Medicare and State Health Care Programs: Fraud and Abuse; Electronic Health Records Safe Harbor Under the Anti-Kickback Statute, 79201-79220 [2013-30924]

Agencies

• DEPARTMENT OF HEALTH AND HUMAN SERVICES
• Office of Inspector General

[Federal Register Volume 78, Number 249 (Friday, December 27, 2013)]
[Rules and Regulations]
[Pages 79201-79220]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2013-30924]



[[Page 79201]]

Vol. 78

Friday,

No. 249

December 27, 2013

Part III





Department of Health and Human Services





-----------------------------------------------------------------------





Office of Inspector General





-----------------------------------------------------------------------





42 CFR Part 1001





Medicare and State Health Care Programs: Fraud and Abuse; Electronic 
Health Records Safe Harbor Under the Anti-Kickback Statute; Final Rule

Federal Register / Vol. 78 , No. 249 / Friday, December 27, 2013 / 
Rules and Regulations

[[Page 79202]]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of Inspector General

42 CFR Part 1001

RIN 0991-AB33


Medicare and State Health Care Programs: Fraud and Abuse; 
Electronic Health Records Safe Harbor Under the Anti-Kickback Statute

AGENCY: Office of Inspector General (OIG), HHS.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: In this final rule, the Office of Inspector General (OIG) 
amends the safe harbor regulation concerning electronic health records 
items and services, which defines certain conduct that is protected 
from liability under the Federal anti-kickback statute, section 
1128B(b) of the Social Security Act (the Act). Amendments include 
updating the provision under which electronic health records software 
is deemed interoperable; removing the electronic prescribing capability 
requirement; extending the sunset provision until December 31, 2021; 
limiting the scope of protected donors to exclude laboratory companies; 
and clarifying the condition that prohibits a donor from taking any 
action to limit or restrict the use, compatibility, or interoperability 
of the donated items or services.

DATES: Effective Date: With the exception of the revision of 42 CFR 
1001.952(y)(13), this regulation is effective on March 27, 2014. The 
revision of 42 CFR 1001.952(y)(13) is effective on December 31, 2013.

FOR FURTHER INFORMATION CONTACT: James A. Cannatti III, Heather L. 
Westphal, or Andrew VanLandingham, Office of Counsel to the Inspector 
General, (202) 619-0335.

SUPPLEMENTARY INFORMATION: 

------------------------------------------------------------------------
       Social security act  citation        United States code  citation
------------------------------------------------------------------------
1128B.....................................  42 U.S.C. 1320a-7b
------------------------------------------------------------------------

Executive Summary

A. Purpose of the Regulatory Action

    Pursuant to section 14 of the Medicare and Medicaid Patient and 
Program Protection Act of 1987 and its legislative history, Congress 
required the Secretary of Health and Human Services (the Secretary) to 
promulgate regulations setting forth various ``safe harbors'' to the 
anti-kickback statute, which would be evolving rules that would be 
periodically updated to reflect changing business practices and 
technologies in the health care industry. In accordance with this 
authority, OIG published a safe harbor to protect certain arrangements 
involving the provision of interoperable electronic health records 
software or information technology and training services. The final 
rule for this safe harbor was published on August 8, 2006 (71 FR 45110) 
and is scheduled to sunset on December 31, 2013 (42 CFR 
1001.952(y)(13)). OIG published a notice of proposed rulemaking on 
April 10, 2013 (78 FR 21314), proposing to update certain aspects of 
the electronic health records safe harbor and to extend the sunset 
date. The purpose of this final rule is to address comments received on 
the proposed rule and to finalize certain aspects of the proposed rule.

B. Summary of the Final Rule

    In this final rule, we amend the current safe harbor in several 
ways. First, we update the provision under which electronic health 
records software is deemed interoperable. Second, we remove the 
requirement related to electronic prescribing capability from the safe 
harbor. Third, we extend the sunset date of the safe harbor to December 
31, 2021. Fourth, we limit the scope of protected donors to exclude 
laboratory companies. And fifth, we revise the text to clarify the 
condition that prohibits a donor from taking any action to limit or 
restrict the use, compatibility, or interoperability of the donated 
items or services.

C. Costs and Benefits

    This final rule modifies an existing safe harbor to the anti-
kickback statute. This safe harbor permits certain entities to provide 
certain items and services in the form of software and information 
technology and training services necessary and used predominantly to 
create, maintain, transmit, or receive electronic health records to 
certain parties. Parties may voluntarily seek to comply with safe 
harbors so that they have assurance that their conduct will not subject 
them to any enforcement actions under the anti-kickback statute, the 
civil monetary penalty (CMP) provision for anti-kickback statute 
violations, or the program exclusion authority related to kickbacks, 
but safe harbors do not impose new requirements on any party.
    This is not a major rule, as defined at 5 U.S.C. 804(2). It is also 
not economically significant, because it will not have a significant 
effect on program expenditures, and there are no additional substantive 
costs to implement the resulting provisions. We expect the safe harbor, 
as modified by this final rule, to continue to facilitate the adoption 
of electronic health records technology.

I. Background

A. Anti-Kickback Statute and Safe Harbors

    Section 1128B(b) of the Act (42 U.S.C. 1320a-7b(b), the anti-
kickback statute) provides criminal penalties for individuals or 
entities that knowingly and willfully offer, pay, solicit, or receive 
remuneration in order to induce or reward the referral of business 
reimbursable under any of the Federal health care programs, as defined 
in section 1128B(f) of the Act. The offense is classified as a felony 
and is punishable by fines of up to $25,000 and imprisonment for up to 
5 years. Violations of the anti-kickback statute may also result in the 
imposition of CMPs under section 1128A(a)(7) of the Act (42 U.S.C. 
1320a-7a(a)(7)), program exclusion under section 1128(b)(7) of the Act 
(42 U.S.C. 1320a-7(b)(7)), and liability under the False Claims Act (31 
U.S.C. 3729-33).
    The types of remuneration covered specifically include, without 
limitation, kickbacks, bribes, and rebates, whether made directly or 
indirectly, overtly or covertly, in cash or in kind. In addition, 
prohibited conduct includes not only the payment of remuneration 
intended to induce or reward referrals of patients, but also the 
payment of remuneration intended to induce or reward the purchasing, 
leasing, or ordering of, or arranging for or recommending the 
purchasing, leasing, or ordering of, any good, facility, service, or 
item reimbursable by any Federal health care program.
    Because of the broad reach of the statute, concern was expressed 
that some relatively innocuous commercial arrangements were covered by 
the statute and, therefore, potentially subject to criminal 
prosecution. In response, Congress enacted section 14 of the Medicare 
and Medicaid Patient and Program Protection Act of 1987, Public Law 
100-93 (section 1128B(b)(3)(E) of the Act; 42 U.S.C. 1320a-
7b(B)(3)(E)), which specifically required the development and 
promulgation of regulations, the so-called ``safe harbor'' provisions, 
that would specify various payment and business practices that would 
not be subject to sanctions under the anti-kickback statute, even 
though they may potentially be capable of inducing referrals of 
business under the Federal health care programs. Since July 29, 1991, 
we have published in the Federal Register a series of final regulations 
establishing ``safe harbors''

[[Page 79203]]

in various areas. These OIG safe harbor provisions have been developed 
``to limit the reach of the statute somewhat by permitting certain non-
abusive arrangements, while encouraging beneficial or innocuous 
arrangements.'' 56 FR 35952, 35958 (July 29, 1991).
    Health care providers, suppliers, and others may voluntarily seek 
to comply with safe harbors so that they have the assurance that their 
business practices will not be subject to any enforcement action under 
the anti-kickback statute, the CMP provision for anti-kickback 
violations, or the program exclusion authority related to kickbacks. In 
giving the Department of Health and Human Services (Department or HHS) 
the authority to protect certain arrangements and payment practices 
under the anti-kickback statute, Congress intended the safe harbor 
regulations to be updated periodically to reflect changing business 
practices and technologies in the health care industry.

B. The Electronic Health Records Safe Harbor

    Using our authority at section 1128B(b)(3)(E) of the Act, we 
published a notice of proposed rulemaking (the 2005 Proposed Rule) that 
would promulgate two safe harbors to address donations of certain 
electronic health records software and directly related training 
services. 70 FR 59015, 59021 (Oct. 11, 2005). One proposed safe harbor 
would have protected certain arrangements involving donations of 
electronic health records items and services made before the adoption 
of certification criteria. The other proposed safe harbor would have 
protected certain arrangements involving nonmonetary remuneration in 
the form of interoperable electronic health records software certified 
in accordance with criteria adopted by the Secretary and directly 
related training services. In the same issue of the Federal Register, 
the Centers for Medicare & Medicaid Services (CMS) proposed similar 
exceptions to the physician self-referral law. 70 FR 59182 (Oct. 11, 
2005).
    On August 8, 2006 (71 FR 45110), we published a final rule (the 
2006 Final Rule) that, among other things, finalized a safe harbor at 
42 CFR 1001.952(y) (the electronic health records safe harbor) for 
protecting certain arrangements involving interoperable electronic 
health records software or information technology and training 
services. In the same issue of the Federal Register, CMS published 
similar final regulations pertaining to the physician self-referral law 
at 42 CFR 411.357(w). 71 FR 45140 (Aug. 8, 2006). The electronic health 
records safe harbor is scheduled to sunset on December 31, 2013. 42 CFR 
1001.952(y)(13).

C. Summary of the 2013 Proposed Rulemaking

    On April 10, 2013 (78 FR 21314), we published a proposed rule (the 
2013 Proposed Rule) setting forth certain proposed changes to the 
electronic health records safe harbor. In the 2013 Proposed Rule, we 
proposed to amend the current safe harbor in several ways. First, we 
proposed to update the provision under which electronic health records 
software is deemed interoperable. Second, we proposed to remove the 
requirement related to electronic prescribing capability from the safe 
harbor. Third, we proposed to extend the sunset date of the safe 
harbor. In addition to these proposals, we solicited public comment on 
other proposals and possible amendments to the safe harbor, including 
limiting the scope of protected donors and adding or modifying 
conditions to limit the risk of data and referral lock-in. CMS proposed 
almost identical changes to the physician self-referral law electronic 
health records exception elsewhere in the same issue of the Federal 
Register. 78 FR 21308 (Apr. 10, 2013). We attempted to ensure as much 
consistency as possible between our proposed safe harbor changes and 
CMS's proposed exception changes, within the limitations imposed by the 
differences in the underlying statutes. We noted in the 2013 Proposed 
Rule that, due to the close nexus between the 2013 Proposed Rule and 
CMS's proposed rule, we may consider comments submitted in response to 
CMS's proposed rule when crafting our final rule. Similarly, CMS stated 
that it may consider comments submitted in response to the 2013 
Proposed Rule in crafting its final rule.

D. Summary of the Final Rulemaking

    In this final rulemaking, we amend the electronic health records 
safe harbor at 42 CFR 1001.952(y) in several ways. First, we update the 
provision under which electronic health records software is deemed 
interoperable. Second, we remove the requirement related to electronic 
prescribing capability from the safe harbor. Third, we extend the 
sunset date of the safe harbor to December 31, 2021. Fourth, we limit 
the scope of protected donors to exclude laboratory companies. And 
fifth, we revise the text to clarify the condition that prohibits a 
donor from taking any action to limit or restrict the use, 
compatibility, or interoperability of the donated items or services.
    As we observed in the 2006 Final Rule,

    OIG has a longstanding concern about the provision of free or 
reduced price goods or services to an existing or potential referral 
source. There is a substantial risk that free or reduced-price goods 
or services may be used as a vehicle to disguise or confer an 
unlawful payment for referrals of Federal health care program 
business. Financial incentives offered, paid, solicited, or received 
to induce or in exchange for generating Federal health care business 
increase the risks of, among other problems: (i) [o]verutilization 
of health care items or services; (ii) increased Federal program 
costs; (iii) corruption of medical decision making; and (iv) unfair 
competition.

71 FR 45110, 45111 (Aug. 8, 2006).
We further stated that,

consistent with the structure and purpose of the anti-kickback 
statute and the regulatory authority at section 1128B(b)(3)(E) of 
the Act, we believe any safe harbor for electronic health records 
arrangements should protect beneficial arrangements that would 
eliminate perceived barriers to the adoption of electronic health 
records without creating undue risk that the arrangements might be 
used to induce or reward the generation of Federal health care 
program business.

Id.
    We believe that the safe harbor, as amended by this final rule, 
achieves this goal.
    Elsewhere in this issue of the Federal Register, CMS is finalizing 
almost identical changes to the electronic health records exception \1\ 
under the physician self-referral law. We attempted to ensure as much 
consistency as possible between our changes to the electronic health 
records safe harbor and CMS's exception changes, within the limitations 
imposed by the differences in the underlying statutes. As indicated in 
the 2013 Proposed Rule, we have considered and responded to the timely 
comments we received as well as those CMS received. Similarly, CMS 
considered comments submitted in response to our 2013 Proposed Rule in 
crafting its final rule. For purposes of this final rule, we treat 
comments that were made with respect to the physician self-referral law 
as if they had been made with respect to the anti-kickback statute, 
except where they relate to differences in the underlying statutes.
---------------------------------------------------------------------------

    \1\ 42 CFR 411.357(w).
---------------------------------------------------------------------------

II. Summary of Public Comments and OIG Responses

    OIG received approximately 109 timely filed comments from a variety 
of entities and individuals. CMS received a similar number of timely 
filed comments. Overall, the commenters (including in comments 
submitted to

[[Page 79204]]

CMS) supported the proposed amendments to the electronic health records 
safe harbor. However, we received many specific comments about various 
aspects of the proposed amendments. We have divided the summaries of 
the public comments and our responses into five parts: A. The Deeming 
Provision, B. The Electronic Prescribing Provision, C. The Sunset 
Provision, D. Additional Proposals and Considerations, and E. Comments 
Outside the Scope of Rulemaking.

