Medicare and State Healthcare Programs: Fraud and Abuse; Revisions To Safe Harbors Under the Anti-Kickback Statute, and Civil Monetary Penalty Rules Regarding Beneficiary Inducements, 55694-55765 [2019-22027]

Download as PDF 55694 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules DEPARTMENT OF HEALTH AND HUMAN SERVICES Office of Inspector General 42 CFR Parts 1001 and 1003 RIN 0936–AA10 Medicare and State Healthcare Programs: Fraud and Abuse; Revisions To Safe Harbors Under the Anti-Kickback Statute, and Civil Monetary Penalty Rules Regarding Beneficiary Inducements Office of Inspector General (OIG), Department of Health and Human Services (HHS). ACTION: Proposed rule. AGENCY: This proposed rule is being issued by the Office of Inspector General (OIG) in conjunction with the Department of Health and Human Services’ Regulatory Sprint to Coordinated Care. It proposes to add, on a prospective basis only after a final rule is issued, safe harbor protections under the Federal anti-kickback statute for certain coordinated care and associated value-based arrangements between or among clinicians, providers, suppliers, and others that squarely meet all safe harbor conditions. It also would add protections under the anti-kickback statute and civil monetary penalty (CMP) law that prohibits inducements offered to patients for certain patient engagement and support arrangements to improve quality of care, health outcomes, and efficiency of care delivery that squarely meet all safe harbor conditions. The proposed rule would add a new safe harbor for donations of cybersecurity technology and amend the existing safe harbors for electronic health records (EHR) arrangements, warranties, local transportation, and personal services and management contracts. Further, the proposed rule would add a new safe harbor pursuant to a statutory change set forth in the Bipartisan Budget Act of 2018 (Budget Act of 2018) related to beneficiary incentives under the Medicare Shared Savings Program and a new CMP exception for certain telehealth technologies offered to patients receiving in-home dialysis, also pursuant to the Budget Act of 2018. DATES: To ensure consideration, comments must be delivered to the address provided below by 5 p.m. on December 31, 2019. The 75-day period for public comments being set forth in this proposed rule will serve to protect the public’s interest in this rulemaking process by allowing for an opportunity for additional input and SUMMARY: VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 recommendations, without unduly delaying any final rulemaking. ADDRESSES: In commenting, please reference file code OIG–0936–AA10–P. Because of staff and resource limitations, we cannot accept comments by facsimile (fax) transmission. However, you may submit comments using one of three ways (no duplicates, please): 1. Electronically. You may submit electronic comments on this regulation to http://www.regulations.gov. Follow the ‘‘Submit a comment’’ instructions. 2. By regular, express, or overnight mail. You may send written comments to the following address: Office of Inspector General, Department of Health and Human Services, Attention: OIG– 0936–AA10–P, Room 5521, Cohen Building, 330 Independence Avenue SW, Washington, DC 20201. Please allow sufficient time for mailed comments to be received before the close of the comment period. 3. By hand or courier. If you prefer, you may deliver your written comments by hand or courier before the close of the comment period to: Office of Inspector General, Department of Health and Human Services, Cohen Building, Room 5521, 330 Independence Avenue SW, Washington, DC 20201. Because access to the interior of the Cohen Building is not readily available to persons without Federal Government identification, commenters are encouraged to schedule their delivery with one of our staff members at (202) 619–0335. Inspection of Public Comments: All comments received before the end of the comment period will be posted on http://www.regulations.gov for public viewing. Hard copies will also be available for public inspection at the Office of Inspector General, Department of Health and Human Services, Cohen Building, 330 Independence Avenue SW, Washington, DC 20201, Monday through Friday from 8:30 a.m. to 4 p.m. To schedule an appointment to view public comments, phone (202) 619– 0335. FOR FURTHER INFORMATION CONTACT: Jillian Sparks or Meredith Williams, (202) 619–0335. SUPPLEMENTARY INFORMATION: Social Security Act citation United States Code citation 1128B, 1128D, 1102, 1128A. 42 U.S.C. 1320a–7b, 42 U.S.C. 1320a– 7d, 42 U.S.C. 1302, 42 U.S.C. 1320a.–7a. PO 00000 Frm 00002 Fmt 4701 Sfmt 4702 I. Executive Summary A. Purpose and Need for Regulatory Action The Secretary of Health and Human Services (the Secretary) has identified transforming our healthcare system to one that pays for value as one of the top priorities of the Department of Health and Human Services (the Department or HHS). Unlike the traditional fee-forservice (FFS) payment system, which rewards providers for the volume of care delivered, a value-driven healthcare system is one that pays for health and outcomes. Delivering better value from our healthcare system will require the transformation of established practices and enhanced collaboration among providers and other individuals and entities. The purpose of this proposed rule is to modify existing safe harbors to the anti-kickback statute and add new safe harbors and a new CMP law exception to remove potential barriers to more effective coordination and management of patient care and delivery of value-based care that improves quality of care, health outcomes, and efficiency. Since the enactment in 1972 of the Federal anti-kickback statute, there have been significant changes in the delivery of, and payment for, healthcare items and services within the Medicare and Medicaid programs and for non-Federal payors and patients. This has included changes to traditional FFS Medicare (i.e., Medicare Parts A and B), Medicare Advantage, and states’ Medicaid programs. For some time, the Department has worked to align payment under the Medicare program with the quality of the care provided to Federal health care program beneficiaries. Laws such as the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA),1 the Deficit Reduction Act of 2005 (DRA),2 and the Medicare Improvements for Patients and Providers Act of 2008 (MIPPA) 3 are among statutes that guided the Department’s efforts to move toward healthcare delivery and payment reform. The Patient Protection and Affordable Care Act (ACA) 4 required or encouraged significant changes to the Medicare program’s payment systems and provided the Secretary with broad authority to test and implement models to promote reforms, including through the Center for Medicare and Medicaid 1 Public Law 108–173, 117 Stat. 2066. Law 109–171, 120 Stat. 4. 3 Public Law 110–275, 122 Stat. 2494. 4 Public Law 111–148, 124 Stat. 119, as amended by the Health Care and Education Reconciliation Act of 2010 (Pub. L. 111–152, 124 Stat. 1029). 2 Public E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules Innovation (the Innovation Center) within the Centers for Medicare & Medicaid Services (CMS).5 The Department has identified the broad reach of the Federal anti-kickback statute 6 and the CMP law provision prohibiting inducements to beneficiaries, the ‘‘beneficiary inducements CMP,’’ 7 as well as the Federal physician self-referral law (sometimes known as the Stark law),8 as potentially inhibiting beneficial arrangements that would advance the transition to value-based care and improve the coordination of patient care among providers and across care settings in both the Federal health care programs and commercial sectors. Industry stakeholders have informed the Department that, because the consequences of potential noncompliance with the physician selfreferral law and the Federal antikickback statute could be dire, providers, suppliers, and others may be discouraged from entering into innovative arrangements that would improve quality and health outcomes, produce health system efficiencies, and lower costs (or slow their rate of growth). To address these concerns and accelerate the transformation of the healthcare system into one that better pays for value and promotes care coordination, HHS launched a Regulatory Sprint to Coordinated Care (Regulatory Sprint), led by the Deputy Secretary. This Regulatory Sprint aims to remove potential regulatory barriers to care coordination and value-based care created by four key healthcare laws and associated regulations: (i) The physician self-referral law, (ii) the Federal anti-kickback statute, (iii) the Health Insurance Portability and Accountability Act of 1996 (HIPAA),9 and (iv) rules under 42 CFR part 2 related to substance use disorder treatment. Through the Regulatory Sprint, HHS aims to encourage and improve: • A patient’s ability to understand treatment plans and make empowered decisions; 5 The Innovation Center’s purpose is to test innovative payment and service delivery models to reduce the cost of care furnished to patients in the Medicare and Medicaid programs while preserving or enhancing the quality of that care. Using its authority in section 1115A of the Social Security Act (the Act), 42 U.S.C. 1315a, the Innovation Center is testing many healthcare delivery and payment models in which providers, suppliers, and individual practitioners participate. 6 42 U.S.C. 1320a–7b(b). 7 42 U.S.C. 1320a–7a(a)(5). 8 42 U.S.C. 1395nn. 9 Public Law 104–191, 110 Stat. 1936. VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 • providers’ alignment on end-to-end treatment (i.e., coordination among providers along the patient’s full care journey); • incentives for providers to coordinate, collaborate, and provide patients tools to be more involved in their own care; and • information sharing among providers, facilities, and other stakeholders in a manner that facilitates efficient care while preserving and protecting patient access to data. In connection with the Regulatory Sprint, OIG issued a request for information (OIG RFI) regarding the Federal anti-kickback statute and beneficiary inducements CMP on August 27, 2018.10 CMS published a Request for Information Regarding the Physician Self-Referral Law in June 2018 (CMS RFI).11 In the OIG RFI, we sought feedback on ways in which we might modify or add new safe harbors to the Federal anti-kickback statute and exceptions to the beneficiary inducements CMP definition of ‘‘remuneration’’ to foster arrangements that would promote care coordination and advance the delivery of value-based care while also protecting patients and taxpayer dollars against harms caused by fraud and abuse. OIG received 359 comments in response to its RFI from a variety of individuals and organizations. While most commenters strongly asserted the need for regulatory reform to the anti-kickback statute safe harbors and exceptions to the definition of ‘‘remuneration’’ under the beneficiary inducements CMP, a number of commenters acknowledged that increased regulatory flexibility could create program integrity vulnerabilities or increase the risk of harms associated with fraud and abuse and urged OIG to exercise caution and include adequate safeguards in any regulatory proposals. Comments supporting regulatory reform encompassed a number of themes, including requests for: • New safe harbors protecting financial arrangements among parties participating in alternative payment models (APMs), value-based arrangements, and care coordination activities; 10 Medicare and State Health Care Programs: Fraud and Abuse; Request for Information Regarding the Anti-Kickback Statute and Beneficiary Inducements CMP, 83 FR 43607 (Aug. 27, 2018), available at https://oig.hhs.gov/ authorities/docs/2018/RFI_Regarding_AKS_ Beneficiary_Inducements_CMP.pdf. 11 Medicare Program; Request for Information Regarding the Physician Self-Referral Law, 83 FR 29524 (June 25, 2018), available at https:// www.gpo.gov/fdsys/pkg/FR-2018-06-25/pdf/201813529.pdf. PO 00000 Frm 00003 Fmt 4701 Sfmt 4702 55695 • safe harbor protection for financial arrangements with entities not participating in Innovation Center models, including commercial and selfpay APM arrangements; • additional protection for patient tools and supports, such as in-kind items and services to support patient compliance with discharge and care plans, services and supports to address unmet social needs affecting health, and expanded protections under the local transportation safe harbor; • enhanced safe harbor protection for transfers of information technology, data, and cybersecurity tools; • modifications to the current ‘‘patchwork’’ fraud and abuse waiver framework for Innovation Center models and the Medicare Shared Savings Program; and • a variety of protections for pharmaceutical and medical device manufacturer arrangements, including broad protections for drug and medical device manufacturer participation in value-based contracts, pricing arrangements, warranty arrangements, and APMs, as well as protection for coupons and other means of direct copayment assistance to Medicare Part D beneficiaries in certain situations. B. Summary of OIG’s Approach and Proposals These proposed regulations are informed by comments and other internal and external sources of information, as well as our experience interpreting and applying the safe harbors and beneficiary inducements CMP exceptions to a wide variety of arrangements. In developing this proposed rule, OIG has followed several guiding principles. The first guiding principle has been to design proposed safe harbors that allow for beneficial innovations in healthcare delivery. The second guiding principle has been to avoid promulgating safe harbors and exceptions that drive such innovation to limited channels that may not reflect up-to-date understandings in medicine, science, and technology. The third guiding principle has been to design proposed safe harbors useful for a range of individuals and entities engaged in the coordination and management of patient care, including large and small practices and health systems, rural and urban providers and suppliers, primary care physicians and specialists, providers and suppliers contracting with public and private payors, clinically integrated networks, and looser affiliations of providers and suppliers collaborating to coordinate care for patients across the continuum of care. E:\FR\FM\17OCP2.SGM 17OCP2 55696 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules Designing proposed safe harbors with these principles in mind is not without challenges and potential pitfalls, particularly with respect to ensuring sufficient safeguards against potential abuses and harms by those who might misuse the safe harbors. In this proposed rule, we have tried to strike the right balance between flexibility for beneficial innovation and safeguards to protect patients and Federal health care programs. No final determination has yet been made that the balance is correct with respect to each proposed safe harbor. Thus, no final determination has been made that the arrangements described in the proposals are, or should be, exempt from liability under the anti-kickback statute. To aid us in making that determination in a final rule, we solicit public comments throughout this proposed rule about whether we have achieved the proper balance such that the arrangements described in the proposed safe harbors should be protected from criminal liability under the anti-kickback statute. To this end, we caution that these proposed safe harbors remain subject to change through the rulemaking process, and that the types of arrangements described in this proposed rule remain subject to case-by-case review under the anti-kickback statute, and if applicable, the beneficiary inducements CMP, including with respect to the requisite intent of the parties. The proposed safe harbors, if finalized, specifically would address barriers to coordinated and value-based care posed by the Federal anti-kickback statute and the beneficiary inducements CMP and would have no application to any other law. In addition, any final safe harbors would provide only prospective protection. OIG’s mission is to protect the integrity of the Federal health care programs as well as the health and welfare of the people they serve. OIG prevents and detects fraud, waste, and abuse, and promotes economy, effectiveness, and efficiency in HHS programs. Stakeholders, including patients, depend upon OIG to be thoughtful, cautious, and deliberate in promulgating safe harbors to ensure that the arrangements the safe harbors protect do not inappropriately increase costs to the Federal health care programs or patients, corrupt practitioners’ medical judgment, or result in overutilization, inappropriate patient steering, unfair competition, or poor-quality care. These abuses are sometimes characterized as traditional FFS fraud and abuse risks. Model design characteristics common to properly structured value-based payment models could curb some VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 traditional FFS risks. However, valuebased payment models could present other risks, including stinting on care (underutilization), cherry picking lucrative or adherent patients, lemon dropping costly or noncompliant patients, and incentives to manipulate or falsify data used to verify performance and outcomes for payment purposes. In addition, emerging valuebased payment models might present risks not yet identified by OIG or others in the healthcare industry. Many new models combine FFS and value-based payment features, subjecting providers to mixed incentives and potentially posing all or some of the risks raised by volume- and value-based payment. We seek comments on how best to address existing and emerging risks with respect to our proposals below, individually and collectively. Section C of this Executive Summary and sections III and IV of this preamble summarize our specific proposals. Several proposals address particular types of value-based arrangements designed to promote care coordination and allow for outcomes-based payments. We have included a proposed safe harbor for arrangements that engage patients more actively in preventive care and adhering to treatment and care plans developed between them and their healthcare providers. We also are proposing a new safe harbor related to cybersecurity tools, as well as modifications to the existing safe harbors related to personal services arrangements, electronic health records, warranties, and local transportation. Our proposals in this rulemaking focus on ensuring protected arrangements: (i) Promote coordinated patient care and foster improved quality, better health outcomes, and improved efficiency; and (ii) would not be misused to perpetrate fraud and abuse, including, for example, schemes in which patients receive unnecessary or substandard care or Federal health care programs are billed for medically unnecessary items or services. We have sought to strike an effective balance among the goals of clarity, objectivity, flexibility, safeguards (including accountability and transparency), and ease of implementation. OIG and CMS coordinated closely to develop our respective proposed rulemakings in connection with the Regulatory Sprint and strove, where appropriate, to propose consistent terminology for value-based arrangements. In many respects, OIG’s proposed rules for value-based arrangements are different or more restrictive than CMS’s comparable proposals, in recognition of the PO 00000 Frm 00004 Fmt 4701 Sfmt 4702 differences in statutory structures and penalties. For some arrangements, we believe it is appropriate for the antikickback statute, which is a criminal, intent-based statute, to serve as ‘‘backstop’’ protection for arrangements that might be protected by a less restrictive exception to the civil, strict liability physician self-referral law. For any final rule, we would examine our rules in combination with any rules CMS may choose to finalize with the goal of creating an overall regulatory landscape that is well-coordinated and serves the intended purpose to allow for beneficial innovation; that is as streamlined as possible, consistent with program integrity considerations; and that provides strong protections for patients and programs, both in terms of promoting value and ensuring that the Government can take action to protect patients and address fraud or abuse. Arrangements that might be protected by a physician self-referral law exception, but might not be explicitly protected by an anti-kickback statute safe harbor, would not necessarily be unlawful under the anti-kickback statute. They would need to be examined on a case-by-case basis, including with respect to the intent of the parties. We note that OIG’s proposed new safe harbor for cybersecurity items and services and modifications to the existing safe harbor for electronic health record items and services are closely aligned with CMS’ proposals. C. Summary of the Major Provisions 1. Anti-Kickback Statute and Safe Harbors As described in more detail below, we propose to amend 42 CFR 1001.952 by modifying certain existing safe harbors to the anti-kickback statute and by adding safe harbors that would provide new protections or codify an existing statutory protection. Subject to definitions and conditions set forth in the proposed regulations, these proposed changes include: • Three proposed new safe harbors for certain remuneration exchanged between or among participants in a value-based arrangement (as further defined) that fosters better coordinated and managed patient care: (i) Care coordination arrangements to improve quality, health outcomes, and efficiency (1001.952(ee)); (ii) value-based arrangements with substantial downside financial risk (1001.952(ff)); and (iii) value-based arrangements with full financial risk (1001.952(gg)). These proposed safe harbors vary, among other ways, by the types of remuneration protected (in-kind or in-kind and E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules monetary), the level of financial risk assumed by the parties, and the types of safeguards included as safe harbor conditions; • a proposed new safe harbor (1001.952(hh)) for certain tools and supports furnished under patient engagement and support arrangements to improve quality, health outcomes, and efficiency; • a proposed new safe harbor (1001.952(ii)) for certain remuneration provided in connection with a CMSsponsored model, which should reduce the need for OIG to issue separate and distinct fraud and abuse waivers for new CMS-sponsored models; • a proposed new safe harbor (1001.952(jj)) for donations of cybersecurity technology and services; • proposed modifications to the existing safe harbor for electronic health records items and services (1001.952(y)) to add protections for certain cybersecurity technology included as part of an electronic health records arrangement, to update provisions regarding interoperability, and to remove the sunset date; • proposed modifications to the existing safe harbor for personal services and management contracts (1001.952(d)) to add flexibility with respect to outcomes-based payments and part-time arrangements; • proposed modifications to the existing safe harbor for warranties (1001.952(g)) to revise the definition of ‘‘warranty’’ and provide protection for warranties for one or more items and related services; • proposed modifications to the existing safe harbor for local transportation (1001.952(bb)) to expand and modify mileage limits for rural areas and for transportation for discharged patients; and • codification of the statutory exception to the definition of ‘‘remuneration’’ at section 1128B(b)(3)(K) of the Act related to ACO Beneficiary Incentive Programs for the Medicare Shared Savings Program (1001.952(kk)). 2. Civil Monetary Penalty Authorities We propose to amend the definition of ‘‘remuneration’’ in the CMP rules at 42 CFR 1003.110 by interpreting and incorporating a new statutory exception to the prohibition on beneficiary inducements for ‘‘telehealth technologies’’ furnished to certain inhome dialysis patients, pursuant to section 50302(c) of the Budget Act of 2018. We further note that, if finalized, the proposed new safe harbor for patient engagement and support arrangements VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 (1001.952(hh)) and the proposed modifications to the local transportation safe harbor (1001.952(bb)) would by operation of law serve as exceptions to the beneficiary inducements CMP prohibition’s definition of ‘‘remuneration.’’ 3. Costs and Benefits There are no significant costs associated with the proposed regulatory revisions that would impose any mandates on State, local, or Tribal Governments or on the private sector. II. Background A. Anti-Kickback Statute and Safe Harbors Section 1128B(b) of the Act, (42 U.S.C. 1320a–7b(b), the anti-kickback statute), provides for criminal penalties for whoever knowingly and willfully offers, pays, solicits, or receives remuneration to induce or reward the referral of business reimbursable under any of the Federal health care programs, as defined in section 1128B(f) of the Act (42 U.S.C. 1320a–7b(f)). The offense is classified as a felony and is punishable by fines of up to $100,000 and imprisonment for up to 10 years. Violations of the anti-kickback statute also may result in the imposition of CMPs under section 1128A(a)(7) of the Act (42 U.S.C. 1320a–7a(a)(7)), program exclusion under section 1128(b)(7) of the Act (42 U.S.C. 1320a–7(b)(7)), and liability under the False Claims Act (31 U.S.C. 3729–33). The types of remuneration covered specifically include, without limitation, kickbacks, bribes, and rebates, whether made directly or indirectly, overtly or covertly, in cash or in kind. In addition, prohibited conduct includes not only the payment of remuneration intended to induce or reward referrals of patients but also the payment of remuneration intended to induce or reward the purchasing, leasing, or ordering of, or arranging for or recommending the purchasing, leasing, or ordering of, any good, facility, service, or item reimbursable by any Federal health care program. Because of the broad reach of the statute, concern was expressed that some relatively innocuous business arrangements were covered by the statute and, therefore, potentially subject to criminal prosecution. In response, Congress enacted section 14 of the Medicare and Medicaid Patient and Program Protection Act of 1987, Public Law 100–93 (section 1128B(b)(3)(E) of the Act; 42 U.S.C. 1320a–7b(b)(3)(E)), which specifically requires the development and promulgation of PO 00000 Frm 00005 Fmt 4701 Sfmt 4702 55697 regulations, the so-called safe harbor provisions, that would specify various payment and business practices that would not be subject to sanctions under the anti-kickback statute, even though they potentially may be capable of inducing referrals of business for which payment may be made under a Federal health care program. Section 205 of HIPAA established section 1128D of the Act (42 U.S.C. 1320a–7d), which includes criteria for modifying and establishing safe harbors. Specifically, section 1128D(a)(2) of the Act provides that, in modifying and establishing safe harbors, the Secretary may consider whether a specified payment practice may result in: • An increase or decrease in access to healthcare services; • an increase or decrease in the quality of healthcare services; • an increase or decrease in patient freedom of choice among healthcare providers; • an increase or decrease in competition among healthcare providers; • an increase or decrease in the ability of healthcare facilities to provide services in medically underserved areas or to medically underserved populations; • an increase or decrease in the cost to Federal health care programs; • an increase or decrease in the potential overutilization of healthcare services; • the existence or nonexistence of any potential financial benefit to a healthcare professional or provider, which benefit may vary depending on whether the healthcare professional or provider decides to order a healthcare item or service or arrange for a referral of healthcare items or services to a particular practitioner or provider; or • any other factors the Secretary deems appropriate in the interest of preventing fraud and abuse in Federal health care programs. We have considered these factors in designing our proposals. We are interested in public comments on these factors as they relate to our proposals. Properly structured and operated, we believe that the arrangements we propose to protect have the potential to increase access to care, increase quality of care, aid in the provision of items and services in underserved areas and to underserved populations, decrease costs to Federal health care programs, and decrease the potential for overutilization of healthcare services. We are concerned about reduced patient freedom of choice among providers, potential decreases in competition among health providers, and potential financial benefits to E:\FR\FM\17OCP2.SGM 17OCP2 55698 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules healthcare professionals or providers that may vary inappropriately based on their ordering decisions. We solicit comments on whether or not our proposals adequately address these or other undesired effects; if commenters believe the proposals would not adequately address these effects, we solicit comments on the degree to which such effects might occur and on additional safeguards to mitigate them. In giving the Department the authority to protect certain arrangements and payment practices under the antikickback statute, Congress intended the safe harbor regulations to be updated periodically to reflect changing business practices and technologies in the healthcare industry.12 Since July 29, 1991, there have been a series of final regulations published in the Federal Register establishing safe harbors in various areas.13 These safe harbor provisions have been developed ‘‘to limit the reach of the statute somewhat by permitting certain non-abusive arrangements, while encouraging beneficial or innocuous arrangements.’’ 14 Healthcare providers and others may voluntarily seek to comply with final safe harbors so that they have the assurance that their business practices would not be subject to any antikickback enforcement action. Compliance with an applicable safe harbor insulates an individual or entity 12 H.R. Rep. No. 100–85, Pt. 2, at 27 (1987). and State Health Care Programs: Fraud and Abuse; OIG Anti-Kickback Provisions, 56 FR 35952 (July 29, 1991); Medicare and State Health Care Programs: Fraud and Abuse; Safe Harbors for Protecting Health Plans, 61 FR 2122 (Jan. 25, 1996); Federal Health Care Programs: Fraud and Abuse; Statutory Exception to the Anti-Kickback Statute for Shared Risk Arrangements, 64 FR 63504 (Nov. 19, 1999); Medicare and State Health Care Programs: Fraud and Abuse; Clarification of the Initial OIG Safe Harbor Provisions and Establishment of Additional Safe Harbor Provisions Under the AntiKickback Statute, 64 FR 63518 (Nov. 19, 1999); 64 FR 63504 (Nov. 19, 1999); Medicare and State Health Care Programs: Fraud and Abuse; Ambulance Replenishing Safe Harbor Under the Anti-Kickback Statute, 66 FR 62979 (Dec. 4, 2001); Medicare and State Health Care Programs: Fraud and Abuse; Safe Harbors for Certain Electronic Prescribing and Electronic Health Records Arrangements Under the Anti-Kickback Statute, 71 FR 45109 (Aug. 8, 2006); Medicare and State Health Care Programs: Fraud and Abuse; Safe Harbor for Federally Qualified Health Centers Arrangements Under the Anti-Kickback Statute, 72 FR 56632 (Oct. 4, 2007); Medicare and State Health Care Programs: Fraud and Abuse; Electronic Health Records Safe Harbor Under the Anti-Kickback Statute, 78 FR 79202 (Dec. 27, 2013); and Medicare and State Health Care Programs: Fraud and Abuse; Revisions to the Safe Harbors Under the Anti-Kickback Statute and Civil Monetary Penalty Rules Regarding Beneficiary Inducements, 81 FR 88368 (Dec. 7, 2016). 14 Medicare and State Health Care Programs: Fraud and Abuse; OIG Anti-Kickback Provisions, 56 FR at 35958. 13 Medicare VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 from liability under the anti-kickback statute and the beneficiary inducements CMP only; individuals and entities remain responsible for complying with all other laws, regulations, and guidance that apply to their businesses. In developing our proposals, we have taken into account information gleaned from a variety of sources: Industry stakeholder input, including through comments to the OIG RFI; learnings from OIG’s work (e.g., fraud and abuse waivers for the Medicare Shared Savings Program and Innovation Center models, investigative and oversight work applying the fraud and abuse laws, and audits and evaluations of program effectiveness and efficiency); expertise from CMS and other HHS agencies; and other sources, including literature on care coordination and value-based payments. B. Civil Monetary Penalty Authorities 1. Overview of OIG Civil Monetary Penalty Authorities In 1981, Congress enacted the CMP law, section 1128A of the Act, 42 U.S.C. 1320a–7a, as one of several administrative remedies to combat fraud and abuse in Medicare and Medicaid. The law authorized the Secretary to impose penalties and assessments on persons who defrauded Medicare or Medicaid or engaged in certain other wrongful conduct. The CMP law also authorized the Secretary to exclude persons from Federal health care programs (as defined in section 1128B(f) of the Act, 42 U.S.C. 1320a–7b(f)) and to direct the appropriate State agency to exclude the person from participating in any State healthcare programs (as defined in section 1128(h) of the Act, 42 U.S.C. 1320a–7(h)). Congress later expanded the CMP law and the scope of exclusion to apply to all Federal health care programs, but the CMP applicable to beneficiary inducements remains limited to Medicare and State healthcare program beneficiaries. Since 1981, Congress has created various other CMP authorities covering numerous types of fraud and abuse. 2. The Beneficiary Inducements CMP and the Definition of ‘‘Remuneration’’ Section 1128A(a)(5) of the Act, 42 U.S.C. 1320a–7a(a)(5), the ‘‘beneficiary inducements CMP,’’ provides for the imposition of civil monetary penalties against any person who offers or transfers remuneration to a Medicare or State healthcare program (including Medicaid) beneficiary that the benefactor knows or should know is likely to influence the beneficiary’s selection of a particular provider, PO 00000 Frm 00006 Fmt 4701 Sfmt 4702 practitioner, or supplier of any item or service for which payment may be made, in whole or in part, by Medicare or a State healthcare program (including Medicaid). Section 1128A(i)(6) of the Act, 42 U.S.C. 1320a–7a(i)(6), defines ‘‘remuneration’’ for purposes of the beneficiary inducements CMP as including ‘‘transfers of items or services for free or for other than fair market value.’’ Section 1128A(i)(6) of the Act also includes a number of exceptions to the definition of ‘‘remuneration.’’ Pursuant to section 1128A(i)(6)(B) of the Act, any practice permissible under the anti-kickback statute, whether through statutory exception or regulations issued by the Secretary, is also excepted from the definition of ‘‘remuneration’’ for purposes of the beneficiary inducements CMP. However, no parallel exception exists in the anti-kickback statute. Thus, the exceptions in section 1128A(i)(6) of the Act apply only to the definition of ‘‘remuneration’’ applicable to section 1128A. Relevant to this proposed rulemaking, the Budget Act of 2018 created a new exception to the definition of ‘‘remuneration’’ for purposes of the beneficiary inducements CMP. This exception applies to ‘‘telehealth technologies’’ provided on or after January 1, 2019, by a provider of services or a renal dialysis facility to an individual with end-stage renal disease (ESRD) who is receiving home dialysis for which payment is being made under Medicare Part B. III. Provisions of the Proposed Rule: Anti-Kickback Statute Safe Harbors A. Value-Based Framework This section provides background on, and an overarching summary of, the framework for value-based arrangements set forth in this proposed rulemaking; explains proposed terminology used in certain proposed safe harbors; and explains the specific safe harbor proposals to protect value-based arrangements (as defined in proposed paragraph 1001.952(ee)) designed to foster better care at lower cost through improved care coordination for patients. Our proposals endeavor to remove real or perceived regulatory barriers to promote flexible, industry-led innovation in the delivery of more efficient and better coordinated healthcare. Further, consistent with emerging understandings of the benefits of better care coordination and the increasing adoption of value-based care and payment models in the healthcare industry, our proposals may support a more rapid transition from volume (e.g., E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules FFS reimbursement for office visits, tests, or procedures) toward value (e.g., paying for patient or population outcomes). 1. Anti-Kickback Statute Implications of Care Coordination and the Value-Based Framework Better care coordination—including more effective transitions for patients across the care continuum, less duplication of items and services, and open sharing of health data (consistent with privacy and security rules)—is integrally connected to advancing the transition to a value-based healthcare system. Care coordination arrangements, especially when linked to appropriate clinical or other value-driven outcomes, can help improve health and the patient experience of care; enable providers to participate successfully in value-based care and payment models; and advance the goals of value-based care: Delivering better health outcomes and maximizing desirable efficiency in healthcare delivery. For example, OIG’s recent report entitled, ‘‘ACOs’ Strategies for Transitioning to Value-Based Care: Lessons From the Medicare Shared Savings Program,’’ 15 highlights the tools—including care coordination arrangements—that certain accountable care organizations (ACOs) under the Medicare Shared Savings Program have deployed successfully to reduce costs and improve quality. Many of the strategies discussed in this report involve care coordination, care management, and patient engagement, including: engaging beneficiaries to improve their own health, managing beneficiaries with costly or complex care needs to improve their health outcomes, addressing behavioral health needs and social determinants of health, and using technology to increase information sharing among providers.16 Because care coordination often involves arrangements between providers that refer Federal health care program patients to one another and an exchange of remuneration, the antikickback statute may be implicated. Moreover, providing patients with remuneration to engage and support them in achieving better health outcomes may implicate both the antikickback statute and the beneficiary inducements CMP. 15 OIG, ACOs’ Strategies for Transitioning to Value-Based Care: Lessons From the Medicare Shared Savings Program (July 2019), available at https://oig.hhs.gov/oei/reports/oei-02-15-00451.pdf. 16 Id. VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 2. Balancing Innovation With Protection Against Fraud and Abuse Risks To remove regulatory barriers to care coordination and support value-based arrangements, we are faced with the challenge of designing safe harbor protections for emerging healthcare arrangements. The optimal form, design, and efficacy of such emerging arrangements remain unknown or unproven. This is a key challenge of regulating during a period of innovation and experimentation. The challenge of designing appropriate safe harbors is exacerbated by: The substantial variation in care coordination and value-based arrangements contemplated by the healthcare industry (meaning that one-size-fits-all safe harbor designs may be less than optimal), variation among patient populations and provider characteristics, emerging health technologies and data capabilities, the still-developing science of quality and performance measurement, and our desire not to chill beneficial innovation. It is sometimes difficult to gauge fraud and abuse risk in a rapidly evolving environment of substantial innovation, experimentation, and deployment of technology and digital data. In some cases, innovations and the availability of more actionable, transparent data may enhance program integrity and protect against fraud and abuse. There is a compelling concern that uncertainty and regulatory barriers—real or perceived—could prevent the best and most efficacious innovations from emerging and being tested in the marketplace. Our goal is to craft safe harbors that, if finalized, would protect arrangements that promote value, while also protecting against fraud, abuse and associated harms. Over time, we expect that best practices in care coordination and value-based payment will emerge. 3. Overview of Proposed Safe Harbors We are proposing safe harbors for value-based arrangements, with greater flexibilities available to parties as they assume more downside financial risk for the cost and quality of care. This ‘‘tiered’’ structure is intended to support the transformation of industry payment systems and takes into account that arrangements involving higher levels of downside risk curb, at least to some degree, FFS incentives to order medically unnecessary or overly costly items and services. We propose these safe harbors, recognizing that the transition from an FFS to a value-based care and payment system will take time. Where parties may have both FFS and value-based payment incentives, we believe assuming downside financial PO 00000 Frm 00007 Fmt 4701 Sfmt 4702 55699 risk from a payor for items and services furnished to patients helps mitigate incentives that often drive fraud and abuse present in traditional FFS. For the purposes of this rule, the proposed safe harbors that require assumption of risk focus on value-based arrangements with substantial downside financial risk (1001.952(ff)) and valuebased arrangements at full financial risk (1001.952(gg)). While these proposed safe harbors largely focus on the assumption of downside financial risk, we understand that participants in value-based arrangements may assume certain types of risk other than downside financial risk for items and services furnished to a target patient population (e.g., upside risk, clinical risk, operational risk, contractual risk, or investment risk). We believe that our focus on downside financial risk is appropriate because the assumption of downside financial risk may shift the incentives that serve to influence those making the referring and ordering decisions, the conduct at the center of the antikickback statute. We solicit comments on whether, for purposes of a final rule, other types of risk would have a comparable effect. We are particularly interested in fact patterns that illustrate how other types of risk would operate to change ordering or referring behaviors of providers and suppliers that might still be paid on an FFS basis or otherwise help ensure that safeharbored arrangements would serve appropriate value-based purposes. Remuneration has at least two dimensions relevant to this proposed rulemaking: (i) Payments by payors; and (ii) remuneration exchanged between clinicians, providers, suppliers, and others. Payor payments that drive toward value include capitated payments and global budgets at one end of the ‘‘value-based payments’’ spectrum; shared savings and bundled payment mechanisms in the middle; and bonuses and reductions applied to FFS payments at the other end of the spectrum. Examples of remuneration exchanged among clinicians, providers, suppliers, and others include sharing staff, such as care coordinators, or technology, such as data analytics tools, to improve quality or efficiency or to achieve other performance or outcomes targets, whether set by payors or among themselves. In some cases, these parties also may have value-based payment arrangements among themselves, such as gainsharing or shared savings agreements. We are proposing a suite of safe harbors that, if finalized, would address a variety of scenarios. Collectively, we E:\FR\FM\17OCP2.SGM 17OCP2 55700 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules believe these proposed safe harbors, in combination with existing safe harbors, would provide pathways for protection for most beneficial care coordination and value-based care and payment arrangements. In crafting these safe harbors, we have endeavored to be agnostic with respect to the composition of the value-based enterprise (VBE), a concept and defined term described further below, and scope of protected value-based arrangements to allow for innovation and experimentation in the healthcare marketplace and to foster a level playing field for those seeking safe harbor protection, whether they are large health systems or individual practitioners. The proposed safe harbors would cover value-based arrangements involving both publicly and privately insured patients. The first proposed safe harbor, at 1001.952(ee), covers care coordination arrangements to improve quality, health outcomes, and efficiency (‘‘care coordination arrangements’’ safe harbor). It covers certain in-kind remuneration, including services and infrastructure. The second proposed safe harbor, at 1001.952(ff), with greater flexibility, covers certain in-kind and monetary arrangements where the VBE is at substantial downside financial risk from a payor (as defined). The third proposed safe harbor, at 1001.952(gg), is for in-kind and monetary arrangements where the VBE is at full downside financial risk from a payor and allows for even more flexibility. In addition, we propose to protect certain outcomesbased compensation (regardless of whether it meets the criteria for substantial downside financial risk) under the rubric of ‘‘outcomes-based payments’’ through proposed modifications to the personal services and management contracts safe harbor at 1001.952(d), as discussed in the section III.J. below. We are mindful of the role patient engagement can play in improved coordination of patient care and health outcomes. Thus, we are proposing a safe harbor at 1001.952(hh) for arrangements for patient engagement and support to improve quality, health outcomes, and efficiency (the ‘‘patient engagement and support’’ safe harbor). We are further proposing a separate safe harbor at 1001.952(ii) for care delivery and payment arrangements as well as beneficiary incentives pursuant to certain CMS-sponsored models, including Innovation Center models. This proposed safe harbor would largely, if not entirely, replace OIG’s current model-by-model fraud and abuse waiver process for CMSsponsored models. The requirements of VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 each proposed safe harbor are discussed in detail below. As always, all safe harbor conditions would need to be precisely met for safe harbor protections to apply. Many value-based arrangements and activities may qualify for existing safe harbor protections, including under the employees safe harbor (1001.952(i)), the EHR items and services safe harbor (1001.952(y)), the personal services and management contracts safe harbor (1001.952(d)), the local transportation safe harbor (1001.952(bb)), and the several safe harbors pertaining to health plans and managed care organizations set forth at 1001.952(l), (m), (t), and (u). Many others may not raise anti-kickback issues at all if they do not relate to Federal health care program beneficiaries or are not tied in any way to the volume or value of Federal health care program business. (Likewise, with respect to compliance with the beneficiary inducements CMP, patient engagement and support arrangements and activities may fit in existing exceptions to the CMP law, may be within applicable nominal value limits, or may not raise concerns under that statute if they do not relate to Medicare or Medicaid patients or are not likely to influence the selection of providers, practitioners, or suppliers.) In the next section, we describe the proposed definitions for several key terms used in the proposed safe harbors for value-based arrangements at proposed paragraphs 1001.952(ee), (ff), and (gg) for care coordination arrangements, value-based arrangements with substantial downside financial risk, and value-based arrangements at full financial risk, respectively. We then describe each proposed safe harbor in detail. Related proposed modifications to the personal services and management contracts safe harbor (1001.952(d)) for outcomes-based payments (where there is no substantial downside financial risk) are described at section III.J. The patient engagement and support safe harbor is described at section III.F. The proposed safe harbor for CMS-sponsored models, including Innovation Center models, is described at section III.G. B. Proposed Value-Based Terminology (1001.952(ee)) We propose definitions for key terms in paragraph 1001.952(ee). These terms are used consistently in several proposed safe harbors. The proposed defined terms are intended to work in conjunction with one another to describe the universe of value-based arrangements potentially eligible for proposed safe harbor protection and of PO 00000 Frm 00008 Fmt 4701 Sfmt 4702 individuals and entities that can engage in protected arrangements, provided all conditions of a specific safe harbor are squarely met. Generally speaking, when read together, the proposed terminology and safe harbors are intended to protect care coordination and support value-based arrangements where, as a threshold matter, the arrangements are under the auspices of a VBE (of any size, and as further defined in proposed paragraph 1001.952(ee)) that is essentially a network of participants (such as clinicians, providers, or suppliers) that has agreed to collaborate to, for example: (i) Put the patient at the center of care through improved care coordination, (ii) increase efficiencies in the delivery of care, and (iii) improve quality of care and health outcomes for patients or populations. The VBE has value-based purposes and its participants enter into value-based arrangements for value-based activities to further those purposes. Wherever possible and appropriate, it is our intent to align our proposed value-based terminology with those that CMS proposes in its notice of proposed rulemaking regarding the physician selfreferral law, ‘‘Modernizing and Clarifying the Physician Self-Referral Regulations.’’ Because of the close nexus between the value-based terminology in our proposed rule and CMS’s proposed terminology, we may also consider for purposes of making determinations for a final rule comments submitted about value-based terminology in response to CMS’s proposed rule. We use the term ‘‘value-based’’ in our proposed terminology in a nontechnical way to signal value produced through improved care coordination, improved health outcomes, lower costs or reduced growth of costs for patients and payors, and improved efficiencies in the delivery of care. We recognize that our use of the words ‘‘value’’ and ‘‘value-based’’ here do not necessarily capture all dimensions of value in healthcare. We solicit comments on our approach, as well as comments on whether we should define ‘‘value’’ specifically in the final rule, and if so, how best to define ‘‘value’’ as it pertains to care coordination and value-based payment. For example, we are considering for the final rule whether ‘‘value’’ should be defined with reference to financial arrangements under advanced APMs (whether HHS or other payor models). 1. Value-Based Enterprise (VBE) We propose to use the term ‘‘valuebased enterprise’’ to describe the E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules network of individuals and entities that collaborate together to achieve one or more value-based purposes (as defined in proposed paragraph 1001.952(ee)). As defined in this rulemaking, and as a general matter, the VBE would delineate the universe of individuals and entities participating in arrangements eligible for safe harbor protection, if all safe harbor conditions are fully met. The VBE also would be accountable for ensuring that such protected arrangements are conducted under the auspices of the VBE. a. Two or More VBE Participants First, we propose that VBE would mean two or more VBE participants (as defined in proposed paragraph 1001.952(ee)) that are collaborating to achieve at least one value-based purpose. VBEs may take many different forms, and we intend for the definition of ‘‘VBE’’ to be flexible. For example, a VBE could be as small as two individual physician practices collaborating to coordinate care for shared patients. The same term also could cover a formal or informal network of hospital systems, post-acute care providers, and physician practices. An accountable care organization or health system comprised of hospitals and physician practices, for example, could also constitute a VBE. b. Party to a Value-Based Arrangement Second, we propose that each VBE participant in the VBE must be a party to a value-based arrangement (as defined below) with at least one other VBE participant from the same VBE. In the case of a VBE comprised of two VBE participants, the two VBE participants would need to be engaged in a valuebased arrangement with each other. We intend for this criterion to ensure that parties qualifying as part of a VBE are contributing to a value-based arrangement. Consistent with our intention to provide flexibility for innovation, VBE participants could engage in one or multiple value-based arrangements, so long as all of the valuebased arrangements further the valuebased purpose(s) of the VBE. c. Accountable Body Third, we propose that the VBE must have an accountable body (such as a board of directors or other governing body) or person (which, depending on the size and scope of the VBE, may be an entity, such as a hospital or physician practice that is among the VBE participants, or an individual) responsible for financial and operational oversight of the VBE. As part of its oversight role, we expect that the accountable body or responsible person VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 would serve as the ‘‘gatekeeper’’ to the VBE, with a process and criteria to ensure that those admitted to the VBE after its formation as VBE participants have a legitimate role in the VBE and in VBE arrangements and that VBE participants are not participants in name only. In addition to ensuring operational and financial oversight, we believe the accountable body or responsible person would be positioned to identify program integrity issues and to initiate action to address them, as necessary and appropriate. We are considering for the final rule, and solicit comment on, whether the VBE or its participants should be required to have a compliance program that covers at least those value-based arrangements for which safe harbor protection is sought and whether the accountable body or person should have responsibility for the compliance program. The arrangements that would be protected by these proposed safe harbors would not have the benefit of programmatic oversight comparable to CMS-sponsored models. Accordingly, we view this accountability criterion as important to ensure that arrangements operate for their designated value-based purpose(s) and as a key safeguard to ensure that value-based arrangements are aligned with at least one value-based purpose and not misused for purposes that raise program integrity concerns (e.g., arrangements that encourage providers to steer patients in ways that are not in the patients’ best interests or stint on medically necessary care). The oversight role may include, depending on the applicable proposed safe harbor at 42 CFR 1001.952(ee), (ff), and (gg) and how the applicable VBE effectuates safe harbor requirements, monitoring whether VBE participants are performing under their value-based arrangements in a manner that furthers the coordination and management of care for the target patient population. We are considering for the final rule a requirement that all VBE participants affirmatively recognize the oversight role of the accountable body or responsible person and explicitly agree to cooperate with its oversight efforts (e.g., by requiring the inclusion of a statement to this effect in the applicable written agreement). We also are considering for the final rule whether the accountable body or responsible person (or some other party or parties to value-based arrangements addressed by the proposed safe harbors) should have more specific oversight responsibilities, such as oversight related to utilization of items and services, cost, quality of care, patient experience, adoption of technology, and PO 00000 Frm 00009 Fmt 4701 Sfmt 4702 55701 the quality, integrity, privacy, and security of data related to the arrangement (such as outcomes, quality, and payment data). To facilitate effective oversight, we are considering for the final rule whether VBEs should be required to implement reporting requirements for their VBE participants or mechanisms for obtaining access to, and verifying, VBE participant data concerning performance under any value-based arrangement. We welcome comments on this approach or any different or additional actions that may help ensure effective ongoing oversight. We intend for VBEs to implement the criterion regarding the accountable body or responsible person in a manner that is tailored to the complexity and sophistication of the VBE. For example, a VBE involving two physician practices with a single value-based arrangement could designate one of the physician practices (or its compliance professional) as the individual responsible for this oversight. Where the VBE is larger and involves numerous sophisticated entities, it might be advisable and a best practice to create a separate governing body to serve as the accountable body, overseeing the VBE. The proposed definition of ‘‘VBE’’ does not require the VBE’s accountable body or responsible person to be independent of the interests of individual VBE participants (which would preclude a VBE participant from acting as the accountable body or responsible person) or to have a distinct duty of loyalty to the VBE. However, to provide further assurances that a VBE’s accountable body or responsible person is acting in furtherance of the VBE’s value-based purpose(s) and not any one VBE participant’s individual interests, we are considering for the final rule imposing a standard requiring either independence or a duty of loyalty as a criterion of this definition or as a safe harbor requirement. We solicit comments on the benefits, burdens, and challenges of this approach. d. Governing Document Fourth, we propose that each VBE must have a governing document that describes the VBE and how the VBE participants intend to achieve its valuebased purpose(s). The intent of this requirement is to provide transparency regarding the structure of the VBE, the VBE’s value-based purpose(s), and the VBE participants’ roadmap for achieving such purpose(s). This document may include any other terms the VBE participants deem important. The governing document need not be formal bylaws or in another specific format. E:\FR\FM\17OCP2.SGM 17OCP2 55702 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules Written documentation recording the terms of a value-based arrangement may serve as the required VBE governing document, provided it describes the enterprise and how the parties intend to achieve its value-based purpose(s). e. VBE’s Assumption of Downside Financial Risk Lastly, we note that two of our proposed safe harbors require that a VBE has assumed downside financial risk from a payor. We anticipate that VBEs could contract with payors and other entities in a variety of ways. For example, a VBE comprised of a large number of VBE participants across a range of healthcare settings might create a standalone legal entity that enters into contracts directly with payors on the VBE participants’ behalf. Alternatively, one VBE participant might contract with payors on behalf of other VBE participants within the VBE. In the latter example, the VBE would still be required to be at risk, but it would be through one of its VBE participants rather than through a contract directly with the payor. 2. Value-Based Arrangement The proposed safe harbors at 42 CFR 1001.952(ee), (ff), and (gg) would protect remuneration paid or exchanged pursuant to a ‘‘value-based arrangement’’ if all conditions are met. We propose to define a value-based arrangement as ‘‘an arrangement for the provision of at least one value-based activity for a target patient population between or among: (A) The value-based enterprise and one or more of its VBE participants; or (B) VBE participants in the same value-based enterprise.’’ We intend for these requirements to ensure that each value-based arrangement is aligned with the VBE’s value-based purpose(s) and subject to its financial and operational oversight. Our proposed definition is intended to capture arrangements for care coordination and certain other value-based activities among VBE participants within the same VBE. Addressing each requirement of the definition in turn, we first propose to require that the value-based arrangement include at least one valuebased activity (as defined in proposed paragraph 1001.952(ee)) to be undertaken by the parties. We would expect that many value-based arrangements would be comprised of multiple value-based activities. Second, we propose that the valuebased arrangement’s value-based activities must be undertaken with respect to a target patient population (as defined in proposed paragraph VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 1001.952(ee)). That is, the value-based arrangement, and its value-based activities, must be tailored to meet the needs of a defined patient population. This element further ties the valuebased arrangement to care coordination of patients and value-based goals. We note that the definition of ‘‘value-based arrangement’’ is broad enough to cover commercial and private insurer arrangements. 3. Target Patient Population We propose to define ‘‘target patient population’’ as ‘‘an identified patient population selected by the VBE or its VBE participants using legitimate and verifiable criteria that: (A) Are set out in writing in advance of the commencement of the value-based arrangement; and (B) further the valuebased enterprise’s value-based purpose(s).’’ Our intent in defining this term is to protect value-based arrangements that serve an identifiable patient population for whom the valuebased activities likely would improve health outcomes or lower costs (or both). By using the terms ‘‘legitimate and verifiable,’’ we seek to ensure the target patient population selection process is transparent and that VBE participants select their target patient population in an objective manner based on criteria that further the applicable value-based arrangement’s value-based purpose(s). If VBE participants selectively include patients in a target patient population for purposes inconsistent with the objectives of a properly structured value-based arrangement (e.g., cherry picking or lemon dropping patients), we would not consider such a selection process to be based on ‘‘legitimate and verifiable criteria that further the valuebased enterprise’s value-based purpose(s).’’ This proposed definition is not limited to Federal health care program beneficiaries. For example, VBE participants seeking to enhance access to, and usage of, primary care services for patients concentrated in a certain geographic region might base the target patient population on ZIP Code or county of residence. If a value-based arrangement is focused on enhancing care coordination for patients with a chronic disease, the target patient population might be patients with that disease (e.g., congestive heart failure). VBE participants might also, for example, use data to identify a target patient population at increased risk of developing a chronic disease for improved care coordination under a value-based arrangement. PO 00000 Frm 00010 Fmt 4701 Sfmt 4702 We are considering for the final rule and solicit comments on limiting the definition of ‘‘target patient population’’ to patients with a chronic condition, or alternatively, limiting any or all of the proposed safe harbors that use the target patient population definition to valuebased arrangements for patients with a chronic condition. We might effectuate this approach through changes to the scope of the target patient population definition or other definitions, including value-based activity, valuebased arrangement, and value-based purpose. This alternative proposal is in recognition that patients with chronic conditions may be more susceptible to comorbidities, requiring care across the health spectrum, and thus most likely to benefit from the care coordination central to this proposed rule. To the extent we include such a limitation in the final rule, either by definition or through a safe harbor requirement, we are considering how to define ‘‘chronic condition,’’ and whether OIG should cross-reference other Medicare or Medicaid program guidelines or rules related to chronic conditions. In particular, we are considering and seek comment on defining ‘‘chronic condition’’ as the list of 15 Special Needs Plans (SNP)-specific chronic conditions developed by the SNP Chronic Condition Panel, as may be modified from time to time.17 As new chronic conditions are identified, and as existing conditions benefit from lifeprolonging technological advances, we are mindful that any definition of ‘‘chronic condition’’ might need flexibility to expand to remain appropriately inclusive and consistent with clinical understandings. As an additional alternative, we are considering for purposes of the final rule, and solicit comments on, limiting the definition of ‘‘target patient population’’ to patients with a shared disease state that would benefit from care coordination. We seek comment on how best to address the need for flexibility in any final rule, especially should we limit a final safe harbor to patients with a chronic condition or shared disease state. Moreover, we are interested in feedback on impacts of such limitations on the ability of VBE participants to provide better coordinated care for other categories of patients, including patients discharged from hospitals following acute care, patients requiring maternal 17 CMS, Chronic Condition Special Need Plans (C–SNP), List of Chronic Conditions, https:// www.cms.gov/Medicare/Health-Plans/ SpecialNeedsPlans/Chronic-Condition-SpecialNeed-Plans-C-SNP.html#s1. E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules care, patients needing preventive care, and patients with mental health conditions. Additionally, we solicit comments on whether we should replace ‘‘legitimate and verifiable’’ in this proposed definition with language that would require VBE participants to have more parameters and structure with respect to their selection of the target patient population and are considering whether use of the term ‘‘evidence-based’’ would achieve this goal. (Our proposed interpretation of ‘‘evidence-based’’ is addressed below in our discussion of the proposed safe harbor for care coordination arrangements.) Last, we are considering for the final rule, and seek comments on, whether and if so how, parties other than VBE participants should or could be involved in selecting the target patient population. For example, we are considering for the final rule the role of payors in identifying or selecting the target patient population or establishing outcome measures with respect to a value-based arrangement. While payors might not be parties to a value-based arrangement, we believe many care coordination and other value-based arrangements may be entered into in order to achieve performance or outcome goals set by payors. We seek feedback on the potential benefit, including any reduced program integrity risks, of allowing or requiring payors to select either or both the target patient population and relevant outcome measures and targets (for purposes of the definitions, safe harbors, or both). If there would be benefit in doing so, we seek feedback on how best to implement such a permission or requirement. We also seek feedback on whether, for purposes of the final rule, we should treat as a favorable factor that a valuebased arrangement (or outcomes-based payment arrangement) aligns its target patient population or its outcome measures and targets with payor-driven incentives. 4. Value-Based Activity For purposes of these safe harbors, we propose that the term ‘‘value-based activity’’ would mean ‘‘any of the following activities, provided that the activity is reasonably designed to achieve at least one value-based purpose of the value-based enterprise: (A) the provision of an item or service; (B) the taking of an action; or (C) the refraining from taking an action.’’ ‘‘Value-based activity’’ does not include the making of a referral. We are considering for the final rule whether to interpret ‘‘reasonably designed’’ to mean that the value-based VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 activities set forth in the value-based arrangement are expected to further the value-based purpose of the arrangement. While this standard would not require that the value-based purpose actually be achieved, we are considering whether to require in the final rule that the VBE participants entering into the valuebased arrangement engage in an evidence-based process to design valuebased activities that they believe will reach such a goal. Our proposed interpretation of ‘‘evidence-based’’ for purposes of this proposed rule is addressed below in our discussion of the proposed care coordination arrangements safe harbor. With this definition, we acknowledge that a ‘‘value-based activity’’ may encompass not only affirmative actions taken by VBE participants (e.g., providing care coordinators to help patients with complex needs navigate the transition from a hospital to their homes) but also instances of inaction (e.g., refraining from ordering certain items or services in accordance with a medically appropriate care protocol that reduces the number of required steps in a given procedure). Under no circumstances would simply making a referral constitute a ‘‘value-based activity.’’ Lastly, we are considering for the final rule expressly excluding from the definition of ‘‘value-based activity’’ any activity that results in information blocking. Similar to the concerns articulated in the section detailing our proposed modifications to the electronic health records safe harbor, we seek to preclude from protection under our proposed safe harbors at 42 CFR 1001.952(ee), (ff), and (gg) any arrangement that may, on its face, meet our definition of ‘‘value-based activity’’ but that ultimately is used to engage in practices of information blocking (e.g., the donation of health information technology that may facilitate care coordination across providers participating in the VBE, but also prevents or unreasonably interferes with the exchange of electronic health information with other providers in order to lock-in referrals between such providers). Information blocking practices that may affect value-based activities include, but are not limited to, (i) locking electronic health information into the VBE or keeping it only between VBE participants, or (ii) preventing referrals or other electronic health information from leaving the VBE or being transmitted from a VBE participant to another healthcare provider. This exclusion would be based on the definition and exceptions for ‘‘information blocking’’ in the 21st PO 00000 Frm 00011 Fmt 4701 Sfmt 4702 55703 Century Cures Act and the Office of the National Coordinator for Health Information Technology (ONC), HHS Notice of Proposed Rulemaking ‘‘21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program,’’ to the extent such definition and exceptions are finalized. 5. VBE Participant We propose to define ‘‘VBE participant’’ as ‘‘an individual or entity that engages in at least one value-based activity as part of a value-based enterprise.’’ Depending upon the terms and requirements of the value-based arrangement (and the conditions of the relevant safe harbor), ‘‘engaging in’’ a value-based activity may be, for example, (i) performing an action to achieve certain quality or outcome metrics and the providing or receiving of payment for such achievement, or (ii) coordinating care to achieve better outcomes or efficiencies (e.g., sharing staff or infrastructure to improve the discharge planning and care follow-up process between two VBE participants). Subject to the limitations proposed below, such term would broadly include clinicians, providers, and suppliers, as well as other individuals and entities. Potential VBE participants could be, by way of example only, physician practices, hospitals, payors, post-acute providers, pharmacies, chronic care and disease management companies, and social services organizations. Given that our proposed definition may encompass non-traditional healthcare entities, and our experience with respect to financial arrangements between such entities and providers and suppliers is limited, we are considering for the final rule, and solicit comments on, any fraud and abuse risks that financial arrangements with these entities may present and what, if any, additional safeguards we may need to place around these entities’ participation in value-based arrangements under the proposed safe harbors. a. Entities Not Included as VBE Participants The ‘‘VBE participant’’ definition expressly excludes pharmaceutical manufacturers; manufacturers, distributors, or suppliers of durable medical equipment, prosthetics, orthotics or supplies (DMEPOS); and laboratories. On the basis of our historical enforcement and oversight experience, we are concerned that some companies within these types of entities, which are heavily dependent upon practitioner prescriptions and referrals, might misuse the proposed E:\FR\FM\17OCP2.SGM 17OCP2 55704 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules safe harbors primarily as a means of offering remuneration to practitioners and patients to market their products, rather than as a means to create value for patients and payors by improving the coordination and management of patient care, reducing inefficiencies, or lowering health care costs. For example, we are concerned that these entities might create arrangements styled as value-based arrangements that serve to tether clinicians or patients to the use of a particular product (e.g., a drug or implantable device, such as a device with a mechanical or physical effect on the body) when a different product could be more clinically effective for the patient. Moreover, pharmaceutical manufacturers, and manufacturers, distributors, and suppliers of DMEPOS, and laboratories are less likely to be on the front line of care coordination and treatment decisions in the same way as other types of proposed VBE entities, such as hospitals, physicians, and remote monitoring companies that provide care coordination and management tools and services directly to patients. We solicit comments on whether this assumption is correct, along with examples of the specific roles played by these entities in coordinating and managing care for patients. We note that we received comments in response to the OIG RFI from pharmaceutical manufacturers seeking safe harbor protection for a variety of emerging outcomes-based and valuebased contracting practices for their pharmaceutical products, as well as related patient medication adherence and similar programs. We also acknowledge that some pharmaceutical manufacturers may help facilitate care coordination and management of care through, for example, data analytics associated with their pharmaceutical products furnished to purchasers of their products. These kinds of manufacturer arrangements raise different program integrity issues from those addressed in this rulemaking and would likely require different safeguards. We are considering pharmaceutical manufacturers’ role in coordination and management of care and may address it in future rulemaking. We may also consider specifically tailored safe harbor protection for value-based contracting and outcomes-based contracting for the purchase of pharmaceutical products (and potentially other types of products) in future rulemaking. We are considering for the final rule whether some or all of the entities we propose to exclude from the definition of a ‘‘VBE participant’’ and from the VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 proposed safe harbor for outcomesbased compensation under the personal services and management contracts safe harbor should be included in the definition of ‘‘VBE participant’’ and potentially protected by the applicable safe harbors. We are interested in comments with examples of how and the extent to which the entities we propose to exclude participate in the coordination and management of care for patients and whether and how they may be involved in providing beneficial health technology, including digital technology, used to coordinate and manage care and improve health outcomes. We also are considering and are interested in comments on additional safeguards we could include in the safe harbors to: (i) Prevent abusive marketing practices with respect to the items and services these entities (or other entities, not excluded from the proposed definition of ‘‘VBE participant’’) sell to patients, payors, and providers (e.g., practices that include payments to physicians, hospitals, or patients to reward them for ordering the entity’s products); (ii) protect clinical decision-making about products that are in the patient’s best medical interests and patient freedom of choice; and (iii) reduce the risk of inappropriate cost-shifting to Federal health care programs and inappropriate increased costs to Federal health care programs. We are considering whether to include a safeguard, in the applicable proposed safe harbors, that would preclude protection for value-based arrangements and outcomes-based payments that include exclusivity requirements, such as a requirement that the VBE participant is the exclusive provider of care coordination items or services or the exclusive provider of a reimbursable item or service. We are further considering whether to impose certain heightened standards and conditions on certain entities that would receive safe harbor protection, such as enhanced monitoring, reporting, or data submission requirements or some or all of the conditions presented in the discussion of proposed 1001.952(ee) below. While pharmaceutical manufacturers and other listed entities would not be eligible for protection under the proposed safe harbors for value-based arrangements, patient engagement and support, and revisions related to outcomes-based payments included in the personal services and management contracts safe harbor, other elements of this proposed rule would be available to them. As explained below, we propose certain other modifications to the PO 00000 Frm 00012 Fmt 4701 Sfmt 4702 personal services and management contracts safe harbor that would be available, including greater flexibility for part-time arrangements and arrangements in which the aggregate compensation is not known in advance. These entities also would be eligible under the proposed safe harbors for cybersecurity items and services and for CMS-sponsored models, as well as for the proposed modifications to the warranties safe harbor. Further, we solicit comments on potential revisions to the reporting requirements in the warranties safe harbor that could accommodate outcomes-based warranty arrangements that excluded manufacturers and suppliers may want to undertake. Lastly, we note that pharmaceutical manufacturers or other entities we propose to exclude from the definition of ‘‘VBE participant’’ may use the OIG’s advisory opinion process for value-based or other arrangements they may want to undertake. We are considering for the final rule, and seek comments on, whether we should exclude other entities from the definition of ‘‘VBE participant.’’ For example, we are considering excluding pharmacies (including compounding pharmacies) from the definition of ‘‘VBE participant.’’ We acknowledge that some pharmacies (and pharmacists) have the potential to contribute to the type of beneficial value-based arrangements this rulemaking is designed to foster (e.g., through medication adherence programs or educational services for patients with diabetes). However, pharmacies, like the entities we propose to exclude from the definition of ‘‘VBE participant,’’ primarily provide items, and we are concerned that their participation in value-based arrangements may not further the care coordination purposes of this rulemaking. We seek comments on beneficial arrangements pharmacies may want to undertake under the new value-based framework and any safeguards we could implement in the final rule if we were to allow such entities to participate in value-based arrangements eligible for safe harbor protection. We are further considering for the final rule whether specific types of pharmacies, such as compounding pharmacies, should be excluded as VBE participants even if others, such as retail and community pharmacies, are included. In particular, we are concerned that pharmacies that specialize in compounding pharmaceuticals may pose a heightened risk of fraud and abuse, as evidenced by our enforcement experience, and would not play a direct role in patient care coordination. E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules We also are considering for the final rule excluding pharmacy benefits managers (PBMs), wholesalers, and distributors from the definition of ‘‘VBE participant’’ for reasons comparable to those for excluding pharmaceutical manufacturers.18 We may further consider the role of these entities in care coordination and management in future rulemaking. We are aware that PBMs are increasingly providing services related to the coordination of care for patients. We are interested in comments with examples demonstrating how PBMs engage in care coordination and management with healthcare providers and suppliers, as well as insights into the risks and benefits of including PBMs as VBE participants eligible to enter into value-based arrangements that could qualify for safe harbor protection if all conditions are satisfied. b. Health Technology Companies We are mindful that a growing number of companies are providing mobile health and digital technologies to physicians, hospitals, patients, and others for the coordination and management of patients and their healthcare, and such companies are eligible to be VBE participants under the proposed definition. These companies provide a range of services such as remote monitoring, predictive analytics, data analytics, care consultations, patient portals, and telehealth and other communications that may be used by providers, clinicians, payors, patients, and others to coordinate and manage care, improve the quality and safety of care, and increase efficiency. These companies also furnish a variety of devices, technologies, software, and applications that support their services, are used by customers to coordinate and monitor patient care and health outcomes (for individuals and populations), or are used directly by patients and their caregivers to monitor their health, manage treatment, and communicate and access patient medical information. For example, we are aware of companies that provide diabetes management services, leveraging devices that can be worn or attached to the body to monitor blood sugar levels and transmit that data, through an application to a cloud storage service, for review by patients and the clinicians managing the patients’ diabetes care. 18 Note that, should we adopt, as discussed below, the definition of ‘‘applicable manufacturer’’ set forth in 42 CFR 403.902, such definition would include distributors and wholesalers (which include re-packagers, re-labelers, and kit assemblers) that hold title to a covered drug, device, biological, or medical supply. VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 We are further aware that mobile health and digital health technology companies may be newer entrants to the healthcare marketplace or they may be existing companies. In some cases, they are existing healthcare companies that have developed new lines of business in digital health technology. For example, in some cases, they are companies that have historically manufactured medical devices reimbursed by Federal health care programs and have developed digital technologies that are used in conjunction with medical devices, such as pacemakers. It is our understanding that, depending on the company’s business model, what is included as part of the Food and Drug Administration (FDA)-approved device, and payor coverage determinations, the digital technologies and associated functionalities may be included as part of the customer’s cost of the medical device, or they may be part of a separate services arrangement. These technologies hold promise for improving care coordination and health outcomes through monitoring of realtime patient data and detection and prevention of health problems. We are concerned, however, and solicit public comments, about the risk that some companies that manufacture medical devices covered by Federal health care programs, particularly implantable devices used in a hospital or ambulatory surgical center setting, might misuse value-based arrangements to disguise improper payments for care coordination intended as kickbacks to purchase the medical devices they manufacture. This concern arises from historical law enforcement experience, including large False Claims Act settlements involving kickbacks paid to physicians, hospitals, and ambulatory surgery centers to market various medical devices, such as devices used for invasive procedures; in some cases, these schemes resulted in patients getting medically unnecessary surgeries. OIG also has longstanding anti-kickback concerns about physician-owned distributorships because the financial incentives physician-owned distributorships offer to their physicianowners may induce the physicians both to perform more procedures (or more extensive procedures) than are medically necessary and to use the devices the physician-owned distributorships sell in lieu of other, potentially more clinically appropriate, devices.19 19 OIG, Special Fraud Alert: Physician-Owned Entities (Mar. 26, 2013), available at https:// oig.hhs.gov/fraud/docs/alertsandbulletins/2013/ POD_Special_Fraud_Alert.pdf. PO 00000 Frm 00013 Fmt 4701 Sfmt 4702 55705 To address these concerns, we are considering for the final rule the exclusion of some or all device manufacturers under the definition of ‘‘VBE participant’’ and from protection under the various proposed safe harbors, including the exclusion from participation in outcomes-based payment arrangements under proposed 1001.952(d)(2) and (3). As with pharmaceutical manufacturers, it is not clear that all device manufacturers play a comparable role in the coordination and management of patient care as those entities proposed to come within the definition of a VBE participant. We solicit comments about this assumption and the roles that traditional device manufacturers play in care coordination and management. Also, as with issues raised by arrangements involving pharmaceutical manufacturers, we are considering future safe harbor rulemaking to address specifically tailored protection for value-based and outcomes-based contracting for device manufacturers. This proposed rule focuses primarily on arrangements to coordinate and manage the care of patients, and does not, for example, address purchase and sale arrangements for covered items and services. We may take up the issue of purchase and sale arrangements, including consideration of modifications to the discount safe harbor or additional modifications to the warranties safe harbor, in future rulemaking. We recognize that defining a universe of device manufacturers that would be excluded would present difficulties, and we are interested in public feedback on the following issues. First, there is no specific definition of a device manufacturer or medical device manufacturer in the Medicare program. As explained below, in the absence of a Medicare definition, we are considering several other approaches. Second, any definition of the term ‘‘device manufacturer’’ may be so broad as to sweep in virtually any kind of device or health technology, including the kinds of digital and remote monitoring technology that may support and improve care coordination. Relatedly, given that many companies pursue multiple lines of business and that digital technologies are being integrated into traditional medical devices, it may not be possible to distinguish clearly a traditional medical device manufacturer from a health technology company. OIG is considering for the final rule, and seeks comments regarding, whether to define medical device manufacturers using CMS’s definition of ‘‘applicable manufacturer’’ in 42 CFR 403.902, E:\FR\FM\17OCP2.SGM 17OCP2 55706 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules which relates to the ‘‘Sunshine’’ provisions of the ACA (section 6002 of the ACA, which added section 1128G to the Act). We also are considering, and seek comment on, whether any definition of ‘‘device manufacturer’’ should include an entity that manufacturers any item that requires premarket approval by, or premarket notification to, the FDA or that is classified by the FDA as a medical device. We are further considering whether we could define a device manufacturer, in whole or in part, with respect to whether the item it manufactures is eligible for separate or bundled payment from a Federal health care program or other payor or is used in a test that is eligible for separate or bundled payment from a Federal health care program or other payor. We are considering whether the definition of a device manufacturer should include distributors or wholesalers when they are distributing or selling devices manufactured by a device manufacturer. With respect to these proposed definitional approaches, we solicit public comments on whether the proposals would be too broad or too narrow, including whether they would have the effect of excluding from the safe harbors companies that develop and provide digital or other health technologies for care coordination and patient engagement. We are interested in other recommended definitions that would exclude medical device manufacturers without limiting beneficial digital technologies, or recommended factors that we should consider if we were to craft a definition of ‘‘device manufacturer’’ or ‘‘medical device manufacturer.’’ Finally, apart from excluding device manufacturers, we are considering, and solicit comments on, whether to include additional safeguards in the final safe harbors to mitigate risks of abuse. These safeguards might apply specifically to arrangements involving VBE participants that are health technology companies or device manufacturers or more broadly to all VBE participants. Specifically, as stated above, we are considering and are interested in comments on safeguards that (i) prevent abusive marketing practices with respect to the items and services these the companies sell to patients, payors, and providers (e.g., practices that include payments to physicians, hospitals, or patients to reward them for ordering the company’s products); (ii) protect independent clinical decision making about products that are in the patient’s best medical interests and patient freedom of choice; and (iii) VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 reduce the risk of inappropriate costshifting or inappropriately increasing costs to Federal health care programs. We are considering whether to include a safeguard in the final rule that would preclude protection for value-based arrangements that include exclusivity requirements, such as a requirement that the VBE participant is the exclusive provider of care coordination items or services or the exclusive provider of a reimbursable item or service. We are furthering considering whether heightened standards and conditions could include enhanced monitoring, reporting, or data submission requirements or some or all of the conditions presented in the proposed rule’s discussion of proposed 1001.952(ee). c. Alternatives to ‘‘VBE Participant’’ Exclusion List We are interested in comments on whether, instead of excluding broad categories of entities from the definition of ‘‘VBE participant,’’ we should distinguish among entities that would be included or excluded from the definition on the basis of factors such as product type, company structure, heightened fraud risk, or other features. We solicit similar input with respect to exclusions from the proposed revisions to the personal services and management contracts safe harbor related to outcomes-based payments. Making distinctions by product or arrangement type might alleviate some of the difficulty presented by the increasing integration of healthcare company business lines and the movement of traditional healthcare companies into digital health technology. In this regard, we are considering for the final rule whether to address program integrity concerns regarding potentially abusive drug, device, DMEPOS, and laboratory arrangements by regulating the type of items, goods, or services that can be included in an arrangement eligible for safe harbor protection (under any of the proposed safe harbors) rather than regulating the types of entities included and excluded. For example, we might include arrangements involving the use of mobile or digital technology to coordinate care or achieve outcomesbased payments but exclude arrangements for the sale or distribution of implantable medical devices (e.g., devices with a mechanical or physical effect on the body) or durable medical equipment. In determining for a final rule which products or arrangements would be included and excluded from safe harbor protection, we would take into account any heightened fraud risk PO 00000 Frm 00014 Fmt 4701 Sfmt 4702 based on enforcement experience, CMS’s experience administering provider enrollment, claims analysis, and other data sources. We are interested in feedback on which kinds of products or arrangements, if any, should be excluded from safe harbor protection based on heightened fraud risk and examples of such arrangements. As another alternative to finalizing specific exclusions in the definition of ‘‘VBE participant,’’ we are considering excluding entities under the proposed paragraphs (ee), (ff), (gg), and (hh). These paragraphs could each include a condition excluding certain specified entities from protection under the safe harbor. Specifically, we would consider excluding from each of these safe harbors one or more of the following entities: Pharmaceutical manufacturers; manufacturers, distributors, or suppliers of DMEPOS; laboratories; pharmacies (including compounding pharmacies or only compounding pharmacies); device manufacturers; PBMs; pharmaceutical wholesalers; and pharmaceutical distributors. If we include safe harborspecific conditions excluding certain specified entities from protection under each of (ee), (ff), (gg), and (hh), the entities excluded from each safe harbor could differ. We also solicit public comment on how best to treat hospitals, health systems, and other types of entities that we have not proposed to exclude under the definition of ‘‘VBE participant’’ when they own or operate an entity that we propose to exclude, such as a DMEPOS supplier or laboratory. For example, we are considering for the final rule whether the exclusion should apply only to independent or freestanding DMEPOS suppliers and laboratories and to DMEPOS suppliers and laboratories owned or operated in whole or part by another entity excluded as a VBE participant. For the final rule, we are considering, and solicit comments on, how best to treat health systems and others that may be entering into the device or technology development arenas. 6. Value-Based Purpose We propose to define a ‘‘value-based purpose’’ as: (i) Coordinating and managing the care of a target patient population; (ii) improving the quality of care for a target patient population; (iii) appropriately reducing the costs to, or growth in expenditures of, payors without reducing the quality of care for a target patient population; or (iv) transitioning from healthcare delivery and payment mechanisms based on the volume of items and services provided to mechanisms based on the quality of E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules care and control of costs of care for a target patient population. With respect to purpose (iii), we are considering whether appropriately reducing the costs to, or growth in expenditures of, payors should be a value-based purpose only when there is improvement in patient quality of care or the parties are maintaining an improved level of care. We intend for this definition to include infrastructure investment and operations necessary to redesign care delivery to better coordinate care for patients across settings, including technology, data analytics, and training. For example, this could include investing in application programming interface (API) technology that facilitates the exchange of data between VBE participants regarding the target patient population. Each of our proposed safe harbors at 1001.952(ee), (ff), and (gg) requires that the protected arrangement include value-based activities that directly further the first of the four value-based purposes: The coordination and management of care for the target patient population. We are considering for the final rule, and seek comments on, whether we should include other objectives in the definition of ‘‘valuebased purpose’’ to reflect our goal of promoting care coordination and the shift toward value-based care and whether any other or different objectives should be prerequisites to protection under our proposed safe harbors. We also are considering for the final rule, and solicit comments on, whether, instead of requiring that some valuebased activities directly further the coordination and management of care, we require only that value-based activities be directly connected to, or be reasonably designed to achieve, any of the value-based purposes. We propose that the first value-based purpose in the definition is the coordination and management of care for a target patient population. This purpose may include taking significant steps to prepare or position oneself to coordinate and manage the care of patients effectively. We propose to define ‘‘coordination and management of care’’ and ‘‘coordinating and managing care’’ synonymously to mean, for purposes of the anti-kickback statute safe harbors, the deliberate organization of patient care activities and sharing of information between two or more VBE participants or VBE participants and patients, tailored to improving the health outcomes of the target patient population, in order to achieve safer and more effective care for the target patient VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 population.’’ 20 For example, such coordination might occur between hospitals and post-acute care providers, between specialists and primary care physicians, or between hospitals or physician practices and patients. Coordinating and managing care could include using care managers, providing care or medication management, creating a patient-centered medical home, helping with transitions of care, sharing and using health data to improve outcomes, or sharing accountability for the care of a patient across a continuum of care.21 Importantly, our proposed definition of ‘‘coordination and management of care’’ relates only to the application of the proposed safe harbor regulations. Although other laws and regulations, including the physician self-referral law and associated regulations, may utilize the same or similar terminology, the definition and interpretations proposed here would not affect CMS’s (or any other governmental agency’s) interpretation or ability to interpret such term. Through the proposed definition of ‘‘coordination and management of care,’’ we seek to distinguish between referral arrangements, which would not be protected, and legitimate care coordination arrangements, which naturally involve referrals across provider settings but include beneficial activities beyond the mere referral of a patient or ordering of an item or service. We are particularly concerned about distinguishing between coordinating and managing patient care transitions for the purpose of improving the quality of patient care or appropriately reducing costs, on one hand, and churning patients through care settings to capitalize on a reimbursement scheme or otherwise generate revenue, on the other. For example, the coordination and management of care of a target patient population would not include cycling patients through skilled nursing facilities (SNFs) and assisted living facilities for the purpose of maximizing revenue under any applicable Federal 20 See, e.g., Agency for Healthcare Research and Quality, Care Coordination Measures Atlas 6 (2014) (citing K. McDonald et al., Closing the Quality Gap: A Critical Analysis of Quality Improvement Strategies (2007)), https://www.ahrq.gov/sites/ default/files/publications/files/ccm_atlas.pdf. 21 See, e.g., NEJM Catalyst, What is Care Coordination? (Jan. 1, 2018), https:// catalyst.nejm.org/what-is-care-coordination/ (providing examples and noting that ‘‘[c]are coordination synchronizes the delivery of a patient’s health care from multiple providers and specialists. The goals of coordinated care are to improve health outcomes by ensuring that care from disparate providers is not delivered in silos, and to help reduce health care costs by eliminating redundant tests and procedures.’’). PO 00000 Frm 00015 Fmt 4701 Sfmt 4702 55707 health care program reimbursement payment systems. We are considering for the final rule, and solicit comments on, ways in which we could revise the definition of the ‘‘coordination and management of care’’ or additional elements we could include in the definition to protect against fraudulent and abusive practices that parties attempt to characterize as the coordination and management of patient care. One approach we are considering for the final rule to address these concerns would be to preclude some or all protection under the proposed safe harbors for arrangements between entities that have common ownership. We might do this through refinements to the definition of ‘‘value-based arrangement’’ or by adding restrictions to one or more of the proposed safe harbors at paragraphs (ee), (ff), (gg), or (hh). We recognize that while this approach might protect against abusive cycling of patients for financial gain among entities with common ownership, it might also preclude protection for care coordination arrangements among entities in integrated health systems that could otherwise qualify for proposed safe harbor protection. We solicit comments on this potential exclusion, and specifically, how best to (i) define ‘‘common ownership’’; and (ii) appropriately demarcate beneficial versus problematic financial arrangements between commonly owned entities. We are interested in feedback on the extent to which integrated health systems believe they need new safe harbor protection for care coordination arrangements in light of currently available protections. We would not consider the provision of billing or administrative services to be the management of patient care for purposes of this proposed rulemaking; we would consider the sharing or use of health information technology and data to identify a target patient population, coordinate care, or measure outcomes to fit our definition. We solicit comments on the unique intersection between cybersecurity and the coordination and management of care, and specifically, whether remuneration in the form of cybersecurity items or services could ever meet definition of the ‘‘coordination and management of care’’ for a target patient population. For example, we solicit feedback on whether we should consider cybersecurity items or services to only meet this defined term when such remuneration is donated and used in conjunction with health information E:\FR\FM\17OCP2.SGM 17OCP2 55708 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules technology that meets this definition of ‘‘coordination and management of care.’’ As entities engage in care coordination, increased connectivity and information exchanges may further the need for donating or sharing cybersecurity technology or services to ensure that appropriate cybersecurity safeguards are used to address the cybersecurity risks arising from connections among the entities engaged in care coordination. We recognize the patient safety risks and risk of harm attributed to cybersecurity vulnerabilities and threats.22 We also solicit comments on whether parties should simply seek protection for cybersecurity items or services under the proposed cybersecurity safe harbor at 1001.952(jj) explained below. In addition to undertaking valuebased activities that are directly connected to the coordination and management of care for the target patient population, our proposed definition of ‘‘value-based purpose’’ recognizes that a VBE could have additional value-based purposes and qualify under the value-based framework, namely to: (i) Improve the quality of care for a target patient population; (ii) appropriately reduce the costs to, or growth in expenditures of, payors without reducing the quality of care for a target patient population; and (iii) transition from healthcare delivery and payment mechanisms based on the volume of items and services provided to mechanisms based on the quality of care and control of costs. C. Care Coordination Arrangements to Improve Quality, Health Outcomes, and Efficiency Safe Harbor (42 CFR 1001.952(ee)) The first proposed safe harbor for value-based arrangements would protect certain care coordination arrangements. Numerous commenters to the OIG RFI noted that individuals and entities may promote value-based care and facilitate care coordination even when assuming no financial risk. We agree. This proposed safe harbor would protect inkind remuneration exchanged between qualifying VBE participants with valuebased arrangements that squarely satisfy all of the proposed safe harbor’s requirements. (Certain monetary remuneration associated with care coordination or other value-based activities may be protected under other proposed safe harbors, including those at proposed 42 CFR 1001.952(ff), (gg), 22 See, e.g., Health Care Industry Cybersecurity Task Force Report, available at https:// www.phe.gov/preparedness/planning/cybertf/ documents/report2017.pdf. VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 (ii), as well as the proposed modifications to the personal services and management safe harbor at 1001.952(d) for outcomes-based payment arrangements.) Under this proposal, each offer of remuneration must be analyzed separately for compliance with the safe harbor. For example, in a value-based arrangement between a hospital and a SNF, the hospital might provide a behavioral health nurse to follow designated inpatients with mental health disorders in the event of discharge to the SNF. In turn, the SNF might provide certain staff to assist the hospital in coordinating designated patients’ care through the discharge planning process or might provide office space for the behavioral health nurse. The hospital’s offer of the behavioral health nurse to the SNF must be analyzed separately from the SNF’s offer of certain staff members or office space to the hospital. This proposed safe harbor does not require parties to bear or assume downside financial risk. We are concerned that the offer or provision of remuneration under value-based arrangements could present opportunities for the types of fraud and abuse traditionally seen in the FFS system, particularly where the parties offering or receiving the remuneration have not assumed downside financial risk for the care of the target patient population. For this reason and to ensure that the safe harbored arrangements operate to achieve their value-based purposes, we propose the conditions and safeguards described below. 1. Outcome Measures We propose to require that parties to a value-based arrangement establish one or more specific evidence-based, valid outcome measures against which the recipient of remuneration will be measured, and which the parties reasonably anticipate will advance the coordination and management of care of the target patient population. We intend for the outcome measures to serve as benchmarks for assessing the recipient’s performance under the value-based arrangement and advancement toward achieving the coordination and management of care for the target patient population. Accordingly, we expect such outcome measures to have a close nexus to the value-based activities undertaken by the parties to the value-based arrangement and to the needs of the target patient population. For purposes of this proposed rule, we would consider ‘‘evidence-based’’ to mean the selected outcome measures PO 00000 Frm 00016 Fmt 4701 Sfmt 4702 must be grounded in legitimate, verifiable data or other information, whether the information is internal to one or more of the VBE participants or from a credible external source, such as a medical journal, social sciences journal, scientific study, an established industry quality standards organization, or results of a payor- or a CMSsponsored model or quality program. For example, a specific evidence-based, valid outcome measure in the context of a hospital’s provision of a care coordinator to a SNF could be an increase in the target patient population’s average mobility functional score by a certain percentage over the course of a year, contributing to earlier, medically appropriate discharges of patients to their homes and fewer readmissions to acute care. We do not consider measures related to patient satisfaction or convenience (e.g., timeliness of appointments) to be valid outcome measures for purposes of this proposed requirement because we are concerned that such measures may not reflect actual improvement in the quality of patient care, health outcomes, or efficiency in the delivery of care. We solicit comments on whether there are categories of evidence-based outcomes measures in the areas of patient satisfaction or convenience that we should permit in the final rule because they reflect quality or efficiency of care. Any identified evidence-based, valid outcome measures against which the recipient of remuneration will be measured should not simply reflect the status quo. Consequently, we are considering for the final rule an express requirement that outcome measures be designed to drive meaningful improvements in quality, health outcomes, or efficiencies in care delivery. We intend to provide flexibility given the range of arrangements that may be covered by the proposed safe harbor. For example, an outcome measure may drive meaningful improvements if it drives improvements that are measurable or that are more than nominal in nature. Additionally, we are considering for the final rule, and solicit comment on, whether the outcome measures requirement should be broader or narrower than the standard we are proposing. We also are considering for the final rule, and solicit comments on, whether to require parties to rebase the outcome measures (i.e., reset the benchmark used to determine whether the outcome measure was achieved) where rebasing is feasible. We are considering whether parties should rebase measures (or determine whether rebasing is feasible) E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules periodically or pursuant to a specified timeframe, such as at least every 1 year, 3 years, or other time period. We are interested in comments addressing whether and, if so, why the appropriate time frame for rebasing should depend on the type of outcome measure or nature of the arrangement, and what rebasing time periods would be best for different types of measures or arrangements. We are interested in feedback on whether rebasing should be tied to any relevant requirements set by payors. We further solicit comments on whether we should specify a particular party that should be responsible for implementing the rebasing and which party would be best positioned to do so (e.g., the VBE or the offeror of the remuneration). We would anticipate any rebasing requirement would align with the rebasing proposal set forth in our proposed modifications to the personal services and management contracts safe harbor related to outcomes-based payments. If parties to a value-based arrangement revise the evidence-based, valid outcome measure(s) through an amendment during the term of the arrangement, the revised outcome measure(s) would need to continue to incentivize the recipient of the remuneration to make meaningful improvements. Were parties retrospectively to revise their outcome measures (e.g., modify the outcome measures and make such modifications effective 6 months prior), such revisions would raise questions regarding whether the modified measures were designed to obscure a lack of meaningful improvement by the recipient of the remuneration. For purposes of the final rule, we are considering whether to incorporate the CMS Quality Payment Program measures into the requirement to establish outcome measures. As described below, the parties to the arrangement also must include a description of the outcome measure(s) in a signed writing, and the VBE, the VBE’s accountable body or responsible person, or a VBE participant in the value-based arrangement acting on the VBE’s behalf must monitor and assess the recipient’s progress toward achieving the outcome measure(s). In addition, as described below, should the VBE’s accountable body or responsible person determine through monitoring or otherwise that the value-based arrangement is (i) unlikely to achieve the evidence-based, valid outcome measure(s) or further the coordination and management of care for the target patient population or (ii) has resulted in material deficiencies in quality of care, VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 the parties must terminate the arrangement within 60 days of such a determination or lose safe harbor protection thereafter. We recognize that it may be difficult for parties giving information technology pursuant to a value-based arrangement to establish an outcome measure upon which to assess the recipient’s performance that is ‘‘evidence-based’’ as we propose to interpret the term. For this reason, we are considering for the final rule imposing a requirement that information technology meet a different standard than the proposed specific evidence-based, valid outcome measures standard. Specifically, we may require an adoption and use standard (i.e., has the technology been adopted and used in a meaningful way for the intended purposes, such that it advances the coordination and management of care for the target patient population), a performance standard (i.e., has the technology been used to achieve a certain result, such as efficiencies), or a similar standard that serves as a benchmark for assessing a recipient’s use of remuneration without requiring the parties to establish evidence-based outcome measures to measure performance. As part of this adoption and use, performance, or similar standard, we are considering requiring parties to a value-based arrangement for the provision of information technology to set forth, in a signed writing, the specific reasons for which the technology is being provided, which would be required to directly relate to health outcomes, patient care quality improvements, or the appropriate reduction in costs to, or growth in expenditures of, payors or patients. For example, parties giving information technology, such as accessibility to a patient portal or data analytics platform, would be required to have health-outcome, quality-related, or efficiency-related reasons, such as improving efficiencies by increasing patient access to health information. In addition, under an adoption and use, performance, or similar standard, we may require that the parties set forth specific, meaningful measures that relate to the remuneration’s intended purpose against which the recipient will be measured. For example, under an adoption and use standard, parties to a value-based arrangement may set a percentage adoption and use measure for a patient portal platform, pursuant to which the recipient would be measured by its adoption and use of the patient portal for a specified percentage of the target patient population. PO 00000 Frm 00017 Fmt 4701 Sfmt 4702 55709 Lastly, we are considering for the final rule adding the following safeguards for the exchange of information technology: (i) The requirements set forth in paragraph (4) of the current electronic health records items and services safe harbor (1001.952(y)), prohibiting making the receipt of items or services a condition of doing business with the offeror); (ii) a requirement limiting the time frame during which a recipient can receive information technology to, for example, 1, 3, or 5 years, after which time the recipient would be required to pay fair market value for the continued use of the information technology; and (iii) a remedy for the failure to achieve the applicable standard, such as discontinued use of the information technology. 2. Commercial Reasonableness We propose to require that the valuebased arrangement is commercially reasonable, considering both the arrangement itself and all value-based arrangements within the VBE. By way of example with respect to the first prong of the commercial reasonableness requirement, if VBE participants enter into a value-based arrangement to facilitate the sharing of patient-outcome data, it may be commercially reasonable for a hospital VBE participant to donate technology to a group practice VBE participant to facilitate this process. However, it may not be commercially reasonable for that same hospital VBE participant to donate technology substantially more sophisticated, or with enhanced functionality, beyond that necessary for communicating data on shared patients between the two parties. (We note that nothing would prevent the donation of technology with enhanced functionality when a valuebased arrangement requires that capability or when technology without that functionality is not practicable.) With respect to the second prong of the commercial reasonableness assessment, again by way of example, a single valuebased arrangement in which a hospital VBE participant provides a necessary number of care coordinators for the target patient population to a SNF VBE participant may be commercially reasonable. However, if a VBE includes multiple similar value-based arrangements, each of which involves the same hospital VBE participant furnishing care coordinators to the same SNF VBE participant for the same or a similar target patient population, the commercial reasonableness of the remuneration exchanged within the value-based arrangements in the aggregate may be suspect if it lacks a legitimate business purpose. E:\FR\FM\17OCP2.SGM 17OCP2 55710 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules We are considering for the final rule whether to define ‘‘commercially reasonable arrangement’’ as an arrangement that would make commercial sense if entered into by reasonable entities of a similar type and size, even without the potential for referrals. We solicit comments on the need for a definition of ‘‘commercially reasonable arrangement,’’ and if we incorporate a definition, whether we should select this particular definition or an alternative definition. 3. Writing To promote transparency and accountability, we propose a requirement that the value-based arrangement be set forth in a writing. We propose that the writing be signed by the parties and established in advance of, or contemporaneous with, the commencement of the value-based arrangement or any material change to the value-based arrangement. We propose that the writing state, at a minimum: (i) The value-based activities to be undertaken by the parties to the value-based arrangement; (ii) the term of the value-based arrangement; (iii) the target patient population; (iv) a description of the remuneration; (v) the offeror’s cost for the remuneration; (vi) the percentage of the offeror’s costs contributed by the recipient; (vii) if applicable, the frequency with which the recipient will make payments for ongoing costs; and (viii) the specific evidence-based, valid outcome measures against which the recipient would be measured. In the final rule, we would align the writing requirements in (v) and (vi) with the requirements for the contribution requirement described below; in other words, if we were to change the contribution requirements, we would correspondingly change the writing requirement. We believe that a writing, setting forth the above terms in advance of, or contemporaneous with the commencement of or any material change to the value-based arrangement, constitutes a key safeguard to ensure that VBE participants are not using the value-based arrangement merely to incentivize and reward referrals of business. We are interested in comments regarding whether a requirement to have a single writing signed by all parties may be burdensome, especially for large-scale arrangements, and whether we should instead permit a collection of writings provided that every party to the arrangement has signed a writing acknowledging consent to the arrangement. VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 4. Limitations on Remuneration a. In-Kind Remuneration We propose to protect only in-kind, non-monetary remuneration, provided all other conditions of the safe harbor are met. (While monetary remuneration is not protected by this proposed safe harbor, certain outcomes-based payment arrangements may be protected by proposed modifications to the personal services and management contracts safe harbor, as subsequently addressed.) We further propose that this safe harbor would exclude protection for gift cards, regardless of whether they may be considered cash equivalents. By way of example, we intend for this safe harbor to allow a VBE participant to share a care coordinator with another VBE participant if the conditions of this safe harbor are met (including the proposed contribution requirement). However, this safe harbor would not protect cash provided from one VBE participant to another to hire a care coordinator. Lastly, we note that by virtue of our exclusion of monetary remuneration, the proposed safe harbor would not protect an ownership or investment interest in the VBE or any distributions related to an ownership or investment interest. In addition to our long-standing view that the exchange of monetary remuneration poses heightened and different fraud and abuse risks and thus should be subject to safeguards such as a fair market value requirement, we do not view the offer or receipt of ownership or investment interests as integral to the coordination and management of care for a target patient population. b. Primarily Engaged in Value-Based Activities We propose to require that the remuneration provided by, or shared among, VBE participants be used primarily to engage in value-based activities that are directly connected to the coordination and management of care of the target patient population. As set forth in proposed paragraph 1001.952(ee), we propose to define a ‘‘value-based activity’’ as ‘‘any of the following activities, provided that the activity is reasonably designed to achieve at least one value-based purpose of the value-based enterprise: (i) the provision of an item or service; (ii) the taking of an action; or (iii) the refraining from taking an action.’’ In the definition of ‘‘value-based activity’’, we specify that it does not include the making of a referral. We also propose to require that the value-based arrangement be set forth in a signed writing stating the value-based activities to be undertaken PO 00000 Frm 00018 Fmt 4701 Sfmt 4702 by the parties in the value-based arrangement. We recognize that in-kind remuneration exchanged for value-based activities may indirectly benefit patients outside of the scope of the value-based arrangement, and furthermore, that parties may find it difficult to anticipate or project the scope or extent of such ‘‘spillover’’ benefits. This, in and of itself, would not result in the loss of safe harbor protection, provided the parties primarily use the remuneration for its intended purposes (i.e., the specific value-based activities for which the remuneration is being provided, as set forth in the parties’ signed writing). We are mindful of the need to provide parties with sufficient flexibility, while also minimizing the risks of potentially abusive arrangements that disguise remuneration unrelated to the coordination and management of care for the target patient population. For purposes of the final rule, as an alternative to the requirement that remuneration exchanged between VBE participants be used primarily to engage in value-based activities, we are considering requiring that the remuneration exchanged be limited to value-based activities that only benefit the target patient population. Under this approach, arrangements with ‘‘spillover’’ benefits would not be protected by the safe harbor. We solicit comments on this alternative approach. c. No Furnishing of Medically Unnecessary Items or Services or Reduction in Medically Necessary Items or Services We propose to require that the remuneration exchanged not induce the parties to furnish medically unnecessary items or services or reduce or limit medically necessary items or services furnished to any patient. Remuneration that induces a provider to order or furnish unnecessary care is inherently suspect. In addition, a reduction in medically necessary services would be contrary to the goals of this rulemaking and, in some instances involving hospitals and physicians, could be a violation of the CMP law provision relating to gainsharing arrangements at sections 1128A(b)(1) and (2) of the Act (42 U.S.C. 1320a–7a(b)(1) and (2)). d. No Remuneration From Individuals or Entities Outside the Applicable VBE We propose that this safe harbor would not protect any remuneration funded by, or otherwise resulting from the contributions of, an individual or entity outside of the applicable VBE. This proposal is intended to ensure that protected arrangements are closely E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules related to the VBE, that VBE participants are committed to the VBE and striving to achieve the coordination and management of care of the target patient population, and that non-VBE participants cannot indirectly use the safe harbor to protect arrangements that are designed to influence the referrals or decision making of VBE participants. For example, a pharmaceutical manufacturer could not circumvent the proposed exclusion of pharmaceutical manufacturers from the definition of ‘‘VBE participant’’ by providing funds to a third-party entity and then directing or otherwise controlling any aspect of the third-party entity’s participation as a VBE or a VBE participant. We solicit comments on this approach and whether there may be defined, limited circumstances in which non-VBE participants should be able to contribute to a value-based arrangement eligible for safe harbor protection. As a corollary to this requirement, we are considering for the final rule whether to require that remuneration be provided directly from the offeror to the recipient. This requirement would prohibit the involvement of individuals or entities other than the VBE or a VBE participant in the exchange of remuneration under a value-based arrangement, including, potentially, third-party vendors and contractors. We solicit comments on any practical impediments such as restriction would create. 5. The Offeror Does Not Take Into Account the Volume or Value of, or Condition Remuneration on, Business or Patients Not Covered Under the ValueBased Arrangement We propose a requirement that prohibits the offeror of the remuneration from taking into account the volume or value of, or conditioning an offer of remuneration on: (i) Referrals of patients that are not part of the value-based arrangement’s target patient population, or (ii) business not covered under the value-based arrangement. This proposal is modeled on a similar safeguard contained in the existing safe harbor at paragraph 1001.952(t)(1)(ii)(B), which provides that ‘‘neither party gives or receives remuneration in return for or to induce the provision or acceptance of business (other than business covered by the agreement) for which payment may be made in whole or in part by a Federal health care program on a fee-forservice or cost basis.’’ Our purpose in proposing this requirement is to prohibit protection for remuneration offered under the guise of a value-based arrangement when that remuneration actually is intended to induce referrals VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 of patients or business not covered under the value-based arrangement (sometimes called ‘‘swapping’’ arrangements). This requirement would exclude safe harbor protection for any remuneration that is explicitly or implicitly offered, paid, solicited, or received in return for, or to induce or reward, any referrals or other business generated outside of the value-based arrangement. Under our proposal, VBE participants could encourage referrals of the target patient population as part of value-based activities (e.g., a hospital could develop a ‘‘preferred network’’ of post-acute care providers that meet certain quality criteria). However, VBE participants could not offer remuneration in connection with the preferred network to induce business or the referral of patients that fall outside the scope of the value-based arrangement. In lieu of the proposed requirement that prohibits the offeror of the remuneration from taking into account the volume or value of, or conditioning an offer of remuneration on: (i) Referrals of patients that are not part of the valuebased arrangement’s target patient population, or (ii) business not covered under the value-based arrangement, we are considering for the final rule, and solicit comments on, an alternative requirement that would require that the aggregate compensation paid by the offeror is not determined in a manner that takes into account the volume or value of referrals or business generated between the parties for which payment may be made by a Federal health program. While we believe that this condition could potentially better protect against bad actors who may seek to use the care coordination arrangements safe harbor as an affirmative defense for an unlawful referral arrangement or to disguise arrangements that result in unnecessary increases in utilization and expenditures, we seek comments on whether and to what extent this requirement might impede to goal of this rulemaking, namely to remove barriers for beneficial care coordination and value-based arrangements. We are interested in specific examples of arrangements that would be unable to use this safe harbor were we to adopt this requirement. 