Medicare and State Health Care Programs: Fraud and Abuse; Electronic Health Records Safe Harbor Under the Anti-Kickback Statute, 21314-21320 [2013-08314]

Agencies

• DEPARTMENT OF HEALTH AND HUMAN SERVICES
• Office of Inspector General

[Federal Register Volume 78, Number 69 (Wednesday, April 10, 2013)]
[Proposed Rules]
[Pages 21314-21320]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-08314]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of Inspector General

42 CFR Part 1001

RIN 0936-AA03


Medicare and State Health Care Programs: Fraud and Abuse; 
Electronic Health Records Safe Harbor Under the Anti-Kickback Statute

AGENCY: Office of Inspector General (OIG), HHS.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: In this proposed rule, the Office of Inspector General (OIG) 
proposes to amend the safe harbor regulation concerning electronic 
health records items and services, which defines certain conduct that 
is protected from liability under the Federal anti-kickback statute in 
the Social Security Act (the Act). The proposed amendments include an 
update to the provision under which electronic health records software 
is deemed interoperable; removal of the electronic prescribing 
capability requirement; and extension of the sunset provision. In 
addition, OIG is requesting public comment on other changes it is 
considering.

DATES: To assure consideration, comments must be delivered to the 
address provided below by no later than 5 p.m. Eastern Standard Time on 
June 10, 2013.

ADDRESSES: In commenting, please reference file code OIG-404-P. Because 
of staff and resource limitations, we cannot accept comments by 
facsimile (fax) transmission. However, you may submit comments using 
one of three ways (no duplicates, please):
    1. Electronically. You may submit electronically through the 
Federal eRulemaking Portal at https://www.regulations.gov. (Attachments 
should be in Microsoft Word, if possible.)
    2. By regular, express, or overnight mail. You may mail your 
printed or written submissions to the following address: Patrice Drew, 
Office of Inspector General, Department of Health and Human Services, 
Attention: OIG-404-P, Room 5541C, Cohen Building, 330 Independence 
Avenue SW., Washington, DC 20201.
    Please allow sufficient time for mailed comments to be received 
before the close of the comment period.
    3. By hand or courier. You may deliver, by hand or courier, before 
the close of the comment period, your

[[Page 21315]]

printed or written comments to: Patrice Drew, Office of Inspector 
General, Department of Health and Human Services, Cohen Building, Room 
5541C, 330 Independence Avenue SW., Washington, DC 20201.
Because access to the interior of the Cohen Building is not readily 
available to persons without Federal Government identification, 
commenters are encouraged to schedule their delivery with one of our 
staff members at (202) 619-1368.
    Inspection of Public Comments: All comments received before the end 
of the comment period will be posted on https://www.regulations.gov for 
public viewing. Hard copies will also be available for public 
inspection at the Office of Inspector General, Department of Health and 
Human Services, Cohen Building, 330 Independence Avenue SW., 
Washington, DC 20201, Monday through Friday from 8:30 a.m. to 4 p.m. To 
schedule an appointment to view public comments, phone (202) 619-1368. 
Comments received by OIG will be shared with the Centers for Medicare & 
Medicaid Services (CMS).

FOR FURTHER INFORMATION CONTACT: James A. Cannatti III or Heather L. 
Westphal, Office of Counsel to the Inspector General, (202) 619-0335.

SUPPLEMENTARY INFORMATION:

------------------------------------------------------------------------
       Social Security Act Citation          United States Code Citation
------------------------------------------------------------------------
1128B.....................................  42 U.S.C. 1320a-7b
------------------------------------------------------------------------

Executive Summary

A. Purpose of the Regulatory Action

    Pursuant to section 14 of the Medicare and Medicaid Patient and 
Program Protection Act of 1987 and its legislative history, Congress 
required the Secretary of Health and Human Services (the Secretary) to 
promulgate regulations setting forth various ``safe harbors'' to the 
anti-kickback statute, which would be evolving rules that would be 
periodically updated to reflect changing business practices and 
technologies in the health care industry. In accordance with this 
authority, OIG published a safe harbor to protect certain arrangements 
involving the provision of interoperable electronic health records 
software or information technology and training services. The final 
rule for this safe harbor was published on August 8, 2006 (71 FR 45110) 
and is scheduled to sunset on December 31, 2013 (42 CFR 
1001.952(y)(13)). The purpose of this proposed rule is to update 
certain aspects of the electronic health records safe harbor and to 
extend the sunset date.

B. Summary of the Major Provisions

    This proposed rule would amend the current safe harbor in at least 
three ways. First, the proposed rule would update the provision under 
which electronic health records software is deemed interoperable. 
Second, we propose to remove the requirement related to electronic 
prescribing capability from the safe harbor. Third, we propose to 
extend the sunset date of the safe harbor. In addition to these 
proposals, we are soliciting public comment on other possible 
amendments to the safe harbor, including limiting the scope of 
protected donors and adding or modifying conditions to limit the risk 
of data and referral lock-in.