A. The Deeming Provision

    Our current electronic health records safe harbor requires at 42 
CFR 1001.952(y)(2) that the donated software must be ``interoperable'' 
(as defined at Note to Paragraph (y) in 42 CFR 1001.952(y)). This 
condition further provides that software is deemed to be interoperable 
if a certifying body recognized by the Secretary has certified the 
software within no more than 12 months prior to the date it is provided 
to the recipient. We proposed two modifications to this provision in 
1001.952(y)(2), which is known as the ``deeming provision.'' Both 
modifications to the deeming provision were proposed to reflect recent 
developments in the Office of the National Coordinator for Health 
Information Technology (ONC) certification program.
    The first proposed modification would reflect ONC's responsibility 
for authorizing certifying bodies. The second proposal would modify the 
time frame during which donated software must be certified. Currently, 
to meet the deeming provision, the safe harbor requires software to be 
certified within no more than 12 months prior to the date of donation.
    Subsequent to the issuance of the 2006 Final Rule, ONC developed a 
regulatory process for adopting certification criteria and standards, 
which is anticipated to occur on a cyclical basis. (For more 
information, see ONC's September 4, 2012 Final Rule entitled ``Health 
Information Technology: Standards, Implementation Specifications, and 
Certification Criteria for Electronic Health Record Technology, 2014 
Edition; Revisions to the Permanent Certification Program for Health 
Information Technology'' (77 FR 54163).) Our proposal would modify the 
deeming provision to track ONC's anticipated regulatory cycle. As a 
result, software would be eligible for deeming if, on the date it is 
provided to the recipient, it has been certified to any edition of the 
electronic health record certification criteria that is identified in 
the then-applicable definition of Certified EHR Technology in 45 CFR 
part 170. For example, for 2013, the applicable definition of Certified 
EHR Technology includes both the 2011 and the 2014 editions of the 
electronic health record certification criteria. Therefore, in 2013, 
software certified to meet either the 2011 edition or the 2014 edition 
could satisfy the safe harbor provision as we proposed.
    Additionally, we solicited comments on whether removing the current 
12-month certification requirement would impact donations and whether 
to retain the 12-month certification period as an additional means of 
determining eligibility under the deeming provision.
    After consideration of the public comments, we are finalizing the 
proposed revisions to subparagraph (y)(2) with one clarification to our 
proposed regulatory text to ensure the deeming provision closely tracks 
ONC's certification program. We are revising 42 CFR 1001.952(y)(2) to 
state that software is deemed to be interoperable if, on the date it is 
provided to the recipient, it has been certified by a certifying body 
authorized by the National Coordinator for Health Information 
Technology to an edition of the electronic health record certification 
criteria identified in the then-applicable version of 45 CFR part 170. 
As we stated in the 2006 Final Rule, we understand that

the ability of software to be interoperable is evolving as 
technology develops. In assessing whether software is interoperable, 
we believe the appropriate inquiry is whether the software is as 
interoperable as feasible given the prevailing state of technology 
at the time the items or services are provided to the recipient.

71 FR 45110, 45126 (Aug. 8, 2006).

    We believe our final rule with respect to this condition is 
consistent with that understanding and our objective of ensuring that 
software is certified to the current required standard of 
interoperability when it is donated.
ONC as Agency To Recognize Certifying Bodies
    Comment: All commenters addressing the subject supported the 
proposed modification that would amend the safe harbor to recognize ONC 
as the agency responsible for authorizing certifying bodies on behalf 
of the Secretary, with one commenter requesting that we clarify that 
software need not be certified to ONC standards to be eligible for 
donation.
    Response: We appreciate the commenters' support for this 
modification. With respect to the request for clarification, the 
commenter is correct that 42 CFR 1001.952(y)(2) does not require 
software to be certified to ONC standards in order to be eligible for 
donation. As we discussed in the 2006 Final Rule (71 FR 45110, 45127 
(Aug. 8, 2006)), the deeming provision offers parties one way to be 
certain that the interoperability condition of subparagraph (y)(2) is 
met at the time of donation. Even if donated software is not deemed to 
be interoperable, the donation would satisfy the interoperability 
condition of subparagraph (y)(2) if it meets the definition of 
``interoperable'' in the Note to Paragraph (y) in 42 CFR 1001.952(y).
    Comment: One commenter expressed concerns about linking the 
interoperability requirement of the safe harbor to ONC's certification 
criteria and standards because they do not, in the commenter's 
assessment, reflect contemporary views of interoperability. The 
commenter suggested that we instead implement a broad definition of 
interoperability adopted by the International Organization for 
Standardization or, alternatively, that we adopt interoperability 
functional definitions developed by the American National Standards 
Institute.
    Response: While we are mindful that other non-governmental 
organizations may be developing their own standards to encourage the 
adoption of interoperable electronic health records technology, the ONC 
certification criteria and standards are the core policies the 
Department is utilizing to accelerate and advance interoperability and 
health information exchange. ONC and CMS jointly published a Request 
for Information (78 FR 14793 (Mar. 7, 2013)) to solicit public feedback 
on a set of possible policies ``that would encourage providers to 
routinely exchange health information through interoperable systems in 
support of care coordination across health care settings.'' 78 FR 
14793, 14794 (Mar. 7, 2013). The process by which ONC considers the 
implementation of new certification criteria and standards is a public, 
transparent effort that allows the Department's electronic health 
records technology experts to appropriately consider the comments 
submitted in light of the goal ``to accelerate the existing progress 
and enhance a market environment that will accelerate [health 
information exchange] across providers. . . .'' 78 FR 14793, 14795 
(Mar. 7, 2013).
    We believe it is reasonable and appropriate to link the deeming 
provision to the ONC certification criteria and standards because of 
ONC's expertise and its public process for considering and implementing 
the criteria and standards. ONC is the

[[Page 79205]]

Department agency with expertise in determining the relevant criteria 
and standards to ensure that software is as interoperable as feasible 
given the prevailing state of technology. ONC expects to revise and 
expand such criteria and standards incrementally over time to support 
greater electronic health record technology interoperability. See 77 FR 
54163, 54269 (Sept. 4, 2012). Additionally, utilizing the ONC 
certification criteria and standards that are implemented through a 
public process affords the best opportunity for interested parties to 
comment on, understand, and ultimately implement those criteria and 
standards. Therefore, we are not adopting the commenter's suggestion.
    Comment: One commenter stated that many electronic health records 
systems lack the capabilities to function within a patient-centered 
medical home. The commenter suggested that we finalize policies that 
further strengthen the use of core electronic health records features.
    Response: As discussed, ONC is the Department agency with expertise 
in determining the relevant criteria and standards for electronic 
health records technology, including those related to the use of core 
features. ONC certification criteria and standards that are implemented 
through a public process afford the best opportunity for interested 
parties to comment on, understand, and ultimately implement those 
criteria and standards. Therefore, we are not adopting the commenter's 
suggestion.
Time Frame for Certification
    Comment: Of the commenters that addressed the issue, most supported 
our proposal to modify the time frame within which donated software 
must have been certified to more closely track the current ONC 
certification program. Commenters asserted that aligning with ONC's 
certification program will provide donors and recipients more certainty 
about the deemed status of donated software because the software must 
be certified to meet only one set of standards on the same 
certification cycle to comply with both the ONC certification criteria 
and the deeming provision of the safe harbor. One commenter supported 
the modification, but suggested that the 12-month certification time 
frame also be retained or, alternatively, that we allow software to be 
deemed to be interoperable if it has been certified to any edition of 
the ONC electronic health record certification criteria.
    Response: We appreciate the commenters' support for our proposal to 
modify the safe harbor certification time frame to align with ONC's 
certification program. We believe, as the commenters suggest, that such 
a modification will support our dual goals of the deeming provision: 
(1) To ensure that donated software is as interoperable as feasible 
given the prevailing state of technology at the time it is provided to 
the recipient and (2) to provide donors and recipients a means to have 
certainty that donated software satisfies the interoperability 
condition of the safe harbor.
    We are not persuaded to adopt the commenter's suggestion to retain 
the 12-month certification time frame; this would not ensure that 
software is certified to the current required standard of 
interoperability. In the course of evaluating the commenter's 
alternative proposal, however, we realized that our proposed regulatory 
text may be too narrow to satisfy the dual goals of the deeming 
provision. Under our proposed regulatory text from the 2013 Proposed 
Rule, software would be deemed interoperable if it was certified to an 
edition \2\ of certification criteria referenced in the then-applicable 
definition of ``Certified EHR Technology'' at 45 CFR 170.102. That 
definition applies only to the Medicare and Medicaid Electronic Health 
Record Incentive Programs (the EHR Incentive Programs). See generally 
42 CFR part 495. However, ONC also has the authority to adopt 
certification criteria for health information technology, including 
electronic health records, into other regulations at 45 CFR part 170 
that may not be referenced in the definition of ``Certified EHR 
Technology'' because they are not related to the EHR Incentive 
Programs. If we retained our proposed regulatory text, software 
certified to criteria in editions not included in the definition 
``Certified EHR Technology'' would not be eligible for deeming under 
the safe harbor, which was not our intent. The safe harbor described in 
this rule is not limited to donations to individuals and entities 
eligible to participate in the EHR Incentive Programs. Individuals and 
entities such as long-term/post-acute care providers and non-physician 
behavioral health practitioners, while not eligible to participate in 
the EHR Incentive Programs, may receive donations that are protected by 
this safe harbor, if the donations meet the conditions of the safe 
harbor. Further, we have recently learned that ONC intends to retire 
outdated editions of certification criteria by removing them from the 
regulatory text at 45 CFR part 170. Accordingly, software certified to 
an edition identified in the regulations in effect on the date of the 
donation would be certified to a then-applicable edition, regardless of 
whether the particular edition was also referenced in the then-
applicable definition of Certified EHR Technology.
---------------------------------------------------------------------------

    \2\ ONC has recently begun characterizing sets of adopted 
certification criteria as ``editions.''
---------------------------------------------------------------------------

    Thus, we are finalizing our policy to more closely track ONC's 
certification program in the deeming provision. We are adopting 
modified regulatory text to provide that software is deemed to be 
interoperable if, on the date it is provided to the recipient, it has 
been certified by a certifying body authorized by the National 
Coordinator for Health Information Technology to an edition of the 
electronic health record certification criteria identified in the then-
applicable version of 45 CFR part 170. We believe that this modified 
regulatory text is consistent with the intent we articulated in the 
2013 Proposed Rule to modify the deeming provision by removing the 12-
month timeframe and substituting a provision that more closely tracks 
ONC's certification program. Further, we believe that the regulatory 
text, as modified, will support our dual goals of the deeming 
provision, which we discussed above.
New Certification/Deeming Requirements
    Comment: One commenter suggested that, for deeming purposes, we 
should require that software be certified to the latest edition of 
electronic health record certification criteria rather than any edition 
then-applicable. This commenter also suggested that the electronic 
directory of service (e-DOS) standard should be a certification 
requirement for donated software, and asserted that both 
recommendations would help ensure electronic health records software is 
interoperable.
    Response: We decline to adopt the commenter's suggested 
requirements for the safe harbor at 42 CFR 1001.952(y). We believe that 
requiring that donated software be certified to editions that are 
adopted and not yet retired by ONC through its certification program 
ensures that the software is certified to interoperability standards 
updated regularly by the Department agency with the relevant expertise. 
Further, adding requirements to the ONC certification criteria and 
standards is outside the scope of this rule. Therefore, we are not 
implementing the commenter's suggestions.

B. The Electronic Prescribing Provision

    At 42 CFR 1001.952(y)(10), our current electronic health records 
safe harbor specifies that the donated

[[Page 79206]]

software must ``contain[ ] electronic prescribing capability, either 
through an electronic prescribing component or the ability to interface 
with the recipient's existing electronic prescribing system that meets 
the applicable standards under Medicare Part D at the time the items 
and services are provided.'' In the preamble to the 2006 Final Rule (71 
FR 45110, 45125 (Aug. 8, 2006)), we stated that we included ``this 
requirement, in part, because of the critical importance of electronic 
prescribing in producing the overall benefits of health information 
technology, as evidenced by section 101 of the [Medicare Prescription 
Drug, Improvement, and Modernization Act of 2003 (MMA), Pub. L. 108-
173].'' We also noted that it was ``our understanding that most 
electronic health records systems already include an electronic 
prescribing component.'' Id.
    We understand the critical importance of electronic prescribing. 
However, in light of developments since the 2006 Final Rule, we 
proposed to delete from the safe harbor the condition at 42 CFR 
1001.952(y)(10). Based on our review of the public comments and for the 
reasons stated in the 2013 Proposed Rule, we are finalizing our 
proposal to eliminate the requirement that electronic health records 
software contain electronic prescribing capability in order to qualify 
for protection under the safe harbor at 42 CFR 1001.952(y).
    Comment: Two commenters disagreed that it is no longer necessary to 
require the inclusion of electronic prescribing capability in donated 
electronic health records software. One of the commenters stated that 
it was encouraged by the growth in the number of physicians using 
electronic prescribing between 2008 and 2012, but believed that the 
requirement should remain for patient safety reasons because electronic 
prescribing is critical to lowering the incidences of preventable 
medication errors.
    Response: Like the commenters, and as we stated in the 2013 
Proposed Rule (78 FR 21314, 21317 (Apr. 10, 2013)), we believe in the 
importance of electronic prescribing. However, as discussed in the 2013 
Proposed Rule, we are persuaded that other existing policy drivers, 
many of which did not exist in August 2006 when the safe harbor was 
promulgated, sufficiently support the adoption of electronic 
prescribing capabilities. We do not want to undermine important public 
policy goals by requiring redundant and sometimes expensive software 
capabilities that may not contribute to the interoperability of a given 
system. As we discussed in the 2013 Proposed Rule, electronic 
prescribing technology would remain eligible for donation under the 
electronic health records or under the electronic prescribing safe 
harbor at 42 CFR 1001.952(x). We do not believe that removing this 
condition would increase the risk of fraud or abuse posed by donations 
made pursuant to the safe harbor.
    Comment: Many commenters supported our proposal to eliminate the 
requirement that donated software include electronic prescribing 
capability at the time it is provided to the recipient, agreeing that 
developments since the promulgation of the safe harbor make it 
unnecessary to retain this requirement. One of the commenters asserted 
that the goal of the requirement for the inclusion of electronic 
prescribing technology in donated electronic health records software--
that is, increasing the use of electronic prescribing--had been 
achieved through the electronic prescribing incentive program 
authorized by the Medicare Improvements for Patients and Providers Act 
of 2008.
    Response: We appreciate the commenters' support and, for reasons 
explained in more detail previously in this final rule, we are 
eliminating the requirement in 42 CFR 1001.952(y)(10) that donated 
electronic health records software contain electronic prescribing 
capability, either through an electronic prescribing component or the 
ability to interface with the recipient's existing electronic 
prescribing system that meets the applicable standards under Medicare 
Part D, at the time the items and services are provided.

