher-risk connection (such as a bi-directional read-write
[[Page 55737]]
connection) to a potential recipient's systems could develop selective
criteria based on that difference in risk of the connection. We solicit
comments on this condition.
We have declined to propose a list of selection criteria which, if
met, would be deemed not to directly take into account the volume or
value of referrals or other business generated between the parties, as
we did in the electronic health records safe harbor at 1001.952(y)(5).
We do not believe donations of cybersecurity technology and services
present the same types of risks as donations of electronic health
records software and information technology. Primarily, cybersecurity
donations are further removed from the volume and value of referrals
than electronic health record donations. Cybersecurity donations, if
legitimate, are more likely to be based on considerations such as
security risks and are less likely to be based on considerations that
are closely related to the volume and value of referrals or other
business generated (e.g., the total number of prescriptions written by
the recipient). Therefore, we do not believe that cybersecurity
donations need a similar list of selection criteria to ensure that
parties can meet the volume or value condition at 1001.952(jj)(2).
Nonetheless, we are considering whether to add such a list in the
final rule and whether the list should be based on the permitted
conduct at 1001.952(y)(5)(i)-(vii). We solicit comments on this
approach and any other conditions or permitted conduct we should
enumerate in this safe harbor, with respect to determinations related
to cybersecurity donations.
Related to these two conditions, we do not propose to restrict the
types of individuals and entities that may donate cybersecurity
donations under this safe harbor. Although donating cybersecurity
technology and services would relieve a recipient of a cost that it
otherwise would incur, the fraud and abuse risks associated with
cybersecurity are different than donations of other valuable
technology, such as electronic health records items and services. We
generally view donating cybersecurity technology and services to be a
self-protective measure because a cybersecurity breach in the donor's
system can have a devastating impact on the donor and anyone who
maintains a connection to the donor's systems. Meanwhile, electronic
health record donations facilitate the exchange of clinical information
between the recipient referral source and the donor and, thus, present
a greater risk that one purpose of the donation is for the donor to
secure additional referrals from the recipient or otherwise influence
referrals or other business generated.
We are concerned that technology donations risk referral sources
becoming beholden to the donors, and therefore we are considering
narrowing the scope of protected donors as we have done in other safe
harbors. We solicit comments on whether particular types of individuals
and entities should be excluded from donating cybersecurity technology
and services, and if so, why. Specifically, in past rulemakings we have
distinguished between individuals and entities with direct and primary
patient care relationships that have a central role in the healthcare
delivery infrastructure such as hospitals and physician practices, and
providers and suppliers of ancillary services such as pharmaceutical,
device, and DMEPOS manufacturers, and other manufacturers or vendors
that indirectly furnish items and services used in the care of
patients.\60\ We seek comments as to whether our historical enforcement
concerns and other considerations regarding direct and indirect patient
care are present for purposes of cybersecurity donations.
---------------------------------------------------------------------------
\60\ See OIG, Final Rule: Safe Harbors for Certain Electronic
Prescribing and Electronic Health Records Arrangements Under the
Anti-Kickback Statute, 71 FR 45110, 45128 (Aug. 8, 2006) (excluding
pharmaceutical, device, DMEPOS manufacturers, or other entities that
indirectly furnish items and services used in the care of patients
both because ``[our] enforcement experience demonstrates that
unscrupulous manufacturers have offered remuneration in the form of
free goods and services to induce referrals of their products'' and
because they lack ``a direct and central patient care role that
justifies safe harbor protection for the provision of electronic
health records technology'').
---------------------------------------------------------------------------
3. Conditions for Recipients
In proposed 1001.952(jj)(3), similar to the condition at (jj)(2) on
donors discussed previously, this proposed condition would require that
neither a potential recipient, nor a potential recipient's practice (or
any affiliated individual or entity), can demand, explicitly or
implicitly, a donation of cybersecurity technology and services as a
condition of doing business or continuing to do business with the
donor.
We do not propose a recipient contribution requirement as part of
this safe harbor. As we explain above, with this proposed safe harbor
we seek to remove a barrier to donations that improve cybersecurity
throughout the healthcare industry in response to the critical
cybersecurity issues identified in the HCIC Task Force Report and
elsewhere. We propose to include only those conditions for safe harbor
protection that we believe are critical to guarding against fraud and
abuse. In the case of cybersecurity, we do not believe a specified
recipient contribution to the cost is necessary or practical. We
recognize that the level of services for each recipient might vary, and
might be higher or lower each year, each month, or even each week.
Similarly, donors may aggregate the cost of certain services across all
recipients, such as cybersecurity patches and updates, on a regular
basis, which may result in a contribution requirement becoming a
barrier to widespread, low-cost improvements in cybersecurity because
of the practical challenges in collecting a contribution from
recipients. For instance, attempting to quantify the value of a
frequent cybersecurity scans included in a vendor's suite of services
as part of a cybersecurity donation, across dozens of recipient
practices, and determining the pro rata share each practice must
contribute based on the size of the practice as well as the relative
size of the donation made to each practice, might become unworkable for
many donors.
Importantly, we note that our proposal to omit a contribution
requirement as a condition of the safe harbor does not prohibit donors
from requiring a contribution. Donors are free to require recipients to
contribute to the cost, so long as the determination of a contribution
requirement does not take into account the volume or value of referrals
between the parties. For example, if a donor gave a full suite of
cybersecurity technology and services for free to a high-referring
practice but required a low-referring practice to contribute 20 percent
of the cost, then the donor could violate the conditions at proposed
paragraphs (jj)(2)(i) and (ii). In addition, we do not intend for this
safe harbor to require that donations be solely between two parties.
For example, two hospitals and a large multi-specialty physician
practice might agree to jointly subsidize cybersecurity technology and
services for smaller physician practices in their area.
We do not propose to impose restrictions on the type of individual
or entity that can receive donations of cybersecurity technology or
related services. We note that, because we do not propose to restrict
the scope of protected recipients under this safe harbor, we believe
patients would be included as protected recipients. Donations to
patients, just like other recipients, would only be protected if they
precisely met all conditions of the safe harbor. As discussed
previously, donations of multifunctional technology or services would
not be protected
[[Page 55738]]
because all cybersecurity donations must be necessary and used
predominately to implement and maintain effective cybersecurity.
We anticipate that donations to patients would be more limited than
donations to healthcare providers and suppliers (e.g., anti-malware
tools). However, we solicit comments on what types of cybersecurity
technology or services a donor might anticipate giving to a patient,
whether we would need additional or different safeguards when a patient
is the recipient, and whether patients should be protected recipients
at all under the safe harbor. More specifically, we solicit comments on
whether we should include additional conditions for donations of
cybersecurity technology services to patient recipients that are
similar to the beneficiary inducements CMP's exceptions under 42 CFR
1003.110. For example, we are considering whether cybersecurity
technology or service donations to patients should not be offered as
part of any advertisement or solicitation or not be tied to the
provision of other items or services reimbursed in whole or in part by
the Medicare program under Title VIII or a State health care program
(as defined in section 1128(h) of the Act).
4. Written Agreement
At 1001.952(jj)(4), we propose to require that the donor and
recipient enter into a signed, written agreement. While we do not
interpret this condition to require every item of cybersecurity
technology and every potential service to be specified in the
agreement, we propose that the written agreement must include a general
description of the cybersecurity technology and services to be provided
over the term of the agreement and a reasonable estimate of the value
of the donation. In addition, to the extent the parties share any
financial responsibility for the cost of the cybersecurity technology
and services, those financial terms, including the amount of the
contribution, must be memorialized in the written agreement. We solicit
comments on the conditions proposed here, as well as whether additional
or different terms should be required in a written agreement.
5. Prohibition on Cost Shifting
At 1001.952(jj)(5), we propose to prohibit donors from shifting the
costs of any cybersecurity donations to Federal health care programs.
For example, under this proposed condition, while a hospital's own
cybersecurity costs could be an administrative expense on its cost
report, donations of cybersecurity technology or services to other
individuals or entities could not be included as an administrative
expense on the hospital's cost report.
6. Alternative Proposed Condition for Protection of Cybersecurity
Hardware
We also propose and solicit comments on an alternative approach
that would add an additional, optional safeguard to the proposed
cybersecurity safe harbor. This alternative approach would protect
cybersecurity hardware donations if the parties choose to meet an
additional condition, along with the other five conditions proposed at
1001.952(jj)(1)-(5). Under this alternative proposal, a protected
donation could also include cybersecurity hardware that a donor has
determined is reasonably necessary based on a risk assessment of its
own organization and that of the potential recipient.
The goal of this alternate proposal is to provide donors and
recipients more flexibility regarding the types of cybersecurity
donations that are protected, while also adding an additional safeguard
to further ensure that the donation is necessary and used predominantly
to implement and maintain effective cybersecurity.
We believe this alternative proposal builds on existing legal
requirements and best practices related to information security
generally and the healthcare industry more specifically. For example,
the HHS Office for Civil Rights explained that conducting a risk
analysis is the first step in identifying and implementing safeguards
that comply with and carry out the standards and implementation
specifications in the HIPAA Security Rule.\61\ More generally, NIST
Special Publication 800-30, which does not directly apply to the
healthcare industry, but represents industry standards for information
security practices, explains that the purpose of a risk assessment is
to inform decision makers and support risk responses by identifying:
(i) Relevant threats to organizations or threats directed through
organizations against other organizations; (ii) vulnerabilities both
internal and external to organizations; (iii) impact (i.e., harm) to
organizations that may occur given the potential for threats exploiting
vulnerabilities; and (iv) likelihood that harm will occur. The end
result is a determination of risk, which is typically a function of the
degree of harm and likelihood of harm occurring.\62\
---------------------------------------------------------------------------
\61\ HIPAA for Professionals, Guidance on Risk Analysis (Mar.
2017), available at https://www.hhs.gov/hipaa/for-professionals/security/guidance/guidance-risk-analysis/index.html.
\62\ NIST Special Publication 800-30 Revision 1, Guide for
Conducting Risk Assessments (Sept. 2012), available at https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-30r1.pdf.
---------------------------------------------------------------------------
Risk assessments are a key component to developing effective
organization-wide risk management for information security. We believe
that risk assessments conducted consistent with industry standards
would provide a reasonable basis for donors to identify risks and
threats to their organizational information security that need to be
mitigated by donating cybersecurity hardware to other entities.
Additionally, donations that are made in response to risk assessments
are likely to meet the purpose of this safe harbor that donations are
necessary and used predominantly to implement and maintain effective
cybersecurity. Under this proposal, a donor would perform or have an
existing risk assessment for its own organization, and would require a
potential recipient to have, perform, or obtain a risk assessment, that
would provide a reasonable basis to determine that the donated
cybersecurity hardware is needed to address a risk or threat identified
by a risk assessment.
Consistent with the HCIC Task Force Report and comments we received
in response to the OIG RFI, we recognize that ``[m]any organizations
cannot afford to retain in-house information security personnel, or
designate an information technology (IT) staff member with
cybersecurity as a collateral duty.'' Understanding that resource
constraint, one goal of this safe harbor is to increase the avenues
available for all healthcare organizations to improve their
cybersecurity practices. We believe protecting a cybersecurity hardware
donation based on the risk assessment of a recipient would further the
goal of increasing the avenues available to improve cybersecurity for
all healthcare entities, regardless of their available resources.
We recognize that a potential recipient with limited resources and
cybersecurity experience may not be able to conduct or pay for its own
risk assessment. As noted above, one cybersecurity service that would
be a protected donation under the proposed safe harbor is a risk
assessment. Under the alternative proposal, donors could then make
additional cybersecurity hardware donations that are reasonably based
on the risk assessments of the donor and recipients.
We recognize that risk assessment practices vary across the
healthcare industry and may be depend on the size
[[Page 55739]]
and sophistication of any provider or entity. We solicit comments on
this alternative proposal to understand whether entities that are
potential donors or recipients already conduct risk assessments that
would provide a reasonable basis to determine that a cybersecurity
hardware donation is reasonable and necessary. We would propose to
define ``risk assessment'' based on NIST Special Publication 800-30 and
solicit comment on whether that definition is sufficient for this
cybersecurity donation safe harbor. Additionally, we solicit comments
on whether this proposal should incorporate specific standards or
requirements, such as NIST Special Publication 800-30.
We are considering for the final rule, and seek comment on, adding
safeguards to this alternate proposal. For instance, we are considering
limiting the additional cybersecurity hardware permitted under the
alternative proposal to certain kinds of hardware. We are interested in
comments, particularly from providers, that explain what types of
hardware would be necessary for effective cybersecurity under this
alternate proposal. We note that because this alternate proposal builds
upon the proposed conditions at proposed 1001.952(jj)(1)-(5),
multifunctional hardware still would be prohibited because it would not
be necessary and predominantly used to implement and maintain effective
cybersecurity, as required under proposed 1001.952(jj)(1). If the
donation includes hardware, we are also considering requiring a
contribution from the recipient, similar to the electronic health
records safe harbor at 1001.952(y)(11), and we are considering
requiring the contribution amount to be 15 percent. We are interested
in comments on this approach, and whether we should consider other
contribution amounts instead, such as 5 percent, or 20 or 30 percent.
If we add this contribution requirement, we are considering
excepting small and rural practices, and we are interested in comments
on this approach. Relatedly, we solicit comments on how ``small or
rural practices'' should be defined. For example, we solicit comments
on whether ``rural practices'' should be defined as those located in
rural areas, as defined in the safe harbor for local transportation at
42 CFR 1001.952(bb). We also solicit comments on whether ``small
practices'' should be defined as those in medically underserved areas,
as designated by the Secretary under section 330(b)(3) of the Public
Health Service Act, or defined similarly to a ``small provider of
services or small supplier'' as set forth in the requirements related
to the electronic submission of Medicare claims at 42 CFR 424.32. We
also are considering for the final rule and solicit comments on whether
other subsets of potential recipients, for example critical access
hospitals, should be exempted from the 15-percent contribution
requirement because it would impose a significant financial burden on
the recipient. Additionally, if a contribution requirement is included
in the final rule, we are considering exempting contributions for the
upgrades, updates, or patches of remuneration that was previously
donated. Based on our experience with the electronic health records
arrangements safe harbor, we recognize the practical challenges in
collecting contributions from recipients for minor upgrades, updates,
and patches that are necessary to keep the donated technology compliant
with new security policies.
If we were to finalize this alternate proposal, we would modify the
proposed safe harbor by adding new conditions and a definition in the
safe harbor. Primarily, we would add a new condition that would require
a donor to perform or have an existing risk assessment for its own
organization, and require a potential recipient to have, perform, or
obtain a risk assessment, that provides a reasonable basis to determine
that the donated cybersecurity hardware is needed to address a risk or
threat identified by the donor's and recipient's risk assessments. We
also would add definitions of hardware and risk assessment in proposed
1001.952(jj)(6).
7. Solicitation of Comments
The goal of the proposed safe harbor is to help improve the
cybersecurity posture of the healthcare industry by removing a real or
perceived barrier. To achieve this goal, we must appropriately balance
the risk of cybersecurity threats against risks associated with
permitting parties to donate valuable technology and services. In doing
so, we recognize that cyberattacks are ubiquitous, dynamic, potentially
funded by nation-states or well-funded criminal enterprises, and can
have consequences to beneficiary health, safety, and privacy that are
difficult to mitigate. To help improve the cybersecurity hygiene of the
healthcare industry without comprising program integrity, it is
important that we strike the right balance.
We drafted the proposed safe harbor with this aim in mind, but we
recognize that appropriately balancing these risks is a difficult task.
We solicit comment on whether the proposed safe harbor establishes the
right balance and if not, request comments that recommend specific
changes to do so. Commenters should consider the safe harbor in its
entirety, including the proposed conditions, optional deeming
provision, alternate condition, and definitions when commenting on this
issue. We are especially interested in comments from healthcare
providers because they both bear the cybersecurity risks and likely
have relevant compliance experience with other safe harbors.
To facilitate specific comments on this issue, we ask the following
questions: Does the proposed condition at 1001.952(jj)(1) permit the
donation of the right types of cybersecurity technology and services
that could meaningfully improve the cybersecurity posture of the
healthcare industry while also ensuring that the donated technology and
services do not pose undue risk of improperly influencing referrals? If
not, what other standard or limitation would be appropriate to strike
the right balance between cybersecurity risks and program integrity
risks? Does excluding hardware from the definition of ``technology''
further our aim of balancing cybersecurity risks with the program
integrity risks? If not, what other conditions should we impose to
limit the value of remuneration protected by the proposed safe harbor,
so it does not improperly influence referrals? For example, should the
safe harbor impose a monetary value limit on the total amount of
donations that a donor can make to a recipient or should the safe
harbor require the recipient to contribute to the costs of a donation
once the value has exceeded certain monetary thresholds?
I. Electronic Health Records (1001.952(y))
On August 8, 2006, we published a final rule (the 2006 Final EHR
Safe Harbor Rule) that, among other things, finalized a safe harbor
(the EHR safe harbor) at 42 CFR 1001.952(y) protecting certain
arrangements involving the donation of interoperable electronic health
records software or information technology and training services. The
EHR safe harbor was initially scheduled to sunset on December 31, 2013.
On December 27, 2013, we published a final rule (the 2013 Final EHR
Safe Harbor Rule) modifying the EHR safe harbor by, among other things,
extending the expiration date of the safe harbor to December 31, 2021;
excluding laboratory companies from the types of entities that may
donate electronic
[[Page 55740]]
health records items and services under the safe harbor; and updating
the provision under which electronic health records software is deemed
interoperable.
The present proposed rule sets forth certain proposed changes to
the EHR safe harbor. CMS is proposing almost identical changes to the
physician self-referral law electronic health records exception
elsewhere in this issue of the Federal Register. We attempted to ensure
as much consistency as possible between our proposed safe harbor
changes and CMS's proposed exception changes, despite the differences
in the respective underlying statutes. Because of the close nexus
between this proposed rule and CMS's proposed rule, we may consider
comments submitted in response to CMS's proposed rule and take
additional actions when crafting our final rule.
1. Interoperability
The conditions at 1001.952(y)(2) and (y)(3) require donated items
and services to be interoperable and prohibit the donor (or someone
acting on the donor's behalf) from taking action to limit the
interoperability of the donated item or service. We are proposing
changes that impact 42 CFR 1001.952(y)(2) and (3) based on the 21st
Century Cures Act (Cures Act) and the Office of the National
Coordinator for Health Information Technology (ONC), HHS Notice of
Proposed Rulemaking ``21st Century Cures Act: Interoperability,
Information Blocking, and the ONC Health IT Certification Program''
(ONC NPRM) that proposes to implement key provisions in Title IV of the
Cures Act.\63\ Among other things, the ONC NPRM proposes conditions and
maintenance of certification requirements for health information
technology (health IT) developers under the ONC Health IT Certification
Program (certification program) and reasonable and necessary activities
that do not constitute information blocking for purposes of section
3022(a)(1) of the Public Health Service Act (PHSA). These proposed
changes, if finalized, affect the EHR safe harbor conditions at
1001.952(y)(2), which is known as the ``deeming provision,'' and
1001.952(y)(3) related to interoperability and ``data lock-in.''
---------------------------------------------------------------------------
\63\ 84 FR 7424 (Mar. 4, 2019).
---------------------------------------------------------------------------
2. Deeming
The deeming provision provides certainty to parties seeking
protection of the EHR safe harbor by providing an optional method of
ensuring that donated items or services meet the interoperable
condition in 1001.952(y)(2) by deeming software to be interoperable if
it is certified under the certification program. In the 2013 Final EHR
Safe Harbor Rule we modified the deeming provision to reflect
developments in the certification program and track ONC's anticipated
regulatory cycle. By relying on the certification program and related
updates of criteria and standards, we stated that the deeming provision
would meet ``our objective of ensuring that software is certified to
the current required standard of interoperability when it is donated.''
\64\ We propose to retain this general construct for the updated safe
harbor. However, we propose two textual clarifications to this
provision. Current language specifies that the software is ``deemed to
be interoperable if, on the date it is provided to the recipient, it
has been certified by a certifying body . . . .'' We propose to modify
this language to clarify that, on the date the software is provided, it
``is'' certified. In other words, the certification must be current as
of the date of the donation, as opposed to the software having been
certified at some point in the past but no longer maintaining
certification on the date of the donation. We also propose to remove
reference to ``editions'' of certification criteria to align with
proposed changes to the certification program. We solicit comments on
these clarifications.
---------------------------------------------------------------------------
\64\ 78 FR 79201, 79204 (Dec. 27, 2013).
---------------------------------------------------------------------------
As we describe in more detail below, however, we are updating the
definition of ``interoperable.'' Although this revised definition would
not require a textual change to this paragraph (y)(2), the revision
would impact the deeming provision, and we solicit comments regarding
this update.