6. Contribution Requirement The goal of this proposed rulemaking is to remove barriers to improved care coordination and to promote efficient, value-driven care. To this end, it is important that protected remuneration be used to facilitate the coordination and management of care for the target PO 00000 Frm 00019 Fmt 4701 Sfmt 4702 55711 patient population. We are proposing a recipient contribution requirement as a safeguard to help ensure that the use of any remuneration exchanged pursuant to this safe harbor would be for the coordination and management of the target patient population’s care. Specifically, the proposed rule would condition safe harbor protection on the recipient’s payment of at least 15 percent of the offeror’s cost for the inkind remuneration. This requirement is intended to mirror that set forth in the current electronic health records items and services safe harbor, 1001.952(y). We are considering for the final rule, and solicit comments on, whether we should require a more specific methodology for determining value, such as either the fair market value of the remuneration to the recipient or the reasonable value of the remuneration to the recipient. If we were to require that parties assess the fair market value of the remuneration to the recipient in order to determine the required contribution amount(s), we would not require parties to obtain an independent fair market valuation. We are interested in feedback on whether the method for determining the contribution requirement should be different for services than for goods. We believe that requiring financial participation by a recipient should: Increase the likelihood that the recipient actually would use the care coordination items and services, ensure that the remuneration is well-tailored to the recipient, and promote the recipient’s vested interest in achieving the intended purpose of the value-based arrangement, namely, furthering the coordination and management of care of the target patient population. In proposing this contribution requirement, we solicit feedback on the proposed contribution amount, whether certain recipients, such as rural providers, small providers, Tribal providers, providers who serve underserved populations, or critical access hospitals should be exempted from the contribution requirement or pay a lower contribution percentage and if so, why. We are considering for the final rule alternative contribution amounts ranging from 5 percent to 35 percent and solicit comments on an appropriate amount (or amounts) that would invest recipients in using the remuneration they receive to advance the coordination and management of care of the target patient population, while still allowing flexibility for parties with fewer financial resources to engage in value-based arrangements. We are considering whether we should require different contribution amounts for E:\FR\FM\17OCP2.SGM 17OCP2 55712 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules different types of remuneration (e.g., a higher or lower contribution amount for technology and a higher or lower contribution amount for care coordinators or other services arrangements). We also are considering whether in the final rule we should impose different contribution requirements for different recipients. Because a contribution requirement may impose a significant financial burden on certain recipients, we are considering for the final rule, and solicit comments on, whether a lower contribution amount, or no contribution amount, would be appropriate for arrangements involving certain providers with financial constraints, such as providers in rural or underserved areas, providers serving underserved populations, small providers, Tribal providers, and critical access hospitals. For consideration of this potential contribution requirement condition, and whether a lower contribution amount, or no contribution amount, is appropriate for arrangements involving such providers, we cross-reference the proposals discussed more fully in relation to the electronic health records arrangements safe harbor’s 15 percent contribution requirement. We will review and consider comments received about those proposals in relation to our consideration of this potential condition. Based on feedback on the contribution requirement in our existing electronic health records safe harbor, we are mindful of the potential administrative burdens of a contribution requirement and seek comments on this issue. We also solicit comments on how to apply the contribution requirement for ongoing costs and unexpected ‘‘addons’’ (e.g., updates or upgrades to software that trigger additional costs). Under the proposed contribution requirement, if the remuneration represents a one-time cost, the recipient would be required to make a contribution in advance of receiving the remuneration. However, for any ongoing costs, the proposed rule would require that the recipient make any contributions on reasonable, regular intervals, with the frequency of such payments documented in writing. We are considering for the final rule, and seek comment on, an alternative requirement for the recipient to make a contribution with respect to the initial provision of remuneration but not with respect to any update, upgrade, or patch of the remuneration already provided. This is similar to an option being considering for the electronic health records arrangements safe harbor, VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 1001.952(y). We recognize that this alternative option may affect contribution requirements only for technology-based remuneration that is most likely to need upgrades, updates, and patches to continue operating as intended. 7. Requirements of a Value-Based Arrangement a. Direct Connection to the Coordination and Management of Care We propose that the value-based arrangement has a direct connection to the coordination and management of care for the target patient population. We interpret this requirement to mean that any remuneration offered pursuant to a value-based arrangement has a close nexus to the coordination and management of care for the target patient population, as opposed to the VBE participants’ referral patterns and business generated. By way of example only, arrangements where VBE participants offer, or are required to provide, remuneration to receive referrals or to be included in a ‘‘preferred provider network’’ (i.e., ‘‘pay-to-play’’ arrangements) would not have a direct connection to the coordination and management of care. We are considering for purposes of the final rule, and solicit comments on, whether we should use alternative language to ‘‘direct connection’’ (e.g., ‘‘reasonably related and directly tied’’) in order to better convey the close nexus that this safe harbor requires between each value-based arrangement and the coordination and management of care of a target patient population. b. No Limitation on Decision Making; Restrictions on Directing or Restricting Referrals We propose that the value-based arrangement must not limit parties’ ability to make decisions in the best interests of their patients. That is, VBEs and VBE participants to a value-based arrangement must maintain their independent, medical, or other professional judgment. Additionally, we are aware that some payors and others, such as employers, direct or restrict where their networks or employees refer patients; moreover, we are aware that under some value-based arrangements, referrals would be directed within a network or continuum of preferred providers (based on quality and other legitimate considerations). We propose that, in addition to not limiting parties’ ability to make referral decisions in the patients’ best medical interests, valuebased arrangements cannot direct or restrict referrals if: (i) A patient PO 00000 Frm 00020 Fmt 4701 Sfmt 4702 expresses a preference for a different practitioner, provider, or supplier; (ii) the patient’s payor determines the provider, practitioner, or supplier; or (iii) such direction or restriction is contrary to applicable law or regulations under titles XVIII and XIX of the Act. This provision is intended, in part, to preserve patient freedom of choice among healthcare providers and ensure the VBE’s and VBE participants’ independent medical or professional judgment is not unduly restricted. That being said, we do not intend for this criterion to bar VBEs or VBE participants from communicating the benefits of receiving care from other VBE participants in the VBE. c. No Marketing of Items or Services or Patient Recruitment Activities We propose to exclude safe harbor protection for value-based arrangements that include marketing items or services to patients or patient recruitment activities. Our enforcement experience demonstrates that fraud schemes often involve the purchase of beneficiaries’ medical identity or other inducements to lure beneficiaries to obtain unnecessary care. This proposed safe harbor condition would protect beneficiaries and make clear that such coercive arrangements are not valuebased arrangements protected by the proposed safe harbor. Accordingly, the proposed safe harbor would offer flexibility to improve quality of care, health outcomes, and efficiency while limiting the risk of the value-based arrangement being used as a marketing or recruiting tool to generate federally payable business for a VBE participant. Specifically, this requirement would restrict any party to a value-based arrangement, or such party’s agent, from marketing, or engaging in patient recruitment activities related to, any items or services offered or provided to patients in the target patient population under a value-based arrangement. We do not intend for this limitation to prohibit a VBE participant that is a party to a value-based arrangement from educating patients in the target patient population regarding permissible valuebased activities. For example, if a SNF or home health agency placed a staff member at a hospital to assist patients in the discharge planning process, and in doing so, the staff member educated patients regarding care management processes used by the SNF or home health agency, this would not constitute marketing of items and services (provided the staff member only worked with patients that had already selected the SNF or home health agency and SNF or home-health agency care was E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules medically appropriate for such patient). However, if the SNF or home health agency placed a staff member at a hospital to market its services to hospital patients, the arrangement would not comply with this proposed requirement. We solicit comments on this approach. 8. Monitoring and Assessment We propose a requirement that the VBE, a VBE participant in the valuebased arrangement acting on the VBE’s behalf, or the VBE’s accountable body or responsible person monitors and assesses, no less frequently than annually, or once during the term of the value-based arrangement for arrangements with terms of less than 1 year: (i) The coordination and management of care for the target population in the value-based arrangement, (ii) any deficiencies in the delivery of quality care under the valuebased arrangement, and (iii) progress toward achieving the evidence-based, valid outcome measure(s) in the valuebased arrangement. We further propose to require that the party conducting such monitoring and assessment reports such monitoring and assessment to the VBE’s accountable body or responsible person (if the VBE’s accountable body or responsible person is not itself conducting the monitoring and assessment). Through this proposal, we seek to ensure that the VBE’s accountable body or responsible person periodically assesses the parties’ performance of certain key metrics under each value-based arrangement. We note that this proposal does not mandate how this monitoring should be performed. We intend for the monitoring to be tailored based on the complexity and sophistication of the VBE participants, the VBE, and the value-based arrangement and available resources. We are considering for the final rule, and solicit comments on, whether to require that both the party offering the remuneration and its recipient jointly conduct monitoring and assessment responsibilities. We further solicit comments on the role monitoring of utilization, referral patterns, and expenditure data could play in ensuring that the potential for abuses or gaming is reduced. The proposed rule would further require that if the VBE’s accountable body or responsible person determines, through reports of monitoring and assessment, that the value-based arrangement (i) is unlikely to further the coordination and management of care for the target patient population, (ii) has resulted in material deficiencies in quality of care, or (iii) is unlikely to VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 achieve the evidence-based, valid outcome measure(s), the parties terminate the arrangement within 60 days of such a determination. To the extent the parties do not terminate an arrangement within 60 days of such determination, the parties would lose safe harbor protection under this proposal. We solicit comments on whether to adopt a longer or shorter timeframe for termination; our goal is a reasonable but also prompt termination of arrangements that are no longer serving the goals for which safe harbor protection is offered. In addition, we are considering for the final rule and seek comment regarding whether, in lieu of the proposed termination requirement for the above subsections (i) through (iii), the safe harbor should instead allow for remediation—within a reasonable timeframe—before any required termination. We are not proposing to define ‘‘material deficiency in quality of care.’’ We believe that such ‘‘material deficiency’’ may vary depending on the nature of the VBE and the value-based arrangements of its VBE participants. Examples of a ‘‘material deficiency in quality of care’’ may include, but are not limited to, identified instances of potential patient harm or a pattern of diminished quality of care. Our proposals with respect to monitoring and assessment stem from a recognition that most arrangements protected by this proposed care coordination arrangements safe harbor would not be subject to governmental programmatic requirements, oversight, or monitoring comparable to CMSsponsored models. Accordingly, to aid in protecting against abusive arrangements, to further facilitate the government’s understanding and awareness of value-based arrangements and their impacts on Federal health care program beneficiaries and expenditures, and to create incentives for VBEs to exercise due diligence when establishing them, we are considering for the final rule requiring VBEs to submit certain data to the Department that would identify the VBE, VBE participants, and value-based arrangements, as a requirement for safe harbor protection. We solicit comments on whether such a requirement would present compliance or operational burdens for VBEs seeking the protection of this safe harbor. Were such a proposal finalized, required data might include the National Provider Identifier (NPI) number or other identifying information of each VBE participant in the VBE, each party participating in the valuebased arrangement, as well as PO 00000 Frm 00021 Fmt 4701 Sfmt 4702 55713 information regarding the arrangement, such as its duration. This data could be used, for example, by the government for data analysis to understand whether value-based arrangements are associated with increased or decreased utilization or outlier levels of utilization (taking into account that in some value-based arrangements one would expect to see increased utilization of some types of items and services and decreases in others). Should we adopt this approach, information would be submitted in a form and manner and at times specified by the Secretary in guidance. We solicit comments on the types of data that the parties availing themselves of safe harbor protection should be required to submit to the Department, potential reporting and compliance burdens for small and large value-based enterprises, and any different or additional actions that may help ensure appropriate oversight. 9. No Diversion, Resell, or Use for Unlawful Purposes We propose that the exchange of remuneration under this safe harbor would not be protected if the offeror knows or should know that the remuneration is likely to be diverted, resold, or used by the recipient for an unlawful purpose. Here, we state expressly what is otherwise implicit in the design of a value-based arrangement under this proposed safe harbor: The exchange of remuneration that the offeror knows or should know is likely to be diverted, resold, or used by the recipient for purposes other than the coordination and management of care of a target patient population would not be protected. 10. Materials and Records To ensure transparency, we propose a requirement that VBE participants or the VBE make available to the Secretary, upon request, all materials and records sufficient to establish compliance with the conditions of this safe harbor. We are not proposing parameters regarding the creation or maintenance of documentation to allow VBE participants the flexibility to determine what constitutes best documentation practices, but welcome comments on whether such parameters may be needed. In particular, we seek comment regarding whether we should require, in the final rule, a requirement that parties maintain materials and records sufficient to establish compliance with the conditions of this safe harbor for a set period of time (e.g., at least 6 years or 10 years). E:\FR\FM\17OCP2.SGM 17OCP2 55714 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules 11. Possible Additional Safeguards a. Bona Fide Determination We are considering for the final rule a condition that would require that, in advance of, or contemporaneous with, the commencement of the applicable value-based arrangement, the VBE’s accountable body or responsible person make two bona fide determinations with respect to the value-based arrangement. First, we are considering a condition requiring that the accountable body or responsible person make a bona fide determination that the value-based arrangement is directly connected to the coordination and management of care for the target patient population. Second, we are considering a condition requiring that the accountable body or responsible person make a bona fide determination that the value-based arrangement is commercially reasonable, considering both the arrangement and all value-based arrangements within the VBE. b. Cost-Shifting Prohibition We are considering for the final rule, and seek comment on, a condition prohibiting VBEs or VBE participants from billing Federal health care programs, other payors, or individuals for the remuneration; claiming the value of the remuneration as a bad debt for payment purposes under a Federal health care program; or otherwise shifting costs to a Federal health care program, other payors, or individuals. This proposal would not exclude arrangements from safe harbor protection that involve legitimate shifting of some costs that result from achieving care coordination goals or other value-based purposes. For example, depending on the arrangement, one might expect to see increases in primary care costs or costs for care furnished in home and community settings paired with reductions in unnecessary hospitalizations, duplicative testing, and emergency room visits; one also might see increases in remote monitoring or care management services. c. Fair Market Value Requirement and Restriction on Remuneration Tied to the Volume or Value of Referrals Commenters to the OIG RFI pointed to fair market value requirements and restrictions on remuneration based on the volume or value of business in existing safe harbors as barriers to arrangements that facilitate coordinated and value-based care, so we have crafted this proposed safe harbor without them, relying instead upon other program VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 integrity safeguards. However, fair market value requirements and restrictions that prohibit paying remuneration based on the volume or value of referrals help ensure that protected payments are for legitimate purposes and are not kickbacks. We have endeavored to draft this safe harbor to distinguish between beneficial care coordination arrangements and payment-for-referral schemes that do not serve, and may be contrary to, the goals of coordinated care and the shift to value. We solicit comments from stakeholders for safeguards that may help distinguish payments to reward or induce referrals from remuneration provided to promote or support legitimate care coordination activities. To this end, we are considering as an alternate proposal for the final rule’s care coordination arrangements safe harbor: (i) Whether we should include a fair market value requirement on any remuneration exchanged pursuant to a value-based arrangement, and (ii) whether we should include a further or alternate requirement prohibiting VBE participants from determining the amount or nature of the remuneration they offer, or the VBE participants to whom they offer such remuneration, in a manner that takes into account the volume or value of referrals or other business generated, including both business or patients that are part of the value-based arrangement and those that are not. To the extent these requirements would impede valuebased and care coordination arrangements, we are interested in feedback on potential, alternative safe harbor conditions that might mitigate such effects. We are further considering for the final rule whether we could best achieve the goals of this rulemaking through a safe harbor design that requires valuebased arrangements to be fair market value but that does not prohibit determining the amount or nature of the remuneration on the volume or value of referrals or other business generated. This approach would recognize the antikickback statute compliance challenge that the restriction on the volume or value of referrals or other business generated poses for arrangements that inherently reflect the volume of patients for whom care is coordinated or the value of services offered under a valuebased arrangement. In addition, or as an alternative, we are considering a restriction that would prohibit remuneration based directly on the volume or value of business generated between the parties (thus permitting remuneration based indirectly on the PO 00000 Frm 00022 Fmt 4701 Sfmt 4702 volume or value of referrals or other business generated between the parties). d. Additional Requirements for Dialysis Providers Dialysis providers furnish vital services to patients with critical and extensive care needs. Patients with end stage renal disease (ESRD) stand to benefit substantially from better coordinated, more efficient care as envisioned by this proposed rule. Dialysis providers play a central role in coordinating the care of individuals with ESRD. However, the dialysis industry has unique attributes—in particular, market dominance by a limited number of dialysis providers— that may increase fraud and abuse risks attendant to financial relationships between dialysis providers and others. We are concerned that present levels of market consolidation could impact access to dialysis care, quality of care, and associated health outcomes.23 In addition, we are concerned that, because of the aforementioned market dominance of a limited number of providers, the conduct that would be protected by this proposed safe harbor could lead to a decrease in competition among dialysis providers. We seek comment on whether and how the potential protection of financial arrangements between dialysis providers and others under this proposed safe harbor could affect the concentration of the dialysis market, access to care, quality of care, and associated health outcomes. We are considering whether to include in the final rule certain conditions specific to dialysis providers to further ensure that their care coordination arrangements operate to improve the management and care of patients and are not pay-forreferral schemes. These conditions could include enhanced monitoring, reporting, or data submission requirements or some of the conditions discussed in sections a., b., and c. directly above, including fair market value requirements and restrictions that prohibit paying remuneration based on the volume or value of referrals. 12. Example of a Value-Based Arrangement Analyzed Under the Proposed Care Coordination Arrangements Safe Harbor The following example demonstrates how parties might analyze the proposed care coordination arrangements safe harbor’s various requirements with 23 See Kevin F. Erickson et al., Consolidation in the Dialysis Industry, Patient Choice, and Local Market Competition, 28 Clinical J. of the American Society of Nephrology 3 (Mar. 7, 2017). E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules respect to the following fact pattern: To coordinate care between an acute care hospital and a SNF for mental health patients, the hospital and SNF enter into a care coordination arrangement under which the hospital engages in the valuebased activity of providing a behavioral health nurse for to the SNF to follow designated inpatients with certain mental health disorders for a 1-year time period, who comprise the target patient population, following discharge from the hospital and during admission to and while receiving care at the SNF. In this example, both the hospital and the SNF stand to benefit from this arrangement because they participate in a value-based payment arrangement that offers them shared savings payments for improved quality and patient outcomes and reduced emergency room visits. The hospital and SNF are the only VBE participants in a VBE that is designed to accomplish the value-based purpose of coordinating and managing the care of patients with mental health disorders (namely, by improving the quality of care they receive during the care transition process from acute care to skilled nursing care and during their SNF stay). This proposed arrangement would implicate the anti-kickback statute, because the hospital would be providing the SNF with remuneration (the behavioral health nurse services) and the SNF could refer Medicare, Medicaid, or other Federal health care program patients to the hospital. Safe harbor protection is afforded only to those arrangements that precisely meet all of a safe harbor’s conditions. Consequently, the hospital and SNF might engage in the following analysis to determine whether their proposed arrangement satisfies the proposed care coordination arrangements safe harbor’s requirements. First, the hospital and SNF must establish specific evidence-based, valid outcome measures against which the SNF will be measured throughout the arrangement, and which the parties reasonably anticipate will advance the coordination and management of care for the target patient population. Second, the parties must ensure that devoting one full-time nurse to oversee these patients would be commercially reasonable, considering both the arrangement itself and all value-based arrangements in the VBE. Third, the hospital and SNF must execute a signed writing documenting the terms of the value-based arrangement prior to, or contemporaneous with, its commencement or any material changes to the arrangement. The writing must VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 include: (i) The term of the value-based arrangement; (ii) the value-based activities to be undertaken; (iii) the target patient population; (iv) a description of the remuneration (e.g., the assignment of a full-time nurse to the SNF and the cost of the nurse’s services to the offeror); (v) the offeror’s cost of the remuneration; (vi) the percentage of the offeror’s cost contributed by the recipient; (vii) if applicable, the frequency of the recipient’s contribution payments for ongoing costs; and (viii) set forth the specific, evidence-based valid outcome measure(s) against which the SNF would be measured. Fourth, the remuneration must: (i) Be in-kind; (ii) be used primarily to engage in one or more value-based activities that have a direct connection to the coordination and management of care for the target patient population; and (iii) not induce VBE participants to furnish medically unnecessary items or services or reduce or limit medically necessary items and services furnished to any patient. In addition, the hospital could not provide the nurse to the SNF if any part of the cost of the nurse would be funded by, or otherwise result from the contributions of, an individual or entity outside of the VBE, such as a pharmaceutical or medical device manufacturer. Fifth, the hospital’s provision of the nurse to the SNF must not take into account the volume or value of, or condition the remuneration on, referrals of patients who are not part of the target patient population and business not covered under the value-based arrangement. Sixth, the SNF must pay for at least 15 percent of the hospital’s cost of the care coordination services provided by the nurse over the arrangement’s oneyear term. Assuming the nurse provides periodic services throughout the year, the SNF must pay its required contribution amount at reasonable, regular intervals, such as on a monthly basis. Seventh, the value-based arrangement must be directly connected to the coordination and management of care of the target patient population. In addition, the value-based arrangement must not place any limitation on the VBE participants’ ability to make decisions in the best interest of their patients. Further, if the value-based arrangement restricts or directs referrals, the value-based arrangement may not require referrals to a particular provider, practitioner, or supplier: (i) If a patient expresses a preference for a different practitioner, provider, or supplier; (ii) if the patient’s payor determines the PO 00000 Frm 00023 Fmt 4701 Sfmt 4702 55715 provider, practitioner, or supplier; or (iii) such direction or restriction is contrary to applicable law or regulations under titles XVIII and XIX of the Act. For example, the hospital could not require physicians on its medical staff to refer patients in the target patient population to the SNF if a patient expresses a preference for a different facility or if the patient’s payor does not cover services at the SNF. Eighth, the arrangement must not include marketing to patients of items or services or engaging in patient recruitment activities. Ninth, the VBE (or alternatively, the SNF or hospital acting on the VBE’s behalf), or the VBE’s accountable body or responsible person must monitor and assess at least annually (or once during the agreement’s term if the agreement is for less than a year): (i) The coordination and management of care of the target patient population; (ii) any deficiencies in the delivery of quality care under the value-based arrangement; and (iii) progress toward achieving the evidence-based, valid outcome measure(s) in the value-based arrangement. If, through monitoring and assessment, the VBE’s accountable body or responsible person determines that the value-based arrangement is: (i) Is unlikely to further the coordination and management of care for the target patient population, (ii) has resulted in material deficiencies in quality of care, or (iii) is unlikely to achieve the evidence-based, valid outcome measure(s), the parties terminate the arrangement within 60 days of such a determination. Tenth, the hospital does not, and should not, know that the behavioral nurse’s services are likely to be ‘‘diverted’’ by the SNF (e.g., used by the SNF to perform tasks unrelated to the care coordination and management of the target patient population) or used for an unlawful purpose (e.g., the provision of medically unnecessary services). Finally, the VBE participants must provide documentation, such as the signed writing, to the Secretary, upon request, showing that the parties complied with the safe harbor provisions. 13. Alternative Regulatory Structure This proposed rule provides protections for certain care coordination and value-based arrangements through a combination of proposed revisions to the personal services and management contracts safe harbor at 1001.952(d), the proposed care coordination arrangements safe harbor at 1001.952(ee), the proposed substantial downside financial risk safe harbor at E:\FR\FM\17OCP2.SGM 17OCP2 55716 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules 1001.952(ff), and the full downside financial risk safe harbor at 1001.952(gg). As an alternative to this suite of protections, we are considering for the final rule a different regulatory structure and approach to protect care coordination and other value-based arrangements that are not at full financial risk (as defined at proposed 1001.952(gg)) and are not part of a CMSsponsored model (as defined at proposed 1001.952(ii)). For this alternate approach, we would rely solely on the personal services and management contracts safe harbor at paragraph 1001.952(d) as a platform to create tiered protection for value-based arrangements, each step of which would remove additional conditions of paragraph 1001.952(d) to allow greater flexibility for innovation as the arrangements become more closely aligned with value-based purposes (as defined in proposed paragraph 1001.952(ee)) and the parties take on more downside financial risk. First, as proposed and described in our proposed modifications to the personal services and management contracts safe harbor, we would remove the requirement that aggregate compensation under service arrangements be set forth in advance, substituting a requirement that the methodology for determining the compensation be set in advance. This would offer broader protection for certain outcomes-based payment arrangements that are fair market value and do not take into account the volume or value of referrals or other business. Protected arrangements would not be required to meet the proposed definition of ‘‘value-based arrangement.’’ Second, for value-based arrangements that meet applicable requirements of the VBE framework previously outlined (e.g., the parties to the arrangement are VBE participants in a VBE), we would provide additional flexibility under the personal services and management contracts safe harbor by removing the requirements that the aggregate compensation: (i) Be set in advance (but requiring that the compensation methodology be set in advance); and (ii) not be determined in a manner that takes into account the volume or value of referrals. We may also incorporate safeguards from our proposed care coordination arrangements safe harbor (e.g., the monitoring requirement). To ensure that protected arrangements meet their value-based purposes, we might incorporate additional accountability and transparency requirements, such as those proposed for new safe harbor 1001.952(ee). We envision this framework would be similar to our VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 current proposal to add new protections for outcomes-based payments at proposed new paragraph 1001.952(d)(2). Third, for parties that meet the requirements of the value-based framework and also assume substantial downside financial risk (as defined in proposed 1001.952(ff)), we would provide increased flexibility under the personal services and management contracts safe harbor for their arrangements by removing the requirements that the aggregate compensation: (i) Be set in advance (but requiring that the compensation methodology be set in advance); (ii) not be determined in a manner that takes into account the volume or value of any referrals; and (iii) be consistent with fair market value in arm’s-length transactions. This additional flexibility would be afforded in recognition of the parties’ assumption of downside financial risk. With respect to the volume or value requirement, we are considering for the final rule several alternative ways we might remove it in the second and third steps of this approach. We might remove it entirely or remove it in part by retaining a requirement that the compensation not relate directly to the volume or value of referrals or other business generated between the parties (allowing for indirect correlations). With respect to a fair market value requirement, we might remove it entirely; remove it only for monetary remuneration or only for in-kind remuneration; or remove it where the non-fair market value arrangement primarily benefits the offeror of the remuneration, with such benefit independent of any increase in the volume or value of referrals (e.g., a hospital offering care managers to a post-acute care facility to better coordinate care and prevent avoidable readmissions for which the hospital might be penalized). We might also permit a broader set of free or below fair market value arrangements for providers coordinating care in rural or underserved areas or providers serving underserved populations. We are cognizant that this alternative approach may present operational challenges for parties, particularly with respect to determining fair market value for value-based arrangements. Moreover, we solicit comments on this approach as a whole and, in particular, on the following: (i) How to include in any safe harbor finalized consistent with this approach protection for the exchange of information technology and infrastructure that might not be part of a personal services or management contract, with a scope of protection PO 00000 Frm 00024 Fmt 4701 Sfmt 4702 equivalent to the protection collectively proposed under paragraphs 1001.952(ee) and (ff); and (ii) how parties would determine that a payment for quality outcomes is consistent with fair market value. As with the second tier described above, to ensure that protected arrangements meet their value-based purposes, we might incorporate additional accountability and transparency requirements, such as those proposed for new safe harbor 1001.952(ee). We are also interested in comments regarding any special problems a fair market value requirement would pose for providers in rural or underserved areas, providers serving underserved populations, or others. With respect to other proposed safe harbors where we have indicated that we are considering including in the final rule a restriction related to the volume or value of referrals and other business generated or a requirement for fair market value, we will consider comments to this alternative regulatory structure addressing how these criteria would operate in connection with value-based arrangements. D. Value-Based Arrangements With Substantial Downside Financial Risk (1001.952(ff)) We are proposing a new safe harbor for certain value-based arrangements involving VBEs that assume substantial downside financial risk (as defined in the proposed regulation) from a payor. We propose to incorporate the definitions of ‘‘coordination and management of care,’’ ‘‘target patient population,’’ ‘‘value-based activity,’’ ‘‘value-based arrangement,’’ ‘‘valuebased enterprise,’’ ‘‘value-based purpose,’’ and ‘‘VBE participant’’ found in proposed paragraph 1001.952(ee). This safe harbor, which would protect both monetary and in-kind remuneration, would offer greater flexibility than the safe harbor for care coordination arrangements in recognition of the VBE’s assumption of substantial downside financial risk. It could apply, for example, to an arrangement between an accountable care organization that is a VBE and a network provider to share savings and losses earned or owed by the accountable care organization, or between a VBE that has contracted with a payor for an episodic payment and a hospital and post-acute care provider that would be coordinating care for patients under the episodic payment. However, as proposed, this safe harbor would apply only to the exchange of remuneration between VBEs that have assumed substantial downside financial E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules risk and VBE participants that meaningfully share in the VBE’s downside financial risk (as further described below). In other words, where a VBE participant agrees to spread the VBE’s financial risk and coordinate care, additional safe harbor flexibility would be available. For the same reasons articulated in our discussion of the care coordination arrangements safe harbor, we propose that this safe harbor would not protect an ownership or investment interest in the VBE or any distributions related to an ownership or investment interest. We solicit comments on this approach and, in particular, whether this proposal presents any operational challenges with respect to the creation of a VBE as a separate legal entity. We are considering for the final rule whether this safe harbor should protect ownership or investment interests with respect to VBEs that must contract with a payor on behalf of VBE participants for purposes of value-based arrangements with substantial downside financial risk. Additionally, for the same reasons articulated in our discussion of the care coordination arrangements safe harbor, we propose that this safe harbor would not protect any remuneration funded by, or otherwise resulting from contributions by, an individual or entity outside of the applicable VBE. We are considering for the final rule whether, and if so, how, to extend this safe harbor to remuneration that passes from one VBE participant to another (without the risk-bearing VBE being party to the arrangement) when the VBE has assumed substantial downside financial risk from a payor. We are concerned that under many such downstream arrangements, the VBE participant receiving the remuneration may have assumed little or no financial risk and may be billing for his or her services on an FFS basis, thus retaining FFS incentives with respect to ordering or arranging for items and services for patients. We note the proposed care coordination arrangements safe harbor, with its additional safeguards, may be available for such arrangements, where they involve only in-kind remuneration, and the personal services and management safe harbor’s proposed modifications for outcomes-based payments may be available for monetary remuneration. This proposed safe harbor would protect remuneration exchanged between a VBE and a VBE participant pursuant to a value-based arrangement if several standards are met. First, the VBE must have assumed, or be contractually obligated to assume, VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 substantial downside financial risk from a payor for providing or arranging for the provision of items and services for a target patient population. The VBE can assume this risk directly if the VBE is an entity or through a VBE participant acting as an agent of, and accountable to, the VBE. (We note, to the extent a VBE participant wholly assumes risk on behalf of the VBE, it may act in both its capacity as a VBE participant and an agent of the VBE.) To balance the need to protect startup arrangements while also limiting potential program integrity risks, this safe harbor would protect arrangements between the VBE and the VBE participant during the 6 months prior to the date by which the VBE must assume substantial downside financial risk (as defined below). We solicit comments on whether 6 months is a sufficient timeframe, and if not, what longer or shorter timeframe would be appropriate. For purposes of this safe harbor, we are proposing specific methodologies that would qualify as substantial downside financial risk. Under any of our proposed methodologies, the VBE would assume risk from a payor for the provision of items and services to a target patient population for the entire term of the value-based arrangement. Our intent is for such risk to be of a degree likely to ensure that the valuebased arrangements of the VBE are designed to appropriately reduce (or slow the growth of) costs, improve efficiencies, or improve health outcomes for the target patient population (and are not likely to increase over- or underutilization or costs to payors or patients). We propose that a VBE would be at substantial downside financial risk if it is subject to risk pursuant to one of the following methods, drawn from the Department’s experience: 24 (i) Shared savings with a repayment obligation to the payor of at least 40 percent of any shared losses, where loss is determined based upon a comparison of costs to historical expenditures, or to the extent such data is unavailable, evidence-based, comparable expenditures; (ii) A repayment obligation to the payor under an episodic or bundled payment arrangement of at least 20 percent of any total loss, where loss is determined based upon a comparison of costs to historical expenditures, or to 24 For clarity, we note that we would not consider a prospective payment system for acute inpatient hospitals, home health agencies, hospice, outpatient hospitals, inpatient psychiatric facilities, inpatient rehabilitation facilities, long-term-care hospitals, and SNFs, or other like payment methodologies to meet any of the prongs of our proposed definition of ‘‘substantial downside financial risk.’’ PO 00000 Frm 00025 Fmt 4701 Sfmt 4702 55717 the extent such data is unavailable, evidence-based, comparable expenditures; (iii) A prospectively paid populationbased payment for a defined subset of the total cost of care of a target patient population, where such payment is determined based upon a review of historical expenditures, or to the extent such data is unavailable, evidencebased, comparable expenditures; or (iv) A partial capitated payment from the payor for a set of items and services for the target patient population where such capitated payment reflects a discount equal to at least 60 percent of the total expected FFS payments based on historical expenditures, or to the extent such data is unavailable, evidence-based, comparable expenditures of the VBE participants to the value-based arrangements.25 We are soliciting comments on this proposed definition of ‘‘substantial downside financial risk,’’ including whether: (i) These benchmarks should be higher or lower to ensure appropriate incentives; (ii) there are other methodologies not captured by this list that should qualify as substantial downside financial risk, such as those listed under 42 CFR 1001.952(u)(1)(i)(C); and (iii) some or all of these benchmarks should be omitted from this rule or modified to better capture true assumption of substantial downside financial risk for items and services furnished to patients. With respect to (i) through (iii), we are considering and solicit comments on whether the requirement to compare losses to, or determine payments based on, historical expenditures or evidencebased, comparable expenditures and whether additional means to establish a baseline against which to measure losses or payments is feasible for new or small VBEs or whether new or small VBEs should be allowed additional means to establish a baseline, such as allowing new or small VBEs to establish such baselines after a reasonable period of operation, such as 1 year. We also solicit comments on whether the assumption of substantial downside financial risk by the VBE as contemplated here, in combination with the safeguards proposed for this safe harbor, results in meaningful protections that will ensure that the 25 To afford VBE participants flexibility, we are not prescribing how parties may determine the basis for shared savings, shared losses, populationbased payments, or partial capitation payments. However, we expect any such approach will reflect a legitimate compensation methodology, not one that simply manipulates numbers to artificially inflate savings or decrease losses, as may be applicable. E:\FR\FM\17OCP2.SGM 17OCP2 55718 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules benefits of the arrangements that would be protected by this safe harbor outweigh any risk of misuse of the safe harbor to protect fraudulent or abusive arrangements. Lastly, we are considering for the final rule, and seek comment regarding, whether we should include advanced APMs and other payor advanced APMs, as both terms are defined at 42 CFR 414.1305, in the definition of ‘‘substantial downside financial risk.’’ Specifically, we seek comment on the following: (i) If advanced APM participants would likely rely on this safe harbor versus the CMS-sponsored model arrangements safe harbor; and if so, what barriers, if any, our proposed definition of ‘‘substantial financial risk’’ and ‘‘meaningfully share’’ (as outlined in further detail below) may pose; and (ii) whether our current definition of ‘‘substantial financial risk’’ is too narrow, such that we have excluded advanced APMs or other payor advanced APMs that encourage participants to meaningfully assume downside financial risk. This safe harbor proposes to protect remuneration from a VBE to a VBE participant pursuant to a value-based arrangement. As a condition of this safe harbor, the terms of the value-based arrangement require the VBE participant to meaningfully share in the VBE’s substantial downside financial risk for providing or arranging for items and services for the target patient population. This condition is intended to ensure that VBE participants ordering or arranging for items and services for patients (in other words, those making care decisions) closely share the VBE’s goals and share in accountability if those goals are not achieved. For purposes of this condition, we propose that a VBE participant ‘‘meaningfully shares’’ in the VBE’s substantial downside financial risk if the value-based arrangement contains one of the following: (i) A risk-sharing payment pursuant to which the VBE participant is at risk for 8 percent of the amount for which the VBE is at risk under its agreement with the applicable payor (e.g., an 8-percent withhold, recoupment payment, or shared losses payment); (ii) a partial or full capitated payment or similar payment methodology (excluding the prospective payment systems for acute inpatient hospitals, home health agencies, hospice, outpatient hospitals, inpatient psychiatric facilities, inpatient rehabilitation facilities, long-term care hospitals, and SNFs or other like payment methodologies); or (iii) in the case of a VBE participant that is a physician, a payment that meets the VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 requirements of the physician selfreferral law’s regulatory exception for value-based arrangements with meaningful downside financial risk at section 411.357(aa)(2). Under (i), the proposed percentage of the VBE’s substantial downside financial risk in which the VBE participant must share is based on the 8-percent nominal risk standard under the CMS regulation governing advanced APM and other payor advanced APM criteria at 42 CFR 414.1415 and 414.1420, respectively. We solicit comments on additional or alternative, specific thresholds we could include in the final rule to help ensure that the VBE participant is meaningfully engaged with the VBE in delivering value through its ordering and referring decisions, as well as data to support suggestions. To protect against risks of stinting on care, we further propose that the remuneration must not induce limitations on, or reductions of, medically necessary items or services furnished to any patient. We are considering for the final rule additional conditions to safeguard against risks of cherry picking or lemon dropping of patients, which could affect the quality of care patients receive. In addition, we are considering and solicit comments on whether to include a length-of-time requirement (e.g., 1 year) for the VBE to be at substantial downside financial risk to avoid gaming (as highlighted in our subsequent discussion of this issue in the full financial risk safe harbor). We are proposing to include the following conditions similar to certain conditions we are proposing for the care coordination arrangements safe harbor and would interpret these conditions, where applicable, as described previously in the discussion of the care coordination arrangements safe harbor: (i) The value-based arrangement must be set forth in a writing that contains, among other information, a description of the nature and extent of the VBE’s substantial downside financial risk for the target patient population and a description of the manner in which the recipient meaningfully shares in the VBE’s substantial downside financial risk; (ii) the VBE or VBE participant offering the remuneration does not take into account the volume or value of, or condition the remuneration on, referrals of patients outside of the target patient population or business not covered under the value-based arrangement; (iii) the value-based arrangement does not: (1) Place any limitation on VBE participants’ ability to make decisions in the best interest of their patients, or PO 00000 Frm 00026 Fmt 4701 Sfmt 4702 (2) direct or restrict referrals to a particular provider, practitioner, or supplier if: (A) A patient expresses a preference for a different practitioner, provider, or supplier; (B) the patient’s payor determines the provider, practitioner, or supplier; or (C) such direction or restriction is contrary to applicable law or regulations under titles XVIII and XIX of the Act; (iv) the value-based arrangement does not include marketing to patients of items or services or engaging in patient recruitment activities; and (v) the VBE or its VBE participants maintain documentation sufficient to demonstrate compliance with the safe harbor’s conditions and make such records available to the Secretary upon request. Note that we are considering, and seek comment regarding whether we should include in the final rule, a condition regarding the maintenance of materials and records sufficient to establish compliance with the conditions of this safe harbor for a set period of time (e.g., at least 6 years or 10 years). In addition to the foregoing standard, under this proposed safe harbor, the remuneration must be used primarily to engage in value-based activities that are directly connected to the items and services for which the VBE is at substantial downside financial risk. For example, a VBE is at substantial downside financial risk through an agreement with a payor to assume a percentage of shared losses for items and services provided in connection with hip replacements to the target patient population. Remuneration provided by the VBE to a VBE participant would be protected under this proposed safe harbor only if the VBE participant primarily uses the remuneration to engage in value-based activities that have a direct connection to the items and services provided to patients in the target patient population undergoing hip replacement surgery (i.e., the items and services for which the VBE is at substantial downside financial risk). Thus, while the VBE could give the VBE participant money that it uses to hire a staff member who primarily coordinates patients’ transitions between care settings after undergoing hip replacement surgery, the VBE could not give the VBE participant money that it uses to hire a staff member who coordinates transitions between care settings for patient undergoing an array of surgical procedures. In addition, we propose that the remuneration exchanged must be directly connected to one or more of the E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules VBE’s value-based purposes, at least one of which must be the coordination and management of care for the target patient population. We believe these safeguards are necessary to ensure transparency and accountability, as well as to reduce the potential for protected arrangements to be used to pay for referrals unrelated to coordinating care and improving health outcomes and value for programs and patients. For example, as with other safe harbors proposed in this rulemaking, we do not intend to protect arrangements nominally characterized as a care coordination or value-based arrangement but that in reality are schemes intended merely to buy or sell referrals. To further protect against such arrangements, we are considering including in the final rule a commercial reasonableness requirement and a monitoring standard, each of which would be similar to those included in our proposed care coordination arrangements safe harbor at 1001.952(ee). In addition, to heighten transparency of any value-based arrangements and to ensure that the value-based arrangement is known by and closely related to the VBE itself, we are considering for the final rule whether to require that, in advance of, or contemporaneous with, the commencement of the applicable valuebased arrangement, the VBE’s accountable body or responsible person make a bona fide determination that the value-based arrangement is directly connected to a value-based purpose, at least one of which must be the coordination and management of care for the target patient population. As discussed previously, we remain aware that the arrangements protected by the proposed substantial downside financial risk safe harbor would not be subject to programmatic requirements, oversight, or monitoring comparable to CMS-sponsored models. Accordingly, we are considering for the final rule including a requirement to submit information to the Department about the VBE, VBE participants, and the valuebased arrangement similar to the requirement we are considering for the care coordination safe harbor at 1001.952(ee). As discussed in the care coordination arrangements safe harbor section, we also are considering for the final rule a condition prohibiting VBEs or VBE participants from billing Federal health care programs, other payors, or individuals for remuneration exchanged pursuant to the safe harbor; claiming the value of the remuneration as a bad debt for payment purposes under a Federal health care program; or otherwise VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 shifting costs to a Federal health care program, other payors, or individuals. Through the substantial downside financial risk safe harbor, we seek to provide more flexibility for entities that assume a substantial amount of financial risk such that the risk incentivizes a shift from volume-based decision making to value-based decision making. By allowing parties this enhanced flexibility in exchange for assuming risk with respect to only a subset of items and services furnished to a target patient population, we are mindful of the potential for parties to assume financial risk for such a narrow subset of items and services that the offeror’s risk does not equate to substantial downside financial risk. We solicit comments on safeguards against this risk and the overall approach we have taken with respect to the substantial downside financial risk safe harbor. E. Value-Based Arrangements With Full Financial Risk (1001.952(gg)) We propose to protect certain arrangements (including in-kind and monetary remuneration) involving VBEs that have assumed ‘‘full financial risk,’’ as that term is defined in the proposed regulation, for a target patient population. Because we recognize that VBEs that have assumed full financial risk present fewer traditional FFS fraud and abuse risks, this proposed safe harbor would include more flexible conditions than the proposed care coordination arrangements and substantial downside financial risk safe harbors, which we believe would reduce burden for the VBE and its VBE participants. We intend for the safe harbor to offer this category of VBEs the greatest ability to innovate with respect to coordinated care arrangements in light of their assumption of the highest level of risk contemplated in this proposed rulemaking. We propose to incorporate the definitions of ‘‘coordination and management of care,’’ ‘‘target patient population,’’ ‘‘value-based activity,’’ ‘‘value-based arrangement,’’ ‘‘value-based enterprise,’’ ‘‘value-based purpose,’’ and ‘‘VBE participant’’ found in proposed paragraph 1001.952(ee). For the same reasons discussed previously with respect to the care coordination arrangements safe harbor, we propose that this safe harbor would not protect an ownership or investment interest in the VBE or any distributions related to an ownership or investment interest. We solicit comments on this approach and, in particular, whether this proposal presents any operational challenges with respect to the creation of a VBE as PO 00000 Frm 00027 Fmt 4701 Sfmt 4702 55719 a separate legal entity. We are considering for the final rule whether we should protect ownership or investment interests with respect to VBEs that must contract with a payor on behalf of VBE participants for purposes of value-based arrangements with full financial risk. We also propose, for the same reasons discussed previously with respect to the care coordination arrangements safe harbor, that this safe harbor would not protect any remuneration funded by, or otherwise resulting from contributions by, an individual or entity outside of the applicable VBE. We propose that a VBE would be at ‘‘full financial risk’’ for the cost of care of a target patient population if the VBE is financially responsible for the cost of all items and services covered by the applicable payor for each patient in the target patient population and is prospectively paid by the applicable payor. By ‘‘prospective,’’ we mean the anticipated cost of all items and services covered by the applicable payor for the target patient population, has been determined and paid in advance (as opposed to billing under the otherwise applicable payment systems and undergoing a retrospective reconciliation after items and services have been furnished). By way of example, a VBE would be at ‘‘full financial risk’’ if it received a prospective, capitated payment for all items and services covered by Medicare Parts A and B for a target patient population. Similarly, we would consider a VBE that contracts with a Medicaid managed care organization and receives a fixed per-patient permonth amount to be at full financial risk if the fixed amount covered the cost of all Medicaid-covered items and services furnished to the target patient population. In contrast, our proposal would not protect an entity that receives a partial capitated payment, be it either: (i) A capitated payment that covers a limited set of items or services or (ii) a payment arrangement where an entity receives a combination of reduced FFS and capitation payments for a defined set of items or services. For example, a hospital that participates in a bundled payment program for patients who receive knee replacements, and that receives an episodic payment to cover all costs associated with the knee replacement surgeries and follow-up care for 90 days, would not be eligible for protection under this safe harbor. The hospital is at full financial risk for the knee surgeries and related services but not for the patients’ total cost of care. We note that other proposals in E:\FR\FM\17OCP2.SGM 17OCP2 55720 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules this rulemaking may be available for such arrangements. We note that our proposed definition of ‘‘full financial risk’’ would not prohibit a VBE from entering into arrangements—like global risk adjustments, risk corridors, reinsurance, or stop loss agreements—to protect against catastrophic losses. We emphasize that it is our intent for such arrangements to be limited to catastrophic losses; a VBE may not use risk corridors or other like arrangements as a mechanism to shift an amount of financial risk that does not meet the spirit of this safe harbor. Similarly, we note that our proposed definition of ‘‘full financial risk’’ would not prohibit a VBE from conducting a ‘‘back-end’’ reconciliation, with resulting payment adjustments due to quality or financial performance metrics, provided again, that the reconciliation is not used as a mechanism to shift material financial risk back to the contracting payor. We also are considering other ways to define ‘‘full financial risk’’ in the final rule. For example, we are considering for purposes of the final rule including an actuarial equivalence standard similar to that used in the Medicare Part D context, and we request comments on the use of this potential standard. In addition, we seek comments about other situations that stakeholders believe should qualify as a VBE assuming ‘‘full financial risk.’’ We request that commenters provide specific examples of arrangements that they believe constitute ‘‘full financial risk’’ but that would not be covered by the definition proposed above. We propose to require that the VBE assume full financial risk either directly, or through a VBE participant with the legal authority to obligate the VBE. We note, to the extent a VBE participant wholly assumes risk on behalf of the VBE, it may act in both its capacity as a VBE participant and an agent of the VBE. In addition, we propose that this safe harbor would cover both value-based arrangements between a VBE and a VBE participant where the VBE has assumed full financial risk as of the date the VBE and VBE participant enter into the value-based arrangement, as well as value-based arrangements between a VBE and a VBE participant where the VBE is contractually obligated to assume such risk but has not yet done so. We are mindful that a VBE that is contractually obligated to take on full financial risk may need lead time to develop and implement arrangements in anticipation of taking on full financial risk. However, we also are concerned about providing safe harbor protection VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 for arrangements involving parties that have not yet assumed the risk that operates as a prerequisite and key safeguard for this safe harbor. To balance the need to protect start-up arrangements with our program integrity concerns, the safe harbor would protect arrangements between the VBE and the VBE participant only during the 6 months prior to the date by which the VBE must assume full financial risk. We solicit comments on whether 6 months is a sufficient timeframe, and if not, what an appropriate timeframe might be. We could include a longer or shorter timeframe in the final rule. We propose writing requirements in this safe harbor that are designed to promote transparency and accountability. First, we propose that the VBE have a signed writing with a payor that specifies the target patient population and contains terms sufficient to demonstrate that the VBE is at full financial risk for the target patient population for at least 1 year. Our intent in proposing a length-of-time requirement is to minimize gaming opportunities that could arise if the VBE assumes full financial risk for a short time period in order to take advantage of the proposed safe harbor’s flexibility but without meaningfully committing to the transition to full financial risk. Second, we propose that the parties set forth the material terms of the valuebased arrangement in a signed writing, including the value-based activities to be undertaken by the parties, and that the arrangement must be for a period of at least 1 year. We propose that the term of the valuebased arrangement must be for a period of at least 1 year to ensure that the VBE participant is committed to coordinating care for the target patient population of the VBE that has taken on full financial risk. We propose that the VBE participant cannot claim additional or separate payment in any form directly or indirectly from a payor for items or services covered under the value-based arrangement. For purposes of this safe harbor, we propose that the phrase ‘‘items or services’’ would have the meaning set forth in paragraph 1001.952(t)(2)(iv), which defines ‘‘items and services’’ as: ‘‘Health care items, devices, supplies or services or those services reasonably related to the provision of health care items, devices, supplies or services including, but not limited to, non-emergency transportation, patient education, attendant services, social services (e.g., case management), utilization review and quality assurance. Marketing and other pre-enrollment activities are not PO 00000 Frm 00028 Fmt 4701 Sfmt 4702 ‘items or services’ for purposes of this section.’’ If the VBE participant is permitted to seek additional payment for items or services furnished to the target patient population from a payor, the safe harbor would not protect the value-based arrangement. For example, protection under the safe harbor would not extend to payment made by a VBE to a VBE participant for telehealth services furnished to the target patient population if the VBE participant could also claim separate payment for such services from a payor. Value-based arrangements that permit VBE participants to claim separate payment from a payor are not ‘‘full risk.’’ Such arrangements potentially involve mixed financial incentives for providers, and parties would need to seek protection for such arrangements under one of the other proposed safe harbors. This requirement would permit VBE participants to bill a payor but not claim payment (e.g., through a ‘‘no-pay claim’’) if required by a payor, including Medicare. We also propose requirements related to the remuneration. First, we propose that remuneration exchanged must: (i) Be used primarily to engage in the value-based activities set forth in the parties’ signed writing; (ii) is directly connected to one or more of the VBE’s value-based purpose(s), at least one of which must be the coordination and management of care for the target patient population; and (iii) not induce the VBE or VBE participants to reduce or limit medically necessary items or services furnished to any patient. We propose to interpret these conditions consistent with the similar conditions in the proposed care coordination arrangements safe harbor at 1001.952(ee). Second, we propose to require that the VBE and VBE participant must not take into account the volume or value of, or condition the remuneration exchanged on: (i) Referrals of patients who are not part of the target patient population or (ii) business not covered under the value-based arrangement. This requirement would preclude protection under the safe harbor for remuneration that is part of a broader ‘‘swapping’’ arrangement to steer patients outside of the target patient population to the party offering the remuneration. We solicit comments on this condition and any additional safeguards that we should include in this safe harbor to mitigate the risk of problematic swapping arrangements in order to prevent the safe harbor from being used to protect payments for referrals that are not part of the value- E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules based arrangement. We would have significant concerns with a VBE participant entering into a purported value-based arrangement in which it offers the VBE a reduced rate for patients in the target patient population in exchange for gaining access to that VBE’s other patients. We propose to require that the VBE provide or arrange for: (i) An operational utilization review program and (ii) a quality assurance program that protect against underutilization and specify patient goals, including measurable outcomes, where appropriate. These conditions mirror those found in the existing safe harbor at paragraph 1001.952(u), which were derived from the then-current regulatory requirements for plans operating under section 1876 of the Act. We are considering for the final rule whether there may be other ways to frame this requirement that meet the spirit of the conditions in paragraph 1001.952(u) but are updated to reflect the utilization review and quality assurance mechanisms in place today. Like the proposed care coordination arrangements and substantial downside financial risk safe harbors and for the reasons explained in connection with those proposals, we are considering for the final rule requiring the submission to the Department of information about VBEs, VBE participants, and valuebased arrangements for safe harbor protection. We welcome comments on this. As discussed in the care coordination arrangements safe harbor section, we also are considering for the final rule a condition prohibiting VBEs or VBE participants from billing Federal health care programs, other payors, or individuals for remuneration exchanged pursuant to the safe harbor; claiming the value of the remuneration as a bad debt for payment purposes under a Federal health care program; or otherwise shifting costs to a Federal health care program, other payors, or individuals. We also propose requirements that (i) the value-based arrangement does not include marketing to patients of items or services or engaging in patient recruitment activities; and (ii) the VBE or its VBE participants maintain documentation sufficient to demonstrate compliance with the safe harbor’s conditions and make such records available to the Secretary upon request. We are considering for the final rule and seek comment regarding whether we should include, in the final rule, a condition regarding the maintenance of materials and records sufficient to establish compliance with the conditions of this safe harbor for a set period of time (e.g., at least 6 years or VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 10 years). We would interpret these requirements as described with respect to the care coordination arrangements safe harbor and would include them in this safe harbor for the reasons articulated there. In addition, we note that, as proposed, this safe harbor would apply only to remuneration exchanged between a VBE and a VBE participant pursuant to a value-based arrangement. The proposed full financial risk safe harbor would not protect remuneration exchanged between or among VBE participants that are part of the same VBE, remuneration exchanged between a VBE participant and a downstream contractor, or remuneration between two downstream contractors. However, nothing prevents these parties from turning to other available safe harbors for protection. We are considering for the final rule and solicit comments on whether to extend this safe harbor to remuneration that passes from a VBE participant to a downstream contractor (which also could be, but may not be required to be, a VBE participant). While we recognize that increased flexibility at the VBE participant level may foster innovation, we are concerned that these downstream arrangements present higher risks of fraud and abuse because the VBE participants and downstream contractors exchanging the remuneration may have assumed little or no financial risk. As such, they may continue to be subject to the potential risks inherent in any FFS financial arrangements, namely, incentives to order medically unnecessary or overly costly items and services. For these reasons, we are considering for the final rule, and solicit comments on, the following: • In addition to the safeguards proposed in paragraph 1001.952(gg), whether additional safeguards could be implemented under the full financial risk safe harbor (or a different proposed safe harbor) to ensure that legitimate arrangements between VBE participants and downstream contractors that advance the value-based purpose(s) of the VBE are protected. • For purposes of protecting downstream arrangements, whether we should incorporate some of the safeguards proposed in the safe harbor for care coordination arrangements or the safe harbor for parties at substantial downside financial risk. If so, whether certain safeguards would best capture our need to protect against fraud and abuse risks with the recognition that we do not want to impose undue burden on parties to these arrangements. • If we were to protect certain downstream arrangements, whether we PO 00000 Frm 00029 Fmt 4701 Sfmt 4702 55721 should limit protection to arrangements between VBE participants that are part of the same VBE, or we should extend protection to arrangements between: (i) A VBE participant and a downstream contractor, (ii) arrangements between two downstream contractors, or (iii) both. We request that any comments include specific examples of downstream arrangements that may not be protected under existing safe harbors or any of the safe harbors proposed under this rulemaking but warrant protection under this proposed safe harbor because of the level of risk assumed by the VBE. F. Arrangements for Patient Engagement and Support To Improve Quality, Health Outcomes, and Efficiency (1001.952(hh)) We propose to establish a new safe harbor at proposed paragraph 1001.952(hh) to protect certain arrangements for patient engagement tools and supports to improve quality, health outcomes, and efficiency furnished by VBE participants, as defined in proposed paragraph 1001.952(ee), to specified patients. This safe harbor, hereinafter the ‘‘patient engagement and support safe harbor,’’ is intended to remove barriers presented by the anti-kickback statute and the beneficiary inducements CMP 26 to providers offering patients beneficial tools and supports to improve quality, health outcomes, and efficiency, by promoting patient engagement with their care and adherence to care protocols. Commenters to the OIG RFI overwhelmingly supported such a safe harbor, with appropriate safeguards. Achieving well-coordinated care and improving value require patients to actively participate and engage in their preventive care, treatment, and general health. To prevent illness or disease or to manage a disease or condition effectively, patients must be involved in their healthcare and be empowered to make informed healthcare-related decisions. Appropriate patient engagement tools and supports can foster successful behavior modifications that improve health, ensure that patients receive the medically necessary care and other nonclinical, but healthrelated, items and services they need, and improve adherence to an appropriate treatment regimen. In some cases, improved care coordination may be facilitated through various supports, including, for 26 A practice permissible under the anti-kickback statute, whether through statutory exception or regulations issued by the Secretary, is also excepted from the beneficiary inducements CMP. Section 1128A(i)(6)(B) of the Act. E:\FR\FM\17OCP2.SGM 17OCP2 55722 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules example, providing supports that aim to improve patients’ safety at home or during care transitions (including discharge from facility care to the community) or that allow providers to communicate more efficiently and effectively with patients and their families and to monitor their patients’ care. However, we also are cognizant of the potential for improper patient engagement tools and supports to result in inappropriate utilization, the steering of patients to particular providers, suppliers, or products that might not be in their best interests, increased costs to payors and patients, and anticompetitive effects. Depending on the facts and circumstances, providing patient engagement tools and supports may implicate the Federal anti-kickback statute and the beneficiary inducements CMP. Some tools and supports may be protected under existing safe harbors or exceptions to the definition of ‘‘remuneration’’ under the beneficiary inducements CMP (e.g., the local transportation safe harbor, 42 CFR 1001.952(bb); the exception for remuneration that promotes access to care and poses a low risk of harm to patients and Federal health care programs, 42 CFR 1003.110; and the exception for incentives given to individuals to promote the delivery of preventive care, 42 CFR 1003.110). In addition, for CMS-sponsored models, some patient engagement tools and supports may qualify for protection under the Medicare Shared Savings Program’s waiver for patient incentives 27 or a waiver available for beneficiary incentives offered under an applicable Innovation Center model.28 However, under certain facts and circumstances, no safe harbor, exception, or waiver may be available to protect beneficial patient engagement tools and supports that implicate the anti-kickback statute, beneficiary inducements CMP, or both. These arrangements must be evaluated on a case-by-case basis for compliance with the statutes. Under the proposed patient engagement and support safe harbor at paragraph 1001.952(hh), ‘‘remuneration’’ under the Federal antikickback statute would not include inkind patient engagement tools or 27 Medicare Program; Final Waivers in Connection With the Shared Savings Program, 80 FR 66726, 66743 (Oct. 29, 2015). 28 See, e.g., Notice of Waivers of Certain Fraud and Abuse Laws in Connection with the Bundled Payments for Care Improvement Advanced Model (May 25, 2018), available at https://www.cms.gov/ Medicare/Fraud-and-Abuse/PhysicianSelfReferral/ Downloads/BPCI-Advanced-Model-Waivers.pdf. VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 supports (as specified in proposed paragraph 1001.952(hh)) furnished directly by a VBE participant (as defined in proposed paragraph 1001.952(ee)) to a patient in a target patient population (as defined in proposed paragraph 1001.952(ee)), that are directly connected to the coordination and management of care (as defined in proposed paragraph 1001.952(ee)), provided that all of the conditions of proposed paragraph 1001.952(hh) are satisfied. 1. Limitations on Offerors Under this proposal, only patient engagement tools and supports furnished by a VBE participant, as defined in proposed paragraph 1001.952(ee), would receive protection. Our intent in proposing to limit safe harbor protection to VBE participants is to align the safe harbor with the valuebased framework set forth in this proposed rulemaking. We are mindful that this approach would require the offeror of the remuneration to be part of a VBE (of any size) as defined at proposed paragraph 1001.952(ee). We are soliciting comments, including illustrative fact patterns, about potential patient engagement tools and supports that would improve care coordination and health outcomes where the offeror does not meet the proposed definition of a VBE participant because the offeror is not part of a VBE. For example, we are considering for the final rule safe harbor protection for, and seek comments regarding, a hospital’s or physician group practice’s provision of patient engagement tools and supports that would advance coordination and management of care for a patient and otherwise satisfy conditions similar to those set forth in the proposed safe harbor, but where such hospital or physician group practice is not part of a VBE. We seek comments on the fraud and abuse risks associated with removing the requirement that the offeror is a VBE participant and what additional safeguards would be appropriate to offset those risks. Pharmaceutical manufacturers, distributors, and suppliers of DMEPOS, and laboratories are not included in the proposed definition of ‘‘VBE participant’’ in paragraph 1001.952(ee) for the reasons described earlier in this preamble. In addition to the reasons for exclusion of pharmaceutical manufacturers in the definition of ‘‘VBE participant’’ previously articulated, we believe that offers of remuneration by such manufacturers to patients could improperly influence the patient, as well the patient’s clinician’s decision to PO 00000 Frm 00030 Fmt 4701 Sfmt 4702 prescribe one drug over another. Such remuneration could influence a patient to request a particular drug that is more expensive or less clinically efficacious than other clinically equivalent drugs. This could both improperly influence patient choice and increase costs to Federal health care programs—two factors cited by Congress to consider when developing safe harbors—without necessarily increasing quality. As noted above, we also are excluding manufacturers, distributors, and suppliers of DMEPOS and laboratories from the definition of a VBE participant. Based on long-standing enforcement and oversight experience, we are concerned that manufacturers, distributors, and suppliers of DMEPOS and laboratories may inappropriately use patient engagement tools and supports to market their products or divert patients from a more clinically appropriate item or service, provider, or supplier without regard to the best interests of the patient or to induce medically unnecessary demand for items and services. We are interested in comments on the impact of any such exclusions, if included in the final rule, for the patient engagement and support safe harbor in particular and any negative impact on the provision of potentially beneficial tools and supports. We seek comments regarding whether the proposed exclusion of these entities from the definition of ‘‘VBE participant,’’ and the proposed condition at (hh)(2), limiting funding by and other contributions from non-VBE participants, might negatively impact patients’ ability to receive beneficial items and services, including new technologies that may foster better access to care and improve health outcomes. As noted above, we also are considering whether to exclude other categories of suppliers and other entities, including pharmacies, PBMs, wholesalers, and distributors from the definition of ‘‘VBE participant.’’ 29 We solicit comments on the potential impact of our considered exclusion of pharmacies, PBMs, wholesalers, and distributors, if included in the final rule, for the patient engagement and support safe harbor in particular. We also are considering, and seek comment on, whether this proposed safe harbor should protect only in-kind tools and supports furnished by VBE participants that assume at least some 29 Note that, should we adopt the definition of ‘‘applicable manufacturer’’ as set forth in in 42 CFR 403.902, such definition would include distributors and wholesalers (which include re-packagers, relabelers, and kit assemblers) that hold title to a covered drug, device, biological or medical supply. E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules financial risk, so as to better align protected remuneration with valuebased purposes. In particular, if we were to limit safe harbor protection to only VBE participants that assume financial risk, we are considering, and seek comments regarding, the appropriate level of financial risk to require of such VBE participants (e.g., VBE participants that assume at least some downside financial risk or VBE participants that assume substantial downside financial risk). 2. Limitations on Recipients This proposed safe harbor would protect patient engagement tools and supports furnished to patients in a target patient population (as defined in proposed paragraph 1001.952(ee)). We note that the scope of this proposed safe harbor would not be limited to Federal health care program beneficiaries in recognition that the VBE or VBE participants may define the target patient population without regard to payor type. We solicit comments on whether we should instead provide safe harbor protection for tools and supports VBE participants furnish to a broader universe of patients by, for example, protecting patient engagement tools and supports furnished by VBE participants to any patient, so long as the tools and supports predominantly address needs of the target patient population and the tools and supports have a direct connection to the coordination and management of care for the patient. We recognize that some VBEs may not be able to prospectively identify the individual patients in the target patient population. For example, in some accountable care organization (ACO) arrangements under CMS-sponsored models, beneficiaries are assigned to the ACO, which could be a VBE, retrospectively or on a preliminary prospective basis (e.g., for agreement periods beginning on July 1, 2019, ACOs participating in the Medicare Shared Savings Program may select preliminary prospective assignment with retrospective reconciliation).30 We are interested in stakeholder comments on the challenges, if any, presented by the safe harbor’s protection of only patient engagement tools and supports furnished to patients in the target patient population when the VBE’s assigned beneficiaries are identified 30 42 CFR 425.400(a)(4)(ii). We offer this as an illustrative example. Participants in the Medicare Shared Savings Program and Innovation Center ACO models have existing fraud and abuse law waivers and may not need new safe harbor protection. VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 retrospectively or on a preliminary prospective basis. 3. Limitations on Type of Remuneration The proposed safe harbor would protect only tools or supports, as specified in proposed 1001.952(hh), furnished by a VBE participant to a patient in the target patient population. As proposed in 1001.952(hh)(3)(i), (ii) and (iii), we would limit a patient engagement ‘‘tool or support’’ to inkind, preventive items, goods, or services, or items, goods, or services such as health-related technology, patient health-related monitoring tools and services, or supports and services designed to identify and address a patient’s social determinants of health, that have a direct connection to the coordination and management of care of the target patient population. This limitation on tools or supports would exclude gift cards, cash, and any cash equivalent (e.g., a check or pre-paid debit card). We do not propose a specific definition of ‘‘preventive care item or service’’ to provide flexibility for VBE participants that seek to furnish preventive care items and services as a means to improve patient outcomes and better overall patient health.31 OIG is mindful of the evolving nature of clinical practice guidelines and recommendations for practices that are categorized as ‘‘preventive care,’’ and we intend to allow this proposed safe harbor to protect the provision of tools and supports that a VBE participant reasonably determines, within the medical judgment of the applicable practitioner treating the patient, to be preventive care. VBE participants would need to exercise caution in ensuring that tools and supports for which they desire safe harbor protection are reasonably considered preventive care. We solicit comments on whether the categories of patient engagement tools and supports listed above that would receive protection (i.e., health-related technology, patient health-related monitoring tools and services, or supports and services designed to identify and address a patient’s social determinants of health) are sufficiently flexible but also sufficiently targeted to protect against the risks of fraud and abuse associated with providing inappropriate remuneration to patients. For instance, we believe ‘‘health-related 31 We do not intend to incorporate the definition of ‘‘preventive care’’ found in the regulations interpreting the beneficiary inducements CMP, 42 CFR 1003.110. Note that the definitions found at 42 CFR 1003.110 apply to part 1003, not part 1001, where the proposed 42 CFR 1001.952(hh) would be located. PO 00000 Frm 00031 Fmt 4701 Sfmt 4702 55723 technology’’ and ‘‘patient health-related monitoring tools and services’’ might include wearable monitoring devices, such as a smart watch or tracker designed to collect information and transmit data to a patient’s physician for treatment or disease monitoring. We are considering for purposes of the final rule requiring that the VBE participant confirm that the tools and services provided to a patient are not duplicative of, or substantially the same as, tools and services the patient already has. For example, we are considering whether the safe harbor should protect the provision of a new cell phone or wireless service to a patient who needs an application for remote patient monitoring if the patient already has these products and only needs the application. With respect to the provision of supports and services designed to identify and address social determinants of health, many commenters to the OIG RFI urged us to consider ‘‘social determinants of health,’’ also described as ‘‘health-related nonmedical’’ items, goods, and services, that address basic needs essential to patients’ health, such as food, shelter, safety, clothing, income, and transportation, in designing any proposed safe harbors. There is substantial evidence that unmet social needs related to these determinants of health, such as transportation, nutrition, and safe housing, play a critical role in health outcomes and expenditures.32 These needs must be considered when thinking about maximizing health outcomes and lowering healthcare costs. Evidence indicates that efforts that target home and neighborhood-level factors, such as healthcare accessibility for low-income individuals, physical and environmental obstructions to healthy living, and housing and case management, can lead to improved health outcomes for people of all ages.33 These improved health outcomes include decreased mortality, delay or prevention of preventable and chronic 32 See, e.g., Michael Marmot et al., on behalf of the World Health Organization and Commission on Social Determinants of Health, Closing the gap in a generation: Health equity through action on the social determinants of health, 372 Lancet 9650 (2008), available at https:/www.thelancet.com/ journals/lancet/issue/vol372no9650/PIIS01406736(08)X6047-7; Gayle Shier et al., Strong Social Support Services, Such As Transportation And Help For Caregivers, Can Lead To Lower Health Care Use And Costs, 32 Health Affairs 3 (2013), available at https://www.healthaffairs.org/doi/pdf/ 10.1377/hlthaff.2012.0170. 33 See, e.g., J. Michael McGinnis, Pamela Williams-Russo, and James R. Knickman, The Case For More Active Policy Attention To Health Promotion, 21 HEALTH AFFAIRS 2 (Mar. 2002), available at https://www.healthaffairs.org/doi/ 10.1377/hlthaff.21.2.78. E:\FR\FM\17OCP2.SGM 17OCP2 55724 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules diseases, and lowered healthcare utilization, indicating a higher quality of life.34 By addressing health disparities that emerge from the social determinants of health, some research suggests that the United States could save over $230 billion in medical care costs.35 Moreover, there is research suggesting that policy interventions that focus on the social determinants of health can produce an estimated economic return of $1.02 trillion.36 Based on the connection of social determinants to healthcare outcomes and costs, we are considering for purposes of the final rule whether explicitly to include protection for tools and supports that address some social determinants of health that meet all other safe harbor conditions. While all social determinants have the potential to improve health outcomes, some social determinants may be more specifically aligned with preventive care and the coordination and management of care for patients (e.g., transportation to medical appointments, nutrition to address clinical conditions, safe housing for patients discharged to their homes) than others (e.g., a more general need for income through employment). We seek public input on which social determinants are most crucial to improving care coordination and transitioning to value-based care and payment, with respect both to needed arrangements between providers or others in a position to generate Federal health care program referrals between them, and needed arrangements between beneficiaries and providers or others in a position to influence the selection of providers, practitioners, and suppliers. We are considering, and solicit comments on, how the final safe harbor should make distinctions among the categories of social determinants, such as protecting some types of tools and supports but not others. We are considering for the final rule whether we should specify specific tools and supports that would be permissible, including whether to base such a list on the types of tools and supports described in CMS guidance for the Medicare and Medicaid programs. We are interested in illustrative examples and data supporting commenters’ views on this topic, including data supporting (or not supporting) the efficacy from a quality, effectiveness, and cost perspective of particular types of tools and supports related to addressing 34 Marmot, supra. supra. 36 McGinnis, supra. 35 McGinnis, VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 social determinants of health. Regardless, whether a particular tool or support would, in fact, be protected under the safe harbor when offered by a VBE participant to a patient in a target patient population would depend on the facts and circumstances and whether all safe harbor conditions were satisfied. We solicit comments on whether, instead of using the proposed categories, the final rule should list specific tools and supports that could be protected under the safe harbor. We are interested in feedback on which tools and supports should be listed and how the rule could account for emerging tools and supports that improve patient engagement, care coordination, and health outcomes. We do not intend for tools and supports protected by this proposed safe harbor, which includes only in-kind items, goods, and services, to be limited to items or services covered by a Federal health care program (as the term of art, ‘‘items or services,’’ when used in the context of the Medicare program, could suggest).37 In general, the provision of covered items and services to patients does not require safe harbor protection provided that all normal billing rules are followed. That said, the proposed description of a permissible tool or support would include federally reimbursable items and services, and provided that the other requirements of the safe harbor are satisfied, the provision of federally reimbursable items and services could receive safe harbor protection. We seek comment on potential fraud and abuse risks presented by including items and services that could be reimbursable by a Federal health care program as permitted tools or supports. We are aware of, and deeply concerned about, fraud schemes that involve the provision of items and services, including prescription opioids or other drugs, that are not needed by patients or that are harmful to them. We do not propose to protect such arrangements in this rulemaking, and such arrangements would not be protected in any final rule. Further, as OIG has previously stated, we are concerned that the provision of potentially reimbursable items and services, for free, could result in steering or unfair competition or could create a seeding arrangement, where, for example, a physician could be influenced to prescribe an item or service, which may be free at some point, but would be covered by a thirdparty payor (including Federal health care programs) in the future.38 Because of the risks presented by allowing safe harbor protection for the provision of potentially reimbursable items and services, including inappropriate seeding arrangements or the provision of medically unnecessary or harmful items or services, we are considering, and seek comment on, excluding in the final rule federally reimbursable items and services as a protected tool or support. As discussed further below, the proposed patient engagement and support safe harbor would not protect cost-sharing waivers, and thus would not protect billing a Federal program while waiving the beneficiary’s share of payment. The in-kind requirement means that the patient must receive the actual tool or support and not funds to purchase the tool or support. For example, patients may not be given cash reimbursements for items or goods they purchase directly. While cash reimbursements for tools and supports would not satisfy the in-kind requirement, we would consider a voucher for a particular tool or support (e.g., a meal voucher or a voucher for a taxi) to satisfy the in-kind requirement. 37 While OIG’s regulations found at 42 CFR 1003.110 define ‘‘items and services or items or services,’’ we do not cross-reference such definition in this proposed safe harbor, nor do we propose to limit the items, goods, and services potentially protected by this proposed safe harbor to the items and services that would satisfy the definition found at 42 CFR 1003.110. Note also that the definitions found at 42 CFR 1003.110 apply to part 1003, not part 1001, where the proposed 42 CFR 1001.952(hh) would be located. 38 Adv. Op. No. 18–14, available at https:// oig.hhs.gov/fraud/docs/advisoryopinions/2018/ AdvOpn18-14.pdf. 39 See, e.g., Cathy J. Bradley & David Neumark, Small Cash Incentives Can Encourage Primary Care Visits by Low-Income People with New Health Care Coverage, 36 Health Affairs 8 (2017), https:// www.healthaffairs.org/doi/10.1377/ hlthaff.2016.1455; Scott D. Halpern, MD, Ph.D. et al., Randomized Trial of Four Financial-Incentive Programs for Smoking Cessation, 372 New Eng. J. PO 00000 Frm 00032 Fmt 4701 Sfmt 4702 a. Cash and Cash Equivalent Incentives A number of commenters responding to the OIG RFI urged OIG to protect the distribution of cash incentives to patients as a reward for engaging in certain healthcare-related activities. For example, providers responding to the OIG RFI stated that they would like protection to provide cash rewards to patients both for attending appointments (e.g., $10 for patients who attend an initial primary care visit) and for engaging in activities designed to promote the adoption and maintenance of healthy behaviors (e.g., a $25 check offered to patients who complete milestones in a behavioral modification program related to substance use disorders). Commenters cited a number of studies in support of this recommendation.39 E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules Commenters to the OIG RFI noted that incentives and supports in the form of cash could help improve patients’ adherence to treatment plans, encourage participation in medically necessary care, and motivate patients to lead healthier lifestyles. In addition, commenters to the OIG RFI posited, and some research suggests, that patients prefer cash to in-kind items, goods, or services and that cash may be more effective at maintaining patient engagement and encouraging and reinforcing positive behavioral change. We also have observed congressional interest in allowing providers to offer beneficiaries cash through, by way of example, the recent enactment of the ACO Beneficiary Incentive Program, section 1899(m) of the Act. However, OIG historically has had significant concerns with allowing providers to offer cash or cash equivalents to patients, and our oversight and enforcement experience suggests that cash incentives can: (i) Result in medical identity theft and misuse of patients’ Medicare numbers, (ii) lead to inappropriate utilization (in the form of medically unnecessary items and services), and (iii) cause improper steering (including patients selecting a provider because the provider offers the most valuable incentives and not because of the quality of care the provider furnishes). Notwithstanding, we are considering for the final rule, and seek comment on, whether to protect patient incentives and supports in the form of cash and cash equivalents in certain circumstances.40 If we do so, we might set a monetary limit on the aggregate amount of remuneration provided annually (such as up to $75 per year, or higher or lower amounts) 41 or include other safeguards to prevent the misuse of cash incentives to steer patients to items or services to influence them to allow others to use their personal information to order unnecessary or inappropriate items and services. Further, we likely would limit the use Med. 2108 (2015), https://www.nejm.org/doi/full/ 10.1056/NEJMoa1414293. 40 OIG continues to consider items convertible to cash (such as a check) or that can be used like cash (such as a general purpose debit card) to be cash equivalents. 41 The $75 amount parallels OIG’s 2016 ‘‘Office of Inspector General Policy Statement Regarding Gifts of Nominal Value to Medicare and Medicaid Beneficiaries Policy Statement,’’ which currently sets the retail value of permissible ‘‘inexpensive’’ or ‘‘nominal value’’ gifts at $15 per item and $75 in the aggregate per patient on an annual basis. See OIG, Office of Inspector General Policy Statement Regarding Gifts of Nominal Value to Medicare and Medicaid Beneficiaries (Dec. 7, 2016), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/ OIG-Policy-Statement-Gifts-of-Nominal-Value.pdf. VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 of cash remuneration to reward patients for attending medically necessary primary care or other clinically prescribed treatment visits, or for successful participation in a clinically appropriate behavioral modification or substance use disorder treatment program. If we were to adopt this approach, we would consider requiring offerors to have an evidence-based reason for using cash to influence patients’ adherence to a treatment regimen or clinical program. (This might be the case, depending on the evidence, with respect to a substance use disorder treatment or smoking cessation program.) We solicit comment on potential criteria a party may apply to ensure that the arrangement is evidencebased, such as ensuring the arrangement is supported by the Joint Commission, the Agency for Healthcare Research and Quality, or other independent organization that develops national quality standards or quality measures. b. Waiver or Reduction of Cost-Sharing Obligations A number of the comments we received in response to the OIG RFI advocated broad protection from potential anti-kickback statute and beneficiary inducements CMP liability for routinely waived or reduced costsharing obligations. As an initial matter, we note that the requirement for costsharing in Medicare and Medicaid is a programmatic matter; cost-sharing is required pursuant to statute and regulations set forth by CMS and State Medicaid programs. We do not believe safe harbors to the anti-kickback statute are the right tool to obviate these programmatic requirements. Our concerns regarding routine waivers of cost-sharing amounts are longstanding; 42 such routine waivers may constitute prohibited remuneration to induce referrals. Therefore, as proposed, the patient engagement and support safe harbor would not protect the routine waiver or reduction of costsharing obligations (including coupons leading to such waivers or reductions). We are interested in comments that identify potential benefits of permitting in the final rule the waiver or offset of cost-sharing obligations where the costsharing waiver or offset of obligations is part of a value-based arrangement under our value-based framework. In addition, we solicit comments on any safeguards that would mitigate concerns that routine waivers of cost-sharing amounts might undermine prudent consumer 42 See, e.g., Special Fraud Alert: Routine Waiver of Copayments or Deductibles Under Medicare Part B, 59 FR 65372, 65374 (Dec. 19, 1994). PO 00000 Frm 00033 Fmt 4701 Sfmt 4702 55725 incentives of cost-sharing or might allow for abusive ‘‘insurance-only billing’’ marketing schemes targeting patients for unnecessary or poor-quality items or services. Long-standing OIG guidance allows for non-routine, good-faith financial need cost-sharing waivers,43 and several safe harbors and beneficiary inducements CMP exceptions already offer protection for certain reductions, waivers, and differentials in costsharing, such as the exception for the waiver of cost-sharing amounts found at section 1128A(i)(6)(A) of the Act and 42 CFR 1003.110. Those safe harbors and exceptions remain available and unchanged by this proposal. We also are proposing protection for certain costsharing waivers or reductions under the CMS-sponsored model patient incentives safe harbor, proposed at 1001.952(ii). As noted above, many VBE participants that would avail themselves of the patient engagement and support safe harbor would not be subject to programmatic requirements, oversight, or monitoring comparable to CMSsponsored models. Therefore, costsharing waivers or reductions offered and provided under the CMS-sponsored models may present fewer risks. We are aware of concerns expressed by some stakeholders about the collection of small beneficiary costsharing amounts associated with certain care coordination services, such as care management and remote monitoring, where the costs of collection exceed the amount to be collected. Stakeholders would like safe harbor protection for waivers of such cost-sharing amounts. We are considering for the final rule whether limited safe harbor protection for such waivers might be appropriate, including whether such safe harbor protection would be consistent with the program rules establishing such beneficiary cost-sharing amounts. We are considering for the final rule, and seek comment regarding, what conditions we should include in any safe harbor for limited cost-sharing waivers that would protect only costsharing waivers associated with certain specified services, such as care management and remote monitoring. If we were to finalize such a safe harbor, we likely would include conditions similar to those set forth in proposed 1001.952(hh). Finally, we are aware of interest among some stakeholders in offering patients a share of savings the patients help generate for a payor. For example, a patient who selects a clinically 43 See, e.g., OIG, Special Fraud Alert, 59 FR 65372, 65374 (Dec. 19, 1994). E:\FR\FM\17OCP2.SGM 17OCP2 55726 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules appropriate but less costly setting to obtain services (e.g., home-based services instead of a treatment in a facility) might share in the savings realized from the lower cost care setting. We believe that in many cases, this type of program would be part of a plan’s benefit design. The need for new safe harbor protection for this type of arrangement is unclear, and we solicit comments on this issue. c. Gift Cards OIG has never considered gift cards to be in-kind items, goods, or services. The limitation of ‘‘tool or support’’ proposed in paragraph 1001.952(hh) would be consistent with OIG’s position that gift cards are not in-kind items, goods, and services. OIG recognizes certain risks attendant to providing gift cards as patient engagement tools and supports, some of which may make gift cards indistinguishable from cash (e.g., we recognize that consumers can sell or trade gift cards through gift card redemption sites, which could result in a gift card morphing into cash). Similar to cash and cash equivalents, OIG is concerned that tools and supports in the form of gift cards could induce patients to seek medically unnecessary items and services—leading to inappropriate utilization—and could result in providers improperly steering patients through offering valuable incentives in the form of gift cards. Nevertheless, because gift cards may be effective at promoting behavioral change, OIG is considering whether to include protection for gift cards in limited circumstances, for example, where they are provided to patients with certain conditions, such as substance use disorders and behavioral health conditions, as part of an evidence-based treatment program, for the purpose of effecting behavioral change. OIG seeks comments on the potential inclusion of gift cards in limited circumstances such as these and requests citations to any recent studies assessing the positive or negative effects of gift card incentives on promoting behavioral change. OIG also solicits comments on whether and how including gift cards as allowable ‘‘tools or supports’’ in the circumstances described above would raise the risk of fraud and abuse and specifically whether it would present any anticompetitive effects, particularly for smaller providers and suppliers. OIG also is considering and seeks comment on what additional safeguards, such as limiting protection for gift cards to those VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 that are not pre-paid debit cards,44 we should include to the extent the safe harbor protects the provision of gift cards. 4. Additional Proposed Conditions The patient engagement and support safe harbor would impose a number of conditions on the provision of protected patient engagement tools and supports. The intent of these safeguards is to balance the potential benefits of tools and supports with safeguards that minimize the risk of harm to patients, payors, or both. a. Furnished Directly to the Patient Under the proposed condition at 1001.952(hh)(1), the tool or support must be furnished directly to the patient by a VBE participant. The reasons for this proposed condition are two-fold. First, the condition would prevent entities that are excluded from participating in a VBE from directly or indirectly furnishing tools and supports to patients. Second, we believe that this condition would help patients understand which entity or individual is furnishing the tool or support, which could aid patients in deciding whether to participate in the program or treatment regimen offered. We are considering for the final rule and seek comment on whether we should include a condition in the final safe harbor that would require the VBE participant to provide any patient receiving a patient engagement tool or support a written notice describing: (i) The VBE participant that is giving the patient the tool or support; (ii) what the remuneration is; and (iii) the purpose of, or reason for, the remuneration. We solicit comments on whether we should expressly permit the VBE participant to furnish the tool or support through someone acting on the VBE participant’s behalf and under the VBE participant’s direction (e.g., a physician practice that provides the tool or support through an individual member of the practice or nurse employed by the practice). We also seek comments on the applicability of the proposed safe harbor to potential arrangements by which a VBE participant orders or arranges for the delivery of a tool or support from an independent third party. b. Funding Limitations Under the proposed condition at 1001.952(hh)(2), we limit who can fund 44 OIG recognizes that gift cards can take a number of forms, including tangible gift cards, electronic gift cards, and the replenishment of funds available, through a smartphone application, to purchase items, goods, or services at a particular entity. PO 00000 Frm 00034 Fmt 4701 Sfmt 4702 or otherwise contribute to patient engagement tools and supports furnished by a VBE participant. We propose to interpret the requirement at 1001.952(hh)(2) to prohibit the VBE participant from accepting or using funds or free in-kind items or services furnished by any individual or entity outside of the VBE to finance or otherwise facilitate its patient engagement tools, supports, or both, including both the cost of the tool or support and any associated operating costs incurred through the provision of such tool or support (e.g., staff time dedicated to ordering or distributing blood pressure cuffs or technology expenses or help desk services associated with a patient support). We believe this requirement is necessary to reduce the likelihood of undue influence that could result in inappropriate patient steering to specific products, providers, or suppliers. In addition, this proposed condition would ensure that the entities we propose to exclude as VBE participants would not indirectly furnish patient engagement tools and supports under the safe harbor. For example, a pharmaceutical manufacturer, manufacturer, distributor, or supplier of DMEPOS, or laboratory could not circumvent the proposed exclusion from the definition of ‘‘VBE participant’’ by providing funds to a third-party entity and then directing or otherwise controlling any aspect of the third-party entity’s provision of patient engagement tools and supports as a VBE participant. Further, this proposed condition would prohibit a non-VBE participant’s contribution of in-kind items and services for a VBE participant to provide to patients as tools or supports. By way of example, a pharmaceutical manufacturer’s provision of free product to a VBE participant (e.g., a physician) for the VBE participant’s distribution to patients as free product samples would not be protected by this proposed safe harbor.45 We solicit comments on this approach and whether there may be defined, limited circumstances in which non-VBE participants should be able to contribute or otherwise participate in the provision of tools and supports eligible for safe harbor protection. We note that this proposed safe harbor does not address, or otherwise 45 For further information regarding the Federal anti-kickback statute and beneficiary inducements CMP implications of free product samples, see e.g., OIG, Compliance Program Guidance for Pharmaceutical Manufacturers, 68 FR 23731, 23739 (May 5, 2003); Adv. Op. No. 08–04, available at https://oig.hhs.gov/fraud/docs/advisoryopinions/ 2008/AdvOpn08-04.pdf; Adv. Op. No. 15–11, available at https://oig.hhs.gov/fraud/docs/ advisoryopinions/2015/AdvOpn15-11.pdf. E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules prohibit, arrangements between VBE participants and others (including vendors and manufacturers) for the purchase and sale of tools and supports that the VBE participant would furnish under the safe harbor. Such arrangements must be assessed on a case-by-case basis for compliance with the Federal anti-kickback statute and any other applicable law. c. Prohibition on Marketing and Patient Recruitment Under the proposed condition at 1001.952(hh)(3)(iii), the remuneration must not include any in-kind item, good, or service used for patient recruitment or marketing of items or services to patients. We do not intend to protect tools or supports that serve solely as patient recruitment incentives. Similarly, we do not intend to protect tools or supports offered to patients where the party knows or should know that the patient would not use the item as intended under the arrangement and would instead resell the item. We seek comments on this proposed condition, and in particular, any benefits of permitting in the final rule some targeted marketing or similar outreach to the target patient population for the purposes of engaging them in evidence-based prevention or wellness activities, or in improving population health outcomes, particularly for VBEs or VBE participants at financial risk for the health outcomes of the target patient population. As with our proposal at paragraph 1001.952(ee), we also are interested in comments on how best to preclude marketing of reimbursable items and services and patient recruitment while still permitting beneficial educational efforts and activities that promote patient awareness of care coordination activities and available tools and supports. d. Direct Connection Under the proposed condition at 1001.952(hh)(3)(i), the tool or support furnished to the patient must have a ‘‘direct connection’’ to the coordination and management of care for the patient. We interpret ‘‘direct connection’’ to mean that the VBE has a good faith expectation that the tool or support will further the VBE’s coordination and management of care for the patient, as that concept is described in the proposed conditions at 1001.952(ee). Where a direct connection exists, it should not be difficult for the VBE and the VBE participant providing the patient engagement tool or support to clearly articulate the nexus between the tool or support and a care coordination and management purpose of the VBE. VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 We believe that this requirement effectively balances the goals of patient engagement tools and supports, such as patient compliance with a plan of care and adherence to behavior modifications to improve overall health, with the risk that VBE participants could use extravagant tools or supports to steer beneficiaries or incentivize unnecessary or inappropriate care. Consistent with our goals of fostering flexibility, adaptability, and innovation, we are not further describing specific patient engagement tools and supports that would be considered to have a direct connection to the coordination and management of care for the patient. We are considering for the final rule and solicit comments on whether we should require a ‘‘reasonable connection’’ rather than a ‘‘direct connection.’’ As an alternative or in addition to this approach, we are considering whether, to heighten transparency of patient engagement tools and supports and to ensure that qualifying patient engagement tools and supports are known by and closely related to the VBE itself, we should require the VBE to make a bona fide determination that the VBE participant’s arrangement to provide tools and supports to patients is directly connected to the coordination and management of care for the patient, as that term is used in the proposed 1001.952(ee). We solicit comments on this approach. Lastly, we are considering for the final rule, and solicit comment on, whether we should require that patient engagement tools and supports be directly connected to any of the four value-based purposes, as opposed to requiring a direct connection specifically to the coordination and management of the patient’s care. e. Medical Necessity Under the proposed condition at 1001.052(hh)(3)(iv), the tool or support furnished to the patient must not result in medically unnecessary or inappropriate items or services reimbursed in whole or in party by a Federal health care program. We believe that this is an important protection for patient safety and quality of care. f. Nature of the Remuneration Under the proposed conditions at 1001.952(hh)(3)(vi), the tool or support must be recommended by the patient’s licensed healthcare provider. This condition seeks not only to ensure that the remuneration is focused specifically on patient care, but also underscore the importance of quality of care, the healthcare provider’s medical judgment, and the patient’s relationship with his PO 00000 Frm 00035 Fmt 4701 Sfmt 4702 55727 or her chosen healthcare providers in developing plans for treatment and care. We are considering and solicit comment on, whether we should include as a safeguard a requirement that the patient’s licensed healthcare provider certify in writing, under 18 U.S.C. 1001 and 1519, that the particular item or service is recommended solely to treat a documented chronic condition of a patient in a target patient population. We solicit comments on how providers would most efficiently meet such a requirement and whether and how providers should be required to make the certification available. For all types of remuneration contemplated under this proposed safe harbor, we are considering for the final rule and seek comment on whether we should impose further limitations on the nature of remuneration furnished or other conditions to safeguard against the risks associated with fraud and abuse. For example, we are considering for the final rule and seek comment on some or all of the following additional safeguards: • A requirement that VBE participants furnishing patient engagement tools and supports demonstrate and document the desired adherence to a treatment regimen, adherence to a drug regimen, adherence to a follow-up care plan, management of a disease or condition, improvement in measurable health outcomes, or patient safety; and • a monitoring requirement to ensure that the patient engagement tools and supports do not result in diminished quality of care or patient harm. In addition, we seek specific examples of any other types of remuneration that stakeholders believe should be covered (or should not be covered) by this proposed safe harbor and why, as well as input on whether we can better define categories of remuneration, and any limitations or safeguards necessary to protect against fraud and abuse risks specific to such examples or categories. g. Advancement of Specified Goals Under the proposed condition at 1001.952(hh)(3)(vii), the incentives and supports must advance specifically enumerated goals, namely: Adherence to a treatment regimen as determined by the patient’s licensed healthcare provider; adherence to a drug regimen as determined by the patient’s licensed healthcare provider; adherence to a follow-up care plan established by the patient’s licensed healthcare provider; management of a disease or condition as directed by the patient’s licensed E:\FR\FM\17OCP2.SGM 17OCP2 55728 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules healthcare provider; improvement in evidence-based measurable health outcomes for a patient or the target patient population; ensuring patient safety; or some combination of the above.46 We are not proposing to specify which tools and supports would advance the named goals to provide flexibility for VBE participants and promote innovation. We intend for this proposed condition to protect a range of tools and supports. For example, an item, such as a smart pill bottle, that dispenses medications at preset times for a patient could meet this condition because it is a tool that enables the patient to access the right medication at the appropriate dosage and time. Offering a parking voucher or providing free childcare during medical appointments also could satisfy this condition because these supports would allow a patient to comply with his or her treatment regimen. Conversely, offering a patient movie tickets to reward compliance with a treatment regimen would not satisfy this condition. While we are concerned about the potential for abuse when patients are offered rewards to induce them to receive items or services, we also are aware that, in some circumstances, patients, or persons at risk of becoming patients with more serious conditions, might be offered tools or supports that result in lower healthcare costs (without compromising quality) or that promote patient wellness and healthcare. h. No Diversion or Resell Under the proposed condition at 1001.952(hh)(4), this safe harbor would not protect the provision of a tool or support if the offeror of the remuneration knows or should know that the tool or support is likely to be diverted, sold, or utilized by the patient other than for the express purpose for which the patient engagement tool or support is provided. This proposed condition is designed to prevent VBE participants from providing tools and supports to patients if they likely would divert or sell or otherwise use for purposes other than the coordination and management of care and the goals outlined in (hh)(3)(vi). We seek comments on this approach. Notwithstanding the foregoing, for the purposes of this safe harbor, we would not consider a tool or support to be diverted if it is furnished to patients 46 We note here that the word ‘‘drug’’ is synonymous with and inclusive of ‘‘medication,’’ neither of which terms we are defining for purposes of this proposed safe harbor. Similarly, ‘‘followup care plan’’ would include so-called ‘‘discharge plans.’’ VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 indirectly through their caregivers or family members or others acting on patients’ behalf if the remuneration otherwise satisfies the conditions of the safe harbor. Specifically, if a patient is unable to care for herself or himself and another person (e.g., a family member or other caregiver) has legal authority or the patient’s consent to act on the patient’s behalf, then remuneration furnished to that person, on the patient’s behalf and for the patient’s benefit, would be protected if all conditions of the safe harbor are met. For example, if the patient is a child suffering from asthma, the child’s parent or guardian may accept in-kind remuneration, such as a new air purifier for the child’s bedroom, on the child’s behalf without violating this requirement. i. Monetary Cap Under the proposed condition at 1001.952(hh)(5), the aggregate retail value of patient engagement tools and supports furnished by a VBE participant to a patient could not exceed $500 on an annual basis, with certain limited exceptions. With this condition, we have attempted to strike the right balance between flexibility for beneficial patient tools and supports and a bright-line limit on the amount of protected remuneration to protect patients from being improperly influenced by valuable gifts; to protect the Federal health care programs from potential abuse through overutilization and inappropriate utilization due to such gifts; and to allow for innovation and beneficial arrangements that benefit patients and payors. As noted elsewhere in this preamble, our enforcement experience shows that incentives offered to beneficiaries can be used to coerce them into obtaining unnecessary services or harmful care, and this risk may be heightened when the value of remuneration is high or unlimited. However, we are unsure whether a monetary cap would present a barrier to achieving the intended benefits for patients envisioned by this proposed safe harbor. In lieu of a monetary cap, we are considering for the final rule, and seek comments on, whether other combinations of safeguards proposed in this rule would offer meaningful protection against fraud and abuse involving patients and programs, while still achieving the policy goal of promoting value-based care. We solicit comments on whether this proposed monetary limit of $500 is appropriate, whether $500 per year is too low or too high, and if so, what other figures are more appropriate and the reasons for such other figures (e.g., PO 00000 Frm 00036 Fmt 4701 Sfmt 4702 $100, $200, $1,000, $1,500, or another amount that would be of sufficient magnitude to protect the most beneficial arrangements while also preventing the most abusive ones). For purposes of measuring retail value, we propose that such value be measured at the time the patient engagement tool or support is provided, and we are considering for the final rule whether to interpret ‘‘retail value’’ to mean the fair market value to the recipient or commercial value to the recipient. We also solicit comments on the proposed requirement applying the cap to individual VBE participants and whether the requirement should instead apply the annual cap to the VBE as a whole. Under this alternative, we are considering whether only one VBE participant within a VBE could offer remuneration to a patient during the year. If we limited the cap to the VBE instead of a VBE participant, we are interested in comments regarding how this might negatively impact opportunities for patients and providers or create burdensome tracking and recordkeeping obligations for a VBE or VBE participants. We also solicit comments on whether we should apply the annual cap on a value-based arrangement basis; in other words, under each value-based arrangement, a patient could receive aggregate remuneration up to the cap (whether from one or more VBE participants in the arrangement). We are interested in comments about any negative impacts or burdens from this approach. We propose that the cap could be exceeded for certain patients who lack financial resources. Specifically, the proposed condition at 1001.952(hh)(5) provides that the aggregate retail value of patient engagement tools or supports furnished to a patient by a VBE participant may exceed $500 per year if the patient engagement tools and supports are furnished to a patient based on a good faith, individualized determination of the patient’s financial need. OIG has existing guidance related to individualized, good faith determinations of financial need in the context of cost-sharing waivers, and accounting for financial need generally aligns with an existing exception under the CMP. We are not specifying any particular method of determining financial need because we believe what constitutes ‘‘financial need’’ varies depending on the circumstances. However, it would be important for VBE participants to make determinations of financial need on a good faith, individualized, case-by-case basis in accordance with a reasonable set of income and resource guidelines E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules uniformly applied in all cases. The guidelines would need to be based on objective criteria and appropriate for the applicable locality. A patient’s medical costs and liabilities could be taken into account, among other factors, as part of the determination. We seek comments on this approach as applied to the proposed safe harbor as well as whether we should include a cap but not allow for the cap to be exceeded. We seek comments regarding whether the monetary limit imposed at 1001.952(hh)(5) is necessary and appropriate, or if alternatives that better protect patients and payors exist, such as a limitation on the frequency of such remuneration (e.g., a one-time provision of remuneration, once per year, or once per month), or a per-occurrence limitation, in place of, or in addition to, an aggregate limit. If a per occurrence limitation is desirable, we seek feedback on its amount standing alone and in relation to an aggregate cap (e.g., if the aggregate cap were to be $500 per year, should the per occurrence cap be $100, $200, or some higher or lower figure). We seek comments about, and supporting data for selecting, cap amounts. Finally, we seek comments regarding how we should treat ongoing costs associated with tools and supports (such as batteries, maintenance costs, or upgrades). j. Materials and Records Under the proposed condition at 1001.952(hh)(6), the VBE or a VBE participant would be required to make available to the Secretary, upon request, all materials and records sufficient to establish compliance with the conditions of this safe harbor. We are not proposing particular parameters regarding the creation or maintenance of documentation to allow individuals and entities the flexibility to determine what constitutes best documentation practices but welcome comments on whether particular parameters are needed. In particular, we are considering for the final rule and seek comment regarding whether we should include, in the final rule, a requirement that VBE participants retain materials and records sufficient to establish compliance with the conditions of this safe harbor for a set period of time (e.g., at least 6 years or 10 years). Were an entity to be under investigation and assert this safe harbor as a defense, it would need to be able to demonstrate compliance with each condition of the safe harbor. 