Grants, Contracts, and Other Agreements: Fraud and Abuse; Information Blocking; Office of Inspector General's Civil Money Penalty Rules, 22979-22992 [2020-08451]

Agencies

• DEPARTMENT OF HEALTH AND HUMAN SERVICES
• Office of Inspector General

[Federal Register Volume 85, Number 80 (Friday, April 24, 2020)]
[Proposed Rules]
[Pages 22979-22992]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-08451]



[[Page 22979]]

-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of Inspector General

42 CFR Parts 1003 and 1005

RIN 0936-AA09


Grants, Contracts, and Other Agreements: Fraud and Abuse; 
Information Blocking; Office of Inspector General's Civil Money Penalty 
Rules

AGENCY: Office of Inspector General (OIG), HHS.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: This proposed rule would amend the civil money penalty (CMP or 
penalty) rules of the Department of Health and Human Services (HHS or 
Department) Office of Inspector General (OIG) to: Incorporate new 
authorities for CMPs, assessments, and exclusions related to HHS 
grants, contracts, other agreements; incorporate new CMP authorities 
for information blocking; and increase the maximum penalties for 
certain CMP violations.

DATES: To ensure consideration, comments must be delivered to the 
address provided below by no later than 11:59 p.m. Eastern Standard 
Time on June 23, 2020.

ADDRESSES: In commenting, please reference file code OIG-2605-P. 
Because of staff and resource limitations, we cannot accept comments by 
facsimile (fax) transmission. However, you may submit comments using 
one of three ways (no duplicates, please):
    1. Electronically. You may submit electronically through the 
Federal eRulemaking Portal at https://www.regulations.gov. (Attachments 
should be in Microsoft Word, if possible.)
    2. By regular, express, or overnight mail. You may mail your 
printed or written submissions to the following address: Aaron S. 
Zajic, Office of Inspector General, Department of Health and Human 
Services, Attention: OIG-2605-P, Cohen Building, 330 Independence 
Avenue SW, Room 5527, Washington, DC 20201.
    Please allow sufficient time for mailed comments to be received 
before the close of the comment period.
    3. By hand or courier. You may deliver, by hand or courier, before 
the close of the comment period, your printed or written comments to: 
Aaron S. Zajic, Office of Inspector General, Department of Health and 
Human Services, Attention: OIG-2605-P, Cohen Building, 330 Independence 
Avenue SW, Room 5527, Washington, DC 20201.
    Because access to the interior of the Cohen Building is not readily 
available to persons without Federal Government identification, 
commenters are encouraged to schedule their delivery with one of our 
staff members at (202) 619-0335.
    Inspection of Public Comments: All comments received before the end 
of the comment period will be posted on https://www.regulations.gov for 
public viewing. Hard copies will also be available for public 
inspection at the Office of Inspector General, Department of Health and 
Human Services, Cohen Building, 330 Independence Avenue SW, Washington, 
DC 20201, Monday through Friday from 8:30 a.m. to 4 p.m. To schedule an 
appointment to view public comments, phone (202) 619-0335.

FOR FURTHER INFORMATION CONTACT:  Robert Penezic at (202) 205-3211, 
Office of Counsel to the Inspector General.

SUPPLEMENTARY INFORMATION: 

I. Executive Summary:

A. Purpose and Need for Regulatory Action

    This proposed rule seeks to address three issues: (1) The amendment 
of the Civil Monetary Penalties Law (CMPL), 42 U.S.C. 1320a-7a, by the 
21st Century Cures Act (Cures Act), Public Law 114-255, sec. 5003, 
authorizing HHS to impose CMPs, assessments, and exclusions upon 
individuals and entities that engage in fraud and other misconduct 
related to HHS grants, contracts, and other agreements (42 U.S.C. 
1320a-7a(o)-(s)); (2) the amendment of the Public Health Service Act 
(PHSA), 42 U.S.C. 300jj-52, by the Cures Act authorizing OIG to 
investigate claims of information blocking and providing the Secretary 
of HHS (Secretary) authority to impose CMPs for information blocking; 
and (3) the increase in penalty amounts in the CMPL effected by the 
Bipartisan Budget Act of 2018 (BBA 2018), Public Law 115-123. Each of 
these issues is discussed further below.
    First, this proposed rule would modify 42 CFR parts 1003 and 1005 
to add HHS's new authority related to fraud and other misconduct 
involving grants, contracts, and other agreements into the existing 
regulatory framework for the imposition and appeal of CMPs, 
assessments, and exclusions. The additions would: (1) Expressly 
enumerate in the regulation, HHS's grant, contract, and other agreement 
fraud and misconduct CMPL authority; and (2) give individuals and 
entities sanctioned for fraud and other misconduct related to HHS 
grants, contracts, and other agreements, the same procedural and appeal 
rights that currently exist under 42 CFR parts 1003 and 1005 for those 
sanctioned under the CMPL and other statutes for fraud and other 
misconduct related to, among other things, the Federal health care 
programs. We propose to codify these new authorities and their 
corresponding sanctions in the regulations at Sec. Sec.  1003.110, 
1003.130, 1003.140, 1003.700, 1003.710, 1003.720, 1003.1550, 1003.1580, 
and 1005.1.
    Second, Section 4004 of the Cures Act added sec. 3022 to the PHSA, 
42 U.S.C. 300jj-52, which, among other provisions, provides OIG the 
authority to investigate claims of information blocking and authorizes 
the Secretary to impose CMPs against a defined set of individuals and 
entities that OIG determines committed information blocking. 
Investigating and taking enforcement action against individuals and 
entities that engage in information blocking is consistent with OIG's 
history of investigating serious misconduct that impacts HHS programs 
and beneficiaries. Information blocking can pose a threat to patient 
safety and undermine efforts by providers, payers, and others to make 
our health system more efficient and effective. Addressing the negative 
effects of information blocking is consistent with OIG's mission to 
protect the integrity of HHS programs, as well as the health and 
welfare of program beneficiaries.
    We propose to implement 3022(b)(2)(C), which requires information 
blocking CMPs to follow the procedures of sec. 1128A of the Act. 
Specifically, the proposed rule would add the information blocking CMP 
authority to the existing regulatory framework for the imposition and 
appeal of CMPs, assessments, and exclusions (42 CFR parts 1003 and 
1005), pursuant to the PHSA sec. 3022(b)(2)(C) (42 U.S.C. 300jj-
52(b)(2)(C)). The proposed modifications would give individuals and 
entities subject to CMPs for information blocking the same procedural 
and appeal rights that currently exist under 42 CFR parts 1003 and 
1005. We propose to codify this new information blocking authority at 
Sec. Sec.  1003.1400, 1003.1410, and 1003.1420. The proposed rule also 
explains OIG's anticipated approach to enforcement and coordination 
within HHS to implement the information blocking authorities.
    The Office of the National Coordinator for Health Information 
Technology (ONC) has finalized the

[[Page 22980]]

information blocking regulations in the Cures Act final rule in 45 CFR 
part 171 (ONC Final Rule). This proposed rule incorporates by reference 
the relevant information blocking regulations in the ONC Final Rule as 
the basis for imposing CMPs and determining the amount of penalty 
imposed.
    Finally, on February 9, 2018, the President signed into law the 
Bipartisan Budget Act of 2018 (BBA 2018). Section 50412 of the BBA 2018 
(42 U.S.C. 1320a-7a(a), (b)) amended the CMPL to increase the amounts 
of certain civil money penalties. The proposed regulation would codify 
the increased civil money penalties at 42 CFR part 1003. Specifically, 
for conformity with the CMPL as amended by the BBA 2018, we propose to 
revise the civil money penalties contained at Sec. Sec.  1003.210, 
1003.310, and 1003.1010.

B. Legal Authority

    The legal authority for this regulatory action is found in the 
Social Security Act (Act) and the PHSA, as amended by the Cures Act and 
the BBA 2018. The legal authority for the proposed changes is listed by 
the parts of Title 42 of the Code of Federal Regulations (CFR) that we 
propose to modify:

1003: 42 U.S.C. 1320a-7a(a)-(b), (o)-(s); 42 U.S.C. 300jj-52
1005: 42 U.S.C. 1320a-7a(o)-(s); 42 U.S.C. 300jj-52

C. Summary of Major Provisions

    This proposed rule incorporates into OIG's CMP regulations at 42 
CFR parts 1003 and 1005 two new CMP authorities established by the 
Cures Act related to: (1) Fraud and other misconduct involving HHS 
grants, contracts, and other agreements; and (2) information blocking. 
The proposed rule also incorporates into 42 CFR part 1003, new maximum 
CMP amounts for certain offenses, as set by the BBA 2018.
    In the context of HHS grants, contracts and other agreements, the 
Cures Act authorizes CMPs, assessments, and exclusions for:
     Knowingly presenting or causing to be presented a 
specified claim under a grant, contract, or other agreement that a 
person knows or should know is false or fraudulent;
     knowingly making, using, or causing to be made or used, 
any false statement, omission, or misrepresentation of a material fact 
in any application, proposal, bid, progress report, or other document 
that is required to be submitted in order to directly or indirectly 
receive or retain funds provided in whole or in part by HHS pursuant to 
a grant, contract, or other agreement;
     knowingly making, using, or causing to be made or used, a 
false record or statement material to a false or fraudulent specified 
claim under a grant, contract, or other agreement;
     knowingly making, using, or causing to be made or used, a 
false record or statement material to an obligation to pay or transmit 
funds or property to HHS with respect to a grant, contract, or other 
agreement;
     knowingly concealing or knowingly and improperly avoiding 
or decreasing an obligation to pay or transmit funds or property to HHS 
with respect to a grant, contract, or other agreement; and
     failing to grant timely access, upon reasonable request, 
to OIG, for the purposes of audits, investigations, evaluations, or 
other statutory functions of OIG in matters involving grants, 
contracts, or other agreements.
    In the context of information blocking, the Cures Act authorizes 
CMPs for:
     Any practice that is likely to interfere with, prevent, or 
materially discourage access, exchange, or use of electronic health 
information if this practice is conducted by a developer of certified 
health information technology (health IT), an entity offering certified 
health IT, a health information exchange, or a health information 
network, and the developer of certified health IT, entity offering 
certified health IT, health information exchange, or health information 
network knows or should know that this practice is likely to interfere 
with, prevent, or materially discourage the access, exchange, or use of 
electronic health information.
    The ONC Final Rule implements certain Cures Act information 
blocking provisions, including defining terms and establishing 
reasonable and necessary exceptions to the definition of information 
blocking. OIG and ONC have coordinated extensively on both the ONC 
Final Rule and this proposed rule to align both regulatory actions. We 
propose to incorporate by reference the regulatory definitions and 
exceptions from the ONC Final Rule related to information blocking in 
45 CFR part 171 as the basis for imposing CMPs and determining the 
amount of penalty imposed. These regulatory definitions, penalties for 
information blocking, and applicable procedures are reflected in the 
proposed regulations.
    We further propose changes to the CMP regulations at 42 CFR part 
1003 for conformity with the civil penalty amounts contained in the 
Act, as amended by the BBA 2018.