3. Information Blocking
The current condition at 1001.952(y)(3) prohibits the donor (or any
person on the donor's behalf) from taking any action to limit or
restrict the use, compatibility, or interoperability of the items or
services with other electronic prescribing or electronic health records
systems (including, but not limited to, health information technology
applications, products, or services). As explained in the 2006 Final
EHR Safe Harbor Rule and reaffirmed in the 2013 Final EHR Safe Harbor
Rule, 1001.952(y)(3) has been designed to: (i) Prevent the misuse of
the safe harbor that results in data and referral lock-in and (ii)
encourage the free exchange of data (in accordance with protections for
privacy).\65\ Since that time, significant legislative, regulatory,
policy, and other Federal Government action defined this problem
further (now commonly referred to as ``information blocking'') and
established penalties for certain types of individuals and entities
that engage in information blocking. Most notably, the 21st Century
Cures Act added section 3022 of the PHSA, known as ``the information
blocking provision,'' which defines conduct by healthcare providers,
health IT developers of certified health IT, exchanges, and networks
that constitutes information blocking. Section 3022(a)(1) of the PHSA
defines ``information blocking'' in broad terms, while section
3022(a)(3) authorizes and charges the Secretary to identify reasonable
and necessary activities that do not constitute information blocking.
The ONC NPRM would implement the statutory definition of ``information
blocking,'' define certain terms related to the statutory definition of
``information blocking,'' and proposes seven exceptions to the
information blocking definition.\66\
---------------------------------------------------------------------------
\65\ 78 FR 79213 (Dec. 27, 2013).
\66\ 84 FR at 7602-05.
---------------------------------------------------------------------------
We propose modifications to 1001.952(y)(3) to recognize these
significant updates since the 2013 Final EHR Safe Harbor Rule.
Specifically, we propose aligning the condition at 1001.952(y)(3) with
the proposed information blocking definition and related exceptions in
45 CFR part 171. We note that the EHR safe harbor conditions, while not
using the term ``information blocking,'' already include concepts
similar to those found in the 21st Century Cures Act's prohibition on
information blocking. For example, we were concerned about donors (or
those on the donor's behalf) taking steps to limit the interoperability
of donated software to lock in or steer referrals, which is prohibited
by the anti-kickback statute.\67\ These proposed modifications are not
intended to change the purpose of this condition, but instead further
our longstanding goal of preventing abusive arrangements that lead to
information blocking and referral lock-in through updated
understandings of those concepts established in the 21st Century Cures
Act.\68\
---------------------------------------------------------------------------
\67\ See Implementation of the 21st Century Cures Act: Achieving
the Promise of Health Information Technology Before the S. Comm. On
Health, Education, Labor, & Pensions, 115th Cong. 1 (2017)
(statement of James Cannatti, Senior Counselor for Health
Information Technology HHS OIG).
\68\ We recognize that the ONC NPRM is not a final rule and is
subject to change. However, we base our proposal on both the
statutory language and the language in ONC's proposed rule for
purposes of soliciting public input on our proposals.
---------------------------------------------------------------------------
[[Page 55741]]
We note that health plans, which are protected donors under the EHR
safe harbor, may not be subject to the information blocking provisions
of the 21st Century Cures Act or the ONC NPRM. Nevertheless, health
plans that seek the protection of this safe harbor do so voluntarily.
We note that the definition of ``information blocking'' at PHSA section
3022(a)(1) applies a different knowledge standard to health IT
developers of certified health IT, health information networks, and
health information exchanges than it does to healthcare providers. A
healthcare provider engages in a practice of information blocking if
such a provider ``knows that such practice is unreasonable and is
likely to interfere with, prevent, or materially discourage access,
exchange, or use of electronic health information.'' \69\ The EHR safe
harbor primarily applies to healthcare providers due to the limitations
on the types of donors permitted under 1001.952(y)(1). Therefore, most
donors under the EHR safe harbor would be subject to the information
blocking knowledge standard at section 3022(a)(1)(B)(ii) of the PHSA.
Rather than have different conditions for healthcare providers and
health plans, we believe it is reasonable to have one condition that
applies the same information blocking knowledge standard to all parties
who voluntarily use the safe harbor to protect donations of EHR items
and services. For purposes of donations under this safe harbor, we
propose to apply the knowledge standard articulated in the PHSA at
section 3022(a)(1)(B)(ii) as applicable to both providers and health
plans, and we seek comments on this approach.
---------------------------------------------------------------------------
\69\ PHSA Sec. 3022(a)(1)(B)(ii).
---------------------------------------------------------------------------
Additionally, the current condition at 1001.952(y)(3), as adopted
in the 2006 Final EHR Safe Harbor Rule \70\ was intended to prevent
donors, including health plans, from donating EHR software and then
engaging in practices of information blocking that would limit the
interoperability of the donated items, notwithstanding that we did not
use that exact terminology. As a result, we do not believe this
proposed modification places any additional burden on health plans that
voluntarily seek to protect donations. We solicit comments on aligning
the condition at 1001.952(y)(3) with the proposed information blocking
definition in 45 CFR part 171.
---------------------------------------------------------------------------
\70\ 71 FR 45136.
---------------------------------------------------------------------------
4. Cybersecurity
We propose to amend the safe harbor to clarify that certain
cybersecurity software and services have always been protected under
this safe harbor,\71\ and to more broadly protect the donation of
software and services related to cybersecurity. Currently, the safe
harbor protects electronic health records software or information
technology and training services necessary and used predominantly to
create, maintain, transmit, or receive electronic health records. We
propose to modify this language to include certain cybersecurity
software and services that ``protect'' electronic health records.
---------------------------------------------------------------------------
\71\ For instance, a secure log-in or encrypted access mechanism
included with an EHR system or EHR software suite would be
cybersecurity features of the EHR that are protected under the
existing EHR safe harbor.
---------------------------------------------------------------------------
In the 2006 Final EHR Safe Harbor Rule, we emphasized the
requirement that software, information technology, and training
services donated must be ``closely related to electronic health
records'' and that the ``electronic health records functions must be
predominant.'' We stated that ``[t]he core functionality of the
technology must be the creation, maintenance, transmission, or receipt
of individual patients' electronic health records,'' but, recognizing
that the electronic health records software is commonly integrated with
other features, we also stated that arrangements in which the software
package included other functionality related to the care and treatment
of individual patients would be protected. Under our proposal, the same
criteria would apply to cybersecurity software and services: The
predominant purpose of the software or service must be cybersecurity
associated with the electronic health records.
We note that we also are proposing a new safe harbor specifically
to protect donations of cybersecurity technology and related services.
As proposed, the cybersecurity safe harbor is broader and includes
fewer conditions than the EHR safe harbor. However, we are proposing to
expand the EHR safe harbor to expressly include cybersecurity software
and services so that it is clear that an entity donating electronic
health records software and providing training and other related
services may also donate related cybersecurity software and services to
protect the electronic health records. For clarity, we also propose to
incorporate a definition of ``cybersecurity'' in this safe harbor that
mirrors the definition we propose in the stand-alone cybersecurity safe
harbor. A party seeking safe harbor protection needs to comply with the
requirements of only one safe harbor. We solicit comments on this
approach. In particular, with the addition of a stand-alone
cybersecurity safe harbor, we solicit comments on whether it necessary
to modify the EHR safe harbor to expressly include cybersecurity.
5. The Sunset Provision
The EHR safe harbor originally was scheduled to sunset on December
31, 2013. In adopting this condition of the EHR safe harbor, we
acknowledged in the 2006 Final EHR Safe Harbor Rule ``that the need for
a safe harbor for donations of electronic health records technology
should diminish substantially over time as the use of such technology
becomes a standard and expected part of medical practice.''
In the 2013 notice of proposed rulemaking for an amendment to the
EHR safe harbor (2013 Proposed Rule), we acknowledged that while
electronic health record technology adoption had risen dramatically,
use of such technology had not yet been universally adopted nation-
wide. Because continued electronic health record technology adoption
remained an important Departmental goal, we solicited comments
regarding an extension of the safe harbor. In response to those
comments, in the 2013 Final EHR Safe Harbor Rule we extended the sunset
date of the safe harbor to December 31, 2021, a date that corresponds
to the end of the electronic health record Medicaid incentives. We
stated our continued belief that as progress on this goal is achieved,
the need for a safe harbor for donations should continue to diminish
over time. Since publication of the 2013 Final EHR Safe Harbor Rule,
however, numerous commenters have urged us to extend or make permanent
the safe harbor at 42 CFR 1001.952(y). Specifically, commenters have
suggested this modification in response to OIG's annual Solicitation of
New Safe Harbors and Special Fraud Alerts, and also in response to the
OIG RFI and the CMS RFI.
While we acknowledge that widespread adoption of electronic health
record technology, though not universal, largely has been achieved, we
no longer believe that once this goal is achieved the need for a safe
harbor for donations of such technology will diminish over time or
completely disappear. New entrants into medical practice, coupled with
aging EHR technology at existing practices and the emergence of new and
better technology, necessitate the availability of this safe harbor to
achieve the Department's policy objectives. Our experience indicates
that the continued availability of the safe harbor plays a part in
achieving the Department's goal
[[Page 55742]]
of promoting electronic health records technology adoption by providing
certainty with respect to the cost of electronic health records items
and services for recipients, and by encouraging adoption by physicians
who are new entrants into medical practice or have postponed adoption
based on financial concerns regarding the ongoing costs of maintaining
and supporting an electronic health records system. Ongoing protection
of electronic health record items and services donations would further
new Department priorities and policies by allowing donors and
recipients to ensure new technology is adopted that, for example, may
improve the interoperability of electronic health information.
We are proposing to eliminate the sunset provision at 42 CFR
1001.952(y)(13). As an alternative to this proposed elimination of the
sunset provision, we are considering an extension of the sunset date
for the final rule. We seek comment on whether we should select a later
sunset date instead of making the safe harbor permanent, and if so,
what that date should be.
6. Definitions
We are proposing to modify the definitions of ``interoperable'' and
``electronic health record.'' In the 2006 Final EHR Safe Harbor Rule,
we finalized these definitions based on then-current terminology, the
emerging standards for electronic health records, and other resources
cited by commenters. The following proposed modifications to these
definitions are largely based on terms and provisions in the Cures Act
that update or supersede terminology we used in the 2006 Final EHR Safe
Harbor Rule.
In the current note to paragraph (y) under 1001.952, ``electronic
health record'' is defined as ``a repository of consumer health status
information in computer processable form used for clinical diagnosis
and treatment for a broad array of clinical conditions.'' We propose to
modify the definition of ``electronic health record'' to mean: ``a
repository of electronic health information that: (A) is transmitted by
or maintained in electronic media; and (B) relates to the past,
present, or future health or condition of an individual or the
provision of healthcare to an individual.''
The proposed revision to the definition of ``electronic health
record'' is not intended to substantively change the scope of
protection. We are proposing these modifications to this definition to
reflect the term ``electronic health information'' that is used
throughout the Cures Act and that is central to the definition of
``interoperability'' at PHSA Sec. 3000(9) and the information blocking
provision at PHSA Sec. 3022. Additionally, the ONC NPRM proposes a
definition of ``electronic health information.'' \72\ We have based the
proposed modifications, in part, on ONC's proposed definition of
``electronic health information'' to reflect more modern terminology
used to describe the type of information that is part of an electronic
health record. We solicit comments on this updated definition.
---------------------------------------------------------------------------
\72\ 84 FR 7424, 7513 (Mar. 4, 2019).
---------------------------------------------------------------------------
In the note to paragraph (y) under 1001.952, the existing
definition of ``interoperable'' means ``able to communicate and
exchange data accurately, effectively, securely, and consistently with
different information technology systems, software applications, and
networks, in various settings, and exchange data such that the clinical
or operational purpose and meaning of the data are preserved and
unaltered.'' As explained in the 2006 Final EHR Safe Harbor Rule, this
definition was based on 44 U.S.C. 3601(6) (pertaining to the management
and promotion of electronic Government services) and several comments
we received in response to the proposed rule that referenced emerging
industry definitions and standards related to interoperability.\73\
---------------------------------------------------------------------------
\73\ 71 FR 45110, 45126 (August 8, 2006).
---------------------------------------------------------------------------
We propose to update the definition of the term ``interoperable''
to align with the statutory definition of ``interoperability'' added by
the Cures Act to Section 3000(9) of the PHSA and as proposed in the ONC
NPRM. We propose modifications to match the statutory definition and
the ONC NPRM definition of ``interoperability.'' Consistent with PHSA
Sec. 3000(9), we propose to define ``interoperable'' to mean able to:
``(i) securely exchange data with, and use data from other health
information technology without special effort on the part of the user;
(ii) allow for complete access, exchange, and use of all electronically
accessible health information for authorized use under applicable State
or Federal law; and (iii) does not constitute information blocking as
defined in 45 CFR part 171.'' The only difference between the statutory
definition of ``interoperability'' and the definition in the ONC NPRM
is the reference to the regulatory definition of ``information
blocking'' in 45 CFR part 171, which we propose to adopt. We will work
closely with ONC as they finalize the information blocking rule to
ensure definitions align across the EHR safe harbor and the final
information blocking regulations.
We believe the statutory definition of ``interoperability''
includes similar concepts to the existing definition of
``interoperable'' in the note to paragraph (y) (e.g., the ability to
securely exchange data across different systems or technology). Two new
concepts in the statutory definition are included in the proposed
modification: (i) Interoperable means the ability to exchange
electronic health information ``without special effort on the part of
the user'' and (ii) interoperable expressly does not mean information
blocking.\74\ As a practical matter, we believe these two concepts are
not substantively different from the existing definition and only
reflect an updated understanding of interoperability and related
terminology. We solicit comments on the proposed definition that would
align the definition of ``interoperable'' with the statutory definition
of ``interoperability.''
---------------------------------------------------------------------------
\74\ PHSA Sec. 3000(9); 42 U.S.C. 300jj(9).
---------------------------------------------------------------------------
We also are considering linking the definition of ``interoperable''
with the proposed definition of ``interoperability'' at 45 CFR 170.102
in the ONC NPRM \75\ if that proposed definition is finalized. We note
that ONC's proposed regulatory definition of ``interoperability''
matches the statutory definition. However, linking the ONC regulatory
definition of ``interoperability'' may allow for additional, future
updates to be adopted by reference in the EHR safe harbor. We solicit
comments on this proposal.
---------------------------------------------------------------------------
\75\ 84 FR 7424, 7589 (Mar. 4, 2019).
---------------------------------------------------------------------------
In the alternative, we are considering revising our regulations to
eliminate the term ``interoperable'' and instead incorporate the term
``interoperability'' and define this term by reference to section
3000(9) of the PHSA and proposed in 45 CFR part 170. Under this
alternative proposal, we would revise Sec. 1001.952(y)(2) to require
donations of software to meet interoperability standards established
under Title XXX of the PHSA and its implementing regulations. Software
would be deemed to meet interoperability standards if, on the date it
is provided to the recipient, it is certified by a certifying body
authorized by ONC to health information technology certification
criteria identified in 45 CFR part 170. We seek comment regarding
whether using terminology identical to the PHSA and proposed ONC
regulations would facilitate compliance with the requirements of the
EHR safe harbor and reduce any regulatory burden resulting from the
differences in the agencies'
[[Page 55743]]
different terminology related to the singular concept of
interoperability.
Finally, for ease of reference, we propose to amend the safe harbor
by moving the undesignated definitions set forth in the note to
paragraph (y) to a new paragraph (y)(14).
7. Additional Proposals and Considerations
a. 15-Percent Recipient Contribution
In the 2006 Final EHR Safe Harbor Rule, we agreed with a number of
commenters who suggested that cost sharing is an appropriate method to
address some of the fraud and abuse risks inherent in unlimited
donations of technology. Accordingly, we incorporated a requirement
into 42 CFR 1001.952(y) that the recipient pays 15 percent of the
donor's cost of the technology. We noted in the 2006 Final EHR Safe
Harbor Rule that ``the 15 percent cost sharing requirement is high
enough to encourage prudent and robust electronic health records
arrangements, without imposing a prohibitive financial burden on
recipients.'' Moreover, we stated, ``this approach requires recipients
to contribute toward the benefits they may experience from the adoption
of interoperable electronic health records (for example, a decrease in
practice expenses or access to incentive payments related to the
adoption of health information technology).''
We are aware that the 15-percent contribution requirement has
proven burdensome to some recipients and may act as a barrier to
adoption of electronic health records technology. We understand that
this burden may be particularly acute for small and rural practices
that cannot afford the contribution. We also recognize that applying
the 15-percent contribution requirement to upgrades and updates to
electronic health record technology is restrictive and cumbersome and
similarly may act as a barrier.
We are not proposing specific amendments to the 15-percent
contribution requirement at this time, and we are considering retaining
this requirement without change in the final rule. However, we also are
considering and solicit comments on the three alternatives to the
existing requirement as outlined below. We solicit comment on each of
the alternatives as separate proposed modifications to the contribution
requirement.
First, for purposes of the final rule, we are considering
eliminating or reducing the percentage contribution required for small
or rural practices. We specifically seek comment on whether and how we
should eliminate or reduce the 15-percent contribution requirement as
applied to a specific subset of recipients such as small or rural
practices. In particular, we solicit comments on how ``small or rural
practices'' should be defined. For example, we solicit comments on
whether ``rural practices'' should be defined as those located in rural
areas, as defined in the safe harbor for local transportation at 42 CFR
1001.952(bb). We also solicit comments on whether ``small practices''
should be defined as those in medically underserved areas, as
designated by the Secretary under section 330(b)(3) of the Public
Health Service Act, or defined similarly to a ``small provider of
services or small supplier'' as set forth in the requirements related
to the electronic submission of Medicare claims at 42 CFR 424.32. We
also are considering for the final rule and solicit comments on whether
other subsets of potential recipients, for example critical access
hospitals, should be exempted from the 15-percent contribution because
it would impose a significant financial burden on the recipient.
Second, and in the alternative, we are considering reducing or
eliminating the 15-percent contribution requirement in this safe harbor
for all recipients. We solicit comments regarding the impact this might
have on the use and adoption of electronic health records technology,
and any attendant risks of fraud and abuse. We are interested in
specific examples of the prohibitive costs associated with the 15-
percent contribution requirement, both for the initial donation of
electronic health records technology, and subsequent upgrades and
updates to the technology.
Finally, if we retain a 15-percent contribution requirement or
reduce that contribution requirement for some or all recipients, we are
considering modifying or eliminating the contribution requirement for
updates to previously donated EHR software or technology. We solicit
comments on this approach as well as what such a modification should
entail. For example, we are considering requiring a contribution for
the initial investment only, as well as any ``new'' modules, but not
requiring a contribution for any update of the software already
purchased. We solicit comments on these alternatives, or another
similar alternative that would still involve some contribution but
could reduce the uncertainty and administrative burden associated with
assessing a contribution for each update.
b. Replacement Technology
In the 2013 Final EHR Safe Harbor Rule, we highlighted one
commenter's assertion that ``the prohibition on donating equivalent
technology currently included in the safe harbor locks physician
practices into a vendor, even if they are dissatisfied with the
technology, because the recipient must choose between paying the full
amount for a new system and continuing to pay 15 percent of the cost of
the substandard system.'' The same commenter asserted that ``the cost
difference between these two options is too high and effectively locks
physician practices into electronic health record technology vendors.''
In the 2013 Final EHR Safe Harbor Rule, we responded that ``we continue
to believe that items and services are not ``necessary'' if the
recipient already possesses the equivalent items or services. We noted
that providing equivalent items and services confers independent value
on the recipient and noted our expectation that ``physicians would not
select or continue to use a substandard system if it posed a threat to
patient safety.''
We appreciate that advancements in electronic health records
technology are continuous, rapid, and sometimes prohibitively expensive
for the purchaser of such technology, and that in some situations,
replacement technology is appropriate. We are proposing to delete the
condition that prohibits the donation of equivalent items or services
at current 1001.952(y)(7) to allow donations of replacement electronic
health records technology. We specifically seek comment as to whether
deleting this condition is necessary, and in what situations
replacement technology would be appropriate. We further solicit comment
as to how we might safeguard against situations where donors
inappropriately offer, or recipients inappropriately solicit,
unnecessary technology instead of upgrading their existing technology
for appropriate reasons.
c. Protected Donors
We are considering expanding the group of entities that may be
protected donors under the EHR safe harbor, for purposes of the final
rule. As background, in the preamble to the 2006 Final EHR Safe Harbor
Rule for the EHR safe harbor, we were mindful that broad safe harbor
protection would significantly further the important public policy goal
of promoting electronic health records, and thus concluded that the
safe harbor should protect any donor that is an individual
[[Page 55744]]
or entity that provides patients with healthcare items or services
covered by a Federal health care program and submits claims or requests
for payment for those items or services (directly or pursuant to
reassignment) to Medicare, Medicaid, or other Federal health care
programs (and otherwise meets the safe harbor conditions).\76\
Notwithstanding this conclusion, we indicated that ``[w]e remain
concerned about the potential for abuse by laboratories, durable
medical equipment suppliers, and others'' and noted that ``[w]e intend
to monitor the situation. If abuses occur, we may revisit our
determination.'' \77\
---------------------------------------------------------------------------
\76\ 71 FR 45127.
\77\ Id. at 45128.