5. Potential Safeguards In addition to the proposed conditions set forth above, for the VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 purposes of the proposed patient engagement and support safe harbor, we are considering and seek comment on additional potential safeguards for the final rule. We are considering and seek comment on the possible safeguards outlined below for this proposed safe harbor because many VBE participants that would avail themselves of the proposed patient engagement and support safe harbor would not be subject to governmental programmatic requirements, oversight, or monitoring comparable to CMS-sponsored models (addressed in the proposed safe harbor at 1001.952(ii)). a. Prohibition on Cost-Shifting We are considering for the final rule, and seek comment on, a condition prohibiting VBE participants from billing Federal health care programs, other payors, or individuals for the tool or support; claiming the value of the tool or support as a bad debt for payment purposes under a Federal health care program; or otherwise shifting the burden of the value of the tool or support onto a Federal health care program, other payors, or individuals. This requirement, if included in any final rule, would be designed to protect against tools and supports resulting in inappropriately increased costs to Federal health care programs, other payors, and patients. We are considering, and seek comments on, prohibiting both: (1) Directly billing any third party, including patients, for the patient engagement tool or support or any operational costs attendant to the provision of the patient engagement tools and supports; and (2) claiming the cost of the patient engagement tool or support and any operational costs attendant to the provision of patient engagement tools and supports as bad debt for payment purposes under Medicare or a State healthcare program. b. Consistent Provision of Patient Incentives We are considering for the final rule, and seek comment on, whether to require VBE participants to provide the same patient engagement tools or supports to an entire target patient population or otherwise consistently offer tools and supports to all patients satisfying specified, uniform criteria. We believe that including such a condition in the safe harbor would protect against a VBE participant targeting certain patients to receive tools and supports based on, for example, the patient’s insurance status. We solicit comments on this issue. In particular, we are interested in understanding whether this proposed safeguard would PO 00000 Frm 00037 Fmt 4701 Sfmt 4702 55729 limit certain VBE participants’ ability to offer tools and supports due to the potential cost of furnishing the tool or support to an entire target patient population rather than a smaller subset of the target patient population. Similarly, we are interested in comments explaining why offering remuneration to a smaller subset of a target patient population instead of to the entire target population would be appropriate and not increase the risk of fraud and abuse, such as the targeting of particularly lucrative patients to receive tools and supports (cherry picking) or failure to provide tools and supports to high-cost patients (lemon dropping). c. Monitoring Effectiveness We are considering adding a condition to the final rule that would require VBE participants to use ‘‘reasonable efforts’’ to monitor the effectiveness of the tool or support in achieving the intended coordination and management of care for the patient and would require the VBE or the VBE participant to have policies and procedures in place to address any identified material deficiencies. We believe that including such a condition in the safe harbor would help ensure that the tools and supports VBE participants furnish to patients achieve the stated purpose(s), and in turn, could help prevent VBE participants from offering patients engagement tools and supports that induce them to seek more, potentially unnecessary, care. We solicit comments on whether we should include such a monitoring provision and, if so, any anticipated burdens and ways OIG could minimize any burden. We would apply a facts and circumstances analysis to the ‘‘reasonable efforts’’ employed by parties under this condition, using an objective standard of reasonableness. We solicit comments on this approach. d. Retrieval of Items and Goods We are considering for the final rule and seek comment on a condition that would require offerors to engage in reasonable efforts to retrieve an item or good furnished as a tool or support in certain circumstances. For example, we are considering requiring that the offeror make reasonable efforts to retrieve the patient engagement tool or support (if it is an item or good) when the patient is no longer in the target patient population, the VBE no longer exists, or the offeror is no longer a VBE participant. This would prevent the safe harbor from being misused to protect inducements to beneficiaries that do not promote value. If we were to include such a requirement, we are considering E:\FR\FM\17OCP2.SGM 17OCP2 55730 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules setting a minimum value for the item or good above which offerors would be required to make reasonable retrieval efforts (e.g., $100, $200, $500 or a higher or lower amount). We believe such a provision would reduce the burden associated with retrieval efforts. We also are interested in comments regarding whether any retrieval requirement should be limited to tools and supports that are practicable to recover, such as those which are not fixtures or were for short-term use or an otherwise temporary benefit, and where harm to the patient or disproportionate expense to the VBE participant would not result. e. Advertising We are considering for the final rule and seek comment on a condition that would require that the VBE participant does not publicly advertise the patient engagement tool or support (to patients or others who are potential referral sources). This would prohibit advertising in the media or posting information for public display or on websites about the availability of free items or services, similar to the local transportation safe harbor, 42 CFR 1001.952(bb). Such prohibition on public advertising would inhibit the use of patient engagement tools and supports as a marketing tool, thus keeping the focus of the safe harbor on improving care coordination and management of patients’ care. We solicit comments on this potential safeguard. In particular, we are interested in comments on whether this condition would impose a barrier to the success of care coordination and value-based arrangements by restricting information available to patients about options for receiving better coordinated care. G. CMS-Sponsored Model Arrangements and CMS-Sponsored Model Patient Incentives (1001.952(ii)) OIG and CMS have jointly issued fraud and abuse waivers of certain provisions of the Federal anti-kickback statute, the physician self-referral law and, for OIG only, certain CMP law authorities for numerous payment models established and tested by CMS under section 1115A(d)(1) of the Act (pertaining to models tested by the Innovation Center) 47 and section 1899 of the Act (pertaining to the Medicare Shared Savings Program).48 Waivers 47 See, e.g., CMS, Fraud and Abuse Waivers for Select CMS Models and Programs, available at https://www.cms.gov/Medicare/Fraud-and-Abuse/ PhysicianSelfReferral/Fraud-and-AbuseWaivers.html. 48 See, e.g., 76 FR 67992 at 67992 (Nov. 2, 2011); 80 FR 66726 at 66726 (Oct. 29, 2015) (Medicare Shared Savings Program is designed to promote the VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 apply only to: (i) Arrangements described by the models and (ii) model participants and other specified individuals and entities. Further, any protection furnished by the waivers is limited in duration. Commenters to the OIG RFI generally asked us to simplify and standardize our approach to protecting CMS-sponsored model arrangements under the antikickback statute and beneficiary inducements CMP. Waivers issued to date are tailored to the particular CMS model and CMS’s design for the model, pursuant to the waiver authorities. Commenters requested that OIG promulgate regulatory protections that would provide uniformity and predictability for parties participating in CMS models. We propose to create a new antikickback statute safe harbor at 42 CFR 1001.952(ii) to: (i) Permit remuneration between and among parties to arrangements (e.g., distribution of capitated payments, shared savings or losses distributions) under a model or other initiative being tested or expanded by the Innovation Center under section 1115A of the Act and the Medicare Shared Savings Program under section 1899 of the Act (collectively, ‘‘CMSsponsored models’’) and (ii) permit remuneration in the form of incentives and supports provided by CMS model participants and their agents under a CMS-sponsored model to patients covered by the CMS-sponsored model. The objective of the proposed safe harbor is to standardize and simplify anti-kickback statute compliance for CMS-sponsored model participants in models for which CMS has determined participants should have the protection that would be afforded by this safe harbor 49 (rather than requiring participants to comply with the law as it would exist without this safe harbor) by applying uniform conditions across all models or initiatives sponsored by CMS. This proposal focuses on models under sections 1115A and 1899 of the Act; we are considering for the final rule, and solicit comments on, broadening the scope of this safe harbor to protect remuneration between and among parties to arrangements under CMS initiatives that are authorized formation of accountable care organizations that are accountable for a Medicare patient population, coordinate items and services under Parts A and B, and encourage investment in infrastructure and redesigned care processes for high-quality and efficient service delivery). 49 For example, CMS might specify in a participation agreement whether or not this safe harbor would apply to any arrangement under the CMS-sponsored model or to particular types of arrangements under the CMS-sponsored model. PO 00000 Frm 00038 Fmt 4701 Sfmt 4702 under other sections of the Act with statutory authority to waive the fraud and abuse laws. By proposing this safe harbor, we aim to simplify application of the antikickback statute and CMP authorities for individuals and entities that participate in CMS-sponsored models in a manner that is consistent with CMS’s authorities to operate and test new models and to reduce the need to issue model-bymodel waivers of fraud and abuse laws. As with fraud and abuse waivers, our goal is to accommodate CMS’s testing and operation of innovative, valuebased care delivery and payment models that CMS has determined could improve quality of care, reduce growth in costs, or both, while also including program integrity protections against fraud and abuse. To the extent that an arrangement under a CMS-sponsored model implicates the anti-kickback statute or beneficiary inducements CMP, parties within CMS-sponsored models for which we have issued fraud and abuse waivers may continue to use applicable CMS-sponsored model waivers to protect their arrangements or may choose to structure arrangements to comply with this new safe harbor or any other applicable anti-kickback statute safe harbor or CMP exception. The degree of flexibility offered by this proposed safe harbor recognizes CMS’s ability to oversee and monitor CMS-sponsored models and initiatives and to embed program integrity protections in such models and initiatives in ways that do not necessarily apply to arrangements outside the models. For this reason, this proposal does not extend to commercial and private insurance arrangements that may operate alongside, but outside, a CMS-sponsored model. However, nothing in this proposed safe harbor would prevent commercial and private insurers from implementing arrangements that cover both public and private patients; such arrangements could be structured to satisfy other proposed safe harbor protections that do not distinguish between public and private patient populations. We are proposing a number of definitions for purposes of this safe harbor. We propose to define a ‘‘CMSsponsored model party’’ as a CMSsponsored model participant or another individual or entity that the CMSsponsored model’s participation documentation specifies may enter into a CMS-sponsored model arrangement. We propose to define ‘‘participation documentation’’ for purposes of this safe harbor as the participation agreement, cooperative agreement, regulations, or model-specific E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules addendum to an existing contract with CMS that: (i) Is currently in effect, and (ii) specifies the terms of a CMSsponsored model. We propose to define a ‘‘CMSsponsored model participant’’ as an individual or entity that is subject to, and is operating under, participation documentation with CMS to participate in a CMS-sponsored model. We propose to define a ‘‘CMS-sponsored model arrangement’’ as a financial arrangement between or among CMS-sponsored model parties to engage in activities under the CMS-sponsored model and that is consistent with, and is not a type of arrangement prohibited by, the participation documentation. Finally, we propose to define a ‘‘CMS-sponsored model patient incentive’’ as remuneration that is not of a type prohibited by the participation documentation and is furnished consistent with the CMS-sponsored model by a CMS-sponsored model participant (or by an agent of the CMSsponsored model participant under the CMS-sponsored model participant’s direction and control) directly to a patient under the CMS-sponsored model. We would expect CMS to notify CMSsponsored model participants, through participation documentation, or other public means as determined by CMS, when CMS-sponsored model participants may use this safe harbor under a CMS-sponsored model. For example, CMS may specify the types of CMS-sponsored model patient incentives that a CMS-sponsored model participant may provide under the CMSsponsored model within a CMSsponsored model participation agreement. The CMS-sponsored model participant also must satisfy certain programmatic requirements imposed by CMS in connection with the use of this safe harbor. CMS also may require CMSsponsored model participants to disclose to CMS when they use this safe harbor under a CMS-sponsored model as a condition of participation in the CMS-sponsored model. If this safe harbor is finalized and CMS determines that it be made available for a CMSsponsored model, the safe harbor would not be available to protect any remuneration that does not satisfy program requirements as may be imposed by CMS on CMS-sponsored model participants. We solicit comments on these definitions. In particular, we solicit comments regarding the scope of the definition of ‘‘CMS-sponsored model patient incentive,’’ recognizing that a CMS-sponsored model participant may not always know whether a particular VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 patient is in a CMS-sponsored model at any given point in time. We are considering for the final rule and solicit comments on extending the definition of ‘‘CMS-sponsored model incentive’’ to include patients beyond those under a CMS-sponsored model or, in the alternative, defining ‘‘CMS-sponsored model patient’’ such that a CMSsponsored model participant could provide incentives to any patient (or any beneficiary) that meets the other conditions of the safe harbor. As proposed, this safe harbor would provide CMS-sponsored model parties an additional pathway to protection from sanctions under the anti-kickback statute and the beneficiary inducements CMP. An arrangement needs to meet the requirements of only one safe harbor to ensure immunity from criminal and civil prosecution under the statute. For example, CMS-sponsored model parties would be able to choose to structure an arrangement to comply with the conditions of this proposed safe harbor, the proposed value-based arrangements safe harbors (paragraphs (ee), (ff), and (gg)), the patient engagement and support safe harbor (paragraph (hh)), any other applicable existing safe harbors or exceptions, or fraud and abuse waivers issued for the CMSsponsored model. However, to ensure protection, an arrangement must meet all conditions of a particular safe harbor or waiver. We note that depending on the facts and circumstances, an arrangement may comply with fraud and abuse laws absent specific safe harbor or waiver protection. 1. Proposed Conditions for CMSSponsored Model Arrangements and CMS-Sponsored Model Patient Incentives We are proposing below important safeguards to ensure that arrangements protected by this proposed safe harbor operate as intended by the CMSsponsored models, and the CMSsponsored models are not undermined by arrangements that might lead to stinting on medically necessary care or induce inappropriate utilization. These safeguards are necessary to ensure that a CMS-sponsored model party’s financial arrangements and patient incentives are consistent with the quality, care coordination, and costreduction goals of a CMS-sponsored model and can be readily overseen by CMS and OIG. As a threshold matter, CMS would determine whether the safe harbor protection would be available for arrangements or patient incentives under the particular CMS-sponsored model. CMS may limit participation in PO 00000 Frm 00039 Fmt 4701 Sfmt 4702 55731 a CMS-sponsored model to certain providers or entities (e.g., certain CMSsponsored models may exclude pharmaceutical manufacturers from participating in a CMS-sponsored model or participating in arrangements under the CMS-sponsored model). CMS has discretion to determine the scope of entities, arrangements, or incentives that may be protected under this safe harbor on a model-by-model basis. Unlike the proposed safe harbors at 42 CFR 1001.952(ee), (ff), (gg) and (hh), which propose to exclude pharmaceutical manufacturers; manufacturers, distributors, and suppliers of DMEPOS; and laboratories from arrangements and tools and supports that would receive protection under the safe harbors, this proposed safe harbor would not exclude any entities from potential protection under the safe harbor. We do not propose any such exclusions to allow: (i) The Innovation Center the discretion to determine the scope of the models it wishes to test and expand and (ii) CMS the discretion to determine how to implement the Medicare Shared Savings Program. In addition, OIG notes that CMS-sponsored models include programmatic rules, monitoring, and oversight not present in value-based arrangements and the provision of patient tools and supports outside of such models, which may mitigate some of the fraud and abuse risks presented by the inclusion of pharmaceutical manufacturers; manufacturers, distributors, and suppliers of DMEPOS; and laboratories in such models. a. Conditions for CMS-Sponsored Model Arrangements Proposed paragraph (ii)(1) sets forth the terms for protection of certain remuneration between or among CMSsponsored model parties under a CMSsponsored model arrangement in a model for which CMS has determined that the safe harbor is available. We propose six conditions parties would need to meet to receive safe harbor protection. The first condition would require that CMS-sponsored model participants reasonably determine that the CMS-sponsored model arrangement will advance one or more goals of the CMS-sponsored model. We intend to interpret ‘‘reasonably determine’’ to mean that the activities set forth in the written agreement are fairly and verifiably anticipated to achieve at least one or more goals of the CMS-sponsored model. For example, CMS-sponsored model parties may wish to create an implementation protocol explaining the activities and evidence-based processes or guidance relied upon to develop and E:\FR\FM\17OCP2.SGM 17OCP2 55732 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules implement an arrangement that would advance a goal of a CMS-sponsored model through the CMS-sponsored model arrangement. The safe harbor would be flexible to permit parties to pursue a wide array of activities under the CMS-sponsored model; however, the arrangement must be consistent with the purposes of the CMS-sponsored model. As stated above, CMS determines the scope of its models and what is being tested. As we propose to reflect in the definition of ‘‘CMSsponsored model arrangement,’’ if an arrangement is a type of arrangement prohibited by the participation documentation, then it does not qualify as a CMS-sponsored model arrangement. If an arrangement does not qualify as a CMS-sponsored model arrangement, then it would not be protected by this safe harbor even if the CMS-sponsored model parties determined that it would advance a purpose of the CMS-sponsored model. In the second proposed condition, we specify that the exchange of value must not induce CMS-sponsored model parties or other providers or suppliers to furnish medically unnecessary items or reduce or limit medically necessary items or services furnished to CMSsponsored model patients. We believe that this is an important protection for patient safety and quality of care, and it would be consistent with every CMSsponsored model. In the third proposed condition, we are incorporating a key safeguard that we have consistently utilized in our fraud and abuse waivers to prohibit remuneration that is explicitly or implicitly offered, paid, solicited, or received in return for, or to induce or reward, any referrals or other business generated outside of the CMS-sponsored model. The fourth condition would require CMS-sponsored model parties, in advance of, or contemporaneously with the commencement of, the CMSsponsored model arrangement, to set forth the terms of the CMS-sponsored model arrangement in a signed writing. The fifth condition would require parties to the CMS-sponsored model arrangement to make available to the Secretary materials and records sufficient to establish whether the remuneration was exchanged between the parties in a manner that meets the conditions of this safe harbor. We are not proposing particular parameters regarding documentation, but rather specifying only that the writing must describe the activities to be undertaken by the CMS-sponsored model parties and the nature of the remuneration to be exchanged. Therefore, parties under a VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 CMS-sponsored model would have flexibility to determine what type of documentation would best memorialize the arrangement such that they could demonstrate safe harbor compliance to the Secretary or OIG upon request. Nothing in this proposed condition would change or alter any requirements related to documentation (or any other model feature) imposed by CMS as part of its model. Finally, we propose to include a condition requiring CMS-sponsored model participants to satisfy such other programmatic requirements as may be imposed by CMS in connection with the use of this safe harbor. Because CMS has authority to test and design models, it can also create programmatic requirements integral to testing and monitoring its model design for CMSsponsored model participants. We are proposing this condition to ensure that parties comply with any additional programmatic requirements as may be imposed by CMS related to the arrangements for which they might seek safe harbor protection. We would expect CMS to set forth these requirements within the CMS-sponsored model’s participation documentation or otherwise make such requirements publicly available. b. Conditions for CMS-Sponsored Model Patient Incentives With respect to patient incentives, the proposed safe harbor would apply to certain incentives offered by a CMSsponsored model participant or by an agent of the CMS-sponsored model participant under the CMS-sponsored model participant’s direction and control directly to a patient receiving healthcare items and services under the CMS-sponsored model that will advance one or more goals of the CMS-sponsored model. CMS would determine whether the safe harbor protection would be available for the particular CMSsponsored model. As stated above, CMS has discretion to determine which entities may avail themselves of this safe harbor or to determine the types of patient incentives CMS-sponsored model parties may provide on a modelby-model basis. We would expect CMS to notify CMS-sponsored model participants of the scope of permissible patient incentives within its participation documentation or to make such determination publicly available. If CMS determines a type of incentive is prohibited, then it would not qualify as a CMS-sponsored model patient incentive for purposes of this proposed PO 00000 Frm 00040 Fmt 4701 Sfmt 4702 safe harbor.50 Similarly, some CMSsponsored models might have their own requirements for giving patient incentives, and this proposed safe harbor would not obviate those programmatic requirements. For example, in making incentive payments to an assigned Medicare beneficiary under the ACO Beneficiary Incentive Program, ACOs are expected to satisfy the programmatic requirements governing such incentive payments at section 1899(m) of the Act and 42 CFR 425.304(c); if this safe harbor is finalized and CMS determines that it be made available for the ACO Beneficiary Incentive Program, the safe harbor would not be available for any incentive payment that does not satisfy such programmatic requirements. Depending on the goals set forth by CMS for the CMS-sponsored model, we would expect a CMS-sponsored model participant would use this safe harbor to provide its patients with free or belowfair-market-value incentives that advance the goals of the CMS-sponsored model, such as preventive care, adherence to a treatment regimen, or management of a disease or condition. The proposed protection would cover a broad range of incentives, such as, transportation, nutrition support, home monitoring technology, and gift cards, as determined by CMS through the CMS-sponsored model’s design. Certain CMS-sponsored models or future models might permit waivers of costsharing amounts (for example, copayments and deductibles) or cash incentives to certain patients to promote certain clinical goals of a CMSsponsored model. All of these patient incentives, when determined by CMS to be appropriate for the CMS-sponsored model design and not prohibited by the participation documentation, could fit within the proposed safe harbor, provided that the arrangement otherwise complies with all safe harbor conditions. We are proposing safeguards specific to the protected patient incentives. Under the proposed condition at paragraph (ii)(2)(i), the CMS-sponsored model participant must reasonably determine that the patient incentive the CMS-sponsored model participant furnishes to its patients under the CMSsponsored model will advance one or more goals of the CMS-sponsored model. As stated above, we would expect CMS to notify CMS-sponsored 50 Unlike the patient engagement and support safe harbor proposed at 1001.952(hh), under the CMSsponsored model patient incentives safe harbor, CMS would determine the types of patient incentives CMS-sponsored model parties may provide on a model-by-model basis. E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules model participants, through participation documentation, or other means as determined by CMS, when CMS-sponsored model participants may use this safe harbor under a CMSsponsored model and the types of patient incentives they may offer. CMSsponsored model participants may look to their participation documentation for potential descriptions or guidance on patient incentives that would be consistent with the goals of the CMSsponsored model. For example, the participation documentation might specify that any incentives furnished must be preventive care items or services or must advance one or more clinical goals for patients under the CMS-sponsored model by engaging him or her in better managing his or her own health. Under the second proposed condition, we propose to require that the patient incentive have a direct connection to the patient’s healthcare. We believe this condition to be consistent with the design of all CMS models and initiatives contemplated as part of this safe harbor. This condition is consistent with requirements we have imposed previously within our fraud and abuse waivers for a number of CMS-sponsored models. For the same reasons described further in our discussion of the proposed patient engagement and support safe harbor at proposed paragraph 1001.952(hh), we propose that this requirement would warrant a dual consideration: Whether a direct connection exists from a healthcare perspective and whether a direct connection exists from a financial perspective. We are not proposing specific documentation under the third condition for patient incentives offered by CMS-sponsored model participants; however, CMS-sponsored model participants must maintain documentation sufficient to establish whether the patient incentive was distributed in a manner that meets the conditions of the safe harbor. Under this proposed condition, CMS-sponsored model participants would have flexibility to determine what type of documentation would best establish whether the CMS-sponsored model patient incentive was distributed appropriately. Finally, as described above, if this safe harbor is finalized and CMS determines that it would be available for a particular CMS-sponsored model, the safe harbor would not protect remuneration that does not satisfy such programmatic requirements as may be imposed by CMS under the CMS- VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 sponsored model in connection with the use of this safe harbor. c. Duration of Protection Under our proposal, as reflected in the defined terms, the duration of safe harbor protection aligns with the duration of the participation documentation under a CMS-sponsored model. For example, the proposed definition of ‘‘CMS-sponsored model arrangement’’ specifies that the protected arrangement is to ‘‘engage in activities under the CMS-sponsored model.’’ Similarly, the proposed definition of ‘‘participation documentation’’ specifies that it is ‘‘currently in effect.’’ The CMSsponsored models, and arrangements between parties operating under CMSsponsored models, have various terms, some of which are described in a CMSsponsored model’s participation documentation. In order to meet the conditions set forth in the proposed safe harbor, the CMS-sponsored model arrangement or a CMS-sponsored model patient incentive must begin and end while the parties are operating under an existing CMS-sponsored model. The safe harbor would protect arrangements during the period under which a CMS-sponsored model participant participates in the CMSsponsored model but would not extend to protect remuneration exchanged after participation in the CMS-sponsored model ends. In some cases, certain activities associated with a CMSsponsored model may extend beyond the last performance period during which a CMS-sponsored model participant provides services under the CMS-sponsored model. For example, the participation documentation might provide for a certain period of time after a termination date or after the end of the performance period to conduct reconciliation or make final payment to providers (e.g., a shared savings distribution). This safe harbor would protect the last payment or exchange of value made by or received by a CMSsponsored model party following the final performance period that the CMSsponsored model participant that is a party to the arrangement participates in the CMS-sponsored model. We are considering each of the following options for 1001.952(ii) and may finalize one or a combination of these options: (i) Terminating protection after the end of the performance period or within a certain time period after the end of a performance period; (ii) terminating protection upon termination of the CMS-sponsored model participation documentation or within a certain period of time after that; and (iii) PO 00000 Frm 00041 Fmt 4701 Sfmt 4702 55733 until the last payment or exchange of anything of value made by a CMSsponsored model party under a CMSsponsored model occurs, even if the model has otherwise terminated. We solicit comments on whether the final rule should allow safe harbor protection for one or a combination of the above options. Similarly, we solicit comments on whether under the final rule a CMSsponsored model participant should be able to continue to provide the outstanding portion of any service to a patient if the service was initiated before its participation documentation terminated or expired. If we provide additional time under the final rule, we are interested in including conditions to prevent gaming of the length of time remuneration is provided after a CMSsponsored model participant has been terminated from a model (or the model has terminated) to protect beneficiaries from improper inducements unrelated to a CMS-sponsored model. We note that, under our proposal, patients would be able to retain any incentives received prior to the termination or expiration of the participation documentation. H. Cybersecurity Technology and Related Services (1001.952(jj)) We propose a safe harbor to protect donations of certain cybersecurity technology and related services with appropriate safeguards. We believe this proposed safe harbor could help improve the cybersecurity posture of the healthcare industry by removing a real or perceived barrier that would allow parties to address the growing threat of cyberattacks that infiltrate data systems and corrupt or prevent access to health records and other information essential to the delivery of healthcare. In recent years we have received numerous comments and suggestions urging the creation of a safe harbor to protect donations of cybersecurity technology and services.51 The digitization of the healthcare delivery system and related rules designed to increase interoperability and data sharing in the delivery of healthcare create numerous targets for cyberattacks. The healthcare industry and the technology used to deliver healthcare have been described as an interconnected ‘‘ecosystem’’ where the ‘‘weakest link’’ in the system can compromise the entire system.52 Given 51 See, e.g., OIG, Semiannual Report to Congress, Apr. 1, 2018–Sept. 30, 2018, at 84. 52 See, e.g., Health Care Industry Cybersecurity Task Force, Report on Improving Cybersecurity in the Health Care Industry, June 2017 (HCIC Task Force Report), available at https://www.phe.gov/ E:\FR\FM\17OCP2.SGM Continued 17OCP2 55734 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules the prevalence of protected electronic health information and other personally identifiable information stored within these systems, as well as the processing and transmission of this information and other critical information within a given provider’s systems as well as across the healthcare industry, the risks associated with cyberattacks may be most immediate for the ‘‘weak links’’ but have implications for the entire healthcare system. In response to the OIG RFI, we received overwhelming support for a cybersecurity technology donation safe harbor. Many commenters highlighted the increasing prevalence of cyberattacks and other threats. Commenters noted that cyberattacks pose a fundamental risk to the healthcare ecosystem and that data breaches can result in patient harm as well as high costs to the healthcare industry. Moreover, disclosures of PHI through a data breach can result in identity fraud. Relatedly, protecting Department data, systems, and beneficiaries from cybersecurity threats, and otherwise securing the exchange and use of health information technology and data, are challenges that OIG has identified in the Department’s annual Top Management and Performance Challenges for the last decade.53 The Health Care Industry Cybersecurity (HCIC) Task Force, created by the Cybersecurity Information Sharing Act of 2015 (CISA),54 was established in March 2016 and is comprised of government and private sector experts. The HCIC Task Force produced its HCIC Task Force Report in June 2017.55 The HCIC Task Force recommended, among other things, that Congress ‘‘evaluate an amendment to [the physician selfreferral law and the anti-kickback statute] specifically for cybersecurity software that would allow healthcare organizations the ability to assist physicians in the acquisition of this technology, through either donation or subsidy’’ and noted that the regulatory exception to the physician self-referral law and the safe harbor for electronic health records technology could serve as preparedness/planning/cybertf/documents/ report2017.pdf. 53 See, e.g., OIG, 2018 Top Management & Performance Challenges Facing HHS, available at https://oig.hhs.gov/reports-and-publications/topchallenges/2018/. 54 Public Law 114–113, 129 Stat. 2242. 55 HCIC Task Force Report, available at https:// www.phe.gov/preparedness/planning/cybertf/ documents/report2017.pdf. VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 a template for a new statutory exception.56 However, in general, any donation of valuable technology or services to physicians or other sources of Federal health care program referrals can pose risks of fraud or abuse that may increase as the value of the donated technology or services increases. In some respects, the fraud and abuse risks posed by the donation of cybersecurity technology or services to physicians or other healthcare providers or suppliers are similar to the risks associated with the provision of electronic health records technology because, like electronic health records technology, cybersecurity technology is inherently valuable to recipients in terms of actual cost, avoided overhead, and administrative expenses. Additionally, the types of cybersecurity technology and services are highly variable; their costs and value also vary greatly. For example, cybersecurity technology or services may consist only of anti-virus software for a single workstation in a physician’s office or it may include incident response services for several primary and specialty group practices. Further, adding robust cybersecurity technology and services may provide recipients a valuable shield from liability for fines, ransom, and litigation risk given the prevalence of cybersecurity threats to healthcare providers and breaches involving protected health information and electronic health records. Finally, responses to the OIG RFI indicate that the cost, or value, of cybersecurity technology and services has increased dramatically, to the point where some providers and suppliers are unable to adequately invest in cybersecurity measures. We believe that this proposed safe harbor would (i) minimize the risks inherent in any type of valuable remuneration between referral sources and (ii) remove an actual or perceived barrier that will allow the healthcare industry to take additional action to mitigate the risks posed by cybersecurity threats. Specifically, we believe this proposed safe harbor would promote increased security for interconnected and interoperable healthcare information technology systems without protecting arrangements that either serve as marketing platforms or inappropriately influence clinical decision-making. This proposed safe harbor would protect certain cybersecurity donations. CMS is proposing a similar exception to the physician self-referral law. We coordinated closely with CMS to ensure 56 Id. PO 00000 at 27. Frm 00042 Fmt 4701 Sfmt 4702 as much consistency as possible between our proposed safe harbor and CMS’s proposed exception, despite the differences in the respective underlying statutes. Because of the close nexus between this proposed rule and CMS’s proposed rule, we may consider and take additional actions based on comments submitted in response to CMS’s proposed rule in addition to those submitted in response to this rulemaking, if warranted. We propose to protect nonmonetary remuneration in the form of certain types of cybersecurity technology and services. Specifically, as explained below, we propose to define ‘‘cybersecurity’’ to mean ‘‘the process of protecting information by preventing, detecting, and responding to cyberattacks.’’ We propose to include within the scope of covered technology, ‘‘any software or other types of information technology, other than hardware.’’ In an effort to foster beneficial cybersecurity donation arrangements without permitting arrangements that negatively impact beneficiaries of Federal health care programs, this safe harbor would impose a number of conditions on cybersecurity donations, as set forth below. Most notably, the first proposed condition of the safe harbor requires the donation to be necessary and used predominantly to implement and maintain effective cybersecurity. We also have included an alternative proposal for an additional, optional condition to this proposed safe harbor. The optional condition imposes an additional safeguard that parties can satisfy in exchange for protecting certain cybersecurity hardware. 1. Definitions We propose two definitions at 1001.952(jj)(6): ‘‘cybersecurity’’ and ‘‘technology.’’ These definitions are integral to understanding the conditions of the safe harbor, so we first elaborate on the definitions. For purposes of this safe harbor, we propose to define the terms ‘‘cybersecurity’’ and ‘‘technology’’ as follows: • ‘‘Cybersecurity’’ means the process of protecting information by preventing, detecting, and responding to cyberattacks. • ‘‘Technology’’ means any software or other types of information technology, other than hardware. This proposed definition of ‘‘cybersecurity’’ is derived from the National Institute for Standards and Technology (NIST) ‘‘Framework for E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules Improving Critical Infrastructure.’’ 57 We intend for the definition to be broad and propose to rely on a definition in a NIST framework that does not apply directly to the healthcare industry but applies generally to any United States critical infrastructure. Our goal is to broadly define cybersecurity and avoid unintentionally limiting donations by relying on a narrow definition or a definition that might become obsolete over time. We solicit comment on this approach and whether a definition tailored to the healthcare industry would be more appropriate. Similarly, the proposed definition of ‘‘technology’’ is broad, but for the exclusion of hardware. The intent of the safe harbor is to be agnostic to specific types of non-hardware cybersecurity technology. We intend for this safe harbor to be broad enough to include cybersecurity software and other information technology (e.g., an Application Programming Interface (API), which is neither software nor a service as those terms are generally used) that is available now and technology that may become available as the industry continues to develop. The proposed definition of ‘‘technology’’ excludes hardware under this new safe harbor. While we recognize that effective cybersecurity may require hardware that meets certain standards (e.g., encrypted endpoints, updated servers), we remain concerned that donations of valuable, multifunctional hardware pose a higher risk of constituting a disguised payment for referrals. Consistent with the proposed condition at 1001.952(jj)(1), we believe that donations with multiple uses outside of cybersecurity present a greater risk that the donation is being made to influence referrals. Hardware is most likely to be multifunctional and, as a result, would not be necessary and used predominantly to implement and maintain effective cybersecurity. For example, the safe harbor would not protect a laptop computer or tablet used in the general course by a physician to enter patient visit information into an electronic health record and respond to emails. However, it would protect encryption software for a laptop. This also is consistent with a similar exclusion of hardware in the electronic health record donation safe harbor at 1001.952(y), which identifies a similar rationale for excluding hardware from protection.58 We solicit comments on this approach. 57 Appendix B, Version 1.1 (Apr. 16, 2018) available at https://nvlpubs.nist.gov/nistpubs/ CSWP/NIST.CSWP.04162018.pdf. 58 71 FR 45110, 45120 (Aug. 8, 2006). VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 As we describe below, however, we are not proposing a requirement for recipients to contribute a portion of the donor’s costs. Consistent with the HCIC Task Force Report, we recognize that many providers do not have adequate resources to significantly invest in the cybersecurity items and services protected by this proposed safe harbor. Consequently, we believe that omitting a contribution requirement may allow providers with limited resources to receive protected cybersecurity donations while also using their own resources to invest in other technology not protected by the safe harbor, such as updating legacy hardware that may pose a cybersecurity risk, or simply investing in their own computers, phones, and other hardware that are core to their businesses, notwithstanding their relationship with a donor who contributes cybersecurity technology. We solicit comments on excluding donations of hardware from this safe harbor and the omission of a contribution requirement, and in particular, any specific cybersecurity risks or limitations that would result from such exclusion and omission. We are considering for the final rule adding limited protection for specific hardware that is necessary for cybersecurity, is stand-alone (i.e., is not integrated within multifunctional equipment), and serves only cybersecurity purposes (e.g., a twofactor authentication dongle), and solicit comments on what types of hardware might qualify and whether we should protect them under this safe harbor. Finally, we note that this proposed safe harbor only protects cybersecurity technology and services as defined. It does not extend to other types of cybersecurity measures outside of technology or services. For example, this safe harbor would not protect donations of installation, improvement, or repair of infrastructure related to physical safeguards, even if they could improve cybersecurity (e.g., upgraded wiring or installing high security doors). Donations of infrastructure upgrades are extremely valuable and have multiple benefits in addition to cybersecurity, together which pose an increased risk that one purpose of the donation is to pay for or influence referrals. 2. Conditions on Donation and Protected Donors To be protected non-monetary remuneration, donations of cybersecurity technology and services must meet five conditions in 1001.952(jj)(1)–(5). The first two conditions relate to the purpose of the donation and prohibit donors taking PO 00000 Frm 00043 Fmt 4701 Sfmt 4702 55735 into account the volume or value of referrals or other business generated. First, at 1001.952(jj)(1), we propose to limit safe harbor protection to donated technology and services that are necessary and used predominantly to implement and maintain effective cybersecurity. The goal of this condition is to ensure that donations are being made for the purposes of addressing legitimate cybersecurity needs of donors and recipients. Explained differently, the core function of the donated technology or service must be to protect information by preventing, detecting, and responding to cyberattacks. Our intent is to protect a wide range of technology and services that are specifically donated for the purpose of, and are necessary for, ensuring that donors and recipients have effective cybersecurity. As stated previously, our intent is to be technology agnostic, including as to the types and versions of software that can receive protection. By way of example, the types of technology protected by this safe harbor may include, but are not limited to, software that provides malware prevention, software security measures to protect endpoints that allow for network access control, business continuity software that mitigates the effect of cyberattacks, data protection and encryption, and email traffic filtering. We believe these examples are indicative of the types of technology that are necessary and used predominantly for effective cybersecurity. We also do not distinguish between cloud-based software or software that must be installed locally. We solicit comments on the proposed breadth of protected technology as well as whether we should expressly include other technology or categories of technology in this safe harbor. Similarly, we propose to protect a broad range of services. Such services could include, for example: • Any services associated with developing, installing, and updating cybersecurity software; • any kind of cybersecurity training services, such as training recipients on how to use the cybersecurity technology, how to prevent, detect, and respond to cyber threats, and how to troubleshoot problems with the cybersecurity technology (e.g., ‘‘help desk’’ services specific to cybersecurity); • any kind of cybersecurity services for business continuity and data recovery services to ensure the recipient’s operations can continue during and after a cyberattack; • any kind of ‘‘cybersecurity as a service’’ model that relies on a third- E:\FR\FM\17OCP2.SGM 17OCP2 55736 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules party service provider to manage, monitor, or operate cybersecurity of a recipient; • any services associated with performing a cybersecurity risk assessment or analysis, vulnerability analysis, or penetration test; or • any services associated with sharing information about known cyber threats, and assisting recipients responding to threats or attacks on their systems. We believe these types of services are indicative of the types of services that are necessary and used predominantly for effective cybersecurity. We solicit comments on the proposed breadth of protected services as well as whether we should expressly include other services or categories of services in this safe harbor. We note, in addition, that the donation of services must be nonmonetary. For example, donating the time of a consultant to implement a cybersecurity program could be protected, but if an entity were to experience a cyberattack that involved ransomware, payment of the ransom amount on behalf of a recipient or paying the recipient the ransom amount would not be protected. We do not intend to protect donations of technology or services that have multiple, general uses outside of cybersecurity. As explained in our discussion of the definition of ‘‘hardware’’ above, we remain concerned that donations of valuable multi-use technology or services pose a higher risk of constituting a disguised payment for, or otherwise influencing, referrals. Similarly, we do not intend to protect donations of technology or services that are otherwise used in the normal course of the recipient’s business (e.g., general help desk services related to use of a practice’s information technology). We solicit comment on this approach and whether this proposed condition unintentionally limits the donation of cybersecurity technology and services that are vital to improving the cybersecurity posture of the healthcare industry. For the purposes of meeting the proposed condition at 1001.952(jj)(1), we are considering for the final rule, and seek comment on, whether to add a deeming provision that would allow donors or recipients to demonstrate that donations are necessary and predominantly used to implement and maintain effective cybersecurity. This deeming provision would allow donors and recipients to demonstrate that the donation furthers a recipient’s ability to comply with a written cybersecurity program that reasonably conforms to a widely recognized cybersecurity framework or set of standards, such as VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 one developed or endorsed by NIST, another American National Standards Institute-accredited standards body, or an international voluntary standards body such as the International Organization for Standardization. Any such provision would not require compliance with a particular framework or set of standards, but rather would provide an option for donors to demonstrate that the donation is necessary and predominantly used to implement and maintain effective cybersecurity. We believe such a provision may provide some assurance to donors and recipients about how to demonstrate that donations are necessary and predominantly used to implement and maintain effective cybersecurity. If we were to finalize this deeming provision, we would add a sentence to 1001.952(jj)(1) that would deem a donation to meet this condition if the parties demonstrate that the donation furthers a recipient’s ability to comply with a written cybersecurity program that reasonably conforms to a widely recognized cybersecurity framework or set of standards. We solicit comments on incorporating this proposed deeming provision in 1001.952(jj)(1). Regarding this proposed deeming provision, we also solicit comments on how donors and recipients could practically demonstrate that a donation furthers a recipient’s ability to comply with a written cybersecurity program that reasonably conforms to a widely recognized cybersecurity framework or set of standards. We are not proposing to condition protection on demonstrating compliance with a specific framework or set of standards, but we seek to provide a practical method that allows parties to demonstrate that a donation meets the potential deeming provision we are considering for 1001.952(jj)(1). Understanding that our intent is not to incorporate a specific framework or set of standards, we seek comments on whether there are other ways that parties could reliably demonstrate that a donation meets the potential cybersecurity deeming provision in 1001.952(jj)(1). For instance, we are interested in comments regarding whether parties could demonstrate that a donation meets the cybersecurity deeming provision through documentation, certifications, or other methods not prescribed by regulation. Second, at 1001.952(jj)(2), we propose to require that donors do not directly take into account the volume or value of referrals or other business between the parties when determining the eligibility of a potential recipient for the PO 00000 Frm 00044 Fmt 4701 Sfmt 4702 technology or services, or the amount or nature of the technology or services to be donated. In addition, we propose that donors do not condition the donation of technology or services, or the amount or nature of the technology or services to be donated, on future referrals. In other words, we propose that a donor cannot require, explicitly or implicitly, that a recipient either refer to the donor or recommend the donor’s business as a condition of receiving a cybersecurity donation. We understand that the purpose of donating cybersecurity technology and services is to guard against threats that come from interconnected systems, and we understand and expect that a donor would provide the cybersecurity technology and services only to individuals and entities that connect to its systems, which includes those that refer to it (or that receive referrals from it). However, this condition would restrict a donor from conditioning the donation on referrals or other business generated.59 This proposed condition would not require a donor to donate cybersecurity technology and services to every individual or entity that connects to its system. Donors would be able to use selective criteria for choosing recipients, provided that neither a recipient’s eligibility, nor the amount or nature of the cybersecurity technology or services donated, is determined in a manner that directly takes into account the volume or value of referrals or other business generated between the parties. For example, a donor could perform a risk assessment of a potential recipient (or require a potential recipient to provide the donor with a risk assessment) before determining whether to make a donation, or the scope of a donation. Similarly, for example, if a donor is a hospital, the hospital might choose to limit donations to physicians who are on the hospital’s medical staff. Additionally, selective criteria might be based on the type of connection between a donor and recipient, such as a simple read-only connection to a properly implemented, standards-based API that enables only the secure transmission of a copy of the patient’s record at the patient’s request to the recipient. That type of connection poses less risk to a donor’s systems than a connection that allows for information to be written directly into the donor’s systems. Thus, a donor contemplating allowing a higher-risk connection (such as a bi-directional read-write 59 We note that, if a system is only as strong as its weakest link, then even a very low-referring entity poses a cybersecurity risk. E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules connection) to a potential recipient’s systems could develop selective criteria based on that difference in risk of the connection. We solicit comments on this condition. We have declined to propose a list of selection criteria which, if met, would be deemed not to directly take into account the volume or value of referrals or other business generated between the parties, as we did in the electronic health records safe harbor at 1001.952(y)(5). We do not believe donations of cybersecurity technology and services present the same types of risks as donations of electronic health records software and information technology. Primarily, cybersecurity donations are further removed from the volume and value of referrals than electronic health record donations. Cybersecurity donations, if legitimate, are more likely to be based on considerations such as security risks and are less likely to be based on considerations that are closely related to the volume and value of referrals or other business generated (e.g., the total number of prescriptions written by the recipient). Therefore, we do not believe that cybersecurity donations need a similar list of selection criteria to ensure that parties can meet the volume or value condition at 1001.952(jj)(2). Nonetheless, we are considering whether to add such a list in the final rule and whether the list should be based on the permitted conduct at 1001.952(y)(5)(i)–(vii). We solicit comments on this approach and any other conditions or permitted conduct we should enumerate in this safe harbor, with respect to determinations related to cybersecurity donations. Related to these two conditions, we do not propose to restrict the types of individuals and entities that may donate cybersecurity donations under this safe harbor. Although donating cybersecurity technology and services would relieve a recipient of a cost that it otherwise would incur, the fraud and abuse risks associated with cybersecurity are different than donations of other valuable technology, such as electronic health records items and services. We generally view donating cybersecurity technology and services to be a selfprotective measure because a cybersecurity breach in the donor’s system can have a devastating impact on the donor and anyone who maintains a connection to the donor’s systems. Meanwhile, electronic health record donations facilitate the exchange of clinical information between the recipient referral source and the donor and, thus, present a greater risk that one purpose of the donation is for the donor VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 to secure additional referrals from the recipient or otherwise influence referrals or other business generated. We are concerned that technology donations risk referral sources becoming beholden to the donors, and therefore we are considering narrowing the scope of protected donors as we have done in other safe harbors. We solicit comments on whether particular types of individuals and entities should be excluded from donating cybersecurity technology and services, and if so, why. Specifically, in past rulemakings we have distinguished between individuals and entities with direct and primary patient care relationships that have a central role in the healthcare delivery infrastructure such as hospitals and physician practices, and providers and suppliers of ancillary services such as pharmaceutical, device, and DMEPOS manufacturers, and other manufacturers or vendors that indirectly furnish items and services used in the care of patients.60 We seek comments as to whether our historical enforcement concerns and other considerations regarding direct and indirect patient care are present for purposes of cybersecurity donations. 3. Conditions for Recipients In proposed 1001.952(jj)(3), similar to the condition at (jj)(2) on donors discussed previously, this proposed condition would require that neither a potential recipient, nor a potential recipient’s practice (or any affiliated individual or entity), can demand, explicitly or implicitly, a donation of cybersecurity technology and services as a condition of doing business or continuing to do business with the donor. We do not propose a recipient contribution requirement as part of this safe harbor. As we explain above, with this proposed safe harbor we seek to remove a barrier to donations that improve cybersecurity throughout the healthcare industry in response to the critical cybersecurity issues identified in the HCIC Task Force Report and elsewhere. We propose to include only those conditions for safe harbor 60 See OIG, Final Rule: Safe Harbors for Certain Electronic Prescribing and Electronic Health Records Arrangements Under the Anti-Kickback Statute, 71 FR 45110, 45128 (Aug. 8, 2006) (excluding pharmaceutical, device, DMEPOS manufacturers, or other entities that indirectly furnish items and services used in the care of patients both because ‘‘[our] enforcement experience demonstrates that unscrupulous manufacturers have offered remuneration in the form of free goods and services to induce referrals of their products’’ and because they lack ‘‘a direct and central patient care role that justifies safe harbor protection for the provision of electronic health records technology’’). PO 00000 Frm 00045 Fmt 4701 Sfmt 4702 55737 protection that we believe are critical to guarding against fraud and abuse. In the case of cybersecurity, we do not believe a specified recipient contribution to the cost is necessary or practical. We recognize that the level of services for each recipient might vary, and might be higher or lower each year, each month, or even each week. Similarly, donors may aggregate the cost of certain services across all recipients, such as cybersecurity patches and updates, on a regular basis, which may result in a contribution requirement becoming a barrier to widespread, low-cost improvements in cybersecurity because of the practical challenges in collecting a contribution from recipients. For instance, attempting to quantify the value of a frequent cybersecurity scans included in a vendor’s suite of services as part of a cybersecurity donation, across dozens of recipient practices, and determining the pro rata share each practice must contribute based on the size of the practice as well as the relative size of the donation made to each practice, might become unworkable for many donors. Importantly, we note that our proposal to omit a contribution requirement as a condition of the safe harbor does not prohibit donors from requiring a contribution. Donors are free to require recipients to contribute to the cost, so long as the determination of a contribution requirement does not take into account the volume or value of referrals between the parties. For example, if a donor gave a full suite of cybersecurity technology and services for free to a high-referring practice but required a low-referring practice to contribute 20 percent of the cost, then the donor could violate the conditions at proposed paragraphs (jj)(2)(i) and (ii). In addition, we do not intend for this safe harbor to require that donations be solely between two parties. For example, two hospitals and a large multi-specialty physician practice might agree to jointly subsidize cybersecurity technology and services for smaller physician practices in their area. We do not propose to impose restrictions on the type of individual or entity that can receive donations of cybersecurity technology or related services. We note that, because we do not propose to restrict the scope of protected recipients under this safe harbor, we believe patients would be included as protected recipients. Donations to patients, just like other recipients, would only be protected if they precisely met all conditions of the safe harbor. As discussed previously, donations of multifunctional technology or services would not be protected E:\FR\FM\17OCP2.SGM 17OCP2 55738 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules because all cybersecurity donations must be necessary and used predominately to implement and maintain effective cybersecurity. We anticipate that donations to patients would be more limited than donations to healthcare providers and suppliers (e.g., anti-malware tools). However, we solicit comments on what types of cybersecurity technology or services a donor might anticipate giving to a patient, whether we would need additional or different safeguards when a patient is the recipient, and whether patients should be protected recipients at all under the safe harbor. More specifically, we solicit comments on whether we should include additional conditions for donations of cybersecurity technology services to patient recipients that are similar to the beneficiary inducements CMP’s exceptions under 42 CFR 1003.110. For example, we are considering whether cybersecurity technology or service donations to patients should not be offered as part of any advertisement or solicitation or not be tied to the provision of other items or services reimbursed in whole or in part by the Medicare program under Title VIII or a State health care program (as defined in section 1128(h) of the Act). 4. Written Agreement At 1001.952(jj)(4), we propose to require that the donor and recipient enter into a signed, written agreement. While we do not interpret this condition to require every item of cybersecurity technology and every potential service to be specified in the agreement, we propose that the written agreement must include a general description of the cybersecurity technology and services to be provided over the term of the agreement and a reasonable estimate of the value of the donation. In addition, to the extent the parties share any financial responsibility for the cost of the cybersecurity technology and services, those financial terms, including the amount of the contribution, must be memorialized in the written agreement. We solicit comments on the conditions proposed here, as well as whether additional or different terms should be required in a written agreement. 5. Prohibition on Cost Shifting At 1001.952(jj)(5), we propose to prohibit donors from shifting the costs of any cybersecurity donations to Federal health care programs. For example, under this proposed condition, while a hospital’s own cybersecurity costs could be an administrative expense on its cost VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 report, donations of cybersecurity technology or services to other individuals or entities could not be included as an administrative expense on the hospital’s cost report. 6. Alternative Proposed Condition for Protection of Cybersecurity Hardware We also propose and solicit comments on an alternative approach that would add an additional, optional safeguard to the proposed cybersecurity safe harbor. This alternative approach would protect cybersecurity hardware donations if the parties choose to meet an additional condition, along with the other five conditions proposed at 1001.952(jj)(1)– (5). Under this alternative proposal, a protected donation could also include cybersecurity hardware that a donor has determined is reasonably necessary based on a risk assessment of its own organization and that of the potential recipient. The goal of this alternate proposal is to provide donors and recipients more flexibility regarding the types of cybersecurity donations that are protected, while also adding an additional safeguard to further ensure that the donation is necessary and used predominantly to implement and maintain effective cybersecurity. We believe this alternative proposal builds on existing legal requirements and best practices related to information security generally and the healthcare industry more specifically. For example, the HHS Office for Civil Rights explained that conducting a risk analysis is the first step in identifying and implementing safeguards that comply with and carry out the standards and implementation specifications in the HIPAA Security Rule.61 More generally, NIST Special Publication 800–30, which does not directly apply to the healthcare industry, but represents industry standards for information security practices, explains that the purpose of a risk assessment is to inform decision makers and support risk responses by identifying: (i) Relevant threats to organizations or threats directed through organizations against other organizations; (ii) vulnerabilities both internal and external to organizations; (iii) impact (i.e., harm) to organizations that may occur given the potential for threats exploiting vulnerabilities; and (iv) likelihood that harm will occur. The end result is a determination of risk, which is typically a function of the 61 HIPAA for Professionals, Guidance on Risk Analysis (Mar. 2017), available at https:// www.hhs.gov/hipaa/for-professionals/security/ guidance/guidance-risk-analysis/index.html. PO 00000 Frm 00046 Fmt 4701 Sfmt 4702 degree of harm and likelihood of harm occurring.62 Risk assessments are a key component to developing effective organizationwide risk management for information security. We believe that risk assessments conducted consistent with industry standards would provide a reasonable basis for donors to identify risks and threats to their organizational information security that need to be mitigated by donating cybersecurity hardware to other entities. Additionally, donations that are made in response to risk assessments are likely to meet the purpose of this safe harbor that donations are necessary and used predominantly to implement and maintain effective cybersecurity. Under this proposal, a donor would perform or have an existing risk assessment for its own organization, and would require a potential recipient to have, perform, or obtain a risk assessment, that would provide a reasonable basis to determine that the donated cybersecurity hardware is needed to address a risk or threat identified by a risk assessment. Consistent with the HCIC Task Force Report and comments we received in response to the OIG RFI, we recognize that ‘‘[m]any organizations cannot afford to retain in-house information security personnel, or designate an information technology (IT) staff member with cybersecurity as a collateral duty.’’ Understanding that resource constraint, one goal of this safe harbor is to increase the avenues available for all healthcare organizations to improve their cybersecurity practices. We believe protecting a cybersecurity hardware donation based on the risk assessment of a recipient would further the goal of increasing the avenues available to improve cybersecurity for all healthcare entities, regardless of their available resources. We recognize that a potential recipient with limited resources and cybersecurity experience may not be able to conduct or pay for its own risk assessment. As noted above, one cybersecurity service that would be a protected donation under the proposed safe harbor is a risk assessment. Under the alternative proposal, donors could then make additional cybersecurity hardware donations that are reasonably based on the risk assessments of the donor and recipients. We recognize that risk assessment practices vary across the healthcare industry and may be depend on the size 62 NIST Special Publication 800–30 Revision 1, Guide for Conducting Risk Assessments (Sept. 2012), available at https://nvlpubs.nist.gov/ nistpubs/legacy/sp/nistspecialpublication80030r1.pdf. E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules and sophistication of any provider or entity. We solicit comments on this alternative proposal to understand whether entities that are potential donors or recipients already conduct risk assessments that would provide a reasonable basis to determine that a cybersecurity hardware donation is reasonable and necessary. We would propose to define ‘‘risk assessment’’ based on NIST Special Publication 800– 30 and solicit comment on whether that definition is sufficient for this cybersecurity donation safe harbor. Additionally, we solicit comments on whether this proposal should incorporate specific standards or requirements, such as NIST Special Publication 800–30. We are considering for the final rule, and seek comment on, adding safeguards to this alternate proposal. For instance, we are considering limiting the additional cybersecurity hardware permitted under the alternative proposal to certain kinds of hardware. We are interested in comments, particularly from providers, that explain what types of hardware would be necessary for effective cybersecurity under this alternate proposal. We note that because this alternate proposal builds upon the proposed conditions at proposed 1001.952(jj)(1)–(5), multifunctional hardware still would be prohibited because it would not be necessary and predominantly used to implement and maintain effective cybersecurity, as required under proposed 1001.952(jj)(1). If the donation includes hardware, we are also considering requiring a contribution from the recipient, similar to the electronic health records safe harbor at 1001.952(y)(11), and we are considering requiring the contribution amount to be 15 percent. We are interested in comments on this approach, and whether we should consider other contribution amounts instead, such as 5 percent, or 20 or 30 percent. If we add this contribution requirement, we are considering excepting small and rural practices, and we are interested in comments on this approach. Relatedly, we solicit comments on how ‘‘small or rural practices’’ should be defined. For example, we solicit comments on whether ‘‘rural practices’’ should be defined as those located in rural areas, as defined in the safe harbor for local transportation at 42 CFR 1001.952(bb). We also solicit comments on whether ‘‘small practices’’ should be defined as those in medically underserved areas, as designated by the Secretary under section 330(b)(3) of the Public Health Service Act, or defined similarly to a VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 ‘‘small provider of services or small supplier’’ as set forth in the requirements related to the electronic submission of Medicare claims at 42 CFR 424.32. We also are considering for the final rule and solicit comments on whether other subsets of potential recipients, for example critical access hospitals, should be exempted from the 15-percent contribution requirement because it would impose a significant financial burden on the recipient. Additionally, if a contribution requirement is included in the final rule, we are considering exempting contributions for the upgrades, updates, or patches of remuneration that was previously donated. Based on our experience with the electronic health records arrangements safe harbor, we recognize the practical challenges in collecting contributions from recipients for minor upgrades, updates, and patches that are necessary to keep the donated technology compliant with new security policies. If we were to finalize this alternate proposal, we would modify the proposed safe harbor by adding new conditions and a definition in the safe harbor. Primarily, we would add a new condition that would require a donor to perform or have an existing risk assessment for its own organization, and require a potential recipient to have, perform, or obtain a risk assessment, that provides a reasonable basis to determine that the donated cybersecurity hardware is needed to address a risk or threat identified by the donor’s and recipient’s risk assessments. We also would add definitions of hardware and risk assessment in proposed 1001.952(jj)(6). 7. Solicitation of Comments The goal of the proposed safe harbor is to help improve the cybersecurity posture of the healthcare industry by removing a real or perceived barrier. To achieve this goal, we must appropriately balance the risk of cybersecurity threats against risks associated with permitting parties to donate valuable technology and services. In doing so, we recognize that cyberattacks are ubiquitous, dynamic, potentially funded by nationstates or well-funded criminal enterprises, and can have consequences to beneficiary health, safety, and privacy that are difficult to mitigate. To help improve the cybersecurity hygiene of the healthcare industry without comprising program integrity, it is important that we strike the right balance. We drafted the proposed safe harbor with this aim in mind, but we recognize that appropriately balancing these risks PO 00000 Frm 00047 Fmt 4701 Sfmt 4702 55739 is a difficult task. We solicit comment on whether the proposed safe harbor establishes the right balance and if not, request comments that recommend specific changes to do so. Commenters should consider the safe harbor in its entirety, including the proposed conditions, optional deeming provision, alternate condition, and definitions when commenting on this issue. We are especially interested in comments from healthcare providers because they both bear the cybersecurity risks and likely have relevant compliance experience with other safe harbors. To facilitate specific comments on this issue, we ask the following questions: Does the proposed condition at 1001.952(jj)(1) permit the donation of the right types of cybersecurity technology and services that could meaningfully improve the cybersecurity posture of the healthcare industry while also ensuring that the donated technology and services do not pose undue risk of improperly influencing referrals? If not, what other standard or limitation would be appropriate to strike the right balance between cybersecurity risks and program integrity risks? Does excluding hardware from the definition of ‘‘technology’’ further our aim of balancing cybersecurity risks with the program integrity risks? If not, what other conditions should we impose to limit the value of remuneration protected by the proposed safe harbor, so it does not improperly influence referrals? For example, should the safe harbor impose a monetary value limit on the total amount of donations that a donor can make to a recipient or should the safe harbor require the recipient to contribute to the costs of a donation once the value has exceeded certain monetary thresholds? I. Electronic Health Records (1001.952(y)) On August 8, 2006, we published a final rule (the 2006 Final EHR Safe Harbor Rule) that, among other things, finalized a safe harbor (the EHR safe harbor) at 42 CFR 1001.952(y) protecting certain arrangements involving the donation of interoperable electronic health records software or information technology and training services. The EHR safe harbor was initially scheduled to sunset on December 31, 2013. On December 27, 2013, we published a final rule (the 2013 Final EHR Safe Harbor Rule) modifying the EHR safe harbor by, among other things, extending the expiration date of the safe harbor to December 31, 2021; excluding laboratory companies from the types of entities that may donate electronic E:\FR\FM\17OCP2.SGM 17OCP2 55740 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules health records items and services under the safe harbor; and updating the provision under which electronic health records software is deemed interoperable. The present proposed rule sets forth certain proposed changes to the EHR safe harbor. CMS is proposing almost identical changes to the physician selfreferral law electronic health records exception elsewhere in this issue of the Federal Register. We attempted to ensure as much consistency as possible between our proposed safe harbor changes and CMS’s proposed exception changes, despite the differences in the respective underlying statutes. Because of the close nexus between this proposed rule and CMS’s proposed rule, we may consider comments submitted in response to CMS’s proposed rule and take additional actions when crafting our final rule. 1. Interoperability The conditions at 1001.952(y)(2) and (y)(3) require donated items and services to be interoperable and prohibit the donor (or someone acting on the donor’s behalf) from taking action to limit the interoperability of the donated item or service. We are proposing changes that impact 42 CFR 1001.952(y)(2) and (3) based on the 21st Century Cures Act (Cures Act) and the Office of the National Coordinator for Health Information Technology (ONC), HHS Notice of Proposed Rulemaking ‘‘21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program’’ (ONC NPRM) that proposes to implement key provisions in Title IV of the Cures Act.63 Among other things, the ONC NPRM proposes conditions and maintenance of certification requirements for health information technology (health IT) developers under the ONC Health IT Certification Program (certification program) and reasonable and necessary activities that do not constitute information blocking for purposes of section 3022(a)(1) of the Public Health Service Act (PHSA). These proposed changes, if finalized, affect the EHR safe harbor conditions at 1001.952(y)(2), which is known as the ‘‘deeming provision,’’ and 1001.952(y)(3) related to interoperability and ‘‘data lock-in.’’ 2. Deeming The deeming provision provides certainty to parties seeking protection of the EHR safe harbor by providing an optional method of ensuring that donated items or services meet the 63 84 FR 7424 (Mar. 4, 2019). VerDate Sep<11>2014 20:24 Oct 16, 2019 interoperable condition in 1001.952(y)(2) by deeming software to be interoperable if it is certified under the certification program. In the 2013 Final EHR Safe Harbor Rule we modified the deeming provision to reflect developments in the certification program and track ONC’s anticipated regulatory cycle. By relying on the certification program and related updates of criteria and standards, we stated that the deeming provision would meet ‘‘our objective of ensuring that software is certified to the current required standard of interoperability when it is donated.’’ 64 We propose to retain this general construct for the updated safe harbor. However, we propose two textual clarifications to this provision. Current language specifies that the software is ‘‘deemed to be interoperable if, on the date it is provided to the recipient, it has been certified by a certifying body . . . .’’ We propose to modify this language to clarify that, on the date the software is provided, it ‘‘is’’ certified. In other words, the certification must be current as of the date of the donation, as opposed to the software having been certified at some point in the past but no longer maintaining certification on the date of the donation. We also propose to remove reference to ‘‘editions’’ of certification criteria to align with proposed changes to the certification program. We solicit comments on these clarifications. As we describe in more detail below, however, we are updating the definition of ‘‘interoperable.’’ Although this revised definition would not require a textual change to this paragraph (y)(2), the revision would impact the deeming provision, and we solicit comments regarding this update. 3. Information Blocking The current condition at 1001.952(y)(3) prohibits the donor (or any person on the donor’s behalf) from taking any action to limit or restrict the use, compatibility, or interoperability of the items or services with other electronic prescribing or electronic health records systems (including, but not limited to, health information technology applications, products, or services). As explained in the 2006 Final EHR Safe Harbor Rule and reaffirmed in the 2013 Final EHR Safe Harbor Rule, 1001.952(y)(3) has been designed to: (i) Prevent the misuse of the safe harbor that results in data and referral lock-in and (ii) encourage the free exchange of data (in accordance 64 78 Jkt 250001 PO 00000 FR 79201, 79204 (Dec. 27, 2013). Frm 00048 Fmt 4701 Sfmt 4702 with protections for privacy).65 Since that time, significant legislative, regulatory, policy, and other Federal Government action defined this problem further (now commonly referred to as ‘‘information blocking’’) and established penalties for certain types of individuals and entities that engage in information blocking. Most notably, the 21st Century Cures Act added section 3022 of the PHSA, known as ‘‘the information blocking provision,’’ which defines conduct by healthcare providers, health IT developers of certified health IT, exchanges, and networks that constitutes information blocking. Section 3022(a)(1) of the PHSA defines ‘‘information blocking’’ in broad terms, while section 3022(a)(3) authorizes and charges the Secretary to identify reasonable and necessary activities that do not constitute information blocking. The ONC NPRM would implement the statutory definition of ‘‘information blocking,’’ define certain terms related to the statutory definition of ‘‘information blocking,’’ and proposes seven exceptions to the information blocking definition.66 We propose modifications to 1001.952(y)(3) to recognize these significant updates since the 2013 Final EHR Safe Harbor Rule. Specifically, we propose aligning the condition at 1001.952(y)(3) with the proposed information blocking definition and related exceptions in 45 CFR part 171. We note that the EHR safe harbor conditions, while not using the term ‘‘information blocking,’’ already include concepts similar to those found in the 21st Century Cures Act’s prohibition on information blocking. For example, we were concerned about donors (or those on the donor’s behalf) taking steps to limit the interoperability of donated software to lock in or steer referrals, which is prohibited by the anti-kickback statute.67 These proposed modifications are not intended to change the purpose of this condition, but instead further our longstanding goal of preventing abusive arrangements that lead to information blocking and referral lock-in through updated understandings of those concepts established in the 21st Century Cures Act.68 65 78 FR 79213 (Dec. 27, 2013). FR at 7602–05. 67 See Implementation of the 21st Century Cures Act: Achieving the Promise of Health Information Technology Before the S. Comm. On Health, Education, Labor, & Pensions, 115th Cong. 1 (2017) (statement of James Cannatti, Senior Counselor for Health Information Technology HHS OIG). 68 We recognize that the ONC NPRM is not a final rule and is subject to change. However, we base our proposal on both the statutory language and the language in ONC’s proposed rule for purposes of soliciting public input on our proposals. 66 84 E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules We note that health plans, which are protected donors under the EHR safe harbor, may not be subject to the information blocking provisions of the 21st Century Cures Act or the ONC NPRM. Nevertheless, health plans that seek the protection of this safe harbor do so voluntarily. We note that the definition of ‘‘information blocking’’ at PHSA section 3022(a)(1) applies a different knowledge standard to health IT developers of certified health IT, health information networks, and health information exchanges than it does to healthcare providers. A healthcare provider engages in a practice of information blocking if such a provider ‘‘knows that such practice is unreasonable and is likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.’’ 69 The EHR safe harbor primarily applies to healthcare providers due to the limitations on the types of donors permitted under 1001.952(y)(1). Therefore, most donors under the EHR safe harbor would be subject to the information blocking knowledge standard at section 3022(a)(1)(B)(ii) of the PHSA. Rather than have different conditions for healthcare providers and health plans, we believe it is reasonable to have one condition that applies the same information blocking knowledge standard to all parties who voluntarily use the safe harbor to protect donations of EHR items and services. For purposes of donations under this safe harbor, we propose to apply the knowledge standard articulated in the PHSA at section 3022(a)(1)(B)(ii) as applicable to both providers and health plans, and we seek comments on this approach. Additionally, the current condition at 1001.952(y)(3), as adopted in the 2006 Final EHR Safe Harbor Rule 70 was intended to prevent donors, including health plans, from donating EHR software and then engaging in practices of information blocking that would limit the interoperability of the donated items, notwithstanding that we did not use that exact terminology. As a result, we do not believe this proposed modification places any additional burden on health plans that voluntarily seek to protect donations. We solicit comments on aligning the condition at 1001.952(y)(3) with the proposed information blocking definition in 45 CFR part 171. 4. Cybersecurity We propose to amend the safe harbor to clarify that certain cybersecurity 69 PHSA 70 71 § 3022(a)(1)(B)(ii). FR 45136. VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 software and services have always been protected under this safe harbor,71 and to more broadly protect the donation of software and services related to cybersecurity. Currently, the safe harbor protects electronic health records software or information technology and training services necessary and used predominantly to create, maintain, transmit, or receive electronic health records. We propose to modify this language to include certain cybersecurity software and services that ‘‘protect’’ electronic health records. In the 2006 Final EHR Safe Harbor Rule, we emphasized the requirement that software, information technology, and training services donated must be ‘‘closely related to electronic health records’’ and that the ‘‘electronic health records functions must be predominant.’’ We stated that ‘‘[t]he core functionality of the technology must be the creation, maintenance, transmission, or receipt of individual patients’ electronic health records,’’ but, recognizing that the electronic health records software is commonly integrated with other features, we also stated that arrangements in which the software package included other functionality related to the care and treatment of individual patients would be protected. Under our proposal, the same criteria would apply to cybersecurity software and services: The predominant purpose of the software or service must be cybersecurity associated with the electronic health records. We note that we also are proposing a new safe harbor specifically to protect donations of cybersecurity technology and related services. As proposed, the cybersecurity safe harbor is broader and includes fewer conditions than the EHR safe harbor. However, we are proposing to expand the EHR safe harbor to expressly include cybersecurity software and services so that it is clear that an entity donating electronic health records software and providing training and other related services may also donate related cybersecurity software and services to protect the electronic health records. For clarity, we also propose to incorporate a definition of ‘‘cybersecurity’’ in this safe harbor that mirrors the definition we propose in the stand-alone cybersecurity safe harbor. A party seeking safe harbor protection needs to comply with the requirements of only one safe harbor. We solicit comments on this approach. In particular, with the addition of a stand71 For instance, a secure log-in or encrypted access mechanism included with an EHR system or EHR software suite would be cybersecurity features of the EHR that are protected under the existing EHR safe harbor. PO 00000 Frm 00049 Fmt 4701 Sfmt 4702 55741 alone cybersecurity safe harbor, we solicit comments on whether it necessary to modify the EHR safe harbor to expressly include cybersecurity. 5. The Sunset Provision The EHR safe harbor originally was scheduled to sunset on December 31, 2013. In adopting this condition of the EHR safe harbor, we acknowledged in the 2006 Final EHR Safe Harbor Rule ‘‘that the need for a safe harbor for donations of electronic health records technology should diminish substantially over time as the use of such technology becomes a standard and expected part of medical practice.’’ In the 2013 notice of proposed rulemaking for an amendment to the EHR safe harbor (2013 Proposed Rule), we acknowledged that while electronic health record technology adoption had risen dramatically, use of such technology had not yet been universally adopted nation-wide. Because continued electronic health record technology adoption remained an important Departmental goal, we solicited comments regarding an extension of the safe harbor. In response to those comments, in the 2013 Final EHR Safe Harbor Rule we extended the sunset date of the safe harbor to December 31, 2021, a date that corresponds to the end of the electronic health record Medicaid incentives. We stated our continued belief that as progress on this goal is achieved, the need for a safe harbor for donations should continue to diminish over time. Since publication of the 2013 Final EHR Safe Harbor Rule, however, numerous commenters have urged us to extend or make permanent the safe harbor at 42 CFR 1001.952(y). Specifically, commenters have suggested this modification in response to OIG’s annual Solicitation of New Safe Harbors and Special Fraud Alerts, and also in response to the OIG RFI and the CMS RFI. While we acknowledge that widespread adoption of electronic health record technology, though not universal, largely has been achieved, we no longer believe that once this goal is achieved the need for a safe harbor for donations of such technology will diminish over time or completely disappear. New entrants into medical practice, coupled with aging EHR technology at existing practices and the emergence of new and better technology, necessitate the availability of this safe harbor to achieve the Department’s policy objectives. Our experience indicates that the continued availability of the safe harbor plays a part in achieving the Department’s goal E:\FR\FM\17OCP2.SGM 17OCP2 55742 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules of promoting electronic health records technology adoption by providing certainty with respect to the cost of electronic health records items and services for recipients, and by encouraging adoption by physicians who are new entrants into medical practice or have postponed adoption based on financial concerns regarding the ongoing costs of maintaining and supporting an electronic health records system. Ongoing protection of electronic health record items and services donations would further new Department priorities and policies by allowing donors and recipients to ensure new technology is adopted that, for example, may improve the interoperability of electronic health information. We are proposing to eliminate the sunset provision at 42 CFR 1001.952(y)(13). As an alternative to this proposed elimination of the sunset provision, we are considering an extension of the sunset date for the final rule. We seek comment on whether we should select a later sunset date instead of making the safe harbor permanent, and if so, what that date should be. 6. Definitions We are proposing to modify the definitions of ‘‘interoperable’’ and ‘‘electronic health record.’’ In the 2006 Final EHR Safe Harbor Rule, we finalized these definitions based on then-current terminology, the emerging standards for electronic health records, and other resources cited by commenters. The following proposed modifications to these definitions are largely based on terms and provisions in the Cures Act that update or supersede terminology we used in the 2006 Final EHR Safe Harbor Rule. In the current note to paragraph (y) under 1001.952, ‘‘electronic health record’’ is defined as ‘‘a repository of consumer health status information in computer processable form used for clinical diagnosis and treatment for a broad array of clinical conditions.’’ We propose to modify the definition of ‘‘electronic health record’’ to mean: ‘‘a repository of electronic health information that: (A) is transmitted by or maintained in electronic media; and (B) relates to the past, present, or future health or condition of an individual or the provision of healthcare to an individual.’’ The proposed revision to the definition of ‘‘electronic health record’’ is not intended to substantively change the scope of protection. We are proposing these modifications to this definition to reflect the term ‘‘electronic health information’’ that is used VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 throughout the Cures Act and that is central to the definition of ‘‘interoperability’’ at PHSA § 3000(9) and the information blocking provision at PHSA § 3022. Additionally, the ONC NPRM proposes a definition of ‘‘electronic health information.’’ 72 We have based the proposed modifications, in part, on ONC’s proposed definition of ‘‘electronic health information’’ to reflect more modern terminology used to describe the type of information that is part of an electronic health record. We solicit comments on this updated definition. In the note to paragraph (y) under 1001.952, the existing definition of ‘‘interoperable’’ means ‘‘able to communicate and exchange data accurately, effectively, securely, and consistently with different information technology systems, software applications, and networks, in various settings, and exchange data such that the clinical or operational purpose and meaning of the data are preserved and unaltered.’’ As explained in the 2006 Final EHR Safe Harbor Rule, this definition was based on 44 U.S.C. 3601(6) (pertaining to the management and promotion of electronic Government services) and several comments we received in response to the proposed rule that referenced emerging industry definitions and standards related to interoperability.73 We propose to update the definition of the term ‘‘interoperable’’ to align with the statutory definition of ‘‘interoperability’’ added by the Cures Act to Section 3000(9) of the PHSA and as proposed in the ONC NPRM. We propose modifications to match the statutory definition and the ONC NPRM definition of ‘‘interoperability.’’ Consistent with PHSA § 3000(9), we propose to define ‘‘interoperable’’ to mean able to: ‘‘(i) securely exchange data with, and use data from other health information technology without special effort on the part of the user; (ii) allow for complete access, exchange, and use of all electronically accessible health information for authorized use under applicable State or Federal law; and (iii) does not constitute information blocking as defined in 45 CFR part 171.’’ The only difference between the statutory definition of ‘‘interoperability’’ and the definition in the ONC NPRM is the reference to the regulatory definition of ‘‘information blocking’’ in 45 CFR part 171, which we propose to adopt. We will work closely with ONC as they finalize the information blocking rule to ensure definitions align across the EHR 72 84 73 71 PO 00000 FR 7424, 7513 (Mar. 4, 2019). FR 45110, 45126 (August 8, 2006). Frm 00050 Fmt 4701 Sfmt 4702 safe harbor and the final information blocking regulations. We believe the statutory definition of ‘‘interoperability’’ includes similar concepts to the existing definition of ‘‘interoperable’’ in the note to paragraph (y) (e.g., the ability to securely exchange data across different systems or technology). Two new concepts in the statutory definition are included in the proposed modification: (i) Interoperable means the ability to exchange electronic health information ‘‘without special effort on the part of the user’’ and (ii) interoperable expressly does not mean information blocking.74 As a practical matter, we believe these two concepts are not substantively different from the existing definition and only reflect an updated understanding of interoperability and related terminology. We solicit comments on the proposed definition that would align the definition of ‘‘interoperable’’ with the statutory definition of ‘‘interoperability.’’ We also are considering linking the definition of ‘‘interoperable’’ with the proposed definition of ‘‘interoperability’’ at 45 CFR 170.102 in the ONC NPRM 75 if that proposed definition is finalized. We note that ONC’s proposed regulatory definition of ‘‘interoperability’’ matches the statutory definition. However, linking the ONC regulatory definition of ‘‘interoperability’’ may allow for additional, future updates to be adopted by reference in the EHR safe harbor. We solicit comments on this proposal. In the alternative, we are considering revising our regulations to eliminate the term ‘‘interoperable’’ and instead incorporate the term ‘‘interoperability’’ and define this term by reference to section 3000(9) of the PHSA and proposed in 45 CFR part 170. Under this alternative proposal, we would revise § 1001.952(y)(2) to require donations of software to meet interoperability standards established under Title XXX of the PHSA and its implementing regulations. Software would be deemed to meet interoperability standards if, on the date it is provided to the recipient, it is certified by a certifying body authorized by ONC to health information technology certification criteria identified in 45 CFR part 170. We seek comment regarding whether using terminology identical to the PHSA and proposed ONC regulations would facilitate compliance with the requirements of the EHR safe harbor and reduce any regulatory burden resulting from the differences in the agencies’ 74 PHSA 75 84 E:\FR\FM\17OCP2.SGM § 3000(9); 42 U.S.C. 300jj(9). FR 7424, 7589 (Mar. 4, 2019). 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules different terminology related to the singular concept of interoperability. Finally, for ease of reference, we propose to amend the safe harbor by moving the undesignated definitions set forth in the note to paragraph (y) to a new paragraph (y)(14). 7. Additional Proposals and Considerations a. 15-Percent Recipient Contribution In the 2006 Final EHR Safe Harbor Rule, we agreed with a number of commenters who suggested that cost sharing is an appropriate method to address some of the fraud and abuse risks inherent in unlimited donations of technology. Accordingly, we incorporated a requirement into 42 CFR 1001.952(y) that the recipient pays 15 percent of the donor’s cost of the technology. We noted in the 2006 Final EHR Safe Harbor Rule that ‘‘the 15 percent cost sharing requirement is high enough to encourage prudent and robust electronic health records arrangements, without imposing a prohibitive financial burden on recipients.’’ Moreover, we stated, ‘‘this approach requires recipients to contribute toward the benefits they may experience from the adoption of interoperable electronic health records (for example, a decrease in practice expenses or access to incentive payments related to the adoption of health information technology).’’ We are aware that the 15-percent contribution requirement has proven burdensome to some recipients and may act as a barrier to adoption of electronic health records technology. We understand that this burden may be particularly acute for small and rural practices that cannot afford the contribution. We also recognize that applying the 15-percent contribution requirement to upgrades and updates to electronic health record technology is restrictive and cumbersome and similarly may act as a barrier. We are not proposing specific amendments to the 15-percent contribution requirement at this time, and we are considering retaining this requirement without change in the final rule. However, we also are considering and solicit comments on the three alternatives to the existing requirement as outlined below. We solicit comment on each of the alternatives as separate proposed modifications to the contribution requirement. First, for purposes of the final rule, we are considering eliminating or reducing the percentage contribution required for small or rural practices. We specifically seek comment on whether and how we VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 should eliminate or reduce the 15percent contribution requirement as applied to a specific subset of recipients such as small or rural practices. In particular, we solicit comments on how ‘‘small or rural practices’’ should be defined. For example, we solicit comments on whether ‘‘rural practices’’ should be defined as those located in rural areas, as defined in the safe harbor for local transportation at 42 CFR 1001.952(bb). We also solicit comments on whether ‘‘small practices’’ should be defined as those in medically underserved areas, as designated by the Secretary under section 330(b)(3) of the Public Health Service Act, or defined similarly to a ‘‘small provider of services or small supplier’’ as set forth in the requirements related to the electronic submission of Medicare claims at 42 CFR 424.32. We also are considering for the final rule and solicit comments on whether other subsets of potential recipients, for example critical access hospitals, should be exempted from the 15-percent contribution because it would impose a significant financial burden on the recipient. Second, and in the alternative, we are considering reducing or eliminating the 15-percent contribution requirement in this safe harbor for all recipients. We solicit comments regarding the impact this might have on the use and adoption of electronic health records technology, and any attendant risks of fraud and abuse. We are interested in specific examples of the prohibitive costs associated with the 15-percent contribution requirement, both for the initial donation of electronic health records technology, and subsequent upgrades and updates to the technology. Finally, if we retain a 15-percent contribution requirement or reduce that contribution requirement for some or all recipients, we are considering modifying or eliminating the contribution requirement for updates to previously donated EHR software or technology. We solicit comments on this approach as well as what such a modification should entail. For example, we are considering requiring a contribution for the initial investment only, as well as any ‘‘new’’ modules, but not requiring a contribution for any update of the software already purchased. We solicit comments on these alternatives, or another similar alternative that would still involve some contribution but could reduce the uncertainty and administrative burden associated with assessing a contribution for each update. PO 00000 Frm 00051 Fmt 4701 Sfmt 4702 55743 b. Replacement Technology In the 2013 Final EHR Safe Harbor Rule, we highlighted one commenter’s assertion that ‘‘the prohibition on donating equivalent technology currently included in the safe harbor locks physician practices into a vendor, even if they are dissatisfied with the technology, because the recipient must choose between paying the full amount for a new system and continuing to pay 15 percent of the cost of the substandard system.’’ The same commenter asserted that ‘‘the cost difference between these two options is too high and effectively locks physician practices into electronic health record technology vendors.’’ In the 2013 Final EHR Safe Harbor Rule, we responded that ‘‘we continue to believe that items and services are not ‘‘necessary’’ if the recipient already possesses the equivalent items or services. We noted that providing equivalent items and services confers independent value on the recipient and noted our expectation that ‘‘physicians would not select or continue to use a substandard system if it posed a threat to patient safety.’’ We appreciate that advancements in electronic health records technology are continuous, rapid, and sometimes prohibitively expensive for the purchaser of such technology, and that in some situations, replacement technology is appropriate. We are proposing to delete the condition that prohibits the donation of equivalent items or services at current 1001.952(y)(7) to allow donations of replacement electronic health records technology. We specifically seek comment as to whether deleting this condition is necessary, and in what situations replacement technology would be appropriate. We further solicit comment as to how we might safeguard against situations where donors inappropriately offer, or recipients inappropriately solicit, unnecessary technology instead of upgrading their existing technology for appropriate reasons. c. Protected Donors We are considering expanding the group of entities that may be protected donors under the EHR safe harbor, for purposes of the final rule. As background, in the preamble to the 2006 Final EHR Safe Harbor Rule for the EHR safe harbor, we were mindful that broad safe harbor protection would significantly further the important public policy goal of promoting electronic health records, and thus concluded that the safe harbor should protect any donor that is an individual E:\FR\FM\17OCP2.SGM 17OCP2 55744 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules or entity that provides patients with healthcare items or services covered by a Federal health care program and submits claims or requests for payment for those items or services (directly or pursuant to reassignment) to Medicare, Medicaid, or other Federal health care programs (and otherwise meets the safe harbor conditions).76 Notwithstanding this conclusion, we indicated that ‘‘[w]e remain concerned about the potential for abuse by laboratories, durable medical equipment suppliers, and others’’ and noted that ‘‘[w]e intend to monitor the situation. If abuses occur, we may revisit our determination.’’ 77 In the 2013 Final EHR Safe Harbor Rule, we finalized a proposal to remove laboratory companies from the scope of protected donors under the safe harbor to address, among other things, potential abuse identified by some of the commenters involving potential recipients conditioning referrals for laboratory services on the receipt of, or redirecting referrals for laboratory services following, donations from laboratory companies, and general misuse of donations by donors to secure referrals. We remain concerned about the potential for fraud and abuse by certain donors that we articulated in the 2006 Final EHR Safe Harbor Rule and the 2013 Final EHR Safe Harbor Rule. However, in light of the Department’s continued objective to advance the adoption of electronic health records technology, particularly as related to the Regulatory Sprint, and in response to certain comments received to the OIG RFI, we are considering expanding the scope of protected donors by eliminating or revising the requirement in 42 CFR 1001.952(y)(1)(i) that protected donors be limited to those who ‘‘submit[ ] claims or requests for payment, either directly or through reassignment, to the Federal health care program.’’ If we were to revise rather than eliminate the restriction, we are considering broadening it in the final rule to entities with indirect responsibility for patient care. This expansion would protect as donors, for example, entities like health systems or accountable care organizations that neither are health plans nor submit claims for payment. Certain commenters to the OIG RFI also recommended permitting any risk-bearing entity that participates in an Advanced APM entity under the Medicare Quality Payment Program (QPP) to be a donor. We are interested in understanding other types of entities and potential donors who 76 71 77 Id. FR 45127. at 45128. VerDate Sep<11>2014 20:24 Oct 16, 2019 would avail themselves of a broadening of the protected donors. In addition, we specifically solicit comments regarding the removal of this restriction and whether and how removal would impact the widespread adoption of electronic health records technology as well as comments regarding any attendant risks of fraud and abuse. J. Personal Services and Management Contracts and Outcomes-Based Payment Arrangements (1001.952(d)) We propose to modify the existing safe harbor for personal services and management contracts at 42 CFR 1001.952(d) to: (i) Substitute, for the requirement that aggregate compensation under these agreements be set in advance, a requirement that the methodology for determining compensation be set in advance; (ii) eliminate the requirement that, if an agreement provides for the services of an agent on a periodic, sporadic or parttime basis, the contract must specify the schedule, length, and the exact charge for such intervals; (iii) create a new paragraph (d)(2) to protect certain outcomes-based payments, as defined below; and (iv) to make certain technical changes. These proposals seek to modernize the safe harbor and respond to comments in response to the RFI that existing safe harbor requirements present barriers to certain care coordination and value-based arrangements. 1. Elimination of Requirement To Set Aggregate Compensation in Advance The existing safe harbor for personal services and management contracts requires that such agreements be for a term of at least 1 year, and that the aggregate compensation be set in advance. In addition, the compensation must be consistent with fair market value in arm’s-length transactions. Consistent with our existing safe harbor, compensation under personal services and management contracts may not be determined in a manner that takes into account the volume or value of any referrals or business otherwise generated between the parties for which payment may be made in whole or in part under Medicare, Medicaid or other Federal health care programs. Also, the aggregate services performed under the agreement must not exceed those which are reasonably necessary to accomplish the commercially reasonable business purpose of the services.78 The purpose of these requirements is to limit the 78 42 Jkt 250001 PO 00000 CFR 1001.952(d)(4), (5) and (7). Frm 00052 Fmt 4701 Sfmt 4702 opportunity to provide financial incentives in exchange for referrals. To provide the healthcare industry enhanced flexibility to undertake innovative arrangements, we are proposing to revise the safe harbor to remove the requirement at 42 CFR 1001.952(d)(5) that the ‘‘aggregate’’ amount of compensation paid over the term of the agreement must be set forth in advance. To mitigate the risk of parties to the agreement periodically adjusting the compensation to reward referrals or unnecessary utilization, the proposed modification to the safe harbor would require the parties to an arrangement to determine the arrangement’s compensation methodology in advance of the initial payment under the arrangement. In addition, under (d)(1) of our proposal, the safe harbor would continue to require that the compensation reflect fair market value, be commercially reasonable, and not take into account the volume or value of referrals or business otherwise generated between the parties. We anticipate this proposal would more closely align this safe harbor with the personal service arrangements exception to the physician self-referral law, 42 CFR 411.357(d). 2. Elimination of Requirement To Specify Schedule of Part-Time Arrangements We propose to eliminate the requirements set forth at 42 CFR 1001.952(d)(3) relating to agreements for services provided on a periodic, sporadic, or part-time basis. This paragraph of the safe harbor requires contracts that provide for services on such a basis to specify ‘‘exactly the schedule of such intervals, their precise length, and the exact charge for such intervals.’’ Removing this requirement would afford parties additional flexibility in designing bona fide business arrangements, including care coordination and quality-based arrangements, where parties provide legitimate services as needed. The existing safe harbor requires parttime contractual arrangements between healthcare providers to specify their timing or duration because of our concern that such arrangements are especially vulnerable to abuse. Specifically, part-time arrangements could be readily modified based on changing referral patterns between the parties. However, we believe that existing safeguards under (d)(1) of our proposal would provide sufficient safeguards against the manipulation of these arrangements to reward referrals, namely: The term of the arrangement E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules must be not less than 1 year; the compensation terms must reflect fair market value, be commercially reasonable, and not take into account the volume or value of any referrals or business otherwise generated between the parties; and the methodology for determining compensation must be set in advance. As with our first proposal, we anticipate this proposal would more closely align this safe harbor with the personal service arrangements exception to the physician self-referral law, 42 CFR 411.357(d). 3. Proposal To Protect Outcomes-Based Payments We propose to protect outcomesbased payment arrangements in certain circumstances under proposed new paragraph (d)(2) and (d)(3). Our proposal is in response to the evolution of new payment models, such as shared savings, shared losses, episodic payments, gainsharing, and pay-forperformance, and recognizes that such arrangements may facilitate care coordination, encourage provider engagement across care settings, and promote the shift to value. a. Outcomes-Based Payments We propose to define ‘‘outcomesbased payment’’ as payments from a principal to an agent that: (i) Reward the agent for improving (or maintaining improvement in) patient or population health by achieving one or more outcome measures that effectively and efficiently coordinate care across care settings; or (ii) achieve one or more outcome measures that appropriately reduce payor costs while improving, or maintaining the improved, quality of care for patients. We further propose that such payments would exclude any payments made, directly or indirectly, by a pharmaceutical manufacturer; a manufacturer, distributor, or supplier of DMEPOS; or a laboratory. Such payments would also exclude any payment that relates solely to the achievement of internal cost savings for the principal. We solicit comments on potential alternative definitions of the term ‘‘outcomes-based payment’’ that would be consistent with the goals described in the preceding paragraphs of this preamble section. For example, we are considering for the final rule defining the term by reference to specific types of payments, such as those described as examples of outcomes-based payments below. Examples of outcomes-based payment arrangements could include shared savings payments, shared losses VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 payments, gainsharing payments, payfor-performance payments, or episodic or bundled payments. We are considering and solicit comments on whether, if we take this approach, we should further define specific types of payment arrangements that would qualify for this safe harbor in the final rule. To the extent we further define such arrangements, we are considering basing potential definitions on arrangements defined in various Innovation Center models and the Medicare Shared Savings Program. Such terms might include: • ‘‘Shared savings payment’’ could be defined to mean a payment from a payor to a principal or the downstream payment by the principal to the agent of a share of payor savings realized from the agent’s activities for a specified patient population. Shared savings payments encourage the use of the lowest cost service for the patient population to achieve certain desired health outcomes. • ‘‘Shared losses payment’’ could be defined to mean a payment from a principal to a payor or from a downstream agent to a principal to repay the payor for a portion of the payor’s losses incurred with respect to a specific patient population under a shared savings arrangement when a principal’s expenditures for the patient population for the applicable performance period exceed specific performance benchmarks. • ‘‘Gainsharing payment’’ could be defined to mean a payment from a principal to an agent to incentivize the agent to appropriately reduce healthcare costs (other than solely the principal’s internal costs) for a specified patient population while achieving certain outcome measures in accordance with a principal’s arrangement with a payor. • ‘‘Episodic or bundled payment’’ could be defined to mean a payment from a payor to a principal or from a principal to a downstream agent for an episode of care across care settings for a specified patient population. This could include a retrospective bundled payment arrangement where actual healthcare expenditures of the payor and principal for the patient population are reconciled against a target price for an episode of care and a portion of such payment to the principal may be made to the agent or a prospectively determined bundled payment from the payor to the principal or a portion of such payment to the principal made to the agent that encompasses all healthcare services furnished by the principal and agent for the patient population during the episode of care. PO 00000 Frm 00053 Fmt 4701 Sfmt 4702 55745 • ‘‘Pay-for-performance arrangement’’ could be defined to mean a payment from a principal to an agent (or a payor to a principal) for the achievement of a legitimate cost, quality, or operational performance metric (e.g., bonus payment) on behalf of the principal for a specified patient population. We anticipate such outcomes-based payment arrangements would largely mirror, in concept, similar arrangements used in various Innovation Center models and the Medicare Shared Savings Program and would, more specifically, encompass examples like the following: (i) An ACO makes a ‘‘shared savings’’ payment to its member physicians, with such payments representing a percentage of payor savings generated by the ACO as a result of its members’ efforts to reduce total patient care costs and improve quality; (ii) where an ACO incurs financial loss and is obligated to pay money to its payor, a hospital makes ‘‘shared losses’’ payments to the ACO, representing an agreed upon percentage of the ACO’s loss; and (iii) a hospital and group of physicians and post-acute care providers agree collectively to be paid by a payor for an episode of care (e.g., inpatient stay and 90 days postdischarge) and share among themselves the savings or losses generated against a benchmark. In some cases involving reconciliation, the hospital might be responsible for sharing any savings among its partners; in others, the hospital might be responsible for paying its partners for the services they furnish the patients under the episode. As noted previously, our proposed definition of ‘‘outcomes-based payment’’ excludes arrangements that relate solely to achievement of internal cost savings for the principal. For example, outcomes-based payment arrangements would not include arrangements that involve sharing in financial risk or gain only as it relates to the prospective payment systems for acute inpatient hospitals, home health agencies, hospice, outpatient hospitals, inpatient psychiatric facilities, inpatient rehabilitation facilities, long-term care hospitals, or SNFs. Although arrangements reimbursed by Federal health care programs under the prospective payment systems may create internal cost savings for a provider, the savings under the arrangement would not accrue to the payor. Thus, and for example, this safe harbor would not protect an outcomesbased payment arrangement between a hospital and physician group, where the parties share financial risk or gain only with respect to items or services E:\FR\FM\17OCP2.SGM 17OCP2 55746 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules reimbursed to the hospital under the Medicare prospective payment system for acute inpatient hospitals. However, an outcomes-based payment arrangement that involves a hospital and physician group sharing financial risk or gain realized across care settings would be protected (e.g., for a patient’s inpatient stay and the 60-day postdischarge period), provided all safe harbor requirements were met. b. Entities Not Included Based on our enforcement and oversight experience and as explained with respect to a similar exclusion in the definition of VBE participant in this proposed rule, we are proposing to exclude pharmaceutical manufacturers; manufacturers, distributors, and suppliers of DMEPOS; and laboratories from the proposed safe harbor for outcomes-based payments. As stated previously, we are concerned that these types of entities, which are heavily dependent upon practitioner prescriptions and referrals, might use outcomes-based payments primarily to market their products to providers and patients. As with the proposed definition of a VBE participant, we are also considering for the final safe harbor at 1001.952(d)(2) excluding pharmacies (including compounding pharmacies), PBMs, wholesalers, and distributors. We solicit comments about these proposed exclusions, as well as illustrative examples of beneficial or problematic outcomes-based payment arrangements that might be excluded or included if we finalize some or all of these exclusions. We also are considering whether to more specifically target the final safe harbor on outcomes-based payment arrangements that further value-based care or care coordination by limiting protection for outcomes-based payment arrangements to VBE participants, as that term is defined in (ee)(12)(vi) of this proposed rule. c. Collaboration and Outcomes-Based Payments As proposed, under the safe harbor conditions, all outcomes-based payments must be made between or among parties that are collaborating to measurably improve quality of patient care appropriately and materially reduce costs while maintaining quality, or both. Moreover, if specific services are to be performed, the agreement must specify all of the services the parties perform (or refrain from performing) to qualify for the outcomes-based payments. We are mindful that with some value-based payment VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 arrangements, there may not be a direct correlation between the level or value of services provided by a particular recipient of payments and that party’s share of savings or outcomes-based payments (e.g., shared savings payments may be distributed on a basis unrelated to actual services provided). While the two requirements described do not expressly require that the outcomesbased payment arrangement include the provision of services (merely that the parties collaborate, and to the extent the parties’ arrangement includes services, that they be documented), we anticipate that many arrangements would include a service component. d. Safe Harbor Conditions Our proposal for outcomes-based payment arrangements includes safe harbor conditions, some of which mirror program integrity safeguards set forth in the existing personal services and management contracts safe harbor and some of which are new safeguards specific to outcomes-based payment arrangements. As detailed below, our proposed safe harbor conditions are based on our experience with these types of arrangements through the advisory opinion process and the development of waivers for CMS models. e. Goal of the Outcomes-Based Payment Arrangement As stated above, all outcomes-based payments must be made between or among parties that are collaborating to measurably improve quality of patient care (or maintain improvement); appropriately and materially reduce costs to, or growth in expenditures of, payors while improving or maintaining the improved quality of care; or both. We propose to limit safe harbor protection to outcomes-based payment arrangements that foster these two goals because we believe that such arrangements may best facilitate care coordination, encourage provider engagement across care settings, and promote the shift to value. f. Outcome Measures We propose to require the parties to an arrangement to establish one or more specific evidence-based, valid outcome measures that the agent must satisfy to receive the outcomes-based monetary remuneration. This requirement largely mirrors the outcome-measure requirement in the proposed care coordination arrangements safe harbor at paragraph (ee), and we refer readers to the discussion of this requirement in the preamble above. That being said, we note certain key differences, such as: PO 00000 Frm 00054 Fmt 4701 Sfmt 4702 This proposed safe harbor requires satisfaction of an outcome measure to receive an outcomes-based payment, whereas the care coordination arrangements safe harbor requires monitoring and assessment related to such outcome measures; and the achievement of outcomes measures is not a prerequisite to the provision or use of in-kind remuneration under the proposed safe harbor at paragraph (ee). Such differences are deliberate and due to the variations in type and scope of potential remuneration that could be exchanged under the respective safe harbors. For the proposed outcomes-based payment arrangements amendments to the safe harbor, outcome measures must relate to improving quality of patient care; appropriately and materially reducing costs to, or growth in expenditures of, payors while improving, or maintaining the improved quality of care for patients; or both. As an additional safeguard, parties must select outcome measures based upon clinical evidence or credible medical support. Any outcome measures established pursuant to the parties’ arrangement must be measurable and valid, and such measures must promote improved quality or efficiencies in the delivery of care, or appropriate cost reduction. Measures that simply seek to reward the status quo would not meet this requirement. In some circumstances, we acknowledge that payment for the maintenance of high quality may be low risk (e.g., where an established ACO that has made demonstrable quality improvements over the course of several years seeks to reward its members to maintain such improvements). We solicit comments on whether, and if so how, we should protect such arrangements in the final rule without protecting arrangements that may be disguised payments for referrals. We are concerned that arrangements that reward the status quo are more likely to be mere payments for referrals. Because we believe the provision of monetary remuneration presents a higher risk of fraud and abuse than the provision of in-kind remuneration, we are considering for the final rule, and solicit comments on, whether to impose a different, potentially stricter standard for outcome measures in this proposed safe harbor than in the proposed care coordination arrangements safe harbor at paragraph (ee). To mitigate this risk, we propose to require the parties to regularly monitor and assess the agent’s performance on each outcome measure under the agreement. This condition is similar to the assessment and E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules monitoring requirements in the care coordination arrangements safe harbor at paragraph (ee). For example, regularly monitoring and assessing the agent’s performance could include: (i) Determining whether the arrangement has measurably improved quality of patient care, (ii) evaluating any deficiencies in the delivery of quality care, and (iii) measuring the agent’s satisfaction of the specific, evidencebased, valid outcome measure(s) in the outcomes-based arrangement. We recognize that outcomes-based payment arrangements may vary in structure and strive to provide flexibility for parties to design arrangements to achieve appropriate quality of patient care as well as appropriate efficiency and cost savings goals. However, we are proposing to include an express requirement that parties rebase the benchmark or outcome measure for outcomes-based payments periodically in outcomesbased payment arrangements where rebasing is feasible under paragraph (d)(2)(vii)(B). By ‘‘rebasing’’ we mean resetting the benchmark used to determine whether payments will be made to take into account improvements already achieved. We anticipate periodic ‘‘rebasing’’ will prevent parties from inappropriately carrying over savings from previous performance periods or from receiving payments that do not reflect legitimate achievement of outcomes. This proposed requirement is intended to address a concern that ‘‘evergreen’’ outcomes-based payment arrangements, in which outcome measures are not properly monitored or assessed, could be used as a vehicle to reward referrals well after the desired provider behavior change or savings benchmark has been met. Such perpetual arrangements might also fail to meet the proposed requirement that the measures be evidence-based. We are considering for the final rule, and solicit comments on, whether a specific timeframe within a specified performance period under the arrangement (e.g., 3 years) or a shorter (e.g., 1-year) or longer (e.g., 5-year) timeframe is appropriate and realistic for requiring parties to rebase the benchmarks for outcomes-based payments. We solicit comments on the definition of ‘‘rebase’’ and when and how frequently rebasing would be necessary and appropriate to ensure that outcomes-based payments are based on valid, measurable outcomes, reducing the risk that the payments would be mere payments for referrals. VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 g. Methodology To increase transparency of outcomesbased payment arrangements, we propose that the methodology for determining the aggregate compensation (including any outcomes-based payments) paid between or among the parties over the term of the agreement is: Set in advance; commercially reasonable; consistent with fair market value; and not determined in a manner that directly takes into account the volume or value of any referrals or business otherwise generated between the parties for which payment may be made in whole or in part by a Federal health care program. We view these conditions as essential safeguards to ensuring any outcomes-based payment arrangement is not a vehicle to reward referrals and generate revenue but rather reflects a deliberate, collaborative effort by the parties to the arrangement to realize improved outcomes, cost savings to payors, or both. Because our proposed set-in-advance and commercially reasonable requirements are consistent with our existing personal services arrangement and management contracts safe harbor (as proposed to be amended with respect to the set-in-advance requirement), we do not address these requirements here in further detail. We discuss our proposed fair market value and volume or value conditions below. i. Fair Market Value We propose that the methodology for determining the aggregate compensation (including any outcomes-based payments) paid between or among the parties over the term of the agreement be consistent with fair market value. We acknowledge our proposed aggregate fair market value requirement may pose challenges to the extent there are not industry standards yet developed to determine fair market value for some outcomes-based payment arrangements in the value-based care arena and because we understand that some of the outcomes-based payment arrangements we propose to protect do not necessarily correlate payments with actual services performed (and in some cases, reward not performing services). Nonetheless, we anticipate the industry will evolve and adapt to assess fair market value for value-driven outcomes-based payment arrangements, even where the provision of traditional services may be a less prominent component. We solicit comments on this approach. We are considering for the final rule whether we should take a different approach (including whether to value outcomes-based payments PO 00000 Frm 00055 Fmt 4701 Sfmt 4702 55747 separately from other compensation or whether to substitute the fair market value requirement with a different safeguard that would help ensure that payments are for legitimate participation in arrangements that drive value-based care and are not merely disguised payments for referrals). ii. Volume or Value of Referrals We propose to require that the compensation methodology for determining the outcomes-based payment not be determined in a manner that directly takes into account the volume or value of referrals or other business generated between the parties. We recognize that to incentivize care coordination and appropriate behavioral changes through outcomes-based payments, parties may need to establish payment methodologies that at least indirectly take into account the volume or value of referrals or other business generated between the parties. We believe it should be possible to structure payments so that they do not directly take into account the volume or value of referrals of other business. h. Writing and Monitoring We propose that the outcomes-based payment be made between or among parties that are collaborating, pursuant to a written agreement signed by the parties in advance of, or contemporaneous with, the commencement of the terms of the outcomes-based payment arrangement. We further propose that the written agreement specify all of the services the parties would perform for the term of the agreement. As detailed in the above section, while this does not mandate that parties to an outcomes-based payment arrangement include services, if services are furnished pursuant to the parties’ arrangement, such services must be documented in writing. We further propose to require that the written agreement include the outcome measure(s), the evidence-based data or information upon which the parties relied to select the outcome measure(s), and the schedule for the parties to regularly monitor and assess the outcome measure(s). In addition to the writing requirements set forth in (d)(2)(viii), parties may consider documenting and retaining such documentation necessary to demonstrate compliance with each prong of this safe harbor. For example, the parties may document payments made pursuant to the outcomes-based payment arrangement and data showing the agent’s achievement of the outcome measure(s). E:\FR\FM\17OCP2.SGM 17OCP2 55748 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules i. Impact on Patient Quality of Care Properly structured and operated, outcomes-based payments hold the potential to improve the delivery of care; however, when improperly structured and operated, they hold the potential to incentivize behavior harmful to patients, such as stinting on care (underutilization), cherry picking lucrative or adherent patients, or lemon dropping costly or noncompliant patients.79 Accordingly, we are proposing to require that the agreement neither limits any party’s ability to make medically appropriate decisions for patients, nor induces the reduction of medically necessary services. j. Additional Safeguards We propose that the term of the agreement is not less than 1 year and that the services performed under the agreement do not involve the counseling or promotion of a business arrangement or other activity that violates any State or Federal law. These conditions are identical to those included in the personal services and management contracts safe harbor. k. Technical Modifications Due to the proposed additions of paragraphs (d)(2) and (d)(3), setting forth provisions on outcomes-based payments and definitions, we propose to move the existing personal services and management contracts provisions, as proposed to be amended in this rulemaking, to a new paragraph (d)(1). K. Warranties (1001.952(g)) In an effort to update the existing safe harbor for warranties at 42 CFR 1001.952(g) and to promote higher value items covered by warranties, we propose to modify the safe harbor to: (i) Protect warranties for one or more items and related services upon certain conditions; (ii) exclude beneficiaries from the reporting requirements applicable to buyers; and (iii) define ‘‘warranty’’ directly and not by reference to 15 U.S.C. 2301(6). We also propose to make a technical correction to paragraph (3)(i) to change the text from ‘‘paragraphs (a)(1) and (a)(2) of this 79 We note that section 1128A(b)(1) of the Act (the ‘‘Gainsharing CMP’’) prohibits a hospital from knowingly making payments, directly or indirectly, to a physician to induce the physician to reduce or limit medically necessary services to Medicare or Medicaid beneficiaries who are under the physician’s direct care. Hospitals that make (and physicians who receive) payments prohibited by this provision are liable for civil money penalties for each patient for which the prohibited payment was made. However, our proposed condition is in recognition that other parties, besides hospitals and physicians, may seek protection under this safe harbor. VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 section’’ to ‘‘paragraphs (g)(1) and (g)(2) of this section.’’ For ease of reference, we propose to amend the safe harbor by moving the undesignated definition at the end of the safe harbor to a new paragraph (g)(7). 1. Bundled Warranties The warranties safe harbor protects remuneration consisting of ‘‘any payment or exchange of anything of value under a warranty provided by a manufacturer or supplier of an item to the buyer (such as a health care provider or beneficiary) of the item,’’ as long as the buyer and seller comply with the safe harbor’s requirements.80 We confirmed in Advisory Opinion No. 18– 10 that this safe harbor applies only to warranties for a single item and not to bundled items.81 We received comments in response to the OIG RFI requesting revisions to the warranties safe harbor to protect warranty arrangements that pertain to bundled items and services. Commenters suggested that such revisions would promote beneficial and innovative arrangements. Based on these comments, other input OIG has received, and our own consideration of the potential benefits of expanding the warranties safe harbor to foster value, we propose to revise the safe harbor to protect bundled warranties for one or more items and related services, when certain conditions are met. This modification would allow manufacturers and suppliers to warrant that a bundle of items or one or more items in combination with related services, such as product support services, will meet a specified level of performance under a warranty agreement. We believe this proposed modification could promote beneficial arrangements between sellers and buyers by allowing them to enter into warranty arrangements conditioned on the collective value of the warranted items and related services. We also believe this proposed modification could enhance the use and utility of warranted items by protecting warranties that encompass services, such as support and educational services. For example, this proposed modification would protect arrangements such as the one at issue in Advisory Opinion No. 01–08, where the requestor operated a warranty program covering wound care products and certain related support services, such as 80 42 CFR 1001.952(g). Op. No. 18–10, available at https:// www.oig.hhs.gov/fraud/docs/advisoryopinions/ 2018/AdvOpn18-10.pdf. 81 Adv. PO 00000 Frm 00056 Fmt 4701 Sfmt 4702 access to a wound specialist and an online wound documentation system, that the requestor made available to buyers of its products.82 a. Inclusion of Services in Bundled Warranties We are proposing to protect warranty arrangements that apply to one or more items and services (provided the warranty covers at least one item). This modification would allow manufacturers and suppliers to warrant that certain services, in combination with one or more items, will result in a specified level of performance.83 We are mindful that the provision of certain warranted services, such as medication adherence services by manufacturers and suppliers, could increase the risk of patient harm and inappropriate utilization because manufacturers and many suppliers do not necessarily have direct patient care responsibilities and thus may not have the same patient safety considerations that physicians and providers with direct patient care responsibilities have. Using medication adherence services offered by drug manufacturers as an example, we are concerned that manufacturers may promote patients’ adherence to 82 Adv. Op. No. 01–08, available at https:// www.oig.hhs.gov/fraud/docs/advisoryopinions/ 2001/ao01-08.pdf. OIG acknowledged that the arrangement at issue in advisory opinion number 01–08 implicated the anti-kickback statute and did not fit in the warranties safe harbor but approved the arrangement on the basis that it presented a sufficiently low risk of fraud and abuse under the anti-kickback statute. 83 We clarify that our proposed changes would not protect free or reduced-price items or services that sellers provide either as part of a bundled warranty agreement or ancillary to a warranty agreement. Whether a seller’s provision of free or reduced-price items or services in connection with a warranty arrangement would implicate and potentially violate the anti-kickback statute would depend on whether other safe harbor protection exists for the arrangement, and if not, whether those items or services have independent value to a buyer other than for purposes of determining whether the terms of a warranty have been met. For example, laboratory testing required for patient care may be necessary to determine if a warranted outcome was achieved, but the laboratory test would have independent value to the buyer. A seller’s provision of laboratory testing for free or at a reduced charge as part of a warranty agreement would implicate the anti-kickback statute. Additionally, the provision of medication adherence services for free or below fair market value would implicate the anti-kickback statute. In contrast, if sellers provide items and services with no independent value to a buyer, other than to determine whether the conditions of a warranty have been satisfied, the items and services may not constitute remuneration under the anti-kickback statute, and thus, may not implicate the statute. See OIG Compliance Program Guidance for Pharmaceutical Manufacturers, 68 FR 23731, 23735 (May 5, 2003), for a discussion of pharmaceutical manufacturers’ provision of limited support services tailored to the manufacturers’ products that may not implicate the anti-kickback statute. E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules prescribed medications, even when a patient is experiencing harmful side effects, or the medication is not achieving the purpose for which it was prescribed. Because manufacturers have financial incentives for patients to use and reorder their medications but do not have the medical expertise the prescribing physicians have to determine whether continued use of medications is clinically appropriate for a specific patient, medication adherence services offered by manufacturers, such as phone or message communications directing patients to take their medications, could result in patient harm or inappropriate utilization of drugs. We are considering safeguards we could include in the final rule to protect against these risks, such as a safeguard that would prohibit direct patient outreach by a seller offering a warranty but that would allow the seller to pay an independent intermediary to perform services that require direct patient outreach, as long as compensation for the patient outreach services is not tied to the volume or value of any warranted item used by the patient. Our proposed expansion of this safe harbor does not protect warranties covering only services. We believe warranties for services that are not tied to one or more related items could present heightened fraud and abuse risks. Manufacturers and suppliers could warrant that services will achieve certain clinical goals and offer remuneration to induce referrals from referral sources under the guise of warranty remedies. The services manufacturers and suppliers may offer could take many different forms, and it may be difficult to verify whether services, which can more subjective in nature than items, failed to achieve the clinical goals established by a warranty arrangement. Additionally, because the services subject to a warranty may not be federally reimbursable, it may be difficult to determine whether the services being warranted are bona fide services or sham services offered as part of a warranty agreement and designed to transfer remuneration to referral sources upon the failure of such services to achieve the warranted result. If physicians, for example, could warrant that their services will achieve certain clinical results, the potential to receive money as a warranty remedy may induce patients to select physicians offering warranties over other physicians, particularly where the clinical results being warranted are not easily achievable, regardless of which physician a patient selects. We are considering for the final rule extending VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 safe harbor protection for warranties applying only to services if sufficient safeguards exist to mitigate these risks, and we are soliciting comments on the potential fraud and abuse risks that may arise if we expand the safe harbor to include services-only warranties and potential safeguards to mitigate these risks. b. Conditions on Bundled Warranties We propose to impose the following conditions on bundled warranty arrangements: (i) All federally reimbursable items and services subject to bundled warranty arrangements must be reimbursed by the same Federal health care program and in the same payment; (ii) a manufacturer or supplier must not pay any individual (other than a beneficiary) or entity for any medical, surgical, or hospital expense incurred by a beneficiary other than for the cost of the items and services subject to the warranty; and (iii) manufacturers and suppliers cannot condition bundled warranties on the exclusive use of one or more items or services or impose minimum-purchase requirements of any items or services. We believe these requirements would promote beneficial arrangements while protecting beneficiaries and the Federal health care programs from harmful practices, such as inappropriate utilization and product steering, as explained below. c. Requirement for Federally Reimbursable Items and Services Subject to Bundled Warranty Arrangements To Be Reimbursed by the Same Federal Health Care Program and in the Same Payment Under a new paragraph (5), we propose to require that all federally reimbursable items and services subject to the bundled warranty be reimbursed by the same Federal health care program and in the same payment. This requirement would be satisfied when federally reimbursable items and services subject to a bundled warranty are reimbursed by, for example, the same Part A Medicare SeverityDiagnosis Related Group (MS–DRG) payment, the same Medicare Part B ambulatory payment classification payment, or the same Medicaid managed care payment. Allowing sellers to bundle items and services reimbursed by different Federal health care program payments could create incentives for overutilization or inappropriate utilization of items and services included in the bundle. Unlike bundled payments, such as MS–DRG payments, payments that reimburse providers separately for each item and service they order do not incentivize providers PO 00000 Frm 00057 Fmt 4701 Sfmt 4702 55749 to contain their costs because the providers would receive reimbursement for each discrete item and service they order, regardless of whether those items and services present the best value. Without cost-containment incentives, providers may order devices or drugs subject to a bundled warranty, regardless of whether lower-cost, equally effective devices or drugs are available, because providers would be reimbursed separately for each item and reimbursable service and could be eligible to receive the full cost of the separately billed items and reimbursable services in the bundle if even one item or reimbursable service fails to perform as expected. We believe these risks are mitigated when bundled warranties apply only to federally reimbursable items and services that are reimbursed by the same Federal health care program payment, such as under an MS–DRG payment. However, we are aware that bundled warranties could result in barriers to entry for certain manufacturers and suppliers that cannot offer bundled warranties, and we are considering for the final rule, and solicit comments on, additional safeguards we should include to limit the potential anti-competitive effects that bundled warranties may have in the drug and device markets. Additionally, we solicit specific examples where the protections we propose would not be sufficient to protect against anti-competitive conduct. We recognize that the proposed requirement above might inhibit warranties conditioned on the collective performance of warranted items across a patient population (population-based warranties) because these items would not be reimbursed in the same payment. We are considering whether, and if so, how, we might craft the safe harbor to allow for population-based warranties without creating risks of increased costs to the Federal health care programs, as described above. For example, we are considering for the final rule whether we could require that all items and services be reimbursed according to the same payment methodology, but not necessarily the same payment, to allow for population-based warranties. We solicit comments on this approach and the potential benefits and fraud and abuse risks it may present. We note that retrospective reconciliation payments, such as those often used under the Innovation Center payment models, would not constitute one payment, as required under our proposal, when the reconciliation payments are paid to one entity but are not direct payment for E:\FR\FM\17OCP2.SGM 17OCP2 55750 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules items and services provided only by that entity. In addition, we are considering for the final rule, and seek comments on, whether we should include any exceptions to the requirement that all federally reimbursable items and services subject to a bundled warranty be paid by the same payment, such as when bundled items are reimbursed according to the same payment under the Medicare program but are reimbursed separately under Medicaid. For example, in Advisory Opinion No. 18–10, we noted that the items subject to the requestor’s warranty program were reimbursable under the same MS– DRG payment but potentially were separately reimbursable under certain states’ Medicaid programs. We encourage commenters to provide specific examples where an exception may be needed. 2. Capped Amount of Warranty Remedies; Prohibition on Exclusivity and Minimum-Purchase Requirements We propose to modify paragraph (4) of the safe harbor by limiting the remuneration a manufacturer or supplier may pay to any individual (other than a beneficiary) or entity for any medical, surgical, or hospital expense incurred by a beneficiary to the cost of the items and services subject to the warranty. We view this limitation as an important protection against manufacturers and suppliers providing excessive remuneration to induce further business. In a new paragraph (6), we also propose to prohibit manufacturers and suppliers from conditioning warranties on the exclusive use of one or more items or services and from imposing minimumpurchase requirements of any items or services. We view such steering practices as highly problematic and solicit comments on the prevalence of these practices in warranty arrangements. We also solicit comments on the effectiveness of the proposed safeguards in preventing or mitigating fraud and abuse risks, as well as additional safeguards we could impose. 3. Reporting Requirements Stakeholders have expressed concern that the reporting requirements under the safe harbor may not allow for outcomes-based warranty arrangements in which buyers could receive return payments from manufacturers over several years if a therapy does not meet clinical outcomes at designated points in time. We solicit comments on any burden the current reporting requirements impose and the need for more flexible reporting requirements VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 under the safe harbor to better facilitate warranties tied to clinical outcomes. We understand that delayed reporting may be necessary when, for example, the efficacy of a drug therapy may not be known for several years after the initial purchase. We are considering ways in which we could modify the reporting requirements under the safe harbor to accommodate outcomes-based warranty arrangements while protecting the Government’s interest in having an accurate and timely report of any price reductions a seller offers a buyer under a warranty arrangement protected by the safe harbor. We also propose to expressly exclude beneficiaries from the reporting requirement applicable to other buyers since beneficiaries do not report costs to the Government. 4. Definition of ‘‘Warranty’’ We propose to define ‘‘warranty’’ directly and not by reference to 15 U.S.C. 2301(6). The Magnuson-Moss Act enacted 15 U.S.C. 2301, which in paragraph (6) defines ‘‘written warranty’’ in connection with the sale of a ‘‘consumer product.’’ However, courts have held that an item regulated under the Federal Food, Drug, and Cosmetic Act is not a ‘‘consumer product’’ for purposes of the Magnuson-Moss Act.84 The reference to 15 U.S.C. 2301(6) in the definition of ‘‘warranty’’ therefore creates unintentional ambiguity as to whether the safe harbor covers warranties for drugs and devices regulated under the Federal Food, Drug, and Cosmetic Act. We propose revisions to the definition of ‘‘warranty’’ to clarify that the warranties safe harbor applies to FDA-regulated drugs and devices. We propose a definition for ‘‘warranty’’ that largely models the definition in 15 U.S.C. 2301(6) but replaces references to a ‘‘product,’’ where applicable, with ‘‘item or bundle of items, or services in combination with one or more related items,’’ to allow for single-item and bundled warranties. Additionally, the proposed definition substitutes references to the ‘‘material’’ of a product with ‘‘quality’’ to reflect the inclusion of warranted services in addition to items. The proposed definition of ‘‘warranty’’ continues to include a ‘‘written affirmation of fact or written promise [that] affirms or promises that [items and services] . . . will meet a specified level of performance over a specified period of time.’’ We interpret this provision to provide protection for 84 See, e.g., Kanter v. Warner-Lambert Co., 99 Cal. App. 4th 780, 798 (2002); Goldsmith v. Mentor Corp., 913 F. Supp. 56, 63 (D.N.H. 1995); Kemp v. Pfizer, Inc., 835 F. Supp. 1015, 1024–25 (E.D. Mich. 1993). PO 00000 Frm 00058 Fmt 4701 Sfmt 4702 warranty arrangements conditioned on clinical outcome guarantees, provided the warranty arrangements meet all the safe harbor’s requirements. L. Local Transportation (1001.952(bb)) Increasingly, experts are recognizing the important role transportation plays in patient access to care, quality of care, healthcare outcomes, and effective coordination of care for patients, particularly for patients who lack their own transportation or who live in ‘‘transportation deserts.’’ As part of this rulemaking, we are revisiting certain provisions of the existing safe harbor for local transportation at 42 CFR 1001.952(bb) and, as described above, proposing new safe harbor protection for certain patient engagement tools and supports. The proposed patient engagement and support safe harbor would include transportation services for patients that meet the proposed safe harbor requirements. We propose to modify the existing safe harbor for local transportation at 42 CFR 1001.952(bb) to: (i) Expand the distance which residents of rural areas may be transported; and (ii) remove any mileage limit on transportation of a patient from a healthcare facility from which the patient has been discharged to the patient’s residence. For purposes of clarification, we also provide guidance on the application of the safe harbor to transportation through ride-sharing services. We are not proposing to amend the safe harbor to explicitly include such services, because we believe that nothing in the existing language excludes them from protection. Finally, for ease of reference, we propose to amend the safe harbor by moving the undesignated definitions set forth in the note to paragraph (bb) to a new paragraph (bb)(3). 1. Expansion of Mileage Limit for Patients Residing in Rural Areas The safe harbor provides that transportation is protected if provided ‘‘[w]ithin 25 miles of the health care provider or supplier to or from which the patient would be transported, or within 50 miles if the patient resides in a rural area, as defined in this paragraph (bb).’’ 85 In response to the OIG RFI, some commenters stated that the 50mile limit for residents of rural areas is insufficient, as many rural residents need to travel more than 50 miles to obtain medically necessary services. Accordingly, we are proposing to increase the limit on transportation of residents of rural communities to 75 85 42 E:\FR\FM\17OCP2.SGM CFR 1001.952(bb)(1)(iv)(B). 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules miles, but we solicit comments on whether an increase to 75 miles is sufficient. We urge commenters to provide data or other evidence to support the most appropriate distance for the purposes of this rulemaking. We request that commenters provide specific information, if available, about the patients within the commenters’ communities or service areas who cannot obtain care within the existing distance limits. We also seek comments on how an entity would provide transportation over distances in excess of 50 miles (e.g., by shuttle, as defined in the existing safe harbor), ride-sharing programs, reimbursement of mileage, reimbursement of bus or taxi fare, or other means. Such information will assist us in determining whether an increased distance limit is necessary and practical and whether it is likely to be subject to abuse. While the current safe harbor does not require any showing of need on the part of patients, we solicit comments on whether the final rule should protect transportation in excess of the current limits only where there is a demonstration of financial, medical, or transportation need. We also solicit comments on what safeguards would be necessary to prevent abuse of an expansion of these limits for rural or other patients. 2. Elimination of Distance Limit on Transportation of Discharged Patients Comments on the OIG RFI and other information raise concerns about patients discharged from healthcare facilities who do not have a ride home. In some cases, these patients have been brought to the facility from a great distance. Some patients in behavioral health facilities are brought to the facility over long distances by law enforcement personnel. Commenters urged that the local transportation safe harbor be expanded to protect facilities that want to provide safe transportation home. We agree that transportation home after discharge from an inpatient facility does not pose the same level of risk of inducing patient referrals as transportation to the facility. Accordingly, we are proposing to eliminate any distance limit on transportation of a patient who has been discharged from a facility after admission as an inpatient, regardless of whether the patient resides in an urban or rural area, if the transportation is to the patient’s residence, another residence of the patient’s choice (such as the residence of a friend or relative who is caring for the patient postdischarge). We are also considering protecting transportation to any location VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 of the patient’s choice, including to another healthcare facility. We are soliciting comment on the fraud and abuse risks that may arise from permitting transportation to another healthcare facility. In addition, we are considering for the final rule whether, and under what circumstances, transportation home or to another facility should be protected when a patient has not been admitted to an inpatient facility. For example, we are soliciting comments on whether transportation should be protected after a patient has been seen in the emergency room, under observation status at a hospital for an extended period, but not admitted, or after a procedure at an ambulatory surgery center (ASC). If transportation is protected under these circumstances, we welcome comments on what limitations should be imposed (e.g., observation status at a hospital for at least 24 hours, or a procedure at an ASC or medical condition evaluated or treated at an emergency department that results in a patient being unable to travel home safely unaccompanied). The safe harbor does not require an entity to offer transportation to patients, and an entity may impose its own mileage limits on any transportation offer, as long as it imposes such limits consistently and makes the transportation available without regard to the volume or value of Federal health care program business. For example, the entity sponsoring the transportation cannot offer the transportation only to facilities affiliated with it. As with our proposal to increase the mileage limit for transportation of rural patients, we solicit comments on whether transportation of discharged patients, if in excess of otherwise applicable safe harbor mileage limits, should be limited to patients with demonstrated need (either financial need or transportation need), and if so, what standards should apply to such demonstration of need. Finally, we solicit comments on whether, if this proposal to eliminate any mileage limit for discharged patients is adopted, there remains a need to increase the distance limit for transportation of patients who reside in rural areas. 3. Local Transportation for HealthRelated, Non-Medical Purposes In the preamble to the final rule establishing the local transportation safe harbor, we declined to extend safe harbor protection to transportation for purposes other than to obtain medically necessary items or services, although we noted that a shuttle service protected by the safe harbor could make stops at PO 00000 Frm 00059 Fmt 4701 Sfmt 4702 55751 locations that do not relate to a particular patient’s medical care. We also stated that we would consider in a future rulemaking whether permitting transportation to non-medical services that are part of care coordination arrangements or are related to improving healthcare would be appropriate.86 In response to the OIG RFI, we received comments suggesting that the local transportation safe harbor should protect transportation for non-medical purposes that may nevertheless improve or maintain health. Such transportation might be to food stores or food banks, social services facilities (such as to apply for food stamps or housing assistance), exercise facilities, or chronic disease support groups, for example. In many cases, such transportation might help address both patients’ health outcomes as well as social determinants of health, such as transportation, nutrition, and housing. We are considering including nonmedical purposes in the final safe harbor, and we seek comments on whether and how the safe harbor could be expanded in this manner to foster innovative arrangements that are likely to improve health outcomes and address non-medical needs that significantly influence those outcomes, without creating an unacceptable risk of fraud and abuse, such as inducing beneficiaries to receive unnecessary healthcare items and services. We are considering whether such expansion of the safe harbor should be limited to certain beneficiary populations, such as chronically ill patients, or to patients who are being discharged from a hospital or other facility. Responses to this solicitation of comments will inform our consideration of potentially extending this safe harbor in the final rule to include these arrangements or potentially protecting arrangements in the patient engagement and support safe harbor, if finalized. Elsewhere in this rulemaking, we are proposing a new safe harbor for patient engagement tools and supports provided by VBE participants, which could include transportation for healthrelated, non-medical purposes. The protection of this safe harbor would not be available outside the context of a VBE, however, since the proposed safe harbor limits protection to patient engagement tools and supports furnished by VBE participants. We refer commenters to the standards and safeguards proposed for the separate safe harbor for patient engagement tools and supports (proposed at 86 See E:\FR\FM\17OCP2.SGM 81 FR 88368, 88384 (Dec. 7, 2016). 17OCP2 55752 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules 1001.952(hh)), and we solicit comments on whether these standards and safeguards are also appropriate for the local transportation safe harbor, to the extent that were to apply to transportation for non-medical purposes. In addition, we seek comments on whether an extension of the local transportation safe harbor in this manner is needed or appropriate, if the proposed separate safe harbor for patient engagement and support offered by VBE participants is adopted (proposed 1001.952(hh)). 4. Use of Ride-Sharing Services We are aware that some entities are providing transportation for medical items and services through the use of ride-sharing services. As we understand the use of these services, a hospital, for example, could arrange with a ridesharing service to provide rides for its patients, for which the hospital would be billed. We are aware that some members of the public may be uncertain about the application of the safe harbor in these circumstances. In the preamble to the final rule establishing the local transportation safe harbor, we noted the possibility that patient transportation would be provided via taxi.87 Although we did not explicitly refer to ride-sharing services, we see no difference between these services and taxis, for purposes of the safe harbor. We believe that nothing in the language of the safe harbor precludes their use. (By the same logic, the safe harbor does not preclude transportation via self-driving cars or other similar technology that serve as a taxi service, should they become available.) We invite any commenters who disagree to provide comments explaining the possible basis for the exclusion of ride-sharing programs from protection from the existing safe harbor. If we find such comments persuasive, we will consider an amendment to the safe harbor to explicitly protect transportation through ride-sharing programs. We note, however, that the same safe harbor requirements that apply to other forms of transportation also apply to transportation provided by ride-sharing services. These include the requirement that the availability of free or discounted transportation not be advertised. A taxi company, ridesharing service, or other provider of transportation could advertise that it provides transportation to medical appointments and suggest contacting medical providers to determine if free or discounted transportation is available to 87 81 FR at 88387. VerDate Sep<11>2014 20:24 Oct 16, 2019 their facilities. It cannot, however, advertise that it provides free or discounted transportation to a particular healthcare provider or group of providers. Such customer-specific advertising is within the control of the customer to prohibit, and therefore would be imputed to the customer (i.e., the entity paying for the transportation, regardless of whether that entity pays for the advertising), thus disqualifying the arrangement from safe harbor protection. To the extent that the ride-sharing service provides services other than transportation for the purpose of obtaining medical care, such services would not be protected by the safe harbor. Like a taxi driver, a ride-share driver could assist a patient in getting from a residence into a vehicle and from a vehicle into a medical provider’s facility, and this could include assisting the patient with a wheelchair, oxygen equipment, or the like. This would be considered part of the transportation service. In addition, a ride-sharing driver, taxi driver, or shuttle could, for example, provide the patient with transportation from a physician’s office or hospital to a pharmacy, for the purpose of obtaining a prescription (a medically necessary item) before taking the patient home. As noted in the preamble to the 2016 final rule establishing this safe harbor, a shuttle could also include a food store among its stops.88 However, transportation to a food store or any other location not for the purpose of obtaining medically necessary items or services, when provided on a patient-specific basis (i.e., not by a shuttle), is not protected by this safe harbor. Such transportation may be protected by the proposed safe harbor for value-based arrangements, as discussed elsewhere in this proposed rule. Finally, we note that, as with all safe harbors, the local transportation safe harbor applies only to the Federal antikickback statute (and the beneficiary inducements CMP). Providers of transportation remain subject to all other federal, state and local laws and regulations that may be applicable to their activities and arrangements. M. ACO Beneficiary Incentive Program 1. Overview of Medicare Shared Savings Program and Provisions of the Budget Act of 2018 for ACO Beneficiary Incentive Programs Section 1899 of the Act established the Medicare Shared Savings Program, which promotes accountability for a 88 81 Jkt 250001 PO 00000 FR 88384. Frm 00060 Fmt 4701 Sfmt 4702 patient population, fosters coordination of items and services under Medicare Parts A and B, encourages investment in infrastructure and redesigned care processes for high-quality and efficient healthcare service delivery, and promotes higher value care. The Medicare Shared Savings Program is a voluntary program that encourages groups of doctors, hospitals, and other healthcare providers to come together as an ACO to lower growth in expenditures and improve quality. An ACO agrees to be held accountable for the quality, cost, and experience of care of an assigned Medicare FFS beneficiary population. ACOs that successfully meet quality and savings requirements share a percentage of the achieved savings with Medicare. Section 1899(m)(1)(A) of the Act, as added by section 50341 of the Budget Act of 2018,89 permits ACOs under certain two-sided models to operate CMS-approved beneficiary incentive programs to provide incentive payments to assigned beneficiaries who receive qualifying primary care services. According to CMS, and as intended by section 1899(m)(1)(A) of the Act, the beneficiary incentive programs will encourage beneficiaries assigned to certain ACOs to obtain medically necessary primary care services while requiring such ACOs to comply with program integrity and other requirements.90 CMS, in a final rule establishing regulations governing ACO Beneficiary Incentive Programs states that the agency ‘‘believe[s] that such amendments will empower individuals and caregivers in care delivery.’’ 91 Specifically, the Budget Act of 2018 added section 1899(m)(1)(A) of the Act, which allows ACOs to apply to operate an ACO Beneficiary Incentive Program. The Budget Act of 2018 also added a new subsection (m)(2) to section 1899 of the Act, which provides clarification regarding the general features, implementation, duration, and scope of approved ACO Beneficiary Incentive Programs. In addition, the Budget Act of 2018 added section 1899(b)(2)(I) of the Act, which requires ACOs that seek to operate a beneficiary incentive program to apply to operate the program at such time, in such manner, and with such information as the Secretary may require.92 89 Public Law 115–123, 132 Stat. 64. Program; Medicare Shared Savings Program; Accountable Care Organizations— Pathways to Success and Extreme and Uncontrollable Circumstances Policies for Performance Year 2017, 83 FR 67816, 67823 (Dec. 31, 2018). 91 Id. at 67980. 92 For additional background information on section 1899(m) and 1899(b)(2)(I), see Medicare 90 Medicare E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules In order to implement the changes set forth in section 1899(b)(2) and (m) of the Act, CMS added regulation text at 42 CFR 425.304(c) that allows ACOs participating under certain two-sided models to establish CMS-approved beneficiary incentive programs to provide incentive payments to assigned beneficiaries who receive qualifying services. 2. ACO Beneficiary Incentives Program Statutory Exception and Proposed Safe Harbor (1001.952(kk)) Section 50341(b) of the Budget Act of 2018, which added section 1128B(b)(3)(K) of the Act, states that ‘‘illegal remuneration’’ under the antikickback statute does not include ‘‘. . . an incentive payment made to a Medicare fee-for-service beneficiary by an ACO under an ACO Beneficiary Incentive Program established under subsection (m) of section 1899, if the payment is made in accordance with the requirements of such subsection and meets such other conditions as the Secretary may establish.’’ We propose to codify the statutory exception to the definition of ‘‘remuneration’’ at section 1128B(b)(3)(K) of the Act in our regulations at proposed paragraph 1001.952(kk). We propose to adopt regulatory language nearly identical to the statutory language, with two exceptions. First, the text of the proposed safe harbor would make it clear that an ACO may furnish incentive payments only to assigned beneficiaries. Second, the safe harbor would modify the statutory language stating, ‘‘if the payment is made in accordance with the requirements of such subsection,’’ to ‘‘if the incentive payment is made in accordance with the requirements found in such subsection.’’ Note that we do not propose the establishment of any additional safe harbor conditions that incentive payments made by an ACO to an assigned beneficiary under an ACO Beneficiary Incentive Program established under section 1899(m) of the Act must satisfy. The ACO Beneficiary Incentive Program statutory exception, found at section 1128B(b)(3)(K) of the Act, requires that ‘‘the payment is made in accordance with the requirements of [section 1899(m)].’’ We read this provision to broadly incorporate all of the requirements found in section 1899(m) as requirements of the ACO Beneficiary Incentive Program statutory Program; Medicare Shared Savings Program; Accountable Care Organizations—Pathways to Success and Extreme and Uncontrollable Circumstances Policies for Performance Year 2017, 83 FR 67816 (Dec. 31, 2018). VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 exception to the definition of ‘‘remuneration’’ under the Federal antikickback statute. In other words, we believe that for an incentive payment to satisfy the ACO Beneficiary Incentive Program statutory exception, and the corresponding safe harbor proposed at paragraph 1001.952(kk), all of the requirements enumerated at section 1899(m)—related both to ACO Beneficiary Incentive Programs and incentive payments made pursuant to such programs—must, and would be required to, be satisfied. While section 1899(m) of the Act also includes a provision that states, ‘‘[t]he Secretary shall permit such an ACO to establish such a program at the Secretary’s discretion and subject to such requirements, including program integrity requirements, as the Secretary determines necessary,’’ 93 we do not interpret the statutory exception found at section 1128B(b)(3)(K) of the Act to require satisfaction of any requirements found outside of section 1899(m) (e.g., the regulatory requirements established by CMS implementing the ACO Beneficiary Incentive Program, found at 42 CFR 425.304(c)).94 In other words, OIG interprets the statutory exception found at section 1128B(b)(3)(K) of the Act and would interpret the corresponding safe harbor proposed at paragraph 1001.952(kk), to require that the incentive payment is made in accordance with the requirements found in section 1899(m) of the Act. Given the requirements imposed on ACO Beneficiary Incentive Programs and incentive payments made pursuant to an ACO Beneficiary Incentive Program, found in section 1899(m), at this time, we do not believe it is necessary to create additional conditions under the proposed ACO Beneficiary Incentives Program safe harbor, paragraph 1001.952(kk). However, we are considering and seek comment on whether OIG should include additional conditions in this safe harbor. IV. Provisions of the Proposed Rule: Beneficiary Inducements CMP Exception This proposed rule would amend 42 CFR 1003.110 by codifying amendments 93 Section 1899(m)(1)(A) of the Act. in the final rule establishing the ACO Beneficiary Incentive Program, determined that the ACO Beneficiary Incentive Program required additional program integrity safeguards. CMS included several requirements at 42 CFR 425.304(c) to help mitigate the program integrity risks associated with ACO Beneficiary Incentive Programs. Under 42 CFR 425.304(c)(4)(iv), for example, ACOs are prohibited from offering an incentive payment as part of an advertisement or solicitation to beneficiaries. 94 CMS, PO 00000 Frm 00061 Fmt 4701 Sfmt 4702 55753 that were enacted in the Budget Act of 2018. This proposed rule would add an exception for the provision of certain telehealth technologies related to inhome dialysis services to the definition of ‘‘remuneration’’ applicable to the beneficiary inducements CMP, which prohibits offering inducements to Medicare or Medicaid beneficiaries that the offeror knows or should know are likely to influence the selection of particular providers, practitioners or suppliers. A. Statutory Exception for Telehealth Technologies for In-Home Dialysis As part of the Creating High-Quality Results and Outcomes Necessary to Improve Chronic Care Act of 2018, section 50302 of the Budget Act of 2018 amends section 1881(b)(3) of the Act to permit an individual with ESRD receiving home dialysis to elect to receive their monthly ESRD-related clinical assessments via telehealth, if certain other conditions are met.95 Section 50302(c) of the Budget Act of 2018 creates a new exception to the definition of ‘‘remuneration’’ in the beneficiary inducements CMP. Specifically, section 50302(c) of the Budget Act of 2018 adds the following exception as new section 1128A(i)(6)(J) of the Act: The provision of telehealth technologies (as defined by the Secretary) on or after January 1, 2019, by a provider of services or a renal dialysis facility (as such terms are defined for purposes of title XVIII) to an individual with end stage renal disease who is receiving home dialysis for which payment is being made under part B of such title, if: 95 Section 50302(b) of the Budget Act of 2018 made additional changes related to the provision of telehealth services to ESRD patients, such as the inclusion of a renal dialysis facility and the home of an individual as telehealth originating sites but only for the purposes of the monthly ESRD-related clinical assessments furnished through telehealth provided under section 1881(b)(3)(B) of the Act. For additional information, see Medicare Program; Revisions to Payment Policies Under the Physician Fee Schedule and Other Revisions to Part B for CY 2019; Medicare Shared Savings Program Requirements; Quality Payment Program; Medicaid Promoting Interoperability Program; Quality Payment Program-Extreme and Uncontrollable Circumstance Policy for the 2019 MIPS Payment Year; Provisions From the Medicare Shared Savings Program-Accountable Care Organizations-Pathways to Success; and Expanding the Use of Telehealth Services for the Treatment of Opioid Use Disorder Under the Substance Use-Disorder Prevention That Promotes Opioid Recovery and Treatment (SUPPORT) for Patients and Communities Act 83 FR 59452, 59495 (Nov. 23, 2018), available at https://www.govinfo.gov/content/pkg/FR-2018-1123/pdf/2018-24170.pdf. See also 42 CFR 410.78, 414.65. E:\FR\FM\17OCP2.SGM 17OCP2 55754 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules (i) The telehealth technologies are not offered as part of any advertisement or solicitation; (ii) the telehealth technologies are provided for the purpose of furnishing telehealth services related to the individual’s end stage renal disease; and (iii) the provision of the telehealth technologies meets any other requirements set forth in regulations promulgated by the Secretary. This exception would be available only for telehealth technologies, as defined below, furnished by a provider of services or a renal dialysis facility to patients with ESRD who receive inhome dialysis that is payable by Medicare Part B. We propose to interpret this exception, in our proposed condition (i), to require that the telehealth technologies be furnished to the individual by the provider of services or the renal dialysis facility (as those terms are defined in title XVIII of the Act) that is currently providing the in-home dialysis, telehealth visits, or other ESRD care to the patient. The underlying intent of this proposed condition (i) is to prevent arrangements where providers and suppliers offer telehealth technologies to patients with whom they do not have a prior clinical relationship in an attempt to steer patients to a particular provider or supplier. We seek comment on this proposed condition (i), and in particular, any challenges this condition would create. In addition, while we are aware of the increasing proliferation of telehealth services, and the likely desire of other healthcare industry stakeholders to furnish telehealth technologies to patients receiving telehealth services, the statutory exception, and therefore, this proposal, is limited to a subset of patients receiving in-home dialysis and certain, enumerated providers in the statutory exception. We further note that the provision of telehealth technologies might qualify for protection under other existing or proposed exceptions or safe harbors, including the proposed safe harbor for patient engagement and support, paragraph 1001.952(hh). That being said, we seek comment on whether we should, for purposes of the final rule, interpret the statutory exception to apply not only to the ‘‘provider of services or the renal dialysis facility (as those terms are defined in tile XVIII of the Act),’’ but also suppliers, as defined in title XVIII of the Act. We solicit comments on this issue, in recognition of the underlying congressional intent and policy goals set forth in Section 50302(b) of the Budget Act of 2018: Expanding patient access to VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 in-home dialysis care, furnished by their physician. The first criterion included in the statutory exception provides that protected items or services may not be offered as part of any advertisement or solicitation. We are including this requirement in our proposed regulation at proposed condition (ii). As we have said in other rulemakings, we propose that stakeholders interpret the terms ‘‘advertisement’’ and ‘‘solicitation’’ consistent with their common usage in the healthcare industry.96 The second criterion included in the statutory exception requires the telehealth technologies to be provided for the purpose of furnishing telehealth services related to the individual’s ESRD. At proposed condition (iii), we propose to interpret ‘‘for the purpose of furnishing telehealth services related to the individual’s end stage renal disease’’ to mean that the technology contributes substantially to the provision of telehealth services related to the individual’s ESRD, is not of excessive value, and is not duplicative of technology that the beneficiary already owns if that technology is adequate for the telehealth purposes. We would consider technology to be of excessive value if the retail value of the technology is substantially more than is required for the telehealth purpose. For example, if a readily available $300 smartphone would adequately run the telehealth technology, the safe harbor would not protect a donation of a $600 smartphone. To ensure that this proposed safe harbor protects the provision of telehealth technologies ‘‘for the purpose of furnishing telehealth services related to the individual’s end stage renal disease’’ and not to induce referrals, we are also considering for the final rule, and seek comment on, a condition that would require the provider or facility to retain ownership of any hardware and make reasonable efforts to retrieve the hardware once the beneficiary no longer needs it for the permitted telehealth purposes (such that the hardware is loaned to the beneficiary). We remain concerned that the provision of telehealth technology with substantial independent value to the beneficiary might serve to induce the beneficiary to choose a particular provider or facility. We are considering, and solicit comments about, whether the final rule should interpret ‘‘for the purpose of furnishing telehealth services related to the individual’s end stage renal disease’’ in a more restrictive manner. For example, we are 96 See, PO 00000 e.g., 81 FR 88368, 88373 (Dec. 7, 2016). Frm 00062 Fmt 4701 Sfmt 4702 considering for the final rule and seek comments on whether the exception should protect telehealth technologies that provide the beneficiary with no more than a de minimis benefit for any purpose other than furnishing telehealth services related to the individual’s ESRD. We also are considering for the final rule and seek comments on another standard that would protect telehealth technologies only when furnished predominantly for the purpose of furnishing telehealth services related to the individual’s ESRD. We propose to interpret ‘‘telehealth services related to the individual’s end stage renal disease’’ to mean only those telehealth services paid for by Medicare Part B. CMS maintains a list of services payable under the Medicare Physician Fee Schedule when furnished via telehealth. We solicit comments on this interpretation. The statutory exception’s third criterion allows the Secretary to develop additional requirements not specified in the statutory exception and requires the Secretary to define ‘‘telehealth technologies.’’ Below we propose a definition of ‘‘telehealth technologies’’ and further enumerate requirements under the new exception to the definition of ‘‘remuneration’’ for the beneficiary inducements CMP. B. Additional Proposed Conditions for the Telehealth Technologies Exception Under proposed condition (iv), a person must not bill Federal health care programs, other payors, or individuals for the telehealth technologies, claim the value of the item or service as a bad debt for payment purposes under a Federal health care program, or otherwise shift the burden of the value of the telehealth technologies onto a Federal health care program, other payors, or individuals. This proposed requirement is designed to protect against the telehealth technologies resulting in inappropriately increased costs to Federal health care programs, other payors, and patients. In this requirement, we propose to prohibit claiming the cost of the telehealth technologies and any operational costs attendant to providing telehealth technologies as bad debt for payment purposes under Medicare or a State healthcare program or otherwise shifting the burden of the cost of the telehealth technologies and any operational costs attendant to the provision of patient incentives to Medicare, a State healthcare program, other payors, or individuals. We seek comments on this proposed condition. E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules C. Defining Telehealth Technologies We propose to define ‘‘telehealth technologies’’ for the purposes of the definition of the term ‘‘remuneration’’ as set forth in 42 CFR 1003.110 and the telehealth technologies exception to section 50302(c) of the Budget Act of 2018. In proposing such definition, we consulted with CMS and solicited comments in the OIG RFI regarding how OIG should define ‘‘telehealth technologies’’ and if the definition should include ‘‘services.’’ Based on the collective input we received, we propose to adopt, as part of our definition of ‘‘telehealth technologies,’’ the definition of ‘‘interactive telecommunications system’’ found at 42 CFR 410.78. Under 42 CFR 410.78, Medicare Part B pays for covered telehealth services included on the telehealth list when furnished using an ‘‘interactive telecommunications system’’ if certain conditions are met. 42 CFR 410.78(a)(3) defines an ‘‘interactive telecommunications system’’ to mean ‘‘multimedia communications equipment that includes, at a minimum, audio and video equipment permitting two-way, real-time interactive communication between the patient and distant site physician or practitioner. Telephones, facsimile machines, and electronic mail systems do not meet the definition of an interactive telecommunications system.’’ For the purposes of this exception, we propose to define ‘‘telehealth technologies’’ as the following: ‘‘multimedia communications equipment that includes, at a minimum, audio and video equipment permitting two-way, real-time interactive communication between the patient and distant site physician or practitioner used in the diagnosis, intervention or ongoing care management—paid for by Medicare Part B—between a patient and the remote healthcare provider. Telephones, facsimile machines, and electronic mail systems do not meet the definition of ‘telehealth technologies.’ ’’ For the purposes of our definition of ‘‘telehealth technologies,’’ smart phones that allow for two-way, real-time interactive communication through secure, video conferencing applications would not be considered ‘‘telephones.’’ We solicit comments this definition, and are interested in comments that explain whether, and why, this definition would be too narrow, or too broad, and elaborate upon any attendant risks of fraud and abuse associated with the adoption of this definition. We also solicit comments on whether ‘‘[t]elephones, facsimile machines, and electronic mail systems,’’ as used in in VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 42 CFR 410.78(a)(3), should be excluded from our definition of ‘‘telehealth technologies.’’ We are also considering for the final rule, and seek comment on, whether to define ‘‘telehealth technologies’’ to include technologies such as software, a webcam, data plan, or broadband internet access that facilitates the telehealth encounter. This might include, for example, software that allows a patient to use his or her existing smartphone, tablet, or computer to receive telehealth consultations. We are interested in comments on whether and how broadening the exception to include these kinds of technologies might impact access to medically necessary care for beneficiaries. We are further interested in comments on whether such broadening would create an undue risk of remuneration that would inappropriately steer beneficiaries to particular providers or suppliers to obtain federally reimbursable items and services, and whether there would be limitations or conditions on the provision of telehealth technologies that we could include in an exception to curb potential abuses, such as a limitation on the value of the remuneration (e.g., a cap on the retail value of the telehealth technologies furnished, such as $100, $200, $500, or another amount that would be of sufficient magnitude to protect the most beneficial arrangements while also preventing the most abusive ones). D. Other Potential Safeguards 1. Consistent Provision of Telehealth Technologies In addition to the proposed conditions set forth above, we are considering for the final rule and seek comment on whether, as a condition of safe harbor protection, parties should be prohibited from discriminating in the offering of telehealth technologies. Such a safe harbor condition would require providers and renal dialysis facilities to provide the same telehealth technologies to any Medicare Part B eligible patient receiving in-home dialysis, or to otherwise consistently offer telehealth technologies to all patients satisfying specified, uniform criteria. This potential condition could reduce the likelihood that telehealth technologies would be offered selectively based on whether the patient generates other billable business for the provider or facility. We solicit comments on this issue. In particular, we are interested in understanding whether this proposed safeguard would limit providers of services’ or renal dialysis facilities’ ability to offer PO 00000 Frm 00063 Fmt 4701 Sfmt 4702 55755 incentives due to the potential cost of furnishing the incentive to all qualifying patients rather than a smaller subset. Similarly, we are interested in why offering remuneration to a smaller subset of qualifying patients might be appropriate and not increase the risk of fraud and abuse. 2. Necessary Technology For purposes of the final rule, we are considering allowing a person to furnish telehealth technologies under the safe harbor only after making a good faith determination that the individual to whom the technology is furnished does not already have the necessary telehealth technology, and that such technology is necessary for the telehealth services provided. For instance, if an application on a patient’s existing phone would be sufficient, but the patient is furnished a new tablet, this would be considered duplicative or unnecessary. Should the recipient already possess technology that allows the telehealth visit to occur, we are concerned that a person may furnish additional valuable or duplicative technology for inappropriate purposes (e.g., to induce a patient to select a particular provider for in-home dialysis, or to seek other items and services from that provider). We seek comment on this potential safeguard. We also are considering, and seek comment regarding, a condition in the final rule that would require the person who furnishes the telehealth technologies to take reasonable steps to limit the use of the telehealth technologies by the individual to the telehealth services described on the Medicare telehealth list. 3. Notice to Patients One commenter to the OIG RFI noted that patients may be confused by the technology, or the reason they are receiving a piece of technology, and unaware of costs associated with telehealth visits. We are considering adding in the final rule a condition that requires providers or facilities to provide a written explanation of the reason for the technology and any potential ‘‘hidden’’ costs associated with the telehealth services to any patient who elects to receive telehealth technology. We solicit comments on these perceived risks to patients, and whether to include a written notice requirement in the final rule, and if so, what that notice should state. 4. Patient Freedom of Choice We also are considering finalizing a condition that is designed to preserve patient freedom of choice among E:\FR\FM\17OCP2.SGM 17OCP2 55756 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules healthcare providers and the manner in which he or she receives dialysis services under arrangements that would use the proposed exception. In particular, we are considering a condition in the exception that would require offerors of telehealth technologies to advise patients when they receive such technology that they retain the freedom to choose any provider or supplier of dialysis services and to receive dialysis in any appropriate setting. We are also concerned that some patients may be persuaded to opt for telehealth visits due to the generous telehealth technologies and services being offered, rather than clinical appropriateness. We solicit comments on including this potential safeguard, and whether adding freedom of choice language to a patient notification would reduce this concern. 5. Materials and Records Requirement The proposed exception would not include a materials and records or other documentation requirement given the somewhat narrow scope of the remuneration that would be excepted from the definition of ‘‘remuneration’’ and consistent with other exceptions to the definition of ‘‘remuneration’’ set forth in 42 CFR 1003.110. We solicit comments on this approach and any fraud and abuse risks presented by not including a condition related to materials and records. V. Regulatory Impact Statement As set forth below, we have examined the impact of this proposed rule as required by Executive Order 12866, the Regulatory Flexibility Act (RFA) of 1980, the Unfunded Mandates Reform Act of 1995, Executive Order 13132, and Executive Order 13771. We provide additional supporting analyses in sections F, G, and H. A. Executive Order 12866 Executive Order 12866 directs agencies to assess all costs and benefits of available regulatory alternatives and if regulations are necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety effects; distributive impacts; and equity). A regulatory impact analysis must be prepared for major rules with economically significant effects (i.e., $100 million or more in any given year). This proposed rule would codify a new CMP exception and implement new or revised anti-kickback statute safe harbors. The vast majority of providers and Federal health care programs would be minimally impacted from an economic perspective, if at all, VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 by these proposed revisions. The changes to the safe harbors and CMP exceptions would allow providers to enter into certain beneficial arrangements. In doing so, this regulation would impose no requirements on any party. Providers would be allowed to voluntarily seek to comply with these provisions so that they would have assurance that participating in certain arrangements would not subject them to liability under the anti-kickback statute and the beneficiary inducements CMP. These safe harbors and exceptions facilitate providers’ ability to provide important healthcare and related services to communities in need. We believe that the aggregate economic impact of the changes to these regulations would be minimal and would have no effect on the economy or on Federal or State expenditures. Accordingly, we believe that the likely aggregate economic effect of these regulations would be significantly less than $100 million. However, this rule is considered significant under Executive Order 12866. Notwithstanding our determination that the aggregate economic impact of the changes to these regulations would be minimal and would have no effect on the economy or on Federal or State expenditures, we solicit comments on whether stakeholders believe there would be increases or decreases in utilization or costs savings or expenses to the Government as a result of this proposed rule. We are interested in potential behavioral changes as well. B. Regulatory Flexibility Act The RFA and the Small Business Regulatory Enforcement and Fairness Act of 1996, which amended the RFA, require agencies to analyze options for regulatory relief of small businesses. For purposes of the RFA, small entities include small businesses, nonprofit organizations, and Government agencies. Most providers are considered small entities by having revenues of $7 million to $35.5 million or less in any one year. For purposes of the RFA, most physicians and suppliers are considered small entities. We estimate the changes to the CMP exceptions and the antikickback statute safe harbors would not significantly affect small providers, as these changes would not impose any requirement on any party. As a result, we have concluded that this proposed rule likely will not have a significant impact on a substantial number of small providers and that a regulatory flexibility analysis is not required for this rulemaking. In addition, section 1102(b) of the Act requires us to prepare PO 00000 Frm 00064 Fmt 4701 Sfmt 4702 a regulatory impact analysis if a rule under Titles XVIII or XIX or section B of Title XI of the Act may have a significant impact on the operations of a substantial number of small rural hospitals. For the reasons stated above, we do not believe that any provisions or changes finalized here would have a significant impact on the operations of rural hospitals. Thus, an analysis under section 1102(b) of the Act is not required for this rulemaking. C. Unfunded Mandates Reform Act Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law 104–4, also requires that agencies assess anticipated costs and benefits before issuing any rule that may result in expenditures in any one year by State, local, or Tribal Governments, in the aggregate, or by the private sector, of $100 million, adjusted for inflation. We believe that no significant costs would be associated with these proposed revisions that would impose any mandates on State, local, or Tribal Governments or the private sector that would result in an expenditure of $154 million (after adjustment for inflation) in any given year. D. Executive Order 13132 Executive Order 13132 establishes certain requirements that an agency must meet when it promulgates a rule that imposes substantial direct requirements or costs on State and local Governments, preempts State law, or otherwise has Federalism implications. In reviewing this rule under the threshold criteria of Executive Order 13132, we have determined that this proposed rule would not significantly affect the rights, roles, and responsibilities of State or local Governments. E. Executive Order 13771 Executive Order 13771 (January 30, 2017) requires that the costs associated with significant new regulations ‘‘to the extent permitted by law, be offset by the elimination of existing costs associated with at least two prior regulations.’’ This proposed rule has been designated a significant regulatory action as defined by Executive Order 12866 but imposes no more than de minimis costs. The designation of this rule, if finalized, will be informed by public comments received; however, this proposed rule, if finalized as proposed, would be neither a regulatory nor a deregulatory action under Executive Order 13771. F. Statement of Need The Department has identified the broad reach of the Federal anti-kickback E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules statute and beneficiary inducements CMP as potentially inhibiting beneficial arrangements that would advance the ability of providers, suppliers, and others to transition more effectively and efficiently to value-based care and to better coordinate care among providers, suppliers, and others in both the Federal health care programs and commercial sectors. Industry stakeholders have informed us that, because the consequences of potential noncompliance with the Federal antikickback statute and beneficiary inducements CMP could be significant, providers, suppliers, and others may be discouraged from entering into innovative arrangements that could improve quality outcomes, produce health system efficiencies, and lower healthcare costs (or slow their rate of growth). To the extent providers are discouraged from entering into these innovative arrangements, patient care may not be provided as efficiently as possible. In addition, the potential consequences of noncompliance with these statutes may impede the ability of providers, suppliers, and others, including small providers and suppliers or those serving rural or medically underserved populations, to raise capital to invest in the transition to value-based care or to obtain infrastructure necessary to coordinate patient care, including technology. This unnecessarily slows the transition toward more efficient patient care. This proposed rule attempts to address these concerns by removing unnecessary impediments to the transformation of the healthcare system into one that better pays for and delivers value. To remove regulatory barriers to care coordination and support value-based arrangements, we faced the challenge of designing safe harbor protections for emerging healthcare arrangements, the optimal form, design, and efficacy of which remain unknown or unproven. These arrangements will be driven by the determinations and experiences of a wide range of providers, suppliers, and others as they innovate in delivering value-based care. This challenge is further complicated by the substantial variation in care coordination and value-based arrangements contemplated by the healthcare industry and others (meaning that one-size-fits-all safe harbor designs may not be optimal), variation among patient populations and provider characteristics, emerging health technologies and data capabilities, the still-developing science of quality and performance measurement, and our desire not to chill beneficial innovations. VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 It is difficult to gauge the effects of this regulatory action in a rapidly evolving and diverse healthcare ecosystem of substantial innovation, experimentation, and deployment of technology and digital data. For example, it is difficult to gauge reductions in wasteful healthcare spending and improved health outcomes as a result of new arrangements made possible by this proposed rule. It is also difficult to quantify savings or losses that could occur as a result of new fraudulent or abusive conduct that could increase costs or lead to poor outcomes as a result of new arrangements. In some cases, innovations and the availability of more actionable, transparent data may enhance program integrity and protect against fraud and abuse, reducing costs and increasing benefits. There is a compelling concern that uncertainty and regulatory barriers under current regulations could prevent the best and most efficacious innovations from emerging and being tested in the marketplace. Our goal is to finalize safe harbors that protect arrangements that foster beneficial arrangements and promote value, while also protecting programs and beneficiaries against harms cause by fraud and abuse. G. Anticipated Effects This proposed rule would add a new CMP exception and anti-kickback statute safe harbors and modify existing anti-kickback statute safe harbors. Specifically, we propose to add several new safe harbor protections for certain value-based arrangements, including care coordination arrangements, arrangements with varying levels of downside financial risk, as well as outcomes-based payment arrangements, and protection for certain remuneration provided to Federal health care program beneficiaries in the form of incentives and supports. We anticipate that the proposed rule would have potential relevance to the majority of the types of providers and suppliers participating in Federal health care programs and others in commercial sectors, as well as the Federal health care programs and Federal health care program beneficiaries. We note that certain categories of providers, suppliers, and others are not eligible to use the proposed rule: Pharmaceutical manufacturers; manufacturers, distributors, and suppliers of DMEPOS; and laboratories. To estimate the number of providers and suppliers affected by this rule, we use US Census data. According to the US Census, there were 7,370 medical, dental, and hospital PO 00000 Frm 00065 Fmt 4701 Sfmt 4702 55757 equipment and supplies merchant wholesaler firms; 482,522 ambulatory healthcare service firms; 3,293 hospital firms; and 9,153 nursing care facility firms operating in the US in 2015.97 We request public comment on the entities affected by the rule. We anticipate that a growing proportion of such providers and suppliers would be interested in reviewing and using these voluntary rules over time. Because compliance with safe harbors and CMP exceptions is voluntary and an arrangement need not fit in a safe harbor or exception to be legal, we anticipate that not all providers and suppliers would review the new regulations and use them. We estimate that 5 percent of affected entities that would be eligible to use the proposed rules may be interested in exploring value-based arrangements made possible by the rule in each of the first 10 years following publication of the final rule, leading those entities to review the rule. We estimate that reviewing the final rule will require an average of one hour of time each from a compliance officer and a lawyer. To estimate the costs associated with this review, we use a 2018 wage rate of $34.86 for compliance officers and $69.34 for lawyers from the Bureau of Labor Statistics,98 and we double those wages to account for overhead and benefits. As a result, we estimate total regulatory review costs of $5.2 million in each of the first 10 years following finalization of the rule. We note that these costs are divided among approximately 25,000 entities each year, and therefore should be considered de minimis from the perspective of affected entities. We seek public comment on these assumptions. The Department does not collect data regarding the number of providers, suppliers, and other individuals and entities that have entered into an arrangement that meets an existing safe harbor. Compliance with safe harbors is voluntary, and generally the question whether an arrangement complies with a safe harbor arises in the context of a defense raised by a defendant in an enforcement matter. Therefore, we cannot quantify with certainty the number of arrangements or number of healthcare providers, suppliers, and others who may avail themselves of these protections. For this reason, it is 97 U.S. Census Bureau, 2015 SUSB Annual Data Tables by Establishment Industry, https:// www.census.gov/data/tables/2015/econ/susb/2015susb-annual.html. 98 U.S. Department of Labor, Bureau of Labor Statistics, May 2018 National Occupational Employment and Wage Estimates United States, https://www.bls.gov/oes/2018/may/oes_nat.htm. E:\FR\FM\17OCP2.SGM 17OCP2 55758 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules difficult, if not impossible, to assess the costs and benefits of these proposals, and to estimate changes in the number of arrangements that meet new or existing safe harbors. We seek public comment on the effect of this rule on changes in the number of agreements or arrangements that meet new or existing safe harbors. Many affected providers and suppliers currently incur costs related to structuring arrangements to comply with existing fraud and abuse laws. While these proposals may not result in a reduction in compliance-related costs, we do not expect this rulemaking to increase total incremental costs. Rather, we expect that providers and suppliers interested in taking advantage of these new arrangements in order to more efficiently deliver care will shift resources currently devoted to complying with existing requirements to create and analyze new arrangements under these proposals. By way of example only, should a hospital expend resources to review—from a Federal anti-kickback statute perspective—a financial arrangement with a skilled nursing facility, any newly promulgated or revised safe harbors would be unlikely to change the amount of resources necessary to conduct such a review. As another example, should a hospital already document—by a written agreement—any financial arrangement with a skilled nursing facility, any newly promulgated or revised safe harbors would be unlikely to change the amount of resources necessary to enter into that written agreement. We seek public comment on these assumptions. We also propose to add or revise safe harbor protections under the Federal anti-kickback statute for donations of cybersecurity technology, EHR arrangements, warranties, and local transportation. The new proposed safe harbor for cybersecurity technology and related services would be available to any provider, supplier, or other individual or entity. We expect broad use of this proposed safe harbor, with reduced costs for smaller and less wellequipped providers and overall savings for the national health system in reduced costs from cyberattacks, ransomware, and similar threats. Proposed modifications to the EHR safe harbor are modest and would clarify that protection for certain cybersecurity technology is included as part of an electronic health records arrangement, update provisions regarding interoperability to align with newer CMS and ONC standards in a manner that is not expected to increase costs as a result of this rulemaking and remove VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 the sunset date. The EHR safe harbor would continue to be available to health plans and any individuals or entities, other than laboratories, that provide services covered by, and submit claims or requests for payment to, a Federal health care program. We would expect the same entities that are currently using the EHR safe harbor to continue to use the safe harbor with minimal, if any, additional regulatory review or compliance costs above current levels. We seek public comment on these assumptions. We propose to modify the existing local transportation safe harbor slightly to expand mileage limits for rural areas and for transportation for discharged patients. This would primarily expand protection under the AKS for hospitals and physician practices in rural areas voluntarily to transport patients to necessary medical appointments or to their homes following a hospital stay. We anticipate no incremental regulatory costs to hospitals or others from the proposed rule, which changes only the distance traveled and no other regulatory requirements. This safe harbor would continue to be available only to established patients and eligible entities, which do not include individuals or entities (or family members or others acting on their behalf) that primarily supply healthcare items. Further, the proposed rule would add a new safe harbor to protect certain arrangements and patient incentives provided by and among parties participating in CMS-sponsored models. CMS and OIG collectively, and OIG individually, have issued fraud and abuse waivers for 14 of these models. This proposed safe harbor would reduce the need for issuance of waivers, saving OIG 1,040 employee hours per year. We expect that CMS, including the Innovation Center, will continue to test these models and others in the future. The purpose of this safe harbor is to streamline participation in existing and future CMS-sponsored models to reduce complexity and the administrative burden on participants that seek protection under the fraud and abuse laws while participating in a CMSsponsored model. Although we cannot calculate the number of arrangements that CMS-sponsored model participants and CMS-sponsored model parties would undertake in the future, we expect this proposal would reduce the burden of documentation and the time, effort, and financial resources necessary to implement CMS-sponsored model arrangements and to provide CMSsponsored model patient incentives. The proposal also would result in PO 00000 Frm 00066 Fmt 4701 Sfmt 4702 uniform requirements under the antikickback statute and beneficiary inducements CMP for those models that qualify, further reducing burden on entities, such as hospitals and physician practices, that participate in multiple models that currently have different conditions for each waiver. We seek public comment on the extent to which these provisions will affect these models. Finally, the proposed rule would add a new safe harbor related to beneficiary incentives under the Medicare Shared Savings Program and a new CMP exception for certain telehealth technologies offered to patients receiving in-home dialysis, pursuant to the Budget Act of 2018. Although we cannot calculate the number of ACOs and their participants who would enter into arrangements that may qualify for protection under this safe harbor, we believe that this regulatory action would not create incremental costs for ACOs because it would reduce the amount of compliance resources ACOs currently use to provide beneficiary incentives. For example, we believe this action would reduce time, effort, and financial resources ACOs typically would incur to provide these beneficiary incentives under the applicable fraud and abuse waivers. We believe that the proposed telehealth technologies exception would reduce barriers to the use of in-home dialysis and could encourage increased use of home dialysis for beneficiaries. This could result in increased use of inhome dialysis for patients who would benefit relative to other treatment options. Ultimately, this could result in improved quality of care for beneficiaries with end-stage renal disease and overall cost savings to Federal health care programs because dialysis providers will have certainty that their arrangements will not result in CMP liability. This will also reduce burden by eliminating unnecessary travel costs for patients where in-home dialysis is more appropriate. We do not anticipate that this proposed rule will add any incremental costs to the regulatory costs dialysis providers already incur to comply with the new program rules under the Budget Act of 2018 because our requirements closely track CMS program rules. We seek public comment on the proposed rule’s effects on in-home dialysis. Given the information we have, including comments we received from the OIG RFI, we believe these proposals present the best approach to removing potential barriers to designing care coordination and other value-based arrangements that result in greater efficiency and improved care outcomes, E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules while minimizing the potential for the costs associated with fraud, waste, and abuse. We believe that the proposed rule would, on average, result in a net benefit to the healthcare industry, beneficiaries, and Federal health care programs and could alleviate the concerns expressed above. We believe there would be no incremental costs to providers and suppliers that already spend resources reviewing arrangements for compliance with fraud and abuse laws. Moreover, by adding flexibility to engage in certain innovative business arrangements without risk of liability under the statutes, we believe that these proposed regulations reduce the stringency of the existing regulatory scheme as it would otherwise apply to certain value-based arrangements; in addition, by offering new pathways to protect value-based arrangements, the proposed regulations would reduce inefficient behaviors, particularly industry behaviors that drive volumebased healthcare. We would benefit from public input and information during the comment period regarding whether these proposals likely would have a net benefit on the industry and whether different or modified proposals would better facilitate the goals outlined in this proposed rule. H. Alternatives Considered We carefully considered the option of not pursuing regulatory action. However, based on comments to the OIG RFI, responses to OIG’s annual Solicitation of New Safe Harbors and Special Fraud Alerts, and other industry feedback, we believe a need for regulatory reform exists in order to provide stakeholders with the flexibility necessary for innovative care delivery and payment redesign. We also considered several other alternative approaches to the proposed safe harbors, revisions to safe harbors, and proposed exception as explained in great detail in the preceding preamble. For example, our proposals endeavor to distinguish between beneficial care coordination arrangements and payment-for-referral schemes that do not serve, and may be contrary to, the goals of coordinated care and the shift to value. We considered, and would benefit from public comment on, the benefits of our proposals and efficient ways we may distinguish payments to reward or induce referrals from remuneration provided to promote or support legitimate care coordination activities. We also considered not using the value-based terms, definitions, and framework for proposed safe harbors VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 (ee), (ff), (gg), and (hh), but we concluded that the fraud and abuse risks of protecting arrangements without the guardrails created by the value-based framework were too high. We believe these risks are significant because our proposed safe harbors in (ee) and (hh) could potentially protect arrangements under which providers and suppliers are paid on a fee-for-service basis by Medicare, which rewards the volume of services performed and items furnished. VI. Paperwork Reduction Act This document does not impose information collection and recordkeeping requirements. Consequently, it need not be reviewed by the Office of Management and Budget under the authority of the Paperwork Reduction Act of 1995. List of Subjects 42 CFR Part 1001 Administrative practice and procedure, Fraud, Grant programs— health, Health facilities, Health professions, Maternal and child health, Medicaid, Medicare, Social Security. 42 CFR Part 1003 Fraud, Grant programs—health, Health facilities, Health professions, Medicaid, Reporting and recordkeeping. For the reasons set forth in the preamble, the Office of Inspector General, Department of Health and Human Services, proposes to amend 42 CFR parts 1001 and 1003 as follows: PART 1001—PROGRAM INTEGRITY— MEDICARE AND STATE HEALTH CARE PROGRAMS 1. The authority citation for part 1001 continues to read as follows: ■ Authority: 42 U.S.C. 1302, 1320a–7, 1320a–7a, 1320a–7b, 1320a–7d, 1395u(j), 1395u(k), 1395w–104(e)(6), 1395y(d), 1395y(e), 1395cc(b)(2)(D), (E) and (F), and 1395hh; and sec. 2455, Pub. L. 103–355, 108 Stat. 3327 (31 U.S.C. 6101 note). 2. Section 1001.952 is amended by: a. Revising paragraphs (d), (g) introductory text, (g)(1), (g)(3)(i), and (g)(4); ■ b. Adding paragraphs (g)(5) and (6) before the undesignated text at the end of paragraph (g); ■ c. Designating the undesignated text at the end of paragraph (g) as paragraph (g)(7) and revising it; ■ d. Revising paragraph (y) introductory text, the second sentence of paragraph (y)(2), and paragraph (y)(3); ■ e. Removing and reserving paragraphs (y)(7) and (13); ■ f. Designating the note to paragraph (y) as paragraph (y)(14) and revising it; ■ ■ PO 00000 Frm 00067 Fmt 4701 Sfmt 4702 55759 g. Revising paragraphs (bb)(1)(iv)(B) and (bb)(2)(iii); ■ h. Designating the note to paragraph (bb) as paragraph (bb)(3) and revising it; ■ i. Adding reserved paragraphs (cc) and (dd); and ■ j. Adding paragraphs (ee), (ff), (gg), (hh), (ii), (jj), and (kk). The revisions and additions read as follows: ■ § 1001.952 Exceptions. * * * * * (d) Personal services and management contracts and outcomesbased payment arrangements. (1) As used in section 1128B of the Act, ‘‘remuneration’’ does not include any payment made by a principal to an agent as compensation for the services of the agent, as long as all of the following standards are met: (i) The agency agreement is set out in writing and signed by the parties. (ii) The agency agreement covers all of the services the agent provides to the principal for the term of the agreement and specifies the services to be provided by the agent. (iii) The term of the agreement is not less than 1 year. (iv) The methodology for determining the compensation paid to the agent over the term of the agreement is set in advance, is consistent with fair market value in arm’s-length transactions and is not determined in a manner that takes into account the volume or value of any referrals or business otherwise generated between the parties for which payment may be made in whole or in part under Medicare, Medicaid, or other Federal health care programs. (v) The services performed under the agreement do not involve the counseling or promotion of a business arrangement or other activity that violates any State or Federal law. (vi) The aggregate services contracted for do not exceed those which are reasonably necessary to accomplish the commercially reasonable business purpose of the services. (2) As used in section 1128B of the Act, ‘‘remuneration’’ does not include any outcomes-based payment as long as all of the standards in paragraphs (d)(2)(i) through (ix) of this section are met: (i) The outcomes-based payment is made between or among parties that are collaborating to: (A) Measurably improve (or maintain improvement in) quality of patient care; or (B) Appropriately and materially reduce costs to, or growth in expenditures of, payors while improving, or maintaining the improved, quality of care for patients. E:\FR\FM\17OCP2.SGM 17OCP2 55760 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules (ii) To receive an outcomes-based payment, the agent satisfies one or more specific evidence-based, valid outcome measures that are: (A) Related to: (1) Measurably improving, or maintaining the improved, quality of patient care; (2) Appropriately and materially reducing costs to, or growth in expenditures of, payors while improving, or maintaining the improved quality of care for patients; or (3) Both; and (B) Selected based upon clinical evidence or credible medical support. (iii) The methodology for determining the aggregate compensation (including any outcomes-based payments) paid between or among the parties over the term of the agreement is: Set in advance; commercially reasonable; consistent with fair market value; and not determined in a manner that directly takes into account the volume or value of any referrals or business otherwise generated between the parties for which payment may be made in whole or in part by a Federal health care program. (iv) The agreement neither limits any party’s ability to make decisions in their patients’ best interest nor induces any party to reduce or limit medically necessary items or services. (v) The term of the agreement is not less than 1 year. (vi) The services performed under the agreement do not involve the counseling or promotion of a business arrangement or other activity that violates any State or Federal law. (vii) For each outcome measure under the agreement, the parties: (A) Regularly monitor and assess the agent’s performance, including the impact of the outcomes-based payment arrangement on patient quality of care; and (B) Periodically rebase during the term of the agreement, to the extent applicable. (viii) The parties set forth in a signed writing, in advance of, or contemporaneous with, the commencement of the terms of the outcomes-based payment arrangement. The writing states, at a minimum: The services to be performed by the parties for the term of the agreement; the outcome measure(s) the agent must satisfy to receive an outcomes-based payment; the clinical evidence or credible medical support relied upon by the parties to select the outcome measure(s); and the schedule for the parties to regularly monitor and assess the outcome measure(s). (ix) The principal has policies and procedures to promptly address and VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 correct identified material performance failures or material deficiencies in quality of care resulting from the outcomes-based payment arrangement. (3) For purposes of this paragraph (d): (i) An agent of a principal is any person, other than a bona fide employee of the principal, who has an agreement to perform services for, or on behalf of, the principal. (ii) Outcomes-based payments are limited to payments from a principal to an agent that: (A) Reward the agent for improving (or maintaining improvement in) patient or population health by achieving one or more outcome measures that effectively and efficiently coordinate care across care settings; or (B) Achieve one or more outcome measures that appropriately reduce payor costs while improving, or maintaining the improved quality of care for patients. (iii) Outcomes-based payments exclude any payments: (A) Made, directly or indirectly, by a pharmaceutical manufacturer; a manufacturer, distributor, or supplier of durable medical equipment, prosthetics, orthotics, or supplies; or a laboratory; or (B) That relate solely to the achievement of internal cost savings for the principal. * * * * * (g) Warranties. As used in section 1128B of the Act, ‘‘remuneration’’ does not include any payment or exchange of anything of value under a warranty provided by a manufacturer or supplier of one or more items and services (provided the warranty covers at least one item) to the buyer (such as a healthcare provider or beneficiary) of the items and services, as long as the buyer complies with all of the following standards in paragraphs (g)(1) and (2) of this section and the manufacturer or supplier complies with all of the following standards in paragraphs (g)(3) through (6) of this section: (1) The buyer (unless the buyer is a Federal health care program beneficiary) must fully and accurately report any price reduction of an item or service (including a free item or service) that was obtained as part of the warranty, in the applicable cost reporting mechanism or claim for payment filed with the Department or a State agency. * * * * * (3) * * * (i) The manufacturer or supplier must fully and accurately report any price reduction of an item or service (including free items and services) that the buyer obtained as part of the warranty on the invoice or statement PO 00000 Frm 00068 Fmt 4701 Sfmt 4702 submitted to the buyer and inform the buyer of its obligations under paragraphs (g)(1) and (2) of this section. * * * * * (4) The manufacturer or supplier must not pay any remuneration to any individual (other than a beneficiary) or entity for any medical, surgical, or hospital expense incurred by a beneficiary other than for the cost of the items and services subject to the warranty. (5) If a manufacturer or supplier offers a warranty for more than one item or one or more items and related services, the federally reimbursable items and services subject to the warranty must be reimbursed by the same Federal health care program and in the same Federal health care program payment. (6) The manufacturer or supplier must not condition a warranty on a buyer’s exclusive use of, or a minimum purchase of, any of the manufacturer’s or supplier’s items or services. (7) For purposes of this paragraph (g), the term warranty means: (i) Any written affirmation of fact or written promise made in connection with the sale of an item or bundle of items, or services in combination with one or more related items, by a manufacturer or supplier to a buyer, which affirmation of fact or written promise relates to the nature of the quality or workmanship and affirms or promises that such quality or workmanship is defect free or will meet a specified level of performance over a specified period of time; (ii) Any undertaking in writing in connection with the sale by a manufacturer or supplier of an item or bundle of items, or services in combination with one or more related items, to refund, repair, replace, or take other remedial action with respect to such item or bundle of items in the event that such item or bundle of items, or services in combination with one or more related items, fails to meet the specifications set forth in the undertaking, which written affirmation, promise, or undertaking becomes part of the basis of the bargain between a seller and a buyer for purposes other than resell of such item or bundle of items; or (iii) A manufacturer’s or supplier’s agreement to replace another manufacturer’s or supplier’s defective item or bundle of items (which is covered by an agreement made in accordance with this paragraph (g)), on terms equal to the agreement that it replaces. * * * * * (y) Electronic health records items and services. As used in section 1128B E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules of the Act, ‘‘remuneration’’ does not include nonmonetary remuneration (consisting of items and services in the form of software or information technology and training services, including certain cybersecurity software and services) necessary and used predominantly to create, maintain, transmit, receive, or protect electronic health records, if all of the conditions in paragraphs (y)(1) through (13) of this section are met: * * * * * (2) * * * For purposes of this paragraph (y)(2), software is deemed to be interoperable if, on the date it is provided to the recipient, it is certified by a certifying body authorized by the National Coordinator for Health Information Technology to electronic health record certification criteria identified in 45 CFR part 170. (3) The donor (or any person on the donor’s behalf) does not engage in a practice constituting information blocking, as defined in 45 CFR part 171, in connection with the donated items or services. * * * * * (7) [Reserved] * * * * * (13) [Reserved] * * * * * (14) For purposes of this paragraph (y), the following definitions apply: (i) Cybersecurity means the process of protecting information by preventing, detecting, and responding to cyberattacks; (ii) Health plan shall have the meaning set forth at § 1001.952(l)(2); (iii) Interoperable shall mean able to: (A) Securely exchange data with, and use data from other health information technology without special effort on the part of the user; (B) Allow for complete access, exchange, and use of all electronically accessible health information for authorized use under applicable State or Federal law; and (C) Does not constitute information blocking as defined in 45 CFR part 171; and (iv) Electronic health record shall mean a repository of electronic health information that: (A) Is transmitted by or maintained in electronic media; and (B) Relates to the past, present, or future health or condition of an individual or the provision of healthcare to an individual. * * * * * (bb) * * * (1) * * * (iv) * * * (B) Within 25 miles of the healthcare provider or supplier to or from which VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 the patient would be transported, or within 75 miles if the patient resides in a rural area, as defined in this paragraph (bb), except that, if the patient is being discharged from an inpatient facility and transported to the patient’s residence, or another residence of the patient’s choice, the mileage limits in this paragraph (bb)(1)(iv)(B) shall not apply; and * * * * * (2) * * * (iii) The eligible entity makes the shuttle service available only within the eligible entity’s local area, meaning there are no more than 25 miles from any stop on the route to any stop at a location where healthcare items or services are provided, except that if a stop on the route is in a rural area, the distance may be up to 75 miles between that stop and any providers or suppliers on the route; * * * * * (3) For purposes of this paragraph (bb), the following definitions apply: (i) An eligible entity is any individual or entity, except for individuals or entities (or family members or others acting on their behalf) that primarily supply healthcare items; (ii) An established patient is a person who has selected and initiated contact to schedule an appointment with a provider or supplier, or who previously has attended an appointment with the provider or supplier; (iii) A shuttle service is a vehicle that runs on a set route, on a set schedule; (iv) A rural area is an area that is not an urban area, as defined in paragraph (bb)(3)(v) of this section; and (v) An urban area is: (A) A Metropolitan Statistical Area (MSA) or New England County Metropolitan Area (NECMA), as defined by the Executive Office of Management and Budget; or (B) The following New England counties, which are deemed to be parts of urban areas under section 601(g) of the Social Security Amendments of 1983 (Pub. L. 98–21, 42 U.S.C. 1395ww (note)): Litchfield County, Connecticut; York County, Maine; Sagadahoc County, Maine; Merrimack County, New Hampshire; and Newport County, Rhode Island. (cc)–(dd) [Reserved] (ee) Care coordination arrangements to improve quality, health outcomes, and efficiency. As used in section 1128B of the Act, ‘‘remuneration’’ does not include the exchange of anything of value pursuant to a value-based arrangement if all of the standards in paragraphs (ee)(1) through (12) of this section are met: PO 00000 Frm 00069 Fmt 4701 Sfmt 4702 55761 (1) The VBE participants establish one or more specific evidence-based, valid outcome measures against which the recipient will be measured and which the parties reasonably anticipate will advance the coordination and management of care of the target patient population. (2) The value-based arrangement is commercially reasonable, considering both the arrangement itself and all value-based arrangements within the VBE. (3) In advance of, or contemporaneous with, the commencement of the valuebased arrangement or any material change to the value-based arrangement, the offeror of the remuneration and any recipient(s) of such remuneration have set forth the terms of the value-based arrangement in a signed writing. The writing states, at a minimum: (i) The value-based activities to be undertaken by the parties to the valuebased arrangement; (ii) The term of the value-based arrangement; (iii) The target patient population; (iv) A description of the remuneration; (v) The offeror’s cost for the remuneration; (vi) The percentage of the offeror’s cost contributed by the recipient; (vii) If applicable, the frequency of the recipient’s contribution payments for ongoing costs; and (viii) The specific evidence-based, valid outcome measure(s) against which the recipient will be measured. (4) The remuneration exchanged: (i) Is in-kind; (ii) Is used primarily to engage in value-based activities that are directly connected to the coordination and management of care for the target patient population; (iii) Does not induce VBE participants to furnish medically unnecessary items or services or reduce or limit medically necessary items or services furnished to any patient; and (iv) Is not funded by, and does not otherwise result from the contributions of, any individual or entity outside of the applicable VBE. (5) The offeror of the remuneration does not take into account the volume or value of, or condition the remuneration on: (i) Referrals of patients who are not part of the target patient population; or (ii) Business not covered under the value-based arrangement. (6) The recipient pays at least 15 percent of the offeror’s cost for the inkind remuneration. If a one-time cost, the recipient makes such contribution in advance of receiving the in-kind E:\FR\FM\17OCP2.SGM 17OCP2 55762 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules remuneration. If an ongoing cost, the recipient makes such contribution at reasonable, regular intervals. (7) The value-based arrangement: (i) Is directly connected to the coordination and management of care of the target patient population; (ii) Does not place any limitation on VBE participants’ ability to make decisions in the best interest of their patients; (iii) Does not direct or restrict referrals to a particular provider, practitioner, or supplier if: (A) A patient expresses a preference for a different practitioner, provider, or supplier; (B) The patient’s payor determines the provider, practitioner, or supplier; or (C) Such direction or restriction is contrary to applicable law or regulations under titles XVIII and XIX of the Act; and (iv) Does not include marketing to patients of items or services or engaging in patient recruitment activities. (8) The VBE, a VBE participant in the value-based arrangement acting on the VBE’s behalf, or the VBE’s accountable body or responsible person monitors and assesses, and reports such monitoring and assessment to the VBE’s accountable body or responsible person as applicable, no less frequently than annually or at least once during the term of the value-based arrangement for arrangements with terms of less than 1 year: (i) The coordination and management of care for the target population in the value-based arrangement; (ii) Any deficiencies in the delivery of quality care under the value-based arrangement; and (iii) Progress toward achieving the evidence-based, valid outcome measure(s) in the value-based arrangement. (9) The parties terminate the arrangement within 60 days if the VBE’s accountable body or responsible person determines that the value-based arrangement: (i) Is unlikely to further the coordination and management of care for the target patient population; (ii) Has resulted in material deficiencies in quality of care; or (iii) Is unlikely to achieve the evidence-based, valid outcome measure(s). (10) The offeror does not, and should not, know that the remuneration is likely to be diverted, resold, or used by the recipient for an unlawful purpose. (11) The VBE or VBE participant makes available to the Secretary, upon request, all materials and records sufficient to establish compliance with the conditions of this paragraph (ee). VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 (12) For purposes of this paragraph (ee), the following definitions apply: (i) Coordination and management of care (or coordinating and managing care) means, for purposes of the antikickback statute safe harbors at § 1001.952, the deliberate organization of patient care activities and sharing of information between two or more VBE participants or VBE participants and patients, tailored to improving the health outcomes of the target patient population, in order to achieve safer and more effective care for the target patient population. (ii) Target patient population means an identified patient population selected by the VBE or its VBE participants using legitimate and verifiable criteria that: (A) Are set out in writing in advance of the commencement of the valuebased arrangement; and (B) Further the value-based enterprise’s value-based purpose(s). (iii) Value-based activity (A) Means any of the following activities, provided that the activity is reasonably designed to achieve at least one value-based purpose of the valuebased enterprise: (1) The provision of an item or service; (2) The taking of an action; or (3) The refraining from taking an action. (B) Does not include the making of a referral. (iv) Value-based arrangement means an arrangement for the provision of at least one value-based activity for a target patient population between or among: (A) The value-based enterprise and one or more of its VBE participants; or (B) VBE participants in the same value-based enterprise. (v) Value-based enterprise or VBE means two or more VBE participants: (A) Collaborating to achieve at least one value-based purpose; (B) Each of which is a party to a value-based arrangement with the other or at least one other VBE participant in the value-based enterprise; (C) That have an accountable body or person responsible for financial and operational oversight of the value-based enterprise; and (D) That have a governing document that describes the value-based enterprise and how the VBE participants intend to achieve its value-based purpose(s). (vi) Value-based enterprise participant or VBE participant means an individual or entity that engages in at least one value-based activity as part of a value-based enterprise. VBE participant does not include a pharmaceutical manufacturer; a PO 00000 Frm 00070 Fmt 4701 Sfmt 4702 manufacturer, distributor, or supplier of durable medical equipment, prosthetics, orthotics, or supplies; or a laboratory. (vii) Value-based purpose means: (A) Coordinating and managing the care of a target patient population; (B) Improving the quality of care for a target patient population; (C) Appropriately reducing the costs to, or growth in expenditures of, payors without reducing the quality of care for a target patient population; or (D) Transitioning from healthcare delivery and payment mechanisms based on the volume of items and services provided to mechanisms based on the quality of care and control of costs of care for a target patient population. (ff) Value-based arrangements with substantial downside financial risk. As used in section 1128B of the Act, ‘‘remuneration’’ does not include the exchange of payments or anything of value between a VBE and a VBE participant pursuant to a value-based arrangement if all of the standards in paragraphs (ff)(1) through (8) of this section are met: (1) The VBE (directly or through a VBE participant acting on the VBE’s behalf) has assumed (or is contractually obligated to assume in the next 6 months) substantial downside financial risk (as defined in this paragraph (ff)) from a payor for providing or arranging for the provision of items and services for a target patient population. (2) Under the value-based arrangement, the VBE participant meaningfully shares in the VBE’s substantial downside financial risk for providing or arranging for the provision of items and services for the target patient population. For purposes of this paragraph (ff), a VBE participant meaningfully shares in the VBE’s substantial downside financial risk if the value-based arrangement provides that the VBE participant is subject to risk under one of the following three methodologies: (i) A risk-sharing payment pursuant to which the VBE participant is at risk for 8 percent of the amount for which the VBE is at risk under its agreement with the applicable payor; (ii) A partial or full capitation payment or similar payment methodology, excluding the Medicare inpatient prospective payment system or other like payment methodology; or (iii) In the case of a VBE participant that is a physician, a payment that meets the requirements of the regulatory exception for value-based arrangements with meaningful downside financial risk at § 411.357(aa)(2) of this title. E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules (3) The remuneration provided by, or shared among, the VBE and VBE participant: (i) Is used primarily to engage in value-based activities that are directly connected to the items and services for which the VBE is at substantial downside financial risk and that are set forth in writing pursuant to paragraph(ff)(4) of this section; (ii) Is directly connected to one or more of the VBE’s value-based purposes, at least one of which must be the coordination and management of care for the target patient population; (iii) Does not induce VBE participants to reduce or limit medically necessary items or services furnished to any patient; (iv) Does not include the offer or receipt of an ownership or investment interest in an entity or any distributions related to such ownership or investment interest; and (v) Is not funded by, and does not otherwise result from the contributions of, any individual or entity outside of the VBE. (4) In advance of, or contemporaneous with, the commencement of the valuebased arrangement or any material change to the value-based arrangement, the VBE and VBE participant set forth in a signed writing the terms of the value-based arrangement. The writing states all material terms of the valuebased arrangement, including: A description of the nature and extent of the VBE’s substantial downside financial risk for the target patient population; a description of the manner in which the recipient meaningfully shares in the VBE’s substantial downside financial risk; the value-based activities; the target patient population; and the type and the offeror’s cost of the remuneration. (5) The VBE or VBE participant offering the remuneration does not take into account the volume or value of, or condition the remuneration on: (i) Referrals of patients who are not part of the target patient population; or (ii) Business not covered under the value-based arrangement. (6) The value-based arrangement does not: (i) Place any limitation on VBE participants’ ability to make decisions in the best interest of their patients; (ii) Direct or restrict referrals to a particular provider, practitioner, or supplier if: (A) A patient expresses a preference for a different practitioner, provider, or supplier; (B) The patient’s payor determines the provider, practitioner, or supplier; or VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 (C) Such direction or restriction is contrary to applicable law or regulations under titles XVIII and XIX of the Act; or (iii) Include marketing to patients of items or services or engaging in patient recruitment activities. (7) The VBE or VBE participant makes available to the Secretary, upon request, all materials and records sufficient to establish compliance with the conditions of this paragraph (ff). (8) For purposes of this paragraph (ff), the following definitions apply: (i) Substantial downside financial risk means risk, for the entire term of the value-based arrangement, in the form of: (A) Shared savings with a repayment obligation to the payor of at least 40 percent of any shared losses, where loss is determined based upon a comparison of costs to historical expenditures, or to the extent such data is unavailable, evidence-based, comparable expenditures; (B) A repayment obligation to the payor under an episodic or bundled payment arrangement of at least 20 percent of any total loss, where loss is determined based upon a comparison of costs to historical expenditures, or to the extent such data is unavailable, evidence-based, comparable expenditures; (C) A prospectively paid populationbased payment for a defined subset of the total cost of care of a target patient population, where such payment is determined based upon a review of historical expenditures, or to the extent such data is unavailable, evidencebased, comparable expenditures; or (D) A partial capitated payment from the payor for a set of items and services for the target patient population, where such capitated payment reflects a discount equal to at least 60 percent of the total expected fee-for-service payments based on historical expenditures, or to the extent such data is unavailable, evidence-based, comparable expenditures of the VBE participants to the value-based arrangement. (ii) Coordination and management of care, target patient population, valuebased activity, value-based arrangement, value-based enterprise, value-based purpose, and VBE participant shall have the meaning set forth in paragraph (ee) of this section. (gg) Value-based arrangements with full financial risk. As used in section 1128B of the Act, ‘‘remuneration’’ does not include the exchange of payments or anything of value between the VBE and a VBE participant pursuant to a valuebased arrangement if all of the standards in paragraphs (gg)(1) through (8) of this section are met: PO 00000 Frm 00071 Fmt 4701 Sfmt 4702 55763 (1) The VBE (directly or through a VBE participant acting on behalf of the VBE) has assumed (or is contractually obligated to assume in the next 6 months) full financial risk from a payor and has a signed writing with the payor that specifies the target patient population and contains terms evidencing that the VBE is at full financial risk for that population for a period of at least 1 year. (2) The value-based arrangement is set out in a writing signed by the parties that specifies the material terms of the value-based arrangement, including the value-based activities to be undertaken by the parties, and is for a period of at least 1 year. (3) The VBE participant does not claim payment in any form directly or indirectly from a payor for items or services covered under the value-based arrangement. (4) The remuneration exchanged between the VBE and a VBE participant: (i) Is used primarily to engage in the value-based activities set forth in writing pursuant to paragraph (gg)(2) of this section; (ii) Is directly connected to one or more of the VBE’s value-based purposes, at least one of which must be the coordination and management of care for the target patient population; (iii) Does not induce the VBE or VBE participants to reduce or limit medically necessary items or services furnished to any patient; (iv) Does not include the offer or receipt of an ownership or investment interest in an entity or any distributions related to such ownership or investment interest; and (v) Is not funded by, and does not otherwise result from the contributions of, any individual or entity outside of the VBE. (5) The VBE or VBE participant does not take into account the volume or value of, or condition the remuneration on: (i) Referrals of patients who are not part of the target patient population; or (ii) Business not covered under the value-based arrangement. (6) The VBE provides or arranges for: (i) An operational utilization review program; and (ii) A quality assurance program that protects against underutilization and specifies patient goals, including measurable outcomes, where appropriate. (7) The value-based arrangement does not include marketing to patients of items or services or engaging in patient recruitment activities. (8) The VBE or VBE participant makes available to the Secretary, upon request, E:\FR\FM\17OCP2.SGM 17OCP2 55764 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules all materials and records sufficient to establish compliance with the conditions of this paragraph (gg). (9) For purposes of this paragraph (gg), the following definitions apply: (i) Full financial risk means the VBE is financially responsible for the cost of all items and services covered by the applicable payor for each patient in the target patient population and is prospectively paid by the applicable payor; (ii) Items and services shall have the meaning set forth in § 1001.952(t)(2)(iv); and (iii) Coordination and management of care, target patient population, valuebased activity, value-based arrangement, value-based enterprise, value-based purpose, and VBE participant shall have the meaning set forth in paragraph (ee) of this section. (hh) Arrangements for patient engagement and support to improve quality, health outcomes, and efficiency. As used in section 1128B of the Act, ‘‘remuneration’’ does not include a patient engagement tool or support furnished by a VBE participant to a patient in a target patient population if all of the conditions in paragraphs (hh)(1) through (6) of this section are met: (1) The patient engagement tool or support is furnished directly to the patient by a VBE participant. (2) No individual or entity outside of the applicable VBE funds or otherwise contributes to the provision of the patient engagement tool or support. (3) The patient engagement tool or support: (i) Is an in-kind preventive item, good, or service, or an in-kind item, good, or service such as health-related technology, patient health-related monitoring tools and services, or supports and services designed to identify and address a patient’s social determinants of health; (ii) That has a direct connection to the coordination and management of care of the target patient population; (iii) Does not include any gift card, cash, or cash equivalent; (iv) Does not include any in-kind item, good, or service used for patient recruitment or marketing of items or services to patients; (v) Does not result in medically unnecessary or inappropriate items or services reimbursed in whole or in part by a Federal health care program; (vi) Is recommended by the patient’s licensed healthcare provider; and (vii) Advances one or more of the following goals: (A) Adherence to a treatment regimen determined by the patient’s licensed healthcare provider. VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 (B) Adherence to a drug regimen determined by the patient’s licensed healthcare provider. (C) Adherence to a follow-up care plan established by the patient’s licensed healthcare provider. (D) Management of a disease or condition as directed by the patient’s licensed healthcare provider. (E) Improvement in measurable evidence-based health outcomes for the patient or for the target patient population. (F) Ensuring patient safety. (4) The offeror does not, and should not, know that the remuneration is likely to be diverted, sold, or utilized by the patient other than for the express purpose for which the patient engagement tool or support is provided. (5) The aggregate retail value of patient engagement tools and supports furnished to a patient by a VBE participant on an annual basis does not exceed $500 unless such patient engagement tools and supports are furnished to patients based on a good faith, individualized determination of the patient’s financial need. (6) The VBE participant makes available to the Secretary, upon request, all materials and records sufficient to establish that the patient engagement tool or support was distributed in a manner that meets the conditions of this paragraph (hh). (7) For purposes of this paragraph (hh), coordination and management of care, target patient population, valuebased purpose, VBE, and VBE participant shall have the meaning set forth in paragraph (ee) of this section. (ii) CMS-sponsored model arrangements and CMS-sponsored model patient incentives. (1) As used in section 1128B of the Act, ‘‘remuneration’’ does not include an exchange of anything of value between or among CMS-sponsored model parties under a CMS-sponsored model arrangement in a model for which CMS has determined that this safe harbor is available if all of the following conditions are met: (i) The CMS-sponsored model parties reasonably determine that the CMSsponsored model arrangement will advance one or more goals of the CMSsponsored model; (ii) The exchange of value does not induce CMS-sponsored model parties or other providers or suppliers to furnish medically unnecessary items or services or reduce or limit medically necessary items or services furnished to any patient; (iii) The CMS-sponsored model parties do not offer, pay, solicit, or receive remuneration in return for, or to PO 00000 Frm 00072 Fmt 4701 Sfmt 4702 induce or reward, any Federal health care program referrals or other Federal health care program business generated outside of the CMS-sponsored model; (iv) The CMS-sponsored model parties, in advance of, or contemporaneous with the commencement of, the CMS-sponsored model arrangement, set forth the terms of the CMS-sponsored model arrangement in a signed writing. The writing must specify, at a minimum, the activities to be undertaken by the CMSsponsored model parties and the nature of the remuneration to be exchanged under the CMS-sponsored model arrangement; (v) The parties to the CMS-sponsored model arrangement make available to the Secretary, upon request, all materials and records sufficient to establish whether the remuneration was exchanged in a manner that meets the conditions of this safe harbor; and (vi) The CMS-sponsored model parties satisfy such programmatic requirements as may be imposed by CMS in connection with the use of this safe harbor. (2) As used in section 1128B of the Act, ‘‘remuneration’’ does not include a CMS-sponsored model patient incentive under a model for which CMS has determined that this safe harbor is available, if all of the conditions of paragraph (ii)(2)(i) through (v) are met of this section: (i) The CMS-sponsored model participant reasonably determines that the CMS-sponsored model patient incentive will advance one or more goals of the CMS-sponsored model; (ii) The CMS-sponsored model patient incentive has a direct connection to the patient’s healthcare; (iii) The CMS-sponsored model participant makes available to the Secretary, upon request, all materials and records sufficient to establish whether the CMS-sponsored model patient incentive was distributed in a manner that meets the conditions of this paragraph; and (iv) The CMS-sponsored model participant satisfies such programmatic requirements as may be imposed by CMS in connection with the use of this safe harbor. (v) For purposes of this paragraph (ii)(2), a patient may retain any incentives received prior to the termination or expiration of the participation documentation of the CMS-sponsored model participant. (3) For purposes of this paragraph (ii), the following definitions apply: (i) CMS-sponsored model means: (A) A model being tested under section 1115A(b) of the Act or a model E:\FR\FM\17OCP2.SGM 17OCP2 Federal Register / Vol. 84, No. 201 / Thursday, October 17, 2019 / Proposed Rules expanded under section 1115A(c) of the Act; or (B) The Medicare shared savings program under section 1899 of the Act; (ii) CMS-sponsored model arrangement means an arrangement between or among CMS-sponsored model parties to engage in activities under the CMS-sponsored model and that is consistent with, and is not a type of arrangement prohibited by, the participation documentation; (iii) CMS-sponsored model participant means an individual or entity that is subject to, and is operating under, participation documentation with CMS to participate in a CMSsponsored model; (iv) CMS-sponsored model party means: (A) A CMS-sponsored model participant; or (B) Other individual or entity who the participation documentation specifies may enter into a CMS-sponsored model arrangement; (v) CMS-sponsored model patient incentive means remuneration not of a type prohibited by the participation documentation and is furnished consistent with the CMS-sponsored model by a CMS-sponsored model participant (or by an agent of the CMSsponsored model participant under the CMS-sponsored model participant’s direction and control) directly to a patient under the CMS-sponsored model; and (vi) Participation documentation means the participation agreement, cooperative agreement, regulations, or model-specific addendum to an existing contract with CMS that: (A) Is currently in effect, and (B) Specifies the terms of a CMSsponsored model. (jj) Cybersecurity technology and related services. As used in section 1128B of the Act, ‘‘remuneration’’ does not include nonmonetary remuneration (consisting of certain types of cybersecurity technology and services), if all of the conditions in paragraphs (jj)(1) through (5) of this section are met: (1) The technology and services are necessary and used predominantly to implement and maintain effective cybersecurity. (2) The donor does not: (i) Directly take into account the volume or value of referrals or other business generated between the parties when determining the eligibility of a potential recipient for the technology or services, or the amount or nature of the technology or services to be donated; or (ii) Condition the donation of technology or services, or the amount or VerDate Sep<11>2014 20:24 Oct 16, 2019 Jkt 250001 nature of the technology or services to be donated, on future referrals. (3) Neither the recipient nor the recipient’s practice (or any affiliated individual or entity) makes the receipt of technology or services, or the amount or nature of the technology or services, a condition of doing business with the donor. (4) The arrangement is set forth in a written agreement that: (i) Is signed by the parties; (ii) Describes the technology and services being provided and the amount of the recipient’s contribution, if any; and (5) The donor does not shift the costs of the technology or services to any Federal health care program. (6) For purposes of this paragraph (jj) the following definitions apply: (i) Cybersecurity means the process of protecting information by preventing, detecting, and responding to cyberattacks. (ii) Technology means any software or other types of information technology, other than hardware. (kk) ACO Beneficiary Incentive Program. As used in section 1128B of the Act, ‘‘remuneration’’ does not include an incentive payment made by an ACO to an assigned beneficiary under a beneficiary incentive program established under section 1899(m) of the Act, as amended by Congress from time to time, if the incentive payment is made in accordance with the requirements found in such subsection. PART 1003—CIVIL MONEY PENALTIES, ASSESSMENTS AND EXCLUSIONS 3. The authority citation for part 1003 continues to read as follows: ■ Authority: 42 U.S.C. 262a, 1302, 1320–7, 1320a–7a, 1320b–10, 1395u(j), 1395u(k), 1395cc(j), 1395w–141(i)(3), 1395dd(d)(1), 1395mm, 1395nn(g), 1395ss(d), 1396b(m), 11131(c), and 11137(b)(2). 4. Section 1003.110 is amended by adding paragraph (10) to the definition of ‘‘remuneration’’ and adding in alphabetical order a definition for ‘‘telehealth technologies’’ to read as follows: ■ § 1003.110 Definitions. * * * * * Remuneration * * * * * * * * (10) The provision of telehealth technologies by a provider of services or a renal dialysis facility (as such terms are defined for purposes of title XVIII of the Act) to an individual with end stage PO 00000 Frm 00073 Fmt 4701 Sfmt 4702 55765 renal disease who is receiving home dialysis for which payment is being made under part B of such title, if— (i) The telehealth technologies are furnished to the individual by the provider of services or the renal dialysis facility that is currently providing the in-home dialysis, telehealth visits, or other end stage renal disease care to the patient; (ii) The telehealth technologies are not offered as part of any advertisement or solicitation; (iii) The telehealth technologies contribute substantially to the provision of telehealth services related to the individual’s end stage renal disease, is not of excessive value, and is not duplicative of technology that the beneficiary already owns if that technology is adequate for the telehealth purposes; and (iv) The provider of services or a renal dialysis facility does not bill Federal health care programs, other payors, or individuals for the telehealth technologies, claim the value of the telehealth technologies as a bad debt for payment purposes under a Federal health care program, or otherwise shift the burden of the value of the telehealth technologies onto a Federal health care program, other payors, or individuals. * * * * * Telehealth technologies, for purposes of the definition of the term ‘‘remuneration’’ as set forth in this section and the telehealth technologies exception to section 50302(c) of the Bipartisan Budget Act of 2018, which adds an exception as new section 1128A(i)(6)(J) of the Act, means multimedia communications equipment that includes, at a minimum, audio and video equipment permitting two-way, real-time interactive communication between the patient and distant site physician or practitioner used in the diagnosis, intervention, or ongoing care management—paid for by Medicare Part B—between a patient and the remote healthcare provider. Telephones, facsimile machines, and electronic mail systems are not telehealth technologies. * * * * * Dated: September 30, 2019. Alex M. Azar II, Secretary. Joanne M. Chiedi, Acting Inspector General. [FR Doc. 2019–22027 Filed 10–9–19; 4:15 pm] BILLING CODE 4152–04–P E:\FR\FM\17OCP2.SGM 17OCP2