II. Background

    For over 35 years, OIG has exercised the authority to impose CMPs, 
assessments, and exclusions in furtherance of its mission to protect 
Federal health care and other Federal programs from fraud, waste, and 
abuse. OIG recently received new CMP authorities, granted under the 
Cures Act, related to fraud and other prohibited conduct involving HHS 
grants, contracts, other agreements, and information blocking. OIG also 
received authority through the BBA 2018 to impose larger CMPs for 
certain offenses committed after February 9, 2018.

A. Overview of OIG Civil Money Penalty Authorities

    The CMPL (sec. 1128A of the Act, 42 U.S.C 1320a-7a) was enacted in 
1981 to provide HHS with the statutory authority to impose CMPs, 
assessments, and exclusions upon individuals and entities that commit 
fraud and other misconduct related to the Federal health care programs, 
including Medicare and Medicaid. The Secretary delegated the CMPL's 
authorities to OIG. 53 FR 12993 (April 20, 1988). HHS has promulgated 
regulations at 42 CFR parts 1003 and 1005 that: (1) Enumerate specific 
bases for the imposition of CMPs, assessments, and exclusion under the 
CMPL and other CMP statutes; (2) set forth the appeal rights of 
individuals and entities subject to those sanctions; and (3) outline 
the procedures under which a sanctioned party may appeal the sanction. 
Since 1981, Congress has created various other CMP authorities related 
to fraud and abuse that were delegated by the Secretary to OIG and 
added to part 1003.

B. The Cures Act and the ONC Final Rule

    The Cures Act amended the CMPL to give HHS the authority to impose 
CMPs, assessments, and exclusions upon persons that commit fraud and 
other misconduct related to HHS grants, contracts, and other 
agreements. 42 U.S.C. 1320a-7a(o)-(s). This authority allows for the 
imposition of sanctions for a wide variety of fraudulent and improper 
conduct involving HHS grants, contracts, and other agreements, 
including, among other things, the making of false or fraudulent 
specified claims to HHS, the submission of false or fraudulent 
documents to HHS, and the creation of false records related to HHS 
grants, contracts, or other agreements. The authority applies to a 
broad array of situations in which HHS provides funding, directly or 
indirectly, in whole or in part, pursuant to a grant,

[[Page 22981]]

contract, or other agreement. The Cures Act also created a new set of 
definitions related to grant, contract, and other agreement fraud and 
misconduct, outlined the sanctions for violation of the statute, and 
referenced the procedures to be used when imposing sanctions under the 
statute.
    In addition, sec. 4004 of the Cures Act added sec. 3022 of the 
PHSA, which defines conduct that constitutes information blocking by 
developers of health IT, entities offering certified health IT, health 
information exchanges, health information networks, and health care 
providers. Specifically, sec. 3022(a) of the PHSA defines information 
blocking as: ``a practice that--(A) except as required by law or 
specified by the Secretary pursuant to rulemaking under paragraph (3), 
is likely to interfere with, prevent, or materially discourage access, 
exchange, or use of electronic health information; and (B)(i) if 
conducted by a health information technology developer, exchange, or 
network, such developer, exchange, or network knows, or should know, 
that such practice is likely to interfere with, prevent, or materially 
discourage the access, exchange, or use of electronic health 
information; or (ii) if conducted by a health care provider, such 
provider knows that such practice is unreasonable and is likely to 
interfere with, prevent, or materially discourage access, exchange, or 
use of electronic health information.'' Section 3022(a)(3) of the PHSA 
further provides that the Secretary shall, through rulemaking, identify 
reasonable and necessary activities that do not constitute information 
blocking. Section 3022(a)(4) of the PHSA states that the term 
``information blocking'' does not include any conduct that occurred 
before January 13, 2017.
    Section 3022(b)(1) of the PHSA authorizes OIG to investigate claims 
of information blocking by individuals and entities described in sec. 
3022(a) of the PHSA, and also authorizes OIG investigations of claims 
that health IT developers or other entities offering certified health 
IT have submitted false attestations under the ONC Health IT 
Certification Program (sec. 3001(c)(5) of the PHSA). Section 
3022(b)(2)(A) authorizes the Secretary to impose CMPs not to exceed $1 
million per violation, on health IT developers or other entities 
offering certified health IT, health information exchanges, and health 
information networks that OIG determines committed information 
blocking. Section 3022(b)(2)(A) also provides that a determination to 
impose CMPs shall consider factors such as the nature and extent of the 
information blocking and harm resulting from such information blocking, 
including, where applicable, the number of patients affected, the 
number of providers affected, and the number of days the information 
blocking persisted. Section 3022(b)(2)(C) of the PHSA applies the 
procedures of sec. 1128A of the Act to civil money penalties imposed 
under sec. 3022(b)(2) of the PHSA in the same manner as such provisions 
apply to a civil money penalty or proceeding under such sec. 1128A(a) 
of the Act. This proposed rule would implement sec. 3022(b)(2)(A) and 
(C) of the PHSA.
    Further, Section 3022(b)(2)(B) of the PHSA provides that any health 
care provider determined by OIG to have committed information blocking 
shall be referred to the appropriate agency to be subject to 
appropriate disincentives using authorities under applicable Federal 
law, as the Secretary sets forth through notice and comment rulemaking. 
This proposed rule only addresses OIG's imposition of CMPs for 
information blocking by health IT developers or other entities offering 
certified health IT, health information exchanges, and health 
information networks. This proposed rule does not apply to health care 
providers who engage in information blocking.\1\ However, health care 
providers that also meet the definition of a health information 
exchange or health information network as defined in the ONC Final Rule 
would be subject to information blocking CMPs. Once established, OIG 
will coordinate with, and send referrals to, the agency or agencies 
identified in future rulemaking by the Secretary that will apply the 
appropriate disincentive for health care providers that engage in 
information blocking, consistent with sec. 3022(b)(2)(B).
---------------------------------------------------------------------------

    \1\ While health care providers are not subject to information 
blocking CMPs, many must currently comply with separate statutes and 
regulations related to information blocking. Prior to the enactment 
of the Cures Act, Congress enacted the Medicare Access and CHIP 
Reauthorization Act of 2015 (MACRA), Public Law 114-10, which, in 
part, requires a health care provider to demonstrate that it has not 
knowingly and willfully taken action to limit or restrict the 
compatibility or interoperability of Certified Electronic Health 
Record (EHR) Technology. To implement these provisions, the Centers 
for Medicare & Medicaid Services (CMS) established and codified 
attestation requirements to support the prevention of information 
blocking, which consist of three statements containing specific 
representations about a health care provider's implementation and 
use of Certified EHR technology (81 FR 77028 through 77035).
---------------------------------------------------------------------------

    The Cures Act also identifies ways for ONC, OCR, and OIG to 
consult, refer, and coordinate. For example, sec. 3022(b)(3) of the 
PHSA states that OIG may refer instances of information blocking to OCR 
where a consultation regarding the health privacy and security rules 
promulgated under sec. 264(c) of the Health Insurance Portability and 
Accountability Act of 1996 (42 U.S.C. 1320d-2 note) (HIPAA) will 
resolve such information blocking claims. Additionally, sec. 3022(d)(1) 
requires ONC to share information with OIG as required by law. For 
additional discussion related to coordination, see section III.A.5 of 
the preamble.
    We intend that the provisions of the ONC Final Rule and the OIG 
proposed rule will work in tandem and that each will inform the 
public's understanding of the other. As a result, we encourage parties 
to read this proposed rule together with the ONC Final Rule. ONC's 
Final Rule will define ``information blocking,'' define specific terms 
related to information blocking, and implement reasonable and necessary 
exceptions to the definition of information blocking. OIG's proposed 
rule will describe the parameters and procedures applicable to 
information blocking CMPs.

C. The Bipartisan Budget Act of 2018

    The BBA 2018 amended the CMPL to increase certain civil money 
penalty amounts contained in 42 U.S.C. 1320a-7a(a) and (b). The BBA 
2018 increased maximum civil money penalties in sec. 1128A(a) of the 
Act (42 U.S.C. 1320a-7a) from $10,000 to $20,000; from $15,000 to 
$30,000; and from $50,000 to $100,000. The BBA 2018 increased maximum 
civil money penalties in sec. 1128A(b) of the Act from $2,000 to $5,000 
in paragraph (1), from $2,000 to $5,000 in paragraph (2), and from 
$5,000 to $10,000 in paragraph (3)(A)(i). This statutory increase in 
civil money penalty amounts is effective for acts committed after the 
date of enactment, February 9, 2018. This proposed rule would update 
our regulations to reflect the increased civil money penalties 
authorized by the 2018 BBA amendments.

III. Provisions of the Proposed Rule

A. Civil Money Penalty, Assessment, and Exclusion Authorities Under 42 
CFR Part 1003

1. Subpart A--General Provisions
    Subpart A contains the general provisions that apply to part 1003. 
The proposed changes revise the ``Basis and Purpose'' and 
``Definitions'' sections of subpart A to incorporate into part 1003 
OIG's new statutory authorities to impose sanctions related to grants, 
contracts, and other agreements, and information blocking.