C. Costs and Benefits

    The proposed rule would modify an already-existing safe harbor to 
the anti-kickback statute. This safe harbor permits certain entities to 
provide technology-related items and services to certain parties to be 
used to create, maintain, transmit, or receive electronic health 
records. Parties may voluntarily seek to comply with safe harbors so 
that they have assurance that their conduct will not subject them to 
any enforcement actions under the anti-kickback statute, but safe 
harbors do not impose new requirements on any party.
    This is not a major rule, as defined at 5 U.S.C. 804(2). It is also 
not economically significant, because it will not have a significant 
effect on program expenditures, and there are no additional substantive 
costs to implement the resulting provisions. The proposed rule would 
update the provision under which electronic health records software is 
deemed interoperable, remove the requirement related to electronic 
prescribing capability, and extend the safe harbor's sunset date 
(currently set at December 31, 2013). We expect these proposed changes 
to continue to facilitate the adoption of electronic health records 
technology.

I. Background

A. Anti-Kickback Statute and Safe Harbors

    Section 1128B(b) of the Social Security Act (the Act) (42 U.S.C. 
1320a-7b(b), the anti-kickback statute) provides criminal penalties for 
individuals or entities that knowingly and willfully offer, pay, 
solicit, or receive remuneration in order to induce or reward the 
referral of business reimbursable under any of the Federal health care 
programs, as defined in section 1128B(f) of the Act. The offense is 
classified as a felony and is punishable by fines of up to $25,000 and 
imprisonment for up to 5 years. Violations of the anti-kickback statute 
may also result in the imposition of civil monetary penalties (CMP) 
under section 1128A(a)(7) of the Act (42 U.S.C. 1320a-7a(a)(7)), 
program exclusion under section 1128(b)(7) of the Act (42 U.S.C. 1320a-
7(b)(7)), and liability under the False Claims Act (31 U.S.C. 3729-33).
    The types of remuneration covered specifically include, without 
limitation, kickbacks, bribes, and rebates, whether made directly or 
indirectly, overtly or covertly, in cash or in kind. In addition, 
prohibited conduct includes not only the payment of remuneration 
intended to induce or reward referrals of patients, but also the 
payment of remuneration intended to induce or reward the purchasing, 
leasing, or ordering of, or arranging for or recommending the 
purchasing, leasing, or ordering of, any good, facility, service, or 
item reimbursable by any Federal health care program.
    Because of the broad reach of the statute, concern was expressed 
that some relatively innocuous commercial arrangements were covered by 
the statute and, therefore, potentially subject to criminal 
prosecution. In response, Congress enacted section 14 of the Medicare 
and Medicaid Patient and Program Protection Act of 1987, Public Law 
100-93 (section 1128B(b)(3)(E) of the Act; 42 U.S.C. 1320a-
7b(B)(3)(E)), which specifically required the development and 
promulgation of regulations, the so-called ``safe harbor'' provisions, 
that would specify various payment and business practices that would 
not be subject to sanctions under the anti-kickback statute, even 
though they may potentially be capable of inducing referrals of 
business under the Federal health care programs. Since July 29, 1991, 
we have published in the Federal Register a series of final regulations 
establishing ``safe harbors'' in various areas.\1\ These OIG safe 
harbor provisions have been developed ``to limit the reach of the 
statute somewhat by permitting certain non-abusive arrangements, while 
encouraging beneficial or innocuous arrangements.'' 56 FR 35952, 35958 
(July 29, 1991).
---------------------------------------------------------------------------

    \1\ 56 FR 35952 (July 29, 1991); 61 FR 2122 (Jan. 25, 1996); 64 
FR 63518 (Nov. 19, 1999); 64 FR 63504 (Nov. 19, 1999); 66 FR 62979 
(Dec. 4, 2001); 71 FR 45109 (Aug. 8, 2006); and 72 FR 56632 (Oct. 4, 
2007).
---------------------------------------------------------------------------

    Health care providers and others may voluntarily seek to comply 
with safe harbors so that they have the assurance that their business 
practices will not be subject to any enforcement action under the anti-
kickback statute, the CMP provision for anti-kickback violations,

[[Page 21316]]

or the program exclusion authority related to kickbacks. In giving the 
Department of Health and Human Services (Department or HHS) the 
authority to protect certain arrangements and payment practices under 
the anti-kickback statute, Congress intended the safe harbor 
regulations to be updated periodically to reflect changing business 
practices and technologies in the health care industry.

B. The Electronic Health Records Safe Harbor

    In the October 11, 2005 Federal Register (70 FR 59015), we 
published a notice of proposed rulemaking (the 2005 Proposed Rule) that 
would promulgate two safe harbors to address donations of certain 
electronic health records software and directly related training 
services, using our authority at section 1128B(b)(3)(E) of the Act. See 
70 FR 59015, 59021 (Oct. 11, 2005). One proposed safe harbor would have 
protected certain arrangements involving donations of electronic health 
records technology made before the adoption of certification criteria. 
The other proposed safe harbor would have protected certain 
arrangements involving nonmonetary remuneration in the form of 
interoperable electronic health records software certified in 
accordance with criteria adopted by the Secretary of HHS (Secretary) 
and directly related training services. In the same issue of the 
Federal Register (70 FR 59182 (Oct. 11, 2005)), CMS simultaneously 
proposed similar exceptions to the physician self-referral law.
    On August 8, 2006 (71 FR 45110), we published a final rule (the 
2006 Final Rule) that, among other things, finalized a safe harbor \2\ 
at 42 CFR 1001.952(y) (the electronic health records safe harbor) for 
protecting certain arrangements involving interoperable electronic 
health records software or information technology and training 
services. In the same issue of the Federal Register (71 FR 45140 (Aug. 
8, 2006)), CMS simultaneously published similar final regulations at 42 
CFR 411.357(w). The electronic health records safe harbor is scheduled 
to sunset on December 31, 2013. 42 CFR 1001.952(y)(13).
---------------------------------------------------------------------------