C. The Sunset Provision

    Protected donations under the current electronic health records 
safe harbor must be made on or before December 31, 2013. In adopting 
this condition of the electronic health records safe harbor, we stated 
that ``the need for a safe harbor for donations of electronic health 
records technology should diminish substantially over time as the use 
of such technology becomes a standard and expected part of medical 
practice.'' 71 FR 45110, 45133 (Aug. 8, 2006).
    As we discussed in the 2013 Proposed Rule, although the industry 
has made great progress in the adoption and meaningful use of 
electronic health records technology, the use of such technology has 
not yet been adopted nationwide. Continued use and further adoption of 
electronic health records technology remains an important goal of the 
Department. We continue to believe that as progress on this goal is 
achieved, the need for a safe harbor for donations should continue to 
diminish over time. Accordingly, we proposed to extend the sunset date 
of the safe harbor to December 31, 2016, selecting this date for the 
reasons described in the 2013 Proposed Rule. We also specifically 
sought comment on whether we should, as an alternative, select a later 
sunset date and what that date should be. For example, we stated that 
we were considering establishing a sunset date of December 31, 2021. 78 
FR 21314, 21318 (Apr. 10, 2013). In response to comments, we are 
extending the sunset date of the safe harbor to December 31, 2021.
    Comment: Numerous commenters urged us to make permanent the safe 
harbor at 42 CFR 1001.952(y). According to these commenters, a 
permanent safe harbor could (1) provide certainty with respect to the 
cost of electronic health records items and services for recipients, 
(2) encourage adoption by physicians who are new entrants into medical 
practice or have postponed adoption based on financial concerns 
regarding the ongoing costs of maintaining and supporting an electronic 
health records system, (3) encourage adoption by providers and 
suppliers that are not eligible for incentive payments through the 
Medicare and Medicaid programs, and (4) preserve the gains already made 
in the adoption of interoperable electronic health records technology, 
especially where hospitals have invested in health information 
technology infrastructure through protected donations of such 
technology. According to some commenters, although the safe harbor was 
implemented to encourage the adoption of health information technology, 
it is now a necessity for the creation of new health care delivery and 
payment models. Some commenters also stated their support for a 
permanent safe harbor because electronic health record technology 
adoption has been slower than expected and allowing the safe harbor to 
expire in 2016 would adversely affect the rate of adoption. Some of 
these commenters requested that if we are not inclined to make the safe 
harbor permanent, we extend the availability of the safe harbor through 
the latest date noted in the 2013 Proposed Rule--December 31, 2021.
    Response: We agree with the commenters that the continued 
availability of the safe harbor plays a part in achieving the 
Department's goal of promoting electronic health record technology 
adoption. However, we do not believe that making the safe harbor 
permanent is required or appropriate at this time. The permanent 
availability of

[[Page 79207]]

the safe harbor could serve as a disincentive to adopting interoperable 
electronic health record technology in the near-term. Moreover, as 
described in the 2013 Proposed Rule and elsewhere in this final rule, 
we are concerned about inappropriate donations of electronic health 
records items and services that lock in data and referrals between a 
donor and recipient, among other risks. A permanent safe harbor might 
exacerbate these risks over the longer term without significantly 
improving adoption rates. Instead, we believe that a reasonable 
extension of the safe harbor strikes an appropriate balance between 
furthering the Department's electronic health record adoption goals and 
safeguarding against undue risks of abuse. In light of other 
modifications we are making in this final rule to mitigate ongoing 
risks, including removing laboratory companies from the scope of 
protected donors, we are persuaded to permit the use of the safe harbor 
for more than the additional 3-year period that we proposed.
    The adoption of interoperable electronic health records technology 
remains a challenge for some providers and suppliers, despite progress 
in its implementation and meaningful use since the August 2006 
promulgation of the safe harbor. See ONC's Report to Congress on Health 
IT Adoption, (June 2013) at https://www.healthit.gov/sites/default/files/rtc_adoption_of_healthit_and_relatedefforts.pdf and the U.S. 
Department of Health and Human Services Assistant Secretary for 
Planning and Evaluation's EHR Payment Incentives for Providers 
Ineligible for Payment Incentives and Other Funding Study, (June 2013) 
at https://aspe.hhs.gov/daltcp/reports/2013/ehrpi.shtml. Although we 
believe that the protection afforded by the safe harbor encourages the 
adoption of such technology, its permanence is not essential to the 
achievement of widespread adoption. It is only one of a number of ways 
that providers and suppliers are incented to adopt electronic health 
records technology, including the incentives offered by the EHR 
Incentive Programs and the movement in the health care industry toward 
the electronic exchange of patient health information as a means to 
improve patient care quality and outcomes. Balancing the desire to 
encourage further adoption of interoperable electronic health records 
technology against concerns about potential disincentives to adoption 
and the misuse of the safe harbor to lock in referral streams, we are 
establishing a December 31, 2021 sunset date for the safe harbor. We 
believe this sunset date will support adoption, provide a timeframe 
that aligns with the financial incentives for electronic health records 
adoption currently offered by the Federal government, and safeguard 
against foreseeable future fraud risks.
    Comment: Two commenters suggested that the sunset date should be 
extended, but not beyond December 31, 2016. One asserted that a shorter 
extension of the sunset date for the safe harbor would allow a wider 
range of people to obtain access to health information technology 
services while not diminishing the incentive for providers and 
suppliers to acquire, implement, and standardize the necessary 
electronic health records systems. Another commenter supported our 
proposal to extend the availability of the safe harbor through December 
31, 2016, and encouraged us to consider an additional extension as that 
date approaches. One commenter suggested that we extend the 
availability of the safe harbor for at least 6 years, although a 
shorter or longer time period could be established after review of 
adoption rates across the range of providers and suppliers who may or 
may not be eligible for incentives under the EHR Incentive Programs. 
Other commenters supported our alternative proposal to extend the 
availability of the safe harbor through December 31, 2021, which 
corresponds to the statutory end of the Medicaid EHR Incentive Program. 
These commenters noted that more remains to be done to promote 
electronic health records technology adoption, and suggested that 
maintaining the safe harbor through this date will help maximize the 
incentives for eligible physicians to adopt electronic health records 
technology and thereby increase greater use of electronic health 
records. Two other commenters suggested tying the sunset of the safe 
harbor to the corresponding date for assessing ``penalties'' under the 
Medicare EHR Incentive Program in order to align Federal regulation of 
electronic health records technology adoption and use.
    Response: After considering all of the comments on this issue, we 
believe that an extension of the safe harbor to December 31, 2021 
(which corresponds to the end of incentive payments under the Medicaid 
Incentive Program), would (1) support adoption, (2) provide a timeframe 
that aligns with the financial incentives for electronic health records 
adoption currently offered by the Federal government, and (3) safeguard 
against foreseeable future fraud risks. We note that the two commenters 
that suggested tying the sunset date to the corresponding date for 
assessing ``penalties'' under the Medicare EHR Incentive Program appear 
to misunderstand the duration of the downward payment adjustment under 
the EHR Incentive Programs, which will continue until an eligible 
participant adopts and meaningfully uses appropriate electronic health 
record technology. For additional information, see the July 28, 2010 
final rule entitled ``Medicare and Medicaid Programs; Electronic Health 
Record Incentive Program (75 FR 44448). The practical effect of the 
commenters' suggestion would be to extend permanently the electronic 
health records safe harbor. For the reasons stated elsewhere in this 
final rule, we do not believe that making the safe harbor permanent is 
required or appropriate at this time and we are not adopting the 
commenters' suggestion. We believe the date we selected better serves 
the goals of the safe harbor. Therefore, we are extending the 
availability of the safe harbor at 42 CFR 1001.952(y) through December 
31, 2021. We also note that there are several types of Medicare and 
Medicaid providers and suppliers that are not eligible for incentives 
under the EHR Incentive Programs (e.g., long-term/post-acute care 
providers and non-physician behavioral health practitioners). This rule 
applies to donations to any individual or entity engaged in the 
delivery of health care, regardless of whether the recipient of the 
donation is eligible for incentives under the EHR Incentive Programs.
    Comment: A few commenters expressed general support for extending 
the sunset date, but did not specify whether the extension should be 
for 3 years, 8 years, or some other length of time. Commenters noted 
that failure to extend the sunset of the safe harbor would negatively 
impact the adoption of electronic health records technology, as well as 
its continued use.
    Response: As described previously, we are finalizing our 
alternative proposal to extend the availability of the safe harbor 
through December 31, 2021.
    Comment: A number of commenters urged us to let the safe harbor 
expire on December 31, 2013. Some asserted that the safe harbor permits 
the exact behavior the law was intended to stop. Other commenters 
asserted that the safe harbor permits ``legalized extortion'' or 
provides ``legal sanction to trample the competition.'' Another 
commenter asserted that the inclusion of ``non-market factors'' (that 
is, the influence of donors, rather than end users) in the decision to 
adopt electronic health record technology may result in lower quality 
products or services and higher costs, often with an adverse impact on

[[Page 79208]]

technology adoption and innovation. Still others asserted that, given 
the financial incentives that the Federal government itself has 
provided, it is no longer necessary to spur the adoption of electronic 
health record technology through the underwriting of the cost of 
electronic health record technology by outside entities.
    Response: Although we appreciate the commenters' concerns, on 
balance we continue to believe that the safe harbor serves to advance 
the adoption and use of interoperable electronic health records. 
However, we caution that a donation arrangement is not protected under 
the anti-kickback statute unless it satisfies each condition of the 
safe harbor at 42 CFR 1001.952(y). Arrangements that disguise the 
``purchase'' or lock-in of referrals and donations that are solicited 
by the recipient in exchange for referrals would fail to satisfy the 
conditions of the safe harbor.
    Comment: Numerous commenters suggested that the safe harbor sunset 
as scheduled on December 31, 2013, but only with respect to 
laboratories and pathology practices, ``ancillary service providers,'' 
entities not listed in section 101 of the MMA (directing the creation 
of a safe harbor for certain donations of electronic prescribing items 
and services), or entities that are not part of an accountable care 
organization or not integrated in a meaningful manner.
    Response: We consider these comments to be related to ``protected 
donors'' and address them later in section II.D.1.