---------------------------------------------------------------------------
In the 2013 Final EHR Safe Harbor Rule, we finalized a proposal to
remove laboratory companies from the scope of protected donors under
the safe harbor to address, among other things, potential abuse
identified by some of the commenters involving potential recipients
conditioning referrals for laboratory services on the receipt of, or
redirecting referrals for laboratory services following, donations from
laboratory companies, and general misuse of donations by donors to
secure referrals.
We remain concerned about the potential for fraud and abuse by
certain donors that we articulated in the 2006 Final EHR Safe Harbor
Rule and the 2013 Final EHR Safe Harbor Rule. However, in light of the
Department's continued objective to advance the adoption of electronic
health records technology, particularly as related to the Regulatory
Sprint, and in response to certain comments received to the OIG RFI, we
are considering expanding the scope of protected donors by eliminating
or revising the requirement in 42 CFR 1001.952(y)(1)(i) that protected
donors be limited to those who ``submit[ ] claims or requests for
payment, either directly or through reassignment, to the Federal health
care program.'' If we were to revise rather than eliminate the
restriction, we are considering broadening it in the final rule to
entities with indirect responsibility for patient care. This expansion
would protect as donors, for example, entities like health systems or
accountable care organizations that neither are health plans nor submit
claims for payment. Certain commenters to the OIG RFI also recommended
permitting any risk-bearing entity that participates in an Advanced APM
entity under the Medicare Quality Payment Program (QPP) to be a donor.
We are interested in understanding other types of entities and
potential donors who would avail themselves of a broadening of the
protected donors. In addition, we specifically solicit comments
regarding the removal of this restriction and whether and how removal
would impact the widespread adoption of electronic health records
technology as well as comments regarding any attendant risks of fraud
and abuse.
J. Personal Services and Management Contracts and Outcomes-Based
Payment Arrangements (1001.952(d))
We propose to modify the existing safe harbor for personal services
and management contracts at 42 CFR 1001.952(d) to: (i) Substitute, for
the requirement that aggregate compensation under these agreements be
set in advance, a requirement that the methodology for determining
compensation be set in advance; (ii) eliminate the requirement that, if
an agreement provides for the services of an agent on a periodic,
sporadic or part-time basis, the contract must specify the schedule,
length, and the exact charge for such intervals; (iii) create a new
paragraph (d)(2) to protect certain outcomes-based payments, as defined
below; and (iv) to make certain technical changes. These proposals seek
to modernize the safe harbor and respond to comments in response to the
RFI that existing safe harbor requirements present barriers to certain
care coordination and value-based arrangements.
1. Elimination of Requirement To Set Aggregate Compensation in Advance
The existing safe harbor for personal services and management
contracts requires that such agreements be for a term of at least 1
year, and that the aggregate compensation be set in advance. In
addition, the compensation must be consistent with fair market value in
arm's-length transactions. Consistent with our existing safe harbor,
compensation under personal services and management contracts may not
be determined in a manner that takes into account the volume or value
of any referrals or business otherwise generated between the parties
for which payment may be made in whole or in part under Medicare,
Medicaid or other Federal health care programs. Also, the aggregate
services performed under the agreement must not exceed those which are
reasonably necessary to accomplish the commercially reasonable business
purpose of the services.\78\ The purpose of these requirements is to
limit the opportunity to provide financial incentives in exchange for
referrals.
---------------------------------------------------------------------------
\78\ 42 CFR 1001.952(d)(4), (5) and (7).
---------------------------------------------------------------------------
To provide the healthcare industry enhanced flexibility to
undertake innovative arrangements, we are proposing to revise the safe
harbor to remove the requirement at 42 CFR 1001.952(d)(5) that the
``aggregate'' amount of compensation paid over the term of the
agreement must be set forth in advance. To mitigate the risk of parties
to the agreement periodically adjusting the compensation to reward
referrals or unnecessary utilization, the proposed modification to the
safe harbor would require the parties to an arrangement to determine
the arrangement's compensation methodology in advance of the initial
payment under the arrangement. In addition, under (d)(1) of our
proposal, the safe harbor would continue to require that the
compensation reflect fair market value, be commercially reasonable, and
not take into account the volume or value of referrals or business
otherwise generated between the parties.
We anticipate this proposal would more closely align this safe
harbor with the personal service arrangements exception to the
physician self-referral law, 42 CFR 411.357(d).
2. Elimination of Requirement To Specify Schedule of Part-Time
Arrangements
We propose to eliminate the requirements set forth at 42 CFR
1001.952(d)(3) relating to agreements for services provided on a
periodic, sporadic, or part-time basis. This paragraph of the safe
harbor requires contracts that provide for services on such a basis to
specify ``exactly the schedule of such intervals, their precise length,
and the exact charge for such intervals.'' Removing this requirement
would afford parties additional flexibility in designing bona fide
business arrangements, including care coordination and quality-based
arrangements, where parties provide legitimate services as needed.
The existing safe harbor requires part-time contractual
arrangements between healthcare providers to specify their timing or
duration because of our concern that such arrangements are especially
vulnerable to abuse. Specifically, part-time arrangements could be
readily modified based on changing referral patterns between the
parties. However, we believe that existing safeguards under (d)(1) of
our proposal would provide sufficient safeguards against the
manipulation of these arrangements to reward referrals, namely: The
term of the arrangement
[[Page 55745]]
must be not less than 1 year; the compensation terms must reflect fair
market value, be commercially reasonable, and not take into account the
volume or value of any referrals or business otherwise generated
between the parties; and the methodology for determining compensation
must be set in advance.
As with our first proposal, we anticipate this proposal would more
closely align this safe harbor with the personal service arrangements
exception to the physician self-referral law, 42 CFR 411.357(d).
3. Proposal To Protect Outcomes-Based Payments
We propose to protect outcomes-based payment arrangements in
certain circumstances under proposed new paragraph (d)(2) and (d)(3).
Our proposal is in response to the evolution of new payment models,
such as shared savings, shared losses, episodic payments, gainsharing,
and pay-for-performance, and recognizes that such arrangements may
facilitate care coordination, encourage provider engagement across care
settings, and promote the shift to value.
a. Outcomes-Based Payments
We propose to define ``outcomes-based payment'' as payments from a
principal to an agent that: (i) Reward the agent for improving (or
maintaining improvement in) patient or population health by achieving
one or more outcome measures that effectively and efficiently
coordinate care across care settings; or (ii) achieve one or more
outcome measures that appropriately reduce payor costs while improving,
or maintaining the improved, quality of care for patients.
We further propose that such payments would exclude any payments
made, directly or indirectly, by a pharmaceutical manufacturer; a
manufacturer, distributor, or supplier of DMEPOS; or a laboratory. Such
payments would also exclude any payment that relates solely to the
achievement of internal cost savings for the principal. We solicit
comments on potential alternative definitions of the term ``outcomes-
based payment'' that would be consistent with the goals described in
the preceding paragraphs of this preamble section. For example, we are
considering for the final rule defining the term by reference to
specific types of payments, such as those described as examples of
outcomes-based payments below.
Examples of outcomes-based payment arrangements could include
shared savings payments, shared losses payments, gainsharing payments,
pay-for-performance payments, or episodic or bundled payments. We are
considering and solicit comments on whether, if we take this approach,
we should further define specific types of payment arrangements that
would qualify for this safe harbor in the final rule. To the extent we
further define such arrangements, we are considering basing potential
definitions on arrangements defined in various Innovation Center models
and the Medicare Shared Savings Program. Such terms might include:
``Shared savings payment'' could be defined to mean a
payment from a payor to a principal or the downstream payment by the
principal to the agent of a share of payor savings realized from the
agent's activities for a specified patient population. Shared savings
payments encourage the use of the lowest cost service for the patient
population to achieve certain desired health outcomes.
``Shared losses payment'' could be defined to mean a
payment from a principal to a payor or from a downstream agent to a
principal to repay the payor for a portion of the payor's losses
incurred with respect to a specific patient population under a shared
savings arrangement when a principal's expenditures for the patient
population for the applicable performance period exceed specific
performance benchmarks.
``Gainsharing payment'' could be defined to mean a payment
from a principal to an agent to incentivize the agent to appropriately
reduce healthcare costs (other than solely the principal's internal
costs) for a specified patient population while achieving certain
outcome measures in accordance with a principal's arrangement with a
payor.
``Episodic or bundled payment'' could be defined to mean a
payment from a payor to a principal or from a principal to a downstream
agent for an episode of care across care settings for a specified
patient population. This could include a retrospective bundled payment
arrangement where actual healthcare expenditures of the payor and
principal for the patient population are reconciled against a target
price for an episode of care and a portion of such payment to the
principal may be made to the agent or a prospectively determined
bundled payment from the payor to the principal or a portion of such
payment to the principal made to the agent that encompasses all
healthcare services furnished by the principal and agent for the
patient population during the episode of care.
``Pay-for-performance arrangement'' could be defined to
mean a payment from a principal to an agent (or a payor to a principal)
for the achievement of a legitimate cost, quality, or operational
performance metric (e.g., bonus payment) on behalf of the principal for
a specified patient population.
We anticipate such outcomes-based payment arrangements would
largely mirror, in concept, similar arrangements used in various
Innovation Center models and the Medicare Shared Savings Program and
would, more specifically, encompass examples like the following: (i) An
ACO makes a ``shared savings'' payment to its member physicians, with
such payments representing a percentage of payor savings generated by
the ACO as a result of its members' efforts to reduce total patient
care costs and improve quality; (ii) where an ACO incurs financial loss
and is obligated to pay money to its payor, a hospital makes ``shared
losses'' payments to the ACO, representing an agreed upon percentage of
the ACO's loss; and (iii) a hospital and group of physicians and post-
acute care providers agree collectively to be paid by a payor for an
episode of care (e.g., inpatient stay and 90 days post-discharge) and
share among themselves the savings or losses generated against a
benchmark. In some cases involving reconciliation, the hospital might
be responsible for sharing any savings among its partners; in others,
the hospital might be responsible for paying its partners for the
services they furnish the patients under the episode.
As noted previously, our proposed definition of ``outcomes-based
payment'' excludes arrangements that relate solely to achievement of
internal cost savings for the principal. For example, outcomes-based
payment arrangements would not include arrangements that involve
sharing in financial risk or gain only as it relates to the prospective
payment systems for acute inpatient hospitals, home health agencies,
hospice, outpatient hospitals, inpatient psychiatric facilities,
inpatient rehabilitation facilities, long-term care hospitals, or SNFs.
Although arrangements reimbursed by Federal health care programs under
the prospective payment systems may create internal cost savings for a
provider, the savings under the arrangement would not accrue to the
payor.
Thus, and for example, this safe harbor would not protect an
outcomes-based payment arrangement between a hospital and physician
group, where the parties share financial risk or gain only with respect
to items or services
[[Page 55746]]
reimbursed to the hospital under the Medicare prospective payment
system for acute inpatient hospitals. However, an outcomes-based
payment arrangement that involves a hospital and physician group
sharing financial risk or gain realized across care settings would be
protected (e.g., for a patient's inpatient stay and the 60-day post-
discharge period), provided all safe harbor requirements were met.
b. Entities Not Included
Based on our enforcement and oversight experience and as explained
with respect to a similar exclusion in the definition of VBE
participant in this proposed rule, we are proposing to exclude
pharmaceutical manufacturers; manufacturers, distributors, and
suppliers of DMEPOS; and laboratories from the proposed safe harbor for
outcomes-based payments. As stated previously, we are concerned that
these types of entities, which are heavily dependent upon practitioner
prescriptions and referrals, might use outcomes-based payments
primarily to market their products to providers and patients.
As with the proposed definition of a VBE participant, we are also
considering for the final safe harbor at 1001.952(d)(2) excluding
pharmacies (including compounding pharmacies), PBMs, wholesalers, and
distributors. We solicit comments about these proposed exclusions, as
well as illustrative examples of beneficial or problematic outcomes-
based payment arrangements that might be excluded or included if we
finalize some or all of these exclusions.
We also are considering whether to more specifically target the
final safe harbor on outcomes-based payment arrangements that further
value-based care or care coordination by limiting protection for
outcomes-based payment arrangements to VBE participants, as that term
is defined in (ee)(12)(vi) of this proposed rule.
c. Collaboration and Outcomes-Based Payments
As proposed, under the safe harbor conditions, all outcomes-based
payments must be made between or among parties that are collaborating
to measurably improve quality of patient care appropriately and
materially reduce costs while maintaining quality, or both. Moreover,
if specific services are to be performed, the agreement must specify
all of the services the parties perform (or refrain from performing) to
qualify for the outcomes-based payments. We are mindful that with some
value-based payment arrangements, there may not be a direct correlation
between the level or value of services provided by a particular
recipient of payments and that party's share of savings or outcomes-
based payments (e.g., shared savings payments may be distributed on a
basis unrelated to actual services provided). While the two
requirements described do not expressly require that the outcomes-based
payment arrangement include the provision of services (merely that the
parties collaborate, and to the extent the parties' arrangement
includes services, that they be documented), we anticipate that many
arrangements would include a service component.
d. Safe Harbor Conditions
Our proposal for outcomes-based payment arrangements includes safe
harbor conditions, some of which mirror program integrity safeguards
set forth in the existing personal services and management contracts
safe harbor and some of which are new safeguards specific to outcomes-
based payment arrangements. As detailed below, our proposed safe harbor
conditions are based on our experience with these types of arrangements
through the advisory opinion process and the development of waivers for
CMS models.
e. Goal of the Outcomes-Based Payment Arrangement
As stated above, all outcomes-based payments must be made between
or among parties that are collaborating to measurably improve quality
of patient care (or maintain improvement); appropriately and materially
reduce costs to, or growth in expenditures of, payors while improving
or maintaining the improved quality of care; or both. We propose to
limit safe harbor protection to outcomes-based payment arrangements
that foster these two goals because we believe that such arrangements
may best facilitate care coordination, encourage provider engagement
across care settings, and promote the shift to value.
f. Outcome Measures
We propose to require the parties to an arrangement to establish
one or more specific evidence-based, valid outcome measures that the
agent must satisfy to receive the outcomes-based monetary remuneration.
This requirement largely mirrors the outcome-measure requirement in the
proposed care coordination arrangements safe harbor at paragraph (ee),
and we refer readers to the discussion of this requirement in the
preamble above. That being said, we note certain key differences, such
as: This proposed safe harbor requires satisfaction of an outcome
measure to receive an outcomes-based payment, whereas the care
coordination arrangements safe harbor requires monitoring and
assessment related to such outcome measures; and the achievement of
outcomes measures is not a prerequisite to the provision or use of in-
kind remuneration under the proposed safe harbor at paragraph (ee).
Such differences are deliberate and due to the variations in type and
scope of potential remuneration that could be exchanged under the
respective safe harbors.
For the proposed outcomes-based payment arrangements amendments to
the safe harbor, outcome measures must relate to improving quality of
patient care; appropriately and materially reducing costs to, or growth
in expenditures of, payors while improving, or maintaining the improved
quality of care for patients; or both. As an additional safeguard,
parties must select outcome measures based upon clinical evidence or
credible medical support.
Any outcome measures established pursuant to the parties'
arrangement must be measurable and valid, and such measures must
promote improved quality or efficiencies in the delivery of care, or
appropriate cost reduction. Measures that simply seek to reward the
status quo would not meet this requirement. In some circumstances, we
acknowledge that payment for the maintenance of high quality may be low
risk (e.g., where an established ACO that has made demonstrable quality
improvements over the course of several years seeks to reward its
members to maintain such improvements). We solicit comments on whether,
and if so how, we should protect such arrangements in the final rule
without protecting arrangements that may be disguised payments for
referrals. We are concerned that arrangements that reward the status
quo are more likely to be mere payments for referrals.
Because we believe the provision of monetary remuneration presents
a higher risk of fraud and abuse than the provision of in-kind
remuneration, we are considering for the final rule, and solicit
comments on, whether to impose a different, potentially stricter
standard for outcome measures in this proposed safe harbor than in the
proposed care coordination arrangements safe harbor at paragraph (ee).
To mitigate this risk, we propose to require the parties to regularly
monitor and assess the agent's performance on each outcome measure
under the agreement. This condition is similar to the assessment and
[[Page 55747]]
monitoring requirements in the care coordination arrangements safe
harbor at paragraph (ee). For example, regularly monitoring and
assessing the agent's performance could include: (i) Determining
whether the arrangement has measurably improved quality of patient
care, (ii) evaluating any deficiencies in the delivery of quality care,
and (iii) measuring the agent's satisfaction of the specific, evidence-
based, valid outcome measure(s) in the outcomes-based arrangement.
We recognize that outcomes-based payment arrangements may vary in
structure and strive to provide flexibility for parties to design
arrangements to achieve appropriate quality of patient care as well as
appropriate efficiency and cost savings goals. However, we are
proposing to include an express requirement that parties rebase the
benchmark or outcome measure for outcomes-based payments periodically
in outcomes-based payment arrangements where rebasing is feasible under
paragraph (d)(2)(vii)(B). By ``rebasing'' we mean resetting the
benchmark used to determine whether payments will be made to take into
account improvements already achieved. We anticipate periodic
``rebasing'' will prevent parties from inappropriately carrying over
savings from previous performance periods or from receiving payments
that do not reflect legitimate achievement of outcomes.
This proposed requirement is intended to address a concern that
``evergreen'' outcomes-based payment arrangements, in which outcome
measures are not properly monitored or assessed, could be used as a
vehicle to reward referrals well after the desired provider behavior
change or savings benchmark has been met. Such perpetual arrangements
might also fail to meet the proposed requirement that the measures be
evidence-based. We are considering for the final rule, and solicit
comments on, whether a specific timeframe within a specified
performance period under the arrangement (e.g., 3 years) or a shorter
(e.g., 1-year) or longer (e.g., 5-year) timeframe is appropriate and
realistic for requiring parties to rebase the benchmarks for outcomes-
based payments. We solicit comments on the definition of ``rebase'' and
when and how frequently rebasing would be necessary and appropriate to
ensure that outcomes-based payments are based on valid, measurable
outcomes, reducing the risk that the payments would be mere payments
for referrals.
g. Methodology
To increase transparency of outcomes-based payment arrangements, we
propose that the methodology for determining the aggregate compensation
(including any outcomes-based payments) paid between or among the
parties over the term of the agreement is: Set in advance; commercially
reasonable; consistent with fair market value; and not determined in a
manner that directly takes into account the volume or value of any
referrals or business otherwise generated between the parties for which
payment may be made in whole or in part by a Federal health care
program. We view these conditions as essential safeguards to ensuring
any outcomes-based payment arrangement is not a vehicle to reward
referrals and generate revenue but rather reflects a deliberate,
collaborative effort by the parties to the arrangement to realize
improved outcomes, cost savings to payors, or both.
Because our proposed set-in-advance and commercially reasonable
requirements are consistent with our existing personal services
arrangement and management contracts safe harbor (as proposed to be
amended with respect to the set-in-advance requirement), we do not
address these requirements here in further detail. We discuss our
proposed fair market value and volume or value conditions below.
i. Fair Market Value
We propose that the methodology for determining the aggregate
compensation (including any outcomes-based payments) paid between or
among the parties over the term of the agreement be consistent with
fair market value. We acknowledge our proposed aggregate fair market
value requirement may pose challenges to the extent there are not
industry standards yet developed to determine fair market value for
some outcomes-based payment arrangements in the value-based care arena
and because we understand that some of the outcomes-based payment
arrangements we propose to protect do not necessarily correlate
payments with actual services performed (and in some cases, reward not
performing services).
Nonetheless, we anticipate the industry will evolve and adapt to
assess fair market value for value-driven outcomes-based payment
arrangements, even where the provision of traditional services may be a
less prominent component. We solicit comments on this approach. We are
considering for the final rule whether we should take a different
approach (including whether to value outcomes-based payments separately
from other compensation or whether to substitute the fair market value
requirement with a different safeguard that would help ensure that
payments are for legitimate participation in arrangements that drive
value-based care and are not merely disguised payments for referrals).
ii. Volume or Value of Referrals
We propose to require that the compensation methodology for
determining the outcomes-based payment not be determined in a manner
that directly takes into account the volume or value of referrals or
other business generated between the parties. We recognize that to
incentivize care coordination and appropriate behavioral changes
through outcomes-based payments, parties may need to establish payment
methodologies that at least indirectly take into account the volume or
value of referrals or other business generated between the parties. We
believe it should be possible to structure payments so that they do not
directly take into account the volume or value of referrals of other
business.
h. Writing and Monitoring
We propose that the outcomes-based payment be made between or among
parties that are collaborating, pursuant to a written agreement signed
by the parties in advance of, or contemporaneous with, the commencement
of the terms of the outcomes-based payment arrangement. We further
propose that the written agreement specify all of the services the
parties would perform for the term of the agreement. As detailed in the
above section, while this does not mandate that parties to an outcomes-
based payment arrangement include services, if services are furnished
pursuant to the parties' arrangement, such services must be documented
in writing.
We further propose to require that the written agreement include
the outcome measure(s), the evidence-based data or information upon
which the parties relied to select the outcome measure(s), and the
schedule for the parties to regularly monitor and assess the outcome
measure(s). In addition to the writing requirements set forth in
(d)(2)(viii), parties may consider documenting and retaining such
documentation necessary to demonstrate compliance with each prong of
this safe harbor. For example, the parties may document payments made
pursuant to the outcomes-based payment arrangement and data showing the
agent's achievement of the outcome measure(s).