    \2\ For the reasons discussed in more detail in the preamble to 
the 2006 Final Rule, we abandoned the proposal to have separate pre- 
and post-interoperability safe harbors for electronic health records 
arrangements. See 71 FR 45110, 45121 (Aug. 8, 2006).
---------------------------------------------------------------------------

    The present proposed rule sets forth certain proposed changes to 
the electronic health records safe harbor. CMS is proposing almost 
identical changes to the physician self-referral law electronic health 
records exception \3\ elsewhere in this issue of the Federal Register. 
We attempted to ensure as much consistency as possible between our 
proposed safe harbor changes and CMS's proposed exception changes, 
despite the differences in the respective underlying statutes. We 
intend the final rules to be similarly consistent. Because of the close 
nexus between this proposed rule and CMS's proposed rule, we may 
consider comments submitted in response to CMS's proposed rule when 
crafting our final rule. Similarly, CMS may consider comments submitted 
in response to this proposed rule in crafting its final rule.
---------------------------------------------------------------------------

    \3\ 42 CFR 411.357(w).
---------------------------------------------------------------------------

II. Provisions of the Proposed Rule

A. The Deeming Provision

    Our current electronic health records safe harbor specifies at 42 
CFR 1001.952(y)(2) that the donated software must be ``interoperable at 
the time it is provided to the recipient.'' As discussed in a recently 
issued Request for Information (RFI) from the Department, ``HHS 
envisions an information rich, person-centered, high performance health 
care system where every health care provider has access to longitudinal 
data on patients they treat to make evidence-based decisions, 
coordinate care and improve health outcomes.'' 78 FR 14793, 14795 (Mar. 
7, 2013). Additionally, as emphasized in the RFI, interoperability will 
play a critical role in supporting this vision. Interoperability is 
also an important concept in the context of the electronic health 
records safe harbor. Although we have long been concerned that parties 
could use the offer or donation of technology to capture referrals, we 
have viewed interoperability as a potential mitigating factor, or 
safeguard, to justify other safe harbor conditions that are less 
stringent than might otherwise be appropriate in the absence of 
interoperability. This is because if the donated technology is 
interoperable, the recipient will be able to use it to transmit 
electronic health records not only to the donor, but to others, 
including competitors of the donor, and will not be ``locked in'' to 
communications with the donor only. See 70 FR 59015, 59023 (Oct. 11, 
2005); 71 FR 45110, 45126 (Aug. 8, 2006). For purposes of this safe 
harbor, ``interoperable'' means ``able to communicate and exchange data 
accurately, effectively, securely, and consistently with different 
information technology systems, software applications, and networks, in 
various settings, and exchange data such that the clinical or 
operational purpose and meaning of the data are preserved and 
unaltered.'' Note to paragraph (y) of 42 CFR 1001.952. The current 
provisions of the electronic health records safe harbor state that for 
purposes of meeting the condition set forth in subparagraph (y)(2), 
``software is deemed to be interoperable if a certifying body 
recognized by the Secretary has certified the software within no more 
than 12 months prior to the date it is provided to the recipient.'' 42 
CFR 1001.952(y)(2). We propose to update two aspects of this deeming 
provision to reflect the current Office of the National Coordinator for 
Health Information Technology (ONC) certification program for 
electronic health record technology.
    First, we propose to modify the provision to reflect that ONC is 
responsible for ``recognizing'' certifying bodies, as referenced in 
this provision. See 42 U.S.C. 300jj-11(c)(5). To become a certifying 
body ``recognized'' by the Secretary, an entity must successfully 
complete an authorization process established by ONC. This 
authorization process constitutes the Secretary's recognition of a 
certifying body. Accordingly, we propose to revise the phrase 
``recognized by the Secretary'' in the second sentence of subparagraph 
(y)(2) to read ``authorized by the National Coordinator for Health 
Information Technology.''
    Second, we propose to modify the portion of this provision 
concerning the time period within which the software must have been 
certified. Currently, the electronic health records safe harbor deeming 
provision requires that software must have been certified within no 
more than 12 months prior to the date of donation in order to ensure 
that products have an up-to-date certification. Subsequent to issuing 
the final electronic health records safe harbor, ONC developed a 
regulatory process for adopting certification criteria and standards. 
That process is anticipated to occur on a 2-year regulatory interval. 
(For more information, see ONC's September 4, 2012 Final Rule titled 
``Health Information Technology: Standards, Implementation 
Specifications, and Certification Criteria for Electronic Health Record 
Technology, 2014 Edition; Revisions to the Permanent Certification 
Program for Health Information Technology'' (77 FR 54163).) Further, 
some certification criteria could remain unchanged from one edition of 
the electronic health record certification criteria to the next. Thus, 
the current 12-month timeframe is