D. Additional Proposals and Considerations

1. Protected Donors
    As we discussed in the 2013 Proposed Rule, while broad safe harbor 
protection may significantly further the important public policy goal 
of promoting electronic health records, we continue to have concerns, 
which we originally articulated in the 2006 Final Rule, about the 
potential for fraud and abuse by certain donors. 78 FR 21314, 21318 
(Apr. 10, 2013). We also noted that we had received comments suggesting 
that abusive donations are being made under the electronic health 
records safe harbor. Id.
    In order to address these concerns, we proposed to limit the scope 
of protected donors under the electronic health records safe harbor. In 
the 2013 Proposed Rule, we stated that we were considering revising the 
safe harbor to cover only the MMA-mandated donors we originally 
proposed when the safe harbor was first established: hospitals, group 
practices, prescription drug plan (PDP) sponsors, and Medicare 
Advantage (MA) organizations. We stated that we were also considering 
whether other individuals or entities with front-line patient care 
responsibilities across health care settings, such as safety net 
providers, should be included, and, if so, which ones. Alternatively, 
we stated that we were considering retaining the current broad scope of 
protected donors, but excluding specific types of donors--providers and 
suppliers of ancillary services associated with a high risk of fraud 
and abuse--because donations by such providers and suppliers may be 
more likely to be motivated by a purpose of securing future business 
than by a purpose of better coordinating care for beneficiaries across 
health care settings. In particular, we discussed excluding laboratory 
companies from the scope of protected donors as their donations have 
been the subject of complaints of abuse. We also discussed excluding 
other high-risk categories, such as durable medical equipment (DME) 
suppliers and independent home health agencies. We sought comment on 
the alternatives under consideration, including comments (with 
supporting reasons) regarding particular types of providers or 
suppliers that should or should not be protected donors, given the 
goals of the safe harbor.
    Many commenters raised concerns about donations of electronic 
health records items and services by laboratory companies and strongly 
urged us to adopt our proposal to eliminate from the safe harbor 
protection for such donations, either by excluding laboratory companies 
from the scope of protected donors (if we extend the availability of 
the safe harbor), or by letting the safe harbor sunset altogether (for 
more detailed discussion of comments concerning the sunset provision, 
please see section II.C. of this final rule). Other commenters raised 
similar concerns, but did not suggest a particular approach to address 
them. We summarize the relevant comments and provide our responses 
below. We have carefully considered the comments that we received on 
this proposal and, based on the concerns articulated by commenters and 
the wide-ranging support from the entire spectrum of the laboratory 
industry (from small, pathologist-owned laboratory companies to a 
national laboratory trade association that represents the industry's 
largest laboratory companies), we are finalizing our proposal to remove 
laboratory companies from the scope of protected donors under the safe 
harbor. We believe this decision is consistent with and furthers the 
goal of promoting the adoption of interoperable electronic health 
record technology that benefits patient care while reducing the 
likelihood that the safe harbor will be misused by donors to secure 
referrals. We also believe that our decision will address potential 
abuse identified by some of the commenters involving potential 
recipients conditioning referrals for laboratory services on the 
receipt of, or redirecting referrals for laboratory services following, 
donations from laboratory companies.
Protected Donors: Comments and Suggestions Regarding Laboratory 
Companies
    Comment: Many commenters raised concerns that, notwithstanding a 
clear prohibition in the safe harbor, laboratory companies are, 
explicitly or implicitly, conditioning donations of electronic health 
records items and services on the receipt of referrals from the 
recipients of those donations or establishing referral quotas and 
threatening to require the recipient to repay the cost of the donated 
items or services if the quotas are not reached. Some commenters 
suggested that such quid pro quo donations, and donations by laboratory 
companies generally, are having a negative effect on competition within 
the laboratory services industry (including increased prices for 
laboratory services) and impacting patient care as referral decisions 
are being made based on whether a laboratory company donated electronic 
health records items or services, not whether that company offers the 
best quality services or turnaround time. A few commenters also raised 
concerns that laboratory companies were targeting possible recipients 
based on the volume or value of their potential referrals.
    Response: The current safe harbor provision at 42 CFR 
1001.952(y)(5) prohibits determining the eligibility of a recipient or 
the amount or nature of the items or services to be donated in a manner 
that directly takes into account the volume or value of referrals or 
other business generated between the parties. Accordingly, the quid pro 
quo arrangements and targeted donations described by the commenters 
would not qualify for safe harbor protection. Such arrangements are not 
consistent with the purpose of the safe harbor and can result in the 
precise types of harm the anti-kickback statute is designed to prevent, 
such as corruption of medical decision making. We urge those with 
information about such arrangements to contact our fraud hotline at 1-
800-

[[Page 79209]]

HHS-TIPS or visit https://forms.oig.hhs.gov/hotlineoperations/ to 
report fraud.
    We appreciate the commenters sharing their concerns about 
arrangements involving laboratory company donations. As previously 
discussed, we have decided to exclude laboratory companies from the 
scope of protected donors. We believe that our decision will continue 
to support the Department's electronic health record adoption policies, 
while addressing the risk of fraud and abuse. By excluding laboratory 
companies from the scope of protected donors, parties to such donations 
will not be able to assert safe harbor protection for such 
arrangements. The effect will be a reduction in the risk that parties 
will enter into arrangements like the quid pro quo and targeted 
donation arrangements described by the commenters.
    Comment: Several commenters raised concerns about laboratory 
company arrangements with electronic health record technology vendors. 
The commenters described arrangements involving laboratory companies 
and vendors that result in the vendor charging other laboratory 
companies high fees to interface with the donated technology or 
prohibiting other laboratory companies from purchasing the technology 
for donation to their own clients. One of the commenters also raised 
the concern that volume discount arrangements between laboratory 
companies and vendors of electronic health record technology are 
resulting in donations of electronic health record technology that may 
not best suit the needs of the recipient. The commenter asserted that 
donor laboratory companies are pushing a particular vendor's specific 
electronic health record system onto recipients because of a donor's 
close business relationship with the vendor.
    Response: Excluding potential competitors of the donors from 
interfacing with the donated items or services described by the 
commenters can result in data and referral lock-in. We discuss the 
issue of lock-in elsewhere in this final rule in more detail. We 
believe that our determination to exclude laboratory companies from the 
scope of protected donors will help address the data and referral lock-
in risks posed by arrangements such as those described by the 
commenters. We also believe that the changes we are finalizing to the 
scope of protected donors will help address the commenter's concern 
about the negative impact of relationships between laboratory companies 
and vendors on the selection of electronic health records technology by 
providers and suppliers. We stated in the 2006 Final Rule that, 
although physicians and other recipients remain free to choose any 
electronic health record technology that suits their needs, we do not 
require donors to facilitate that choice for purposes of the safe 
harbor. However, donors must offer interoperable products and must not 
impede the interoperability of any electronic health record software 
they decide to offer. 71 FR 45110, 45128-9 (Aug. 8, 2006). Agreements 
between a donor and a vendor that preclude or limit the ability of 
competitors to interface with the donated software would cause the 
donation to fail to meet the condition at 42 CFR 1001.952(y)(3), and 
thus preclude protection under the electronic health records safe 
harbor.
    Comment: Many commenters noted that several States--including 
Missouri, New Jersey, New York, Pennsylvania, Tennessee, Washington, 
and West Virginia--have prohibited or restricted donations of 
electronic health record technology by laboratory companies to address 
fraud and abuse concerns. Some of the commenters urged us to effectuate 
a similar prohibition or restriction by removing safe harbor protection 
from laboratory company donations. One of these commenters, referencing 
an earlier discussion of ``the need for [electronic health record 
technology] subsidies to compete for business,'' went on to state that 
``[laboratory companies] that are licensed in states that strictly 
prohibit [laboratory companies] from donating all or part of the costs 
of [electronic health record technology] to referring physicians are 
put at a considerable disadvantage in the marketplace.''
    Response: We appreciate the commenters providing this information 
and we believe that our determination to exclude laboratory companies 
from the scope of protected donors will address the fraud and abuse 
concerns the commenters referenced. With respect to the commenter's 
concern about being disadvantaged, we note that our decision to remove 
laboratory companies from the scope of protected donors under the 
electronic health records safe harbor applies equally to all laboratory 
companies, regardless of their location.
    Comment: Several commenters, including a national laboratory trade 
association that represents the industry's largest laboratory 
companies, took exception to what it perceived as a characterization 
that laboratory companies are solely responsible for problematic 
donations. Some of these commenters asserted that electronic health 
record vendors are encouraging physicians to seek or demand donations 
from laboratory companies, and that physicians are threatening to 
withhold referrals or send laboratory business elsewhere if donations 
are not made. According to one commenter, because physicians are not 
paying for a significant portion of the cost of these items and 
services, electronic health record technology vendors are able to 
charge high prices and the size of donations (in dollars) in recent 
years has increased exponentially. The commenter also suggested that 
vendors may be manipulating pricing to maximize the amount a laboratory 
company pays for donated items and services while minimizing or 
eliminating any physician responsibility. Another commenter raised a 
related concern that electronic health records technology vendors have 
increased the costs of their products because they know that laboratory 
companies are paying for them. Generally, commenters raising concerns 
about the conduct of electronic health record technology vendors and 
physicians recommended that we remove safe harbor protection for 
laboratory company donations.
    One commenter asserted that electronic health records items and 
services are no longer being chosen by physicians based on which system 
is most appropriate, but rather based on which will produce the largest 
donation. Another commenter claimed that many physicians will change 
laboratory companies and seek a new donation once an existing donor 
laboratory company ceases to subsidize the physicians' electronic 
health records items and services costs. This commenter stated that 
such conversions are not only inefficient, but undermine the spirit of 
the regulatory requirement that recipients do not possess the same or 
equivalent items or services as those being donated.
    Response: Our proposed modification related to the scope of 
protected donors and, thus, the focus of our discussion in the 2013 
Proposed Rule was on donor conduct. Some of the comments we describe in 
this final rule also raise concerns about the conduct of recipients. We 
are clarifying that we do not believe that problematic donations 
involving laboratory companies are solely the result of questionable 
conduct by laboratory companies. Our decision to exclude laboratory 
companies from the scope of protected donors is the best way to reduce 
the risk of misuse of donations by both donors and recipients and 
address the concerns identified by the commenters.

[[Page 79210]]

    The safe harbor at 42 CFR 1001.952(y)(4) contains a condition that 
prohibits the donation recipient, the recipient's practice, or any 
affiliated individual or entity, from making the receipt, amount or 
nature of the donated items or services a condition of doing business 
with the donor. This condition recognizes the risk of fraud and abuse 
posed by a potential recipient demanding a donation in exchange for 
referrals. This type of quid pro quo arrangement is no less troubling 
than quid pro quo arrangements that originate with the donor and would 
not be subject to safe harbor protection. Whether a quid pro quo 
donation is for an initial installation of a donated item or service or 
a conversion to a different donated item or service would not change 
our analysis. Additionally, we caution those engaging in conversion 
arrangements to be mindful of the limitations in the safe harbor at 42 
CFR 1001.952(y)(7) concerning the donation of equivalent items or 
services.
    Comment: Several commenters suggested that laboratory companies 
should be prohibited from making donations to physicians or that 
physicians should pay for their own electronic health records 
technology. Other commenters asserted that laboratory companies do not 
share an essential interest in their referring clients having 
electronic health records technology. Still other commenters stated 
simply that laboratory companies represent a high risk of fraud and 
abuse.
    Response: We are excluding laboratories from the scope of protected 
donors.
    Comment: A few commenters noted that laboratory companies typically 
use a laboratory information system (LIS), anatomic pathologist 
information system and/or blood banking system to store and share 
patients' laboratory results, and that these systems should not be 
confused with an electronic health record that includes a patient's 
full medical record composed of information from many medical 
specialties, including pathology. One of these commenters asserted that 
laboratories already bear the cost of establishing LIS interfaces that 
they provide in order to exchange laboratory services data 
electronically, and that clinical and anatomic laboratories could 
continue to do so legally even if they were no longer protected donors 
under the safe harbor. One commenter expressed concern about the costs 
associated with interfaces, other commenters asked us to clarify our 
position on the donation of interfaces by laboratory companies, and one 
commenter stated that interfaces were not closely analogous to 
facsimile machines.
    Response: We appreciate the information provided by the commenters. 
We take this opportunity to note that our decision to exclude 
laboratory companies from the scope of protected donors under the safe 
harbor does not affect our position concerning the provision of free 
access to certain limited-use interfaces. We have long distinguished 
between free items and services that are integrally related to the 
offering provider's or supplier's services and those that are not. For 
instance, we have stated that a free computer provided to a physician 
by a laboratory company would have no independent value to the 
physician if the computer could be used only, for example, to print out 
test results produced by the laboratory company. In contrast, a free 
personal computer that the physician could use for a variety of 
purposes would have independent value and could constitute an illegal 
inducement. 56 FR 35952, 35978 (July 29, 1991) (preamble to the 1991 
safe harbor regulations). The donation of free access to an interface 
used only to transmit orders for the donor's services to the donor and 
to receive the results of those services from the donor would be 
integrally related to the donor's services. As such, the free access 
would have no independent value to the recipient apart from the 
services the donor provides and, therefore, would not implicate the 
anti-kickback statute. See, e.g., OIG Ad. Op. 12-20 (2012). 
Accordingly, safe harbor protection for such donations would not be 
necessary.
    We disagree with the commenter that asserted that interfaces are 
not sufficiently analogous to facsimile machines. We believe that a 
limited-use interface (as described in the preceding paragraph) is the 
contemporary analog to the limited-use computer described in the 
example from the 1991 preamble to the safe harbor regulations. A 
similarly limited-use facsimile machine would not materially differ 
from the limited-use computer and, thus, would be analogous to the 
access to the limited-use interface. It is the lack of independent 
value to the recipient that takes the donation outside the scope of the 
anti-kickback statute's prohibition, not the mode of technology. 
Finally, in the circumstances presented above, the free access to a 
limited-use interface would not require safe harbor protection, and 
thus the costs of the interface are outside the scope of this 
rulemaking.
    Comment: Several commenters inquired whether our proposal to remove 
laboratory companies from the scope of protected donors applied to 
suppliers of both anatomic and clinical pathology services, and 
suggested that our proposal should apply to both. Commenters also 
inquired about the application of this proposal to hospitals that 
operate laboratory companies for non-hospital affiliated customers. 
Raising concerns about an uneven playing field, some of these 
commenters urged us to exclude such hospitals from the scope of 
protected donors if we determined to exclude laboratory companies. One 
commenter suggested that we effectuate this limitation by restricting 
protected hospital donations to those made to the hospital's employed 
physicians and the hospital's wholly-owned physician practices.
    Response: Our proposal applied to ``laboratory companies'' and did 
not distinguish between those that provide anatomic pathology services 
and those that provide clinical pathology services. We intend that 
references to ``laboratory company'' or ``laboratory companies'' 
include entities that furnish either type of service. With respect to 
the commenters' suggestion to limit or prohibit hospital donations, we 
appreciate the commenters' concerns, but are not adopting their 
suggestion at this time. We continue to believe that hospitals have a 
substantial and central stake in patients' electronic health records. 
Further, the types and prevalence of the concerns that have been 
brought to our attention and discussed elsewhere in this final rule in 
the context of laboratory company donations have not arisen, to our 
knowledge, in the hospital-donation context.
    We are clarifying that if a hospital furnishes laboratory services 
through a laboratory that is a department of the hospital for Medicare 
purposes (including cost reporting) and that bills for the services 
through the hospital's provider number, then the hospital would not be 
considered a ``laboratory company'' for purposes of this safe harbor 
and would continue to qualify as a protected donor under the modified 
safe harbor. However, if a hospital-affiliated or hospital-owned 
company with its own supplier number furnishes laboratory services that 
are billed using a billing number assigned to the company and not the 
hospital, the company would be considered a ``laboratory company'' for 
purposes of this safe harbor and would no longer qualify as a protected 
donor. The ability of the affiliated hospital to avail itself of the 
safe harbor would be unaffected. We remind readers that it is the 
substance, not the form, of an arrangement that governs under the anti-
kickback statute.