[[Page 55748]]
i. Impact on Patient Quality of Care
Properly structured and operated, outcomes-based payments hold the
potential to improve the delivery of care; however, when improperly
structured and operated, they hold the potential to incentivize
behavior harmful to patients, such as stinting on care
(underutilization), cherry picking lucrative or adherent patients, or
lemon dropping costly or noncompliant patients.\79\ Accordingly, we are
proposing to require that the agreement neither limits any party's
ability to make medically appropriate decisions for patients, nor
induces the reduction of medically necessary services.
---------------------------------------------------------------------------
\79\ We note that section 1128A(b)(1) of the Act (the
``Gainsharing CMP'') prohibits a hospital from knowingly making
payments, directly or indirectly, to a physician to induce the
physician to reduce or limit medically necessary services to
Medicare or Medicaid beneficiaries who are under the physician's
direct care. Hospitals that make (and physicians who receive)
payments prohibited by this provision are liable for civil money
penalties for each patient for which the prohibited payment was
made. However, our proposed condition is in recognition that other
parties, besides hospitals and physicians, may seek protection under
this safe harbor.
---------------------------------------------------------------------------
j. Additional Safeguards
We propose that the term of the agreement is not less than 1 year
and that the services performed under the agreement do not involve the
counseling or promotion of a business arrangement or other activity
that violates any State or Federal law. These conditions are identical
to those included in the personal services and management contracts
safe harbor.
k. Technical Modifications
Due to the proposed additions of paragraphs (d)(2) and (d)(3),
setting forth provisions on outcomes-based payments and definitions, we
propose to move the existing personal services and management contracts
provisions, as proposed to be amended in this rulemaking, to a new
paragraph (d)(1).
K. Warranties (1001.952(g))
In an effort to update the existing safe harbor for warranties at
42 CFR 1001.952(g) and to promote higher value items covered by
warranties, we propose to modify the safe harbor to: (i) Protect
warranties for one or more items and related services upon certain
conditions; (ii) exclude beneficiaries from the reporting requirements
applicable to buyers; and (iii) define ``warranty'' directly and not by
reference to 15 U.S.C. 2301(6). We also propose to make a technical
correction to paragraph (3)(i) to change the text from ``paragraphs
(a)(1) and (a)(2) of this section'' to ``paragraphs (g)(1) and (g)(2)
of this section.'' For ease of reference, we propose to amend the safe
harbor by moving the undesignated definition at the end of the safe
harbor to a new paragraph (g)(7).
1. Bundled Warranties
The warranties safe harbor protects remuneration consisting of
``any payment or exchange of anything of value under a warranty
provided by a manufacturer or supplier of an item to the buyer (such as
a health care provider or beneficiary) of the item,'' as long as the
buyer and seller comply with the safe harbor's requirements.\80\ We
confirmed in Advisory Opinion No. 18-10 that this safe harbor applies
only to warranties for a single item and not to bundled items.\81\ We
received comments in response to the OIG RFI requesting revisions to
the warranties safe harbor to protect warranty arrangements that
pertain to bundled items and services. Commenters suggested that such
revisions would promote beneficial and innovative arrangements. Based
on these comments, other input OIG has received, and our own
consideration of the potential benefits of expanding the warranties
safe harbor to foster value, we propose to revise the safe harbor to
protect bundled warranties for one or more items and related services,
when certain conditions are met. This modification would allow
manufacturers and suppliers to warrant that a bundle of items or one or
more items in combination with related services, such as product
support services, will meet a specified level of performance under a
warranty agreement.
---------------------------------------------------------------------------
\80\ 42 CFR 1001.952(g).
\81\ Adv. Op. No. 18-10, available at https://www.oig.hhs.gov/fraud/docs/advisoryopinions/2018/AdvOpn18-10.pdf.
---------------------------------------------------------------------------
We believe this proposed modification could promote beneficial
arrangements between sellers and buyers by allowing them to enter into
warranty arrangements conditioned on the collective value of the
warranted items and related services. We also believe this proposed
modification could enhance the use and utility of warranted items by
protecting warranties that encompass services, such as support and
educational services. For example, this proposed modification would
protect arrangements such as the one at issue in Advisory Opinion No.
01-08, where the requestor operated a warranty program covering wound
care products and certain related support services, such as access to a
wound specialist and an online wound documentation system, that the
requestor made available to buyers of its products.\82\
---------------------------------------------------------------------------
\82\ Adv. Op. No. 01-08, available at https://www.oig.hhs.gov/fraud/docs/advisoryopinions/2001/ao01-08.pdf. OIG acknowledged that
the arrangement at issue in advisory opinion number 01-08 implicated
the anti-kickback statute and did not fit in the warranties safe
harbor but approved the arrangement on the basis that it presented a
sufficiently low risk of fraud and abuse under the anti-kickback
statute.
---------------------------------------------------------------------------
a. Inclusion of Services in Bundled Warranties
We are proposing to protect warranty arrangements that apply to one
or more items and services (provided the warranty covers at least one
item). This modification would allow manufacturers and suppliers to
warrant that certain services, in combination with one or more items,
will result in a specified level of performance.\83\ We are mindful
that the provision of certain warranted services, such as medication
adherence services by manufacturers and suppliers, could increase the
risk of patient harm and inappropriate utilization because
manufacturers and many suppliers do not necessarily have direct patient
care responsibilities and thus may not have the same patient safety
considerations that physicians and providers with direct patient care
responsibilities have. Using medication adherence services offered by
drug manufacturers as an example, we are concerned that manufacturers
may promote patients' adherence to
[[Page 55749]]
prescribed medications, even when a patient is experiencing harmful
side effects, or the medication is not achieving the purpose for which
it was prescribed. Because manufacturers have financial incentives for
patients to use and reorder their medications but do not have the
medical expertise the prescribing physicians have to determine whether
continued use of medications is clinically appropriate for a specific
patient, medication adherence services offered by manufacturers, such
as phone or message communications directing patients to take their
medications, could result in patient harm or inappropriate utilization
of drugs.
---------------------------------------------------------------------------
\83\ We clarify that our proposed changes would not protect free
or reduced-price items or services that sellers provide either as
part of a bundled warranty agreement or ancillary to a warranty
agreement. Whether a seller's provision of free or reduced-price
items or services in connection with a warranty arrangement would
implicate and potentially violate the anti-kickback statute would
depend on whether other safe harbor protection exists for the
arrangement, and if not, whether those items or services have
independent value to a buyer other than for purposes of determining
whether the terms of a warranty have been met. For example,
laboratory testing required for patient care may be necessary to
determine if a warranted outcome was achieved, but the laboratory
test would have independent value to the buyer. A seller's provision
of laboratory testing for free or at a reduced charge as part of a
warranty agreement would implicate the anti-kickback statute.
Additionally, the provision of medication adherence services for
free or below fair market value would implicate the anti-kickback
statute. In contrast, if sellers provide items and services with no
independent value to a buyer, other than to determine whether the
conditions of a warranty have been satisfied, the items and services
may not constitute remuneration under the anti-kickback statute, and
thus, may not implicate the statute. See OIG Compliance Program
Guidance for Pharmaceutical Manufacturers, 68 FR 23731, 23735 (May
5, 2003), for a discussion of pharmaceutical manufacturers'
provision of limited support services tailored to the manufacturers'
products that may not implicate the anti-kickback statute.
---------------------------------------------------------------------------
We are considering safeguards we could include in the final rule to
protect against these risks, such as a safeguard that would prohibit
direct patient outreach by a seller offering a warranty but that would
allow the seller to pay an independent intermediary to perform services
that require direct patient outreach, as long as compensation for the
patient outreach services is not tied to the volume or value of any
warranted item used by the patient.
Our proposed expansion of this safe harbor does not protect
warranties covering only services. We believe warranties for services
that are not tied to one or more related items could present heightened
fraud and abuse risks. Manufacturers and suppliers could warrant that
services will achieve certain clinical goals and offer remuneration to
induce referrals from referral sources under the guise of warranty
remedies. The services manufacturers and suppliers may offer could take
many different forms, and it may be difficult to verify whether
services, which can more subjective in nature than items, failed to
achieve the clinical goals established by a warranty arrangement.
Additionally, because the services subject to a warranty may not be
federally reimbursable, it may be difficult to determine whether the
services being warranted are bona fide services or sham services
offered as part of a warranty agreement and designed to transfer
remuneration to referral sources upon the failure of such services to
achieve the warranted result. If physicians, for example, could warrant
that their services will achieve certain clinical results, the
potential to receive money as a warranty remedy may induce patients to
select physicians offering warranties over other physicians,
particularly where the clinical results being warranted are not easily
achievable, regardless of which physician a patient selects. We are
considering for the final rule extending safe harbor protection for
warranties applying only to services if sufficient safeguards exist to
mitigate these risks, and we are soliciting comments on the potential
fraud and abuse risks that may arise if we expand the safe harbor to
include services-only warranties and potential safeguards to mitigate
these risks.
b. Conditions on Bundled Warranties
We propose to impose the following conditions on bundled warranty
arrangements: (i) All federally reimbursable items and services subject
to bundled warranty arrangements must be reimbursed by the same Federal
health care program and in the same payment; (ii) a manufacturer or
supplier must not pay any individual (other than a beneficiary) or
entity for any medical, surgical, or hospital expense incurred by a
beneficiary other than for the cost of the items and services subject
to the warranty; and (iii) manufacturers and suppliers cannot condition
bundled warranties on the exclusive use of one or more items or
services or impose minimum-purchase requirements of any items or
services. We believe these requirements would promote beneficial
arrangements while protecting beneficiaries and the Federal health care
programs from harmful practices, such as inappropriate utilization and
product steering, as explained below.
c. Requirement for Federally Reimbursable Items and Services Subject to
Bundled Warranty Arrangements To Be Reimbursed by the Same Federal
Health Care Program and in the Same Payment
Under a new paragraph (5), we propose to require that all federally
reimbursable items and services subject to the bundled warranty be
reimbursed by the same Federal health care program and in the same
payment. This requirement would be satisfied when federally
reimbursable items and services subject to a bundled warranty are
reimbursed by, for example, the same Part A Medicare Severity-Diagnosis
Related Group (MS-DRG) payment, the same Medicare Part B ambulatory
payment classification payment, or the same Medicaid managed care
payment. Allowing sellers to bundle items and services reimbursed by
different Federal health care program payments could create incentives
for overutilization or inappropriate utilization of items and services
included in the bundle. Unlike bundled payments, such as MS-DRG
payments, payments that reimburse providers separately for each item
and service they order do not incentivize providers to contain their
costs because the providers would receive reimbursement for each
discrete item and service they order, regardless of whether those items
and services present the best value. Without cost-containment
incentives, providers may order devices or drugs subject to a bundled
warranty, regardless of whether lower-cost, equally effective devices
or drugs are available, because providers would be reimbursed
separately for each item and reimbursable service and could be eligible
to receive the full cost of the separately billed items and
reimbursable services in the bundle if even one item or reimbursable
service fails to perform as expected.
We believe these risks are mitigated when bundled warranties apply
only to federally reimbursable items and services that are reimbursed
by the same Federal health care program payment, such as under an MS-
DRG payment. However, we are aware that bundled warranties could result
in barriers to entry for certain manufacturers and suppliers that
cannot offer bundled warranties, and we are considering for the final
rule, and solicit comments on, additional safeguards we should include
to limit the potential anti-competitive effects that bundled warranties
may have in the drug and device markets. Additionally, we solicit
specific examples where the protections we propose would not be
sufficient to protect against anti-competitive conduct.
We recognize that the proposed requirement above might inhibit
warranties conditioned on the collective performance of warranted items
across a patient population (population-based warranties) because these
items would not be reimbursed in the same payment. We are considering
whether, and if so, how, we might craft the safe harbor to allow for
population-based warranties without creating risks of increased costs
to the Federal health care programs, as described above. For example,
we are considering for the final rule whether we could require that all
items and services be reimbursed according to the same payment
methodology, but not necessarily the same payment, to allow for
population-based warranties. We solicit comments on this approach and
the potential benefits and fraud and abuse risks it may present. We
note that retrospective reconciliation payments, such as those often
used under the Innovation Center payment models, would not constitute
one payment, as required under our proposal, when the reconciliation
payments are paid to one entity but are not direct payment for
[[Page 55750]]
items and services provided only by that entity.
In addition, we are considering for the final rule, and seek
comments on, whether we should include any exceptions to the
requirement that all federally reimbursable items and services subject
to a bundled warranty be paid by the same payment, such as when bundled
items are reimbursed according to the same payment under the Medicare
program but are reimbursed separately under Medicaid. For example, in
Advisory Opinion No. 18-10, we noted that the items subject to the
requestor's warranty program were reimbursable under the same MS-DRG
payment but potentially were separately reimbursable under certain
states' Medicaid programs. We encourage commenters to provide specific
examples where an exception may be needed.
2. Capped Amount of Warranty Remedies; Prohibition on Exclusivity and
Minimum-Purchase Requirements
We propose to modify paragraph (4) of the safe harbor by limiting
the remuneration a manufacturer or supplier may pay to any individual
(other than a beneficiary) or entity for any medical, surgical, or
hospital expense incurred by a beneficiary to the cost of the items and
services subject to the warranty. We view this limitation as an
important protection against manufacturers and suppliers providing
excessive remuneration to induce further business. In a new paragraph
(6), we also propose to prohibit manufacturers and suppliers from
conditioning warranties on the exclusive use of one or more items or
services and from imposing minimum-purchase requirements of any items
or services. We view such steering practices as highly problematic and
solicit comments on the prevalence of these practices in warranty
arrangements. We also solicit comments on the effectiveness of the
proposed safeguards in preventing or mitigating fraud and abuse risks,
as well as additional safeguards we could impose.
3. Reporting Requirements
Stakeholders have expressed concern that the reporting requirements
under the safe harbor may not allow for outcomes-based warranty
arrangements in which buyers could receive return payments from
manufacturers over several years if a therapy does not meet clinical
outcomes at designated points in time. We solicit comments on any
burden the current reporting requirements impose and the need for more
flexible reporting requirements under the safe harbor to better
facilitate warranties tied to clinical outcomes. We understand that
delayed reporting may be necessary when, for example, the efficacy of a
drug therapy may not be known for several years after the initial
purchase. We are considering ways in which we could modify the
reporting requirements under the safe harbor to accommodate outcomes-
based warranty arrangements while protecting the Government's interest
in having an accurate and timely report of any price reductions a
seller offers a buyer under a warranty arrangement protected by the
safe harbor. We also propose to expressly exclude beneficiaries from
the reporting requirement applicable to other buyers since
beneficiaries do not report costs to the Government.
4. Definition of ``Warranty''
We propose to define ``warranty'' directly and not by reference to
15 U.S.C. 2301(6). The Magnuson-Moss Act enacted 15 U.S.C. 2301, which
in paragraph (6) defines ``written warranty'' in connection with the
sale of a ``consumer product.'' However, courts have held that an item
regulated under the Federal Food, Drug, and Cosmetic Act is not a
``consumer product'' for purposes of the Magnuson-Moss Act.\84\ The
reference to 15 U.S.C. 2301(6) in the definition of ``warranty''
therefore creates unintentional ambiguity as to whether the safe harbor
covers warranties for drugs and devices regulated under the Federal
Food, Drug, and Cosmetic Act. We propose revisions to the definition of
``warranty'' to clarify that the warranties safe harbor applies to FDA-
regulated drugs and devices.
---------------------------------------------------------------------------
\84\ See, e.g., Kanter v. Warner-Lambert Co., 99 Cal. App. 4th
780, 798 (2002); Goldsmith v. Mentor Corp., 913 F. Supp. 56, 63
(D.N.H. 1995); Kemp v. Pfizer, Inc., 835 F. Supp. 1015, 1024-25
(E.D. Mich. 1993).
---------------------------------------------------------------------------
We propose a definition for ``warranty'' that largely models the
definition in 15 U.S.C. 2301(6) but replaces references to a
``product,'' where applicable, with ``item or bundle of items, or
services in combination with one or more related items,'' to allow for
single-item and bundled warranties. Additionally, the proposed
definition substitutes references to the ``material'' of a product with
``quality'' to reflect the inclusion of warranted services in addition
to items. The proposed definition of ``warranty'' continues to include
a ``written affirmation of fact or written promise [that] affirms or
promises that [items and services] . . . will meet a specified level of
performance over a specified period of time.'' We interpret this
provision to provide protection for warranty arrangements conditioned
on clinical outcome guarantees, provided the warranty arrangements meet
all the safe harbor's requirements.
L. Local Transportation (1001.952(bb))
Increasingly, experts are recognizing the important role
transportation plays in patient access to care, quality of care,
healthcare outcomes, and effective coordination of care for patients,
particularly for patients who lack their own transportation or who live
in ``transportation deserts.'' As part of this rulemaking, we are
revisiting certain provisions of the existing safe harbor for local
transportation at 42 CFR 1001.952(bb) and, as described above,
proposing new safe harbor protection for certain patient engagement
tools and supports. The proposed patient engagement and support safe
harbor would include transportation services for patients that meet the
proposed safe harbor requirements.
We propose to modify the existing safe harbor for local
transportation at 42 CFR 1001.952(bb) to: (i) Expand the distance which
residents of rural areas may be transported; and (ii) remove any
mileage limit on transportation of a patient from a healthcare facility
from which the patient has been discharged to the patient's residence.
For purposes of clarification, we also provide guidance on the
application of the safe harbor to transportation through ride-sharing
services. We are not proposing to amend the safe harbor to explicitly
include such services, because we believe that nothing in the existing
language excludes them from protection.
Finally, for ease of reference, we propose to amend the safe harbor
by moving the undesignated definitions set forth in the note to
paragraph (bb) to a new paragraph (bb)(3).
1. Expansion of Mileage Limit for Patients Residing in Rural Areas
The safe harbor provides that transportation is protected if
provided ``[w]ithin 25 miles of the health care provider or supplier to
or from which the patient would be transported, or within 50 miles if
the patient resides in a rural area, as defined in this paragraph
(bb).'' \85\ In response to the OIG RFI, some commenters stated that
the 50-mile limit for residents of rural areas is insufficient, as many
rural residents need to travel more than 50 miles to obtain medically
necessary services. Accordingly, we are proposing to increase the limit
on transportation of residents of rural communities to 75
[[Page 55751]]
miles, but we solicit comments on whether an increase to 75 miles is
sufficient. We urge commenters to provide data or other evidence to
support the most appropriate distance for the purposes of this
rulemaking. We request that commenters provide specific information, if
available, about the patients within the commenters' communities or
service areas who cannot obtain care within the existing distance
limits. We also seek comments on how an entity would provide
transportation over distances in excess of 50 miles (e.g., by shuttle,
as defined in the existing safe harbor), ride-sharing programs,
reimbursement of mileage, reimbursement of bus or taxi fare, or other
means. Such information will assist us in determining whether an
increased distance limit is necessary and practical and whether it is
likely to be subject to abuse. While the current safe harbor does not
require any showing of need on the part of patients, we solicit
comments on whether the final rule should protect transportation in
excess of the current limits only where there is a demonstration of
financial, medical, or transportation need. We also solicit comments on
what safeguards would be necessary to prevent abuse of an expansion of
these limits for rural or other patients.
---------------------------------------------------------------------------
\85\ 42 CFR 1001.952(bb)(1)(iv)(B).
---------------------------------------------------------------------------
2. Elimination of Distance Limit on Transportation of Discharged
Patients
Comments on the OIG RFI and other information raise concerns about
patients discharged from healthcare facilities who do not have a ride
home. In some cases, these patients have been brought to the facility
from a great distance. Some patients in behavioral health facilities
are brought to the facility over long distances by law enforcement
personnel. Commenters urged that the local transportation safe harbor
be expanded to protect facilities that want to provide safe
transportation home.
We agree that transportation home after discharge from an inpatient
facility does not pose the same level of risk of inducing patient
referrals as transportation to the facility. Accordingly, we are
proposing to eliminate any distance limit on transportation of a
patient who has been discharged from a facility after admission as an
inpatient, regardless of whether the patient resides in an urban or
rural area, if the transportation is to the patient's residence,
another residence of the patient's choice (such as the residence of a
friend or relative who is caring for the patient post-discharge). We
are also considering protecting transportation to any location of the
patient's choice, including to another healthcare facility. We are
soliciting comment on the fraud and abuse risks that may arise from
permitting transportation to another healthcare facility. In addition,
we are considering for the final rule whether, and under what
circumstances, transportation home or to another facility should be
protected when a patient has not been admitted to an inpatient
facility. For example, we are soliciting comments on whether
transportation should be protected after a patient has been seen in the
emergency room, under observation status at a hospital for an extended
period, but not admitted, or after a procedure at an ambulatory surgery
center (ASC). If transportation is protected under these circumstances,
we welcome comments on what limitations should be imposed (e.g.,
observation status at a hospital for at least 24 hours, or a procedure
at an ASC or medical condition evaluated or treated at an emergency
department that results in a patient being unable to travel home safely
unaccompanied).