[[Page 21317]]

not in line with the anticipated 2-year regulatory interval and does 
not account for the fact that some certification criteria may not 
change from one edition to the next. Therefore, we propose to modify 
this portion of the safe harbor by removing the 12-month timeframe and 
substituting a provision that more closely tracks the current ONC 
certification program. Accordingly, we propose that software would be 
eligible for deeming if, on the date it is provided to the recipient, 
it has been certified to any edition of the electronic health record 
certification criteria that is identified in the then-applicable 
definition of Certified EHR Technology in 45 CFR part 170. For example, 
for 2013, the applicable definition of Certified EHR Technology 
identifies both the 2011 and the 2014 editions of the electronic health 
record certification criteria. Therefore, in 2013, software certified 
to meet either the 2011 edition or the 2014 edition could satisfy the 
safe harbor provision as we proposed to modify it. The current 
definition of Certified EHR Technology applicable for 2014, however, 
identifies only the 2014 edition. Thus, based on that definition, in 
2014, only software certified to the 2014 edition could satisfy our 
proposed, modified provision. Future modifications to the definition of 
Certified EHR Technology could result in the identification of other 
editions to which software could be certified and satisfy our proposed, 
modified provision. As we stated in the 2006 Final Rule, we understand 
``that the ability of software to be interoperable is evolving as 
technology develops. In assessing whether software is interoperable, we 
believe the appropriate inquiry is whether the software is as 
interoperable as feasible given the prevailing state of technology at 
the time [it] is provided to the recipient.'' 71 FR 45110, 45126 (Aug. 
8, 2006). We believe our proposed change is consistent with that 
understanding and our objective of ensuring that products are certified 
to the current standard of interoperability when they are donated. We 
seek comment on our proposal, including if removing the 12-month period 
will impact donations and whether we should consider retaining it as an 
additional means of determining eligibility under the deeming 
provision.

B. The Electronic Prescribing Provision

    Our current electronic health records safe harbor specifies at 42 
CFR 1001.952(y)(10) that the donated software must ``contain [ ] 
electronic prescribing capability, either through an electronic 
prescribing component or the ability to interface with the recipient's 
existing electronic prescribing system, that meets the applicable 
standards under Medicare Part D at the time the items and services are 
provided.'' In the preamble to the 2006 Final Rule, we stated that we 
included ``this requirement, in part, because of the critical 
importance of electronic prescribing in producing the overall benefits 
of health information technology, as evidenced by section 101 of the 
[Medicare Prescription Drug, Improvement, and Modernization Act of 2003 
(MMA), Pub. L. 108-173].'' 71 FR 45110, 45125 (Aug. 8, 2006). As we 
noted, it was ``our understanding that most electronic health records 
systems already include an electronic prescribing component.'' Id.
    We continue to believe in the critical importance of electronic 
prescribing. However, in light of developments since the 2006 Final 
Rule, we do not believe that it is necessary to retain a requirement 
related to electronic prescribing capability in the electronic health 
records safe harbor. First, Congress subsequently enacted legislation 
addressing electronic prescribing. In 2008, Congress passed the 
Medicare Improvements for Patients and Providers Act of 2008 (MIPPA), 
Pub. L. 110-275. Section 132 of MIPPA authorized an electronic 
prescribing incentive program (starting in 2009) for certain types of 
eligible professionals. Further, in 2009, Congress passed the Health 
Information Technology for Economic and Clinical Health (HITECH) Act, 
Title XIII of Division A and Title IV of Division B of the American 
Recovery and Reinvestment Act of 2009 (ARRA), Pub. L. 111-5. The HITECH 
Act authorizes CMS to establish Medicare and Medicaid electronic health 
record incentive programs for certain eligible professionals, eligible 
hospitals, and critical access hospitals. 42 U.S.C. 1395w-4(o), 
1395ww(n), 1395f(l)(3), and 1396b(t). The HITECH Act requires that 
eligible professionals under the Medicare and Medicaid electronic 
health record incentive programs demonstrate meaningful use of 
certified electronic health record technology, including the use of 
electronic prescribing. 42 U.S.C. 1395w-4(o)(2)(A)(i). Second, the 
industry has made great progress related to electronic prescribing. 
Recent analysis by ONC notes an increase in the percentage of 
physicians electronically prescribing via electronic health record 
technology from 7 percent in 2008 to 48 percent in 2012, reflecting 
rapid increases over the past few years in the rate of electronic 
health record-based electronic prescribing capabilities.\4\ 
Furthermore, the regulations recently published to implement Stage 2 of 
the EHR Incentive Programs continue to encourage physicians' use of 
electronic prescribing technology. See 77 FR 53968, 53989 (Sept. 4, 
2012); 77 FR 54163, 54198 (Sept. 4, 2012).
---------------------------------------------------------------------------