[[Page 79211]]

A donation purported to be by an affiliate of a laboratory company 
could, depending on the facts and circumstances, be attributed to the 
affiliated laboratory company, and thus not be subject to safe harbor 
protection.
    Comment: One commenter requested that, if we finalize our proposal 
to exclude laboratory companies from the scope of protected donors, we 
specifically clarify that ``[laboratory companies] are prohibited from 
providing [ ] software to physicians unless they comply with another 
one of the existing safe harbors.'' The commenter went on to cite 
examples of software leases and sales at fair market value.
    Response: We cannot make the statement requested. Safe harbors set 
forth specific conditions that, if met, assure the parties involved of 
not being subject to any enforcement actions under the anti-kickback 
statute, the CMP provision for anti-kickback violations, or the program 
exclusion authority related to kickbacks for the arrangement qualifying 
for the safe harbor. However, safe harbor protection is afforded only 
to those arrangements that precisely meet all of the conditions set 
forth in the safe harbor. The failure of an arrangement to fit in a 
safe harbor does not mean that the arrangement is illegal. That an 
arrangement does not meet a safe harbor only means that the arrangement 
must be evaluated on a case-by-case basis. Arrangements regarding the 
lease or sale of software are outside the scope of this rulemaking.
    Comment: One commenter shared its concerns about a practice that it 
described as ``post donation in-sourcing.'' The commenter stated that 
it is aware of situations in which laboratory companies are donating to 
ordering physicians only to have those physicians in-source their 
laboratory services shortly after the donation. The commenter suggested 
that ``[t]he donation enables [ ] ordering physicians to avoid bearing 
the full cost of the [electronic health records items and services] 
when they discontinue use of an outside laboratory and bring the 
specimen testing into their own in-house self-referral arrangement just 
after receiving the donation.''
    Response: The safe harbor does not require the donation recipient 
to make referrals to the donor. To the contrary, subparagraph (y)(4) 
prohibits the donation recipient, the recipient's practice, or any 
affiliated individual or entity, from making the receipt, amount or 
nature of the donated items or services a condition of doing business 
with the donor. Moreover, subparagraph (y)(5) prohibits determining the 
eligibility of a recipient or the amount or nature of the items or 
services to be donated in a manner that directly takes into account the 
volume or value of referrals or other business generated between the 
parties. Whether safe harbor protection is afforded to the types of 
arrangements described by the commenter will depend on whether all 
conditions of the safe harbor are satisfied.
    Comment: Two commenters raised issues regarding the type of 
remuneration permissible under the safe harbor at 42 CFR 1001.952(y). 
One commenter characterized the safe harbor in terms of allowing 
laboratory companies to donate funds to recipients to help them 
implement electronic health records technology. Another commenter noted 
that some donations from laboratory companies have included hardware.
    Response: We remind stakeholders that the electronic health records 
safe harbor applies only to the donation of nonmonetary remuneration 
(consisting of items and services in the form of software or 
information technology and training services) necessary and used 
predominantly to create, maintain, transmit, or receive electronic 
health records. As stated in the preamble to the 2006 Final Rule, 
reimbursement for previously incurred expenses is not protected, as it 
poses a substantial risk of fraud and abuse. 71 FR 45110, 45134 (Aug. 
8, 2006). We also remind stakeholders that the safe harbor does not 
protect the donation of hardware.
Scope of Protected Donors: Other Comments and Suggestions
    Although the majority of commenters recommended removing safe 
harbor protection for donations by laboratory companies, including by 
excluding laboratory companies from the scope of protected donors, some 
commenters had alternate or additional recommendations.
    Comment: A number of commenters recommended that we maintain our 
current scope of protected donors. Some of these commenters stated that 
limiting the scope of protected donors could have an impact on 
specialists, who, according to the commenters, still have relatively 
low rates of electronic health records adoption. Along the same lines, 
one commenter stated that limiting the categories of donors that may 
seek protection under the safe harbor will negatively impact recipients 
by preventing certain entities from helping move the entire healthcare 
system towards more interoperable electronic health records systems. 
Others cautioned that restricting the scope of protected donors will 
stymie innovation and restrict learning from the technology. Finally, 
some commenters contended that laboratory companies and other ancillary 
service providers and suppliers have a legitimate clinical interest in 
donating electronic health record items and services, and that many 
physician practices depend on it.
    Some commenters, while acknowledging our concerns regarding abusive 
donation practices, suggested alternative means to address the concerns 
we articulated in the 2013 Proposed Rule. These commenters variously 
recommended that we strengthen interoperation requirements, provide 
education materials, or adopt enforcement policies to prevent abuses 
rather than limiting the scope of potential donors.
    Response: We agree with many of the reasons articulated by the 
commenters that support maintaining our current broad scope of 
protected donors. We recognize that limiting the scope of potential 
donors could constrain the ability of many providers and suppliers to 
adopt electronic health record technology. Other than with respect to 
laboratory companies, the scope of protected donors will remain the 
same. We will continue to monitor and may, prior to 2021, reconsider in 
a future rulemaking the risk of fraud or abuse relating to the use of 
the safe harbor by other donors or categories of donors.
    We appreciate the suggestions from commenters regarding alternative 
means of addressing abusive donation practices. The purpose of safe 
harbors is to permit certain non-abusive arrangements that, in the 
absence of the safe harbor, potentially would be prohibited by the 
anti-kickback statute. Compliance with safe harbors is voluntary, and 
safe harbor protection is afforded only to those arrangements that 
precisely meet all of the conditions set forth in the safe harbor. 
Thus, any individual or entity engaging in an arrangement that does not 
meet all conditions of the safe harbor could be subject to an 
enforcement action unless the arrangement otherwise complies with the 
law. In response to the suggestion that we provide additional education 
materials, we would like to highlight our efforts to educate the 
industry about compliance with the anti-kickback statute and other 
fraud and abuse laws generally. Our Web site (www.oig.hhs.gov) has a 
``Compliance'' tab with many compliance-related materials. These 
include Compliance Education for Physicians, Compliance Program 
Guidance documents for various segments of the industry (including 
hospitals, nursing facilities,

[[Page 79212]]

and others), Special Fraud Alerts, advisory opinions, and more. We 
believe that the information we include in this final rule sufficiently 
sets forth donors' and recipients' requirements under the safe harbor 
with respect to donations. If an individual or entity desires guidance 
about a specific arrangement involving the donation of electronic 
health records items or services under the safe harbor, our advisory 
opinion process remains available. Finally, we address the issue of 
interoperation requirements elsewhere in this final rule.
    Comment: We received a number of comments requesting that we retain 
certain categories of providers and suppliers within the scope of 
protected donors under the safe harbor at 42 CFR 1001.952(y). For 
example, commenters that provide dialysis services specifically 
requested that they remain protected donors. One of the dialysis 
provider commenters noted that excluding this specialty would have a 
chilling effect on the development and availability of the specialized 
electronic health records systems used by nephrologists. A few 
commenters requested that we continue to include hospitals and health 
systems as protected donors in order for them to retain the ability to 
assist physicians in adopting electronic health records technology. 
Other commenters requested that we explicitly retain home health 
agencies as protected donors. In support of retaining home health 
agencies, one commenter stated that the depth, breadth, and frequency 
of communications between home health agencies and other direct care 
providers makes the use of interoperable electronic health record 
technology essential to improving clinical outcomes and financial 
efficiencies. We also received comments in support of retaining safety-
net providers and pharmacies as protected donors.
    Response: We agree generally with the thrust of these comments. We 
recognize the value of permitting individuals and entities that 
participate directly in the provision of health care to patients and 
that have a need to coordinate with care providers and suppliers to 
donate electronic health record items or services to facilitate those 
interactions. Based on the information we have available at this time, 
we intend to continue to protect donors, other than laboratory 
companies, that provide patients with health care items or services 
covered by a Federal health care program and submit claims or requests 
for payment to those programs directly or through reassignment. Thus, 
whether a particular donation is eligible for safe harbor protection 
will hinge, in part, on whether the particular individual or entity 
making the donation meets this standard. For example, a hospital 
(whether stand-alone or within a health system) is an entity that 
typically provides health care services and submits claims or requests 
for payment to Federal health care programs and, therefore, could be a 
protected donor under this safe harbor.
    Comment: Some commenters agreed with the option we presented in the 
2013 Proposed Rule to retain the current scope of protected donors but 
exclude providers and suppliers of ancillary services associated with a 
high risk of fraud and abuse. A few of these commenters suggested that 
taking a targeted approach minimizes the risk of unintended 
consequences. One of these commenters asserted that we should exclude 
the particular individuals or entities that have been the subject of 
complaints. Another of these commenters specifically recommended that 
we target categories of providers and suppliers with a history or 
pattern of abusive behavior. Other commenters variously recommended 
excluding laboratory companies, DME suppliers, home health agencies, or 
safety-net providers from the scope of protected donors. One commenter 
asserted that entities like laboratory companies and DME suppliers do 
not have an overarching and essential interest in having physicians use 
electronic health records, nor do they coordinate a patient's care. In 
contrast, one commenter objected to singling out a provider or supplier 
type to exclude from the scope of protected donors. This commenter 
stated that such an action unjustly (1) penalizes a whole category of 
providers or suppliers when most, in the commenter's assessment, are 
law-abiding, and (2) supports other providers or suppliers that may 
have similar motivations.
    Response: We respond earlier to the commenters who recommended 
removing only laboratory companies from the scope of protected donors. 
With respect to the other comments, we note that, in the 2013 Proposed 
Rule, we specifically requested comments with supporting reasons 
regarding whether particular provider or supplier types should not be 
protected. 78 FR 21314, 21318 (Apr. 10, 2013). Some commenters 
generally suggested that we remove additional provider or supplier 
types from the scope of protected donors, but their comments did not 
provide specific examples of abusive practices with respect to 
donations by other donors, nor did the comments contain indicia of 
problems comparable to those that are arising in the laboratory 
context. We have not heard the same concerns or received similar 
complaints about other categories of donors or types of donation 
arrangements, and therefore believe it is premature to exclude 
potential donors (other than laboratory companies). We also decline to 
identify particular individuals or organizations in the regulation.
    Comment: A few commenters recommended restricting the scope of 
protected donors under the safe harbor to those types listed in the 
MMA. These commenters also made suggestions regarding how to restrict 
donations from these limited categories of donors. For example, one 
commenter recommended limiting the protected donors to hospitals and 
providers and suppliers operating in an integrated setting and to MA 
plans and providers and suppliers under contract with them. Another 
commenter suggested limiting the application of the safe harbor to a 
similar integrated model, and to hospitals that donate to their 
employed physicians and the physician groups that they own. In 
contrast, one commenter suggested that limiting the protected donor 
types to the original MMA list is too restrictive because some provider 
and supplier types not listed in the MMA (e.g., ambulatory surgical 
centers that now perform many procedures previously performed only in 
hospitals) should have the opportunity to make donations.
    Response: We agree that providers and suppliers operating in an 
integrated environment need interoperable electronic health records. 
However, we do not believe that the need for this technology is limited 
to individuals and entities in an integrated care setting. Patients may 
receive care from providers and suppliers that are not in the same 
integrated system, and the patient's medical records need to be shared 
with those providers and suppliers who care for a patient. The 
Department's goal continues to be fostering broad adoption of 
interoperable electronic health records technology. At this time, we 
believe that excluding laboratory companies from the scope of protected 
donors, rather than limiting the scope to the original MMA list of 
donors (or some other subset of protected donors) strikes the right 
balance between furthering that goal and preventing fraud and abuse.
2. Data Lock-In and Exchange
    We solicited comments on what new or modified conditions could be 
added to the electronic health records safe harbor to achieve the two 
goals of (1) preventing misuse of the safe harbor