Agencies

[Federal Register Volume 84, Number 201 (Thursday, October 17, 2019)]
[Proposed Rules]
[Pages 55694-55765]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-22027]



[[Page 55693]]

Vol. 84

Thursday,

No. 201

October 17, 2019

Part II





Department of Health and Human Services





-----------------------------------------------------------------------





 Office of Inspector General





-----------------------------------------------------------------------





42 CFR Parts 1001 and 1003





Department of Health and Human Services





-----------------------------------------------------------------------





Centers for Medicare & Medicaid Services





-----------------------------------------------------------------------

42 CFR Part 411





Medicare and State Healthcare Programs: Fraud and Abuse; Revisions To 
Safe Harbors Under the Anti-Kickback Statute, And Civil Monetary 
Penalty Rules Regarding Beneficiary Inducements; Medicare Program; 
Modernizing and Clarifying the Physician Self-Referral Regulations; 
Proposed Rules

Federal Register / Vol. 84 , No. 201 / Thursday, October 17, 2019 / 
Proposed Rules

[[Page 55694]]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of Inspector General

42 CFR Parts 1001 and 1003

RIN 0936-AA10


Medicare and State Healthcare Programs: Fraud and Abuse; 
Revisions To Safe Harbors Under the Anti-Kickback Statute, and Civil 
Monetary Penalty Rules Regarding Beneficiary Inducements

AGENCY: Office of Inspector General (OIG), Department of Health and 
Human Services (HHS).

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: This proposed rule is being issued by the Office of Inspector 
General (OIG) in conjunction with the Department of Health and Human 
Services' Regulatory Sprint to Coordinated Care. It proposes to add, on 
a prospective basis only after a final rule is issued, safe harbor 
protections under the Federal anti-kickback statute for certain 
coordinated care and associated value-based arrangements between or 
among clinicians, providers, suppliers, and others that squarely meet 
all safe harbor conditions. It also would add protections under the 
anti-kickback statute and civil monetary penalty (CMP) law that 
prohibits inducements offered to patients for certain patient 
engagement and support arrangements to improve quality of care, health 
outcomes, and efficiency of care delivery that squarely meet all safe 
harbor conditions. The proposed rule would add a new safe harbor for 
donations of cybersecurity technology and amend the existing safe 
harbors for electronic health records (EHR) arrangements, warranties, 
local transportation, and personal services and management contracts. 
Further, the proposed rule would add a new safe harbor pursuant to a 
statutory change set forth in the Bipartisan Budget Act of 2018 (Budget 
Act of 2018) related to beneficiary incentives under the Medicare 
Shared Savings Program and a new CMP exception for certain telehealth 
technologies offered to patients receiving in-home dialysis, also 
pursuant to the Budget Act of 2018.

DATES: To ensure consideration, comments must be delivered to the 
address provided below by 5 p.m. on December 31, 2019. The 75-day 
period for public comments being set forth in this proposed rule will 
serve to protect the public's interest in this rulemaking process by 
allowing for an opportunity for additional input and recommendations, 
without unduly delaying any final rulemaking.

ADDRESSES: In commenting, please reference file code OIG-0936-AA10-P. 
Because of staff and resource limitations, we cannot accept comments by 
facsimile (fax) transmission. However, you may submit comments using 
one of three ways (no duplicates, please):
    1. Electronically. You may submit electronic comments on this 
regulation to http://www.regulations.gov. Follow the ``Submit a 
comment'' instructions.
    2. By regular, express, or overnight mail. You may send written 
comments to the following address: Office of Inspector General, 
Department of Health and Human Services, Attention: OIG-0936-AA10-P, 
Room 5521, Cohen Building, 330 Independence Avenue SW, Washington, DC 
20201.
    Please allow sufficient time for mailed comments to be received 
before the close of the comment period.
    3. By hand or courier. If you prefer, you may deliver your written 
comments by hand or courier before the close of the comment period to: 
Office of Inspector General, Department of Health and Human Services, 
Cohen Building, Room 5521, 330 Independence Avenue SW, Washington, DC 
20201.
    Because access to the interior of the Cohen Building is not readily 
available to persons without Federal Government identification, 
commenters are encouraged to schedule their delivery with one of our 
staff members at (202) 619-0335.
    Inspection of Public Comments: All comments received before the end 
of the comment period will be posted on http://www.regulations.gov for 
public viewing. Hard copies will also be available for public 
inspection at the Office of Inspector General, Department of Health and 
Human Services, Cohen Building, 330 Independence Avenue SW, Washington, 
DC 20201, Monday through Friday from 8:30 a.m. to 4 p.m. To schedule an 
appointment to view public comments, phone (202) 619-0335.

FOR FURTHER INFORMATION CONTACT: Jillian Sparks or Meredith Williams, 
(202) 619-0335.

SUPPLEMENTARY INFORMATION: 

------------------------------------------------------------------------
       Social Security  Act citation         United States Code citation
------------------------------------------------------------------------
1128B, 1128D, 1102, 1128A.................  42 U.S.C. 1320a-7b, 42
                                             U.S.C. 1320a-7d, 42 U.S.C.
                                             1302, 42 U.S.C. 1320a.-7a.
------------------------------------------------------------------------

I. Executive Summary

A. Purpose and Need for Regulatory Action

    The Secretary of Health and Human Services (the Secretary) has 
identified transforming our healthcare system to one that pays for 
value as one of the top priorities of the Department of Health and 
Human Services (the Department or HHS). Unlike the traditional fee-for-
service (FFS) payment system, which rewards providers for the volume of 
care delivered, a value-driven healthcare system is one that pays for 
health and outcomes. Delivering better value from our healthcare system 
will require the transformation of established practices and enhanced 
collaboration among providers and other individuals and entities. The 
purpose of this proposed rule is to modify existing safe harbors to the 
anti-kickback statute and add new safe harbors and a new CMP law 
exception to remove potential barriers to more effective coordination 
and management of patient care and delivery of value-based care that 
improves quality of care, health outcomes, and efficiency.
    Since the enactment in 1972 of the Federal anti-kickback statute, 
there have been significant changes in the delivery of, and payment 
for, healthcare items and services within the Medicare and Medicaid 
programs and for non-Federal payors and patients. This has included 
changes to traditional FFS Medicare (i.e., Medicare Parts A and B), 
Medicare Advantage, and states' Medicaid programs. For some time, the 
Department has worked to align payment under the Medicare program with 
the quality of the care provided to Federal health care program 
beneficiaries. Laws such as the Medicare Prescription Drug, 
Improvement, and Modernization Act of 2003 (MMA),\1\ the Deficit 
Reduction Act of 2005 (DRA),\2\ and the Medicare Improvements for 
Patients and Providers Act of 2008 (MIPPA) \3\ are among statutes that 
guided the Department's efforts to move toward healthcare delivery and 
payment reform. The Patient Protection and Affordable Care Act (ACA) 
\4\ required or encouraged significant changes to the Medicare 
program's payment systems and provided the Secretary with broad 
authority to test and implement models to promote reforms, including 
through the Center for Medicare and Medicaid

[[Page 55695]]

Innovation (the Innovation Center) within the Centers for Medicare & 
Medicaid Services (CMS).\5\
---------------------------------------------------------------------------

    \1\ Public Law 108-173, 117 Stat. 2066.
    \2\ Public Law 109-171, 120 Stat. 4.
    \3\ Public Law 110-275, 122 Stat. 2494.
    \4\ Public Law 111-148, 124 Stat. 119, as amended by the Health 
Care and Education Reconciliation Act of 2010 (Pub. L. 111-152, 124 
Stat. 1029).
    \5\ The Innovation Center's purpose is to test innovative 
payment and service delivery models to reduce the cost of care 
furnished to patients in the Medicare and Medicaid programs while 
preserving or enhancing the quality of that care. Using its 
authority in section 1115A of the Social Security Act (the Act), 42 
U.S.C. 1315a, the Innovation Center is testing many healthcare 
delivery and payment models in which providers, suppliers, and 
individual practitioners participate.
---------------------------------------------------------------------------

    The Department has identified the broad reach of the Federal anti-
kickback statute \6\ and the CMP law provision prohibiting inducements 
to beneficiaries, the ``beneficiary inducements CMP,'' \7\ as well as 
the Federal physician self-referral law (sometimes known as the Stark 
law),\8\ as potentially inhibiting beneficial arrangements that would 
advance the transition to value-based care and improve the coordination 
of patient care among providers and across care settings in both the 
Federal health care programs and commercial sectors. Industry 
stakeholders have informed the Department that, because the 
consequences of potential noncompliance with the physician self-
referral law and the Federal anti-kickback statute could be dire, 
providers, suppliers, and others may be discouraged from entering into 
innovative arrangements that would improve quality and health outcomes, 
produce health system efficiencies, and lower costs (or slow their rate 
of growth).
---------------------------------------------------------------------------

    \6\ 42 U.S.C. 1320a-7b(b).
    \7\ 42 U.S.C. 1320a-7a(a)(5).
    \8\ 42 U.S.C. 1395nn.
---------------------------------------------------------------------------

    To address these concerns and accelerate the transformation of the 
healthcare system into one that better pays for value and promotes care 
coordination, HHS launched a Regulatory Sprint to Coordinated Care 
(Regulatory Sprint), led by the Deputy Secretary. This Regulatory 
Sprint aims to remove potential regulatory barriers to care 
coordination and value-based care created by four key healthcare laws 
and associated regulations: (i) The physician self-referral law, (ii) 
the Federal anti-kickback statute, (iii) the Health Insurance 
Portability and Accountability Act of 1996 (HIPAA),\9\ and (iv) rules 
under 42 CFR part 2 related to substance use disorder treatment.
---------------------------------------------------------------------------

    \9\ Public Law 104-191, 110 Stat. 1936.
---------------------------------------------------------------------------

    Through the Regulatory Sprint, HHS aims to encourage and improve:
     A patient's ability to understand treatment plans and make 
empowered decisions;
     providers' alignment on end-to-end treatment (i.e., 
coordination among providers along the patient's full care journey);
     incentives for providers to coordinate, collaborate, and 
provide patients tools to be more involved in their own care; and
     information sharing among providers, facilities, and other 
stakeholders in a manner that facilitates efficient care while 
preserving and protecting patient access to data.
    In connection with the Regulatory Sprint, OIG issued a request for 
information (OIG RFI) regarding the Federal anti-kickback statute and 
beneficiary inducements CMP on August 27, 2018.\10\ CMS published a 
Request for Information Regarding the Physician Self-Referral Law in 
June 2018 (CMS RFI).\11\ In the OIG RFI, we sought feedback on ways in 
which we might modify or add new safe harbors to the Federal anti-
kickback statute and exceptions to the beneficiary inducements CMP 
definition of ``remuneration'' to foster arrangements that would 
promote care coordination and advance the delivery of value-based care 
while also protecting patients and taxpayer dollars against harms 
caused by fraud and abuse. OIG received 359 comments in response to its 
RFI from a variety of individuals and organizations.
---------------------------------------------------------------------------

    \10\ Medicare and State Health Care Programs: Fraud and Abuse; 
Request for Information Regarding the Anti-Kickback Statute and 
Beneficiary Inducements CMP, 83 FR 43607 (Aug. 27, 2018), available 
at https://oig.hhs.gov/authorities/docs/2018/RFI_Regarding_AKS_Beneficiary_Inducements_CMP.pdf.
    \11\ Medicare Program; Request for Information Regarding the 
Physician Self-Referral Law, 83 FR 29524 (June 25, 2018), available 
at https://www.gpo.gov/fdsys/pkg/FR-2018-06-25/pdf/2018-13529.pdf.
---------------------------------------------------------------------------

    While most commenters strongly asserted the need for regulatory 
reform to the anti-kickback statute safe harbors and exceptions to the 
definition of ``remuneration'' under the beneficiary inducements CMP, a 
number of commenters acknowledged that increased regulatory flexibility 
could create program integrity vulnerabilities or increase the risk of 
harms associated with fraud and abuse and urged OIG to exercise caution 
and include adequate safeguards in any regulatory proposals. Comments 
supporting regulatory reform encompassed a number of themes, including 
requests for:
     New safe harbors protecting financial arrangements among 
parties participating in alternative payment models (APMs), value-based 
arrangements, and care coordination activities;
     safe harbor protection for financial arrangements with 
entities not participating in Innovation Center models, including 
commercial and self-pay APM arrangements;
     additional protection for patient tools and supports, such 
as in-kind items and services to support patient compliance with 
discharge and care plans, services and supports to address unmet social 
needs affecting health, and expanded protections under the local 
transportation safe harbor;
     enhanced safe harbor protection for transfers of 
information technology, data, and cybersecurity tools;
     modifications to the current ``patchwork'' fraud and abuse 
waiver framework for Innovation Center models and the Medicare Shared 
Savings Program; and
     a variety of protections for pharmaceutical and medical 
device manufacturer arrangements, including broad protections for drug 
and medical device manufacturer participation in value-based contracts, 
pricing arrangements, warranty arrangements, and APMs, as well as 
protection for coupons and other means of direct copayment assistance 
to Medicare Part D beneficiaries in certain situations.

B. Summary of OIG's Approach and Proposals

    These proposed regulations are informed by comments and other 
internal and external sources of information, as well as our experience 
interpreting and applying the safe harbors and beneficiary inducements 
CMP exceptions to a wide variety of arrangements. In developing this 
proposed rule, OIG has followed several guiding principles. The first 
guiding principle has been to design proposed safe harbors that allow 
for beneficial innovations in healthcare delivery. The second guiding 
principle has been to avoid promulgating safe harbors and exceptions 
that drive such innovation to limited channels that may not reflect up-
to-date understandings in medicine, science, and technology. The third 
guiding principle has been to design proposed safe harbors useful for a 
range of individuals and entities engaged in the coordination and 
management of patient care, including large and small practices and 
health systems, rural and urban providers and suppliers, primary care 
physicians and specialists, providers and suppliers contracting with 
public and private payors, clinically integrated networks, and looser 
affiliations of providers and suppliers collaborating to coordinate 
care for patients across the continuum of care.

[[Page 55696]]

    Designing proposed safe harbors with these principles in mind is 
not without challenges and potential pitfalls, particularly with 
respect to ensuring sufficient safeguards against potential abuses and 
harms by those who might misuse the safe harbors. In this proposed 
rule, we have tried to strike the right balance between flexibility for 
beneficial innovation and safeguards to protect patients and Federal 
health care programs. No final determination has yet been made that the 
balance is correct with respect to each proposed safe harbor. Thus, no 
final determination has been made that the arrangements described in 
the proposals are, or should be, exempt from liability under the anti-
kickback statute. To aid us in making that determination in a final 
rule, we solicit public comments throughout this proposed rule about 
whether we have achieved the proper balance such that the arrangements 
described in the proposed safe harbors should be protected from 
criminal liability under the anti-kickback statute. To this end, we 
caution that these proposed safe harbors remain subject to change 
through the rulemaking process, and that the types of arrangements 
described in this proposed rule remain subject to case-by-case review 
under the anti-kickback statute, and if applicable, the beneficiary 
inducements CMP, including with respect to the requisite intent of the 
parties. The proposed safe harbors, if finalized, specifically would 
address barriers to coordinated and value-based care posed by the 
Federal anti-kickback statute and the beneficiary inducements CMP and 
would have no application to any other law. In addition, any final safe 
harbors would provide only prospective protection.
    OIG's mission is to protect the integrity of the Federal health 
care programs as well as the health and welfare of the people they 
serve. OIG prevents and detects fraud, waste, and abuse, and promotes 
economy, effectiveness, and efficiency in HHS programs. Stakeholders, 
including patients, depend upon OIG to be thoughtful, cautious, and 
deliberate in promulgating safe harbors to ensure that the arrangements 
the safe harbors protect do not inappropriately increase costs to the 
Federal health care programs or patients, corrupt practitioners' 
medical judgment, or result in overutilization, inappropriate patient 
steering, unfair competition, or poor-quality care. These abuses are 
sometimes characterized as traditional FFS fraud and abuse risks.
    Model design characteristics common to properly structured value-
based payment models could curb some traditional FFS risks. However, 
value-based payment models could present other risks, including 
stinting on care (underutilization), cherry picking lucrative or 
adherent patients, lemon dropping costly or noncompliant patients, and 
incentives to manipulate or falsify data used to verify performance and 
outcomes for payment purposes. In addition, emerging value-based 
payment models might present risks not yet identified by OIG or others 
in the healthcare industry. Many new models combine FFS and value-based 
payment features, subjecting providers to mixed incentives and 
potentially posing all or some of the risks raised by volume- and 
value-based payment. We seek comments on how best to address existing 
and emerging risks with respect to our proposals below, individually 
and collectively.
    Section C of this Executive Summary and sections III and IV of this 
preamble summarize our specific proposals. Several proposals address 
particular types of value-based arrangements designed to promote care 
coordination and allow for outcomes-based payments. We have included a 
proposed safe harbor for arrangements that engage patients more 
actively in preventive care and adhering to treatment and care plans 
developed between them and their healthcare providers. We also are 
proposing a new safe harbor related to cybersecurity tools, as well as 
modifications to the existing safe harbors related to personal services 
arrangements, electronic health records, warranties, and local 
transportation.
    Our proposals in this rulemaking focus on ensuring protected 
arrangements: (i) Promote coordinated patient care and foster improved 
quality, better health outcomes, and improved efficiency; and (ii) 
would not be misused to perpetrate fraud and abuse, including, for 
example, schemes in which patients receive unnecessary or substandard 
care or Federal health care programs are billed for medically 
unnecessary items or services. We have sought to strike an effective 
balance among the goals of clarity, objectivity, flexibility, 
safeguards (including accountability and transparency), and ease of 
implementation.
    OIG and CMS coordinated closely to develop our respective proposed 
rulemakings in connection with the Regulatory Sprint and strove, where 
appropriate, to propose consistent terminology for value-based 
arrangements. In many respects, OIG's proposed rules for value-based 
arrangements are different or more restrictive than CMS's comparable 
proposals, in recognition of the differences in statutory structures 
and penalties. For some arrangements, we believe it is appropriate for 
the anti-kickback statute, which is a criminal, intent-based statute, 
to serve as ``backstop'' protection for arrangements that might be 
protected by a less restrictive exception to the civil, strict 
liability physician self-referral law. For any final rule, we would 
examine our rules in combination with any rules CMS may choose to 
finalize with the goal of creating an overall regulatory landscape that 
is well-coordinated and serves the intended purpose to allow for 
beneficial innovation; that is as streamlined as possible, consistent 
with program integrity considerations; and that provides strong 
protections for patients and programs, both in terms of promoting value 
and ensuring that the Government can take action to protect patients 
and address fraud or abuse. Arrangements that might be protected by a 
physician self-referral law exception, but might not be explicitly 
protected by an anti-kickback statute safe harbor, would not 
necessarily be unlawful under the anti-kickback statute. They would 
need to be examined on a case-by-case basis, including with respect to 
the intent of the parties. We note that OIG's proposed new safe harbor 
for cybersecurity items and services and modifications to the existing 
safe harbor for electronic health record items and services are closely 
aligned with CMS' proposals.

C. Summary of the Major Provisions

1. Anti-Kickback Statute and Safe Harbors
    As described in more detail below, we propose to amend 42 CFR 
1001.952 by modifying certain existing safe harbors to the anti-
kickback statute and by adding safe harbors that would provide new 
protections or codify an existing statutory protection. Subject to 
definitions and conditions set forth in the proposed regulations, these 
proposed changes include:
     Three proposed new safe harbors for certain remuneration 
exchanged between or among participants in a value-based arrangement 
(as further defined) that fosters better coordinated and managed 
patient care: (i) Care coordination arrangements to improve quality, 
health outcomes, and efficiency (1001.952(ee)); (ii) value-based 
arrangements with substantial downside financial risk (1001.952(ff)); 
and (iii) value-based arrangements with full financial risk 
(1001.952(gg)). These proposed safe harbors vary, among other ways, by 
the types of remuneration protected (in-kind or in-kind and

[[Page 55697]]

monetary), the level of financial risk assumed by the parties, and the 
types of safeguards included as safe harbor conditions;
     a proposed new safe harbor (1001.952(hh)) for certain 
tools and supports furnished under patient engagement and support 
arrangements to improve quality, health outcomes, and efficiency;
     a proposed new safe harbor (1001.952(ii)) for certain 
remuneration provided in connection with a CMS-sponsored model, which 
should reduce the need for OIG to issue separate and distinct fraud and 
abuse waivers for new CMS-sponsored models;
     a proposed new safe harbor (1001.952(jj)) for donations of 
cybersecurity technology and services;
     proposed modifications to the existing safe harbor for 
electronic health records items and services (1001.952(y)) to add 
protections for certain cybersecurity technology included as part of an 
electronic health records arrangement, to update provisions regarding 
interoperability, and to remove the sunset date;
     proposed modifications to the existing safe harbor for 
personal services and management contracts (1001.952(d)) to add 
flexibility with respect to outcomes-based payments and part-time 
arrangements;
     proposed modifications to the existing safe harbor for 
warranties (1001.952(g)) to revise the definition of ``warranty'' and 
provide protection for warranties for one or more items and related 
services;
     proposed modifications to the existing safe harbor for 
local transportation (1001.952(bb)) to expand and modify mileage limits 
for rural areas and for transportation for discharged patients; and
     codification of the statutory exception to the definition 
of ``remuneration'' at section 1128B(b)(3)(K) of the Act related to ACO 
Beneficiary Incentive Programs for the Medicare Shared Savings Program 
(1001.952(kk)).
2. Civil Monetary Penalty Authorities
    We propose to amend the definition of ``remuneration'' in the CMP 
rules at 42 CFR 1003.110 by interpreting and incorporating a new 
statutory exception to the prohibition on beneficiary inducements for 
``telehealth technologies'' furnished to certain in-home dialysis 
patients, pursuant to section 50302(c) of the Budget Act of 2018.
    We further note that, if finalized, the proposed new safe harbor 
for patient engagement and support arrangements (1001.952(hh)) and the 
proposed modifications to the local transportation safe harbor 
(1001.952(bb)) would by operation of law serve as exceptions to the 
beneficiary inducements CMP prohibition's definition of 
``remuneration.''
3. Costs and Benefits
    There are no significant costs associated with the proposed 
regulatory revisions that would impose any mandates on State, local, or 
Tribal Governments or on the private sector.

II. Background

A. Anti-Kickback Statute and Safe Harbors

    Section 1128B(b) of the Act, (42 U.S.C. 1320a-7b(b), the anti-
kickback statute), provides for criminal penalties for whoever 
knowingly and willfully offers, pays, solicits, or receives 
remuneration to induce or reward the referral of business reimbursable 
under any of the Federal health care programs, as defined in section 
1128B(f) of the Act (42 U.S.C. 1320a-7b(f)). The offense is classified 
as a felony and is punishable by fines of up to $100,000 and 
imprisonment for up to 10 years. Violations of the anti-kickback 
statute also may result in the imposition of CMPs under section 
1128A(a)(7) of the Act (42 U.S.C. 1320a-7a(a)(7)), program exclusion 
under section 1128(b)(7) of the Act (42 U.S.C. 1320a-7(b)(7)), and 
liability under the False Claims Act (31 U.S.C. 3729-33).
    The types of remuneration covered specifically include, without 
limitation, kickbacks, bribes, and rebates, whether made directly or 
indirectly, overtly or covertly, in cash or in kind. In addition, 
prohibited conduct includes not only the payment of remuneration 
intended to induce or reward referrals of patients but also the payment 
of remuneration intended to induce or reward the purchasing, leasing, 
or ordering of, or arranging for or recommending the purchasing, 
leasing, or ordering of, any good, facility, service, or item 
reimbursable by any Federal health care program.
    Because of the broad reach of the statute, concern was expressed 
that some relatively innocuous business arrangements were covered by 
the statute and, therefore, potentially subject to criminal 
prosecution. In response, Congress enacted section 14 of the Medicare 
and Medicaid Patient and Program Protection Act of 1987, Public Law 
100-93 (section 1128B(b)(3)(E) of the Act; 42 U.S.C. 1320a-
7b(b)(3)(E)), which specifically requires the development and 
promulgation of regulations, the so-called safe harbor provisions, that 
would specify various payment and business practices that would not be 
subject to sanctions under the anti-kickback statute, even though they 
potentially may be capable of inducing referrals of business for which 
payment may be made under a Federal health care program.
    Section 205 of HIPAA established section 1128D of the Act (42 
U.S.C. 1320a-7d), which includes criteria for modifying and 
establishing safe harbors. Specifically, section 1128D(a)(2) of the Act 
provides that, in modifying and establishing safe harbors, the 
Secretary may consider whether a specified payment practice may result 
in:
     An increase or decrease in access to healthcare services;
     an increase or decrease in the quality of healthcare 
services;
     an increase or decrease in patient freedom of choice among 
healthcare providers;
     an increase or decrease in competition among healthcare 
providers;
     an increase or decrease in the ability of healthcare 
facilities to provide services in medically underserved areas or to 
medically underserved populations;
     an increase or decrease in the cost to Federal health care 
programs;
     an increase or decrease in the potential overutilization 
of healthcare services;
     the existence or nonexistence of any potential financial 
benefit to a healthcare professional or provider, which benefit may 
vary depending on whether the healthcare professional or provider 
decides to order a healthcare item or service or arrange for a referral 
of healthcare items or services to a particular practitioner or 
provider; or
     any other factors the Secretary deems appropriate in the 
interest of preventing fraud and abuse in Federal health care programs.
    We have considered these factors in designing our proposals. We are 
interested in public comments on these factors as they relate to our 
proposals. Properly structured and operated, we believe that the 
arrangements we propose to protect have the potential to increase 
access to care, increase quality of care, aid in the provision of items 
and services in underserved areas and to underserved populations, 
decrease costs to Federal health care programs, and decrease the 
potential for overutilization of healthcare services. We are concerned 
about reduced patient freedom of choice among providers, potential 
decreases in competition among health providers, and potential 
financial benefits to

[[Page 55698]]

healthcare professionals or providers that may vary inappropriately 
based on their ordering decisions. We solicit comments on whether or 
not our proposals adequately address these or other undesired effects; 
if commenters believe the proposals would not adequately address these 
effects, we solicit comments on the degree to which such effects might 
occur and on additional safeguards to mitigate them.
    In giving the Department the authority to protect certain 
arrangements and payment practices under the anti-kickback statute, 
Congress intended the safe harbor regulations to be updated 
periodically to reflect changing business practices and technologies in 
the healthcare industry.\12\ Since July 29, 1991, there have been a 
series of final regulations published in the Federal Register 
establishing safe harbors in various areas.\13\ These safe harbor 
provisions have been developed ``to limit the reach of the statute 
somewhat by permitting certain non-abusive arrangements, while 
encouraging beneficial or innocuous arrangements.'' \14\
---------------------------------------------------------------------------

    \12\ H.R. Rep. No. 100-85, Pt. 2, at 27 (1987).
    \13\ Medicare and State Health Care Programs: Fraud and Abuse; 
OIG Anti-Kickback Provisions, 56 FR 35952 (July 29, 1991); Medicare 
and State Health Care Programs: Fraud and Abuse; Safe Harbors for 
Protecting Health Plans, 61 FR 2122 (Jan. 25, 1996); Federal Health 
Care Programs: Fraud and Abuse; Statutory Exception to the Anti-
Kickback Statute for Shared Risk Arrangements, 64 FR 63504 (Nov. 19, 
1999); Medicare and State Health Care Programs: Fraud and Abuse; 
Clarification of the Initial OIG Safe Harbor Provisions and 
Establishment of Additional Safe Harbor Provisions Under the Anti-
Kickback Statute, 64 FR 63518 (Nov. 19, 1999); 64 FR 63504 (Nov. 19, 
1999); Medicare and State Health Care Programs: Fraud and Abuse; 
Ambulance Replenishing Safe Harbor Under the Anti-Kickback Statute, 
66 FR 62979 (Dec. 4, 2001); Medicare and State Health Care Programs: 
Fraud and Abuse; Safe Harbors for Certain Electronic Prescribing and 
Electronic Health Records Arrangements Under the Anti-Kickback 
Statute, 71 FR 45109 (Aug. 8, 2006); Medicare and State Health Care 
Programs: Fraud and Abuse; Safe Harbor for Federally Qualified 
Health Centers Arrangements Under the Anti-Kickback Statute, 72 FR 
56632 (Oct. 4, 2007); Medicare and State Health Care Programs: Fraud 
and Abuse; Electronic Health Records Safe Harbor Under the Anti-
Kickback Statute, 78 FR 79202 (Dec. 27, 2013); and Medicare and 
State Health Care Programs: Fraud and Abuse; Revisions to the Safe 
Harbors Under the Anti-Kickback Statute and Civil Monetary Penalty 
Rules Regarding Beneficiary Inducements, 81 FR 88368 (Dec. 7, 2016).
    \14\ Medicare and State Health Care Programs: Fraud and Abuse; 
OIG Anti-Kickback Provisions, 56 FR at 35958.
---------------------------------------------------------------------------

    Healthcare providers and others may voluntarily seek to comply with 
final safe harbors so that they have the assurance that their business 
practices would not be subject to any anti-kickback enforcement action. 
Compliance with an applicable safe harbor insulates an individual or 
entity from liability under the anti-kickback statute and the 
beneficiary inducements CMP only; individuals and entities remain 
responsible for complying with all other laws, regulations, and 
guidance that apply to their businesses.
    In developing our proposals, we have taken into account information 
gleaned from a variety of sources: Industry stakeholder input, 
including through comments to the OIG RFI; learnings from OIG's work 
(e.g., fraud and abuse waivers for the Medicare Shared Savings Program 
and Innovation Center models, investigative and oversight work applying 
the fraud and abuse laws, and audits and evaluations of program 
effectiveness and efficiency); expertise from CMS and other HHS 
agencies; and other sources, including literature on care coordination 
and value-based payments.

B. Civil Monetary Penalty Authorities

1. Overview of OIG Civil Monetary Penalty Authorities
    In 1981, Congress enacted the CMP law, section 1128A of the Act, 42 
U.S.C. 1320a-7a, as one of several administrative remedies to combat 
fraud and abuse in Medicare and Medicaid. The law authorized the 
Secretary to impose penalties and assessments on persons who defrauded 
Medicare or Medicaid or engaged in certain other wrongful conduct. The 
CMP law also authorized the Secretary to exclude persons from Federal 
health care programs (as defined in section 1128B(f) of the Act, 42 
U.S.C. 1320a-7b(f)) and to direct the appropriate State agency to 
exclude the person from participating in any State healthcare programs 
(as defined in section 1128(h) of the Act, 42 U.S.C. 1320a-7(h)). 
Congress later expanded the CMP law and the scope of exclusion to apply 
to all Federal health care programs, but the CMP applicable to 
beneficiary inducements remains limited to Medicare and State 
healthcare program beneficiaries. Since 1981, Congress has created 
various other CMP authorities covering numerous types of fraud and 
abuse.
2. The Beneficiary Inducements CMP and the Definition of 
``Remuneration''
    Section 1128A(a)(5) of the Act, 42 U.S.C. 1320a-7a(a)(5), the 
``beneficiary inducements CMP,'' provides for the imposition of civil 
monetary penalties against any person who offers or transfers 
remuneration to a Medicare or State healthcare program (including 
Medicaid) beneficiary that the benefactor knows or should know is 
likely to influence the beneficiary's selection of a particular 
provider, practitioner, or supplier of any item or service for which 
payment may be made, in whole or in part, by Medicare or a State 
healthcare program (including Medicaid). Section 1128A(i)(6) of the 
Act, 42 U.S.C. 1320a-7a(i)(6), defines ``remuneration'' for purposes of 
the beneficiary inducements CMP as including ``transfers of items or 
services for free or for other than fair market value.'' Section 
1128A(i)(6) of the Act also includes a number of exceptions to the 
definition of ``remuneration.''
    Pursuant to section 1128A(i)(6)(B) of the Act, any practice 
permissible under the anti-kickback statute, whether through statutory 
exception or regulations issued by the Secretary, is also excepted from 
the definition of ``remuneration'' for purposes of the beneficiary 
inducements CMP. However, no parallel exception exists in the anti-
kickback statute. Thus, the exceptions in section 1128A(i)(6) of the 
Act apply only to the definition of ``remuneration'' applicable to 
section 1128A.
    Relevant to this proposed rulemaking, the Budget Act of 2018 
created a new exception to the definition of ``remuneration'' for 
purposes of the beneficiary inducements CMP. This exception applies to 
``telehealth technologies'' provided on or after January 1, 2019, by a 
provider of services or a renal dialysis facility to an individual with 
end-stage renal disease (ESRD) who is receiving home dialysis for which 
payment is being made under Medicare Part B.

III. Provisions of the Proposed Rule: Anti-Kickback Statute Safe 
Harbors

A. Value-Based Framework

    This section provides background on, and an overarching summary of, 
the framework for value-based arrangements set forth in this proposed 
rulemaking; explains proposed terminology used in certain proposed safe 
harbors; and explains the specific safe harbor proposals to protect 
value-based arrangements (as defined in proposed paragraph 
1001.952(ee)) designed to foster better care at lower cost through 
improved care coordination for patients.
    Our proposals endeavor to remove real or perceived regulatory 
barriers to promote flexible, industry-led innovation in the delivery 
of more efficient and better coordinated healthcare. Further, 
consistent with emerging understandings of the benefits of better care 
coordination and the increasing adoption of value-based care and 
payment models in the healthcare industry, our proposals may support a 
more rapid transition from volume (e.g.,

[[Page 55699]]

FFS reimbursement for office visits, tests, or procedures) toward value 
(e.g., paying for patient or population outcomes).
1. Anti-Kickback Statute Implications of Care Coordination and the 
Value-Based Framework
    Better care coordination--including more effective transitions for 
patients across the care continuum, less duplication of items and 
services, and open sharing of health data (consistent with privacy and 
security rules)--is integrally connected to advancing the transition to 
a value-based healthcare system. Care coordination arrangements, 
especially when linked to appropriate clinical or other value-driven 
outcomes, can help improve health and the patient experience of care; 
enable providers to participate successfully in value-based care and 
payment models; and advance the goals of value-based care: Delivering 
better health outcomes and maximizing desirable efficiency in 
healthcare delivery. For example, OIG's recent report entitled, ``ACOs' 
Strategies for Transitioning to Value-Based Care: Lessons From the 
Medicare Shared Savings Program,'' \15\ highlights the tools--including 
care coordination arrangements--that certain accountable care 
organizations (ACOs) under the Medicare Shared Savings Program have 
deployed successfully to reduce costs and improve quality. Many of the 
strategies discussed in this report involve care coordination, care 
management, and patient engagement, including: engaging beneficiaries 
to improve their own health, managing beneficiaries with costly or 
complex care needs to improve their health outcomes, addressing 
behavioral health needs and social determinants of health, and using 
technology to increase information sharing among providers.\16\
---------------------------------------------------------------------------

    \15\ OIG, ACOs' Strategies for Transitioning to Value-Based 
Care: Lessons From the Medicare Shared Savings Program (July 2019), 
available at https://oig.hhs.gov/oei/reports/oei-02-15-00451.pdf.
    \16\ Id.
---------------------------------------------------------------------------

    Because care coordination often involves arrangements between 
providers that refer Federal health care program patients to one 
another and an exchange of remuneration, the anti-kickback statute may 
be implicated. Moreover, providing patients with remuneration to engage 
and support them in achieving better health outcomes may implicate both 
the anti-kickback statute and the beneficiary inducements CMP.
2. Balancing Innovation With Protection Against Fraud and Abuse Risks
    To remove regulatory barriers to care coordination and support 
value-based arrangements, we are faced with the challenge of designing 
safe harbor protections for emerging healthcare arrangements. The 
optimal form, design, and efficacy of such emerging arrangements remain 
unknown or unproven. This is a key challenge of regulating during a 
period of innovation and experimentation. The challenge of designing 
appropriate safe harbors is exacerbated by: The substantial variation 
in care coordination and value-based arrangements contemplated by the 
healthcare industry (meaning that one-size-fits-all safe harbor designs 
may be less than optimal), variation among patient populations and 
provider characteristics, emerging health technologies and data 
capabilities, the still-developing science of quality and performance 
measurement, and our desire not to chill beneficial innovation.
    It is sometimes difficult to gauge fraud and abuse risk in a 
rapidly evolving environment of substantial innovation, 
experimentation, and deployment of technology and digital data. In some 
cases, innovations and the availability of more actionable, transparent 
data may enhance program integrity and protect against fraud and abuse. 
There is a compelling concern that uncertainty and regulatory 
barriers--real or perceived--could prevent the best and most 
efficacious innovations from emerging and being tested in the 
marketplace. Our goal is to craft safe harbors that, if finalized, 
would protect arrangements that promote value, while also protecting 
against fraud, abuse and associated harms. Over time, we expect that 
best practices in care coordination and value-based payment will 
emerge.
3. Overview of Proposed Safe Harbors
    We are proposing safe harbors for value-based arrangements, with 
greater flexibilities available to parties as they assume more downside 
financial risk for the cost and quality of care. This ``tiered'' 
structure is intended to support the transformation of industry payment 
systems and takes into account that arrangements involving higher 
levels of downside risk curb, at least to some degree, FFS incentives 
to order medically unnecessary or overly costly items and services. We 
propose these safe harbors, recognizing that the transition from an FFS 
to a value-based care and payment system will take time. Where parties 
may have both FFS and value-based payment incentives, we believe 
assuming downside financial risk from a payor for items and services 
furnished to patients helps mitigate incentives that often drive fraud 
and abuse present in traditional FFS.
    For the purposes of this rule, the proposed safe harbors that 
require assumption of risk focus on value-based arrangements with 
substantial downside financial risk (1001.952(ff)) and value-based 
arrangements at full financial risk (1001.952(gg)). While these 
proposed safe harbors largely focus on the assumption of downside 
financial risk, we understand that participants in value-based 
arrangements may assume certain types of risk other than downside 
financial risk for items and services furnished to a target patient 
population (e.g., upside risk, clinical risk, operational risk, 
contractual risk, or investment risk).
    We believe that our focus on downside financial risk is appropriate 
because the assumption of downside financial risk may shift the 
incentives that serve to influence those making the referring and 
ordering decisions, the conduct at the center of the anti-kickback 
statute. We solicit comments on whether, for purposes of a final rule, 
other types of risk would have a comparable effect. We are particularly 
interested in fact patterns that illustrate how other types of risk 
would operate to change ordering or referring behaviors of providers 
and suppliers that might still be paid on an FFS basis or otherwise 
help ensure that safe-harbored arrangements would serve appropriate 
value-based purposes.
    Remuneration has at least two dimensions relevant to this proposed 
rulemaking: (i) Payments by payors; and (ii) remuneration exchanged 
between clinicians, providers, suppliers, and others. Payor payments 
that drive toward value include capitated payments and global budgets 
at one end of the ``value-based payments'' spectrum; shared savings and 
bundled payment mechanisms in the middle; and bonuses and reductions 
applied to FFS payments at the other end of the spectrum. Examples of 
remuneration exchanged among clinicians, providers, suppliers, and 
others include sharing staff, such as care coordinators, or technology, 
such as data analytics tools, to improve quality or efficiency or to 
achieve other performance or outcomes targets, whether set by payors or 
among themselves. In some cases, these parties also may have value-
based payment arrangements among themselves, such as gainsharing or 
shared savings agreements.
    We are proposing a suite of safe harbors that, if finalized, would 
address a variety of scenarios. Collectively, we

[[Page 55700]]

believe these proposed safe harbors, in combination with existing safe 
harbors, would provide pathways for protection for most beneficial care 
coordination and value-based care and payment arrangements. In crafting 
these safe harbors, we have endeavored to be agnostic with respect to 
the composition of the value-based enterprise (VBE), a concept and 
defined term described further below, and scope of protected value-
based arrangements to allow for innovation and experimentation in the 
healthcare marketplace and to foster a level playing field for those 
seeking safe harbor protection, whether they are large health systems 
or individual practitioners. The proposed safe harbors would cover 
value-based arrangements involving both publicly and privately insured 
patients.
    The first proposed safe harbor, at 1001.952(ee), covers care 
coordination arrangements to improve quality, health outcomes, and 
efficiency (``care coordination arrangements'' safe harbor). It covers 
certain in-kind remuneration, including services and infrastructure. 
The second proposed safe harbor, at 1001.952(ff), with greater 
flexibility, covers certain in-kind and monetary arrangements where the 
VBE is at substantial downside financial risk from a payor (as 
defined). The third proposed safe harbor, at 1001.952(gg), is for in-
kind and monetary arrangements where the VBE is at full downside 
financial risk from a payor and allows for even more flexibility. In 
addition, we propose to protect certain outcomes-based compensation 
(regardless of whether it meets the criteria for substantial downside 
financial risk) under the rubric of ``outcomes-based payments'' through 
proposed modifications to the personal services and management 
contracts safe harbor at 1001.952(d), as discussed in the section 
III.J. below.
    We are mindful of the role patient engagement can play in improved 
coordination of patient care and health outcomes. Thus, we are 
proposing a safe harbor at 1001.952(hh) for arrangements for patient 
engagement and support to improve quality, health outcomes, and 
efficiency (the ``patient engagement and support'' safe harbor). We are 
further proposing a separate safe harbor at 1001.952(ii) for care 
delivery and payment arrangements as well as beneficiary incentives 
pursuant to certain CMS-sponsored models, including Innovation Center 
models. This proposed safe harbor would largely, if not entirely, 
replace OIG's current model-by-model fraud and abuse waiver process for 
CMS-sponsored models. The requirements of each proposed safe harbor are 
discussed in detail below.
    As always, all safe harbor conditions would need to be precisely 
met for safe harbor protections to apply. Many value-based arrangements 
and activities may qualify for existing safe harbor protections, 
including under the employees safe harbor (1001.952(i)), the EHR items 
and services safe harbor (1001.952(y)), the personal services and 
management contracts safe harbor (1001.952(d)), the local 
transportation safe harbor (1001.952(bb)), and the several safe harbors 
pertaining to health plans and managed care organizations set forth at 
1001.952(l), (m), (t), and (u). Many others may not raise anti-kickback 
issues at all if they do not relate to Federal health care program 
beneficiaries or are not tied in any way to the volume or value of 
Federal health care program business. (Likewise, with respect to 
compliance with the beneficiary inducements CMP, patient engagement and 
support arrangements and activities may fit in existing exceptions to 
the CMP law, may be within applicable nominal value limits, or may not 
raise concerns under that statute if they do not relate to Medicare or 
Medicaid patients or are not likely to influence the selection of 
providers, practitioners, or suppliers.)
    In the next section, we describe the proposed definitions for 
several key terms used in the proposed safe harbors for value-based 
arrangements at proposed paragraphs 1001.952(ee), (ff), and (gg) for 
care coordination arrangements, value-based arrangements with 
substantial downside financial risk, and value-based arrangements at 
full financial risk, respectively. We then describe each proposed safe 
harbor in detail. Related proposed modifications to the personal 
services and management contracts safe harbor (1001.952(d)) for 
outcomes-based payments (where there is no substantial downside 
financial risk) are described at section III.J. The patient engagement 
and support safe harbor is described at section III.F. The proposed 
safe harbor for CMS-sponsored models, including Innovation Center 
models, is described at section III.G.

B. Proposed Value-Based Terminology (1001.952(ee))

    We propose definitions for key terms in paragraph 1001.952(ee). 
These terms are used consistently in several proposed safe harbors. The 
proposed defined terms are intended to work in conjunction with one 
another to describe the universe of value-based arrangements 
potentially eligible for proposed safe harbor protection and of 
individuals and entities that can engage in protected arrangements, 
provided all conditions of a specific safe harbor are squarely met.
    Generally speaking, when read together, the proposed terminology 
and safe harbors are intended to protect care coordination and support 
value-based arrangements where, as a threshold matter, the arrangements 
are under the auspices of a VBE (of any size, and as further defined in 
proposed paragraph 1001.952(ee)) that is essentially a network of 
participants (such as clinicians, providers, or suppliers) that has 
agreed to collaborate to, for example: (i) Put the patient at the 
center of care through improved care coordination, (ii) increase 
efficiencies in the delivery of care, and (iii) improve quality of care 
and health outcomes for patients or populations. The VBE has value-
based purposes and its participants enter into value-based arrangements 
for value-based activities to further those purposes.
    Wherever possible and appropriate, it is our intent to align our 
proposed value-based terminology with those that CMS proposes in its 
notice of proposed rulemaking regarding the physician self-referral 
law, ``Modernizing and Clarifying the Physician Self-Referral 
Regulations.'' Because of the close nexus between the value-based 
terminology in our proposed rule and CMS's proposed terminology, we may 
also consider for purposes of making determinations for a final rule 
comments submitted about value-based terminology in response to CMS's 
proposed rule.
    We use the term ``value-based'' in our proposed terminology in a 
non-technical way to signal value produced through improved care 
coordination, improved health outcomes, lower costs or reduced growth 
of costs for patients and payors, and improved efficiencies in the 
delivery of care. We recognize that our use of the words ``value'' and 
``value-based'' here do not necessarily capture all dimensions of value 
in healthcare. We solicit comments on our approach, as well as comments 
on whether we should define ``value'' specifically in the final rule, 
and if so, how best to define ``value'' as it pertains to care 
coordination and value-based payment. For example, we are considering 
for the final rule whether ``value'' should be defined with reference 
to financial arrangements under advanced APMs (whether HHS or other 
payor models).
1. Value-Based Enterprise (VBE)
    We propose to use the term ``value-based enterprise'' to describe 
the

[[Page 55701]]

network of individuals and entities that collaborate together to 
achieve one or more value-based purposes (as defined in proposed 
paragraph 1001.952(ee)). As defined in this rulemaking, and as a 
general matter, the VBE would delineate the universe of individuals and 
entities participating in arrangements eligible for safe harbor 
protection, if all safe harbor conditions are fully met. The VBE also 
would be accountable for ensuring that such protected arrangements are 
conducted under the auspices of the VBE.
a. Two or More VBE Participants
    First, we propose that VBE would mean two or more VBE participants 
(as defined in proposed paragraph 1001.952(ee)) that are collaborating 
to achieve at least one value-based purpose. VBEs may take many 
different forms, and we intend for the definition of ``VBE'' to be 
flexible. For example, a VBE could be as small as two individual 
physician practices collaborating to coordinate care for shared 
patients. The same term also could cover a formal or informal network 
of hospital systems, post-acute care providers, and physician 
practices. An accountable care organization or health system comprised 
of hospitals and physician practices, for example, could also 
constitute a VBE.
b. Party to a Value-Based Arrangement
    Second, we propose that each VBE participant in the VBE must be a 
party to a value-based arrangement (as defined below) with at least one 
other VBE participant from the same VBE. In the case of a VBE comprised 
of two VBE participants, the two VBE participants would need to be 
engaged in a value-based arrangement with each other. We intend for 
this criterion to ensure that parties qualifying as part of a VBE are 
contributing to a value-based arrangement. Consistent with our 
intention to provide flexibility for innovation, VBE participants could 
engage in one or multiple value-based arrangements, so long as all of 
the value-based arrangements further the value-based purpose(s) of the 
VBE.
c. Accountable Body
    Third, we propose that the VBE must have an accountable body (such 
as a board of directors or other governing body) or person (which, 
depending on the size and scope of the VBE, may be an entity, such as a 
hospital or physician practice that is among the VBE participants, or 
an individual) responsible for financial and operational oversight of 
the VBE. As part of its oversight role, we expect that the accountable 
body or responsible person would serve as the ``gatekeeper'' to the 
VBE, with a process and criteria to ensure that those admitted to the 
VBE after its formation as VBE participants have a legitimate role in 
the VBE and in VBE arrangements and that VBE participants are not 
participants in name only. In addition to ensuring operational and 
financial oversight, we believe the accountable body or responsible 
person would be positioned to identify program integrity issues and to 
initiate action to address them, as necessary and appropriate. We are 
considering for the final rule, and solicit comment on, whether the VBE 
or its participants should be required to have a compliance program 
that covers at least those value-based arrangements for which safe 
harbor protection is sought and whether the accountable body or person 
should have responsibility for the compliance program.
    The arrangements that would be protected by these proposed safe 
harbors would not have the benefit of programmatic oversight comparable 
to CMS-sponsored models. Accordingly, we view this accountability 
criterion as important to ensure that arrangements operate for their 
designated value-based purpose(s) and as a key safeguard to ensure that 
value-based arrangements are aligned with at least one value-based 
purpose and not misused for purposes that raise program integrity 
concerns (e.g., arrangements that encourage providers to steer patients 
in ways that are not in the patients' best interests or stint on 
medically necessary care).
    The oversight role may include, depending on the applicable 
proposed safe harbor at 42 CFR 1001.952(ee), (ff), and (gg) and how the 
applicable VBE effectuates safe harbor requirements, monitoring whether 
VBE participants are performing under their value-based arrangements in 
a manner that furthers the coordination and management of care for the 
target patient population. We are considering for the final rule a 
requirement that all VBE participants affirmatively recognize the 
oversight role of the accountable body or responsible person and 
explicitly agree to cooperate with its oversight efforts (e.g., by 
requiring the inclusion of a statement to this effect in the applicable 
written agreement).
    We also are considering for the final rule whether the accountable 
body or responsible person (or some other party or parties to value-
based arrangements addressed by the proposed safe harbors) should have 
more specific oversight responsibilities, such as oversight related to 
utilization of items and services, cost, quality of care, patient 
experience, adoption of technology, and the quality, integrity, 
privacy, and security of data related to the arrangement (such as 
outcomes, quality, and payment data). To facilitate effective 
oversight, we are considering for the final rule whether VBEs should be 
required to implement reporting requirements for their VBE participants 
or mechanisms for obtaining access to, and verifying, VBE participant 
data concerning performance under any value-based arrangement.
    We welcome comments on this approach or any different or additional 
actions that may help ensure effective ongoing oversight.
    We intend for VBEs to implement the criterion regarding the 
accountable body or responsible person in a manner that is tailored to 
the complexity and sophistication of the VBE. For example, a VBE 
involving two physician practices with a single value-based arrangement 
could designate one of the physician practices (or its compliance 
professional) as the individual responsible for this oversight. Where 
the VBE is larger and involves numerous sophisticated entities, it 
might be advisable and a best practice to create a separate governing 
body to serve as the accountable body, overseeing the VBE.
    The proposed definition of ``VBE'' does not require the VBE's 
accountable body or responsible person to be independent of the 
interests of individual VBE participants (which would preclude a VBE 
participant from acting as the accountable body or responsible person) 
or to have a distinct duty of loyalty to the VBE. However, to provide 
further assurances that a VBE's accountable body or responsible person 
is acting in furtherance of the VBE's value-based purpose(s) and not 
any one VBE participant's individual interests, we are considering for 
the final rule imposing a standard requiring either independence or a 
duty of loyalty as a criterion of this definition or as a safe harbor 
requirement. We solicit comments on the benefits, burdens, and 
challenges of this approach.
d. Governing Document
    Fourth, we propose that each VBE must have a governing document 
that describes the VBE and how the VBE participants intend to achieve 
its value-based purpose(s). The intent of this requirement is to 
provide transparency regarding the structure of the VBE, the VBE's 
value-based purpose(s), and the VBE participants' roadmap for achieving 
such purpose(s). This document may include any other terms the VBE 
participants deem important. The governing document need not be formal 
bylaws or in another specific format.

[[Page 55702]]

Written documentation recording the terms of a value-based arrangement 
may serve as the required VBE governing document, provided it describes 
the enterprise and how the parties intend to achieve its value-based 
purpose(s).
e. VBE's Assumption of Downside Financial Risk
    Lastly, we note that two of our proposed safe harbors require that 
a VBE has assumed downside financial risk from a payor. We anticipate 
that VBEs could contract with payors and other entities in a variety of 
ways. For example, a VBE comprised of a large number of VBE 
participants across a range of healthcare settings might create a 
standalone legal entity that enters into contracts directly with payors 
on the VBE participants' behalf. Alternatively, one VBE participant 
might contract with payors on behalf of other VBE participants within 
the VBE. In the latter example, the VBE would still be required to be 
at risk, but it would be through one of its VBE participants rather 
than through a contract directly with the payor.
2. Value-Based Arrangement
    The proposed safe harbors at 42 CFR 1001.952(ee), (ff), and (gg) 
would protect remuneration paid or exchanged pursuant to a ``value-
based arrangement'' if all conditions are met. We propose to define a 
value-based arrangement as ``an arrangement for the provision of at 
least one value-based activity for a target patient population between 
or among: (A) The value-based enterprise and one or more of its VBE 
participants; or (B) VBE participants in the same value-based 
enterprise.'' We intend for these requirements to ensure that each 
value-based arrangement is aligned with the VBE's value-based 
purpose(s) and subject to its financial and operational oversight. Our 
proposed definition is intended to capture arrangements for care 
coordination and certain other value-based activities among VBE 
participants within the same VBE.
    Addressing each requirement of the definition in turn, we first 
propose to require that the value-based arrangement include at least 
one value-based activity (as defined in proposed paragraph 
1001.952(ee)) to be undertaken by the parties. We would expect that 
many value-based arrangements would be comprised of multiple value-
based activities.
    Second, we propose that the value-based arrangement's value-based 
activities must be undertaken with respect to a target patient 
population (as defined in proposed paragraph 1001.952(ee)). That is, 
the value-based arrangement, and its value-based activities, must be 
tailored to meet the needs of a defined patient population. This 
element further ties the value-based arrangement to care coordination 
of patients and value-based goals. We note that the definition of 
``value-based arrangement'' is broad enough to cover commercial and 
private insurer arrangements.
3. Target Patient Population
    We propose to define ``target patient population'' as ``an 
identified patient population selected by the VBE or its VBE 
participants using legitimate and verifiable criteria that: (A) Are set 
out in writing in advance of the commencement of the value-based 
arrangement; and (B) further the value-based enterprise's value-based 
purpose(s).'' Our intent in defining this term is to protect value-
based arrangements that serve an identifiable patient population for 
whom the value-based activities likely would improve health outcomes or 
lower costs (or both). By using the terms ``legitimate and 
verifiable,'' we seek to ensure the target patient population selection 
process is transparent and that VBE participants select their target 
patient population in an objective manner based on criteria that 
further the applicable value-based arrangement's value-based 
purpose(s). If VBE participants selectively include patients in a 
target patient population for purposes inconsistent with the objectives 
of a properly structured value-based arrangement (e.g., cherry picking 
or lemon dropping patients), we would not consider such a selection 
process to be based on ``legitimate and verifiable criteria that 
further the value-based enterprise's value-based purpose(s).''
    This proposed definition is not limited to Federal health care 
program beneficiaries. For example, VBE participants seeking to enhance 
access to, and usage of, primary care services for patients 
concentrated in a certain geographic region might base the target 
patient population on ZIP Code or county of residence. If a value-based 
arrangement is focused on enhancing care coordination for patients with 
a chronic disease, the target patient population might be patients with 
that disease (e.g., congestive heart failure). VBE participants might 
also, for example, use data to identify a target patient population at 
increased risk of developing a chronic disease for improved care 
coordination under a value-based arrangement.
    We are considering for the final rule and solicit comments on 
limiting the definition of ``target patient population'' to patients 
with a chronic condition, or alternatively, limiting any or all of the 
proposed safe harbors that use the target patient population definition 
to value-based arrangements for patients with a chronic condition. We 
might effectuate this approach through changes to the scope of the 
target patient population definition or other definitions, including 
value-based activity, value-based arrangement, and value-based purpose.
    This alternative proposal is in recognition that patients with 
chronic conditions may be more susceptible to comorbidities, requiring 
care across the health spectrum, and thus most likely to benefit from 
the care coordination central to this proposed rule. To the extent we 
include such a limitation in the final rule, either by definition or 
through a safe harbor requirement, we are considering how to define 
``chronic condition,'' and whether OIG should cross-reference other 
Medicare or Medicaid program guidelines or rules related to chronic 
conditions. In particular, we are considering and seek comment on 
defining ``chronic condition'' as the list of 15 Special Needs Plans 
(SNP)-specific chronic conditions developed by the SNP Chronic 
Condition Panel, as may be modified from time to time.\17\ As new 
chronic conditions are identified, and as existing conditions benefit 
from life-prolonging technological advances, we are mindful that any 
definition of ``chronic condition'' might need flexibility to expand to 
remain appropriately inclusive and consistent with clinical 
understandings.
---------------------------------------------------------------------------

    \17\ CMS, Chronic Condition Special Need Plans (C-SNP), List of 
Chronic Conditions, https://www.cms.gov/Medicare/Health-Plans/SpecialNeedsPlans/Chronic-Condition-Special-Need-Plans-C-SNP.html#s1.
---------------------------------------------------------------------------

    As an additional alternative, we are considering for purposes of 
the final rule, and solicit comments on, limiting the definition of 
``target patient population'' to patients with a shared disease state 
that would benefit from care coordination.
    We seek comment on how best to address the need for flexibility in 
any final rule, especially should we limit a final safe harbor to 
patients with a chronic condition or shared disease state. Moreover, we 
are interested in feedback on impacts of such limitations on the 
ability of VBE participants to provide better coordinated care for 
other categories of patients, including patients discharged from 
hospitals following acute care, patients requiring maternal

[[Page 55703]]

care, patients needing preventive care, and patients with mental health 
conditions.
    Additionally, we solicit comments on whether we should replace 
``legitimate and verifiable'' in this proposed definition with language 
that would require VBE participants to have more parameters and 
structure with respect to their selection of the target patient 
population and are considering whether use of the term ``evidence-
based'' would achieve this goal. (Our proposed interpretation of 
``evidence-based'' is addressed below in our discussion of the proposed 
safe harbor for care coordination arrangements.)
    Last, we are considering for the final rule, and seek comments on, 
whether and if so how, parties other than VBE participants should or 
could be involved in selecting the target patient population. For 
example, we are considering for the final rule the role of payors in 
identifying or selecting the target patient population or establishing 
outcome measures with respect to a value-based arrangement. While 
payors might not be parties to a value-based arrangement, we believe 
many care coordination and other value-based arrangements may be 
entered into in order to achieve performance or outcome goals set by 
payors. We seek feedback on the potential benefit, including any 
reduced program integrity risks, of allowing or requiring payors to 
select either or both the target patient population and relevant 
outcome measures and targets (for purposes of the definitions, safe 
harbors, or both). If there would be benefit in doing so, we seek 
feedback on how best to implement such a permission or requirement. We 
also seek feedback on whether, for purposes of the final rule, we 
should treat as a favorable factor that a value-based arrangement (or 
outcomes-based payment arrangement) aligns its target patient 
population or its outcome measures and targets with payor-driven 
incentives.
4. Value-Based Activity
    For purposes of these safe harbors, we propose that the term 
``value-based activity'' would mean ``any of the following activities, 
provided that the activity is reasonably designed to achieve at least 
one value-based purpose of the value-based enterprise: (A) the 
provision of an item or service; (B) the taking of an action; or (C) 
the refraining from taking an action.'' ``Value-based activity'' does 
not include the making of a referral.
    We are considering for the final rule whether to interpret 
``reasonably designed'' to mean that the value-based activities set 
forth in the value-based arrangement are expected to further the value-
based purpose of the arrangement. While this standard would not require 
that the value-based purpose actually be achieved, we are considering 
whether to require in the final rule that the VBE participants entering 
into the value-based arrangement engage in an evidence-based process to 
design value-based activities that they believe will reach such a goal. 
Our proposed interpretation of ``evidence-based'' for purposes of this 
proposed rule is addressed below in our discussion of the proposed care 
coordination arrangements safe harbor.
    With this definition, we acknowledge that a ``value-based 
activity'' may encompass not only affirmative actions taken by VBE 
participants (e.g., providing care coordinators to help patients with 
complex needs navigate the transition from a hospital to their homes) 
but also instances of inaction (e.g., refraining from ordering certain 
items or services in accordance with a medically appropriate care 
protocol that reduces the number of required steps in a given 
procedure). Under no circumstances would simply making a referral 
constitute a ``value-based activity.''
    Lastly, we are considering for the final rule expressly excluding 
from the definition of ``value-based activity'' any activity that 
results in information blocking. Similar to the concerns articulated in 
the section detailing our proposed modifications to the electronic 
health records safe harbor, we seek to preclude from protection under 
our proposed safe harbors at 42 CFR 1001.952(ee), (ff), and (gg) any 
arrangement that may, on its face, meet our definition of ``value-based 
activity'' but that ultimately is used to engage in practices of 
information blocking (e.g., the donation of health information 
technology that may facilitate care coordination across providers 
participating in the VBE, but also prevents or unreasonably interferes 
with the exchange of electronic health information with other providers 
in order to lock-in referrals between such providers). Information 
blocking practices that may affect value-based activities include, but 
are not limited to, (i) locking electronic health information into the 
VBE or keeping it only between VBE participants, or (ii) preventing 
referrals or other electronic health information from leaving the VBE 
or being transmitted from a VBE participant to another healthcare 
provider. This exclusion would be based on the definition and 
exceptions for ``information blocking'' in the 21st Century Cures Act 
and the Office of the National Coordinator for Health Information 
Technology (ONC), HHS Notice of Proposed Rulemaking ``21st Century 
Cures Act: Interoperability, Information Blocking, and the ONC Health 
IT Certification Program,'' to the extent such definition and 
exceptions are finalized.
5. VBE Participant
    We propose to define ``VBE participant'' as ``an individual or 
entity that engages in at least one value-based activity as part of a 
value-based enterprise.'' Depending upon the terms and requirements of 
the value-based arrangement (and the conditions of the relevant safe 
harbor), ``engaging in'' a value-based activity may be, for example, 
(i) performing an action to achieve certain quality or outcome metrics 
and the providing or receiving of payment for such achievement, or (ii) 
coordinating care to achieve better outcomes or efficiencies (e.g., 
sharing staff or infrastructure to improve the discharge planning and 
care follow-up process between two VBE participants). Subject to the 
limitations proposed below, such term would broadly include clinicians, 
providers, and suppliers, as well as other individuals and entities. 
Potential VBE participants could be, by way of example only, physician 
practices, hospitals, payors, post-acute providers, pharmacies, chronic 
care and disease management companies, and social services 
organizations. Given that our proposed definition may encompass non-
traditional healthcare entities, and our experience with respect to 
financial arrangements between such entities and providers and 
suppliers is limited, we are considering for the final rule, and 
solicit comments on, any fraud and abuse risks that financial 
arrangements with these entities may present and what, if any, 
additional safeguards we may need to place around these entities' 
participation in value-based arrangements under the proposed safe 
harbors.
a. Entities Not Included as VBE Participants
    The ``VBE participant'' definition expressly excludes 
pharmaceutical manufacturers; manufacturers, distributors, or suppliers 
of durable medical equipment, prosthetics, orthotics or supplies 
(DMEPOS); and laboratories. On the basis of our historical enforcement 
and oversight experience, we are concerned that some companies within 
these types of entities, which are heavily dependent upon practitioner 
prescriptions and referrals, might misuse the proposed

[[Page 55704]]

safe harbors primarily as a means of offering remuneration to 
practitioners and patients to market their products, rather than as a 
means to create value for patients and payors by improving the 
coordination and management of patient care, reducing inefficiencies, 
or lowering health care costs. For example, we are concerned that these 
entities might create arrangements styled as value-based arrangements 
that serve to tether clinicians or patients to the use of a particular 
product (e.g., a drug or implantable device, such as a device with a 
mechanical or physical effect on the body) when a different product 
could be more clinically effective for the patient. Moreover, 
pharmaceutical manufacturers, and manufacturers, distributors, and 
suppliers of DMEPOS, and laboratories are less likely to be on the 
front line of care coordination and treatment decisions in the same way 
as other types of proposed VBE entities, such as hospitals, physicians, 
and remote monitoring companies that provide care coordination and 
management tools and services directly to patients. We solicit comments 
on whether this assumption is correct, along with examples of the 
specific roles played by these entities in coordinating and managing 
care for patients.
    We note that we received comments in response to the OIG RFI from 
pharmaceutical manufacturers seeking safe harbor protection for a 
variety of emerging outcomes-based and value-based contracting 
practices for their pharmaceutical products, as well as related patient 
medication adherence and similar programs. We also acknowledge that 
some pharmaceutical manufacturers may help facilitate care coordination 
and management of care through, for example, data analytics associated 
with their pharmaceutical products furnished to purchasers of their 
products. These kinds of manufacturer arrangements raise different 
program integrity issues from those addressed in this rulemaking and 
would likely require different safeguards. We are considering 
pharmaceutical manufacturers' role in coordination and management of 
care and may address it in future rulemaking. We may also consider 
specifically tailored safe harbor protection for value-based 
contracting and outcomes-based contracting for the purchase of 
pharmaceutical products (and potentially other types of products) in 
future rulemaking.
    We are considering for the final rule whether some or all of the 
entities we propose to exclude from the definition of a ``VBE 
participant'' and from the proposed safe harbor for outcomes-based 
compensation under the personal services and management contracts safe 
harbor should be included in the definition of ``VBE participant'' and 
potentially protected by the applicable safe harbors. We are interested 
in comments with examples of how and the extent to which the entities 
we propose to exclude participate in the coordination and management of 
care for patients and whether and how they may be involved in providing 
beneficial health technology, including digital technology, used to 
coordinate and manage care and improve health outcomes. We also are 
considering and are interested in comments on additional safeguards we 
could include in the safe harbors to: (i) Prevent abusive marketing 
practices with respect to the items and services these entities (or 
other entities, not excluded from the proposed definition of ``VBE 
participant'') sell to patients, payors, and providers (e.g., practices 
that include payments to physicians, hospitals, or patients to reward 
them for ordering the entity's products); (ii) protect clinical 
decision-making about products that are in the patient's best medical 
interests and patient freedom of choice; and (iii) reduce the risk of 
inappropriate cost-shifting to Federal health care programs and 
inappropriate increased costs to Federal health care programs. We are 
considering whether to include a safeguard, in the applicable proposed 
safe harbors, that would preclude protection for value-based 
arrangements and outcomes-based payments that include exclusivity 
requirements, such as a requirement that the VBE participant is the 
exclusive provider of care coordination items or services or the 
exclusive provider of a reimbursable item or service. We are further 
considering whether to impose certain heightened standards and 
conditions on certain entities that would receive safe harbor 
protection, such as enhanced monitoring, reporting, or data submission 
requirements or some or all of the conditions presented in the 
discussion of proposed 1001.952(ee) below.
    While pharmaceutical manufacturers and other listed entities would 
not be eligible for protection under the proposed safe harbors for 
value-based arrangements, patient engagement and support, and revisions 
related to outcomes-based payments included in the personal services 
and management contracts safe harbor, other elements of this proposed 
rule would be available to them. As explained below, we propose certain 
other modifications to the personal services and management contracts 
safe harbor that would be available, including greater flexibility for 
part-time arrangements and arrangements in which the aggregate 
compensation is not known in advance. These entities also would be 
eligible under the proposed safe harbors for cybersecurity items and 
services and for CMS-sponsored models, as well as for the proposed 
modifications to the warranties safe harbor. Further, we solicit 
comments on potential revisions to the reporting requirements in the 
warranties safe harbor that could accommodate outcomes-based warranty 
arrangements that excluded manufacturers and suppliers may want to 
undertake. Lastly, we note that pharmaceutical manufacturers or other 
entities we propose to exclude from the definition of ``VBE 
participant'' may use the OIG's advisory opinion process for value-
based or other arrangements they may want to undertake.
    We are considering for the final rule, and seek comments on, 
whether we should exclude other entities from the definition of ``VBE 
participant.'' For example, we are considering excluding pharmacies 
(including compounding pharmacies) from the definition of ``VBE 
participant.'' We acknowledge that some pharmacies (and pharmacists) 
have the potential to contribute to the type of beneficial value-based 
arrangements this rulemaking is designed to foster (e.g., through 
medication adherence programs or educational services for patients with 
diabetes). However, pharmacies, like the entities we propose to exclude 
from the definition of ``VBE participant,'' primarily provide items, 
and we are concerned that their participation in value-based 
arrangements may not further the care coordination purposes of this 
rulemaking. We seek comments on beneficial arrangements pharmacies may 
want to undertake under the new value-based framework and any 
safeguards we could implement in the final rule if we were to allow 
such entities to participate in value-based arrangements eligible for 
safe harbor protection. We are further considering for the final rule 
whether specific types of pharmacies, such as compounding pharmacies, 
should be excluded as VBE participants even if others, such as retail 
and community pharmacies, are included. In particular, we are concerned 
that pharmacies that specialize in compounding pharmaceuticals may pose 
a heightened risk of fraud and abuse, as evidenced by our enforcement 
experience, and would not play a direct role in patient care 
coordination.

[[Page 55705]]

    We also are considering for the final rule excluding pharmacy 
benefits managers (PBMs), wholesalers, and distributors from the 
definition of ``VBE participant'' for reasons comparable to those for 
excluding pharmaceutical manufacturers.\18\ We may further consider the 
role of these entities in care coordination and management in future 
rulemaking. We are aware that PBMs are increasingly providing services 
related to the coordination of care for patients. We are interested in 
comments with examples demonstrating how PBMs engage in care 
coordination and management with healthcare providers and suppliers, as 
well as insights into the risks and benefits of including PBMs as VBE 
participants eligible to enter into value-based arrangements that could 
qualify for safe harbor protection if all conditions are satisfied.
---------------------------------------------------------------------------

    \18\ Note that, should we adopt, as discussed below, the 
definition of ``applicable manufacturer'' set forth in 42 CFR 
403.902, such definition would include distributors and wholesalers 
(which include re-packagers, re-labelers, and kit assemblers) that 
hold title to a covered drug, device, biological, or medical supply.
---------------------------------------------------------------------------

b. Health Technology Companies
    We are mindful that a growing number of companies are providing 
mobile health and digital technologies to physicians, hospitals, 
patients, and others for the coordination and management of patients 
and their healthcare, and such companies are eligible to be VBE 
participants under the proposed definition. These companies provide a 
range of services such as remote monitoring, predictive analytics, data 
analytics, care consultations, patient portals, and telehealth and 
other communications that may be used by providers, clinicians, payors, 
patients, and others to coordinate and manage care, improve the quality 
and safety of care, and increase efficiency. These companies also 
furnish a variety of devices, technologies, software, and applications 
that support their services, are used by customers to coordinate and 
monitor patient care and health outcomes (for individuals and 
populations), or are used directly by patients and their caregivers to 
monitor their health, manage treatment, and communicate and access 
patient medical information. For example, we are aware of companies 
that provide diabetes management services, leveraging devices that can 
be worn or attached to the body to monitor blood sugar levels and 
transmit that data, through an application to a cloud storage service, 
for review by patients and the clinicians managing the patients' 
diabetes care.
    We are further aware that mobile health and digital health 
technology companies may be newer entrants to the healthcare 
marketplace or they may be existing companies. In some cases, they are 
existing healthcare companies that have developed new lines of business 
in digital health technology. For example, in some cases, they are 
companies that have historically manufactured medical devices 
reimbursed by Federal health care programs and have developed digital 
technologies that are used in conjunction with medical devices, such as 
pacemakers. It is our understanding that, depending on the company's 
business model, what is included as part of the Food and Drug 
Administration (FDA)-approved device, and payor coverage 
determinations, the digital technologies and associated functionalities 
may be included as part of the customer's cost of the medical device, 
or they may be part of a separate services arrangement.
    These technologies hold promise for improving care coordination and 
health outcomes through monitoring of real-time patient data and 
detection and prevention of health problems. We are concerned, however, 
and solicit public comments, about the risk that some companies that 
manufacture medical devices covered by Federal health care programs, 
particularly implantable devices used in a hospital or ambulatory 
surgical center setting, might misuse value-based arrangements to 
disguise improper payments for care coordination intended as kickbacks 
to purchase the medical devices they manufacture. This concern arises 
from historical law enforcement experience, including large False 
Claims Act settlements involving kickbacks paid to physicians, 
hospitals, and ambulatory surgery centers to market various medical 
devices, such as devices used for invasive procedures; in some cases, 
these schemes resulted in patients getting medically unnecessary 
surgeries. OIG also has longstanding anti-kickback concerns about 
physician-owned distributorships because the financial incentives 
physician-owned distributorships offer to their physician-owners may 
induce the physicians both to perform more procedures (or more 
extensive procedures) than are medically necessary and to use the 
devices the physician-owned distributorships sell in lieu of other, 
potentially more clinically appropriate, devices.\19\
---------------------------------------------------------------------------

    \19\ OIG, Special Fraud Alert: Physician-Owned Entities (Mar. 
26, 2013), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/2013/POD_Special_Fraud_Alert.pdf.
---------------------------------------------------------------------------

    To address these concerns, we are considering for the final rule 
the exclusion of some or all device manufacturers under the definition 
of ``VBE participant'' and from protection under the various proposed 
safe harbors, including the exclusion from participation in outcomes-
based payment arrangements under proposed 1001.952(d)(2) and (3). As 
with pharmaceutical manufacturers, it is not clear that all device 
manufacturers play a comparable role in the coordination and management 
of patient care as those entities proposed to come within the 
definition of a VBE participant. We solicit comments about this 
assumption and the roles that traditional device manufacturers play in 
care coordination and management. Also, as with issues raised by 
arrangements involving pharmaceutical manufacturers, we are considering 
future safe harbor rulemaking to address specifically tailored 
protection for value-based and outcomes-based contracting for device 
manufacturers. This proposed rule focuses primarily on arrangements to 
coordinate and manage the care of patients, and does not, for example, 
address purchase and sale arrangements for covered items and services. 
We may take up the issue of purchase and sale arrangements, including 
consideration of modifications to the discount safe harbor or 
additional modifications to the warranties safe harbor, in future 
rulemaking.
    We recognize that defining a universe of device manufacturers that 
would be excluded would present difficulties, and we are interested in 
public feedback on the following issues. First, there is no specific 
definition of a device manufacturer or medical device manufacturer in 
the Medicare program. As explained below, in the absence of a Medicare 
definition, we are considering several other approaches. Second, any 
definition of the term ``device manufacturer'' may be so broad as to 
sweep in virtually any kind of device or health technology, including 
the kinds of digital and remote monitoring technology that may support 
and improve care coordination. Relatedly, given that many companies 
pursue multiple lines of business and that digital technologies are 
being integrated into traditional medical devices, it may not be 
possible to distinguish clearly a traditional medical device 
manufacturer from a health technology company.
    OIG is considering for the final rule, and seeks comments 
regarding, whether to define medical device manufacturers using CMS's 
definition of ``applicable manufacturer'' in 42 CFR 403.902,

[[Page 55706]]

which relates to the ``Sunshine'' provisions of the ACA (section 6002 
of the ACA, which added section 1128G to the Act). We also are 
considering, and seek comment on, whether any definition of ``device 
manufacturer'' should include an entity that manufacturers any item 
that requires premarket approval by, or premarket notification to, the 
FDA or that is classified by the FDA as a medical device. We are 
further considering whether we could define a device manufacturer, in 
whole or in part, with respect to whether the item it manufactures is 
eligible for separate or bundled payment from a Federal health care 
program or other payor or is used in a test that is eligible for 
separate or bundled payment from a Federal health care program or other 
payor. We are considering whether the definition of a device 
manufacturer should include distributors or wholesalers when they are 
distributing or selling devices manufactured by a device manufacturer. 
With respect to these proposed definitional approaches, we solicit 
public comments on whether the proposals would be too broad or too 
narrow, including whether they would have the effect of excluding from 
the safe harbors companies that develop and provide digital or other 
health technologies for care coordination and patient engagement. We 
are interested in other recommended definitions that would exclude 
medical device manufacturers without limiting beneficial digital 
technologies, or recommended factors that we should consider if we were 
to craft a definition of ``device manufacturer'' or ``medical device 
manufacturer.''
    Finally, apart from excluding device manufacturers, we are 
considering, and solicit comments on, whether to include additional 
safeguards in the final safe harbors to mitigate risks of abuse. These 
safeguards might apply specifically to arrangements involving VBE 
participants that are health technology companies or device 
manufacturers or more broadly to all VBE participants. Specifically, as 
stated above, we are considering and are interested in comments on 
safeguards that (i) prevent abusive marketing practices with respect to 
the items and services these the companies sell to patients, payors, 
and providers (e.g., practices that include payments to physicians, 
hospitals, or patients to reward them for ordering the company's 
products); (ii) protect independent clinical decision making about 
products that are in the patient's best medical interests and patient 
freedom of choice; and (iii) reduce the risk of inappropriate cost-
shifting or inappropriately increasing costs to Federal health care 
programs. We are considering whether to include a safeguard in the 
final rule that would preclude protection for value-based arrangements 
that include exclusivity requirements, such as a requirement that the 
VBE participant is the exclusive provider of care coordination items or 
services or the exclusive provider of a reimbursable item or service. 
We are furthering considering whether heightened standards and 
conditions could include enhanced monitoring, reporting, or data 
submission requirements or some or all of the conditions presented in 
the proposed rule's discussion of proposed 1001.952(ee).
c. Alternatives to ``VBE Participant'' Exclusion List
    We are interested in comments on whether, instead of excluding 
broad categories of entities from the definition of ``VBE 
participant,'' we should distinguish among entities that would be 
included or excluded from the definition on the basis of factors such 
as product type, company structure, heightened fraud risk, or other 
features. We solicit similar input with respect to exclusions from the 
proposed revisions to the personal services and management contracts 
safe harbor related to outcomes-based payments.
    Making distinctions by product or arrangement type might alleviate 
some of the difficulty presented by the increasing integration of 
healthcare company business lines and the movement of traditional 
healthcare companies into digital health technology. In this regard, we 
are considering for the final rule whether to address program integrity 
concerns regarding potentially abusive drug, device, DMEPOS, and 
laboratory arrangements by regulating the type of items, goods, or 
services that can be included in an arrangement eligible for safe 
harbor protection (under any of the proposed safe harbors) rather than 
regulating the types of entities included and excluded. For example, we 
might include arrangements involving the use of mobile or digital 
technology to coordinate care or achieve outcomes-based payments but 
exclude arrangements for the sale or distribution of implantable 
medical devices (e.g., devices with a mechanical or physical effect on 
the body) or durable medical equipment. In determining for a final rule 
which products or arrangements would be included and excluded from safe 
harbor protection, we would take into account any heightened fraud risk 
based on enforcement experience, CMS's experience administering 
provider enrollment, claims analysis, and other data sources. We are 
interested in feedback on which kinds of products or arrangements, if 
any, should be excluded from safe harbor protection based on heightened 
fraud risk and examples of such arrangements.
    As another alternative to finalizing specific exclusions in the 
definition of ``VBE participant,'' we are considering excluding 
entities under the proposed paragraphs (ee), (ff), (gg), and (hh). 
These paragraphs could each include a condition excluding certain 
specified entities from protection under the safe harbor. Specifically, 
we would consider excluding from each of these safe harbors one or more 
of the following entities: Pharmaceutical manufacturers; manufacturers, 
distributors, or suppliers of DMEPOS; laboratories; pharmacies 
(including compounding pharmacies or only compounding pharmacies); 
device manufacturers; PBMs; pharmaceutical wholesalers; and 
pharmaceutical distributors. If we include safe harbor-specific 
conditions excluding certain specified entities from protection under 
each of (ee), (ff), (gg), and (hh), the entities excluded from each 
safe harbor could differ.
    We also solicit public comment on how best to treat hospitals, 
health systems, and other types of entities that we have not proposed 
to exclude under the definition of ``VBE participant'' when they own or 
operate an entity that we propose to exclude, such as a DMEPOS supplier 
or laboratory. For example, we are considering for the final rule 
whether the exclusion should apply only to independent or free-standing 
DMEPOS suppliers and laboratories and to DMEPOS suppliers and 
laboratories owned or operated in whole or part by another entity 
excluded as a VBE participant. For the final rule, we are considering, 
and solicit comments on, how best to treat health systems and others 
that may be entering into the device or technology development arenas.
6. Value-Based Purpose
    We propose to define a ``value-based purpose'' as: (i) Coordinating 
and managing the care of a target patient population; (ii) improving 
the quality of care for a target patient population; (iii) 
appropriately reducing the costs to, or growth in expenditures of, 
payors without reducing the quality of care for a target patient 
population; or (iv) transitioning from healthcare delivery and payment 
mechanisms based on the volume of items and services provided to 
mechanisms based on the quality of

[[Page 55707]]

care and control of costs of care for a target patient population. With 
respect to purpose (iii), we are considering whether appropriately 
reducing the costs to, or growth in expenditures of, payors should be a 
value-based purpose only when there is improvement in patient quality 
of care or the parties are maintaining an improved level of care.
    We intend for this definition to include infrastructure investment 
and operations necessary to redesign care delivery to better coordinate 
care for patients across settings, including technology, data 
analytics, and training. For example, this could include investing in 
application programming interface (API) technology that facilitates the 
exchange of data between VBE participants regarding the target patient 
population.
    Each of our proposed safe harbors at 1001.952(ee), (ff), and (gg) 
requires that the protected arrangement include value-based activities 
that directly further the first of the four value-based purposes: The 
coordination and management of care for the target patient population. 
We are considering for the final rule, and seek comments on, whether we 
should include other objectives in the definition of ``value-based 
purpose'' to reflect our goal of promoting care coordination and the 
shift toward value-based care and whether any other or different 
objectives should be prerequisites to protection under our proposed 
safe harbors. We also are considering for the final rule, and solicit 
comments on, whether, instead of requiring that some value-based 
activities directly further the coordination and management of care, we 
require only that value-based activities be directly connected to, or 
be reasonably designed to achieve, any of the value-based purposes.
    We propose that the first value-based purpose in the definition is 
the coordination and management of care for a target patient 
population. This purpose may include taking significant steps to 
prepare or position oneself to coordinate and manage the care of 
patients effectively. We propose to define ``coordination and 
management of care'' and ``coordinating and managing care'' 
synonymously to mean, for purposes of the anti-kickback statute safe 
harbors, the deliberate organization of patient care activities and 
sharing of information between two or more VBE participants or VBE 
participants and patients, tailored to improving the health outcomes of 
the target patient population, in order to achieve safer and more 
effective care for the target patient population.'' \20\ For example, 
such coordination might occur between hospitals and post-acute care 
providers, between specialists and primary care physicians, or between 
hospitals or physician practices and patients. Coordinating and 
managing care could include using care managers, providing care or 
medication management, creating a patient-centered medical home, 
helping with transitions of care, sharing and using health data to 
improve outcomes, or sharing accountability for the care of a patient 
across a continuum of care.\21\ Importantly, our proposed definition of 
``coordination and management of care'' relates only to the application 
of the proposed safe harbor regulations. Although other laws and 
regulations, including the physician self-referral law and associated 
regulations, may utilize the same or similar terminology, the 
definition and interpretations proposed here would not affect CMS's (or 
any other governmental agency's) interpretation or ability to interpret 
such term.
---------------------------------------------------------------------------

    \20\ See, e.g., Agency for Healthcare Research and Quality, Care 
Coordination Measures Atlas 6 (2014) (citing K. McDonald et al., 
Closing the Quality Gap: A Critical Analysis of Quality Improvement 
Strategies (2007)), https://www.ahrq.gov/sites/default/files/publications/files/ccm_atlas.pdf.
    \21\ See, e.g., NEJM Catalyst, What is Care Coordination? (Jan. 
1, 2018), https://catalyst.nejm.org/what-is-care-coordination/ 
(providing examples and noting that ``[c]are coordination 
synchronizes the delivery of a patient's health care from multiple 
providers and specialists. The goals of coordinated care are to 
improve health outcomes by ensuring that care from disparate 
providers is not delivered in silos, and to help reduce health care 
costs by eliminating redundant tests and procedures.'').
---------------------------------------------------------------------------

    Through the proposed definition of ``coordination and management of 
care,'' we seek to distinguish between referral arrangements, which 
would not be protected, and legitimate care coordination arrangements, 
which naturally involve referrals across provider settings but include 
beneficial activities beyond the mere referral of a patient or ordering 
of an item or service. We are particularly concerned about 
distinguishing between coordinating and managing patient care 
transitions for the purpose of improving the quality of patient care or 
appropriately reducing costs, on one hand, and churning patients 
through care settings to capitalize on a reimbursement scheme or 
otherwise generate revenue, on the other. For example, the coordination 
and management of care of a target patient population would not include 
cycling patients through skilled nursing facilities (SNFs) and assisted 
living facilities for the purpose of maximizing revenue under any 
applicable Federal health care program reimbursement payment systems.
    We are considering for the final rule, and solicit comments on, 
ways in which we could revise the definition of the ``coordination and 
management of care'' or additional elements we could include in the 
definition to protect against fraudulent and abusive practices that 
parties attempt to characterize as the coordination and management of 
patient care.
    One approach we are considering for the final rule to address these 
concerns would be to preclude some or all protection under the proposed 
safe harbors for arrangements between entities that have common 
ownership. We might do this through refinements to the definition of 
``value-based arrangement'' or by adding restrictions to one or more of 
the proposed safe harbors at paragraphs (ee), (ff), (gg), or (hh). We 
recognize that while this approach might protect against abusive 
cycling of patients for financial gain among entities with common 
ownership, it might also preclude protection for care coordination 
arrangements among entities in integrated health systems that could 
otherwise qualify for proposed safe harbor protection. We solicit 
comments on this potential exclusion, and specifically, how best to (i) 
define ``common ownership''; and (ii) appropriately demarcate 
beneficial versus problematic financial arrangements between commonly 
owned entities. We are interested in feedback on the extent to which 
integrated health systems believe they need new safe harbor protection 
for care coordination arrangements in light of currently available 
protections.
    We would not consider the provision of billing or administrative 
services to be the management of patient care for purposes of this 
proposed rulemaking; we would consider the sharing or use of health 
information technology and data to identify a target patient 
population, coordinate care, or measure outcomes to fit our definition.
    We solicit comments on the unique intersection between 
cybersecurity and the coordination and management of care, and 
specifically, whether remuneration in the form of cybersecurity items 
or services could ever meet definition of the ``coordination and 
management of care'' for a target patient population. For example, we 
solicit feedback on whether we should consider cybersecurity items or 
services to only meet this defined term when such remuneration is 
donated and used in conjunction with health information

[[Page 55708]]

technology that meets this definition of ``coordination and management 
of care.'' As entities engage in care coordination, increased 
connectivity and information exchanges may further the need for 
donating or sharing cybersecurity technology or services to ensure that 
appropriate cybersecurity safeguards are used to address the 
cybersecurity risks arising from connections among the entities engaged 
in care coordination. We recognize the patient safety risks and risk of 
harm attributed to cybersecurity vulnerabilities and threats.\22\ We 
also solicit comments on whether parties should simply seek protection 
for cybersecurity items or services under the proposed cybersecurity 
safe harbor at 1001.952(jj) explained below.
---------------------------------------------------------------------------

    \22\ See, e.g., Health Care Industry Cybersecurity Task Force 
Report, available at https://www.phe.gov/preparedness/planning/cybertf/documents/report2017.pdf.
---------------------------------------------------------------------------

    In addition to undertaking value-based activities that are directly 
connected to the coordination and management of care for the target 
patient population, our proposed definition of ``value-based purpose'' 
recognizes that a VBE could have additional value-based purposes and 
qualify under the value-based framework, namely to: (i) Improve the 
quality of care for a target patient population; (ii) appropriately 
reduce the costs to, or growth in expenditures of, payors without 
reducing the quality of care for a target patient population; and (iii) 
transition from healthcare delivery and payment mechanisms based on the 
volume of items and services provided to mechanisms based on the 
quality of care and control of costs.