[[Page 22982]]

Sec.  1003.100--Basis and Purpose
    We propose to add the statutory authority for OIG's imposition of 
information blocking CMPs--sec. 3022 of the PHSA (42 U.S.C. 300jj-52)--
to the list of statutory CMP provisions that appears in Sec.  1003.100.
Sec.  1003.110--Definitions
    We propose to make several changes to the ``Definitions'' section 
at Sec.  1003.110 to add and revise definitions to incorporate OIG's 
new authorities into part 1003.
Department, Obligation, Other Agreement, Program Beneficiary, 
Recipient, Specified Claim, Specified State Agency
    We propose to add the statutory definitions of the terms 
``Department,'' ``obligation,'' ``other agreement,'' ``program 
beneficiary,'' ``recipient,'' ``specified claim,'' and ``specified 
State agency'' (codified at 42 U.S.C. 1320a-7a(q)-(s)) to Sec.  
1003.110. There are two differences between the statutory definitions 
and proposed regulatory definitions. First, the proposed regulatory 
definitions of ``specified State agency'' and ``obligation'' contain 
internal citations to regulatory--not statutory--provisions. Second, we 
propose to define the term ``recipient'' to clarify that the term means 
all persons (excluding program beneficiaries as defined in Sec.  
1003.110) directly or indirectly receiving money or property under a 
grant, contract, or other agreement funded in whole or in part by the 
Secretary, including subrecipients and subcontractors. We believe based 
upon the structure and purpose of the statute that Congress intended 
the term ``recipient'' to apply to any person that directly or 
indirectly receives money or property from the Secretary under a grant, 
contract, or other agreement, and authorized HHS to impose penalties, 
assessments, and exclusions against any individual or entity that 
commits acts in its interactions with these recipients that violate 42 
U.S.C. 1320a-7a(o)(1)-(4).
Reasonable Request
    The Cures Act provided HHS with the authority to impose CMPs, 
assessments, and exclusions for the failure ``to grant timely access, 
upon reasonable request (as defined by such Secretary in regulations), 
to the Inspector General of the Department, for the purpose of audits, 
investigations, evaluations, or other statutory functions of such 
Inspector General in matters involving such grants, contracts, or other 
agreements.'' 42 U.S.C. 1320a-7a(o)(5). This statutory language largely 
mirrors the language of 42 U.S.C. 1320a-7a(a)(9), which has for many 
years given HHS the authority to impose sanctions for the failure to 
grant timely access to OIG, upon reasonable request, ``for the purpose 
of audits, investigations, evaluations, or other statutory functions'' 
of OIG. Because the statutory language of 42 U.S.C. 1320a-7a(o)(5) and 
42 U.S.C. 1320a-7a(a)(9) are similar, and based upon OIG's experience 
enforcing 42 U.S.C. 1320a-7a(a)(9), we believe the definition of 
``Reasonable Request'' that currently appears in Sec.  1003.110 and 
applies to CMP actions under 42 U.S.C. 1320a-7a(a)(9) for failure to 
grant timely access upon reasonable request to OIG in the healthcare 
fraud context, should be extended to circumstances involving grants, 
contracts, and other agreements. As such, we propose to amend Sec.  
1003.110 (Definitions--Reasonable Request) to apply the definition of 
``Reasonable Request'' to actions under 42 U.S.C. 1320a-7a(o)(5) for 
failure ``to grant timely access, upon reasonable request (as defined 
by such Secretary in regulations), to the Inspector General of the 
Department, for the purpose of audits, investigations, evaluations, or 
other statutory functions of such Inspector General in matters 
involving such grants, contracts, or other agreements.''
Sec. 1003.130--Assessments
    We propose to add the term ``specified State agency'' to Sec.  
1003.130 to conform the language of Sec.  1003.130 to the Cures Act 
changes to the CMPL. This revision would make explicit that assessments 
imposed under part 1003 are in lieu of damages sustained not only by 
the Department or a State agency, but also by a ``specified State 
agency,'' a term that is defined by 42 U.S.C. 1320a-7a(q)(6) and 
differs from the term ``State agency'' defined by 42 U.S.C. 1320a-
7a(i)(1). The statutory definition of the term ``specified State 
agency'' is also being added to Sec.  1003.110.
Sec. 1003.140--Determinations Regarding the Amount of Penalties and 
Assessments and the Period of Exclusion
    We propose to change the cross-reference in Sec.  1003.140(c)(3) 
from ``as defined by paragraph (e)(2) of this section'' to ``as defined 
by paragraph (d)(2) of this section'' to correct a scrivener's error 
from a prior amendment of part 1003, which took place on December 7, 
2018. 81 FR 88354. We also propose to add a new subsection (5) to 
section Sec.  1003.140(d), stating that the penalty amounts in part 
1003 are adjusted annually for inflation. We are proposing this 
addition because we are proposing to eliminate footnotes 1 through 12 
in part 1003 to simplify those sections.
2. Subpart B--CMPs, Assessments, and Exclusions for False or Fraudulent 
Claims or Other Similar Misconduct
    We propose to modify Sec. Sec.  1003.210 and 1003.310 to conform 
the subpart to the BBA 2018 amendments to the CMPL regarding the 
increase of CMP amounts. We propose to add text to each provision that 
provides a penalty amount to reflect the increased penalty amounts in 
the BBA 2018 for the applicable time periods. We also propose to delete 
footnotes 1-12, which are found in Sec. Sec.  1003.210, 1003.310, 
1003.410, 1003.510, 1003.610, 1003.810, 1003.910, 1003.1010, 1003.1110, 
1003.1210, and 1003.1310. The proposed deletions accompany a parallel 
proposal to add a new Sec.  1003.140(d)(5), stating that penalty 
amounts are adjusted annually. We are proposing these technical changes 
to state the annual adjustment to penalty amounts once in the ``General 
Provisions'' sections rather than repetitively in footnotes.
Sec. 1003.210--Amount of Penalties and Assessments
    We propose to modify the text of Sec.  1003.210, regarding the 
amount of penalties, to reflect the BBA 2018 penalty increases in 42 
U.S.C. 1320a-7a(a) and (b). Specifically, in paragraphs (a)(1), (3), 
(4), and (8), we propose to insert the phrase ``for conduct that 
occurred on or before February 9, 2018, and not more than $20,000 for 
conduct that occurred after February 9, 2018,'' after ``$10,000'' to 
conform to the BBA 2018 amendments to the CMPL regarding the increase 
of CMP amounts. In paragraph (a)(3), we further propose to insert a 
comma after the words ``per day'' for grammatical clarity.
    In paragraphs (a)(2) and (9), we propose to insert the phrase ``for 
conduct that occurred on or before February 9, 2018, and not more than 
$30,000 for conduct that occurred after February 9, 2018,'' after 
``$15,000,'' to conform to the BBA 2018 amendments to the CMPL.
    In paragraphs (a)(6) and (7), we propose to insert the phrase ``for 
conduct that occurred on or before February 9, 2018, and not more than 
$100,000 for conduct that occurred after February 9, 2018,'' after 
``50,000'' to conform to the BBA 2018 amendments to the CMPL.
    In paragraph (a)(10)(i), we propose to insert ``for conduct that 
occurred on or

[[Page 22983]]

before February 9, 2018, and $10,000 for conduct that occurred after 
February 9, 2018,'' after ``5,000'' to conform to the BBA 2018 
amendments to the CMPL.
Sec.  1003.310--Amount of Penalties and Assessments
    Similarly, for Sec.  1003.310, we propose to modify the text 
regarding the amount of penalties to reflect the BBA 2018 penalty 
increases to 42 U.S.C. 1320a-7a(a)(7). In paragraph (a)(3), we propose 
to insert ``for conduct that occurred on or before February 9, 2018, 
and $100,000 for conduct that occurred after February 9, 2018,'' after 
``50,000'' to conform to the BBA 2018 amendments to the CMPL.
3. Subpart G--CMPs, Assessments, and Exclusions for Fraud or False 
Claims or Similar Conduct Related to Grants, Contracts, and Other 
Agreements
    We propose to add a new subpart G that would codify in regulation 
OIG's new authority under the Cures Act to impose CMPs, assessments, 
and exclusions for fraud, false claims, and similar conduct related to 
HHS grants, contracts, and other agreements. Subpart G would also 
identify the maximum assessments and penalties that OIG may impose 
under part 1003 and aggravating and mitigating factors OIG may consider 
when imposing sanctions.
Sec.  1003.700--Basis for Civil Money Penalties, Assessments, and 
Exclusions
    New Sec.  1003.700 would enumerate in regulation the new CMP 
offenses in 42 U.S.C. 1320a-7a(o) created by the Cures Act related to 
fraud and other misconduct involving grants, contracts, and other 
agreements, which provided OIG with the authority to impose CMPs, 
assessments, and exclusions for a variety of abusive conduct involving 
important HHS programs that provide many billions of dollars in funding 
every year. The five distinct categories of offenses, which would be 
enumerated in regulation at Sec.  1003.700(a)(1) through (5), make 
sanctionable a variety of fraudulent or otherwise improper conduct 
related to HHS grants, contracts, and other agreements.
    First, OIG may impose sanctions against any person that knowingly 
presents or causes to be presented a specified claim related to a 
grant, contract or other agreement that a person knows or should know 
is false or fraudulent. A ``specified claim'' includes an application, 
request, or demand for money or property under a grant, contract, or 
other agreement, and would include a request for a drawdown or other 
payment that is made to a computerized payment administration system 
like the HHS Payment Management System. Second, OIG may impose 
sanctions against any person who knowingly makes, uses, or causes to be 
made or used any false statement, omission, or misrepresentation of a 
material fact in any of the wide array of documents (such as 
applications, proposals, bids, or progress reports) that are required 
to be submitted in order to directly or indirectly receive or retain 
funds provided in whole or in part pursuant to an HHS grant, contract, 
or other agreement. Third, OIG is authorized to impose sanctions 
against any person who knowingly makes, uses, or causes to be made or 
used, false records or statements material to false or fraudulent 
specified claims under a grant, contract, or other agreement. Fourth, 
OIG has authority to sanction any person who knowingly conceals, 
avoids, or decreases an obligation to pay or transmit funds or property 
with respect to a grant, contract, or other agreement, or knowingly 
makes, uses, or causes to be made or used, a false record or statement 
material to such an obligation. Finally, OIG is authorized to impose 
sanctions for a person's failure to grant timely access upon reasonable 
request to OIG personnel who are carrying out audits, evaluations, 
investigations, and other statutory functions related to grants, 
contracts, and other agreements. The regulatory text in proposed Sec.  
1003.700 is consistent with the statutory language of 42 U.S.C. 1320a-
7a(o), with technical modifications to change internal cross-references 
to regulatory provisions, not statutory provisions.
    The statutory authority to impose CMPs, assessments, and exclusions 
under 42 U.S.C. 1320a-7a(o) applies to a wide array of situations in 
which HHS provides funding, directly or indirectly, in whole or in 
part, pursuant to a grant, contract, or other agreement. Regarding 
OIG's authority to impose sanctions for conduct involving ``other 
agreements,'' the statutory definition of ``other agreement'' under 42 
U.S.C. 1320a-7a(q)(3) is broad and identifies a non-exclusive list of 
arrangements that could constitute ``other agreements'' under the 
statute. When OIG investigates potential misconduct under the statute 
and decides whether to impose sanctions, it will evaluate each matter 
on a case-by-case basis to determine whether the funding arrangement at 
issue constitutes an ``other agreement'' under the statute and if the 
conduct at issue violates the statute.
Sec.  1003.710--Amount of Penalties and Assessments
    We propose to add a new Sec.  1003.710 that codifies in the 
regulation the maximum statutory penalties and assessments OIG may 
impose for violation of the new offenses for grant, contract, and other 
agreement fraud and misconduct. As with proposed Sec.  1003.700, the 
regulatory language of proposed Sec.  1003.710 is consistent with the 
statutory language of 42 U.S.C. 1320a-7a(o) that establishes the 
maximum penalties and assessments for violations of the statute, with 
only slight technical modifications to change internal citations to 
regulatory provisions, not statutory provisions. Penalties authorized 
under 42 U.S.C. 1320a-7a(o) range from a maximum of $10,000 per offense 
to a maximum of $50,000 per offense, and OIG may impose an assessment 
of not more than three times the amount involved with the improper 
conduct.
Sec.  1003.720--Determinations Regarding the Amount of Penalties and 
Assessments and Period of Exclusion
    We propose to add a new Sec.  1003.720 to identify factors that OIG 
may consider in conjunction with Sec.  1003.140 as aggravating and 
mitigating factors when imposing penalties, assessments, and exclusions 
resulting from violations of the Cures Act's new grant, contract, and 
other agreement fraud and misconduct offenses. This list of factors is 
not all-inclusive and largely mirrors the list of circumstances already 
established under Sec.  1003.220 that OIG may consider as aggravating 
and mitigating when imposing penalties, assessments, and exclusions for 
violations of Sec.  1003.200 related to the fraudulent or false 
submission of healthcare claims. Based upon OIG's experience enforcing 
CMPs against health care providers and others, this non-exhaustive set 
of factors provides a framework to aid OIG in assessing the severity of 
the conduct at issue when determining the size and scope of the 
penalties, assessments, and exclusions to be imposed. The factors as 
stated for assessing violations in the healthcare context are also 
applicable in assessing violations of grant, contract, and other 
agreement fraud and misconduct offenses.
    Proposed Sec.  1003.720 states that OIG should consider it a 
mitigating circumstance if the violations included in an action brought 
under proposed Sec.  1003.700 were of the same type and occurred within 
a short period of time, there were few such violations, and the total 
amount claimed or requested