The safe harbor does not require an entity to offer transportation
to patients, and an entity may impose its own mileage limits on any
transportation offer, as long as it imposes such limits consistently
and makes the transportation available without regard to the volume or
value of Federal health care program business. For example, the entity
sponsoring the transportation cannot offer the transportation only to
facilities affiliated with it.
As with our proposal to increase the mileage limit for
transportation of rural patients, we solicit comments on whether
transportation of discharged patients, if in excess of otherwise
applicable safe harbor mileage limits, should be limited to patients
with demonstrated need (either financial need or transportation need),
and if so, what standards should apply to such demonstration of need.
Finally, we solicit comments on whether, if this proposal to eliminate
any mileage limit for discharged patients is adopted, there remains a
need to increase the distance limit for transportation of patients who
reside in rural areas.
3. Local Transportation for Health-Related, Non-Medical Purposes
In the preamble to the final rule establishing the local
transportation safe harbor, we declined to extend safe harbor
protection to transportation for purposes other than to obtain
medically necessary items or services, although we noted that a shuttle
service protected by the safe harbor could make stops at locations that
do not relate to a particular patient's medical care. We also stated
that we would consider in a future rulemaking whether permitting
transportation to non-medical services that are part of care
coordination arrangements or are related to improving healthcare would
be appropriate.\86\
---------------------------------------------------------------------------
\86\ See 81 FR 88368, 88384 (Dec. 7, 2016).
---------------------------------------------------------------------------
In response to the OIG RFI, we received comments suggesting that
the local transportation safe harbor should protect transportation for
non-medical purposes that may nevertheless improve or maintain health.
Such transportation might be to food stores or food banks, social
services facilities (such as to apply for food stamps or housing
assistance), exercise facilities, or chronic disease support groups,
for example. In many cases, such transportation might help address both
patients' health outcomes as well as social determinants of health,
such as transportation, nutrition, and housing. We are considering
including non-medical purposes in the final safe harbor, and we seek
comments on whether and how the safe harbor could be expanded in this
manner to foster innovative arrangements that are likely to improve
health outcomes and address non-medical needs that significantly
influence those outcomes, without creating an unacceptable risk of
fraud and abuse, such as inducing beneficiaries to receive unnecessary
healthcare items and services. We are considering whether such
expansion of the safe harbor should be limited to certain beneficiary
populations, such as chronically ill patients, or to patients who are
being discharged from a hospital or other facility. Responses to this
solicitation of comments will inform our consideration of potentially
extending this safe harbor in the final rule to include these
arrangements or potentially protecting arrangements in the patient
engagement and support safe harbor, if finalized.
Elsewhere in this rulemaking, we are proposing a new safe harbor
for patient engagement tools and supports provided by VBE participants,
which could include transportation for health-related, non-medical
purposes. The protection of this safe harbor would not be available
outside the context of a VBE, however, since the proposed safe harbor
limits protection to patient engagement tools and supports furnished by
VBE participants. We refer commenters to the standards and safeguards
proposed for the separate safe harbor for patient engagement tools and
supports (proposed at
[[Page 55752]]
1001.952(hh)), and we solicit comments on whether these standards and
safeguards are also appropriate for the local transportation safe
harbor, to the extent that were to apply to transportation for non-
medical purposes. In addition, we seek comments on whether an extension
of the local transportation safe harbor in this manner is needed or
appropriate, if the proposed separate safe harbor for patient
engagement and support offered by VBE participants is adopted (proposed
1001.952(hh)).
4. Use of Ride-Sharing Services
We are aware that some entities are providing transportation for
medical items and services through the use of ride-sharing services. As
we understand the use of these services, a hospital, for example, could
arrange with a ride-sharing service to provide rides for its patients,
for which the hospital would be billed. We are aware that some members
of the public may be uncertain about the application of the safe harbor
in these circumstances.
In the preamble to the final rule establishing the local
transportation safe harbor, we noted the possibility that patient
transportation would be provided via taxi.\87\ Although we did not
explicitly refer to ride-sharing services, we see no difference between
these services and taxis, for purposes of the safe harbor. We believe
that nothing in the language of the safe harbor precludes their use.
(By the same logic, the safe harbor does not preclude transportation
via self-driving cars or other similar technology that serve as a taxi
service, should they become available.) We invite any commenters who
disagree to provide comments explaining the possible basis for the
exclusion of ride-sharing programs from protection from the existing
safe harbor. If we find such comments persuasive, we will consider an
amendment to the safe harbor to explicitly protect transportation
through ride-sharing programs.
---------------------------------------------------------------------------
\87\ 81 FR at 88387.
---------------------------------------------------------------------------
We note, however, that the same safe harbor requirements that apply
to other forms of transportation also apply to transportation provided
by ride-sharing services. These include the requirement that the
availability of free or discounted transportation not be advertised. A
taxi company, ride-sharing service, or other provider of transportation
could advertise that it provides transportation to medical appointments
and suggest contacting medical providers to determine if free or
discounted transportation is available to their facilities. It cannot,
however, advertise that it provides free or discounted transportation
to a particular healthcare provider or group of providers. Such
customer-specific advertising is within the control of the customer to
prohibit, and therefore would be imputed to the customer (i.e., the
entity paying for the transportation, regardless of whether that entity
pays for the advertising), thus disqualifying the arrangement from safe
harbor protection.
To the extent that the ride-sharing service provides services other
than transportation for the purpose of obtaining medical care, such
services would not be protected by the safe harbor. Like a taxi driver,
a ride-share driver could assist a patient in getting from a residence
into a vehicle and from a vehicle into a medical provider's facility,
and this could include assisting the patient with a wheelchair, oxygen
equipment, or the like. This would be considered part of the
transportation service. In addition, a ride-sharing driver, taxi
driver, or shuttle could, for example, provide the patient with
transportation from a physician's office or hospital to a pharmacy, for
the purpose of obtaining a prescription (a medically necessary item)
before taking the patient home. As noted in the preamble to the 2016
final rule establishing this safe harbor, a shuttle could also include
a food store among its stops.\88\ However, transportation to a food
store or any other location not for the purpose of obtaining medically
necessary items or services, when provided on a patient-specific basis
(i.e., not by a shuttle), is not protected by this safe harbor. Such
transportation may be protected by the proposed safe harbor for value-
based arrangements, as discussed elsewhere in this proposed rule.
---------------------------------------------------------------------------
\88\ 81 FR 88384.
---------------------------------------------------------------------------
Finally, we note that, as with all safe harbors, the local
transportation safe harbor applies only to the Federal anti-kickback
statute (and the beneficiary inducements CMP). Providers of
transportation remain subject to all other federal, state and local
laws and regulations that may be applicable to their activities and
arrangements.
M. ACO Beneficiary Incentive Program
1. Overview of Medicare Shared Savings Program and Provisions of the
Budget Act of 2018 for ACO Beneficiary Incentive Programs
Section 1899 of the Act established the Medicare Shared Savings
Program, which promotes accountability for a patient population,
fosters coordination of items and services under Medicare Parts A and
B, encourages investment in infrastructure and redesigned care
processes for high-quality and efficient healthcare service delivery,
and promotes higher value care. The Medicare Shared Savings Program is
a voluntary program that encourages groups of doctors, hospitals, and
other healthcare providers to come together as an ACO to lower growth
in expenditures and improve quality. An ACO agrees to be held
accountable for the quality, cost, and experience of care of an
assigned Medicare FFS beneficiary population. ACOs that successfully
meet quality and savings requirements share a percentage of the
achieved savings with Medicare.
Section 1899(m)(1)(A) of the Act, as added by section 50341 of the
Budget Act of 2018,\89\ permits ACOs under certain two-sided models to
operate CMS-approved beneficiary incentive programs to provide
incentive payments to assigned beneficiaries who receive qualifying
primary care services. According to CMS, and as intended by section
1899(m)(1)(A) of the Act, the beneficiary incentive programs will
encourage beneficiaries assigned to certain ACOs to obtain medically
necessary primary care services while requiring such ACOs to comply
with program integrity and other requirements.\90\ CMS, in a final rule
establishing regulations governing ACO Beneficiary Incentive Programs
states that the agency ``believe[s] that such amendments will empower
individuals and caregivers in care delivery.'' \91\
---------------------------------------------------------------------------
\89\ Public Law 115-123, 132 Stat. 64.
\90\ Medicare Program; Medicare Shared Savings Program;
Accountable Care Organizations--Pathways to Success and Extreme and
Uncontrollable Circumstances Policies for Performance Year 2017, 83
FR 67816, 67823 (Dec. 31, 2018).
\91\ Id. at 67980.
---------------------------------------------------------------------------
Specifically, the Budget Act of 2018 added section 1899(m)(1)(A) of
the Act, which allows ACOs to apply to operate an ACO Beneficiary
Incentive Program. The Budget Act of 2018 also added a new subsection
(m)(2) to section 1899 of the Act, which provides clarification
regarding the general features, implementation, duration, and scope of
approved ACO Beneficiary Incentive Programs. In addition, the Budget
Act of 2018 added section 1899(b)(2)(I) of the Act, which requires ACOs
that seek to operate a beneficiary incentive program to apply to
operate the program at such time, in such manner, and with such
information as the Secretary may require.\92\
---------------------------------------------------------------------------
\92\ For additional background information on section 1899(m)
and 1899(b)(2)(I), see Medicare Program; Medicare Shared Savings
Program; Accountable Care Organizations--Pathways to Success and
Extreme and Uncontrollable Circumstances Policies for Performance
Year 2017, 83 FR 67816 (Dec. 31, 2018).
---------------------------------------------------------------------------
[[Page 55753]]
In order to implement the changes set forth in section 1899(b)(2)
and (m) of the Act, CMS added regulation text at 42 CFR 425.304(c) that
allows ACOs participating under certain two-sided models to establish
CMS-approved beneficiary incentive programs to provide incentive
payments to assigned beneficiaries who receive qualifying services.
2. ACO Beneficiary Incentives Program Statutory Exception and Proposed
Safe Harbor (1001.952(kk))
Section 50341(b) of the Budget Act of 2018, which added section
1128B(b)(3)(K) of the Act, states that ``illegal remuneration'' under
the anti-kickback statute does not include ``. . . an incentive payment
made to a Medicare fee-for-service beneficiary by an ACO under an ACO
Beneficiary Incentive Program established under subsection (m) of
section 1899, if the payment is made in accordance with the
requirements of such subsection and meets such other conditions as the
Secretary may establish.''
We propose to codify the statutory exception to the definition of
``remuneration'' at section 1128B(b)(3)(K) of the Act in our
regulations at proposed paragraph 1001.952(kk). We propose to adopt
regulatory language nearly identical to the statutory language, with
two exceptions. First, the text of the proposed safe harbor would make
it clear that an ACO may furnish incentive payments only to assigned
beneficiaries. Second, the safe harbor would modify the statutory
language stating, ``if the payment is made in accordance with the
requirements of such subsection,'' to ``if the incentive payment is
made in accordance with the requirements found in such subsection.''
Note that we do not propose the establishment of any additional safe
harbor conditions that incentive payments made by an ACO to an assigned
beneficiary under an ACO Beneficiary Incentive Program established
under section 1899(m) of the Act must satisfy.
The ACO Beneficiary Incentive Program statutory exception, found at
section 1128B(b)(3)(K) of the Act, requires that ``the payment is made
in accordance with the requirements of [section 1899(m)].'' We read
this provision to broadly incorporate all of the requirements found in
section 1899(m) as requirements of the ACO Beneficiary Incentive
Program statutory exception to the definition of ``remuneration'' under
the Federal anti-kickback statute. In other words, we believe that for
an incentive payment to satisfy the ACO Beneficiary Incentive Program
statutory exception, and the corresponding safe harbor proposed at
paragraph 1001.952(kk), all of the requirements enumerated at section
1899(m)--related both to ACO Beneficiary Incentive Programs and
incentive payments made pursuant to such programs--must, and would be
required to, be satisfied.
While section 1899(m) of the Act also includes a provision that
states, ``[t]he Secretary shall permit such an ACO to establish such a
program at the Secretary's discretion and subject to such requirements,
including program integrity requirements, as the Secretary determines
necessary,'' \93\ we do not interpret the statutory exception found at
section 1128B(b)(3)(K) of the Act to require satisfaction of any
requirements found outside of section 1899(m) (e.g., the regulatory
requirements established by CMS implementing the ACO Beneficiary
Incentive Program, found at 42 CFR 425.304(c)).\94\ In other words, OIG
interprets the statutory exception found at section 1128B(b)(3)(K) of
the Act and would interpret the corresponding safe harbor proposed at
paragraph 1001.952(kk), to require that the incentive payment is made
in accordance with the requirements found in section 1899(m) of the
Act.
---------------------------------------------------------------------------
\93\ Section 1899(m)(1)(A) of the Act.
\94\ CMS, in the final rule establishing the ACO Beneficiary
Incentive Program, determined that the ACO Beneficiary Incentive
Program required additional program integrity safeguards. CMS
included several requirements at 42 CFR 425.304(c) to help mitigate
the program integrity risks associated with ACO Beneficiary
Incentive Programs. Under 42 CFR 425.304(c)(4)(iv), for example,
ACOs are prohibited from offering an incentive payment as part of an
advertisement or solicitation to beneficiaries.
---------------------------------------------------------------------------
Given the requirements imposed on ACO Beneficiary Incentive
Programs and incentive payments made pursuant to an ACO Beneficiary
Incentive Program, found in section 1899(m), at this time, we do not
believe it is necessary to create additional conditions under the
proposed ACO Beneficiary Incentives Program safe harbor, paragraph
1001.952(kk). However, we are considering and seek comment on whether
OIG should include additional conditions in this safe harbor.
IV. Provisions of the Proposed Rule: Beneficiary Inducements CMP
Exception
This proposed rule would amend 42 CFR 1003.110 by codifying
amendments that were enacted in the Budget Act of 2018. This proposed
rule would add an exception for the provision of certain telehealth
technologies related to in-home dialysis services to the definition of
``remuneration'' applicable to the beneficiary inducements CMP, which
prohibits offering inducements to Medicare or Medicaid beneficiaries
that the offeror knows or should know are likely to influence the
selection of particular providers, practitioners or suppliers.
A. Statutory Exception for Telehealth Technologies for In-Home Dialysis
As part of the Creating High-Quality Results and Outcomes Necessary
to Improve Chronic Care Act of 2018, section 50302 of the Budget Act of
2018 amends section 1881(b)(3) of the Act to permit an individual with
ESRD receiving home dialysis to elect to receive their monthly ESRD-
related clinical assessments via telehealth, if certain other
conditions are met.\95\ Section 50302(c) of the Budget Act of 2018
creates a new exception to the definition of ``remuneration'' in the
beneficiary inducements CMP. Specifically, section 50302(c) of the
Budget Act of 2018 adds the following exception as new section
1128A(i)(6)(J) of the Act:
---------------------------------------------------------------------------
\95\ Section 50302(b) of the Budget Act of 2018 made additional
changes related to the provision of telehealth services to ESRD
patients, such as the inclusion of a renal dialysis facility and the
home of an individual as telehealth originating sites but only for
the purposes of the monthly ESRD-related clinical assessments
furnished through telehealth provided under section 1881(b)(3)(B) of
the Act. For additional information, see Medicare Program; Revisions
to Payment Policies Under the Physician Fee Schedule and Other
Revisions to Part B for CY 2019; Medicare Shared Savings Program
Requirements; Quality Payment Program; Medicaid Promoting
Interoperability Program; Quality Payment Program-Extreme and
Uncontrollable Circumstance Policy for the 2019 MIPS Payment Year;
Provisions From the Medicare Shared Savings Program-Accountable Care
Organizations-Pathways to Success; and Expanding the Use of
Telehealth Services for the Treatment of Opioid Use Disorder Under
the Substance Use-Disorder Prevention That Promotes Opioid Recovery
and Treatment (SUPPORT) for Patients and Communities Act 83 FR
59452, 59495 (Nov. 23, 2018), available at https://www.govinfo.gov/content/pkg/FR-2018-11-23/pdf/2018-24170.pdf. See also 42 CFR
410.78, 414.65.
---------------------------------------------------------------------------
The provision of telehealth technologies (as defined by the
Secretary) on or after January 1, 2019, by a provider of services or a
renal dialysis facility (as such terms are defined for purposes of
title XVIII) to an individual with end stage renal disease who is
receiving home dialysis for which payment is being made under part B of
such title, if:
[[Page 55754]]
(i) The telehealth technologies are not offered as part of any
advertisement or solicitation;
(ii) the telehealth technologies are provided for the purpose of
furnishing telehealth services related to the individual's end stage
renal disease; and
(iii) the provision of the telehealth technologies meets any other
requirements set forth in regulations promulgated by the Secretary.
This exception would be available only for telehealth technologies,
as defined below, furnished by a provider of services or a renal
dialysis facility to patients with ESRD who receive in-home dialysis
that is payable by Medicare Part B. We propose to interpret this
exception, in our proposed condition (i), to require that the
telehealth technologies be furnished to the individual by the provider
of services or the renal dialysis facility (as those terms are defined
in title XVIII of the Act) that is currently providing the in-home
dialysis, telehealth visits, or other ESRD care to the patient. The
underlying intent of this proposed condition (i) is to prevent
arrangements where providers and suppliers offer telehealth
technologies to patients with whom they do not have a prior clinical
relationship in an attempt to steer patients to a particular provider
or supplier. We seek comment on this proposed condition (i), and in
particular, any challenges this condition would create. In addition,
while we are aware of the increasing proliferation of telehealth
services, and the likely desire of other healthcare industry
stakeholders to furnish telehealth technologies to patients receiving
telehealth services, the statutory exception, and therefore, this
proposal, is limited to a subset of patients receiving in-home dialysis
and certain, enumerated providers in the statutory exception. We
further note that the provision of telehealth technologies might
qualify for protection under other existing or proposed exceptions or
safe harbors, including the proposed safe harbor for patient engagement
and support, paragraph 1001.952(hh). That being said, we seek comment
on whether we should, for purposes of the final rule, interpret the
statutory exception to apply not only to the ``provider of services or
the renal dialysis facility (as those terms are defined in tile XVIII
of the Act),'' but also suppliers, as defined in title XVIII of the
Act. We solicit comments on this issue, in recognition of the
underlying congressional intent and policy goals set forth in Section
50302(b) of the Budget Act of 2018: Expanding patient access to in-home
dialysis care, furnished by their physician.
The first criterion included in the statutory exception provides
that protected items or services may not be offered as part of any
advertisement or solicitation. We are including this requirement in our
proposed regulation at proposed condition (ii). As we have said in
other rulemakings, we propose that stakeholders interpret the terms
``advertisement'' and ``solicitation'' consistent with their common
usage in the healthcare industry.\96\
---------------------------------------------------------------------------
\96\ See, e.g., 81 FR 88368, 88373 (Dec. 7, 2016).
---------------------------------------------------------------------------
The second criterion included in the statutory exception requires
the telehealth technologies to be provided for the purpose of
furnishing telehealth services related to the individual's ESRD. At
proposed condition (iii), we propose to interpret ``for the purpose of
furnishing telehealth services related to the individual's end stage
renal disease'' to mean that the technology contributes substantially
to the provision of telehealth services related to the individual's
ESRD, is not of excessive value, and is not duplicative of technology
that the beneficiary already owns if that technology is adequate for
the telehealth purposes. We would consider technology to be of
excessive value if the retail value of the technology is substantially
more than is required for the telehealth purpose. For example, if a
readily available $300 smartphone would adequately run the telehealth
technology, the safe harbor would not protect a donation of a $600
smartphone. To ensure that this proposed safe harbor protects the
provision of telehealth technologies ``for the purpose of furnishing
telehealth services related to the individual's end stage renal
disease'' and not to induce referrals, we are also considering for the
final rule, and seek comment on, a condition that would require the
provider or facility to retain ownership of any hardware and make
reasonable efforts to retrieve the hardware once the beneficiary no
longer needs it for the permitted telehealth purposes (such that the
hardware is loaned to the beneficiary).
We remain concerned that the provision of telehealth technology
with substantial independent value to the beneficiary might serve to
induce the beneficiary to choose a particular provider or facility. We
are considering, and solicit comments about, whether the final rule
should interpret ``for the purpose of furnishing telehealth services
related to the individual's end stage renal disease'' in a more
restrictive manner. For example, we are considering for the final rule
and seek comments on whether the exception should protect telehealth
technologies that provide the beneficiary with no more than a de
minimis benefit for any purpose other than furnishing telehealth
services related to the individual's ESRD. We also are considering for
the final rule and seek comments on another standard that would protect
telehealth technologies only when furnished predominantly for the
purpose of furnishing telehealth services related to the individual's
ESRD.
We propose to interpret ``telehealth services related to the
individual's end stage renal disease'' to mean only those telehealth
services paid for by Medicare Part B. CMS maintains a list of services
payable under the Medicare Physician Fee Schedule when furnished via
telehealth. We solicit comments on this interpretation.