    \4\ State Variation in E-Prescribing Trends in the United 
States--available at: https://www.healthit.gov/sites/default/files/us_e-prescribingtrends_onc_brief_4_nov2012.pdf.
---------------------------------------------------------------------------

    In light of these developments, we propose to delete the electronic 
prescribing condition at 42 CFR 1001.952(y)(10). We believe that there 
are sufficient alternative policy drivers supporting the adoption of 
electronic prescribing capabilities. We also note that electronic 
prescribing technology would remain eligible for donation under the 
electronic health records safe harbor or under the electronic 
prescribing safe harbor at 42 CFR 1001.952(x). Additionally, we 
considered whether removing this condition would increase the risk of 
fraud or abuse posed by donations made under the safe harbor; we do not 
believe that it would.

C. The Sunset Provision

    The electronic health records safe harbor is scheduled to sunset on 
December 31, 2013. In adopting this condition of the electronic health 
records safe harbor, we acknowledged ``that the need for a safe harbor 
for donations of electronic health records technology should diminish 
substantially over time as the use of such technology becomes a 
standard and expected part of medical practice.'' 71 FR 45110, 45133 
(Aug. 8, 2006). Some have suggested that we extend the sunset date or 
even remove the sunset provision entirely.
    In recent years, electronic health record technology adoption has 
risen dramatically, largely as a result of the HITECH Act in 2009. For 
example, see Farzad Mostashari, M.D., ScM., National Coordinator, ONC, 
U.S. Department of Health and Human Services, Testimony before the 
Subcommittee on Technology and Innovation Committee on Science and 
Technology, available at https://science.house.gov/sites/republicans.science.house.gov/files/documents/HHRG-112-SY19-WState-FMostashari-20121114.pdf and HHS News Release, ``More than 100,000 
health care providers paid for using electronic health records,'' June 
19, 2012, available at https://www.hhs.gov/news/press/2012pres/06/20120619a.html; see also OIG, OEI Report OEI-04-10-00184,

[[Page 21318]]

``Memorandum Report: Use of Electronic Health Record Systems in 2011 
Among Medicare Physicians Providing Evaluation and Management 
Services,'' June 2012, available at https://oig.hhs.gov/oei/reports/oei-04-10-00184.pdf. However, while the industry has made great 
progress, use of such technology has not yet been universally adopted 
nationwide, and continued electronic health record technology adoption 
remains an important Departmental goal. We continue to believe that as 
this goal is achieved, the need for a safe harbor for donations of such 
technology should continue to diminish over time. Accordingly, we 
propose to extend the sunset date to December 31, 2016. We selected 
this date because it corresponds to the last year in which one may 
receive a Medicare electronic health record incentive payment and the 
last year in which one may initiate participation in the Medicaid 
electronic health record incentive program. For more information, see 
``CMS Medicare and Medicaid EHR Incentive Payment Milestone Timeline,'' 
available at https://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/downloads/EHRIncentProgtimeline508V1.pdf. As an 
alternative to this proposed extended sunset date of December 31, 2016, 
we are also considering establishing a later sunset date. For example, 
we are considering extending the sunset date to December 31, 2021, 
which corresponds to the end of the electronic health record Medicaid 
incentives. See id. While these sunset dates are associated with 
specific Medicare and Medicaid electronic health record incentive 
programs, we recognize that not all health care providers to whom 
donations can be made are eligible for such incentives. These health 
care providers include, for example, many in the mental health and 
behavioral health communities as well as long-term and post-acute care 
facilities. We specifically solicit comment on our proposed extension 
of the sunset date to December 31, 2016. We also seek comment on 
whether we should, as an alternative, select a later sunset date and 
what that date should be.