[[Page 22984]]

related to the violations was less than $5,000. The proposed list of 
mitigating circumstances is nearly identical to the list of mitigating 
circumstances in Sec.  1003.220(a), which OIG currently uses to 
determine the amount of the penalty and assessment and period of 
exclusion imposed in actions brought under Sec.  1003.200 for CMPL 
violations related to the submission of false or fraudulent healthcare 
claims. Like the proposed Sec.  1003.720(a), it is considered 
mitigating in the healthcare fraud context under Sec.  1003.220(a), if 
the total amount claimed or requested for the items or services at 
issue was less than $5,000.
    Proposed Sec.  1003.720 also identifies a non-exclusive list of 
factors that OIG could consider as aggravating circumstances in actions 
brought under proposed Sec.  1003.700, including if: (1) The violations 
were of several types or occurred over a lengthy period of time; (2) 
there were many such violations (or the nature and circumstances 
indicate a pattern of false or fraudulent specified claims, requests 
for payment, or a pattern of violations); (3) the amount requested or 
claimed or related to the violations was $50,000 or more; or (4) the 
violation resulted, or could have resulted, in physical harm to any 
individual. As with the proposed mitigating factors, the proposed 
aggravating factors are consistent with the aggravating factors listed 
in Sec.  1003.220(b) that OIG currently uses to determine the amount of 
the penalty and assessment and period of exclusion imposed in actions 
brought under Sec.  1003.200 for conduct related to the submission of 
false or fraudulent healthcare claims. For example, like the proposed 
Sec.  1003.720(b)(3), it is considered aggravating under Sec.  
1003.220(b)(3) if the total amount claimed or requested for the items 
or services at issue was more than $50,000.
    We solicit comments on other aggravating or mitigating 
circumstances OIG should consider when imposing penalties, assessments, 
and exclusions under its new grant, contract, and other agreement CMP 
authority.
4. Subpart J--CMPs, Assessments, and Exclusions for Beneficiary 
Inducement Violations
    We propose to modify Sec.  1003.1010 to conform to the BBA 2018 
amendments to the CMPL regarding the increase of CMP amounts.
Sec.  1003.1010--Amount of Penalties and Assessments
    We propose to modify the text of Sec.  1003.1010, regarding the 
amount of penalties, to reflect the BBA 2018 penalty increases to 42 
U.S.C. 1320a-7a(a)(5). In paragraph (a), we propose to insert ``for 
conduct that occurred on or before February 9, 2018, and $20,000 for 
conduct that occurred after February 9, 2018,'' after ``$10,000'' to 
conform to the BBA 2018 amendments to the CMPL.
5. Subpart N--CMPs for Information Blocking
    OIG has a long and successful history of investigating serious 
conduct that negatively affects HHS programs and program beneficiaries. 
Investigating and taking enforcement action against individuals and 
entities that engage in information blocking is consistent with this 
history. Information blocking can pose a threat to patient safety and 
undermine efforts by providers, payers, and others to make our health 
system more efficient and effective. Addressing the negative effects of 
information blocking is consistent with OIG's mission to protect the 
integrity of HHS programs, as well as the health and welfare of program 
beneficiaries.
    We are aware that some individuals and entities subject to 
information blocking CMPs may not be familiar, or may have limited 
experience, with OIG's enforcement authorities, especially OIG's other 
CMP authorities in 42 CFR part 1003. To address potential questions or 
concerns, we explain our anticipated approach to information blocking 
enforcement, including our expected priorities. The following 
information regarding OIG's anticipated approach to information 
blocking enforcement is not a regulatory proposal, and is provided for 
information only. This preamble discussion of enforcement priorities is 
not binding on OIG and does not impose any legal restrictions related 
to OIG's discretion to choose which information blocking complaints to 
investigate.
    OIG has significant experience investigating and taking enforcement 
action for conduct that is subject to other CMPs. For example, OIG 
investigates and imposes CMPs on individuals and entities that submit 
false claims to health care programs (i.e., healthcare fraud). For over 
35 years, OIG has conducted other CMP investigations and enforcement 
and will use this institutional knowledge to ensure effective 
enforcement of the information blocking provision. OIG's investigation 
of information blocking allegations and exercise of discretion 
regarding penalties would utilize similar methods and techniques 
appropriately tailored to each complaint's unique facts and 
circumstances.
    As with other conduct that OIG has authority to investigate, OIG 
has discretion to choose which information blocking complaints to 
investigate. To maximize efficient use of OIG's resources, OIG focuses 
on selecting cases for investigation that are consistent with 
enforcement priorities.
    Based on our current expectations, OIG's enforcement priorities 
will include conduct that: (i) Resulted in, is causing, or had the 
potential to cause patient harm; (ii) significantly impacted a 
provider's ability to care for patients; (iii) was of long duration; 
(iv) caused financial loss to Federal health care programs, or other 
government or private entities; or (v) was performed with actual 
knowledge. We expect these priorities will evolve as OIG gains more 
experience investigating information blocking.
    We emphasize that information blocking--as defined in sec. 
3022(a)(1)(B)(i) of the PHSA and in 45 CFR 171.103(b)--includes an 
element of intent (``if conducted by a health information technology 
developer, exchange, or network, such developer, exchange, or network 
knows, or should know, that such practice is likely to interfere with, 
prevent, or materially discourage the access, exchange, or use of 
electronic health information''). OIG lacks the authority to pursue 
information blocking CMPs against actors who OIG concludes did not have 
the requisite intent. Consequently, OIG will not bring enforcement 
actions against actors who OIG determined made innocent mistakes (i.e., 
lack the requisite intent for information blocking). OIG has 
significant experience and expertise investigating and determining 
whether to take an enforcement action based on other laws that are 
intent-based (e.g., the CMPL and the Federal anti-kickback statute). 
This history will inform our use of discretion to take action against 
individuals and entities who we conclude have the requisite intent.
    Each allegation of information blocking will be assessed based on 
its own merits given the unique facts and circumstances presented. We 
will closely coordinate with ONC given its separate, but related, 
authority under the PHSA and its program expertise related to the 
information blocking regulations. Additionally, consistent with sec. 
3022(b)(3)(A) of the PHSA, OIG may refer an information blocking claim 
to OCR if a consultation regarding the health privacy and security 
rules promulgated under sec. 264(c) of HIPAA would resolve an 
information blocking claim. Depending on the facts and circumstances of 
the claim, OIG may exercise its discretion in referring individuals and 
entities to consult with

[[Page 22985]]