The statutory exception's third criterion allows the Secretary to
develop additional requirements not specified in the statutory
exception and requires the Secretary to define ``telehealth
technologies.'' Below we propose a definition of ``telehealth
technologies'' and further enumerate requirements under the new
exception to the definition of ``remuneration'' for the beneficiary
inducements CMP.
B. Additional Proposed Conditions for the Telehealth Technologies
Exception
Under proposed condition (iv), a person must not bill Federal
health care programs, other payors, or individuals for the telehealth
technologies, claim the value of the item or service as a bad debt for
payment purposes under a Federal health care program, or otherwise
shift the burden of the value of the telehealth technologies onto a
Federal health care program, other payors, or individuals. This
proposed requirement is designed to protect against the telehealth
technologies resulting in inappropriately increased costs to Federal
health care programs, other payors, and patients. In this requirement,
we propose to prohibit claiming the cost of the telehealth technologies
and any operational costs attendant to providing telehealth
technologies as bad debt for payment purposes under Medicare or a State
healthcare program or otherwise shifting the burden of the cost of the
telehealth technologies and any operational costs attendant to the
provision of patient incentives to Medicare, a State healthcare
program, other payors, or individuals. We seek comments on this
proposed condition.
[[Page 55755]]
C. Defining Telehealth Technologies
We propose to define ``telehealth technologies'' for the purposes
of the definition of the term ``remuneration'' as set forth in 42 CFR
1003.110 and the telehealth technologies exception to section 50302(c)
of the Budget Act of 2018. In proposing such definition, we consulted
with CMS and solicited comments in the OIG RFI regarding how OIG should
define ``telehealth technologies'' and if the definition should include
``services.'' Based on the collective input we received, we propose to
adopt, as part of our definition of ``telehealth technologies,'' the
definition of ``interactive telecommunications system'' found at 42 CFR
410.78. Under 42 CFR 410.78, Medicare Part B pays for covered
telehealth services included on the telehealth list when furnished
using an ``interactive telecommunications system'' if certain
conditions are met. 42 CFR 410.78(a)(3) defines an ``interactive
telecommunications system'' to mean ``multimedia communications
equipment that includes, at a minimum, audio and video equipment
permitting two-way, real-time interactive communication between the
patient and distant site physician or practitioner. Telephones,
facsimile machines, and electronic mail systems do not meet the
definition of an interactive telecommunications system.''
For the purposes of this exception, we propose to define
``telehealth technologies'' as the following: ``multimedia
communications equipment that includes, at a minimum, audio and video
equipment permitting two-way, real-time interactive communication
between the patient and distant site physician or practitioner used in
the diagnosis, intervention or ongoing care management--paid for by
Medicare Part B--between a patient and the remote healthcare provider.
Telephones, facsimile machines, and electronic mail systems do not meet
the definition of `telehealth technologies.' '' For the purposes of our
definition of ``telehealth technologies,'' smart phones that allow for
two-way, real-time interactive communication through secure, video
conferencing applications would not be considered ``telephones.'' We
solicit comments this definition, and are interested in comments that
explain whether, and why, this definition would be too narrow, or too
broad, and elaborate upon any attendant risks of fraud and abuse
associated with the adoption of this definition. We also solicit
comments on whether ``[t]elephones, facsimile machines, and electronic
mail systems,'' as used in in 42 CFR 410.78(a)(3), should be excluded
from our definition of ``telehealth technologies.'' We are also
considering for the final rule, and seek comment on, whether to define
``telehealth technologies'' to include technologies such as software, a
webcam, data plan, or broadband internet access that facilitates the
telehealth encounter. This might include, for example, software that
allows a patient to use his or her existing smartphone, tablet, or
computer to receive telehealth consultations. We are interested in
comments on whether and how broadening the exception to include these
kinds of technologies might impact access to medically necessary care
for beneficiaries. We are further interested in comments on whether
such broadening would create an undue risk of remuneration that would
inappropriately steer beneficiaries to particular providers or
suppliers to obtain federally reimbursable items and services, and
whether there would be limitations or conditions on the provision of
telehealth technologies that we could include in an exception to curb
potential abuses, such as a limitation on the value of the remuneration
(e.g., a cap on the retail value of the telehealth technologies
furnished, such as $100, $200, $500, or another amount that would be of
sufficient magnitude to protect the most beneficial arrangements while
also preventing the most abusive ones).
D. Other Potential Safeguards
1. Consistent Provision of Telehealth Technologies
In addition to the proposed conditions set forth above, we are
considering for the final rule and seek comment on whether, as a
condition of safe harbor protection, parties should be prohibited from
discriminating in the offering of telehealth technologies. Such a safe
harbor condition would require providers and renal dialysis facilities
to provide the same telehealth technologies to any Medicare Part B
eligible patient receiving in-home dialysis, or to otherwise
consistently offer telehealth technologies to all patients satisfying
specified, uniform criteria. This potential condition could reduce the
likelihood that telehealth technologies would be offered selectively
based on whether the patient generates other billable business for the
provider or facility. We solicit comments on this issue. In particular,
we are interested in understanding whether this proposed safeguard
would limit providers of services' or renal dialysis facilities'
ability to offer incentives due to the potential cost of furnishing the
incentive to all qualifying patients rather than a smaller subset.
Similarly, we are interested in why offering remuneration to a smaller
subset of qualifying patients might be appropriate and not increase the
risk of fraud and abuse.
2. Necessary Technology
For purposes of the final rule, we are considering allowing a
person to furnish telehealth technologies under the safe harbor only
after making a good faith determination that the individual to whom the
technology is furnished does not already have the necessary telehealth
technology, and that such technology is necessary for the telehealth
services provided. For instance, if an application on a patient's
existing phone would be sufficient, but the patient is furnished a new
tablet, this would be considered duplicative or unnecessary. Should the
recipient already possess technology that allows the telehealth visit
to occur, we are concerned that a person may furnish additional
valuable or duplicative technology for inappropriate purposes (e.g., to
induce a patient to select a particular provider for in-home dialysis,
or to seek other items and services from that provider). We seek
comment on this potential safeguard. We also are considering, and seek
comment regarding, a condition in the final rule that would require the
person who furnishes the telehealth technologies to take reasonable
steps to limit the use of the telehealth technologies by the individual
to the telehealth services described on the Medicare telehealth list.
3. Notice to Patients
One commenter to the OIG RFI noted that patients may be confused by
the technology, or the reason they are receiving a piece of technology,
and unaware of costs associated with telehealth visits. We are
considering adding in the final rule a condition that requires
providers or facilities to provide a written explanation of the reason
for the technology and any potential ``hidden'' costs associated with
the telehealth services to any patient who elects to receive telehealth
technology. We solicit comments on these perceived risks to patients,
and whether to include a written notice requirement in the final rule,
and if so, what that notice should state.
4. Patient Freedom of Choice
We also are considering finalizing a condition that is designed to
preserve patient freedom of choice among
[[Page 55756]]
healthcare providers and the manner in which he or she receives
dialysis services under arrangements that would use the proposed
exception. In particular, we are considering a condition in the
exception that would require offerors of telehealth technologies to
advise patients when they receive such technology that they retain the
freedom to choose any provider or supplier of dialysis services and to
receive dialysis in any appropriate setting. We are also concerned that
some patients may be persuaded to opt for telehealth visits due to the
generous telehealth technologies and services being offered, rather
than clinical appropriateness. We solicit comments on including this
potential safeguard, and whether adding freedom of choice language to a
patient notification would reduce this concern.
5. Materials and Records Requirement
The proposed exception would not include a materials and records or
other documentation requirement given the somewhat narrow scope of the
remuneration that would be excepted from the definition of
``remuneration'' and consistent with other exceptions to the definition
of ``remuneration'' set forth in 42 CFR 1003.110. We solicit comments
on this approach and any fraud and abuse risks presented by not
including a condition related to materials and records.
V. Regulatory Impact Statement
As set forth below, we have examined the impact of this proposed
rule as required by Executive Order 12866, the Regulatory Flexibility
Act (RFA) of 1980, the Unfunded Mandates Reform Act of 1995, Executive
Order 13132, and Executive Order 13771. We provide additional
supporting analyses in sections F, G, and H.
A. Executive Order 12866
Executive Order 12866 directs agencies to assess all costs and
benefits of available regulatory alternatives and if regulations are
necessary, to select regulatory approaches that maximize net benefits
(including potential economic, environmental, public health and safety
effects; distributive impacts; and equity). A regulatory impact
analysis must be prepared for major rules with economically significant
effects (i.e., $100 million or more in any given year). This proposed
rule would codify a new CMP exception and implement new or revised
anti-kickback statute safe harbors. The vast majority of providers and
Federal health care programs would be minimally impacted from an
economic perspective, if at all, by these proposed revisions. The
changes to the safe harbors and CMP exceptions would allow providers to
enter into certain beneficial arrangements. In doing so, this
regulation would impose no requirements on any party. Providers would
be allowed to voluntarily seek to comply with these provisions so that
they would have assurance that participating in certain arrangements
would not subject them to liability under the anti-kickback statute and
the beneficiary inducements CMP. These safe harbors and exceptions
facilitate providers' ability to provide important healthcare and
related services to communities in need. We believe that the aggregate
economic impact of the changes to these regulations would be minimal
and would have no effect on the economy or on Federal or State
expenditures. Accordingly, we believe that the likely aggregate
economic effect of these regulations would be significantly less than
$100 million. However, this rule is considered significant under
Executive Order 12866. Notwithstanding our determination that the
aggregate economic impact of the changes to these regulations would be
minimal and would have no effect on the economy or on Federal or State
expenditures, we solicit comments on whether stakeholders believe there
would be increases or decreases in utilization or costs savings or
expenses to the Government as a result of this proposed rule. We are
interested in potential behavioral changes as well.
B. Regulatory Flexibility Act
The RFA and the Small Business Regulatory Enforcement and Fairness
Act of 1996, which amended the RFA, require agencies to analyze options
for regulatory relief of small businesses. For purposes of the RFA,
small entities include small businesses, nonprofit organizations, and
Government agencies. Most providers are considered small entities by
having revenues of $7 million to $35.5 million or less in any one year.
For purposes of the RFA, most physicians and suppliers are considered
small entities. We estimate the changes to the CMP exceptions and the
anti-kickback statute safe harbors would not significantly affect small
providers, as these changes would not impose any requirement on any
party. As a result, we have concluded that this proposed rule likely
will not have a significant impact on a substantial number of small
providers and that a regulatory flexibility analysis is not required
for this rulemaking. In addition, section 1102(b) of the Act requires
us to prepare a regulatory impact analysis if a rule under Titles XVIII
or XIX or section B of Title XI of the Act may have a significant
impact on the operations of a substantial number of small rural
hospitals. For the reasons stated above, we do not believe that any
provisions or changes finalized here would have a significant impact on
the operations of rural hospitals. Thus, an analysis under section
1102(b) of the Act is not required for this rulemaking.
C. Unfunded Mandates Reform Act
Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law
104-4, also requires that agencies assess anticipated costs and
benefits before issuing any rule that may result in expenditures in any
one year by State, local, or Tribal Governments, in the aggregate, or
by the private sector, of $100 million, adjusted for inflation. We
believe that no significant costs would be associated with these
proposed revisions that would impose any mandates on State, local, or
Tribal Governments or the private sector that would result in an
expenditure of $154 million (after adjustment for inflation) in any
given year.
D. Executive Order 13132
Executive Order 13132 establishes certain requirements that an
agency must meet when it promulgates a rule that imposes substantial
direct requirements or costs on State and local Governments, preempts
State law, or otherwise has Federalism implications. In reviewing this
rule under the threshold criteria of Executive Order 13132, we have
determined that this proposed rule would not significantly affect the
rights, roles, and responsibilities of State or local Governments.
E. Executive Order 13771
Executive Order 13771 (January 30, 2017) requires that the costs
associated with significant new regulations ``to the extent permitted
by law, be offset by the elimination of existing costs associated with
at least two prior regulations.'' This proposed rule has been
designated a significant regulatory action as defined by Executive
Order 12866 but imposes no more than de minimis costs. The designation
of this rule, if finalized, will be informed by public comments
received; however, this proposed rule, if finalized as proposed, would
be neither a regulatory nor a deregulatory action under Executive Order
13771.
F. Statement of Need
The Department has identified the broad reach of the Federal anti-
kickback
[[Page 55757]]
statute and beneficiary inducements CMP as potentially inhibiting
beneficial arrangements that would advance the ability of providers,
suppliers, and others to transition more effectively and efficiently to
value-based care and to better coordinate care among providers,
suppliers, and others in both the Federal health care programs and
commercial sectors. Industry stakeholders have informed us that,
because the consequences of potential noncompliance with the Federal
anti-kickback statute and beneficiary inducements CMP could be
significant, providers, suppliers, and others may be discouraged from
entering into innovative arrangements that could improve quality
outcomes, produce health system efficiencies, and lower healthcare
costs (or slow their rate of growth). To the extent providers are
discouraged from entering into these innovative arrangements, patient
care may not be provided as efficiently as possible. In addition, the
potential consequences of noncompliance with these statutes may impede
the ability of providers, suppliers, and others, including small
providers and suppliers or those serving rural or medically underserved
populations, to raise capital to invest in the transition to value-
based care or to obtain infrastructure necessary to coordinate patient
care, including technology. This unnecessarily slows the transition
toward more efficient patient care. This proposed rule attempts to
address these concerns by removing unnecessary impediments to the
transformation of the healthcare system into one that better pays for
and delivers value.
To remove regulatory barriers to care coordination and support
value-based arrangements, we faced the challenge of designing safe
harbor protections for emerging healthcare arrangements, the optimal
form, design, and efficacy of which remain unknown or unproven. These
arrangements will be driven by the determinations and experiences of a
wide range of providers, suppliers, and others as they innovate in
delivering value-based care. This challenge is further complicated by
the substantial variation in care coordination and value-based
arrangements contemplated by the healthcare industry and others
(meaning that one-size-fits-all safe harbor designs may not be
optimal), variation among patient populations and provider
characteristics, emerging health technologies and data capabilities,
the still-developing science of quality and performance measurement,
and our desire not to chill beneficial innovations.
It is difficult to gauge the effects of this regulatory action in a
rapidly evolving and diverse healthcare ecosystem of substantial
innovation, experimentation, and deployment of technology and digital
data. For example, it is difficult to gauge reductions in wasteful
healthcare spending and improved health outcomes as a result of new
arrangements made possible by this proposed rule. It is also difficult
to quantify savings or losses that could occur as a result of new
fraudulent or abusive conduct that could increase costs or lead to poor
outcomes as a result of new arrangements. In some cases, innovations
and the availability of more actionable, transparent data may enhance
program integrity and protect against fraud and abuse, reducing costs
and increasing benefits. There is a compelling concern that uncertainty
and regulatory barriers under current regulations could prevent the
best and most efficacious innovations from emerging and being tested in
the marketplace. Our goal is to finalize safe harbors that protect
arrangements that foster beneficial arrangements and promote value,
while also protecting programs and beneficiaries against harms cause by
fraud and abuse.
G. Anticipated Effects
This proposed rule would add a new CMP exception and anti-kickback
statute safe harbors and modify existing anti-kickback statute safe
harbors. Specifically, we propose to add several new safe harbor
protections for certain value-based arrangements, including care
coordination arrangements, arrangements with varying levels of downside
financial risk, as well as outcomes-based payment arrangements, and
protection for certain remuneration provided to Federal health care
program beneficiaries in the form of incentives and supports.
We anticipate that the proposed rule would have potential relevance
to the majority of the types of providers and suppliers participating
in Federal health care programs and others in commercial sectors, as
well as the Federal health care programs and Federal health care
program beneficiaries. We note that certain categories of providers,
suppliers, and others are not eligible to use the proposed rule:
Pharmaceutical manufacturers; manufacturers, distributors, and
suppliers of DMEPOS; and laboratories. To estimate the number of
providers and suppliers affected by this rule, we use US Census data.
According to the US Census, there were 7,370 medical, dental, and
hospital equipment and supplies merchant wholesaler firms; 482,522
ambulatory healthcare service firms; 3,293 hospital firms; and 9,153
nursing care facility firms operating in the US in 2015.\97\ We request
public comment on the entities affected by the rule.
---------------------------------------------------------------------------
\97\ U.S. Census Bureau, 2015 SUSB Annual Data Tables by
Establishment Industry, https://www.census.gov/data/tables/2015/econ/susb/2015-susb-annual.html.
---------------------------------------------------------------------------
We anticipate that a growing proportion of such providers and
suppliers would be interested in reviewing and using these voluntary
rules over time. Because compliance with safe harbors and CMP
exceptions is voluntary and an arrangement need not fit in a safe
harbor or exception to be legal, we anticipate that not all providers
and suppliers would review the new regulations and use them. We
estimate that 5 percent of affected entities that would be eligible to
use the proposed rules may be interested in exploring value-based
arrangements made possible by the rule in each of the first 10 years
following publication of the final rule, leading those entities to
review the rule. We estimate that reviewing the final rule will require
an average of one hour of time each from a compliance officer and a
lawyer. To estimate the costs associated with this review, we use a
2018 wage rate of $34.86 for compliance officers and $69.34 for lawyers
from the Bureau of Labor Statistics,\98\ and we double those wages to
account for overhead and benefits. As a result, we estimate total
regulatory review costs of $5.2 million in each of the first 10 years
following finalization of the rule. We note that these costs are
divided among approximately 25,000 entities each year, and therefore
should be considered de minimis from the perspective of affected
entities. We seek public comment on these assumptions.
---------------------------------------------------------------------------
\98\ U.S. Department of Labor, Bureau of Labor Statistics, May
2018 National Occupational Employment and Wage Estimates United
States, https://www.bls.gov/oes/2018/may/oes_nat.htm.
---------------------------------------------------------------------------
The Department does not collect data regarding the number of
providers, suppliers, and other individuals and entities that have
entered into an arrangement that meets an existing safe harbor.
Compliance with safe harbors is voluntary, and generally the question
whether an arrangement complies with a safe harbor arises in the
context of a defense raised by a defendant in an enforcement matter.
Therefore, we cannot quantify with certainty the number of arrangements
or number of healthcare providers, suppliers, and others who may avail
themselves of these protections. For this reason, it is
[[Page 55758]]
difficult, if not impossible, to assess the costs and benefits of these
proposals, and to estimate changes in the number of arrangements that
meet new or existing safe harbors. We seek public comment on the effect
of this rule on changes in the number of agreements or arrangements
that meet new or existing safe harbors.
Many affected providers and suppliers currently incur costs related
to structuring arrangements to comply with existing fraud and abuse
laws. While these proposals may not result in a reduction in
compliance-related costs, we do not expect this rulemaking to increase
total incremental costs. Rather, we expect that providers and suppliers
interested in taking advantage of these new arrangements in order to
more efficiently deliver care will shift resources currently devoted to
complying with existing requirements to create and analyze new
arrangements under these proposals. By way of example only, should a
hospital expend resources to review--from a Federal anti-kickback
statute perspective--a financial arrangement with a skilled nursing
facility, any newly promulgated or revised safe harbors would be
unlikely to change the amount of resources necessary to conduct such a
review. As another example, should a hospital already document--by a
written agreement--any financial arrangement with a skilled nursing
facility, any newly promulgated or revised safe harbors would be
unlikely to change the amount of resources necessary to enter into that
written agreement. We seek public comment on these assumptions.
We also propose to add or revise safe harbor protections under the
Federal anti-kickback statute for donations of cybersecurity
technology, EHR arrangements, warranties, and local transportation. The
new proposed safe harbor for cybersecurity technology and related
services would be available to any provider, supplier, or other
individual or entity. We expect broad use of this proposed safe harbor,
with reduced costs for smaller and less well-equipped providers and
overall savings for the national health system in reduced costs from
cyberattacks, ransomware, and similar threats. Proposed modifications
to the EHR safe harbor are modest and would clarify that protection for
certain cybersecurity technology is included as part of an electronic
health records arrangement, update provisions regarding
interoperability to align with newer CMS and ONC standards in a manner
that is not expected to increase costs as a result of this rulemaking
and remove the sunset date. The EHR safe harbor would continue to be
available to health plans and any individuals or entities, other than
laboratories, that provide services covered by, and submit claims or
requests for payment to, a Federal health care program. We would expect
the same entities that are currently using the EHR safe harbor to
continue to use the safe harbor with minimal, if any, additional
regulatory review or compliance costs above current levels. We seek
public comment on these assumptions.
We propose to modify the existing local transportation safe harbor
slightly to expand mileage limits for rural areas and for
transportation for discharged patients. This would primarily expand
protection under the AKS for hospitals and physician practices in rural
areas voluntarily to transport patients to necessary medical
appointments or to their homes following a hospital stay. We anticipate
no incremental regulatory costs to hospitals or others from the
proposed rule, which changes only the distance traveled and no other
regulatory requirements. This safe harbor would continue to be
available only to established patients and eligible entities, which do
not include individuals or entities (or family members or others acting
on their behalf) that primarily supply healthcare items.