D. Additional Proposals and Considerations

1. Protected Donors
    As we stated in the preamble to the 2006 Final Rule for the 
electronic health records safe harbor, ``[w]e [originally] proposed to 
limit the scope of protected donors under Sec.  1001.952(y) to 
hospitals, group practices, [prescription drug plan (PDP)] sponsors, 
and [Medicare Advantage (MA)] organizations, consistent with the MMA-
mandated donors for the electronic prescribing safe harbor.'' 71 FR 
45110, 45127 (Aug. 8, 2006); see also 70 FR 59015, 59023 (Oct. 11, 
2005). However, ``[m]indful that broad safe harbor protection may 
significantly further the important public policy goal of promoting 
electronic health records, and after carefully considering the 
recommendations of the commenters, we [ ] concluded that the safe 
harbor should protect any donor that is an individual or entity that 
provides patients with health care items or services covered by a 
Federal health care program and submits claims or requests for payment 
for those items or services (directly or pursuant to reassignment) to 
Medicare, Medicaid, or other Federal health care programs (and 
otherwise meets the safe harbor conditions).'' 71 FR 45110, 45127 (Aug. 
8, 2006). Notwithstanding this conclusion, we indicated that ``[w]e 
remain concerned about the potential for abuse by laboratories, durable 
medical equipment suppliers, and others, but believe that the safe 
harbor conditions in the [2006 Final Rule] and the fact that the safe 
harbor is temporary should adequately address our concerns.'' 71 FR 
45110, 45128 (Aug. 8, 2006). We went on to state that ``[w]e intend to 
monitor the situation. If abuses occur, we may revisit our 
determination.'' Id.
    We have received comments suggesting that abusive donations are 
being made under the electronic health records safe harbor. For 
example, some responses to our annual solicitation of safe harbors and 
special fraud alerts allege that donors are using the safe harbor to 
provide referral sources with items and services that appear to support 
the interoperable exchange of information on their face, but, in 
practice, lead to data and referral lock-in. See, e.g., https://oig.hhs.gov/publications/docs/semiannual/2009/semiannual_fall2009.pdf.
    In light of (1) these comments, (2) our continued concern about the 
potential for fraud and abuse by certain donors that we articulated in 
the 2006 Final Rule,\5\ and (3) the proposed changes to the electronic 
health records safe harbor conditions discussed in this proposed rule, 
we propose to limit the scope of protected donors under the electronic 
health records safe harbor, with the continued goal of promoting 
adoption of interoperable electronic health record technology that 
benefits patient care while reducing the likelihood that donors will 
misuse electronic health record technology donations to secure 
referrals. In this regard, we are considering revising the safe harbor 
to cover only the original MMA-mandated donors: hospitals, group 
practices, PDP sponsors, and MA organizations. We are considering, and 
seek comments regarding, whether other individuals or entities with 
front-line patient care responsibilities across health care settings, 
such as safety net providers, should be included, and, if so, which 
ones. Alternatively, we are considering retaining the current 
definition of protected donors, but excluding specific types of donors. 
Specifically, we are considering excluding suppliers of ancillary 
services associated with a high risk of fraud and abuse, because 
donations by such suppliers may be more likely to be motivated by a 
purpose of securing future business than by a purpose of better 
coordinating care for beneficiaries across health care settings. In 
particular, we are considering excluding laboratory companies from the 
scope of permissible donors as their donations have been the subject of 
complaints. We are also considering excluding other high-risk 
categories, such as durable medical equipment suppliers and independent 
home health agencies. We seek comment on the alternatives under 
consideration, including comments, with supporting reasons, regarding 
particular types of providers and suppliers that should or should not 
be protected donors given the goals of the safe harbor.
---------------------------------------------------------------------------

    \5\ See 71 FR 45110, 45128 (Aug. 8, 2006).
---------------------------------------------------------------------------

2. Data Lock-In and Exchange
    In the preceding section, we propose to limit the scope of 
permissible donors as a means to prevent donations that subvert the 
intent of the safe harbor--because they are used to lock in referrals--
from receiving safe harbor protection. We are also considering 
inclusion of new or modified conditions in the safe harbor as an 
alternative or additional means of achieving that result. We are 
particularly interested in new or modified conditions that will help 
achieve two related goals. The first goal is to prevent the misuse of 
the safe harbor in a way that results in data and referral lock-in. The 
second, related goal is to encourage the free exchange of data (in 
accordance with protections for privacy). These goals reflect our 
interest, which we discussed above, in promoting the adoption of 
interoperable electronic health record technology that benefits patient 
care while reducing the likelihood that donors will misuse electronic 
health record technology

[[Page 21319]]

donations to secure referrals. The 2006 Final Rule requires donated 
software to be interoperable at the time it is donated to the 
recipient. The software is deemed interoperable if it is certified as 
described above. However, it has been suggested that even when donated 
software meets the interoperability requirements of the rule, policies 
and practices sometimes affect the true ability of electronic health 
record technology items and services to be used to exchange information 
across organizational and vendor boundaries.\6\ We seek comments on 
what new or modified conditions could be added to the electronic health 
records safe harbor to achieve our two goals and whether those 
conditions, if any, should be in addition to, or in lieu of, our 
proposal to limit the scope of permissible donors. For example, 42 CFR 
1001.952(y)(3)requires, as a condition of the safe harbor, that ``[t]he 
donor (or any person on the donor's behalf) [ ] not take any action to 
limit or restrict the use, compatibility, or interoperability of the 
items or services with other electronic prescribing or electronic 
health records systems.'' We solicit comments with regard to whether 
this condition could be modified to reduce the possibility of lock-in.
---------------------------------------------------------------------------

    \6\ For more information on interoperability in health IT, see 
``EHR Interoperability'' on the HealthIT.gov Web site at https://www.healthit.gov/providers-professionals/ehr-interoperability. For 
further discussion of interoperability and other health IT issues, 
see Arthur L. Kellermann and Spencer S. Jones, ANALYSIS & 
COMMENTARY: What It Will Take to Achieve The As-Yet-Unfulfilled 
Promises Of Health Information Technology, Health Aff. January 2013 
32:163-68.
---------------------------------------------------------------------------