[[Page 79213]]

that results in data and referral lock-in and (2) encouraging the free 
exchange of data (in accordance with protections for privacy). 
Additionally, we requested comments on whether those conditions, if 
any, should be in addition to, or in lieu of, our proposal to limit the 
scope of protected donors. We also solicited comments on possible 
modifications to 42 CFR 1001.952(y)(3), which is a condition of the 
safe harbor requiring that ``[t]he donor (or any person on the donor's 
behalf) does not take any action to limit or restrict the use, 
compatibility, or interoperability of the items or services with other 
electronic prescribing or electronic health records systems.''
Data Lock-In: Comments on Current Conditions
    Comment: Many commenters asserted that the current conditions of 
the safe harbor provide adequate safeguards to prevent donations that 
result in data or referral lock-in between the donor and recipient. 
These commenters expressed general support for enforcement when 
arrangements do not comply with the conditions of the safe harbor. 
Several of these commenters were also concerned that adding or 
modifying conditions of the safe harbor may increase the burden of 
compliance and, therefore, lead to fewer entities willing to make 
appropriate donations.
    Response: We are not persuaded to adopt significant new 
requirements or modifications to the safe harbor to address the issue 
of data and referral lock-in at this time. However, as described below, 
we are making limited clarifications to current conditions to reflect 
our intended meaning.
    We remain committed to investigating potentially abusive 
arrangements that purport to meet the conditions of the safe harbor, 
but, in fact, do not. Donations that do not meet the conditions of the 
safe harbor--because they are used to lock in referrals--are suspect 
under the law.
    Comment: Several commenters expressed concerns about donations that 
lead to data lock-in. As described elsewhere in this final rule, some 
commenters suggested that, although some donated items or services have 
the ability to be interoperable, vendors may charge providers and 
suppliers who do not use the same donated software high fees to 
interface with it. The commenters contended that these business 
practices result in electronic health records software that is not 
practically interoperable because non-donor providers and suppliers 
cannot afford to connect to it. Other commenters expressed general 
concerns that donated items or services are capable of interoperation, 
but that recipients implicitly agree to send referrals only to the 
donor. These commenters did not provide specific recommendations to 
modify the data lock-in conditions of the safe harbor, but generally 
supported our efforts to prevent data lock-in.
    Two commenters representing laboratory companies expressed specific 
concerns about a feature of donated software that may lead to data 
lock-in. They explained that some software is designed to limit the 
accessibility of data that is received from an electronic health 
records system that is different than the donated software. Most often, 
data sent from the non-donated electronic health records system cannot 
populate automatically in a patient's electronic health record or other 
limits are placed on the portability of data sent from the non-donated 
electronic health records system. According to these commenters, the 
limited accessibility of the data makes it harder for the recipient to 
access and use it for clinical purposes. As a result, a physician or 
other recipient is more likely to use only the donor's services to make 
sure that necessary data is easily accessible. These commenters 
asserted that there are no technical solutions to reducing the 
possibility of data lock-in; rather, the only solution is to remove 
laboratory companies from the scope of protected donors.
    Several other commenters endorsed generally our efforts to prevent 
referral and data lock-in. These commenters evidenced strong support of 
the free exchange of health information across different provider and 
supplier types to better coordinate care for patients. However, apart 
from supporting our efforts to ensure that electronic health records 
systems are interoperable, the commenters made no specific 
recommendations regarding modifications to the exception.
    Response: We share the commenters' concerns about the 
interoperability of donated software. While any definitive conclusion 
regarding the existence of an anti-kickback violation requires a case-
by-case determination of the parties' intent, we note that donations of 
items or services that have limited or restricted interoperability due 
to action taken by the donor or by any person on the donor's behalf 
(which could include the recipient acting on the donor's behalf) would 
fail to meet the condition at 42 CFR 1001.952(y)(3) and is inconsistent 
with the intent of the safe harbor to promote the use of technology 
that is able to communicate with products from other vendors. Resulting 
donations would be suspect under the law as they would appear to be 
motivated, at least in part, by a purpose of securing Federal health 
care program business. For example, arrangements in which a donor takes 
an action to limit the use, communication, or interoperability of 
donated items or services by entering into an agreement with a 
recipient to preclude or inhibit any competitor from interfacing with 
the donated items or services would not satisfy the requirement of 42 
CFR 1001.952(y)(3). Other donation arrangements described by the 
commenters in which electronic health records technology vendors agree 
with donors to charge high interface fees to non-recipient providers or 
suppliers or to competitors may also fail to satisfy the conditions of 
42 CFR 1001.952(y)(3). We believe that any action taken by a donor (or 
any person on behalf of the donor, including the electronic health 
record vendor or the recipient) to limit the use of the donated items 
or services by charging fees to deter non-recipient providers and 
suppliers and the donor's competitors from interfacing with the donated 
items or services would pose legitimate concerns that parties were 
improperly locking-in data and referrals and that the arrangement in 
question would not qualify for safe harbor protection.
    However, whether a donation actually satisfies the conditions of 
the safe harbor depends on the specific facts of each donation 
arrangement. We encourage the reporting of instances of data lock-in, 
as we believe that investigation may establish that where such lock-in 
has occurred, existing conditions of the safe harbor have not been met. 
Moreover, any action taken to achieve such a result could be evidence 
of intent to violate the anti-kickback statute. In regard to the 
specific recommendation to remove laboratories from the scope of 
protected donors, we note that we are excluding laboratory companies 
from the scope of protected donors as discussed earlier in this final 
rule.
Data Lock-In: Recommendations Outside the Scope of the Rulemaking
    Comment: One commenter expressed concern regarding data lock-in and 
supported ensuring that donations are transparent and free of any 
attempts to steer future business. Although the commenter denied 
knowledge of any specific abuse of the safe harbor, the commenter 
requested that we allow individuals or entities to remedy a donation 
that may not be protected by the safe harbor. The commenter suggested 
that the remedy for failure to

[[Page 79214]]

satisfy the conditions of the safe harbor as modified by this final 
rule should be to make recipients pay the fair market value of any 
costs for ongoing support of the donated items or services and provide 
3 years for the recipient to either pay full value for the donation or 
make a transition to a new system.
    Response: We appreciate the commenter's concern and recommendation; 
however we decline to make the suggested modification. Even if we were 
inclined to do so, implementing the commenter's suggestions would be 
outside the scope of this rulemaking.
Data Lock-in: Recommendations for Additions or Modifications to the 
Safe Harbor Conditions
    Comment: A few commenters urged us to amend the safe harbor to 
require that the recipient or the donor participate in actual health 
information exchange with an electronic health records system that is 
different from the donated item. One commenter specifically suggested 
that the recipient should have to demonstrate exchange with at least 
one other electronic health record system within a certain time frame 
after receipt of the donation. Another commenter suggested that the 
donor should have to--upon request--enable the donation recipients to 
engage in bi-directional exchange of data with competitors not using 
the same electronic health record system.
    Response: We appreciate the commenters' recommendations; however, 
we are not modifying the conditions of the safe harbor that require the 
parties to a donation arrangement to demonstrate interoperation. We 
question whether adequate demonstration of interoperation could occur 
only after the donation has been made, which would create uncertainty 
about whether the donation meets the conditions for protection under 
the safe harbor at the time of the donation. This uncertainty would 
undermine the Department's goal to support widespread adoption of 
interoperable electronic health record technology. It is our intent and 
expectation that interoperation will, in fact, occur, and we believe 
the safe harbor conditions, in their entirety, promote such 
interoperation. Moreover, routine interoperation with systems other 
than those of the donor may be evidence that neither the donor nor any 
person on the donor's behalf has taken any action to limit or restrict 
the use, compatibility, or interoperability of the items or services 
with other electronic prescribing or electronic health records systems. 
See 42 CFR 1001.952(y)(3).
    Further, we note that the Department is considering a number of 
policies to accelerate and advance interoperability and health 
information exchange. As part of this process, ONC and CMS requested 
input from the public on possible policies and programmatic changes to 
accelerate electronic health information exchange among individuals and 
entities that furnish health care items and services, as well as new 
ideas that would be both effective and feasible to implement. 78 FR 
14793, 14794 (Mar. 7, 2013). We believe that the process initiated by 
ONC and CMS is better suited than this anti-kickback statute safe 
harbor to consider and respond to evolving functionality related to the 
interoperability of electronic health record technology.\3\
---------------------------------------------------------------------------

    \3\ ONC and CMS have subsequently published a ``Strategy and 
Principles to Accelerate HIE'' document.https://www.healthit.gov/policy-researchers-implementers/accelerating-health-information-exchange-hie.
---------------------------------------------------------------------------

    Comment: In response to our solicitation of comments, some 
commenters provided suggestions as to how we could broaden the current 
safe harbor conditions related to data lock-in. Two commenters 
suggested broadening 42 CFR 1001.952(y)(3), which imposes the condition 
that the donor (or any person on the donor's behalf) does not take any 
action to limit or restrict the use, compatibility, or interoperability 
of the items or services with other electronic prescribing or 
electronic health records systems. Specifically, one of the commenters 
suggested that we replace the reference to ``electronic prescribing or 
electronic health records systems'' with ``health information 
technology platforms or other health care providers.'' The commenters 
asserted that this proposed change reflects the development of health 
information technology that may not be classified as an electronic 
health record system, but supports the free exchange of health 
information. These two commenters also suggested that we modify the 
condition at 42 CFR 1001.952(y)(3) to state that neither the donor nor 
the recipient may take any action to limit the interoperability of 
donated items or services and require that the modified condition be 
included as part of the written agreement condition at 42 CFR 
1001.952(y)(6).
    Another commenter suggested amending 42 CFR 1001.952(y)(3) by 
providing a non-exhaustive list of actions that would cause a donation 
not to satisfy this condition and by establishing a process for 
entities to provide the Department with information about potential 
abuses of the safe harbor. A representative of several health plans 
suggested modifying the safe harbor conditions to ensure that, in the 
context of health information exchange, the interoperability condition 
requires that all key stakeholders, including health insurance plans, 
have access to the health information exchange. The commenter suggested 
that we modify the interoperability condition at 42 CFR 1001.952(y)(2) 
to prohibit restrictions on the communication and exchange of data with 
any ``covered entity'' as defined 45 CFR 160.103.
    Response: The current language in the regulatory text prohibits 
donors (or persons on the donor's behalf) from taking any action to 
limit or restrict the use, compatibility, or interoperability of 
donated items or services with other ``electronic prescribing or 
electronic health records systems.'' The term ``electronic prescribing 
or electronic health records systems'' was intended to be broad in 
order to account for developments in the health information technology 
industry. Based on the commenters' suggestions it appears, however, 
that some have read this term more narrowly. This narrow reading is 
inconsistent with our intended meaning. We have always believed and 
continue to believe that an action taken by a donor (or on behalf of 
the donor) that limits the use, compatibility, or interoperability of 
donated items or services with any other health information technology 
may impede the free exchange of data and limit the ability of providers 
and suppliers to coordinate care, which is inconsistent with one of the 
goals of the safe harbor. Therefore, we are clarifying 42 CFR 
1001.952(y)(3) by adding a parenthetical that includes a non-exhaustive 
list of some of the forms of technologies we believe are included 
within the meaning of the current regulatory language. We are not 
adopting the commenters' suggested edit as we do not believe that it is 
necessary in light of the clarification we have made. We also decline 
to modify 42 CFR 1001.952(y)(2) to prohibit restrictions on the 
communication and exchange of data with any covered entity as defined 
at 45 CFR 160.103. We believe that the existing condition at 42 CFR 
1001.952(y)(3), which we have clarified in this final rule as including 
health information technology applications, products, or services, 
promotes interoperability with a variety of providers and suppliers, as 
well as other health care entities that may play a role in the 
coordination of care, including health plans that operate health

[[Page 79215]]

information technology applications, products, or services.
    We are not adopting the commenters' suggestion to modify the safe 
harbor to state that neither the donor nor the recipient may take any 
actions to limit the interoperability of the donated item or service. 
The condition at 42 CFR 1001.952(y)(3) requires the donor (or any 
person on behalf of the donor) to refrain from taking any action that 
limits or restricts the use, compatibility, or interoperability of the 
donated items or services. To the extent that a recipient takes an 
action on the donor's behalf to limit the use, compatibility, or 
interoperability of donated items or services, that donation would fail 
to qualify for protection under the safe harbor. Because we see no 
obvious reason for a recipient to take action to limit the use, 
compatibility, or interoperability of donated items or services other 
than at a donor's behest or as a condition of the donation, we believe 
that any action of this type by a recipient would be suspect. We are 
not making the suggested modification because the concern articulated 
by the commenters is already addressed by the existing regulatory 
language and the policies we are adopting in this final rule. Because 
we are not adopting the commenters' suggestion, we are not making any 
corresponding revisions to require that the recommended provision be 
incorporated into the written agreement condition at 42 CFR 
1001.952(y)(6).
    We are not implementing the suggestion that we provide in 
regulation text examples of actions that may cause a donation not to 
meet the condition of 42 CFR 1001.952(y)(3). Whether a donation meets 
the precise conditions of the safe harbor requires a case-by-case 
analysis and depends on the specific facts of the donation. We 
encourage the reporting of instances when the donor (or any other 
person on behalf of the donor) takes action to limit the 
interoperability of donated items or services, as we believe that 
investigation may establish that, when such lock-in has occurred, 
existing conditions of the safe harbor not have been met. Moreover, any 
action taken to achieve such a result could be evidence of intent to 
violate the anti-kickback statute.
Data Lock-in: Other Comments and Suggestions
    Comment: One commenter objected to the use of the safe harbor to 
address the issue of data lock-in. The commenter contended that data 
lock-in may arise in response to legitimate concerns, such as Health 
Insurance Portability and Accountability Act of 1996 (HIPAA) privacy 
and security rules, liability issues, licensing requirements, and anti-
trust issues. Further, according to the commenter, data lock-in 
conditions may cause uncertainty for donors because parties may not be 
able to determine whether a donation met these conditions until after 
donation.
    Response: Nothing in this final rule is intended to prohibit 
legitimate actions taken to ensure that donated items and services 
appropriately protect data, including measures to ensure the privacy 
and security of health information data. We recognize that there may be 
appropriate security, privacy, and other business reasons to protect 
data. This final rule addresses only actions that inappropriately lock 
in data, for example locking in data to secure future referrals.
    Comment: One commenter expressed support for preventing electronic 
health records data lock-in and the free exchange of data. However, the 
commenter did not agree that additional conditions designed to promote 
these goals would be effective. Instead, the commenter suggested that 
CMS adopt payment models that continue to foster care coordination 
activities.
    Response: We appreciate the commenter's suggestion; however, 
changes to CMS payment models are outside the scope of this OIG 
rulemaking. We note that ONC and CMS in their Request for Information 
solicited input on options for improving several different CMS payment 
models to support better the adoption of interoperable electronic 
health record technology. 78 FR 14793, 14797 (Mar. 7, 2013).
    Comment: Two commenters suggested data lock-in could be limited by 
requiring electronic health record software to be open or ``open 
source.'' Both commenters asserted that open source software would 
limit data lock-in due to the transparent nature of open source 
software. In addition, it would lead to greater interoperability of 
electronic health record systems. One commenter also suggested that we 
require mandatory advance disclosure of the operational and business 
policies and practices associated with the electronic health record 
technologies. One commenter suggested that we adopt the e-DOS standard 
as certification criteria for electronic health records.
    Response: We generally share the commenters' support for free 
exchange of health information, provided that there are appropriate 
protections for privacy and security. However, we are not adopting the 
commenters' recommendations because software certification criteria and 
standards are determined by ONC and are, therefore, outside the scope 
of this rulemaking.
3. Covered Technology
    In the 2013 Proposed Rule, we noted that ``we received questions 
concerning whether certain items or services . . . fall within the 
scope of covered technology under the electronic health records safe 
harbor.'' 78 FR 21314, 21319 (Apr. 10, 2013). There, we stated that 
``[t]he answer to such questions depends on the exact items or services 
that are being donated.'' Id. We referenced the discussion of our 
interpretation of the term ``software, information technology and 
training services necessary and used predominantly'' in the 2006 Final 
Rule. Id. We stated that ``[w]e believe that the current regulatory 
text, when read in light of the preamble discussion, is sufficiently 
clear concerning the scope of covered technology . . . .'' Id. 
Nonetheless, because we have received suggestions from stakeholders to 
modify the regulatory text of the electronic health records safe harbor 
to reflect explicitly this interpretation, we sought comments from the 
public regarding this issue. After considering the public comments with 
respect to this issue, we determined not to make any changes to the 
regulation text to address the scope of covered technology.
    Comment: Several commenters stated that the regulatory text 
describing the scope of technology covered by the safe harbor, when 
read in light of the 2006 Final Rule preamble, is sufficiently clear. 
One of these commenters urged us not to revise the regulation in any 
way that might limit the scope of covered technology, limit the ability 
of donors and recipients in the design and selection of items and 
services, or create barriers to achieving interoperability. Other 
commenters agreed that the current definition of covered technology is 
appropriate, with two of these commenters suggesting that we revisit 
the definition in the future as health information technology evolves. 
Still other commenters asserted that the existing regulatory language 
can be interpreted to include ``services that enable the interoperable 
exchange of electronic health records data;'' thus, no revisions to the 
regulatory text are required. In contrast, one commenter suggested that 
we incorporate into the regulatory text the preamble language from the 
2006 Final Rule where we discussed examples of items and services that 
would qualify for coverage under the safe harbor. Another commenter 
suggested that we revise the regulatory text to include as many 
examples of covered ``software,