Further, the proposed rule would add a new safe harbor to protect
certain arrangements and patient incentives provided by and among
parties participating in CMS-sponsored models. CMS and OIG
collectively, and OIG individually, have issued fraud and abuse waivers
for 14 of these models. This proposed safe harbor would reduce the need
for issuance of waivers, saving OIG 1,040 employee hours per year.
We expect that CMS, including the Innovation Center, will continue
to test these models and others in the future. The purpose of this safe
harbor is to streamline participation in existing and future CMS-
sponsored models to reduce complexity and the administrative burden on
participants that seek protection under the fraud and abuse laws while
participating in a CMS-sponsored model. Although we cannot calculate
the number of arrangements that CMS-sponsored model participants and
CMS-sponsored model parties would undertake in the future, we expect
this proposal would reduce the burden of documentation and the time,
effort, and financial resources necessary to implement CMS-sponsored
model arrangements and to provide CMS-sponsored model patient
incentives. The proposal also would result in uniform requirements
under the anti-kickback statute and beneficiary inducements CMP for
those models that qualify, further reducing burden on entities, such as
hospitals and physician practices, that participate in multiple models
that currently have different conditions for each waiver. We seek
public comment on the extent to which these provisions will affect
these models.
Finally, the proposed rule would add a new safe harbor related to
beneficiary incentives under the Medicare Shared Savings Program and a
new CMP exception for certain telehealth technologies offered to
patients receiving in-home dialysis, pursuant to the Budget Act of
2018. Although we cannot calculate the number of ACOs and their
participants who would enter into arrangements that may qualify for
protection under this safe harbor, we believe that this regulatory
action would not create incremental costs for ACOs because it would
reduce the amount of compliance resources ACOs currently use to provide
beneficiary incentives. For example, we believe this action would
reduce time, effort, and financial resources ACOs typically would incur
to provide these beneficiary incentives under the applicable fraud and
abuse waivers. We believe that the proposed telehealth technologies
exception would reduce barriers to the use of in-home dialysis and
could encourage increased use of home dialysis for beneficiaries. This
could result in increased use of in-home dialysis for patients who
would benefit relative to other treatment options. Ultimately, this
could result in improved quality of care for beneficiaries with end-
stage renal disease and overall cost savings to Federal health care
programs because dialysis providers will have certainty that their
arrangements will not result in CMP liability. This will also reduce
burden by eliminating unnecessary travel costs for patients where in-
home dialysis is more appropriate. We do not anticipate that this
proposed rule will add any incremental costs to the regulatory costs
dialysis providers already incur to comply with the new program rules
under the Budget Act of 2018 because our requirements closely track CMS
program rules. We seek public comment on the proposed rule's effects on
in-home dialysis.
Given the information we have, including comments we received from
the OIG RFI, we believe these proposals present the best approach to
removing potential barriers to designing care coordination and other
value-based arrangements that result in greater efficiency and improved
care outcomes,
[[Page 55759]]
while minimizing the potential for the costs associated with fraud,
waste, and abuse. We believe that the proposed rule would, on average,
result in a net benefit to the healthcare industry, beneficiaries, and
Federal health care programs and could alleviate the concerns expressed
above. We believe there would be no incremental costs to providers and
suppliers that already spend resources reviewing arrangements for
compliance with fraud and abuse laws. Moreover, by adding flexibility
to engage in certain innovative business arrangements without risk of
liability under the statutes, we believe that these proposed
regulations reduce the stringency of the existing regulatory scheme as
it would otherwise apply to certain value-based arrangements; in
addition, by offering new pathways to protect value-based arrangements,
the proposed regulations would reduce inefficient behaviors,
particularly industry behaviors that drive volume-based healthcare.
We would benefit from public input and information during the
comment period regarding whether these proposals likely would have a
net benefit on the industry and whether different or modified proposals
would better facilitate the goals outlined in this proposed rule.
H. Alternatives Considered
We carefully considered the option of not pursuing regulatory
action. However, based on comments to the OIG RFI, responses to OIG's
annual Solicitation of New Safe Harbors and Special Fraud Alerts, and
other industry feedback, we believe a need for regulatory reform exists
in order to provide stakeholders with the flexibility necessary for
innovative care delivery and payment redesign.
We also considered several other alternative approaches to the
proposed safe harbors, revisions to safe harbors, and proposed
exception as explained in great detail in the preceding preamble. For
example, our proposals endeavor to distinguish between beneficial care
coordination arrangements and payment-for-referral schemes that do not
serve, and may be contrary to, the goals of coordinated care and the
shift to value. We considered, and would benefit from public comment
on, the benefits of our proposals and efficient ways we may distinguish
payments to reward or induce referrals from remuneration provided to
promote or support legitimate care coordination activities.
We also considered not using the value-based terms, definitions,
and framework for proposed safe harbors (ee), (ff), (gg), and (hh), but
we concluded that the fraud and abuse risks of protecting arrangements
without the guardrails created by the value-based framework were too
high. We believe these risks are significant because our proposed safe
harbors in (ee) and (hh) could potentially protect arrangements under
which providers and suppliers are paid on a fee-for-service basis by
Medicare, which rewards the volume of services performed and items
furnished.
VI. Paperwork Reduction Act
This document does not impose information collection and
recordkeeping requirements. Consequently, it need not be reviewed by
the Office of Management and Budget under the authority of the
Paperwork Reduction Act of 1995.
List of Subjects
42 CFR Part 1001
Administrative practice and procedure, Fraud, Grant programs--
health, Health facilities, Health professions, Maternal and child
health, Medicaid, Medicare, Social Security.
42 CFR Part 1003
Fraud, Grant programs--health, Health facilities, Health
professions, Medicaid, Reporting and recordkeeping.
For the reasons set forth in the preamble, the Office of Inspector
General, Department of Health and Human Services, proposes to amend 42
CFR parts 1001 and 1003 as follows:
PART 1001--PROGRAM INTEGRITY--MEDICARE AND STATE HEALTH CARE
PROGRAMS
0
1. The authority citation for part 1001 continues to read as follows:
Authority: 42 U.S.C. 1302, 1320a-7, 1320a-7a, 1320a-7b, 1320a-
7d, 1395u(j), 1395u(k), 1395w-104(e)(6), 1395y(d), 1395y(e),
1395cc(b)(2)(D), (E) and (F), and 1395hh; and sec. 2455, Pub. L.
103-355, 108 Stat. 3327 (31 U.S.C. 6101 note).
0
2. Section 1001.952 is amended by:
0
a. Revising paragraphs (d), (g) introductory text, (g)(1), (g)(3)(i),
and (g)(4);
0
b. Adding paragraphs (g)(5) and (6) before the undesignated text at the
end of paragraph (g);
0
c. Designating the undesignated text at the end of paragraph (g) as
paragraph (g)(7) and revising it;
0
d. Revising paragraph (y) introductory text, the second sentence of
paragraph (y)(2), and paragraph (y)(3);
0
e. Removing and reserving paragraphs (y)(7) and (13);
0
f. Designating the note to paragraph (y) as paragraph (y)(14) and
revising it;
0
g. Revising paragraphs (bb)(1)(iv)(B) and (bb)(2)(iii);
0
h. Designating the note to paragraph (bb) as paragraph (bb)(3) and
revising it;
0
i. Adding reserved paragraphs (cc) and (dd); and
0
j. Adding paragraphs (ee), (ff), (gg), (hh), (ii), (jj), and (kk).
The revisions and additions read as follows:
Sec. 1001.952 Exceptions.
* * * * *
(d) Personal services and management contracts and outcomes-based
payment arrangements.
(1) As used in section 1128B of the Act, ``remuneration'' does not
include any payment made by a principal to an agent as compensation for
the services of the agent, as long as all of the following standards
are met:
(i) The agency agreement is set out in writing and signed by the
parties.
(ii) The agency agreement covers all of the services the agent
provides to the principal for the term of the agreement and specifies
the services to be provided by the agent.
(iii) The term of the agreement is not less than 1 year.
(iv) The methodology for determining the compensation paid to the
agent over the term of the agreement is set in advance, is consistent
with fair market value in arm's-length transactions and is not
determined in a manner that takes into account the volume or value of
any referrals or business otherwise generated between the parties for
which payment may be made in whole or in part under Medicare, Medicaid,
or other Federal health care programs.
(v) The services performed under the agreement do not involve the
counseling or promotion of a business arrangement or other activity
that violates any State or Federal law.
(vi) The aggregate services contracted for do not exceed those
which are reasonably necessary to accomplish the commercially
reasonable business purpose of the services.
(2) As used in section 1128B of the Act, ``remuneration'' does not
include any outcomes-based payment as long as all of the standards in
paragraphs (d)(2)(i) through (ix) of this section are met:
(i) The outcomes-based payment is made between or among parties
that are collaborating to:
(A) Measurably improve (or maintain improvement in) quality of
patient care; or
(B) Appropriately and materially reduce costs to, or growth in
expenditures of, payors while improving, or maintaining the improved,
quality of care for patients.
[[Page 55760]]
(ii) To receive an outcomes-based payment, the agent satisfies one
or more specific evidence-based, valid outcome measures that are:
(A) Related to:
(1) Measurably improving, or maintaining the improved, quality of
patient care;
(2) Appropriately and materially reducing costs to, or growth in
expenditures of, payors while improving, or maintaining the improved
quality of care for patients; or
(3) Both; and
(B) Selected based upon clinical evidence or credible medical
support.
(iii) The methodology for determining the aggregate compensation
(including any outcomes-based payments) paid between or among the
parties over the term of the agreement is: Set in advance; commercially
reasonable; consistent with fair market value; and not determined in a
manner that directly takes into account the volume or value of any
referrals or business otherwise generated between the parties for which
payment may be made in whole or in part by a Federal health care
program.
(iv) The agreement neither limits any party's ability to make
decisions in their patients' best interest nor induces any party to
reduce or limit medically necessary items or services.
(v) The term of the agreement is not less than 1 year.
(vi) The services performed under the agreement do not involve the
counseling or promotion of a business arrangement or other activity
that violates any State or Federal law.
(vii) For each outcome measure under the agreement, the parties:
(A) Regularly monitor and assess the agent's performance, including
the impact of the outcomes-based payment arrangement on patient quality
of care; and
(B) Periodically rebase during the term of the agreement, to the
extent applicable.
(viii) The parties set forth in a signed writing, in advance of, or
contemporaneous with, the commencement of the terms of the outcomes-
based payment arrangement. The writing states, at a minimum: The
services to be performed by the parties for the term of the agreement;
the outcome measure(s) the agent must satisfy to receive an outcomes-
based payment; the clinical evidence or credible medical support relied
upon by the parties to select the outcome measure(s); and the schedule
for the parties to regularly monitor and assess the outcome measure(s).
(ix) The principal has policies and procedures to promptly address
and correct identified material performance failures or material
deficiencies in quality of care resulting from the outcomes-based
payment arrangement.
(3) For purposes of this paragraph (d):
(i) An agent of a principal is any person, other than a bona fide
employee of the principal, who has an agreement to perform services
for, or on behalf of, the principal.
(ii) Outcomes-based payments are limited to payments from a
principal to an agent that:
(A) Reward the agent for improving (or maintaining improvement in)
patient or population health by achieving one or more outcome measures
that effectively and efficiently coordinate care across care settings;
or
(B) Achieve one or more outcome measures that appropriately reduce
payor costs while improving, or maintaining the improved quality of
care for patients.
(iii) Outcomes-based payments exclude any payments:
(A) Made, directly or indirectly, by a pharmaceutical manufacturer;
a manufacturer, distributor, or supplier of durable medical equipment,
prosthetics, orthotics, or supplies; or a laboratory; or
(B) That relate solely to the achievement of internal cost savings
for the principal.
* * * * *
(g) Warranties. As used in section 1128B of the Act,
``remuneration'' does not include any payment or exchange of anything
of value under a warranty provided by a manufacturer or supplier of one
or more items and services (provided the warranty covers at least one
item) to the buyer (such as a healthcare provider or beneficiary) of
the items and services, as long as the buyer complies with all of the
following standards in paragraphs (g)(1) and (2) of this section and
the manufacturer or supplier complies with all of the following
standards in paragraphs (g)(3) through (6) of this section:
(1) The buyer (unless the buyer is a Federal health care program
beneficiary) must fully and accurately report any price reduction of an
item or service (including a free item or service) that was obtained as
part of the warranty, in the applicable cost reporting mechanism or
claim for payment filed with the Department or a State agency.
* * * * *
(3) * * *
(i) The manufacturer or supplier must fully and accurately report
any price reduction of an item or service (including free items and
services) that the buyer obtained as part of the warranty on the
invoice or statement submitted to the buyer and inform the buyer of its
obligations under paragraphs (g)(1) and (2) of this section.
* * * * *
(4) The manufacturer or supplier must not pay any remuneration to
any individual (other than a beneficiary) or entity for any medical,
surgical, or hospital expense incurred by a beneficiary other than for
the cost of the items and services subject to the warranty.
(5) If a manufacturer or supplier offers a warranty for more than
one item or one or more items and related services, the federally
reimbursable items and services subject to the warranty must be
reimbursed by the same Federal health care program and in the same
Federal health care program payment.
(6) The manufacturer or supplier must not condition a warranty on a
buyer's exclusive use of, or a minimum purchase of, any of the
manufacturer's or supplier's items or services.
(7) For purposes of this paragraph (g), the term warranty means:
(i) Any written affirmation of fact or written promise made in
connection with the sale of an item or bundle of items, or services in
combination with one or more related items, by a manufacturer or
supplier to a buyer, which affirmation of fact or written promise
relates to the nature of the quality or workmanship and affirms or
promises that such quality or workmanship is defect free or will meet a
specified level of performance over a specified period of time;
(ii) Any undertaking in writing in connection with the sale by a
manufacturer or supplier of an item or bundle of items, or services in
combination with one or more related items, to refund, repair, replace,
or take other remedial action with respect to such item or bundle of
items in the event that such item or bundle of items, or services in
combination with one or more related items, fails to meet the
specifications set forth in the undertaking, which written affirmation,
promise, or undertaking becomes part of the basis of the bargain
between a seller and a buyer for purposes other than resell of such
item or bundle of items; or
(iii) A manufacturer's or supplier's agreement to replace another
manufacturer's or supplier's defective item or bundle of items (which
is covered by an agreement made in accordance with this paragraph (g)),
on terms equal to the agreement that it replaces.
* * * * *
(y) Electronic health records items and services. As used in
section 1128B
[[Page 55761]]
of the Act, ``remuneration'' does not include nonmonetary remuneration
(consisting of items and services in the form of software or
information technology and training services, including certain
cybersecurity software and services) necessary and used predominantly
to create, maintain, transmit, receive, or protect electronic health
records, if all of the conditions in paragraphs (y)(1) through (13) of
this section are met:
* * * * *
(2) * * * For purposes of this paragraph (y)(2), software is deemed
to be interoperable if, on the date it is provided to the recipient, it
is certified by a certifying body authorized by the National
Coordinator for Health Information Technology to electronic health
record certification criteria identified in 45 CFR part 170.
(3) The donor (or any person on the donor's behalf) does not engage
in a practice constituting information blocking, as defined in 45 CFR
part 171, in connection with the donated items or services.
* * * * *
(7) [Reserved]
* * * * *
(13) [Reserved]
* * * * *
(14) For purposes of this paragraph (y), the following definitions
apply:
(i) Cybersecurity means the process of protecting information by
preventing, detecting, and responding to cyberattacks;
(ii) Health plan shall have the meaning set forth at Sec.
1001.952(l)(2);
(iii) Interoperable shall mean able to:
(A) Securely exchange data with, and use data from other health
information technology without special effort on the part of the user;
(B) Allow for complete access, exchange, and use of all
electronically accessible health information for authorized use under
applicable State or Federal law; and
(C) Does not constitute information blocking as defined in 45 CFR
part 171; and
(iv) Electronic health record shall mean a repository of electronic
health information that:
(A) Is transmitted by or maintained in electronic media; and
(B) Relates to the past, present, or future health or condition of
an individual or the provision of healthcare to an individual.
* * * * *
(bb) * * *
(1) * * *
(iv) * * *
(B) Within 25 miles of the healthcare provider or supplier to or
from which the patient would be transported, or within 75 miles if the
patient resides in a rural area, as defined in this paragraph (bb),
except that, if the patient is being discharged from an inpatient
facility and transported to the patient's residence, or another
residence of the patient's choice, the mileage limits in this paragraph
(bb)(1)(iv)(B) shall not apply; and
* * * * *
(2) * * *
(iii) The eligible entity makes the shuttle service available only
within the eligible entity's local area, meaning there are no more than
25 miles from any stop on the route to any stop at a location where
healthcare items or services are provided, except that if a stop on the
route is in a rural area, the distance may be up to 75 miles between
that stop and any providers or suppliers on the route;
* * * * *
(3) For purposes of this paragraph (bb), the following definitions
apply:
(i) An eligible entity is any individual or entity, except for
individuals or entities (or family members or others acting on their
behalf) that primarily supply healthcare items;
(ii) An established patient is a person who has selected and
initiated contact to schedule an appointment with a provider or
supplier, or who previously has attended an appointment with the
provider or supplier;
(iii) A shuttle service is a vehicle that runs on a set route, on a
set schedule;
(iv) A rural area is an area that is not an urban area, as defined
in paragraph (bb)(3)(v) of this section; and
(v) An urban area is:
(A) A Metropolitan Statistical Area (MSA) or New England County
Metropolitan Area (NECMA), as defined by the Executive Office of
Management and Budget; or
(B) The following New England counties, which are deemed to be
parts of urban areas under section 601(g) of the Social Security
Amendments of 1983 (Pub. L. 98-21, 42 U.S.C. 1395ww (note)): Litchfield
County, Connecticut; York County, Maine; Sagadahoc County, Maine;
Merrimack County, New Hampshire; and Newport County, Rhode Island.
(cc)-(dd) [Reserved]
(ee) Care coordination arrangements to improve quality, health
outcomes, and efficiency. As used in section 1128B of the Act,
``remuneration'' does not include the exchange of anything of value
pursuant to a value-based arrangement if all of the standards in
paragraphs (ee)(1) through (12) of this section are met:
(1) The VBE participants establish one or more specific evidence-
based, valid outcome measures against which the recipient will be
measured and which the parties reasonably anticipate will advance the
coordination and management of care of the target patient population.
(2) The value-based arrangement is commercially reasonable,
considering both the arrangement itself and all value-based
arrangements within the VBE.
(3) In advance of, or contemporaneous with, the commencement of the
value-based arrangement or any material change to the value-based
arrangement, the offeror of the remuneration and any recipient(s) of
such remuneration have set forth the terms of the value-based
arrangement in a signed writing. The writing states, at a minimum:
(i) The value-based activities to be undertaken by the parties to
the value-based arrangement;
(ii) The term of the value-based arrangement;
(iii) The target patient population;
(iv) A description of the remuneration;
(v) The offeror's cost for the remuneration;
(vi) The percentage of the offeror's cost contributed by the
recipient;
(vii) If applicable, the frequency of the recipient's contribution
payments for ongoing costs; and
(viii) The specific evidence-based, valid outcome measure(s)
against which the recipient will be measured.
(4) The remuneration exchanged:
(i) Is in-kind;
(ii) Is used primarily to engage in value-based activities that are
directly connected to the coordination and management of care for the
target patient population;
(iii) Does not induce VBE participants to furnish medically
unnecessary items or services or reduce or limit medically necessary
items or services furnished to any patient; and
(iv) Is not funded by, and does not otherwise result from the
contributions of, any individual or entity outside of the applicable
VBE.
(5) The offeror of the remuneration does not take into account the
volume or value of, or condition the remuneration on:
(i) Referrals of patients who are not part of the target patient
population; or
(ii) Business not covered under the value-based arrangement.
(6) The recipient pays at least 15 percent of the offeror's cost
for the in-kind remuneration. If a one-time cost, the recipient makes
such contribution in advance of receiving the in-kind
[[Page 55762]]
remuneration. If an ongoing cost, the recipient makes such contribution
at reasonable, regular intervals.
(7) The value-based arrangement:
(i) Is directly connected to the coordination and management of
care of the target patient population;
(ii) Does not place any limitation on VBE participants' ability to
make decisions in the best interest of their patients;
(iii) Does not direct or restrict referrals to a particular
provider, practitioner, or supplier if:
(A) A patient expresses a preference for a different practitioner,
provider, or supplier;
(B) The patient's payor determines the provider, practitioner, or
supplier; or
(C) Such direction or restriction is contrary to applicable law or
regulations under titles XVIII and XIX of the Act; and
(iv) Does not include marketing to patients of items or services or
engaging in patient recruitment activities.
(8) The VBE, a VBE participant in the value-based arrangement
acting on the VBE's behalf, or the VBE's accountable body or
responsible person monitors and assesses, and reports such monitoring
and assessment to the VBE's accountable body or responsible person as
applicable, no less frequently than annually or at least once during
the term of the value-based arrangement for arrangements with terms of
less than 1 year:
(i) The coordination and management of care for the target
population in the value-based arrangement;
(ii) Any deficiencies in the delivery of quality care under the
value-based arrangement; and
(iii) Progress toward achieving the evidence-based, valid outcome
measure(s) in the value-based arrangement.