3. Covered Technology
    We received questions concerning whether certain items or services, 
for example services that enable the interoperable exchange of 
electronic health records data, fall within the scope of covered 
technology under the electronic health records safe harbor. The answer 
to such questions depends on the exact items or services that are being 
donated. In the 2006 Final Rule, we explained that we interpreted the 
term `` `software, information technology and training services 
necessary and used predominantly' for electronic health records 
purposes to include the following, by way of example: [i]nterface and 
translation software; rights, licenses, and intellectual property 
related to electronic health records software; connectivity services, 
including broadband and wireless Internet services; clinical support 
and information services related to patient care (but not separate 
research or marketing support services); maintenance services; secure 
messaging (e.g., permitting physicians to communicate with patients 
through electronic messaging); and training and support services (such 
as access to help desk services).'' 71 FR 45110, 45125 (Aug. 8, 2006). 
It also has been suggested that we modify the regulatory text of the 
electronic health records safe harbor to explicitly reflect this 
interpretation. We believe that the current regulatory text, when read 
in light of the preamble discussion, is sufficiently clear concerning 
the scope of covered technology, but we seek input from the public 
regarding this issue.

III. Regulatory Impact Statement

    We have examined the impact of this rule as required by Executive 
Order 12866 on Regulatory Planning and Review (Sept. 30, 1993); 
Executive Order 13563 on Improving Regulation and Regulatory Review 
(Jan. 18, 2011); the Regulatory Flexibility Act (RFA) (Sept. 19, 1980, 
Pub. L. 96-354, codified at 5 U.S.C. 601 et seq.); section 1102(b) of 
the Act; section 202 of the Unfunded Mandates Reform Act of 1995 (Mar. 
22, 1995; Pub. L. 104-4); Executive Order 13132 on Federalism (August 
4, 1999); and the Congressional Review Act (5 U.S.C. 804(2)).
    Executive Orders 12866 and 13563 direct agencies to assess all 
costs and benefits of available regulatory alternatives and, if 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health and safety effects, distributive impacts, and equity). A 
regulatory impact analysis (RIA) must be prepared for major rules with 
economically significant effects ($100 million or more in any 1 year). 
We believe this proposed rule does not reach the economic threshold for 
being considered economically significant and thus is not considered a 
major rule. We solicit comment on the assumptions and findings 
presented in this initial regulatory impact analysis.
    The proposed rule would update the provision under which electronic 
health records software is deemed interoperable, remove the requirement 
related to electronic prescribing capability, and extend the safe 
harbor's sunset date (currently set at December 31, 2013). Neither this 
proposed rule nor the regulation it amends requires any entity to 
donate electronic health record technology, but we expect these 
proposed changes to continue to facilitate the adoption of electronic 
health record technology by filling a gap rather than creating the 
primary means by which this technology will be adopted.
    The summation of the economic impact analysis regarding the effects 
of electronic health records in the ambulatory setting that is 
presented in the 2006 Final Rule still pertains to this proposed 
regulation. 71 FR 45110 (Aug. 8, 2006). However, since the 2006 Final 
Rule, several developments have occurred to make us conclude that it is 
no longer necessary to retain a requirement related to electronic 
prescribing capability in the electronic health records safe harbor. 
These developments include: (1) In 2008, Congress passed the Medicare 
Improvements for Patients and Providers Act of 2008 (MIPPA), Pub. L. 
110-275; (2) in 2009, Congress passed the Health Information Technology 
for Economic and Clinical Health (HITECH) Act, Title XIII of Division A 
and Title IV of Division B of the American Recovery and Reinvestment 
Act of 2009 (ARRA), Pub. L. 111-5; and (3) an increase over the past 
few years in the rate of electronic health record-based electronic 
prescribing capabilities.
    As discussed in more detail earlier in the preamble, section 132 of 
MIPPA authorized an electronic prescribing incentive program (starting 
in 2009) for certain types of eligible professionals. The HITECH Act 
authorizes CMS to establish Medicare and Medicaid electronic health 
record incentive programs for certain eligible professionals, eligible 
hospitals, and critical access hospitals. Also, the HITECH Act requires 
that eligible professionals under the Medicare and Medicaid electronic 
health record incentive programs demonstrate meaningful use of 
certified electronic health record technology, including the use of 
electronic prescribing. Specifically, the final regulation of the Stage 
2 meaningful use (77 FR 53968 (Sept. 4, 2012)) includes more demanding 
requirements for electronic prescribing and identifies electronic 
prescribing as a required core measure. As a result, beginning in CY 
2015 an eligible professional risks a reduction in the Medicare 
Physician Fee Schedule amount that will otherwise apply for covered 
professional services if they are not a meaningful EHR user for an EHR 
reporting period during that year. Our intent remains to allow 
potential recipients not to receive products or services they already 
own, but rather to receive electronic health record technology that 
advances its adoption and use. Lastly, according to ONC, electronic 
prescribing by physicians using electronic health record technology has 
increased from 7 percent