OCR to resolve information blocking claims. In exercising that 
discretion, OIG will coordinate closely with OCR for referrals under 
sec. 3022(b)(3)(A) of the PHSA.
    Section 3022(d)(4) requires the Secretary, to the extent possible, 
to ensure that information blocking penalties do not duplicate penalty 
structures that would otherwise apply with respect to information 
blocking and the type of individual or entity involved as of the day 
before the date of enactment of the Cures Act. OIG will closely 
coordinate with other agencies within HHS, such as ONC and OCR, as well 
as other Federal agencies, such as the Department of Justice and the 
Federal Trade Commission, to ensure that any information blocking 
penalties do not duplicate other penalties structures that would 
otherwise apply with respect to information blocking conduct. In this 
way, OIG will exercise its enforcement discretion in a manner that is 
consistent with this section.
    We propose to add a new subpart N that would codify in the 
regulation OIG's authority under the Cures Act to impose CMPs for 
information blocking.
    OIG will not begin enforcing the information blocking CMPs until 
the OIG CMP information blocking regulations are effective. We are 
proposing that the effective date of these regulations be 60 days from 
the date of publication of our final rule. We are also considering an 
alternative proposal for the effective date of subpart N described in 
detail later in this preamble.
    We appreciate that information blocking is newly regulated conduct. 
We also understand the significant negative effect that information 
blocking can have on patient safety, care coordination in the 
healthcare system, and the ability of patients and providers to have 
information to make informed, appropriate decisions about important 
healthcare decisions. The goal in exercising our enforcement discretion 
is to provide individuals and entities that are taking necessary steps 
to comply with the ONC Final Rule with time to do so while putting the 
industry on notice that penalties will apply to information blocking 
conduct within a reasonable time.
    Recognizing that goal, OIG is providing notice through publication 
of this proposed rule that enforcement will begin 60 days after our 
rule is final. We note that section 3022(b) of the PHSA is self-
implementing and the only explicit timing limitation of the information 
blocking provision is in section 3022(a)(4) of the PHSA.
    Notwithstanding that legal authority, OIG emphasizes that we will 
exercise our enforcement discretion to impose CMPs against actors who 
have engaged in information blocking after the effective date of our 
final rule. Conduct that occurs before the effective date of our final 
rule will not be subject to information blocking CMPs. Even though we 
are proposing that enforcement of information blocking will not begin 
until 60 days after our rule is final, individuals and entities subject 
to the information blocking regulations must comply with the ONC Final 
Rule as of the compliance date for 45 CFR part 171, finalized at 45 CFR 
171.101(b). The period between the compliance date of the ONC Final 
Rule and the proposed start of OIG's information blocking enforcement 
will provide individuals and entities with time to come into compliance 
with the ONC Final Rule with added certainty that practices during that 
period will not be subject to penalties. We believe the proposed 
effective date of 60 days after publication of the OIG final rule 
provides a reasonable amount of time for individuals and entities to 
come into compliance with ONC's Final Rule.
    We are also considering for the final rule an alternative proposal 
for the effective date to apply only to subpart N of part 1003, which 
would also affect the start of OIG's information blocking enforcement. 
The alternative proposal would establish a specific date that OIG's 
information blocking CMP regulations would be effective. Specifically, 
we are considering for the final rule an effective date of October 1, 
2020 for subpart N of part 1003. By considering this specific, 
effective date, we seek to provide entities a time certain that OIG 
enforcement will begin. As discussed above, individuals and entities 
are legally subject to the information blocking regulations and must 
comply with those rules as of the compliance date of ONC's Final Rule 
finalized at 45 CFR 171.101(b). This alternative proposal would provide 
a definite period to these individuals and entities to continue their 
compliance efforts with the ONC Final Rule with the knowledge that 
their conduct would not be subject to OIG enforcement until October 1, 
2020. OIG believes that this time frame would be more than adequate for 
actors to implement necessary changes to align with ONC's Final Rule. 
At a minimum, enforcement would not begin until the compliance date of 
the ONC Final Rule finalized at 45 CFR 171.101(b).
    Having a specific date to target may assist in the execution and 
timing of amending agreements, issuing updates, or other actions needed 
to comply with the ONC Final Rule. We recognize that proposing a 
specific effective date would require OIG to complete the final 
rulemaking process before this proposed specific date. We have 
considered that factor and believe this alternative proposal allows 
time for that process.
    We solicit comment on these proposed approaches for the effective 
date of OIG's information blocking CMP regulations, which would 
subsequently determine the start of OIG's information blocking 
enforcement. We are considering alternative effective dates that are 
sooner or later than October 1, 2020, and are interested in comments on 
potential dates and explanations about why parties would need a longer 
or shorter time period to come into compliance with the ONC Final Rule.
    We emphasize that these proposed effective dates are only 
applicable to the information blocking provisions, and not the grant, 
contract, and other agreement fraud and misconduct CMP provisions of 
the proposed rule. The grant, contract, and other agreement fraud and 
misconduct CMP provisions of the proposed rule will go into effect 30 
days after publication of the final rule.
Sec.  1003.1400--Basis for Civil Money Penalties
    We propose to add a new Sec.  1003.1400 at subpart N that would 
codify the new information blocking CMP authority by incorporating the 
relevant provisions of 45 CFR part 171 established by the ONC Final 
Rule. These provisions subject health IT developers of certified health 
IT, which includes other entities offering certified health IT as 
defined in part 45 CFR part 171, health information networks, and 
health information exchanges to CMPs if OIG determines, following an 
investigation, that they have committed information blocking.\2\ Among 
other things, the ONC Final Rule establishes regulatory definitions 
related to information blocking and identifies reasonable and necessary 
activities that do not constitute information blocking for purposes of 
sec. 3022(a)(1) of the PHSA. OIG investigations of information blocking 
will utilize ONC's regulatory definitions and exceptions to information 
blocking to assess conduct by health IT developers of certified 
technology, entities offering certified health IT, health information 
networks, health information exchanges, and health care providers. 
Enforcement action using the CMP authority implemented by PHSA sec.

[[Page 22986]]

3022(b)(2)(A), will similarly depend on the information blocking 
regulations in the ONC Final Rule.
---------------------------------------------------------------------------

    \2\ In the ONC final rule, the definition of ``health 
information exchange'' and ``health information network'' were 
combined. See 45 CFR 171.102, definition of ``health information 
network or health information exchange.''
---------------------------------------------------------------------------

    We are proposing new regulatory text at Sec.  1003.1400 
implementing OIG's information blocking CMP authority. The proposed 
rule incorporates 45 CFR 171.103(b) with regard to the types of actors 
that may be liable for CMPs and also the information blocking 
provisions in 45 CFR part 171 to determine the conduct that triggers 
the information blocking CMP authority. By incorporating the ONC 
regulations, OIG enforcement will rely on the regulatory definition of 
information blocking and the related exceptions.
    With the addition of the new information blocking CMP to part 1003, 
the public can gain an understanding of the procedures for appealing 
such a determination before enforcement begins. PHSA sec. 3022(b)(2)(C) 
applies the CMP procedures from sec. 1128A of the Act to information 
blocking CMPs. The procedures that OIG follows in imposing CMPs under 
sec. 1128A of the Act are codified in 42 CFR part 1003, subpart O, and 
the procedures for members of the public to appeal the imposition of 
CMPs are codified in 42 CFR part 1005. Under the proposal to 
incorporate the information blocking CMP into 42 CFR part 1003, any CMP 
determination based on an investigation of information blocking would 
be subject to the CMP procedures and appeal process in parts 1003 and 
1005, as the procedures and appeal process would apply to any CMPs 
imposed under sec. 1128A of the Act. We solicit comment, for purposes 
of a final rule, on the proposed incorporation of the information 
blocking regulations into 42 CFR part 1003, and the proposed 
application of the existing CMP procedures and appeal process in parts 
1003 and 1005 to the information blocking CMP.
    The proposal to codify the CMP authority provided in sec. 
3022(b)(2)(A) of the PHSA is consistent with the limitations on CMPs 
that are found throughout sec. 3022. The authority for CMPs extends 
only to those entities listed in sec. 3022(b)(2)(A) (i.e., a health 
information technology developer of certified health information 
technology or other entity offering health information technology, or a 
health information exchange or network). Pursuant to sec. 
3022(b)(2)(B), the CMP authority does not extend to health care 
providers. If OIG determines that a health care provider has committed 
information blocking, it shall refer such health care provider to the 
appropriate agency for appropriate disincentives. The appropriate 
agency and appropriate disincentives will be established by the 
Secretary in future notice and comment rulemaking. OIG will coordinate 
closely with other agencies within HHS to develop consultation and 
referral processes consistent with such rulemaking by the Secretary. 
Further, in determining whether a health care provider has committed 
information blocking, OIG shall consider whether, in accordance with 
sec. 3022(a)(7), a developer of health information technology or 
another entity offering health information technology to such provider 
failed to ensure that the technology meets the requirements to be 
certified under the ONC Health IT Certification Program.
    The proposal is also consistent with the PHSA's establishment of a 
referral channel from OIG to OCR where a consultation with OCR under 
HIPAA will resolve an information blocking claim. OIG is coordinating 
closely with OCR to refer appropriate information blocking claims 
pursuant to sec. 3022(b)(3).
Sec.  1003.1410
    We propose to add a new Sec.  1003.1410 to codify the maximum 
penalty OIG can impose per violation of the PHSA's information blocking 
provisions. PHSA sec. 3022(b)(2)(A) authorizes a maximum penalty not to 
exceed $1,000,000 per violation. The proposed regulatory language 
reflects this maximum penalty amount. We solicit comments on this 
proposed regulatory language.
    Furthermore, the proposed rule would define ``violation'' as each 
practice that constitutes information blocking. The proposed definition 
of violation incorporates the definition of ``practice'' in 45 CFR 
171.102 and ``information blocking'' in 45 CFR part 171. We believe it 
is necessary to propose a definition of ``violation'' to clarify how 
OIG will determine the number of information blocking practices that 
might be penalized. To explain the intent of the proposed definition of 
``violation'' and illustrate how OIG would determine what constitutes a 
single violation or multiple violations, we provide hypothetical 
examples of conduct that would meet the definition of information 
blocking. We emphasize that these examples are illustrative and not 
exhaustive. We further emphasize that what constitutes a violation will 
depend on the facts and circumstances of each allegation of information 
blocking.
    For purposes of this preamble and proposed rule, these examples 
assume that the conduct meets all elements of the information blocking 
definition, which includes the requisite level of statutory intent, are 
not required by law, and do not meet an exception set forth in the ONC 
Final Rule. The following two examples would each constitute a single 
violation:
     A health care provider notifies its health IT developer of 
its intent to switch to another electronic health record (EHR) system 
and requests a complete electronic export of its patients' electronic 
health information (EHI) via the capability certified to in 45 CFR 
170.315(b)(10). The developer refuses to export any EHI without 
charging a fee. The refusal to export EHI without charging this fee 
would constitute a single violation.
     A health IT developer (D1) connects to a health IT 
developer of certified health IT (D2) using a certified API. D2 decides 
to disable D1's ability to exchange information using the certified 
API. D1 requests EHI through the API for one patient of a health care 
provider for treatment. As a result of D2 disabling D1's access to the 
API, D1 receives an automated denial of the request. This would be 
considered a single violation.
    For these examples, the facts or circumstances could affect the 
penalty amount but would not likely result in determining that there 
were multiple violations. However, when investigating information 
blocking, OIG will assess the facts and circumstances on a case-by-case 
basis, which may lead to a determination that multiple violations 
occurred. In the first example, the number of patients affected by the 
health IT developer's information blocking practice is a factor OIG 
would consider when determining the penalty amount consistent with the 
regulations proposed at 42 CFR 1003.1420. For determining the number of 
violations, the important fact would be that the health IT developer 
engaged in one practice (charging a fee to the health care provider to 
perform an export of electronic health information for the purposes of 
switching health IT) that meets the elements of the information 
blocking definition in 45 CFR 171.103(a). Although several patients 
might be affected by the health IT developer's practice of information 
blocking, the health IT developer only engaged in one practice in 
response to the request from the provider. Therefore, under the 
proposed rule, the fact scenario in this example would constitute only 
one violation. We solicit comment, for purposes of the final rule, on 
the examples of a single violation and what constitutes a single 
violation.
    The following non-exhaustive list of examples illustrates scenarios 
where OIG would determine that there is more