C. Care Coordination Arrangements to Improve Quality, Health Outcomes, 
and Efficiency Safe Harbor (42 CFR 1001.952(ee))

    The first proposed safe harbor for value-based arrangements would 
protect certain care coordination arrangements. Numerous commenters to 
the OIG RFI noted that individuals and entities may promote value-based 
care and facilitate care coordination even when assuming no financial 
risk. We agree. This proposed safe harbor would protect in-kind 
remuneration exchanged between qualifying VBE participants with value-
based arrangements that squarely satisfy all of the proposed safe 
harbor's requirements. (Certain monetary remuneration associated with 
care coordination or other value-based activities may be protected 
under other proposed safe harbors, including those at proposed 42 CFR 
1001.952(ff), (gg), (ii), as well as the proposed modifications to the 
personal services and management safe harbor at 1001.952(d) for 
outcomes-based payment arrangements.)
    Under this proposal, each offer of remuneration must be analyzed 
separately for compliance with the safe harbor. For example, in a 
value-based arrangement between a hospital and a SNF, the hospital 
might provide a behavioral health nurse to follow designated inpatients 
with mental health disorders in the event of discharge to the SNF. In 
turn, the SNF might provide certain staff to assist the hospital in 
coordinating designated patients' care through the discharge planning 
process or might provide office space for the behavioral health nurse. 
The hospital's offer of the behavioral health nurse to the SNF must be 
analyzed separately from the SNF's offer of certain staff members or 
office space to the hospital.
    This proposed safe harbor does not require parties to bear or 
assume downside financial risk. We are concerned that the offer or 
provision of remuneration under value-based arrangements could present 
opportunities for the types of fraud and abuse traditionally seen in 
the FFS system, particularly where the parties offering or receiving 
the remuneration have not assumed downside financial risk for the care 
of the target patient population. For this reason and to ensure that 
the safe harbored arrangements operate to achieve their value-based 
purposes, we propose the conditions and safeguards described below.
1. Outcome Measures
    We propose to require that parties to a value-based arrangement 
establish one or more specific evidence-based, valid outcome measures 
against which the recipient of remuneration will be measured, and which 
the parties reasonably anticipate will advance the coordination and 
management of care of the target patient population. We intend for the 
outcome measures to serve as benchmarks for assessing the recipient's 
performance under the value-based arrangement and advancement toward 
achieving the coordination and management of care for the target 
patient population. Accordingly, we expect such outcome measures to 
have a close nexus to the value-based activities undertaken by the 
parties to the value-based arrangement and to the needs of the target 
patient population.
    For purposes of this proposed rule, we would consider ``evidence-
based'' to mean the selected outcome measures must be grounded in 
legitimate, verifiable data or other information, whether the 
information is internal to one or more of the VBE participants or from 
a credible external source, such as a medical journal, social sciences 
journal, scientific study, an established industry quality standards 
organization, or results of a payor- or a CMS-sponsored model or 
quality program. For example, a specific evidence-based, valid outcome 
measure in the context of a hospital's provision of a care coordinator 
to a SNF could be an increase in the target patient population's 
average mobility functional score by a certain percentage over the 
course of a year, contributing to earlier, medically appropriate 
discharges of patients to their homes and fewer readmissions to acute 
care. We do not consider measures related to patient satisfaction or 
convenience (e.g., timeliness of appointments) to be valid outcome 
measures for purposes of this proposed requirement because we are 
concerned that such measures may not reflect actual improvement in the 
quality of patient care, health outcomes, or efficiency in the delivery 
of care. We solicit comments on whether there are categories of 
evidence-based outcomes measures in the areas of patient satisfaction 
or convenience that we should permit in the final rule because they 
reflect quality or efficiency of care.
    Any identified evidence-based, valid outcome measures against which 
the recipient of remuneration will be measured should not simply 
reflect the status quo. Consequently, we are considering for the final 
rule an express requirement that outcome measures be designed to drive 
meaningful improvements in quality, health outcomes, or efficiencies in 
care delivery. We intend to provide flexibility given the range of 
arrangements that may be covered by the proposed safe harbor. For 
example, an outcome measure may drive meaningful improvements if it 
drives improvements that are measurable or that are more than nominal 
in nature. Additionally, we are considering for the final rule, and 
solicit comment on, whether the outcome measures requirement should be 
broader or narrower than the standard we are proposing.
    We also are considering for the final rule, and solicit comments 
on, whether to require parties to rebase the outcome measures (i.e., 
reset the benchmark used to determine whether the outcome measure was 
achieved) where rebasing is feasible. We are considering whether 
parties should rebase measures (or determine whether rebasing is 
feasible)

[[Page 55709]]

periodically or pursuant to a specified timeframe, such as at least 
every 1 year, 3 years, or other time period. We are interested in 
comments addressing whether and, if so, why the appropriate time frame 
for rebasing should depend on the type of outcome measure or nature of 
the arrangement, and what rebasing time periods would be best for 
different types of measures or arrangements. We are interested in 
feedback on whether rebasing should be tied to any relevant 
requirements set by payors. We further solicit comments on whether we 
should specify a particular party that should be responsible for 
implementing the rebasing and which party would be best positioned to 
do so (e.g., the VBE or the offeror of the remuneration). We would 
anticipate any rebasing requirement would align with the rebasing 
proposal set forth in our proposed modifications to the personal 
services and management contracts safe harbor related to outcomes-based 
payments.
    If parties to a value-based arrangement revise the evidence-based, 
valid outcome measure(s) through an amendment during the term of the 
arrangement, the revised outcome measure(s) would need to continue to 
incentivize the recipient of the remuneration to make meaningful 
improvements. Were parties retrospectively to revise their outcome 
measures (e.g., modify the outcome measures and make such modifications 
effective 6 months prior), such revisions would raise questions 
regarding whether the modified measures were designed to obscure a lack 
of meaningful improvement by the recipient of the remuneration. For 
purposes of the final rule, we are considering whether to incorporate 
the CMS Quality Payment Program measures into the requirement to 
establish outcome measures.
    As described below, the parties to the arrangement also must 
include a description of the outcome measure(s) in a signed writing, 
and the VBE, the VBE's accountable body or responsible person, or a VBE 
participant in the value-based arrangement acting on the VBE's behalf 
must monitor and assess the recipient's progress toward achieving the 
outcome measure(s). In addition, as described below, should the VBE's 
accountable body or responsible person determine through monitoring or 
otherwise that the value-based arrangement is (i) unlikely to achieve 
the evidence-based, valid outcome measure(s) or further the 
coordination and management of care for the target patient population 
or (ii) has resulted in material deficiencies in quality of care, the 
parties must terminate the arrangement within 60 days of such a 
determination or lose safe harbor protection thereafter.
    We recognize that it may be difficult for parties giving 
information technology pursuant to a value-based arrangement to 
establish an outcome measure upon which to assess the recipient's 
performance that is ``evidence-based'' as we propose to interpret the 
term. For this reason, we are considering for the final rule imposing a 
requirement that information technology meet a different standard than 
the proposed specific evidence-based, valid outcome measures standard. 
Specifically, we may require an adoption and use standard (i.e., has 
the technology been adopted and used in a meaningful way for the 
intended purposes, such that it advances the coordination and 
management of care for the target patient population), a performance 
standard (i.e., has the technology been used to achieve a certain 
result, such as efficiencies), or a similar standard that serves as a 
benchmark for assessing a recipient's use of remuneration without 
requiring the parties to establish evidence-based outcome measures to 
measure performance. As part of this adoption and use, performance, or 
similar standard, we are considering requiring parties to a value-based 
arrangement for the provision of information technology to set forth, 
in a signed writing, the specific reasons for which the technology is 
being provided, which would be required to directly relate to health 
outcomes, patient care quality improvements, or the appropriate 
reduction in costs to, or growth in expenditures of, payors or 
patients. For example, parties giving information technology, such as 
accessibility to a patient portal or data analytics platform, would be 
required to have health-outcome, quality-related, or efficiency-related 
reasons, such as improving efficiencies by increasing patient access to 
health information.
    In addition, under an adoption and use, performance, or similar 
standard, we may require that the parties set forth specific, 
meaningful measures that relate to the remuneration's intended purpose 
against which the recipient will be measured. For example, under an 
adoption and use standard, parties to a value-based arrangement may set 
a percentage adoption and use measure for a patient portal platform, 
pursuant to which the recipient would be measured by its adoption and 
use of the patient portal for a specified percentage of the target 
patient population.
    Lastly, we are considering for the final rule adding the following 
safeguards for the exchange of information technology: (i) The 
requirements set forth in paragraph (4) of the current electronic 
health records items and services safe harbor (1001.952(y)), 
prohibiting making the receipt of items or services a condition of 
doing business with the offeror); (ii) a requirement limiting the time 
frame during which a recipient can receive information technology to, 
for example, 1, 3, or 5 years, after which time the recipient would be 
required to pay fair market value for the continued use of the 
information technology; and (iii) a remedy for the failure to achieve 
the applicable standard, such as discontinued use of the information 
technology.
2. Commercial Reasonableness
    We propose to require that the value-based arrangement is 
commercially reasonable, considering both the arrangement itself and 
all value-based arrangements within the VBE. By way of example with 
respect to the first prong of the commercial reasonableness 
requirement, if VBE participants enter into a value-based arrangement 
to facilitate the sharing of patient-outcome data, it may be 
commercially reasonable for a hospital VBE participant to donate 
technology to a group practice VBE participant to facilitate this 
process. However, it may not be commercially reasonable for that same 
hospital VBE participant to donate technology substantially more 
sophisticated, or with enhanced functionality, beyond that necessary 
for communicating data on shared patients between the two parties. (We 
note that nothing would prevent the donation of technology with 
enhanced functionality when a value-based arrangement requires that 
capability or when technology without that functionality is not 
practicable.) With respect to the second prong of the commercial 
reasonableness assessment, again by way of example, a single value-
based arrangement in which a hospital VBE participant provides a 
necessary number of care coordinators for the target patient population 
to a SNF VBE participant may be commercially reasonable. However, if a 
VBE includes multiple similar value-based arrangements, each of which 
involves the same hospital VBE participant furnishing care coordinators 
to the same SNF VBE participant for the same or a similar target 
patient population, the commercial reasonableness of the remuneration 
exchanged within the value-based arrangements in the aggregate may be 
suspect if it lacks a legitimate business purpose.

[[Page 55710]]

    We are considering for the final rule whether to define 
``commercially reasonable arrangement'' as an arrangement that would 
make commercial sense if entered into by reasonable entities of a 
similar type and size, even without the potential for referrals. We 
solicit comments on the need for a definition of ``commercially 
reasonable arrangement,'' and if we incorporate a definition, whether 
we should select this particular definition or an alternative 
definition.
3. Writing
    To promote transparency and accountability, we propose a 
requirement that the value-based arrangement be set forth in a writing. 
We propose that the writing be signed by the parties and established in 
advance of, or contemporaneous with, the commencement of the value-
based arrangement or any material change to the value-based 
arrangement. We propose that the writing state, at a minimum: (i) The 
value-based activities to be undertaken by the parties to the value-
based arrangement; (ii) the term of the value-based arrangement; (iii) 
the target patient population; (iv) a description of the remuneration; 
(v) the offeror's cost for the remuneration; (vi) the percentage of the 
offeror's costs contributed by the recipient; (vii) if applicable, the 
frequency with which the recipient will make payments for ongoing 
costs; and (viii) the specific evidence-based, valid outcome measures 
against which the recipient would be measured. In the final rule, we 
would align the writing requirements in (v) and (vi) with the 
requirements for the contribution requirement described below; in other 
words, if we were to change the contribution requirements, we would 
correspondingly change the writing requirement.
    We believe that a writing, setting forth the above terms in advance 
of, or contemporaneous with the commencement of or any material change 
to the value-based arrangement, constitutes a key safeguard to ensure 
that VBE participants are not using the value-based arrangement merely 
to incentivize and reward referrals of business. We are interested in 
comments regarding whether a requirement to have a single writing 
signed by all parties may be burdensome, especially for large-scale 
arrangements, and whether we should instead permit a collection of 
writings provided that every party to the arrangement has signed a 
writing acknowledging consent to the arrangement.
4. Limitations on Remuneration
a. In-Kind Remuneration
    We propose to protect only in-kind, non-monetary remuneration, 
provided all other conditions of the safe harbor are met. (While 
monetary remuneration is not protected by this proposed safe harbor, 
certain outcomes-based payment arrangements may be protected by 
proposed modifications to the personal services and management 
contracts safe harbor, as subsequently addressed.) We further propose 
that this safe harbor would exclude protection for gift cards, 
regardless of whether they may be considered cash equivalents. By way 
of example, we intend for this safe harbor to allow a VBE participant 
to share a care coordinator with another VBE participant if the 
conditions of this safe harbor are met (including the proposed 
contribution requirement). However, this safe harbor would not protect 
cash provided from one VBE participant to another to hire a care 
coordinator. Lastly, we note that by virtue of our exclusion of 
monetary remuneration, the proposed safe harbor would not protect an 
ownership or investment interest in the VBE or any distributions 
related to an ownership or investment interest. In addition to our 
long-standing view that the exchange of monetary remuneration poses 
heightened and different fraud and abuse risks and thus should be 
subject to safeguards such as a fair market value requirement, we do 
not view the offer or receipt of ownership or investment interests as 
integral to the coordination and management of care for a target 
patient population.
b. Primarily Engaged in Value-Based Activities
    We propose to require that the remuneration provided by, or shared 
among, VBE participants be used primarily to engage in value-based 
activities that are directly connected to the coordination and 
management of care of the target patient population. As set forth in 
proposed paragraph 1001.952(ee), we propose to define a ``value-based 
activity'' as ``any of the following activities, provided that the 
activity is reasonably designed to achieve at least one value-based 
purpose of the value-based enterprise: (i) the provision of an item or 
service; (ii) the taking of an action; or (iii) the refraining from 
taking an action.'' In the definition of ``value-based activity'', we 
specify that it does not include the making of a referral. We also 
propose to require that the value-based arrangement be set forth in a 
signed writing stating the value-based activities to be undertaken by 
the parties in the value-based arrangement.
    We recognize that in-kind remuneration exchanged for value-based 
activities may indirectly benefit patients outside of the scope of the 
value-based arrangement, and furthermore, that parties may find it 
difficult to anticipate or project the scope or extent of such 
``spillover'' benefits. This, in and of itself, would not result in the 
loss of safe harbor protection, provided the parties primarily use the 
remuneration for its intended purposes (i.e., the specific value-based 
activities for which the remuneration is being provided, as set forth 
in the parties' signed writing). We are mindful of the need to provide 
parties with sufficient flexibility, while also minimizing the risks of 
potentially abusive arrangements that disguise remuneration unrelated 
to the coordination and management of care for the target patient 
population.
    For purposes of the final rule, as an alternative to the 
requirement that remuneration exchanged between VBE participants be 
used primarily to engage in value-based activities, we are considering 
requiring that the remuneration exchanged be limited to value-based 
activities that only benefit the target patient population. Under this 
approach, arrangements with ``spillover'' benefits would not be 
protected by the safe harbor. We solicit comments on this alternative 
approach.
c. No Furnishing of Medically Unnecessary Items or Services or 
Reduction in Medically Necessary Items or Services
    We propose to require that the remuneration exchanged not induce 
the parties to furnish medically unnecessary items or services or 
reduce or limit medically necessary items or services furnished to any 
patient. Remuneration that induces a provider to order or furnish 
unnecessary care is inherently suspect. In addition, a reduction in 
medically necessary services would be contrary to the goals of this 
rulemaking and, in some instances involving hospitals and physicians, 
could be a violation of the CMP law provision relating to gainsharing 
arrangements at sections 1128A(b)(1) and (2) of the Act (42 U.S.C. 
1320a-7a(b)(1) and (2)).
d. No Remuneration From Individuals or Entities Outside the Applicable 
VBE
    We propose that this safe harbor would not protect any remuneration 
funded by, or otherwise resulting from the contributions of, an 
individual or entity outside of the applicable VBE. This proposal is 
intended to ensure that protected arrangements are closely

[[Page 55711]]

related to the VBE, that VBE participants are committed to the VBE and 
striving to achieve the coordination and management of care of the 
target patient population, and that non-VBE participants cannot 
indirectly use the safe harbor to protect arrangements that are 
designed to influence the referrals or decision making of VBE 
participants. For example, a pharmaceutical manufacturer could not 
circumvent the proposed exclusion of pharmaceutical manufacturers from 
the definition of ``VBE participant'' by providing funds to a third-
party entity and then directing or otherwise controlling any aspect of 
the third-party entity's participation as a VBE or a VBE participant. 
We solicit comments on this approach and whether there may be defined, 
limited circumstances in which non-VBE participants should be able to 
contribute to a value-based arrangement eligible for safe harbor 
protection.
    As a corollary to this requirement, we are considering for the 
final rule whether to require that remuneration be provided directly 
from the offeror to the recipient. This requirement would prohibit the 
involvement of individuals or entities other than the VBE or a VBE 
participant in the exchange of remuneration under a value-based 
arrangement, including, potentially, third-party vendors and 
contractors. We solicit comments on any practical impediments such as 
restriction would create.
5. The Offeror Does Not Take Into Account the Volume or Value of, or 
Condition Remuneration on, Business or Patients Not Covered Under the 
Value-Based Arrangement
    We propose a requirement that prohibits the offeror of the 
remuneration from taking into account the volume or value of, or 
conditioning an offer of remuneration on: (i) Referrals of patients 
that are not part of the value-based arrangement's target patient 
population, or (ii) business not covered under the value-based 
arrangement. This proposal is modeled on a similar safeguard contained 
in the existing safe harbor at paragraph 1001.952(t)(1)(ii)(B), which 
provides that ``neither party gives or receives remuneration in return 
for or to induce the provision or acceptance of business (other than 
business covered by the agreement) for which payment may be made in 
whole or in part by a Federal health care program on a fee-for-service 
or cost basis.'' Our purpose in proposing this requirement is to 
prohibit protection for remuneration offered under the guise of a 
value-based arrangement when that remuneration actually is intended to 
induce referrals of patients or business not covered under the value-
based arrangement (sometimes called ``swapping'' arrangements).
    This requirement would exclude safe harbor protection for any 
remuneration that is explicitly or implicitly offered, paid, solicited, 
or received in return for, or to induce or reward, any referrals or 
other business generated outside of the value-based arrangement. Under 
our proposal, VBE participants could encourage referrals of the target 
patient population as part of value-based activities (e.g., a hospital 
could develop a ``preferred network'' of post-acute care providers that 
meet certain quality criteria). However, VBE participants could not 
offer remuneration in connection with the preferred network to induce 
business or the referral of patients that fall outside the scope of the 
value-based arrangement.
    In lieu of the proposed requirement that prohibits the offeror of 
the remuneration from taking into account the volume or value of, or 
conditioning an offer of remuneration on: (i) Referrals of patients 
that are not part of the value-based arrangement's target patient 
population, or (ii) business not covered under the value-based 
arrangement, we are considering for the final rule, and solicit 
comments on, an alternative requirement that would require that the 
aggregate compensation paid by the offeror is not determined in a 
manner that takes into account the volume or value of referrals or 
business generated between the parties for which payment may be made by 
a Federal health program. While we believe that this condition could 
potentially better protect against bad actors who may seek to use the 
care coordination arrangements safe harbor as an affirmative defense 
for an unlawful referral arrangement or to disguise arrangements that 
result in unnecessary increases in utilization and expenditures, we 
seek comments on whether and to what extent this requirement might 
impede to goal of this rulemaking, namely to remove barriers for 
beneficial care coordination and value-based arrangements. We are 
interested in specific examples of arrangements that would be unable to 
use this safe harbor were we to adopt this requirement.
6. Contribution Requirement
    The goal of this proposed rulemaking is to remove barriers to 
improved care coordination and to promote efficient, value-driven care. 
To this end, it is important that protected remuneration be used to 
facilitate the coordination and management of care for the target 
patient population. We are proposing a recipient contribution 
requirement as a safeguard to help ensure that the use of any 
remuneration exchanged pursuant to this safe harbor would be for the 
coordination and management of the target patient population's care.
    Specifically, the proposed rule would condition safe harbor 
protection on the recipient's payment of at least 15 percent of the 
offeror's cost for the in-kind remuneration. This requirement is 
intended to mirror that set forth in the current electronic health 
records items and services safe harbor, 1001.952(y). We are considering 
for the final rule, and solicit comments on, whether we should require 
a more specific methodology for determining value, such as either the 
fair market value of the remuneration to the recipient or the 
reasonable value of the remuneration to the recipient. If we were to 
require that parties assess the fair market value of the remuneration 
to the recipient in order to determine the required contribution 
amount(s), we would not require parties to obtain an independent fair 
market valuation. We are interested in feedback on whether the method 
for determining the contribution requirement should be different for 
services than for goods.
    We believe that requiring financial participation by a recipient 
should: Increase the likelihood that the recipient actually would use 
the care coordination items and services, ensure that the remuneration 
is well-tailored to the recipient, and promote the recipient's vested 
interest in achieving the intended purpose of the value-based 
arrangement, namely, furthering the coordination and management of care 
of the target patient population.
    In proposing this contribution requirement, we solicit feedback on 
the proposed contribution amount, whether certain recipients, such as 
rural providers, small providers, Tribal providers, providers who serve 
underserved populations, or critical access hospitals should be 
exempted from the contribution requirement or pay a lower contribution 
percentage and if so, why. We are considering for the final rule 
alternative contribution amounts ranging from 5 percent to 35 percent 
and solicit comments on an appropriate amount (or amounts) that would 
invest recipients in using the remuneration they receive to advance the 
coordination and management of care of the target patient population, 
while still allowing flexibility for parties with fewer financial 
resources to engage in value-based arrangements. We are considering 
whether we should require different contribution amounts for

[[Page 55712]]

different types of remuneration (e.g., a higher or lower contribution 
amount for technology and a higher or lower contribution amount for 
care coordinators or other services arrangements).
    We also are considering whether in the final rule we should impose 
different contribution requirements for different recipients. Because a 
contribution requirement may impose a significant financial burden on 
certain recipients, we are considering for the final rule, and solicit 
comments on, whether a lower contribution amount, or no contribution 
amount, would be appropriate for arrangements involving certain 
providers with financial constraints, such as providers in rural or 
underserved areas, providers serving underserved populations, small 
providers, Tribal providers, and critical access hospitals.
    For consideration of this potential contribution requirement 
condition, and whether a lower contribution amount, or no contribution 
amount, is appropriate for arrangements involving such providers, we 
cross-reference the proposals discussed more fully in relation to the 
electronic health records arrangements safe harbor's 15 percent 
contribution requirement. We will review and consider comments received 
about those proposals in relation to our consideration of this 
potential condition. Based on feedback on the contribution requirement 
in our existing electronic health records safe harbor, we are mindful 
of the potential administrative burdens of a contribution requirement 
and seek comments on this issue.
    We also solicit comments on how to apply the contribution 
requirement for ongoing costs and unexpected ``add-ons'' (e.g., updates 
or upgrades to software that trigger additional costs). Under the 
proposed contribution requirement, if the remuneration represents a 
one-time cost, the recipient would be required to make a contribution 
in advance of receiving the remuneration. However, for any ongoing 
costs, the proposed rule would require that the recipient make any 
contributions on reasonable, regular intervals, with the frequency of 
such payments documented in writing. We are considering for the final 
rule, and seek comment on, an alternative requirement for the recipient 
to make a contribution with respect to the initial provision of 
remuneration but not with respect to any update, upgrade, or patch of 
the remuneration already provided. This is similar to an option being 
considering for the electronic health records arrangements safe harbor, 
1001.952(y). We recognize that this alternative option may affect 
contribution requirements only for technology-based remuneration that 
is most likely to need upgrades, updates, and patches to continue 
operating as intended.
7. Requirements of a Value-Based Arrangement
a. Direct Connection to the Coordination and Management of Care
    We propose that the value-based arrangement has a direct connection 
to the coordination and management of care for the target patient 
population. We interpret this requirement to mean that any remuneration 
offered pursuant to a value-based arrangement has a close nexus to the 
coordination and management of care for the target patient population, 
as opposed to the VBE participants' referral patterns and business 
generated. By way of example only, arrangements where VBE participants 
offer, or are required to provide, remuneration to receive referrals or 
to be included in a ``preferred provider network'' (i.e., ``pay-to-
play'' arrangements) would not have a direct connection to the 
coordination and management of care. We are considering for purposes of 
the final rule, and solicit comments on, whether we should use 
alternative language to ``direct connection'' (e.g., ``reasonably 
related and directly tied'') in order to better convey the close nexus 
that this safe harbor requires between each value-based arrangement and 
the coordination and management of care of a target patient population.
b. No Limitation on Decision Making; Restrictions on Directing or 
Restricting Referrals
    We propose that the value-based arrangement must not limit parties' 
ability to make decisions in the best interests of their patients. That 
is, VBEs and VBE participants to a value-based arrangement must 
maintain their independent, medical, or other professional judgment. 
Additionally, we are aware that some payors and others, such as 
employers, direct or restrict where their networks or employees refer 
patients; moreover, we are aware that under some value-based 
arrangements, referrals would be directed within a network or continuum 
of preferred providers (based on quality and other legitimate 
considerations). We propose that, in addition to not limiting parties' 
ability to make referral decisions in the patients' best medical 
interests, value-based arrangements cannot direct or restrict referrals 
if: (i) A patient expresses a preference for a different practitioner, 
provider, or supplier; (ii) the patient's payor determines the 
provider, practitioner, or supplier; or (iii) such direction or 
restriction is contrary to applicable law or regulations under titles 
XVIII and XIX of the Act. This provision is intended, in part, to 
preserve patient freedom of choice among healthcare providers and 
ensure the VBE's and VBE participants' independent medical or 
professional judgment is not unduly restricted. That being said, we do 
not intend for this criterion to bar VBEs or VBE participants from 
communicating the benefits of receiving care from other VBE 
participants in the VBE.
c. No Marketing of Items or Services or Patient Recruitment Activities
    We propose to exclude safe harbor protection for value-based 
arrangements that include marketing items or services to patients or 
patient recruitment activities. Our enforcement experience demonstrates 
that fraud schemes often involve the purchase of beneficiaries' medical 
identity or other inducements to lure beneficiaries to obtain 
unnecessary care. This proposed safe harbor condition would protect 
beneficiaries and make clear that such coercive arrangements are not 
value-based arrangements protected by the proposed safe harbor. 
Accordingly, the proposed safe harbor would offer flexibility to 
improve quality of care, health outcomes, and efficiency while limiting 
the risk of the value-based arrangement being used as a marketing or 
recruiting tool to generate federally payable business for a VBE 
participant. Specifically, this requirement would restrict any party to 
a value-based arrangement, or such party's agent, from marketing, or 
engaging in patient recruitment activities related to, any items or 
services offered or provided to patients in the target patient 
population under a value-based arrangement.
    We do not intend for this limitation to prohibit a VBE participant 
that is a party to a value-based arrangement from educating patients in 
the target patient population regarding permissible value-based 
activities. For example, if a SNF or home health agency placed a staff 
member at a hospital to assist patients in the discharge planning 
process, and in doing so, the staff member educated patients regarding 
care management processes used by the SNF or home health agency, this 
would not constitute marketing of items and services (provided the 
staff member only worked with patients that had already selected the 
SNF or home health agency and SNF or home-health agency care was

[[Page 55713]]

medically appropriate for such patient). However, if the SNF or home 
health agency placed a staff member at a hospital to market its 
services to hospital patients, the arrangement would not comply with 
this proposed requirement. We solicit comments on this approach.
8. Monitoring and Assessment
    We propose a requirement that the VBE, a VBE participant in the 
value-based arrangement acting on the VBE's behalf, or the VBE's 
accountable body or responsible person monitors and assesses, no less 
frequently than annually, or once during the term of the value-based 
arrangement for arrangements with terms of less than 1 year: (i) The 
coordination and management of care for the target population in the 
value-based arrangement, (ii) any deficiencies in the delivery of 
quality care under the value-based arrangement, and (iii) progress 
toward achieving the evidence-based, valid outcome measure(s) in the 
value-based arrangement. We further propose to require that the party 
conducting such monitoring and assessment reports such monitoring and 
assessment to the VBE's accountable body or responsible person (if the 
VBE's accountable body or responsible person is not itself conducting 
the monitoring and assessment). Through this proposal, we seek to 
ensure that the VBE's accountable body or responsible person 
periodically assesses the parties' performance of certain key metrics 
under each value-based arrangement. We note that this proposal does not 
mandate how this monitoring should be performed. We intend for the 
monitoring to be tailored based on the complexity and sophistication of 
the VBE participants, the VBE, and the value-based arrangement and 
available resources. We are considering for the final rule, and solicit 
comments on, whether to require that both the party offering the 
remuneration and its recipient jointly conduct monitoring and 
assessment responsibilities. We further solicit comments on the role 
monitoring of utilization, referral patterns, and expenditure data 
could play in ensuring that the potential for abuses or gaming is 
reduced.
    The proposed rule would further require that if the VBE's 
accountable body or responsible person determines, through reports of 
monitoring and assessment, that the value-based arrangement (i) is 
unlikely to further the coordination and management of care for the 
target patient population, (ii) has resulted in material deficiencies 
in quality of care, or (iii) is unlikely to achieve the evidence-based, 
valid outcome measure(s), the parties terminate the arrangement within 
60 days of such a determination. To the extent the parties do not 
terminate an arrangement within 60 days of such determination, the 
parties would lose safe harbor protection under this proposal. We 
solicit comments on whether to adopt a longer or shorter timeframe for 
termination; our goal is a reasonable but also prompt termination of 
arrangements that are no longer serving the goals for which safe harbor 
protection is offered. In addition, we are considering for the final 
rule and seek comment regarding whether, in lieu of the proposed 
termination requirement for the above subsections (i) through (iii), 
the safe harbor should instead allow for remediation--within a 
reasonable timeframe--before any required termination.
    We are not proposing to define ``material deficiency in quality of 
care.'' We believe that such ``material deficiency'' may vary depending 
on the nature of the VBE and the value-based arrangements of its VBE 
participants. Examples of a ``material deficiency in quality of care'' 
may include, but are not limited to, identified instances of potential 
patient harm or a pattern of diminished quality of care.
    Our proposals with respect to monitoring and assessment stem from a 
recognition that most arrangements protected by this proposed care 
coordination arrangements safe harbor would not be subject to 
governmental programmatic requirements, oversight, or monitoring 
comparable to CMS-sponsored models. Accordingly, to aid in protecting 
against abusive arrangements, to further facilitate the government's 
understanding and awareness of value-based arrangements and their 
impacts on Federal health care program beneficiaries and expenditures, 
and to create incentives for VBEs to exercise due diligence when 
establishing them, we are considering for the final rule requiring VBEs 
to submit certain data to the Department that would identify the VBE, 
VBE participants, and value-based arrangements, as a requirement for 
safe harbor protection. We solicit comments on whether such a 
requirement would present compliance or operational burdens for VBEs 
seeking the protection of this safe harbor.
    Were such a proposal finalized, required data might include the 
National Provider Identifier (NPI) number or other identifying 
information of each VBE participant in the VBE, each party 
participating in the value-based arrangement, as well as information 
regarding the arrangement, such as its duration. This data could be 
used, for example, by the government for data analysis to understand 
whether value-based arrangements are associated with increased or 
decreased utilization or outlier levels of utilization (taking into 
account that in some value-based arrangements one would expect to see 
increased utilization of some types of items and services and decreases 
in others). Should we adopt this approach, information would be 
submitted in a form and manner and at times specified by the Secretary 
in guidance. We solicit comments on the types of data that the parties 
availing themselves of safe harbor protection should be required to 
submit to the Department, potential reporting and compliance burdens 
for small and large value-based enterprises, and any different or 
additional actions that may help ensure appropriate oversight.
9. No Diversion, Resell, or Use for Unlawful Purposes
    We propose that the exchange of remuneration under this safe harbor 
would not be protected if the offeror knows or should know that the 
remuneration is likely to be diverted, resold, or used by the recipient 
for an unlawful purpose. Here, we state expressly what is otherwise 
implicit in the design of a value-based arrangement under this proposed 
safe harbor: The exchange of remuneration that the offeror knows or 
should know is likely to be diverted, resold, or used by the recipient 
for purposes other than the coordination and management of care of a 
target patient population would not be protected.
10. Materials and Records
    To ensure transparency, we propose a requirement that VBE 
participants or the VBE make available to the Secretary, upon request, 
all materials and records sufficient to establish compliance with the 
conditions of this safe harbor. We are not proposing parameters 
regarding the creation or maintenance of documentation to allow VBE 
participants the flexibility to determine what constitutes best 
documentation practices, but welcome comments on whether such 
parameters may be needed. In particular, we seek comment regarding 
whether we should require, in the final rule, a requirement that 
parties maintain materials and records sufficient to establish 
compliance with the conditions of this safe harbor for a set period of 
time (e.g., at least 6 years or 10 years).

[[Page 55714]]

11. Possible Additional Safeguards
a. Bona Fide Determination
    We are considering for the final rule a condition that would 
require that, in advance of, or contemporaneous with, the commencement 
of the applicable value-based arrangement, the VBE's accountable body 
or responsible person make two bona fide determinations with respect to 
the value-based arrangement. First, we are considering a condition 
requiring that the accountable body or responsible person make a bona 
fide determination that the value-based arrangement is directly 
connected to the coordination and management of care for the target 
patient population. Second, we are considering a condition requiring 
that the accountable body or responsible person make a bona fide 
determination that the value-based arrangement is commercially 
reasonable, considering both the arrangement and all value-based 
arrangements within the VBE.
b. Cost-Shifting Prohibition
    We are considering for the final rule, and seek comment on, a 
condition prohibiting VBEs or VBE participants from billing Federal 
health care programs, other payors, or individuals for the 
remuneration; claiming the value of the remuneration as a bad debt for 
payment purposes under a Federal health care program; or otherwise 
shifting costs to a Federal health care program, other payors, or 
individuals.
    This proposal would not exclude arrangements from safe harbor 
protection that involve legitimate shifting of some costs that result 
from achieving care coordination goals or other value-based purposes. 
For example, depending on the arrangement, one might expect to see 
increases in primary care costs or costs for care furnished in home and 
community settings paired with reductions in unnecessary 
hospitalizations, duplicative testing, and emergency room visits; one 
also might see increases in remote monitoring or care management 
services.
c. Fair Market Value Requirement and Restriction on Remuneration Tied 
to the Volume or Value of Referrals
    Commenters to the OIG RFI pointed to fair market value requirements 
and restrictions on remuneration based on the volume or value of 
business in existing safe harbors as barriers to arrangements that 
facilitate coordinated and value-based care, so we have crafted this 
proposed safe harbor without them, relying instead upon other program 
integrity safeguards. However, fair market value requirements and 
restrictions that prohibit paying remuneration based on the volume or 
value of referrals help ensure that protected payments are for 
legitimate purposes and are not kickbacks. We have endeavored to draft 
this safe harbor to distinguish between beneficial care coordination 
arrangements and payment-for-referral schemes that do not serve, and 
may be contrary to, the goals of coordinated care and the shift to 
value. We solicit comments from stakeholders for safeguards that may 
help distinguish payments to reward or induce referrals from 
remuneration provided to promote or support legitimate care 
coordination activities.
    To this end, we are considering as an alternate proposal for the 
final rule's care coordination arrangements safe harbor: (i) Whether we 
should include a fair market value requirement on any remuneration 
exchanged pursuant to a value-based arrangement, and (ii) whether we 
should include a further or alternate requirement prohibiting VBE 
participants from determining the amount or nature of the remuneration 
they offer, or the VBE participants to whom they offer such 
remuneration, in a manner that takes into account the volume or value 
of referrals or other business generated, including both business or 
patients that are part of the value-based arrangement and those that 
are not. To the extent these requirements would impede value-based and 
care coordination arrangements, we are interested in feedback on 
potential, alternative safe harbor conditions that might mitigate such 
effects.
    We are further considering for the final rule whether we could best 
achieve the goals of this rulemaking through a safe harbor design that 
requires value-based arrangements to be fair market value but that does 
not prohibit determining the amount or nature of the remuneration on 
the volume or value of referrals or other business generated. This 
approach would recognize the anti-kickback statute compliance challenge 
that the restriction on the volume or value of referrals or other 
business generated poses for arrangements that inherently reflect the 
volume of patients for whom care is coordinated or the value of 
services offered under a value-based arrangement. In addition, or as an 
alternative, we are considering a restriction that would prohibit 
remuneration based directly on the volume or value of business 
generated between the parties (thus permitting remuneration based 
indirectly on the volume or value of referrals or other business 
generated between the parties).
d. Additional Requirements for Dialysis Providers
    Dialysis providers furnish vital services to patients with critical 
and extensive care needs. Patients with end stage renal disease (ESRD) 
stand to benefit substantially from better coordinated, more efficient 
care as envisioned by this proposed rule. Dialysis providers play a 
central role in coordinating the care of individuals with ESRD. 
However, the dialysis industry has unique attributes--in particular, 
market dominance by a limited number of dialysis providers--that may 
increase fraud and abuse risks attendant to financial relationships 
between dialysis providers and others. We are concerned that present 
levels of market consolidation could impact access to dialysis care, 
quality of care, and associated health outcomes.\23\ In addition, we 
are concerned that, because of the aforementioned market dominance of a 
limited number of providers, the conduct that would be protected by 
this proposed safe harbor could lead to a decrease in competition among 
dialysis providers. We seek comment on whether and how the potential 
protection of financial arrangements between dialysis providers and 
others under this proposed safe harbor could affect the concentration 
of the dialysis market, access to care, quality of care, and associated 
health outcomes. We are considering whether to include in the final 
rule certain conditions specific to dialysis providers to further 
ensure that their care coordination arrangements operate to improve the 
management and care of patients and are not pay-for-referral schemes. 
These conditions could include enhanced monitoring, reporting, or data 
submission requirements or some of the conditions discussed in sections 
a., b., and c. directly above, including fair market value requirements 
and restrictions that prohibit paying remuneration based on the volume 
or value of referrals.
---------------------------------------------------------------------------

    \23\ See Kevin F. Erickson et al., Consolidation in the Dialysis 
Industry, Patient Choice, and Local Market Competition, 28 Clinical 
J. of the American Society of Nephrology 3 (Mar. 7, 2017).
---------------------------------------------------------------------------

12. Example of a Value-Based Arrangement Analyzed Under the Proposed 
Care Coordination Arrangements Safe Harbor
    The following example demonstrates how parties might analyze the 
proposed care coordination arrangements safe harbor's various 
requirements with

[[Page 55715]]

respect to the following fact pattern: To coordinate care between an 
acute care hospital and a SNF for mental health patients, the hospital 
and SNF enter into a care coordination arrangement under which the 
hospital engages in the value-based activity of providing a behavioral 
health nurse for to the SNF to follow designated inpatients with 
certain mental health disorders for a 1-year time period, who comprise 
the target patient population, following discharge from the hospital 
and during admission to and while receiving care at the SNF. In this 
example, both the hospital and the SNF stand to benefit from this 
arrangement because they participate in a value-based payment 
arrangement that offers them shared savings payments for improved 
quality and patient outcomes and reduced emergency room visits. The 
hospital and SNF are the only VBE participants in a VBE that is 
designed to accomplish the value-based purpose of coordinating and 
managing the care of patients with mental health disorders (namely, by 
improving the quality of care they receive during the care transition 
process from acute care to skilled nursing care and during their SNF 
stay).
    This proposed arrangement would implicate the anti-kickback 
statute, because the hospital would be providing the SNF with 
remuneration (the behavioral health nurse services) and the SNF could 
refer Medicare, Medicaid, or other Federal health care program patients 
to the hospital. Safe harbor protection is afforded only to those 
arrangements that precisely meet all of a safe harbor's conditions. 
Consequently, the hospital and SNF might engage in the following 
analysis to determine whether their proposed arrangement satisfies the 
proposed care coordination arrangements safe harbor's requirements.
    First, the hospital and SNF must establish specific evidence-based, 
valid outcome measures against which the SNF will be measured 
throughout the arrangement, and which the parties reasonably anticipate 
will advance the coordination and management of care for the target 
patient population.
    Second, the parties must ensure that devoting one full-time nurse 
to oversee these patients would be commercially reasonable, considering 
both the arrangement itself and all value-based arrangements in the 
VBE.
    Third, the hospital and SNF must execute a signed writing 
documenting the terms of the value-based arrangement prior to, or 
contemporaneous with, its commencement or any material changes to the 
arrangement. The writing must include: (i) The term of the value-based 
arrangement; (ii) the value-based activities to be undertaken; (iii) 
the target patient population; (iv) a description of the remuneration 
(e.g., the assignment of a full-time nurse to the SNF and the cost of 
the nurse's services to the offeror); (v) the offeror's cost of the 
remuneration; (vi) the percentage of the offeror's cost contributed by 
the recipient; (vii) if applicable, the frequency of the recipient's 
contribution payments for ongoing costs; and (viii) set forth the 
specific, evidence-based valid outcome measure(s) against which the SNF 
would be measured.
    Fourth, the remuneration must: (i) Be in-kind; (ii) be used 
primarily to engage in one or more value-based activities that have a 
direct connection to the coordination and management of care for the 
target patient population; and (iii) not induce VBE participants to 
furnish medically unnecessary items or services or reduce or limit 
medically necessary items and services furnished to any patient. In 
addition, the hospital could not provide the nurse to the SNF if any 
part of the cost of the nurse would be funded by, or otherwise result 
from the contributions of, an individual or entity outside of the VBE, 
such as a pharmaceutical or medical device manufacturer.
    Fifth, the hospital's provision of the nurse to the SNF must not 
take into account the volume or value of, or condition the remuneration 
on, referrals of patients who are not part of the target patient 
population and business not covered under the value-based arrangement.
    Sixth, the SNF must pay for at least 15 percent of the hospital's 
cost of the care coordination services provided by the nurse over the 
arrangement's one-year term. Assuming the nurse provides periodic 
services throughout the year, the SNF must pay its required 
contribution amount at reasonable, regular intervals, such as on a 
monthly basis.
    Seventh, the value-based arrangement must be directly connected to 
the coordination and management of care of the target patient 
population. In addition, the value-based arrangement must not place any 
limitation on the VBE participants' ability to make decisions in the 
best interest of their patients. Further, if the value-based 
arrangement restricts or directs referrals, the value-based arrangement 
may not require referrals to a particular provider, practitioner, or 
supplier: (i) If a patient expresses a preference for a different 
practitioner, provider, or supplier; (ii) if the patient's payor 
determines the provider, practitioner, or supplier; or (iii) such 
direction or restriction is contrary to applicable law or regulations 
under titles XVIII and XIX of the Act. For example, the hospital could 
not require physicians on its medical staff to refer patients in the 
target patient population to the SNF if a patient expresses a 
preference for a different facility or if the patient's payor does not 
cover services at the SNF.
    Eighth, the arrangement must not include marketing to patients of 
items or services or engaging in patient recruitment activities.
    Ninth, the VBE (or alternatively, the SNF or hospital acting on the 
VBE's behalf), or the VBE's accountable body or responsible person must 
monitor and assess at least annually (or once during the agreement's 
term if the agreement is for less than a year): (i) The coordination 
and management of care of the target patient population; (ii) any 
deficiencies in the delivery of quality care under the value-based 
arrangement; and (iii) progress toward achieving the evidence-based, 
valid outcome measure(s) in the value-based arrangement. If, through 
monitoring and assessment, the VBE's accountable body or responsible 
person determines that the value-based arrangement is: (i) Is unlikely 
to further the coordination and management of care for the target 
patient population, (ii) has resulted in material deficiencies in 
quality of care, or (iii) is unlikely to achieve the evidence-based, 
valid outcome measure(s), the parties terminate the arrangement within 
60 days of such a determination.
    Tenth, the hospital does not, and should not, know that the 
behavioral nurse's services are likely to be ``diverted'' by the SNF 
(e.g., used by the SNF to perform tasks unrelated to the care 
coordination and management of the target patient population) or used 
for an unlawful purpose (e.g., the provision of medically unnecessary 
services).
    Finally, the VBE participants must provide documentation, such as 
the signed writing, to the Secretary, upon request, showing that the 
parties complied with the safe harbor provisions.
13. Alternative Regulatory Structure
    This proposed rule provides protections for certain care 
coordination and value-based arrangements through a combination of 
proposed revisions to the personal services and management contracts 
safe harbor at 1001.952(d), the proposed care coordination arrangements 
safe harbor at 1001.952(ee), the proposed substantial downside 
financial risk safe harbor at

[[Page 55716]]

1001.952(ff), and the full downside financial risk safe harbor at 
1001.952(gg). As an alternative to this suite of protections, we are 
considering for the final rule a different regulatory structure and 
approach to protect care coordination and other value-based 
arrangements that are not at full financial risk (as defined at 
proposed 1001.952(gg)) and are not part of a CMS-sponsored model (as 
defined at proposed 1001.952(ii)). For this alternate approach, we 
would rely solely on the personal services and management contracts 
safe harbor at paragraph 1001.952(d) as a platform to create tiered 
protection for value-based arrangements, each step of which would 
remove additional conditions of paragraph 1001.952(d) to allow greater 
flexibility for innovation as the arrangements become more closely 
aligned with value-based purposes (as defined in proposed paragraph 
1001.952(ee)) and the parties take on more downside financial risk.
    First, as proposed and described in our proposed modifications to 
the personal services and management contracts safe harbor, we would 
remove the requirement that aggregate compensation under service 
arrangements be set forth in advance, substituting a requirement that 
the methodology for determining the compensation be set in advance. 
This would offer broader protection for certain outcomes-based payment 
arrangements that are fair market value and do not take into account 
the volume or value of referrals or other business. Protected 
arrangements would not be required to meet the proposed definition of 
``value-based arrangement.''
    Second, for value-based arrangements that meet applicable 
requirements of the VBE framework previously outlined (e.g., the 
parties to the arrangement are VBE participants in a VBE), we would 
provide additional flexibility under the personal services and 
management contracts safe harbor by removing the requirements that the 
aggregate compensation: (i) Be set in advance (but requiring that the 
compensation methodology be set in advance); and (ii) not be determined 
in a manner that takes into account the volume or value of referrals. 
We may also incorporate safeguards from our proposed care coordination 
arrangements safe harbor (e.g., the monitoring requirement). To ensure 
that protected arrangements meet their value-based purposes, we might 
incorporate additional accountability and transparency requirements, 
such as those proposed for new safe harbor 1001.952(ee). We envision 
this framework would be similar to our current proposal to add new 
protections for outcomes-based payments at proposed new paragraph 
1001.952(d)(2).
    Third, for parties that meet the requirements of the value-based 
framework and also assume substantial downside financial risk (as 
defined in proposed 1001.952(ff)), we would provide increased 
flexibility under the personal services and management contracts safe 
harbor for their arrangements by removing the requirements that the 
aggregate compensation: (i) Be set in advance (but requiring that the 
compensation methodology be set in advance); (ii) not be determined in 
a manner that takes into account the volume or value of any referrals; 
and (iii) be consistent with fair market value in arm's-length 
transactions. This additional flexibility would be afforded in 
recognition of the parties' assumption of downside financial risk.
    With respect to the volume or value requirement, we are considering 
for the final rule several alternative ways we might remove it in the 
second and third steps of this approach. We might remove it entirely or 
remove it in part by retaining a requirement that the compensation not 
relate directly to the volume or value of referrals or other business 
generated between the parties (allowing for indirect correlations). 
With respect to a fair market value requirement, we might remove it 
entirely; remove it only for monetary remuneration or only for in-kind 
remuneration; or remove it where the non-fair market value arrangement 
primarily benefits the offeror of the remuneration, with such benefit 
independent of any increase in the volume or value of referrals (e.g., 
a hospital offering care managers to a post-acute care facility to 
better coordinate care and prevent avoidable readmissions for which the 
hospital might be penalized). We might also permit a broader set of 
free or below fair market value arrangements for providers coordinating 
care in rural or underserved areas or providers serving underserved 
populations.
    We are cognizant that this alternative approach may present 
operational challenges for parties, particularly with respect to 
determining fair market value for value-based arrangements. Moreover, 
we solicit comments on this approach as a whole and, in particular, on 
the following: (i) How to include in any safe harbor finalized 
consistent with this approach protection for the exchange of 
information technology and infrastructure that might not be part of a 
personal services or management contract, with a scope of protection 
equivalent to the protection collectively proposed under paragraphs 
1001.952(ee) and (ff); and (ii) how parties would determine that a 
payment for quality outcomes is consistent with fair market value. As 
with the second tier described above, to ensure that protected 
arrangements meet their value-based purposes, we might incorporate 
additional accountability and transparency requirements, such as those 
proposed for new safe harbor 1001.952(ee).
    We are also interested in comments regarding any special problems a 
fair market value requirement would pose for providers in rural or 
underserved areas, providers serving underserved populations, or 
others. With respect to other proposed safe harbors where we have 
indicated that we are considering including in the final rule a 
restriction related to the volume or value of referrals and other 
business generated or a requirement for fair market value, we will 
consider comments to this alternative regulatory structure addressing 
how these criteria would operate in connection with value-based 
arrangements.

D. Value-Based Arrangements With Substantial Downside Financial Risk 
(1001.952(ff))

    We are proposing a new safe harbor for certain value-based 
arrangements involving VBEs that assume substantial downside financial 
risk (as defined in the proposed regulation) from a payor. We propose 
to incorporate the definitions of ``coordination and management of 
care,'' ``target patient population,'' ``value-based activity,'' 
``value-based arrangement,'' ``value-based enterprise,'' ``value-based 
purpose,'' and ``VBE participant'' found in proposed paragraph 
1001.952(ee).
    This safe harbor, which would protect both monetary and in-kind 
remuneration, would offer greater flexibility than the safe harbor for 
care coordination arrangements in recognition of the VBE's assumption 
of substantial downside financial risk. It could apply, for example, to 
an arrangement between an accountable care organization that is a VBE 
and a network provider to share savings and losses earned or owed by 
the accountable care organization, or between a VBE that has contracted 
with a payor for an episodic payment and a hospital and post-acute care 
provider that would be coordinating care for patients under the 
episodic payment. However, as proposed, this safe harbor would apply 
only to the exchange of remuneration between VBEs that have assumed 
substantial downside financial

[[Page 55717]]

risk and VBE participants that meaningfully share in the VBE's downside 
financial risk (as further described below).
    In other words, where a VBE participant agrees to spread the VBE's 
financial risk and coordinate care, additional safe harbor flexibility 
would be available. For the same reasons articulated in our discussion 
of the care coordination arrangements safe harbor, we propose that this 
safe harbor would not protect an ownership or investment interest in 
the VBE or any distributions related to an ownership or investment 
interest. We solicit comments on this approach and, in particular, 
whether this proposal presents any operational challenges with respect 
to the creation of a VBE as a separate legal entity. We are considering 
for the final rule whether this safe harbor should protect ownership or 
investment interests with respect to VBEs that must contract with a 
payor on behalf of VBE participants for purposes of value-based 
arrangements with substantial downside financial risk.
    Additionally, for the same reasons articulated in our discussion of 
the care coordination arrangements safe harbor, we propose that this 
safe harbor would not protect any remuneration funded by, or otherwise 
resulting from contributions by, an individual or entity outside of the 
applicable VBE.
    We are considering for the final rule whether, and if so, how, to 
extend this safe harbor to remuneration that passes from one VBE 
participant to another (without the risk-bearing VBE being party to the 
arrangement) when the VBE has assumed substantial downside financial 
risk from a payor. We are concerned that under many such downstream 
arrangements, the VBE participant receiving the remuneration may have 
assumed little or no financial risk and may be billing for his or her 
services on an FFS basis, thus retaining FFS incentives with respect to 
ordering or arranging for items and services for patients. We note the 
proposed care coordination arrangements safe harbor, with its 
additional safeguards, may be available for such arrangements, where 
they involve only in-kind remuneration, and the personal services and 
management safe harbor's proposed modifications for outcomes-based 
payments may be available for monetary remuneration.
    This proposed safe harbor would protect remuneration exchanged 
between a VBE and a VBE participant pursuant to a value-based 
arrangement if several standards are met. First, the VBE must have 
assumed, or be contractually obligated to assume, substantial downside 
financial risk from a payor for providing or arranging for the 
provision of items and services for a target patient population. The 
VBE can assume this risk directly if the VBE is an entity or through a 
VBE participant acting as an agent of, and accountable to, the VBE. (We 
note, to the extent a VBE participant wholly assumes risk on behalf of 
the VBE, it may act in both its capacity as a VBE participant and an 
agent of the VBE.)
    To balance the need to protect start-up arrangements while also 
limiting potential program integrity risks, this safe harbor would 
protect arrangements between the VBE and the VBE participant during the 
6 months prior to the date by which the VBE must assume substantial 
downside financial risk (as defined below). We solicit comments on 
whether 6 months is a sufficient timeframe, and if not, what longer or 
shorter timeframe would be appropriate.
    For purposes of this safe harbor, we are proposing specific 
methodologies that would qualify as substantial downside financial 
risk. Under any of our proposed methodologies, the VBE would assume 
risk from a payor for the provision of items and services to a target 
patient population for the entire term of the value-based arrangement. 
Our intent is for such risk to be of a degree likely to ensure that the 
value-based arrangements of the VBE are designed to appropriately 
reduce (or slow the growth of) costs, improve efficiencies, or improve 
health outcomes for the target patient population (and are not likely 
to increase over- or under-utilization or costs to payors or patients). 
We propose that a VBE would be at substantial downside financial risk 
if it is subject to risk pursuant to one of the following methods, 
drawn from the Department's experience: \24\
---------------------------------------------------------------------------

    \24\ For clarity, we note that we would not consider a 
prospective payment system for acute inpatient hospitals, home 
health agencies, hospice, outpatient hospitals, inpatient 
psychiatric facilities, inpatient rehabilitation facilities, long-
term-care hospitals, and SNFs, or other like payment methodologies 
to meet any of the prongs of our proposed definition of 
``substantial downside financial risk.''
---------------------------------------------------------------------------

    (i) Shared savings with a repayment obligation to the payor of at 
least 40 percent of any shared losses, where loss is determined based 
upon a comparison of costs to historical expenditures, or to the extent 
such data is unavailable, evidence-based, comparable expenditures;
    (ii) A repayment obligation to the payor under an episodic or 
bundled payment arrangement of at least 20 percent of any total loss, 
where loss is determined based upon a comparison of costs to historical 
expenditures, or to the extent such data is unavailable, evidence-
based, comparable expenditures;
    (iii) A prospectively paid population-based payment for a defined 
subset of the total cost of care of a target patient population, where 
such payment is determined based upon a review of historical 
expenditures, or to the extent such data is unavailable, evidence-
based, comparable expenditures; or
    (iv) A partial capitated payment from the payor for a set of items 
and services for the target patient population where such capitated 
payment reflects a discount equal to at least 60 percent of the total 
expected FFS payments based on historical expenditures, or to the 
extent such data is unavailable, evidence-based, comparable 
expenditures of the VBE participants to the value-based 
arrangements.\25\
---------------------------------------------------------------------------

    \25\ To afford VBE participants flexibility, we are not 
prescribing how parties may determine the basis for shared savings, 
shared losses, population-based payments, or partial capitation 
payments. However, we expect any such approach will reflect a 
legitimate compensation methodology, not one that simply manipulates 
numbers to artificially inflate savings or decrease losses, as may 
be applicable.
---------------------------------------------------------------------------

    We are soliciting comments on this proposed definition of 
``substantial downside financial risk,'' including whether: (i) These 
benchmarks should be higher or lower to ensure appropriate incentives; 
(ii) there are other methodologies not captured by this list that 
should qualify as substantial downside financial risk, such as those 
listed under 42 CFR 1001.952(u)(1)(i)(C); and (iii) some or all of 
these benchmarks should be omitted from this rule or modified to better 
capture true assumption of substantial downside financial risk for 
items and services furnished to patients. With respect to (i) through 
(iii), we are considering and solicit comments on whether the 
requirement to compare losses to, or determine payments based on, 
historical expenditures or evidence-based, comparable expenditures and 
whether additional means to establish a baseline against which to 
measure losses or payments is feasible for new or small VBEs or whether 
new or small VBEs should be allowed additional means to establish a 
baseline, such as allowing new or small VBEs to establish such 
baselines after a reasonable period of operation, such as 1 year. We 
also solicit comments on whether the assumption of substantial downside 
financial risk by the VBE as contemplated here, in combination with the 
safeguards proposed for this safe harbor, results in meaningful 
protections that will ensure that the

[[Page 55718]]

benefits of the arrangements that would be protected by this safe 
harbor outweigh any risk of misuse of the safe harbor to protect 
fraudulent or abusive arrangements.
    Lastly, we are considering for the final rule, and seek comment 
regarding, whether we should include advanced APMs and other payor 
advanced APMs, as both terms are defined at 42 CFR 414.1305, in the 
definition of ``substantial downside financial risk.'' Specifically, we 
seek comment on the following: (i) If advanced APM participants would 
likely rely on this safe harbor versus the CMS-sponsored model 
arrangements safe harbor; and if so, what barriers, if any, our 
proposed definition of ``substantial financial risk'' and 
``meaningfully share'' (as outlined in further detail below) may pose; 
and (ii) whether our current definition of ``substantial financial 
risk'' is too narrow, such that we have excluded advanced APMs or other 
payor advanced APMs that encourage participants to meaningfully assume 
downside financial risk.
    This safe harbor proposes to protect remuneration from a VBE to a 
VBE participant pursuant to a value-based arrangement. As a condition 
of this safe harbor, the terms of the value-based arrangement require 
the VBE participant to meaningfully share in the VBE's substantial 
downside financial risk for providing or arranging for items and 
services for the target patient population. This condition is intended 
to ensure that VBE participants ordering or arranging for items and 
services for patients (in other words, those making care decisions) 
closely share the VBE's goals and share in accountability if those 
goals are not achieved.
    For purposes of this condition, we propose that a VBE participant 
``meaningfully shares'' in the VBE's substantial downside financial 
risk if the value-based arrangement contains one of the following: (i) 
A risk-sharing payment pursuant to which the VBE participant is at risk 
for 8 percent of the amount for which the VBE is at risk under its 
agreement with the applicable payor (e.g., an 8-percent withhold, 
recoupment payment, or shared losses payment); (ii) a partial or full 
capitated payment or similar payment methodology (excluding the 
prospective payment systems for acute inpatient hospitals, home health 
agencies, hospice, outpatient hospitals, inpatient psychiatric 
facilities, inpatient rehabilitation facilities, long-term care 
hospitals, and SNFs or other like payment methodologies); or (iii) in 
the case of a VBE participant that is a physician, a payment that meets 
the requirements of the physician self-referral law's regulatory 
exception for value-based arrangements with meaningful downside 
financial risk at section 411.357(aa)(2).
    Under (i), the proposed percentage of the VBE's substantial 
downside financial risk in which the VBE participant must share is 
based on the 8-percent nominal risk standard under the CMS regulation 
governing advanced APM and other payor advanced APM criteria at 42 CFR 
414.1415 and 414.1420, respectively. We solicit comments on additional 
or alternative, specific thresholds we could include in the final rule 
to help ensure that the VBE participant is meaningfully engaged with 
the VBE in delivering value through its ordering and referring 
decisions, as well as data to support suggestions.
    To protect against risks of stinting on care, we further propose 
that the remuneration must not induce limitations on, or reductions of, 
medically necessary items or services furnished to any patient. We are 
considering for the final rule additional conditions to safeguard 
against risks of cherry picking or lemon dropping of patients, which 
could affect the quality of care patients receive. In addition, we are 
considering and solicit comments on whether to include a length-of-time 
requirement (e.g., 1 year) for the VBE to be at substantial downside 
financial risk to avoid gaming (as highlighted in our subsequent 
discussion of this issue in the full financial risk safe harbor).
    We are proposing to include the following conditions similar to 
certain conditions we are proposing for the care coordination 
arrangements safe harbor and would interpret these conditions, where 
applicable, as described previously in the discussion of the care 
coordination arrangements safe harbor:
    (i) The value-based arrangement must be set forth in a writing that 
contains, among other information, a description of the nature and 
extent of the VBE's substantial downside financial risk for the target 
patient population and a description of the manner in which the 
recipient meaningfully shares in the VBE's substantial downside 
financial risk;
    (ii) the VBE or VBE participant offering the remuneration does not 
take into account the volume or value of, or condition the remuneration 
on, referrals of patients outside of the target patient population or 
business not covered under the value-based arrangement;
    (iii) the value-based arrangement does not: (1) Place any 
limitation on VBE participants' ability to make decisions in the best 
interest of their patients, or (2) direct or restrict referrals to a 
particular provider, practitioner, or supplier if:
    (A) A patient expresses a preference for a different practitioner, 
provider, or supplier;
    (B) the patient's payor determines the provider, practitioner, or 
supplier; or
    (C) such direction or restriction is contrary to applicable law or 
regulations under titles XVIII and XIX of the Act;
    (iv) the value-based arrangement does not include marketing to 
patients of items or services or engaging in patient recruitment 
activities; and
    (v) the VBE or its VBE participants maintain documentation 
sufficient to demonstrate compliance with the safe harbor's conditions 
and make such records available to the Secretary upon request.
    Note that we are considering, and seek comment regarding whether we 
should include in the final rule, a condition regarding the maintenance 
of materials and records sufficient to establish compliance with the 
conditions of this safe harbor for a set period of time (e.g., at least 
6 years or 10 years).
    In addition to the foregoing standard, under this proposed safe 
harbor, the remuneration must be used primarily to engage in value-
based activities that are directly connected to the items and services 
for which the VBE is at substantial downside financial risk. For 
example, a VBE is at substantial downside financial risk through an 
agreement with a payor to assume a percentage of shared losses for 
items and services provided in connection with hip replacements to the 
target patient population. Remuneration provided by the VBE to a VBE 
participant would be protected under this proposed safe harbor only if 
the VBE participant primarily uses the remuneration to engage in value-
based activities that have a direct connection to the items and 
services provided to patients in the target patient population 
undergoing hip replacement surgery (i.e., the items and services for 
which the VBE is at substantial downside financial risk). Thus, while 
the VBE could give the VBE participant money that it uses to hire a 
staff member who primarily coordinates patients' transitions between 
care settings after undergoing hip replacement surgery, the VBE could 
not give the VBE participant money that it uses to hire a staff member 
who coordinates transitions between care settings for patient 
undergoing an array of surgical procedures. In addition, we propose 
that the remuneration exchanged must be directly connected to one or 
more of the

[[Page 55719]]

VBE's value-based purposes, at least one of which must be the 
coordination and management of care for the target patient population.
    We believe these safeguards are necessary to ensure transparency 
and accountability, as well as to reduce the potential for protected 
arrangements to be used to pay for referrals unrelated to coordinating 
care and improving health outcomes and value for programs and patients. 
For example, as with other safe harbors proposed in this rulemaking, we 
do not intend to protect arrangements nominally characterized as a care 
coordination or value-based arrangement but that in reality are schemes 
intended merely to buy or sell referrals. To further protect against 
such arrangements, we are considering including in the final rule a 
commercial reasonableness requirement and a monitoring standard, each 
of which would be similar to those included in our proposed care 
coordination arrangements safe harbor at 1001.952(ee). In addition, to 
heighten transparency of any value-based arrangements and to ensure 
that the value-based arrangement is known by and closely related to the 
VBE itself, we are considering for the final rule whether to require 
that, in advance of, or contemporaneous with, the commencement of the 
applicable value-based arrangement, the VBE's accountable body or 
responsible person make a bona fide determination that the value-based 
arrangement is directly connected to a value-based purpose, at least 
one of which must be the coordination and management of care for the 
target patient population.
    As discussed previously, we remain aware that the arrangements 
protected by the proposed substantial downside financial risk safe 
harbor would not be subject to programmatic requirements, oversight, or 
monitoring comparable to CMS-sponsored models. Accordingly, we are 
considering for the final rule including a requirement to submit 
information to the Department about the VBE, VBE participants, and the 
value-based arrangement similar to the requirement we are considering 
for the care coordination safe harbor at 1001.952(ee). As discussed in 
the care coordination arrangements safe harbor section, we also are 
considering for the final rule a condition prohibiting VBEs or VBE 
participants from billing Federal health care programs, other payors, 
or individuals for remuneration exchanged pursuant to the safe harbor; 
claiming the value of the remuneration as a bad debt for payment 
purposes under a Federal health care program; or otherwise shifting 
costs to a Federal health care program, other payors, or individuals.
    Through the substantial downside financial risk safe harbor, we 
seek to provide more flexibility for entities that assume a substantial 
amount of financial risk such that the risk incentivizes a shift from 
volume-based decision making to value-based decision making. By 
allowing parties this enhanced flexibility in exchange for assuming 
risk with respect to only a subset of items and services furnished to a 
target patient population, we are mindful of the potential for parties 
to assume financial risk for such a narrow subset of items and services 
that the offeror's risk does not equate to substantial downside 
financial risk. We solicit comments on safeguards against this risk and 
the overall approach we have taken with respect to the substantial 
downside financial risk safe harbor.

E. Value-Based Arrangements With Full Financial Risk (1001.952(gg))

    We propose to protect certain arrangements (including in-kind and 
monetary remuneration) involving VBEs that have assumed ``full 
financial risk,'' as that term is defined in the proposed regulation, 
for a target patient population. Because we recognize that VBEs that 
have assumed full financial risk present fewer traditional FFS fraud 
and abuse risks, this proposed safe harbor would include more flexible 
conditions than the proposed care coordination arrangements and 
substantial downside financial risk safe harbors, which we believe 
would reduce burden for the VBE and its VBE participants. We intend for 
the safe harbor to offer this category of VBEs the greatest ability to 
innovate with respect to coordinated care arrangements in light of 
their assumption of the highest level of risk contemplated in this 
proposed rulemaking. We propose to incorporate the definitions of 
``coordination and management of care,'' ``target patient population,'' 
``value-based activity,'' ``value-based arrangement,'' ``value-based 
enterprise,'' ``value-based purpose,'' and ``VBE participant'' found in 
proposed paragraph 1001.952(ee). For the same reasons discussed 
previously with respect to the care coordination arrangements safe 
harbor, we propose that this safe harbor would not protect an ownership 
or investment interest in the VBE or any distributions related to an 
ownership or investment interest. We solicit comments on this approach 
and, in particular, whether this proposal presents any operational 
challenges with respect to the creation of a VBE as a separate legal 
entity. We are considering for the final rule whether we should protect 
ownership or investment interests with respect to VBEs that must 
contract with a payor on behalf of VBE participants for purposes of 
value-based arrangements with full financial risk.
    We also propose, for the same reasons discussed previously with 
respect to the care coordination arrangements safe harbor, that this 
safe harbor would not protect any remuneration funded by, or otherwise 
resulting from contributions by, an individual or entity outside of the 
applicable VBE.
    We propose that a VBE would be at ``full financial risk'' for the 
cost of care of a target patient population if the VBE is financially 
responsible for the cost of all items and services covered by the 
applicable payor for each patient in the target patient population and 
is prospectively paid by the applicable payor. By ``prospective,'' we 
mean the anticipated cost of all items and services covered by the 
applicable payor for the target patient population, has been determined 
and paid in advance (as opposed to billing under the otherwise 
applicable payment systems and undergoing a retrospective 
reconciliation after items and services have been furnished).
    By way of example, a VBE would be at ``full financial risk'' if it 
received a prospective, capitated payment for all items and services 
covered by Medicare Parts A and B for a target patient population. 
Similarly, we would consider a VBE that contracts with a Medicaid 
managed care organization and receives a fixed per-patient per-month 
amount to be at full financial risk if the fixed amount covered the 
cost of all Medicaid-covered items and services furnished to the target 
patient population.
    In contrast, our proposal would not protect an entity that receives 
a partial capitated payment, be it either: (i) A capitated payment that 
covers a limited set of items or services or (ii) a payment arrangement 
where an entity receives a combination of reduced FFS and capitation 
payments for a defined set of items or services. For example, a 
hospital that participates in a bundled payment program for patients 
who receive knee replacements, and that receives an episodic payment to 
cover all costs associated with the knee replacement surgeries and 
follow-up care for 90 days, would not be eligible for protection under 
this safe harbor. The hospital is at full financial risk for the knee 
surgeries and related services but not for the patients' total cost of 
care. We note that other proposals in

[[Page 55720]]

this rulemaking may be available for such arrangements.
    We note that our proposed definition of ``full financial risk'' 
would not prohibit a VBE from entering into arrangements--like global 
risk adjustments, risk corridors, reinsurance, or stop loss 
agreements--to protect against catastrophic losses. We emphasize that 
it is our intent for such arrangements to be limited to catastrophic 
losses; a VBE may not use risk corridors or other like arrangements as 
a mechanism to shift an amount of financial risk that does not meet the 
spirit of this safe harbor. Similarly, we note that our proposed 
definition of ``full financial risk'' would not prohibit a VBE from 
conducting a ``back-end'' reconciliation, with resulting payment 
adjustments due to quality or financial performance metrics, provided 
again, that the reconciliation is not used as a mechanism to shift 
material financial risk back to the contracting payor.
    We also are considering other ways to define ``full financial 
risk'' in the final rule. For example, we are considering for purposes 
of the final rule including an actuarial equivalence standard similar 
to that used in the Medicare Part D context, and we request comments on 
the use of this potential standard. In addition, we seek comments about 
other situations that stakeholders believe should qualify as a VBE 
assuming ``full financial risk.'' We request that commenters provide 
specific examples of arrangements that they believe constitute ``full 
financial risk'' but that would not be covered by the definition 
proposed above.
    We propose to require that the VBE assume full financial risk 
either directly, or through a VBE participant with the legal authority 
to obligate the VBE. We note, to the extent a VBE participant wholly 
assumes risk on behalf of the VBE, it may act in both its capacity as a 
VBE participant and an agent of the VBE.
    In addition, we propose that this safe harbor would cover both 
value-based arrangements between a VBE and a VBE participant where the 
VBE has assumed full financial risk as of the date the VBE and VBE 
participant enter into the value-based arrangement, as well as value-
based arrangements between a VBE and a VBE participant where the VBE is 
contractually obligated to assume such risk but has not yet done so. We 
are mindful that a VBE that is contractually obligated to take on full 
financial risk may need lead time to develop and implement arrangements 
in anticipation of taking on full financial risk. However, we also are 
concerned about providing safe harbor protection for arrangements 
involving parties that have not yet assumed the risk that operates as a 
prerequisite and key safeguard for this safe harbor. To balance the 
need to protect start-up arrangements with our program integrity 
concerns, the safe harbor would protect arrangements between the VBE 
and the VBE participant only during the 6 months prior to the date by 
which the VBE must assume full financial risk. We solicit comments on 
whether 6 months is a sufficient timeframe, and if not, what an 
appropriate timeframe might be. We could include a longer or shorter 
timeframe in the final rule.
    We propose writing requirements in this safe harbor that are 
designed to promote transparency and accountability. First, we propose 
that the VBE have a signed writing with a payor that specifies the 
target patient population and contains terms sufficient to demonstrate 
that the VBE is at full financial risk for the target patient 
population for at least 1 year. Our intent in proposing a length-of-
time requirement is to minimize gaming opportunities that could arise 
if the VBE assumes full financial risk for a short time period in order 
to take advantage of the proposed safe harbor's flexibility but without 
meaningfully committing to the transition to full financial risk. 
Second, we propose that the parties set forth the material terms of the 
value-based arrangement in a signed writing, including the value-based 
activities to be undertaken by the parties, and that the arrangement 
must be for a period of at least 1 year.
    We propose that the term of the value-based arrangement must be for 
a period of at least 1 year to ensure that the VBE participant is 
committed to coordinating care for the target patient population of the 
VBE that has taken on full financial risk.
    We propose that the VBE participant cannot claim additional or 
separate payment in any form directly or indirectly from a payor for 
items or services covered under the value-based arrangement. For 
purposes of this safe harbor, we propose that the phrase ``items or 
services'' would have the meaning set forth in paragraph 
1001.952(t)(2)(iv), which defines ``items and services'' as: ``Health 
care items, devices, supplies or services or those services reasonably 
related to the provision of health care items, devices, supplies or 
services including, but not limited to, non-emergency transportation, 
patient education, attendant services, social services (e.g., case 
management), utilization review and quality assurance. Marketing and 
other pre-enrollment activities are not `items or services' for 
purposes of this section.''
    If the VBE participant is permitted to seek additional payment for 
items or services furnished to the target patient population from a 
payor, the safe harbor would not protect the value-based arrangement. 
For example, protection under the safe harbor would not extend to 
payment made by a VBE to a VBE participant for telehealth services 
furnished to the target patient population if the VBE participant could 
also claim separate payment for such services from a payor. Value-based 
arrangements that permit VBE participants to claim separate payment 
from a payor are not ``full risk.'' Such arrangements potentially 
involve mixed financial incentives for providers, and parties would 
need to seek protection for such arrangements under one of the other 
proposed safe harbors. This requirement would permit VBE participants 
to bill a payor but not claim payment (e.g., through a ``no-pay 
claim'') if required by a payor, including Medicare.
    We also propose requirements related to the remuneration. First, we 
propose that remuneration exchanged must: (i) Be used primarily to 
engage in the value-based activities set forth in the parties' signed 
writing; (ii) is directly connected to one or more of the VBE's value-
based purpose(s), at least one of which must be the coordination and 
management of care for the target patient population; and (iii) not 
induce the VBE or VBE participants to reduce or limit medically 
necessary items or services furnished to any patient. We propose to 
interpret these conditions consistent with the similar conditions in 
the proposed care coordination arrangements safe harbor at 
1001.952(ee).
    Second, we propose to require that the VBE and VBE participant must 
not take into account the volume or value of, or condition the 
remuneration exchanged on: (i) Referrals of patients who are not part 
of the target patient population or (ii) business not covered under the 
value-based arrangement. This requirement would preclude protection 
under the safe harbor for remuneration that is part of a broader 
``swapping'' arrangement to steer patients outside of the target 
patient population to the party offering the remuneration. We solicit 
comments on this condition and any additional safeguards that we should 
include in this safe harbor to mitigate the risk of problematic 
swapping arrangements in order to prevent the safe harbor from being 
used to protect payments for referrals that are not part of the value-

[[Page 55721]]

based arrangement. We would have significant concerns with a VBE 
participant entering into a purported value-based arrangement in which 
it offers the VBE a reduced rate for patients in the target patient 
population in exchange for gaining access to that VBE's other patients.
    We propose to require that the VBE provide or arrange for: (i) An 
operational utilization review program and (ii) a quality assurance 
program that protect against underutilization and specify patient 
goals, including measurable outcomes, where appropriate. These 
conditions mirror those found in the existing safe harbor at paragraph 
1001.952(u), which were derived from the then-current regulatory 
requirements for plans operating under section 1876 of the Act. We are 
considering for the final rule whether there may be other ways to frame 
this requirement that meet the spirit of the conditions in paragraph 
1001.952(u) but are updated to reflect the utilization review and 
quality assurance mechanisms in place today.
    Like the proposed care coordination arrangements and substantial 
downside financial risk safe harbors and for the reasons explained in 
connection with those proposals, we are considering for the final rule 
requiring the submission to the Department of information about VBEs, 
VBE participants, and value-based arrangements for safe harbor 
protection. We welcome comments on this. As discussed in the care 
coordination arrangements safe harbor section, we also are considering 
for the final rule a condition prohibiting VBEs or VBE participants 
from billing Federal health care programs, other payors, or individuals 
for remuneration exchanged pursuant to the safe harbor; claiming the 
value of the remuneration as a bad debt for payment purposes under a 
Federal health care program; or otherwise shifting costs to a Federal 
health care program, other payors, or individuals.
    We also propose requirements that (i) the value-based arrangement 
does not include marketing to patients of items or services or engaging 
in patient recruitment activities; and (ii) the VBE or its VBE 
participants maintain documentation sufficient to demonstrate 
compliance with the safe harbor's conditions and make such records 
available to the Secretary upon request. We are considering for the 
final rule and seek comment regarding whether we should include, in the 
final rule, a condition regarding the maintenance of materials and 
records sufficient to establish compliance with the conditions of this 
safe harbor for a set period of time (e.g., at least 6 years or 10 
years). We would interpret these requirements as described with respect 
to the care coordination arrangements safe harbor and would include 
them in this safe harbor for the reasons articulated there.
    In addition, we note that, as proposed, this safe harbor would 
apply only to remuneration exchanged between a VBE and a VBE 
participant pursuant to a value-based arrangement. The proposed full 
financial risk safe harbor would not protect remuneration exchanged 
between or among VBE participants that are part of the same VBE, 
remuneration exchanged between a VBE participant and a downstream 
contractor, or remuneration between two downstream contractors. 
However, nothing prevents these parties from turning to other available 
safe harbors for protection.
    We are considering for the final rule and solicit comments on 
whether to extend this safe harbor to remuneration that passes from a 
VBE participant to a downstream contractor (which also could be, but 
may not be required to be, a VBE participant). While we recognize that 
increased flexibility at the VBE participant level may foster 
innovation, we are concerned that these downstream arrangements present 
higher risks of fraud and abuse because the VBE participants and 
downstream contractors exchanging the remuneration may have assumed 
little or no financial risk. As such, they may continue to be subject 
to the potential risks inherent in any FFS financial arrangements, 
namely, incentives to order medically unnecessary or overly costly 
items and services. For these reasons, we are considering for the final 
rule, and solicit comments on, the following:
     In addition to the safeguards proposed in paragraph 
1001.952(gg), whether additional safeguards could be implemented under 
the full financial risk safe harbor (or a different proposed safe 
harbor) to ensure that legitimate arrangements between VBE participants 
and downstream contractors that advance the value-based purpose(s) of 
the VBE are protected.
     For purposes of protecting downstream arrangements, 
whether we should incorporate some of the safeguards proposed in the 
safe harbor for care coordination arrangements or the safe harbor for 
parties at substantial downside financial risk. If so, whether certain 
safeguards would best capture our need to protect against fraud and 
abuse risks with the recognition that we do not want to impose undue 
burden on parties to these arrangements.
     If we were to protect certain downstream arrangements, 
whether we should limit protection to arrangements between VBE 
participants that are part of the same VBE, or we should extend 
protection to arrangements between: (i) A VBE participant and a 
downstream contractor, (ii) arrangements between two downstream 
contractors, or (iii) both. We request that any comments include 
specific examples of downstream arrangements that may not be protected 
under existing safe harbors or any of the safe harbors proposed under 
this rulemaking but warrant protection under this proposed safe harbor 
because of the level of risk assumed by the VBE.

F. Arrangements for Patient Engagement and Support To Improve Quality, 
Health Outcomes, and Efficiency (1001.952(hh))

    We propose to establish a new safe harbor at proposed paragraph 
1001.952(hh) to protect certain arrangements for patient engagement 
tools and supports to improve quality, health outcomes, and efficiency 
furnished by VBE participants, as defined in proposed paragraph 
1001.952(ee), to specified patients. This safe harbor, hereinafter the 
``patient engagement and support safe harbor,'' is intended to remove 
barriers presented by the anti-kickback statute and the beneficiary 
inducements CMP \26\ to providers offering patients beneficial tools 
and supports to improve quality, health outcomes, and efficiency, by 
promoting patient engagement with their care and adherence to care 
protocols. Commenters to the OIG RFI overwhelmingly supported such a 
safe harbor, with appropriate safeguards.
---------------------------------------------------------------------------

    \26\ A practice permissible under the anti-kickback statute, 
whether through statutory exception or regulations issued by the 
Secretary, is also excepted from the beneficiary inducements CMP. 
Section 1128A(i)(6)(B) of the Act.
---------------------------------------------------------------------------

    Achieving well-coordinated care and improving value require 
patients to actively participate and engage in their preventive care, 
treatment, and general health. To prevent illness or disease or to 
manage a disease or condition effectively, patients must be involved in 
their healthcare and be empowered to make informed healthcare-related 
decisions. Appropriate patient engagement tools and supports can foster 
successful behavior modifications that improve health, ensure that 
patients receive the medically necessary care and other nonclinical, 
but health-related, items and services they need, and improve adherence 
to an appropriate treatment regimen.
    In some cases, improved care coordination may be facilitated 
through various supports, including, for

[[Page 55722]]

example, providing supports that aim to improve patients' safety at 
home or during care transitions (including discharge from facility care 
to the community) or that allow providers to communicate more 
efficiently and effectively with patients and their families and to 
monitor their patients' care. However, we also are cognizant of the 
potential for improper patient engagement tools and supports to result 
in inappropriate utilization, the steering of patients to particular 
providers, suppliers, or products that might not be in their best 
interests, increased costs to payors and patients, and anti-competitive 
effects.
    Depending on the facts and circumstances, providing patient 
engagement tools and supports may implicate the Federal anti-kickback 
statute and the beneficiary inducements CMP. Some tools and supports 
may be protected under existing safe harbors or exceptions to the 
definition of ``remuneration'' under the beneficiary inducements CMP 
(e.g., the local transportation safe harbor, 42 CFR 1001.952(bb); the 
exception for remuneration that promotes access to care and poses a low 
risk of harm to patients and Federal health care programs, 42 CFR 
1003.110; and the exception for incentives given to individuals to 
promote the delivery of preventive care, 42 CFR 1003.110). In addition, 
for CMS-sponsored models, some patient engagement tools and supports 
may qualify for protection under the Medicare Shared Savings Program's 
waiver for patient incentives \27\ or a waiver available for 
beneficiary incentives offered under an applicable Innovation Center 
model.\28\ However, under certain facts and circumstances, no safe 
harbor, exception, or waiver may be available to protect beneficial 
patient engagement tools and supports that implicate the anti-kickback 
statute, beneficiary inducements CMP, or both. These arrangements must 
be evaluated on a case-by-case basis for compliance with the statutes.
---------------------------------------------------------------------------

    \27\ Medicare Program; Final Waivers in Connection With the 
Shared Savings Program, 80 FR 66726, 66743 (Oct. 29, 2015).
    \28\ See, e.g., Notice of Waivers of Certain Fraud and Abuse 
Laws in Connection with the Bundled Payments for Care Improvement 
Advanced Model (May 25, 2018), available at https://www.cms.gov/Medicare/Fraud-and-Abuse/PhysicianSelfReferral/Downloads/BPCI-Advanced-Model-Waivers.pdf.
---------------------------------------------------------------------------

    Under the proposed patient engagement and support safe harbor at 
paragraph 1001.952(hh), ``remuneration'' under the Federal anti-
kickback statute would not include in-kind patient engagement tools or 
supports (as specified in proposed paragraph 1001.952(hh)) furnished 
directly by a VBE participant (as defined in proposed paragraph 
1001.952(ee)) to a patient in a target patient population (as defined 
in proposed paragraph 1001.952(ee)), that are directly connected to the 
coordination and management of care (as defined in proposed paragraph 
1001.952(ee)), provided that all of the conditions of proposed 
paragraph 1001.952(hh) are satisfied.
1. Limitations on Offerors
    Under this proposal, only patient engagement tools and supports 
furnished by a VBE participant, as defined in proposed paragraph 
1001.952(ee), would receive protection. Our intent in proposing to 
limit safe harbor protection to VBE participants is to align the safe 
harbor with the value-based framework set forth in this proposed 
rulemaking. We are mindful that this approach would require the offeror 
of the remuneration to be part of a VBE (of any size) as defined at 
proposed paragraph 1001.952(ee). We are soliciting comments, including 
illustrative fact patterns, about potential patient engagement tools 
and supports that would improve care coordination and health outcomes 
where the offeror does not meet the proposed definition of a VBE 
participant because the offeror is not part of a VBE.
    For example, we are considering for the final rule safe harbor 
protection for, and seek comments regarding, a hospital's or physician 
group practice's provision of patient engagement tools and supports 
that would advance coordination and management of care for a patient 
and otherwise satisfy conditions similar to those set forth in the 
proposed safe harbor, but where such hospital or physician group 
practice is not part of a VBE. We seek comments on the fraud and abuse 
risks associated with removing the requirement that the offeror is a 
VBE participant and what additional safeguards would be appropriate to 
offset those risks.
    Pharmaceutical manufacturers, distributors, and suppliers of 
DMEPOS, and laboratories are not included in the proposed definition of 
``VBE participant'' in paragraph 1001.952(ee) for the reasons described 
earlier in this preamble. In addition to the reasons for exclusion of 
pharmaceutical manufacturers in the definition of ``VBE participant'' 
previously articulated, we believe that offers of remuneration by such 
manufacturers to patients could improperly influence the patient, as 
well the patient's clinician's decision to prescribe one drug over 
another. Such remuneration could influence a patient to request a 
particular drug that is more expensive or less clinically efficacious 
than other clinically equivalent drugs. This could both improperly 
influence patient choice and increase costs to Federal health care 
programs--two factors cited by Congress to consider when developing 
safe harbors--without necessarily increasing quality.
    As noted above, we also are excluding manufacturers, distributors, 
and suppliers of DMEPOS and laboratories from the definition of a VBE 
participant. Based on long-standing enforcement and oversight 
experience, we are concerned that manufacturers, distributors, and 
suppliers of DMEPOS and laboratories may inappropriately use patient 
engagement tools and supports to market their products or divert 
patients from a more clinically appropriate item or service, provider, 
or supplier without regard to the best interests of the patient or to 
induce medically unnecessary demand for items and services.
    We are interested in comments on the impact of any such exclusions, 
if included in the final rule, for the patient engagement and support 
safe harbor in particular and any negative impact on the provision of 
potentially beneficial tools and supports. We seek comments regarding 
whether the proposed exclusion of these entities from the definition of 
``VBE participant,'' and the proposed condition at (hh)(2), limiting 
funding by and other contributions from non-VBE participants, might 
negatively impact patients' ability to receive beneficial items and 
services, including new technologies that may foster better access to 
care and improve health outcomes.
    As noted above, we also are considering whether to exclude other 
categories of suppliers and other entities, including pharmacies, PBMs, 
wholesalers, and distributors from the definition of ``VBE 
participant.'' \29\ We solicit comments on the potential impact of our 
considered exclusion of pharmacies, PBMs, wholesalers, and 
distributors, if included in the final rule, for the patient engagement 
and support safe harbor in particular.
---------------------------------------------------------------------------

    \29\ Note that, should we adopt the definition of ``applicable 
manufacturer'' as set forth in in 42 CFR 403.902, such definition 
would include distributors and wholesalers (which include re-
packagers, re-labelers, and kit assemblers) that hold title to a 
covered drug, device, biological or medical supply.
---------------------------------------------------------------------------

    We also are considering, and seek comment on, whether this proposed 
safe harbor should protect only in-kind tools and supports furnished by 
VBE participants that assume at least some

[[Page 55723]]

financial risk, so as to better align protected remuneration with 
value-based purposes. In particular, if we were to limit safe harbor 
protection to only VBE participants that assume financial risk, we are 
considering, and seek comments regarding, the appropriate level of 
financial risk to require of such VBE participants (e.g., VBE 
participants that assume at least some downside financial risk or VBE 
participants that assume substantial downside financial risk).
2. Limitations on Recipients
    This proposed safe harbor would protect patient engagement tools 
and supports furnished to patients in a target patient population (as 
defined in proposed paragraph 1001.952(ee)). We note that the scope of 
this proposed safe harbor would not be limited to Federal health care 
program beneficiaries in recognition that the VBE or VBE participants 
may define the target patient population without regard to payor type. 
We solicit comments on whether we should instead provide safe harbor 
protection for tools and supports VBE participants furnish to a broader 
universe of patients by, for example, protecting patient engagement 
tools and supports furnished by VBE participants to any patient, so 
long as the tools and supports predominantly address needs of the 
target patient population and the tools and supports have a direct 
connection to the coordination and management of care for the patient.
    We recognize that some VBEs may not be able to prospectively 
identify the individual patients in the target patient population. For 
example, in some accountable care organization (ACO) arrangements under 
CMS-sponsored models, beneficiaries are assigned to the ACO, which 
could be a VBE, retrospectively or on a preliminary prospective basis 
(e.g., for agreement periods beginning on July 1, 2019, ACOs 
participating in the Medicare Shared Savings Program may select 
preliminary prospective assignment with retrospective 
reconciliation).\30\ We are interested in stakeholder comments on the 
challenges, if any, presented by the safe harbor's protection of only 
patient engagement tools and supports furnished to patients in the 
target patient population when the VBE's assigned beneficiaries are 
identified retrospectively or on a preliminary prospective basis.
---------------------------------------------------------------------------

    \30\ 42 CFR 425.400(a)(4)(ii). We offer this as an illustrative 
example. Participants in the Medicare Shared Savings Program and 
Innovation Center ACO models have existing fraud and abuse law 
waivers and may not need new safe harbor protection.
---------------------------------------------------------------------------

3. Limitations on Type of Remuneration
    The proposed safe harbor would protect only tools or supports, as 
specified in proposed 1001.952(hh), furnished by a VBE participant to a 
patient in the target patient population. As proposed in 
1001.952(hh)(3)(i), (ii) and (iii), we would limit a patient engagement 
``tool or support'' to in-kind, preventive items, goods, or services, 
or items, goods, or services such as health-related technology, patient 
health-related monitoring tools and services, or supports and services 
designed to identify and address a patient's social determinants of 
health, that have a direct connection to the coordination and 
management of care of the target patient population. This limitation on 
tools or supports would exclude gift cards, cash, and any cash 
equivalent (e.g., a check or pre-paid debit card).
    We do not propose a specific definition of ``preventive care item 
or service'' to provide flexibility for VBE participants that seek to 
furnish preventive care items and services as a means to improve 
patient outcomes and better overall patient health.\31\ OIG is mindful 
of the evolving nature of clinical practice guidelines and 
recommendations for practices that are categorized as ``preventive 
care,'' and we intend to allow this proposed safe harbor to protect the 
provision of tools and supports that a VBE participant reasonably 
determines, within the medical judgment of the applicable practitioner 
treating the patient, to be preventive care. VBE participants would 
need to exercise caution in ensuring that tools and supports for which 
they desire safe harbor protection are reasonably considered preventive 
care.
---------------------------------------------------------------------------

    \31\ We do not intend to incorporate the definition of 
``preventive care'' found in the regulations interpreting the 
beneficiary inducements CMP, 42 CFR 1003.110. Note that the 
definitions found at 42 CFR 1003.110 apply to part 1003, not part 
1001, where the proposed 42 CFR 1001.952(hh) would be located.
---------------------------------------------------------------------------

    We solicit comments on whether the categories of patient engagement 
tools and supports listed above that would receive protection (i.e., 
health-related technology, patient health-related monitoring tools and 
services, or supports and services designed to identify and address a 
patient's social determinants of health) are sufficiently flexible but 
also sufficiently targeted to protect against the risks of fraud and 
abuse associated with providing inappropriate remuneration to patients. 
For instance, we believe ``health-related technology'' and ``patient 
health-related monitoring tools and services'' might include wearable 
monitoring devices, such as a smart watch or tracker designed to 
collect information and transmit data to a patient's physician for 
treatment or disease monitoring. We are considering for purposes of the 
final rule requiring that the VBE participant confirm that the tools 
and services provided to a patient are not duplicative of, or 
substantially the same as, tools and services the patient already has. 
For example, we are considering whether the safe harbor should protect 
the provision of a new cell phone or wireless service to a patient who 
needs an application for remote patient monitoring if the patient 
already has these products and only needs the application.
    With respect to the provision of supports and services designed to 
identify and address social determinants of health, many commenters to 
the OIG RFI urged us to consider ``social determinants of health,'' 
also described as ``health-related nonmedical'' items, goods, and 
services, that address basic needs essential to patients' health, such 
as food, shelter, safety, clothing, income, and transportation, in 
designing any proposed safe harbors. There is substantial evidence that 
unmet social needs related to these determinants of health, such as 
transportation, nutrition, and safe housing, play a critical role in 
health outcomes and expenditures.\32\ These needs must be considered 
when thinking about maximizing health outcomes and lowering healthcare 
costs.
---------------------------------------------------------------------------

    \32\ See, e.g., Michael Marmot et al., on behalf of the World 
Health Organization and Commission on Social Determinants of Health, 
Closing the gap in a generation: Health equity through action on the 
social determinants of health, 372 Lancet 9650 (2008), available at 
https:/www.thelancet.com/journals/lancet/issue/vol372no9650/PIIS0140-6736(08)X6047-7; Gayle Shier et al., Strong Social Support 
Services, Such As Transportation And Help For Caregivers, Can Lead 
To Lower Health Care Use And Costs, 32 Health Affairs 3 (2013), 
available at https://www.healthaffairs.org/doi/pdf/10.1377/hlthaff.2012.0170.
---------------------------------------------------------------------------

    Evidence indicates that efforts that target home and neighborhood-
level factors, such as healthcare accessibility for low-income 
individuals, physical and environmental obstructions to healthy living, 
and housing and case management, can lead to improved health outcomes 
for people of all ages.\33\ These improved health outcomes include 
decreased mortality, delay or prevention of preventable and chronic

[[Page 55724]]

diseases, and lowered healthcare utilization, indicating a higher 
quality of life.\34\
---------------------------------------------------------------------------

    \33\ See, e.g., J. Michael McGinnis, Pamela Williams-Russo, and 
James R. Knickman, The Case For More Active Policy Attention To 
Health Promotion, 21 HEALTH AFFAIRS 2 (Mar. 2002), available at 
https://www.healthaffairs.org/doi/10.1377/hlthaff.21.2.78.
    \34\ Marmot, supra.
---------------------------------------------------------------------------

    By addressing health disparities that emerge from the social 
determinants of health, some research suggests that the United States 
could save over $230 billion in medical care costs.\35\ Moreover, there 
is research suggesting that policy interventions that focus on the 
social determinants of health can produce an estimated economic return 
of $1.02 trillion.\36\
---------------------------------------------------------------------------

    \35\ McGinnis, supra.
    \36\ McGinnis, supra.
---------------------------------------------------------------------------

    Based on the connection of social determinants to healthcare 
outcomes and costs, we are considering for purposes of the final rule 
whether explicitly to include protection for tools and supports that 
address some social determinants of health that meet all other safe 
harbor conditions. While all social determinants have the potential to 
improve health outcomes, some social determinants may be more 
specifically aligned with preventive care and the coordination and 
management of care for patients (e.g., transportation to medical 
appointments, nutrition to address clinical conditions, safe housing 
for patients discharged to their homes) than others (e.g., a more 
general need for income through employment). We seek public input on 
which social determinants are most crucial to improving care 
coordination and transitioning to value-based care and payment, with 
respect both to needed arrangements between providers or others in a 
position to generate Federal health care program referrals between 
them, and needed arrangements between beneficiaries and providers or 
others in a position to influence the selection of providers, 
practitioners, and suppliers.
    We are considering, and solicit comments on, how the final safe 
harbor should make distinctions among the categories of social 
determinants, such as protecting some types of tools and supports but 
not others. We are considering for the final rule whether we should 
specify specific tools and supports that would be permissible, 
including whether to base such a list on the types of tools and 
supports described in CMS guidance for the Medicare and Medicaid 
programs. We are interested in illustrative examples and data 
supporting commenters' views on this topic, including data supporting 
(or not supporting) the efficacy from a quality, effectiveness, and 
cost perspective of particular types of tools and supports related to 
addressing social determinants of health. Regardless, whether a 
particular tool or support would, in fact, be protected under the safe 
harbor when offered by a VBE participant to a patient in a target 
patient population would depend on the facts and circumstances and 
whether all safe harbor conditions were satisfied.
    We solicit comments on whether, instead of using the proposed 
categories, the final rule should list specific tools and supports that 
could be protected under the safe harbor. We are interested in feedback 
on which tools and supports should be listed and how the rule could 
account for emerging tools and supports that improve patient 
engagement, care coordination, and health outcomes.
    We do not intend for tools and supports protected by this proposed 
safe harbor, which includes only in-kind items, goods, and services, to 
be limited to items or services covered by a Federal health care 
program (as the term of art, ``items or services,'' when used in the 
context of the Medicare program, could suggest).\37\ In general, the 
provision of covered items and services to patients does not require 
safe harbor protection provided that all normal billing rules are 
followed. That said, the proposed description of a permissible tool or 
support would include federally reimbursable items and services, and 
provided that the other requirements of the safe harbor are satisfied, 
the provision of federally reimbursable items and services could 
receive safe harbor protection.
---------------------------------------------------------------------------

    \37\ While OIG's regulations found at 42 CFR 1003.110 define 
``items and services or items or services,'' we do not cross-
reference such definition in this proposed safe harbor, nor do we 
propose to limit the items, goods, and services potentially 
protected by this proposed safe harbor to the items and services 
that would satisfy the definition found at 42 CFR 1003.110. Note 
also that the definitions found at 42 CFR 1003.110 apply to part 
1003, not part 1001, where the proposed 42 CFR 1001.952(hh) would be 
located.
---------------------------------------------------------------------------

    We seek comment on potential fraud and abuse risks presented by 
including items and services that could be reimbursable by a Federal 
health care program as permitted tools or supports. We are aware of, 
and deeply concerned about, fraud schemes that involve the provision of 
items and services, including prescription opioids or other drugs, that 
are not needed by patients or that are harmful to them. We do not 
propose to protect such arrangements in this rulemaking, and such 
arrangements would not be protected in any final rule. Further, as OIG 
has previously stated, we are concerned that the provision of 
potentially reimbursable items and services, for free, could result in 
steering or unfair competition or could create a seeding arrangement, 
where, for example, a physician could be influenced to prescribe an 
item or service, which may be free at some point, but would be covered 
by a third-party payor (including Federal health care programs) in the 
future.\38\ Because of the risks presented by allowing safe harbor 
protection for the provision of potentially reimbursable items and 
services, including inappropriate seeding arrangements or the provision 
of medically unnecessary or harmful items or services, we are 
considering, and seek comment on, excluding in the final rule federally 
reimbursable items and services as a protected tool or support. As 
discussed further below, the proposed patient engagement and support 
safe harbor would not protect cost-sharing waivers, and thus would not 
protect billing a Federal program while waiving the beneficiary's share 
of payment.
---------------------------------------------------------------------------

    \38\ Adv. Op. No. 18-14, available at https://oig.hhs.gov/fraud/docs/advisoryopinions/2018/AdvOpn18-14.pdf.
---------------------------------------------------------------------------

    The in-kind requirement means that the patient must receive the 
actual tool or support and not funds to purchase the tool or support. 
For example, patients may not be given cash reimbursements for items or 
goods they purchase directly. While cash reimbursements for tools and 
supports would not satisfy the in-kind requirement, we would consider a 
voucher for a particular tool or support (e.g., a meal voucher or a 
voucher for a taxi) to satisfy the in-kind requirement.
a. Cash and Cash Equivalent Incentives
    A number of commenters responding to the OIG RFI urged OIG to 
protect the distribution of cash incentives to patients as a reward for 
engaging in certain healthcare-related activities. For example, 
providers responding to the OIG RFI stated that they would like 
protection to provide cash rewards to patients both for attending 
appointments (e.g., $10 for patients who attend an initial primary care 
visit) and for engaging in activities designed to promote the adoption 
and maintenance of healthy behaviors (e.g., a $25 check offered to 
patients who complete milestones in a behavioral modification program 
related to substance use disorders). Commenters cited a number of 
studies in support of this recommendation.\39\
---------------------------------------------------------------------------

    \39\ See, e.g., Cathy J. Bradley & David Neumark, Small Cash 
Incentives Can Encourage Primary Care Visits by Low-Income People 
with New Health Care Coverage, 36 Health Affairs 8 (2017), https://www.healthaffairs.org/doi/10.1377/hlthaff.2016.1455; Scott D. 
Halpern, MD, Ph.D. et al., Randomized Trial of Four Financial-
Incentive Programs for Smoking Cessation, 372 New Eng. J. Med. 2108 
(2015), https://www.nejm.org/doi/full/10.1056/NEJMoa1414293.