(9) The parties terminate the arrangement within 60 days if the
VBE's accountable body or responsible person determines that the value-
based arrangement:
(i) Is unlikely to further the coordination and management of care
for the target patient population;
(ii) Has resulted in material deficiencies in quality of care; or
(iii) Is unlikely to achieve the evidence-based, valid outcome
measure(s).
(10) The offeror does not, and should not, know that the
remuneration is likely to be diverted, resold, or used by the recipient
for an unlawful purpose.
(11) The VBE or VBE participant makes available to the Secretary,
upon request, all materials and records sufficient to establish
compliance with the conditions of this paragraph (ee).
(12) For purposes of this paragraph (ee), the following definitions
apply:
(i) Coordination and management of care (or coordinating and
managing care) means, for purposes of the anti-kickback statute safe
harbors at Sec. 1001.952, the deliberate organization of patient care
activities and sharing of information between two or more VBE
participants or VBE participants and patients, tailored to improving
the health outcomes of the target patient population, in order to
achieve safer and more effective care for the target patient
population.
(ii) Target patient population means an identified patient
population selected by the VBE or its VBE participants using legitimate
and verifiable criteria that:
(A) Are set out in writing in advance of the commencement of the
value-based arrangement; and
(B) Further the value-based enterprise's value-based purpose(s).
(iii) Value-based activity
(A) Means any of the following activities, provided that the
activity is reasonably designed to achieve at least one value-based
purpose of the value-based enterprise:
(1) The provision of an item or service;
(2) The taking of an action; or
(3) The refraining from taking an action.
(B) Does not include the making of a referral.
(iv) Value-based arrangement means an arrangement for the provision
of at least one value-based activity for a target patient population
between or among:
(A) The value-based enterprise and one or more of its VBE
participants; or
(B) VBE participants in the same value-based enterprise.
(v) Value-based enterprise or VBE means two or more VBE
participants:
(A) Collaborating to achieve at least one value-based purpose;
(B) Each of which is a party to a value-based arrangement with the
other or at least one other VBE participant in the value-based
enterprise;
(C) That have an accountable body or person responsible for
financial and operational oversight of the value-based enterprise; and
(D) That have a governing document that describes the value-based
enterprise and how the VBE participants intend to achieve its value-
based purpose(s).
(vi) Value-based enterprise participant or VBE participant means an
individual or entity that engages in at least one value-based activity
as part of a value-based enterprise. VBE participant does not include a
pharmaceutical manufacturer; a manufacturer, distributor, or supplier
of durable medical equipment, prosthetics, orthotics, or supplies; or a
laboratory.
(vii) Value-based purpose means:
(A) Coordinating and managing the care of a target patient
population;
(B) Improving the quality of care for a target patient population;
(C) Appropriately reducing the costs to, or growth in expenditures
of, payors without reducing the quality of care for a target patient
population; or
(D) Transitioning from healthcare delivery and payment mechanisms
based on the volume of items and services provided to mechanisms based
on the quality of care and control of costs of care for a target
patient population.
(ff) Value-based arrangements with substantial downside financial
risk. As used in section 1128B of the Act, ``remuneration'' does not
include the exchange of payments or anything of value between a VBE and
a VBE participant pursuant to a value-based arrangement if all of the
standards in paragraphs (ff)(1) through (8) of this section are met:
(1) The VBE (directly or through a VBE participant acting on the
VBE's behalf) has assumed (or is contractually obligated to assume in
the next 6 months) substantial downside financial risk (as defined in
this paragraph (ff)) from a payor for providing or arranging for the
provision of items and services for a target patient population.
(2) Under the value-based arrangement, the VBE participant
meaningfully shares in the VBE's substantial downside financial risk
for providing or arranging for the provision of items and services for
the target patient population. For purposes of this paragraph (ff), a
VBE participant meaningfully shares in the VBE's substantial downside
financial risk if the value-based arrangement provides that the VBE
participant is subject to risk under one of the following three
methodologies:
(i) A risk-sharing payment pursuant to which the VBE participant is
at risk for 8 percent of the amount for which the VBE is at risk under
its agreement with the applicable payor;
(ii) A partial or full capitation payment or similar payment
methodology, excluding the Medicare inpatient prospective payment
system or other like payment methodology; or
(iii) In the case of a VBE participant that is a physician, a
payment that meets the requirements of the regulatory exception for
value-based arrangements with meaningful downside financial risk at
Sec. 411.357(aa)(2) of this title.
[[Page 55763]]
(3) The remuneration provided by, or shared among, the VBE and VBE
participant:
(i) Is used primarily to engage in value-based activities that are
directly connected to the items and services for which the VBE is at
substantial downside financial risk and that are set forth in writing
pursuant to paragraph(ff)(4) of this section;
(ii) Is directly connected to one or more of the VBE's value-based
purposes, at least one of which must be the coordination and management
of care for the target patient population;
(iii) Does not induce VBE participants to reduce or limit medically
necessary items or services furnished to any patient;
(iv) Does not include the offer or receipt of an ownership or
investment interest in an entity or any distributions related to such
ownership or investment interest; and
(v) Is not funded by, and does not otherwise result from the
contributions of, any individual or entity outside of the VBE.
(4) In advance of, or contemporaneous with, the commencement of the
value-based arrangement or any material change to the value-based
arrangement, the VBE and VBE participant set forth in a signed writing
the terms of the value-based arrangement. The writing states all
material terms of the value-based arrangement, including: A description
of the nature and extent of the VBE's substantial downside financial
risk for the target patient population; a description of the manner in
which the recipient meaningfully shares in the VBE's substantial
downside financial risk; the value-based activities; the target patient
population; and the type and the offeror's cost of the remuneration.
(5) The VBE or VBE participant offering the remuneration does not
take into account the volume or value of, or condition the remuneration
on:
(i) Referrals of patients who are not part of the target patient
population; or
(ii) Business not covered under the value-based arrangement.
(6) The value-based arrangement does not:
(i) Place any limitation on VBE participants' ability to make
decisions in the best interest of their patients;
(ii) Direct or restrict referrals to a particular provider,
practitioner, or supplier if:
(A) A patient expresses a preference for a different practitioner,
provider, or supplier;
(B) The patient's payor determines the provider, practitioner, or
supplier; or
(C) Such direction or restriction is contrary to applicable law or
regulations under titles XVIII and XIX of the Act; or
(iii) Include marketing to patients of items or services or
engaging in patient recruitment activities.
(7) The VBE or VBE participant makes available to the Secretary,
upon request, all materials and records sufficient to establish
compliance with the conditions of this paragraph (ff).
(8) For purposes of this paragraph (ff), the following definitions
apply:
(i) Substantial downside financial risk means risk, for the entire
term of the value-based arrangement, in the form of:
(A) Shared savings with a repayment obligation to the payor of at
least 40 percent of any shared losses, where loss is determined based
upon a comparison of costs to historical expenditures, or to the extent
such data is unavailable, evidence-based, comparable expenditures;
(B) A repayment obligation to the payor under an episodic or
bundled payment arrangement of at least 20 percent of any total loss,
where loss is determined based upon a comparison of costs to historical
expenditures, or to the extent such data is unavailable, evidence-
based, comparable expenditures;
(C) A prospectively paid population-based payment for a defined
subset of the total cost of care of a target patient population, where
such payment is determined based upon a review of historical
expenditures, or to the extent such data is unavailable, evidence-
based, comparable expenditures; or
(D) A partial capitated payment from the payor for a set of items
and services for the target patient population, where such capitated
payment reflects a discount equal to at least 60 percent of the total
expected fee-for-service payments based on historical expenditures, or
to the extent such data is unavailable, evidence-based, comparable
expenditures of the VBE participants to the value-based arrangement.
(ii) Coordination and management of care, target patient
population, value-based activity, value-based arrangement, value-based
enterprise, value-based purpose, and VBE participant shall have the
meaning set forth in paragraph (ee) of this section.
(gg) Value-based arrangements with full financial risk. As used in
section 1128B of the Act, ``remuneration'' does not include the
exchange of payments or anything of value between the VBE and a VBE
participant pursuant to a value-based arrangement if all of the
standards in paragraphs (gg)(1) through (8) of this section are met:
(1) The VBE (directly or through a VBE participant acting on behalf
of the VBE) has assumed (or is contractually obligated to assume in the
next 6 months) full financial risk from a payor and has a signed
writing with the payor that specifies the target patient population and
contains terms evidencing that the VBE is at full financial risk for
that population for a period of at least 1 year.
(2) The value-based arrangement is set out in a writing signed by
the parties that specifies the material terms of the value-based
arrangement, including the value-based activities to be undertaken by
the parties, and is for a period of at least 1 year.
(3) The VBE participant does not claim payment in any form directly
or indirectly from a payor for items or services covered under the
value-based arrangement.
(4) The remuneration exchanged between the VBE and a VBE
participant:
(i) Is used primarily to engage in the value-based activities set
forth in writing pursuant to paragraph (gg)(2) of this section;
(ii) Is directly connected to one or more of the VBE's value-based
purposes, at least one of which must be the coordination and management
of care for the target patient population;
(iii) Does not induce the VBE or VBE participants to reduce or
limit medically necessary items or services furnished to any patient;
(iv) Does not include the offer or receipt of an ownership or
investment interest in an entity or any distributions related to such
ownership or investment interest; and
(v) Is not funded by, and does not otherwise result from the
contributions of, any individual or entity outside of the VBE.
(5) The VBE or VBE participant does not take into account the
volume or value of, or condition the remuneration on:
(i) Referrals of patients who are not part of the target patient
population; or
(ii) Business not covered under the value-based arrangement.
(6) The VBE provides or arranges for:
(i) An operational utilization review program; and
(ii) A quality assurance program that protects against
underutilization and specifies patient goals, including measurable
outcomes, where appropriate.
(7) The value-based arrangement does not include marketing to
patients of items or services or engaging in patient recruitment
activities.
(8) The VBE or VBE participant makes available to the Secretary,
upon request,
[[Page 55764]]
all materials and records sufficient to establish compliance with the
conditions of this paragraph (gg).
(9) For purposes of this paragraph (gg), the following definitions
apply:
(i) Full financial risk means the VBE is financially responsible
for the cost of all items and services covered by the applicable payor
for each patient in the target patient population and is prospectively
paid by the applicable payor;
(ii) Items and services shall have the meaning set forth in Sec.
1001.952(t)(2)(iv); and
(iii) Coordination and management of care, target patient
population, value-based activity, value-based arrangement, value-based
enterprise, value-based purpose, and VBE participant shall have the
meaning set forth in paragraph (ee) of this section.
(hh) Arrangements for patient engagement and support to improve
quality, health outcomes, and efficiency. As used in section 1128B of
the Act, ``remuneration'' does not include a patient engagement tool or
support furnished by a VBE participant to a patient in a target patient
population if all of the conditions in paragraphs (hh)(1) through (6)
of this section are met:
(1) The patient engagement tool or support is furnished directly to
the patient by a VBE participant.
(2) No individual or entity outside of the applicable VBE funds or
otherwise contributes to the provision of the patient engagement tool
or support.
(3) The patient engagement tool or support:
(i) Is an in-kind preventive item, good, or service, or an in-kind
item, good, or service such as health-related technology, patient
health-related monitoring tools and services, or supports and services
designed to identify and address a patient's social determinants of
health;
(ii) That has a direct connection to the coordination and
management of care of the target patient population;
(iii) Does not include any gift card, cash, or cash equivalent;
(iv) Does not include any in-kind item, good, or service used for
patient recruitment or marketing of items or services to patients;
(v) Does not result in medically unnecessary or inappropriate items
or services reimbursed in whole or in part by a Federal health care
program;
(vi) Is recommended by the patient's licensed healthcare provider;
and
(vii) Advances one or more of the following goals:
(A) Adherence to a treatment regimen determined by the patient's
licensed healthcare provider.
(B) Adherence to a drug regimen determined by the patient's
licensed healthcare provider.
(C) Adherence to a follow-up care plan established by the patient's
licensed healthcare provider.
(D) Management of a disease or condition as directed by the
patient's licensed healthcare provider.
(E) Improvement in measurable evidence-based health outcomes for
the patient or for the target patient population.
(F) Ensuring patient safety.
(4) The offeror does not, and should not, know that the
remuneration is likely to be diverted, sold, or utilized by the patient
other than for the express purpose for which the patient engagement
tool or support is provided.
(5) The aggregate retail value of patient engagement tools and
supports furnished to a patient by a VBE participant on an annual basis
does not exceed $500 unless such patient engagement tools and supports
are furnished to patients based on a good faith, individualized
determination of the patient's financial need.
(6) The VBE participant makes available to the Secretary, upon
request, all materials and records sufficient to establish that the
patient engagement tool or support was distributed in a manner that
meets the conditions of this paragraph (hh).
(7) For purposes of this paragraph (hh), coordination and
management of care, target patient population, value-based purpose,
VBE, and VBE participant shall have the meaning set forth in paragraph
(ee) of this section.
(ii) CMS-sponsored model arrangements and CMS-sponsored model
patient incentives.
(1) As used in section 1128B of the Act, ``remuneration'' does not
include an exchange of anything of value between or among CMS-sponsored
model parties under a CMS-sponsored model arrangement in a model for
which CMS has determined that this safe harbor is available if all of
the following conditions are met:
(i) The CMS-sponsored model parties reasonably determine that the
CMS-sponsored model arrangement will advance one or more goals of the
CMS-sponsored model;
(ii) The exchange of value does not induce CMS-sponsored model
parties or other providers or suppliers to furnish medically
unnecessary items or services or reduce or limit medically necessary
items or services furnished to any patient;
(iii) The CMS-sponsored model parties do not offer, pay, solicit,
or receive remuneration in return for, or to induce or reward, any
Federal health care program referrals or other Federal health care
program business generated outside of the CMS-sponsored model;
(iv) The CMS-sponsored model parties, in advance of, or
contemporaneous with the commencement of, the CMS-sponsored model
arrangement, set forth the terms of the CMS-sponsored model arrangement
in a signed writing. The writing must specify, at a minimum, the
activities to be undertaken by the CMS-sponsored model parties and the
nature of the remuneration to be exchanged under the CMS-sponsored
model arrangement;
(v) The parties to the CMS-sponsored model arrangement make
available to the Secretary, upon request, all materials and records
sufficient to establish whether the remuneration was exchanged in a
manner that meets the conditions of this safe harbor; and
(vi) The CMS-sponsored model parties satisfy such programmatic
requirements as may be imposed by CMS in connection with the use of
this safe harbor.
(2) As used in section 1128B of the Act, ``remuneration'' does not
include a CMS-sponsored model patient incentive under a model for which
CMS has determined that this safe harbor is available, if all of the
conditions of paragraph (ii)(2)(i) through (v) are met of this section:
(i) The CMS-sponsored model participant reasonably determines that
the CMS-sponsored model patient incentive will advance one or more
goals of the CMS-sponsored model;
(ii) The CMS-sponsored model patient incentive has a direct
connection to the patient's healthcare;
(iii) The CMS-sponsored model participant makes available to the
Secretary, upon request, all materials and records sufficient to
establish whether the CMS-sponsored model patient incentive was
distributed in a manner that meets the conditions of this paragraph;
and
(iv) The CMS-sponsored model participant satisfies such
programmatic requirements as may be imposed by CMS in connection with
the use of this safe harbor.
(v) For purposes of this paragraph (ii)(2), a patient may retain
any incentives received prior to the termination or expiration of the
participation documentation of the CMS-sponsored model participant.
(3) For purposes of this paragraph (ii), the following definitions
apply:
(i) CMS-sponsored model means:
(A) A model being tested under section 1115A(b) of the Act or a
model
[[Page 55765]]
expanded under section 1115A(c) of the Act; or
(B) The Medicare shared savings program under section 1899 of the
Act;
(ii) CMS-sponsored model arrangement means an arrangement between
or among CMS-sponsored model parties to engage in activities under the
CMS-sponsored model and that is consistent with, and is not a type of
arrangement prohibited by, the participation documentation;
(iii) CMS-sponsored model participant means an individual or entity
that is subject to, and is operating under, participation documentation
with CMS to participate in a CMS-sponsored model;
(iv) CMS-sponsored model party means:
(A) A CMS-sponsored model participant; or
(B) Other individual or entity who the participation documentation
specifies may enter into a CMS-sponsored model arrangement;
(v) CMS-sponsored model patient incentive means remuneration not of
a type prohibited by the participation documentation and is furnished
consistent with the CMS-sponsored model by a CMS-sponsored model
participant (or by an agent of the CMS-sponsored model participant
under the CMS-sponsored model participant's direction and control)
directly to a patient under the CMS-sponsored model; and
(vi) Participation documentation means the participation agreement,
cooperative agreement, regulations, or model-specific addendum to an
existing contract with CMS that:
(A) Is currently in effect, and
(B) Specifies the terms of a CMS-sponsored model.
(jj) Cybersecurity technology and related services. As used in
section 1128B of the Act, ``remuneration'' does not include nonmonetary
remuneration (consisting of certain types of cybersecurity technology
and services), if all of the conditions in paragraphs (jj)(1) through
(5) of this section are met:
(1) The technology and services are necessary and used
predominantly to implement and maintain effective cybersecurity.
(2) The donor does not:
(i) Directly take into account the volume or value of referrals or
other business generated between the parties when determining the
eligibility of a potential recipient for the technology or services, or
the amount or nature of the technology or services to be donated; or
(ii) Condition the donation of technology or services, or the
amount or nature of the technology or services to be donated, on future
referrals.
(3) Neither the recipient nor the recipient's practice (or any
affiliated individual or entity) makes the receipt of technology or
services, or the amount or nature of the technology or services, a
condition of doing business with the donor.
(4) The arrangement is set forth in a written agreement that:
(i) Is signed by the parties;
(ii) Describes the technology and services being provided and the
amount of the recipient's contribution, if any; and
(5) The donor does not shift the costs of the technology or
services to any Federal health care program.
(6) For purposes of this paragraph (jj) the following definitions
apply:
(i) Cybersecurity means the process of protecting information by
preventing, detecting, and responding to cyberattacks.
(ii) Technology means any software or other types of information
technology, other than hardware.
(kk) ACO Beneficiary Incentive Program. As used in section 1128B of
the Act, ``remuneration'' does not include an incentive payment made by
an ACO to an assigned beneficiary under a beneficiary incentive program
established under section 1899(m) of the Act, as amended by Congress
from time to time, if the incentive payment is made in accordance with
the requirements found in such subsection.
PART 1003--CIVIL MONEY PENALTIES, ASSESSMENTS AND EXCLUSIONS
0
3. The authority citation for part 1003 continues to read as follows:
Authority: 42 U.S.C. 262a, 1302, 1320-7, 1320a-7a, 1320b-10,
1395u(j), 1395u(k), 1395cc(j), 1395w-141(i)(3), 1395dd(d)(1),
1395mm, 1395nn(g), 1395ss(d), 1396b(m), 11131(c), and 11137(b)(2).
0
4. Section 1003.110 is amended by adding paragraph (10) to the
definition of ``remuneration'' and adding in alphabetical order a
definition for ``telehealth technologies'' to read as follows:
Sec. 1003.110 Definitions.
* * * * *
Remuneration * * *
* * * * *
(10) The provision of telehealth technologies by a provider of
services or a renal dialysis facility (as such terms are defined for
purposes of title XVIII of the Act) to an individual with end stage
renal disease who is receiving home dialysis for which payment is being
made under part B of such title, if--
(i) The telehealth technologies are furnished to the individual by
the provider of services or the renal dialysis facility that is
currently providing the in-home dialysis, telehealth visits, or other
end stage renal disease care to the patient;
(ii) The telehealth technologies are not offered as part of any
advertisement or solicitation;
(iii) The telehealth technologies contribute substantially to the
provision of telehealth services related to the individual's end stage
renal disease, is not of excessive value, and is not duplicative of
technology that the beneficiary already owns if that technology is
adequate for the telehealth purposes; and
(iv) The provider of services or a renal dialysis facility does not
bill Federal health care programs, other payors, or individuals for the
telehealth technologies, claim the value of the telehealth technologies
as a bad debt for payment purposes under a Federal health care program,
or otherwise shift the burden of the value of the telehealth
technologies onto a Federal health care program, other payors, or
individuals.
* * * * *
Telehealth technologies, for purposes of the definition of the term
``remuneration'' as set forth in this section and the telehealth
technologies exception to section 50302(c) of the Bipartisan Budget Act
of 2018, which adds an exception as new section 1128A(i)(6)(J) of the
Act, means multimedia communications equipment that includes, at a
minimum, audio and video equipment permitting two-way, real-time
interactive communication between the patient and distant site
physician or practitioner used in the diagnosis, intervention, or
ongoing care management--paid for by Medicare Part B--between a patient
and the remote healthcare provider. Telephones, facsimile machines, and
electronic mail systems are not telehealth technologies.
* * * * *
Dated: September 30, 2019.
Alex M. Azar II,
Secretary.
Joanne M. Chiedi,
Acting Inspector General.
[FR Doc. 2019-22027 Filed 10-9-19; 4:15 pm]
BILLING CODE 4152-04-P