[[Page 22987]]

than one violation under the proposed rule. As with the prior examples, 
these examples assume that the facts meet all the elements of the 
information blocking definition, which includes the requisite level of 
statutory intent, are not required by law, and do not meet any 
exception established by the ONC Final Rule.
     A health IT developer's software license agreement with 
one customer prohibits the customer from disclosing to its IT 
contractors certain technical interoperability information (i.e., 
interoperability elements), without which the customer and the IT 
contractors cannot access and convert EHI for use in other 
applications. The health IT developer also chooses to perform 
maintenance on the health IT that it licenses to the customer at the 
most inopportune times because the customer has indicated its intention 
to switch its health IT to that of the developer's competitor. For this 
specific circumstance, one violation would be the contractual 
prohibition on disclosure of certain technical interoperability 
information and the second violation would be performing maintenance on 
the health IT in a discriminatory fashion. Each violation would be 
subject to a separate penalty.
     A health IT developer requires vetting of third-party 
applications before the applications can access the health IT 
developer's product. The health IT developer denies applications based 
on the functionality of the application. There are multiple violations 
based on each instance the health IT developer vets a third-party 
application because each practice is separate and based on the specific 
functionality of each application. Each of the violations in this 
specific scenario would be subject to a penalty.
    For the two examples illustrating multiple violations, we note that 
important facts, in determining the number of violations under the 
proposed rule, are the discrete practices that each meet the elements 
of the information blocking definition. In the first example, the 
health IT developer engages in two separate practices: (1) Prohibiting 
disclosure of certain technical interoperability information and (2) 
performing maintenance on the health IT in a discriminatory fashion. 
Each practice would meet the definition of information blocking 
separately. Therefore, the first example illustrates a scenario with 
two violations under the proposed rule. In the second example, the 
health IT developer vets each third-party application separately and 
makes a separate decision for each application. For each denial of 
access to EHI based on the discriminatory vetting, there is a practice 
that meets the definition of information blocking. Thus, each denial of 
access would constitute a separate violation under the proposed rule.
    We solicit comments on the proposed definition of ``violation,'' 
for purposes of the final rule, as it pertains to proposed subpart N of 
42 CFR part 1003. The examples are offered solely to illustrate OIG's 
current understanding of what constitutes a single violation versus 
multiple violations. However, as previously stated, these examples are 
non-exhaustive and our understanding of single versus multiple 
violations will be informed by OIG's experience enforcing the 
information blocking CMP authority.
Sec.  1003.1420
    We propose to add a new Sec.  1003.1420 that would codify the 
factors that OIG must consider when imposing a CMP against an 
individual or entity for committing information blocking. PHSA sec. 
3022(b)(2)(A) mandates that a determination to impose a CMP for an 
information blocking violation must consider factors such as the nature 
and extent of the information blocking and the harm resulting from such 
information blocking, including, where applicable, the number of 
patients affected, the number of providers affected, and the number of 
days the information blocking persisted. The proposed regulatory 
language at new Sec.  1003.1420 includes these statutory factors. These 
factors are similar to those found in other sections of part 1003, for 
consideration in OIG's imposition of its other CMP authorities.
    Given that the regulation of information blocking conduct is new, 
as is enforcement, we have limited experience to inform the proposal of 
additional aggravating and mitigating circumstances to adjust the CMP 
penalties. For these reasons, we have only proposed implementation of 
the statutory factors described above. We solicit comments on any 
additional factors we should consider, for purposes of a final rule, in 
determining the amount of information blocking CMPs, including examples 
of specific conduct that should be subject to higher or lower penalty 
amounts.
6. Subpart O--Procedures for the Imposition of CMPs, Assessments, and 
Exclusions
    We propose two technical modifications to subpart O to apply the 
language of the subpart to situations involving fraud and other 
improper conduct involving grants, contracts, and other agreements.
Sec.  1003.1550--Collection of Penalties and Assessments
    We propose to add the phrase ``or specified claim'' in Sec.  
1003.1550(b) as a technical modification to apply the changes enacted 
by the Cures Act (42 U.S.C. 1320a-7a(o)) to Sec.  1003.1550. As 
written, Sec.  1003.1550(b) permits the United States to file suit to 
recover penalties and assessments imposed under part 1003 in the United 
States district court for the district in which the claim was presented 
or where the respondent resides. This modification would permit the 
United States to also file suit in the United States district court for 
the district in which a specified claim was presented.
Sec.  1003.1580--Statistical Sampling
    We propose to add the term ``specified claims'' in Sec.  
1003.1580(a) as a technical modification to apply the changes enacted 
by the Cures Act to Sec.  1003.1580.

B. Appeals of Exclusions, Civil Money Penalties and Assessments Under 
42 CFR Part 1005

Sec.  1005.1--Definitions
    The procedures set forth in part 1005 govern the appeal of CMPs, 
assessments, and exclusions in all cases for which OIG has been 
delegated authority to impose those sanctions, including cases 
involving grants, contracts, and other agreements, and information 
blocking. As such, we propose deleting the phrase ``under Medicare or 
the State health care programs'' from the definitions of ``civil money 
penalty cases'' and ``exclusion cases'' to correctly define those terms 
as applying to all cases for which OIG has been delegated authority to 
apply CMPs, assessments, and exclusions, not only to those cases 
involving Medicare or the State health care programs.

IV. Regulatory Impact Statement

    We have examined the impact of this proposed rule as required by 
Executive Order 12866, the Regulatory Flexibility Act (RFA) of 1980, 
the Unfunded Mandates Reform Act of 1995, and Executive Order 13132.

A. Executive Order No. 12866

    Executive Order No. 12866 directs agencies to assess all costs and 
benefits of available regulatory alternatives and, if regulations are 
necessary, to select regulatory approaches that maximize net benefits 
(including potential economic, environmental, and public health and 
safety effects; distributive impacts; and equity). A regulatory impact 
analysis must be prepared for major rules with economically

[[Page 22988]]

significant effects (i.e., $100 million or more in any given year). 
This is not a major rule as defined at 5 U.S.C. 804(2); it is not 
economically significant because it does not reach that economic 
threshold. The vast majority of Federal health care programs would be 
minimally impacted from an economic perspective, if at all, by these 
proposals.
    This proposed rule would codify new statutory enforcement 
provisions, including new CMP authorities. The regulatory changes 
implement provisions of the Cures Act and BBA 2018 into 42 CFR parts 
1003 and 1005. We believe that the likely aggregate economic effect of 
these regulations would be significantly less than $100 million.
    The expected benefits of the regulation are deterring conduct that 
negatively affects the integrity of HHS grants, contracts, and other 
agreements and potentially enhanced statutory compliance by HHS 
grantees, contractors, and other parties. It also will deter 
information blocking conduct that interferes with effective health 
information exchange and negatively impacts many important aspects of 
health and health care. We refer readers to the impact analysis of the 
benefits of prohibiting and deterring information blocking in section 
XII.C.2.a.(4.2) of the ONC Final Rule.
    We anticipate that OIG will incur some costs associated with 
investigation and enforcement of the statutes underlying these penalty 
provisions. The FY 2021 President's Budget proposes $5.3 million for 
OIG information blocking activities. Additionally, investigated parties 
may incur some costs in response to an OIG investigation or enforcement 
action. Absent information about the frequency of prohibited conduct, 
we are unable to determine precisely the potential costs of this 
regulation.
    Civil monetary penalties and assessments, if any, would be 
considered transfers. However, we are unable to reliably estimate 
potential penalty and assessment amounts because enforcement action 
will depend on the facts and circumstances of individual cases, some 
enforcement will be of newly regulated conduct, and some cases may 
result in settlement. We seek comment on potential impacts of the 
rulemaking.

B. Regulatory Flexibility Act

    The RFA and the Small Business Regulatory Enforcement and Fairness 
Act of 1996, which amended the RFA, require agencies to analyze options 
for regulatory relief of small businesses. For purposes of the RFA, 
small entities include small businesses, nonprofit organizations, and 
Government agencies.
    The Department considers a rule to have a significant impact on a 
substantial number of small entities if it has an impact of more than 3 
percent of revenue for more than 5 percent of affected small entities. 
This proposed rule should not have a significant impact on the 
operations of a substantial number of small entities, as these changes 
would not impose any new requirement on any party. These changes 
largely codify existing regulatory authority. In addition, we expect 
that increases in the maximum penalty proposed here will only have an 
impact in a small number of cases. As a result, we have concluded that 
this proposed rule likely will not have a significant impact on a 
substantial number of small entities and that a regulatory flexibility 
analysis is not required for this rulemaking.
    In addition, sec. 1102(b) of the Act (42 U.S.C. 1302) requires us 
to prepare a regulatory impact analysis if a rule under Titles XVIII or 
XIX or sec. B of Title XI of the Act may have a significant impact on 
the operations of a substantial number of small rural hospitals. We 
have concluded that this proposed rule should not have a significant 
impact on the operations of a substantial number of small rural 
hospitals because these changes would not impose any requirement on any 
party and small rural hospitals are not subject to CMPs for information 
blocking under this proposed rule. Therefore, a regulatory impact 
analysis under sec. 1102(b) is not required for this rulemaking.

C. Unfunded Mandates Reform Act

    Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law 
104-4, also requires that agencies assess anticipated costs and 
benefits before issuing any rule that may result in expenditures in any 
one year by State, local, or Tribal governments, in the aggregate, or 
by the private sector, of $100 million, adjusted annually for 
inflation. In 2019, this threshold is approximately $154 million. As 
indicated above, these proposed revisions comport with statutory 
amendments and clarify existing law. We believe that there are no 
significant costs associated with these proposed revisions that would 
impose any mandates on State, local, or Tribal governments or the 
private sector that would result in an expenditure of $154 million or 
more in any given year and that a full analysis under the Unfunded 
Mandates Reform Act is not necessary.

D. Executive Order 13771

    Executive Order 13771 requires that the costs associated with 
significant new regulations ``to the extent permitted by law, be offset 
by the elimination of existing costs associated with at least two prior 
regulations.'' This rulemaking, while significant under Executive Order 
12866, is expected to impose only de minimis costs and therefore is not 
anticipated to be a regulatory or deregulatory action under Executive 
Order 13771.