[[Page 79216]]

information technology and training services'' as possible while 
emphasizing that the list is not exhaustive.
    Response: We agree that maintaining flexibility is important, 
particularly as health information technology evolves. We endeavor to 
avoid revisions to the regulation text that could inadvertently narrow 
the safe harbor, which is intended to promote the adoption of 
interoperable electronic health record technology. Moreover, our 
interpretation of what is covered by the safe harbor has not changed. 
As we stated in the 2013 Proposed Rule, whether specific items or 
services fall within the scope of covered technology under the safe 
harbor depends on the exact items or services that are being donated. 
78 FR 21314, 21319 (Apr. 10, 2013). If the ``services that enable the 
interoperable exchange of electronic health records data'' are of the 
type that do not meet the requirements for covered technology (for 
example, because they include hardware, storage devices, or have core 
functionality other than electronic health records), they would not be 
eligible for protection under the safe harbor at 42 CFR 1001.952(y).
    For these reasons, we are not revising the regulation text at 42 
CFR 1001.952(y) to identify any specific types of items or services 
that may be donated if the other conditions of the safe harbor are 
satisfied. We are also not modifying the examples identified in the 
preamble discussion in the 2006 Final Rule. 71 FR 45110, 45151-2 (Aug. 
8, 2006). The safe harbor continues to protect nonmonetary remuneration 
in the form of software, information technology and training services 
necessary and used predominantly to create, maintain, transmit, or 
receive electronic health records.
    Comment: A few commenters requested clarification regarding whether 
third-party fees related to the exchange of health information, such as 
health information exchange (HIE) service charges for 
interconnectivity, are ``covered technologies'' under the safe harbor.
    Response: The safe harbor protects only nonmonetary remuneration. 
Whether particular items or services, like interconnectivity services, 
can be donated under the safe harbor depends on the exact item or 
service that is being donated and whether the item or service is: (1) 
In the form of software, information technology and training services; 
and (2) necessary and used predominantly to create, maintain, transmit, 
or receive electronic health records. We caution, however, that the 
donation of items or services, including interconnectivity services 
that are eligible for donation, would not be protected if the 
recipient, the recipient's practice, or any affiliated individual or 
entity makes the receipt, amount or nature of the donated items or 
services a condition of doing business with the donor or if the donor 
determines the eligibility of a recipient or the amount or nature of 
the items or services to be donated in a manner that directly takes 
into account the volume or value of referrals or other business 
generated between the parties. See 42 CFR 1001.952(y)(4) and (5).
    Comment: One commenter suggested that, in addition to maintaining 
as much flexibility as possible, we broaden the scope of the technology 
covered by the safe harbor to include software and services used for 
care coordination, quality measurement, improving population health, or 
improving the quality or efficiency of health care delivery among 
parties. The commenter noted that some of these items may be covered by 
the waivers issued in connection with the Medicare Shared Savings 
Program (MSSP); however, because those waivers extend only to parties 
participating in that program, protection for the donation of items or 
services that advance the Department's goal of encouraging the adoption 
of health information technology that supports public policy objectives 
is not available to other health care industry stakeholders. To advance 
these goals in a broader way, the commenter suggested that the safe 
harbor be expanded to include items potentially covered by the MSSP 
pre-participation waiver, such as electronic health information 
exchanges that allow for electronic data exchange across multiple 
platforms, data reporting systems (including all-payer claims data 
reporting systems), and data analytics (including staff and systems, 
such as software tools, to perform analytic functions). Another 
commenter suggested that we broaden the scope of technology covered by 
the safe harbor to include software separate from the certified 
electronic health record software as long as it is interoperable with 
the electronic health record software. The commenter gave as examples 
of such electronic health-records-associated components ``patient 
portals that support patient engagement, direct and other standards-
compliant means for secure patient information exchange between 
providers, solutions to support transition care, and tools that may 
assist in inter- and intra-patient matching.'' A third commenter urged 
us to consider a broader array of covered technologies, provided that 
they support policy goals such as reducing hospital readmissions and 
coordinated care across settings outside of traditional office 
settings, including telemonitoring and telemedicine. Another commenter 
suggested that we expand the protection of the safe harbor to cover 
``any additional items or services that will be required or helpful in 
meeting Stage 2 or Stage 3 requirements for [the EHR Incentive 
Programs].''
    Response: As stated previously, whether specific items or services 
fall within the scope of covered technology under the safe harbor 
depends on the exact items or services that are being donated. Some of 
the particular items and services that may be included within the broad 
categories identified by the commenters may be eligible for donation. 
For example, if a particular software product related to transitions of 
care was necessary and used predominantly to create, maintain, 
transmit, or receive electronic health records, then it would be 
eligible for donation, provided that the donation met all of the other 
safe harbor conditions. As noted previously in this final rule, 
software is not required to be certified to ONC certification criteria 
in order to be donated under the electronic health records safe harbor. 
Thus, software that is separate from certified software may still be 
eligible for donation if it satisfies the definition of 
``interoperable'' in the Note to paragraph (y) in 42 CFR 1001.952(y). 
To the extent that the commenters suggest that we expand the scope of 
the safe harbor to protect items or services that are not already 
eligible for donation, we note that revision of the safe harbor to 
include such items or services would be outside the scope of this 
rulemaking. In the 2013 Proposed Rule, with respect to the scope of 
technology potentially covered by the safe harbor, we sought input from 
the public regarding the singular issue of ``whether the current 
regulatory text, when read in light of the preamble discussion, is 
sufficiently clear concerning the scope of covered technology.'' 78 FR 
21314, 21319 (Apr. 10, 2013). With regard to whether the scope of the 
covered technology should be broadened, as opposed to clarified, we are 
mindful of the important issues raised by the commenters and may 
consider them in the future. We further note that, depending on the 
circumstances, some of the arrangements described by the commenters may 
fit in other safe harbors or may not implicate the anti-kickback 
statute.
    Comment: One commenter suggested that we define ``equivalent 
technology'' for purposes of the condition in the safe

[[Page 79217]]

harbor that the donor of electronic health record technology may not 
have actual knowledge of, or act in reckless disregard or deliberate 
ignorance of, the fact that the recipient possesses or has obtained 
items or services equivalent to those being donated. This commenter 
also suggested that we prohibit a provider or supplier from seeking or 
accepting a donation before a certain period of time has elapsed since 
the receipt of a previous donation. Another commenter urged us to 
eliminate maintenance and service agreements from the scope of 
potentially protected donations under the safe harbor. In the 
alternative, the commenter suggested that we impose a restriction on 
the time period that donations of such services would be permitted. The 
commenter noted concerns that donors may use ongoing donations of 
maintenance and service agreements to lock in referrals from 
recipients. A commenter that urged us not to extend the availability of 
the safe harbor suggested that we prohibit the donation of all 
technology except interfaces for reporting of laboratory results.
    Response: Although we appreciate the commenters' suggestions, we 
are not making the requested changes. We believe that the modifications 
to and clarifications of 42 CFR 1001.952(y) adopted in this final rule 
and the clarifications offered in this preamble address the concerns 
raised by these commenters.
    Comment: One commenter asserted that the prohibition on donating 
equivalent technology currently included in the safe harbor locks 
physician practices into a vendor, even if they are dissatisfied with 
the technology, because the recipient must choose between paying the 
full amount for a new system and continuing to pay 15 percent of the 
cost of the substandard system. The commenter asserts that the cost 
difference between these two options is too high and effectively locks 
physician practices into electronic health record technology vendors.
    Response: Although we appreciate the commenter's concern, we 
continue to believe that items and services are not ``necessary'' if 
the recipient already possesses the equivalent items or services. 71 FR 
45110, 45123 (Aug. 8, 2006). As stated in the 2006 Final Rule, ``the 
provision of equivalent items and services poses a heightened risk of 
abuse, [because] such arrangements potentially confer independent value 
on the recipient (i.e., the value of the existing items and services 
that might be put to other uses) unrelated to the need for electronic 
health records technology.'' Id. Thus, we retain our policy to preclude 
safe harbor protection in instances when the donor has actual knowledge 
of, or acts in reckless disregard or deliberate ignorance of, the fact 
that the recipient possesses or has obtained equivalent items or 
services. We expect physicians would not select or continue to use a 
substandard system if it posed a threat to patient safety.
    Comment: One commenter referenced the 2013 Proposed Rule's 
statement that ``software or information technology and training 
services necessary and used predominantly for electronic health records 
purposes'' included ``information services related to patient care (but 
not separate research or marketing support services.'' 78 FR 21314, 
21319 (Apr. 10, 2013). The commenter requested that we retract that 
statement and clarify that it is appropriate for health researchers to 
use data in electronic health records for research that is related to, 
for example, evidence-based medicine, population management, or other 
research, provided that the use complies with applicable Federal, 
State, and institutional requirements.
    Response: We decline to retract our statement in the 2013 Proposed 
Rule. To promote adoption of electronic health records while minimizing 
the risk of abuse, the scope of items and services permitted to be 
donated under the safe harbor is limited to items and services in the 
form of software and information technology and training services that 
are ``necessary and used predominantly to create, maintain, transmit, 
or receive electronic health records.'' Donations of software for 
research that is separate from clinical support and information 
services related to patient care are not consistent with the primary 
goals of the safe harbor.
    The electronic health records safe harbor addresses only the 
donation of electronic health records items and services, not the use 
of data. Thus, the portion of the comment related to data use is 
outside the scope of this rulemaking. We note, however, that nothing in 
the safe harbor prohibits the use of data in electronic health record 
systems for research purposes (assuming the parties comply with all 
other applicable laws, including HIPAA privacy and security rules).
    Comment: One commenter asked us to confirm that patient portals are 
within the scope of the technology potentially protected by the safe 
harbor.
    Response: We are not certain what the commenter precisely means by 
``patient portals.'' Patient portals come in a variety of forms; the 
key to the safe harbor analysis is whether the specific item or service 
donated is: (1) In the form of software, information technology and 
training services; and (2) necessary and used predominantly to create, 
maintain, transmit, or receive electronic health records. As we stated 
in the 2006 Final Rule in response to a commenter's recommendation that 
the safe harbor specifically protect the provision of patient portal 
software that enables patients to maintain online personal medical 
records, including scheduling functions (71 FR 45110, 45125 (Aug. 8, 
2006)), nothing in the safe harbor precludes protection for patient 
portal software if it satisfies all of the safe harbor conditions.

E. Comments Outside the Scope of Rulemaking

    In addition to some of the comments noted above, we received 
several comments from stakeholders, including suggestions on policy 
changes, that are outside the scope of this rulemaking. For example, 
one commenter raised concerns about a private insurer's proposed fee 
schedule for laboratory services. Another commenter expressed a concern 
about ``outrageous bills'' the commenter received from a laboratory 
company. While we appreciate the commenters taking time to raise these 
concerns, we will not be addressing them as they are outside the scope 
of this rulemaking.