[[Page 21320]]

in December 2008 to approximately 48 percent in June 2012.\7\ 
Furthermore, the regulations recently published to implement Stage 2 of 
the EHR Incentive Programs continue to encourage physicians' use of 
electronic prescribing technology. 77 FR 53968, 53989 (Sept. 4, 2012); 
77 FR 54163, 54198 (Sept. 4, 2012). Due to data limitations, however, 
we are unable to accurately estimate the level of impact the electronic 
health records safe harbor has contributed to the increase in 
electronic prescribing. Therefore, we believe as a result of these 
legislative and regulatory developments advancing in parallel, the 
increase in the adoption of electronic prescribing using electronic 
health record technology will continue without making it necessary to 
retain the electronic prescribing capability requirement in the 
electronic health records safe harbor.
---------------------------------------------------------------------------

    \7\ State Variation in E-Prescribing Trends in the United 
States--available at: https://www.healthit.gov/sites/default/files/us_e-prescribingtrends_onc_brief_4_nov2012.pdf.
---------------------------------------------------------------------------

    The RFA requires agencies to analyze options for regulatory relief 
of small entities, if a rule has a significant impact on a substantial 
number of small entities. For purposes of the RFA, small entities 
include small businesses, nonprofit organizations, and small 
governmental jurisdictions. Most hospitals and most other providers and 
suppliers are small entities, either by nonprofit status or by having 
revenues of $7.0 million to $34.5 million in any 1 year. Individuals 
and States are not included in the definition of a small entity. The 
Secretary has determined that this proposed rule would not have a 
significant economic impact on a substantial number of small entities.
    In addition, section 1102(b) of the Act requires us to prepare a 
regulatory impact analysis if a rule may have a significant impact on 
the operations of a substantial number of small rural hospitals. This 
analysis must conform to section 603 of the RFA. For purposes of 
section 1102(b) of the Act, we define a small rural hospital as a 
hospital that is located outside a Metropolitan Statistical Area for 
Medicare payment regulations and has fewer than 100 beds. The Secretary 
has determined that this proposed rule would not have a significant 
impact on the operations of a substantial number of small rural 
hospitals.
    Section 202 of the Unfunded Mandates Reform Act of 1995 also 
requires that agencies assess anticipated costs and benefits before 
issuing any rule whose mandates require spending in any 1 year of $100 
million in 1995 dollars, updated annually for inflation. In 2013, that 
threshold is approximately $141 million. This rule will have no 
consequential effect on State, local, or tribal governments or on the 
private sector.
    Executive Order 13132 establishes certain requirements that an 
agency must meet when it promulgates a proposed rule (and subsequent 
final rule) that imposes substantial direct requirement costs on State 
and local governments, preempts State law, or otherwise has Federalism 
implications. Since this regulation does not impose any costs on State 
or local governments, the requirements of Executive Order 13132 are not 
applicable.
    In accordance with Executive Order 12866, this regulation was 
reviewed by the Office of Management and Budget.

IV. Paperwork Reduction Act

    This document does not impose information collection and 
recordkeeping requirements. Consequently, it need not be reviewed by 
the Office of Management and Budget under the authority of the 
Paperwork Reduction Act of 1995.

List of Subjects in 42 CFR Part 1001

    Administrative practice and procedure, Fraud, Grant programs--
Health, Health facilities, Health professions, Maternal and child 
health, Medicaid, Medicare, Social Security.
    Accordingly, 42 CFR part 1001 is proposed to be amended as set 
forth below:

PART 1001--[AMENDED]

0
1. The authority citation for part 1001 continues to read as follows:

    Authority: 42 U.S.C. 1302, 1320a-7, 1320a-7b, 1395u(j), 
1395u(k), 1395w-104(e)(6), 1395y(d), 1395y(e), 1395cc(b)(2)(D), (E) 
and (F), and 1395hh; and sec. 2455, Pub. L. 103-355, 108 Stat. 3327 
(31 U.S.C. 6101 note).

0
2. Section 1001.952 is amended by revising the introductory text, 
paragraph (y) introductory text, and paragraphs (y)(2) and (y)(13), and 
by removing and reserving paragraph (y)(10).
    The revisions read as follows:


Sec.  1001.952  Exceptions.

    The following payment practices shall not be treated as a criminal 
offense under section 1128B of the Act and shall not serve as the basis 
for an exclusion:
* * * * *
    (y) Electronic health records items and services. As used in 
section 1128B of the Act, ``remuneration'' does not include nonmonetary 
remuneration (consisting of items and services in the form of software 
or information technology and training services) necessary and used 
predominantly to create, maintain, transmit, or receive electronic 
health records, if all of the following conditions are met:
* * * * *
    (2) The software is interoperable at the time it is provided to the 
recipient. For purposes of this subparagraph, software is deemed to be 
interoperable if a certifying body authorized by the National 
Coordinator for Health Information Technology has certified the 
software to any edition of the electronic health record certification 
criteria identified in the then-applicable definition of Certified EHR 
Technology in 45 CFR part 170, on the date it is provided to the 
recipient.
* * * * *
    (13) The transfer of the items and services occurs, and all 
conditions in this paragraph (y) have been satisfied, on or before 
December 31, 2016.
* * * * *

    Dated: January 22, 2013.
Daniel R. Levinson,
Inspector General.

    Approved: March 7, 2013.
Kathleen Sebelius,
Secretary.
[FR Doc. 2013-08314 Filed 4-8-13; 4:15 pm]
BILLING CODE 4152-01-P