E. Executive Order 13132

    Executive Order 13132, Federalism, establishes certain requirements 
that an agency must meet when it promulgates a rule that imposes 
substantial direct requirements or costs on State and local 
governments, preempts State law, or otherwise has Federalism 
implications. In reviewing this rule under the threshold criteria of 
Executive Order 13132, we have determined that this proposed rule would 
not significantly affect the rights, roles, and responsibilities of 
State or local governments. Nothing in this proposed rule imposes 
substantial direct requirements or costs on State and local 
governments, preempts State law, or otherwise has Federalism 
implications. We are not aware of any State laws or regulations that 
are contradicted or impeded by any of the provisions in this proposed 
rule.
    The Secretary is authorized by 42 U.S.C. 1320a-7a(o), which we 
propose to codify in the regulation at Sec.  1003.700, to impose CMPs 
and assessments against individuals and entities that engage in fraud 
and other improper conduct against specified State agencies that 
administer or supervise the administration of grants, contracts, and 
other agreements funded in whole or in part by the Secretary. 
Additionally, 42 U.S.C. 1320a-7a(f)(4) directs that these CMPs and 
assessments be deposited into the Treasury of the United States. 
Amounts collected under this authority could not be used to compensate 
a State for damages it incurs due to improper conduct related to 
grants, contracts, or other agreements funded by the Secretary that are 
administered or supervised by specified State agencies.
    However, neither 42 U.S.C. 1320a-7a nor this proposed regulation 
preclude or impede any State's authority to pursue actions against 
entities and individuals that defraud or otherwise engage in improper 
conduct related to grants, contracts, or other agreements funded by the 
Secretary that are administered or supervised by specified State 
agencies. For this reason, the Secretary's authority

[[Page 22989]]

related to specified State agencies will not have a substantial direct 
effect on the States, on the relationship between the national 
government and the States, or on the distribution of power and 
responsibilities among the various levels of government.
    Based on OIG's prior approach to enforcement that involves state 
programs and agencies, we also anticipate coordinating closely with the 
relevant State authorities, which would provide states notice about the 
improper conduct and the opportunity to pursue action under the state 
authority. We solicit comment on the potential Federalism implications 
of this rulemaking.

V. Paperwork Reduction Act

    These proposed changes to parts 1003 and 1005 impose no new 
reporting requirements or collections of information. Therefore, a 
Paperwork Reduction Act review is not required.

List of Subjects

42 CFR Part 1003

    Fraud--Grant Programs, Contracts; Information Blocking; Penalties.

42 CFR Part 1005

    Administrative practice and procedure.

    For the reasons set forth in the preamble, the Office of Inspector 
General, Department of Health and Human Services, proposes to amend 42 
CFR chapter V, subchapter B as follows:

PART 1003--CIVIL MONEY PENALTIES, ASSESSMENTS AND EXCLUSIONS

0
1. Revise the authority citation for part 1003 to read as follows:

    Authority:  42 U.S.C. 262a, 300jj-52, 1302, 1320-7, 1320a-7a, 
1320b-10, 1395u(j), 1395u(k), 1395cc(j), 1395w-141(i)(3), 
1395dd(d)(1), 1395mm, 1395nn(g), 1395ss(d), 1396b(m), 11131(c), and 
11137(b)(2).

0
2. Amend Sec.  1003.100 by revising paragraph (a) to read as follows:


Sec.  1003.100   Basis and purpose.

    (a) Basis. This part implements sections 1128(c), 1128A, 1140, 
1819(b)(3)(B), 1819(g)(2)(A), 1857(g)(2)(A), 1860D-12(b)(3)(E), 1860D-
31(i)(3), 1862(b)(3)(C), 1867(d)(1), 1876(i)(6), 1877(g), 1882(d), 
1891(c)(1); 1903(m)(5), 1919(b)(3)(B), 1919(g)(2)(A), 1927(b)(3)(B), 
1927(b)(3)(C), and 1929(i)(3) of the Social Security Act; sections 
421(c) and 427(b)(2) of Public Law 99-660; section 201(i) of Public Law 
107-188 (42 U.S.C. 1320a-7(c), 1320a-7a, 1320b-10, 1395i-3(b)(3)(B), 
1395i-3(g)(2)(A), 1395w-27(g)(2)(A), 1395w-112(b)(3)(E), 1395w-
141(i)(3), 1395y(b)(3)(B), 1395dd(d)(1), 1395mm(i)(6), 1395nn(g), 
1395ss(d), 1395bbb(c)(1), 1396b(m)(5), 1396r(b)(3)(B), 1396r(g)(2)(A), 
1396r-8(b)(3)(B), 1396r-8(b)(3)(C), 1396t(i)(3), 11131(c), 11137(b)(2), 
and 262a(i)); and section 3022 of the Public Health Service Act (42 
U.S.C. 300jj-52).
* * * * *
0
3. Amend Sec.  1003.110 by:
0
a. Adding in alphabetical order definitions for ``Department'', 
``Obligation'', ``Other agreement'', and ``Program beneficiary'';
0
b. Revising the definition of ``Reasonable request''; and
0
c. Adding in alphabetical order definitions for ``Recipient'', 
``Specified claim'', and ``Specified state agency''.
    The revisions and additions read as follows:


Sec.  1003.110   Definitions.

* * * * *
    Department means the Department of Health and Human Services.
* * * * *
    Obligation, for the purposes of Sec.  1003.700, means an 
established duty, whether or not fixed, arising from an express or 
implied contractual, grantor-grantee, or licensor-licensee 
relationship, for a fee-based or similar relationship, from statute or 
regulation, or from the retention of any overpayment.
    Other agreement, for the purposes of Sec.  1003.700, includes a 
cooperative agreement, scholarship, fellowship, loan, subsidy, payment 
for a specified use, donation agreement, award, or subaward (regardless 
of whether one or more of the persons entering into the agreement is a 
contractor or subcontractor).
* * * * *
    Program beneficiary means, in the case of a grant, contract, or 
other agreement designed to accomplish the objective of awarding or 
otherwise furnishing benefits or assistance to individuals and for 
which the Secretary provides funding, an individual who applies for, or 
who receives, such benefits or assistance from such grant, contract or 
other agreement. Such term does not include, with respect to such 
grant, contract or other agreement, an officer, employee, or agent of a 
person or entity that receives such grant or that enters into such 
contract or other agreement.
* * * * *
    Reasonable request, with respect to Sec. Sec.  1003.200(b)(10) and 
1003.700(a)(5), means a written request, signed by a designated 
representative of the OIG and made by a properly identified agent of 
the OIG during reasonable business hours. The request will include:
    (1) A statement of the authority for the request;
    (2) The person's rights in responding to the request;
    (3) The definition of ``reasonable request'' and ``failure to grant 
timely access'' under this part;
    (4) The deadline by which the OIG requests access; and
    (5) The amount of the civil money penalty or assessment that could 
be imposed and the effective date, length, and scope and effect of the 
exclusion that would be imposed for failure to comply with the request, 
and the earliest date that a request for reinstatement would be 
considered.
    Recipient, for the purposes of Sec.  1003.700, means any person 
(excluding a program beneficiary as defined in this section) directly 
or indirectly receiving money or property under a grant, contract, or 
other agreement funded in whole or in part by the Secretary, including 
a subrecipient or subcontractor.
* * * * *
    Specified claim means any application, request, or demand under a 
grant, contract, or other agreement for money or property, whether or 
not the United States or a specified State agency has title to the 
money or property, that is not a claim (as defined in this section) and 
that:
    (1) Is presented or caused to be presented to an officer, employee, 
or agent of the Department or agency thereof, or of any specified State 
agency; or
    (2) Is made to a contractor, grantee, or other recipient if the 
money or property is to be spent or used on the Department's behalf or 
to advance a Department program or interest, and if the Department:
    (i) Provides or has provided any portion of the money or property 
requested or demanded; or
    (ii) Will reimburse such contractor, grantee, or other recipient 
for any portion of the money or property which is requested or 
demanded.
    Specified State agency means an agency of a State government 
established or designated to administer or supervise the administration 
of a grant, contract, or other agreement funded in whole or in part by 
the Secretary.
* * * * *
0
4. Revise Sec.  1003.130 to read as follows:

[[Page 22990]]

Sec.  1003.130   Assessments.

    The assessment in this part is in lieu of damages sustained by the 
Department, a State agency, or a specified State agency because of the 
violation.
0
5. Amend Sec.  1003.140:
0
a. In paragraph (c)(3), by removing the phrase ``(as defined by 
paragraph (e)(2) of this section)'' and adding in its place the phrase 
``(as defined by paragraph (d)(2) of this section)''; and
0
b. By adding paragraph (d)(5).
    The addition reads as follows:


Sec.  1003.140   Determinations regarding the amount of penalties and 
assessments and the period of exclusion.

* * * * *
    (d) * * *
    (5) The penalty amounts in this part are updated annually, as 
adjusted in accordance with the Federal Civil Monetary Penalty 
Inflation Adjustment Act of 1990 (Pub. L. 101-140), as amended by the 
Federal Civil Penalties Inflation Adjustment Act Improvements Act of 
2015 (section 701 of Pub. L. 114-74). Annually adjusted amounts are 
published at 45 CFR part 102.

Subpart B--CMPs, Assessments, and Exclusions for False or 
Fraudulent Claims and Other Similar Misconduct


Sec. Sec.  1003.210, 1003.310, 1003.410, 1003.510, 1003.610, 1003.810, 
1003.910, 1003.1010, 1003.110, 1003.1210, and 1003.1310   [Amended]

0
6. In each location referenced in the first column of the following 
table, the text is amended by removing the footnote referenced in the 
second column.

------------------------------------------------------------------------
                           Section                              Footnote
------------------------------------------------------------------------
Sec.   1003.210(a) introductory text.........................          1
Sec.   1003.310(a) subject heading...........................          2
Sec.   1003.410(a) subject heading...........................          3
Sec.   1003.410(b)(2)........................................          4
Sec.   1003.510 introductory text............................          5
Sec.   1003.610(a) introductory text.........................          6
Sec.   1003.810 introductory text............................          7
Sec.   1003.910..............................................          8
Sec.   1003.1010 introductory text...........................          9
Sec.   1003.1110 introductory text...........................         10
Sec.   1003.1210 introductory text...........................         11
Sec.   1003.1310.............................................         12
------------------------------------------------------------------------

0
7. Section 1003.210 is further amended by revising paragraphs (a)(1) 
through (4), (6) through (9), (a)(10) introductory text, and (a)(10)(i) 
to read as follows:


Sec.  1003.210   Amount of penalties and assessments.