---------------------------------------------------------------------------

[[Page 55725]]

    Commenters to the OIG RFI noted that incentives and supports in the 
form of cash could help improve patients' adherence to treatment plans, 
encourage participation in medically necessary care, and motivate 
patients to lead healthier lifestyles. In addition, commenters to the 
OIG RFI posited, and some research suggests, that patients prefer cash 
to in-kind items, goods, or services and that cash may be more 
effective at maintaining patient engagement and encouraging and 
reinforcing positive behavioral change. We also have observed 
congressional interest in allowing providers to offer beneficiaries 
cash through, by way of example, the recent enactment of the ACO 
Beneficiary Incentive Program, section 1899(m) of the Act. However, OIG 
historically has had significant concerns with allowing providers to 
offer cash or cash equivalents to patients, and our oversight and 
enforcement experience suggests that cash incentives can: (i) Result in 
medical identity theft and misuse of patients' Medicare numbers, (ii) 
lead to inappropriate utilization (in the form of medically unnecessary 
items and services), and (iii) cause improper steering (including 
patients selecting a provider because the provider offers the most 
valuable incentives and not because of the quality of care the provider 
furnishes).
    Notwithstanding, we are considering for the final rule, and seek 
comment on, whether to protect patient incentives and supports in the 
form of cash and cash equivalents in certain circumstances.\40\ If we 
do so, we might set a monetary limit on the aggregate amount of 
remuneration provided annually (such as up to $75 per year, or higher 
or lower amounts) \41\ or include other safeguards to prevent the 
misuse of cash incentives to steer patients to items or services to 
influence them to allow others to use their personal information to 
order unnecessary or inappropriate items and services. Further, we 
likely would limit the use of cash remuneration to reward patients for 
attending medically necessary primary care or other clinically 
prescribed treatment visits, or for successful participation in a 
clinically appropriate behavioral modification or substance use 
disorder treatment program. If we were to adopt this approach, we would 
consider requiring offerors to have an evidence-based reason for using 
cash to influence patients' adherence to a treatment regimen or 
clinical program. (This might be the case, depending on the evidence, 
with respect to a substance use disorder treatment or smoking cessation 
program.) We solicit comment on potential criteria a party may apply to 
ensure that the arrangement is evidence-based, such as ensuring the 
arrangement is supported by the Joint Commission, the Agency for 
Healthcare Research and Quality, or other independent organization that 
develops national quality standards or quality measures.
---------------------------------------------------------------------------

    \40\ OIG continues to consider items convertible to cash (such 
as a check) or that can be used like cash (such as a general purpose 
debit card) to be cash equivalents.
    \41\ The $75 amount parallels OIG's 2016 ``Office of Inspector 
General Policy Statement Regarding Gifts of Nominal Value to 
Medicare and Medicaid Beneficiaries Policy Statement,'' which 
currently sets the retail value of permissible ``inexpensive'' or 
``nominal value'' gifts at $15 per item and $75 in the aggregate per 
patient on an annual basis. See OIG, Office of Inspector General 
Policy Statement Regarding Gifts of Nominal Value to Medicare and 
Medicaid Beneficiaries (Dec. 7, 2016), available at https://oig.hhs.gov/fraud/docs/alertsandbulletins/OIG-Policy-Statement-Gifts-of-Nominal-Value.pdf.
---------------------------------------------------------------------------

b. Waiver or Reduction of Cost-Sharing Obligations
    A number of the comments we received in response to the OIG RFI 
advocated broad protection from potential anti-kickback statute and 
beneficiary inducements CMP liability for routinely waived or reduced 
cost-sharing obligations. As an initial matter, we note that the 
requirement for cost-sharing in Medicare and Medicaid is a programmatic 
matter; cost-sharing is required pursuant to statute and regulations 
set forth by CMS and State Medicaid programs. We do not believe safe 
harbors to the anti-kickback statute are the right tool to obviate 
these programmatic requirements. Our concerns regarding routine waivers 
of cost-sharing amounts are longstanding; \42\ such routine waivers may 
constitute prohibited remuneration to induce referrals. Therefore, as 
proposed, the patient engagement and support safe harbor would not 
protect the routine waiver or reduction of cost-sharing obligations 
(including coupons leading to such waivers or reductions).
---------------------------------------------------------------------------

    \42\ See, e.g., Special Fraud Alert: Routine Waiver of 
Copayments or Deductibles Under Medicare Part B, 59 FR 65372, 65374 
(Dec. 19, 1994).
---------------------------------------------------------------------------

    We are interested in comments that identify potential benefits of 
permitting in the final rule the waiver or offset of cost-sharing 
obligations where the cost-sharing waiver or offset of obligations is 
part of a value-based arrangement under our value-based framework. In 
addition, we solicit comments on any safeguards that would mitigate 
concerns that routine waivers of cost-sharing amounts might undermine 
prudent consumer incentives of cost-sharing or might allow for abusive 
``insurance-only billing'' marketing schemes targeting patients for 
unnecessary or poor-quality items or services.
    Long-standing OIG guidance allows for non-routine, good-faith 
financial need cost-sharing waivers,\43\ and several safe harbors and 
beneficiary inducements CMP exceptions already offer protection for 
certain reductions, waivers, and differentials in cost-sharing, such as 
the exception for the waiver of cost-sharing amounts found at section 
1128A(i)(6)(A) of the Act and 42 CFR 1003.110. Those safe harbors and 
exceptions remain available and unchanged by this proposal. We also are 
proposing protection for certain cost-sharing waivers or reductions 
under the CMS-sponsored model patient incentives safe harbor, proposed 
at 1001.952(ii). As noted above, many VBE participants that would avail 
themselves of the patient engagement and support safe harbor would not 
be subject to programmatic requirements, oversight, or monitoring 
comparable to CMS-sponsored models. Therefore, cost-sharing waivers or 
reductions offered and provided under the CMS-sponsored models may 
present fewer risks.
---------------------------------------------------------------------------

    \43\ See, e.g., OIG, Special Fraud Alert, 59 FR 65372, 65374 
(Dec. 19, 1994).
---------------------------------------------------------------------------

    We are aware of concerns expressed by some stakeholders about the 
collection of small beneficiary cost-sharing amounts associated with 
certain care coordination services, such as care management and remote 
monitoring, where the costs of collection exceed the amount to be 
collected. Stakeholders would like safe harbor protection for waivers 
of such cost-sharing amounts. We are considering for the final rule 
whether limited safe harbor protection for such waivers might be 
appropriate, including whether such safe harbor protection would be 
consistent with the program rules establishing such beneficiary cost-
sharing amounts. We are considering for the final rule, and seek 
comment regarding, what conditions we should include in any safe harbor 
for limited cost-sharing waivers that would protect only cost-sharing 
waivers associated with certain specified services, such as care 
management and remote monitoring. If we were to finalize such a safe 
harbor, we likely would include conditions similar to those set forth 
in proposed 1001.952(hh).
    Finally, we are aware of interest among some stakeholders in 
offering patients a share of savings the patients help generate for a 
payor. For example, a patient who selects a clinically

[[Page 55726]]

appropriate but less costly setting to obtain services (e.g., home-
based services instead of a treatment in a facility) might share in the 
savings realized from the lower cost care setting. We believe that in 
many cases, this type of program would be part of a plan's benefit 
design. The need for new safe harbor protection for this type of 
arrangement is unclear, and we solicit comments on this issue.
c. Gift Cards
    OIG has never considered gift cards to be in-kind items, goods, or 
services. The limitation of ``tool or support'' proposed in paragraph 
1001.952(hh) would be consistent with OIG's position that gift cards 
are not in-kind items, goods, and services. OIG recognizes certain 
risks attendant to providing gift cards as patient engagement tools and 
supports, some of which may make gift cards indistinguishable from cash 
(e.g., we recognize that consumers can sell or trade gift cards through 
gift card redemption sites, which could result in a gift card morphing 
into cash). Similar to cash and cash equivalents, OIG is concerned that 
tools and supports in the form of gift cards could induce patients to 
seek medically unnecessary items and services--leading to inappropriate 
utilization--and could result in providers improperly steering patients 
through offering valuable incentives in the form of gift cards.
    Nevertheless, because gift cards may be effective at promoting 
behavioral change, OIG is considering whether to include protection for 
gift cards in limited circumstances, for example, where they are 
provided to patients with certain conditions, such as substance use 
disorders and behavioral health conditions, as part of an evidence-
based treatment program, for the purpose of effecting behavioral 
change. OIG seeks comments on the potential inclusion of gift cards in 
limited circumstances such as these and requests citations to any 
recent studies assessing the positive or negative effects of gift card 
incentives on promoting behavioral change. OIG also solicits comments 
on whether and how including gift cards as allowable ``tools or 
supports'' in the circumstances described above would raise the risk of 
fraud and abuse and specifically whether it would present any anti-
competitive effects, particularly for smaller providers and suppliers. 
OIG also is considering and seeks comment on what additional 
safeguards, such as limiting protection for gift cards to those that 
are not pre-paid debit cards,\44\ we should include to the extent the 
safe harbor protects the provision of gift cards.
---------------------------------------------------------------------------

    \44\ OIG recognizes that gift cards can take a number of forms, 
including tangible gift cards, electronic gift cards, and the 
replenishment of funds available, through a smartphone application, 
to purchase items, goods, or services at a particular entity.
---------------------------------------------------------------------------

4. Additional Proposed Conditions
    The patient engagement and support safe harbor would impose a 
number of conditions on the provision of protected patient engagement 
tools and supports. The intent of these safeguards is to balance the 
potential benefits of tools and supports with safeguards that minimize 
the risk of harm to patients, payors, or both.
a. Furnished Directly to the Patient
    Under the proposed condition at 1001.952(hh)(1), the tool or 
support must be furnished directly to the patient by a VBE participant. 
The reasons for this proposed condition are two-fold. First, the 
condition would prevent entities that are excluded from participating 
in a VBE from directly or indirectly furnishing tools and supports to 
patients. Second, we believe that this condition would help patients 
understand which entity or individual is furnishing the tool or 
support, which could aid patients in deciding whether to participate in 
the program or treatment regimen offered. We are considering for the 
final rule and seek comment on whether we should include a condition in 
the final safe harbor that would require the VBE participant to provide 
any patient receiving a patient engagement tool or support a written 
notice describing: (i) The VBE participant that is giving the patient 
the tool or support; (ii) what the remuneration is; and (iii) the 
purpose of, or reason for, the remuneration. We solicit comments on 
whether we should expressly permit the VBE participant to furnish the 
tool or support through someone acting on the VBE participant's behalf 
and under the VBE participant's direction (e.g., a physician practice 
that provides the tool or support through an individual member of the 
practice or nurse employed by the practice). We also seek comments on 
the applicability of the proposed safe harbor to potential arrangements 
by which a VBE participant orders or arranges for the delivery of a 
tool or support from an independent third party.
b. Funding Limitations
    Under the proposed condition at 1001.952(hh)(2), we limit who can 
fund or otherwise contribute to patient engagement tools and supports 
furnished by a VBE participant. We propose to interpret the requirement 
at 1001.952(hh)(2) to prohibit the VBE participant from accepting or 
using funds or free in-kind items or services furnished by any 
individual or entity outside of the VBE to finance or otherwise 
facilitate its patient engagement tools, supports, or both, including 
both the cost of the tool or support and any associated operating costs 
incurred through the provision of such tool or support (e.g., staff 
time dedicated to ordering or distributing blood pressure cuffs or 
technology expenses or help desk services associated with a patient 
support). We believe this requirement is necessary to reduce the 
likelihood of undue influence that could result in inappropriate 
patient steering to specific products, providers, or suppliers.
    In addition, this proposed condition would ensure that the entities 
we propose to exclude as VBE participants would not indirectly furnish 
patient engagement tools and supports under the safe harbor. For 
example, a pharmaceutical manufacturer, manufacturer, distributor, or 
supplier of DMEPOS, or laboratory could not circumvent the proposed 
exclusion from the definition of ``VBE participant'' by providing funds 
to a third-party entity and then directing or otherwise controlling any 
aspect of the third-party entity's provision of patient engagement 
tools and supports as a VBE participant. Further, this proposed 
condition would prohibit a non-VBE participant's contribution of in-
kind items and services for a VBE participant to provide to patients as 
tools or supports. By way of example, a pharmaceutical manufacturer's 
provision of free product to a VBE participant (e.g., a physician) for 
the VBE participant's distribution to patients as free product samples 
would not be protected by this proposed safe harbor.\45\ We solicit 
comments on this approach and whether there may be defined, limited 
circumstances in which non-VBE participants should be able to 
contribute or otherwise participate in the provision of tools and 
supports eligible for safe harbor protection.
---------------------------------------------------------------------------

    \45\ For further information regarding the Federal anti-kickback 
statute and beneficiary inducements CMP implications of free product 
samples, see e.g., OIG, Compliance Program Guidance for 
Pharmaceutical Manufacturers, 68 FR 23731, 23739 (May 5, 2003); Adv. 
Op. No. 08-04, available at https://oig.hhs.gov/fraud/docs/advisoryopinions/2008/AdvOpn08-04.pdf; Adv. Op. No. 15-11, available 
at https://oig.hhs.gov/fraud/docs/advisoryopinions/2015/AdvOpn15-11.pdf.
---------------------------------------------------------------------------

    We note that this proposed safe harbor does not address, or 
otherwise

[[Page 55727]]

prohibit, arrangements between VBE participants and others (including 
vendors and manufacturers) for the purchase and sale of tools and 
supports that the VBE participant would furnish under the safe harbor. 
Such arrangements must be assessed on a case-by-case basis for 
compliance with the Federal anti-kickback statute and any other 
applicable law.
c. Prohibition on Marketing and Patient Recruitment
    Under the proposed condition at 1001.952(hh)(3)(iii), the 
remuneration must not include any in-kind item, good, or service used 
for patient recruitment or marketing of items or services to patients. 
We do not intend to protect tools or supports that serve solely as 
patient recruitment incentives. Similarly, we do not intend to protect 
tools or supports offered to patients where the party knows or should 
know that the patient would not use the item as intended under the 
arrangement and would instead resell the item.
    We seek comments on this proposed condition, and in particular, any 
benefits of permitting in the final rule some targeted marketing or 
similar outreach to the target patient population for the purposes of 
engaging them in evidence-based prevention or wellness activities, or 
in improving population health outcomes, particularly for VBEs or VBE 
participants at financial risk for the health outcomes of the target 
patient population. As with our proposal at paragraph 1001.952(ee), we 
also are interested in comments on how best to preclude marketing of 
reimbursable items and services and patient recruitment while still 
permitting beneficial educational efforts and activities that promote 
patient awareness of care coordination activities and available tools 
and supports.
d. Direct Connection
    Under the proposed condition at 1001.952(hh)(3)(i), the tool or 
support furnished to the patient must have a ``direct connection'' to 
the coordination and management of care for the patient. We interpret 
``direct connection'' to mean that the VBE has a good faith expectation 
that the tool or support will further the VBE's coordination and 
management of care for the patient, as that concept is described in the 
proposed conditions at 1001.952(ee). Where a direct connection exists, 
it should not be difficult for the VBE and the VBE participant 
providing the patient engagement tool or support to clearly articulate 
the nexus between the tool or support and a care coordination and 
management purpose of the VBE. We believe that this requirement 
effectively balances the goals of patient engagement tools and 
supports, such as patient compliance with a plan of care and adherence 
to behavior modifications to improve overall health, with the risk that 
VBE participants could use extravagant tools or supports to steer 
beneficiaries or incentivize unnecessary or inappropriate care. 
Consistent with our goals of fostering flexibility, adaptability, and 
innovation, we are not further describing specific patient engagement 
tools and supports that would be considered to have a direct connection 
to the coordination and management of care for the patient. We are 
considering for the final rule and solicit comments on whether we 
should require a ``reasonable connection'' rather than a ``direct 
connection.''
    As an alternative or in addition to this approach, we are 
considering whether, to heighten transparency of patient engagement 
tools and supports and to ensure that qualifying patient engagement 
tools and supports are known by and closely related to the VBE itself, 
we should require the VBE to make a bona fide determination that the 
VBE participant's arrangement to provide tools and supports to patients 
is directly connected to the coordination and management of care for 
the patient, as that term is used in the proposed 1001.952(ee). We 
solicit comments on this approach.
    Lastly, we are considering for the final rule, and solicit comment 
on, whether we should require that patient engagement tools and 
supports be directly connected to any of the four value-based purposes, 
as opposed to requiring a direct connection specifically to the 
coordination and management of the patient's care.
e. Medical Necessity
    Under the proposed condition at 1001.052(hh)(3)(iv), the tool or 
support furnished to the patient must not result in medically 
unnecessary or inappropriate items or services reimbursed in whole or 
in party by a Federal health care program. We believe that this is an 
important protection for patient safety and quality of care.
f. Nature of the Remuneration
    Under the proposed conditions at 1001.952(hh)(3)(vi), the tool or 
support must be recommended by the patient's licensed healthcare 
provider. This condition seeks not only to ensure that the remuneration 
is focused specifically on patient care, but also underscore the 
importance of quality of care, the healthcare provider's medical 
judgment, and the patient's relationship with his or her chosen 
healthcare providers in developing plans for treatment and care.
    We are considering and solicit comment on, whether we should 
include as a safeguard a requirement that the patient's licensed 
healthcare provider certify in writing, under 18 U.S.C. 1001 and 1519, 
that the particular item or service is recommended solely to treat a 
documented chronic condition of a patient in a target patient 
population. We solicit comments on how providers would most efficiently 
meet such a requirement and whether and how providers should be 
required to make the certification available.
    For all types of remuneration contemplated under this proposed safe 
harbor, we are considering for the final rule and seek comment on 
whether we should impose further limitations on the nature of 
remuneration furnished or other conditions to safeguard against the 
risks associated with fraud and abuse. For example, we are considering 
for the final rule and seek comment on some or all of the following 
additional safeguards:
     A requirement that VBE participants furnishing patient 
engagement tools and supports demonstrate and document the desired 
adherence to a treatment regimen, adherence to a drug regimen, 
adherence to a follow-up care plan, management of a disease or 
condition, improvement in measurable health outcomes, or patient 
safety; and
     a monitoring requirement to ensure that the patient 
engagement tools and supports do not result in diminished quality of 
care or patient harm.
    In addition, we seek specific examples of any other types of 
remuneration that stakeholders believe should be covered (or should not 
be covered) by this proposed safe harbor and why, as well as input on 
whether we can better define categories of remuneration, and any 
limitations or safeguards necessary to protect against fraud and abuse 
risks specific to such examples or categories.
g. Advancement of Specified Goals
    Under the proposed condition at 1001.952(hh)(3)(vii), the 
incentives and supports must advance specifically enumerated goals, 
namely: Adherence to a treatment regimen as determined by the patient's 
licensed healthcare provider; adherence to a drug regimen as determined 
by the patient's licensed healthcare provider; adherence to a follow-up 
care plan established by the patient's licensed healthcare provider; 
management of a disease or condition as directed by the patient's 
licensed

[[Page 55728]]

healthcare provider; improvement in evidence-based measurable health 
outcomes for a patient or the target patient population; ensuring 
patient safety; or some combination of the above.\46\ We are not 
proposing to specify which tools and supports would advance the named 
goals to provide flexibility for VBE participants and promote 
innovation. We intend for this proposed condition to protect a range of 
tools and supports. For example, an item, such as a smart pill bottle, 
that dispenses medications at preset times for a patient could meet 
this condition because it is a tool that enables the patient to access 
the right medication at the appropriate dosage and time. Offering a 
parking voucher or providing free childcare during medical appointments 
also could satisfy this condition because these supports would allow a 
patient to comply with his or her treatment regimen. Conversely, 
offering a patient movie tickets to reward compliance with a treatment 
regimen would not satisfy this condition.
---------------------------------------------------------------------------

    \46\ We note here that the word ``drug'' is synonymous with and 
inclusive of ``medication,'' neither of which terms we are defining 
for purposes of this proposed safe harbor. Similarly, ``followup 
care plan'' would include so-called ``discharge plans.''
---------------------------------------------------------------------------

    While we are concerned about the potential for abuse when patients 
are offered rewards to induce them to receive items or services, we 
also are aware that, in some circumstances, patients, or persons at 
risk of becoming patients with more serious conditions, might be 
offered tools or supports that result in lower healthcare costs 
(without compromising quality) or that promote patient wellness and 
healthcare.
h. No Diversion or Resell
    Under the proposed condition at 1001.952(hh)(4), this safe harbor 
would not protect the provision of a tool or support if the offeror of 
the remuneration knows or should know that the tool or support is 
likely to be diverted, sold, or utilized by the patient other than for 
the express purpose for which the patient engagement tool or support is 
provided. This proposed condition is designed to prevent VBE 
participants from providing tools and supports to patients if they 
likely would divert or sell or otherwise use for purposes other than 
the coordination and management of care and the goals outlined in 
(hh)(3)(vi). We seek comments on this approach.
    Notwithstanding the foregoing, for the purposes of this safe 
harbor, we would not consider a tool or support to be diverted if it is 
furnished to patients indirectly through their caregivers or family 
members or others acting on patients' behalf if the remuneration 
otherwise satisfies the conditions of the safe harbor. Specifically, if 
a patient is unable to care for herself or himself and another person 
(e.g., a family member or other caregiver) has legal authority or the 
patient's consent to act on the patient's behalf, then remuneration 
furnished to that person, on the patient's behalf and for the patient's 
benefit, would be protected if all conditions of the safe harbor are 
met. For example, if the patient is a child suffering from asthma, the 
child's parent or guardian may accept in-kind remuneration, such as a 
new air purifier for the child's bedroom, on the child's behalf without 
violating this requirement.
i. Monetary Cap
    Under the proposed condition at 1001.952(hh)(5), the aggregate 
retail value of patient engagement tools and supports furnished by a 
VBE participant to a patient could not exceed $500 on an annual basis, 
with certain limited exceptions. With this condition, we have attempted 
to strike the right balance between flexibility for beneficial patient 
tools and supports and a bright-line limit on the amount of protected 
remuneration to protect patients from being improperly influenced by 
valuable gifts; to protect the Federal health care programs from 
potential abuse through overutilization and inappropriate utilization 
due to such gifts; and to allow for innovation and beneficial 
arrangements that benefit patients and payors. As noted elsewhere in 
this preamble, our enforcement experience shows that incentives offered 
to beneficiaries can be used to coerce them into obtaining unnecessary 
services or harmful care, and this risk may be heightened when the 
value of remuneration is high or unlimited. However, we are unsure 
whether a monetary cap would present a barrier to achieving the 
intended benefits for patients envisioned by this proposed safe harbor. 
In lieu of a monetary cap, we are considering for the final rule, and 
seek comments on, whether other combinations of safeguards proposed in 
this rule would offer meaningful protection against fraud and abuse 
involving patients and programs, while still achieving the policy goal 
of promoting value-based care.
    We solicit comments on whether this proposed monetary limit of $500 
is appropriate, whether $500 per year is too low or too high, and if 
so, what other figures are more appropriate and the reasons for such 
other figures (e.g., $100, $200, $1,000, $1,500, or another amount that 
would be of sufficient magnitude to protect the most beneficial 
arrangements while also preventing the most abusive ones). For purposes 
of measuring retail value, we propose that such value be measured at 
the time the patient engagement tool or support is provided, and we are 
considering for the final rule whether to interpret ``retail value'' to 
mean the fair market value to the recipient or commercial value to the 
recipient. We also solicit comments on the proposed requirement 
applying the cap to individual VBE participants and whether the 
requirement should instead apply the annual cap to the VBE as a whole. 
Under this alternative, we are considering whether only one VBE 
participant within a VBE could offer remuneration to a patient during 
the year. If we limited the cap to the VBE instead of a VBE 
participant, we are interested in comments regarding how this might 
negatively impact opportunities for patients and providers or create 
burdensome tracking and recordkeeping obligations for a VBE or VBE 
participants. We also solicit comments on whether we should apply the 
annual cap on a value-based arrangement basis; in other words, under 
each value-based arrangement, a patient could receive aggregate 
remuneration up to the cap (whether from one or more VBE participants 
in the arrangement). We are interested in comments about any negative 
impacts or burdens from this approach.
    We propose that the cap could be exceeded for certain patients who 
lack financial resources. Specifically, the proposed condition at 
1001.952(hh)(5) provides that the aggregate retail value of patient 
engagement tools or supports furnished to a patient by a VBE 
participant may exceed $500 per year if the patient engagement tools 
and supports are furnished to a patient based on a good faith, 
individualized determination of the patient's financial need. OIG has 
existing guidance related to individualized, good faith determinations 
of financial need in the context of cost-sharing waivers, and 
accounting for financial need generally aligns with an existing 
exception under the CMP. We are not specifying any particular method of 
determining financial need because we believe what constitutes 
``financial need'' varies depending on the circumstances. However, it 
would be important for VBE participants to make determinations of 
financial need on a good faith, individualized, case-by-case basis in 
accordance with a reasonable set of income and resource guidelines

[[Page 55729]]

uniformly applied in all cases. The guidelines would need to be based 
on objective criteria and appropriate for the applicable locality. A 
patient's medical costs and liabilities could be taken into account, 
among other factors, as part of the determination. We seek comments on 
this approach as applied to the proposed safe harbor as well as whether 
we should include a cap but not allow for the cap to be exceeded.
    We seek comments regarding whether the monetary limit imposed at 
1001.952(hh)(5) is necessary and appropriate, or if alternatives that 
better protect patients and payors exist, such as a limitation on the 
frequency of such remuneration (e.g., a one-time provision of 
remuneration, once per year, or once per month), or a per-occurrence 
limitation, in place of, or in addition to, an aggregate limit. If a 
per occurrence limitation is desirable, we seek feedback on its amount 
standing alone and in relation to an aggregate cap (e.g., if the 
aggregate cap were to be $500 per year, should the per occurrence cap 
be $100, $200, or some higher or lower figure). We seek comments about, 
and supporting data for selecting, cap amounts. Finally, we seek 
comments regarding how we should treat ongoing costs associated with 
tools and supports (such as batteries, maintenance costs, or upgrades).
j. Materials and Records
    Under the proposed condition at 1001.952(hh)(6), the VBE or a VBE 
participant would be required to make available to the Secretary, upon 
request, all materials and records sufficient to establish compliance 
with the conditions of this safe harbor. We are not proposing 
particular parameters regarding the creation or maintenance of 
documentation to allow individuals and entities the flexibility to 
determine what constitutes best documentation practices but welcome 
comments on whether particular parameters are needed. In particular, we 
are considering for the final rule and seek comment regarding whether 
we should include, in the final rule, a requirement that VBE 
participants retain materials and records sufficient to establish 
compliance with the conditions of this safe harbor for a set period of 
time (e.g., at least 6 years or 10 years). Were an entity to be under 
investigation and assert this safe harbor as a defense, it would need 
to be able to demonstrate compliance with each condition of the safe 
harbor.
5. Potential Safeguards
    In addition to the proposed conditions set forth above, for the 
purposes of the proposed patient engagement and support safe harbor, we 
are considering and seek comment on additional potential safeguards for 
the final rule. We are considering and seek comment on the possible 
safeguards outlined below for this proposed safe harbor because many 
VBE participants that would avail themselves of the proposed patient 
engagement and support safe harbor would not be subject to governmental 
programmatic requirements, oversight, or monitoring comparable to CMS-
sponsored models (addressed in the proposed safe harbor at 
1001.952(ii)).
a. Prohibition on Cost-Shifting
    We are considering for the final rule, and seek comment on, a 
condition prohibiting VBE participants from billing Federal health care 
programs, other payors, or individuals for the tool or support; 
claiming the value of the tool or support as a bad debt for payment 
purposes under a Federal health care program; or otherwise shifting the 
burden of the value of the tool or support onto a Federal health care 
program, other payors, or individuals. This requirement, if included in 
any final rule, would be designed to protect against tools and supports 
resulting in inappropriately increased costs to Federal health care 
programs, other payors, and patients. We are considering, and seek 
comments on, prohibiting both: (1) Directly billing any third party, 
including patients, for the patient engagement tool or support or any 
operational costs attendant to the provision of the patient engagement 
tools and supports; and (2) claiming the cost of the patient engagement 
tool or support and any operational costs attendant to the provision of 
patient engagement tools and supports as bad debt for payment purposes 
under Medicare or a State healthcare program.
b. Consistent Provision of Patient Incentives
    We are considering for the final rule, and seek comment on, whether 
to require VBE participants to provide the same patient engagement 
tools or supports to an entire target patient population or otherwise 
consistently offer tools and supports to all patients satisfying 
specified, uniform criteria. We believe that including such a condition 
in the safe harbor would protect against a VBE participant targeting 
certain patients to receive tools and supports based on, for example, 
the patient's insurance status. We solicit comments on this issue. In 
particular, we are interested in understanding whether this proposed 
safeguard would limit certain VBE participants' ability to offer tools 
and supports due to the potential cost of furnishing the tool or 
support to an entire target patient population rather than a smaller 
subset of the target patient population. Similarly, we are interested 
in comments explaining why offering remuneration to a smaller subset of 
a target patient population instead of to the entire target population 
would be appropriate and not increase the risk of fraud and abuse, such 
as the targeting of particularly lucrative patients to receive tools 
and supports (cherry picking) or failure to provide tools and supports 
to high-cost patients (lemon dropping).
c. Monitoring Effectiveness
    We are considering adding a condition to the final rule that would 
require VBE participants to use ``reasonable efforts'' to monitor the 
effectiveness of the tool or support in achieving the intended 
coordination and management of care for the patient and would require 
the VBE or the VBE participant to have policies and procedures in place 
to address any identified material deficiencies. We believe that 
including such a condition in the safe harbor would help ensure that 
the tools and supports VBE participants furnish to patients achieve the 
stated purpose(s), and in turn, could help prevent VBE participants 
from offering patients engagement tools and supports that induce them 
to seek more, potentially unnecessary, care. We solicit comments on 
whether we should include such a monitoring provision and, if so, any 
anticipated burdens and ways OIG could minimize any burden. We would 
apply a facts and circumstances analysis to the ``reasonable efforts'' 
employed by parties under this condition, using an objective standard 
of reasonableness. We solicit comments on this approach.
d. Retrieval of Items and Goods
    We are considering for the final rule and seek comment on a 
condition that would require offerors to engage in reasonable efforts 
to retrieve an item or good furnished as a tool or support in certain 
circumstances. For example, we are considering requiring that the 
offeror make reasonable efforts to retrieve the patient engagement tool 
or support (if it is an item or good) when the patient is no longer in 
the target patient population, the VBE no longer exists, or the offeror 
is no longer a VBE participant. This would prevent the safe harbor from 
being misused to protect inducements to beneficiaries that do not 
promote value. If we were to include such a requirement, we are 
considering

[[Page 55730]]

setting a minimum value for the item or good above which offerors would 
be required to make reasonable retrieval efforts (e.g., $100, $200, 
$500 or a higher or lower amount). We believe such a provision would 
reduce the burden associated with retrieval efforts. We also are 
interested in comments regarding whether any retrieval requirement 
should be limited to tools and supports that are practicable to 
recover, such as those which are not fixtures or were for short-term 
use or an otherwise temporary benefit, and where harm to the patient or 
disproportionate expense to the VBE participant would not result.
e. Advertising
    We are considering for the final rule and seek comment on a 
condition that would require that the VBE participant does not publicly 
advertise the patient engagement tool or support (to patients or others 
who are potential referral sources). This would prohibit advertising in 
the media or posting information for public display or on websites 
about the availability of free items or services, similar to the local 
transportation safe harbor, 42 CFR 1001.952(bb). Such prohibition on 
public advertising would inhibit the use of patient engagement tools 
and supports as a marketing tool, thus keeping the focus of the safe 
harbor on improving care coordination and management of patients' care. 
We solicit comments on this potential safeguard. In particular, we are 
interested in comments on whether this condition would impose a barrier 
to the success of care coordination and value-based arrangements by 
restricting information available to patients about options for 
receiving better coordinated care.

G. CMS-Sponsored Model Arrangements and CMS-Sponsored Model Patient 
Incentives (1001.952(ii))

    OIG and CMS have jointly issued fraud and abuse waivers of certain 
provisions of the Federal anti-kickback statute, the physician self-
referral law and, for OIG only, certain CMP law authorities for 
numerous payment models established and tested by CMS under section 
1115A(d)(1) of the Act (pertaining to models tested by the Innovation 
Center) \47\ and section 1899 of the Act (pertaining to the Medicare 
Shared Savings Program).\48\ Waivers apply only to: (i) Arrangements 
described by the models and (ii) model participants and other specified 
individuals and entities. Further, any protection furnished by the 
waivers is limited in duration.
---------------------------------------------------------------------------

    \47\ See, e.g., CMS, Fraud and Abuse Waivers for Select CMS 
Models and Programs, available at https://www.cms.gov/Medicare/Fraud-and-Abuse/PhysicianSelfReferral/Fraud-and-Abuse-Waivers.html.
    \48\ See, e.g., 76 FR 67992 at 67992 (Nov. 2, 2011); 80 FR 66726 
at 66726 (Oct. 29, 2015) (Medicare Shared Savings Program is 
designed to promote the formation of accountable care organizations 
that are accountable for a Medicare patient population, coordinate 
items and services under Parts A and B, and encourage investment in 
infrastructure and redesigned care processes for high-quality and 
efficient service delivery).
---------------------------------------------------------------------------

    Commenters to the OIG RFI generally asked us to simplify and 
standardize our approach to protecting CMS-sponsored model arrangements 
under the anti-kickback statute and beneficiary inducements CMP. 
Waivers issued to date are tailored to the particular CMS model and 
CMS's design for the model, pursuant to the waiver authorities. 
Commenters requested that OIG promulgate regulatory protections that 
would provide uniformity and predictability for parties participating 
in CMS models.
    We propose to create a new anti-kickback statute safe harbor at 42 
CFR 1001.952(ii) to: (i) Permit remuneration between and among parties 
to arrangements (e.g., distribution of capitated payments, shared 
savings or losses distributions) under a model or other initiative 
being tested or expanded by the Innovation Center under section 1115A 
of the Act and the Medicare Shared Savings Program under section 1899 
of the Act (collectively, ``CMS-sponsored models'') and (ii) permit 
remuneration in the form of incentives and supports provided by CMS 
model participants and their agents under a CMS-sponsored model to 
patients covered by the CMS-sponsored model. The objective of the 
proposed safe harbor is to standardize and simplify anti-kickback 
statute compliance for CMS-sponsored model participants in models for 
which CMS has determined participants should have the protection that 
would be afforded by this safe harbor \49\ (rather than requiring 
participants to comply with the law as it would exist without this safe 
harbor) by applying uniform conditions across all models or initiatives 
sponsored by CMS.
---------------------------------------------------------------------------

    \49\ For example, CMS might specify in a participation agreement 
whether or not this safe harbor would apply to any arrangement under 
the CMS-sponsored model or to particular types of arrangements under 
the CMS-sponsored model.
---------------------------------------------------------------------------

    This proposal focuses on models under sections 1115A and 1899 of 
the Act; we are considering for the final rule, and solicit comments 
on, broadening the scope of this safe harbor to protect remuneration 
between and among parties to arrangements under CMS initiatives that 
are authorized under other sections of the Act with statutory authority 
to waive the fraud and abuse laws.
    By proposing this safe harbor, we aim to simplify application of 
the anti-kickback statute and CMP authorities for individuals and 
entities that participate in CMS-sponsored models in a manner that is 
consistent with CMS's authorities to operate and test new models and to 
reduce the need to issue model-by-model waivers of fraud and abuse 
laws. As with fraud and abuse waivers, our goal is to accommodate CMS's 
testing and operation of innovative, value-based care delivery and 
payment models that CMS has determined could improve quality of care, 
reduce growth in costs, or both, while also including program integrity 
protections against fraud and abuse. To the extent that an arrangement 
under a CMS-sponsored model implicates the anti-kickback statute or 
beneficiary inducements CMP, parties within CMS-sponsored models for 
which we have issued fraud and abuse waivers may continue to use 
applicable CMS-sponsored model waivers to protect their arrangements or 
may choose to structure arrangements to comply with this new safe 
harbor or any other applicable anti-kickback statute safe harbor or CMP 
exception.
    The degree of flexibility offered by this proposed safe harbor 
recognizes CMS's ability to oversee and monitor CMS-sponsored models 
and initiatives and to embed program integrity protections in such 
models and initiatives in ways that do not necessarily apply to 
arrangements outside the models. For this reason, this proposal does 
not extend to commercial and private insurance arrangements that may 
operate alongside, but outside, a CMS-sponsored model. However, nothing 
in this proposed safe harbor would prevent commercial and private 
insurers from implementing arrangements that cover both public and 
private patients; such arrangements could be structured to satisfy 
other proposed safe harbor protections that do not distinguish between 
public and private patient populations.
    We are proposing a number of definitions for purposes of this safe 
harbor. We propose to define a ``CMS-sponsored model party'' as a CMS-
sponsored model participant or another individual or entity that the 
CMS-sponsored model's participation documentation specifies may enter 
into a CMS-sponsored model arrangement. We propose to define 
``participation documentation'' for purposes of this safe harbor as the 
participation agreement, cooperative agreement, regulations, or model-
specific

[[Page 55731]]

addendum to an existing contract with CMS that: (i) Is currently in 
effect, and (ii) specifies the terms of a CMS-sponsored model.
    We propose to define a ``CMS-sponsored model participant'' as an 
individual or entity that is subject to, and is operating under, 
participation documentation with CMS to participate in a CMS-sponsored 
model. We propose to define a ``CMS-sponsored model arrangement'' as a 
financial arrangement between or among CMS-sponsored model parties to 
engage in activities under the CMS-sponsored model and that is 
consistent with, and is not a type of arrangement prohibited by, the 
participation documentation. Finally, we propose to define a ``CMS-
sponsored model patient incentive'' as remuneration that is not of a 
type prohibited by the participation documentation and is furnished 
consistent with the CMS-sponsored model by a CMS-sponsored model 
participant (or by an agent of the CMS-sponsored model participant 
under the CMS-sponsored model participant's direction and control) 
directly to a patient under the CMS-sponsored model.
    We would expect CMS to notify CMS-sponsored model participants, 
through participation documentation, or other public means as 
determined by CMS, when CMS-sponsored model participants may use this 
safe harbor under a CMS-sponsored model. For example, CMS may specify 
the types of CMS-sponsored model patient incentives that a CMS-
sponsored model participant may provide under the CMS-sponsored model 
within a CMS-sponsored model participation agreement. The CMS-sponsored 
model participant also must satisfy certain programmatic requirements 
imposed by CMS in connection with the use of this safe harbor. CMS also 
may require CMS-sponsored model participants to disclose to CMS when 
they use this safe harbor under a CMS-sponsored model as a condition of 
participation in the CMS-sponsored model. If this safe harbor is 
finalized and CMS determines that it be made available for a CMS-
sponsored model, the safe harbor would not be available to protect any 
remuneration that does not satisfy program requirements as may be 
imposed by CMS on CMS-sponsored model participants.
    We solicit comments on these definitions. In particular, we solicit 
comments regarding the scope of the definition of ``CMS-sponsored model 
patient incentive,'' recognizing that a CMS-sponsored model participant 
may not always know whether a particular patient is in a CMS-sponsored 
model at any given point in time. We are considering for the final rule 
and solicit comments on extending the definition of ``CMS-sponsored 
model incentive'' to include patients beyond those under a CMS-
sponsored model or, in the alternative, defining ``CMS-sponsored model 
patient'' such that a CMS-sponsored model participant could provide 
incentives to any patient (or any beneficiary) that meets the other 
conditions of the safe harbor.
    As proposed, this safe harbor would provide CMS-sponsored model 
parties an additional pathway to protection from sanctions under the 
anti-kickback statute and the beneficiary inducements CMP. An 
arrangement needs to meet the requirements of only one safe harbor to 
ensure immunity from criminal and civil prosecution under the statute. 
For example, CMS-sponsored model parties would be able to choose to 
structure an arrangement to comply with the conditions of this proposed 
safe harbor, the proposed value-based arrangements safe harbors 
(paragraphs (ee), (ff), and (gg)), the patient engagement and support 
safe harbor (paragraph (hh)), any other applicable existing safe 
harbors or exceptions, or fraud and abuse waivers issued for the CMS-
sponsored model. However, to ensure protection, an arrangement must 
meet all conditions of a particular safe harbor or waiver. We note that 
depending on the facts and circumstances, an arrangement may comply 
with fraud and abuse laws absent specific safe harbor or waiver 
protection.
1. Proposed Conditions for CMS-Sponsored Model Arrangements and CMS-
Sponsored Model Patient Incentives
    We are proposing below important safeguards to ensure that 
arrangements protected by this proposed safe harbor operate as intended 
by the CMS-sponsored models, and the CMS-sponsored models are not 
undermined by arrangements that might lead to stinting on medically 
necessary care or induce inappropriate utilization. These safeguards 
are necessary to ensure that a CMS-sponsored model party's financial 
arrangements and patient incentives are consistent with the quality, 
care coordination, and cost-reduction goals of a CMS-sponsored model 
and can be readily overseen by CMS and OIG.
    As a threshold matter, CMS would determine whether the safe harbor 
protection would be available for arrangements or patient incentives 
under the particular CMS-sponsored model. CMS may limit participation 
in a CMS-sponsored model to certain providers or entities (e.g., 
certain CMS-sponsored models may exclude pharmaceutical manufacturers 
from participating in a CMS-sponsored model or participating in 
arrangements under the CMS-sponsored model). CMS has discretion to 
determine the scope of entities, arrangements, or incentives that may 
be protected under this safe harbor on a model-by-model basis. Unlike 
the proposed safe harbors at 42 CFR 1001.952(ee), (ff), (gg) and (hh), 
which propose to exclude pharmaceutical manufacturers; manufacturers, 
distributors, and suppliers of DMEPOS; and laboratories from 
arrangements and tools and supports that would receive protection under 
the safe harbors, this proposed safe harbor would not exclude any 
entities from potential protection under the safe harbor. We do not 
propose any such exclusions to allow: (i) The Innovation Center the 
discretion to determine the scope of the models it wishes to test and 
expand and (ii) CMS the discretion to determine how to implement the 
Medicare Shared Savings Program. In addition, OIG notes that CMS-
sponsored models include programmatic rules, monitoring, and oversight 
not present in value-based arrangements and the provision of patient 
tools and supports outside of such models, which may mitigate some of 
the fraud and abuse risks presented by the inclusion of pharmaceutical 
manufacturers; manufacturers, distributors, and suppliers of DMEPOS; 
and laboratories in such models.
a. Conditions for CMS-Sponsored Model Arrangements
    Proposed paragraph (ii)(1) sets forth the terms for protection of 
certain remuneration between or among CMS-sponsored model parties under 
a CMS-sponsored model arrangement in a model for which CMS has 
determined that the safe harbor is available.
    We propose six conditions parties would need to meet to receive 
safe harbor protection. The first condition would require that CMS-
sponsored model participants reasonably determine that the CMS-
sponsored model arrangement will advance one or more goals of the CMS-
sponsored model. We intend to interpret ``reasonably determine'' to 
mean that the activities set forth in the written agreement are fairly 
and verifiably anticipated to achieve at least one or more goals of the 
CMS-sponsored model. For example, CMS-sponsored model parties may wish 
to create an implementation protocol explaining the activities and 
evidence-based processes or guidance relied upon to develop and

[[Page 55732]]

implement an arrangement that would advance a goal of a CMS-sponsored 
model through the CMS-sponsored model arrangement.
    The safe harbor would be flexible to permit parties to pursue a 
wide array of activities under the CMS-sponsored model; however, the 
arrangement must be consistent with the purposes of the CMS-sponsored 
model. As stated above, CMS determines the scope of its models and what 
is being tested. As we propose to reflect in the definition of ``CMS-
sponsored model arrangement,'' if an arrangement is a type of 
arrangement prohibited by the participation documentation, then it does 
not qualify as a CMS-sponsored model arrangement. If an arrangement 
does not qualify as a CMS-sponsored model arrangement, then it would 
not be protected by this safe harbor even if the CMS-sponsored model 
parties determined that it would advance a purpose of the CMS-sponsored 
model.
    In the second proposed condition, we specify that the exchange of 
value must not induce CMS-sponsored model parties or other providers or 
suppliers to furnish medically unnecessary items or reduce or limit 
medically necessary items or services furnished to CMS-sponsored model 
patients. We believe that this is an important protection for patient 
safety and quality of care, and it would be consistent with every CMS-
sponsored model.
    In the third proposed condition, we are incorporating a key 
safeguard that we have consistently utilized in our fraud and abuse 
waivers to prohibit remuneration that is explicitly or implicitly 
offered, paid, solicited, or received in return for, or to induce or 
reward, any referrals or other business generated outside of the CMS-
sponsored model.
    The fourth condition would require CMS-sponsored model parties, in 
advance of, or contemporaneously with the commencement of, the CMS-
sponsored model arrangement, to set forth the terms of the CMS-
sponsored model arrangement in a signed writing.
    The fifth condition would require parties to the CMS-sponsored 
model arrangement to make available to the Secretary materials and 
records sufficient to establish whether the remuneration was exchanged 
between the parties in a manner that meets the conditions of this safe 
harbor. We are not proposing particular parameters regarding 
documentation, but rather specifying only that the writing must 
describe the activities to be undertaken by the CMS-sponsored model 
parties and the nature of the remuneration to be exchanged. Therefore, 
parties under a CMS-sponsored model would have flexibility to determine 
what type of documentation would best memorialize the arrangement such 
that they could demonstrate safe harbor compliance to the Secretary or 
OIG upon request. Nothing in this proposed condition would change or 
alter any requirements related to documentation (or any other model 
feature) imposed by CMS as part of its model.
    Finally, we propose to include a condition requiring CMS-sponsored 
model participants to satisfy such other programmatic requirements as 
may be imposed by CMS in connection with the use of this safe harbor. 
Because CMS has authority to test and design models, it can also create 
programmatic requirements integral to testing and monitoring its model 
design for CMS-sponsored model participants. We are proposing this 
condition to ensure that parties comply with any additional 
programmatic requirements as may be imposed by CMS related to the 
arrangements for which they might seek safe harbor protection. We would 
expect CMS to set forth these requirements within the CMS-sponsored 
model's participation documentation or otherwise make such requirements 
publicly available.
b. Conditions for CMS-Sponsored Model Patient Incentives
    With respect to patient incentives, the proposed safe harbor would 
apply to certain incentives offered by a CMS-sponsored model 
participant or by an agent of the CMS-sponsored model participant under 
the CMS-sponsored model participant's direction and control directly to 
a patient receiving healthcare items and services under the CMS-
sponsored model that will advance one or more goals of the CMS-
sponsored model.
    CMS would determine whether the safe harbor protection would be 
available for the particular CMS-sponsored model. As stated above, CMS 
has discretion to determine which entities may avail themselves of this 
safe harbor or to determine the types of patient incentives CMS-
sponsored model parties may provide on a model-by-model basis. We would 
expect CMS to notify CMS-sponsored model participants of the scope of 
permissible patient incentives within its participation documentation 
or to make such determination publicly available.
    If CMS determines a type of incentive is prohibited, then it would 
not qualify as a CMS-sponsored model patient incentive for purposes of 
this proposed safe harbor.\50\ Similarly, some CMS-sponsored models 
might have their own requirements for giving patient incentives, and 
this proposed safe harbor would not obviate those programmatic 
requirements. For example, in making incentive payments to an assigned 
Medicare beneficiary under the ACO Beneficiary Incentive Program, ACOs 
are expected to satisfy the programmatic requirements governing such 
incentive payments at section 1899(m) of the Act and 42 CFR 425.304(c); 
if this safe harbor is finalized and CMS determines that it be made 
available for the ACO Beneficiary Incentive Program, the safe harbor 
would not be available for any incentive payment that does not satisfy 
such programmatic requirements.
---------------------------------------------------------------------------

    \50\ Unlike the patient engagement and support safe harbor 
proposed at 1001.952(hh), under the CMS-sponsored model patient 
incentives safe harbor, CMS would determine the types of patient 
incentives CMS-sponsored model parties may provide on a model-by-
model basis.
---------------------------------------------------------------------------

    Depending on the goals set forth by CMS for the CMS-sponsored 
model, we would expect a CMS-sponsored model participant would use this 
safe harbor to provide its patients with free or below-fair-market-
value incentives that advance the goals of the CMS-sponsored model, 
such as preventive care, adherence to a treatment regimen, or 
management of a disease or condition. The proposed protection would 
cover a broad range of incentives, such as, transportation, nutrition 
support, home monitoring technology, and gift cards, as determined by 
CMS through the CMS-sponsored model's design. Certain CMS-sponsored 
models or future models might permit waivers of cost-sharing amounts 
(for example, copayments and deductibles) or cash incentives to certain 
patients to promote certain clinical goals of a CMS-sponsored model. 
All of these patient incentives, when determined by CMS to be 
appropriate for the CMS-sponsored model design and not prohibited by 
the participation documentation, could fit within the proposed safe 
harbor, provided that the arrangement otherwise complies with all safe 
harbor conditions. We are proposing safeguards specific to the 
protected patient incentives.
    Under the proposed condition at paragraph (ii)(2)(i), the CMS-
sponsored model participant must reasonably determine that the patient 
incentive the CMS-sponsored model participant furnishes to its patients 
under the CMS-sponsored model will advance one or more goals of the 
CMS-sponsored model. As stated above, we would expect CMS to notify 
CMS-sponsored

[[Page 55733]]

model participants, through participation documentation, or other means 
as determined by CMS, when CMS-sponsored model participants may use 
this safe harbor under a CMS-sponsored model and the types of patient 
incentives they may offer. CMS-sponsored model participants may look to 
their participation documentation for potential descriptions or 
guidance on patient incentives that would be consistent with the goals 
of the CMS-sponsored model. For example, the participation 
documentation might specify that any incentives furnished must be 
preventive care items or services or must advance one or more clinical 
goals for patients under the CMS-sponsored model by engaging him or her 
in better managing his or her own health.
    Under the second proposed condition, we propose to require that the 
patient incentive have a direct connection to the patient's healthcare. 
We believe this condition to be consistent with the design of all CMS 
models and initiatives contemplated as part of this safe harbor. This 
condition is consistent with requirements we have imposed previously 
within our fraud and abuse waivers for a number of CMS-sponsored 
models. For the same reasons described further in our discussion of the 
proposed patient engagement and support safe harbor at proposed 
paragraph 1001.952(hh), we propose that this requirement would warrant 
a dual consideration: Whether a direct connection exists from a 
healthcare perspective and whether a direct connection exists from a 
financial perspective.
    We are not proposing specific documentation under the third 
condition for patient incentives offered by CMS-sponsored model 
participants; however, CMS-sponsored model participants must maintain 
documentation sufficient to establish whether the patient incentive was 
distributed in a manner that meets the conditions of the safe harbor. 
Under this proposed condition, CMS-sponsored model participants would 
have flexibility to determine what type of documentation would best 
establish whether the CMS-sponsored model patient incentive was 
distributed appropriately.
    Finally, as described above, if this safe harbor is finalized and 
CMS determines that it would be available for a particular CMS-
sponsored model, the safe harbor would not protect remuneration that 
does not satisfy such programmatic requirements as may be imposed by 
CMS under the CMS-sponsored model in connection with the use of this 
safe harbor.
c. Duration of Protection
    Under our proposal, as reflected in the defined terms, the duration 
of safe harbor protection aligns with the duration of the participation 
documentation under a CMS-sponsored model. For example, the proposed 
definition of ``CMS-sponsored model arrangement'' specifies that the 
protected arrangement is to ``engage in activities under the CMS-
sponsored model.'' Similarly, the proposed definition of 
``participation documentation'' specifies that it is ``currently in 
effect.'' The CMS-sponsored models, and arrangements between parties 
operating under CMS-sponsored models, have various terms, some of which 
are described in a CMS-sponsored model's participation documentation. 
In order to meet the conditions set forth in the proposed safe harbor, 
the CMS-sponsored model arrangement or a CMS-sponsored model patient 
incentive must begin and end while the parties are operating under an 
existing CMS-sponsored model.
    The safe harbor would protect arrangements during the period under 
which a CMS-sponsored model participant participates in the CMS-
sponsored model but would not extend to protect remuneration exchanged 
after participation in the CMS-sponsored model ends. In some cases, 
certain activities associated with a CMS-sponsored model may extend 
beyond the last performance period during which a CMS-sponsored model 
participant provides services under the CMS-sponsored model. For 
example, the participation documentation might provide for a certain 
period of time after a termination date or after the end of the 
performance period to conduct reconciliation or make final payment to 
providers (e.g., a shared savings distribution). This safe harbor would 
protect the last payment or exchange of value made by or received by a 
CMS-sponsored model party following the final performance period that 
the CMS-sponsored model participant that is a party to the arrangement 
participates in the CMS-sponsored model. We are considering each of the 
following options for 1001.952(ii) and may finalize one or a 
combination of these options: (i) Terminating protection after the end 
of the performance period or within a certain time period after the end 
of a performance period; (ii) terminating protection upon termination 
of the CMS-sponsored model participation documentation or within a 
certain period of time after that; and (iii) until the last payment or 
exchange of anything of value made by a CMS-sponsored model party under 
a CMS-sponsored model occurs, even if the model has otherwise 
terminated. We solicit comments on whether the final rule should allow 
safe harbor protection for one or a combination of the above options.
    Similarly, we solicit comments on whether under the final rule a 
CMS-sponsored model participant should be able to continue to provide 
the outstanding portion of any service to a patient if the service was 
initiated before its participation documentation terminated or expired. 
If we provide additional time under the final rule, we are interested 
in including conditions to prevent gaming of the length of time 
remuneration is provided after a CMS-sponsored model participant has 
been terminated from a model (or the model has terminated) to protect 
beneficiaries from improper inducements unrelated to a CMS-sponsored 
model. We note that, under our proposal, patients would be able to 
retain any incentives received prior to the termination or expiration 
of the participation documentation.

H. Cybersecurity Technology and Related Services (1001.952(jj))

    We propose a safe harbor to protect donations of certain 
cybersecurity technology and related services with appropriate 
safeguards. We believe this proposed safe harbor could help improve the 
cybersecurity posture of the healthcare industry by removing a real or 
perceived barrier that would allow parties to address the growing 
threat of cyberattacks that infiltrate data systems and corrupt or 
prevent access to health records and other information essential to the 
delivery of healthcare.
    In recent years we have received numerous comments and suggestions 
urging the creation of a safe harbor to protect donations of 
cybersecurity technology and services.\51\ The digitization of the 
healthcare delivery system and related rules designed to increase 
interoperability and data sharing in the delivery of healthcare create 
numerous targets for cyberattacks. The healthcare industry and the 
technology used to deliver healthcare have been described as an 
interconnected ``ecosystem'' where the ``weakest link'' in the system 
can compromise the entire system.\52\ Given

[[Page 55734]]

the prevalence of protected electronic health information and other 
personally identifiable information stored within these systems, as 
well as the processing and transmission of this information and other 
critical information within a given provider's systems as well as 
across the healthcare industry, the risks associated with cyberattacks 
may be most immediate for the ``weak links'' but have implications for 
the entire healthcare system.
---------------------------------------------------------------------------

    \51\ See, e.g., OIG, Semiannual Report to Congress, Apr. 1, 
2018-Sept. 30, 2018, at 84.
    \52\ See, e.g., Health Care Industry Cybersecurity Task Force, 
Report on Improving Cybersecurity in the Health Care Industry, June 
2017 (HCIC Task Force Report), available at https://www.phe.gov/preparedness/planning/cybertf/documents/report2017.pdf.
---------------------------------------------------------------------------

    In response to the OIG RFI, we received overwhelming support for a 
cybersecurity technology donation safe harbor. Many commenters 
highlighted the increasing prevalence of cyberattacks and other 
threats. Commenters noted that cyberattacks pose a fundamental risk to 
the healthcare ecosystem and that data breaches can result in patient 
harm as well as high costs to the healthcare industry. Moreover, 
disclosures of PHI through a data breach can result in identity fraud.
    Relatedly, protecting Department data, systems, and beneficiaries 
from cybersecurity threats, and otherwise securing the exchange and use 
of health information technology and data, are challenges that OIG has 
identified in the Department's annual Top Management and Performance 
Challenges for the last decade.\53\
---------------------------------------------------------------------------

    \53\ See, e.g., OIG, 2018 Top Management & Performance 
Challenges Facing HHS, available at https://oig.hhs.gov/reports-and-publications/top-challenges/2018/.
---------------------------------------------------------------------------

    The Health Care Industry Cybersecurity (HCIC) Task Force, created 
by the Cybersecurity Information Sharing Act of 2015 (CISA),\54\ was 
established in March 2016 and is comprised of government and private 
sector experts. The HCIC Task Force produced its HCIC Task Force Report 
in June 2017.\55\ The HCIC Task Force recommended, among other things, 
that Congress ``evaluate an amendment to [the physician self-referral 
law and the anti-kickback statute] specifically for cybersecurity 
software that would allow healthcare organizations the ability to 
assist physicians in the acquisition of this technology, through either 
donation or subsidy'' and noted that the regulatory exception to the 
physician self-referral law and the safe harbor for electronic health 
records technology could serve as a template for a new statutory 
exception.\56\
---------------------------------------------------------------------------

    \54\ Public Law 114-113, 129 Stat. 2242.
    \55\ HCIC Task Force Report, available at https://www.phe.gov/preparedness/planning/cybertf/documents/report2017.pdf.
    \56\ Id. at 27.
---------------------------------------------------------------------------

    However, in general, any donation of valuable technology or 
services to physicians or other sources of Federal health care program 
referrals can pose risks of fraud or abuse that may increase as the 
value of the donated technology or services increases. In some 
respects, the fraud and abuse risks posed by the donation of 
cybersecurity technology or services to physicians or other healthcare 
providers or suppliers are similar to the risks associated with the 
provision of electronic health records technology because, like 
electronic health records technology, cybersecurity technology is 
inherently valuable to recipients in terms of actual cost, avoided 
overhead, and administrative expenses. Additionally, the types of 
cybersecurity technology and services are highly variable; their costs 
and value also vary greatly. For example, cybersecurity technology or 
services may consist only of anti-virus software for a single 
workstation in a physician's office or it may include incident response 
services for several primary and specialty group practices. Further, 
adding robust cybersecurity technology and services may provide 
recipients a valuable shield from liability for fines, ransom, and 
litigation risk given the prevalence of cybersecurity threats to 
healthcare providers and breaches involving protected health 
information and electronic health records. Finally, responses to the 
OIG RFI indicate that the cost, or value, of cybersecurity technology 
and services has increased dramatically, to the point where some 
providers and suppliers are unable to adequately invest in 
cybersecurity measures.
    We believe that this proposed safe harbor would (i) minimize the 
risks inherent in any type of valuable remuneration between referral 
sources and (ii) remove an actual or perceived barrier that will allow 
the healthcare industry to take additional action to mitigate the risks 
posed by cybersecurity threats. Specifically, we believe this proposed 
safe harbor would promote increased security for interconnected and 
interoperable healthcare information technology systems without 
protecting arrangements that either serve as marketing platforms or 
inappropriately influence clinical decision-making.
    This proposed safe harbor would protect certain cybersecurity 
donations. CMS is proposing a similar exception to the physician self-
referral law. We coordinated closely with CMS to ensure as much 
consistency as possible between our proposed safe harbor and CMS's 
proposed exception, despite the differences in the respective 
underlying statutes. Because of the close nexus between this proposed 
rule and CMS's proposed rule, we may consider and take additional 
actions based on comments submitted in response to CMS's proposed rule 
in addition to those submitted in response to this rulemaking, if 
warranted.
    We propose to protect nonmonetary remuneration in the form of 
certain types of cybersecurity technology and services. Specifically, 
as explained below, we propose to define ``cybersecurity'' to mean 
``the process of protecting information by preventing, detecting, and 
responding to cyberattacks.'' We propose to include within the scope of 
covered technology, ``any software or other types of information 
technology, other than hardware.'' In an effort to foster beneficial 
cybersecurity donation arrangements without permitting arrangements 
that negatively impact beneficiaries of Federal health care programs, 
this safe harbor would impose a number of conditions on cybersecurity 
donations, as set forth below. Most notably, the first proposed 
condition of the safe harbor requires the donation to be necessary and 
used predominantly to implement and maintain effective cybersecurity.
    We also have included an alternative proposal for an additional, 
optional condition to this proposed safe harbor. The optional condition 
imposes an additional safeguard that parties can satisfy in exchange 
for protecting certain cybersecurity hardware.
1. Definitions
    We propose two definitions at 1001.952(jj)(6): ``cybersecurity'' 
and ``technology.'' These definitions are integral to understanding the 
conditions of the safe harbor, so we first elaborate on the 
definitions. For purposes of this safe harbor, we propose to define the 
terms ``cybersecurity'' and ``technology'' as follows:
     ``Cybersecurity'' means the process of protecting 
information by preventing, detecting, and responding to cyberattacks.
     ``Technology'' means any software or other types of 
information technology, other than hardware.
    This proposed definition of ``cybersecurity'' is derived from the 
National Institute for Standards and Technology (NIST) ``Framework for

[[Page 55735]]

Improving Critical Infrastructure.'' \57\ We intend for the definition 
to be broad and propose to rely on a definition in a NIST framework 
that does not apply directly to the healthcare industry but applies 
generally to any United States critical infrastructure. Our goal is to 
broadly define cybersecurity and avoid unintentionally limiting 
donations by relying on a narrow definition or a definition that might 
become obsolete over time. We solicit comment on this approach and 
whether a definition tailored to the healthcare industry would be more 
appropriate.
---------------------------------------------------------------------------

    \57\ Appendix B, Version 1.1 (Apr. 16, 2018) available at 
https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf.
---------------------------------------------------------------------------

    Similarly, the proposed definition of ``technology'' is broad, but 
for the exclusion of hardware. The intent of the safe harbor is to be 
agnostic to specific types of non-hardware cybersecurity technology. We 
intend for this safe harbor to be broad enough to include cybersecurity 
software and other information technology (e.g., an Application 
Programming Interface (API), which is neither software nor a service as 
those terms are generally used) that is available now and technology 
that may become available as the industry continues to develop.
    The proposed definition of ``technology'' excludes hardware under 
this new safe harbor. While we recognize that effective cybersecurity 
may require hardware that meets certain standards (e.g., encrypted 
endpoints, updated servers), we remain concerned that donations of 
valuable, multifunctional hardware pose a higher risk of constituting a 
disguised payment for referrals. Consistent with the proposed condition 
at 1001.952(jj)(1), we believe that donations with multiple uses 
outside of cybersecurity present a greater risk that the donation is 
being made to influence referrals. Hardware is most likely to be 
multifunctional and, as a result, would not be necessary and used 
predominantly to implement and maintain effective cybersecurity. For 
example, the safe harbor would not protect a laptop computer or tablet 
used in the general course by a physician to enter patient visit 
information into an electronic health record and respond to emails. 
However, it would protect encryption software for a laptop. This also 
is consistent with a similar exclusion of hardware in the electronic 
health record donation safe harbor at 1001.952(y), which identifies a 
similar rationale for excluding hardware from protection.\58\ We 
solicit comments on this approach.
---------------------------------------------------------------------------

    \58\ 71 FR 45110, 45120 (Aug. 8, 2006).
---------------------------------------------------------------------------

    As we describe below, however, we are not proposing a requirement 
for recipients to contribute a portion of the donor's costs. Consistent 
with the HCIC Task Force Report, we recognize that many providers do 
not have adequate resources to significantly invest in the 
cybersecurity items and services protected by this proposed safe 
harbor. Consequently, we believe that omitting a contribution 
requirement may allow providers with limited resources to receive 
protected cybersecurity donations while also using their own resources 
to invest in other technology not protected by the safe harbor, such as 
updating legacy hardware that may pose a cybersecurity risk, or simply 
investing in their own computers, phones, and other hardware that are 
core to their businesses, notwithstanding their relationship with a 
donor who contributes cybersecurity technology. We solicit comments on 
excluding donations of hardware from this safe harbor and the omission 
of a contribution requirement, and in particular, any specific 
cybersecurity risks or limitations that would result from such 
exclusion and omission.
    We are considering for the final rule adding limited protection for 
specific hardware that is necessary for cybersecurity, is stand-alone 
(i.e., is not integrated within multifunctional equipment), and serves 
only cybersecurity purposes (e.g., a two-factor authentication dongle), 
and solicit comments on what types of hardware might qualify and 
whether we should protect them under this safe harbor.
    Finally, we note that this proposed safe harbor only protects 
cybersecurity technology and services as defined. It does not extend to 
other types of cybersecurity measures outside of technology or 
services. For example, this safe harbor would not protect donations of 
installation, improvement, or repair of infrastructure related to 
physical safeguards, even if they could improve cybersecurity (e.g., 
upgraded wiring or installing high security doors). Donations of 
infrastructure upgrades are extremely valuable and have multiple 
benefits in addition to cybersecurity, together which pose an increased 
risk that one purpose of the donation is to pay for or influence 
referrals.
2. Conditions on Donation and Protected Donors
    To be protected non-monetary remuneration, donations of 
cybersecurity technology and services must meet five conditions in 
1001.952(jj)(1)-(5). The first two conditions relate to the purpose of 
the donation and prohibit donors taking into account the volume or 
value of referrals or other business generated.
    First, at 1001.952(jj)(1), we propose to limit safe harbor 
protection to donated technology and services that are necessary and 
used predominantly to implement and maintain effective cybersecurity. 
The goal of this condition is to ensure that donations are being made 
for the purposes of addressing legitimate cybersecurity needs of donors 
and recipients. Explained differently, the core function of the donated 
technology or service must be to protect information by preventing, 
detecting, and responding to cyberattacks. Our intent is to protect a 
wide range of technology and services that are specifically donated for 
the purpose of, and are necessary for, ensuring that donors and 
recipients have effective cybersecurity.
    As stated previously, our intent is to be technology agnostic, 
including as to the types and versions of software that can receive 
protection. By way of example, the types of technology protected by 
this safe harbor may include, but are not limited to, software that 
provides malware prevention, software security measures to protect 
endpoints that allow for network access control, business continuity 
software that mitigates the effect of cyberattacks, data protection and 
encryption, and email traffic filtering. We believe these examples are 
indicative of the types of technology that are necessary and used 
predominantly for effective cybersecurity. We also do not distinguish 
between cloud-based software or software that must be installed 
locally. We solicit comments on the proposed breadth of protected 
technology as well as whether we should expressly include other 
technology or categories of technology in this safe harbor.
    Similarly, we propose to protect a broad range of services. Such 
services could include, for example:
     Any services associated with developing, installing, and 
updating cybersecurity software;
     any kind of cybersecurity training services, such as 
training recipients on how to use the cybersecurity technology, how to 
prevent, detect, and respond to cyber threats, and how to troubleshoot 
problems with the cybersecurity technology (e.g., ``help desk'' 
services specific to cybersecurity);
     any kind of cybersecurity services for business continuity 
and data recovery services to ensure the recipient's operations can 
continue during and after a cyberattack;
     any kind of ``cybersecurity as a service'' model that 
relies on a third-

[[Page 55736]]

party service provider to manage, monitor, or operate cybersecurity of 
a recipient;
     any services associated with performing a cybersecurity 
risk assessment or analysis, vulnerability analysis, or penetration 
test; or
     any services associated with sharing information about 
known cyber threats, and assisting recipients responding to threats or 
attacks on their systems.
    We believe these types of services are indicative of the types of 
services that are necessary and used predominantly for effective 
cybersecurity. We solicit comments on the proposed breadth of protected 
services as well as whether we should expressly include other services 
or categories of services in this safe harbor. We note, in addition, 
that the donation of services must be non-monetary. For example, 
donating the time of a consultant to implement a cybersecurity program 
could be protected, but if an entity were to experience a cyberattack 
that involved ransomware, payment of the ransom amount on behalf of a 
recipient or paying the recipient the ransom amount would not be 
protected.
    We do not intend to protect donations of technology or services 
that have multiple, general uses outside of cybersecurity. As explained 
in our discussion of the definition of ``hardware'' above, we remain 
concerned that donations of valuable multi-use technology or services 
pose a higher risk of constituting a disguised payment for, or 
otherwise influencing, referrals. Similarly, we do not intend to 
protect donations of technology or services that are otherwise used in 
the normal course of the recipient's business (e.g., general help desk 
services related to use of a practice's information technology). We 
solicit comment on this approach and whether this proposed condition 
unintentionally limits the donation of cybersecurity technology and 
services that are vital to improving the cybersecurity posture of the 
healthcare industry.
    For the purposes of meeting the proposed condition at 
1001.952(jj)(1), we are considering for the final rule, and seek 
comment on, whether to add a deeming provision that would allow donors 
or recipients to demonstrate that donations are necessary and 
predominantly used to implement and maintain effective cybersecurity. 
This deeming provision would allow donors and recipients to demonstrate 
that the donation furthers a recipient's ability to comply with a 
written cybersecurity program that reasonably conforms to a widely 
recognized cybersecurity framework or set of standards, such as one 
developed or endorsed by NIST, another American National Standards 
Institute-accredited standards body, or an international voluntary 
standards body such as the International Organization for 
Standardization. Any such provision would not require compliance with a 
particular framework or set of standards, but rather would provide an 
option for donors to demonstrate that the donation is necessary and 
predominantly used to implement and maintain effective cybersecurity. 
We believe such a provision may provide some assurance to donors and 
recipients about how to demonstrate that donations are necessary and 
predominantly used to implement and maintain effective cybersecurity. 
If we were to finalize this deeming provision, we would add a sentence 
to 1001.952(jj)(1) that would deem a donation to meet this condition if 
the parties demonstrate that the donation furthers a recipient's 
ability to comply with a written cybersecurity program that reasonably 
conforms to a widely recognized cybersecurity framework or set of 
standards. We solicit comments on incorporating this proposed deeming 
provision in 1001.952(jj)(1).
    Regarding this proposed deeming provision, we also solicit comments 
on how donors and recipients could practically demonstrate that a 
donation furthers a recipient's ability to comply with a written 
cybersecurity program that reasonably conforms to a widely recognized 
cybersecurity framework or set of standards. We are not proposing to 
condition protection on demonstrating compliance with a specific 
framework or set of standards, but we seek to provide a practical 
method that allows parties to demonstrate that a donation meets the 
potential deeming provision we are considering for 1001.952(jj)(1).
    Understanding that our intent is not to incorporate a specific 
framework or set of standards, we seek comments on whether there are 
other ways that parties could reliably demonstrate that a donation 
meets the potential cybersecurity deeming provision in 1001.952(jj)(1). 
For instance, we are interested in comments regarding whether parties 
could demonstrate that a donation meets the cybersecurity deeming 
provision through documentation, certifications, or other methods not 
prescribed by regulation.
    Second, at 1001.952(jj)(2), we propose to require that donors do 
not directly take into account the volume or value of referrals or 
other business between the parties when determining the eligibility of 
a potential recipient for the technology or services, or the amount or 
nature of the technology or services to be donated. In addition, we 
propose that donors do not condition the donation of technology or 
services, or the amount or nature of the technology or services to be 
donated, on future referrals. In other words, we propose that a donor 
cannot require, explicitly or implicitly, that a recipient either refer 
to the donor or recommend the donor's business as a condition of 
receiving a cybersecurity donation. We understand that the purpose of 
donating cybersecurity technology and services is to guard against 
threats that come from interconnected systems, and we understand and 
expect that a donor would provide the cybersecurity technology and 
services only to individuals and entities that connect to its systems, 
which includes those that refer to it (or that receive referrals from 
it). However, this condition would restrict a donor from conditioning 
the donation on referrals or other business generated.\59\
---------------------------------------------------------------------------

    \59\ We note that, if a system is only as strong as its weakest 
link, then even a very low-referring entity poses a cybersecurity 
risk.
---------------------------------------------------------------------------

    This proposed condition would not require a donor to donate 
cybersecurity technology and services to every individual or entity 
that connects to its system. Donors would be able to use selective 
criteria for choosing recipients, provided that neither a recipient's 
eligibility, nor the amount or nature of the cybersecurity technology 
or services donated, is determined in a manner that directly takes into 
account the volume or value of referrals or other business generated 
between the parties. For example, a donor could perform a risk 
assessment of a potential recipient (or require a potential recipient 
to provide the donor with a risk assessment) before determining whether 
to make a donation, or the scope of a donation. Similarly, for example, 
if a donor is a hospital, the hospital might choose to limit donations 
to physicians who are on the hospital's medical staff. Additionally, 
selective criteria might be based on the type of connection between a 
donor and recipient, such as a simple read-only connection to a 
properly implemented, standards-based API that enables only the secure 
transmission of a copy of the patient's record at the patient's request 
to the recipient. That type of connection poses less risk to a donor's 
systems than a connection that allows for information to be written 
directly into the donor's systems. Thus, a donor contemplating allowing 
a higher-risk connection (such as a bi-directional read-write

[[Page 55737]]

connection) to a potential recipient's systems could develop selective 
criteria based on that difference in risk of the connection. We solicit 
comments on this condition.
    We have declined to propose a list of selection criteria which, if 
met, would be deemed not to directly take into account the volume or 
value of referrals or other business generated between the parties, as 
we did in the electronic health records safe harbor at 1001.952(y)(5). 
We do not believe donations of cybersecurity technology and services 
present the same types of risks as donations of electronic health 
records software and information technology. Primarily, cybersecurity 
donations are further removed from the volume and value of referrals 
than electronic health record donations. Cybersecurity donations, if 
legitimate, are more likely to be based on considerations such as 
security risks and are less likely to be based on considerations that 
are closely related to the volume and value of referrals or other 
business generated (e.g., the total number of prescriptions written by 
the recipient). Therefore, we do not believe that cybersecurity 
donations need a similar list of selection criteria to ensure that 
parties can meet the volume or value condition at 1001.952(jj)(2).
    Nonetheless, we are considering whether to add such a list in the 
final rule and whether the list should be based on the permitted 
conduct at 1001.952(y)(5)(i)-(vii). We solicit comments on this 
approach and any other conditions or permitted conduct we should 
enumerate in this safe harbor, with respect to determinations related 
to cybersecurity donations.
    Related to these two conditions, we do not propose to restrict the 
types of individuals and entities that may donate cybersecurity 
donations under this safe harbor. Although donating cybersecurity 
technology and services would relieve a recipient of a cost that it 
otherwise would incur, the fraud and abuse risks associated with 
cybersecurity are different than donations of other valuable 
technology, such as electronic health records items and services. We 
generally view donating cybersecurity technology and services to be a 
self-protective measure because a cybersecurity breach in the donor's 
system can have a devastating impact on the donor and anyone who 
maintains a connection to the donor's systems. Meanwhile, electronic 
health record donations facilitate the exchange of clinical information 
between the recipient referral source and the donor and, thus, present 
a greater risk that one purpose of the donation is for the donor to 
secure additional referrals from the recipient or otherwise influence 
referrals or other business generated.
    We are concerned that technology donations risk referral sources 
becoming beholden to the donors, and therefore we are considering 
narrowing the scope of protected donors as we have done in other safe 
harbors. We solicit comments on whether particular types of individuals 
and entities should be excluded from donating cybersecurity technology 
and services, and if so, why. Specifically, in past rulemakings we have 
distinguished between individuals and entities with direct and primary 
patient care relationships that have a central role in the healthcare 
delivery infrastructure such as hospitals and physician practices, and 
providers and suppliers of ancillary services such as pharmaceutical, 
device, and DMEPOS manufacturers, and other manufacturers or vendors 
that indirectly furnish items and services used in the care of 
patients.\60\ We seek comments as to whether our historical enforcement 
concerns and other considerations regarding direct and indirect patient 
care are present for purposes of cybersecurity donations.
---------------------------------------------------------------------------

    \60\ See OIG, Final Rule: Safe Harbors for Certain Electronic 
Prescribing and Electronic Health Records Arrangements Under the 
Anti-Kickback Statute, 71 FR 45110, 45128 (Aug. 8, 2006) (excluding 
pharmaceutical, device, DMEPOS manufacturers, or other entities that 
indirectly furnish items and services used in the care of patients 
both because ``[our] enforcement experience demonstrates that 
unscrupulous manufacturers have offered remuneration in the form of 
free goods and services to induce referrals of their products'' and 
because they lack ``a direct and central patient care role that 
justifies safe harbor protection for the provision of electronic 
health records technology'').
---------------------------------------------------------------------------

3. Conditions for Recipients
    In proposed 1001.952(jj)(3), similar to the condition at (jj)(2) on 
donors discussed previously, this proposed condition would require that 
neither a potential recipient, nor a potential recipient's practice (or 
any affiliated individual or entity), can demand, explicitly or 
implicitly, a donation of cybersecurity technology and services as a 
condition of doing business or continuing to do business with the 
donor.
    We do not propose a recipient contribution requirement as part of 
this safe harbor. As we explain above, with this proposed safe harbor 
we seek to remove a barrier to donations that improve cybersecurity 
throughout the healthcare industry in response to the critical 
cybersecurity issues identified in the HCIC Task Force Report and 
elsewhere. We propose to include only those conditions for safe harbor 
protection that we believe are critical to guarding against fraud and 
abuse. In the case of cybersecurity, we do not believe a specified 
recipient contribution to the cost is necessary or practical. We 
recognize that the level of services for each recipient might vary, and 
might be higher or lower each year, each month, or even each week. 
Similarly, donors may aggregate the cost of certain services across all 
recipients, such as cybersecurity patches and updates, on a regular 
basis, which may result in a contribution requirement becoming a 
barrier to widespread, low-cost improvements in cybersecurity because 
of the practical challenges in collecting a contribution from 
recipients. For instance, attempting to quantify the value of a 
frequent cybersecurity scans included in a vendor's suite of services 
as part of a cybersecurity donation, across dozens of recipient 
practices, and determining the pro rata share each practice must 
contribute based on the size of the practice as well as the relative 
size of the donation made to each practice, might become unworkable for 
many donors.
    Importantly, we note that our proposal to omit a contribution 
requirement as a condition of the safe harbor does not prohibit donors 
from requiring a contribution. Donors are free to require recipients to 
contribute to the cost, so long as the determination of a contribution 
requirement does not take into account the volume or value of referrals 
between the parties. For example, if a donor gave a full suite of 
cybersecurity technology and services for free to a high-referring 
practice but required a low-referring practice to contribute 20 percent 
of the cost, then the donor could violate the conditions at proposed 
paragraphs (jj)(2)(i) and (ii). In addition, we do not intend for this 
safe harbor to require that donations be solely between two parties. 
For example, two hospitals and a large multi-specialty physician 
practice might agree to jointly subsidize cybersecurity technology and 
services for smaller physician practices in their area.
    We do not propose to impose restrictions on the type of individual 
or entity that can receive donations of cybersecurity technology or 
related services. We note that, because we do not propose to restrict 
the scope of protected recipients under this safe harbor, we believe 
patients would be included as protected recipients. Donations to 
patients, just like other recipients, would only be protected if they 
precisely met all conditions of the safe harbor. As discussed 
previously, donations of multifunctional technology or services would 
not be protected

[[Page 55738]]

because all cybersecurity donations must be necessary and used 
predominately to implement and maintain effective cybersecurity.
    We anticipate that donations to patients would be more limited than 
donations to healthcare providers and suppliers (e.g., anti-malware 
tools). However, we solicit comments on what types of cybersecurity 
technology or services a donor might anticipate giving to a patient, 
whether we would need additional or different safeguards when a patient 
is the recipient, and whether patients should be protected recipients 
at all under the safe harbor. More specifically, we solicit comments on 
whether we should include additional conditions for donations of 
cybersecurity technology services to patient recipients that are 
similar to the beneficiary inducements CMP's exceptions under 42 CFR 
1003.110. For example, we are considering whether cybersecurity 
technology or service donations to patients should not be offered as 
part of any advertisement or solicitation or not be tied to the 
provision of other items or services reimbursed in whole or in part by 
the Medicare program under Title VIII or a State health care program 
(as defined in section 1128(h) of the Act).
4. Written Agreement
    At 1001.952(jj)(4), we propose to require that the donor and 
recipient enter into a signed, written agreement. While we do not 
interpret this condition to require every item of cybersecurity 
technology and every potential service to be specified in the 
agreement, we propose that the written agreement must include a general 
description of the cybersecurity technology and services to be provided 
over the term of the agreement and a reasonable estimate of the value 
of the donation. In addition, to the extent the parties share any 
financial responsibility for the cost of the cybersecurity technology 
and services, those financial terms, including the amount of the 
contribution, must be memorialized in the written agreement. We solicit 
comments on the conditions proposed here, as well as whether additional 
or different terms should be required in a written agreement.
5. Prohibition on Cost Shifting
    At 1001.952(jj)(5), we propose to prohibit donors from shifting the 
costs of any cybersecurity donations to Federal health care programs. 
For example, under this proposed condition, while a hospital's own 
cybersecurity costs could be an administrative expense on its cost 
report, donations of cybersecurity technology or services to other 
individuals or entities could not be included as an administrative 
expense on the hospital's cost report.
6. Alternative Proposed Condition for Protection of Cybersecurity 
Hardware
    We also propose and solicit comments on an alternative approach 
that would add an additional, optional safeguard to the proposed 
cybersecurity safe harbor. This alternative approach would protect 
cybersecurity hardware donations if the parties choose to meet an 
additional condition, along with the other five conditions proposed at 
1001.952(jj)(1)-(5). Under this alternative proposal, a protected 
donation could also include cybersecurity hardware that a donor has 
determined is reasonably necessary based on a risk assessment of its 
own organization and that of the potential recipient.
    The goal of this alternate proposal is to provide donors and 
recipients more flexibility regarding the types of cybersecurity 
donations that are protected, while also adding an additional safeguard 
to further ensure that the donation is necessary and used predominantly 
to implement and maintain effective cybersecurity.
    We believe this alternative proposal builds on existing legal 
requirements and best practices related to information security 
generally and the healthcare industry more specifically. For example, 
the HHS Office for Civil Rights explained that conducting a risk 
analysis is the first step in identifying and implementing safeguards 
that comply with and carry out the standards and implementation 
specifications in the HIPAA Security Rule.\61\ More generally, NIST 
Special Publication 800-30, which does not directly apply to the 
healthcare industry, but represents industry standards for information 
security practices, explains that the purpose of a risk assessment is 
to inform decision makers and support risk responses by identifying: 
(i) Relevant threats to organizations or threats directed through 
organizations against other organizations; (ii) vulnerabilities both 
internal and external to organizations; (iii) impact (i.e., harm) to 
organizations that may occur given the potential for threats exploiting 
vulnerabilities; and (iv) likelihood that harm will occur. The end 
result is a determination of risk, which is typically a function of the 
degree of harm and likelihood of harm occurring.\62\
---------------------------------------------------------------------------

    \61\ HIPAA for Professionals, Guidance on Risk Analysis (Mar. 
2017), available at https://www.hhs.gov/hipaa/for-professionals/security/guidance/guidance-risk-analysis/index.html.
    \62\ NIST Special Publication 800-30 Revision 1, Guide for 
Conducting Risk Assessments (Sept. 2012), available at https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-30r1.pdf.
---------------------------------------------------------------------------

    Risk assessments are a key component to developing effective 
organization-wide risk management for information security. We believe 
that risk assessments conducted consistent with industry standards 
would provide a reasonable basis for donors to identify risks and 
threats to their organizational information security that need to be 
mitigated by donating cybersecurity hardware to other entities. 
Additionally, donations that are made in response to risk assessments 
are likely to meet the purpose of this safe harbor that donations are 
necessary and used predominantly to implement and maintain effective 
cybersecurity. Under this proposal, a donor would perform or have an 
existing risk assessment for its own organization, and would require a 
potential recipient to have, perform, or obtain a risk assessment, that 
would provide a reasonable basis to determine that the donated 
cybersecurity hardware is needed to address a risk or threat identified 
by a risk assessment.
    Consistent with the HCIC Task Force Report and comments we received 
in response to the OIG RFI, we recognize that ``[m]any organizations 
cannot afford to retain in-house information security personnel, or 
designate an information technology (IT) staff member with 
cybersecurity as a collateral duty.'' Understanding that resource 
constraint, one goal of this safe harbor is to increase the avenues 
available for all healthcare organizations to improve their 
cybersecurity practices. We believe protecting a cybersecurity hardware 
donation based on the risk assessment of a recipient would further the 
goal of increasing the avenues available to improve cybersecurity for 
all healthcare entities, regardless of their available resources.
    We recognize that a potential recipient with limited resources and 
cybersecurity experience may not be able to conduct or pay for its own 
risk assessment. As noted above, one cybersecurity service that would 
be a protected donation under the proposed safe harbor is a risk 
assessment. Under the alternative proposal, donors could then make 
additional cybersecurity hardware donations that are reasonably based 
on the risk assessments of the donor and recipients.
    We recognize that risk assessment practices vary across the 
healthcare industry and may be depend on the size

[[Page 55739]]

and sophistication of any provider or entity. We solicit comments on 
this alternative proposal to understand whether entities that are 
potential donors or recipients already conduct risk assessments that 
would provide a reasonable basis to determine that a cybersecurity 
hardware donation is reasonable and necessary. We would propose to 
define ``risk assessment'' based on NIST Special Publication 800-30 and 
solicit comment on whether that definition is sufficient for this 
cybersecurity donation safe harbor. Additionally, we solicit comments 
on whether this proposal should incorporate specific standards or 
requirements, such as NIST Special Publication 800-30.
    We are considering for the final rule, and seek comment on, adding 
safeguards to this alternate proposal. For instance, we are considering 
limiting the additional cybersecurity hardware permitted under the 
alternative proposal to certain kinds of hardware. We are interested in 
comments, particularly from providers, that explain what types of 
hardware would be necessary for effective cybersecurity under this 
alternate proposal. We note that because this alternate proposal builds 
upon the proposed conditions at proposed 1001.952(jj)(1)-(5), 
multifunctional hardware still would be prohibited because it would not 
be necessary and predominantly used to implement and maintain effective 
cybersecurity, as required under proposed 1001.952(jj)(1). If the 
donation includes hardware, we are also considering requiring a 
contribution from the recipient, similar to the electronic health 
records safe harbor at 1001.952(y)(11), and we are considering 
requiring the contribution amount to be 15 percent. We are interested 
in comments on this approach, and whether we should consider other 
contribution amounts instead, such as 5 percent, or 20 or 30 percent.
    If we add this contribution requirement, we are considering 
excepting small and rural practices, and we are interested in comments 
on this approach. Relatedly, we solicit comments on how ``small or 
rural practices'' should be defined. For example, we solicit comments 
on whether ``rural practices'' should be defined as those located in 
rural areas, as defined in the safe harbor for local transportation at 
42 CFR 1001.952(bb). We also solicit comments on whether ``small 
practices'' should be defined as those in medically underserved areas, 
as designated by the Secretary under section 330(b)(3) of the Public 
Health Service Act, or defined similarly to a ``small provider of 
services or small supplier'' as set forth in the requirements related 
to the electronic submission of Medicare claims at 42 CFR 424.32. We 
also are considering for the final rule and solicit comments on whether 
other subsets of potential recipients, for example critical access 
hospitals, should be exempted from the 15-percent contribution 
requirement because it would impose a significant financial burden on 
the recipient. Additionally, if a contribution requirement is included 
in the final rule, we are considering exempting contributions for the 
upgrades, updates, or patches of remuneration that was previously 
donated. Based on our experience with the electronic health records 
arrangements safe harbor, we recognize the practical challenges in 
collecting contributions from recipients for minor upgrades, updates, 
and patches that are necessary to keep the donated technology compliant 
with new security policies.
    If we were to finalize this alternate proposal, we would modify the 
proposed safe harbor by adding new conditions and a definition in the 
safe harbor. Primarily, we would add a new condition that would require 
a donor to perform or have an existing risk assessment for its own 
organization, and require a potential recipient to have, perform, or 
obtain a risk assessment, that provides a reasonable basis to determine 
that the donated cybersecurity hardware is needed to address a risk or 
threat identified by the donor's and recipient's risk assessments. We 
also would add definitions of hardware and risk assessment in proposed 
1001.952(jj)(6).
7. Solicitation of Comments
    The goal of the proposed safe harbor is to help improve the 
cybersecurity posture of the healthcare industry by removing a real or 
perceived barrier. To achieve this goal, we must appropriately balance 
the risk of cybersecurity threats against risks associated with 
permitting parties to donate valuable technology and services. In doing 
so, we recognize that cyberattacks are ubiquitous, dynamic, potentially 
funded by nation-states or well-funded criminal enterprises, and can 
have consequences to beneficiary health, safety, and privacy that are 
difficult to mitigate. To help improve the cybersecurity hygiene of the 
healthcare industry without comprising program integrity, it is 
important that we strike the right balance.
    We drafted the proposed safe harbor with this aim in mind, but we 
recognize that appropriately balancing these risks is a difficult task. 
We solicit comment on whether the proposed safe harbor establishes the 
right balance and if not, request comments that recommend specific 
changes to do so. Commenters should consider the safe harbor in its 
entirety, including the proposed conditions, optional deeming 
provision, alternate condition, and definitions when commenting on this 
issue. We are especially interested in comments from healthcare 
providers because they both bear the cybersecurity risks and likely 
have relevant compliance experience with other safe harbors.
    To facilitate specific comments on this issue, we ask the following 
questions: Does the proposed condition at 1001.952(jj)(1) permit the 
donation of the right types of cybersecurity technology and services 
that could meaningfully improve the cybersecurity posture of the 
healthcare industry while also ensuring that the donated technology and 
services do not pose undue risk of improperly influencing referrals? If 
not, what other standard or limitation would be appropriate to strike 
the right balance between cybersecurity risks and program integrity 
risks? Does excluding hardware from the definition of ``technology'' 
further our aim of balancing cybersecurity risks with the program 
integrity risks? If not, what other conditions should we impose to 
limit the value of remuneration protected by the proposed safe harbor, 
so it does not improperly influence referrals? For example, should the 
safe harbor impose a monetary value limit on the total amount of 
donations that a donor can make to a recipient or should the safe 
harbor require the recipient to contribute to the costs of a donation 
once the value has exceeded certain monetary thresholds?