III. Provisions of the Final Regulations

    For the most part, this final rule incorporates the proposed 
revisions from the 2013 Proposed Rule. Specifically, we update the 
provision under which electronic health records software is deemed 
interoperable by revising 42 CFR 1001.952(y)(2) to remove the phrase 
``recognized by the Secretary'' and replace it with the phrase 
``authorized by the National Coordinator for Health Information 
Technology'' and to replace the 12-month time frame for certification 
of electronic health records software with a requirement that the 
software be certified to an edition of the electronic health record 
certification criteria identified in the then-applicable version of 45 
CFR part 170 (ONC's certification program). Second, we remove from the 
safe harbor the requirement at 42 CFR 1001.952(y)(10) related to 
electronic prescribing capability. Third, we extend the sunset date of 
the safe harbor to December 31, 2021 by modifying 42 CFR 
1001.952(y)(13). Fourth, we limit the scope of protected donors to 
exclude laboratory companies. We are modifying 42 CFR 1001.952(y)(1)(i) 
to effectuate this change. And fifth, we are clarifying the condition 
at 42 CFR 1001.952(y)(3)

[[Page 79218]]

that prohibits a donor from taking any action to limit or restrict the 
use, compatibility, or interoperability of the donated items or 
services.

IV. Waiver of the Delay in the Effective Date

    Ordinarily we provide a delay of at least 30 days in the effective 
date of a final rule after the date that the rule is issued. However, 
the 30-day delay in effective date can be waived if the rule grants or 
recognizes an exemption or relieves a restriction. We believe that it 
is appropriate to waive the 30-day delay in effective date for 42 CFR 
1001.952(y)(13), which relieves a restriction on donations of 
electronic health records items and services. Specifically, this final 
rule amends 42 CFR 1001.952(y)(13) to extend the sunset date of the 
existing safe harbor from December 31, 2013 to December 31, 2021. 
Without a waiver of the requirement for a delayed effective date, the 
entire safe harbor will expire on December 31, 2013 and will not be 
available to protect any ongoing donation arrangements or new donations 
of electronic health records items and services made after December 31, 
2013. By waiving the 30-day delay in effective date, the safe harbor 
will not expire, thereby allowing parties to continue utilizing the 
safe harbor to protect donations of electronic health records items and 
services. We stress, however, that donations of electronic health 
records items and services that occur between January 1, 2014 and the 
effective date of the remaining provisions of this final rule (March 
27, 2014) will need to comply with all the conditions of the existing 
safe harbor. The waiver of the 30-day delay in effective date simply 
serves to maintain the status quo until the rest of this final rule 
becomes effective.
    The 30-day delay in effective date can also be waived if the agency 
finds for good cause that the delay is impracticable, unnecessary, or 
contrary to the public interest, and the agency incorporates a 
statement of the findings and reasons in the rule issued. We find that 
it is unnecessary to provide a 30-day delay in effective date for 42 
CFR 1001.952(y)(13) because an earlier effective date simply allows 
parties to continue making donations under the existing electronic 
health records safe harbor; it does not impose any new requirements or 
restrictions on potentially affected parties. Moreover, we find that a 
30-day delayed effective date for 42 CFR 1001.952(y)(13) is 
impracticable because it would cause the entire safe harbor to expire, 
thereby nullifying this final rule.

V. Regulatory Impact Statement

    We have examined the impact of this final rule as required by 
Executive Order 12866 on Regulatory Planning and Review (Sept. 30, 
1993); Executive Order 13563 on Improving Regulation and Regulatory 
Review (Jan. 18, 2011); the Regulatory Flexibility Act (RFA) (Sept. 19, 
1980, Pub. L. 96-354, codified at 5 U.S.C. 601 et seq.); section 
1102(b) of the Act; section 202 of the Unfunded Mandates Reform Act of 
1995 (Mar. 22, 1995; Pub. L. 104-4); Executive Order 13132 on 
Federalism (August 4, 1999); and the Congressional Review Act (5 U.S.C. 
804(2)).
    Executive Orders 12866 and 13563 direct agencies to assess all 
costs and benefits of available regulatory alternatives and, if 
regulation is necessary, to select regulatory approaches that maximize 
net benefits (including potential economic, environmental, public 
health and safety effects, distributive impacts, and equity). A 
regulatory impact analysis (RIA) must be prepared for major rules with 
economically significant effects ($100 million or more in any 1 year). 
We believe this final rule does not reach the economic threshold for 
being considered economically significant and thus is not considered a 
major rule. It is not economically significant because it will not have 
a significant effect on program expenditures, and there are no 
additional substantive costs to implement the resulting provisions. The 
rule modifies an existing safe harbor, and the modifications would not 
impose significant additional costs on those seeking to use the safe 
harbor. Further, the donation of electronic health records items or 
services and the use of the safe harbor to protect such donations are 
entirely voluntary. In section II, we provide a detailed discussion and 
analysis of the alternatives considered in this final rule, including 
those considered for extending the sunset date of the electronic health 
records safe harbor, limiting the scope of protected donors, and tying 
the timeframe for the deeming provision to ONC's certification program. 
Finally, we received no public comments specific to the RIA set forth 
in the 2013 Proposed Rule.
    This final rule updates (1) the provision under which electronic 
health records software is deemed interoperable; (2) removes the 
requirement related to electronic prescribing capability; (3) extends 
the safe harbor's sunset date to December 31, 2021; (4) limits the 
scope of protected donors to exclude laboratory companies; and (5) 
clarifies the condition that prohibits a donor from taking any action 
to limit or restrict the use, compatibility, or interoperability of the 
items or services. Neither this final rule nor the regulations it 
amends requires any entity to donate electronic health records items 
and services, but we expect these changes to continue to facilitate the 
adoption of electronic health record technology by eliminating 
perceived barriers rather than by creating the primary means by which 
this technology will be adopted.
    The summation of the economic impact analysis regarding the effects 
of electronic health records in the ambulatory setting that is 
presented in the 2006 Final Rule still pertains to this final rule. 71 
FR 45110 (Aug. 8, 2006). However, since the 2006 Final Rule, several 
developments have occurred to make us conclude that it is no longer 
necessary to retain a requirement related to electronic prescribing 
capability in the electronic health records safe harbor. These 
developments include the passage of two laws encouraging adoption of 
electronic prescribing and electronic health-records technology: (1) In 
2008, Congress passed the Medicare Improvements for Patients and 
Providers Act of 2008 (MIPPA), Public Law 110-275; (2) in 2009, 
Congress passed the Health Information Technology for Economic and 
Clinical Health (HITECH) Act, Title XIII of Division A and Title IV of 
Division B of the American Recovery and Reinvestment Act of 2009 
(ARRA), Public Law 111-5. In addition, there has been an increase over 
the past few years in the rate of electronic health record-based 
electronic prescribing capabilities. See, e.g., State Variation in E-
Prescribing Trends in the United States--available at: https://www.healthit.gov/sites/default/files/us_e-prescribingtrends_onc_brief_4_nov2012.pdf.
    As discussed in more detail in the preamble to the 2013 Proposed 
Rule, section 132 of MIPPA authorized an electronic prescribing 
incentive program (starting in 2009) for certain types of eligible 
professionals. The HITECH Act authorized CMS to establish the EHR 
Incentive Programs for certain eligible professionals, eligible 
hospitals, and critical access hospitals. Also, the HITECH Act required 
that eligible professionals under the EHR Incentive Programs 
demonstrate meaningful use of certified electronic health record 
technology, including the use of electronic prescribing. Specifically, 
the final rule for Stage 2 EHR Incentive Programs (77 FR 53968 (Sept. 
4, 2012)) includes more demanding requirements for electronic 
prescribing and identifies

[[Page 79219]]

electronic prescribing as a required core measure. As a result, 
beginning in calendar year 2015, an eligible professional risks a 
reduction in the Medicare Physician Fee Schedule payment amount that 
will otherwise apply for covered professional services if they are not 
a meaningful electronic health record technology user for a reporting 
period during that year. Our intent is to withhold safe harbor 
protection from the donation of items or services that a potential 
recipient already owns, while protecting donation of items and services 
that advance the adoption and use of electronic health records. Lastly, 
according to ONC, electronic prescribing by physicians using electronic 
health record technology has increased from 7 percent in December 2008 
to approximately 48 percent in June 2012. Furthermore, the rules 
recently published to implement Stage 2 of the EHR Incentive Programs 
continue to encourage physicians' use of electronic prescribing 
technology. See 77 FR 53968, 53989 (Sept. 4, 2012); 77 FR 54163, 54198 
(Sept. 4, 2012). However, due to data limitations, we are unable to 
accurately estimate how much the electronic health records safe harbor 
has contributed to the increase in electronic prescribing. We believe, 
as a result of these legislative and regulatory developments advancing 
in parallel, the increase in the adoption of electronic prescribing 
using electronic health record technology will continue without making 
it necessary to retain the electronic prescribing capability 
requirement in the electronic health records safe harbor.
    The RFA generally requires an agency to conduct a regulatory 
flexibility analysis of any rule subject to notice and comment 
rulemaking requirements unless the agency certifies that the rule will 
not have a significant economic impact on a substantial number of small 
entities. For purposes of the RFA, small entities include small 
businesses, certain non-profit organizations, and small governmental 
jurisdictions. Most hospitals and most other providers and suppliers 
are small entities, either by nonprofit status or by having revenues 
below specific limits that range from $7.0 million to $35.5 million 
(depending on the type of entity in question) in any 1 year. 
Individuals and States are not included in the definition of a small 
entity. The Secretary has determined that this final rule would not 
have a significant economic impact on a substantial number of small 
entities. Therefore, the undersigned certifies that this rule will not 
have a significant economic impact on a substantial number of small 
entities.
    In addition, section 1102(b) of the Act requires us to prepare a 
regulatory impact analysis if a rule may have a significant impact on 
the operations of a substantial number of small rural hospitals. This 
analysis must conform to the provisions of section 604 of the RFA. For 
purposes of section 1102(b) of the Act, CMS defines a small rural 
hospital as a hospital that is located outside of a Metropolitan 
Statistical Area for Medicare payment regulations and has fewer than 
100 beds. The Secretary has determined that this final rule would not 
have a significant economic impact on the operations of a substantial 
number of small rural hospitals.
    Title II of the Unfunded Mandates Reform Act of 1995 (UMRA) 
(codified at 2 U.S.C. 1531-1538) establishes requirements for Federal 
agencies to assess the effects of their regulatory actions on State, 
local, and tribal governments and the private sector. Under UMRA, 
agencies must assess a rule's anticipated costs and benefits before 
issuing any rule that may result in aggregate costs to State, local, or 
tribal governments, or the private sector, of greater than $100 million 
in 1995 dollars (currently adjusted to $141 million). This final rule 
imposes no mandates and, as a result, will have no consequential effect 
on State, local, or tribal government or on the private sector of $141 
million or more.
    Executive Order 13132 establishes certain requirements that an 
agency must meet when it issues a final rule that imposes substantial 
direct requirement costs on State and local governments, preempts State 
law, or otherwise has Federalism implications. For the reasons stated 
earlier, this final rule will not have a substantial effect on State or 
local governments, nor does it preempt State law or have Federalism 
implications.
    In accordance with Executive Order 12866, this final rule was 
reviewed by the Office of Management and Budget.

VI. Paperwork Reduction Act

    The provisions in this final rule will not impose any new or 
revised information collection, recordkeeping, or disclosure 
requirements. Consequently, this rule does not need additional Office 
of Management and Budget review under the authority of the Paperwork 
Reduction Act of 1995.

List of Subjects in 42 CFR Part 1001

    Administrative practice and procedure, Fraud, Grant programs--
health, Health facilities, Health professions, Maternal and child 
health, Medicaid, Medicare, Social Security.

    Accordingly, 42 CFR part 1001 is amended as set forth below:

PART 1001--[AMENDED]

0
1. The authority citation for part 1001 continues to read as follows:

    Authority: 42 U.S.C. 1302, 1320a-7, 1320a-7b, 1395u(j), 
1395u(k), 1395w-104(e)(6), 1395y(d), 1395y(e), 1395cc(b)(2)(D), (E) 
and (F), and 1395hh; and sec. 2455, Pub. L. 103-355, 108 Stat. 3327 
(31 U.S.C. 6101 note).


0
2. Section 1001.952 is amended by revising paragraphs (y)(1)(i), 
(y)(2), (y)(3), and (y)(13), and removing and reserving paragraph 
(y)(10), to read as follows:


Sec.  1001.952  Exceptions.

* * * * *
    (y) * * *
    (1) * * *
    (i) An individual or entity, other than a laboratory company, that 
provides services covered by a Federal health care program and submits 
claims or requests for payment, either directly or through 
reassignment, to the Federal health care program; or
* * * * *
    (2) The software is interoperable at the time it is provided to the 
recipient. For purposes of this subparagraph, software is deemed to be 
interoperable if, on the date it is provided to the recipient, it has 
been certified by a certifying body authorized by the National 
Coordinator for Health Information Technology to an edition of the 
electronic health record certification criteria identified in the then-
applicable version of 45 CFR part 170.

[[Page 79220]]

    (3) The donor (or any person on the donor's behalf) does not take 
any action to limit or restrict the use, compatibility, or 
interoperability of the items or services with other electronic 
prescribing or electronic health records systems (including, but not 
limited to, health information technology applications, products, or 
services).
* * * * *
    (10) [Reserved]
* * * * *
    (13) The transfer of the items and services occurs, and all 
conditions in this paragraph (y) have been satisfied, on or before 
December 31, 2021.
* * * * *

    Dated: September 10, 2013.
Daniel R. Levinson,
Inspector General.
    Approved: November 14, 2013.
Kathleen Sebelius,
Secretary.
[FR Doc. 2013-30924 Filed 12-23-13; 4:15 pm]
BILLING CODE 4152-01-P