* * * * *
    (a) * * *
    (1) Except as provided in this section, the OIG may impose a 
penalty of not more than $10,000 for conduct that occurred on or before 
February 9, 2018, and not more than $20,000 for conduct that occurred 
after February 9, 2018, for each individual violation that is subject 
to a determination under this subpart.
    (2) The OIG may impose a penalty of not more than $15,000 for 
conduct that occurred on or before February 9, 2018, and not more than 
$30,000 for conduct that occurred after February 9, 2018, for each 
person with respect to whom a determination was made that false or 
misleading information was given under Sec.  1003.200(b)(2).
    (3) The OIG may impose a penalty of not more than $10,000 for 
conduct that occurred on or before February 9, 2018, and not more than 
$20,000 for conduct that occurred after February 9, 2018, per day, for 
each day that the prohibited relationship described in Sec.  
1003.200(b)(3) occurs.
    (4) For each individual violation of Sec.  1003.200(b)(4), the OIG 
may impose a penalty of not more than $10,000 for conduct that occurred 
on or before February 9, 2018, and not more than $20,000 for conduct 
that occurred after February 9, 2018, for each separately billable or 
non-separately-billable item or service provided, furnished, ordered, 
or prescribed by an excluded individual or entity.
* * * * *
    (6) The OIG may impose a penalty of not more than $50,000 for 
conduct that occurred on or before February 9, 2018, and not more than 
$100,000 for conduct that occurred after February 9, 2018, for each 
false statement, omission, or misrepresentation of a material fact in 
violation of Sec.  1003.200(b)(7).
    (7) The OIG may impose a penalty of not more than $50,000 for 
conduct that occurred on or before February 9, 2018, and not more than 
$100,000 for conduct that occurred after February 9, 2018, for each 
false record or statement in violation of Sec.  1003.200(b)(9).
    (8) The OIG may impose a penalty of not more than $10,000 for 
conduct that occurred on or before February 9, 2018, and not more than 
$20,000 for conduct that occurred after February 9, 2018, for each item 
or service related to an overpayment that is not reported and returned 
in accordance with section 1128J(d) of the Act in violation of Sec.  
1003.200(b)(8).
    (9) The OIG may impose a penalty of not more than $15,000 for 
conduct that occurred on or before February 9, 2018, and not more than 
$30,000 for conduct that occurred after February 9, 2018, for each day 
of failure to grant timely access in violation of Sec.  
1003.200(b)(10).
    (10) For each false certification in violation of Sec.  
1003.200(c), the OIG may impose a penalty of not more than the greater 
of:
    (i) $5,000 for conduct that occurred on or before February 9, 2018, 
and $10,000 for conduct that occurred after February 9, 2018; or
* * * * *
0
8. Section 1003.310 is further amended by revising paragraph (a)(3) to 
read as follows:


Sec.  1003.310   Amount of penalties and assessments.

* * * * *
    (a) * * *
    (3) $50,000 for conduct that occurred on or before February 9, 
2018, and $100,000 for conduct that occurred after February 9, 2018, 
for each offer, payment, solicitation, or receipt of remuneration that 
is subject to a determination under Sec.  1003.300(d).
* * * * *
0
9. Add subpart G to read as follows:
Subpart G--CMPs, Assessments, and Exclusions for Fraud or False Claims 
or Similar Conduct Related to Grants, Contracts, and Other Agreements
Sec.
1003.700 Basis for civil money penalties, assessments, and 
exclusions.
1003.710 Amount of penalties and assessments.
1003.720 Determinations regarding the amount of penalties and 
assessments and period of exclusion.

Subpart G--CMPs, Assessments, and Exclusions for Fraud or False 
Claims or Similar Conduct Related to Grants, Contracts, and Other 
Agreements


Sec.  1003.700   Basis for civil money penalties, assessments, and 
exclusions.

    (a) The OIG may impose a penalty, assessment, and an exclusion 
against any person including an organization, agency, or other entity, 
but excluding a program beneficiary (as defined in Sec.  1003.110) 
that, with respect to a grant, contract, or other agreement for which 
the Secretary provides funding:
    (1) Knowingly presents or causes to be presented a specified claim 
(as defined in Sec.  1003.110) under such grant, contract, or other 
agreement that the person knows or should know is false or fraudulent;
    (2) Knowingly makes, uses, or causes to be made or used, any false 
statement, omission, or misrepresentation of a material fact in any 
application, proposal, bid, progress report, or other document that is 
required to be submitted in order to directly or indirectly receive or 
retain funds provided in whole or in part by such Secretary pursuant to 
such grant, contract, or other agreement;

[[Page 22991]]

    (3) Knowingly makes, uses, or causes to be made or used, a false 
record or statement material to a false or fraudulent specified claim 
under such grant, contract, or other agreement;
    (4) Knowingly makes, uses, or causes to be made or used, a false 
record or statement material to an obligation (as defined in Sec.  
1003.110) to pay or transmit funds or property to such Secretary with 
respect to such grant, contract, or other agreement, or knowingly 
conceals or knowingly and improperly avoids or decreases an obligation 
to pay or transmit funds or property to such Secretary with respect to 
such grant, contract, or other agreement; or
    (5) Fails to grant timely access, upon reasonable request (as 
defined in Sec.  1003.110), to the Inspector General of the Department, 
for the purpose of audits, investigations, evaluations, or other 
statutory functions of such Inspector General in matters involving such 
grants, contracts, or other agreements.
    (b) [Reserved]


Sec.  1003.710   Amount of penalties and assessments.

    (a) Penalties. (1) In cases under Sec.  1003.700(a)(1), the OIG may 
impose a penalty of not more than $10,000 for each specified claim.
    (2) In cases under Sec.  1003.700(a)(2), the OIG may impose a 
penalty of not more than $50,000 for each false statement, omission, or 
misrepresentation of a material fact.
    (3) In cases under Sec.  1003.700(a)(3), the OIG may impose a 
penalty of not more than $50,000 for each false record or statement.
    (4) In cases under Sec.  1003.700(a)(4), the OIG may impose a 
penalty of not more than $50,000 for each false record or statement or 
not more than $10,000 for each day that the person knowingly conceals 
or knowingly and improperly avoids or decreases an obligation to pay.
    (5) In cases under Sec.  1003.700(a)(5), the OIG may impose a 
penalty of not more than $15,000 for each day of the failure described 
in such paragraph.
    (b) Assessments. (1) In cases under Sec.  1003.700(a)(1) and (3), 
such a person shall be subject to an assessment of not more than three 
times the amount claimed in the specified claim described in such 
paragraph in lieu of damages sustained by the United States or a 
specified State agency because of such specified claim.
    (2) In cases under Sec.  1003.700(a)(2) and (4), such a person 
shall be subject to an assessment of not more than three times the 
total amount of the funds described in Sec.  1003.700(a)(2) and (4), 
respectively (or, in the case of an obligation to transmit property to 
the Secretary described in Sec.  1003.700(a)(4), of the value of the 
property described in such paragraph) in lieu of damages sustained by 
the United States or a specified State agency because of such case.


Sec.  1003.720   Determinations regarding the amount of penalties and 
assessments and period of exclusion.

    In considering the factors listed in Sec.  1003.140:
    (a) It should be considered a mitigating circumstance if all the 
violations included in the action brought under this part were of the 
same type and occurred within a short period of time, there were few 
such violations, and the total amount claimed or requested related to 
the violations was less than $5,000.
    (b) Aggravating circumstances include, but are not limited to:
    (1) The violations were of several types or occurred over a lengthy 
period of time;
    (2) There were many such violations (or the nature and 
circumstances indicate a pattern of false or fraudulent specified 
claims, requests for payment, or a pattern of violations);
    (3) The amount requested or claimed or related to the violations 
was $50,000 or more; or
    (4) The violation resulted, or could have resulted, in physical 
harm to any individual.


Sec.  1003.1010   [Amended]

0
10. Section 1003.1010 is further amended by removing the figure 
``$10,000'' and adding in its place the phrase ``$10,000 for conduct 
that occurred on or before February 9, 2018, and $20,000 for conduct 
that occurred after February 9, 2018'' in paragraph (a).

Subpart N--CMPs for Information Blocking

0
11. Add subpart N to read as follows:
Subpart N--CMPs for Information Blocking
Sec.
1003.1400 Basis for civil money penalties.
1003.1410 Amount of penalties.
1003.1420 Determinations regarding the amount of penalties.

Subpart N--CMPs for Information Blocking


Sec.  1003.1400   Basis for civil money penalties.

    The OIG may impose a civil money penalty against any individual or 
entity described in 45 CFR 171.103(b) that commits information 
blocking, as defined in 45 CFR part 171.


Sec.  1003.1410   Amount of penalties.

    (a) The OIG may impose a penalty of not more than $1,000,000 per 
violation.
    (b) For this subpart, violation means a practice, as defined in 45 
CFR 171.102, that constitutes information blocking, as defined in 45 
CFR part 171.


Sec.  1003.1420   Determinations regarding the amount of penalties.

    In considering the factors listed in Sec.  1003.140, the OIG shall 
take into account--
    (a) The nature and extent of the information blocking; and
    (b) The harm resulting from such information blocking, including, 
where applicable--
    (1) The number of patients affected;
    (2) The number of providers affected; and
    (3) The number of days the information blocking persisted.


Sec.  1003.1550   [Amended]

0
12. Amend Sec.  1003.1550 in paragraph (b) by removing the phrase 
``where the claim'' and adding in its place the phrase ``where the 
claim or specified claim''.
0
13. Amend Sec.  1003.1580 by revising paragraph (a) to read as follows:


Sec.  1003.1580   Statistical sampling.

    (a) In meeting the burden of proof in Sec.  1005.15 of this 
chapter, the OIG may introduce the results of a statistical sampling 
study as evidence of the number and amount of claims, specified claims, 
and/or requests for payment, as described in this part, that were 
presented, or caused to be presented, by the respondent. Such a 
statistical sampling study, if based upon an appropriate sampling and 
computed by valid statistical methods, shall constitute prima facie 
evidence of the number and amount of claims, specified claims, or 
requests for payment, as described in this part.
* * * * *

[[Page 22992]]

PART 1005--APPEALS OF EXCLUSIONS, CIVIL MONEY PENALTIES AND 
ASSESSMENTS

0
14. The authority citation for part 1005 continues to read as follows:

    Authority: 42 U.S.C. 405(a), 405(b), 1302, 1320a-7, 1320a-7a and 
1320c-5.

0
15. Amend Sec.  1005.1 by revising the definitions of ``Civil money 
penalty cases'' and ``Exclusion cases'' to read as follows:


Sec.  1005.1   Definitions.

    Civil money penalty cases refers to all proceedings arising under 
any of the statutory bases for which the OIG has been delegated 
authority to impose civil money penalties.
* * * * *
    Exclusion cases refers to all proceedings arising under any of the 
statutory bases for which the OIG has been delegated authority to 
impose exclusions.
* * * * *

Christi A. Grimm,
Principal Deputy Inspector General.
    Dated: April 16, 2020.
Alex M. Azar II,
Secretary.
[FR Doc. 2020-08451 Filed 4-21-20; 4:15 pm]
 BILLING CODE 4152-01-P