I. Electronic Health Records (1001.952(y))

    On August 8, 2006, we published a final rule (the 2006 Final EHR 
Safe Harbor Rule) that, among other things, finalized a safe harbor 
(the EHR safe harbor) at 42 CFR 1001.952(y) protecting certain 
arrangements involving the donation of interoperable electronic health 
records software or information technology and training services. The 
EHR safe harbor was initially scheduled to sunset on December 31, 2013.
    On December 27, 2013, we published a final rule (the 2013 Final EHR 
Safe Harbor Rule) modifying the EHR safe harbor by, among other things, 
extending the expiration date of the safe harbor to December 31, 2021; 
excluding laboratory companies from the types of entities that may 
donate electronic

[[Page 55740]]

health records items and services under the safe harbor; and updating 
the provision under which electronic health records software is deemed 
interoperable.
    The present proposed rule sets forth certain proposed changes to 
the EHR safe harbor. CMS is proposing almost identical changes to the 
physician self-referral law electronic health records exception 
elsewhere in this issue of the Federal Register. We attempted to ensure 
as much consistency as possible between our proposed safe harbor 
changes and CMS's proposed exception changes, despite the differences 
in the respective underlying statutes. Because of the close nexus 
between this proposed rule and CMS's proposed rule, we may consider 
comments submitted in response to CMS's proposed rule and take 
additional actions when crafting our final rule.
1. Interoperability
    The conditions at 1001.952(y)(2) and (y)(3) require donated items 
and services to be interoperable and prohibit the donor (or someone 
acting on the donor's behalf) from taking action to limit the 
interoperability of the donated item or service. We are proposing 
changes that impact 42 CFR 1001.952(y)(2) and (3) based on the 21st 
Century Cures Act (Cures Act) and the Office of the National 
Coordinator for Health Information Technology (ONC), HHS Notice of 
Proposed Rulemaking ``21st Century Cures Act: Interoperability, 
Information Blocking, and the ONC Health IT Certification Program'' 
(ONC NPRM) that proposes to implement key provisions in Title IV of the 
Cures Act.\63\ Among other things, the ONC NPRM proposes conditions and 
maintenance of certification requirements for health information 
technology (health IT) developers under the ONC Health IT Certification 
Program (certification program) and reasonable and necessary activities 
that do not constitute information blocking for purposes of section 
3022(a)(1) of the Public Health Service Act (PHSA). These proposed 
changes, if finalized, affect the EHR safe harbor conditions at 
1001.952(y)(2), which is known as the ``deeming provision,'' and 
1001.952(y)(3) related to interoperability and ``data lock-in.''
---------------------------------------------------------------------------

    \63\ 84 FR 7424 (Mar. 4, 2019).
---------------------------------------------------------------------------

2. Deeming
    The deeming provision provides certainty to parties seeking 
protection of the EHR safe harbor by providing an optional method of 
ensuring that donated items or services meet the interoperable 
condition in 1001.952(y)(2) by deeming software to be interoperable if 
it is certified under the certification program. In the 2013 Final EHR 
Safe Harbor Rule we modified the deeming provision to reflect 
developments in the certification program and track ONC's anticipated 
regulatory cycle. By relying on the certification program and related 
updates of criteria and standards, we stated that the deeming provision 
would meet ``our objective of ensuring that software is certified to 
the current required standard of interoperability when it is donated.'' 
\64\ We propose to retain this general construct for the updated safe 
harbor. However, we propose two textual clarifications to this 
provision. Current language specifies that the software is ``deemed to 
be interoperable if, on the date it is provided to the recipient, it 
has been certified by a certifying body . . . .'' We propose to modify 
this language to clarify that, on the date the software is provided, it 
``is'' certified. In other words, the certification must be current as 
of the date of the donation, as opposed to the software having been 
certified at some point in the past but no longer maintaining 
certification on the date of the donation. We also propose to remove 
reference to ``editions'' of certification criteria to align with 
proposed changes to the certification program. We solicit comments on 
these clarifications.
---------------------------------------------------------------------------

    \64\ 78 FR 79201, 79204 (Dec. 27, 2013).
---------------------------------------------------------------------------

    As we describe in more detail below, however, we are updating the 
definition of ``interoperable.'' Although this revised definition would 
not require a textual change to this paragraph (y)(2), the revision 
would impact the deeming provision, and we solicit comments regarding 
this update.
3. Information Blocking
    The current condition at 1001.952(y)(3) prohibits the donor (or any 
person on the donor's behalf) from taking any action to limit or 
restrict the use, compatibility, or interoperability of the items or 
services with other electronic prescribing or electronic health records 
systems (including, but not limited to, health information technology 
applications, products, or services). As explained in the 2006 Final 
EHR Safe Harbor Rule and reaffirmed in the 2013 Final EHR Safe Harbor 
Rule, 1001.952(y)(3) has been designed to: (i) Prevent the misuse of 
the safe harbor that results in data and referral lock-in and (ii) 
encourage the free exchange of data (in accordance with protections for 
privacy).\65\ Since that time, significant legislative, regulatory, 
policy, and other Federal Government action defined this problem 
further (now commonly referred to as ``information blocking'') and 
established penalties for certain types of individuals and entities 
that engage in information blocking. Most notably, the 21st Century 
Cures Act added section 3022 of the PHSA, known as ``the information 
blocking provision,'' which defines conduct by healthcare providers, 
health IT developers of certified health IT, exchanges, and networks 
that constitutes information blocking. Section 3022(a)(1) of the PHSA 
defines ``information blocking'' in broad terms, while section 
3022(a)(3) authorizes and charges the Secretary to identify reasonable 
and necessary activities that do not constitute information blocking. 
The ONC NPRM would implement the statutory definition of ``information 
blocking,'' define certain terms related to the statutory definition of 
``information blocking,'' and proposes seven exceptions to the 
information blocking definition.\66\
---------------------------------------------------------------------------

    \65\ 78 FR 79213 (Dec. 27, 2013).
    \66\ 84 FR at 7602-05.
---------------------------------------------------------------------------

    We propose modifications to 1001.952(y)(3) to recognize these 
significant updates since the 2013 Final EHR Safe Harbor Rule. 
Specifically, we propose aligning the condition at 1001.952(y)(3) with 
the proposed information blocking definition and related exceptions in 
45 CFR part 171. We note that the EHR safe harbor conditions, while not 
using the term ``information blocking,'' already include concepts 
similar to those found in the 21st Century Cures Act's prohibition on 
information blocking. For example, we were concerned about donors (or 
those on the donor's behalf) taking steps to limit the interoperability 
of donated software to lock in or steer referrals, which is prohibited 
by the anti-kickback statute.\67\ These proposed modifications are not 
intended to change the purpose of this condition, but instead further 
our longstanding goal of preventing abusive arrangements that lead to 
information blocking and referral lock-in through updated 
understandings of those concepts established in the 21st Century Cures 
Act.\68\
---------------------------------------------------------------------------

    \67\ See Implementation of the 21st Century Cures Act: Achieving 
the Promise of Health Information Technology Before the S. Comm. On 
Health, Education, Labor, & Pensions, 115th Cong. 1 (2017) 
(statement of James Cannatti, Senior Counselor for Health 
Information Technology HHS OIG).
    \68\ We recognize that the ONC NPRM is not a final rule and is 
subject to change. However, we base our proposal on both the 
statutory language and the language in ONC's proposed rule for 
purposes of soliciting public input on our proposals.

---------------------------------------------------------------------------

[[Page 55741]]

    We note that health plans, which are protected donors under the EHR 
safe harbor, may not be subject to the information blocking provisions 
of the 21st Century Cures Act or the ONC NPRM. Nevertheless, health 
plans that seek the protection of this safe harbor do so voluntarily. 
We note that the definition of ``information blocking'' at PHSA section 
3022(a)(1) applies a different knowledge standard to health IT 
developers of certified health IT, health information networks, and 
health information exchanges than it does to healthcare providers. A 
healthcare provider engages in a practice of information blocking if 
such a provider ``knows that such practice is unreasonable and is 
likely to interfere with, prevent, or materially discourage access, 
exchange, or use of electronic health information.'' \69\ The EHR safe 
harbor primarily applies to healthcare providers due to the limitations 
on the types of donors permitted under 1001.952(y)(1). Therefore, most 
donors under the EHR safe harbor would be subject to the information 
blocking knowledge standard at section 3022(a)(1)(B)(ii) of the PHSA. 
Rather than have different conditions for healthcare providers and 
health plans, we believe it is reasonable to have one condition that 
applies the same information blocking knowledge standard to all parties 
who voluntarily use the safe harbor to protect donations of EHR items 
and services. For purposes of donations under this safe harbor, we 
propose to apply the knowledge standard articulated in the PHSA at 
section 3022(a)(1)(B)(ii) as applicable to both providers and health 
plans, and we seek comments on this approach.
---------------------------------------------------------------------------

    \69\ PHSA Sec.  3022(a)(1)(B)(ii).
---------------------------------------------------------------------------

    Additionally, the current condition at 1001.952(y)(3), as adopted 
in the 2006 Final EHR Safe Harbor Rule \70\ was intended to prevent 
donors, including health plans, from donating EHR software and then 
engaging in practices of information blocking that would limit the 
interoperability of the donated items, notwithstanding that we did not 
use that exact terminology. As a result, we do not believe this 
proposed modification places any additional burden on health plans that 
voluntarily seek to protect donations. We solicit comments on aligning 
the condition at 1001.952(y)(3) with the proposed information blocking 
definition in 45 CFR part 171.
---------------------------------------------------------------------------

    \70\ 71 FR 45136.
---------------------------------------------------------------------------

4. Cybersecurity
    We propose to amend the safe harbor to clarify that certain 
cybersecurity software and services have always been protected under 
this safe harbor,\71\ and to more broadly protect the donation of 
software and services related to cybersecurity. Currently, the safe 
harbor protects electronic health records software or information 
technology and training services necessary and used predominantly to 
create, maintain, transmit, or receive electronic health records. We 
propose to modify this language to include certain cybersecurity 
software and services that ``protect'' electronic health records.
---------------------------------------------------------------------------

    \71\ For instance, a secure log-in or encrypted access mechanism 
included with an EHR system or EHR software suite would be 
cybersecurity features of the EHR that are protected under the 
existing EHR safe harbor.
---------------------------------------------------------------------------

    In the 2006 Final EHR Safe Harbor Rule, we emphasized the 
requirement that software, information technology, and training 
services donated must be ``closely related to electronic health 
records'' and that the ``electronic health records functions must be 
predominant.'' We stated that ``[t]he core functionality of the 
technology must be the creation, maintenance, transmission, or receipt 
of individual patients' electronic health records,'' but, recognizing 
that the electronic health records software is commonly integrated with 
other features, we also stated that arrangements in which the software 
package included other functionality related to the care and treatment 
of individual patients would be protected. Under our proposal, the same 
criteria would apply to cybersecurity software and services: The 
predominant purpose of the software or service must be cybersecurity 
associated with the electronic health records.
    We note that we also are proposing a new safe harbor specifically 
to protect donations of cybersecurity technology and related services. 
As proposed, the cybersecurity safe harbor is broader and includes 
fewer conditions than the EHR safe harbor. However, we are proposing to 
expand the EHR safe harbor to expressly include cybersecurity software 
and services so that it is clear that an entity donating electronic 
health records software and providing training and other related 
services may also donate related cybersecurity software and services to 
protect the electronic health records. For clarity, we also propose to 
incorporate a definition of ``cybersecurity'' in this safe harbor that 
mirrors the definition we propose in the stand-alone cybersecurity safe 
harbor. A party seeking safe harbor protection needs to comply with the 
requirements of only one safe harbor. We solicit comments on this 
approach. In particular, with the addition of a stand-alone 
cybersecurity safe harbor, we solicit comments on whether it necessary 
to modify the EHR safe harbor to expressly include cybersecurity.
5. The Sunset Provision
    The EHR safe harbor originally was scheduled to sunset on December 
31, 2013. In adopting this condition of the EHR safe harbor, we 
acknowledged in the 2006 Final EHR Safe Harbor Rule ``that the need for 
a safe harbor for donations of electronic health records technology 
should diminish substantially over time as the use of such technology 
becomes a standard and expected part of medical practice.''
    In the 2013 notice of proposed rulemaking for an amendment to the 
EHR safe harbor (2013 Proposed Rule), we acknowledged that while 
electronic health record technology adoption had risen dramatically, 
use of such technology had not yet been universally adopted nation-
wide. Because continued electronic health record technology adoption 
remained an important Departmental goal, we solicited comments 
regarding an extension of the safe harbor. In response to those 
comments, in the 2013 Final EHR Safe Harbor Rule we extended the sunset 
date of the safe harbor to December 31, 2021, a date that corresponds 
to the end of the electronic health record Medicaid incentives. We 
stated our continued belief that as progress on this goal is achieved, 
the need for a safe harbor for donations should continue to diminish 
over time. Since publication of the 2013 Final EHR Safe Harbor Rule, 
however, numerous commenters have urged us to extend or make permanent 
the safe harbor at 42 CFR 1001.952(y). Specifically, commenters have 
suggested this modification in response to OIG's annual Solicitation of 
New Safe Harbors and Special Fraud Alerts, and also in response to the 
OIG RFI and the CMS RFI.
    While we acknowledge that widespread adoption of electronic health 
record technology, though not universal, largely has been achieved, we 
no longer believe that once this goal is achieved the need for a safe 
harbor for donations of such technology will diminish over time or 
completely disappear. New entrants into medical practice, coupled with 
aging EHR technology at existing practices and the emergence of new and 
better technology, necessitate the availability of this safe harbor to 
achieve the Department's policy objectives. Our experience indicates 
that the continued availability of the safe harbor plays a part in 
achieving the Department's goal

[[Page 55742]]

of promoting electronic health records technology adoption by providing 
certainty with respect to the cost of electronic health records items 
and services for recipients, and by encouraging adoption by physicians 
who are new entrants into medical practice or have postponed adoption 
based on financial concerns regarding the ongoing costs of maintaining 
and supporting an electronic health records system. Ongoing protection 
of electronic health record items and services donations would further 
new Department priorities and policies by allowing donors and 
recipients to ensure new technology is adopted that, for example, may 
improve the interoperability of electronic health information.
    We are proposing to eliminate the sunset provision at 42 CFR 
1001.952(y)(13). As an alternative to this proposed elimination of the 
sunset provision, we are considering an extension of the sunset date 
for the final rule. We seek comment on whether we should select a later 
sunset date instead of making the safe harbor permanent, and if so, 
what that date should be.
6. Definitions
    We are proposing to modify the definitions of ``interoperable'' and 
``electronic health record.'' In the 2006 Final EHR Safe Harbor Rule, 
we finalized these definitions based on then-current terminology, the 
emerging standards for electronic health records, and other resources 
cited by commenters. The following proposed modifications to these 
definitions are largely based on terms and provisions in the Cures Act 
that update or supersede terminology we used in the 2006 Final EHR Safe 
Harbor Rule.
    In the current note to paragraph (y) under 1001.952, ``electronic 
health record'' is defined as ``a repository of consumer health status 
information in computer processable form used for clinical diagnosis 
and treatment for a broad array of clinical conditions.'' We propose to 
modify the definition of ``electronic health record'' to mean: ``a 
repository of electronic health information that: (A) is transmitted by 
or maintained in electronic media; and (B) relates to the past, 
present, or future health or condition of an individual or the 
provision of healthcare to an individual.''
    The proposed revision to the definition of ``electronic health 
record'' is not intended to substantively change the scope of 
protection. We are proposing these modifications to this definition to 
reflect the term ``electronic health information'' that is used 
throughout the Cures Act and that is central to the definition of 
``interoperability'' at PHSA Sec.  3000(9) and the information blocking 
provision at PHSA Sec.  3022. Additionally, the ONC NPRM proposes a 
definition of ``electronic health information.'' \72\ We have based the 
proposed modifications, in part, on ONC's proposed definition of 
``electronic health information'' to reflect more modern terminology 
used to describe the type of information that is part of an electronic 
health record. We solicit comments on this updated definition.
---------------------------------------------------------------------------

    \72\ 84 FR 7424, 7513 (Mar. 4, 2019).
---------------------------------------------------------------------------

    In the note to paragraph (y) under 1001.952, the existing 
definition of ``interoperable'' means ``able to communicate and 
exchange data accurately, effectively, securely, and consistently with 
different information technology systems, software applications, and 
networks, in various settings, and exchange data such that the clinical 
or operational purpose and meaning of the data are preserved and 
unaltered.'' As explained in the 2006 Final EHR Safe Harbor Rule, this 
definition was based on 44 U.S.C. 3601(6) (pertaining to the management 
and promotion of electronic Government services) and several comments 
we received in response to the proposed rule that referenced emerging 
industry definitions and standards related to interoperability.\73\
---------------------------------------------------------------------------

    \73\ 71 FR 45110, 45126 (August 8, 2006).
---------------------------------------------------------------------------

    We propose to update the definition of the term ``interoperable'' 
to align with the statutory definition of ``interoperability'' added by 
the Cures Act to Section 3000(9) of the PHSA and as proposed in the ONC 
NPRM. We propose modifications to match the statutory definition and 
the ONC NPRM definition of ``interoperability.'' Consistent with PHSA 
Sec.  3000(9), we propose to define ``interoperable'' to mean able to: 
``(i) securely exchange data with, and use data from other health 
information technology without special effort on the part of the user; 
(ii) allow for complete access, exchange, and use of all electronically 
accessible health information for authorized use under applicable State 
or Federal law; and (iii) does not constitute information blocking as 
defined in 45 CFR part 171.'' The only difference between the statutory 
definition of ``interoperability'' and the definition in the ONC NPRM 
is the reference to the regulatory definition of ``information 
blocking'' in 45 CFR part 171, which we propose to adopt. We will work 
closely with ONC as they finalize the information blocking rule to 
ensure definitions align across the EHR safe harbor and the final 
information blocking regulations.
    We believe the statutory definition of ``interoperability'' 
includes similar concepts to the existing definition of 
``interoperable'' in the note to paragraph (y) (e.g., the ability to 
securely exchange data across different systems or technology). Two new 
concepts in the statutory definition are included in the proposed 
modification: (i) Interoperable means the ability to exchange 
electronic health information ``without special effort on the part of 
the user'' and (ii) interoperable expressly does not mean information 
blocking.\74\ As a practical matter, we believe these two concepts are 
not substantively different from the existing definition and only 
reflect an updated understanding of interoperability and related 
terminology. We solicit comments on the proposed definition that would 
align the definition of ``interoperable'' with the statutory definition 
of ``interoperability.''
---------------------------------------------------------------------------

    \74\ PHSA Sec.  3000(9); 42 U.S.C. 300jj(9).
---------------------------------------------------------------------------

    We also are considering linking the definition of ``interoperable'' 
with the proposed definition of ``interoperability'' at 45 CFR 170.102 
in the ONC NPRM \75\ if that proposed definition is finalized. We note 
that ONC's proposed regulatory definition of ``interoperability'' 
matches the statutory definition. However, linking the ONC regulatory 
definition of ``interoperability'' may allow for additional, future 
updates to be adopted by reference in the EHR safe harbor. We solicit 
comments on this proposal.
---------------------------------------------------------------------------

    \75\ 84 FR 7424, 7589 (Mar. 4, 2019).
---------------------------------------------------------------------------

    In the alternative, we are considering revising our regulations to 
eliminate the term ``interoperable'' and instead incorporate the term 
``interoperability'' and define this term by reference to section 
3000(9) of the PHSA and proposed in 45 CFR part 170. Under this 
alternative proposal, we would revise Sec.  1001.952(y)(2) to require 
donations of software to meet interoperability standards established 
under Title XXX of the PHSA and its implementing regulations. Software 
would be deemed to meet interoperability standards if, on the date it 
is provided to the recipient, it is certified by a certifying body 
authorized by ONC to health information technology certification 
criteria identified in 45 CFR part 170. We seek comment regarding 
whether using terminology identical to the PHSA and proposed ONC 
regulations would facilitate compliance with the requirements of the 
EHR safe harbor and reduce any regulatory burden resulting from the 
differences in the agencies'

[[Page 55743]]

different terminology related to the singular concept of 
interoperability.
    Finally, for ease of reference, we propose to amend the safe harbor 
by moving the undesignated definitions set forth in the note to 
paragraph (y) to a new paragraph (y)(14).
7. Additional Proposals and Considerations
a. 15-Percent Recipient Contribution
    In the 2006 Final EHR Safe Harbor Rule, we agreed with a number of 
commenters who suggested that cost sharing is an appropriate method to 
address some of the fraud and abuse risks inherent in unlimited 
donations of technology. Accordingly, we incorporated a requirement 
into 42 CFR 1001.952(y) that the recipient pays 15 percent of the 
donor's cost of the technology. We noted in the 2006 Final EHR Safe 
Harbor Rule that ``the 15 percent cost sharing requirement is high 
enough to encourage prudent and robust electronic health records 
arrangements, without imposing a prohibitive financial burden on 
recipients.'' Moreover, we stated, ``this approach requires recipients 
to contribute toward the benefits they may experience from the adoption 
of interoperable electronic health records (for example, a decrease in 
practice expenses or access to incentive payments related to the 
adoption of health information technology).''
    We are aware that the 15-percent contribution requirement has 
proven burdensome to some recipients and may act as a barrier to 
adoption of electronic health records technology. We understand that 
this burden may be particularly acute for small and rural practices 
that cannot afford the contribution. We also recognize that applying 
the 15-percent contribution requirement to upgrades and updates to 
electronic health record technology is restrictive and cumbersome and 
similarly may act as a barrier.
    We are not proposing specific amendments to the 15-percent 
contribution requirement at this time, and we are considering retaining 
this requirement without change in the final rule. However, we also are 
considering and solicit comments on the three alternatives to the 
existing requirement as outlined below. We solicit comment on each of 
the alternatives as separate proposed modifications to the contribution 
requirement.
    First, for purposes of the final rule, we are considering 
eliminating or reducing the percentage contribution required for small 
or rural practices. We specifically seek comment on whether and how we 
should eliminate or reduce the 15-percent contribution requirement as 
applied to a specific subset of recipients such as small or rural 
practices. In particular, we solicit comments on how ``small or rural 
practices'' should be defined. For example, we solicit comments on 
whether ``rural practices'' should be defined as those located in rural 
areas, as defined in the safe harbor for local transportation at 42 CFR 
1001.952(bb). We also solicit comments on whether ``small practices'' 
should be defined as those in medically underserved areas, as 
designated by the Secretary under section 330(b)(3) of the Public 
Health Service Act, or defined similarly to a ``small provider of 
services or small supplier'' as set forth in the requirements related 
to the electronic submission of Medicare claims at 42 CFR 424.32. We 
also are considering for the final rule and solicit comments on whether 
other subsets of potential recipients, for example critical access 
hospitals, should be exempted from the 15-percent contribution because 
it would impose a significant financial burden on the recipient.
    Second, and in the alternative, we are considering reducing or 
eliminating the 15-percent contribution requirement in this safe harbor 
for all recipients. We solicit comments regarding the impact this might 
have on the use and adoption of electronic health records technology, 
and any attendant risks of fraud and abuse. We are interested in 
specific examples of the prohibitive costs associated with the 15-
percent contribution requirement, both for the initial donation of 
electronic health records technology, and subsequent upgrades and 
updates to the technology.
    Finally, if we retain a 15-percent contribution requirement or 
reduce that contribution requirement for some or all recipients, we are 
considering modifying or eliminating the contribution requirement for 
updates to previously donated EHR software or technology. We solicit 
comments on this approach as well as what such a modification should 
entail. For example, we are considering requiring a contribution for 
the initial investment only, as well as any ``new'' modules, but not 
requiring a contribution for any update of the software already 
purchased. We solicit comments on these alternatives, or another 
similar alternative that would still involve some contribution but 
could reduce the uncertainty and administrative burden associated with 
assessing a contribution for each update.
b. Replacement Technology
    In the 2013 Final EHR Safe Harbor Rule, we highlighted one 
commenter's assertion that ``the prohibition on donating equivalent 
technology currently included in the safe harbor locks physician 
practices into a vendor, even if they are dissatisfied with the 
technology, because the recipient must choose between paying the full 
amount for a new system and continuing to pay 15 percent of the cost of 
the substandard system.'' The same commenter asserted that ``the cost 
difference between these two options is too high and effectively locks 
physician practices into electronic health record technology vendors.'' 
In the 2013 Final EHR Safe Harbor Rule, we responded that ``we continue 
to believe that items and services are not ``necessary'' if the 
recipient already possesses the equivalent items or services. We noted 
that providing equivalent items and services confers independent value 
on the recipient and noted our expectation that ``physicians would not 
select or continue to use a substandard system if it posed a threat to 
patient safety.''
    We appreciate that advancements in electronic health records 
technology are continuous, rapid, and sometimes prohibitively expensive 
for the purchaser of such technology, and that in some situations, 
replacement technology is appropriate. We are proposing to delete the 
condition that prohibits the donation of equivalent items or services 
at current 1001.952(y)(7) to allow donations of replacement electronic 
health records technology. We specifically seek comment as to whether 
deleting this condition is necessary, and in what situations 
replacement technology would be appropriate. We further solicit comment 
as to how we might safeguard against situations where donors 
inappropriately offer, or recipients inappropriately solicit, 
unnecessary technology instead of upgrading their existing technology 
for appropriate reasons.
c. Protected Donors
    We are considering expanding the group of entities that may be 
protected donors under the EHR safe harbor, for purposes of the final 
rule. As background, in the preamble to the 2006 Final EHR Safe Harbor 
Rule for the EHR safe harbor, we were mindful that broad safe harbor 
protection would significantly further the important public policy goal 
of promoting electronic health records, and thus concluded that the 
safe harbor should protect any donor that is an individual

[[Page 55744]]

or entity that provides patients with healthcare items or services 
covered by a Federal health care program and submits claims or requests 
for payment for those items or services (directly or pursuant to 
reassignment) to Medicare, Medicaid, or other Federal health care 
programs (and otherwise meets the safe harbor conditions).\76\ 
Notwithstanding this conclusion, we indicated that ``[w]e remain 
concerned about the potential for abuse by laboratories, durable 
medical equipment suppliers, and others'' and noted that ``[w]e intend 
to monitor the situation. If abuses occur, we may revisit our 
determination.'' \77\
---------------------------------------------------------------------------

    \76\ 71 FR 45127.
    \77\ Id. at 45128.
---------------------------------------------------------------------------

    In the 2013 Final EHR Safe Harbor Rule, we finalized a proposal to 
remove laboratory companies from the scope of protected donors under 
the safe harbor to address, among other things, potential abuse 
identified by some of the commenters involving potential recipients 
conditioning referrals for laboratory services on the receipt of, or 
redirecting referrals for laboratory services following, donations from 
laboratory companies, and general misuse of donations by donors to 
secure referrals.
    We remain concerned about the potential for fraud and abuse by 
certain donors that we articulated in the 2006 Final EHR Safe Harbor 
Rule and the 2013 Final EHR Safe Harbor Rule. However, in light of the 
Department's continued objective to advance the adoption of electronic 
health records technology, particularly as related to the Regulatory 
Sprint, and in response to certain comments received to the OIG RFI, we 
are considering expanding the scope of protected donors by eliminating 
or revising the requirement in 42 CFR 1001.952(y)(1)(i) that protected 
donors be limited to those who ``submit[ ] claims or requests for 
payment, either directly or through reassignment, to the Federal health 
care program.'' If we were to revise rather than eliminate the 
restriction, we are considering broadening it in the final rule to 
entities with indirect responsibility for patient care. This expansion 
would protect as donors, for example, entities like health systems or 
accountable care organizations that neither are health plans nor submit 
claims for payment. Certain commenters to the OIG RFI also recommended 
permitting any risk-bearing entity that participates in an Advanced APM 
entity under the Medicare Quality Payment Program (QPP) to be a donor. 
We are interested in understanding other types of entities and 
potential donors who would avail themselves of a broadening of the 
protected donors. In addition, we specifically solicit comments 
regarding the removal of this restriction and whether and how removal 
would impact the widespread adoption of electronic health records 
technology as well as comments regarding any attendant risks of fraud 
and abuse.

J. Personal Services and Management Contracts and Outcomes-Based 
Payment Arrangements (1001.952(d))

    We propose to modify the existing safe harbor for personal services 
and management contracts at 42 CFR 1001.952(d) to: (i) Substitute, for 
the requirement that aggregate compensation under these agreements be 
set in advance, a requirement that the methodology for determining 
compensation be set in advance; (ii) eliminate the requirement that, if 
an agreement provides for the services of an agent on a periodic, 
sporadic or part-time basis, the contract must specify the schedule, 
length, and the exact charge for such intervals; (iii) create a new 
paragraph (d)(2) to protect certain outcomes-based payments, as defined 
below; and (iv) to make certain technical changes. These proposals seek 
to modernize the safe harbor and respond to comments in response to the 
RFI that existing safe harbor requirements present barriers to certain 
care coordination and value-based arrangements.
1. Elimination of Requirement To Set Aggregate Compensation in Advance
    The existing safe harbor for personal services and management 
contracts requires that such agreements be for a term of at least 1 
year, and that the aggregate compensation be set in advance. In 
addition, the compensation must be consistent with fair market value in 
arm's-length transactions. Consistent with our existing safe harbor, 
compensation under personal services and management contracts may not 
be determined in a manner that takes into account the volume or value 
of any referrals or business otherwise generated between the parties 
for which payment may be made in whole or in part under Medicare, 
Medicaid or other Federal health care programs. Also, the aggregate 
services performed under the agreement must not exceed those which are 
reasonably necessary to accomplish the commercially reasonable business 
purpose of the services.\78\ The purpose of these requirements is to 
limit the opportunity to provide financial incentives in exchange for 
referrals.
---------------------------------------------------------------------------

    \78\ 42 CFR 1001.952(d)(4), (5) and (7).
---------------------------------------------------------------------------

    To provide the healthcare industry enhanced flexibility to 
undertake innovative arrangements, we are proposing to revise the safe 
harbor to remove the requirement at 42 CFR 1001.952(d)(5) that the 
``aggregate'' amount of compensation paid over the term of the 
agreement must be set forth in advance. To mitigate the risk of parties 
to the agreement periodically adjusting the compensation to reward 
referrals or unnecessary utilization, the proposed modification to the 
safe harbor would require the parties to an arrangement to determine 
the arrangement's compensation methodology in advance of the initial 
payment under the arrangement. In addition, under (d)(1) of our 
proposal, the safe harbor would continue to require that the 
compensation reflect fair market value, be commercially reasonable, and 
not take into account the volume or value of referrals or business 
otherwise generated between the parties.
    We anticipate this proposal would more closely align this safe 
harbor with the personal service arrangements exception to the 
physician self-referral law, 42 CFR 411.357(d).
2. Elimination of Requirement To Specify Schedule of Part-Time 
Arrangements
    We propose to eliminate the requirements set forth at 42 CFR 
1001.952(d)(3) relating to agreements for services provided on a 
periodic, sporadic, or part-time basis. This paragraph of the safe 
harbor requires contracts that provide for services on such a basis to 
specify ``exactly the schedule of such intervals, their precise length, 
and the exact charge for such intervals.'' Removing this requirement 
would afford parties additional flexibility in designing bona fide 
business arrangements, including care coordination and quality-based 
arrangements, where parties provide legitimate services as needed.
    The existing safe harbor requires part-time contractual 
arrangements between healthcare providers to specify their timing or 
duration because of our concern that such arrangements are especially 
vulnerable to abuse. Specifically, part-time arrangements could be 
readily modified based on changing referral patterns between the 
parties. However, we believe that existing safeguards under (d)(1) of 
our proposal would provide sufficient safeguards against the 
manipulation of these arrangements to reward referrals, namely: The 
term of the arrangement

[[Page 55745]]

must be not less than 1 year; the compensation terms must reflect fair 
market value, be commercially reasonable, and not take into account the 
volume or value of any referrals or business otherwise generated 
between the parties; and the methodology for determining compensation 
must be set in advance.
    As with our first proposal, we anticipate this proposal would more 
closely align this safe harbor with the personal service arrangements 
exception to the physician self-referral law, 42 CFR 411.357(d).
3. Proposal To Protect Outcomes-Based Payments
    We propose to protect outcomes-based payment arrangements in 
certain circumstances under proposed new paragraph (d)(2) and (d)(3). 
Our proposal is in response to the evolution of new payment models, 
such as shared savings, shared losses, episodic payments, gainsharing, 
and pay-for-performance, and recognizes that such arrangements may 
facilitate care coordination, encourage provider engagement across care 
settings, and promote the shift to value.
a. Outcomes-Based Payments
    We propose to define ``outcomes-based payment'' as payments from a 
principal to an agent that: (i) Reward the agent for improving (or 
maintaining improvement in) patient or population health by achieving 
one or more outcome measures that effectively and efficiently 
coordinate care across care settings; or (ii) achieve one or more 
outcome measures that appropriately reduce payor costs while improving, 
or maintaining the improved, quality of care for patients.
    We further propose that such payments would exclude any payments 
made, directly or indirectly, by a pharmaceutical manufacturer; a 
manufacturer, distributor, or supplier of DMEPOS; or a laboratory. Such 
payments would also exclude any payment that relates solely to the 
achievement of internal cost savings for the principal. We solicit 
comments on potential alternative definitions of the term ``outcomes-
based payment'' that would be consistent with the goals described in 
the preceding paragraphs of this preamble section. For example, we are 
considering for the final rule defining the term by reference to 
specific types of payments, such as those described as examples of 
outcomes-based payments below.
    Examples of outcomes-based payment arrangements could include 
shared savings payments, shared losses payments, gainsharing payments, 
pay-for-performance payments, or episodic or bundled payments. We are 
considering and solicit comments on whether, if we take this approach, 
we should further define specific types of payment arrangements that 
would qualify for this safe harbor in the final rule. To the extent we 
further define such arrangements, we are considering basing potential 
definitions on arrangements defined in various Innovation Center models 
and the Medicare Shared Savings Program. Such terms might include:
     ``Shared savings payment'' could be defined to mean a 
payment from a payor to a principal or the downstream payment by the 
principal to the agent of a share of payor savings realized from the 
agent's activities for a specified patient population. Shared savings 
payments encourage the use of the lowest cost service for the patient 
population to achieve certain desired health outcomes.
     ``Shared losses payment'' could be defined to mean a 
payment from a principal to a payor or from a downstream agent to a 
principal to repay the payor for a portion of the payor's losses 
incurred with respect to a specific patient population under a shared 
savings arrangement when a principal's expenditures for the patient 
population for the applicable performance period exceed specific 
performance benchmarks.
     ``Gainsharing payment'' could be defined to mean a payment 
from a principal to an agent to incentivize the agent to appropriately 
reduce healthcare costs (other than solely the principal's internal 
costs) for a specified patient population while achieving certain 
outcome measures in accordance with a principal's arrangement with a 
payor.
     ``Episodic or bundled payment'' could be defined to mean a 
payment from a payor to a principal or from a principal to a downstream 
agent for an episode of care across care settings for a specified 
patient population. This could include a retrospective bundled payment 
arrangement where actual healthcare expenditures of the payor and 
principal for the patient population are reconciled against a target 
price for an episode of care and a portion of such payment to the 
principal may be made to the agent or a prospectively determined 
bundled payment from the payor to the principal or a portion of such 
payment to the principal made to the agent that encompasses all 
healthcare services furnished by the principal and agent for the 
patient population during the episode of care.
     ``Pay-for-performance arrangement'' could be defined to 
mean a payment from a principal to an agent (or a payor to a principal) 
for the achievement of a legitimate cost, quality, or operational 
performance metric (e.g., bonus payment) on behalf of the principal for 
a specified patient population.
    We anticipate such outcomes-based payment arrangements would 
largely mirror, in concept, similar arrangements used in various 
Innovation Center models and the Medicare Shared Savings Program and 
would, more specifically, encompass examples like the following: (i) An 
ACO makes a ``shared savings'' payment to its member physicians, with 
such payments representing a percentage of payor savings generated by 
the ACO as a result of its members' efforts to reduce total patient 
care costs and improve quality; (ii) where an ACO incurs financial loss 
and is obligated to pay money to its payor, a hospital makes ``shared 
losses'' payments to the ACO, representing an agreed upon percentage of 
the ACO's loss; and (iii) a hospital and group of physicians and post-
acute care providers agree collectively to be paid by a payor for an 
episode of care (e.g., inpatient stay and 90 days post-discharge) and 
share among themselves the savings or losses generated against a 
benchmark. In some cases involving reconciliation, the hospital might 
be responsible for sharing any savings among its partners; in others, 
the hospital might be responsible for paying its partners for the 
services they furnish the patients under the episode.
    As noted previously, our proposed definition of ``outcomes-based 
payment'' excludes arrangements that relate solely to achievement of 
internal cost savings for the principal. For example, outcomes-based 
payment arrangements would not include arrangements that involve 
sharing in financial risk or gain only as it relates to the prospective 
payment systems for acute inpatient hospitals, home health agencies, 
hospice, outpatient hospitals, inpatient psychiatric facilities, 
inpatient rehabilitation facilities, long-term care hospitals, or SNFs. 
Although arrangements reimbursed by Federal health care programs under 
the prospective payment systems may create internal cost savings for a 
provider, the savings under the arrangement would not accrue to the 
payor.
    Thus, and for example, this safe harbor would not protect an 
outcomes-based payment arrangement between a hospital and physician 
group, where the parties share financial risk or gain only with respect 
to items or services

[[Page 55746]]

reimbursed to the hospital under the Medicare prospective payment 
system for acute inpatient hospitals. However, an outcomes-based 
payment arrangement that involves a hospital and physician group 
sharing financial risk or gain realized across care settings would be 
protected (e.g., for a patient's inpatient stay and the 60-day post-
discharge period), provided all safe harbor requirements were met.
b. Entities Not Included
    Based on our enforcement and oversight experience and as explained 
with respect to a similar exclusion in the definition of VBE 
participant in this proposed rule, we are proposing to exclude 
pharmaceutical manufacturers; manufacturers, distributors, and 
suppliers of DMEPOS; and laboratories from the proposed safe harbor for 
outcomes-based payments. As stated previously, we are concerned that 
these types of entities, which are heavily dependent upon practitioner 
prescriptions and referrals, might use outcomes-based payments 
primarily to market their products to providers and patients.
    As with the proposed definition of a VBE participant, we are also 
considering for the final safe harbor at 1001.952(d)(2) excluding 
pharmacies (including compounding pharmacies), PBMs, wholesalers, and 
distributors. We solicit comments about these proposed exclusions, as 
well as illustrative examples of beneficial or problematic outcomes-
based payment arrangements that might be excluded or included if we 
finalize some or all of these exclusions.
    We also are considering whether to more specifically target the 
final safe harbor on outcomes-based payment arrangements that further 
value-based care or care coordination by limiting protection for 
outcomes-based payment arrangements to VBE participants, as that term 
is defined in (ee)(12)(vi) of this proposed rule.
c. Collaboration and Outcomes-Based Payments
    As proposed, under the safe harbor conditions, all outcomes-based 
payments must be made between or among parties that are collaborating 
to measurably improve quality of patient care appropriately and 
materially reduce costs while maintaining quality, or both. Moreover, 
if specific services are to be performed, the agreement must specify 
all of the services the parties perform (or refrain from performing) to 
qualify for the outcomes-based payments. We are mindful that with some 
value-based payment arrangements, there may not be a direct correlation 
between the level or value of services provided by a particular 
recipient of payments and that party's share of savings or outcomes-
based payments (e.g., shared savings payments may be distributed on a 
basis unrelated to actual services provided). While the two 
requirements described do not expressly require that the outcomes-based 
payment arrangement include the provision of services (merely that the 
parties collaborate, and to the extent the parties' arrangement 
includes services, that they be documented), we anticipate that many 
arrangements would include a service component.
d. Safe Harbor Conditions
    Our proposal for outcomes-based payment arrangements includes safe 
harbor conditions, some of which mirror program integrity safeguards 
set forth in the existing personal services and management contracts 
safe harbor and some of which are new safeguards specific to outcomes-
based payment arrangements. As detailed below, our proposed safe harbor 
conditions are based on our experience with these types of arrangements 
through the advisory opinion process and the development of waivers for 
CMS models.
e. Goal of the Outcomes-Based Payment Arrangement
    As stated above, all outcomes-based payments must be made between 
or among parties that are collaborating to measurably improve quality 
of patient care (or maintain improvement); appropriately and materially 
reduce costs to, or growth in expenditures of, payors while improving 
or maintaining the improved quality of care; or both. We propose to 
limit safe harbor protection to outcomes-based payment arrangements 
that foster these two goals because we believe that such arrangements 
may best facilitate care coordination, encourage provider engagement 
across care settings, and promote the shift to value.
f. Outcome Measures
    We propose to require the parties to an arrangement to establish 
one or more specific evidence-based, valid outcome measures that the 
agent must satisfy to receive the outcomes-based monetary remuneration. 
This requirement largely mirrors the outcome-measure requirement in the 
proposed care coordination arrangements safe harbor at paragraph (ee), 
and we refer readers to the discussion of this requirement in the 
preamble above. That being said, we note certain key differences, such 
as: This proposed safe harbor requires satisfaction of an outcome 
measure to receive an outcomes-based payment, whereas the care 
coordination arrangements safe harbor requires monitoring and 
assessment related to such outcome measures; and the achievement of 
outcomes measures is not a prerequisite to the provision or use of in-
kind remuneration under the proposed safe harbor at paragraph (ee). 
Such differences are deliberate and due to the variations in type and 
scope of potential remuneration that could be exchanged under the 
respective safe harbors.
    For the proposed outcomes-based payment arrangements amendments to 
the safe harbor, outcome measures must relate to improving quality of 
patient care; appropriately and materially reducing costs to, or growth 
in expenditures of, payors while improving, or maintaining the improved 
quality of care for patients; or both. As an additional safeguard, 
parties must select outcome measures based upon clinical evidence or 
credible medical support.
    Any outcome measures established pursuant to the parties' 
arrangement must be measurable and valid, and such measures must 
promote improved quality or efficiencies in the delivery of care, or 
appropriate cost reduction. Measures that simply seek to reward the 
status quo would not meet this requirement. In some circumstances, we 
acknowledge that payment for the maintenance of high quality may be low 
risk (e.g., where an established ACO that has made demonstrable quality 
improvements over the course of several years seeks to reward its 
members to maintain such improvements). We solicit comments on whether, 
and if so how, we should protect such arrangements in the final rule 
without protecting arrangements that may be disguised payments for 
referrals. We are concerned that arrangements that reward the status 
quo are more likely to be mere payments for referrals.
    Because we believe the provision of monetary remuneration presents 
a higher risk of fraud and abuse than the provision of in-kind 
remuneration, we are considering for the final rule, and solicit 
comments on, whether to impose a different, potentially stricter 
standard for outcome measures in this proposed safe harbor than in the 
proposed care coordination arrangements safe harbor at paragraph (ee). 
To mitigate this risk, we propose to require the parties to regularly 
monitor and assess the agent's performance on each outcome measure 
under the agreement. This condition is similar to the assessment and

[[Page 55747]]

monitoring requirements in the care coordination arrangements safe 
harbor at paragraph (ee). For example, regularly monitoring and 
assessing the agent's performance could include: (i) Determining 
whether the arrangement has measurably improved quality of patient 
care, (ii) evaluating any deficiencies in the delivery of quality care, 
and (iii) measuring the agent's satisfaction of the specific, evidence-
based, valid outcome measure(s) in the outcomes-based arrangement.
    We recognize that outcomes-based payment arrangements may vary in 
structure and strive to provide flexibility for parties to design 
arrangements to achieve appropriate quality of patient care as well as 
appropriate efficiency and cost savings goals. However, we are 
proposing to include an express requirement that parties rebase the 
benchmark or outcome measure for outcomes-based payments periodically 
in outcomes-based payment arrangements where rebasing is feasible under 
paragraph (d)(2)(vii)(B). By ``rebasing'' we mean resetting the 
benchmark used to determine whether payments will be made to take into 
account improvements already achieved. We anticipate periodic 
``rebasing'' will prevent parties from inappropriately carrying over 
savings from previous performance periods or from receiving payments 
that do not reflect legitimate achievement of outcomes.
    This proposed requirement is intended to address a concern that 
``evergreen'' outcomes-based payment arrangements, in which outcome 
measures are not properly monitored or assessed, could be used as a 
vehicle to reward referrals well after the desired provider behavior 
change or savings benchmark has been met. Such perpetual arrangements 
might also fail to meet the proposed requirement that the measures be 
evidence-based. We are considering for the final rule, and solicit 
comments on, whether a specific timeframe within a specified 
performance period under the arrangement (e.g., 3 years) or a shorter 
(e.g., 1-year) or longer (e.g., 5-year) timeframe is appropriate and 
realistic for requiring parties to rebase the benchmarks for outcomes-
based payments. We solicit comments on the definition of ``rebase'' and 
when and how frequently rebasing would be necessary and appropriate to 
ensure that outcomes-based payments are based on valid, measurable 
outcomes, reducing the risk that the payments would be mere payments 
for referrals.
g. Methodology
    To increase transparency of outcomes-based payment arrangements, we 
propose that the methodology for determining the aggregate compensation 
(including any outcomes-based payments) paid between or among the 
parties over the term of the agreement is: Set in advance; commercially 
reasonable; consistent with fair market value; and not determined in a 
manner that directly takes into account the volume or value of any 
referrals or business otherwise generated between the parties for which 
payment may be made in whole or in part by a Federal health care 
program. We view these conditions as essential safeguards to ensuring 
any outcomes-based payment arrangement is not a vehicle to reward 
referrals and generate revenue but rather reflects a deliberate, 
collaborative effort by the parties to the arrangement to realize 
improved outcomes, cost savings to payors, or both.
    Because our proposed set-in-advance and commercially reasonable 
requirements are consistent with our existing personal services 
arrangement and management contracts safe harbor (as proposed to be 
amended with respect to the set-in-advance requirement), we do not 
address these requirements here in further detail. We discuss our 
proposed fair market value and volume or value conditions below.
i. Fair Market Value
    We propose that the methodology for determining the aggregate 
compensation (including any outcomes-based payments) paid between or 
among the parties over the term of the agreement be consistent with 
fair market value. We acknowledge our proposed aggregate fair market 
value requirement may pose challenges to the extent there are not 
industry standards yet developed to determine fair market value for 
some outcomes-based payment arrangements in the value-based care arena 
and because we understand that some of the outcomes-based payment 
arrangements we propose to protect do not necessarily correlate 
payments with actual services performed (and in some cases, reward not 
performing services).
    Nonetheless, we anticipate the industry will evolve and adapt to 
assess fair market value for value-driven outcomes-based payment 
arrangements, even where the provision of traditional services may be a 
less prominent component. We solicit comments on this approach. We are 
considering for the final rule whether we should take a different 
approach (including whether to value outcomes-based payments separately 
from other compensation or whether to substitute the fair market value 
requirement with a different safeguard that would help ensure that 
payments are for legitimate participation in arrangements that drive 
value-based care and are not merely disguised payments for referrals).
ii. Volume or Value of Referrals
    We propose to require that the compensation methodology for 
determining the outcomes-based payment not be determined in a manner 
that directly takes into account the volume or value of referrals or 
other business generated between the parties. We recognize that to 
incentivize care coordination and appropriate behavioral changes 
through outcomes-based payments, parties may need to establish payment 
methodologies that at least indirectly take into account the volume or 
value of referrals or other business generated between the parties. We 
believe it should be possible to structure payments so that they do not 
directly take into account the volume or value of referrals of other 
business.
h. Writing and Monitoring
    We propose that the outcomes-based payment be made between or among 
parties that are collaborating, pursuant to a written agreement signed 
by the parties in advance of, or contemporaneous with, the commencement 
of the terms of the outcomes-based payment arrangement. We further 
propose that the written agreement specify all of the services the 
parties would perform for the term of the agreement. As detailed in the 
above section, while this does not mandate that parties to an outcomes-
based payment arrangement include services, if services are furnished 
pursuant to the parties' arrangement, such services must be documented 
in writing.
    We further propose to require that the written agreement include 
the outcome measure(s), the evidence-based data or information upon 
which the parties relied to select the outcome measure(s), and the 
schedule for the parties to regularly monitor and assess the outcome 
measure(s). In addition to the writing requirements set forth in 
(d)(2)(viii), parties may consider documenting and retaining such 
documentation necessary to demonstrate compliance with each prong of 
this safe harbor. For example, the parties may document payments made 
pursuant to the outcomes-based payment arrangement and data showing the 
agent's achievement of the outcome measure(s).

[[Page 55748]]

i. Impact on Patient Quality of Care
    Properly structured and operated, outcomes-based payments hold the 
potential to improve the delivery of care; however, when improperly 
structured and operated, they hold the potential to incentivize 
behavior harmful to patients, such as stinting on care 
(underutilization), cherry picking lucrative or adherent patients, or 
lemon dropping costly or noncompliant patients.\79\ Accordingly, we are 
proposing to require that the agreement neither limits any party's 
ability to make medically appropriate decisions for patients, nor 
induces the reduction of medically necessary services.
---------------------------------------------------------------------------

    \79\ We note that section 1128A(b)(1) of the Act (the 
``Gainsharing CMP'') prohibits a hospital from knowingly making 
payments, directly or indirectly, to a physician to induce the 
physician to reduce or limit medically necessary services to 
Medicare or Medicaid beneficiaries who are under the physician's 
direct care. Hospitals that make (and physicians who receive) 
payments prohibited by this provision are liable for civil money 
penalties for each patient for which the prohibited payment was 
made. However, our proposed condition is in recognition that other 
parties, besides hospitals and physicians, may seek protection under 
this safe harbor.
---------------------------------------------------------------------------

j. Additional Safeguards
    We propose that the term of the agreement is not less than 1 year 
and that the services performed under the agreement do not involve the 
counseling or promotion of a business arrangement or other activity 
that violates any State or Federal law. These conditions are identical 
to those included in the personal services and management contracts 
safe harbor.
k. Technical Modifications
    Due to the proposed additions of paragraphs (d)(2) and (d)(3), 
setting forth provisions on outcomes-based payments and definitions, we 
propose to move the existing personal services and management contracts 
provisions, as proposed to be amended in this rulemaking, to a new 
paragraph (d)(1).

K. Warranties (1001.952(g))

    In an effort to update the existing safe harbor for warranties at 
42 CFR 1001.952(g) and to promote higher value items covered by 
warranties, we propose to modify the safe harbor to: (i) Protect 
warranties for one or more items and related services upon certain 
conditions; (ii) exclude beneficiaries from the reporting requirements 
applicable to buyers; and (iii) define ``warranty'' directly and not by 
reference to 15 U.S.C. 2301(6). We also propose to make a technical 
correction to paragraph (3)(i) to change the text from ``paragraphs 
(a)(1) and (a)(2) of this section'' to ``paragraphs (g)(1) and (g)(2) 
of this section.'' For ease of reference, we propose to amend the safe 
harbor by moving the undesignated definition at the end of the safe 
harbor to a new paragraph (g)(7).
1. Bundled Warranties
    The warranties safe harbor protects remuneration consisting of 
``any payment or exchange of anything of value under a warranty 
provided by a manufacturer or supplier of an item to the buyer (such as 
a health care provider or beneficiary) of the item,'' as long as the 
buyer and seller comply with the safe harbor's requirements.\80\ We 
confirmed in Advisory Opinion No. 18-10 that this safe harbor applies 
only to warranties for a single item and not to bundled items.\81\ We 
received comments in response to the OIG RFI requesting revisions to 
the warranties safe harbor to protect warranty arrangements that 
pertain to bundled items and services. Commenters suggested that such 
revisions would promote beneficial and innovative arrangements. Based 
on these comments, other input OIG has received, and our own 
consideration of the potential benefits of expanding the warranties 
safe harbor to foster value, we propose to revise the safe harbor to 
protect bundled warranties for one or more items and related services, 
when certain conditions are met. This modification would allow 
manufacturers and suppliers to warrant that a bundle of items or one or 
more items in combination with related services, such as product 
support services, will meet a specified level of performance under a 
warranty agreement.
---------------------------------------------------------------------------

    \80\ 42 CFR 1001.952(g).
    \81\ Adv. Op. No. 18-10, available at https://www.oig.hhs.gov/fraud/docs/advisoryopinions/2018/AdvOpn18-10.pdf.
---------------------------------------------------------------------------

    We believe this proposed modification could promote beneficial 
arrangements between sellers and buyers by allowing them to enter into 
warranty arrangements conditioned on the collective value of the 
warranted items and related services. We also believe this proposed 
modification could enhance the use and utility of warranted items by 
protecting warranties that encompass services, such as support and 
educational services. For example, this proposed modification would 
protect arrangements such as the one at issue in Advisory Opinion No. 
01-08, where the requestor operated a warranty program covering wound 
care products and certain related support services, such as access to a 
wound specialist and an online wound documentation system, that the 
requestor made available to buyers of its products.\82\
---------------------------------------------------------------------------

    \82\ Adv. Op. No. 01-08, available at https://www.oig.hhs.gov/fraud/docs/advisoryopinions/2001/ao01-08.pdf. OIG acknowledged that 
the arrangement at issue in advisory opinion number 01-08 implicated 
the anti-kickback statute and did not fit in the warranties safe 
harbor but approved the arrangement on the basis that it presented a 
sufficiently low risk of fraud and abuse under the anti-kickback 
statute.
---------------------------------------------------------------------------

a. Inclusion of Services in Bundled Warranties
    We are proposing to protect warranty arrangements that apply to one 
or more items and services (provided the warranty covers at least one 
item). This modification would allow manufacturers and suppliers to 
warrant that certain services, in combination with one or more items, 
will result in a specified level of performance.\83\ We are mindful 
that the provision of certain warranted services, such as medication 
adherence services by manufacturers and suppliers, could increase the 
risk of patient harm and inappropriate utilization because 
manufacturers and many suppliers do not necessarily have direct patient 
care responsibilities and thus may not have the same patient safety 
considerations that physicians and providers with direct patient care 
responsibilities have. Using medication adherence services offered by 
drug manufacturers as an example, we are concerned that manufacturers 
may promote patients' adherence to

[[Page 55749]]

prescribed medications, even when a patient is experiencing harmful 
side effects, or the medication is not achieving the purpose for which 
it was prescribed. Because manufacturers have financial incentives for 
patients to use and reorder their medications but do not have the 
medical expertise the prescribing physicians have to determine whether 
continued use of medications is clinically appropriate for a specific 
patient, medication adherence services offered by manufacturers, such 
as phone or message communications directing patients to take their 
medications, could result in patient harm or inappropriate utilization 
of drugs.
---------------------------------------------------------------------------

    \83\ We clarify that our proposed changes would not protect free 
or reduced-price items or services that sellers provide either as 
part of a bundled warranty agreement or ancillary to a warranty 
agreement. Whether a seller's provision of free or reduced-price 
items or services in connection with a warranty arrangement would 
implicate and potentially violate the anti-kickback statute would 
depend on whether other safe harbor protection exists for the 
arrangement, and if not, whether those items or services have 
independent value to a buyer other than for purposes of determining 
whether the terms of a warranty have been met. For example, 
laboratory testing required for patient care may be necessary to 
determine if a warranted outcome was achieved, but the laboratory 
test would have independent value to the buyer. A seller's provision 
of laboratory testing for free or at a reduced charge as part of a 
warranty agreement would implicate the anti-kickback statute. 
Additionally, the provision of medication adherence services for 
free or below fair market value would implicate the anti-kickback 
statute. In contrast, if sellers provide items and services with no 
independent value to a buyer, other than to determine whether the 
conditions of a warranty have been satisfied, the items and services 
may not constitute remuneration under the anti-kickback statute, and 
thus, may not implicate the statute. See OIG Compliance Program 
Guidance for Pharmaceutical Manufacturers, 68 FR 23731, 23735 (May 
5, 2003), for a discussion of pharmaceutical manufacturers' 
provision of limited support services tailored to the manufacturers' 
products that may not implicate the anti-kickback statute.
---------------------------------------------------------------------------

    We are considering safeguards we could include in the final rule to 
protect against these risks, such as a safeguard that would prohibit 
direct patient outreach by a seller offering a warranty but that would 
allow the seller to pay an independent intermediary to perform services 
that require direct patient outreach, as long as compensation for the 
patient outreach services is not tied to the volume or value of any 
warranted item used by the patient.
    Our proposed expansion of this safe harbor does not protect 
warranties covering only services. We believe warranties for services 
that are not tied to one or more related items could present heightened 
fraud and abuse risks. Manufacturers and suppliers could warrant that 
services will achieve certain clinical goals and offer remuneration to 
induce referrals from referral sources under the guise of warranty 
remedies. The services manufacturers and suppliers may offer could take 
many different forms, and it may be difficult to verify whether 
services, which can more subjective in nature than items, failed to 
achieve the clinical goals established by a warranty arrangement. 
Additionally, because the services subject to a warranty may not be 
federally reimbursable, it may be difficult to determine whether the 
services being warranted are bona fide services or sham services 
offered as part of a warranty agreement and designed to transfer 
remuneration to referral sources upon the failure of such services to 
achieve the warranted result. If physicians, for example, could warrant 
that their services will achieve certain clinical results, the 
potential to receive money as a warranty remedy may induce patients to 
select physicians offering warranties over other physicians, 
particularly where the clinical results being warranted are not easily 
achievable, regardless of which physician a patient selects. We are 
considering for the final rule extending safe harbor protection for 
warranties applying only to services if sufficient safeguards exist to 
mitigate these risks, and we are soliciting comments on the potential 
fraud and abuse risks that may arise if we expand the safe harbor to 
include services-only warranties and potential safeguards to mitigate 
these risks.
b. Conditions on Bundled Warranties
    We propose to impose the following conditions on bundled warranty 
arrangements: (i) All federally reimbursable items and services subject 
to bundled warranty arrangements must be reimbursed by the same Federal 
health care program and in the same payment; (ii) a manufacturer or 
supplier must not pay any individual (other than a beneficiary) or 
entity for any medical, surgical, or hospital expense incurred by a 
beneficiary other than for the cost of the items and services subject 
to the warranty; and (iii) manufacturers and suppliers cannot condition 
bundled warranties on the exclusive use of one or more items or 
services or impose minimum-purchase requirements of any items or 
services. We believe these requirements would promote beneficial 
arrangements while protecting beneficiaries and the Federal health care 
programs from harmful practices, such as inappropriate utilization and 
product steering, as explained below.
c. Requirement for Federally Reimbursable Items and Services Subject to 
Bundled Warranty Arrangements To Be Reimbursed by the Same Federal 
Health Care Program and in the Same Payment
    Under a new paragraph (5), we propose to require that all federally 
reimbursable items and services subject to the bundled warranty be 
reimbursed by the same Federal health care program and in the same 
payment. This requirement would be satisfied when federally 
reimbursable items and services subject to a bundled warranty are 
reimbursed by, for example, the same Part A Medicare Severity-Diagnosis 
Related Group (MS-DRG) payment, the same Medicare Part B ambulatory 
payment classification payment, or the same Medicaid managed care 
payment. Allowing sellers to bundle items and services reimbursed by 
different Federal health care program payments could create incentives 
for overutilization or inappropriate utilization of items and services 
included in the bundle. Unlike bundled payments, such as MS-DRG 
payments, payments that reimburse providers separately for each item 
and service they order do not incentivize providers to contain their 
costs because the providers would receive reimbursement for each 
discrete item and service they order, regardless of whether those items 
and services present the best value. Without cost-containment 
incentives, providers may order devices or drugs subject to a bundled 
warranty, regardless of whether lower-cost, equally effective devices 
or drugs are available, because providers would be reimbursed 
separately for each item and reimbursable service and could be eligible 
to receive the full cost of the separately billed items and 
reimbursable services in the bundle if even one item or reimbursable 
service fails to perform as expected.
    We believe these risks are mitigated when bundled warranties apply 
only to federally reimbursable items and services that are reimbursed 
by the same Federal health care program payment, such as under an MS-
DRG payment. However, we are aware that bundled warranties could result 
in barriers to entry for certain manufacturers and suppliers that 
cannot offer bundled warranties, and we are considering for the final 
rule, and solicit comments on, additional safeguards we should include 
to limit the potential anti-competitive effects that bundled warranties 
may have in the drug and device markets. Additionally, we solicit 
specific examples where the protections we propose would not be 
sufficient to protect against anti-competitive conduct.
    We recognize that the proposed requirement above might inhibit 
warranties conditioned on the collective performance of warranted items 
across a patient population (population-based warranties) because these 
items would not be reimbursed in the same payment. We are considering 
whether, and if so, how, we might craft the safe harbor to allow for 
population-based warranties without creating risks of increased costs 
to the Federal health care programs, as described above. For example, 
we are considering for the final rule whether we could require that all 
items and services be reimbursed according to the same payment 
methodology, but not necessarily the same payment, to allow for 
population-based warranties. We solicit comments on this approach and 
the potential benefits and fraud and abuse risks it may present. We 
note that retrospective reconciliation payments, such as those often 
used under the Innovation Center payment models, would not constitute 
one payment, as required under our proposal, when the reconciliation 
payments are paid to one entity but are not direct payment for

[[Page 55750]]

items and services provided only by that entity.
    In addition, we are considering for the final rule, and seek 
comments on, whether we should include any exceptions to the 
requirement that all federally reimbursable items and services subject 
to a bundled warranty be paid by the same payment, such as when bundled 
items are reimbursed according to the same payment under the Medicare 
program but are reimbursed separately under Medicaid. For example, in 
Advisory Opinion No. 18-10, we noted that the items subject to the 
requestor's warranty program were reimbursable under the same MS-DRG 
payment but potentially were separately reimbursable under certain 
states' Medicaid programs. We encourage commenters to provide specific 
examples where an exception may be needed.
2. Capped Amount of Warranty Remedies; Prohibition on Exclusivity and 
Minimum-Purchase Requirements
    We propose to modify paragraph (4) of the safe harbor by limiting 
the remuneration a manufacturer or supplier may pay to any individual 
(other than a beneficiary) or entity for any medical, surgical, or 
hospital expense incurred by a beneficiary to the cost of the items and 
services subject to the warranty. We view this limitation as an 
important protection against manufacturers and suppliers providing 
excessive remuneration to induce further business. In a new paragraph 
(6), we also propose to prohibit manufacturers and suppliers from 
conditioning warranties on the exclusive use of one or more items or 
services and from imposing minimum-purchase requirements of any items 
or services. We view such steering practices as highly problematic and 
solicit comments on the prevalence of these practices in warranty 
arrangements. We also solicit comments on the effectiveness of the 
proposed safeguards in preventing or mitigating fraud and abuse risks, 
as well as additional safeguards we could impose.
3. Reporting Requirements
    Stakeholders have expressed concern that the reporting requirements 
under the safe harbor may not allow for outcomes-based warranty 
arrangements in which buyers could receive return payments from 
manufacturers over several years if a therapy does not meet clinical 
outcomes at designated points in time. We solicit comments on any 
burden the current reporting requirements impose and the need for more 
flexible reporting requirements under the safe harbor to better 
facilitate warranties tied to clinical outcomes. We understand that 
delayed reporting may be necessary when, for example, the efficacy of a 
drug therapy may not be known for several years after the initial 
purchase. We are considering ways in which we could modify the 
reporting requirements under the safe harbor to accommodate outcomes-
based warranty arrangements while protecting the Government's interest 
in having an accurate and timely report of any price reductions a 
seller offers a buyer under a warranty arrangement protected by the 
safe harbor. We also propose to expressly exclude beneficiaries from 
the reporting requirement applicable to other buyers since 
beneficiaries do not report costs to the Government.
4. Definition of ``Warranty''
    We propose to define ``warranty'' directly and not by reference to 
15 U.S.C. 2301(6). The Magnuson-Moss Act enacted 15 U.S.C. 2301, which 
in paragraph (6) defines ``written warranty'' in connection with the 
sale of a ``consumer product.'' However, courts have held that an item 
regulated under the Federal Food, Drug, and Cosmetic Act is not a 
``consumer product'' for purposes of the Magnuson-Moss Act.\84\ The 
reference to 15 U.S.C. 2301(6) in the definition of ``warranty'' 
therefore creates unintentional ambiguity as to whether the safe harbor 
covers warranties for drugs and devices regulated under the Federal 
Food, Drug, and Cosmetic Act. We propose revisions to the definition of 
``warranty'' to clarify that the warranties safe harbor applies to FDA-
regulated drugs and devices.
---------------------------------------------------------------------------

    \84\ See, e.g., Kanter v. Warner-Lambert Co., 99 Cal. App. 4th 
780, 798 (2002); Goldsmith v. Mentor Corp., 913 F. Supp. 56, 63 
(D.N.H. 1995); Kemp v. Pfizer, Inc., 835 F. Supp. 1015, 1024-25 
(E.D. Mich. 1993).
---------------------------------------------------------------------------

    We propose a definition for ``warranty'' that largely models the 
definition in 15 U.S.C. 2301(6) but replaces references to a 
``product,'' where applicable, with ``item or bundle of items, or 
services in combination with one or more related items,'' to allow for 
single-item and bundled warranties. Additionally, the proposed 
definition substitutes references to the ``material'' of a product with 
``quality'' to reflect the inclusion of warranted services in addition 
to items. The proposed definition of ``warranty'' continues to include 
a ``written affirmation of fact or written promise [that] affirms or 
promises that [items and services] . . . will meet a specified level of 
performance over a specified period of time.'' We interpret this 
provision to provide protection for warranty arrangements conditioned 
on clinical outcome guarantees, provided the warranty arrangements meet 
all the safe harbor's requirements.

L. Local Transportation (1001.952(bb))

    Increasingly, experts are recognizing the important role 
transportation plays in patient access to care, quality of care, 
healthcare outcomes, and effective coordination of care for patients, 
particularly for patients who lack their own transportation or who live 
in ``transportation deserts.'' As part of this rulemaking, we are 
revisiting certain provisions of the existing safe harbor for local 
transportation at 42 CFR 1001.952(bb) and, as described above, 
proposing new safe harbor protection for certain patient engagement 
tools and supports. The proposed patient engagement and support safe 
harbor would include transportation services for patients that meet the 
proposed safe harbor requirements.
    We propose to modify the existing safe harbor for local 
transportation at 42 CFR 1001.952(bb) to: (i) Expand the distance which 
residents of rural areas may be transported; and (ii) remove any 
mileage limit on transportation of a patient from a healthcare facility 
from which the patient has been discharged to the patient's residence.
    For purposes of clarification, we also provide guidance on the 
application of the safe harbor to transportation through ride-sharing 
services. We are not proposing to amend the safe harbor to explicitly 
include such services, because we believe that nothing in the existing 
language excludes them from protection.
    Finally, for ease of reference, we propose to amend the safe harbor 
by moving the undesignated definitions set forth in the note to 
paragraph (bb) to a new paragraph (bb)(3).
1. Expansion of Mileage Limit for Patients Residing in Rural Areas
    The safe harbor provides that transportation is protected if 
provided ``[w]ithin 25 miles of the health care provider or supplier to 
or from which the patient would be transported, or within 50 miles if 
the patient resides in a rural area, as defined in this paragraph 
(bb).'' \85\ In response to the OIG RFI, some commenters stated that 
the 50-mile limit for residents of rural areas is insufficient, as many 
rural residents need to travel more than 50 miles to obtain medically 
necessary services. Accordingly, we are proposing to increase the limit 
on transportation of residents of rural communities to 75

[[Page 55751]]

miles, but we solicit comments on whether an increase to 75 miles is 
sufficient. We urge commenters to provide data or other evidence to 
support the most appropriate distance for the purposes of this 
rulemaking. We request that commenters provide specific information, if 
available, about the patients within the commenters' communities or 
service areas who cannot obtain care within the existing distance 
limits. We also seek comments on how an entity would provide 
transportation over distances in excess of 50 miles (e.g., by shuttle, 
as defined in the existing safe harbor), ride-sharing programs, 
reimbursement of mileage, reimbursement of bus or taxi fare, or other 
means. Such information will assist us in determining whether an 
increased distance limit is necessary and practical and whether it is 
likely to be subject to abuse. While the current safe harbor does not 
require any showing of need on the part of patients, we solicit 
comments on whether the final rule should protect transportation in 
excess of the current limits only where there is a demonstration of 
financial, medical, or transportation need. We also solicit comments on 
what safeguards would be necessary to prevent abuse of an expansion of 
these limits for rural or other patients.
---------------------------------------------------------------------------

    \85\ 42 CFR 1001.952(bb)(1)(iv)(B).
---------------------------------------------------------------------------

2. Elimination of Distance Limit on Transportation of Discharged 
Patients
    Comments on the OIG RFI and other information raise concerns about 
patients discharged from healthcare facilities who do not have a ride 
home. In some cases, these patients have been brought to the facility 
from a great distance. Some patients in behavioral health facilities 
are brought to the facility over long distances by law enforcement 
personnel. Commenters urged that the local transportation safe harbor 
be expanded to protect facilities that want to provide safe 
transportation home.
    We agree that transportation home after discharge from an inpatient 
facility does not pose the same level of risk of inducing patient 
referrals as transportation to the facility. Accordingly, we are 
proposing to eliminate any distance limit on transportation of a 
patient who has been discharged from a facility after admission as an 
inpatient, regardless of whether the patient resides in an urban or 
rural area, if the transportation is to the patient's residence, 
another residence of the patient's choice (such as the residence of a 
friend or relative who is caring for the patient post-discharge). We 
are also considering protecting transportation to any location of the 
patient's choice, including to another healthcare facility. We are 
soliciting comment on the fraud and abuse risks that may arise from 
permitting transportation to another healthcare facility. In addition, 
we are considering for the final rule whether, and under what 
circumstances, transportation home or to another facility should be 
protected when a patient has not been admitted to an inpatient 
facility. For example, we are soliciting comments on whether 
transportation should be protected after a patient has been seen in the 
emergency room, under observation status at a hospital for an extended 
period, but not admitted, or after a procedure at an ambulatory surgery 
center (ASC). If transportation is protected under these circumstances, 
we welcome comments on what limitations should be imposed (e.g., 
observation status at a hospital for at least 24 hours, or a procedure 
at an ASC or medical condition evaluated or treated at an emergency 
department that results in a patient being unable to travel home safely 
unaccompanied).
    The safe harbor does not require an entity to offer transportation 
to patients, and an entity may impose its own mileage limits on any 
transportation offer, as long as it imposes such limits consistently 
and makes the transportation available without regard to the volume or 
value of Federal health care program business. For example, the entity 
sponsoring the transportation cannot offer the transportation only to 
facilities affiliated with it.
    As with our proposal to increase the mileage limit for 
transportation of rural patients, we solicit comments on whether 
transportation of discharged patients, if in excess of otherwise 
applicable safe harbor mileage limits, should be limited to patients 
with demonstrated need (either financial need or transportation need), 
and if so, what standards should apply to such demonstration of need. 
Finally, we solicit comments on whether, if this proposal to eliminate 
any mileage limit for discharged patients is adopted, there remains a 
need to increase the distance limit for transportation of patients who 
reside in rural areas.
3. Local Transportation for Health-Related, Non-Medical Purposes
    In the preamble to the final rule establishing the local 
transportation safe harbor, we declined to extend safe harbor 
protection to transportation for purposes other than to obtain 
medically necessary items or services, although we noted that a shuttle 
service protected by the safe harbor could make stops at locations that 
do not relate to a particular patient's medical care. We also stated 
that we would consider in a future rulemaking whether permitting 
transportation to non-medical services that are part of care 
coordination arrangements or are related to improving healthcare would 
be appropriate.\86\
---------------------------------------------------------------------------

    \86\ See 81 FR 88368, 88384 (Dec. 7, 2016).
---------------------------------------------------------------------------

    In response to the OIG RFI, we received comments suggesting that 
the local transportation safe harbor should protect transportation for 
non-medical purposes that may nevertheless improve or maintain health. 
Such transportation might be to food stores or food banks, social 
services facilities (such as to apply for food stamps or housing 
assistance), exercise facilities, or chronic disease support groups, 
for example. In many cases, such transportation might help address both 
patients' health outcomes as well as social determinants of health, 
such as transportation, nutrition, and housing. We are considering 
including non-medical purposes in the final safe harbor, and we seek 
comments on whether and how the safe harbor could be expanded in this 
manner to foster innovative arrangements that are likely to improve 
health outcomes and address non-medical needs that significantly 
influence those outcomes, without creating an unacceptable risk of 
fraud and abuse, such as inducing beneficiaries to receive unnecessary 
healthcare items and services. We are considering whether such 
expansion of the safe harbor should be limited to certain beneficiary 
populations, such as chronically ill patients, or to patients who are 
being discharged from a hospital or other facility. Responses to this 
solicitation of comments will inform our consideration of potentially 
extending this safe harbor in the final rule to include these 
arrangements or potentially protecting arrangements in the patient 
engagement and support safe harbor, if finalized.
    Elsewhere in this rulemaking, we are proposing a new safe harbor 
for patient engagement tools and supports provided by VBE participants, 
which could include transportation for health-related, non-medical 
purposes. The protection of this safe harbor would not be available 
outside the context of a VBE, however, since the proposed safe harbor 
limits protection to patient engagement tools and supports furnished by 
VBE participants. We refer commenters to the standards and safeguards 
proposed for the separate safe harbor for patient engagement tools and 
supports (proposed at

[[Page 55752]]

1001.952(hh)), and we solicit comments on whether these standards and 
safeguards are also appropriate for the local transportation safe 
harbor, to the extent that were to apply to transportation for non-
medical purposes. In addition, we seek comments on whether an extension 
of the local transportation safe harbor in this manner is needed or 
appropriate, if the proposed separate safe harbor for patient 
engagement and support offered by VBE participants is adopted (proposed 
1001.952(hh)).
4. Use of Ride-Sharing Services
    We are aware that some entities are providing transportation for 
medical items and services through the use of ride-sharing services. As 
we understand the use of these services, a hospital, for example, could 
arrange with a ride-sharing service to provide rides for its patients, 
for which the hospital would be billed. We are aware that some members 
of the public may be uncertain about the application of the safe harbor 
in these circumstances.
    In the preamble to the final rule establishing the local 
transportation safe harbor, we noted the possibility that patient 
transportation would be provided via taxi.\87\ Although we did not 
explicitly refer to ride-sharing services, we see no difference between 
these services and taxis, for purposes of the safe harbor. We believe 
that nothing in the language of the safe harbor precludes their use. 
(By the same logic, the safe harbor does not preclude transportation 
via self-driving cars or other similar technology that serve as a taxi 
service, should they become available.) We invite any commenters who 
disagree to provide comments explaining the possible basis for the 
exclusion of ride-sharing programs from protection from the existing 
safe harbor. If we find such comments persuasive, we will consider an 
amendment to the safe harbor to explicitly protect transportation 
through ride-sharing programs.
---------------------------------------------------------------------------

    \87\ 81 FR at 88387.
---------------------------------------------------------------------------

    We note, however, that the same safe harbor requirements that apply 
to other forms of transportation also apply to transportation provided 
by ride-sharing services. These include the requirement that the 
availability of free or discounted transportation not be advertised. A 
taxi company, ride-sharing service, or other provider of transportation 
could advertise that it provides transportation to medical appointments 
and suggest contacting medical providers to determine if free or 
discounted transportation is available to their facilities. It cannot, 
however, advertise that it provides free or discounted transportation 
to a particular healthcare provider or group of providers. Such 
customer-specific advertising is within the control of the customer to 
prohibit, and therefore would be imputed to the customer (i.e., the 
entity paying for the transportation, regardless of whether that entity 
pays for the advertising), thus disqualifying the arrangement from safe 
harbor protection.
    To the extent that the ride-sharing service provides services other 
than transportation for the purpose of obtaining medical care, such 
services would not be protected by the safe harbor. Like a taxi driver, 
a ride-share driver could assist a patient in getting from a residence 
into a vehicle and from a vehicle into a medical provider's facility, 
and this could include assisting the patient with a wheelchair, oxygen 
equipment, or the like. This would be considered part of the 
transportation service. In addition, a ride-sharing driver, taxi 
driver, or shuttle could, for example, provide the patient with 
transportation from a physician's office or hospital to a pharmacy, for 
the purpose of obtaining a prescription (a medically necessary item) 
before taking the patient home. As noted in the preamble to the 2016 
final rule establishing this safe harbor, a shuttle could also include 
a food store among its stops.\88\ However, transportation to a food 
store or any other location not for the purpose of obtaining medically 
necessary items or services, when provided on a patient-specific basis 
(i.e., not by a shuttle), is not protected by this safe harbor. Such 
transportation may be protected by the proposed safe harbor for value-
based arrangements, as discussed elsewhere in this proposed rule.
---------------------------------------------------------------------------

    \88\ 81 FR 88384.
---------------------------------------------------------------------------

    Finally, we note that, as with all safe harbors, the local 
transportation safe harbor applies only to the Federal anti-kickback 
statute (and the beneficiary inducements CMP). Providers of 
transportation remain subject to all other federal, state and local 
laws and regulations that may be applicable to their activities and 
arrangements.

M. ACO Beneficiary Incentive Program

1. Overview of Medicare Shared Savings Program and Provisions of the 
Budget Act of 2018 for ACO Beneficiary Incentive Programs
    Section 1899 of the Act established the Medicare Shared Savings 
Program, which promotes accountability for a patient population, 
fosters coordination of items and services under Medicare Parts A and 
B, encourages investment in infrastructure and redesigned care 
processes for high-quality and efficient healthcare service delivery, 
and promotes higher value care. The Medicare Shared Savings Program is 
a voluntary program that encourages groups of doctors, hospitals, and 
other healthcare providers to come together as an ACO to lower growth 
in expenditures and improve quality. An ACO agrees to be held 
accountable for the quality, cost, and experience of care of an 
assigned Medicare FFS beneficiary population. ACOs that successfully 
meet quality and savings requirements share a percentage of the 
achieved savings with Medicare.
    Section 1899(m)(1)(A) of the Act, as added by section 50341 of the 
Budget Act of 2018,\89\ permits ACOs under certain two-sided models to 
operate CMS-approved beneficiary incentive programs to provide 
incentive payments to assigned beneficiaries who receive qualifying 
primary care services. According to CMS, and as intended by section 
1899(m)(1)(A) of the Act, the beneficiary incentive programs will 
encourage beneficiaries assigned to certain ACOs to obtain medically 
necessary primary care services while requiring such ACOs to comply 
with program integrity and other requirements.\90\ CMS, in a final rule 
establishing regulations governing ACO Beneficiary Incentive Programs 
states that the agency ``believe[s] that such amendments will empower 
individuals and caregivers in care delivery.'' \91\
---------------------------------------------------------------------------

    \89\ Public Law 115-123, 132 Stat. 64.
    \90\ Medicare Program; Medicare Shared Savings Program; 
Accountable Care Organizations--Pathways to Success and Extreme and 
Uncontrollable Circumstances Policies for Performance Year 2017, 83 
FR 67816, 67823 (Dec. 31, 2018).
    \91\ Id. at 67980.
---------------------------------------------------------------------------

    Specifically, the Budget Act of 2018 added section 1899(m)(1)(A) of 
the Act, which allows ACOs to apply to operate an ACO Beneficiary 
Incentive Program. The Budget Act of 2018 also added a new subsection 
(m)(2) to section 1899 of the Act, which provides clarification 
regarding the general features, implementation, duration, and scope of 
approved ACO Beneficiary Incentive Programs. In addition, the Budget 
Act of 2018 added section 1899(b)(2)(I) of the Act, which requires ACOs 
that seek to operate a beneficiary incentive program to apply to 
operate the program at such time, in such manner, and with such 
information as the Secretary may require.\92\
---------------------------------------------------------------------------

    \92\ For additional background information on section 1899(m) 
and 1899(b)(2)(I), see Medicare Program; Medicare Shared Savings 
Program; Accountable Care Organizations--Pathways to Success and 
Extreme and Uncontrollable Circumstances Policies for Performance 
Year 2017, 83 FR 67816 (Dec. 31, 2018).

---------------------------------------------------------------------------

[[Page 55753]]

    In order to implement the changes set forth in section 1899(b)(2) 
and (m) of the Act, CMS added regulation text at 42 CFR 425.304(c) that 
allows ACOs participating under certain two-sided models to establish 
CMS-approved beneficiary incentive programs to provide incentive 
payments to assigned beneficiaries who receive qualifying services.
2. ACO Beneficiary Incentives Program Statutory Exception and Proposed 
Safe Harbor (1001.952(kk))
    Section 50341(b) of the Budget Act of 2018, which added section 
1128B(b)(3)(K) of the Act, states that ``illegal remuneration'' under 
the anti-kickback statute does not include ``. . . an incentive payment 
made to a Medicare fee-for-service beneficiary by an ACO under an ACO 
Beneficiary Incentive Program established under subsection (m) of 
section 1899, if the payment is made in accordance with the 
requirements of such subsection and meets such other conditions as the 
Secretary may establish.''
    We propose to codify the statutory exception to the definition of 
``remuneration'' at section 1128B(b)(3)(K) of the Act in our 
regulations at proposed paragraph 1001.952(kk). We propose to adopt 
regulatory language nearly identical to the statutory language, with 
two exceptions. First, the text of the proposed safe harbor would make 
it clear that an ACO may furnish incentive payments only to assigned 
beneficiaries. Second, the safe harbor would modify the statutory 
language stating, ``if the payment is made in accordance with the 
requirements of such subsection,'' to ``if the incentive payment is 
made in accordance with the requirements found in such subsection.'' 
Note that we do not propose the establishment of any additional safe 
harbor conditions that incentive payments made by an ACO to an assigned 
beneficiary under an ACO Beneficiary Incentive Program established 
under section 1899(m) of the Act must satisfy.
    The ACO Beneficiary Incentive Program statutory exception, found at 
section 1128B(b)(3)(K) of the Act, requires that ``the payment is made 
in accordance with the requirements of [section 1899(m)].'' We read 
this provision to broadly incorporate all of the requirements found in 
section 1899(m) as requirements of the ACO Beneficiary Incentive 
Program statutory exception to the definition of ``remuneration'' under 
the Federal anti-kickback statute. In other words, we believe that for 
an incentive payment to satisfy the ACO Beneficiary Incentive Program 
statutory exception, and the corresponding safe harbor proposed at 
paragraph 1001.952(kk), all of the requirements enumerated at section 
1899(m)--related both to ACO Beneficiary Incentive Programs and 
incentive payments made pursuant to such programs--must, and would be 
required to, be satisfied.
    While section 1899(m) of the Act also includes a provision that 
states, ``[t]he Secretary shall permit such an ACO to establish such a 
program at the Secretary's discretion and subject to such requirements, 
including program integrity requirements, as the Secretary determines 
necessary,'' \93\ we do not interpret the statutory exception found at 
section 1128B(b)(3)(K) of the Act to require satisfaction of any 
requirements found outside of section 1899(m) (e.g., the regulatory 
requirements established by CMS implementing the ACO Beneficiary 
Incentive Program, found at 42 CFR 425.304(c)).\94\ In other words, OIG 
interprets the statutory exception found at section 1128B(b)(3)(K) of 
the Act and would interpret the corresponding safe harbor proposed at 
paragraph 1001.952(kk), to require that the incentive payment is made 
in accordance with the requirements found in section 1899(m) of the 
Act.
---------------------------------------------------------------------------

    \93\ Section 1899(m)(1)(A) of the Act.
    \94\ CMS, in the final rule establishing the ACO Beneficiary 
Incentive Program, determined that the ACO Beneficiary Incentive 
Program required additional program integrity safeguards. CMS 
included several requirements at 42 CFR 425.304(c) to help mitigate 
the program integrity risks associated with ACO Beneficiary 
Incentive Programs. Under 42 CFR 425.304(c)(4)(iv), for example, 
ACOs are prohibited from offering an incentive payment as part of an 
advertisement or solicitation to beneficiaries.
---------------------------------------------------------------------------

    Given the requirements imposed on ACO Beneficiary Incentive 
Programs and incentive payments made pursuant to an ACO Beneficiary 
Incentive Program, found in section 1899(m), at this time, we do not 
believe it is necessary to create additional conditions under the 
proposed ACO Beneficiary Incentives Program safe harbor, paragraph 
1001.952(kk). However, we are considering and seek comment on whether 
OIG should include additional conditions in this safe harbor.

IV. Provisions of the Proposed Rule: Beneficiary Inducements CMP 
Exception

    This proposed rule would amend 42 CFR 1003.110 by codifying 
amendments that were enacted in the Budget Act of 2018. This proposed 
rule would add an exception for the provision of certain telehealth 
technologies related to in-home dialysis services to the definition of 
``remuneration'' applicable to the beneficiary inducements CMP, which 
prohibits offering inducements to Medicare or Medicaid beneficiaries 
that the offeror knows or should know are likely to influence the 
selection of particular providers, practitioners or suppliers.

A. Statutory Exception for Telehealth Technologies for In-Home Dialysis

    As part of the Creating High-Quality Results and Outcomes Necessary 
to Improve Chronic Care Act of 2018, section 50302 of the Budget Act of 
2018 amends section 1881(b)(3) of the Act to permit an individual with 
ESRD receiving home dialysis to elect to receive their monthly ESRD-
related clinical assessments via telehealth, if certain other 
conditions are met.\95\ Section 50302(c) of the Budget Act of 2018 
creates a new exception to the definition of ``remuneration'' in the 
beneficiary inducements CMP. Specifically, section 50302(c) of the 
Budget Act of 2018 adds the following exception as new section 
1128A(i)(6)(J) of the Act:
---------------------------------------------------------------------------

    \95\ Section 50302(b) of the Budget Act of 2018 made additional 
changes related to the provision of telehealth services to ESRD 
patients, such as the inclusion of a renal dialysis facility and the 
home of an individual as telehealth originating sites but only for 
the purposes of the monthly ESRD-related clinical assessments 
furnished through telehealth provided under section 1881(b)(3)(B) of 
the Act. For additional information, see Medicare Program; Revisions 
to Payment Policies Under the Physician Fee Schedule and Other 
Revisions to Part B for CY 2019; Medicare Shared Savings Program 
Requirements; Quality Payment Program; Medicaid Promoting 
Interoperability Program; Quality Payment Program-Extreme and 
Uncontrollable Circumstance Policy for the 2019 MIPS Payment Year; 
Provisions From the Medicare Shared Savings Program-Accountable Care 
Organizations-Pathways to Success; and Expanding the Use of 
Telehealth Services for the Treatment of Opioid Use Disorder Under 
the Substance Use-Disorder Prevention That Promotes Opioid Recovery 
and Treatment (SUPPORT) for Patients and Communities Act 83 FR 
59452, 59495 (Nov. 23, 2018), available at https://www.govinfo.gov/content/pkg/FR-2018-11-23/pdf/2018-24170.pdf. See also 42 CFR 
410.78, 414.65.
---------------------------------------------------------------------------

    The provision of telehealth technologies (as defined by the 
Secretary) on or after January 1, 2019, by a provider of services or a 
renal dialysis facility (as such terms are defined for purposes of 
title XVIII) to an individual with end stage renal disease who is 
receiving home dialysis for which payment is being made under part B of 
such title, if:

[[Page 55754]]

    (i) The telehealth technologies are not offered as part of any 
advertisement or solicitation;
    (ii) the telehealth technologies are provided for the purpose of 
furnishing telehealth services related to the individual's end stage 
renal disease; and
    (iii) the provision of the telehealth technologies meets any other 
requirements set forth in regulations promulgated by the Secretary.
    This exception would be available only for telehealth technologies, 
as defined below, furnished by a provider of services or a renal 
dialysis facility to patients with ESRD who receive in-home dialysis 
that is payable by Medicare Part B. We propose to interpret this 
exception, in our proposed condition (i), to require that the 
telehealth technologies be furnished to the individual by the provider 
of services or the renal dialysis facility (as those terms are defined 
in title XVIII of the Act) that is currently providing the in-home 
dialysis, telehealth visits, or other ESRD care to the patient. The 
underlying intent of this proposed condition (i) is to prevent 
arrangements where providers and suppliers offer telehealth 
technologies to patients with whom they do not have a prior clinical 
relationship in an attempt to steer patients to a particular provider 
or supplier. We seek comment on this proposed condition (i), and in 
particular, any challenges this condition would create. In addition, 
while we are aware of the increasing proliferation of telehealth 
services, and the likely desire of other healthcare industry 
stakeholders to furnish telehealth technologies to patients receiving 
telehealth services, the statutory exception, and therefore, this 
proposal, is limited to a subset of patients receiving in-home dialysis 
and certain, enumerated providers in the statutory exception. We 
further note that the provision of telehealth technologies might 
qualify for protection under other existing or proposed exceptions or 
safe harbors, including the proposed safe harbor for patient engagement 
and support, paragraph 1001.952(hh). That being said, we seek comment 
on whether we should, for purposes of the final rule, interpret the 
statutory exception to apply not only to the ``provider of services or 
the renal dialysis facility (as those terms are defined in tile XVIII 
of the Act),'' but also suppliers, as defined in title XVIII of the 
Act. We solicit comments on this issue, in recognition of the 
underlying congressional intent and policy goals set forth in Section 
50302(b) of the Budget Act of 2018: Expanding patient access to in-home 
dialysis care, furnished by their physician.
    The first criterion included in the statutory exception provides 
that protected items or services may not be offered as part of any 
advertisement or solicitation. We are including this requirement in our 
proposed regulation at proposed condition (ii). As we have said in 
other rulemakings, we propose that stakeholders interpret the terms 
``advertisement'' and ``solicitation'' consistent with their common 
usage in the healthcare industry.\96\
---------------------------------------------------------------------------

    \96\ See, e.g., 81 FR 88368, 88373 (Dec. 7, 2016).
---------------------------------------------------------------------------

    The second criterion included in the statutory exception requires 
the telehealth technologies to be provided for the purpose of 
furnishing telehealth services related to the individual's ESRD. At 
proposed condition (iii), we propose to interpret ``for the purpose of 
furnishing telehealth services related to the individual's end stage 
renal disease'' to mean that the technology contributes substantially 
to the provision of telehealth services related to the individual's 
ESRD, is not of excessive value, and is not duplicative of technology 
that the beneficiary already owns if that technology is adequate for 
the telehealth purposes. We would consider technology to be of 
excessive value if the retail value of the technology is substantially 
more than is required for the telehealth purpose. For example, if a 
readily available $300 smartphone would adequately run the telehealth 
technology, the safe harbor would not protect a donation of a $600 
smartphone. To ensure that this proposed safe harbor protects the 
provision of telehealth technologies ``for the purpose of furnishing 
telehealth services related to the individual's end stage renal 
disease'' and not to induce referrals, we are also considering for the 
final rule, and seek comment on, a condition that would require the 
provider or facility to retain ownership of any hardware and make 
reasonable efforts to retrieve the hardware once the beneficiary no 
longer needs it for the permitted telehealth purposes (such that the 
hardware is loaned to the beneficiary).
    We remain concerned that the provision of telehealth technology 
with substantial independent value to the beneficiary might serve to 
induce the beneficiary to choose a particular provider or facility. We 
are considering, and solicit comments about, whether the final rule 
should interpret ``for the purpose of furnishing telehealth services 
related to the individual's end stage renal disease'' in a more 
restrictive manner. For example, we are considering for the final rule 
and seek comments on whether the exception should protect telehealth 
technologies that provide the beneficiary with no more than a de 
minimis benefit for any purpose other than furnishing telehealth 
services related to the individual's ESRD. We also are considering for 
the final rule and seek comments on another standard that would protect 
telehealth technologies only when furnished predominantly for the 
purpose of furnishing telehealth services related to the individual's 
ESRD.
    We propose to interpret ``telehealth services related to the 
individual's end stage renal disease'' to mean only those telehealth 
services paid for by Medicare Part B. CMS maintains a list of services 
payable under the Medicare Physician Fee Schedule when furnished via 
telehealth. We solicit comments on this interpretation.
    The statutory exception's third criterion allows the Secretary to 
develop additional requirements not specified in the statutory 
exception and requires the Secretary to define ``telehealth 
technologies.'' Below we propose a definition of ``telehealth 
technologies'' and further enumerate requirements under the new 
exception to the definition of ``remuneration'' for the beneficiary 
inducements CMP.

B. Additional Proposed Conditions for the Telehealth Technologies 
Exception

    Under proposed condition (iv), a person must not bill Federal 
health care programs, other payors, or individuals for the telehealth 
technologies, claim the value of the item or service as a bad debt for 
payment purposes under a Federal health care program, or otherwise 
shift the burden of the value of the telehealth technologies onto a 
Federal health care program, other payors, or individuals. This 
proposed requirement is designed to protect against the telehealth 
technologies resulting in inappropriately increased costs to Federal 
health care programs, other payors, and patients. In this requirement, 
we propose to prohibit claiming the cost of the telehealth technologies 
and any operational costs attendant to providing telehealth 
technologies as bad debt for payment purposes under Medicare or a State 
healthcare program or otherwise shifting the burden of the cost of the 
telehealth technologies and any operational costs attendant to the 
provision of patient incentives to Medicare, a State healthcare 
program, other payors, or individuals. We seek comments on this 
proposed condition.

[[Page 55755]]

C. Defining Telehealth Technologies

    We propose to define ``telehealth technologies'' for the purposes 
of the definition of the term ``remuneration'' as set forth in 42 CFR 
1003.110 and the telehealth technologies exception to section 50302(c) 
of the Budget Act of 2018. In proposing such definition, we consulted 
with CMS and solicited comments in the OIG RFI regarding how OIG should 
define ``telehealth technologies'' and if the definition should include 
``services.'' Based on the collective input we received, we propose to 
adopt, as part of our definition of ``telehealth technologies,'' the 
definition of ``interactive telecommunications system'' found at 42 CFR 
410.78. Under 42 CFR 410.78, Medicare Part B pays for covered 
telehealth services included on the telehealth list when furnished 
using an ``interactive telecommunications system'' if certain 
conditions are met. 42 CFR 410.78(a)(3) defines an ``interactive 
telecommunications system'' to mean ``multimedia communications 
equipment that includes, at a minimum, audio and video equipment 
permitting two-way, real-time interactive communication between the 
patient and distant site physician or practitioner. Telephones, 
facsimile machines, and electronic mail systems do not meet the 
definition of an interactive telecommunications system.''
    For the purposes of this exception, we propose to define 
``telehealth technologies'' as the following: ``multimedia 
communications equipment that includes, at a minimum, audio and video 
equipment permitting two-way, real-time interactive communication 
between the patient and distant site physician or practitioner used in 
the diagnosis, intervention or ongoing care management--paid for by 
Medicare Part B--between a patient and the remote healthcare provider. 
Telephones, facsimile machines, and electronic mail systems do not meet 
the definition of `telehealth technologies.' '' For the purposes of our 
definition of ``telehealth technologies,'' smart phones that allow for 
two-way, real-time interactive communication through secure, video 
conferencing applications would not be considered ``telephones.'' We 
solicit comments this definition, and are interested in comments that 
explain whether, and why, this definition would be too narrow, or too 
broad, and elaborate upon any attendant risks of fraud and abuse 
associated with the adoption of this definition. We also solicit 
comments on whether ``[t]elephones, facsimile machines, and electronic 
mail systems,'' as used in in 42 CFR 410.78(a)(3), should be excluded 
from our definition of ``telehealth technologies.'' We are also 
considering for the final rule, and seek comment on, whether to define 
``telehealth technologies'' to include technologies such as software, a 
webcam, data plan, or broadband internet access that facilitates the 
telehealth encounter. This might include, for example, software that 
allows a patient to use his or her existing smartphone, tablet, or 
computer to receive telehealth consultations. We are interested in 
comments on whether and how broadening the exception to include these 
kinds of technologies might impact access to medically necessary care 
for beneficiaries. We are further interested in comments on whether 
such broadening would create an undue risk of remuneration that would 
inappropriately steer beneficiaries to particular providers or 
suppliers to obtain federally reimbursable items and services, and 
whether there would be limitations or conditions on the provision of 
telehealth technologies that we could include in an exception to curb 
potential abuses, such as a limitation on the value of the remuneration 
(e.g., a cap on the retail value of the telehealth technologies 
furnished, such as $100, $200, $500, or another amount that would be of 
sufficient magnitude to protect the most beneficial arrangements while 
also preventing the most abusive ones).

D. Other Potential Safeguards

1. Consistent Provision of Telehealth Technologies
    In addition to the proposed conditions set forth above, we are 
considering for the final rule and seek comment on whether, as a 
condition of safe harbor protection, parties should be prohibited from 
discriminating in the offering of telehealth technologies. Such a safe 
harbor condition would require providers and renal dialysis facilities 
to provide the same telehealth technologies to any Medicare Part B 
eligible patient receiving in-home dialysis, or to otherwise 
consistently offer telehealth technologies to all patients satisfying 
specified, uniform criteria. This potential condition could reduce the 
likelihood that telehealth technologies would be offered selectively 
based on whether the patient generates other billable business for the 
provider or facility. We solicit comments on this issue. In particular, 
we are interested in understanding whether this proposed safeguard 
would limit providers of services' or renal dialysis facilities' 
ability to offer incentives due to the potential cost of furnishing the 
incentive to all qualifying patients rather than a smaller subset. 
Similarly, we are int